RE: SQLcounter unwanted Session-Reply ( from development mailing list )
I submitted a patch on the dev mailing list to fix that, but as far as I'm concerned it hasn't been applied to the CVS. Let me know if you can't find it and I'll email it to you ciao Navid -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of apellido jr., wilfredo p Sent: Thursday, October 23, 2003 2:13 PM To: [EMAIL PROTECTED] Subject: SQLcounter unwanted Session-Reply ( from development mailing list ) Good day, im surfing in development mailing list and one of the list posted there is SQLcounter unwanted Session-Reply. It seems it is related to sqlcounter count-attribute. Any development for this? thanks ... = wilfredo pahilanga apellido jr. technical support mactan online bacolod city, philippines +63 34 4348311 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Account packet loop
I already reported this issue some time ago, and it has been fixed in the new 0.9.2 release. the reason why your packets were discarded is that there was no Acct-Status-Type attribute (which is mandatory). ciao Navid On Tue, 2003-10-14 at 05:01, [EMAIL PROTECTED] wrote: > Hi all. > > I manage the RADIUS system. > It consists of redhat9, freeradius0.9.1 and MS-SQL|mySQL. > The system are organized redundantly. Account information is doubled > by radrelay. > > I stopped temporarily the redundant server of them for maintenance > on the other day. Account packets during it was stored in detail-combined > file on the living server exactly. > However, after the maintenance finished and the redundant server > was restarted, I have noticed a lot of packets which are not in the > detail-combined file relayed. It continued till the next day. And > there was no sign of converging. > The packet sample at that time are shown below. > > Sat Oct 4 00:00:06 2003 > Acct-Delay-Time = 103537 > NAS-IP-Address = 10.0.240.243 > Client-IP-Address = 10.0.240.243 > Acct-Unique-Session-Id = "9568c0490b1942fa" > Timestamp = 1065193206 > > Sat Oct 4 00:00:09 2003 > Acct-Delay-Time = 103540 > NAS-IP-Address = 10.0.240.243 > Client-IP-Address = 10.0.240.243 > Acct-Unique-Session-Id = "9568c0490b1942fa" > Timestamp = 1065193209 > > Sat Oct 4 00:00:12 2003 > Acct-Delay-Time = 103543 > NAS-IP-Address = 10.0.240.243 > Client-IP-Address = 10.0.240.243 > Acct-Unique-Session-Id = "9568c0490b1942fa" > Timestamp = 1065193212 > > Since freeradius0.9.*, radrelay detects the delay of relay and > create the packet which corrects account time. That like above > samples. > rlm_sql considers that it is invalid because User-Name and > NAS-IP-Address are not contained in, so radiusd and radrelay > relay again. The infinite loop is formed. > > This problem should be solved by adding the function of account time > correction to rlm_sql. > I am doing the emergency measure. I change rlm_sql.c(line 718) like > "return RLM_MODULE_OK". > Fortunately "detail-combined" became empty. > > --K.Omori > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > signature.asc Description: This is a digitally signed message part
Radrelay replication loop
Hello everybody, after reading (and reading, and re-reading) doc/radrelay I'm still having troubles getting radrelay to work properly. Here's a quote from doc/radrelay: " Radrelay checks the "Client-IP-Address" attribute in each record, and if it's the same as the remote server it will not replicate that record to prevent loops. That means you can point radrelay to the primary server on the backup host, and to the backup server on the primary host, to have complete records on both. " So I assume that for each record in "detail-combined" an entry for "Client-IP-Address" should appear, but this is not true, here's a sample record for my "details-combined": Tue Aug 5 20:48:01 2003 User-Name = "sampleuser22" NAS-Port = 1 NAS-Port-Type = Wireless-802.11 NAS-Identifier = "WizLab2" NAS-IP-Address = 66.20.240.242 Acct-Status-Type = Start Calling-Station-Id = "00-09-5A-4A-10-F6" Called-Station-Id = "00-04-51-00-14-6E" Event-Timestamp = "Aug 5 2003" Acct-Delay-Time = 123283 Acct-Session-Id = "57f53820" Acct-Authentic = RADIUS Framed-IP-Address = 192.168.3.66 Timestamp = 1060130881 Since the "Client-IP-Address" value is not there, the packet keeps looping between the two servers. Any suggestion is really appreciated :) Navid signature.asc Description: This is a digitally signed message part
Re: Radrelay replication loop
Hi Alan, believe me, I proudly use FreeRADIUS :) I'm reading doc/radrelay off freeradius-0.9.0 package, it also mentions "FreeRadius-Proxied-To" but that's in case of proxying, at least that's what I read (from section 3. REPLICATION AND PROXYING) Thanks Navid > It's actually "Freeradius-proxied-to", from what I recall. The > documentation for FreeRADIUS says this. > > > Since the "Client-IP-Address" value is not there, the packet keeps > > looping between the two servers. > > I think you're using Cistron radiusd, not FreeRADIUS. > > Alan DeKok. signature.asc Description: This is a digitally signed message part
Re: Radrelay replication loop
> > > Since the "Client-IP-Address" value is not there, the packet keeps > > > looping between the two servers. Problem solved, I had disabled the "preprocess" module which takes care of adding the "Client-IP-Address" attribute to the packet. Navid signature.asc Description: This is a digitally signed message part
Re: Group membership in "users" file
I guess my approach was just wrong then :) Any suggestion to do the same thing, but with a different Check attribute? :) Navid On Wed, 2003-07-30 at 16:33, Alan DeKok wrote: > Navid Sheikhol Eslami <[EMAIL PROTECTED]> wrote: > > Thank you Alan, I did read the FAQ and all the documentation in /doc. > > > > It explains how to match a DEFAULT entry based on the Group, assuming > > that the user belongs to it but I'm not sure that my line: > > > > test22 Auth-Type:=3DLocal,User-Password=3D=3D"testest",Group:=3D"Colubris-= > > APs" > > > > is associating the user "test22" to the group "Colubrus-APs", since: > > It isn't. The "Group" attribute doesn't work that way. > > The "Group" attribute LOOKS UP a user in a Unix group. There is no > way to use it to assign a user to a group. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > signature.asc Description: This is a digitally signed message part
Re: Group membership in "users" file
Thank you Alan, I did read the FAQ and all the documentation in /doc. It explains how to match a DEFAULT entry based on the Group, assuming that the user belongs to it but I'm not sure that my line: test22 Auth-Type:=Local,User-Password=="testest",Group:="Colubris-APs" is associating the user "test22" to the group "Colubrus-APs", since: DEFAULT Group = "Colubris-APs" is not matched. Thank you Navid On Wed, 2003-07-30 at 16:09, Alan DeKok wrote: > Navid Sheikhol Eslami <[EMAIL PROTECTED]> wrote: > > I can't get the "Group" check attribute to work when using the "users" > > file. > > See the FAQ for an example of using the Group attribute. > > Alan DeKok. signature.asc Description: This is a digitally signed message part
Group membership in "users" file
Hello everybody... I can't get the "Group" check attribute to work when using the "users" file. This is how my users file looks like: -- SNIP -- test22 Auth-Type:=Local,User-Password=="testest",Group:="Colubris-APs" Colubris-AVPAIR+="default-user-smtp-redirect=mail.attbi.com", Fall-Through = Yes DEFAULT Group == "Colubris-APs" Colubris-AVPAIR:="login-page=https://192.168.0.1"; -- SNIP -- FreeRadius matches the first one (test22), but not the following DEFAULT, indeed only the first Colubris-AVPAIR is returned. ciao Navid ps. freeradius version = 0.9.0 signature.asc Description: This is a digitally signed message part
Multiple SQL Query for the same event
Hello everybody, I just joined the mailing list today :) Yesterday I downloaded freeradius 0.8.1 and configured it with no problem, I currently use SQL as authentication mechanism. My only question is: is there a way to execute more than one query for each event (start,stop,interim,on,off) ? Unfortunatly I use mySQL which doesn't support user defined functions (at least without recompiling mysql) and the authentication scheme is complicated enough to need more than one query :) I hacked the source and added a "accounting_prestart_query", and it was working, but then i noticed that by adding that field in the memory structs something was messed up and the following variables data was kinda shuffled.. before getting myself into the code i thought i would ask around if anybody had a better way to do it :) Right now I have the additional queries "built-in" the source, but that's such a nasty solution :) Any help, idea or suggestion is really appreciated Navid - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html