Discreet Cheapest Prescri%ption Dru)gs Online!
how to running digest authorize using sql not users file
hi: i need help that i use ser proxy server (radius_www_authorize mondule) (Auth-Type = Digest) to send user to rfreeradius server to authorize the user ,i want to select to database not users file ,can you tell me how to do andy
Re: radcheck entries
Make sure you have a fall through on the first one listed if you dont it will read the first entry and with no fall through it gets rejected. Byron - Original Message - From: "Klaus Heck" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, January 09, 2004 6:58 AM Subject: radcheck entries > Hi, > the radcheck table in my implementation specifies the MAC addresses of the > users trying to access the net, e.g. > > idUserNameAttribute Valueop > 1Charlie Brown Calling-Station-Id00025b3c48c3== > > Now I want allow more than one computer per user name, meaning I want to add > another entry with the same name "Charlie Brown", but with a different MAC > address value. In the standard implementation of freeradius, this does not > work. It seems as if it just checks the first value it read, or it checks > more than one, but all need to match simultaneously. The first time the > condition does not hold, the reject is sent. > > Is there a way to change the behavior of freeradius in order to have more > than one entry for the same UserName? It should send an access-accept > whenever at least one entry is true. > > Appreciate your help > Klaus > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Invalid Signature
Hello, I am having a small issue with a 3COM communications server. Users are able to authenticate, but I am getting this from the radius.log... Error: Received Accounting-Request packet from 216.83.64.149 with invalid signature! (Shared secret is incorrect.) and also a detail file is not being created, only a auth-detail- file. I do not have this issue with the Livingstons. Googling has suggested that it is perhaps an software issue. Current Versions are... FreeRadius - 0.9.0 3Com Corporation HiPer Access Router System Transmit Authentication Name: HiPer System Version: V4.1.59 I have verified the shared secret in the clients.conf it is the same as clients file on the current cistron-radius server which is not having this issue. I wanted to re-enter the password on the 3COM, because that was suggested as well. I am not sure which of the following commands would need to be run to facilitate this... set ACCOUNTING primary_secret | secondary_secret ... set AUTHENTICATION primary_secret | secondary_secret ... or perhaps both. Any other tips would be apprecitated. TIA Bobby R. Cox Linux Systems Administrator Project Mutual Telephone Fix the problem, not the blame. <>< - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can't connect RADIUS Server!!!
This message is to thank both your (no name & Vincent Giovannone. You both are correct & some more. My response is for future reference & helping somebody else. Here is the problem solved: 1) Port number must be 1812 or it will not work 2) I did have a firewall (shorewall firewall, one of the best) & I needed to open port 1812 & 1813 (UDP) 3) I was using WinNT with Proxy Server. I had to allow traffic, both ways, on port 1812 (UDP) BAM... It worked. I do not think without both of your help, I could have done it. Thanks again. Kirti -Original Message- From: 321online.NET [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 8:15 PM To: [EMAIL PROTECTED] Subject: Re: Can't connect RADIUS Server!!! I bet it is all in the ports,if reeradius server host permissions and lastly iptable rules freeradius with mysql and iptable's rulz :) ! - Original Message - From: "Kirti S. Bajwa" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 08, 2004 6:03 PM Subject: Can't connect RADIUS Server!!! > Hello List: > > O/S: RH9 > freeRADIUS: 0.9.3 > > I have a fresh install of RH9 on a server & then installation of freeRADIUS > (FR) software. Installation and settings went smoothly. RADIUS server is up > and running & I can test it by running: > > %radtest 12.21.237.15 0 testing123 > > To authenticate a user other than from RADIUS server, I setup NTRadPing Test > Utility on a Window NT machine. However when I run this utility, I get an > error message "could not receive a response from server". > > It seems like that when I run NTRadPing, I am not reaching the RADIUS server > at 12.21.237.15. However I can PING the IP address of 12.21.237.15 from > Window NT machine. > > I am running RADIUS server in test mode (radiusd -X) and I see nothing > displayed on the terminal window. After couple of days of trying, I > appreciate if somebody can tell me what am I doing wrong and how to correct > it. > > As always, I highly appreciate all responses. > > Kirti > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius +sql
I am using freeradius with postgresql 7.4. I was wondering how I can use hints (I want Strip-User-Name = No). Any help would be appreciated. Thanks, Fei Lung $ chown flung universe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How tcan I translate old X-Ascend... attributes to Ascned...
=?iso-8859-1?Q?Antoine_Cavali=E9?= <[EMAIL PROTECTED]> wrote: > nobody has had this problem ? > incredible !!! > > many NASes send those old-style paquets Most people configure the NAS to send the new-style attributes. > I thinhk I am not able to write those 100 lines > Is somebody able to do it ? Email me off the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How tcan I translate old X-Ascend... attributes to Ascned...
nobody has had this problem ? incredible !!! many NASes send those old-style paquets I thinhk I am not able to write those 100 lines Is somebody able to do it ? Antoine Cavalié - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Free Access Time
On Fri, 2004-01-09 at 11:58, apellido jr., wilfredo p wrote: > Hello, We offer Prepaid Internet in our area. Were > thinking of giving free access time to our client in a > certain time span example 12:00 midnight to 6:00 am. > The accounting from 12:00 midnight - 6:00 am should > not be included or added in there actual remaining > time. Im thinking of 2 (original and > backup)radius.conf and another 2 sql.conf. where my > original config is still as is and edit the backup > config file. > For radius.conf.backup i just comment counter module. > For sql.conf.backup im changing the default value of > accounting table. Setting cron job to restart the > Freeradius every 11:59 pm. Any idea? what are the best > solution for this? thanks ... > Eww...I hate hacks if I can avoid them. Seems like you should be able to rewrite the counter sql statement so it doesn't look at accounting items between those times? -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How tcan I translate old X-Ascend... attributes to Ascned...
=?iso-8859-1?Q?Antoine_Cavali=E9?= <[EMAIL PROTECTED]> wrote: > I was hoping somebody had already had the same problem as I have, > and somebody already had written that module > > No ? No. But the module shouldn't be more than ~100 lines of code. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How tcan I translate old X-Ascend... attributes to Ascned...
I was hoping somebody had already had the same problem as I have, and somebody already had written that module No ? Antoine Cavalié - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How tcan I translate old X-Ascend... attributes to Ascned...
At 12:14 PM 1/9/2004, Antoine Cavalié wrote: What I want is not just having them look the same in the detail files. What I want is that freeradius acts in the same manner if it receives either a X-Ascend-foo=x or a Ascend-foo=x Then the first suggestion. You will need to write a custom module to do this. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How tcan I translate old X-Ascend... attributes to Ascned...
What I want is not just having them look the same in the detail files. What I want is that freeradius acts in the same manner if it receives either a X-Ascend-foo=x or a Ascend-foo=x Antoine Cavalié - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: duplicate accounting mysql rows - possible bug in module rlm_sql.c
At 10:05 AM 1/9/2004, Antoine Cavalié wrote: As nobody helped me , I did it alone If somebody has the same problem, mail me See the docs for 'rlm_acct_unique'. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How tcan I translate old X-Ascend... attributes to Ascned...
At 10:04 AM 1/9/2004, Antoine Cavalié wrote: Hi everybody Two NASes send packets to my freeRadius 0.9.3 One sends old-style X-Ascend-... lines The other sends new-style Ascend-... ones I would like to have freeRadius work correctly for both My idea is to have freeRadius translate packets as they come , so all packets only contain new-style lines but I don't know where to implement that translation rlm_attr_rewrite.c ? rlm_attr_filter.c ? elsewhere ? Any idea will be greatfully appreciated You'd best handle this with a custom module. rlm_attr_rewrite will rewrite value data, but what you want to do is toggle the attribute number. Alternatively, if you just want them to look the same in the detail, then you could edit the dictionary entries so that the VSA attributes are listed first, and then change the non-VSA attributes to remove the 'X-' at the beginning. It is important to put the VSA attributes first, so that if you specify the attribute by name, the VSA entry is returned on the dictionary lookup. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bandwith limiting with FreeRadius and MySQL
In fact, I am waiting for two devices which have QoS to test what I am saying. I only have to know what parameters handle the devices. I supposed that everything go well. _ Reserva y planifica tu viaje online. http://www.msn.es/Viajes/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Trying to set no authentication for users
On Thu, 2004-01-08 at 18:39, Alan DeKok wrote: > John Horne <[EMAIL PROTECTED]> wrote: > > As can be seen it says 'Login OK' but seems to be missing the: > > > > Sending Access-Accept of id 209 to 127.0.0.1:40603 > > MS-CHAP2-Success = > > 0x01533d36364635423233344331414344363438463746353946443832353834324437424131433645464332 > > Ah, yes. For that, the server needs access to the user's password. > > Since you want it to authenticate *anyone* using MS-CHAP, you'll > need to supply all the server with all of their passwords. In which > case, you might as well let the MSCHAP module just authenticate them > normally. > > MS-CHAPv2 is two-way authentication. There's no way to get around > that. > Okay, many thanks. I think that confirms what I was beginning to suspect. As initially mentioned this all arose from a disaster recovery test of our servers. The problem being caused by the fact that we only have one MS IAS server and in losing that server we would need to let all users through RADIUS. I think we will either need to get another IAS server, or perhaps get freeradius to use LDAP calls as a fallback - we have resilient servers providing ldap information for our web caches. (I think I prefer this option :-)) Many thanks for all your help. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Free Access Time
Hello, We offer Prepaid Internet in our area. Were thinking of giving free access time to our client in a certain time span example 12:00 midnight to 6:00 am. The accounting from 12:00 midnight - 6:00 am should not be included or added in there actual remaining time. Im thinking of 2 (original and backup)radius.conf and another 2 sql.conf. where my original config is still as is and edit the backup config file. For radius.conf.backup i just comment counter module. For sql.conf.backup im changing the default value of accounting table. Setting cron job to restart the Freeradius every 11:59 pm. Any idea? what are the best solution for this? thanks ... = wilfredo pahilanga apellido jr. technical support mactan online bacolod city, philippines +63 34 4348311 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? Yahoo! Hotjobs: Enter the "Signing Bonus" Sweepstakes http://hotjobs.sweepstakes.yahoo.com/signingbonus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/ldap documentation
OK, I have created some text versions with your ascii art included. You can go to http://www.doris.cc/radius/ and there is a link to the versions on the main page. If you want to just wget them, they are at: Unix http://www.doris.cc/radius/radius_ldap.txt Windows (notepad readable) http://www.doris.cc/radius/radius_ldap_windows.txt Thanks for the pictures! Dustin Doris On Fri, 9 Jan 2004, Dustin Doris wrote: > Looks pretty good. I will create a text file version with that > information in it and post on the site. I'll post the URL as soon as I'm > done. > > Thanks for the time you put into that!! > > -Dustin Doris > > On Thu, 8 Jan 2004, Puneet B wrote: > > > > how about ASCII art!? > > > > > > ok.. maybe not. > > > > actually why not?? :) Here's an attempt at it! (zipped > > and attached so that my mailer does not automagically open > > and inline the .txt files). Now we only need someone to > > combine this with the rest of the text (& maybe dos2unix it). > > > > Puneet > > > > > > > At 11:54 AM 1/2/2004 -0500, you wrote: > > > >Dustin Doris <[EMAIL PROTECTED]> wrote: > > > > > Would like to let everyone know that I have some documentation up about > > > > > using freeradius w/ ldap auth and autz. The URL is > > > > > http://doris.cc/radius. > > > > > > > > It's my intent to add this to the server docs, but my preference for > > > >internal documentation is text, and the images are so useful, that I'm > > > >unsure about how best to do it... > > > > > > > > Alan DeKok. > > > > > > ___ > > No banners. No pop-ups. No kidding. > > Introducing My Way - http://www.myway.com > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS-Vs-Client
> Anybody can explain me the differences between NAS and client A NAS is usually a specific kind of RADIUS client. An AP may not be a NAS, but it is a RADIUS client. > and, if it is possible, what I have to introduce to the files > naslist, client and client.conf? Don't use the "naslist" or the "clients" file. "clients.conf" explains what you need to put in it. > Who is the NAS and who the client? The machine sending Access-Request packets to the server is the client. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radcheck entries
Keith Yoder <[EMAIL PROTECTED]> wrote:
> As far as I know you can't do this with database tables. The user file
> will do this just fine. List each user with the Calling-Station-Ids.
Hmm... you may also be able to do something like:
idUserNameAttribute Valueop
1Charlie Brown Calling-Station-Id`%{sql:select. %{Calling-Station-Id}..}
==
i.e. Create another table, of nothing but values for calling station
ID for that user. Look them up by username & calling station ID. If
they match, return the calling station id.
This lets the comparison be a "dynamic" match...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS-Vs-Client
Anybody can explain me the differences between NAS and client and, if it is possible, what I have to introduce to the files naslist, client and client.conf? I mean, if my scenery is: Supplicant ßà switch ß-à freeradius Who is the NAS and who the client? Thanks and sorry for the English level!!! Albert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radcheck entries
"Klaus Heck" <[EMAIL PROTECTED]> wrote: > Is there a way to change the behavior of freeradius in order to have more > than one entry for the same UserName? If you can figure out a way to make an SQL query do that, sure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bandwith limiting with FreeRadius and MySQL
=?iso-8859-1?B?U2FudGlhZ28gQmFsYWd1ZXIgR2FyY+1h?= <[EMAIL PROTECTED]> wrote: > Well, I suposed that he don´t want to put the attributes in the "users" file > because he has lots of clients and it is easier to put all the attributes un > a DB. I am solving this same problem today and I think it is the good way. > It means to put the attibutes in the radreply table. That's nice. It's also deliberatly missing the point of what I said. Start off with "users" file FIRST, and THEN once you know what's going on, start using MySQL. If you're trying to understand how to configure the server by doing tests on a live system, you'll never get anywhere, and you'll annoy all of your customers. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql an old question.
Apu islam <[EMAIL PROTECTED]> wrote: > Does this look right ? should I put sql in one line > there ? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
duplicate accounting mysql rows - possible bug in module rlm_sql.c
As nobody helped me , I did it alone If somebody has the same problem, mail me Antoine Cavalié - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How tcan I translate old X-Ascend... attributes to Ascned...
Hi everybody Two NASes send packets to my freeRadius 0.9.3 One sends old-style X-Ascend-... lines The other sends new-style Ascend-... ones I would like to have freeRadius work correctly for both My idea is to have freeRadius translate packets as they come , so all packets only contain new-style lines but I don't know where to implement that translation rlm_attr_rewrite.c ? rlm_attr_filter.c ? elsewhere ? Any idea will be greatfully appreciated Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: any suggestions for dynamic DNS clients
From: "Alan DeKok" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: any suggestions for dynamic DNS clients Date: Fri, 09 Jan 2004 10:52:21 -0500 "john zurowski" <[EMAIL PROTECTED]> wrote: > I thought that Freeradius had to be restarted/ sent a HUP signal for it to > retrieve domain names as it only stores IP address after loading the config > file. Has this changed in 0.9.3 ? No. And it won't change, either. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I can see why you wouldn't want to anyway (multiple DNS lookups / request) _ Find a cheaper internet access deal - choose one to suit you. http://www.msn.co.uk/internetaccess - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: any suggestions for dynamic DNS clients
"john zurowski" <[EMAIL PROTECTED]> wrote: > I thought that Freeradius had to be restarted/ sent a HUP signal for it to > retrieve domain names as it only stores IP address after loading the config > file. Has this changed in 0.9.3 ? No. And it won't change, either. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tag the subject?
I second that! On Fri, 9 Jan 2004, Kai Matla wrote: > Date: Fri, 9 Jan 2004 09:23:26 +0100 > From: Kai Matla <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Tag the subject? > > Hi all, > > how about tagging the emails from the userlist by adding [freeradius-userlist] to > the subject? > Would make it much easier to identify them in a crowded inbox. > > With kind regards, > Kai Matla > __ > Erdbeben im Iran: Zehntausende Kinder brauchen Hilfe. UNICEF hilft den > Kindern - helfen Sie mit! https://www.unicef.de/spe/spe_03.php > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Bill [EMAIL PROTECTED] http://www.brunton.net http://www.icu.net KA0SEP NNN0HQA/OK ATP CFII BE200 BE300 BE300F BE1900 BE2000 BE2000S CE500 The Internet... The place to be! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius/ldap documentation
Looks pretty good. I will create a text file version with that information in it and post on the site. I'll post the URL as soon as I'm done. Thanks for the time you put into that!! -Dustin Doris On Thu, 8 Jan 2004, Puneet B wrote: > > how about ASCII art!? > > > > ok.. maybe not. > > actually why not?? :) Here's an attempt at it! (zipped > and attached so that my mailer does not automagically open > and inline the .txt files). Now we only need someone to > combine this with the rest of the text (& maybe dos2unix it). > > Puneet > > > > At 11:54 AM 1/2/2004 -0500, you wrote: > > >Dustin Doris <[EMAIL PROTECTED]> wrote: > > > > Would like to let everyone know that I have some documentation up about > > > > using freeradius w/ ldap auth and autz. The URL is > > > > http://doris.cc/radius. > > > > > > It's my intent to add this to the server docs, but my preference for > > >internal documentation is text, and the images are so useful, that I'm > > >unsure about how best to do it... > > > > > > Alan DeKok. > > > ___ > No banners. No pop-ups. No kidding. > Introducing My Way - http://www.myway.com > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable Multiple Logins in a row (not at the same time)
try Max-Daily-Session := 500 instead http://www.zurowski.btinternet.co.uk";>John Zurowski From: John Eckert <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Disable Multiple Logins in a row (not at the same time) Date: Fri, 09 Jan 2004 15:38:35 +0100 Thanks. I have included the "rlm_counter" module in my radiusd.conf and each time the server gets an "stop" request he adds he Acct-Session-Time. Looks like this: rlm_counter: Packet Unique ID = '5bf5b6a4e87be179' rlm_counter: Counter Unique ID = '5dddb8291191804a' rlm_counter: User=john, Counter=488. rlm_counter: User=john, New Counter=524. modcall[accounting]: module "daily" returns ok for request 31 But how can I set a maximum usage time? I have added Max-Daily-Session = 500 to my "radgroupreply" table but I can still logon, even with my counter being at 524. And, the attribute "session-timeout" isn't added to the reply, so my NAS doesn't log out the user, either. Any short or long hints? Version info: freeradius 0.9.2-4 on debian, mysql database Thank you John Eckert. -On Donnerstag, 8. Januar 2004 11:53 -0500 Alan DeKok <[EMAIL PROTECTED]> wrote: John Eckert <[EMAIL PROTECTED]> wrote: I have successfully configured my freeradius server to answer the accounting request and to give the user an internet access for lets say 30 Minutes. After 30 Minutes the user gets kicked. _But_: After he gets kicked he is able to login again with the same username and password. Is there a way to prevent this? rlm_counter Gives the user limited time access per day/week/month/whatever Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html John E. -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Tired of slow downloads? Compare online deals from your local high-speed providers now. https://broadband.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable Multiple Logins in a row (not at the same time)
Thanks. I have included the "rlm_counter" module in my radiusd.conf and each time the server gets an "stop" request he adds he Acct-Session-Time. Looks like this: rlm_counter: Packet Unique ID = '5bf5b6a4e87be179' rlm_counter: Counter Unique ID = '5dddb8291191804a' rlm_counter: User=john, Counter=488. rlm_counter: User=john, New Counter=524. modcall[accounting]: module "daily" returns ok for request 31 But how can I set a maximum usage time? I have added Max-Daily-Session = 500 to my "radgroupreply" table but I can still logon, even with my counter being at 524. And, the attribute "session-timeout" isn't added to the reply, so my NAS doesn't log out the user, either. Any short or long hints? Version info: freeradius 0.9.2-4 on debian, mysql database Thank you John Eckert. -On Donnerstag, 8. Januar 2004 11:53 -0500 Alan DeKok <[EMAIL PROTECTED]> wrote: John Eckert <[EMAIL PROTECTED]> wrote: I have successfully configured my freeradius server to answer the accounting request and to give the user an internet access for lets say 30 Minutes. After 30 Minutes the user gets kicked. _But_: After he gets kicked he is able to login again with the same username and password. Is there a way to prevent this? rlm_counter Gives the user limited time access per day/week/month/whatever Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html John E. -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radcheck entries
Klaus Heck wrote: Hi, the radcheck table in my implementation specifies the MAC addresses of the users trying to access the net, e.g. idUserNameAttribute Valueop 1Charlie Brown Calling-Station-Id00025b3c48c3== Now I want allow more than one computer per user name, meaning I want to add another entry with the same name "Charlie Brown", but with a different MAC address value. In the standard implementation of freeradius, this does not work. It seems as if it just checks the first value it read, or it checks more than one, but all need to match simultaneously. The first time the condition does not hold, the reject is sent. Is there a way to change the behavior of freeradius in order to have more than one entry for the same UserName? It should send an access-accept whenever at least one entry is true. As far as I know you can't do this with database tables. The user file will do this just fine. List each user with the Calling-Station-Ids. Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radcheck entries
Hi, the radcheck table in my implementation specifies the MAC addresses of the users trying to access the net, e.g. idUserNameAttribute Valueop 1Charlie Brown Calling-Station-Id00025b3c48c3== Now I want allow more than one computer per user name, meaning I want to add another entry with the same name "Charlie Brown", but with a different MAC address value. In the standard implementation of freeradius, this does not work. It seems as if it just checks the first value it read, or it checks more than one, but all need to match simultaneously. The first time the condition does not hold, the reject is sent. Is there a way to change the behavior of freeradius in order to have more than one entry for the same UserName? It should send an access-accept whenever at least one entry is true. Appreciate your help Klaus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting_update_query_alt
Hello, I patched the rlm_sql module (freeradius-snapshot-20040109) to do "accounting_update_query_alt". The other needed changes will be in the conf files. Basically the "accounting_update_query_alt" should be identical to "accounting_start_query" most of the times. Any chance this patch gets into the server? TIA, Joao Frade > -Original Message- > From: João Filipe Frade > Sent: quinta-feira, 8 de Janeiro de 2004 16:07 > To: [EMAIL PROTECTED] > Subject: accounting_update_query_alt > > > Hello, > > Is it possible to make the update query behave like the start > and the stop queries? > And alternate update query is useful in several cases (i.e. > server problems, lost start packets, billing, ADSL connections). > > TIA, > > Joao Frade > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > patches.zip Description: patches.zip
RE: Documentation Suggestion
Sorry for the delay and for bringing up an old thread... It will probably be another year before we do an update on the book. When I began to write the current edition, it was a primary objective (from Tim himself, I believe, but I'm not certain) to make the book about RADIUS, the protocol, and not necessarily lean toward any specific product. I'm not sure that this attitude has changed, although when we do another edition I'll certainly expand the coverage of FreeRADIUS provided. The book sat in production for three months after I finished writing the manuscript (in April-May 2002). Unfortunately the text was committed to frame so I was unable to make any updates, so it's unfortunate that the FreeRADIUS-specific portions became one version out of date before the book ever went to press. However, while some things have changed, I still believe it's a good introduction to installing and configuring the server. When the time comes closer for updating the book, I'll definitely solicit help from the list to see what topics, specific coverage, and discussions you'd like to see. Jonathan Hassell -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Snape Sent: Tuesday, November 18, 2003 12:32 PM To: [EMAIL PROTECTED] Subject: Documentation Suggestion Has anyone considered approaching Tim O'Reilly to do a dedicated FreeRadius book. The existing Radius title is ok as far as it goes and the two freeradius chapters are a plus but IMO it does not go far enough. I would have thought that FreeRadius deserves to have it's own creature. Since Jonathon Hassels book features a molusc, I'd suggest an octopus (a higher order marine species). Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ZKV, to the footboard
Free Cable^ TV lyric cruise isadore duffel conferee sepuchral bethlehem aseptic swing circular dairy beautify glutamine chicanery havoc cut mountainside schmitt martini promiscuous determinant bilayer affectate realty familiar bonus glissade chronicle bloat delineament flatland fill universal checksum tat bullyboy transform thurman fete dynamism jorgensen
Re: any suggestions for dynamic DNS clients
From: Johnboy <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: any suggestions for dynamic DNS clients
Date: Fri, 09 Jan 2004 08:06:54 +0100
This is what I have in my "clients.conf" and it works:
client xyz.no-ip.org {
secret = foobar
shortname = wsg4000
nastype = other
}
client abc.no-ip.com {
secret = foobar
shortname = iss2000
nastype = other
}
The IPs change all night. Freeradius v. 0.9.2-4
Well, it work correctly, however it is impossible to write stadistics of a
client such as used time because in the MySQL all is register with the
NAS-IP and it changes every night.
_
Reserva y planifica tu viaje online. http://www.msn.es/Viajes/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bandwith limiting with FreeRadius and MySQL
Don't start off with MySQL. Put the attributes into the "users" file. Once you've got them working there, it's much clearer where they go into MySQL. Read the "man" page for the "users" file, too. Alan DeKok. Well, I suposed that he don´t want to put the attributes in the "users" file because he has lots of clients and it is easier to put all the attributes un a DB. I am solving this same problem today and I think it is the good way. It means to put the attibutes in the radreply table. _ Dale vida a tu correo. Con MSN 8 podrás incluir fotos y textos increibles. http://join.msn.com/?pgmarket=es-es&XAPID=517&DI=1055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tag the subject?
Hi all, how about tagging the emails from the userlist by adding [freeradius-userlist] to the subject? Would make it much easier to identify them in a crowded inbox. With kind regards, Kai Matla __ Erdbeben im Iran: Zehntausende Kinder brauchen Hilfe. UNICEF hilft den Kindern - helfen Sie mit! https://www.unicef.de/spe/spe_03.php - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: Invalid operator for item Suffix: reverting to '=='
morning, keep on having the following error message in my logs... Thu Jan 8 02:10:37 2004 : Error: Invalid operator for item Suffix: reverting to '==' in my users file i have the ffg: umgcini# less users # x.co.za realm # # DEFAULT Suffix="@chiefjanitor.com",Auth-Type == LDAP Acct-Status-Type = Interim-Update ive tried changign suffix="@" to suffix== but no such luck. appreciate any pointers.. thanks j. #include - 'save the trees, send an email' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: any suggestions for dynamic DNS clients
This is what I have in my "clients.conf" and it works:
client xyz.no-ip.org {
secret = foobar
shortname = wsg4000
nastype = other
}
client abc.no-ip.com {
secret = foobar
shortname = iss2000
nastype = other
}
The IPs change all night. Freeradius v. 0.9.2-4
John Eckert
--On Donnerstag, 8. Januar 2004 22:30 + john zurowski
<[EMAIL PROTECTED]> wrote:
I thought that Freeradius had to be restarted/ sent a HUP signal for it
to retrieve domain names as it only stores IP address after loading the
config file. Has this changed in 0.9.3 ?
Alas I've not upgraded yet
From: Johnboy <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: any suggestions for dynamic DNS clients
Date: Thu, 08 Jan 2004 22:49:15 +0100
No, why?
my hotspot device (= client = NAS) gets a new ip every night
but i have my dns name, and the dns lookup from the server
when the NAS connects is always true.
John Eckert
--On Donnerstag, 8. Januar 2004 21:16 + john zurowski
<[EMAIL PROTECTED]> wrote:
I presume you HUP your Freeradius server on a regular basis then. i.e.
via a CRON job ?
From: Johnboy <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: any suggestions for dynamic DNS clients
Date: Thu, 08 Jan 2004 22:11:41 +0100
Our Hotspot gets a new IP every night, too.
We use a simple dyndns service linke "no-ip.com".
Simply enter the dyndns name in the clients.conf file
and every works well ...
If your Hotspot dont provide an dyndns client, use an
dsl router.
John Eckert
--On Donnerstag, 8. Januar 2004 20:28 + john zurowski
<[EMAIL PROTECTED]> wrote:
We've setup a few hotspots all with static IPs and everything works
perfectly.
However we've had requests regarding using dynamic IPs (ADSL lines)
and dynamic DNS.
Has anyone tackled this problem and have recommendations as to what
could be done.
My initial thoughts were to develop a server process on the machine
hosting the RADIUS server that could HUP freeradius and cause the conf
files to be re-loaded. The client would then prod this process to HUP
RADIUS server when dynamic DNS is reset i.e. every time the client
reconnects to the ISP.
Its somewhat of a heavy handed approach but it would do as a short
term solution.
The only other approach I could think of was to modify freeradius by
retaining the domain name when loading clients.conf (in "int
read_clients_file(const char *file)" - maybe it already does and I've
just misread it) and effectively do a re-lookup of the Ip address for
domain-named cients. Again a lot of potential problems with this
approach i.e. DoS type attacks.
http://www.zurowski.btinternet.co.uk";>John
Zurowski
_
Use MSN Messenger to send music and pics to your friends
http://www.msn.co.uk/messenger
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Johnboy
--
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
_
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Johnboy
--
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
_
Stay in touch with absent friends - get MSN Messenger
http://www.msn.co.uk/messenger
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Johnboy
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
