Re: User Survey - Which DB backend do you use?
PostgreSQL 7.3.3 On Mon, 2003-07-14 at 11:04, Tim McCracken wrote: MySql On Mon, 14 Jul 2003 10:30:52 +0300 Peter Nixon [EMAIL PROTECTED] wrote: Hi List I would like to take a quick straw poll. a) If you use a Database backend for FreeRadius which one do you use? b) If you do not use a DB backend for FreeRadius, but do have a DB on your server or in your rack, what DB is it? c) If you do not use a DB backend for FreeRadius, but do have a DB on your server or in your rack, why don't you use it as a backend to FreeRadius? Please reply to this thread on the mailing list or to me directly (I am one of the developers) if you wish to keep the info private. I will post a summary in a few days. Thanks in Advance -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cuotas de conexion
I think that you are wrong in that. There is a lot of people who speak spanish on this list, mainly because it is in our poor countries where we find VERY useful a radius server which is robust and free. I am in many mailing lists where the people can post in any languaje, and you just need to have some patience, (and tolerance) with the messages that you dont understand. I'm seeing more spanish mails every day in this list, and we have (IMHO) two options: Ask the people for a little patience, or create a new spanish-freeradius-list. Personally, I would choose the first, but if the list prefers not to receive spanish e-mail, it's ok. Regards Guillermo Schimmel Pieter Droogendijk wrote: On Tue, 10 Jun 2003 15:03:53 -0400, Liyu wrote: Buenas tardes, alguien me puede orientar como puedo ponerle a mi servidor Radius cuotas de conexión a los usuarios. Pueden darme algún ejemplo, es que soy nuevo en esto. -- _*Liyuán García Caballero*_ *Consultor Informático* *ESI, Ciego de Avila* *Cuba*. _* Contactame en*_ Telf: 53-033-28734 ext. 120 AIM: liyuang Yahoo,MSN: liyuangarcia. *Usando Linux rh 8.0 * _*Notas del día*_ Libre de virus, pagos y multas por uso ilegal de software propietario. You know, posting to the list in a language only a handful of other people understand kind of defeats the purpose of the whole 'mailing list' idea. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: All Sockets being used!
You are right, thats valid for authentication. But in my case, I do authentication with LDAP and I'm only using SQL for accounting. Even with that, the server starts rejecting users once it runs out of SQL sockets. Regards Guillermo Alan DeKok wrote: Guillermo Schimmel [EMAIL PROTECTED] wrote: What we would like (this one is for the developers), is that the server don't start rejecting the users. So... what do you propose the server does? For authentication, if the SQL database is down, the server can do NOTHING but reject the users. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: All Sockets being used!
I am absolutely sure that I have SQL only in the accounting block. The same with the Access-Rejects packets, I see them with ethereal running on the same machine. It happens with fr 0.8 standard, and the last CVS. Thanks a lot for your time. Guillermo Alan DeKok wrote: Guillermo Schimmel [EMAIL PROTECTED] wrote: But in my case, I do authentication with LDAP and I'm only using SQL for accounting. Even with that, the server starts rejecting users once it runs out of SQL sockets. Hmm... if you don't have SQL listed in the 'authorize' block, then authentication should still be working when accounting stops. Are you *sure* that the server is sending Access-Reject packets? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: All Sockets being used!
We generally get the same effect when our SQL server gets slow for some reason. Ussually we discover that it has too much load from some queries. It can be a network overload/error issue, check your connectivity. Of course, have your database optimized (indexes, vacuums, etc) What we would like (this one is for the developers), is that the server don't start rejecting the users. In the case of that events happening, we can recover the logs later from detail files. Regards Guillermo Michael Brininstool wrote: Several people have reported this error and one received two responses. Both responses said to increase the number of sockets. I tried that over 4 months ago, and we still get this error. Also, once we start getting the error on one radius server, the NAS's switch to using the other radius server and then it will start failing the same way. They never seem to recover until the radius server is killed and restarted. I also cannot seem to set the number of sql threads high enough to prevent it. Any idea what is really happening? We are running radiusd (don't remember how to determine the version) on FreeBSD 4.7 and 5.0. Also, we are using mysql on a third machine. I suspected the mysql for a while, but we cannot find anything wrong with it. Any ideas? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: most redundant Radius system
How much money do you have? 1k? 10k? 100k? Raymond Chen wrote: Dear all, Any idea on the redundant Radius system scheme with MySQL? Thanks Raymond - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freetds
So, the issue here is that you want to have the last word? Well, I will not let you do so. Alan has his own style, and I like it a lot. I prefer him to write short mails and expend more of his time coding. It is true that freeradius lacks a good documentation, but I'm not writing it, so I can't complain. Neither you. Regards Guillermo Schimmel Brian Johnson wrote: Well since you just can't stop ...I will. Alan is the man and I am a retard. It is done. - Brian J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Alan DeKok Sent: Wednesday, February 19, 2003 4:29 AM To: [EMAIL PROTECTED] Subject: Re: freetds "Brian Johnson" [EMAIL PROTECTED] wrote: Is anyone using freeradius on a redhat linux server (7.1) with a mssql server database (freetds)? No. While I'm sure you think not, I'm sure that there are. ;) shrug That's nice for you. I guess I'm confused when I remember an email from the freetds library developers, who told this list that the rlm_sql_freetds module was using an unsupported API for freetds, and wouldn't build or link to the freetds library. So... did you build the rlm_sql_freetds module? That was/is my problem, I don't understand how to. Then learn. Did you read the README in the rlm_sql_freetds directory? Yes I did, It is completely useless and I STFW and RTFM all I could and since I am not a C programmer, I am at a crossroads. That's too bad. I find it very strange that the open source community is so cocky and rude. shrug I find it strange that you expect everyone else to work for you for free. I find it doubly strange that when I empower you by saying that you can fix the problem yourself, that you get angry at me. I would think that someone who wants to be accepted, or have their project accepted, would be more open to assisting and understanding and less likely to alienate and pigeonhole users as lazy and ignorant. Sorry, I misread that as "to alienate and pigeonhole lazy and ignorant users" If you don't know C, then learn, or hire someone who does know it to fix the module. If you're unwilling to do either one, then don't be surprised when no one has the time to do work that you're unwilling to do yourself. To me, that paragraph summarizes my problems with people who complain about the "rudeness" of the open source "community". By "community", they mean "everyone else but me", and by "rude", they mean "the community refuses to do what I want, when I want it." Grow up. You've got the product of 3+ years of development by 10+ people in FreeRADIUS for *free*. If it's not perfect, then calling the developers names won't give them more incentive to help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PostgreSQL Problem
I have the same problem. Until now, the only solution was kill -9 in the crontab, every half an hour or so. The suggestion from the list is recompile the fr with the same version of psql client libraries and server. I havent done that yet because I'm waiting for a PostgreSQL upgrade, scheduled to the next week, but if you try that and tell me the result, it would be really useful. Regards Guillermo Eric Dean wrote: I was having pgsql problem between freeradius 0.7.1 and my postgres database whereby freeradius would lose it's db connection. I upgraded to 0.8.1 and I still get the same errors. However, with 7.1, freeradiusd would keep running and responding to queries...however, 8.1 just stops...dead...I have to kill -9 it. Then it restarts...for a little bit...minutes to hours at a time: Fri Feb 7 04:40:14 2003 : Error: rlm_sql_postgresql: Couldn't connect socket to PostgreSQL server [EMAIL PROTECTED]:bar Fri Feb 7 04:40:14 2003 : Error: rlm_sql_postgresql: Postgresql error '' Fri Feb 7 04:40:14 2003 : Error: rlm_sql_postgresql: PostgreSQL Query failed Error: no connection to the server Fri Feb 7 04:40:14 2003 : Error: rlm_sql (sql): failed after re-connect - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: Load balancing over two freeRADIUS Server
Why you want to do that? This adds another point of failure to the system. Most of the NAS let you put two or more radius servers in the auth/acc config. That way you can do balancing and still have failure protection. Chesi Maurizio wrote: We have been asked to put a load balancer to distribuite the load between two radius servers. The architecture will encompasses a hardware load balancer in front of 2 freeRADIUS servers. We are wondering if this may cause a problem being the possibility that, for example an access-request may be managed by a server and, in case of challenge, the response access-request containing the response to the challenge may be managed by the other radius server. Thank you for any suggestion. Maurizio Chesi NETikos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fr cvs and PostgreSQL
Thanks for answering. I have already posted my problems to the list but I got no answers. I'm getting this error on the Postgres logs: pq_recvbuf: unexpected EOF on client connection That happens only with freeradius connections. Other clients of PostgreSQL (and I have a lot) never produce this messages. I think that the fr sql code should be improved to make it more robust, specially in the reconnects. When it fails to do an insert (happens sometimes with fields too wide, timeouts due to the network, etc) it never does the insert right the second time. And then it does never try again. I know that in the case of malformed fields, like the username, it's going to fail again because postgres wont accept the 32 chars data, but in other cases it should. But, what I can't explain is that running radiusd -X, I get some SQL_DOWN in places where shouldn't be. Im 100% sure that my SQL backend it's working properly. In all that cases, I lose a record. I would send you any other information that you consider necesary in order to debug this Thanks again Guillermo Peter Nixon wrote: On Mon, 27 Jan 2003 07:30 pm, Guillermo Schimmel wrote: Hi, I would like to exchange some experiences with somebody using freeradius with PostgreSQL. That's because I'm having problems (I lose some records) and don't know what to do. So I want to compare my setup which someone else's. I also am using FreeRadius CVS + PostgreSQL 7.3 in a large installation and can possibly help you. Why don't you post your problem to the mailing list though. that way we can all have a stab at helping you. What sort of records are you losing? When? Are you seeing errors in radius.log? Do you see the same loss of records when running freeradius under debugging with SQL tracing turned on? If so have you tried to execute the failed SQL statements manually and checked the error that PG is returnng?? Answer all these questions, and you will probably find your problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
fr cvs and PostgreSQL
Hi, I would like to exchange some experiences with somebody using freeradius with PostgreSQL. That's because I'm having problems (I lose some records) and don't know what to do. So I want to compare my setup which someone else's. Thanks Guillermo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error compiling the krb5 Module
I have the same error. Since I don't use krb, what I have done is delete the src/modules/rlm_krb directory. That worked fine for me. Regards Stefan Immel wrote: Hi all I got an error compiling freeradius, there seems to be something wrong with the krb5 module. I tried both the 0.8.1. stable version and the current CVS snapshot (20030108). My platform is SuSE Linux 8.0. Is there any way to disable the krb5 module ? I tried using --disable-krb5 and --without-krb5 both but that doesn't seem to work. I'm not good enought in C to fix those errors. Can anybody help me there ? In file included from /usr/include/heimdal/krb5.h:670, from rlm_krb5.c:39: /usr/include/heimdal/krb5-protos.h:116: warning: declaration of `close' shadows global declaration /usr/include/heimdal/krb5-protos.h:1115: warning: declaration of `index' shadows global declaration /usr/include/heimdal/krb5-protos.h:1337: warning: declaration of `version' shadows global declaration /usr/include/heimdal/krb5-protos.h:1852: warning: declaration of `ctime' shadows global declaration /usr/include/heimdal/krb5-protos.h:2359: warning: declaration of `version' shadows global declaration rlm_krb5.c: In function `verify_krb5_tgt': rlm_krb5.c:60: warning: implicit declaration of function `krb5_princ_component' rlm_krb5.c:60: `c' undeclared (first use in this function) rlm_krb5.c:60: (Each undeclared identifier is reported only once rlm_krb5.c:60: for each function it appears in.) rlm_krb5.c:60: invalid type argument of `-' rlm_krb5.c:60: invalid type argument of `-' rlm_krb5.c:60: invalid type argument of `-' rlm_krb5.c:60: invalid type argument of `-' rlm_krb5.c:60: invalid type argument of `-' rlm_krb5.c:113: warning: implicit declaration of function `krb5_free_data_contents' rlm_krb5.c: In function `krb5_auth': rlm_krb5.c:150: warning: initialization makes pointer from integer without a cast rlm_krb5.c:152: warning: excess elements in struct initializer rlm_krb5.c:152: warning: (near initialization for `tgtname') rlm_krb5.c:221: request for member `length' in something not a structure or union rlm_krb5.c:222: request for member `data' in something not a structure or union rlm_krb5.c:225: request for member `length' in something not a structure or union rlm_krb5.c:226: request for member `data' in something not a structure or union gmake[6]: *** [rlm_krb5.o] Error 1 -- Stefan Immel |N|O|C Network Operation Center -+-+-+--- | Grove Auf der Stuecke 6Tel. +49 2773-8167-0 35708 Haiger / Germany Fax +49 2773-8167-20 -- mailto:[EMAIL PROTECTED] http://www.grove.de There is always hope, only because it is the one thing nobody's figured out how to kill yet. ~ Galen, Crusade Racing The Night -- http://www.nocr2.de - NOC R2 die Lösung für den IT-Workflow -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postgres Error - DEBUG: pq_recvbuf: unexpected EOF on client connection
Hi list: I've been using freeradius for a long time, and allways had this error on the PostgreSQL logs. I used to think that it was a configuration problem with my installation of postgres, but now I think that I have it properly configurated, and pretty optimized. I have several applications using the same db backend, and freeradius is the only one that generates this messages. Today, I have installed the last CVS, which I note that have some changes in the SQL code, but it still does this. Don't know if it is related to this, but I keep losing some account records. (aprox 10%) The version of Psql is 7.2. Anybody has any idea? Thanks in advance Guillermo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postgres error with 0.8
Hi everybody: After installing v0.8, i get a lot of: DEBUG: pq_recvbuf: unexpected EOF on client connection on the postgres logs. And also some: Mon Nov 18 16:13:42 2002 : Info: rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded and linked Mon Nov 18 16:13:42 2002 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius On the radius logs. Now, the threads are not dying, there aren't logs like increment the number of sockets, the database backend it's running a lot faster than needed. So I don't understand why the connections are dying like that. The account reccords seems to be right also. Any hint? Thanks a lot Guillermo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MSSQL and FreeRADIUS
May I ask why? You have excelent choices out there, i.e. LDAP. Brian Johnson wrote: I am looking to create a completely custom user system database backend for FreeRADIUS. I was wondering if there is a doc on the variables that may be used in the SQL queries specified in the mssql.conf file. I would like to pass the username and the NAS address or other identifier to a stored procedure on the SQL server and then give the output in the format desired by the module. If anyone has already done this, please tell me where to go for the 411. TIA ___ Brian Johnson Internet Operations Specialist Northern Valley Communications Let's Roll! - Todd Beamer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with hints/users file please
Hi list: I have to proxy some request to another's company radius, based on called-station-id. I am doing it with this line: DEFAULT Called-Station-Id == 40004009, Proxy-To-Realm := prima Now, the problem is that the PSTN switch that we use, (Ericsson AXE) is a piece of s..., and we receive things like: 40004009 1140004009(11 is the area code) 12240004009 (122 is our telco code) 1221140004009 (both) And so on Now, the other company is using radiator, and they would like to receive allways 1140004009. How can I rewrite the Called-Station-Id AND Proxy-To-Realm? I tried things like: DEFAULT Called-Station-Id == 40004009, Called-Station-Id = 1140004009,Proxy-To-Realm := prima But it didn't work. The truth is that I don't really understand the users file and the processing_users_file it's too complicated for my english. I have also tried something with the hints file but with the same results. So freeradius guru's out there, please help me... One more time, thanks a lot for this wonderfull software and all your support. Guillermo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
Chris Parker wrote: At 11:41 AM 10/17/2002 -0300, Guillermo Schimmel wrote: Hi list: I have to proxy some request to another's company radius, based on called-station-id. I am doing it with this line: DEFAULT Called-Station-Id == 40004009, Proxy-To-Realm := prima Now, the problem is that the PSTN switch that we use, (Ericsson AXE) is a piece of s..., and we receive things like: 40004009 1140004009 (11 is the area code) 12240004009 (122 is our telco code) 1221140004009 (both) And so on There is a regular expression operator that would allow you to do something like: DEFAULT Called-Station-Id =~ *40004009$, Proxy-To-Realm := prima The problem with that is that I have several cities, and the numbers can contain each other, like: City 1: 400040 City 2: 40400040 So I would have to play with the order in with the expresion are evaluated, and I don't like it :) Now, the other company is using radiator, and they would like to receive allways 1140004009. How can I rewrite the Called-Station-Id AND Proxy-To-Realm? You could try using the := operator on the second Called-Station-Id attribute. This doesn't work. There is something on processing_users_file that says: If an attribute is already present in the check pairlist of the request it will not be changed (see files.c:movepair). But there is no movepair on files.c :( Also, there is currently a new feature added to the server for 'pre-proxy' under which you could rewrite the attributes before proxying to the remote server. This is a new feature so it's not widely documented yet, but it does exist and should allow you to do what you need. So I think that this could be what I need. What can I read about this? How new is that? It is on 0.7? Or on CVS? Thanks -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with hints/users file please
Ok . Thanks. Unfortunately, my boss doesn't want to upgrade the freeradius to the cvs version. He is getting older and it's starting to like stability. I will have to wait at least until 0.8 (That sounds stable enough for him. I don't get it.) So, there isn't any chances for me to rewrite the Calling-Station-Id value? Thank you very much to both of you Alan and Chris for your time. Guillermo Alan DeKok wrote: Chris Parker [EMAIL PROTECTED] wrote: You will probably want to try an entry similar to: DEFAULT Called-Station-Id == 40004009 Called-Station-Id := 1140004009 I believe it will work both before authorization and accounting, though I'm not positive on the accounting part. When using preproxy, *all* requests which get proxied get passed through the 'preproxy_users' file. This means BOTH accounting and authentication. It may be useful to split them up, but that may be more work than it's worth. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sql version of IP pool
Would it work with two (or n) radius servers and only one IP database? If so, PLEASE let me use it. Thanks Guillermo Allister Maguire wrote: Hello, We have been working on a sql version of the ip pool module for our own use, a little more testing and it will be done. Would anyone else be interested in using it? Regards Allister P Maguire - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
Kostas Kalevras wrote:
On Tue, 13 Aug 2002, Guillermo Schimmel wrote:
It still doesn't work.
Hi list:
I'm starting the tests with the ippool module.
I added this line on the users file:
DEFAULT NAS-IP-Address == 10.169.255.11, Auth-Type :=
Accept, Pool-Name := prueba
And created an IP pool:
ippool prueba {
range-start = 10.170.200.1
range-stop = 10.170.200.254
netmask = 255.255.255.0
cache-size = 800
session-db = /raddb/db.ippool
ip-index = /raddb/db.ipindex
}
I can start the server and it works ok, but it doesn't reply with
the Framed-IP-Address attribute.
What am I doing wrong?
I'm sorry if this is ANOTHER stupid question.
Thanks a lot for your time.
Guillermo
Have you added the module in the authorize and accounting sections in
radiusd.conf? Make sure also that ippool comes after the files module in the
authorize section.
Yes, I have done so.
Is this output OK? (The noop part)
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
modcall[authorize]: module files returns notfound
modcall[authorize]: module ippool returns noop
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module chap returns noop
modcall: entering group group
Where else should I look?
Is there any documentation for the ippool module?
Thanks
Guillermo
--
Kostas KalevrasNetwork Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone:+30 10 7721861
'Go back to the shadow'Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
Kostas Kalevras wrote:
On Wed, 14 Aug 2002, Guillermo Schimmel wrote:
Yes, I have done so.
Is this output OK? (The noop part)
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
modcall[authorize]: module files returns notfound
modcall[authorize]: module ippool returns noop
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module chap returns noop
modcall: entering group group
Where else should I look?
Please post the authorize and accounting sections of your radiusd.conf
authorize {
preprocess
files
ippool
chap
group {
ldap1 {
fail = 1
notfound = 2
noop = return
ok = return
updated = return
reject = return
userlock = return
invalid = return
handled = return
}
ldap2 {
fail = 1
notfound = 2
noop = return
ok = return
updated = return
reject = return
userlock = return
invalid = return
handled = return
}
}
}
accounting {
acct_unique
detail
sql
ippool
}
Is there any documentation for the ippool module?
Apart from the comments in the configuration file, no.
--
Kostas KalevrasNetwork Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone:+30 10 7721861
'Go back to the shadow'Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
Kostas Kalevras wrote:
On Wed, 14 Aug 2002, Guillermo Schimmel wrote:
authorize {
preprocess
files
ippool
chap
group {
ldap1 {
fail = 1
notfound = 2
noop = return
ok = return
updated = return
reject = return
userlock = return
invalid = return
handled = return
}
ldap2 {
fail = 1
notfound = 2
noop = return
ok = return
updated = return
reject = return
userlock = return
invalid = return
handled = return
}
}
}
accounting {
acct_unique
detail
sql
ippool
}
Replace ippool with prueba and everything should work ok.
Now the server doesn't start. It gives the following error:
Module: Loaded IPPOOL
ippool: session-db = /usr/local/etc/raddb/db.ippool
ippool: ip-index = /usr/local/etc/raddb/db.ipindex
ippool: range-start = 10.170.201.1 IP address [10.170.201.1]
ippool: range-stop = 10.170.200.254 IP address [10.170.200.254]
ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
ippool: cache-size = 254
rlm_ippool: Invalid configuration data given.
radiusd.conf[330]: prueba: Module instantiation failed.
--
Kostas KalevrasNetwork Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone:+30 10 7721861
'Go back to the shadow'Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
Yes, it seems like I have several errors. Now Its working.
Now, I have read that you can use the Pool-Name attribute to select one
IP Address pool, that's why I started trying this.
I have to share a NAS for Internet Access and VPN access and I'm going
to do that by routing and firewalling, assigning different pools based
on some like group.
So, I define two (or more) pools in radiusd.conf like:
ippool test1 { ...}
ippool test2 { ...}
...
ippool testn { ...}
And I thought that in the authorization section I had to put ippool,
and it would take the Pool-Name attribute to choose a pool.
But now It seems like I have to put one specific ip pool.
Could you please tell me which is the correct usage of this feature?
Thank you very very much for your help.
Kostas Kalevras wrote:
On Wed, 14 Aug 2002, Guillermo Schimmel wrote:
Module: Loaded IPPOOL
ippool: session-db = /usr/local/etc/raddb/db.ippool
ippool: ip-index = /usr/local/etc/raddb/db.ipindex
ippool: range-start = 10.170.201.1 IP address [10.170.201.1]
ippool: range-stop = 10.170.200.254 IP address [10.170.200.254]
ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
ippool: cache-size = 254
rlm_ippool: Invalid configuration data given.
radiusd.conf[330]: prueba: Module instantiation failed.
Check your range-start. It should probable read 10.170.200.1. In any case it
should not be an ip number lower than the range-stop.
--
Kostas KalevrasNetwork Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone:+30 10 7721861
'Go back to the shadow'Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ip pool again
It still doesn't work.
Hi list:
I'm starting the tests with the ippool module.
I added this line on the users file:
DEFAULT NAS-IP-Address == 10.169.255.11, Auth-Type :=
Accept, Pool-Name := prueba
And created an IP pool:
ippool prueba {
range-start = 10.170.200.1
range-stop = 10.170.200.254
netmask = 255.255.255.0
cache-size = 800
session-db = /raddb/db.ippool
ip-index = /raddb/db.ipindex
}
I can start the server and it works ok, but it doesn't reply with
the Framed-IP-Address attribute.
What am I doing wrong?
I'm sorry if this is ANOTHER stupid question.
Thanks a lot for your time.
Guillermo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with accounting (postgresql)
I'm sorry for posting this another time, but I don't know what to do. Hi everybody: I work for a Telco in Argentina, we are small but growing, and fortunately, my boss likes open source solutions, so we have installed freeradius 0.4 in a production environment. We have two HP Netserver LPr2000 (Dual PII 500, 512MB RAM) as our primary and secondary radius server. The freeradius gets the user accounts from two replicated OpenLDAP 2, and does the accounting on a PosgreSQL database. At the moment, we have 50k accounts, and 5 NAS and its working pretty well. We would like to grow up to 500k accounts with the same hardware. (Coments?) The only problem that we had was that yesterday, we restarted our postgres server, and with no errors, our accounting died. So, we lost all the records of about 8 hours. Obviously, the connection between radiusd and postgres died and it never came back. Now, how can I avoid that? There is any way to reset the radiusd-postgresql connection without restarting the whole server? Are there radiusd developers in this list? If not, where can I go for help? Besides that, the product is great. Thanks. Guillermo Schimmel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
