Accounting question for EAP-TTLS for Pre 2
Hi all, I have been play with FreeRadius for a few weeks in the following enviroment: Funk Software Odyssey Client + Belken wireless router + FreeRadius 1.0.0 Pre2. Finally, I get the system working last night, but I found out a problem with accounting file. I turn on detail, auth_detail and reply_detail files. But only auth_detail & reply_detail is generated when EAP-TTLS is used. I used radtest with CHAP, I found all 3 files are generated. Is this a desire behavior for EAP-TTLS? If so, how do I generate billing info for my wireless usage? Please help! Thanks, Michael _ Stop worrying about overloading your inbox - get MSN Hotmail Extra Storage! http://join.msn.click-url.com/go/onm00200362ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius log
Hello i configured freeradius (rlm_pap + rlm_mysql + rlm_sqlcounter) successfuly and it authenticate perfectfully but i dont see any stop message in radius.log. when trying to run freeradius in debugging mode (radiusd -X) then try to test, freeradius debugging show it accept and when i try to disconnect then stop message appear also. But when i tried to run freeradius and tail radius.log, Only Auth: Login OK message appear and not Disconnect or Stop. Sun Jun 13 23:36:40 2004 : Auth: Login OK: [apellido] (from client portmaster.mactan.ph port 0)Sun Jun 13 23:38:05 2004 : Auth: Login incorrect: [gunday/molendijk] (from client portmaster.mactan.ph port 13)Sun Jun 13 23:38:40 2004 : Auth: Login OK: [gunday] (from client portmaster.mactan.ph port 13)Sun Jun 13 23:38:47 2004 : Auth: Login incorrect: [lmharm/literock] (from client portmaster.mactan.ph port 27)Sun Jun 13 23:40:19 2004 : Auth: Login OK: [apellido] (from client portmaster.mactan.ph port 1)Sun Jun 13 23:41:00 2004 : Auth: Login OK: [gunday] (from client portmaster.mactan.ph port 13)Sun Jun 13 23:42:17 2004 : Auth: Login OK: [mim] (from client portmaster.mactan.ph port 27) here's part of radius.conf prefix = /usr/localexec_prefix = ${prefix}sysconfdir = /etclocalstatedir = /varsbindir = ${exec_prefix}/sbinlogdir = ${localstatedir}/log/radiusraddbdir = ${sysconfdir}/raddbradacctdir = ${logdir}/radacct # Location of config and logfiles.confdir = ${raddbdir}run_dir = ${localstatedir}/run/radiusdlog_file = ${logdir}/radius.loglibdir = ${exec_prefix}/libpidfile = ${run_dir}/radiusd.pid#user = nobody#group = nobodymax_request_time = 30delete_blocked_requests = nocleanup_delay = 5max_requests = 1024bind_address = *port = 0#listen {# ipaddr = *# port = 0# type = auth#}hostname_lookups = noallow_core_dumps = noregular_expressions = yesextended_expressions = yeslog_stripped_names = nolog_auth = yeslog_auth_badpass = yeslog_auth_goodpass = yesusercollide = nolower_user = nolower_pass = nonospace_user = nonospace_pass = nocheckrad = ${sbindir}/checkradsecurity { max_attributes = 200 reject_delay = 1 status_server = no} thanks in advance
Re: rlm_sqlcounter && Max-Daily-Session??
Hi >hi, are you referring in sqlcounter dailycounter in sqlcounter.conf? Do > >u want to configure the daily counter? > Yeah, it works well. and so what? Maybe i have basical misunderstanding for the attribute&&dictionary. Can anyone point it to me?Thx in advance. Hello World! [EMAIL PROTECTED] 2004-06-15 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unknown client
Hi people... I had a similar problem when I tried out the freeradius-1.0.0-pre1 build with fedora core 2... whenever I try to get my cisco AP to auth with freeradius, I get the same unknown client message, and the IP is already added in the clients.conf file... Localhost works though, ports are configured... does anybody know why? Perhaps I erred at some point of the installation? But when I put it back to 0.9.3, it worked fine... Tim. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of prabhdeep Sent: Monday, June 14, 2004 10:58 PM To: [EMAIL PROTECTED] Subject: (no subject) Thanks Thor, I tried 0.0.0.0/1, but it still does not work... I keep getting following messages. Just curious what the networking standard... I thought it was 0/8/16/24 or is it 1/8/16/24? rad_recv: Accounting-Request packet from host 192.168.0.121:1024, id=243, length=141 Ignoring request from unknown client 192.168.0.121:1024 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.0.121:1024, id=206, length=228 Ignoring request from unknown client 192.168.0.121:1024 Thanks again. prabh > Hi, > > How can one allow any NAS client to be authenticated as long as secret matches? > client 0.0.0.0/1 { ... } client 128.0.0.0/1 { ... } > 0.0.0.0/0 does not work in clients.conf there does not seem to be any > default entry that I can set > something like "if the IP does not match then use this". > > Thannk. > > with regards, > prabh > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authenticating to different LDAP servers
Hello all, We are using freeRADIUS version 0.9.3 on a MacOSX box running 10.2.6 We have a Patton dial-in access server that is using freeRADIUS to AAA off Active Directory running on a W2K box (192.168.2.5) with domain marshall.com We have now set up a W2003 server (10.0.1.5) running active directory for a domain msi.com The domains are on separate LANs but completely routable between. The Patton is on the marshall.com side of the network and uses LDAP through freeRADIUS and works great. Our desire is to configure freeRADIUS to authenticate specific users off the msi.com domain also using LDAP. I configured radiusd.conf to authorize off the new server and it does, but when authentication comes around, it tries to authenticate off the first LDAP server it finds which is 192.168.2.5 I have tracked the issue to the fact that the radiusd.conf file specifically states that authentication does not cascade (fall through?) but authorization does. Here are the conf file areas: modules { # ldap ldap1 { server = "192.168.2.5" identity = "cn=ldapuser,cn=users,dc=marshall,dc=com" password = foo basedn = "cn=users,dc=marshall,dc=com" filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})" access_attr="msNPAllowDialin" password_attribute=userPassword # } ldap ldap2 { server = "10.0.1.5" identity = "cn=radiusserver,cn=users,dc=msi,dc=com" password = foo basedn = "ou=merchandisers,dc=msi,dc=com" filter = "(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})" # access_attr="msNPAllowDialin" password_attribute=userPassword # } } authorize { # The ldap module will set Auth-Type to LDAP if it has not already been set ldap1 ldap2 } authenticate { # Uncomment it if you want to use ldap for authentication authtype LDAP { ldap1 ldap2 } } So debugging shows that the authorize section works as expected, but, also as expected, it tries to authenticate off the _first_ LDAP server only and fails. How can we get freeRADIUS to know that we're authenticating off the _second_ LDAP server? I tried setting up another DEFAULT user in the users file thinking that I could define another Auth-Type, but I cannot figure out how to direct freeRADIUS to choose the correct DEFAULT user. Any help is greatly appreciated. Thanks, Michael Check Solo Group, Inc. -- [EMAIL PROTECTED] www.sologroup.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap sha1 mschap peap pap
> TTLS uses different tunneled authentication methods. Check those to > see what's possible. TTLS + PAP should work doesnt it. -- damjan | ÐÐÐÑÐÐ This is my jabber ID --> [EMAIL PROTECTED] <-- not my mail address!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Won't run on Solais 8
Ken Connell wrote: FreeRadius 0.9.3 It's been great on Redhat, but on a Solaris 8 box I get the following: fatal: libradius-0.9.3.so: open failed: No such file or directory What directory is your libradius-0.9.3.so in? Also where is radiusd? Could be a library path issuewhat is the output of crle? Cam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
test post to list, please ignore
this is a test - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setting up a proxy radius server
"Stephen Petersen" <[EMAIL PROTECTED]> wrote: > By the docs its setup to do proxy. > In plain language what conf files need to be edited. clients.conf & proxy.conf > I've edit client.conf and proxy.conf and can't get any proxying happening. Try running it debug mode, as suggested in the FAQ, README, and INSTALL. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap sha1 mschap peap pap
"Jawhar TAZI" <[EMAIL PROTECTED]> wrote: > My last question was : is it possible to use authentication with a password > stored in ldap but encrypted inside it? Generally not. > Let's take Openldap for instance. Is it possible to use the > passwords stored in it to authenticate a user, knowing that the > passwords are NOT in clear text ? I mean we know it is not possible > with peap, That's not what I said in my last message. > but with TLS or TTLS or even LEAP ? TLS doesn't use passwords. TTLS uses different tunneled authentication methods. Check those to see what's possible. LEAP already describes what's possible. See eap.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap sha1 mschap peap pap
Thanks for your quick answers :=) My last question was : is it possible to use authentication with a password stored in ldap but encrypted inside it? Let's take Openldap for instance. Is it possible to use the passwords stored in it to authenticate a user, knowing that the passwords are NOT in clear text ? I mean we know it is not possible with peap, but with TLS or TTLS or even LEAP ? Is it possible to use password encrypted in openldap with : EAP-TLS EAP-TTLS EAP-PEAP EAP-LEAP Thanks Alan _ MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap sha1 mschap peap pap
"Jawhar TAZI" <[EMAIL PROTECTED]> wrote: > Errr just a little question... if my understanding is good, it is possible > to use EAP-PEAP with LDAP only if the passwords are in clear text ? No. Active Directory is NOT a real LDAP server. OpenLDAP can store, and supply to FreeRADIUS, NT-Passwords. > I mean there is no interest to store them encrypted as far as PEAP uses a > tunnel, so the security during the transfer might be enough, isn't it ? Yes. > Anyway, what eap is needed (tls, ttls, leap) to have passwords encrypted in > ldap ? is it even possible? I'm not sure what you mean by that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: moving from cistron radius to freeradius
Chad Whitten <[EMAIL PROTECTED]> wrote: > does freeradius support the ascend/lucent TNT? i dont see tnt listed in the > README in the naslist section? It's supported. > also, what do you mean by operators below? is that related to the > comparison operators in the /etc/raddb/users file for instance? Yes. See the "man" page for the "users" file. > would just importing these files from my current setup work? Mostly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap sha1 mschap peap pap
"Epp, Ladd J" <[EMAIL PROTECTED]> wrote: > OK. Thanks for the explanation. We also run a Microsoft Active Directory > that is storing NT-Passwords. Would this work with FreeRADIUS, mschap > and PEAP? No. AD stores the NT-Passwords, but won't supply them to FreeRADIUS. See ntlm_auth for another way of doing it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: moving from cistron radius to freeradius
does freeradius support the ascend/lucent TNT? i dont see tnt listed in the README in the naslist section? also, what do you mean by operators below? is that related to the comparison operators in the /etc/raddb/users file for instance? my current /etc/raddb/users file consists solely of DEFAULT Auth-Type = System User-Service-Type = Framed-User, Framed-Protocol = PPP, Ascend-Bridge = 0, Ascend-Route-IP = 1, Ascend-Assign-IP-Pool = 1, Ascend-Idle-Limit = 900, NAS-Port-Type=Async, Ascend-Maximum-Time = 43200 the only other files i ever mess with are the /etc/raddb/clients and /etc/ raddb/naslist would just importing these files from my current setup work? On Monday 14 June 2004 13:11, Alan DeKok wrote: > Chad Whitten <[EMAIL PROTECTED]> wrote: > > i would like to convert to freeradius but would like some feedback > > regarding my setup - is it doable? what challenges/obstacles would i > > face? > > It's doable. The challenges aren't very big. The biggest one is > updating the operators (= versus ==, :=, etc). > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Chad Whitten Network/Systems Administrator neXband Communications [EMAIL PROTECTED] 601-944-4801 Phone 601-944-4803 Fax - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap sha1 mschap peap pap
OK. Thanks for the explanation. We also run a Microsoft Active Directory that is storing NT-Passwords. Would this work with FreeRADIUS, mschap and PEAP? Thanks lje -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, June 14, 2004 1:21 PM To: [EMAIL PROTECTED] Subject: Re: ldap sha1 mschap peap pap "Epp, Ladd J" <[EMAIL PROTECTED]> wrote: > Since I'm still relatively new to FreeRADIUS > authorization/authentication, some clarification on the following > subject would help me out greatly.=A0 I understand that ldap passwords > must be clear to use mschap (Windows XP wireless supplicant using PEAP). > Is this absolutely true? Clear text, or NT-Passwords. > On reading the FAQ (5.11), I get the impression that you can use PAP > passwords to authenticate. And, in radiusd.conf, you can specify a > pap encryption scheme (in my case, my ldap passwords are in sha1). That won't work with PEAP, because the passwords aren't clear-text. > Also, I'm able to bind using the credentials I've entered on the > supplicant side. ... when you're not using xsupplicant to supply the passwords. > My knowledge is limited, but why can't the LDAP authorization be > enough to say, "ok, the user is in the database and the password is > good. Let him/her have access." Why is authorization happening, but > User-Password errors stopping me. Because EAP doesn't provide clear-text passwords, which LDAP needs for binding. And when you try to use EAP for authentication, LDAP is supplying SHA1 passwords, NOT the clear-text password needed by EAP. Use clear-text passwords. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap sha1 mschap peap pap
Errr just a little question... if my understanding is good, it is possible to use EAP-PEAP with LDAP only if the passwords are in clear text ? I mean there is no interest to store them encrypted as far as PEAP uses a tunnel, so the security during the transfer might be enough, isn't it ? Anyway, what eap is needed (tls, ttls, leap) to have passwords encrypted in ldap ? is it even possible? Thanks Alan :) _ MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap sha1 mschap peap pap
"Epp, Ladd J" <[EMAIL PROTECTED]> wrote: > Since I'm still relatively new to FreeRADIUS > authorization/authentication, some clarification on the following > subject would help me out greatly.=A0 I understand that ldap passwords > must be clear to use mschap (Windows XP wireless supplicant using PEAP). > Is this absolutely true? Clear text, or NT-Passwords. > On reading the FAQ (5.11), I get the impression that you can use PAP > passwords to authenticate. And, in radiusd.conf, you can specify a > pap encryption scheme (in my case, my ldap passwords are in sha1). That won't work with PEAP, because the passwords aren't clear-text. > Also, I'm able to bind using the credentials I've entered on the > supplicant side. ... when you're not using xsupplicant to supply the passwords. > My knowledge is limited, but why can't the LDAP authorization be > enough to say, "ok, the user is in the database and the password is > good. Let him/her have access." Why is authorization happening, but > User-Password errors stopping me. Because EAP doesn't provide clear-text passwords, which LDAP needs for binding. And when you try to use EAP for authentication, LDAP is supplying SHA1 passwords, NOT the clear-text password needed by EAP. Use clear-text passwords. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: moving from cistron radius to freeradius
Chad Whitten <[EMAIL PROTECTED]> wrote: > i would like to convert to freeradius but would like some feedback regarding > my setup - is it doable? what challenges/obstacles would i face? It's doable. The challenges aren't very big. The biggest one is updating the operators (= versus ==, :=, etc). Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Modify packet proxied to a specific realm
Kostas Zorbadelos <[EMAIL PROTECTED]> wrote: > I would like to know if and how it is possible to modify an accounting > and an authentication request > packet that is going to be proxied to a specific realm. Ues. Use the "preproxy" section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: System load of Exec-Program-Wait ??
"Rob Hartzenberg (iCabs)" <[EMAIL PROTECTED]> wrote: > Well, see, I tried and failed. The Group command works fine with the MySQL > module on some of the other solutions I have setup, but I have not managed > to get it to work nicely with the system groups. The Group attribute is intended to be used with the Unix group files, and the rlm_unix module. If you're using it for anything else, I'm surprised it works. > Perhaps you could help out here with an example or two? The Group attribute looks at the unix group files in the default install. If you don't change anything, it will work. See the FAQ for examples of using it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: System load of Exec-Program-Wait ??
Hey > > Huh? Why not just use the "Group" attribute, which does > Unix group checking for you? > > Alan DeKok. > Well, see, I tried and failed. The Group command works fine with the MySQL module on some of the other solutions I have setup, but I have not managed to get it to work nicely with the system groups. Perhaps you could help out here with an example or two? -Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
test, please disregard
I haven't been seeing the messages I have posted to the list, so I figure I'll do a little testing - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Won't run on Solais 8
FreeRadius 0.9.3 It's been great on Redhat, but on a Solaris 8 box I get the following: fatal: libradius-0.9.3.so: open failed: No such file or directory Ken Connell Intermediate Network Engineer Computer & Communication Services Ryerson University 350 Victoria St RM AB50 Toronto, Ont M5B 2K3 416-979-5000 x6709 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: post-auth
Andrea Gabellini escreveu: Hi, I'm using the post-auth section to log user's attempt. Is it possible, in case of REJECT, to log the full description of the rejection instead of the useless 'Access-Reject' string? I added a "message" field to the table and use the following query: "INSERT into ${postauth_table} (id, user, pass, reply, message, date, callingstationid) values ('', '%{User-Name}', '%{User-Password}', '%{reply:Packet-Type}', REPLACE(REPLACE('%{reply:Reply-Message}', '=5Cr', ''), '=5Cn', ''), NOW(), '%{Calling-Station-Id}')" Hope that helps, Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap sha1 mschap peap pap
(Sorry, previous posting was in HTML, not intentional) Hello Again, Since I'm still relatively new to FreeRADIUS authorization/authentication, some clarification on the following subject would help me out greatly. I understand that ldap passwords must be clear to use mschap (Windows XP wireless supplicant using PEAP). Is this absolutely true? On reading the FAQ (5.11), I get the impression that you can use PAP passwords to authenticate. And, in radiusd.conf, you can specify a pap encryption scheme (in my case, my ldap passwords are in sha1). I've read through doc/rlm_ldap as the FAQ suggests and still do not understand. Also, I'm able to bind using the credentials I've entered on the supplicant side. My knowledge is limited, but why can't the LDAP authorization be enough to say, "ok, the user is in the database and the password is good. Let him/her have access." Why is authorization happening, but User-Password errors stopping me. Please help! Thanks lje rlm_ldap: user bogusstudent authorized to use remote access ldap_msgfree rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 8 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for bogusstudent with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Ladd J. Epp Information Specialist The University of Kansas 785-864-0460 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap sha1 mschap peap pap
Hello Again, Since I’m still relatively new to FreeRADIUS authorization/authentication, some clarification on the following subject would help me out greatly. I understand that ldap passwords must be clear to use mschap (Windows XP wireless supplicant using PEAP). Is this absolutely true? On reading the FAQ (5.11), I get the impression that you can use PAP passwords to authenticate. And, in radiusd.conf, you can specify a pap encryption scheme (in my case, my ldap passwords are in sha1). I’ve read through doc/rlm_ldap as the FAQ suggests and still do not understand. Also, I’m able to bind using the credentials I’ve entered on the supplicant side. My knowledge is limited, but why can’t the LDAP authorization be enough to say, “ok, the user is in the database and the password is good. Let him/her have access.” Why is authorization happening, but User-Password errors stopping me. Please help! Thanks lje rlm_ldap: user bogusstudent authorized to use remote access ldap_msgfree rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 8 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for bogusstudent with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Ladd J. Epp Information Specialist The University of Kansas 785-864-0460
moving from cistron radius to freeradius
i currently have a radius server running cistron radius (an older version) that authenticates against the system's passwd/shadow file. there are about 8k users on the system and 6 RAS devices (ascend tnt's and max4000's). i dont do anything fancy with attributes and dont track usage details or anything - just basically authenticate username/password and then the RAS gives the user an ip. some of my passwords are md5, some are not (majority are md5). of course, i dont have the passwords in plaintext anywhere. the hardware is x86 running redhat linux. i currently use webmin to add/remove users. i would like to convert to freeradius but would like some feedback regarding my setup - is it doable? what challenges/obstacles would i face? im thinking the passwd/shadow files will be my biggest problem. i would like to move to a mysql database for storing usernames/passwords as i could then write a management system in php for adding/removing users. i would appreciate any thoughts on this. -- Chad Whitten Network/Systems Administrator neXband Communications [EMAIL PROTECTED] 601-944-4801 Phone 601-944-4803 Fax - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Update New Info
Hello, I am working with the Cisco and Freeradius, using only VoIP records. My question is that the command "aaa update new info" in the Cisco will send me update of new information about an active session, but when i debug the freeradius, i only see acct-status-type=Alive but for Call-Type=Telephony. This is an example: rad_recv: Accounting-Request packet from host NASIP:1646, id=98, length=454 Acct-Session-Id = "013FB949" h323-setup-time = "h323-setup-time=.17:43:53.367 est Fri Jun 4 2004" h323-gw-id = "h323-gw-id=NASID" h323-conf-id = "h323-conf-id=1B8ABDC9 B5A711D8 899FB3DB 577CC76C" h323-call-origin = "h323-call-origin=answer" h323-call-type = "h323-call-type=Telephony" Cisco-AVPair = "h323-incoming-conf-id=1B8ABDC9 B5A711D8 899FB3DB 577CC76C" Cisco-AVPair = "subscriber=RegularLine" Acct-Session-Time = 0 Acct-Status-Type = Alive NAS-Port-Type = Async Cisco-NAS-Port = "ISDN 3/0:D:1" NAS-Port = 0 Cisco-AVPair = "interface=ISDN 3/0:D:1" Calling-Station-Id = "6164540384" Called-Station-Id = "58150525556660866" Service-Type = Login-User NAS-IP-Address = NASIP Acct-Delay-Time = 0 Does the alive packets work only with Telephony records?.. o also they could work with VoIP? Thanks for any help, Alex ___ Check-out GO.com GO get your free GO E-Mail account with expanded storage of 6 MB! http://mail.go.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
post-auth
Hi, I'm using the post-auth section to log user's attempt. Is it possible, in case of REJECT, to log the full description of the rejection instead of the useless 'Access-Reject' string? For example, if a user reach the Simultaneous-Use value, is it possible to log a string like the one logged to radius.log 'Multiple logins (max 1) : [username] (...)' Thanks, Andrea --- Don't fall before you're pushed. --- Ing. Andrea Gabellini Email: [EMAIL PROTECTED] Tel: 0549 886111 (Italy) Tel. +378 0549 886111 (International) Intelcom San Marino S.p.A. Strada degli Angariari, 3 47891 Rovereta Repubblic of San Marino http://www.omniway.sm http://www.intelcom.sm - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Modify packet proxied to a specific realm
Hello to everyone. I would like to know if and how it is possible to modify an accounting and an authentication request packet that is going to be proxied to a specific realm. What I want is to add a specific attribute with a specific value to every accounting and authentication request packet that is going to be proxied at realm X before it gets proxied. I would appreciate any suggestions. Thanks in advance Kostas -- Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Thanks Thor, I tried 0.0.0.0/1, but it still does not work... I keep getting following messages. Just curious what the networking standard... I thought it was 0/8/16/24 or is it 1/8/16/24? rad_recv: Accounting-Request packet from host 192.168.0.121:1024, id=243, length=141 Ignoring request from unknown client 192.168.0.121:1024 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.0.121:1024, id=206, length=228 Ignoring request from unknown client 192.168.0.121:1024 Thanks again. prabh > Hi, > > How can one allow any NAS client to be authenticated as long as secret matches? > client 0.0.0.0/1 { ... } client 128.0.0.0/1 { ... } > 0.0.0.0/0 does not work in clients.conf there does not seem to be any > default entry that I can set > something like "if the IP does not match then use this". > > Thannk. > > with regards, > prabh > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: System load of Exec-Program-Wait ??
"Rob Hartzenberg (iCabs)" <[EMAIL PROTECTED]> wrote: > To get freeradius to work with the system groups of "users / 100" and "email > / 200" > I searched around the new archives until I came up with a solution that uses > Exec-Program-Wait function. Huh? Why not just use the "Group" attribute, which does Unix group checking for you? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius + winbind + AD
Johan =?ISO-8859-1?Q?Bergstr=F6m?= <[EMAIL PROTECTED]> wrote: > Anyone managed to connect FreeRadius to AD using Winbindd in Samba? I've > noticed the PAM module for authenticating users to the radius server, > but that's not what I'm after really... I think. ntlm_auth. See the "mschap" module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius reply to multiple machines
"visia tartaglione" <[EMAIL PROTECTED]> wrote: > i need to know if there is any tool in any version of freeradius that is > able to forward a radius reply to multiple host. radrelay. > can i manage with radrelay? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using multiple PAM authenticating methodes
"Doove, Rene" <[EMAIL PROTECTED]> wrote: > BUT, when i tried it simultanous like the following, it doesn't work, > > user_smbAuth-Type = Pam, Pam-Auth = "smb" Use := not = . Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: qn abt leap
"Timothy Tan" <[EMAIL PROTECTED]> wrote: > Just a quick question about LEAP. Am I right to say that as long as the > client wlan card supports LEAP, I just need any 802.1x compatible AP to > pass through the LEAP request to the FreeRADIUS server? Or do I need to > use a Cisco-only AP? The AP needs to support LEAP. > Also, if I use both cisco and non-cisco APs (eg. I'm considering the > Netgear WG302), would I need to do anything with the freeradius config > line "cisco_vsa_hack = yes"? I currently have that enabled... No. As the name suggests, it only affects Cisco boxes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Accouting Functionality Testing
Hi All , I am doing Radius Server (Accounting Feature) Testing.. Can anyone tell me what are all the possible testing I can do to conform the Radius Accouting Functionality , I think Some testing document will be very usefull , Thanking you all in advance , With Regards Hemanth Do you Yahoo!?Friends. Fun. Try the all-new Yahoo! Messenger
Re: Building new version of FreeRADIUS links old version of libeap
On Mon, Jun 14, 2004 at 06:43:59AM -0700, Paul Bender wrote: > Looking at the Makefile.in files, I found that src/main, > src/modules/rlm_eap, src/modules/rlm_eap/types/rlm_eap_peap, > src/modules/rlm_eap/types/rlm_eap_sim and > src/modules/rlm_eap/types/rlm_eap_ttls find the libraries by using a -L > option to point to the directory and a -l option to point to the > library. Therefore, I assume that the compiler is searching path > provided by the -L option after /usr/lib which contains > libeap-1.0.0-pre2.so. > In order to solve the problem, I modified the 4 Makefile.in files so > that they point directly to the new libeap file rather than searching > for libeap in the library path. Did that fix it? We recently hit a problem where libtool transformed the direct link to a library file _back into_ -L path/to -lblah during relinking... > Is this a bug in my gcc version/configuration or a bug in the FreeRADIUS > make files? If it is a bug in my gcc version/configuration, then could > someone point me in the direction to fix it? If it is a bug in the > FreeRAIDUS make files, then let me know and I will file a bug report > with my patch file. It's an evil libtool thing, like so many EAP problems are. -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: System load of Exec-Program-Wait ??
> > My Question here is, What sort of system load can I expect from doing this? > We currently have 200+ users on the box and all seems well, but what happens > when we get to 1000+ etc, will it still hold up? Is it a potential > bottleneck, or is it clean enough? for me, considering RDBMS, yes. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Building new version of FreeRADIUS links old version of libeap
I a running Fedora Core 2, which uses gcc version 3.3.3 20040412 (Red Hat Linux 3.3.3-7). I have FreeRADIUS 1.0.0-pre1 installed. When I compile FreeRADIUS 1.0.0-pre2, the compiler picks up the old libeap-1.0.0-pre1.so rather than the new libeap-1.0.0-pre2. As a result, when I remove pre1 and install pre2, pre2 will not run. Looking at the Makefile.in files, I found that src/main, src/modules/rlm_eap, src/modules/rlm_eap/types/rlm_eap_peap, src/modules/rlm_eap/types/rlm_eap_sim and src/modules/rlm_eap/types/rlm_eap_ttls find the libraries by using a -L option to point to the directory and a -l option to point to the library. Therefore, I assume that the compiler is searching path provided by the -L option after /usr/lib which contains libeap-1.0.0-pre2.so. In order to solve the problem, I modified the 4 Makefile.in files so that they point directly to the new libeap file rather than searching for libeap in the library path. Is this a bug in my gcc version/configuration or a bug in the FreeRADIUS make files? If it is a bug in my gcc version/configuration, then could someone point me in the direction to fix it? If it is a bug in the FreeRAIDUS make files, then let me know and I will file a bug report with my patch file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius for Voip
Greate . It's workink fine . Thanks. But now , " 03:44:37.370 GMT Mon Jun 14 2004" is not a good date format , how I can change it ??? Thanks in advanced Fabio - Original Message - From: "yudhi kukuh" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 14, 2004 5:50 AM Subject: Re: Freeradius for Voip > hi, > > you can activate: > > preprocess { > huntgroups = ${confdir}/huntgroups > hints = ${confdir}/hints > with_ascend_hack = no > ascend_channels_per_line = 23 > with_ntdomain_hack = no > with_specialix_jetstream_hack = no > # to get only VSA value on database ## > with_cisco_vsa_hack = yes > # > } > > best regards, > > .. Yudhi Kukuh > PT Satya Digital Integrasi > Ph +62 21 70772543 / 7992977 > Fax +62 21 86901650 / 7992977 > Mobile +62 818781616 > E-Mail [EMAIL PROTECTED] > Visit www.satyadigital.com > 'A New Style of Data Integration' > - Original Message - > From: "Fabio Viracao" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, June 14, 2004 11:11 AM > Subject: Re: Freeradius for Voip > > > > Hi > > > > Using VSA_HACK I can remove the "h323-x-time=" from my db , now how > can > > I insert the date in a "good" format to the DB > > > > , any sugestion ? > > > > 03:44:37.370 GMT Mon Jun 14 2004 > > > > Thanks > > Fabio > > > > > > - Original Message - > > From: "Fabio Viracao" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Sunday, June 13, 2004 11:50 PM > > Subject: Re: Freeradius for Voip > > > > > > > Hi Folks; > > > > > > Can someone help-me how to insert the following to mysql ??, I do not > want > > > to insert " h323--time" only the date. > > > > > >h323-connect-time = "h323-connect-time=01:14:40.329 GMT Sat Jun 12 > > 2004" > > >h323-disconnect-time = "h323-disconnect-time=01:14:40.329 GMT Sat Jun > > 12 > > > 2004" > > > > > > Thanks > > > Fabio > > > > > > > > > - Original Message - > > > From: "ROY" <[EMAIL PROTECTED]> > > > To: "freeradius-users" <[EMAIL PROTECTED]> > > > Sent: Friday, March 12, 2004 5:14 PM > > > Subject: Re: Freeradius for Voip > > > > > > > > > > are you using a cisco box? > > > > > > > > if you are.. then.. cisco usually sends date/time in the ff format: > > > > > > > > 04:07:39.631 HKG Sat Mar 13 2004 > > > > > > > > Note that NAS text timezone is set at HKG (which is +0800).. > > > > unfortunately.. Postgresql doesn't support the 'HKG' as a standard > text > > > > timezone.. hence.. had to change it to a recognized +0800 which is > CCT. > > > > > > > > See the link below.. > > > > http://developer.postgresql.org/docs/postgres/datetime-keywords.html > > > > > > > > > > > > hence.. the function > > > > > > > > CREATE OR REPLACE FUNCTION mychg_tz (VARCHAR) RETURNS TEXT AS ' > > > > DECLARE > > > > date_tz ALIAS FOR $1; > > > > BEGIN > > > > return translate(date_tz,''HKG'',''CCT''); > > > > END; > > > > ' LANGUAGE 'plpgsql'; > > > > > > > > > > > > > > > > On Fri, 2004-03-12 at 17:30, Costin Manda wrote: > > > > > - Original Message - > > > > > From: "ROY" <[EMAIL PROTECTED]> > > > > > To: "freeradius-users" <[EMAIL PROTECTED]> > > > > > Sent: Friday, March 12, 2004 4:52 AM > > > > > Subject: Re: Freeradius for Voip > > > > > > > > > > > > > > > > I think I've ran into this too.. > > > > > > The problem was with text timezone not being recognized by > Postgres. > > > > > > > > > > > > Here's what I've done: > > > > > > > > > > > NAS_TZ = NAS timezone text (not recognized by Postgres) > > > > > > SQL_TZ = equivalent timezone text recognized by Postgres > > > > > > > > > > Can you give me an example? how would NAS_TZ and SQL_TZ look like? > > > > > > > > > > > strip_dot(mychg_tz('%{h323-disconnect-time}')) > > > > > > > > > > I get the same errors, even if I used "" in the function > as > > I > > > > > didn't know what you meant :) > > > > > > > > > > BTW, I have looked into the SQL trace, all the calls to the > > strip_dot > > > > > functions look like strip_dot(''). There is nothing between the > > > parantesae. > > > > > > > > > > > > > > > - > > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > > > --- > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS client authentication
- Original Message - From: "prabhdeep" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 14, 2004 2:57 PM Subject: NAS client authentication > Hi, > > How can one allow any NAS client to be authenticated as long as secret matches? > client 0.0.0.0/1 { ... } client 128.0.0.0/1 { ... } > 0.0.0.0/0 does not work in clients.conf there does not seem to be any > default entry that I can set > something like "if the IP does not match then use this". > > Thannk. > > with regards, > prabh > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: rlm_sqlcounter && Max-Daily-Session??
hi, are you referring in sqlcounter dailycounter in sqlcounter.conf? Do u want to configure the daily counter? > > > >it doesnt hurt you if you cannot find it, what will hurt you is there is > >wrong using it as an attribute. > > As well as i know, we have to include a dictionary.XXX file in the /usr/share/freeradius/dictionary if we want to use our custom > Vendor-Specific-Attribute, right? > > > > Hello World! > > [EMAIL PROTECTED] > 2004-06-14 > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
System load of Exec-Program-Wait ??
Hi there, We are using FreeRadius on a RedHat 9.0 machine. All users are added as system users with group membership if either "users" or "email". Users in the "users" group have full internet access, and users in the "email" group are restricted via a filter to only enable email access. To get freeradius to work with the system groups of "users / 100" and "email / 200" I searched around the new archives until I came up with a solution that uses Exec-Program-Wait function. Ref: http://www.mail-archive.com/[EMAIL PROTECTED]/msg04644.h tml My Question here is, What sort of system load can I expect from doing this? We currently have 200+ users on the box and all seems well, but what happens when we get to 1000+ etc, will it still hold up? Is it a potential bottleneck, or is it clean enough? Any comments and ideas would be most welcome. Thanks -Rob My /etc/raddb/users file looks like this (This is the full file, nothing stripped): ## DEFAULT Auth-Type = System Service-Type = Framed-User, Exec-Program-Wait = "/etc/raddb/groups.sh", Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-Routing = None, Framed-MTU = 1500, Framed-Compression = Van-Jacobson-TCP-IP, ### and the /etc/raddb/groups.sh script looks like this: ### #!/bin/bash export UN=`echo $USER_NAME|tr -d \"` for FF in `/usr/bin/groups $UN | cut -d":" -f2` do if [ "$FF" = "email" ]; then echo "Framed-Filter-ID = \"email.in\"," echo "Filter-ID = \"email.in\"," fi if [ "$FF" = "users" ]; then echo "Framed-Filter-ID = \"std.in\"," echo "Filter-ID = \"std.in\"," fi done exit 0 ### - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS client authentication
Hi, How can one allow any NAS client to be authenticated as long as secret matches? 0.0.0.0/0 does not work in clients.conf there does not seem to be any default entry that I can set something like "if the IP does not match then use this". Thannk. with regards, prabh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius + winbind + AD
Anyone managed to connect FreeRadius to AD using Winbindd in Samba? I've noticed the PAM module for authenticating users to the radius server, but that's not what I'm after really... I think. What I want is to be able to login to Cisco switches (NASes) using AD users/passwords, and depending if the user is in a specific group in the AD it should be accepted or rejected. So far I've managed to set it up so that I can login to the switch (the NAS) with a local Freeradius user. Johbe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: rlm_sqlcounter && Max-Daily-Session??
>it doesnt hurt you if you cannot find it, what will hurt you is there is >wrong using it as an attribute. As well as i know, we have to include a dictionary.XXX file in the /usr/share/freeradius/dictionary if we want to use our custom Vendor-Specific-Attribute, right? Hello World! [EMAIL PROTECTED] 2004-06-14 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius reply to multiple machines
Title: Messaggio hi all, i need a help. i need to know if there is any tool in any version of freeradius that is able to forward a radius reply to multiple host. in my configuration, the flow of the radius request is: nas->radius proxy->radius server and i want the flow of the radius reply to be: radius server->radius proxy->nas and in addition to be directly radius server->nas the reason is a test. do you know any method to do something like this? can i manage with radrelay? any help will be appreciate. thanks in advance V --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.701 / Virus Database: 458 - Release Date: 07/06/04
Re: rlm_sqlcounter && Max-Daily-Session??
> > Hi, > I have configured a freeradius server(freeradius0.9.2 + rlm_pap + rlm_sql_mysql + rlm_sqlcounter) , sqlcounter work well.but i am puzzled that: > Where is Max-Daily-Session defined in certain dictionary file ? > I cann't find it under dictionary directory greping it. Thx! it doesnt hurt you if you cannot find it, what will hurt you is there is wrong using it as an attribute. //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using multiple PAM authenticating methodes
Title: Using multiple PAM authenticating methodes Hello, I want to authenticatie users with different pam modules. For some users i want to use smb authentication and other with SecurID. It works when I use this: user Auth-Type = Pam Service-Type = Framed-User, Framed-Protocol = PPP In the radiusd.conf I have configure pam_auth = radius so radiusd uses the /etc/pam.d/radius entry. This radius entry In the pam.d directory is configured to use pam_securid or pam_smb_auth. Both methodes work. BUT, when i tried it simultanous like the following, it doesn't work, user_smb Auth-Type = Pam, Pam-Auth = "smb" Service-Type = Framed-User, Framed-Protocol = PPP user_rsa Auth-Type = Pam, Pam-Auth = "rsa" Service-Type = Framed-User, Framed-Protocol = PPP radiusd -X show the following error: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Radius does not enter the pam module!! It looks like the Pam-auth is "corrupting" everything. Radiusd doesn't even know that is should go into Pam section.. Any help is appreciated. Greetings, Rene Doove
RE: Message Notify
Your_money.cpl Description: Binary data
rlm_sqlcounter && Max-Daily-Session??
Hi, I have configured a freeradius server(freeradius0.9.2 + rlm_pap + rlm_sql_mysql + rlm_sqlcounter) , sqlcounter work well.but i am puzzled that: Where is Max-Daily-Session defined in certain dictionary file ? I cann't find it under dictionary directory greping it. Thx! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault - EAP/TLS
Hi, Now concerning tls, the segmentation fault comes generally from misconfiguration of the link between freeradius and openssl, durant the "./configure" command when installing freerdius. That's right on dot! I passed on the openssl library locations and recompiled (albiet this time with 1.0.0.pre2, as opposed to pre1 last time) and the server starts without Segmentation fault. Commands were: [EMAIL PROTECTED]:~[6]: wget ftp://ftp.freeradius.org/pub/radius/freeradius-1.0.0-pre2.tar.gz [EMAIL PROTECTED]:~[7]: tar xzf freeradius-1.0.0-pre2.tar.gz [EMAIL PROTECTED]:~[8]: cd freeradius-1.0.0-pre2 [EMAIL PROTECTED]:~/freeradius-1.0.0-pre2[9]: ./configure \ --with-openssl-includes=/usr/local/openssl097d/include \ --with-openssl-libraries=/usr/local/openssl097d/lib \ --with-logdir=/var/log/radius [EMAIL PROTECTED]:~/freeradius-1.0.0-pre2[10]: make [EMAIL PROTECTED]:~/freeradius-1.0.0-pre2[11]: make install Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius for Voip
hi, you can activate: preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no # to get only VSA value on database ## with_cisco_vsa_hack = yes # } best regards, .. Yudhi Kukuh PT Satya Digital Integrasi Ph +62 21 70772543 / 7992977 Fax +62 21 86901650 / 7992977 Mobile +62 818781616 E-Mail [EMAIL PROTECTED] Visit www.satyadigital.com 'A New Style of Data Integration' - Original Message - From: "Fabio Viracao" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, June 14, 2004 11:11 AM Subject: Re: Freeradius for Voip > Hi > > Using VSA_HACK I can remove the "h323-x-time=" from my db , now how can > I insert the date in a "good" format to the DB > > , any sugestion ? > > 03:44:37.370 GMT Mon Jun 14 2004 > > Thanks > Fabio > > > - Original Message - > From: "Fabio Viracao" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Sunday, June 13, 2004 11:50 PM > Subject: Re: Freeradius for Voip > > > > Hi Folks; > > > > Can someone help-me how to insert the following to mysql ??, I do not want > > to insert " h323--time" only the date. > > > >h323-connect-time = "h323-connect-time=01:14:40.329 GMT Sat Jun 12 > 2004" > >h323-disconnect-time = "h323-disconnect-time=01:14:40.329 GMT Sat Jun > 12 > > 2004" > > > > Thanks > > Fabio > > > > > > - Original Message - > > From: "ROY" <[EMAIL PROTECTED]> > > To: "freeradius-users" <[EMAIL PROTECTED]> > > Sent: Friday, March 12, 2004 5:14 PM > > Subject: Re: Freeradius for Voip > > > > > > > are you using a cisco box? > > > > > > if you are.. then.. cisco usually sends date/time in the ff format: > > > > > > 04:07:39.631 HKG Sat Mar 13 2004 > > > > > > Note that NAS text timezone is set at HKG (which is +0800).. > > > unfortunately.. Postgresql doesn't support the 'HKG' as a standard text > > > timezone.. hence.. had to change it to a recognized +0800 which is CCT. > > > > > > See the link below.. > > > http://developer.postgresql.org/docs/postgres/datetime-keywords.html > > > > > > > > > hence.. the function > > > > > > CREATE OR REPLACE FUNCTION mychg_tz (VARCHAR) RETURNS TEXT AS ' > > > DECLARE > > > date_tz ALIAS FOR $1; > > > BEGIN > > > return translate(date_tz,''HKG'',''CCT''); > > > END; > > > ' LANGUAGE 'plpgsql'; > > > > > > > > > > > > On Fri, 2004-03-12 at 17:30, Costin Manda wrote: > > > > - Original Message - > > > > From: "ROY" <[EMAIL PROTECTED]> > > > > To: "freeradius-users" <[EMAIL PROTECTED]> > > > > Sent: Friday, March 12, 2004 4:52 AM > > > > Subject: Re: Freeradius for Voip > > > > > > > > > > > > > I think I've ran into this too.. > > > > > The problem was with text timezone not being recognized by Postgres. > > > > > > > > > > Here's what I've done: > > > > > > > > > NAS_TZ = NAS timezone text (not recognized by Postgres) > > > > > SQL_TZ = equivalent timezone text recognized by Postgres > > > > > > > > Can you give me an example? how would NAS_TZ and SQL_TZ look like? > > > > > > > > > strip_dot(mychg_tz('%{h323-disconnect-time}')) > > > > > > > > I get the same errors, even if I used "" in the function as > I > > > > didn't know what you meant :) > > > > > > > > BTW, I have looked into the SQL trace, all the calls to the > strip_dot > > > > functions look like strip_dot(''). There is nothing between the > > parantesae. > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > --- > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin online user problem
does it show the PHP script properly? how about the buttons? check your dialup admin if connecting properly to your local MySQL. - Original Message - From: "apellido" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, June 13, 2004 9:12 AM Subject: dialup_admin online user problem > Hello guys i have a problem in showing the online user in dialup_admin, > here's my config: > > admin.conf: > > general_prefered_lang: en > general_prefered_lang_name: English > general_charset: iso-8859-1 > #general_decode_normal_attributes: yes > general_base_dir: /usr/local/www/data/dialup_admin > general_radiusd_base_dir: /usr/local/freeradius-1.0.0-pre1 > general_domain: mactan.ph > general_use_session: no > general_most_recent_fl: 30 > #general_strip_realms : yes > general_realm_delimiter: @ > general_realm_format: suffix > general_show_user_password: yes > general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb > #general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap > # Need to fix admin.conf file parser > #general_clients_conf: %{general_raddb_dir}/clients.conf > general_clients_conf: /etc/raddb/clients.conf > general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap > general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs > #general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap > general_lib_type: sql > general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs > general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs > general_default_file: %{general_base_dir}/conf/default.vals > #general_ld_library_path: /usr/local/snmpd/lib > general_finger_type: > #general_nas_type: cisco > #general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger > #general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient > general_test_account_login: apellido > general_test_account_password: apellido > general_radius_server: localhost > general_radius_server_port: 1645 > general_radius_server_auth_proto: pap > # password[server-name]: x > general_radius_server_secret: cyclades > general_auth_request_file: %{general_base_dir}/conf/auth.request > general_encryption_method: md5 > general_accounting_info_order: desc > general_stats_use_totacct: no > general_restrict_badusers_access: no > INCLUDE: %{general_base_dir}/conf/naslist.conf > INCLUDE: %{general_base_dir}/conf/captions.conf > #ldap_server: ldap.%{general_domain} > #ldap_write_server: master.%{general_domain} > #ldap_base: dc=company,dc=com > #ldap_binddn: cn=Directory Manager > #ldap_bindpw: XXX > #ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base} > #ldap_default_dn: uid=default-dialup,%{ldap_base} > #ldap_regular_profile_attr: dialupregularprofile > #ldap_use_http_credentials: yes > #ldap_directory_manager: cn=Directory Manager > #ldap_map_to_directory_manager: admin > #ldap_debug: true > # %u: username > # %U: username provided though http authentication > # %mu: mappings for userdb > # %ma: mappings for accounting > #ldap_filter: (uid=%u) > #ldap_userdn: uid=%u,%{ldap_base} > sql_type: mysql > sql_server: localhost > sql_port: 3306 > sql_username: radius > sql_password: radius99% > sql_database: radius > sql_accounting_table: radacct > sql_badusers_table: badusers > sql_check_table: radcheck > sql_reply_table: radreply > sql_user_info_table: userinfo > sql_groupcheck_table: radgroupcheck > sql_groupreply_table: radgroupreply > sql_usergroup_table: usergroup > sql_total_accounting_table: totacct > sql_nas_table: nas > sql_command: /usr/local/bin/mysql > general_snmp_type: net > general_snmpwalk_command: /usr/local/bin/snmpwalk > general_snmpget_command: /usr/local/bin/snmpget > #sql_debug: true > #sql_use_http_credentials: yes > #sql_accounting_extra_query: %ma > sql_use_user_info_table: true > sql_use_operators: true > #sql_default_user_profile: DEFAULT > sql_password_attribute: User-Password > sql_date_format: Y-m-d > sql_full_date_format: Y-m-d H:i:s > sql_row_limit: 40 > sql_connect_timeout: 3 > counter_default_daily: none > counter_default_weekly: none > counter_default_monthly: none > counter_monthly_calculate_usage: true > > > naslist.conf: > > # > # This file contains the NAS list > # > nas1_finger_type: database > nas1_type: portlave > nas1_name: ***.%{general_domain} > nas1_model: CycladesZ access server > nas1_ip: 203.*.*.* > nas1_port_num: 16 > nas1_community: public > nas2_finger_type: database > nas2_type: livingstone > nas2_name: **.%{general_domain} > nas2_model: Portmaster access server > nas2_ip: 203.*.*.* > nas2_port_num: 16 > nas2_community: public > # > # finger type can also be set per NAS > # snmp: Use snmp to query the NAS > # database: Only query the sql database > # > # If it is not set, general_finger_type is assumed > #nas2_finger_type: database > # nas type can also be set per NAS > #nas2_type: cisco > #nas3_name: nas3.%{general_domain} > #nas3_model: Cisco 5300 access server > #nas3_ip: 147.122.122.124 > #nas3_port_num: 210 > #nas3_community: public
Re: Delimeters doesn't work
At Fri, 11 Jun 2004 14:45:56 -, Shah, Nishant B wrote: > > Does freeRadius support prefix and suffix delimeters other than '/' and '@' > sign. If yes then where to specify them. I tried to use '%','.' and '\' them > after specifying in radiusd.conf file but it doesn't work. > Can someone solve my issue? > > -- > Nishant Shah > U4 Computer Engineering > 979-268-0866 (M)281-222-3176 > > > Add a new realm instance in radiusd.conf like this # 'username%realm' # realm realmpercent { format = suffix delimiter = "%" } And then use this module in the authorize section. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html