Proxy Radius using MySql

2003-02-11 Thread QCI Internet 
I sent this to the list last month, but got no response. I am trying to use
mysql for proxy radius instead of the user file. Can anyone shed some light
on how to enter the following into radcheck/radgroupcheck and
radreply/radgroupreply.

DEFAULT Called-Station-ID =~ "8005551212", Proxy-To-Realm:= "MyRealm"
Fall-Through = No

If I just set it up as DEFAULT user under radreply, it will proxy everyone.
I can't enter user names because the whole reason for doing this is to proxy
based on dnis and not user name. I don't know the user names.


Jeff Jarchow
QCI Internet
http://www.qcinet.net/




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Restarting radiusd remotly

2003-01-15 Thread QCI Internet 



One solution I have implemented, which may or may 
not be the best way to go about this is:
 
Create a small perl or c script to make any 
necessary changes to the user files, etc.
At the end of this script, put the sighup command 
to restart radius and commit changes.
Set this script to suid root, but don't 
allow write permissions to this file.
So now you have a working file to do what you need 
it to whenever you call it.
 
-- Then --
 
Create a user called something like 
radsighup.
Then add an exec-program in the user file like 
this.
 
radsighup    Exec-Program = 
"path/to/your/script"
Then if you need to make changes or whatever, just 
use the client program to send the radsighup user name in an auth request 
to the remote radius servers.
 
Jeff JarchowQCI Internethttp://www.qcinet.net/
 
 

  - Original Message - 
  From: 
  Mike 
  Ockenga 
  To: [EMAIL PROTECTED] 
  
  Sent: Wednesday, January 15, 2003 11:07 
  AM
  Subject: RE: Restarting radiusd 
  remotly
  
  Um, 
  wouldn't a cron job on each box that checks fairly often (every minute or two) 
  for a modified users file (or raddb directory) and HUPs radiusd if 
  the check returns true do the job?  That way a file sync would trigger 
  the HUP on all boxes more or less at the same time.
   
  However, in the past here we've used a partially staggered 
  sync/HUP.  This prevented a catastrophic AAA failure in the case where a 
  single corrupt or empty users file got copied out to the primary RADIUS 
  box(es).  Having one RADIUS server sync-up lag behind by 60 minutes gives 
  you an hour of "mostly up" while you correct the corruption 
  problem.
  -- __ Mike Ockenga, 
  CCNP 
  [EMAIL PROTECTED] Network 
  Engineer 
  II   
  Voice: 952/230-4673 Onvoy Inc. 
  300 North Highway 
  169   Minneapolis, 
  MN 55441 _ 
  
-Original Message-From: Dickon Newman 
[mailto:[EMAIL PROTECTED]]Sent: Wednesday, January 15, 2003 9:47 
AMTo: [EMAIL PROTECTED]Subject: 
Restarting radiusd remotly
Again, I've tried to search the archives 
without much luck.
 
I have multiple radius boxes (FreeBSD), and 
currently use rsync to update the users file (and others).  However, I 
need to restart radiusd to notice the changes in the files.  I can make 
a script that sends a kill -9 locally, but what about remotely?  Root 
cannot ssh, and normal users cannot send a kill -9 to a root 
process?
 
Has anyone else had this problem?
 
I understand that proxying may be a better 
approach, however, I have to work within certain constraints 
:-/
 
Dickon...
 

Re: Proxy using SQL

2003-01-08 Thread QCI Internet 
Anyone have any recommendations as to how to put this in. It is kind of like
an if/then clause, so I am not sure how to do it. Because if I just put in
something like:

[UserName][Attribute]   [Value]
DEFAULT  Proxy-To-Realmabcrealm

It will proxy all users to this realm.



> "QCI Internet" <[EMAIL PROTECTED]> wrote:
> > I have proxy setup and running using key/value pairs just like described
on
> > a previous post like below:
> >
> > >> DEFAULT Called-Station-ID =~ ".{6}", Proxy-To-Realm:= "abcrealm"
> > >> Fall-Through = Yes
> >
> > My question is, is this possible using rlm_sql instead of rlm_files?
>
>   I believe so.  The SQL configuration mirrors what the 'files' module
> does.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Proxy using SQL

2003-01-08 Thread QCI Internet 
I have proxy setup and running using key/value pairs just like described on
a previous post like below:

>> DEFAULT Called-Station-ID =~ ".{6}", Proxy-To-Realm:= "abcrealm"
>> Fall-Through = Yes

My question is, is this possible using rlm_sql instead of rlm_files?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Proxy Config Using Auth Attributes

2002-12-09 Thread QCI Internet 
Is is possible to setup proxy radius not based so much on realms but based
on Key/Value pairs in the authentication packets? For example, I have many
resellers and I need to be able to proxy requests based on DNIS
(CalledStationID) or even just the last 4 digits of the DNIS.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_sql Errors

2002-03-08 Thread QCI Internet 

I have played around and gotten Simultaneous-Use working with mySQL. One
thing I have noticed is I keep getting a lot of error messages wrom my
radius log. I keep getting messages like the following when the checkrad
program runs:

Fri Mar  8 07:12:10 2002 : Error: rlm_sql:  Stop packet with zero session
length.  (user '', nas 'xxx.xxx.xxx.xxx')

I see this message when my radutmp file thinks that the user is online, but
when checrad polls the nas, the users sessions has already ended, hence
radius sends an access_accet packet.

Any one have any fixes on this. Has this been fixed on the latest CVS
download. I downloaded and compiled the latest CVS but it only stays up and
running for about 10 minutes before it dies.


Jeff Jarchow
System Administrator
QCI Internet
http://www.qcinet.net/




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Checkrad not working with mySQL

2002-03-01 Thread QCI Internet 

I have set up mySQL authentication and it seems to be working fine. I am not
using realms or hungroups or proxy or anything outrageous, just straight
mysql authentication. Everything has been working fine until I tried to
implement Simultaneous-Use. I have tried Debug mode, and still do not see
that radiusd is calling checkrad. No where in the debug output are the words
Simultaneous-Use or checkrad showing up at all. Please help.

Also, after I add the following row to my checkrad table:

idusername   attributevalueoperator
1sampleuserSimultaneous-Use1:=

I start getting wierd entries in my radius.log file:

Fri Mar  1 23:07:24 2002 : Error: rlm_sql:  Stop packet with zero session
length.  (user 'x', nas '111.111.111.111')

Please help.

Jeff Jarchow
System Administrator
QCI Internet
http://www.qcinet.net/




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html