How do I configure FreeRadius to compile with the MySQL drivers?
Hi All, I'm running FreeRadius-0.9.3 on a Red Hat 8.0 machine and would like to configure FreeRadius to compile with MySQL drivers. How can I do this? Regards, Shannon
Re: How do I configure FreeRadius to compile with the MySQL drivers?
use sql.conf
see radiusd.conf for
$INCLUDE
${confdir}/sql.conf
- Original Message -
From:
Shannon Sariman
To: [EMAIL PROTECTED]
Sent: Friday, April 16, 2004 9:04
AM
Subject: How do I configure FreeRadius to
compile with the MySQL drivers?
Hi All,
I'm running FreeRadius-0.9.3 on a Red Hat 8.0 machine and would like to
configure FreeRadius to compile with MySQL drivers. How can I do this?
Regards,
Shannon
Re: Disconnecting after so many hours used?
use sqlcounter.conf - Original Message - From: "Devin Atencio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, April 15, 2004 11:45 PM Subject: Disconnecting after so many hours used? > > I was just curious if there was a way with FreeRadius to say after 100 > hours of dialup > time that FreeRadius can be configured to no longer let the customer > connect. Has > anyone done this? Any help would be appreciated. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap output?
> hi all,
>
> i am trying to authenticate users via eap md5 for just testing purposes. i
> use winxp supplicant (i know that after sp1 they dont support md5).
>
> i ran the radius server in the debug mode. here is the output.
>
> rad_recv: Access-Request packet from host 193.140.193.133:1084, id=43,
> length=176
> User-Name = "onur"
> Cisco-AVPair = "ssid=deneme1"
> NAS-IP-Address = 193.140.193.133
> Called-Station-Id = "00409658c568"
> Calling-Station-Id = "00601d23ac50"
> NAS-Identifier = "mobile1.mast.boun.edu.tr"
> NAS-Port = 37
> Framed-MTU = 1400
> NAS-Port-Type = Wireless-802.11
> Service-Type = Authenticate-Only
> EAP-Message =
> 0x0276001a04105039fc16b3f07964ed389fdcb541b3d86f6e7572
> Message-Authenticator = 0x331a683c47109fa7665f3af45a3b83ff
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_eap: EAP packet type notification id 118 length 26
> rlm_eap: EAP Start not found
> modcall[authorize]: module "eap" returns updated
> users: Matched onur at 9
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns updated
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> modcall: entering group authenticate
> rlm_eap: EAP packet type notification id 118 length 26
> rlm_eap: EAP Start not found
> rlm_eap: NO State Attribute found: Cannot match EAP packet to any
> existing
> conversation.
> modcall[authenticate]: module "eap" returns invalid
> modcall: group authenticate returns invalid
> auth: Failed to validate the user.
> Delaying request 54 for 1 seconds
> Finished request 54
> Going to the next request
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host 193.140.193.133:1084, id=43,
> length=176
> Sending Access-Reject of id 43 to 193.140.193.133:1084
> Reply-Message = "boo-3"
> --- Walking the entire request list ---
> Waking up in 1 seconds...
> --- Walking the entire request list ---
> Cleaning up request 52 ID 41 with timestamp 407f0c20
> Cleaning up request 53 ID 42 with timestamp 407f0c20
> Cleaning up request 54 ID 43 with timestamp 407f0c20
> Nothing to do. Sleeping until we see a request.
>
> i am using cisco ap 350 and wavelan cards. the user is defined but i
> connot
> figure out where the problem is. in the users file i set the reply message
> to "boo-3" so i think it figures correctly the username password. and i
> have
> no idea what
> "rlm_eap: EAP Start not found
> rlm_eap: NO State Attribute found: Cannot match EAP packet to any
> existing
> conversation."
> means...
>
>
> thanks in advance
> onur simsek
>
> ps: the config file
> V
> *
> ##
> ## radiusd.conf -- FreeRADIUS server configuration file.
> ##
> prefix = /usr
> exec_prefix = /usr
> sysconfdir = /etc
> localstatedir = /var
> sbindir = /usr/sbin
> logdir = ${localstatedir}/log/radius
> raddbdir = ${sysconfdir}/raddb
> radacctdir = ${logdir}/radacct
>
> # Location of config and logfiles.
> confdir = ${raddbdir}
> run_dir = ${localstatedir}/run/radiusd
> log_file = ${logdir}/radius.log
> libdir = /usr/lib
> pidfile = ${run_dir}/radiusd.pid
> user = radiusd
> group = radiusd
> max_request_time = 30
> delete_blocked_requests = no
> cleanup_delay = 5
> max_requests = 1024
> bind_address = *
> port = 0
> hostname_lookups = no
> allow_core_dumps = no
> regular_expressions = yes
> extended_expressions = yes
> log_stripped_names = no
> log_auth = no
> log_auth_badpass = yes
> log_auth_goodpass = yes
> usercollide = no
> lower_user = no
> lower_pass = no
> nospace_user = no
> nospace_pass = no
> checkrad = ${sbindir}/checkrad
> security {
> max_attributes = 200
> reject_delay = 1
> status_server = no
> }
> proxy_requests = yes
> $INCLUDE ${confdir}/proxy.conf
> $INCLUDE ${confdir}/clients.conf
> snmp = no
> $INCLUDE ${confdir}/snmp.conf
> thread pool {
> start_servers = 5
> max_servers = 32
> min_spare_servers = 3
> max_spare_servers = 10
> max_requests_per_server = 0
> }
> modules {
> pap {
> encryption_scheme = crypt
> }
> chap {
> authtype = CHAP
> }
> pam {
> pam_auth = radiusd
> }
> unix {
> cache = no
> cache_reload = 600
> shadow = /etc/shadow
> radwtmp = ${logdir}/radwtmp
> }
> eap {
>
> md5 {
> }
> }
> mschap {
> authtype = MS-CHAP
> }
> ldap {
> server = "ldap.your.domain"
> basedn = "o=My Org,c=UA"
> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
> start_tls = no
> access_attr = "dialupAccess"
> dictionary_mapp
How to specify more than one SQL query in SQL.CONF
Hi All,
I can see accounting_update_query in SQl.conf which updates RADACCT
table for each ACCOUNTINGT_UPDATE PACKET form NAS.
My question is can I specify more than one query here.
I want to decrement SESSION_TIMEOUT in RERPLY by min each time I receive
Accounting update packets.
So is it possible to Write .
accounting_update_query =
("UPDATE ${acct_table1} SET FramedIPAddress = '%{Framed-IP-Address}',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'";
"Update RADREPLY set SESSION_TIMEOUT= SESSION_TIMEOUT-60"
)
Thanks in Advance,
Sagar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to specify more than one SQL query in SQL.CONF
[EMAIL PROTECTED] escreveu:
Hi All,
I can see accounting_update_query in SQl.conf which updates RADACCT
table for each ACCOUNTINGT_UPDATE PACKET form NAS.
My question is can I specify more than one query here.
I want to decrement SESSION_TIMEOUT in RERPLY by min each time I receive
Accounting update packets.
So is it possible to Write .
accounting_update_query =
("UPDATE ${acct_table1} SET FramedIPAddress = '%{Framed-IP-Address}',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'";
"Update RADREPLY set SESSION_TIMEOUT= SESSION_TIMEOUT-60"
)
I've tried to write multiple MySQL queries in one Freeradius statement
and it didn't work for me. In your case it seems you want to limit
users time online (prepaid or something like that). If that is the case
it would be much easier for you to use the sqlcounter module to do this
for you.
Hope that helps,
Keith Yoder
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error:Discarding requests from new client
I have to Max 6000 units authenticating against a freeraduis server eventually I strart getting the errors below and every time someone calls in and gets the second max they get rejected and these errors continue till the server is rebooted. Then it runs fine for a few days until it starts flooding with the errors below again and then anyone connecting to the second max cant get authenticated again till a reboot. Wierd things is though if a line on the first box becomes free they can get authed on it and get connected but not the second max unit when the first is full. Fri Apr 16 07:37:40 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 54 due to live request 10268 Fri Apr 16 07:37:41 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 55 due to live request 10272 Fri Apr 16 07:37:42 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 55 due to live request 10272 Fri Apr 16 07:37:43 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 56 due to live request 10274 Fri Apr 16 07:37:43 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 55 due to live request 10272 Fri Apr 16 07:37:44 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 56 due to live request 10274 Fri Apr 16 07:37:45 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 56 due to live request 10274 Any help would be greatly appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Other errors also
Also I am getting errors like this since the server was rebooted, Fri Apr 16 08:11:03 2004 : Error: Accounting: logout: entry for NAS ifcras2 port 20210 has wrong ID - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PAP and CHAP on same system
Not at all. If payment hasn't been received, mark the account as inactive or on hold, or whatever you need to do. In your SQL query from Freeradius: select username, password from users where active='y'; Of course, you'll need to use a query that works in your situation to retrieve the necessary information for the accounts which should be authenticated. I for one, am working on configuring my radius server and NAS to allow inactive/non-existant accounts to log into my system for up to 5 minutes, locking them into a specific web page (by redirecting all port 80 requests). -- Troy Settle Pulaski Networks http://www.psknet.com 866.477.5638 > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Bob Ross > Sent: Wednesday, April 14, 2004 2:12 PM > To: [EMAIL PROTECTED] > Subject: Re: PAP and CHAP on same system > > This turns out to be a bit of trouble to maintain the list > when users have > to be locked because of no payment or other things. > > > FreeRADIUS doesn't care. If you have a clear-text password in a > > local database, it will do PAP/CHAP, or whatever else is in the > > request. > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRADIUS on Cobalt Qube
Sorry for the extremely late reply, but I just noticed this in my inbox while searching for something else (keyword "cobalt"). Just so you know, the Qube 3 Pro runs a modified Redhat 6.2 which uses a 2.2 i386 kernel. It uses a much older perl, php, and openssl. Just about everything on it is an older release, just patched for security. For this reason you may have dependency issues with FreeRADIUS but I'm not certain about this. The Qube does have built-in LDAP functionality (if that's part of your freeradius plan). I have a couple of Qube 3's in my company and have gone under the hood a few times, but for Qube specific help you should try the Sun Cobalt Qube Forum at http://cobalt-forum.sun.com/forum/index.php?t=thread&frm_id=2&; In particular, contact users RW Black or Jay Farschman on that forum. They have each used Qube's for "alternative" purposes and are very helpful. -Cameron -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kevin Bonner Sent: Thursday, March 25, 2004 12:39 PM To: [EMAIL PROTECTED] Subject: Re: FreeRADIUS on Cobalt Qube -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday 25 March 2004 11:33, Dan Hawker wrote: > Have any of you used a Qube (or Raq I guess) for FreeRADIUS, did it work, > was it relatively painless to setup, etc, etc. I have a test RaQ3 (with a 550 OS) and had no issues installing or running FreeRADIUS 0.9.3. Nothing special should be needed in order to install on the Qube. If you run into problems, feel free to send them to the list so we can help resolve. Kevin Bonner -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAY0N6/9i/ml3OBYMRArYBAJ9CyUUrxE1BFSTcnKI2EHLgYg3hLwCdH7GI idc21+e3NAMUhn7D5EwOMFI= =4RN9 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migrate over
You may want to wait for 1.0, to come out. There have been significant updates in cvs since 0.9.3 was frozen. I have been helping a little with the development, but I am still using a version of Cistron I customised to account to PostGreSQL. I have an R&D M/C that I do all the testing on, so I don't have to worry about comprimising my main servers. Bob Ross wrote: Is there any documentation on the migration process from Cistron 1.6.6 to FreeRadius? Slackware 9.1 kernel 2.4.22 I downloaded and extracted FreeRadius 0.93, configured/compiled with no errors. Did not yet do a make install yet because I wanted to make sure. This is a production server and can't risk a major outage. I would like to have both running until I'm sure all the processes are running as they should be. Like running freeRadius on port 1812/1813. I'm also looking for examples to also setup to do both PAP and CHAP, and have the CHAP use mySQL. Examples of the database structure, and anything else that could be used to make this work in a few days. I have mySQL 4.0.18 and PHP4 installed and running. Have never used mySQL, but told this would be the best thing for me to make this work as painless as possible. I looked in the sql examples but not sure yet on how to make the databases and how to read what I need to do to make radius read them and use them. Is there any programs that will update the mySQL if a user is removed from the system files, or added to the system files automatically? Sorry for all the questions, but I was tossed right in to this. Our wholesaler first said PAP would be used, and we got everything started ought/paid for and we find out after that it's CHAP and were not setup. If someone would also like to quote a cost to help set up with instruction by e-mail or yahoo messenger, I would entertain that idea right now also. This has already cost us more than I care to think about right now and have almost no hair left to pull, and the eyes are getting more red as the days pass. Had to put on glasses because it's becoming a blur. I'm spending 18 hours a day in front of this thing and have just about lost it. Thanks Bob Ross - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . -- Guy Fraser - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SSL Certificates for PEAP/TTLS
Thanks man! That helps me out a lot! On Apr 15, 2004, at 5:54 PM, Steve OBrien wrote: >Is it easy convert? I did a google search to find out about >converting IIS certificates to Apache and all the results I got back >made it sound like rocket science. The documentation on it is not very good, it is actually surprisingly simple. 1.) on Unix box w/openssl : # openssl genrsa -des3 -out server.key 2048 # openssl req -new -key server.key -out server.csr 2.) FTP (binary) server.csr over to windows ca 3.) Open ms ca in browser, advanced request, copy and paste csr user Web Server template and DER encoding. Also download CA cert. 4.) FTP both back over the cert to the Unix box 5.) On Unix box: # openssl x509 -inform DER -in server.cer -out server.pem same command with the CA cert 6.) change your eap.conf to point to server.key for private key, server.pem for server cert, and CA.pem for CA cert. Steve O'Brien City of Bend Network Administrator [EMAIL PROTECTED] 541-322-6393 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OFF TOPIC: but need some help
Hi Folks, I know this is off topic, and hope I don't get flamed for it but I have looked for an answer to this to no avail and I know there must be some Cisco AS5200 users on this list. How does one disconnect an ISDN user? With a regular 56K dialup it's just clear line (line #), but I can't find the syntax for an ISDN user. The ISDN user is not shown as being on a regular line #, instead they are shown at the bottom of the show users list. Anyone know how? Thanks, Lisa Casey Netlink 2000, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to specify more than one SQL query in SQL.CONF
Hi All, Keith, Thanks for U'r reply. I looked into rlm_sqlcounter and it can help to restrict daily ,weekly else monthly limits. In my case people are charged at per minute usage of internet .In worst case if we have 100 users and all of them subscribed for odd minutes then I would need 100 counters to limit them. We want to sell internet access in block of 15 minute/30 mins/60 mins/hour/2 hours and so on. People can subscribe to any plans and they can add one plan to other to keep their access in-tact. I have NAS which returns accounting update packets each minute so I can always cut-off if someone is going over their top-up limits. All I want to do is Remaining time = Remaining time-1 minute each minute. Is it 100% sure we can't have more than one query in SQL.conf? Any thoughts guys? Regards, Sagar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to specify more than one SQL query in SQL.CONF
<[EMAIL PROTECTED]> wrote: > In my case people are charged at per minute usage of internet .In worst > case if we have 100 users and all of them subscribed for odd minutes > then I would need 100 counters to limit them. Yes... but the *method* of counting is the same for all of them, so you only need one copy of the counter (or sqlcoutner) module. > All I want to do is > Remaining time = Remaining time-1 minute each minute. Hmm... the counter and sqlcounter modules don't listen to interim updates, only accounting stop messages. > Is it 100% sure we can't have more than one query in SQL.conf? > Any thoughts guys? If you're using sqlcounter, you don't put any queries into sql.conf. The queries go into the sqlcounter configuration. And the queries can depend on usernames, and thus are changed dynamically for every request. So one query string in the configuration file can turn into one of hundreds or thousands of queries sent to the SQL server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configure --without-rlm_modulename dosn´t seam to work correctly
Hi, properly i´am to stupid to know why but if i run configure for 0.9.3 with quit some --whithout-rlm_modulename statements at the end "Make.inc" still has all modules listed. Which is bad for me because some that i not need are not compiling on my box so make doesn't finish. Well i edit it by hand then. That isn't nice i think. So if there is someone who knows to fix would be nice. Regards Holger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure --without-rlm_modulename dosn´t seam to work correctly
"Holger Steppke" <[EMAIL PROTECTED]> wrote: > properly i´am to stupid to know why but if i run configure for 0.9.3 > with quit some --whithout-rlm_modulename statements > at the end "Make.inc" still has all modules listed. The modules may be listed, but they shouldn't be included in the build. > Which is bad for me because some that i not need are not compiling on my box > so make doesn't finish. Not all of the modules have "configure" scripts, so not all listen to the "--without-rlm_module" directive. > Well i edit it by hand then. That isn't nice i think. > So if there is someone who knows to fix would be nice. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error:Discarding requests from new client
"Nick Marino" <[EMAIL PROTECTED]> wrote: > I have to Max 6000 units authenticating against a freeraduis server > eventually I strart getting the errors below and every time someone calls in > and gets the second max they get rejected and these errors continue till the > server is rebooted. You're running it on a Unix box. There's usually no need to reboot the server for anything other than serious upgrades. > Fri Apr 16 07:37:40 2004 : Error: Discarding new request from client > ifcras2:1025 - ID: 54 due to live request 10268 See the list archives. You're using a database which isn't responding to FreeRADIUS, so FreeRADIUS isn't responding to the NAS. Don't reboot the machine. Find out what's causing the blockage, and fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migrate from Cistron
"Bob Ross" <[EMAIL PROTECTED]> wrote: > I'm also looking for examples to also setup to do both PAP and CHAP, and > have the CHAP use mySQL. MySQL doesn't do CHAP. You can use MySQL to store clear-text passwords, and then use those password in FreeRADIUS to do CHAP. Terminology is important. Without the correct terminology, your understanding of how the system works will be wrong, and any design you try to implement will be wrong. > I looked in the sql examples but not sure yet on how to make the databases > and how to read what I need to do to make radius read them and use them. See doc/rlm_sql. It covers this. > Is there any programs that will update the mySQL if a user is removed from > the system files, or added to the system files automatically? No. I don't understand why you'd need to update SQL if the system (/etc/passwd?) files are updated. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OFF TOPIC: but need some help
what are you trying to achieve? what cisco series you have? what software version? can you paste the output? disconnect from cisco box or from freeradius? i am lost... - Original Message - From: "Lisa Casey" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 4:01 PM Subject: OFF TOPIC: but need some help > Hi Folks, > > I know this is off topic, and hope I don't get flamed for it but I have > looked for an answer to this to no avail and I know there must be some Cisco > AS5200 users on this list. > > How does one disconnect an ISDN user? With a regular 56K dialup it's just > clear line (line #), but I can't find the syntax for an ISDN user. The ISDN > user is not shown as being on a regular line #, instead they are shown at > the bottom of the show users list. > > Anyone know how? > > Thanks, > > Lisa Casey > Netlink 2000, Inc. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OFF TOPIC: but need some help
Will "isdn disconnect " work? On Apr 16, 2004, at 9:01 AM, Lisa Casey wrote: Hi Folks, I know this is off topic, and hope I don't get flamed for it but I have looked for an answer to this to no avail and I know there must be some Cisco AS5200 users on this list. How does one disconnect an ISDN user? With a regular 56K dialup it's just clear line (line #), but I can't find the syntax for an ISDN user. The ISDN user is not shown as being on a regular line #, instead they are shown at the bottom of the show users list. Anyone know how? Thanks, Lisa Casey Netlink 2000, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OFF TOPIC: but need some help
Hi, No, there is no command in the SA5200 that starts out isdn I am using a Cisco AS5200 RAS with this IOS: Cisco Internetwork Operating System Software IOS (tm) 5200 Software (C5200-I-L), Version 11.3(7)T, RELEASE SOFTWARE (fc1) Lisa Casey - Original Message - From: "Bob McCormick" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 11:36 AM Subject: Re: OFF TOPIC: but need some help > Will "isdn disconnect " work? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OFF TOPIC: but need some help
Hi, I want to disconnect the - Original Message - From: "Milver S. Nisay" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 11:38 AM Subject: Re: OFF TOPIC: but need some help > what are you trying to achieve? what cisco series you have? what software > version? > can you paste the output? disconnect from cisco box or from freeradius? > i am lost... > > - Original Message - > From: "Lisa Casey" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 16, 2004 4:01 PM > Subject: OFF TOPIC: but need some help > > > > Hi Folks, > > > > I know this is off topic, and hope I don't get flamed for it but I have > > looked for an answer to this to no avail and I know there must be some > Cisco > > AS5200 users on this list. > > > > How does one disconnect an ISDN user? With a regular 56K dialup it's just > > clear line (line #), but I can't find the syntax for an ISDN user. The > ISDN > > user is not shown as being on a regular line #, instead they are shown at > > the bottom of the show users list. > > > > Anyone know how? > > > > Thanks, > > > > Lisa Casey > > Netlink 2000, Inc. > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migrate from Cistron
My little understanding is that the user passwords or in the mySQL data base so radius can do CHAP authentication because of needing the clear text. They would still be added to the system files for email and the other services. If you userdel them from the system files, the mySQL database is not automatically updated to remove them. Or if you only passwd -l (lock) username the mySQL database is not automatically updated. They would still be able to log in because the mySQL database was not updated. Or am I wrong here? I don't want to have to manually update the mySQL database. That could get real hard if you have thousands of entries in there. > > I don't understand why you'd need to update SQL if the system > (/etc/passwd?) files are updated. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migrate from Cistron
are you trying to authenticate users based from password with MySQL tables or from system files (passwd), you could try to authenticate them by either MySQL tables (passwords and usernames are stored there) or by system (passwd/shadow) files but, usernames still exist in MySQL tables for a purpose..or i am lost again from what are you trying to achieve... //milver - Original Message - From: "Bob Ross" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 4:52 PM Subject: Re: Migrate from Cistron > My little understanding is that the user passwords or in the mySQL data base > so radius can do CHAP authentication because of needing the clear text. They > would still be added to the system files for email and the other services. > If you userdel them from the system files, the mySQL database is not > automatically updated to remove them. Or if you only passwd -l (lock) > username the mySQL database is not automatically updated. > > They would still be able to log in because the mySQL database was not > updated. > > Or am I wrong here? > > I don't want to have to manually update the mySQL database. That could get > real hard if you have thousands of entries in there. > > > > > I don't understand why you'd need to update SQL if the system > > (/etc/passwd?) files are updated. > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: OFF TOPIC: but need some help
If you're using PPP encapsulation, the component B-channels show up as tty lines on the NAS. Do a "show user" to find which tty lines the user is on. One or more "clear line xx" will disconnect the ISDN caller. -- __ Mike Ockenga, CCNP [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OFF TOPIC: but need some help
Hi, I have "encapsulation ppp" configured on both of my serial interfaces. Here is a show user. 40 tty 40 beckajAsync interface 00:00:04 41 tty 41 jwallace Async interface 00:01:30 42 tty 42 raysiler Async interface 00:00:03 43 tty 43 mbrockAsync interface 00:01:51 44 tty 44 dervius Async interface 00:00:00 45 tty 45 voiceintheAsync interface 00:00:01 46 tty 46 [EMAIL PROTECTED] interface 00:00:01 47 tty 47 [EMAIL PROTECTED] interface 00:00:00 48 tty 48 [EMAIL PROTECTED] interface 00:00:00 * 50 vty 0 steve idle 00:00:00 billing.jellico.com Vi1sditmer Virtual PPP (Bundle) 00:00:05 Se0:11 sditmer Sync PPP- Se0:15 sditmer Sync PPP- sditmer is the isdn user. To disconnect dervius (for example) I would type clear line 44. I cannot find a corresponding command for the isdn user. These are the available commands for clear: suzi#clear ? access-list Clear access list statistical information access-template Access-template arp-cache Clear the entire ARP cache bridge Reset bridge forwarding cache cdp Reset cdp information controller Clear controller countersClear counters on one or all interfaces dialer Clear dialer statistics frame-relay-inarp Clear inverse ARP entries from the map table hostDelete host table entries interface Clear the hardware logic on an interface ip IP lineReset a terminal line logging Clear logging buffer modem Reset modem hardware or clear modem counters modempool-counters Clear modem pool counters rif-cache Clear the entire RIF cache snapshotClear Snapshot timers tcp Clear a TCP connection or statistics x25 Clear X.25 circuits xot Clear an XOT (X.25-Over-TCP) VC and for clear line: suzi#clear line ? <0-54> Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminal Lisa Casey - Original Message - From: "Mike Ockenga" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 12:02 PM Subject: RE: OFF TOPIC: but need some help > If you're using PPP encapsulation, the component B-channels show up as tty lines on the NAS. > > Do a "show user" to find which tty lines the user is on. One or more "clear line xx" will disconnect the ISDN caller. > > > -- > __ > Mike Ockenga, CCNP [EMAIL PROTECTED] > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migrate from Cistron
We already do PAP (Shadow files). Have never done CHAP. We just started with a wholesale provider. They only send in CHAP. Radius will not do CHAP with the system files because they MUST be in clear text for the authentication. Everyone told me to use a mySQL database to store the user names and password and then switch to freeRadius because it handles this much better than Cistron would. If I put every user information in the radius user file it would choke radius if there were several thousand names in there. But if I make a change to the system files, the database would not be updated. If I make a change to the database the systems files are not updated. I don't know how to explain this any other way. - Original Message - From: "Milver S. Nisay" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 8:57 AM Subject: Re: Migrate from Cistron > are you trying to authenticate users based from password with MySQL tables > or from system files (passwd), > you could try to authenticate them by either MySQL tables (passwords and > usernames are stored there) or > by system (passwd/shadow) files but, usernames still exist in MySQL tables > for a purpose..or i am lost again > from what are you trying to achieve... > //milver > > - Original Message - > From: "Bob Ross" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 16, 2004 4:52 PM > Subject: Re: Migrate from Cistron > > > > My little understanding is that the user passwords or in the mySQL data > base > > so radius can do CHAP authentication because of needing the clear text. > They > > would still be added to the system files for email and the other services. > > If you userdel them from the system files, the mySQL database is not > > automatically updated to remove them. Or if you only passwd -l (lock) > > username the mySQL database is not automatically updated. > > > > They would still be able to log in because the mySQL database was not > > updated. > > > > Or am I wrong here? > > > > I don't want to have to manually update the mySQL database. That could get > > real hard if you have thousands of entries in there. > > > > > > > > I don't understand why you'd need to update SQL if the system > > > (/etc/passwd?) files are updated. > > > > > > Alan DeKok. > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migrate from Cistron
perl script to the rescue! - Original Message - From: "Bob Ross" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 5:11 PM Subject: Re: Migrate from Cistron > We already do PAP (Shadow files). Have never done CHAP. > > We just started with a wholesale provider. They only send in CHAP. Radius > will not do CHAP with the system files because they MUST be in clear text > for the authentication. > > Everyone told me to use a mySQL database to store the user names and > password and then switch to freeRadius because it handles this much better > than Cistron would. If I put every user information in the radius user file > it would choke radius if there were several thousand names in there. > > But if I make a change to the system files, the database would not be > updated. If I make a change to the database the systems files are not > updated. > > I don't know how to explain this any other way. > > - Original Message - > From: "Milver S. Nisay" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 16, 2004 8:57 AM > Subject: Re: Migrate from Cistron > > > > are you trying to authenticate users based from password with MySQL tables > > or from system files (passwd), > > you could try to authenticate them by either MySQL tables (passwords and > > usernames are stored there) or > > by system (passwd/shadow) files but, usernames still exist in MySQL tables > > for a purpose..or i am lost again > > from what are you trying to achieve... > > //milver > > > > - Original Message - > > From: "Bob Ross" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, April 16, 2004 4:52 PM > > Subject: Re: Migrate from Cistron > > > > > > > My little understanding is that the user passwords or in the mySQL data > > base > > > so radius can do CHAP authentication because of needing the clear text. > > They > > > would still be added to the system files for email and the other > services. > > > If you userdel them from the system files, the mySQL database is not > > > automatically updated to remove them. Or if you only passwd -l (lock) > > > username the mySQL database is not automatically updated. > > > > > > They would still be able to log in because the mySQL database was not > > > updated. > > > > > > Or am I wrong here? > > > > > > I don't want to have to manually update the mySQL database. That could > get > > > real hard if you have thousands of entries in there. > > > > > > > > > > > I don't understand why you'd need to update SQL if the system > > > > (/etc/passwd?) files are updated. > > > > > > > > Alan DeKok. > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migrate from Cistron
On Fri, Apr 16, 2004 at 09:11:17AM -0700, Bob Ross wrote: > We already do PAP (Shadow files). Have never done CHAP. > > We just started with a wholesale provider. They only send in CHAP. Radius > will not do CHAP with the system files because they MUST be in clear text > for the authentication. > > Everyone told me to use a mySQL database to store the user names and > password and then switch to freeRadius because it handles this much better > than Cistron would. If I put every user information in the radius user file > it would choke radius if there were several thousand names in there. > > But if I make a change to the system files, the database would not be > updated. If I make a change to the database the systems files are not > updated. > > I don't know how to explain this any other way. I understand what you're looking to do, and why. I don't know of any tool that does what you want, but ones may exist. You need a front-end tool that will make modifications in both databases (MySQL and the system "databases"), so that you only need execute one command. My suggestion is to write such a tool, or hire someone to. I do independant consulting, and would be happy to talk to you off-list if you would like to contract someone to do this work for you. Again, I don't know of a tool that does this already, but with the popularity of MySQL, it's possible a tool already exists. Try googling for one. - Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migrate from Cistron
Yes, but does anyone have one? I have a few people that we have been talking to about this. Most are saying to help me completely set this up and teach me a little and give me all the steps to get it done will be between $100.00 - $200.00 so it will be well worth it. > perl script to the rescue! > Thanks Bob Ross - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OFF TOPIC: but need some help
Have you tried TAC?Steve[EMAIL PROTECTED] wrote: -To: <[EMAIL PROTECTED]>From: "Lisa Casey" <[EMAIL PROTECTED]>Sent by: [EMAIL PROTECTED]Date: 04/16/2004 09:10AMSubject: Re: OFF TOPIC: but need some helpHi,I have "encapsulation ppp" configured on both of my serial interfaces.Here is a show user.40 tty 40 beckaj Async interface 00:00:04 41 tty 41 jwallace Async interface 00:01:30 42 tty 42 raysiler Async interface 00:00:03 43 tty 43 mbrock Async interface 00:01:51 44 tty 44 dervius Async interface 00:00:00 45 tty 45 voiceintheAsync interface 00:00:01 46 tty 46 [EMAIL PROTECTED] interface 00:00:01 47 tty 47 [EMAIL PROTECTED] interface 00:00:00 48 tty 48 [EMAIL PROTECTED] interface 00:00:00* 50 vty 0 steve idle 00:00:00 billing.jellico.com Vi1 sditmer Virtual PPP (Bundle) 00:00:05 Se0:11 sditmer Sync PPP - Se0:15 sditmer Sync PPP -sditmer is the isdn user. To disconnectdervius (for example) I would type clear line 44.I cannot find a corresponding command for the isdn user. These are theavailable commands for clear:suzi#clear ? access-list Clear access list statistical information access-template Access-template arp-cache Clear the entire ARP cache bridge Reset bridge forwarding cache cdp Reset cdp information controller Clear controller counters Clear counters on one or all interfaces dialer Clear dialer statistics frame-relay-inarp Clear inverse ARP entries from the map table host Delete host table entries interface Clear the hardware logic on an interface ip IP line Reset a terminal line logging Clear logging buffer modem Reset modem hardware or clear modem counters modempool-counters Clear modem pool counters rif-cache Clear the entire RIF cache snapshot Clear Snapshot timers tcp Clear a TCP connection or statistics x25 Clear X.25 circuits xot Clear an XOT (X.25-Over-TCP) VCand for clear line:suzi#clear line ? <0-54> Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminalLisa Casey- Original Message - From: "Mike Ockenga" <[EMAIL PROTECTED]>To: <[EMAIL PROTECTED]>Sent: Friday, April 16, 2004 12:02 PMSubject: RE: OFF TOPIC: but need some help> If you're using PPP encapsulation, the component B-channels show up as ttylines on the NAS.>> Do a "show user" to find which tty lines the user is on. One or more"clear line xx" will disconnect the ISDN caller.>>> -- > __> Mike Ockenga, CCNP [EMAIL PROTECTED]> -> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: OFF TOPIC: but need some help
Title: Message Try: clear int virtual-access 1 or clear int vi1 Hope that helped. cicso.com has many articles related to this or if you have SmartNet, try TAC. Ross -Original Message-From: Steve OBrien [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 12:02 PMTo: [EMAIL PROTECTED]Subject: Re: OFF TOPIC: but need some help Have you tried TAC? Steve [EMAIL PROTECTED] wrote: - To: <[EMAIL PROTECTED]>From: "Lisa Casey" <[EMAIL PROTECTED]>Sent by: [EMAIL PROTECTED]Date: 04/16/2004 09:10AMSubject: Re: OFF TOPIC: but need some helpHi,I have "encapsulation ppp" configured on both of my serial interfaces.Here is a show user.40 tty 40 beckaj Async interface 00:00:04 41 tty 41 jwallace Async interface 00:01:30 42 tty 42 raysiler Async interface 00:00:03 43 tty 43 mbrock Async interface 00:01:51 44 tty 44 dervius Async interface 00:00:00 45 tty 45 voiceintheAsync interface 00:00:01 46 tty 46 [EMAIL PROTECTED] interface 00:00:01 47 tty 47 [EMAIL PROTECTED] interface 00:00:00 48 tty 48 [EMAIL PROTECTED] interface 00:00:00* 50 vty 0 steve idle 00:00:00 billing.jellico.com Vi1 sditmer Virtual PPP (Bundle) 00:00:05 Se0:11 sditmer Sync PPP - Se0:15 sditmer Sync PPP -sditmer is the isdn user. To disconnectdervius (for example) I would type clear line 44.I cannot find a corresponding command for the isdn user. These are theavailable commands for clear:suzi#clear ? access-list Clear access list statistical information access-template Access-template arp-cache Clear the entire ARP cache bridge Reset bridge forwarding cache cdp Reset cdp information controller Clear controller counters Clear counters on one or all interfaces dialer Clear dialer statistics frame-relay-inarp Clear inverse ARP entries from the map table host Delete host table entries interface Clear the hardware logic on an interface ip IP line Reset a terminal line logging Clear logging buffer modem Reset modem hardware or clear modem counters modempool-counters Clear modem pool counters rif-cache Clear the entire RIF cache snapshot Clear Snapshot timers tcp Clear a TCP connection or statistics x25 Clear X.25 circuits xot Clear an XOT (X.25-Over-TCP) VCand for clear line:suzi#clear line ? <0-54> Line number aux Auxiliary line console Primary terminal line tty Terminal controller vty Virtual terminalLisa Casey- Original Message - From: "Mike Ockenga" <[EMAIL PROTECTED]>To: <[EMAIL PROTECTED]>Sent: Friday, April 16, 2004 12:02 PMSubject: RE: OFF TOPIC: but need some help> If you're using PPP encapsulation, the component B-channels show up as ttylines on the NAS.>> Do a "show user" to find which tty lines the user is on. One or more"clear line xx" will disconnect the ISDN caller.>>> -- > __> Mike Ockenga, CCNP [EMAIL PROTECTED]> -> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html �
We are willing to pay to get support on this (Was: Cisco-AVPair & cisco_vsa_hack())
Le lun 12/04/2004 à 17:37, Pascal Polleunus a écrit :
> Hi,
>
> We are trying to do VoIP accounting using Cisco material but we've
> problems with the attribute "Cisco-AVPair".
>
> We've defined "with_cisco_vsa_hack = yes", and it works for other
> Cisco's VSA.
>
> In rlm_preprocess.c, in cisco_vsa_hack(), I found:
>/*
> * Cisco-AVPair's get packed as:
> *
> * Cisco-AVPair = "h323-foo-bar = baz"
> *
> * which makes sense only if you're a lunatic.
> * This code looks for the attribute named inside
> * of the string, and if it exists, adds it as a new
> * attribute.
> */
>
> Does that well mean that %{h323-foo-bar} will be available (if defined
> in a dictionary)?
>
> So if we receive the following:
>Cisco-AVPair = "h323-incoming-conf-id=..."
>Cisco-AVPair = "gw-rxd-cdn=ton:0,npi:1,#:0123456789"
>Cisco-AVPair = "in-carrier-id=1"
>
> %{h323-incoming-conf-id}, %{gw-rxd-cdn} and %{in-carrier-id} should be
> available, right?
>
>
> h323-incoming-conf-id is already defined in dictionary.cisco, so we
> didn't redefined it, but for the others, we've defined a dictionary
> containing the following entries:
> ATTRIBUTE in-carrier-id 224 string Cisco
> ATTRIBUTE out-carrier-id 225 string Cisco
> ATTRIBUTE gw-rxd-cdn 226 string Cisco
>
> And we tried also with the following entries instead:
> VALUE Cisco-AVPairin-carrier-id 224
> VALUE Cisco-AVPairout-carrier-id 225
> VALUE Cisco-AVPairgw-rxd-cdn 226
>
>
> But, %{Cisco-AVPair} contains only the first attribute received
> ("h323-incoming-conf-id=...") and %{gw-rxd-cdn} and %{in-carrier-id}
> contain nothing.
>
>
> Does someone know how to solve that?
>
>
> Thanks for your help,
> Pascal Polleunus
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Jérôme Warnier
Consultant
BeezNest
http://beeznest.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
0.9.3 Memory Usage
I'm running FreeRadius 0.9.3 on a Mandrake 9.2 system with kernel 2.4.21. The system is a P3-1266MHz with 512MB of RAM. I have 4 NAS boxes one of which only does accounting information as it authenticates from a local user database. I'm using PostgreSQL for authentication and accounting as well as detail files for accounting. I notice that memory usage continues to climb until it maxes out my system. When that happens, I start getting Kernel VM messages similar to this: kernel: VM: killing process ??? Where ??? is things like httpd, postmaster, qmail, etc.. For what FreeRadius does, I don't understand why it's using so much memory. It's not like I have a lot of users or anything. I may have 125 ADSL users and 40 - 50 modem users at one time. The ADSL users are fairly static and don't authenticate very often. They usually leave their routers on. Queries to the server don't happen but 5-10 per minute at most between all NAS boxes. I do get periodic accounting updates from my Cisco router (ADSL users). I've also setup FreeRadius for a couple smaller ISPs. One only has a single NAS (Ascend MAX) and about 40 dialup users of which maybe 5-10 are online at a time. They are experiencing the same problem with memory usage that I do. Here's a clip from top on memory usage of FreeRadius. I should probably also mention that I run FreeRadius via tcpserver. I tried using the softlimit to limit memory usage but that didn't go well. VIRT RES SHR S %CPU %MEMTIME+ Command 100m 22m 1672 S 0.0 4.5 3:02.79 radiusd Any help or suggestions is appreciated. Thank you, Charlie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.9.3 Memory Usage
"Charles J. Boening" <[EMAIL PROTECTED]> wrote: > I notice that memory usage continues to climb until it maxes out my > system. When that happens, I start getting Kernel VM messages similar > to this: > > kernel: VM: killing process ??? > > Where ??? is things like httpd, postmaster, qmail, etc.. Welcome to Linux. > For what FreeRadius does, I don't understand why it's using so much > memory. It sounds like a memory leak. Try the latest CVS snapshot. It may be better. Or, try running the server with "valgrind". That may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: We are willing to pay to get support on this (Was: Cisco-AVPair & cisco_vsa_hack())
?ISO-8859-1?Q?J=E9r=F4me?= Warnier <[EMAIL PROTECTED]> wrote: ... Try the latest CVS snapshot, it may work better there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 0.9.3 Memory Usage
Alan, Thanks for the valgrind suggestion. I'll check out the latest CVS as well. Charlie -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Friday, April 16, 2004 11:36 AM To: [EMAIL PROTECTED] Subject: Re: 0.9.3 Memory Usage "Charles J. Boening" <[EMAIL PROTECTED]> wrote: > I notice that memory usage continues to climb until it maxes out my > system. When that happens, I start getting Kernel VM messages similar > to this: > > kernel: VM: killing process ??? > > Where ??? is things like httpd, postmaster, qmail, etc.. Welcome to Linux. > For what FreeRadius does, I don't understand why it's using so much > memory. It sounds like a memory leak. Try the latest CVS snapshot. It may be better. Or, try running the server with "valgrind". That may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
Hello everybody, I'm new here :) If anybody can help me plz i would apreciate. So i have a NAS server (MAXTNT from Lucent) i've installed FreeRadius on a linux box with MySql. I have no problems with it but i whant to assing for an account let's say mihai a static IP address from a pool of addresses not a static one (Framed-Ip-Address). So in mysql - radius - i have radreply table. In wich let's say for static IP i'll use : mihai Framed-Ip-Address:= 1.1.1.1 But i don't whant just one IP for this account i whant a range let's say from 1.1.1.1 - 1.1.1.100 So i repeat. FREERADIUS + MYSQL- Linux box . MAXTNT - LUCENT Thank you in advance, -- Barbulescu Mihai Network Engineer RoEduNet Bucharest NOC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: We are willing to pay to get support on this (Was: Cisco-AVPair & cisco_vsa_hack())
On Fri, 2004-04-16 at 20:42, Alan DeKok wrote: > ?ISO-8859-1?Q?J=E9r=F4me?= Warnier <[EMAIL PROTECTED]> wrote: > ... > > Try the latest CVS snapshot, it may work better there. My first remarks: I was surprised to find the dialup-admin as a Debian package. Though, it is completely broken. The files are not where they should, and are not even copied at all. $ dpkg -L freeradius-dialupadmin /. /usr /usr/share /usr/share/dialupadmin /usr/share/doc /usr/share/doc/dialupadmin /usr/share/doc/freeradius-dialupadmin /usr/share/doc/freeradius-dialupadmin/README.Debian /usr/share/doc/freeradius-dialupadmin/copyright /usr/share/doc/freeradius-dialupadmin/changelog.gz /usr/share/doc/freeradius-dialupadmin/README.gz /usr/share/doc/freeradius-dialupadmin/changelog.Debian.gz /dialup_admin /dialup_admin/conf /dialup_admin/conf/accounting.attrs /dialup_admin/conf/admin.conf /dialup_admin/conf/auth.request /dialup_admin/conf/captions.conf /dialup_admin/conf/config.php3 /dialup_admin/conf/CVS /dialup_admin/conf/default.vals /dialup_admin/conf/extra.ldap-attrmap /dialup_admin/conf/naslist.conf /dialup_admin/conf/sql.attrmap /dialup_admin/conf/sql.attrs /dialup_admin/conf/user_edit.attrs /dialup_admin/conf/username.mappings /dialup_admin/bin /dialup_admin/Changelog /dialup_admin/CVS /dialup_admin/doc /dialup_admin/htdocs /dialup_admin/html /dialup_admin/lib /dialup_admin/README /dialup_admin/sql /etc /etc/freeradius-dialupadmin /usr/share/dialupadmin/conf I'm going to submit a patch soon because I'd like to see how this one runs. Thanks for your help, we'll let you know. > Alan DeKok. -- Jerome Warnier <[EMAIL PROTECTED]> BeezNest s.a r.l. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hello,
Here, try this see if this will work. This should be above the first DEFAULT setting. If your PAP usernameService-Type = Framed-User Simultaneous-Use = 1, Framed-IP-Address = 65.169.223.181, Fall-Through = Yes IF CHAP usernameAuth-Type = Local, Password = "password" Framed-IP-Address = 65.169.223.181, Fall-Through = Yes - Original Message - From: "Mihai Barbulescu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 2:27 PM Subject: Hello, >Hello everybody, > I'm new here :) > > If anybody can help me plz i would apreciate. > So i have a NAS server (MAXTNT from Lucent) i've installed FreeRadius on a linux box with MySql. > I have no problems with it but i whant to assing for an account let's say mihai a static IP > address from a pool of addresses not a static one (Framed-Ip-Address). >So in mysql - radius - i have radreply table. In wich let's say for static IP i'll use : > mihai Framed-Ip-Address:= 1.1.1.1 >But i don't whant just one IP for this account i whant a range let's say from 1.1.1.1 - 1.1.1.100 > So i repeat. > FREERADIUS + MYSQL- Linux box . > MAXTNT - LUCENT > > > Thank you in advance, > > -- > Barbulescu Mihai > Network Engineer > RoEduNet Bucharest NOC > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hello,
use ip poolling. - Original Message - From: "Mihai Barbulescu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 16, 2004 10:27 PM Subject: Hello, >Hello everybody, > I'm new here :) > > If anybody can help me plz i would apreciate. > So i have a NAS server (MAXTNT from Lucent) i've installed FreeRadius on a linux box with MySql. > I have no problems with it but i whant to assing for an account let's say mihai a static IP > address from a pool of addresses not a static one (Framed-Ip-Address). >So in mysql - radius - i have radreply table. In wich let's say for static IP i'll use : > mihai Framed-Ip-Address:= 1.1.1.1 >But i don't whant just one IP for this account i whant a range let's say from 1.1.1.1 - 1.1.1.100 > So i repeat. > FREERADIUS + MYSQL- Linux box . > MAXTNT - LUCENT > > > Thank you in advance, > > -- > Barbulescu Mihai > Network Engineer > RoEduNet Bucharest NOC > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hello,
Hello , Me again :) Thx for all the help but i've told you i use mysql so i've modified radreply : mihaiX-Ascend-Assign-IP-Pool := 2 So for username :mihai will use the IP Pool configured on maxtnt : ip pool number 2 = 1.1.1.1-1.1.1.252 On Fri, Apr 16, 2004 at 10:26:48PM +0100, Milver S. Nisay wrote: > use ip poolling. > > - Original Message - > From: "Mihai Barbulescu" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 16, 2004 10:27 PM > Subject: Hello, > > > >Hello everybody, > > I'm new here :) > > > > If anybody can help me plz i would apreciate. > > So i have a NAS server (MAXTNT from Lucent) i've installed FreeRadius on > a linux box with MySql. > > I have no problems with it but i whant to assing for an account let's > say mihai a static IP > > address from a pool of addresses not a static one (Framed-Ip-Address). > >So in mysql - radius - i have radreply table. In wich let's say for > static IP i'll use : > > mihai Framed-Ip-Address:= 1.1.1.1 > >But i don't whant just one IP for this account i whant a range let's > say from 1.1.1.1 - 1.1.1.100 > > So i repeat. > > FREERADIUS + MYSQL- Linux box . > > MAXTNT - LUCENT > > > > > > Thank you in advance, > > > > -- > > Barbulescu Mihai > > Network Engineer > > RoEduNet Bucharest NOC > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Barbulescu Mihai Network Engineer RoEduNet Bucharest NOC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Looking to setup a radius server
I run a very small visp and have always used a hosted radius with the reseller. I'm interested in setting up a radius server on my webserver (linux based, hosted currently at ev1servers.net) to allow better control of user sign-ups and maybe offer some special time packages. If there is anyone that is interested in either doing this for a small fee or walking me through the process please reply offlist so as not to clutter the listserver. Thanks, Steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: We are willing to pay to get support on this (Was: Cisco-AVPair & cisco_vsa_hack())
On Fri, Apr 16, 2004 at 09:55:01PM +0200, Jerome Warnier wrote: > On Fri, 2004-04-16 at 20:42, Alan DeKok wrote: > > ?ISO-8859-1?Q?J=E9r=F4me?= Warnier <[EMAIL PROTECTED]> wrote: > > ... > > > > Try the latest CVS snapshot, it may work better there. > My first remarks: > I was surprised to find the dialup-admin as a Debian package. Though, it > is completely broken. The files are not where they should, and are not > even copied at all. > $ dpkg -L freeradius-dialupadmin > /. > /usr > /usr/share > /usr/share/dialupadmin > /usr/share/doc > /usr/share/doc/dialupadmin > /usr/share/doc/freeradius-dialupadmin > /usr/share/doc/freeradius-dialupadmin/README.Debian > /usr/share/doc/freeradius-dialupadmin/copyright > /usr/share/doc/freeradius-dialupadmin/changelog.gz > /usr/share/doc/freeradius-dialupadmin/README.gz > /usr/share/doc/freeradius-dialupadmin/changelog.Debian.gz > /dialup_admin > /dialup_admin/conf > /dialup_admin/conf/accounting.attrs > /dialup_admin/conf/admin.conf > /dialup_admin/conf/auth.request > /dialup_admin/conf/captions.conf > /dialup_admin/conf/config.php3 > /dialup_admin/conf/CVS > /dialup_admin/conf/default.vals > /dialup_admin/conf/extra.ldap-attrmap > /dialup_admin/conf/naslist.conf > /dialup_admin/conf/sql.attrmap > /dialup_admin/conf/sql.attrs > /dialup_admin/conf/user_edit.attrs > /dialup_admin/conf/username.mappings > /dialup_admin/bin > /dialup_admin/Changelog > /dialup_admin/CVS > /dialup_admin/doc > /dialup_admin/htdocs > /dialup_admin/html > /dialup_admin/lib > /dialup_admin/README > /dialup_admin/sql > /etc > /etc/freeradius-dialupadmin > /usr/share/dialupadmin/conf Hmm, that's interesting. I _thought_ it worked when I did it here... I'll have another look now, and see what I did wrong... The directories are right, the files just didn't go _into_ them. :-( > I'm going to submit a patch soon because I'd like to see how this one > runs. -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius, MySQL, and custom attributes
I'm using FreeRADIUS and MySQL
I am trying to add an attribute
We have normal and accelerated dialup (using a program called Slipstream). I have
added an attribute in the dictionary VENDOR Slipstream 7000 ATTRIBUTE
Slipstream-Auth 1 string Slipstream
I'm pretty sure that I need the attribute in the Access-Accept packet
In sql.conf, I have added (as per the comments in sql.conf and the other sql queries
listed):
attr_check_query = "SELECT id,UserName,Attribute,Value,op FROM slipcheck WHERE
username='%{SQL-User-Name}' ORDER BY id"
attr_reply_query = "SELECT id,UserName,Attribute,Value,op FROM slipreply WHERE
username='%{SQL-User-Name}' ORDER BY id"
I also created tables in the MySQL radius database, slipcheck and slipreply The
Attribute is Slipstream-Auth and the Value is either True or NULL (I believe the op is
== for slipcheck and := for slipreply, I'm not sure how this is supposed to be)
When I do a radtest, I don't see the attribute in the access-accept packet. So as far
as I know, it does not appear to be working. It seems I am missing something. It
must be something easy because I'm sure many people have done something like this
before.
When I use ./radiusd -X will I be able to see the attributes in a reply when I do a
radtest? If not, then how do I test to make sure it is working?
Any help is appreciated
Thank you,
Evan Stenmark
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
