sqlcounter + oracle radius_xlat problem
Hi, I've problem running sqlcounter using oracle database. I've freeradius version 0.9.3 (0.9.2 have the same problem also). counter is always 0, and the final radius_xlat always shows a null string => radius_xlat: '' It seems the problem is related to oracle because sqlcounter was running well using a postgresql DB. However, should note that the accounting is running well using the rlm_oracle. I can't find the solution, please can someone help me. Here's what the debugging shows : rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{User-Name}'' radius_xlat: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='72403351'' sqlcounter_expand: '%{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='72403351'}' WARNING: Attempt to use unknown xlat function or attribute in string %{sql:SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='72403351'} radius_xlat: '' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user 72403351, check_item=54000, counter=0 best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ldap in v0.9.1 and multi-value attributes
Hi Kostas, thanks a lot for your help, your are really doing a great job. thanks again. > > Message: 6 > Date: Tue, 7 Oct 2003 00:44:26 +0300 (EEST) > From: Kostas Kalevras <[EMAIL PROTECTED]> > To: freeradius <[EMAIL PROTECTED]> > Subject: Re: rlm_ldap in v0.9.1 and multi-value attributes > Reply-To: [EMAIL PROTECTED] > > On Mon, 6 Oct 2003, Najeh Ben Nasrallah wrote: > > > > > > > Hi all, > > it seems there's a bug within the rlm_ldap module in version 0.9.1. > > freeradius fails to insert a multivalue attribue (like cisco-avpair )in > > the Access-Accept. > > > > Note that there another freeradius server v0.8.1 running without > > problem with the same ldap directory as backend. > > Well, rlm_ldap in 0.8.1 had pairadd() while rlm_ldap in 0.9.X uses > pairxlatmove() which honors operators. > You should use the += operator to add a multivalue attribute like: > radiusVSA: vpdn:nas-password=** > radiusVSA: += vpdn:gw-password=* > > > Here's a log exemple : > > > > > > rlm_ldap: looking for reply items in directory... > > ... > > rlm_ldap: Adding radiusVSA as Cisco-AVPair, value > > vpdn:nas-password=* & op=11 > > rlm_ldap: Adding radiusVSA as Cisco-AVPair, value vpdn:gw-password=* > > & op=11 > > > > > > Sending Access-Accept of id 118 to 127.0.0.1:43810 > > Service-Type = Outbound-User > > Tunnel-Server-Auth-Id:1 = "***" > > Tunnel-Client-Auth-Id:1 = "***" > > Tunnel-Server-Endpoint:1 = "A.B.C.D" > > Tunnel-Medium-Type:1 = IP > > Tunnel-Type:1 = L2F > > Cisco-AVPair = "vpdn:nas-password=**" > > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< missing the other > > cisco-avpair. > > > > Finished request 20 > > > > > > Is it really a bug, or i'm missing someting else. > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > > --__--__-- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap in v0.9.1 and multi-value attributes
Hi all, it seems there's a bug within the rlm_ldap module in version 0.9.1. freeradius fails to insert a multivalue attribue (like cisco-avpair )in the Access-Accept. Note that there another freeradius server v0.8.1 running without problem with the same ldap directory as backend. Here's a log exemple : rlm_ldap: looking for reply items in directory... ... rlm_ldap: Adding radiusVSA as Cisco-AVPair, value vpdn:nas-password=* & op=11 rlm_ldap: Adding radiusVSA as Cisco-AVPair, value vpdn:gw-password=* & op=11 Sending Access-Accept of id 118 to 127.0.0.1:43810 Service-Type = Outbound-User Tunnel-Server-Auth-Id:1 = "***" Tunnel-Client-Auth-Id:1 = "***" Tunnel-Server-Endpoint:1 = "A.B.C.D" Tunnel-Medium-Type:1 = IP Tunnel-Type:1 = L2F Cisco-AVPair = "vpdn:nas-password=**" missing the other cisco-avpair. Finished request 20 Is it really a bug, or i'm missing someting else. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap + sqlcounter order loop
hi all I posted a question regarding an order problem between sqlcounter and ldap using compare_check_item , but i got no response from anyone. I am posting the question again on the list. Hope I have reply this time. This is my question: i'm using freeradius 0.8.1. i've enbaled ldap authorization with compare_check_item. i'am also using sqlcounter for authorization. my question is about the order of modules in the authorization section { weekcounter # check for "WEEK_QUOTA" ... ldap } gives noop for sqlcounter, because there's no check-item."WEEK_QUOTA" { ... ldap ... weekcounter } gives authorization failed, because the "ldap compare_check_items" tries to match the "WEEK_QUOTA" check-item with the request items. What should i do ? Best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap + compare_check_items
Hi All, i'm using freeradius 0.8.1. i've enbaled ldap authorization with compare_check_item. i'am also using sqlcounter for authorization. my question is about the order of modules in the authorization section { weekcounter # check for "WEEK_QUOTA" ... ldap } gives noop for sqlcounter, because there's no check-item."WEEK_QUOTA" { ... ldap ... weekcounter } gives authorization failed, because the "ldap compare_check_items" tries to match the "WEEK_QUOTA" check-item with the request items. What should i do ? Best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap + rlm_sqlcounter(2)
> Hi All, > i'm using freradius 0.8.1.with accounting stored in sql backend and > user accounts stored in ldap. > is there any way to use user ldap attributes values in the definition > of the rlm_sqlcounter SQL statement? Hi all, let's add some explanations. In fact i need sqlcounter computes the SUM(AcctSessiontime) between to timestamps 'startTime' end 'endTime' stored in the ldap user-profile. thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap + rlm_sqlcounter
Hi All, i'm using freradius 0.8.1.with accounting stored in sql backend and user accounts stored in ldap. is there any way to use user ldap attributes values in the definition of the rlm_sqlcounter SQL statement? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + ldap group membership
Hi All, I'm testing freeradius 0.4 with openldap 2.x . I've some problems setting the groups and users in the ldap directory. i've added the following line in the ldap.attrmap : chekcItem Group DialGroup In each Ldap User Profile, the DialGroup Attribute is set to the appropriate Group Profile "cn". Each Group Profile should store reply items common to all members of the group. When testing the config, freeradius debug mode (radiusd -X) shows that the attribute DialGroup was added as check item but there's no subsquent ldap_groupcmp call searching for items related to the selected Group. rlm_ldap: looking for check items in directory... rlm_ldap Adding DialGroup as Group, value stuff & op=11 However, the groupmembership_filter, groupname_attribute were set appropriatly in the radiusd.conf. the users file contains a single DEFAULT entry : DEFAULTAuth-Type=Ldap Fall-Through = 1 Note that using only User Profile,without refering to Group Profile,works well. Am I missing something? Please, Can someone provide a working sample. thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html