Re: isdn users

2002-11-19 Thread Sergey Holod 
÷ ÓÏÏÂÝÅÎÉÉ ÏÔ ðÏÎÅÄÅÌØÎÉË 18 îÏÑÂÒØ 2002 16:15 Leandro Machado ÎÁÐÉÓÁÌ:
> hi,
>
> i have been configured freeradius with mysql authentication but now i need
> to differ dial-up users from ISDN users 56k and 128.
>
> how can i make it??

NAS-Port-Type == Sync
and/or
Framed-Protocol = MP

-- 
With Best Regards,
Sergey Holod
SAH1-RIPE

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius+PostgreSQL connection error on FreeBSD

2002-10-26 Thread Sergey Holod 
On Thursday 24 October 2002 16:15, Igor Chen wrote:
> On Thu, 10 Oct 2002, Sergey Holod wrote:
> > On Monday 07 October 2002 21:42, Aleksandar Zhelyazkov wrote:

> Replace Nas-Port field name with Nas-Port-id and leave %{NAS-Port}
..
> NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime,
 ^
So "Nas-Port-id" or "NASPortId"?..))

> -1 in AcctSessionTime field indicates opened users session.

Why not to use "AcctStopTime IS NULL"?
It is much simply and logical.
Before "acct-stop" packet "AcctStopTime" is unknown, so it is NULL
and we know that session is opened..

> Accounting on/off i've tested on cisco 3620 NAS and
> fr 0.4. I did not see any mistakes.

In accton/off query:
   WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress=
   '%{NAS-IP-Address}' AND AcctStartTime <= '%S'"

"AcctStopTime=0" - is completely wrong
PostgreSQL (>7.1..) can't convert 0 to "-00-00 00-00" or something like,
it simply generates error..

-- 
With Best Regards,
Sergey Holod
SAH1-RIPE

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius+PostgreSQL connection error on FreeBSD

2002-10-10 Thread Sergey Holod 

On Monday 07 October 2002 21:42, Aleksandar Zhelyazkov wrote:
> There are also some diferences between the sql db schema supplied in
> src/modules/rlm_sql/drivers/rlm_sql_postgres/db_postgres.sql
> and the sql statemetns for accounting_onoff etc in postgresql.conf

Some time ago I've posted here patch for "right" config and schema
don't know maybe , it is in CVS..



-- 
With Best Regards,
Sergey Holod
SAH1-RIPE

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius+PostgreSQL connection error on FreeBSD

2002-10-07 Thread Sergey Holod 

On Monday 07 October 2002 15:02, Jared Quinn wrote:
> Sergey,
>
>   What version are you running with - if your not running it, grab
> the latest CVS release. 

It was 0.7.1..

>Are you getting anything in your postgres logs
> when this is happening?

In pospgres log:

   DEBUG:  pq_recvbuf: unexpected EOF on client connection

> > In log:
> >
> >Error: PostgreSQL Query failed Error: no connection to the server
> >
> > And all SQL accounting breaks (we don't use sql authorization).

-- 
With Best Regards,
Sergey Holod
SAH1-RIPE

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius+PostgreSQL connection error on FreeBSD

2002-10-07 Thread Sergey Holod 

Hello!

When I start radiusd everything is good.
But it seems that after some time of inactivity
connection to Postgre SQL closes
but freeradius don't understatnd that
or don't create new connection.
In log:

   Error: PostgreSQL Query failed Error: no connection to the server

And all SQL accounting breaks (we don't use sql authorization).

-- 
With Best Regards,
Sergey Holod
SAH1-RIPE

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Errors in PostrgeSQL schema and queries

2002-09-07 Thread Sergey Holod 

There are at least 2 problems with current PostgreSQL schema and queries:

1. There is no NASPort in schema - should be NASPort NUMERIC(5)

2. In schema we use 

AcctStartTime datetime DEFAULT now() NOT NULL,
AcctStopTime datetime DEFAULT now() NOT NULL, 

in queries:

accounting_update_query = ..WHERE .. AND AcctStopTime = 0 - will not work ( 
now() != 0 ) 

the same for "accounting_start_query_alt" and "accounting_start_query_alt"

I think, right way is not to use "DEFAULT" and "NOT NULL" in schema and use 
"AcctStopTime IS NULL" in queries.

patch:

diff -ur radiusd.ORIG/raddb/postgresql.conf radiusd/raddb/postgresql.conf
--- radiusd.ORIG/raddb/postgresql.conf  Fri Jun  7 00:06:19 2002
+++ radiusd/raddb/postgresql.conf   Sat Sep  7 11:40:29 2002
@@ -123,15 +123,19 @@
 # and added NAS-IP-Address to Stop query (strange, but radius can not determine 
username when updating field with ip address and query is empty)
 # also i changed NAS-Port-id to NAS-Port (cisco nas gives me NAS-Port)
 # Hmmm... please let me know if i forgot smthing... and if i made mistake :)
+#
+# Sergey Holod ([EMAIL PROTECTED]): Who is "me"?
+# ..: To my mind, accounting_onof will never work because thare are nothing to 
+update.. need to change driver or use INSERT insteed..#
+
accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', 
AcctSessionTime=extract(epoch from (timestamp('%S') - timestamp(AcctStartTime))), 
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE 
AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND 
AcctStartTime <= '%S'"

-   accounting_update_query = "UPDATE ${acct_table1} SET FramedIPAddress = 
'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = 
'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0"
+   accounting_update_query = "UPDATE ${acct_table1} SET FramedIPAddress = 
+'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = 
+'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime IS NULL"

accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, 
UserName, Realm, NASIPAddress, NASPort, NASPortType, AcctStartTime, AcctSessionTime, 
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, 
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, 
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', 
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', 
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '%{Acct-Authentic}', '%{Connect-Info}', 
'', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', 
'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')"

-   accounting_start_query_alt  = "UPDATE ${acct_table1} SET AcctStartTime = '%S', 
AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE 
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND 
NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0"
+   accounting_start_query_alt  = "UPDATE ${acct_table1} SET AcctStartTime = '%S', 
+AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE 
+AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND 
+NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime IS NULL"
 
-   accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S', 
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', 
AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = 
'%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', FramedIPAddress = 
'%{Framed-IP-Address}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = 
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = 
'%{NAS-IP-Address}' AND AcctStopTime = 0"
+   accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S', 
+AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', 
+AcctOutputOctets = '%{Acct-Output-Octets}&#

Re: Errors in PostrgeSQL schema and queries

2002-08-26 Thread Sergey Holod 

÷ ÐÉÓØÍÅ ÏÔ ó 24 á×Ç 2002 22:35 Sergey Holod ÎÁÐÉÓÁÌ:
> Hi!
>
forgot to write, freeradius is from CVS of 23.08


-- 
With Best Regards,
Sergey Holod
SAH1-RIPE
ŠËbú?²æìr¸›{û§²æìr¸›y'ž†Ûiÿü0ÁúÞz¶Šë(®åŠËºÇ«²f

Re: COMPARE module

2002-07-09 Thread Sergey Holod 

÷ ÐÉÓØÍÅ ÏÔ ÷Ô 09 éÀÌ 2002 18:00 3APA3A ÎÁÐÉÓÁÌ:
> Dear [EMAIL PROTECTED],
>
>   I  wrote  simple  module which can perform authentication by comparing
>   attribute  in  NAS request with some attribute from configure or reply
>   list. For example it may be used to authenticate user without password
>   if
>
>Calling-Station-Id
>
>   in request matches
>
>Callback-Number
>
>   configured in reply list.
>
>   It  can also be used to authenticate user if some attribute is present
>   in either request or configured items or reply attributes (for example
>   to  authenticate  user without password if Calling-Station-Id presents
>   in request).
>
>   The question is:
>
>   does somebody else need it? :)

Maybe we'll need it.

We'll try to make passwordless access for clients of some phone
company (which will do billing) but need our own statistics..

-- 
With Best Regards,
Sergey Holod
SAH1-RIPE

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

PPTP+MSCHAPv2+FreeRadius+SQL(Postgres)

2002-07-01 Thread Sergey Holod 

Hi!

We need subj.
In general, idea is to identificate users, who are connected by ethernet+hub 
to router, abd then give them access to internet.
Because they can use sniffers, we need MSCHAPv2 as a most secure
method which exists on most OSes.
And need central user database and authentification (Radius+SQL) + accounting.

_Question_, is it possible to make subj with FreeRadius?

>From looking on configs, it seems that MSCHAPv2 authentification info may be 
only in smbpasswd file..

-- 
With Best Regards,
Sergey Holod
SAH1-RIPE

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html