Proxy Radius using MySql
I sent this to the list last month, but got no response. I am trying to use mysql for proxy radius instead of the user file. Can anyone shed some light on how to enter the following into radcheck/radgroupcheck and radreply/radgroupreply. DEFAULT Called-Station-ID =~ "8005551212", Proxy-To-Realm:= "MyRealm" Fall-Through = No If I just set it up as DEFAULT user under radreply, it will proxy everyone. I can't enter user names because the whole reason for doing this is to proxy based on dnis and not user name. I don't know the user names. Jeff Jarchow QCI Internet http://www.qcinet.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restarting radiusd remotly
One solution I have implemented, which may or may not be the best way to go about this is: Create a small perl or c script to make any necessary changes to the user files, etc. At the end of this script, put the sighup command to restart radius and commit changes. Set this script to suid root, but don't allow write permissions to this file. So now you have a working file to do what you need it to whenever you call it. -- Then -- Create a user called something like radsighup. Then add an exec-program in the user file like this. radsighup Exec-Program = "path/to/your/script" Then if you need to make changes or whatever, just use the client program to send the radsighup user name in an auth request to the remote radius servers. Jeff JarchowQCI Internethttp://www.qcinet.net/ - Original Message - From: Mike Ockenga To: [EMAIL PROTECTED] Sent: Wednesday, January 15, 2003 11:07 AM Subject: RE: Restarting radiusd remotly Um, wouldn't a cron job on each box that checks fairly often (every minute or two) for a modified users file (or raddb directory) and HUPs radiusd if the check returns true do the job? That way a file sync would trigger the HUP on all boxes more or less at the same time. However, in the past here we've used a partially staggered sync/HUP. This prevented a catastrophic AAA failure in the case where a single corrupt or empty users file got copied out to the primary RADIUS box(es). Having one RADIUS server sync-up lag behind by 60 minutes gives you an hour of "mostly up" while you correct the corruption problem. -- __ Mike Ockenga, CCNP [EMAIL PROTECTED] Network Engineer II Voice: 952/230-4673 Onvoy Inc. 300 North Highway 169 Minneapolis, MN 55441 _ -Original Message-From: Dickon Newman [mailto:[EMAIL PROTECTED]]Sent: Wednesday, January 15, 2003 9:47 AMTo: [EMAIL PROTECTED]Subject: Restarting radiusd remotly Again, I've tried to search the archives without much luck. I have multiple radius boxes (FreeBSD), and currently use rsync to update the users file (and others). However, I need to restart radiusd to notice the changes in the files. I can make a script that sends a kill -9 locally, but what about remotely? Root cannot ssh, and normal users cannot send a kill -9 to a root process? Has anyone else had this problem? I understand that proxying may be a better approach, however, I have to work within certain constraints :-/ Dickon...
Re: Proxy using SQL
Anyone have any recommendations as to how to put this in. It is kind of like an if/then clause, so I am not sure how to do it. Because if I just put in something like: [UserName][Attribute] [Value] DEFAULT Proxy-To-Realmabcrealm It will proxy all users to this realm. > "QCI Internet" <[EMAIL PROTECTED]> wrote: > > I have proxy setup and running using key/value pairs just like described on > > a previous post like below: > > > > >> DEFAULT Called-Station-ID =~ ".{6}", Proxy-To-Realm:= "abcrealm" > > >> Fall-Through = Yes > > > > My question is, is this possible using rlm_sql instead of rlm_files? > > I believe so. The SQL configuration mirrors what the 'files' module > does. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy using SQL
I have proxy setup and running using key/value pairs just like described on a previous post like below: >> DEFAULT Called-Station-ID =~ ".{6}", Proxy-To-Realm:= "abcrealm" >> Fall-Through = Yes My question is, is this possible using rlm_sql instead of rlm_files? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy Config Using Auth Attributes
Is is possible to setup proxy radius not based so much on realms but based on Key/Value pairs in the authentication packets? For example, I have many resellers and I need to be able to proxy requests based on DNIS (CalledStationID) or even just the last 4 digits of the DNIS. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql Errors
I have played around and gotten Simultaneous-Use working with mySQL. One thing I have noticed is I keep getting a lot of error messages wrom my radius log. I keep getting messages like the following when the checkrad program runs: Fri Mar 8 07:12:10 2002 : Error: rlm_sql: Stop packet with zero session length. (user '', nas 'xxx.xxx.xxx.xxx') I see this message when my radutmp file thinks that the user is online, but when checrad polls the nas, the users sessions has already ended, hence radius sends an access_accet packet. Any one have any fixes on this. Has this been fixed on the latest CVS download. I downloaded and compiled the latest CVS but it only stays up and running for about 10 minutes before it dies. Jeff Jarchow System Administrator QCI Internet http://www.qcinet.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Checkrad not working with mySQL
I have set up mySQL authentication and it seems to be working fine. I am not using realms or hungroups or proxy or anything outrageous, just straight mysql authentication. Everything has been working fine until I tried to implement Simultaneous-Use. I have tried Debug mode, and still do not see that radiusd is calling checkrad. No where in the debug output are the words Simultaneous-Use or checkrad showing up at all. Please help. Also, after I add the following row to my checkrad table: idusername attributevalueoperator 1sampleuserSimultaneous-Use1:= I start getting wierd entries in my radius.log file: Fri Mar 1 23:07:24 2002 : Error: rlm_sql: Stop packet with zero session length. (user 'x', nas '111.111.111.111') Please help. Jeff Jarchow System Administrator QCI Internet http://www.qcinet.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html