Re: VSA in freeRadius
Israel Cardenas Romero schrieb: I'm using freeRadius with OpenLDAP. I only need to know how freeRadius can send a Vender-specific attribute to Cisco AP... Maybe Cisco-AVPair works? I use this feature like shown below... dictionary.cisco: - ATTRIBUTE Cisco-AVPair 1 string Cisco mysql db / radreply table: -- {username}{attribute} {op} {value} testuserCisco-AVPair =lcp:interface-config=mtu 1450 -- _ Gerald Krause Network pop-interactive GmbH Wendenstrasse 375 D 20537 Hamburg fon: +49 40 822284 300 fax: +49 40 822284 111 web: pop-interactive.de _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco as5400 dialing digits
hi sunil, i have noticed the same (using a AS5300) and found a limitation in the create statement of the radacct table in [freeradius-home]/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql: ... CalledStationId varchar(10) NOT NULL default '', CallingStationId varchar(10) NOT NULL default '', ... changing this to a bigger value then 10 works good for me. are you really using varchar(32) here? [EMAIL PROTECTED] wrote: hi all, i'm new to free radius... i've RH Linux, Freeradius 0.8, mysql for accounting/cdr (no authentication)... and cisco as5400 as radius client. while making calls, we can see all the attributes are displaying properly in screen (running radius in debug mode). but in the calldetails table (radacct) the digits of calling station and called station are truncated to 10 digits... instead of getting the whole digits. i've checked the field names, there enough space is there (32) can anyone help in this issue TIA regards sunil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a question about the snapshot20021022
Alan DeKok wrote: Gerald Krause wrote: I have a similar problem in the current snapshot and I wonder about this line in the src/main/Makefile: radiusd: $(SERVER_OBJS) ../lib/libradius.a $(LIBLTDL) $(MODULE_OBJS) because in Make.inc I found this: LIBLTDL = -lltdl After I have removed the $(LIBLTDL) statement in the line, make runs quite well. Ah. -ltdl should be included in the list of objects to link 'radiusd', but it shouldn't be in the list of dependencies, in the Makefile. yep. but anyway, this goes to all freeRADIUS developers: thanx for the great job - it's nice to work with! Gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: some help please
Johnno wrote: I have just install freeradius 0.6 and I get this when I ran check-radiusd-config HASH: Reinitializing hash structures and lists for caching... rlm_unix: You MUST specify a shadow password file! HASH: unable to create user hash table. disable caching and run debugs radiusd.conf[462]: unix: Module instantiation failed. how do I fix this.. try disabeling caching in radiusd.conf Gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Stop packet with zero session length causes auth reject?
tywe wrote: Hello, I just had a customer cancel because they said that they could not log on for days (and never asked for help with the problem). They said that it was giving them an invalid username/password error even though they retyped it many times. Anyhow, I looked in the radius.log and see no auth rejects, only Login OK's. But, on the days that they are complaining about, I see the Stop packet error like this: Thu Jun 13 20:05:59 2002 : Auth: Login OK: [[EMAIL PROTECTED]] (from nas thenas port 7171 cli 3045551212) Thu Jun 13 20:05:59 2002 : Error: rlm_sql: Stop packet with zero session length. (user '[EMAIL PROTECTED]', nas '12.34.56.78') hmm, usually STOP packets where send from the NAS _after_ the login, not before or during a auth-phase... i think the STOP packet itself is not really the reason for the login-problem. have you debugged your NAS to? Any ideas on why this would have caused the user to be rejected? I have been using FR 0.5 since a few days after it was released and haven't had any problems reported like this until now. Any suggestions will be greatly appreciated. i have some other problems with 0.5 (e.g. seg-fault after the first incomming auth request if --with-thread-pool is set) and decide to use the current cvs snapshot - it seems to be more stable (for me). Gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Stop packet with zero session length causes auth reject?
tywe wrote: Thu Jun 13 20:05:59 2002 : Auth: Login OK: [[EMAIL PROTECTED]] (from nas thenas port 7171 cli 3045551212) Thu Jun 13 20:05:59 2002 : Error: rlm_sql: Stop packet with zero session length. (user '[EMAIL PROTECTED]', nas '12.34.56.78') hmm, usually STOP packets where send from the NAS _after_ the login, not before or during a auth-phase... i think the STOP packet itself is not really the reason for the login-problem. Ya, I thought it was pretty weird that the Login OK and the Stop packet were received at the exact same time.. hmm Yes, ...mysterious. Maybe the remote side did not get the expected response fast enough to complete the authentication within a proper time and thats why the auth-phase is terminated by a ordinary timeout. In this case the remote one can send you a STOP packet with a zero session time to notify a authentication failure. (I use exactly this feature on our Cisco NASes.) Is your server (or Quests one, or the network between) sometimes a little bit overloaded to cause such a delay? have you debugged your NAS to? Well, it's not exactly my NAS. It's one of Qwests, and it's being proxied to me through another radius server. Ouuh, I pity you ;-) I had hoped to wait until 0.6 was released though, does anyone know an ETA of when that will be? I hope soon - the cvs-snapshot report already 0.6 as version number :) Gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Stop without Acct-Start on Cisco
Hi, Fduch the Pravking wrote: I'll try to be clear :) We have Cisco 2500 with IOS 12.0(4) and it seems to have such bug... Some user tries to log in on this Cisco, and gets Access-Reject, but Cisco (I don't know whether it has already processed Access-Reject at this moment) sends Accounting-Stop packet for that user without corresponding Accounting-Start packet. Probably, this user disconnects BEFORE Cisco gets Access-Reject, and then it decided to send Stop-record... Did anybody see such problem and what are possible workarounds for this sutuations? perhaps this is not a bug but rather a feature because I have found (and want use) two nice Cisco statements called aaa accounting send stop-record authentication failure and aaa accounting resource default stop-failure to log rejected login attempts and ressource problems... My problem is that the resulting stop-records have a AcctSessionTime of 0 and FreeRADIUS do not like them therefore... :-/ Gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html