Re: isdn users
÷ ÓÏÏÂÝÅÎÉÉ ÏÔ ðÏÎÅÄÅÌØÎÉË 18 îÏÑÂÒØ 2002 16:15 Leandro Machado ÎÁÐÉÓÁÌ: > hi, > > i have been configured freeradius with mysql authentication but now i need > to differ dial-up users from ISDN users 56k and 128. > > how can i make it?? NAS-Port-Type == Sync and/or Framed-Protocol = MP -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+PostgreSQL connection error on FreeBSD
On Thursday 24 October 2002 16:15, Igor Chen wrote: > On Thu, 10 Oct 2002, Sergey Holod wrote: > > On Monday 07 October 2002 21:42, Aleksandar Zhelyazkov wrote: > Replace Nas-Port field name with Nas-Port-id and leave %{NAS-Port} .. > NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, ^ So "Nas-Port-id" or "NASPortId"?..)) > -1 in AcctSessionTime field indicates opened users session. Why not to use "AcctStopTime IS NULL"? It is much simply and logical. Before "acct-stop" packet "AcctStopTime" is unknown, so it is NULL and we know that session is opened.. > Accounting on/off i've tested on cisco 3620 NAS and > fr 0.4. I did not see any mistakes. In accton/off query: WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" "AcctStopTime=0" - is completely wrong PostgreSQL (>7.1..) can't convert 0 to "-00-00 00-00" or something like, it simply generates error.. -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+PostgreSQL connection error on FreeBSD
On Monday 07 October 2002 21:42, Aleksandar Zhelyazkov wrote: > There are also some diferences between the sql db schema supplied in > src/modules/rlm_sql/drivers/rlm_sql_postgres/db_postgres.sql > and the sql statemetns for accounting_onoff etc in postgresql.conf Some time ago I've posted here patch for "right" config and schema don't know maybe , it is in CVS.. -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius+PostgreSQL connection error on FreeBSD
On Monday 07 October 2002 15:02, Jared Quinn wrote: > Sergey, > > What version are you running with - if your not running it, grab > the latest CVS release. It was 0.7.1.. >Are you getting anything in your postgres logs > when this is happening? In pospgres log: DEBUG: pq_recvbuf: unexpected EOF on client connection > > In log: > > > >Error: PostgreSQL Query failed Error: no connection to the server > > > > And all SQL accounting breaks (we don't use sql authorization). -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius+PostgreSQL connection error on FreeBSD
Hello! When I start radiusd everything is good. But it seems that after some time of inactivity connection to Postgre SQL closes but freeradius don't understatnd that or don't create new connection. In log: Error: PostgreSQL Query failed Error: no connection to the server And all SQL accounting breaks (we don't use sql authorization). -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Errors in PostrgeSQL schema and queries
There are at least 2 problems with current PostgreSQL schema and queries: 1. There is no NASPort in schema - should be NASPort NUMERIC(5) 2. In schema we use AcctStartTime datetime DEFAULT now() NOT NULL, AcctStopTime datetime DEFAULT now() NOT NULL, in queries: accounting_update_query = ..WHERE .. AND AcctStopTime = 0 - will not work ( now() != 0 ) the same for "accounting_start_query_alt" and "accounting_start_query_alt" I think, right way is not to use "DEFAULT" and "NOT NULL" in schema and use "AcctStopTime IS NULL" in queries. patch: diff -ur radiusd.ORIG/raddb/postgresql.conf radiusd/raddb/postgresql.conf --- radiusd.ORIG/raddb/postgresql.conf Fri Jun 7 00:06:19 2002 +++ radiusd/raddb/postgresql.conf Sat Sep 7 11:40:29 2002 @@ -123,15 +123,19 @@ # and added NAS-IP-Address to Stop query (strange, but radius can not determine username when updating field with ip address and query is empty) # also i changed NAS-Port-id to NAS-Port (cisco nas gives me NAS-Port) # Hmmm... please let me know if i forgot smthing... and if i made mistake :) +# +# Sergey Holod ([EMAIL PROTECTED]): Who is "me"? +# ..: To my mind, accounting_onof will never work because thare are nothing to +update.. need to change driver or use INSERT insteed..# + accounting_onoff_query = "UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=extract(epoch from (timestamp('%S') - timestamp(AcctStartTime))), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" - accounting_update_query = "UPDATE ${acct_table1} SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0" + accounting_update_query = "UPDATE ${acct_table1} SET FramedIPAddress = +'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = +'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime IS NULL" accounting_start_query = "INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPort, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')" - accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0" + accounting_start_query_alt = "UPDATE ${acct_table1} SET AcctStartTime = '%S', +AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE +AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND +NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime IS NULL" - accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', FramedIPAddress = '%{Framed-IP-Address}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0" + accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S', +AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', +AcctOutputOctets = '%{Acct-Output-Octets}
Re: Errors in PostrgeSQL schema and queries
÷ ÐÉÓØÍÅ ÏÔ ó 24 á×Ç 2002 22:35 Sergey Holod ÎÁÐÉÓÁÌ: > Hi! > forgot to write, freeradius is from CVS of 23.08 -- With Best Regards, Sergey Holod SAH1-RIPE Ëbú?²æìr¸{û§²æìr¸y'Ûiÿü0ÁúÞz¶ë(®å˺ǫ²f
Re: COMPARE module
÷ ÐÉÓØÍÅ ÏÔ ÷Ô 09 éÀÌ 2002 18:00 3APA3A ÎÁÐÉÓÁÌ: > Dear [EMAIL PROTECTED], > > I wrote simple module which can perform authentication by comparing > attribute in NAS request with some attribute from configure or reply > list. For example it may be used to authenticate user without password > if > >Calling-Station-Id > > in request matches > >Callback-Number > > configured in reply list. > > It can also be used to authenticate user if some attribute is present > in either request or configured items or reply attributes (for example > to authenticate user without password if Calling-Station-Id presents > in request). > > The question is: > > does somebody else need it? :) Maybe we'll need it. We'll try to make passwordless access for clients of some phone company (which will do billing) but need our own statistics.. -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PPTP+MSCHAPv2+FreeRadius+SQL(Postgres)
Hi! We need subj. In general, idea is to identificate users, who are connected by ethernet+hub to router, abd then give them access to internet. Because they can use sniffers, we need MSCHAPv2 as a most secure method which exists on most OSes. And need central user database and authentification (Radius+SQL) + accounting. _Question_, is it possible to make subj with FreeRadius? >From looking on configs, it seems that MSCHAPv2 authentification info may be only in smbpasswd file.. -- With Best Regards, Sergey Holod SAH1-RIPE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html