Re: Limiting Users

[Guy Fraser]

rlm_counter can be configured to limit things other than time.

It should be possible to limit the number of calls that match
some parameters. The parameter that should match would likely be
Called-Station-Id or Realm to determine an ISP.
Check the Archives there are probably some examples, I seem to
recall this question being answered before.
Anson Rinesmith wrote:

How/Can freeradius limit the number of users logged into a certain NAS?

Let’s say I have 2 NAS’s with 120 ports apiece that I resell ports to 
other ISP’s. I have one ISP that wants 24 ports at each location, and 
a second ISP that wants 24 ports at each location, how can I keep one 
ISP from spilling over their 24 ports?

Anson Rinesmith

Internet Operations Manager

Big River Telephone Company

800-455-1608 x106

573-382-0555

www.bigrivertelephone.com 



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dialup_admin & Postgresql

[Guy Fraser]

Hi

I did a bunch of work on Dialup Admin, and it works with PostgreSQL in CVS,
I have just put up a patch site for the dialup_admin/bin scripts, but 
they have not
been approved yet. This is where you can find the patch for the 
dialup_admin/bin
scripts against the cvs :

http://sphinx.incentre.net/

The instructions to get the cvs are at :

http://www.freeradius.org/development.html#cvs

Have a nice day

Roberto Fichera wrote:

Hi All,

does anyone know if Dialup_admin works with
PostgreSQL 7.3.4 ? I'm using RH9b with Freeradius 0.9.3.
Thanks in advance.

Roberto Fichera.

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Easy User Interface?

[Guy Fraser]

If you are using MySQL, then dialup admin is a good option, for maintaning
accounts.
I have been building compatability for PostgreSQL into Dialup Admin in CVS.

If you wanted PostgreSQL support for Dialup Admin in 0.9.3,  you could 
go to
the developer area and get the CVS version. I am still testing the "bin" 
scripts,
but the php has already been commited.

As for configuring the server... {scratching head} ...that isn't available.
Once the servr is configured, it shouldn't require very much fiddling
with, but it would be nice to be able to change more than just user
accounts. Eventualy it would be nice to be able to maintain realms, and
NAS configurations as well.
Cris Boisvert wrote:

Yes I agree Doesn't adduser make a unix user also? I only want to make a
radius user .. And I want to set  options
Also...
I'm guessing that someone has made a ease of use system that can add,
subtract and modify users?
Thanx

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Drew Weaver
Sent: Friday, December 19, 2003 3:57 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Easy User Interface?
Webmin is a bigger risk than teaching your techs to use pico or adduser.

-Drew

-Original Message-
From: Cris Boisvert [mailto:[EMAIL PROTECTED] 
Sent: Friday, December 19, 2003 3:30 PM
To: [EMAIL PROTECTED]
Subject: Easy User Interface?

Does Anyone Use an easy user interface...Webmin.. Or a script? I don't mind
adding the users by hand although I prefer that one of my tech support
people don't destroy my radius server due to their ignorance.?
Thanx

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Webmin

[Guy Fraser]

Take a look at

/etc/rc.d/init.d/ntpd

It opens a hole in the firewall for ntpd.

Or you could add

   -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 1812:1813 -j ACCEPT

or if your using 1645 and 1646

   -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 1645:1646 -j ACCEPT

To /etc/sysconfig/iptables just under the :

   -A FORWARD -j RH-Lokkit-0-50-INPUT

line.



I don't do development on RHL much any more, but will look into making a 
patch
for the RH script in CVS.

Cris Boisvert wrote:

Is their a webmin module for freeradius?

Also I have recently installed freeradius on redhat 9 and the service is
runing although the port is not accessable on the machine.. I can do
requests although the server never responds.. 
I have setup the nas servernames and passwords... I think that I have not
attached the radius process to open a port for itself.. Although I don't
know how...

Thanx
CRIS
 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Repeating authentication all the time

[Guy Fraser]

Just a guess:

Is there any firwall software/hardware that may not be allowing the 
acknowledgement
to be returned to the NAS?

Sevcik Berndt wrote:

The authentication now works and I see an Access Accept Packet at the
end. But the interesting is that the authentication goes a few seconds
later on and the same process is repeated.
The Windows XP PC never gets really authenticated. The Access Point show
that the authentication was successfull (RoamAbout R2)
Has someone the same experience?

Thanks
Berndt
 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: accounting_stop request: bigint

[Guy Fraser]

Show us the detail file entry.

You have no valid data in that record, other than the NAS-IP-Address,
User-Name, and Acct-Session-Id.
What are you using to generate the accounting record?

If this is comming from a NAS, then why is the Acct-Session-Id the same
in both your examples.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: accounting_stop request: bigint

[Guy Fraser]

Check the Acct_Session-Time in 
/usr/local/var/log/radius/radacct/192.168.0.1/detail-20031213
for the stop record of session "816".
The sql is attempting to set AcctSessionTime = ''

AcctSessionTime is a bigint, and '' is not an integer, that is
why you are getting the error.


Click Chebon wrote:

Using Postgresql 4.7
and FreeRadius 0.9.3
on FreeBSD 5.1
On sending an Accounting Stop Request to Freeradius
I get some errors in summary
invalid input syntax for type bigint: ""
below is the error log and
Below the log is the standard part of postgresql.conf I am using it
unmodified
Nothing to do.  Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 192.168.0.1:3306, id=21,
length=38
   User-Name = "clint"
   Acct-Status-Type = Stop
   Acct-Session-Id = "816"
modcall: entering group preacct for request 3
 modcall[preacct]: module "preprocess" returns noop for request 3
   rlm_realm: No '@' in User-Name = "clint", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[preacct]: module "suffix" returns noop for request 3
modcall: group preacct returns noop for request 3
modcall: entering group accounting for request 3
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request,
unique ID MAY be incons
istent
rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.0.1,NAS-IP-Address =
192.168.0.1,Acct-Sess
ion-Id = "816",User-Name = "clint"'
rlm_acct_unique: Acct-Unique-Session-ID = "38a313dce3842355".
 modcall[accounting]: module "acct_unique" returns ok for request 3
radius_xlat:
'/usr/local/var/log/radius/radacct/192.168.0.1/detail-20031213'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /usr/
local/var/log/radius/radacct/192.168.0.1/detail-20031213
 

...snip...

rlm_sql (sql): Connected new DB handle, #1
rlm_sql_postgresql: query: UPDATE radacct ??SET AcctStopTime = (now() -
'0'::interval), AcctSessi
onTime = '', ??AcctInputOctets = (('0'::bigint << 32) + '0'::bigint),
??AcctOutputOctets = (('0':
:bigint << 32) + '0'::bigint), ??AcctTerminateCause = '', AcctStopDelay =
'0', ??FramedIPAddress
= NULLIF('', '')::inet, ConnectInfo_stop = '' ??WHERE AcctSessionId = '816'
AND UserName = 'clint
' ??AND NASIPAddress = '192.168.0.1' AND AcctStopTime IS NULL
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQL accounting STOP record - ERROR:  invalid
input syntax for type
bigint: ""
 

...snip...



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Testers Please - MySQL and PostgreSQL compatability patch

[Guy Fraser]

I hoped these patches would have been applied to CVS by now, but they 
haven't.

If anyone is interested in PostgreSQL support for freeradius, please 
check out
the site I have setup, and send feedback if you find any problems.

I have verified my patch against the CVS as of 2003 Dec 15 10:15.

Have anice day

Guy Fraser wrote:

This patch has been made against the CVS tree, I have verified that it 
applies
to the CVS as of Dec 10 16:11 2003 MDT. This is a unified patch that will
patch the radiusd directory.

I have solved, all the compatibility issues between MySQL and PostgreSQL
for Dialup Admin,as far as I can tell. I tested all the dialupadmin 
interfaces with
PostgreSQL and MySQL. They both work and all I have to do to switch 
between
them is change the sql driver and port in conf/admin.conf.

I have done a considerable amount of work getting this code to work with
PostgreSQL and ensuring that MySQL works without having to modify
the SQL tables, data or any of the other config files. It is dead easy 
to see that
the code works. I have provided a patch, some sample data for both MySQL
and PostgreSQL and a demo site running with both configurations.

The homepage for the site is at :

http://sphinx.incentre.net/

Please have a look, and get back to me with your suggestions. I would 
like to see
this put into cvs soon. I have a fair amout of other development to 
do, and don't
want to have too many patch levels to maintain.

For the non developers watching this post, these are the steps 
required to test this
patch :

mkdir test-dir
cd test-dir
cvs -d :pserver:[EMAIL PROTECTED]:/source login

cvs -d :pserver:[EMAIL PROTECTED]:/source checkout radiusd
cvs -d :pserver:[EMAIL PROTECTED]:/source logout
patch < dialupadmin-pg-compatability.patch
The radiusd directory should now be patched.

I will put the patches for the dialup_admin/bin files once I get 
feedback.

RSVP

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: What is a good wireless solution for a small restaurant.

[Guy Fraser]

Hi

I found a nice solution at D-Link, DSA-3100 + DSA-3100P together they 
can be a simple standalone solution, but the DSA-3100 can be used with a 
radius server as well. The DSA-3100 has a 802.1x  feature that  supports 
EAP-TLS and EAP-MD5. At USD$499 it seems like a decent solution. The 
DSA-3100P ticket printer is USD$399 ... YIKES, a little pricy, but 
allows one touch ticket generation for timed accounts.

Have a nice day

Rob Genovesi wrote:

Use this page as a "cheatsheet" of sorts :
http://www.airpath.com/Products/wiboss_lite/compat.htm
Airpath is a back-end provider for hotspot services, so they list a 
bunch of compliant devices to use with their service.  This means that 
these devices have valid radius clients, and therefore should play 
nicely with FreeRadius.

cheap and easy side:  check out the D-Link DL-3800.  minimal features, 
easy to set-up.  requires seperate wireless AP.
cheap, yet full featured - harder to config if you aren't technical:  
check out Mikrotik Router OS.

Hope this helps.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Auth: Login incorrect:

[Guy Fraser]

You have to configure and run "dialup_admin/bin/log_badlogins" to 
process you "radius.log" file and put the entries into your DB.

I have written a patch that makes log_badlogins, use the 
"raddb/clients.conf" file to determine the NAS-IP-Address.

This patch is not in CVS yet, I am waiting for some more important 
patches to applied to CVS before I resubmit this patch.

Here is a patched version for you to try.

Joe Bonow wrote:

Hello:

   After searching the limited archive I am unable to find info on how 
to have the Login Incorrect return the name of the nas that the login 
failed on.  As an example my radius.log file shows this line:

Thu Dec 11 11:42:17 2003 : Auth: Login incorrect: [test/abc] (from 
client ip99 port 1)

I am using dialup admin to check for bad logins and after reviewing 
the script it seems that the ip99 response should be more long the 
lines of say nameofnas or nameofnas.domain.  Any help would be 
appreciated.  Oh I am using a Livingston Portmaster 2e as the nas and 
the version of freeradius i am running is 0.9.2.  Thanks in advance 
for assistance.

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.


#!/usr/bin/perl
#
# Log failed logins in the sql database
# Works only with mysql an postgresql {look for PG and change commented lines}
# It will read the sql parameters from the admin.conf file
#
# Usage:
# log_badlogins  [] [all]
#
# Defaults:
# radius.log: none
# admin.conf: /usr/local/dialup_admin/conf/admin.conf 
# all:no. Go to the end of the file. Don't read it all.

use Date::Manip qw(ParseDate UnixDate);
use Digest::MD5;
$|=1;

$file=shift||'none';
$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
$all_file=shift||'no';
#
#
# CHANGE THESE TO MATCH YOUR SETUP
#
#$regexp = 'from client localhost port 135|from client blabla ';
$tmpfile='/var/tmp/sql.input';
#
#

open CONF, "<$conf"
or die "Could not open configuration file\n";
while(){
chomp;
($key,$val)=(split /:\s*/,$_);
$sql_server = $val if ($key eq 'sql_server');
$sql_username = $val if ($key eq 'sql_username');
$sql_password = $val if ($key eq 'sql_password');
$sql_database = $val if ($key eq 'sql_database');
$sql_accounting_table = $val if ($key eq 'sql_accounting_table');
$realm_strip = $val if ($key eq 'general_strip_realms');
$realm_del = $val if ($key eq 'general_realm_delimiter');
$realm_for = $val if ($key eq 'general_realm_format');
$domain = $val if ($key eq 'general_domain');
$sql_timeout = $val if ($key eq 'sql_connect_timeout');
$sql_extra = $val if ($key eq 'sql_extra_servers');
$sqlcmd = $val if ($key eq 'sql_command');
$clients= $val if ($key eq 'general_clients_conf');
}
close CONF;

open CLIENTS, "<$clients"
or die "Could not open $clients file\n";
while(){
chomp;
s/^\s*//g;
s/\s*#.*//g;
if (!/^\s*$/ && /=/) {
($key,$val)=(split /\s*=\s*/,$_);
$client_short = $val if ($key eq 'shortname');
} else {
if (/\{/) {
s/.*client\s+([^\s]*)\s+\{.*$/\1/;
if (/^\d+\.\d+\.\d+\.\d+/) {
$client = $_;
} else {
if (/\./ || /localhost/) {
$name = $_ ;
} else {
$name = $_.".".$domain;
}
$addr = gethostbyname $name;
($a,$b,$c,$d)=unpack('C4',$addr);
$client = "$a.$b.$c.$d";
#DEBUG# print $name." = ".$client."\n";
}
} else {
if (/\}/) {
$client_array{$client_short} .= $client;
}
}
}
}
close CLIENTS;

$realm_del = '@' if ($realm_del eq '');
$realm_for = 'suffix' if ($realm_for eq '');
$pass = ($sql_password ne '') ? "-p$sql_password" : '';
die "SQL server not defined\n" if ($sql_server eq '');

die "sql_command directiv

What is a good wireless solution for a small restaurant.

[Guy Fraser]

Since many of the people on this list talk about wireless systems, I 
thought I could ask for some assistance.

I have a customer with a chain of small restaurants, that want to 
provide wireless connections for his customers.

I am looking for an inexpensive secure solution.

I have heard people talking about 'walled gardens', and that may be the 
way to go.

I have been asked about the d-link and linksys wireless routers, but 
have no experience with them. To date I have only had experience with 
long haul wireless, campus wireless and wired solutions.

I don't have a firm direction from the customer yet, but there will be 
dozens of restaurants that will need to be hooked up.

I am guessing that I could somehow use FreeRadius to provide centralized 
access controls.

One of the prerequisites will likely be that there are NO moving parts 
{ie. no hard drives} on any of the devices and low power consumption {no 
large servers or monitors} in the restaurants. If required, the traffic 
could be backhauled to a centralized location over vpn's.

I would appreciate any suggestions.

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to implement "walled garden" with freeRadius?

[Guy Fraser]

It might be possible to do this using mac address access lists.

You could redirect all traffic from 'unknown' mac addresses to a 
'captive' site, and
allow 'known' mac addresses to be routed normaly.

I don't know how you would do this with the equipment you have, but it 
may give
you an idea.

[EMAIL PROTECTED] wrote:

I am climbing a learning curve at the moment, and intend to provide this
sort of functionality.
I am looking at setting up a regional wireless ISP. I am planning on
allowing everyone to associate with the wireless APs. When they open up a
web browser and try to hit a page, I am going to use squid to redirect
them to this "walled garden" page that provides limited free content and
instructions on how to subscribe to our services.
Paid subscribers will then be able to login and access the internet. I
think there may be a few ways to achieve this, but I have been testing it
using PPPoe and a RADIUS server (freeradius).
When they login, a PPP tunnel will be created and routed correctly to the
internet (with relevant access controls setup through squid).
If anyone else has any ideas in respect to this sort of setup, I would
welcome suggestions!
 

Any recommendation on implementing "walled garden"
with freeRadius and cisco 1100 APs.  The "walled
garden" allows wireless user to access some
pre-defined websites even BEFORE they login.
Has anyone done this before?  The idea is to allow
user visit our sign-up website and download the
certificate (generated with OpenSSL).
After the user has installed the certificate,
freeRadius will autheticate the user with EAP-TLS and
the user can access any websites after that.
Is there any other free software that supports the
"walled garden"?  Any suggestions or URL refs are
appreciate.
Richard
   



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius 0.9.3 with mysql

[Guy Fraser]

The init command will depend on the distribution you are using.

On RH, as root it should be somthing like :

/sbin/service radiusd restart

On Debian :

/etc/init.d/freeradius restart

On Suse:

/etc/init.d/radiusd restart

On FreeBSD :-)

/usr/local/etc/rc.d/radiusd.sh restart

Good luck.

Justin Williams wrote:

Thanks!  Was thinking in terms of daemons like httpd, which have their
own start/stop commands.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, December 10, 2003 1:57 PM
To: [EMAIL PROTECTED]
Subject: Re: Freeradius 0.9.3 with mysql 

"Justin Williams" <[EMAIL PROTECTED]> wrote:
 

By the way, I did not see a command in the man pages to restart 
radiusd after making config changes.  Is there such?
   

 Huh?  It's a normal program.  You just kill it, and re-start it.

 Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: unknown proxy ?

[Guy Fraser]

I have noticed you have configured naslist, clients and clients.conf.

The clients.conf file is all you need, and should probably move or remove
the clients and naslist files since the are deprecated and may conflict.
I have not looked into the source to find out what happens when you have 
both sets
of files, but you should notice the informational messages warning you 
about
these files in your log file.

Also, whats up with the ports?

It looks like you have two different radius servers running, maybe your
problem is that you are looking at the wrong config files.
Alex Radetsky wrote:

On Wed, Dec 10, 2003 at 03:11:42PM +0100, Thomas MARCHESSEAU wrote:

Hi Alex,

did u check clients.conf ?


[EMAIL PROTECTED] bin]# grep "195.123.5.10" /usr/local/radius-proxy/etc/raddb/*
clients: 195.123.5.10 123
clients.conf: client 195.123.5.10 {
proxy.conf: authhost = 195.123.5.10:1812
proxy.conf: accthost = 195.123.5.10:1645
Yes, I do.

Ok, I'll search this message in sources and will find what I got to do.
Thanks! ;)
--
Guy Fraser
Network Administrator


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius with MySQL

[Guy Fraser]

Please read the FAQ before posting again.

Turn off your Graphic and html.

Leandro Sant'ana wrote:




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin (cvs last 12-04-2003)

[Guy Fraser]

Please explain.

What online information are you refering to ?

Do you have your NAS boxes configured in naslist.conf ?

apellido jr., wilfredo p wrote:

hello guys, NAS doesnt show in User's Online
Information. 

=
wilfredo pahilanga apellido jr.
technical support
mactan online
bacolod city, philippines
+63 34 4348311
If you can't hear me, it's because i'm in parentheses.

__
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: sample data for mysql setup with dialup_admin

[Guy Fraser]

I forgot to add a comment with the password for troll since it is 
encrypted. :)
The password is : skunk

Have a nice day, y'all.

Guy Fraser wrote:

Hi

I know people are always asking for sample data, since I am in the 
process of testing the mysql version of dialup_admin for compatability
with my postgresql patches, I have created some sample data for testing.





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

sample data for mysql setup with dialup_admin

[Guy Fraser]

Hi

I know people are always asking for sample data, since I am in the 
process of testing the mysql version of dialup_admin for compatability
with my postgresql patches, I have created some sample data for testing.



--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.

delete from usergroup ;
insert into usergroup (username,groupname) values('fredf','ppp-unlimited');
insert into usergroup (username,groupname) values('barneyr','ppp-static');
insert into usergroup (username,groupname) values('troll','ppp-unlimited');
insert into usergroup (username,groupname) values('frog','nas-prompt');

delete from radcheck ;
insert into radcheck (username,attribute,op,value) 
values('fredf','User-Password','==','wilma');
insert into radcheck (username,attribute,op,value) 
values('barneyr','User-Password','==','betty');
insert into radcheck (username,attribute,op,value) 
values('troll','Crypt-Password','==','$1$A8BotTi4$UTg2XL.fSStI2RFENUfnR.');
insert into radcheck (username,attribute,op,value) 
values('frog','User-Password','==','kermit');

delete from radreply ;
insert into radreply (username,attribute,op,value) 
values('barneyr','Framed-IP-Address',':=','10.19.65.38');
insert into radreply (username,attribute,op,value) 
values('barneyr','Framed-IP-Netmask',':=','255.255.255.252');

delete from radgroupcheck ;
insert into radgroupcheck (groupname,attribute,op,value) 
values('ppp-unlimited','Auth-Type',':=','Local');
insert into radgroupcheck (groupname,attribute,op,value) 
values('ppp-static','Auth-Type',':=','Local');
insert into radgroupcheck (groupname,attribute,op,value) 
values('nas-prompt','Auth-Type',':=','Local');

delete from radgroupreply ;
insert into radgroupreply (groupname,attribute,op,value) 
values('ppp-unlimited','Framed-Compression',':=','Van-Jacobsen-TCP-IP');
insert into radgroupreply (groupname,attribute,op,value) 
values('ppp-unlimited','Framed-Protocol',':=','PPP');
insert into radgroupreply (groupname,attribute,op,value) 
values('ppp-unlimited','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) 
values('ppp-unlimited','Framed-MTU',':=','1500');
insert into radgroupreply (groupname,attribute,op,value) 
values('ppp-static','Framed-Compression',':=','Van-Jacobsen-TCP-IP');
insert into radgroupreply (groupname,attribute,op,value) 
values('ppp-static','Framed-Protocol',':=','PPP');
insert into radgroupreply (groupname,attribute,op,value) 
values('ppp-static','Service-Type',':=','Framed-User');
insert into radgroupreply (groupname,attribute,op,value) 
values('ppp-static','Framed-MTU',':=','1500');
insert into radgroupreply (groupname,attribute,op,value) 
values('nas-prompt','Framed-MTU',':=','1500');
insert into radgroupreply (groupname,attribute,op,value) 
values('nas-prompt','Framed-Compression',':=','Van-Jacobson-TCP-IP');
insert into radgroupreply (groupname,attribute,op,value) 
values('nas-prompt','Service-Type',':=','NAS-Prompt');

delete from userinfo ;
insert into userinfo (username,name,mail,department,workphone,homephone,mobile) 
values('fredf','Fred Flintstone','-','Quarry','-','-','-');
insert into userinfo (username,name,mail,department,workphone,homephone,mobile) 
values('barneyr','Barney Rubble','-','Office','-','-','-');
insert into userinfo (username,name,mail,department,workphone,homephone,mobile) 
values('troll','Erik The Red','-','Bridge','-','-','-');
insert into userinfo (username,name,mail,department,workphone,homephone,mobile) 
values('frog','Kermit The Frog','-','Pond','-','-','-');

delete from totacct ;
insert into totacct 
(username,acctdate,connnum,conn

Re: question about log_badlogins

[Guy Fraser]

What version of FR did you get this from?

Are the usenames in your log file?

alantu wrote:

>Hi all
>  when I run the log_badlogins, The result "username" is just a "-" in the db.
>  
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: framedaddress accounting

[Guy Fraser]

This is a cisco issue.

Add something like {This is what I use on my 5200's}:
   aaa accounting update newinfo
Go to Cisco's site for more information, and the specific commands for your
version of IOS.
This is most of the AAA config on one of my 5200's :

aaa new-model
aaa authentication login default local radius
aaa authentication login vty-local local
aaa authentication login console none
aaa authentication login rad-access local radius
aaa authentication ppp default if-needed local radius
aaa authentication ppp radius-access if-needed local radius
aaa authorization network default radius
aaa accounting nested
aaa accounting update newinfo
aaa accounting exec default start-stop radius
aaa accounting network default start-stop radius
aaa accounting connection default start-stop radius
aaa accounting system default start-stop radius
Read the Cisco docs, to learn what these do, or oyu may get unexpected 
results.

Tony Axtell wrote:

Greetings!

I'm new to freeradius, I have a freeradius-0.9.1 install with mysql
support (for accounting only) on a freebsd 5.1 box.
I'm experiencing some issues with logging of accounting where the
Framed-IP-Address only shows at the stop of a user session, not at
start, so I cannot query from the mysql db for the IP address of a user
that is currently online. Does anybody know what I might be doing wrong?
The NAS handles the IP allocation. We use cisco AS5200.
Also I am looking for a simple web php script i can use to query
accounting info from the mysql db, such as IP/User searches, I am
looking at "dialup-admin" however its pretty much based off of sql
userbase authentication which I am using files. 

Please help. Thanks in advance.

Tony Axtell

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How do I submit an port update for FreeBSD

[Guy Fraser]

There are afew changes that need to be made.

In files/patch-ab :

--- src/modules/rlm_mschap/rlm_mschap.c.origTue Sep 16 12:40:05 2003
+++ src/modules/rlm_mschap/rlm_mschap.c Mon Dec  1 15:23:30 2003
@@ -260,10 +260,15 @@
SHA1_CTX Context;
char hash[20];

+   const char *name;
+
+   name = strchr(user_name, '\\');
+   name = name == NULL ? user_name : name + 1;
+
SHA1Init(&Context);
SHA1Update(&Context, peer_challenge, 16);
SHA1Update(&Context, auth_challenge, 16);
-   SHA1Update(&Context, user_name, strlen(user_name));
+   SHA1Update(&Context, name, strlen(name));
SHA1Final(hash, &Context);
memcpy(challenge, hash, 8);
 }
It appears as though, the location in the file for this patch
has changed to :
@@ -220,10 +220,15 @@
And then patch will apply there, but I'm not sure if it is required
for 0.9.3?
The patch files/patch-aa is no longer required, and the other
patches are only for relocating the documentation, but still apply.
Other than changing the version numbers and MD5 checksum in :
/usr/ports/net/freeradius/Makefile
and
/usr/ports/net/freeradius/distinfo
It would be nice if the person responsible for the port would update
the cvs for the port. I can't remember where to go to submit the
updates.
--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MRTG graphing from radacct sql data

[Guy Fraser]

Me too please, err is that six... ;)

I would like to see what you have, I have been considering some kind of
raduse replacement, my boss misses it. In FreeBSD it doesn't seem to work
for all shornames, the radwtmp or radutmp whichever it is truncates the
shortnames at 5 or 6 characters. :-(
Joe Maimon wrote:

Hello all,

I have put togetother a couple scripts and a program that allows me to 
MRTG graph dialup users from the radius accounting sql table.

Very unpolished. If anyone is interested in helping me develop/test, 
please drop me a line.

Thanks,

Joe

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: adding Client-Short-Name attribute

[Guy Fraser]

%$^&$*

I forgot the stupid file :-[ .

Here it is.

#!/usr/bin/perl
#

$|=1;

$clients=shift||'/usr/local/etc/raddb/clients.conf';

# Customize for your default domain
$domain='incentre.net';

printf("client,secret,shortname,clienttype,login,password\n");

open CLIENTS, "<$clients"
or die "Could not open $clients file\n";
while(){
chomp;
s/^\s*//g;
s/\s*#.*//g;
if (!/^\s*$/ && /=/) {
($key,$val)=(split /\s*=\s*/,$_);
$client_secret = $val if ($key eq 'secret');
$client_short = $val if ($key eq 'shortname');
$client_type = $val if ($key eq 'nastype');
$client_login = $val if ($key eq 'login');
$client_password = $val if ($key eq 'password');
} else {
if (/\{/) {
s/.*client\s+([^\s]*)\s+\{.*$/\1/;
if (/^\d+\.\d+\.\d+\.\d+/) {
$client = $_;
} else {
if (/\./ || /localhost/) {
$name = $_ ;
} else {
$name = $_.".".$domain;
}
$addr = gethostbyname $name;
($a,$b,$c,$d)=unpack('C4',$addr);
$client = "$a.$b.$c.$d";
#DEBUG# print $name." = ".$client."\n";
}
#   $client = $_;
} else {
if (/\}/) {
@client_info = 
($client_secret,$client_short,$client_type,$client_login,$client_password);
$client_data = join(',',@client_info);
$client_array{$client} .= $client_data;
}
}
}
}
close CLIENTS;

# Display data from %client_array associative array.
foreach $nas (sort keys(%client_array)) {
$data = $client_array{$nas};
($secret,$shortname,$type,%login,$password) = split(',',$data);
printf("%s,%s,%s,%s,%s,%s\n",$nas,$secret,$shortname,$type,$login,$password);
}

Re: adding Client-Short-Name attribute

[Guy Fraser]

Here is a script I wrote in perl to process the clients.conf file and 
output a
comma seperated variable list. This can be used to import the clients.conf
into a database if you are using one. Then the shortname, doesn't need to
take up an attribute, since it can be joined in.

I have also updated dialupadmin to use part of this script to convert, the
shortnames from the log files into an ip address based on the info in the
clients file.
I wrote this script before updateing the dialupadmin, files so this script
does not contain the hostname to ip address translation, yet.
I will be adding it to my script for myself, if others want it when I have
updated it let me know, it has been handy for me so far.
Joe Maimon wrote:

Hello all,

I am looking into adding the attribute client-short-name to be treated 
much as client-ip-address is in rlm_preprocess.

However there seems to be two ways of going about obtaining the 
information.

1) Lookup the client name based on the request->packet->src_ipaddr

2) Modify the request structure to store the client.

Any suggestions?

Thanks,
Joe


- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dialup Admin with PostgreSQL and NetSNMP support

[Guy Fraser]

I sent the tarball to Peter Nixon.

Since I changed all the filename extensions from .php3 to .php, a patch 
would be twice as
large, unless I did some trickery. I'll look into it.

Kostas Kalevras wrote:

On Fri, 28 Nov 2003, Guy Fraser wrote:

 

Hmm...

The updated version of dialup admin I sent in didn't seem to show
up on the list.
The attachment was 70kB, I presume thats why.

Where should I send this updated source, so it can be tested, and
put into the main source?
   

I 'd rather prefer a patch to the current CVS version rather than the whole
thing. Either put it on a web page somewhere, or send it to me directly. Though
i don't use postgresql
 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
   

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dialup Admin with PostgreSQL and NetSNMP support

[Guy Fraser]

Hmm...

The updated version of dialup admin I sent in didn't seem to show
up on the list.
The attachment was 70kB, I presume thats why.

Where should I send this updated source, so it can be tested, and
put into the main source?
--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: script to move account flat files to MySQL

[Guy Fraser]

Here are some perl scripts that I modified to generate sql files from
users files.
I'm pretty sure they work, but check the files first.

[EMAIL PROTECTED] wrote:

Hello,

I am working on getting the radius account logs to write to
MySQL, in the mean time I am still logging accounting information
to flat files.
I am looking for a script that will take my daily accounting flat
files and insert them into MySQL.  Does anyone know of
any scripts that will do this?  I have been looking around and
have not found any. 

Thanks,

Dave

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.


#!/usr/bin/perl -w
#
# users2pgsqlfile.pl -- a script to parse a RADIUS users file and fill
#   a freeradius PostgreSQL database...
#
#
# Original Script {users2mysql.pl} developed by Rich Puhek, Znet Telecom
#
# Modiified By Guy Fraser to create a file for PostgreSQL
#
# last change: Friday, September 12 2003.
#


#location of source users file:
$users_file="users";
$sql_file=">users.sql";

#The following are defaults from freeradius 0.7
#  ...shouldn't have to change.
$groups_table="usergroup";
$check_table="radcheck";
$reply_table="radreply";

$debug=3;

use DBD::mysql;

#open the users file, and the db.
open USERS, $users_file or die "ERROR: Unable to open $users_file $!\n";
open SQLFILE, $sql_file or die "ERROR: Unable to open $sql_file $!\n";

sub check_attribs {

if (!defined($_[0]) or !defined($_[1])) {
print "undefined parameter!\n";
return undef;
};

$attr = $_[0];
$val  =  $_[1];

if ($attr !~ 
/Password|Framed-IP-Address|Framed-IP-Netmask|Framed-IP-Routing|Framed-Routing|Framed-IP-Route|Framed-Compression|Framed-MTU|Simultaneous-Use|Idle-Timeout|Session-Timeout|Port-Limit|Auth-Type|Service-Type|Netmask|Framed-Protocol/
 ) {
print "unrecognized attribute: $attr\n" if $debug>1;
return undef;
};

return undef if (   (! defined($val) ) or
( ($attr =~ /Simultaneous\-Use/i) && ( $val !~ /^[0-9]*$/ ) )
);
print "attribs ok!\n" if $debug>3;
return "TRUE";
};

sub cleanup {
#clean up variables: strip leading/trailing spaces/tabs and trailing commas...
my $myval;
$myval = $_[0];
$myval =~ s/^\s*//g;
$myval =~ s/\s*$//g;
$myval =~ s/,$//;
return $myval;
};


sub user_attribute {
#push values into db...
$dtable=$_[0];
$duser=$_[1];
$dattrib=$_[2];
$dval=$_[3];


if ( $dtable =~ /group/ ) {
$table = "usergroup";
} elsif ( $dtable =~ /check/ ) {
$table = "radcheck";
} elsif ( $dtable =~ /reply/ ) {
$table = "radreply";
} else {
die "argh! what table is $dtable?\n";
};


if ( $table =~ /usergroup/ ) {
if ( $dattrib =~ /static/ ) {
#Delete the "dynamic" entry...
#print SQLFILE "DELETE FROM `$table` WHERE `UserName`='$duser' 
LIMIT 1;\n";
print SQLFILE "UPDATE $table SET GroupName='$dattrib' WHERE 
UserName='$duser' and GroupName='dynamic';\n";
if ( $dtable =~ /group/ and $debug>2) {
print "updating \"$duser\" in usergroup table as 
member of \"$dattrib\"\n" ;
}
} else {
print SQLFILE "INSERT INTO $table (UserName,GroupName) values 
('$duser','$dattrib');\n";
if ( $dtable =~ /group/ and $debug>2) {
print "inserting \"$duser\" into usergroup table as 
member of \"$dattrib\"\n" ;
};
};

} else {
print SQLFILE "INSERT INTO $table (UserName,Attribute,Value,op) values 
('$duser','$dattrib','$dval',':=');\n";
if ( $dtable !~ /group/ and $debug>2) {
print "inserting \"$dattrib\", \"$dval\" for \"$duser\" in 
rad$dtable\n" ;
};
};
return $return;
};


while () {

chop;
#Skip comment lines and blank lines...
next

Re: dialup_admin and postgresql

[Guy Fraser]

OK I almost got it working

When I finish teasing it into shape, I'll post a patch if anyone want's one.

If nobody wants the patch where should I submit the fix.

Guy Fraser wrote:

Hi

I have started to look at the dialup_admin for use with postgresql.
I am using PostgreSQL 7.3.4, and FreeRadius 0.9.2.
The porblem I just discovered is that the PHP is looking for case
sensitive column names when processing returned data.
Example :

while(($row = @da_sql_fetch_array($res,$config)))
$member_groups[] = $row[GroupName];
But the columns are not quoted in requests or inserts.

Example :

$res = @da_sql_query($link,$config,
"INSERT INTO $config[sql_usergroup_table] (GroupName,UserName)
VALUES ('$login','$new_member');");
PostgreSQL requires double quotes to be around column names in order
to maintain case sensitivity.
As far as I know this can only be fixed by either ;

a) lower casing all the column names in array requests.

Example :

while(($row = @da_sql_fetch_array($res,$config)))
$member_groups[] = $row[groupname];
b) Putting double quotes around all column names when creating
the tables and performing operations on the tables.
Example :

$res = @da_sql_query($link,$config,
"INSERT INTO $config[sql_usergroup_table]
(\"GroupName\",\"UserName\")
VALUES ('$login','$new_member');");
Has anybody made dialup_admin work with PostgreSQL ?

If you have an easier or better way of fixing this
problem, I would like to know.
Thank you, for your time.

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

dialup_admin and postgresql

[Guy Fraser]

Hi

I have started to look at the dialup_admin for use with postgresql.
I am using PostgreSQL 7.3.4, and FreeRadius 0.9.2.
The porblem I just discovered is that the PHP is looking for case
sensitive column names when processing returned data.
Example :

while(($row = @da_sql_fetch_array($res,$config)))
$member_groups[] = $row[GroupName];
But the columns are not quoted in requests or inserts.

Example :

$res = @da_sql_query($link,$config,
"INSERT INTO $config[sql_usergroup_table] (GroupName,UserName)
VALUES ('$login','$new_member');");
PostgreSQL requires double quotes to be around column names in order
to maintain case sensitivity.
As far as I know this can only be fixed by either ;

a) lower casing all the column names in array requests.

Example :

while(($row = @da_sql_fetch_array($res,$config)))
$member_groups[] = $row[groupname];
b) Putting double quotes around all column names when creating
the tables and performing operations on the tables.
Example :

$res = @da_sql_query($link,$config,
"INSERT INTO $config[sql_usergroup_table]
(\"GroupName\",\"UserName\")
VALUES ('$login','$new_member');");
Has anybody made dialup_admin work with PostgreSQL ?

If you have an easier or better way of fixing this
problem, I would like to know.
Thank you, for your time.

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help

[Guy Fraser]

Hi

I did have 0.8.1 working as a test, but late last week I decided to 
upgrade to 0.9.1
before modifying dial-admin to work with PostgreSQL. Having run into a 
problem
porting 0.9.1 to FreeBSD I no longer have a functional example to show you.

Unless you have a specific reason to use PostgreSQL, you are probably 
better off
using MySQL. It appears as though PostgreSQL is barely supported. The setup
in 0.9.1 is much better, but there is no setup for dialup-admin, and I 
am not sure if
there is setup information for sql_counter because I have not looked at 
it yet.

I am still using cistron 1.6.6 that I patched to account to PostgreSQL, 
and until I am
satisfied with PostgreSQL functions in FreeRadius I will be testing and 
hopefully
providing patches and suggesting fixes for the implementation of PostgreSQL.

[EMAIL PROTECTED] wrote:

i did that already.it still wont...

do you have working configs?al about FR and PGSQL

> Make sure the user you have setup to access the database has insert and
> update permissions
> for the radacct table.
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: POSTGRESQL + FREERADIUS 0.9.1 configuration help

[Guy Fraser]

noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request,
unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 10.10.80.23,NAS-IP-Address
= 10.10.80.23,Acct-Session-Id = "2836",User-Name = "boggss"'
rlm_acct_unique: Acct-Unique-Session-ID = "3879d6b9c94adcc6".
 modcall[accounting]: module "acct_unique" returns ok
radius_xla t: 
'/usr/local/var/log/radius/radacct/10.10.80.23/detail-20030911'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/10.10.80.23/detail-20030911
 modcall[accounting]: module "detail" returns ok
 modcall[accounting]: module "unix" returns noop
radius_xlat:  'boggss'
rlm_sql (sql): sql_set_user escaped user --> 'boggss'
radius_xlat:  'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName,
Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
AcctStartDelay, AcctStopDelay) values('2836', '3879d6b9c94adcc6',
'boggss', '', '10.10.80.23', '', '', '2003-09-11 00:12:19', '-1', '', '',
'', '0', '0', '', '', '', '', '', '', '', '0')'
radius_xlat:  '/usr/local/var/log/radius/sqltrace.sql'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836',
'3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11
00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql_postgresql: query: INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('2836',
'3879d6b9c94adcc6', 'boggss', '', '10.10.80.23', '', '', '2003-09-11
00:12:19', '-1', '', '', '', '0', '0', '', '', '', '', '', '', '', '0')
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQL accounting for START packet - ERROR: 
pg_atoi: zero-length string
radius_xlat:  'UPDATE radacct SET AcctStartTime = '2003-09-11 00:12:19',
AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId = '2836'
AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23''
radius_xlat:  '/usr/local/var/log/radius/sqltrace.sql'
rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11
00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId
= '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23'
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql_postgresql: query: UPDATE radacct SET AcctStartTime = '2003-09-11
00:12:19', AcctStartDelay = '', ConnectInfo_start = '' WHERE AcctSessionId
= '2836' AND UserName = 'boggss' AND NASIPAddress = '10.10.80.23'
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: affected rows =
rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
rlm_sql (sql): failed after re-connect
rlm_sql (sql): Couldn't update SQLaccounting START record - ERROR:  Bad
int8 external representation ""
rlm_sql (sql): Released sql socket id: 3
 modcall[accounting]: module "sql" returns fail
modcall: group accounting returns fail
Finished request 1
Going to the next request
--- Walking the entire request list ---
Cleaning up request 1 ID 8 with timestamp 3f5f4d63
Nothing to do.  Sleeping until we see a request.





- what will i do list?.. looking forward of your
best help for this...
thanks,
francis ted a. seguerra
Groots NetQuest - 1Asialink
www.1asialink.com


 
   
   -
   Bringing First World Technology Closer to You.
   http://www.1asialink.com
 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How do I get FR 0.9.1 to work on FreeBSD

[Guy Fraser]

I seem to remeber people saying that gethostbyname_r is not thread
safe, but I have not seen how to fix the problem.
Just straight answers, no feeble excuses for not answering or flames.

Thank You

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sqlcounter compile error on FreeBSD

[Guy Fraser]

Did you try:

pkg_add -r gmake



Alex Jeon wrote:

> Hi All,
> The log is as below.
> yeppi# ./configure
> loading cache ./config.cache
> checking for gcc... (cached) gcc
> checking whether the C compiler (gcc ) works... yes
> checking whether the C compiler (gcc ) is a cross-compiler... no
> checking whether we are using GNU C... (cached) yes
> checking whether gcc accepts -g... (cached) yes
> checking how to run the C preprocessor... (cached) gcc -E
> updating cache ./config.cache
> creating ./config.status
> creating Makefile
> creating config.h
> config.h is unchanged
> yeppi# make
> "../rules.mak", line 65: Missing dependency operator
> "../rules.mak", line 82: Missing dependency operator
> "../rules.mak", line 84: Need an operator
> "../rules.mak", line 86: Need an operator
> "../rules.mak", line 92: Missing dependency operator
> "../rules.mak", line 94: Need an operator
> "../rules.mak", line 121: Need an operator
> "../rules.mak", line 127: Need an operator
> make: fatal errors encountered -- cannot continue
>
> And then I was looking for the solution for this problem.
> There is an article that I should use gmake not make on compiling on
> FreeBSD.
> So, I did a retry using gmake.
> The log is as below.
> yeppi# ./configure
> loading cache ./config.cache
> checking for gcc... (cached) gcc
> checking whether the C compiler (gcc ) works... yes
> checking whether the C compiler (gcc ) is a cross-compiler... no
> checking whether we are using GNU C... (cached) yes
> checking whether gcc accepts -g... (cached) yes
> checking how to run the C preprocessor... (cached) gcc -E
> updating cache ./config.cache
> creating ./config.status
> creating Makefile
> creating config.h
> config.h is unchanged
> yeppi# gmake
> gmake: CC@: Command not found
> gmake: *** [rlm_sqlcounter.o] Error 127
> And I was looking for this error but in vain.
> Could you tell me how I can solve this problem?
> Thanks.


-- 
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787

There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Calling-Station-Id

[Guy Fraser]

Agreed, if you dont know how to write an SQL insert statement and execute it
in the database you are using you should probably not be using the SQL 
features.

Alan DeKok wrote:

"Eric" <[EMAIL PROTECTED]> wrote:
 

I'm using MySQL authentication.
Could you wright the syntax for it.
   

 No.

 At *some* point, you've got to learn how to administer your
systems.  FreeRADIUS includes sufficient documentation & examples for
you to figure out the answer to that yourself.
 And no, this reply isn't rude.  It's realistic.  No one on this list
has the time to answer each and every tiny question about configuring
the server.  That's what documentation and brains are for.
 Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin installation using PHP and HTTPD

[Guy Fraser]

Did you remeber to add ".php3" to your php4 handler in httpd.conf ?

Bernie Liwanag wrote:

Hi to all!

I have configured freeradius, mysql and dialup_admin on the same machine
runing on Red Hat 9. I used the default httpd-2.0 and the php-4.2.My
freeradius and mysql are running.I followed the instructions on dialup_admin
installation guide but when I access  it in my web browser, i cant view the
buttons on left side portion of the web site and i can only see the php
commands for that portion. also I still can only see the title "DIALUP
ADMIN" in the main html page.
I have tried to run the dialup_admin tool from other linux box (Red Hat
7.2,http-1.3.2,php-4.0) without freeradius and mysql,just to isolate the
problem. From this setup I was able to view completely the main page of
dialup_admin web link. Perhaps there could be a problem in the version of
php and the http that im using thats why can't run it in Red Hat 9 linux
box.
Anybody here can give me an idea on how to run the dialup_admin tool in diff
linux box? Or perhaps help me configure my http and php in Redhat9 in such a
way i can run the dialup_admin in the server together w/ my freeradius and
mysql?
Thanks a lot and more power to all!

Bernie



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: clients.conf

[Guy Fraser]

Thor Spruyt wrote:

I believe that /0 mask is not allowed in FR currently.  Do you really
have not smaller block/mask that your clients will fit into other
than *allow anything to talk to my radius server*.
-Chris
   

Chris, split it up in two subnets:

client 0.0.0.0/1 {
   secret=...
   shortname=...
}
client 127.0.0.0/1 {
   secret=...
   shortname=...
}
With pleasure :)

Thor.

 

The second entry should be :

client 128.0.0.0/1 {
secret=...
shortname=...
}
remember that /1 is netmask 128.0.0.0 =

1000---

and 0.0.0.0 = 

---

and 128.0.0.0 =

1000---

Since 127.0.0.0 =

0111---

It is contained in the subset of 0.0.0.0/1 {using 'ones' notation.}

All that crazy binary math can certainly be confusing, but remenber that the bits from the IP must match the 'ones' in the mask. /1 is the first 1 of 32 bits set, in 'ones' notation.

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Phone Numbers per client

[Guy Fraser]

Hi

I can't remember all the details but I believe you just put an entry in 
'users' like :

usernameAuth-Type = System , Calling-Station-Id := '1234567'
[TAB]Fall-Through = Yes
Guy

sergio jose ferreira wrote:

Hi,

How can I limit my clients to connect on my RAS only if them are using a
registred phone number ?  Where I put this numbers ? radcheck ?
	thanks,

Sergio Ferreira
WGO ISP
Brazil


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

I finaly got PostgreSQL Authentication Working :)

[Guy Fraser]

Yah I know it's not a big deal for some people in this list but rather 
than make everyone guess how it is done, I am going to give up the details.

I have supplied a patch file to run against the raddb directory.

The file postgres-test.sql contains sample data that can be put into
the configured database {radiusd} for testing.
NOTE: make sure pg_hba.conf will allow the user {radiusd} to connect
to the database. Also make sure the user {radiusd} has permission to
select data from the uthentication tables and has appropriate access
to the accounting and session tables.
Hope this will help someone.

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.

diff -ruN orig/clients raddb/clients
--- orig/clients2003-08-12 15:53:01.0 -0600
+++ raddb/clients   1969-12-31 17:00:00.0 -0700
@@ -1,25 +0,0 @@
-#
-#  THIS FILE IS DEPRECATED.
-#
-#  You should NOT be using this file to configure the server.
-#  It is here ONLY for backwards compatibility.
-#
-#  See 'clients.conf' for the new configuration.
-#
-#
-# clients  This file contains a list of clients which are allowed to
-#  make authentication requests and their encryption key.
-#
-#  Description of the fields:
-#
-#  * The first field is a valid hostname or IP address
-#for the client.
-#  * The second field (seperated by blanks or tabs) is the 
-#encryption key.
-
-# Client Name  Key
-#  --
-#portmaster1.isp.com   testing123
-#portmaster2.isp.com   testing123
-#proxyradius.isp2.com  TheirKey
-#localhost testing123
diff -ruN orig/clients.conf raddb/clients.conf
--- orig/clients.conf   2003-08-12 15:53:01.0 -0600
+++ raddb/clients.conf  2003-08-19 14:09:24.0 -0600
@@ -113,3 +113,8 @@
 #  password= someadminpas
 #}
 
+client 10.10.10.10 {
+   secret  = MySneakyPassWord
+   shortname   = saturn
+   nastype = other
+}
diff -ruN orig/naslist raddb/naslist
--- orig/naslist2003-08-12 15:53:02.0 -0600
+++ raddb/naslist   1969-12-31 17:00:00.0 -0700
@@ -1,31 +0,0 @@
-#
-#  THIS FILE IS DEPRECATED.
-#
-#  You should NOT be using this file to configure the server.
-#  It is here ONLY for backwards compatibility.
-#
-#  See 'clients.conf' for the new configuration.
-#
-#
-# naslist  This file contains a list of NASes (Network Access Servers,
-#  also known as terminal servers) which we know.
-#
-#  Description of the fields:
-#
-#  * The first field is a valid hostname or IP address
-#for the client.
-#  * The second field (seperated by blanks or tabs) is the 
-#short name we use in the logfiles for this NAS.
-#  * The third field defines what type of device it is. Valid
-#values are "cisco", "computone", "livingston", "max40xx", 
-# "multitech", "netserver", "pathras", "patton", "portslave", 
-# "tc", "usrhiper" or "other".
-#
-#  This is used to find out how to detect double logins.
-#
-
-# NAS Name Short Name  Type
-#  --  
-#portmaster1.isp.com   pm1.NY  livingston
-#portmaster2.isp.com   pm1.LA  livingston
-localhost  local   portslave
diff -ruN orig/postgresql.conf raddb/postgresql.conf
--- orig/postgresql.conf2003-08-12 15:53:02.0 -0600
+++ raddb/postgresql.conf   2003-08-19 14:26:27.0 -0600
@@ -19,11 +19,11 @@
# The following credentials will most likely work on a default install of 
Postgresql
# If they do work however, it means that you have a HUGE GAPING SECURITY RISK 
on your
# server! Please change the "postgres" users password and setup a separate 
radius user.
-   login = "postgres"
+   login = "radiusd"
password = ""

# Database table configuration
-   radius_db = "radius"
+   radius_db = "radiusd"

# If you want both stop and start records logged to the
# same SQL table, leave this as is.  If you want them in
diff -ruN orig/postgres-test.sql raddb/postgres-test.sql
--- orig/postgres-test.sql  1969-12-31 17:00:00.0 -0700
+++ raddb/postgres-test.sql 2003-08-19 14:03:38.0 -0600
@@ -0,0 +1,45 @@
+DELETE FROM  radcheck ;
+COPY radcheck (username, attribute, op, val

Re: postgres performance issues

[Guy Fraser]

I will be looking at the postgres accounting in freeradius very closely 
soon, since I have been asked to move to freeradius from cistron. I 
modified cistron to account to postgres and have solved the problems 
associated with duplicate records. By setting up the primary key over a 
set of attributes, any duplicate records inserts would be rejected and 
then I insert that record into a table for duplicates {ie: 
acct_dups_2003aug}. I have also added the ability to use gdate style 
syntax to format the detail files and table names. I have my system 
setup to use different tables for each month of each year {ie: 
acct_stop_2003aug,...}, and my implementation creates the tables if they 
don't exist.

I have also written a detail file parser but it is not GPL, my last 
implementation before integrating its functionality into cistron 
supported a runtime configurable attribute map, but I don't remember if 
it created tables on the fly. I might be able to send you a binary of my 
parser but I can't send the source without a licence.

We keep the all the detail files and dumps of the all db tables on 
cdrom's for dispute purposes. The only problem with my cistron system is 
there is a memory leak somewhere in the cistron code. Today there was a 
thread in this list implying that PAM has a leak, since I have been 
using PAM that may solve my leak problem if I disable it.

We are moving to freeradius, because it has native support for SQL 
authentication and accounting and is not custom software. I will be 
immersing myself into the PostgreSQL code to make sure it is robust 
enough to maintain the connection to the database and generate tables on 
the fly as required. I will also be wanting to make an attribute 
rewriting module to make weird {Ascend} nas servers attributes match 
common attributes using a configuration file {attribute-map.conf :)}. 
From my initial look their was a lot of work to be done, but in the 
latest code a lot of progress has been made.

I hope your problem does not indicate a serious problem.

Guy

Alan DeKok wrote:

"Jeff Sullivan" <[EMAIL PROTECTED]> wrote:
 

Now the load is 0.00 0.00 0.00 with accounting
still going to detail. Normal load with all going to postgres
was about 0.18. What can I do to prevent this from happening again?
I would like to go back to all postgres.
   

 My suggestion is to *always* log everything to the 'detail' file,
and post-process it to copy the data to postgresql.
 That will give you better control over bad situations.

 Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Has anyone been able to get rlm_sql to auth users

[Guy Fraser]

It has been brought up in the [EMAIL PROTECTED] mailing list, 
buy the developers.

The reason given is that "varchar(x)" checks to make sure the data is 
not larger than 'x' bytes, but "text" does not.

If the application handles the data size constraints there is no reason 
for the database to check again.

Guy

Peter Nixon wrote:

On Fri, 1 Aug 2003 05:53 am, Guy Fraser wrote:
 

I have the new release now.

I see that there has been some work done with the postgres sql file, the
main difference between the new one and the one I setup was that I used
'text' instead of 'varchar(x)' because it is faster.
   

Are you sure about this? Can you point me to some documentation?

 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Has anyone been able to get rlm_sql to auth users

[Guy Fraser]

I have the new release now.

I see that there has been some work done with the postgres sql file, the 
main difference between the new one and the one I setup was that I used 
'text' instead of 'varchar(x)' because it is faster.

Is there a document that explains how to update the config file to get 
the sql authentication to work?

If so where ist it?

If not can someone let me know how to set it up.

Thank You.
Guy
Fenn Bailey wrote:

I would be willing to work on fixing some of the rlm_sql parts, but 
first I would like to know if anyone has already got it working.

 

Like Tim, I had no problems at all with auth'ing of rlm_sql (or to be more
precise, the postgresql version of), apart from the -HUP problem I've been
experiencing.
Worked for me perfectly out of the box after changing nothing but config
files.
	Fenn.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Has anyone been able to get rlm_sql to auth users

[Guy Fraser]

I was trying to get the PostgreSQL driver working.

The SQL tables need to be fixed significantly, I have fixed some of the 
data types and have the tables functional.

With so little documentation for rlm_sql it is very difficult to work with.

I have made my own patch for Cistron 1.6.7-rc4 that allows accounting 
directly to a PostgreSQL db.

I would be willing to work on fixing some of the rlm_sql parts, but 
first I would like to know if anyone has already got it working.

I noticed in the source that the functions used to connect to the db 
will cause a "crash" if the connection fails. I can look into using the 
functions that allow reconnection and possibly some kind of "buffering" 
for extended failures.

Guy

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html