freeradius(RH 7.2)+wrt54g+WinXP/slackware
Hi, Is there anyone have make the freeradius run with Linksys WRT54G router, I want to make WinXP/slackware client work with WRT54G, is there any HOWTO or someone could give me any direction? Thank you. Regards, loader - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OS for FreeRADIUS
В сообщении от 21 Апрель 2004 09:39 stenmark написал(a): > Is there a recommended OS for freeradius? > Is there really a difference (performance or otherwise) between running > freeradius on FreeBSD compared to a distrobution of Linux (RedHat, Gentoo, > etc...)? I'm used FreeRADIUS on Gentoo & Mandrake. Compiled from source with support PostgreSQL for SQL backend. On mandrake seting FreeRADIUS for VoIP in production mode. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OS for FreeRADIUS
Is there a recommended OS for freeradius? Is there really a difference (performance or otherwise) between running freeradius on FreeBSD compared to a distrobution of Linux (RedHat, Gentoo, etc...)? Evan Stenmark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PAP/CHAP - debug output
This is the error we are getting when a PAP user tries to log in. They are in the passwd/shadow files. Thread 1 handling request 0, (1 handled so far) User-Name = "username" User-Password = "*" NAS-IP-Address = 65.169.xxx.x(Omitted) NAS-Port = 31 Service-Type = Framed-User Framed-Protocol = PPP USR-Connect-Speed = 16800-BPS USR-Modulation-Type = v32Terbo USR-Simplified-MNP-Levels = mnpLevel4 USR-Simplified-V42bis-Usage = none USR-Chassis-Call-Slot = 0 USR-Chassis-Call-Span = 1 USR-Chassis-Call-Channel = 2 NAS-Identifier = "ras1" Acct-Session-Id = "07020118" NAS-Port-Type = Async modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "eap" returns noop for request 0 rlm_realm: No '@' in User-Name = "bertram", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 radius_xlat: '' modcall[authorize]: module "sql" returns fail for request 0 modcall: group authorize returns fail for request 0 There was no response configured: rejecting request 0 Server rejecting request 0. Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Access-Request packet from host 65.169.xxx.x:1645, id=110, length=191 Sending Access-Reject of id 110 to 65.169.xxx.x:1645 - Original Message - From: "Milver S. Nisay" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 20, 2004 12:34 PM Subject: Re: PAP/CHAP > > I was told that FreeRadius can answer PAP/CHAP at the same > > time that it didn't care. > > Yes, freeradius does not care what authentication request are coming in, > whether PAP/CHAP or system authenticated > accounts. If freeradius was configured properly, it will reply as it was > tasked to do. > > > The problem I'm having is if a user loges in with no realm (PAP) and > > there user name is in the system files, it doesn't work. If I use a > > different user and log in to our wholesale(CHAP) side the user name in the > mysql > > database does fine. > > no realm or with realm, freeradius does not care, it will do what we design > its radiusd.conf to be. > there's a work around, PAP accounts can be configured to be authenticated > based from account names, password and > expiration attributes and others inside MySQL database too, without ofcourse > using /etc/passwd and /etc/shadow files. > > > How do I tell FreeRadius to look in the system file first and then the > > Local (mySQL) second if not found in the System files? > > it does and that is why you don't need to.. > > > I did not really want to run two radius on the same machine on different > > ports if at all possible. > > if you like it that way, it can be worked out without considering pros and > cons. > > > > Other than this little snag, I have all my tools to work everything from > the > > command prompt. Add, Disable, Enable, Remove, etc.. > > hope this helps. > > //milver > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PAP/CHAP
So where in the radiusd.conf do I tell it to do this? In the users file I have this and I'm sure this could be causing part of our problem. Might be wrong to have two default, does it need to be other? DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type = Local Fall-Through = 1 DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP > > no realm or with realm, freeradius does not care, it will do what we design > its radiusd.conf to be. > there's a work around, PAP accounts can be configured to be authenticated > based from account names, password and > expiration attributes and others inside MySQL database too, without ofcourse > using /etc/passwd and /etc/shadow files. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius + PostgreSQL not working
I've got this:
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded
and linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radacct
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql): Connected new DB handle, #0
.
.
.
rlm_sql (sql): starting 24
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #24
rlm_sql (sql): Connected new DB handle, #24
Module: Instantiated sql (sql)
Is it right if it goes up to 24 ?
Thanks for your help!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Pascal
Polleunus
Sent: Tuesday, April 20, 2004 11:01 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: Freeradius + PostgreSQL not working
VoipOne NOC wrote:
> Hi
>
> I have freeradius 0.9.3, compiled on a Debian Unstable system for
> PostgreSQL support.
>
> Once I installe everything, it seems to work right. Following is the
> final output from "freeradius -xxyz -l stdout" :
Do you have something like this:
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql) loaded
and linked rlm_sql (sql): Attempting to connect to user@:/dbname rlm_sql
(sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql): Connected new DB handle, #0 ...
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
> 1814/udp.
> Ready to process requests.
>
> And when I try to send the radius packets for accounting from my Cisco
> router, it just doesn't work
Do you receive some output in debug mode, from your router?
> I have the following lines changed in my radiusd.conf:
> with_cisco_vsa_hack = yes
> $INCLUDE ${confdir}/postgresql.conf
> #unix (wtmp file) * commented out
> #radutmp * commented out
> Added sql instead of the unix accounting method.
>
> If anyone has experience with this, please let me know what I can do.
We succeeded to make it work with Debian Sarge + PostgreSQL 7.4.2 +
Cisco ;-)
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Huntgroup matching == vs !=
Hi, working alot on 0.9.3 at the moment, hope you not feel bothered to much of my many requests. This time i found something starnge regarding the huntgroup Matching. Lets says there is a huntgroup call "foo" with some ips and a lot of othere ips wich are not part of a huntgroup as they could change verxy offten. I like to get some Atributes added and then stop reading users file if the request are not coming from the huntgroup foo and ignoring those when the request comes from foo to furter parse the file. I tryed. users: DEFAULT Huntgroup != "foo" my attributes to add DEFAULT my attributes for all othere NASES Fall-Trough = yes individual user with special Attributes This doesnt work that. The DEFAULT always matches ... regardless if NAS is from foo or not. Intressting part is that the debug shows multiple matches like. huntgroups: Matched foo at 1 huntgroups: Matched foo at 1 huntgroups: Matched foo at 1 huntgroups: Matched foo at 1 users: Matched DEFAULT at 12 The amount of matches is the amount of Attributes that packet has. Not sure is understood the source right. Maybe my day is already to long but i can´t pick up the logic in valuepair:paircompare: case T_OP_CMP_EQ: if (compare != 0) result = -1; break; case T_OP_NE: if (compare == 0) result = -1; break; I would expect it does what it want. Anyway i not sure why it runs over the attributes and is comparing all of them. I´am lost Bye Holger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PAP/CHAP
> I was told that FreeRadius can answer PAP/CHAP at the same > time that it didn't care. Yes, freeradius does not care what authentication request are coming in, whether PAP/CHAP or system authenticated accounts. If freeradius was configured properly, it will reply as it was tasked to do. > The problem I'm having is if a user loges in with no realm (PAP) and > there user name is in the system files, it doesn't work. If I use a > different user and log in to our wholesale(CHAP) side the user name in the mysql > database does fine. no realm or with realm, freeradius does not care, it will do what we design its radiusd.conf to be. there's a work around, PAP accounts can be configured to be authenticated based from account names, password and expiration attributes and others inside MySQL database too, without ofcourse using /etc/passwd and /etc/shadow files. > How do I tell FreeRadius to look in the system file first and then the > Local (mySQL) second if not found in the System files? it does and that is why you don't need to.. > I did not really want to run two radius on the same machine on different > ports if at all possible. if you like it that way, it can be worked out without considering pros and cons. > > Other than this little snag, I have all my tools to work everything from the > command prompt. Add, Disable, Enable, Remove, etc.. hope this helps. //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC Authentication
Is it possible to have a *.txt file with a list of mac-adresses with are used as login users. The password is the same for all. This is great for mac-auth, where client-pc's are authenticated on there mac address.It is not possible to add every client-pc as a user seperatly. It must be a mac list in a txt file. I tested this with user-dial-number as it will be send by the radius client, but that meens that every mac is a single client. I need a list. No password. -- "Sie haben neue Mails!" - Die GMX Toolbar informiert Sie beim Surfen! Jetzt aktivieren unter http://www.gmx.net/info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PAP/CHAP
I hope I can type this so everyone understands. Now that I have our freeradius 0.9.3 running and working with mySQL 4.0.18 I have a question I hope can be answered. I was told that FreeRadius can answer PAP/CHAP at the same time that it didn't care. The problem I'm having is if a user loges in with no realm (PAP) and there user name is in the system files, it doesn't work. If I use a different user and log in to our wholesale(CHAP) side the user name in the mysql database does fine. How do I tell FreeRadius to look in the system file first and then the Local (mySQL) second if not found in the System files? I did not really want to run two radius on the same machine on different ports if at all possible. Other than this little snag, I have all my tools to work everything from the command prompt. Add, Disable, Enable, Remove, etc.. Thanks Bob Ross - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compile freeradius in C++
"Htin Hlaing" <[EMAIL PROTECTED]> wrote: > If I write a module which is very specific towards communicating with > the proprietary product outside of the FreeRadius, do I need to have > the source code for this module available..? If you distribute the binary version to anyone other than yourself (or the company you work for), yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Compile freeradius in C++
Hi, If I write a module which is very specific towards communicating with the proprietary product outside of the FreeRadius, do I need to have the source code for this module available..? Thanks, Htin > -Original Message- > From: [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] On Behalf Of Dave Mason > Sent: Tuesday, April 20, 2004 9:27 AM > To: freeradius mailing list > Subject: Re: Compile freeradius in C++ > > Hi, > I had a similar problem but took a slightly different approach. I had a > C++ library that I needed to use from inside an rlm_eap subtype module. > Instead of bringing C++ into rlm_eap, I wrote a C wrapper around the C++ > API, and call the C function from within freeradius. The wrapper function > needs to be C++ so it can invoke methods on C++ objects, and the wrapper > header has to have the "#ifdef __cplusplus" so both freeradius and the > wrapper body can use it. In the Makefile, you need to add your C++ > library and -lstdc++ to RLM_LIBS. > > One problem I ran into here is that I have to dynamically link freeradius > while my C++ library is statically linked. When I link my rlm, the linker > gives a warning but it seems to work. Ideally freeradius will get a fix > for the problem that prevents static link for modules that have > submodules. :) > > Dave > > Aurélien Magniez wrote: > > >Hi, > > > >I also wrote a C++ module under FreeRadius. Look at > >this page : > > > >http://lists.cistron.nl/archives/freeradius-devel/2004/04/msg1.html > > > > > >Aurélien Magniez > > > > > > > > > > > <[EMAIL PROTECTED]> wrote: > > >At 11:41 19/04/2004, you wrote: > > > > > >>>"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > >> > >> > > Does anyone know how I could compile freeradius in C++ using g++ > >>> > >>> > >>> instead of > >> > >> > > gcc ? > >>> > >>> > >>> > >>> Why? There's no C++ code in FreeRADIUS, so there's no point in > >>>using a C++ compiler. > >> > >> > > > > > >I am writing a module that need to use C++ files that I wish I did not > need > >to rewrite... > > > > > > > > > > I am not very familiar with the underlying configure mechanism , > all i > >>> > >>> > >>> know > >> > >> > > is to type 'configure' an then 'make' ... > >>> > >>> > >>> > >>> Then you're definitely not going to want to use a C++ compiler. > >>> > >>> Alan DeKok. > >>> > >>>- > >>>List info/subscribe/unsubscribe? See > >>>http://www.freeradius.org/list/users.html > >> > >> > > > > > > > > > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compile freeradius in C++
Hi, I had a similar problem but took a slightly different approach. I had a C++ library that I needed to use from inside an rlm_eap subtype module. Instead of bringing C++ into rlm_eap, I wrote a C wrapper around the C++ API, and call the C function from within freeradius. The wrapper function needs to be C++ so it can invoke methods on C++ objects, and the wrapper header has to have the "#ifdef __cplusplus" so both freeradius and the wrapper body can use it. In the Makefile, you need to add your C++ library and -lstdc++ to RLM_LIBS. One problem I ran into here is that I have to dynamically link freeradius while my C++ library is statically linked. When I link my rlm, the linker gives a warning but it seems to work. Ideally freeradius will get a fix for the problem that prevents static link for modules that have submodules. :) Dave Aurélien Magniez wrote: Hi, I also wrote a C++ module under FreeRadius. Look at this page : http://lists.cistron.nl/archives/freeradius-devel/2004/04/msg1.html Aurélien Magniez <[EMAIL PROTECTED]> wrote: At 11:41 19/04/2004, you wrote: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > Does anyone know how I could compile freeradius in C++ using g++ instead of > gcc ? Why? There's no C++ code in FreeRADIUS, so there's no point in using a C++ compiler. I am writing a module that need to use C++ files that I wish I did not need to rewrite... > I am not very familiar with the underlying configure mechanism , all i know > is to type 'configure' an then 'make' ... Then you're definitely not going to want to use a C++ compiler. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + PostgreSQL not working
VoipOne NOC wrote:
Hi
I have freeradius 0.9.3, compiled on a Debian Unstable system for PostgreSQL
support.
Once I installe everything, it seems to work right. Following is the final
output from "freeradius -xxyz -l stdout" :
Do you have something like this:
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_postgresql (module rlm_sql_postgresql)
loaded and linked
rlm_sql (sql): Attempting to connect to user@:/dbname
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql): Connected new DB handle, #0
...
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
And when I try to send the radius packets for accounting from my Cisco
router, it just doesn't work
Do you receive some output in debug mode, from your router?
I have the following lines changed in my radiusd.conf:
with_cisco_vsa_hack = yes
$INCLUDE ${confdir}/postgresql.conf
#unix (wtmp file) * commented out
#radutmp * commented out
Added sql instead of the unix accounting method.
If anyone has experience with this, please let me know what I can do.
We succeeded to make it work with Debian Sarge + PostgreSQL 7.4.2 +
Cisco ;-)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + PostgreSQL not working
Hi
I have freeradius 0.9.3, compiled on a Debian Unstable system for PostgreSQL
support.
Once I installe everything, it seems to work right. Following is the final
output from "freeradius -xxyz -l stdout" :
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
And when I try to send the radius packets for accounting from my Cisco
router, it just doesn't work
I have the following lines changed in my radiusd.conf:
with_cisco_vsa_hack = yes
$INCLUDE ${confdir}/postgresql.conf
#unix (wtmp file) * commented out
#radutmp* commented out
Added sql instead of the unix accounting method.
If anyone has experience with this, please let me know what I can do.
Regards.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxying after local reject
Hi everybody. I'd like to differentiate users without using realms, my intention is to send the request (proxy) to another radius on another machine ONLY IF it is rejected by the first radius, is it possible? Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: expiration attribute
"Milver S. Nisay" <[EMAIL PROTECTED]> wrote: > The next challenge for a prepaid dialup would be , is there a possibility > that an > account's expiration would be modified, using MsSQL queries inside > sqlcounter.conf, on the first successful authentication I would suggest running an external program to do that. > For Ex. An prepaid dialup card is to expire within 30 days starting May 1, > but the user who bought it used the prepaid dialup account on the May 29, is > there an attribute that will modify or prolong the expiration for 29 days > more since it was used successfully on the 29th day of the month, therefore > activating the dialup account on the first successful usage. That is a *very* specialized requirement, and is not possible with the default modules. You should be able to write a simple shell script to catch that case, and update the database. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: We are willing to pay to get support on this (Was: Cisco-AVPair & cisco_vsa_hack())
On Tue, Apr 20, 2004 at 12:30:54PM +0200, Jérôme Warnier wrote:
> Le mar 20/04/2004 à 00:47, Paul Hampson a écrit :
> > On Sun, Apr 18, 2004 at 03:51:12PM +0200, Jerome Warnier wrote:
> > > On Sun, 2004-04-18 at 15:13, Paul Hampson wrote:
> > > > On Sun, Apr 18, 2004 at 12:33:53PM +0200, Jerome Warnier wrote:
> > > > > On Sun, 2004-04-18 at 05:43, Paul Hampson wrote:
> > > > > > On Sat, Apr 17, 2004 at 11:41:27PM +0200, Jerome Warnier wrote:
> > > > > > > On Sat, 2004-04-17 at 06:02, Paul Hampson wrote:
> > > > > > > > On Fri, Apr 16, 2004 at 09:55:01PM +0200, Jerome Warnier wrote:
> > > > > > > > > On Fri, 2004-04-16 at 20:42, Alan DeKok wrote:
> > > > > > > > > > ?ISO-8859-1?Q?J=E9r=F4me?= Warnier <[EMAIL PROTECTED]> wrote:
> > > > > > > > > > ...
> >
> > > > > > > > > > Try the latest CVS snapshot, it may work better there.
> >
> > > > > And you have of course to use dh_perl in debian/rules to substitute the
> > > > > ${perl:Depends}. I suggest the following (not tested):
> > > > > dh_perl -p freeradius-dialupadmin dialup_admin/bin
> >
> > > > I think I'll make that a Recommends, not a Depends... Unless those perl
> > > > scripts are vital to the operation of most of dialup-admin? A brief
> > > > examination of the README suggest they're all optional extras, that I
> > > > (for example) would never run. (We don't do bandwidth tracking/billing,
> > > > and I don't want it whacking data from my radacct table.)
> > > There is also a crontab file in this directory, which uses most the
> > > other scripts there, but needs fixing before being (optionally) put into
> > > /etc/cron.d. This file needs fixing anyway, because it currently points
> > > to /usr/local/...
> > I'll put this in as an example, I think. However, I will have to add a
> > sed script to fix the paths in the crontab.
> Yes, put it in /usr/share/doc/freeradius-dialupadmin/examples instead of
> the current directory.
> Do you want me to write the sed script?
> Something like this should do the trick:
> sed -i 's/usr/local/dialup\_admin_/usr/share/dialupadmin'
> dialup_admin.cron
I did indeed use something like that, thankyou. Building overnight, if
it worked I'll commit to CVS in the morning.
--
Paul "TBBle" Hampson, on an alternate email client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: expiration attribute
Thanks Alan. My expiration attribute is now working To add more details, the OP field must be set to "==" and not ":=" and it worked smoothly. The next challenge for a prepaid dialup would be , is there a possibility that an account's expiration would be modified, using MsSQL queries inside sqlcounter.conf, on the first successful authentication For Ex. An prepaid dialup card is to expire within 30 days starting May 1, but the user who bought it used the prepaid dialup account on the May 29, is there an attribute that will modify or prolong the expiration for 29 days more since it was used successfully on the 29th day of the month, therefore activating the dialup account on the first successful usage. I hope I made my point clear here. Anyone? - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 20, 2004 3:41 PM Subject: Re: expiration attribute > "Milver S. Nisay" <[EMAIL PROTECTED]> wrote: > > i have inserted expiration attribute with radcheck table, with a PAP account > > as shown below > > | 243 | milver | Expiration | := | 20040419153024 | > > That isn't a date. It's simply a long number. > > > but if i manipulate the expiration attribute to a date which has expired or > > past already, > > authentication STILL seems to go, nothing changed, the account can still > > logon with freeradius. > > No, you edit the Expiration to have another value, which still isn't > a date. > > In the 0.9.3 release, try "01 Jan 2004". In the CVS snapshots, you > can use HH:MM:SS, too. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: slightly o/t, but bsd is there a libradius for linux?
"Tariq Rashid" <[EMAIL PROTECTED]> wrote: > slightly off-topic, but is there a library like the standard FreeBSD > (4.9) libradius for linux? (eg debian 3 unstable/stable) Not that I'm aware of. > i've got benchamrking code written to test freeradius/radiator which > links against this, but i need to move this code to a faster linux box. > > the lib radiuclient(-ng) has a different interface on initial > inspection. FreeRADIUS has it's own libradius. You may want to try using that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: expiration attribute
"Milver S. Nisay" <[EMAIL PROTECTED]> wrote: > i have inserted expiration attribute with radcheck table, with a PAP account > as shown below > | 243 | milver | Expiration | := | 20040419153024 | That isn't a date. It's simply a long number. > but if i manipulate the expiration attribute to a date which has expired or > past already, > authentication STILL seems to go, nothing changed, the account can still > logon with freeradius. No, you edit the Expiration to have another value, which still isn't a date. In the 0.9.3 release, try "01 Jan 2004". In the CVS snapshots, you can use HH:MM:SS, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question - Specific DEFAULT entry for use when password fails, another for when user doesn't exist.
"Daniel W. Halverson" <[EMAIL PROTECTED]> wrote: > Thanks for the quick response. With failover, would you be able to > detect if a user exists in the users file, but the password doesn't > match? Not entirely. See doc/aaa.txt The "users" file can return "notfound", if the username isn't listed there. But the password checking is done elsewhere, in the "authenticate" section. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to add attributes at post proxy stage ?
Ok, anothere maybe more acurate description about what i like to get is. - add attriutes in postproxy to any packet based on username/realms/wildcards - What about adding a postproxy stage to the files module with 100% copy of the standart funtion just anothere filename ? Bye Holger [EMAIL PROTECTED] <> wrote on : > "Holger Steppke" <[EMAIL PROTECTED]> wrote: >> Now i need same function with Freeradius. Well i think a >> "post_proxy_authorize = yes" would do and my usersfile is parsed again. > > Yes. That's what it's there fore. > >> Is there a better way of doing it in freeradius ?! > > That depends on what you want. You described your current > implementation, which is less important than your end goals. > >> I just like to add some attributes befor sending the ACK furter to the >> NAS, the filtre module can only match on realms and not usernames so >> thats not an option as far as i can see. > > For now, that's the simplest way to do it. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
slightly o/t, but bsd is there a libradius for linux?
slightly off-topic, but is there a library like the standard FreeBSD (4.9) libradius for linux? (eg debian 3 unstable/stable) i've got benchamrking code written to test freeradius/radiator which links against this, but i need to move this code to a faster linux box. the lib radiuclient(-ng) has a different interface on initial inspection. are there others which conform to the libradius api? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusi.log question
Title: radiusi.log question Is their a way to run freeradius so the passwords in radiusd.log are encrypted? Auth-Type := System if you do not want to see the password from the radius log, play with these system attributes log_auth = yeslog_auth_badpass = yeslog_auth_goodpass = yes or disable it at all. with PAP, use crypt . //milver
radiusi.log question
Title: radiusi.log question Is their a way to run freeradius so the passwords in radiusd.log are encrypted? Auth-Type := System Sorry about asking this again, but I suspect I was not clear in my first port on this. Thanks, Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications.
expiration attribute
i am trying to make expiration attribute works. my freeradius 0.9.1 + MySQL 3.23. did some search with the mailing list, and could not lead to a solution. i have inserted expiration attribute with radcheck table, with a PAP account as shown below +-+--+--+++ | id | UserName | Attribute| op | Value | +-+--+--+++ | 239 | milver | Auth-Type| := | PAP| | 240 | milver | Simultaneous-Use | := | 1 | | 242 | milver | User-Password | := | 1 | | 243 | milver | Expiration | := | 20040419153024 | +-+--+--+++ but if i manipulate the expiration attribute to a date which has expired or past already, authentication STILL seems to go, nothing changed, the account can still logon with freeradius. my plan is to implement all authentication/authorization via MySQL tables, without using expiration scheme based on /etc/passwd & /etc/shadow field settings or user settings.is this attribute for radcheck alone? anyone could shed a view? a bug from my freeradius version?anyone? //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: We are willing to pay to get support on this (Was: Cisco-AVPair & cisco_vsa_hack())
Le mar 20/04/2004 à 00:47, Paul Hampson a écrit :
> On Sun, Apr 18, 2004 at 03:51:12PM +0200, Jerome Warnier wrote:
> > On Sun, 2004-04-18 at 15:13, Paul Hampson wrote:
> > > On Sun, Apr 18, 2004 at 12:33:53PM +0200, Jerome Warnier wrote:
> > > > On Sun, 2004-04-18 at 05:43, Paul Hampson wrote:
> > > > > On Sat, Apr 17, 2004 at 11:41:27PM +0200, Jerome Warnier wrote:
> > > > > > On Sat, 2004-04-17 at 06:02, Paul Hampson wrote:
> > > > > > > On Fri, Apr 16, 2004 at 09:55:01PM +0200, Jerome Warnier wrote:
> > > > > > > > On Fri, 2004-04-16 at 20:42, Alan DeKok wrote:
> > > > > > > > > ?ISO-8859-1?Q?J=E9r=F4me?= Warnier <[EMAIL PROTECTED]> wrote:
> > > > > > > > > ...
>
> > > > > > > > > Try the latest CVS snapshot, it may work better there.
>
> > > > And you have of course to use dh_perl in debian/rules to substitute the
> > > > ${perl:Depends}. I suggest the following (not tested):
> > > > dh_perl -p freeradius-dialupadmin dialup_admin/bin
>
> > > I think I'll make that a Recommends, not a Depends... Unless those perl
> > > scripts are vital to the operation of most of dialup-admin? A brief
> > > examination of the README suggest they're all optional extras, that I
> > > (for example) would never run. (We don't do bandwidth tracking/billing,
> > > and I don't want it whacking data from my radacct table.)
> > There is also a crontab file in this directory, which uses most the
> > other scripts there, but needs fixing before being (optionally) put into
> > /etc/cron.d. This file needs fixing anyway, because it currently points
> > to /usr/local/...
>
> I'll put this in as an example, I think. However, I will have to add a
> sed script to fix the paths in the crontab.
Yes, put it in /usr/share/doc/freeradius-dialupadmin/examples instead of
the current directory.
Do you want me to write the sed script?
Something like this should do the trick:
sed -i 's/usr/local/dialup\_admin_/usr/share/dialupadmin'
dialup_admin.cron
> > Did not use any yet, so you are probably right. Maybe a debconf question
> > would be useful (setup crontab for accounting or not)?
> > Don't forget it just applies to Dialup Admin, which many people won't
> > probably bother installing anyway.
>
> Bleh, no good. Conditionally installing a file into /etc/ is a pain
> under Debian Policy. I'll have to make a note in the README.Debian
> about that.
Ok.
--
Jérôme Warnier
Consultant
BeezNest
http://beeznest.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: expiration attribute
Hi, The expiration attribute is the account expiration date. The account will be disabled on that date."Milver S. Nisay" <[EMAIL PROTECTED]> wrote: can anyone elaborate more of the "Expiration" attribute?is it an attribute of password age or expiration for password?i am am trying to play around for an expiration attribute -- expiration foran accountfrom MySQL table and not from system accounts, using freeradius under FC1.anyone?//milver- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htmlJulius IguguSouthWork Co. Ltd.234 (802) 320-7540 Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25¢
rlm_sqlcounter custom sql query
Hello guys, rlm_sqlcounter works for me in limiting user's internet session.
My problem is everytime the user want to update his/her account,
i dont have solution but to delete his/her accounting data. here's my config
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
here's the scenario, user X have a prepaid plan of 10 hrs per month, Every
plan only consumable for 1 month. Before that 1 month (expiration) user X
add another 10 hrs. I dont have any idea but to get the remaining time of
user X then add 10 hrs then.. delete all his/her accounting data Then set
the new hours left in Montly Session. Does anyone have any comment or
suggestion? I dont know what other query to add to tell rlm_sqlcounter to
start select from this time:day only.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compile freeradius in C++
Hi, I also wrote a C++ module under FreeRadius. Look at this page : http://lists.cistron.nl/archives/freeradius-devel/2004/04/msg1.html Aurélien Magniez Yahoo! Mail : votre e-mail personnel et gratuit qui vous suit partout ! Créez votre Yahoo! Mail sur http://fr.benefits.yahoo.com/ Dialoguez en direct avec vos amis grâce à Yahoo! Messenger !Téléchargez Yahoo! Messenger sur http://fr.messenger.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
