Re: The detail file
On Thu, Dec 11, 2003 at 10:26:35PM +1030, Troy Davis wrote: > I have searched the FAQ and what I can of the mail archive and can not find > an HOW-TO for making freeradius log to a single detail file instead of > making a lot of nas subdirectories. > Can someone please point me in the right direction Edit your radiusd.conf: detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d Remove the %{Client-IP-Address} part. Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The detail file
I have searched the FAQ and what I can of the mail archive and can not find an HOW-TO for making freeradius log to a single detail file instead of making a lot of nas subdirectories. Can someone please point me in the right direction Regards Troy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: combined detail file for radrelay not rotate
Yes.. I realized that... one of the problem is locking... a lot of error regarding locking... OK.. I will try to compile lastest cvs radrelay... and revert for any problem... thanks... - Original Message - From: "Kostas Kalevras" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, October 03, 2003 8:04 PM Subject: Re: combined detail file for radrelay not rotate > On Fri, 3 Oct 2003, Rohaizam Abu Bakar wrote: > > > > > I try stop radiusd, clean detail-combined file & radutmp... then restart > > radiusd & also radrelay... and seems working fine. > > > > Currently i'm using FreeBSB 4.8p8 with Freeradius0.9.0... I hope radrelay is > > working fine with this version... > > No radrelay still has problems in 0.9.0 > You could do a cvs update on radrelay.c and compile only that. > > > > > I can't use freeradius 0.9.1 on both FreeBSD 4.8 & 5.1 ... maybe i've to > > wait 0.9.2 release... > > > > --haizam > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: combined detail file for radrelay not rotate
On Fri, 3 Oct 2003, Rohaizam Abu Bakar wrote: > > I try stop radiusd, clean detail-combined file & radutmp... then restart > radiusd & also radrelay... and seems working fine. > > Currently i'm using FreeBSB 4.8p8 with Freeradius0.9.0... I hope radrelay is > working fine with this version... No radrelay still has problems in 0.9.0 You could do a cvs update on radrelay.c and compile only that. > > I can't use freeradius 0.9.1 on both FreeBSD 4.8 & 5.1 ... maybe i've to > wait 0.9.2 release... > > --haizam -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: combined detail file for radrelay not rotate
I try stop radiusd, clean detail-combined file & radutmp... then restart radiusd & also radrelay... and seems working fine. Currently i'm using FreeBSB 4.8p8 with Freeradius0.9.0... I hope radrelay is working fine with this version... I can't use freeradius 0.9.1 on both FreeBSD 4.8 & 5.1 ... maybe i've to wait 0.9.2 release... --haizam - Original Message - From: "Kostas Kalevras" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, October 02, 2003 8:19 PM Subject: Re: combined detail file for radrelay not rotate > On Wed, 1 Oct 2003, Rohaizam Abu Bakar wrote: > > > I've configured combined detail file for radrelay process.. > > >From doc/radrelay.. > > > > "You should never logrotate your detail file, radrelay will take care of this for you." > > > > But the log never been rotated... It getting larger and larger... Can i rotate it using script ?? > > That means that radrelay is not working correctly. Check the destination radius > server logs for any errors and if that does not work run radrelay in debug mode. > Make sure though that you are running the latest version. It has a lot of > bugfixes. > > > > > --haizam > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tools to manage detail file
radius context is not bad. http://www.tummy.com/radiusContext/ - Original Message - From: Moktar KONE To: [EMAIL PROTECTED] Sent: Thursday, October 02, 2003 8:37 PM Subject: Tools to manage detail file Hi all, I am looking for some tools that can handle the "detail" file (/var/log/radius/radacct/NAS-IP/detail ) and generate a report at the end of every day. thanks ---Outgoing mail is certified Virus Free.Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.522 / Virus Database: 320 - Release Date: 29/09/2003
Re: combined detail file for radrelay not rotate
On Wed, 1 Oct 2003, Rohaizam Abu Bakar wrote: > I've configured combined detail file for radrelay process.. > >From doc/radrelay.. > > "You should never logrotate your detail file, radrelay will take care of this for > you." > > But the log never been rotated... It getting larger and larger... Can i rotate it > using script ?? That means that radrelay is not working correctly. Check the destination radius server logs for any errors and if that does not work run radrelay in debug mode. Make sure though that you are running the latest version. It has a lot of bugfixes. > > --haizam -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tools to manage detail file
radiusreport [1], whis is listed on the "related software" [2] has worked well for me. [1] http://www.pgregg.com/projects/radiusreport/index.php [2] http://www.freeradius.org/related/ Moktar KONE wrote: Hi all, I am looking for some tools that can handle the "detail" file (/var/log/radius/radacct/NAS-IP/detail ) and generate a report at the end of every day. thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tools to manage detail file
Moktar KONE wrote: Hi all, I am looking for some tools that can handle the "detail" file (/var/log/radius/radacct/NAS-IP/detail ) and generate a report at the end of every day. thanks I remember seeing a RADIUS logfile accounting program that may be able to do what you want. Search freshmeat.net. DS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tools to manage detail file
Hi all, I am looking for some tools that can handle the "detail" file (/var/log/radius/radacct/NAS-IP/detail ) and generate a report at the end of every day. thanks
combined detail file for radrelay not rotate
I've configured combined detail file for radrelay process.. From doc/radrelay.. "You should never logrotate your detail file, radrelay will take care of this for you." But the log never been rotated... It getting larger and larger... Can i rotate it using script ?? --haizam
Re: detail file
jc fulknier <[EMAIL PROTECTED]> wrote: > It says in radiusd.conf that the detail file (for > logging) is created only once daily. What time is it > created and is there a way to change that easily? Thanks! Read 'doc/variables.txt', and then re-read the configuration entry for the 'detail' file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
detail file
It says in radiusd.conf that the detail file (for logging) is created only once daily. What time is it created and is there a way to change that easily? Thanks! __ Do you Yahoo!? The New Yahoo! Shopping - with improved product search http://shopping.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
detail file modifications
Andrey Lakhno <[EMAIL PROTECTED]> wrote: > How can I distinguish calling context (acct, auth or post-auth) in > 'detail_print' function ? You pass them as parameters. detail_print(filename, VALUE_PAIR *pairs_to_print) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Missing detail file
> Let me guess.. you installed FreeRADIUS on a machine which had > another RADIUS server installed before. Doing a 'make install' told > you that FreeRADIUS didn't install the dictionary files, and the > server is using the dictionary files from the *other* RADIUS server. I removed all the dictionary files, and performed another "make install". It worked. Thank you very much, Dickon... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Missing detail file
"Dickon Newman" <[EMAIL PROTECTED]>wrote: > Here is me trying to dial in - or at least the accounting packet. I see > that is says the "accounting returns fail." However, I don't understand > why? I had thought the error message would be instructive... Let me guess.. you installed FreeRADIUS on a machine which had another RADIUS server installed before. Doing a 'make install' told you that FreeRADIUS didn't install the dictionary files, and the server is using the dictionary files from the *other* RADIUS server. Also, you should have noticed that the accounting packet doesn't hit the detail module, so that would explain why the detail file isn't created. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Missing detail file
Here is me trying to dial in - or at least the accounting packet. I see that is says the "accounting returns fail." However, I don't understand why? Dickon... rad_recv: Accounting-Request packet from host 65.116.196.3:1026, id=166, length=135 Acct-Session-Id = "13EE" User-Name = "dickon" NAS-IP-Address = 65.116.196.3 NAS-Port = 3 NAS-Port-Type = Async Acct-Status-Type = Start Acct-Authentic = RADIUS Connect-Info = "24000 LAPM/V42BIS" Called-Station-Id = "3304583009" Calling-Station-Id = "3304565205" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 65.116.196.77 Acct-Delay-Time = 0 modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: No '@' in User-Name = "dickon", looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module "suffix" returns noop modcall[preacct]: module "files" returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: Hashing 'NAS-Port = 3,Client-IP-Address = 65.116.196.3,NAS-IP-Address = 65.116.196.3,Acct-Session-Id = "13EE",User-Name = "dickon"' rlm_acct_unique: Acct-Unique-Session-ID = "a4098af25e25ac19". Unknown attribute Acct-Unique-Session-Id modcall[accounting]: module "acct_unique" returns fail modcall: group accounting returns fail Finished request 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Missing detail file
"Dickon Newman" <[EMAIL PROTECTED]> wrote: > If I specify the -a option for accounting, or not, I don't get a detail file > anywhere. Below is the top of my radius.conf and the output for running in > debug mode. Presumably, the detail file should be in > /usr/local/var/log/radius/radacct/someIP/detail-someDate. The debug output > does show it making the file. But it isn't created?!? No, the debug mode shows WHERE it would create the file. It doesn't actually create the file until it receives an accounting packet. The debug output you sent didn't include the server receiving an accounting packet. So the detail file was never created. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Missing detail file
I have tried searching the archive without much luck. I have compiled FreeRADIUS Version 0.8.1 on FreeBSD 4.6.2-Release. If I specify the -a option for accounting, or not, I don't get a detail file anywhere. Below is the top of my radius.conf and the output for running in debug mode. Presumably, the detail file should be in /usr/local/var/log/radius/radacct/someIP/detail-someDate. The debug output does show it making the file. But it isn't created?!? Can anyone help? Thank you, Dickon Newman... radius.conf: prefix = /usr/local exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct ... detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d debug mode output: shell# /usr/local/sbin/radiusd -d /usr/local/etc/raddb -a /usr/local/etc/radacct -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: servers_per_realm = 15 security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radut
Re: problems with username user diferent in detail file and mysql
thanks again to Alan Dekok for you help. i recompile with the modify of this file and now he work fine in my system. very thanks. Victor Sanchez. - Original Message - From: "Victor Sanchez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 30, 2002 4:10 PM Subject: Re: problems with username user diferent in detail file and mysql > ok, i try to modify this file to include the char that i need, for example [] and {} > > i need to modify the function sql_escape_func > > > static int sql_escape_func(char *out, int outlen, const char *in) > { > > --- > >strchr("@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: =/", *in) >== > --- > > here i need include the char that i need, isn't it ?? > > thanks for your fasters help. > > > - Original Message - > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, November 30, 2002 4:03 PM > Subject: Re: problems with username user diferent in detail file and mysql > > > > "Victor Sanchez" <[EMAIL PROTECTED]> wrote: > > > Sat Nov 30 15:22:01 2002 > > > User-Name = "[march]" > > > > > > but in the mysql i can read the user "=5Bmarch=5D" > > > > Yes. For security purposes, some characters in SQL strings are > > mangled. > > > > > what char are afected ?? > > > > See 'src/modules/rlm_sql/rlm_sql.c' > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with username user diferent in detail file and mysql
ok, i try to modify this file to include the char that i need, for example [] and {} i need to modify the function sql_escape_func static int sql_escape_func(char *out, int outlen, const char *in) { --- strchr("@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: =/", *in) == --- here i need include the char that i need, isn't it ?? thanks for your fasters help. - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 30, 2002 4:03 PM Subject: Re: problems with username user diferent in detail file and mysql > "Victor Sanchez" <[EMAIL PROTECTED]> wrote: > > Sat Nov 30 15:22:01 2002 > > User-Name = "[march]" > > > > but in the mysql i can read the user "=5Bmarch=5D" > > Yes. For security purposes, some characters in SQL strings are > mangled. > > > what char are afected ?? > > See 'src/modules/rlm_sql/rlm_sql.c' > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with username user diferent in detail file and mysql
sorry, all character is below the 128. my english is very poor. sorry again. - Original Message - From: "Victor Sanchez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 30, 2002 4:01 PM Subject: Re: problems with username user diferent in detail file and mysql > i see that this happen with all char with ascii number greater that 128. > > any solution ? > > o i need to downgrade to freeradius 0.4 ? > > Victor Sanchez. > - Original Message - > From: "Victor Sanchez" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Saturday, November 30, 2002 3:29 PM > Subject: problems with username user diferent in detail file and mysql > > > > i receive this packet from ras system. > > > > Sat Nov 30 15:22:01 2002 > > User-Name = "[march]" > > > > but in the mysql i can read the user "=5Bmarch=5D" > > > > and this error is new when today i update the system from freeradius 0.4 to >freeradius 0.8. > > > > what char are afected ?? > > > > someone have the same problem??? > > > > thanks to all. > > > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with username user diferent in detail file and mysql
"Victor Sanchez" <[EMAIL PROTECTED]> wrote: > Sat Nov 30 15:22:01 2002 > User-Name = "[march]" > > but in the mysql i can read the user "=5Bmarch=5D" Yes. For security purposes, some characters in SQL strings are mangled. > what char are afected ?? See 'src/modules/rlm_sql/rlm_sql.c' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with username user diferent in detail file and mysql
i see that this happen with all char with ascii number greater that 128. any solution ? o i need to downgrade to freeradius 0.4 ? Victor Sanchez. - Original Message - From: "Victor Sanchez" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, November 30, 2002 3:29 PM Subject: problems with username user diferent in detail file and mysql > i receive this packet from ras system. > > Sat Nov 30 15:22:01 2002 > User-Name = "[march]" > > but in the mysql i can read the user "=5Bmarch=5D" > > and this error is new when today i update the system from freeradius 0.4 to >freeradius 0.8. > > what char are afected ?? > > someone have the same problem??? > > thanks to all. > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problems with username user diferent in detail file and mysql
i receive this packet from ras system. Sat Nov 30 15:22:01 2002 User-Name = "[march]" but in the mysql i can read the user "=5Bmarch=5D" and this error is new when today i update the system from freeradius 0.4 to freeradius 0.8. what char are afected ?? someone have the same problem??? thanks to all. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: detail file
Tim Fraser <[EMAIL PROTECTED]> wrote: > can someone let me know where to look to change the newer default filename > of the detail files where they have a filename as detail-date .. $ grep detail /etc/raddb/*.conf It's that easy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: detail file
On Tue, 26 Nov 2002 at 15:55 (+1100), Tim Fraser wrote: TF> can someone let me know where to look to change the newer default filename TF> of the detail files where they have a filename as detail-date .. which radiusd.conf is the file you want to edit. It defaults to living in /usr/local/etc/raddb as I recall. Michael -- Michael J. Hartwick, VE3SLQ [EMAIL PROTECTED] Hartwick Communications Consulting (519) 396-7719 Kincardine, ON, CA http://www.hartwick.com -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
detail file
can someone let me know where to look to change the newer default filename of the detail files where they have a filename as detail-date .. which creates a new file each day, back to the older style where the detail file was just called "detail" and continued to grow as a single file for as long as it was left in the radacct sub directory .. (our accounting software was written to deal with a single file in the NAS's sub dir) .. Thank You - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with detail file
Aleksey Trubin <[EMAIL PROTECTED]> wrote: > First, radius can't get detail file from NAS... radiusd.conf seems allright. > This very impotant for me to get detail from NAS! This is a question in the FAQ. > Second. Somehow first character in username is disappire (if username > starts from uppercase letter) See the 'hints' file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with detail file
Hi all! I use Freeradius 0.5 on FreeBSD4.5. My NAS is MAX6000. I have problems with this... First, radius can't get detail file from NAS... radiusd.conf seems allright. This very impotant for me to get detail from NAS! Second. Somehow first character in username is disappire (if username starts from uppercase letter) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No detail file generated in mod_radius_auth
On Sat, Aug 03, 2002 at 04:47:00AM -0700, Frank Cusack wrote: > 'nm squid | grep pam_session_' output would be good to see. If it has > no reference to the start/stop functions, you know squid isn't using them. Or squid might have been stripped, in which case 'nm' won't tell you anything. Just skip that and do the pam_syslog bit. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No detail file generated in mod_radius_auth
On Sat, Aug 03, 2002 at 04:38:59PM +0600, Dr. Muhammad Masroor Ali wrote: > > I do not know why, it is not generating any record for me. I will repeat > my pam.d/squid file: > > # > authrequired /lib/security/pam_securetty.so > sessionrequired/lib/security/pam_radius_auth.so debug > accountrequired/lib/security/pam_radius_auth.so debug > authrequired/lib/security/pam_radius_auth.so hmm. Maybe squid isn't calling pam_session_*()? 'nm squid | grep pam_session_' output would be good to see. If it has no reference to the start/stop functions, you know squid isn't using them. But even if it does show those functions doesn't mean squid is actually calling them. So if you see the references, grab ftp://ftp.dementia.org/pub/pam/pam_syslog-980401.tar.gz and add session required /lib/security/pam_syslog.so debug before and after the session line for pam_radius_auth. That will tell you definitively if the session module is being used. > Frank Cusack wrote: > > > >Use the PAM "session" module to have pam_radius_auth generate radius > >accounting records. I don't know that this will be useful for squid; > >you'll have tons of start/stop records. > > > > Definitely we do not want tons of start/stop records. But I am not > getting even a milligram of it :-). On a more serious note, can not we > arrange to have two records at authentication. Two simultaneous records > for start and stop. Sure, but you'll have to patch the code. What you're suggesting is not suitable for general inclusion. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No detail file generated in mod_radius_auth
Frank Cusack wrote: >>pam_radius_auth will never generate accounting records. >> > >Sure it will. > I do not know why, it is not generating any record for me. I will repeat my pam.d/squid file: # authrequired /lib/security/pam_securetty.so sessionrequired/lib/security/pam_radius_auth.so debug accountrequired/lib/security/pam_radius_auth.so debug authrequired/lib/security/pam_radius_auth.so > >>That "account" line is not really for accounting. >> > >I don't have the rest of this thread, but yes, the "account" line in >pam.conf (or whatever on your platform) is not for radius accounting, >it is for system "account" services such as checking password expiry. > >Use the PAM "session" module to have pam_radius_auth generate radius >accounting records. I don't know that this will be useful for squid; >you'll have tons of start/stop records. > Definitely we do not want tons of start/stop records. But I am not getting even a milligram of it :-). On a more serious note, can not we arrange to have two records at authentication. Two simultaneous records for start and stop. The session time set to ttl. Then if ttl is set to fifteen minutes, a user will be billed for fifteen minutes after he authenticates. I know that he will be still be billed for fifteen minutes when he uses the Internet for only two minutes. But that could be a solution for our university where we have limited VSAT bandwidth and too many users. We wanted to limit the usage per user to a limited number of hours per month. At the same time we wanted to allow the user have a detailed picture of the usage (radiusreport etc.) We have even tested the above two-start-stop-record scenario using a shell script calling radclient, and it works nearly perfect. But this solution is consuming heavy system resources due to the innumerable child processes generated making our proxy server unbearably slow. If I had some time, I would have tried to add these features to pam_radius_auth. But my (1) heavy academic load and (2) almost zero knowledge of pam module programming, stops me from doing this. Dr. Muhammad Masroor Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No detail file generated in mod_radius_auth
On Sat, Aug 03, 2002 at 10:56:15AM +0600, Mojahedul Hoque Abul Hasanat wrote: > On Thu, Aug 01, 2002 at 10:49:17PM +0600, Dr. Muhammad Masroor Ali wrote: > > After some grueling days and kind advice from fellow netizens, > > mod_radius_auth does perfect authentication for squid > > (2.4.STABLE1) in my RH 7.3 linux box. However, no accounting > > records are being written. That is, > > pam_radius_auth will never generate accounting records. Sure it will. > That "account" line is not really for accounting. I don't have the rest of this thread, but yes, the "account" line in pam.conf (or whatever on your platform) is not for radius accounting, it is for system "account" services such as checking password expiry. Use the PAM "session" module to have pam_radius_auth generate radius accounting records. I don't know that this will be useful for squid; you'll have tons of start/stop records. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No detail file generated in mod_radius_auth
On Thu, Aug 01, 2002 at 10:49:17PM +0600, Dr. Muhammad Masroor Ali wrote: > After some grueling days and kind advice from fellow netizens, > mod_radius_auth does perfect authentication for squid > (2.4.STABLE1) in my RH 7.3 linux box. However, no accounting > records are being written. That is, pam_radius_auth will never generate accounting records. That "account" line is not really for accounting. I presume you are trying to make squid generate accounting records. Unfortunately, HTTP proxies do not have any notion of "sessions", just like HTTP. When squid first sees an unauthenticated proxy request, it asks the client browser for authentication. After a successful authentication, the browser keeps on sending the authentication header with each proxy request, until the browser is closed. Each request is independent of each other. There is no way for squid to know when the user has stopped browsing. -- Mojahed System Administrator, Agni Systems Limited - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No detail file generated in mod_radius_auth
Hello all, After some grueling days and kind advice from fellow netizens, mod_radius_auth does perfect authentication for squid (2.4.STABLE1) in my RH 7.3 linux box. However, no accounting records are being written. That is, /usr/local/var/log/radius/radacct/ is completely empty. My pam.d file for squid is, # authrequired /lib/security/pam_securetty.so sessionrequired/lib/security/pam_radius_auth.so debug accountrequired/lib/security/pam_radius_auth.so debug authrequired/lib/security/pam_radius_auth.so Nothing is being said in /var/log/messages or daemon.debug file. What is I could be missing? -- Nobody's gonna believe that computers are intelligent until they start coming in late and lying about it. Dr. Muhammad Masroor Ali Associate Professor and Associate Director Institute of Information and Communication Technology Bangladesh University of Engineering and Technology Dhaka-1000, Bangladesh Phone: 880 2 966 5650 ext 7245, 7756 (work) ext 7748 or 880 2 966 5700 (residence) FAX: 880 2 861 3046, 880 2 861 3026 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Detail file not created
Hello; I am using Freeradius 0.5 and authenticating fine but the nas-ip/detail file is not created. Does anyone know why this could be happening? Brett Pratt Computer Operations Technician Green Hills Companies Breckenridge, Missouri 64625 (800) 846-3426
Re: how does detail file works.
"freeradlist@GoldenIT" <[EMAIL PROTECTED]> wrote: >I am new to free radius. It is working fine for me. I > was just wondering how does "detail file > (/usr/local/var/log/radius/radaact/ip/detail)" works in free radius. I mean > does it gives us stats on daily basis or weekly basis, is it written over > daily or weekly or does it keeps the record since the radius is installed? It's never over-written. It's an append-only log. If you want daily/weekly versions, see 'doc/variables.txt'. In 'radiusd.conf', you can use: detailfile = ${radacctdir}/%{Client-IP-Address}/%Y-%m/%d.detail To get a monthly directory, with different detail files for each day. Then you don't have to do any rotation of the files. > I have software that imports detail file once a month and make > stats out of it. I was wondering if detail file is getting written > over every day if yes then how will we make monthly stats. Read 'doc/variables.txt', and edit 'detailfile' in 'radiusd.conf' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how does detail file works.
IQ, The detail file is immediately updated whenever accounting requests come in. And I'm pretty sure that it never deletes itself, that would be up to you to setup a rotation script. Frank - Original Message - From: "freeradlist@GoldenIT" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, April 07, 2002 7:40 PM Subject: how does detail file works. > Hi Every One, >I am new to free radius. It is working fine for me. I > was just wondering how does "detail file > (/usr/local/var/log/radius/radaact/ip/detail)" works in free radius. I mean > does it gives us stats on daily basis or weekly basis, is it written over > daily or weekly or does it keeps the record since the radius is installed? I > have software that imports detail file once a month and make stats out of > it. I was wondering if detail file is getting written over every day if yes > then how will we make monthly stats. I also have downloaded the "radacct" > script from the "related software" which is working pretty well for me, but > this script is also providing me the stats since the day I have installed > the script nothing before that. > Kindly guide me about he working of " detail" file. And yes I installed > demon tools they worked fine for two weeks and then died so I am not using > them anymore but the "Killscript.sh" is working pretty well for me. > regards, > > IQ > > > - Original Message - > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 05, 2002 11:42 PM > Subject: Freeradius-Users digest, Vol 1 #624 - 8 msgs > > > > Send Freeradius-Users mailing list submissions to > > [EMAIL PROTECTED] > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.cistron.nl/mailman/listinfo/freeradius-users > > or, via email, send a message with subject or body 'help' to > > [EMAIL PROTECTED] > > > > You can reach the person managing the list at > > [EMAIL PROTECTED] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Freeradius-Users digest..." > > > > > > Today's Topics: > > > > 1. how to validate (Takemura Kiyoaki) > > 2. Re: freeradius and mysql (Nicolas) > > 3. Using Radius for Mac Auth. with Wireless Internet. (Stephan Viljoen) > > 4. Authenticate with Windows NT domain (Joga Singh) > > 5. error when using freeradius with mysl authentication (Dirk > Tanneberger) > > 6. Fw: Using Radius for Mac Auth. with Wireless Internet. (Stephan > Viljoen) > > 7. rlm_sql_postgresql problem in FR 0.5+ (Timophey) > > 8. FreeRADIUS and PAM (McNutt, Justin M.) > > > > --__--__-- > > > > Message: 1 > > Date: Fri, 05 Apr 2002 16:03:15 +0900 > > From: Takemura Kiyoaki <[EMAIL PROTECTED]> > > Organization: Kochi University > > To: [EMAIL PROTECTED] > > Subject: how to validate > > Reply-To: [EMAIL PROTECTED] > > > > > > Hi,all. > > > > We are in trouble with seeting up freeradius0.5 on solaris8. > > Every connection became rejected as "invalid password" > > (radius log below) > > > > Fri Apr 5 14:48:30 2002 : Info: Listening on IP address > > 133.97.XXX.XXX ports 1645/udp and 1646/udp. > > Fri Apr 5 14:48:30 2002 : Info: Ready to process requests. > > Fri Apr 5 14:54:53 2002 : Auth: rlm_unix: [takemura]: invalid password > > Fri Apr 5 14:54:58 2002 : Info: Sending duplicate authentication reply > > to client ppp1-gw1:1645 - ID: 124 > > Fri Apr 5 14:54:58 2002 : Auth: rlm_unix: [takemura]: invalid password > > Fri Apr 5 14:55:51 2002 : Auth: rlm_unix: [takemura]: invalid password > > Fri Apr 5 14:55:56 2002 : Info: Sending duplicate authentication reply > > to client ppp1-gw1:1645 - ID: 126 > > > > > > We use NIS password(no shadow file type). > > This is an output between site radiusd.conf and the original one. > > > > < bind_address = 133.97.XXX.XXX > > --- > > > bind_address = * > > 186c185 > > < port = 1645 > > --- > > > port = 0 > > 334,335c333,334 > > < proxy_requests = no > > < # $INCLUDE ${confdir}/proxy.conf > > --- > > > proxy_requests = yes > > > $INCLUDE ${confdir}/proxy.conf > > 437c436 > > < cache = no > > --- > > > cache = yes > > 440c439 > > < # cache_reload = 600 > > --- > > > cache_reload = 600 > >
how does detail file works.
Hi Every One, I am new to free radius. It is working fine for me. I was just wondering how does "detail file (/usr/local/var/log/radius/radaact/ip/detail)" works in free radius. I mean does it gives us stats on daily basis or weekly basis, is it written over daily or weekly or does it keeps the record since the radius is installed? I have software that imports detail file once a month and make stats out of it. I was wondering if detail file is getting written over every day if yes then how will we make monthly stats. I also have downloaded the "radacct" script from the "related software" which is working pretty well for me, but this script is also providing me the stats since the day I have installed the script nothing before that. Kindly guide me about he working of " detail" file. And yes I installed demon tools they worked fine for two weeks and then died so I am not using them anymore but the "Killscript.sh" is working pretty well for me. regards, IQ - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 05, 2002 11:42 PM Subject: Freeradius-Users digest, Vol 1 #624 - 8 msgs > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cistron.nl/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. how to validate (Takemura Kiyoaki) > 2. Re: freeradius and mysql (Nicolas) > 3. Using Radius for Mac Auth. with Wireless Internet. (Stephan Viljoen) > 4. Authenticate with Windows NT domain (Joga Singh) > 5. error when using freeradius with mysl authentication (Dirk Tanneberger) > 6. Fw: Using Radius for Mac Auth. with Wireless Internet. (Stephan Viljoen) > 7. rlm_sql_postgresql problem in FR 0.5+ (Timophey) > 8. FreeRADIUS and PAM (McNutt, Justin M.) > > --__--__-- > > Message: 1 > Date: Fri, 05 Apr 2002 16:03:15 +0900 > From: Takemura Kiyoaki <[EMAIL PROTECTED]> > Organization: Kochi University > To: [EMAIL PROTECTED] > Subject: how to validate > Reply-To: [EMAIL PROTECTED] > > > Hi,all. > > We are in trouble with seeting up freeradius0.5 on solaris8. > Every connection became rejected as "invalid password" > (radius log below) > > Fri Apr 5 14:48:30 2002 : Info: Listening on IP address > 133.97.XXX.XXX ports 1645/udp and 1646/udp. > Fri Apr 5 14:48:30 2002 : Info: Ready to process requests. > Fri Apr 5 14:54:53 2002 : Auth: rlm_unix: [takemura]: invalid password > Fri Apr 5 14:54:58 2002 : Info: Sending duplicate authentication reply > to client ppp1-gw1:1645 - ID: 124 > Fri Apr 5 14:54:58 2002 : Auth: rlm_unix: [takemura]: invalid password > Fri Apr 5 14:55:51 2002 : Auth: rlm_unix: [takemura]: invalid password > Fri Apr 5 14:55:56 2002 : Info: Sending duplicate authentication reply > to client ppp1-gw1:1645 - ID: 126 > > > We use NIS password(no shadow file type). > This is an output between site radiusd.conf and the original one. > > < bind_address = 133.97.XXX.XXX > --- > > bind_address = * > 186c185 > < port = 1645 > --- > > port = 0 > 334,335c333,334 > < proxy_requests = no > < # $INCLUDE ${confdir}/proxy.conf > --- > > proxy_requests = yes > > $INCLUDE ${confdir}/proxy.conf > 437c436 > < cache = no > --- > > cache = yes > 440c439 > < # cache_reload = 600 > --- > > cache_reload = 600 > 454,456c453,455 > < passwd = /var/nis/passwd > < # shadow = /etc/shadow > < group = /var/nis/group > --- > > passwd = /etc/passwd > > # shadow = /etc/shadow > > group = /etc/group > > > > Debug mode output is > /usr/local/sbin/radiusd -xxyz -l stdout > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /usr/local/etc/raddb/clients.conf > Config: including file: /usr/local/etc/raddb/snmp.conf > Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/usr/local/var" > main: logdir = "/usr/local/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = "/usr/local/var/log/radi
Re: Accounting (detail) file addition?
Kevin Hildebrand <[EMAIL PROTECTED]> wrote: > Is there any way to have freeradius write Stop records to the detail file > for failed logins? We're used to using the Cisco AS5300 which actually > sends these stop records, however the new box we're working with doesn't > do it, so we'd like to simulate it. That sounds reasonable. However, the server can't do this right now. The easiest way to do it would be to add a 'post-auth' section. If the post-auth sees a reject packet, then you could configure it to send an accounting packet. But that requires source code changes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting (detail) file addition?
Is there any way to have freeradius write Stop records to the detail file for failed logins? We're used to using the Cisco AS5300 which actually sends these stop records, however the new box we're working with doesn't do it, so we'd like to simulate it. It's nice to be able to parse just one log file and be able to analyze the number of failed logins. Thanks, Kevin Hildebrand ensoport Internetworks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html