authentication and accounting using proxy feature
Hi All, I have configured the freeRADIUS to proxy requests to another remote RADIUS. It works fine and I get all required users proxied to remote RADIUS. The problem is for every request the freeRADIUS that proxies the request tries to authenticate the customer locally even if that customer rquest is proxied and also, once customer is succesfuley authenticated by remote RADIUS, it enters an accounting record for that customer in the local detailed file. I want to know if there is a way to stop this. I want a proxied request to be authenticated by remote RADIUS only and also I want the accounting records to be inserted in the remote RADIUS detailed file only. Your help is highly appreciated. Regards, BEGIN:VCARD VERSION:2.1 N:Najim;Wisam;Suleiman FN:Wisam Suleiman Najim ORG:EIM(Etisalat);Development TITLE:Analyst TEL;WORK;VOICE:0097142025573 TEL;CELL;VOICE:00971506450872 TEL;WORK;FAX:0097142958485 ADR;WORK:;;Al-Yamameh Building 9th Floor;Dubai;Dubai;;U.A.E LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Al-Yamameh Building 9th Floor=0D=0ADubai, Dubai=0D=0AU.A.E EMAIL;PREF;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] REV:20030302T043117Z END:VCARD
Simultanous use not working using sql
I am using database to check for simultanous use. I define the
Simultanous-Use value in "radgroupcheck" table. Even if Simultanous use
limit is reached the user can still login and get Access-Accept.
"AcctStopTime" is updated and
"Acct-Input-Octets","AcctOutputOctets","Acct-Session-Time
" are initialized to zero in the already existing record for that user in
database and the new session is accepted. I want to know what are the
condition that enables this to happen. I beleive the check of the fields
returned by "simul_verify_query" lead to this. My query looks like this :
"SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId,
FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE
CalledStationId='%{Called-Station-Id}' AND AcctStopTime IS NULL".
The weired part of the debug I get once running radius with -xxx option is:
Wed Mar 19 10:46:22 2003 : Debug: radius_xlat: 'SELECT RadAcctId,
AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress,
CallingStationId, FramedProtocol FROM radacct WHERE
CalledStationId='3362830' AND AcctStopTime IS NULL'
checkrad: Neither SNMP_Session module or found!
checkrad: Neither SNMP_Session module or found!
Wed Mar 19 10:46:22 2003 : Debug: modcall: entering group accounting
Regards,
BEGIN:VCARD
VERSION:2.1
N:Najim;Wisam;Suleiman
FN:Wisam Suleiman Najim
ORG:EIM(Etisalat);Development
TITLE:Analyst
TEL;WORK;VOICE:0097142025573
TEL;CELL;VOICE:00971506450872
TEL;WORK;FAX:0097142958485
ADR;WORK:;;Al-Yamameh Building 9th Floor;Dubai;Dubai;;U.A.E
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:Al-Yamameh Building 9th Floor=0D=0ADubai, Dubai=0D=0AU.A.E
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
EMAIL;INTERNET:[EMAIL PROTECTED]
REV:20030302T043117Z
END:VCARD
Choosing between different SQL statements in session module
Hi Al, I am using the free radius to authentivate VPN customers. Those might be DNIS or Domain customers. I have a problem checking their concurrent sessions using one SQL statement. I want to know if I can choose between different SQL statement in the session module. Is their any thing similar to Autztype but for modules other than authorization. Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using Autz-Type
Hi All,
I am using Autz-Type to select between different sql instances (sql1 and
sql2). I have tried to follow the example in the Autz-Type document where
the files module is loaded before defining the "autztype" in "radiusd.conf"
file. I have done the following:
authorize {
files
autztype SQLDNIS{
sql1
}
autztype SQLDOMAIN{
suffix
sql2
}
}
Once starting the radius I got the following errors:
Error: /usr/local/etc/raddb/users[79]: Parse error (check) for entry
DEFAULT: Unknown value SQLDNIS for attribute Autz-Type
Error: Errors reading /usr/local/etc/raddb/users
Error: radiusd.conf[814]: files: Module instantiation failed.
If I change the modules order things seems to work fine though it is
different from the example in the documentation. The order I use is:
authorize {
autztype SQLDNIS{
sql1
}
autztype SQLDOMAIN{
suffix
sql2
}
files
}
I want to know if what I'm doing is okay. Otherwise, I would appreciate if
someone can tell me how to use "Autz-Type" properly.
Regards,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using different modules to check simultanous use
Hi All, I am using freeRADIUS to authorize VPN customers based on domain name (realm) or called station Id (DNIS). In authorization I am using autztype to distinguish between the two types and load the appropriate sql module for each. I want to know if there is something similar to autztype that I can use once checking the Simultanous-Use so that i can check different sql queries for Simultanous-Use based on type of customer (Domain or DNIS). Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: users file reloading
Thanks. It really helped. But what I want to know if that fastusers module uses the "-HUP" option for every reload. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Bonner Sent: Sunday, December 22, 2002 6:57 PM To: [EMAIL PROTECTED] Subject: Re: users file reloading Read doc/rlm_fastusers Kevin On Friday 20 December 2002 23:10, Wisam Najim wrote: > Hi All, > > I'm authenticating ISDN users from users file while normal dialup users are > authenticated from Oracle database. Every time I add an ISDN user, I need > to stop and start the freeRADIUS instance. I want to know if I can reload > the users file without stopping and starting the freeRADIUS. > > > Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users file reloading
Hi All, I'm authenticating ISDN users from users file while normal dialup users are authenticated from Oracle database. Every time I add an ISDN user, I need to stop and start the freeRADIUS instance. I want to know if I can reload the users file without stopping and starting the freeRADIUS. Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
