Documentation Suggestion
Has anyone considered approaching Tim O'Reilly to do a dedicated FreeRadius book. The existing Radius title is ok as far as it goes and the two freeradius chapters are a plus but IMO it does not go far enough. I would have thought that FreeRadius deserves to have it's own creature. Since Jonathon Hassels book features a molusc, I'd suggest an octopus (a higher order marine species). Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using Ascend Max 2000
Sounds like you didn't setup an address pool in the NAS. On Wed, 12 Nov 2003 11:01:05 -0600 Anson Rinesmith [EMAIL PROTECTED] wrote: Hello, If I setup the MySQL to assign an IP, it logins okay. When I try to use a modem pool, I get The server did not assign any address freeRadius/MySQL is installed on a FreeBSD server. I've just setup the sample database information provided in the RADIUS book by O'Reilly Any pointers on where to look? Anson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Free Radius Question
Try picking up a copy of The Radius Book. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Julius IguguSent: Sunday, October 26, 2003 2:07 PMTo: [EMAIL PROTECTED]Subject: Re: Free Radius Question Freeradius handles authentication, authorisation and accounting. It doesn't handle the dial in process. For that you'll need a network access server. Try mikrotik (www mikrotik.com) Julius Igugu "Jamrock" [EMAIL PROTECTED] wrote: Good day all,I have been reading a bit about Free Radius but I still have questions.I need to create a dial in box for a few users. I need some clarificationon what the software does.Does Free Radius only handle authentication or does it also manage the dialin process and control the modem?If I wanted to set up a test dial in server what would I need? Do you Yahoo!?Exclusive Video Premiere - Britney Spears
RE: maybe it's a really newbie/lame question
The accounting log file is not a table, it is just a file. RADIUS is not designed to display information to users. It only does three things (They all start with 'A') and it only does it between the radius server and the NAS. Anything you want to display to a user must be done externally. Note that radius will write the accounting info directly to a database if you want it to. But you will still have to figure out how to get the info back to your users. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of wiking Sent: Friday, October 17, 2003 9:49 AM To: [EMAIL PROTECTED] Subject: Re: maybe it's a really newbie/lame question On Fri, 17 Oct 2003, Alan DeKok wrote: That's what a database is for. Record that information in the database, and look it up later. The NAS does NOT keep accounting information across sessions, and there is absolutely nothing you can do to get that information, if you haven't saved it in a database. Alan DeKok. so you say that if i only store these informations in the radius server's database (accounting table) and i cannot access it's database, only via radius connection, there's no way i can get these informations? the only solution for this problem is to store all these informations redundantly on an another server where i can access that database not only via radius connection? wiking - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Billing sw?
On the commercial (not freeware) side, you can look at Rodopi. It is a pretty good package, and I think they have a trial program available. I have been using it for over a year. I have it integrated with FR/MySql and my CGP mail server so that all customer service is done through Rodopi and it updates FR and CGP On Tue, 14 Oct 2003 13:52:05 +0200 Stefano Costantini [EMAIL PROTECTED] wrote: I've installed a brand new freeradius server, and everything is really ok. But ... i need to build a billing system for mi wi-fi network and i'd like to know if there's a good full made billing system somewhere Tks Stefano - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Starting Radius
There are scripts in the distribution that you can put in the standard rcX directories. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matt Sent: Friday, October 03, 2003 11:02 AM To: [EMAIL PROTECTED] Subject: Re: Starting Radius Yes but how do you tell Daemontools to do this when the Linux box boots up? All the Linux applications I have installed before that need to run on startup such as MailScanner did this for me. Matt I use daemontools for most of these applications. Its a little strange at first, but I have not found anything that keeps a daemon alive more reliably. Just make sure the command line in your 'run' file does not background the process, or daemontools will think the process has died and will try to respawn. You will need to give radiusd the '-s' flag to do this. Andreas On Fri, 3 Oct 2003, Matt wrote: Date: Fri, 3 Oct 2003 01:33:16 -0500 From: Matt [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Starting Radius How do I go about setting up freeRadius so it automatically loads when the linux box boots up? Also, is there a script I can run every few minutes to see if the users file has changed and if so restart freeRadius? Matt Alright, I figured that one out. It was not running so I could not kill it. A simple additional question though. If a user is not in the users file I do not want them authenticated even if they use root and the root password on the linux box. How do I do that? I think it has something to do with default but there are so many examples of default in users file I am not sure where to begin. Matt Why won't it die? [root raddb]# radiusd Thu Oct 2 22:55:19 2003 : Info: Starting - reading configuration files ... [root raddb]# [root raddb]# kill -9 `cat /var/run/radiusd/radiusd.pid` cat: /var/run/radiusd/radiusd.pid: No such file or directory [root raddb]# Matt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: prepaid
If you mean is there a way to make NASs used for a pre-paid system utilize FreeRadius to authorize a user if they have time remaining, then, yes there is. Check the archives and the documentation. There are lots of ways to do it, depending on your backend systems. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Asif Baloch Sent: Thursday, September 11, 2003 3:19 PM To: [EMAIL PROTECTED] Subject: prepaid is there a way to make freeradius able to use prepaid system ? -picard -- ___ Get your free email from http://www.graffiti.net Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Info on using mysql with freeradius
Pickup a copy of the Radius Book. The tables are used nearly the same as the users file. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of MPDU Internet LLC Sent: Wednesday, August 20, 2003 4:30 PM To: [EMAIL PROTECTED] Subject: Info on using mysql with freeradius I've got freeradius to have mysql support.. and created the tables.. Now is there a manual on how do I add users for authentication? and could anyone please share a sql.conf and radius.conf that's working with mysql? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Which is Better LDAP or MySQL?
Michael, IMHO, thats a little like asking which is better - a car or a motorcycle. It just depends on your needs. Sometimes you may need both, since LDAP doesn't have accounting abilities. (And there are other SQL databases, as well as lots of choices in LDAP servers.) The real question you need to determine is: What other systems does my RADIUS server need to interact with? Once you know that, you'll be closer to the answer to your question. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Milbrat Sent: Friday, August 15, 2003 11:14 PM To: [EMAIL PROTECTED] Subject: Which is Better LDAP or MySQL? Does anyone know which is accually a better backend LDAP or MySQL? Michael Milbrat 12dollars.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Advantages of Using SQL ?
And dont forget that the SQL solution will use hashed indexes, usually even if you don't define them. So yes, small database will be faster as a flat file loaded in memory, but big databases will normally be faster from SQL due to cacheing of the hash and the user data. But then, maybe free radius hashes the user file, so in that case yes, loading a 10 GB user file into memory would be faster, but not particularly efficient or intelligent... On Mon, 4 Aug 2003 12:34:34 -0500 (CDT) Steven Fries [EMAIL PROTECTED] wrote: Maybe you're both right? But who really wants to win a Who's the bigger nerd contest? If I have a small set of users, I'm using the flat file. But if my user list growsno doubt use SQL. The best thing for me is I don't have to write fancy text handlers to parse through the users file, I just use SQL statements. So as far as speed, it's negligible either way. Separation of datanow that's where it's at.. Steven You wrote: Well, if that is such a big problem then you can do a memory disk and store your db files in memory disk. That would then definetely work better than freeradius itself. How much are the memory prices now anyhow. About the operating system stuff, the load of exchanging few messages in memory can not be so overwhelming compared to an inefficient search of a few hundred thousands of users from a text database even when its in memory already. There so many programs running in background usually that I am sure that many programs trigger the kernel context switching already even when freeradius is searching from the users file. Now the point is if the search is faster then it would be interrupted less since it would take less time to finish. Thus using SQL would yet improve performance anyhow since the searches would take a lot less time. Look at some statistics http://cs.nmu.edu/~benchmark/index.php?page=context The context switching occurs in microseconds. Lets try to calculate how many context switching operations can be done in a second? Needless to remind that a microsecond is 10^-6 of a second. Then think about how much difference would it take to search 10 entries from users file in memory or in sql database. In which sql already optimize the data to be searched. Then find out how many context switching can be done in that much time IMG SRC=/images/emoticon14.gif I am certainly uncertain about how much overhead it cause for freeradius to call to mysql and back but it can not be so much. Plus if you have 10 users you do not want to reload the users file IMG SRC=/images/emoticon14.gif think about reading 10 users from the disk. Now is that more efficient? in every stupid reload. Then calculate the people who change their passwords or new customers coming and new accounts added. You cant possible argue that using users file is faster. But perhaps the difference is so little when you have few thousand users that you can omit the difference. Evren Peter Nixon wrote: On Tue August 5 2003 05:34, Evren Yurtesen wrote: Thats totally wrong, so you say same cpu works on both db lookups and freeradius, now when freeradius is making a lookup inside users file which is in ram, the same cpu doesnt work on db lookups in memory or what? so thats out of question. I am sorry to tell you Evren, but you ARE wrong. Even if you forget for a moment the fact that a DB server has to fetch the data from the disk and FreeRadius does not, It is MUCH more efficient for FreeRadius to search it's own memory space than to ask another program to supply the data. Asking another program (A DB server or any other program) even if that program already has the data in memory is very slow comparitively as it forces a kernel context switch to load the other program onto the CPU, then another context switch to load FreeRadius onto the CPU. Put simply you are wrong. Please read up about CPU design and operating system context switches before argueing this any more. but mysql is optimized for that kind of lookups, there is huge difference. then again, you can increase the mysql memory cache that mysql can cache the whole db inside the ram if it is small enough. It is not. There is not. You are wrong. Even if you have the entire DB inside ram (which would nullify your point of using a DB instead of a client file to save on RAM usage) the CPU still has to switch the running context from FR - DB - FR which flushes all CPU caches and is very slow. not to mention the fact that there is TCP (or UNIX) socket overhead to slow things down. Of course there is also Parsing and reparsing of SQL statements etc etc.. Now about searching in ram is better than using a database backend. I wonder why companies do not store their database data in text files and load them to ram IMG SRC=/images/emoticon14.gif They do. Of course they do. It is always faster to
Re: Advantages of Using SQL ?
My testing confirms Alan's numbers, however he neglected to mention: Solaris: 2.5 VMS on Alpha: 8.0 :) On Mon, 04 Aug 2003 16:07:58 -0400 Alan DeKok [EMAIL PROTECTED] wrote: Evren Yurtesen [EMAIL PROTECTED] wrote: Everybody argue about something and usually its so difficult to come to a conclusion. Microsoft says windows is good, linux people say linux is better, I say FreeBSD is best :) NetBSD... Microsoft always says the newer version of windows works faster and more efficiently etc. But yet they require faster cpu's and more memory in their system requirements :) When we leave the memory out, I wonder why a more efficient system require faster cpu :) there is a problem in this equation :) At work, we run CPU and memory intensive applications. On the same hardward, the relative speed of our apps on the various OS's, relative to NetBSD, are: NetBSD: 1.0 Linux : 0.6 XP: 0.2 NT4 : 0.1 So I agree, XP is twice as good as NT4. :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Advantages of Using SQL ?
My numbers (atleast) were a joke. The reality of it is (IMHO) that benchmarks are only useful to marketing departments because they are rarely done in an equitable manner. There are way too many differences to benchmark accross hardware platforms, and rarely does anyone tune OS parameters to make benchmarks meaningful on different OSs using the same hardware. I use Win2K and Solaris and XP extensively. IMHO, each has an efficient kernel. All will run the following program very fast: while(1) Tim On Mon, 04 Aug 2003 23:37:42 -0700 Evren Yurtesen [EMAIL PROTECTED] wrote: How do you test this? or joke? :) I would like to keep record of my server performances relative to each other too, it sounds like a cool idea Evren Tim McCracken wrote: My testing confirms Alan's numbers, however he neglected to mention: Solaris: 2.5 VMS on Alpha: 8.0 :) On Mon, 04 Aug 2003 16:07:58 -0400 Alan DeKok [EMAIL PROTECTED] wrote: Evren Yurtesen [EMAIL PROTECTED] wrote: Everybody argue about something and usually its so difficult to come to a conclusion. Microsoft says windows is good, linux people say linux is better, I say FreeBSD is best :) NetBSD... Microsoft always says the newer version of windows works faster and more efficiently etc. But yet they require faster cpu's and more memory in their system requirements :) When we leave the memory out, I wonder why a more efficient system require faster cpu :) there is a problem in this equation :) At work, we run CPU and memory intensive applications. On the same hardward, the relative speed of our apps on the various OS's, relative to NetBSD, are: NetBSD: 1.0 Linux : 0.6 XP: 0.2 NT4 : 0.1 So I agree, XP is twice as good as NT4. :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Advantages of Using SQL ?
My numbers (atleast) were a joke. The reality of it is (IMHO) that benchmarks are only useful to marketing departments because they are rarely done in an equitable manner. There are way too many differences to benchmark accross hardware platforms, and rarely does anyone tune OS parameters to make benchmarks meaningful on different OSs using the same hardware. I use Win2K and Solaris and XP extensively. IMHO, each has an efficient kernel. All will run the following program very fast: while(1) Tim On Mon, 04 Aug 2003 23:37:42 -0700 Evren Yurtesen [EMAIL PROTECTED] wrote: How do you test this? or joke? :) I would like to keep record of my server performances relative to each other too, it sounds like a cool idea Evren Tim McCracken wrote: My testing confirms Alan's numbers, however he neglected to mention: Solaris: 2.5 VMS on Alpha: 8.0 :) On Mon, 04 Aug 2003 16:07:58 -0400 Alan DeKok [EMAIL PROTECTED] wrote: Evren Yurtesen [EMAIL PROTECTED] wrote: Everybody argue about something and usually its so difficult to come to a conclusion. Microsoft says windows is good, linux people say linux is better, I say FreeBSD is best :) NetBSD... Microsoft always says the newer version of windows works faster and more efficiently etc. But yet they require faster cpu's and more memory in their system requirements :) When we leave the memory out, I wonder why a more efficient system require faster cpu :) there is a problem in this equation :) At work, we run CPU and memory intensive applications. On the same hardward, the relative speed of our apps on the various OS's, relative to NetBSD, are: NetBSD: 1.0 Linux : 0.6 XP: 0.2 NT4 : 0.1 So I agree, XP is twice as good as NT4. :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Advantages of Using SQL ?
I hit the wrong button - please see the remainder of message below. On Mon, 04 Aug 2003 15:55:46 -0500 Tim McCracken [EMAIL PROTECTED] wrote: My numbers (atleast) were a joke. The reality of it is (IMHO) that benchmarks are only useful to marketing departments because they are rarely done in an equitable manner. There are way too many differences to benchmark accross hardware platforms, and rarely does anyone tune OS parameters to make benchmarks meaningful on different OSs using the same hardware. I use Win2K and Solaris and XP extensively. IMHO, each has an efficient kernel. All will run the following program very fast: while(1) ; It is the bloated upper layers that everyone has a problem with - the registry, basing everything on COM, legacy DOS file support The kernel was designed by the same guy that designed VAX VMS - arugably the best OS ever built. He just had no control over what got piled on top of it. Tim On Mon, 04 Aug 2003 23:37:42 -0700 Evren Yurtesen [EMAIL PROTECTED] wrote: How do you test this? or joke? :) I would like to keep record of my server performances relative to each other too, it sounds like a cool idea Evren Tim McCracken wrote: My testing confirms Alan's numbers, however he neglected to mention: Solaris: 2.5 VMS on Alpha: 8.0 :) On Mon, 04 Aug 2003 16:07:58 -0400 Alan DeKok [EMAIL PROTECTED] wrote: Evren Yurtesen [EMAIL PROTECTED] wrote: Everybody argue about something and usually its so difficult to come to a conclusion. Microsoft says windows is good, linux people say linux is better, I say FreeBSD is best :) NetBSD... Microsoft always says the newer version of windows works faster and more efficiently etc. But yet they require faster cpu's and more memory in their system requirements :) When we leave the memory out, I wonder why a more efficient system require faster cpu :) there is a problem in this equation :) At work, we run CPU and memory intensive applications. On the same hardward, the relative speed of our apps on the various OS's, relative to NetBSD, are: NetBSD: 1.0 Linux : 0.6 XP: 0.2 NT4 : 0.1 So I agree, XP is twice as good as NT4. :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS Help
Thanks, Mike - and kudos and thanks to the rest of those who contribute to freeRADIUS by answering questions here, offline from questions here, and the TREMENDOUS development team who make all of our lives better. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2003 6:19 PM To: [EMAIL PROTECTED] Subject: RADIUS Help Hi there, I'm new to this group and would like to contribute by helping out with creating the man pages from the rlm* files. I'm gonna start with the following two if no one else has. 1. rlm_digest 2. rlm_krb5 tia mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.497 / Virus Database: 296 - Release Date: 7/4/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.497 / Virus Database: 296 - Release Date: 7/4/2003 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Has anyone been able to get rlm_sql to auth users
There is nothing wrong with the tables. They work fine as shipped. I had the whole thing running against MYSQL in less than an hour using release .8 with absolutely no changes to anything other than config files. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Guy Fraser Sent: Tuesday, July 29, 2003 2:27 PM To: [EMAIL PROTECTED] Subject: Has anyone been able to get rlm_sql to auth users I was trying to get the PostgreSQL driver working. The SQL tables need to be fixed significantly, I have fixed some of the data types and have the tables functional. With so little documentation for rlm_sql it is very difficult to work with. I have made my own patch for Cistron 1.6.7-rc4 that allows accounting directly to a PostgreSQL db. I would be willing to work on fixing some of the rlm_sql parts, but first I would like to know if anyone has already got it working. I noticed in the source that the functions used to connect to the db will cause a crash if the connection fails. I can look into using the functions that allow reconnection and possibly some kind of buffering for extended failures. Guy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Duplicated records in MySQL Radacct table.
I am catching this thread late, so my apologies if I am restating someone elses ideas... Some NAS's have a setting that causes them to send periodic accounting records during a session rather than just a start and stop record. Make sure yours are turned off. If you are doing proxying, there may be a server that is replicating the records to two or more servers for redundancy, and they are all being sent back to one accounting server/database. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peter Nixon Sent: Monday, July 28, 2003 2:25 PM To: Daniel Destro do Carmo Cc: [EMAIL PROTECTED] Subject: Re: Duplicated records in MySQL Radacct table. Then the records are not identical. I suggest you figure out WHY you are getting duplicated records in the DB and fix that. I don't use MySQL or the MySQL queries so I can't help you directly with this, other than to say, find the cause of the problem rather than trying to fix the symptom.. Peter On Mon July 28 2003 21:37, you wrote: I check everything you can imagine... used distinct, etc... nothing works! On Thu July 24 2003 23:13, Daniel Destro do Carmo wrote: Hello All, I a program in Java to read the logs recorded in MySQL DB and then make the billing for each customer's calls. I have faced a big problem that is: When I list the record s from the table radacct or even if I use two table (one for start and another for stop) I find a lot of duplicated registers which makes my Billing incorrectly. How can I select (using SQL) just the unique records to se e how many calls and to calculate the total time each user h as used??? Thanks for your time Daniel Postgres has a UNIQUE keyword, not sure about MySQL.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.o rg/list/users.html --- Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: users file
The password can be in the OS password file and many other places. The docs and faqs list most of them, or describe access methods that can be used. It might help if you could tell us where you want to get them from. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of labis siegfried Sent: Wednesday, July 23, 2003 7:30 AM To: [EMAIL PROTECTED] Subject: Re: users file but i only use a radius server, i don't use any database siegfried A 11:49 23/07/03 +0200, Oliver Graf a écrit : On Wed, Jul 23, 2003 at 11:26:48AM +0200, labis siegfried wrote: i have 2 questions, it is always for my password's problem must the attribute Cisco-AVPair be in the users-files? no. it can also be in some other storage accesible by freeradius. for examle an sql database. must the password be in the users files? also no. could also be in some other storage... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Duplicate Radius Servers
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bobby R. Cox Sent: Tuesday, July 22, 2003 2:05 PM To: [EMAIL PROTECTED] Subject: Duplicate Radius Servers Is it possibe/feasible to have two radius servers on the same machine. Currently running Cistron Radius 1.6.6 and am looking at updating it to FreeRadius. - Is upgrading easy or to I have to replace? - Can I have both on the same machine to ensure the other works before changing over. You can run both on the same machine, however they cannot share an IP port. That is usually not a big deal if you have administrative control over your NAS or other clients. It looks as though the new install will not overwrite existing configs. Is this correct? I am not sure of the correct answer to your question. However, what I do is create a directory for my configuration, and copy all the config files as shipped into the new directory. Then I modify the files in that directory and start radius with the '-d' option. Then new installs will not copy over my live directory, and I have all the 'as shipped' files for reference. -- Bobby R. Cox Linux Systems Administrator Project Mutual Telephone [EMAIL PROTECTED] 208.434.7185 The mosquito exists to keep the mighty humble. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Simultaneous use of two DBs
I don't know for sure about DB2 and Postgres but databases I am familiar with (Oracle, SqlServer, MySql) have the ability to export and import tables via csv files. That would let you move the data. There are also some commercial utilities to let you do it, and there are ODBC drivers available for most databases as well. Depending on the referential integrity that is implemented and the features of your particular database, the order that you import them may be important. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ali Gunduz Sent: Thursday, July 17, 2003 8:25 AM To: [EMAIL PROTECTED] Subject: Simultaneous use of two DBs Hi, I want to log start/stop packets in postgresql and use DB2 for authentication information. All my user information resides in DB2.. I cannot migrate it to postgresql. I couldn't figure out how I could do this in sql.conf.. Anyone has any suggestions or documents about this? Thanks Ali Gunduz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Survey - Which DB backend do you use?
MySql On Mon, 14 Jul 2003 10:30:52 +0300 Peter Nixon [EMAIL PROTECTED] wrote: Hi List I would like to take a quick straw poll. a) If you use a Database backend for FreeRadius which one do you use? b) If you do not use a DB backend for FreeRadius, but do have a DB on your server or in your rack, what DB is it? c) If you do not use a DB backend for FreeRadius, but do have a DB on your server or in your rack, why don't you use it as a backend to FreeRadius? Please reply to this thread on the mailing list or to me directly (I am one of the developers) if you wish to keep the info private. I will post a summary in a few days. Thanks in Advance -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Oracle and stored procedure
Depending on what you are trying to do, Oracle stored procedures can be called using triggers as well. Triggers are typically executed on updates, deletes and inserts into tables. I think (am not sure, because I've been out of the Oracle business for awhile) that version 9 allows triggers on views that allow to update through a view. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of randy Sent: Monday, June 30, 2003 5:17 PM To: [EMAIL PROTECTED] Subject: Re: Oracle and stored procedure * HAUTZ Gilles [EMAIL PROTECTED] [2003-05-22 20:30]: Is it possible to call a stored procedure with freeradius and oracle? If yes, how ? you can use a function instead of a stored procedure - a function you can call with select from freeradius. hope this helps, randy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: db authenticate
This error shows up on the list in some form almost daily, though usually with a different file. It is covered in the FAQ. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chad Stalvey Sent: Wednesday, June 25, 2003 12:02 PM To: [EMAIL PROTECTED] Subject: RE: db authenticate Ok, I got a little further... Now I am getting this error: radiusd.conf[872] Failed to link to module 'rlm_dbm': file not found any ideas? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Chad Stalvey Sent: Wednesday, June 25, 2003 11:46 AM To: [EMAIL PROTECTED] Subject: db authenticate I've built freeradius 0.8.1 to replace a livingston server. The livingston was authenticating off of a users.db database file. How/where do I tell freeradius to look at that file instead of the flat users file? Thanks. Chad Stalvey Systems Engineer Hayes E-Government Resources www.hcs.net 850.297.0551 ext.136 Mobile 508.0485 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Inserting fields in MySQL/FreeRadius database
You will need to change the query in the SQL config file. And you will need to make sure that the value you are trying to insert is a supported variable. Its all in the docs. -Original Message-From: Carlos Henrique de Souza Brito [mailto:[EMAIL PROTECTED]On Behalf Of Carlos Henrique de Souza BritoSent: Wednesday, June 25, 2003 12:14 PMTo: [EMAIL PROTECTED]Subject: RE: Inserting fields in MySQL/FreeRadius database OK, but if I create a field directly in mysql Radius will fill it ? -Original Message- From: Chad Stalvey [mailto:[EMAIL PROTECTED] Sent: Wed 6/25/2003 1:45 PM To: [EMAIL PROTECTED] Cc: Subject: RE: Inserting fields in MySQL/FreeRadius database It will be mysql alter table table_name add newfield_name newfield_type The syntax is here: http://www.mysql.de/doc/de/ALTER_TABLE.html -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Carlos Henrique de Souza BritoSent: Wednesday, June 25, 2003 12:36 PMTo: [EMAIL PROTECTED]Subject: Inserting fields in MySQL/FreeRadius database Hello, I need to add more fields in the MySQL, how can I do that ? I found in phpMyAdmin an "Add new field at end of table". Radius automagically inserts data in this field ? If not, is there a command or option in radius? Thanks, Carlos Brito - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html attachment: winmail.dat
RE: Radius Attributes
Probably not. At any rate, it would be mostly a function of your NAS. The protocol and FR could probably handle it. But your NAS is going to have to accept it during the authentication and store it for the duration of the user session. You would need to check the attributes and functionality of your NAS to see if such a thing is feasible. If you are using a SQL database, it should not be to difficult to add the field to the accounting table and run a query after the accounting record is inserted to add the field value to the record. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jander Sunstar Sent: Wednesday, June 25, 2003 12:30 PM To: [EMAIL PROTECTED] Subject: Radius Attributes Hello , I have been looking for a way to pass an arbitray value from the radius server and get it back from the NAS .. i.e I want to include a users account number in their radius profile and get it back in the NAS accounting packet. Is this possible via radius attributes ? Thanks Rick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Why FreeRADIUS?
It is very efficient as far as CPU cycles are concerned. The 'releases' are rock solid because they have already been field tested by many users before being called a release. It is also very flexible. The sql queries for MySql are not hard coded, they are in a config file. I am not familiar with the IC radius schema, but it wouldn't surprise me to find out you might be able to run a test environment using your current schema. Once you are satisfied though, I would think converting to the standard FR schema would be the thing to do. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott A. H. Phillips Sent: Thursday, June 19, 2003 4:33 PM To: [EMAIL PROTECTED] Subject: Why FreeRADIUS? Hi! I'm new to the list but not new to RADIUS. I'm a net engineer at an ISP with about 1300 dial-in users, currently using ICRADIUS. Since that project is pretty well dead (despite claims on the mailing list otherwise) I'm considering alternatives. I *really* don't want to change my database around (currently using MySQL with some custom reporting utilities written by yours truly). I'm looking at FreeRADIUS and OpenRADIUS. Why should I use FreeRADIUS? I'm sure you all have reasons or you wouldn't be using it yourselves; please enlighten me. Cheers, --Scott! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius security
One thing to do is make sure you have the bad-password delay timer set to a good value (3-5 seconds or so). This won't help much if the hacker is using a threaded process to generate the packets however. Since it is coming from a server you have authorized, there is not a lot you can do with a firewall. You might want to consider having two sets of radius servers sharing a common database. One would be behind your firewall serving you internal requests. The second would be for your proxies. That way, only the proxy requests will be affected during the hacks. Make sure that you limit the number of server threads and have the above mentioned timer set properly on your server so it doesn't flood the database with requests. I suspect others may have even better ideas. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stefan Auweiler Sent: Wednesday, June 18, 2003 11:06 AM To: [EMAIL PROTECTED] Subject: Radius security Hello all, How can I prevent to be flooded by RADIUS packets from an IP address? At first, I tried to deny the 1812/1813 ports from all IP's which does not have any RADIUS relation to my RADIUS Server using access lists. But then I found the case, where I have to open the Ports to an external downstream RADIUS proxy server, which has to respond to my RADIUS requests. This external server has also to send his UDP packet to my 1812/1813 port. What do I need to prevent the case, where somebody has hacked the external RADIUS server and intentionally starts flooding my server or this external sever simply runs amok? Thank you. Regards Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius demo
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 4:26 AM To: [EMAIL PROTECTED] Subject: Re: freeradius demo Hello again! I have read the rfcs and some other articles, but I still have an comprehension problem! Following situation: 1. Company with 1000 users in different systems (unix/ads) 2. Dial-in possibility over some ISDN Routers (they are the radius clients) 3. One radius server in background how does the radius server know about the users? I made some experience (not FreeRadius supports a bunch of different user databases, from the original users' files to most anything you want using various modules. much at all) with Cisco ACS, and I think that acs is acting as a kind of proxy like this: nas (radclient) acs (radserver) and acs (radclient) w2ksrv (radsrv) ? -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DNS Servers
I have a Cisco 3640 which uses freeradius for authentication. When a ppp session is established with the cisco no DNS servers are currently set on the client. I have tried adding a Cisco-AVPair=ip:dns-servers=10.35.8.38 entry to the radgroupreply table (I am using mysql with freeradius). I have also tried many variants on the AVPair (like using a * instead of the second equals) but I cannot get the cisco to give the client DNS servers. The client is windows XP. The relevant part of the cisco config is below: aaa new-model aaa authentication login default group radius enable aaa authentication login linmethod group radius enable aaa authentication login vtymethod group radius enable aaa authentication login conmethod group radius enable aaa authentication ppp default if-needed group radius local aaa authorization exec default if-authenticated aaa authorization network default if-authenticated aaa authorization reverse-access default none aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius enable secret removed radius-server host 10.35.8.38 auth-port 1812 acct-port 1813 radius-server host 10.35.8.40 auth-port 1812 acct-port 1813 radius-server timeout 4 radius-server key removed Any help would be greatly appriciated. Tim Saunders - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius demo
Best practices for configuring freeradius: 1. Read the FAQs and the archives 2. Read and follow the book. It works! then, if you have problems: Best practices for finding resolution to problems: 1. Read debug statements completely. 2. Read the FAQs and the archives 3. Browse your config files. Best regards for your success. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 10:32 AM To: [EMAIL PROTECTED] Subject: RE: freeradius demo OK, but how do i configure freeradius to query a windows 2000 server for user information? Hello again! I have read the rfcs and some other articles, but I still have an comprehension problem! Following situation: 1. Company with 1000 users in different systems (unix/ads) 2. Dial-in possibility over some ISDN Routers (they are the radius clients) 3. One radius server in background how does the radius server know about the users? I made some experience (not FreeRadius supports a bunch of different user databases, from the original users' files to most anything you want using various modules. much at all) with Cisco ACS, and I think that acs is acting as a kind of proxy like this: nas (radclient) - acs (radserver) and acs (radclient) - w2ksrv (radsrv) -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Missing rlm_sql_mysql
The FAQ. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Linval Sent: Monday, June 16, 2003 8:26 AM To: [EMAIL PROTECTED] Subject: Missing rlm_sql_mysql Been having a problem and found out I am missing the rlm_sql_mysql file. What should I look for to determine why this is happening? Michael Linval Wide Area Network Specialist College of St. Scholastica [EMAIL PROTECTED] (218) 723-5914 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Missing rlm sql mysql
I dont know how to get much more specific than the FAQ section 4.14 One of the following is the problem: The file is not on the system One of its dependent libraries is not on the system The file or one of its dependent libraries is not in the search path of the linker because the linker is misconfigured or the files are in the wrong location. You just have to verify each of the above items until you find out which one it is. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Linval Sent: Monday, June 16, 2003 8:36 AM To: [EMAIL PROTECTED] Subject: RE: Missing rlm sql mysql I have read the FAQ thanks and tried what is said. Doesnt fix it! Please be more specific The FAQ. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Require Urgent Help
It sounds like they have a dialup system running - if they are using Ascend MAXs the manuals that come with them have lots of good information on radius in general -especially attributes. And of course the RFCs. And The RADIUS book. And the FAQs. And the docs that come with the distribution. And review their design requirements closely. If they are a small ISP the use of LDAP and mysql sounds redundant to me unless they are using LDAP for authorization and authentication and mysql for accounting. IMHO if you don't have some other reason to use LDAP, I would stick with just mysql. There is no reason to add complexity to something you are just learning about, and from my experience, the sql solution is a little simpler. However there are lots of good reasons for using LDAP if you are integrating this with another auth server of some kind and want to use a common user database. As far as the best OS - I would recommend the one that runs all the software you need and that you (or whoever is going to maintain the system) knows the best. :) The wireless system could care less what the OS is. Tim Hi, I have started a new job in Linux. I have been involved quite a lot into daily system admin functions in Linux as well as Solaris Now the requirement for this job are to set up a RADIUS server with LDAP and mysql database. This is for a small ISP which will be used for Wireless access for dial up users. I am completely unaware of RADIUS,LDAP and mysql. They want to use FREERADIUS,OPENLDAP from netscape and mysql. What shoud be the starting point. Which favour of Linux will be far suitable for wirelss applications? Any help will be much appreciated. Thanks, Sagar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: transaction safe tables in mysql
is it advisable to use transaction safe tables in mysql for freeradius? thanks for the feedback - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I don't use them, but the answer really depends on how much of a problem is created if you have a crash in the middle of a multi-statement insert, update, or delete. Presumably most of your insert and deletes will be multi-statements since typically the usergroup, radcheck and radreply tables all need to be inserted or deleted, and possibly the groupcheck and groupreply tables. In my case, the update activity is relatively low, and I will know if there is a problem. So I find it easier just to use the standard tables rather than one of the other table packages. I also only have one record in each table per user, so it is easy to figure out what did or did not happen. (But then, I have never had it crash so I really can't speak from assitance - except while I was developing the glue that ties FR to my customer service system. However, if your systems don't allow you to easily determine what happened just prior to the crash on a statement-by-statement basis or you have lots of entries per user in some of your tables, it might be beneficial. I also rely on the fact that I run two copies of FR, each with its own MySql DB updated by my customer service system. If one crashes, it is very simple to copy the database from the second one over to it. In most cases, this is a simpler restoral than trying to do a restoration from log files or whatever the transaction safe tables use. I haven't done this in MySql, but I have done such restorations in previous versions of Oracle and it is not a pleasant experience. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How do I dynamically insert and delete users?
And pick up a copy of the Radius book. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Steve Fulton Sent: Tuesday, June 03, 2003 4:30 PM To: [EMAIL PROTECTED] Subject: Re: How do I dynamically insert and delete users? How do I dynamically insert and delete users that the radius server will use? Modifying raddb/users each time is too cumbersome, isn't it? SQL or LDAP with a front-end of some sort. Check the archives, there has been plenty of discussion about it. -- Steve. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How do I dynamically insert and delete users with mysql?
Then you don't have it set up correctly to use MySql. My users file is empty. All my users are in MySql, as I suspect is the case with most people who use it. There are lots of questions about MySql in the archives and lots of info in the docs to get it going. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michael Davis Sent: Tuesday, June 03, 2003 4:42 PM To: [EMAIL PROTECTED] Subject: How do I dynamically insert and delete users with mysql? I am using mysql to populate my users list but I still have to insert each user name into the users file in order for radius to recognize it. It there a way to set up a table in mysql and change a config setting so that I can insert users dynamically without having to use the users file at all? Thanks Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Authentication
Check page 38 in the Radius book. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Keith Ballard Sent: Thursday, March 27, 2003 11:30 AM To: [EMAIL PROTECTED] Subject: Authentication Hi all, Just a quick question before I go much deeper. Is it possible to authenticate a dial-up with freeradius based not just on username/password, but also phone number called from (ie only allow dial-in from one particular number per customer). If so can anyone please point me to a faq, etc (I couldn't find it in the Radius book). regards, Keith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [OT] what billing software do you suggest?
Tim I use Rodopi. I have scripts setup up to update the FR MySql database and my CGPro e-mail server. Rodopi also imports the accounting file so you can check usage, handle prepaid acccounts, ... It is all web-based, so I can run it from my house or whereever I happen to be. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ray Sent: Wednesday, March 05, 2003 12:17 PM To: [EMAIL PROTECTED] Subject: [OT] what billing software do you suggest? we have started using freeRadius and we had a homebrew system for the billing setup. the homebrew was notably out of date 3 years ago and required ms access. we thought we would be writing a new set of homebrew software to implement the billing again, but the higher ups are reevaluating that idea. what billing software is being used with freeradius and would you recommend it? freeRadius 0.8.1 running off of MySQL for auth acct - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [OT] what billing software do you suggest?
It also will directly generate and upload a users file, if you don't want to use a database back-end. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tim McCracken Sent: Wednesday, March 05, 2003 2:35 PM To: [EMAIL PROTECTED] Subject: RE: [OT] what billing software do you suggest? Tim I use Rodopi. I have scripts setup up to update the FR MySql database and my CGPro e-mail server. Rodopi also imports the accounting file so you can check usage, handle prepaid acccounts, ... It is all web-based, so I can run it from my house or whereever I happen to be. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ray Sent: Wednesday, March 05, 2003 12:17 PM To: [EMAIL PROTECTED] Subject: [OT] what billing software do you suggest? we have started using freeRadius and we had a homebrew system for the billing setup. the homebrew was notably out of date 3 years ago and required ms access. we thought we would be writing a new set of homebrew software to implement the billing again, but the higher ups are reevaluating that idea. what billing software is being used with freeradius and would you recommend it? freeRadius 0.8.1 running off of MySQL for auth acct - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
subscribe
Title: subscribe subscribe ** Mazda Australia takes many precautions to ensure emails are virus free. For extra protection you should virus scan this message yourself. **
RE: Proxy Server sending from random ports
-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Nathan MillerSent: Tuesday, February 25, 2003 2:06 PMTo: [EMAIL PROTECTED]Subject: Re: Proxy Server sending from random ports Alan, I truly appreciate the speedy reply. I confirmed the requests are definitely always coming from the same IP address, it's just the port # which is changing. I had disabled some error checking code (section which confirms the port #) in freeradius to get the 2nd error I listed. I will notify them that their radius server is definitely violating the RFC. Thanks.At 09:54 AM 2/25/2003 -0500, you wrote: Nathan Miller [EMAIL PROTECTED] wrote: I am having a problem with a new client. Their radius server is sending back the requests I proxy to them using random ports. It always arrives on my port 1647, but is sent using a random port on their side. That's a violation of the RFC. Initially I was getting these errors (stripped from -xxx debug log) Tue Feb 25 11:04:15 2003 : Error: Ignoring request from unknown proxy ipaddie:12386 That's a different error. The reply from the home server came fromone which wasn't listed in in proxy.conf. So not only are they sending from random ports, they're sending fromrandom IP's, too. The rest of my proxy customers always send the request back using the same port which the request was proxied to them on, which is usually 1645 or 1812. As you can see, this particular request arrived from port 12386 which seems to be random port #'s above 1. My first assumption is this has something to do w/ laod balancing software on their side. Probably. My first and most important question is, is there a work-around perhaps so I can get this customer live w/o them fixing their radius? No. The proxy requests are keyed by port IP. So if the homeserver responds from a *different* port IP, there's no way offiguring out which request matches that reply. Should freeradius be accepting these connections, or is it in fact their radius which is violating the spec? Their system should be fixed. It's a complete and total violationof the RADIUS spec. It's impossible to fix, and even if you could, itwould create severe security problems. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --Nathan Miller - [EMAIL PROTECTED]VISP TechnologiesBuilding The Nation's Largest Network of Successful ISPs.
RE: Proxy Server sending from random ports
Sorry for the previous post! If they aren't using a load balancer, then their software is opening the port with a port number of '0' rather thana specifiedport.This is correct for many client protocols (mostly using TCP rather than UDP), but definitely not for RADIUS. Tim -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Nathan MillerSent: Tuesday, February 25, 2003 2:06 PMTo: [EMAIL PROTECTED]Subject: Re: Proxy Server sending from random ports Alan, I truly appreciate the speedy reply. I confirmed the requests are definitely always coming from the same IP address, it's just the port # which is changing. I had disabled some error checking code (section which confirms the port #) in freeradius to get the 2nd error I listed. I will notify them that their radius server is definitely violating the RFC. Thanks.At 09:54 AM 2/25/2003 -0500, you wrote: Nathan Miller [EMAIL PROTECTED] wrote: I am having a problem with a new client. Their radius server is sending back the requests I proxy to them using random ports. It always arrives on my port 1647, but is sent using a random port on their side. That's a violation of the RFC. Initially I was getting these errors (stripped from -xxx debug log) Tue Feb 25 11:04:15 2003 : Error: Ignoring request from unknown proxy ipaddie:12386 That's a different error. The reply from the home server came fromone which wasn't listed in in proxy.conf. So not only are they sending from random ports, they're sending fromrandom IP's, too. The rest of my proxy customers always send the request back using the same port which the request was proxied to them on, which is usually 1645 or 1812. As you can see, this particular request arrived from port 12386 which seems to be random port #'s above 1. My first assumption is this has something to do w/ laod balancing software on their side. Probably. My first and most important question is, is there a work-around perhaps so I can get this customer live w/o them fixing their radius? No. The proxy requests are keyed by port IP. So if the homeserver responds from a *different* port IP, there's no way offiguring out which request matches that reply. Should freeradius be accepting these connections, or is it in fact their radius which is violating the spec? Their system should be fixed. It's a complete and total violationof the RADIUS spec. It's impossible to fix, and even if you could, itwould create severe security problems. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --Nathan Miller - [EMAIL PROTECTED]VISP TechnologiesBuilding The Nation's Largest Network of Successful ISPs.
RE: most redundant Radius system
I think there are some previous threads on the subject of using a load balancer. The best thing to do is not use a load balancer, as it creates a single point of failure. Better to use the multiple radius server parameters built into most NASes. I use 1 sql server per FR - running on the same server. This is very simple which suits me fine. Use at least 2 FR servers. For max reliability they should each be mulit-homed or, better yet, diversely located in different locations on different upstream providers. There are a variety of ways to replicate the data between them. The best (IMHO) is probably to have a master sql database (maybe on your provisioning system) and replicate it out to the radius servers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Joel Vandal Sent: Wednesday, February 19, 2003 2:33 PM To: [EMAIL PROTECTED] Subject: Re: most redundant Radius system Any idea on the redundant Radius system scheme with MySQL? Our redundant setup: 2 x Radius server 1 x Load Balancer (Alteon) (hehe bought one on ebay for 20$us good deal) 3 x XMLRPC server 3 x mySQL server Our Radius server connect to our Load Balancer that send request to one of our 3 XMLRPC server. Each XMLRPC server send Authentication/Authorization request to mySQL server (round-robin/failover) For Accounting request, if the main mySQL server is down, then the request is cached and re-send when the main mySQL is running. Each XMLRPC mySQL server are on a virtual server so we need only 3 computers for these task but each computer are RAID5 RAID50 hardware adapter and multiple power supply (2 x HP LC2000 and 1 x HP LH4 Quad-Xeon) -- Joel Vandal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help-ME...radcheck: Permission denied
You need to determine why you are tring to insert a duplicate key. My wild guess from looking at your log is that you shut the system down and then restarted it, and when you restart, it is trying to reinsert records that already exist. Relational databases will not allow that on tables with a primary key or columns defined as 'unique'. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of leaobicalho Sent: Wednesday, February 19, 2003 12:52 PM To: [EMAIL PROTECTED] Subject: Help-ME...radcheck: Permission denied Always when im check, show this message, How can i do for work? Above have logs of postmaster, radiusd and radclient Log of postmaster - DEBUG: database system was shut down at 2003-02-19 15:33:25 BRT DEBUG: checkpoint record is at 0/19D420 DEBUG: redo record is at 0/19D420; undo record is at 0/0; shutdown TRUE DEBUG: next transaction id: 875; next oid: 16633 DEBUG: database system is ready ERROR: pg_atoi: error in fredf: can't parse fredf ERROR: Cannot insert a duplicate key into unique index usergroup_pkey DEBUG: pq_recvbuf: unexpected EOF on client connection ERROR: radcheck: Permission denied. ERROR: radcheck: Permission denied. ERROR: radcheck: Permission denied. ERROR: radcheck: Permission denied. Log of Radius Server lm_sql (sql): Attempting to connect rlm_sql_postgresql #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql_postgresql: query: SELECT id,UserName,Attribute,Value,Op FROM radcheck WHERE Username = 'fredf' ORDER BY id rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: s, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql_getvpdata: database query error rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 0 rad_recv: Access-Request packet from host 200.253.21.202:32792, id=97, length=57 Dropping packet from client Leao:32792 - ID: 97 due to dead request 2 Log of Radius Client [root@dev1 radius]# radclient -q -s 127.0.0.1 auth test123 user-name=test radclient: no response from server __ E-mail Premium BOL Antivírus, anti-spam e até 100 MB de espaço. Assine já! http://email.bol.com.br/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Automatically disconnecting calls
This is a reply attribute for many NASs. So if you set up the attribute, FR will send it with the response packet. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ZaharaSent: Friday, February 14, 2003 3:41 AMTo: freeradiusSubject: Automatically disconnecting calls Hi all Is it possible to automatically disconnect the calls? I mean, we know the max allowed time for the call being reuqested. Is it possible to disconnect this call after the max duration? Thanks.
RE: how to start simple accounting
Are your NAS's sending the accounting packets? Have you run it in debug mode to see what is happening to them? -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ramprasad A PadmanabhanSent: Friday, February 14, 2003 3:57 AMTo: [EMAIL PROTECTED]Subject: how to start simple accountingHello all, I dont know why i am not able to find it any of the docs or mailing lists , I have installed freeradius 0.8 and am able to use authentication with system and LDAP. What I am not able to figure out is how to start the accounting, even radwho radlast etc return just empty results. The files radutmp radwtmp and sradutmp are all 0 bytes NETCORE SOLUTIONS *** Ph: +91 22 5662 8000 Fax: +91 22 5662 8134 MailServ: Email, IM, Proxy, Firewall, Anti-Virus, LDAP Fleximail: Mail Storage, Management and Relaying http://www.netcore.co.in Emergic Freedom: Linux-based Thin Client-Thick Server Computing http://www.emergic.com BlogStreet: Top Blogs, Neighborhoods, Search and Utilities http://www.blogstreet.com Rajesh Jain's Weblog on Technology:http://www.emergic.org
RE: Compiling FreeRadius for oracle support?
Just link with the oracle library. The oracle module (last time I checked) was either written in OCI calls directly, or was written in Pro*c and had already been pre-compiled. Just make sure you have included rlm_oracle in the build and have the oralib in one of the lib directories. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ryan Castellucci Sent: Monday, February 10, 2003 6:59 PM To: [EMAIL PROTECTED] Subject: Compiling FreeRadius for oracle support? Hi, I need to compile FreeRadius 0.8.1 on Redhat 7.3 with oracle support. I've installed the oracle 9i linux developers software, where do I go from here? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Maximum/Ideal/Suggested number of users(current and possible)
Greetings - I am doing research regarding whether or not to replace our Windows 2000 ADS/Radius server with .? In this search I have come across Cistron/FreeRadius; however, I have not seen any benchmarks/suggested maximum number of users. I welcome any suggestions. Thanks! Tim Rich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Maximum/Ideal/Suggested number of users(current and possible)
Let me be the first to point out that Cistron and FreeRadius are completely different systems. This is the FreeRadius list - not the cistron list. Maximum number of SUBSCRIBERS is dependent upon: how many requests per peak minute/hour/whatever processing power/system architecture/etc how you store your user data In other words, your mileage may vary and there are no magic answers to this question for FreeRadis or any other software. But the system is damn efficient, especially running a datbase behind it if you have a large subscribers. I would bet somebody on here is running in excess of 100K subscribers. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Rich, Jr. Sent: Thursday, February 06, 2003 12:33 PM To: '[EMAIL PROTECTED]' Subject: Maximum/Ideal/Suggested number of users(current and possible) Greetings - I am doing research regarding whether or not to replace our Windows 2000 ADS/Radius server with .? In this search I have come across Cistron/FreeRadius; however, I have not seen any benchmarks/suggested maximum number of users. I welcome any suggestions. Thanks! Tim Rich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Maximum/Ideal/Suggested number of users (current and possible)
Thanks, Tim - Then some details are available: We currently serve ~1500 users, max concurrent connection = 96 users. The proposed radius server is a Compaq Proliant DL380, Dual 2.4 Xenon CPU, 4 GB memory, attached to a SAN. This server is running Redhat 7.3 (testing to move to Redhat AS 2.1). The device making Radius requests is a Cisco 5300 Access server connected to 4-24 Channel T-1's. These devices are connected on a 10/100 Ethernet segment. This is the bulk of our business - and would need 99.999 availability. Our peak usage is 5 hours a day, but still only see about 60 current connections. Typical connection length is between 8 and 20 minutes. The growth of our company is anticipated to be added users of ~ 10,000 this year, as we just signed a large contract. Our ratio of users/available (concurrent) connections is about 1/15. (this means ~ 660 concurrent connections, and would have to add a Cisco AS 5400 to the mix to make this work) Would FreeRadius provide the robustness, reliability and scalability that we are looking for? Tim -Original Message- From: Tim D. McCracken [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 1:54 PM To: [EMAIL PROTECTED] Subject: RE: Maximum/Ideal/Suggested number of users(current and possible) Let me be the first to point out that Cistron and FreeRadius are completely different systems. This is the FreeRadius list - not the cistron list. Maximum number of SUBSCRIBERS is dependent upon: how many requests per peak minute/hour/whatever processing power/system architecture/etc how you store your user data In other words, your mileage may vary and there are no magic answers to this question for FreeRadis or any other software. But the system is damn efficient, especially running a datbase behind it if you have a large subscribers. I would bet somebody on here is running in excess of 100K subscribers. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Rich, Jr. Sent: Thursday, February 06, 2003 12:33 PM To: '[EMAIL PROTECTED]' Subject: Maximum/Ideal/Suggested number of users(current and possible) Greetings - I am doing research regarding whether or not to replace our Windows 2000 ADS/Radius server with .? In this search I have come across Cistron/FreeRadius; however, I have not seen any benchmarks/suggested maximum number of users. I welcome any suggestions. Thanks! Tim Rich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Maximum/Ideal/Suggested number of users (current and possible)
Performance: I presently run 148 ports on a 400 MHz Solaris system that all runs a very busy e-mail server. At that I average about 75% idle cpu cycles. I doubt that FR's contribution to the load would be measurable. I do use MySQL back-end. Reliability: No standalone computer achieves 5 9's of reliability on it's own. I run FR on two servers, and you should too if reliability is important. IMHO a database backend makes redundant servers a little easier, but you will get differences of opinion on this. One great thing about a database backend on FR is that there is no need to restart the server every time you add a user. With 10K subs I would definitely recommend a DB backend. As to which one, everbody is different. I use MySQL, but would use Oracle if cost was not a factor. Other's use Postgres, and I think some even use MSSQL Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Rich, Jr. Sent: Thursday, February 06, 2003 1:20 PM To: '[EMAIL PROTECTED]' Subject: RE: Maximum/Ideal/Suggested number of users (current and possible) Thanks, Tim - Then some details are available: We currently serve ~1500 users, max concurrent connection = 96 users. The proposed radius server is a Compaq Proliant DL380, Dual 2.4 Xenon CPU, 4 GB memory, attached to a SAN. This server is running Redhat 7.3 (testing to move to Redhat AS 2.1). The device making Radius requests is a Cisco 5300 Access server connected to 4-24 Channel T-1's. These devices are connected on a 10/100 Ethernet segment. This is the bulk of our business - and would need 99.999 availability. Our peak usage is 5 hours a day, but still only see about 60 current connections. Typical connection length is between 8 and 20 minutes. The growth of our company is anticipated to be added users of ~ 10,000 this year, as we just signed a large contract. Our ratio of users/available (concurrent) connections is about 1/15. (this means ~ 660 concurrent connections, and would have to add a Cisco AS 5400 to the mix to make this work) Would FreeRadius provide the robustness, reliability and scalability that we are looking for? Tim -Original Message- From: Tim D. McCracken [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 06, 2003 1:54 PM To: [EMAIL PROTECTED] Subject: RE: Maximum/Ideal/Suggested number of users(current and possible) Let me be the first to point out that Cistron and FreeRadius are completely different systems. This is the FreeRadius list - not the cistron list. Maximum number of SUBSCRIBERS is dependent upon: how many requests per peak minute/hour/whatever processing power/system architecture/etc how you store your user data In other words, your mileage may vary and there are no magic answers to this question for FreeRadis or any other software. But the system is damn efficient, especially running a datbase behind it if you have a large subscribers. I would bet somebody on here is running in excess of 100K subscribers. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Tim Rich, Jr. Sent: Thursday, February 06, 2003 12:33 PM To: '[EMAIL PROTECTED]' Subject: Maximum/Ideal/Suggested number of users(current and possible) Greetings - I am doing research regarding whether or not to replace our Windows 2000 ADS/Radius server with .? In this search I have come across Cistron/FreeRadius; however, I have not seen any benchmarks/suggested maximum number of users. I welcome any suggestions. Thanks! Tim Rich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Maximum/Ideal/Suggested number of users (current and possible )
I would agree with everything Chris said. I think I said about the same thing in a different way. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Parker Sent: Thursday, February 06, 2003 1:31 PM To: [EMAIL PROTECTED] Subject: RE: Maximum/Ideal/Suggested number of users (current and possible ) At 02:20 PM 2/6/2003 -0500, Tim Rich, Jr. wrote: Thanks, Tim - Then some details are available: We currently serve ~1500 users, max concurrent connection = 96 users. The proposed radius server is a Compaq Proliant DL380, Dual 2.4 Xenon CPU, 4 GB memory, attached to a SAN. This server is running Redhat 7.3 (testing to move to Redhat AS 2.1). Wow, that's quite a bit of overkill. If you need 5 9's of reliability then I would look at dumping that server for a couple smaller/cheaper servers so that you have multiple servers instead of single one. Configure those multiple servers on your nas ( you mention it's a cisco so it can support quite a few ). Then, if one server happens to go down, your NAS will failover automatically to one of the others. The growth of our company is anticipated to be added users of ~ 10,000 this year, as we just signed a large contract. Our ratio of users/available (concurrent) connections is about 1/15. (this means ~ 660 concurrent connections, and would have to add a Cisco AS 5400 to the mix to make this work) Would FreeRadius provide the robustness, reliability and scalability that we are looking for? I have on good authority of FreeRADIUS running far less capacity servers supporting an order or two larger userbase than what you are describing. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Maximum/Ideal/Suggested number of users (current and possible )
Thanks, Tim and Chris! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FTP access to accounting logs by rodopi
OS: Solaris8/SPARC I need to ftp (read) the accounting log using a non-priveleged account from RODOPI. I created a non-priveleged user with the 'other' group. Rodopi can change the 'detail' file names but cannot read the files since the default persmision is owner:rw (only). RODOPI changes the 'detail' filenames forcing FR to create a new file each time RODOPI process the current data, so I can't just change the file permissions one time and call it good. I am trying to set the default group permission on the 'detail' file to allow this. However, I have been unable to determine where to set the umask for a daemon. Also, I do not want to change it system wide - only for the radiusd daemon. I have been unable to locate this information in the Solaris docs. Any Ideas? Or is there a better way to accomplish this? (without anon FTP) Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: One more question..
This question comes up about every week. Check the archives, and the documentation, and The Radius Book. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Drew Weaver Sent: Monday, February 03, 2003 3:10 PM To: '[EMAIL PROTECTED]' Subject: One more question.. is there a howto, or specific instructions available on how to make FreeRadius authenticate from a Mysql Database, and furthermore, can accounting information also be stored in this database? -Drew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Same thing happening here
You cannot leave the opfield empty. This is an error in the book. Other than that, the example in the book should work as shown. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Michael Brininstool Sent: Friday, January 31, 2003 9:57 AM To: [EMAIL PROTECTED] Subject: Same thing happening here I have just set up freeradius-0.8.1 on a freeBSD 4.7 box and the MySQL DB is in NT (don't know speicifcs of that machine. I probably have a problem in the SQL tables, but I am getting all the return string back from DB, but the packet is coming back as Access-Reject, also (like original poster). I want the passwords in the clear in the database, and want PAP. Can someone give me an example user (a copy of each row needed for that user from each of the needed tables) so I can make sure I am not missing something? I followed the example in the O-Reilly book, changing names, and left the op field empty (probably a mistake and I will try with '==' in there) because it said nothing was needed there. Under a pretty bad time crunch so would appreciate any help! -- Michael P. Brininstool [EMAIL PROTECTED] When did a lack of money and accomplishment become a mark of virtue? --Ann Coulter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [newbie]
That all depends on what you are going to do with it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Frederic SOSSON Sent: Monday, January 27, 2003 10:42 AM To: [EMAIL PROTECTED] Subject: [newbie] Hello, I'am a newbie using FreeRADIUS, and I would like to know the best way to store accounting data. Regards. Frederic - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Most Popular method for managing users in FreeRadius
I saw this posting and wanted to ask a few questions. Has anyone setup FreeRADIUS so it authenticates users and stores the accounting logs in MSSQL for use by Rodopi? I am interested in knowing if anyone has setup FreeRADIUS and Rodopi together so that pre-paid cards and dialup account time limits work and limit a users time so when they reach the limit it will kick them off by setting the session length correctly. If anyone has any pointers for this information I would appreciate it. We are already using Rodopi to import standard RADIUS logs and make the users file, but would prefer to see this integrated better so we can suppose pre-paid cards. In case it makes any difference we would like to run FreeRADIUS on our Red Hat Linux server. Right now we are running Cistron which as you know isn't really setup for pre-paid cards. Thanks for any of the help that anyone can give us. Tim Jung System Admin Internet Gateway [EMAIL PROTECTED] - Original Message - From: Juan Carlos Ocasio [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 11, 2003 9:36 AM Subject: RE: Most Popular method for managing users in FreeRadius Tim, You can also use perl or php to connect to Rodopi. The MSSQL server that Rodopi uses has a bunch of stored procedures you can call from an SQL script. That is what we used for a client of mine that wanted to use Rodopi as the billing system, Linux for his email - personal web space and a custom PHP site for Web based signups. At first it was a pain joining all three, but once I learned how Rodopi was doing things, it was pretty much smooth sailing from there. Regards, JC -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Tim D. McCracken Sent: Saturday, January 11, 2003 6:33 AM To: [EMAIL PROTECTED] Subject: RE: Most Popular method for managing users in FreeRadius I am using RODOPI for provisioning and billing. I have just turned it up in the last month or two. It has 'event scripts' capability. Basically anytime a user add, change, or delete is done, it calls some external system that you create to update your external systems such as FR, e-mail, etc... (www.rodopi.com) You do have to 'roll your own' interface code, but the scripts support a variety of interfaces and different people do it different ways. In my case I developed some C++ code that runs as a DOS batch file, that RODOPI creates and then executes. (Well it is supposed to, it is creating the DOS file right now, and they are fixing a bug that is keeping it from executing it. RIght now I just duble click the batch file to get it to execute.) Most people probably don't do it the way I did, but I already had most of the code developed and it took me about 2 days to adapt it. I am using FR/MySql, so my code uses the MySql C API to connect to the MySql DB on my Solaris servers and inserts, updates, or deletes records in the usergroup, radcheck and radreply tables. Rodopi runs on Win2000, but it can be made to work with most any system that can be IP networked, since the event scripts support a bunch of different technicques. I also use CGPro e-mail software running on solaris, and I have it tied to RODOPI as well. One other nice thing about RODOPI is that the configuration and user interface is totally web based. So it is easy to run from anywhere. Of course, you want it behind a firewall... Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Don O'Neil Sent: Saturday, January 11, 2003 2:57 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Most Popular method for managing users in FreeRadius Ok... I'm a newbie to the whole radius thing, and yes, I have the book on order Besides the tool 'dialup admin' that comes with FreeRadius and manually adding/removing users to the DB with any number of tools like phpmyadmin, what is everyone using to manage users with FreeRadius/MySQL? Specifically, I'm wondering if there are any accounting/billing packages that add/remove/modify users automatically, or if I'm going to have to 'roll my own' and interface it to some accounting billing package. Can it be easilly interfaced with MikroTik to add/remove users, or ISPGold, or Emerald (etc...)? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Most Popular method for managing users in FreeRadius
Well the issue is that yes you do need everything stored in Rodopi so that total time for the given period is correct. For example say you limit an account to 300 hours per month, and they use 295 hours, then call up for 2 hours hang up, then 2 minutes later call back. The system should know that they now only have 3 hours left and thus set a session limit of 3 hours. If the data is not being processed real-time then there is no way for the RADIUS server to accurately know what the exact limit of the session should be. Without real-time processing of the RADIUS accounting packets then on the second call it would think it still had 5 hours left rather than only 3 hours left. Does that make sense? That is why I am trying to get FreeRADIUS to integrate with Rodopi so it does the time length stuff correctly. Tim Jung System Admin Internet Gateway [EMAIL PROTECTED] - Original Message - From: Simon White [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 27, 2003 3:42 PM Subject: Re: Most Popular method for managing users in FreeRadius 27-Jan-03 at 14:37, Tim Jung ([EMAIL PROTECTED]) wrote : I saw this posting and wanted to ask a few questions. Has anyone setup FreeRADIUS so it authenticates users and stores the accounting logs in MSSQL for use by Rodopi? I am interested in knowing if anyone has setup FreeRADIUS and Rodopi together so that pre-paid cards and dialup account time limits work and limit a users time so when they reach the limit it will kick them off by setting the session length correctly. If anyone has any pointers for this information I would appreciate it. We are already using Rodopi to import standard RADIUS logs and make the users file, but would prefer to see this integrated better so we can suppose pre-paid cards. In case it makes any difference we would like to run FreeRADIUS on our Red Hat Linux server. Right now we are running Cistron which as you know isn't really setup for pre-paid cards. This would be interesting for me too, but I haven't had the time to implement it yet. I don't think you need it to store to MSSQL, you can just have RODOPI send the right attributes upon account creation/renewal I think. Let me know how you get on and come back with more specific questions. I'm familiar with Rodopi 5.1... -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: using freeradius with celluarip networks
Rodopi will process a standard accounting file as captured by FR. The real question is whether or not your cell network sends radius accounting packets. If it doesn't there is nothing that free radius can do to solve the problem. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of satnett satelliteSent: Wednesday, January 15, 2003 12:13 PMTo: [EMAIL PROTECTED]Subject: using freeradius with celluarip networks We would want to use freeradius with cellularip on linux for our wireless ip network. Do you have any ideas on how we can get usage data from cellularip basestations to interface with the radius server. We also use rodopi billing. How can be get it to interface with freeradius Regards Charles Do you Yahoo!?Yahoo! Mail Plus - Powerful. Affordable. Sign up now
RE: Authorization
Here is a best guess. FR is only going to issue queries as defined in the config file for oracle. The only queries that are going to work for auths are going to be selects, since you must retreive data for an auth. I think you need to calculate the credit time based on a DB trigger in the Accountingtable at the conclusion of each call, and use that to update radreply and or radcheck as may be necessary. Each trigger execution should probably be something like "time left=time left-call duration" so that if you purge the accounting tables, the lost records won't matter. This will likely perform better for auths also, since you aren't executing a potentially long running trigger at auth time. I dont think ExecProgramWait is going to do what you want at all. Tim -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alex ZhangSent: Wednesday, January 15, 2003 9:28 PMTo: [EMAIL PROTECTED]Subject: Authorization Hi, I'm trying to use freeradius0.8.1 and oracle with quintum box to build aprepaid voip system. currently, i havea problem: ican not modify or insert the h323-credit-time in radreply when authorizing. If I can insert the calledsessionid and username into oracle, i think i can write a database trigger to calcute the credit-time and insert it into radreply. but the problem is i don't know how to interact with oracle in authorizaion stage. I checked this list to find "Exec-Program-Wait" can be used. One of the method is to write a c programm.Is it possible to use sqlplus and sql script file?have anyone tried this way? Thanks in advanced. Alex Zhang
RE: Package sent to Radius Server is encrypted?
Read the RFCs. It is all fully explained. Get The Radius Book. It also explains it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of leaobicalho Sent: Tuesday, January 14, 2003 7:18 PM To: [EMAIL PROTECTED] Subject: Package sent to Radius Server is encrypted? The Package sent to Radiusd Server is encrypted? I say about information about User-Name=nameteste, Password=testeetc.. The 'nameteste' sent to Server is encrypted? thanks... __ E-mail Premium BOL Antivírus, anti-spam e até 100 MB de espaço. Assine já! http://email.bol.com.br/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Most Popular method for managing users in FreeRadius
I am using RODOPI for provisioning and billing. I have just turned it up in the last month or two. It has 'event scripts' capability. Basically anytime a user add, change, or delete is done, it calls some external system that you create to update your external systems such as FR, e-mail, etc... (www.rodopi.com) You do have to 'roll your own' interface code, but the scripts support a variety of interfaces and different people do it different ways. In my case I developed some C++ code that runs as a DOS batch file, that RODOPI creates and then executes. (Well it is supposed to, it is creating the DOS file right now, and they are fixing a bug that is keeping it from executing it. RIght now I just duble click the batch file to get it to execute.) Most people probably don't do it the way I did, but I already had most of the code developed and it took me about 2 days to adapt it. I am using FR/MySql, so my code uses the MySql C API to connect to the MySql DB on my Solaris servers and inserts, updates, or deletes records in the usergroup, radcheck and radreply tables. Rodopi runs on Win2000, but it can be made to work with most any system that can be IP networked, since the event scripts support a bunch of different technicques. I also use CGPro e-mail software running on solaris, and I have it tied to RODOPI as well. One other nice thing about RODOPI is that the configuration and user interface is totally web based. So it is easy to run from anywhere. Of course, you want it behind a firewall... Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Don O'Neil Sent: Saturday, January 11, 2003 2:57 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Most Popular method for managing users in FreeRadius Ok... I'm a newbie to the whole radius thing, and yes, I have the book on order Besides the tool 'dialup admin' that comes with FreeRadius and manually adding/removing users to the DB with any number of tools like phpmyadmin, what is everyone using to manage users with FreeRadius/MySQL? Specifically, I'm wondering if there are any accounting/billing packages that add/remove/modify users automatically, or if I'm going to have to 'roll my own' and interface it to some accounting billing package. Can it be easilly interfaced with MikroTik to add/remove users, or ISPGold, or Emerald (etc...)? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: SHARED SECRET ERROR...
Let me be the first... :) RTFM FR follows the same setup that Livingston used since the beginning of RADIUS. It is documented, check out config files. Especially the one labled CLIENTS. You might also want to pick up a copy of The Radius Book and check out the RFCs. Your NAS manual should cover the setup for that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Thursday, January 09, 2003 3:02 PM To: [EMAIL PROTECTED] Subject: SHARED SECRET ERROR... Hi all Iam trying to authenticate a wireless user (notebook) through Orinoco AP2000 sending the information to RADIUS against LDAP. I have added the MAC address of the wireless card as a user (oxoxox-oyoyoy) with a userPassword in the LDAP, also i have the same password on the AP (the one to use to log in as admin for the AP), the RADIUS gets the MAC address as the uid, which is ok. Now when it tries to authenticate with the password it cannot. I know iam doing some silly mistake...please help me set up the shared secret for the AP and the RADIUS, i mean where shall i store the password for both individually.. Here's the debug...(radiusd -X -A) rlm_ldap: login attempt by 00022d-5e1a19 with password ?s?÷?»A?£F? T}c rlm_ldap: user DN: uid=00022d-5e1a19,dc=example,dc=coo rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: setting TLS mode to 4 rlm_ldap: bind as uid=00022d-5e1a19,dc=example,dc=coo/?s?÷?»A?£F? T}c to localhost:389 rlm_ldap: waiting for bind result ... modcall[authenticate]: module ldap returns reject --ERROR modcall: group authtype returns reject auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! --ERROR Delaying request 1 for 1 seconds Finished request 1 Any suggestion or help is appreciated... Thanks in advance Reddy - This mail sent through IMP: http://horde.org/imp/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dialup-Admin
Obviously you are not using FreeRadius, so you are on the wrong list. FreeRadius is currently on version .8 -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Mike PanethSent: Monday, January 06, 2003 12:06 AMTo: [EMAIL PROTECTED]Subject: Dialup-Admin I have just started to use version 1.61 and I have the following questions. When I select "Statistics" (and select "sessions", "uploads" and "downloads", the results are all zero, even though the radacct table has entries. When I select a user, how do I change the "allowed session" time? My users are volume based not time based. Also the account status is all zeros. Is it possible to convert the html to shtml so I can pass this securely over the network? Is it possible to have login security, so only valid users can access these pages? Sorry, but I am not a programmer and don't fully understand these issues, or how to solve them. Mike Paneth Melbourne Australia
RE: Solaris Issue
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris Parker Sent: Friday, January 03, 2003 9:13 AM To: [EMAIL PROTECTED] Subject: Re: Solaris Issue At 08:52 AM 1/3/2003 +, Simon White wrote: 02-Jan-03 at 23:42, Gene Parks ([EMAIL PROTECTED]) wrote : On Solaris you will waste your time trying to find out where the problem is. I had 2 Solaris servers with the exact same software load. One would compile and run FreeRadius the other pretty much said to forget it. They were both X-1's. So this is the way to get it to work and not have any trouble what so ever. Install Suse 7.3 for sparc on the two servers. Then compile and install freeradius. You will be home free and never have a bit of problems out of them.. Hehe... 2 Solaris servers become 2 Linux servers... Just goes to show how portability can be a headache. We switched all our old Sun boxes to Linux too, since installing newer Solaris versions will kill them. Solaris 8 works just fine for freeradius here. From dev/test boxes which are lowly sun4m ss4 and ss20's to production sun4u servers running 64-bit native. Dunno what the problem is, but most of the errors Gene has shown seem more related to LDAP than to Solaris. If Linux makes you happy, then go for it. -Chris I am running FreeRadius/MySQL on solaris on Netra T1s as well and have no problems. My current production systems are running Solaris 8, but my FreeRadius was compiled on my test box using Solaris 9. I initially tried to use the Netscape LDAP and the free radius server that came with it. That thing ***sucked*** big time, although I managed to use it for several months. I don't know if it was the ldap or the radius, but it drove me to FreeRadius/MySql. - Tim -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Calling-Station-ID in accounting start request
t 04:06 PM 12/31/2002 +0100, =?iso-8859-2?Q?Mariusz_Bo=BFewicz?= wrote: - Original Message - From: Alan DeKok [EMAIL PROTECTED] mm's [EMAIL PROTECTED] wrote: Is any posibility to enter Calling-Station-Id field into detail file? Why wouldn't it be? Ok. The possibility is... hehe, but not in my Radius server detail file. So what should I do to enter this field to detail file ? Make sure the NAS sends it? You *have* done this already right? Running the server in debugging mode to see what it receives from the NAS? Unfortunately the 'rlm_magic' module has not been written, so if the NAS doesn't send it, the server can't log it. Patches welcome of course. :) -Chris Note: I have completed rlm_magic module and am currently working on the rlm_clairvoyance module. Not only will it do everything you want, regardless of the available data, it will read your mind so that no manual configuration is required! :) HAPPY NEW YEAR TO ALL FreeRadius Users and especially to Alan! - Tim -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how the FreeRadius connect the PPPOE-server(RA-PPPOE)
Allan I doubt many people are going to have time to help you write a research paper. RADIUS is a well understood and documented protocol. I suggest you read the relevant RFC's and The RADIUS book first. Then read up on your PPPOE server. FreeRadius works with any access server via RADIUS. It is that simple. If I am not mistaken, the default configuration will do PAP authentication, so you really should not have a problem. Tim -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of allansSent: Wednesday, December 25, 2002 2:44 PMTo: [EMAIL PROTECTED]Subject: how the FreeRadius connect the PPPOE-server(RA-PPPOE) hello, I have set up a PPPOE-Server£¬and it can check the username and password by Pap-secret£¬what I don't know to do is how to make the freeRadius work with my PPPOE-server.Please help me,and I am a college student,this study about PPPOE-server and Radius System is my homework,please help me for detail,thank you very much! Best wish! allan
RE: set up question
I would concur that using the NAS is the preferred solution. Especially if you are considering using redundant radius servers. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Simon White Sent: Tuesday, December 10, 2002 2:56 AM To: [EMAIL PROTECTED] Subject: Re: set up question 09-Dec-02 at 22:59, Bill ([EMAIL PROTECTED]) wrote : Hello! I have a question. I have a Cisco AS5200. It was suggested that I place the public IP's into the AS5200, however there are provisions in freeradius to do this also. Which is the correct way, put the Public IP's into the RAS or the radius? I'd use the RAS personally. Usually easier that way. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd.conf
This doesn't exactly answer your question, but I found it helpful. Goto www.dialways.com and download radping. It is a win client to test radius servers. Once you get that working, then worry about your cisco box. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bill Sent: Monday, December 09, 2002 5:01 PM To: [EMAIL PROTECTED] Subject: radiusd.conf Hello! Can someone send me a radiusd.conf example that would show a connection for an AS5200 or similar? I have FreeRadius running on Suse 8.0. I'm currently a wireless provider going to dial-up also. When I try to connect, the Cisco box says that it can't find the Radius server. I have port 1645 loaded on both units as well as the key secret. I'm thinking I'm still missing something in the radiusd.conf file. Thanks, Bill - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Just plain problems
There are way too many people who expect FREE software, designed to be flexible enough to run on many different platforms, and by necessity distributed as source, to be as easy to use as commercial software OUGHT to be, and some of which actually is. There are plenty of commercial radius products out there. Most start at about $2k and go up. As I recall, you can spend $60k and up on a couple of products. And then there are the annual support contracts. I even tried a free commercial (oxy-moronic?) radius from a VERY major name software company. It was very inflexible and had one minor quirk I never could resolve - it didn't actually check the passwords! There was no usergroup to support it (atleast in a timely manner), so here I am. Yes it takes a little work to get it going. But once it works, it just works. Atleast in my experience, running it on Solaris. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alan DeKok Sent: Saturday, December 07, 2002 10:54 AM To: [EMAIL PROTECTED] Subject: Re: Just plain problems troy white [EMAIL PROTECTED] wrote: I am really starting to think this is usless crap. Then don't use it. Running an authentication server requires *some* amount of brains. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: God, I need help getting this thing running on Redhat 8.0!
Have you installed all the prerequisite libraries? They are listed on the web site. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ken Henrich Sent: Friday, December 06, 2002 3:55 PM To: [EMAIL PROTECTED] Subject: God, I need help getting this thing running on Redhat 8.0! Hi, I must be dumb. I cannot get this thing (freeradius-0.8) to compile under Redhat 8.0. I've got a fresh, default, installation. Here is just the output of ./configure. Now I know kerberos is installed. I know that MySQL is intalled. I've got to be missing something very basic. Regards Ken /home/Ken/freeradius/missing: Unknown `--run' option Try `/home/Ken/freeradius/missing --help' for more information configure: warning: `missing' script is too old or missing cat: ./config.h.in: No such file or directory configure: warning: the comm_err library isn't found! configure: warning: silently not building rlm_krb5. configure: warning: FAILURE: rlm_krb5 requires: krb5. configure: warning: silently not building rlm_sql_postgresql. configure: warning: FAILURE: rlm_sql_postgresql requires: libpq-fe.h libpq. configure: warning: oracle headers not found. Use --with-oracle-home-dir=path. configure: warning: sql submodule 'oracle' disabled configure: warning: iodbc headers not found. Use --with-iodbc-include-dir=path. configure: warning: sql submodule 'iodbc' disabled configure: warning: mysql headers not found. Use --with-mysql-include-dir=path. configure: warning: sql submodule 'mysql' disabled configure: warning: ibm db2 headers not found. Use --with-ibmdb2-include-dir=path.configure: warning: sql submodule 'db2' disabled configure: warning: unixODBC headers not found. Use --with-unixodbc-include-dir=path. configure: warning: sql submodule 'unixodbc' disabled configure: warning: silently not building rlm_sql_postgresql. configure: warning: FAILURE: rlm_sql_postgresql requires: libpq-fe.h libpq. configure: warning: oracle headers not found. Use --with-oracle-home-dir=path. configure: warning: sql submodule 'oracle' disabled configure: warning: iodbc headers not found. Use --with-iodbc-include-dir=path. configure: warning: sql submodule 'iodbc' disabled configure: warning: mysql headers not found. Use --with-mysql-include-dir=path. configure: warning: sql submodule 'mysql' disabled configure: warning: ibm db2 headers not found. Use --with-ibmdb2-include-dir=path.configure: warning: sql submodule 'db2' disabled configure: warning: unixODBC headers not found. Use --with-unixodbc-include-dir=path. configure: warning: sql submodule 'unixodbc' disabled - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
4-Octet VSAs
Hi, Does FreeRADIUS support 4-octet VSA? I need to support a Nortel 4-octet VSA CVX-PPP-VJEnabled (sub-attribute type = 2233533121). So, I added it to dictionary.aptis. When I ran FreeRADIUS as a proxy, it complained about this VSA with the error Vendor specific attribute has invalid length. I checked radius.c and it seems like the code assumes a 1-byte Sub-Attribute Type or Vendor Type (except for USR) and consequently think the following byte is the Length byte. In this case the length is in the 5th octet, instead of the 2nd octet, after the Vendor ID. I commented out this part of logic to relax the checking, but I encountered some other problems. Does anyone have any idea how to make FreeRADIUS support 4-octet VSAs in proxy mode? Thanks. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
detail file
can someone let me know where to look to change the newer default filename of the detail files where they have a filename as detail-date .. which creates a new file each day, back to the older style where the detail file was just called detail and continued to grow as a single file for as long as it was left in the radacct sub directory .. (our accounting software was written to deal with a single file in the NAS's sub dir) .. Thank You - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Default Gateway
If it can be set in your NAS, that is the best way (IMHO). Otherwise, you need to know what attribute your NAS is expecting to have the default gateway in, (what dictionary are you using?) and just set that up as one of the attributes to be returned. Where you put that attribute depends on how you are storing your data (users file, sql, etc...) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jamil Buchalla Neto Sent: Wednesday, November 20, 2002 1:26 PM To: [EMAIL PROTECTED] Subject: Default Gateway How do I set the default gateway for the users? When they connect the default gateway is becoming the same as theier IP Address. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: SQL module/query per NAS
Why do you need to do this. Why not write all the data to the same table, and alter your 'output' queries to pull out data on a per-NAS basis? You might be able to rewrite the insert statement to insert into a different table. If you need it to go to two different databases, then you may want to set up two different daemons (on two different ports) each with completely different sql setups. Then point each NAS at a different port. This essentially sets up two standalone accounting servers. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Igor de Rooij Sent: Monday, October 28, 2002 10:09 AM To: [EMAIL PROTECTED] Subject: SQL module/query per NAS Hello, I am looking how to configure freeradius to use different accounting sql modules/queries per NAS. basically i want to put something like this in my acct_users file : DEFAULT NAS-IP-Address == 10.0.0.1, Acct-Status-Type == Stop, Auth-Type := SQL1 DEFAULT NAS-IP-Address == 10.0.0.2, Acct-Status-Type == Stop, Auth-Type := SQL2 and have accounting stop requests from nas 10.0.0.1 execute queries from SQL1 and requests from nas 10.0.0.2 execute queries from SQL2 both configured in sql.conf. needless to say this way with Auth-Type doesn't work with my setup.. also i couldn't find it in the FAQ or mailing list archive so i thought perhaps someone on the list could show me how to set this up if it's at all possible.. Thanks, Igor de Rooij - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Non-Simultaneous Usage
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Joshua Corbin Sent: Monday, October 28, 2002 7:33 PM To: FreeRadius List Subject: Re: Non-Simultaneous Usage I would suggest doing that in three steps. Most people try to configure 2-4 things at the same time, and then never get it working. Step 1: get MySQL working to your satisfaction. Have that working, I even have my op field set to := instead of null (I've been following the list for a while now :), maybe you should document that better as that was causing the weird behavior that I had posted earlier about). Step 2: Using the 'users' file, get Simultaneous-Use working in a test environment. If you don't have a test environment, make one now. Hmm, not too sure how easy that's going to be as we don't have a spare server to test on, maybe I'll get back into UML. Also the reason we use freeradius is specifically so that we don't have to use a users file anymore (Livinston/Cistron burn). Single server test environment - build a second raddb directory such as '/usr/local/etc/raddb_test'. Configure it to use different ports and a different MySql database (same MySql instance). You can test all day long in this mode and never screw up the in-service system. When you get it all working, just copy the appropriate RADDB and MySQL data (changing the port and database name back) and you are set to go. Of course this does require a second NAS...but if you can only get at this at 2 am then this must be a mission critical system for which you have a spare, right? You might even be able to get around this by setting up a test realm - but I don't know if simultaneous use works with proxy, although it seems like it should. Step 3: move the simultaneous use configuration to the SQL database. I'll probably jump to this step, my test environment will have to be the real server at say about 2 am in the morning :) Simultaneous-Use requires 'online' accounting information to be stored somewhere. For 0.7, this means 'radutmp'. So without using the 'radutmp' module, you'll have a hard time getting Simultaneous-Use to work. Must I use radutmp? Why not sql accounting? Joshua Corbin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: mysql
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of alantu Sent: Sunday, October 27, 2002 6:17 AM To: [EMAIL PROTECTED] Subject: mysql freeradius-users [root@localhost root]# /usr/sbin/radiusd -x Starting - reading configuration files ... Module: Loaded SQL rlm_sql: Driver rlm_sql_mysql loaded and linked rlm_sql: Attempting to connect to root@localhost:/radius rlm_sql: starting 0 rlm_sql: Attempting to connect #0 rlm_sql: Starting connect to MySQL server for #0 rlm_sql: Couldn't connect socket to MySQL server root@localhost:radius rlm_sql: Mysql error 'Access denied for user: 'root@localhost' (Using password: YES)' any ideas? Have you tested the following to make sure it works: mysql -u root@localhost -p Tim alantu [EMAIL PROTECTED] 2002-10-27 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PAP CHAP won't work together
I cannot seem to get both PAP and CHAP to work at the same time - I can get either to work but not both. I have what I believe is a reasonably common setup: ISP (I need to support the common PPP auth methods for Internet access) NAS: Ascend 4048 MySQL user database (with a clear test password stored as attribute 'Password' With the present config chap works OK. A PAP request produces the following error User-Name = someuse User-Password = H\311\002\351\251\220f\245\274\270\364\374\325\010\304N NAS-IP-Address = 67.98.104.246 NAS-Port = 20101 NAS-Port-Type = Async State = 0x Called-Station-Id = 3230020 Framed-IP-Address = 67.98.106.48 Acct-Session-Id = 385070689 rlm_chap: Could not find proper Chap-Password attribute in request rlm_sql: Reserving sql socket id: 3 rlm_sql: Released sql socket id: 3 rlm_chap: Attribute CHAP-Password is required for authentication. Cannot use User-Password. Sending Access-Reject of id 201 to 67.98.104.246:1025 I have the following in the 'users' file: DEFAULT Auth-Type := PAP Fall-Through = 1 DEFAULT Auth-Type := CHAP Fall-Through = 1 The following is an output from radiusd -x (which indicates the radius.conf setup) ... Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL ... I have RTFM till I am BIFF! :) and still don't know what's wrong Anybody know what's wrong? If anybody using a similar configuration would send me their radiusd.conf and appropriate sections of the users file, I would be very appreciative. Thanks - Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PAP CHAP won't work together
-Original Message-
From: [EMAIL PROTECTED]
[mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Alan DeKok
Sent: Saturday, October 26, 2002 12:46 PM
To: [EMAIL PROTECTED]
Subject: Re: PAP CHAP won't work together
Tim D. McCracken [EMAIL PROTECTED] wrote:
I cannot seem to get both PAP and CHAP to work at the same time
- I can get
either to work but not both.
There shouldn't be any problem if the server is configured
correctly.
I am sure the server will do it. I just can get it to work right.
I have the following in the 'users' file:
DEFAULT Auth-Type := PAP
Fall-Through = 1
DEFAULT Auth-Type := CHAP
Fall-Through = 1
Do 'man 5 users'. Read it.
It doesn't work on the machine I built and tested it on.
It says no entry for 5 and pulls up the unix 'users' command
I took out the chap entry above.
You're telling the server to always do PAP authentication, and then
to forget that, and always do CHAP authentication. That doesn't make
any sense.
The server should come already configured to do both PAP and CHAP.
Read the radiusd.conf file for more details.
Alan DeKok.
I have read and re-read radiusd.conf. I still don't understand it all. All
of the chap and most of the pap entries are commented out in the build
version. I uncomment the chap stuff, and then I get this error:
ERROR: Cannot find a configuration entry for module chap.
so I add this after PAP
chap {
Auth-type = CHAP
}
And it will start up OK. But it still won't handle chap queries.
I always get the error that it can't use 'CHAP-Password'.
I know this is a good and very flexible system, and I know that it is just
that I still don't understand the configuration settings yet. I have tried
lots of different things, all of which the system accepts without complaint
and none of which work.
With all the stuff commented out of radiusd.conf, how is it configured
automatically for PAP and CHAP?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PAP CHAP won't work together
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Gene Parks Sent: Saturday, October 26, 2002 6:34 PM To: [EMAIL PROTECTED] Subject: RE: PAP CHAP won't work together One thing that is not included in the schema for LDAP is 'chappassword'. It assumes you already have it. If you do not have this in your schema then you will need to add it and then add it to the customer record you are testing against. Then CHAP will start working. I am acutally using mysql rather than ldap. Are you saying that I will have to store both a Password and and Chappassword in the database for this to work? Looking at the SQL queries, it never queries for a chappassword in the authentication query but I guess it could pick it up from the check query. However, the error message I am getting says that it doesn't like the attrbute in the request. And depending on which one I have working (PAP or CHAP) it will err off on the other because it has the wrong password attribute type. I think I am supposed to tell it somewhere to change the attribute type before passing it on for authentication. For example, if it is a chap request, I think (?) it is supposed to change the chap-password attribute to a password or user-password attribute and then pass it on. But I evidently don't know where to do that or something. I take it you are supporting both PAP and CHAP using LDAP? and have them both working properly? Perhaps if you sent my your radiusd.conf file, I could make mine work properly. Thanks Tim Gene Parks VIP Direct - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PAP CHAP won't work together
I got it fixed! Based on an earlier discussion (and as shown earlier in this thread) I had set auth-type=PAP in users. After digging through about 300 messages in the archive, I found that it should be auth-type = local. Is there anywhere that LISTS and DEFINES all the valid auth-types? Gene and Alan: Thanks for your help! Tim -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Tim D. McCracken Sent: Saturday, October 26, 2002 7:08 PM To: [EMAIL PROTECTED] Subject: RE: PAP CHAP won't work together -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Gene Parks Sent: Saturday, October 26, 2002 6:34 PM To: [EMAIL PROTECTED] Subject: RE: PAP CHAP won't work together One thing that is not included in the schema for LDAP is 'chappassword'. It assumes you already have it. If you do not have this in your schema then you will need to add it and then add it to the customer record you are testing against. Then CHAP will start working. I am acutally using mysql rather than ldap. Are you saying that I will have to store both a Password and and Chappassword in the database for this to work? Looking at the SQL queries, it never queries for a chappassword in the authentication query but I guess it could pick it up from the check query. However, the error message I am getting says that it doesn't like the attrbute in the request. And depending on which one I have working (PAP or CHAP) it will err off on the other because it has the wrong password attribute type. I think I am supposed to tell it somewhere to change the attribute type before passing it on for authentication. For example, if it is a chap request, I think (?) it is supposed to change the chap-password attribute to a password or user-password attribute and then pass it on. But I evidently don't know where to do that or something. I take it you are supporting both PAP and CHAP using LDAP? and have them both working properly? Perhaps if you sent my your radiusd.conf file, I could make mine work properly. Thanks Tim Gene Parks VIP Direct - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
debug log question
I have FreeRadius running using MySQL and all appeared well until I got this log series. ... auth: type Local auth: user supplied CHAP-Password matches local User-Password auth: Failed to validate the user. ... I thought this might just indicate a bad password, so I tested it with a bad password and got a completely different series of error logs that made sense to me. The only entry in the radcheck table is the password. This users entries are identical to everyone elses. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running it as a deamon
On Sat, 26 Oct 2002 00:32:28 +0200 Håkan Höglin [EMAIL PROTECTED] wrote: Yet another newbie question. I have installed the server, made the config and running it using /usr/local/sbin/radiusd -X , this works fine with my Cisco equipment. But.. I'm failing to run it as a server. I havent really seen any docs regarding this but I tried to run it from inetd, but it wont start. I'm running RH6.2 on a Cobalt server. Regards h Just don't do a -x or -X and it starts as a daemon. (inetd is neither necessary or desirable) Look in /scripts for a /etc/rc2.d script - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CHAP Error
I have PAP and MSCHAP working fine using MySQL for users. When I try to enable CHAP I get the following error at startup: ERROR: Cannot find a configuration entry for module chap. I added chap to the Authorize section - which is what I think causes the error. I uncommented chap in the Authicate section. Where is the configuration entry that it is looking for? Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 802.1x TTLS support.
http://www.freeradius.org/doc/EAPTLS.pdf -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Llewellyn, Dean Sent: Wednesday, October 23, 2002 9:37 PM To: '[EMAIL PROTECTED]' Subject: 802.1x TTLS support. Does anyone know if either Free Radius, or any other non-commercial Radius server either has, or is in the process of adding EAP - TTLS support ? Does anyone know if there are any 802.1x non-commercial clients for EAP-TTLS for windows operating systems ? Thanks. This Email may contain confidential and/or privileged information and is intended solely for the addressee(s) named. If you have received this information in error, or are advised that you have been posted this Email by accident, please notify the sender by return Email, do not redistribute it, delete the Email and keep no copies. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FW: Another MySql 'failed to authenticate' question
I am using NTRADPING to test with. MySql Table data: (1 row only per table) Usergroup: 1, notme, dialup Radcheck: 1, notme, User-Password, yesyou, == Radreply: 1, notme, Auth-Type, PAP, := I have enabled PAP in radiusd.conf I am still getting this message in the log: rad_check_password: Found Auth-Type System Where is this configured at? Thanks! - Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Binaries/Config Multi Realm questions
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Alan DeKok Sent: Saturday, October 19, 2002 6:20 PM To: [EMAIL PROTECTED] Subject: Re: Binaries/Config Multi Realm questions Tim D. McCracken [EMAIL PROTECTED] wrote: I have built FreeRadius on my 'development' machine and want to copy the binaries and configuration over to multiple productions machines. Is there a list or script anywhere that I can use to get all the necessary files. do: R=~/tmp make install Alan, THANKS for all your help. I am sure that it gets to be a drag sometimes! This thing sure has lots of options and it takes awhile to figure it all out. I hope I can contribute something soon to the effort! I have the sql stuff working now. But when I run the command above, I get an error from libtool: install: that it must have an absolute directory. I also tried R=/~/tmp make install But this causes other problems as well. Any other ideas? If there is some file somewhere that lists all the directories (or files for stuff in common directories) I can script it from that if I have to. Thanks! - Tim And the 'installation' should go into '~/tmp/usr/local/bin/radiusd', etc. You can then create a 'tar' file from ~/tmp, and un-tar it to install it on different machines. As I recall from previous postings, I need to run multiple daemons to support multiple domains where the users are not providing the realms. I don't think so. See 'doc/duplicate_users' Finally, where is there a list of all the variables available when configuring the MySql queries? I have reviewed the .conf file for MySql, and am curious if there are other variables available. doc/variables.txt ?? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Solaris 8 Make issues
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Brian Quinn Sent: Monday, October 21, 2002 9:37 AM To: [EMAIL PROTECTED] Subject: Solaris 8 Make issues i'm trying to install FreeRadius 0.7.1 on Solaris 8 (sparc) and am running into problems I run configure and all seems ok then i run make and get the following error begin error /usr/local/sparc-sun-solaris2.8/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc Undefined first referenced symbol in file __eprintf ltdl.lo ld: fatal: Symbol referencing errors. No output written to .libs/libltdl.so.3.1.0 make[2]: *** [libltdl.la] Error 1 make[2]: Leaving directory `/opt/install_files/freeradius-0.7.1/libltdl' make[1]: *** [common] Error 1 make[1]: Leaving directory `/opt/install_files/freeradius-0.7.1'make: *** [all] Error 2 end error I'm not sure what version of gcc and stuff is required, since it wasn't anywhere in the docs that i could find. Any help would be great Brian I just did a successful build using the Solaris 8 binaries from sunfreeware.com Make sure you have all the required libraries installed including zlib. Also make sure you set up the paths properly to use the GNU stuff. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: configure errors while compiling
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of Tim McCracken Sent: Thursday, October 17, 2002 8:08 PM To: [EMAIL PROTECTED] Subject: RE: configure errors while compiling -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of KP Rao Sent: Thursday, October 17, 2002 7:49 PM To: [EMAIL PROTECTED] Subject: configure errors while compiling Hi All, I am trying to compile freeradius and getting this error message. Run out of ideas what may be causing the error. Any help would be appreciate. Using version # ./configure loading cache ./config.cache checking for gcc... gcc checking whether the C compiler (gcc ) works... no configure: error: installation or configuration problem: C compiler cannot creat e executables. # ls -l /usr/local/bin/gcc -rwxr-xr-x 2 bin bin 345052 Aug 28 05:18 /usr/local/bin/gcc # uname -a SunOS CPMgmtStn 5.8 Generic_108528-01 sun4u sparc SUNW,Ultra-60 Any good soul have a binary package for Solaris 2.8 Thanks in advance. --kp I can recreate your problem by running configure under the SU, but mine works OK running configure under a normal user. Obviously this is some sort of problem with the default configuration of the Solaris distribution that we need to change so it will configure under SU. I am going to be working on this all weekend if necessary to get it running. I am down to crunch time. MAKE does have to run under SU though. Feel free to e-mail me off list if you want to. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What is 'ar' in 'MAKE INSTALL'
When running 'make install', it appears that right after the 'libtool mode=link' command runs, it tries to run something called 'ar' with arguments of 'cru' and a bunch of the object modules - except that libtool thinks it is an argument to libtool. I am sure that this is just ignorance on my part, but what is 'ar'. I have done lots of development on non-unix platforms, but am kinda new in this area. THANKS! Tim ERROR TEXT: Making install in lib... make[4]: Entering directory `/export/home/dev/radius/freeradius-0.7.1/src/lib' /export/home/dev/radius/freeradius-0.7.1/libtool --mode=link ld \ -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU _SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-ex terns -D_LIBRADIUS -I../include dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o missing.o md4.o md5.o sha1.o hmac.o snprintf.o -o libradius.a ar cru libradius.a dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o missing.o md4.o md5.o sha1.o hmac.o snprintf.o /export/home/dev/radius/freeradius-0.7.1/libtool: ar: not found make[4]: *** [libradius.a] Error 1 make[4]: Leaving directory `/export/home/dev/radius/freeradius-0.7.1/src/lib' make[3]: *** [common] Error 1 make[3]: Leaving directory `/export/home/dev/radius/freeradius-0.7.1/src' make[2]: *** [install] Error 2 make[2]: Leaving directory `/export/home/dev/radius/freeradius-0.7.1/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/export/home/dev/radius/freeradius-0.7.1' make: *** [install] Error 2 # - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: configure errors while compiling
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius-users-admin;lists.cistron.nl]On Behalf Of KP Rao Sent: Thursday, October 17, 2002 7:49 PM To: [EMAIL PROTECTED] Subject: configure errors while compiling Hi All, I am trying to compile freeradius and getting this error message. Run out of ideas what may be causing the error. Any help would be appreciate. Using version # ./configure loading cache ./config.cache checking for gcc... gcc checking whether the C compiler (gcc ) works... no configure: error: installation or configuration problem: C compiler cannot creat e executables. # ls -l /usr/local/bin/gcc -rwxr-xr-x 2 bin bin 345052 Aug 28 05:18 /usr/local/bin/gcc # uname -a SunOS CPMgmtStn 5.8 Generic_108528-01 sun4u sparc SUNW,Ultra-60 Any good soul have a binary package for Solaris 2.8 Thanks in advance. --kp I have been trying to find Solaris binaries as well, but so far no response. I have a different (but just as fatal problem) - also no response so far. I would test gcc to compile hello, world and see if that works. You may possibly have a file permission problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
old style naslist file vs new (in radius.conf)
Hi.. Have been looking through the code for info on the new naslist that is meant to be specified in radius.conf .. but can't find any reference to it .. has the new type been implemented as yet? If so, how where is it meant to be supplied in radius.conf ?? Thanks Tim Fraser - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a question about the snapshot20021015
When trying to make the below mentioned snapshot .. 20021016 .. it fails with .. gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../include -c request_list.c make[4]: *** No rule to make target `-lltdl', needed by `radiusd'. Stop. make[4]: Leaving directory `/root/freeradius-snapshot-20021016/src/main' make[3]: *** [common] Error 1 make[3]: Leaving directory `/root/freeradius-snapshot-20021016/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/root/freeradius-snapshot-20021016/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/root/freeradius-snapshot-20021016' make: *** [all] Error 2 ??? Thank You At 11:28 16/10/2002 -0400, you wrote: wanglu [EMAIL PROTECTED] wrote: I have downloaded the newest freeradius from= ftp://ftp.freeradius.org/pub/radius/cvs-snapshots. But after I configured ,there is an error when make: .. Making static dynamic in rlm_eap_md5... /bin/sh: cd: rlm_eap_md5: No such file or directory Grab the CVS snapshot from last night (i.e. the one there now) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Tim Fraser * Relax Internet Internet Service Provider (dial-up ADSL) / Web Hosting www.relax.com.au * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help - checkrad not being called
[authorize]: module sql returns ok modcall: group authorize returns ok auth: type Crypt modcall: entering group session rlm_sql: Reserving sql socket id: 3 radius_xlat: 'malton' sql_set_user: escaped user -- 'malton' radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='malton' AND AcctStopTime = 0' radius_xlat: 'SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CalledStationId FROM radacct WHERE UserName='malton' AND AcctStopTime = 0' rlm_sql: Released sql socket id: 3 modcall[session]: module sql returns ok modcall: group session returns ok Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 19 to 203.30.170.200:3258 Reply-Message = \r\nYou are already logged in - access denied\r\n\n Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 19 with timestamp 3dabf01a Nothing to do. Sleeping until we see a request. At 11:06 14/10/2002 +0300, you wrote: On Mon, 14 Oct 2002, Tim wrote: Yep .. I have - | GroupName | Attribute - | Value | Op | - | dialup| Simultaneous-Use | 1 | := | - in my radgroupcheck MySQL db .. Both simul_count_query and simul_verify_query should be uncommented in sql.conf. Run the server in debug mode (radiusd -X) and check the output. Do you have checkrad in the default location? The server will not honor the checkrad option of radiusd.conf for the moment. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Tim Fraser * Relax Internet Internet Service Provider (dial-up ADSL) / Web Hosting www.relax.com.au * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help - checkrad not being called
Yep .. I have
-
| GroupName | Attribute - | Value | Op |
-
| dialup| Simultaneous-Use | 1 | := |
-
in my radgroupcheck MySQL db ..
At 22:18 12/10/2002 +0300, you wrote:
On Thu, 10 Oct 2002, Tim wrote:
I have freeradius 0.7 MySQL up and running on a debian woody box (kernel
2.2-20), and doing all that it should EXCEPT allowing users to login if
they still have a stale session in the db (Mysql).. I have session{ sql }
in radius.conf set to sql ..
/usr/local/sbin checkrad runs correctly when run manually and I have it set
to debug mode, so I can see when it is being called .. now, when I have a
stale session in the DB, and use NTRadPing to request a new auth, it ALWAYS
comes back saying the user is online, and checkrad never seems to get
called ..
I have searched the archives, and even applied a patch suggested back in
August, but it still appears checkrad is still not being run.
I have tried with 0.7, and the latest snapshot 1009 .. and both give the
same result ..
What am I missing that is causing checkrad to be ingnore/not called ??
All help greatly appreciated ..
Tim Fraser
Have you set Simultaneous-Use to 1 for your users?
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Tim Fraser
*
Relax Internet
Internet Service Provider (dial-up ADSL) / Web Hosting
www.relax.com.au
*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: help - checkrad not being called
No, this I not similar to my problem (I think, as I haven't gotten to using
it in production as yet, so I am not sure what will happen down the track)..
my problem is that if a simul use is detected via the MySQL radacct db,
checkrad does not kick in (start) and do a double check to the NAS itself ..
At 14:44 12/10/2002 -0500, you wrote:
I get entries all the time like line 7 below and I have to manually go
in to the database and remove them myself to clear that line for use.
is this similar to your problem?
I see no way to stop it other than manually removing them.
Phone numbers and ip's removed for security
# user ip address caller id name duration
1 sonny 204.49.000.00 0 Sonny Heath 02:38:04
2 robert 204.49.000.00 0 Robert Nelson 02:22:01
3 david 204.49.000.00 00 David Bartlett 01:52:39
4 nicole 204.49.000.00 0 Nicole Nelson 01:19:25
5 coblepdl 204.49.000.00 Betty Coble 00:28:32
6 angelheart 204.49.000.00 Joyce Smith 00:17:58
7 - 8508920287 Unknown User 00:12:08
8 jgodwin 204.49.000.00 0 Jenifer Godwin 00:10:29
9 carolcos1218 204.49.000.00 0 Carol Cosson 00:02:40
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Kostas
Kalevras
Sent: Saturday, October 12, 2002 2:19 PM
To: [EMAIL PROTECTED]
Subject: Re: help - checkrad not being called
On Thu, 10 Oct 2002, Tim wrote:
I have freeradius 0.7 MySQL up and running on a debian woody box
(kernel
2.2-20), and doing all that it should EXCEPT allowing users to login
if
they still have a stale session in the db (Mysql).. I have session{
sql }
in radius.conf set to sql ..
/usr/local/sbin checkrad runs correctly when run manually and I have
it set
to debug mode, so I can see when it is being called .. now, when I
have a
stale session in the DB, and use NTRadPing to request a new auth, it
ALWAYS
comes back saying the user is online, and checkrad never seems to get
called ..
I have searched the archives, and even applied a patch suggested back
in
August, but it still appears checkrad is still not being run.
I have tried with 0.7, and the latest snapshot 1009 .. and both give
the
same result ..
What am I missing that is causing checkrad to be ingnore/not called ??
All help greatly appreciated ..
Tim Fraser
Have you set Simultaneous-Use to 1 for your users?
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.400 / Virus Database: 226 - Release Date: 10/9/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.400 / Virus Database: 226 - Release Date: 10/9/2002
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Tim Fraser
*
Relax Internet
Internet Service Provider (dial-up ADSL) / Web Hosting
www.relax.com.au
*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
make install errors
I am building FreeRadius on Solaris 9.0 and getting the following errors when I try to 'make install' GCC, GNU MAKE binutils were downloaded from sunfreeware.com and all appear to be current, although the binutils was compiled for Solaris 8. (I am running Solaris 9). I think everything else upto this point is working OK. I looked through the output and didn't see any errors until these - lots of warnings, but no errors. Any ideas on what I might have missed. ERROR TEXT: Making install in lib... make[4]: Entering directory `/export/home/dev/radius/freeradius-0.7.1/src/lib' /export/home/dev/radius/freeradius-0.7.1/libtool --mode=link ld \ -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU _SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-ex terns -D_LIBRADIUS -I../include dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o missing.o md4.o md5.o sha1.o hmac.o snprintf.o -o libradius.a ar cru libradius.a dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o missing.o md4.o md5.o sha1.o hmac.o snprintf.o /export/home/dev/radius/freeradius-0.7.1/libtool: ar: not found make[4]: *** [libradius.a] Error 1 make[4]: Leaving directory `/export/home/dev/radius/freeradius-0.7.1/src/lib' make[3]: *** [common] Error 1 make[3]: Leaving directory `/export/home/dev/radius/freeradius-0.7.1/src' make[2]: *** [install] Error 2 make[2]: Leaving directory `/export/home/dev/radius/freeradius-0.7.1/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/export/home/dev/radius/freeradius-0.7.1' make: *** [install] Error 2 # - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Oracle accounting
'to_date' is an Oracle function for converting dates from strings in a
non-oracle
standard format. It is well documented in any Oracle reference manuals.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mieczyslaw
Maciejewski (EPO)
Sent: Friday, October 11, 2002 9:37 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Oracle accounting
Thx
Could you comment using to_date in INSERT into radacct
instruction, please.
MM
-Original Message-
From: Mieczyslaw Maciejewski (EPO)
[mailto:[EMAIL PROTECTED]]
Sent: Friday, October 11, 2002 4:16 PM
To: '[EMAIL PROTECTED]'
Subject: Oracle accounting
Solaris 8, freeradius 0.71.
I just edited sql.conf (for oracle accounting only purposes).
What I noticed: it doesn't work
When I changed SQL instruction from (I publish here only a fragment):
accounting_start_query = INSERT into radacct (AcctStartTime) values('%S')
Into instruction:
accounting_start_query = INSERT into radacct (AcctStartTime )
values(to_date('%S', '-MM-DD HH24:MI:SS'))
then the data began to be written in table. For tests I use radius client
NTRadPing 1.2 for Windows. The client generates accounting requests.
I don't know if I made some mistake during ./configure?
I guess that %S means 'system time'. I didn't find explanation of %S in SQL
nor Unix shell documentation. Could you comment it, please?
Thanks
MM
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
