Attribute error ?radius+bandwidth

[Joel n.solanki]

Dear all ..

I m working on bandwidth limit with freeradius.
I have already read the document of Marcus Maciel 
http://www.underlinux.com.br/modules.php?name=Sections&op=viewarticle&artid=223

I have inserted the attributes in both /etc/radiusclient/dictionary
and /usr/local/etc/raddb/dictionary.
All things i have done accordingly.
Now when i insert users in users file as told by the document.
then its is giving me error
Below is the configuration.
# /usr/local/etc/raddb/users

DEFAULT Group == "cliente128k", Auth-Type :=Local,
Simultaneous-Use = "1"
Fall-Through = Yes
   Download = 128
   Upload = 64
   Customer = customer


 this is error i get

Module: Loaded files
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
 files: compat = "no"
/usr/local/etc/raddb/users[78]: Syntax error: Previous line is missing a
trailing comma for entry DEFAULT
Errors reading /usr/local/etc/raddb/users
radiusd.conf[921]: files: Module instantiation failed.


I tried lot of solve this issue.
Then i removed some lines by doing #
then my users file looks like this.

DEFAULT Group == "cliente128k", Auth-Type := Local,
Simultaneous-Use = "1"
Fall-Through = Yes
 #  Download = 128
#   Upload = 64
#   Customer = customer


After putting # to this 3 lines i can start the radius without any
problem.

This is the output of radius -X

Module: Loaded radutmp
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.


So i think this is the problem related ATTRIBUTE ??
any ideas how to solve this problem.
any help is greatly appreciated.

Regards,
Joel



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius and CRAM auth.

[prpotdar]

Hi,

I am using the Free-Radius Server (version 0.9.3) currently. I am using the 
Unix authentication and it is working fine.

I want to use the CRAM authentication for my testing purpose. I searched over 
the net and the mailing lists for any documentation. However, I was not able 
to get much information.

I will be very thankful if you can provide me the details of enabling and 
using CRAM authentication in FreeRadius.

Thanks and Regards,

Prasad.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin (was Re: New Opensource project-AAAadmin )

[Amit Gupta]

find it at http://dmin.sourceforge.net
 
 
- Original Message - 
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 9:22 AM
Subject: Re: dialup_admin (was Re: New Opensource 
project-AAAadmin ) 

> "issa rabba'" <[EMAIL PROTECTED]> wrote:> 
> I want to know where I can find more about the AAAadmin priject> 
>   The AAAadmin project is NOT part of FreeRADIUS.> > 
  Everyone, stop posting AAAadmin questions to this list.  It 
should> have its own list, hosted elsewhere.> >   Alan 
DeKok.> > > - > List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html> 
 
---Outgoing mail is certified Virus 
Free.Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.726 / 
Virus Database: 481 - Release Date: 7/22/2004

Re: show_groups.php3

[apellido jr., wilfredo p.]

Just update show_groups.php3, same error...


  Warning: main(../lib/$config[general_lib_type]/group_info.php3): failed to
open stream: No such file or directory in
/usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74

  Warning: main(): Failed opening
'../lib/$config[general_lib_type]/group_info.php3' for inclusion
(include_path='.:/usr/local/share/pear') in
/usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74
  Could not find any groups





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

disctionary files

[Barry Murphy]

Hi,
 
I'm running poptop + freeradius + mysql and trying 
to work out which dictionary file i'd use. I'm wanting to get some additional 
info like Disconnect-Cause , tunnel end point etc and don't know if I can use 
the Ascend dictionary file for this.
 
Any help would be appreciated.
 
Barry

Re: CA web pages

[Kostas Kalevras]

On Mon, 26 Jul 2004 [EMAIL PROTECTED] wrote:

> Hi,
>
> I am looking for a simple way for my users to go to a web
> page and fill out a request for a cert and then we (admins)
> can go to another page, verify the data and sign it.  Any
> ideas on this - of course with openssl integrated with
> freeradius and SQL...

That's more or less called www.openca.org.

>
> thanks
> Kat
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: show_groups.php3

[Kostas Kalevras]

On Tue, 27 Jul 2004, apellido jr., wilfredo p. wrote:

> Im tried the latest dev of dialup_admin and i got this warning and it doesnt show 
> groups.
>
>   Warning: main(../lib/sql_group_info.php3): failed to open stream: No such
> file or directory in
> /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74
>
>   Warning: main(): Failed opening '../lib/sql_group_info.php3' for inclusion
> (include_path='.:/usr/local/share/pear') in
> /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74
>   Could not find any groups

Oops, Fixed. Thanks

>
>
>
> thanks very much

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

show_groups.php3

[apellido jr., wilfredo p.]

Im tried the latest dev of dialup_admin and i got 
this warning and it doesnt show groups.
 


  Warning: main(../lib/sql_group_info.php3): failed to open 
  stream: No such file or directory in 
  /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 
  74Warning: main(): Failed opening 
  '../lib/sql_group_info.php3' for inclusion 
  (include_path='.:/usr/local/share/pear') in 
  /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 
  74Could not find any groups
 
 
thanks very much

Re: How to distinguih between MAC an 802.1x auth requests

[Jeffrey C. Ollie]

On Mon, 2004-07-26 at 10:12, Zdenek Pizl wrote:
>
>  We are using Orinoco AP600 accesspoint. This AP can do Radius MAC
> Access control and EAP/802.1x Auth control.
> 
> The question is how have I configure the FreeRadius server to
> distinguish between these two options.

Test for the existance/non-existance of the EAP-Message:

DEFAULT Auth-Type := EAP, EAP-Message =* 1, NAS-Port-Type == Wireless-802.11
Cisco-AVPair = "ssid=",
Session-Timeout = 600,
Service-Type = Framed-User

That's how I do it on my Cisco 1200's...

Jeff



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius & Cisco-AVPair

[David Birnbaum]

For those of you (un)lucky enough to be searching for Cisco, PPPoE, 
RADIUS, static IP addresses, and the like, here's the skinny.

1.  Yes, Virginia, you can do static IP address via RADIUS, Cisco 7206,
and PPPoE for DSL-type applications.  At least as of 12.2(24), and
possibly much earlier.
2.  The "standard" radius attributes work:
Framed-Protocol = PPP,
Framed-IP-Address = X.X.X.X,
Framed-IP-Netmask = 255.255.255.255,
and the like (including Framed-Compression = Van-Jacobson-TCP-IP).
You don't need any of the Cisco-AVPair, at least not for the usual
stuff.
3.  However, you MUST have this:
  aaa authorization network default group radius none
Or nothing will work.
The "none" is important if you have any non-authorized PPP sessions (like 
regular serial lines) or you will break all of your non-RADIUS 
authenticated connections. Apparently, if you just have THIS:

  aaa authorization network default none
you will automatically be authorized for network information, but (here's 
the kicker) the Cisco will silently ignore the attributes returned by 
RADIUS because you didn't specify that they come from RADIUS.  So it will 
blithly ignore the return attributes.

Hopefully this will save somebody out there more time than I wasted on 
this, and thus the world will even out.

Cheers,
David.
-
On Mon, 19 Jul 2004, David Birnbaum wrote:
On Sun, 18 Jul 2004, Kevin Bonner wrote:
On Friday 16 July 2004 17:12, David Birnbaum wrote:
1.  Cisco doesn't seem to support Framed-Address for PPPoE (if anyone
 knows different that would be great, because nobody at Cisco knows
 how to do this.  If you can tell me how, stop reading the rest of 
the
 message and help me out!)
Here are some of the entries we use for our PPPoE connections on a 7505:
Cisco-AVPair += "ip:addr=1.2.3.1",
Cisco-AVPair += "ip:route=1.2.3.4 255.255.255.0",
Cisco-AVPair += "ip:inacl#1=permit ip any 1.2.3.0 0.0.0.255",
Try the ip:addr line rather than assigning an addr-pool and post your 
results.
If that doesn't work, the cisco config may need to be tweaked.
Kevin, I tried this out.  The cisco log still shows:
 Jul 19 15:51:39: Invalid attribute in radius buffer
 Jul 19 15:51:39: Unable to dump packet further
Obviously Cisco-AVPair is working for other people; could you share you 
working 7505 config?  I think the problem is that the radius packet is not 
built right or otherwise undecodable, which makes it hard to debug whether 
the AVPair syntax is right!  radiusd -X shows this:

 Sending Access-Accept of id 185 to X.X.X.X:1645
   Cisco-AVPair = "ip:addr=Y.Y.Y.Y"
   Service-Type = Framed-User
   Framed-Protocol = PPP
which sure looks good to me
David.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Barry Murphy]

Poptop does disconnect the user however the radius server doesnt receive a
stop request.

Barry

- Original Message - 
From: "Thor Spruyt" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 1:49 AM
Subject: Re: dialup admin replacement


> I think poptop is able to disconnect the user automatically when the
session
> is lost.
>
> - Original Message - 
> From: "Barry Murphy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 12:56 PM
> Subject: Re: dialup admin replacement
>
>
> > My problem is the poptop pptp server (with debian's ppp) is acting as
the
> > NAS server for my wireless clients, so there is no IOS to update. Not
many
> > people tend to be using pptp with radius and can answer this question.
> >
> > Barry
> >
> > - Original Message - 
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, July 27, 2004 8:47 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > I face this problem before, it was Cisco IOS bug, and they fix the it,
I
> > > think you have to update your IOS
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
Barry
> > > Murphy
> > > Sent: Monday, July 26, 2004 3:36 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: dialup admin replacement
> > >
> > > Anyone know how to get dialup_admin to check a poptop NAS to see if
> users
> > > are still connected or not. If a user disconnects by unplugging his
> > wireless
> > > card or by loosing signal to the wireless node they remain connected
> even
> > > though there pc has thrown them out. This causes multiple connections
> and
> > > long connection durations with no bandwidth info. Perhaps there is a
way
> > to
> > > check every hour or so if the user is connected or not?
> > >
> > >   base-nas.albanywireless.co.nz
> > >   Network Access Server 2 users connected 3 free lines
> > >   # user ip address caller id name duration
> > >   1 icepick 219.88.249.83 - Barry Murphy 104:32:29
> > >   2 casper 219.88.249.85 - - 83:25:39
> > >
> > > - Original Message -
> > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Tuesday, July 27, 2004 8:13 AM
> > > Subject: RE: dialup admin replacement
> > >
> > >
> > > > Ok, I will make another template for your uses, and you can change
to
> > that
> > > > template
> > > >
> > > >
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> Barry
> > > > Murphy
> > > > Sent: Monday, July 26, 2004 2:58 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: dialup admin replacement
> > > >
> > > > Thats great!!!
> > > >
> > > > Now just to add some functionality for a per month basis and
bandwidth
> > > usage
> > > > info.
> > > >
> > > > My users are charged on usage not time.
> > > >
> > > > Barry
> > > >
> > > > - Original Message -
> > > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Tuesday, July 27, 2004 6:33 AM
> > > > Subject: RE: dialup admin replacement
> > > >
> > > >
> > > > > Ok no problem
> > > > >
> > > > > Go to login2.php
> > > > > Commet line 32
> > > > > // $passwd = da_encrypt($passwd,$enc_passwd);
> > > > >
> > > > > If this not work try this
> > > > > Commet line 31, and 32
> > > > >
> > > > > // $passwd = $FF_valPassword;
> > > > > // $passwd = da_encrypt($passwd,$enc_passwd);
> > > > >
> > > > > And change line 34
> > > > > From
> > > > > if (!strcmp($passwd,$enc_passwd)){
> > > > > To
> > > > > if (!strcmp($FF_valPassword,$enc_passwd)){
> > > > >
> > > > > That's all
> > > > >
> > > > > Regards
> > > > > Issa rabba
> > > > >
> > > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Barry
> > > > > Murphy
> > > > > Sent: Monday, July 26, 2004 12:57 AM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: Re: dialup admin replacement
> > > > >
> > > > > I'm using clear text passwords.
> > > > >
> > > > > Thanks
> > > > > Barry
> > > > >
> > > > > - Original Message -
> > > > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Tuesday, July 27, 2004 5:12 AM
> > > > > Subject: RE: dialup admin replacement
> > > > >
> > > > >
> > > > > > I used the crypt function because all the password will be saved
> as
> > > > > crypted
> > > > > > password, if not please tell me I will tell you what to change
at
> > the
> > > > > > login2.php file
> > > > > >
> > > > > > Regards
> > > > > >
> > > > > > -Original Message-
> > > > > > From: [EMAIL PROTECTED]
> > > > > > [mailto:[EMAIL PROTECTED] On Behalf
Of
> > > Barry
> > > > > > Murphy
> > > > > > Sent: Sunday, July 25, 2004 11:48 PM
> > > > > > To: [EMAIL PROTECTED]
> > > > > > Subject: Re: dialup admin replacement
> > > > > >
> > > > > > Same here, is there a way to disable the cr

ntlm_auth

[Willey Kurt D]

Anyone have a simple smb.conf they are willing to share for a
Samba3-ntlm_auth install incorporated with FreeRADIUS??

THANKS!!

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: redhat spec file problem?

[Matthew Albright]

I had the same problem (and some others) with the redhat spec file,
and here is what I did to fix it... these are diffs to the 1.0.0pre3
spec file in the redhat directory.

matt

> diff freeradius.spec.orig freeradius.spec
5c5
< Release: 1
---
> Release: pre3
9c9
< Source0: %{name}-%{version}.tar.gz
---
> Source0: %{name}-%{version}-%{release}.tar.gz
24c24
< %setup
---
> %setup -n %{name}-%{version}-%{release}
34d33
<   --with-system-libtool \
67a67,68
> rm -rf $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}-%{release}
> 
81a83
> chown -R radiusd:radiusd /var/log/radius
103c105
< %doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL
---
> %doc doc/[^C0]* doc/C[^V]* todo/ COPYRIGHT INSTALL

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Mystery of mysql.sock location in FreeRADIUS

[Milver S. Nisay]

>
> Now, I can not figure out where in my system is a reference to
> '/var/lib/mysql/mysql.socke  It is not in radiusd.conf, or sql.conf.
>
> Any ideas?
well if you cant still find answers, you can try creating a soft link FROM 
/var  (where the sock file is being created) TO /usr
(where you want it to be),  its not the proper mysql solution but its an 
approach that works!
//milver 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Mystery of mysql.sock location in FreeRADIUS

[Simon Bryden]

You can set the environment variable MYSQL_UNIX_PORT as follows:

export MYSQL_UNIX_PORT=/usr/mysql/mysql.sock

I'm not sure why the freeradius mysql client doesn't check my.cnf, but I had 
the same issue and solved as above.

Regards,
Simon.
---

On Monday 26 July 2004 19:54, Masoud Safi wrote:
> From: Kostas Kalevras <[EMAIL PROTECTED]>
>
> >Reply-To: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: Re: Mystery of mysql.sock location in FreeRADIUS
> >Date: Sat, 24 Jul 2004 02:27:39 +0300 (EEST)
> >
> >On Thu, 22 Jul 2004, Masoud Safi wrote:
> > > Greetings,
> > >
> > > My radius server which uses MySQL 4.0.18-standard has been running fine
> >
> >for
> >
> > > a few months until my /var partition got full.  I had to move the data
> >
> >files
> >
> > > from /var/lib/mysql to /usr/mysql.
> > >
> > > After some config changes on the MySQL configs, the MySQL campe up
> >
> >running
> >
> > > fine.  An ODBC connection which I have had from a Windows box to the
> >
> >MySQL
> >
> > > server works fine too.
> > >
> > > However, FreeRADIUS would not connect to MySQL passing the following
> >
> >erro.
> >
> > > -
> > > rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
> > > rlm_sql_mysql: Starting connect to MySQL server for #0
> > > rlm_sql_mysql: Couldn't connect socket to MySQL server
> >
> >[EMAIL PROTECTED]:radius
> >
> > > rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through
> > > socket '/var/lib/mysql/mysql.sock' (2)'
> > > rlm_sql (sql): Failed to connect DB handle #0
> > > -
> > >
> > > Obviously, I had to make sure that "socket=/usr/mysql/mysql.sock" was
> > > in
> >
> >the
> >
> > > CLIENT portion of my.cnf file.
> > >
> > > Here is my DB status output:
> > > Server version  4.0.18-standard
> > > Protocol version10
> > > Connection  Localhost via UNIX socket
> > > UNIX socket /usr/mysql/mysql.sock
> > >
> > > Now, I can not figure out where in my system is a reference to
> > > '/var/lib/mysql/mysql.socke  It is not in radiusd.conf, or sql.conf.
> > >
> > > Any ideas?
> >
> >If you are sure you 've fixed my.cnf then things should work fine. I would
> >suggest tracing the open() calls of the freeradius to check which my.cnf
> >file is
> >opened by the mysql library used by the sql module.
>
> Yes, I am sure I configured the my.cfg correctly and that is why my Windows
> based ODBC connections work.  I also searched my entire HDD for other
> instances of my.cfg, but I only have one copy.  It seams to me that
> freeradius may be reading the mysql.sock info from somewhere else, but
> don't know where?
>
> As far as tracing the open() calls of freeradius, is there anything else I
> need to do, other than running radiusd -X?
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Mystery of mysql.sock location in FreeRADIUS

[Kostas Kalevras]

On Mon, 26 Jul 2004, Masoud Safi wrote:

> >If you are sure you 've fixed my.cnf then things should work fine. I would
> >suggest tracing the open() calls of the freeradius to check which my.cnf
> >file is
> >opened by the mysql library used by the sql module.
>
> Yes, I am sure I configured the my.cfg correctly and that is why my Windows
> based ODBC connections work.  I also searched my entire HDD for other
> instances of my.cfg, but I only have one copy.  It seams to me that
> freeradius may be reading the mysql.sock info from somewhere else, but don't
> know where?
>
> As far as tracing the open() calls of freeradius, is there anything else I
> need to do, other than running radiusd -X?

I meant mainly using strace or truss (depending on your unix flavor).

>
> _
> FREE pop-up blocking with the new MSN Toolbar ? get it now!
> http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

CA web pages

[histar2]

Hi,

I am looking for a simple way for my users to go to a web
page and fill out a request for a cert and then we (admins)
can go to another page, verify the data and sign it.  Any
ideas on this - of course with openssl integrated with
freeradius and SQL...

thanks
Kat

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Exec-Program-Wait attributes not included in Access-Accept

[Doug Hardie]

On Jul 26, 2004, at 06:58, Thor Spruyt wrote:
Hi,
I have freeradius 0.9.3 running with Postgresql database backend.
The only thing the radius checks is the password and then executes an
external script if authentication is ok.
The section in the users file is:
DEFAULT Auth-Type = Local
Exec-Program-Wait = "/opt/radius1/bin/auth.pl"
Everything runs fine, except the attributes output by the script (attr 
=
value seperated by newlines) are not added to the reply as you can see 
in
this debugging output:

auth: type Local
auth: user supplied User-Password matches local User-Password
radius_xlat:  '/opt/radius1/bin/auth.pl'
Exec-Program: /opt/radius1/bin/auth.pl
Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600
Session-Timeout = 171454526
Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout 
=
3600 Session-Timeout = 171454526
Exec-Program: returned: 0
Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22)
Sending Access-Accept of id 112 to 192.168.250.105:32780
Finished request 0
Going to the next request

Any idea what might be wrong?
I have an Exec-Program-Wait and I don't use returns.  Here is an 
example of the script output that works:

Session-Timeout = 3600, Framed-IP-Address = 66.81.99.99
There are no returns anywhere in the string.  I tried various 
combinations of things using debug mode to find one that works.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Mystery of mysql.sock location in FreeRADIUS

[Masoud Safi]

From: Kostas Kalevras <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Mystery of mysql.sock location in FreeRADIUS
Date: Sat, 24 Jul 2004 02:27:39 +0300 (EEST)
On Thu, 22 Jul 2004, Masoud Safi wrote:
> Greetings,
>
> My radius server which uses MySQL 4.0.18-standard has been running fine 
for
> a few months until my /var partition got full.  I had to move the data 
files
> from /var/lib/mysql to /usr/mysql.
>
> After some config changes on the MySQL configs, the MySQL campe up 
running
> fine.  An ODBC connection which I have had from a Windows box to the 
MySQL
> server works fine too.
>
> However, FreeRADIUS would not connect to MySQL passing the following 
erro.
>
> -
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
> rlm_sql_mysql: Starting connect to MySQL server for #0
> rlm_sql_mysql: Couldn't connect socket to MySQL server 
[EMAIL PROTECTED]:radius
> rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through
> socket '/var/lib/mysql/mysql.sock' (2)'
> rlm_sql (sql): Failed to connect DB handle #0
> -
>
> Obviously, I had to make sure that "socket=/usr/mysql/mysql.sock" was in 
the
> CLIENT portion of my.cnf file.
>
> Here is my DB status output:
> Server version  4.0.18-standard
> Protocol version10
> Connection  Localhost via UNIX socket
> UNIX socket /usr/mysql/mysql.sock
>
> Now, I can not figure out where in my system is a reference to
> '/var/lib/mysql/mysql.socke  It is not in radiusd.conf, or sql.conf.
>
> Any ideas?

If you are sure you 've fixed my.cnf then things should work fine. I would
suggest tracing the open() calls of the freeradius to check which my.cnf 
file is
opened by the mysql library used by the sql module.
Yes, I am sure I configured the my.cfg correctly and that is why my Windows 
based ODBC connections work.  I also searched my entire HDD for other 
instances of my.cfg, but I only have one copy.  It seams to me that 
freeradius may be reading the mysql.sock info from somewhere else, but don't 
know where?

As far as tracing the open() calls of freeradius, is there anything else I 
need to do, other than running radiusd -X?

_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Nick Marino]

How ever it is done using dialup admin. Not sure will have to look through
the code and config files of dialupadmin and see. Not sure where to look.
- Original Message - 
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 5:47 PM
Subject: RE: dialup admin replacement


> Ok, when save the password at the database what interface you use, do send
> the password to the encrypt function do you send a salt with the password?
> If yes what is it?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Nick
> Marino
> Sent: Monday, July 26, 2004 5:39 AM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> MD5
>
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 11:05 AM
> Subject: RE: dialup admin replacement
>
>
> > what is the is the encrypt password type?
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Nick
> > Marino
> > Sent: Sunday, July 25, 2004 4:17 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup admin replacement
> >
> > I tried it and no matter what username and password I put in it just
goes
> > back to the login page.
> >
> > I did configure pp.php to point to my database with the correct username
> and
> > password and database name.
> >
> > Any ideas?
> >
> > - Original Message -
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, July 26, 2004 12:18 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > Ok:
> > >
> > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> > >
> > > Please note that this interface for the mysql database only.
> > >
> > > Extract the stat.tar and edit Connections/pp.php, change the valuse of
> the
> > > hostname, username, password and database name.
> > >
> > > Then upload it to websever support PHP.
> > >
> > > Please contact me if you need any question.
> > >
> > > Regards,
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
sarky
> > > Sent: Sunday, July 25, 2004 11:20 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: dialup admin replacement
> > >
> > > cool if you can send it over to me that will be great.
> > > I think the dialup admin author is on this list, you can ask
> > >
> > > Sarky
> > >
> > > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > > I did some thing like that, but it's not a part of the dialupadmin,
it
> > > > web interface for our customers, I will customize it and send it to
> > > > you. Or if you know how can we publish it to be part of the dialup
> > > > admin project.
> > > >
> > > > Regards
> > > >
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > > >
> > > > Hello all,
> > > >
> > > >
> > > > I am looking for a web interface which does what dialup admin does
and
> > > > allows users to access it via there login/password and get all the
> > > > information they require download limits, what they have downloaded
> > > > and so on.
> > > >
> > > > Anything out there which does that ?
> > > >
> > > >
> > > > Sarky
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

eap-tls resumed handshake code

[Mohamad Badra]

Hi list,
I didn't find the code related to eap-tls resumed handshake. Can you help me please in 
that? I don't know if it is based on openssl resumed handshake of not. It seems not 
clear to me.
Sincerely,
Badra

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: redhat spec file problem?

[Daniel Chénard]

In the %files section I have change
# %doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL *

for

%doc %{_docdir}/freeradius-%{version}*/



Le lun 26/07/2004 Ã 13:05, marco a Ãcrit :
> > i've changed the spec for the same reason. You can try it (see 
> > attachment), 
> 
> interesting ... where ?
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
Daniel ChÃnard
SysAdmin Unix
Infoteck Internet
5480, Boul. Jean XXIII
Trois-RiviÃres-Ouest, QuÃbec
Canada
G8Z 4A9
Tel: 819-370-3232
Sans Frais: 1-866-853-3232
Fax: 819-370-3624



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: redhat spec file problem?

[Simeon Penev]

marco wrote:
i've changed the spec for the same reason. You can try it (see 
attachment), 
   

interesting ... where ?

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 

Here it is:
Summary: High-performance and highly configurable RADIUS server
URL: http://www.freeradius.org/
Name: freeradius
Version: 1.0.0
Release: pre3
License: GPL
Group: Networking/Daemons
Packager: FreeRADIUS.org
Source0: %{name}-%{version}.tar.gz
Prereq: /sbin/chkconfig
BuildPreReq: libtool
# FIXME: snmpwalk, snmpget and rusers POSSIBLY needed by checkrad
Provides: radiusd
Conflicts: cistron-radius
BuildRoot: %{_tmppath}/%{name}-root
%description
The FreeRADIUS Server Project is a high-performance and highly
configurable GPL'd RADIUS server. It is somewhat similar to the
Livingston 2.0 RADIUS server, but has many more features, and is much
more configurable.
%prep
%setup
%build
CFLAGS="$RPM_OPT_FLAGS" \
%configure --prefix=%{_prefix} \
   --localstatedir=%{_localstatedir} \
   --sysconfdir=%{_sysconfdir} \
   --mandir=%{_mandir} \
   --without-rlm-krb5 \
   --with-experimental-modules
make
%install
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,rc.d/init.d}
make install R=$RPM_BUILD_ROOT
RADDB=$RPM_BUILD_ROOT/etc/raddb
# set radiusd as default user/group
perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf
perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf
# shadow password file MUST be defined on Linux
perl -i -pe 's/#shadow =/shadow =/' $RADDB/radiusd.conf
# remove unneeded stuff
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/builddbm.8
rm -f $RPM_BUILD_ROOT%{_prefix}/sbin/rc.radiusd
cd redhat
install -m 755 rc.radiusd-redhat $RPM_BUILD_ROOT/etc/rc.d/init.d/radiusd
install -m 644 radiusd-logrotate $RPM_BUILD_ROOT/etc/logrotate.d/radiusd
install -m 644 radiusd-pam   $RPM_BUILD_ROOT/etc/pam.d/radius
cd ..
%pre
/usr/sbin/useradd -c "radiusd user" -r -s /bin/false -u 95 -d / radiusd 
2>/dev/null || :

%preun
if [ "$1" = "0" ]; then
   /sbin/service radiusd stop > /dev/null 2>&1
   /sbin/chkconfig --del radiusd
fi
%post
/sbin/ldconfig
/sbin/chkconfig --add radiusd
# Done here to avoid messing up existing installations
for i in radius/radutmp radius/radwtmp radius/radius.log # 
radius/radwatch.log radius/checkrad.log
do
   touch /var/log/$i
   chown radiusd:radiusd /var/log/$i
   chmod 600 /var/log/$i
done

%postun
if [ "$1" -ge "1" ]; then
   /sbin/service radiusd condrestart >/dev/null 2>&1
fi
if [ $1 = 0 ]; then
   /usr/sbin/userdel radiusd > /dev/null 2>&1 || :
fi
/sbin/ldconfig
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL
%config /etc/pam.d/radius
%config /etc/logrotate.d/radiusd
%config /etc/rc.d/init.d/radiusd
%config (noreplace) /etc/raddb/*
%{_bindir}/*
%{_datadir}/%{name}
%{_libdir}/*
%{_mandir}/*/*
%{_sbindir}/*
%attr(0700,radiusd,radiusd) %dir /var/log/radius
%attr(0700,radiusd,radiusd) %dir /var/log/radius/radacct
%attr(0700,radiusd,radiusd) %dir /var/run/radiusd
%changelog
* Mon May 31 2004 Paul Hampson
- update for 1.0.0 release
* Fri May 23 2003 Marko Myllynen
- update for 0.9
* Wed Sep  4 2002 Marko Myllynen
- fix libtool issues for good
* Thu Aug 22 2002 Marko Myllynen
- update for 0.7/0.8
* Tue Jun 18 2002 Marko Myllynen
- run as radiusd user instead of root
- added some options for configure
* Thu Jun  6 2002 Marko Myllynen
- set noreplace for non-dictionary files in /etc/raddb
* Sun May 26 2002 Frank Cusack <[EMAIL PROTECTED]>
- move /var dirs from %%post to %%files
* Thu Feb 14 2002 Marko Myllynen
- use dir name macros in all configure options
- libtool is required only when building the package
- misc clean ups
* Wed Feb 13 2002 Marko Myllynen
- use %%{_mandir} instead of /usr/man
- rename %%postin as %%post
- clean up name/version
* Fri Jan 18 2002 Frank Cusack <[EMAIL PROTECTED]>
- remove (noreplace) for /etc/raddb/* (due to rpm bugs)
* Fri Sep 07 2001 Ivan F. Martinez <[EMAIL PROTECTED]>
- changes to make compatible with default config file shipped
- adjusts log files are on /var/log/radius instead of /var/log
- /etc/raddb changed to config(noreplace) to don't override
-   user configs
* Fri Sep 22 2000 Bruno Lopes F. Cabral <[EMAIL PROTECTED]>
- spec file clear accordling to the libltdl fix and minor updates
* Wed Sep 12 2000 Bruno Lopes F. Cabral <[EMAIL PROTECTED]>
- Updated to snapshot-12-Sep-00
* Fri Jun 16 2000 Bruno Lopes F. Cabral <[EMAIL PROTECTED]>
- Initial release
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy server knows password

[Thor Spruyt]

- Original Message - 
From: "Kostas Kalevras" <[EMAIL PROTECTED]>


> On Mon, 26 Jul 2004, Thor Spruyt wrote:
>
> > Is there any way to prevent this from happening on the homeserver?
>
> Use EAP-TTLS-PAP,MS-CHAP,CHAP as authentication protocol. That's something
the
> client decides though.
>

In radiusd.conf on the homeserver I only have
authenticate {
Auth-Type CHAP {
chap
}
}

I understand that it's up to the NAS, but I would expect that the homeserver
denies PAP requests if it's not defined in radiusd.conf, so that the NAS has
to be configured to use CHAP?

Thor.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: redhat spec file problem?

[marco]

> i've changed the spec for the same reason. You can try it (see 
> attachment), 

interesting ... where ?



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy server knows password

[Kostas Kalevras]

On Mon, 26 Jul 2004, Thor Spruyt wrote:

> Hi,
>
> I have a homeserver and a proxyserver running on the same machine, but on
> different ports and different compilations (so they're actually independant
> of each other).
>
> When I run the homeserver with -X, it prints out the User-Password attribute
> of the Access-Request packet, which I think is normal.
> But when I run the proxyserver with -X, it also prints out the User-Password
> attribute of the Access-Request packet... I don't want anyone to see my
> users' passwords!
>
> Is there any reason why the proxy server sees the password?

You 're using PAP as the authentication protocol

> Is there any way to prevent this from happening on the homeserver?

Use EAP-TTLS-PAP,MS-CHAP,CHAP as authentication protocol. That's something the
client decides though.

>
> Thor.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: redhat spec file problem?

[Simeon Penev]

Hi,
i've changed the spec for the same reason. You can try it (see 
attachment), but you must tar the freeradius sources in directory 
"..-1.0.0", not - "..-1.0.0-pre3".

Cheers,
Simeon Penev
Dave Weis wrote:
I'm trying to build an rpm on fedora core 1 with the included redhat 
spec file but not having much luck. I had to make symlink from 
/usr/include/com_err.h -> /usr/include/et/com_err.h to get the 
kerberos stuff to compile. I also modified the header to include the 
prerelease portion:
Name: freeradius
Version: 1.0.0
Release: pre3
License: GPL
Group: Networking/Daemons
Packager: FreeRADIUS.org
Source0: %{name}-%{version}-%{release}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

I have gotten to the point where it compiles but dies when it tries to 
package the RPM:
Checking for unpackaged file(s): /usr/lib/rpm/check-files 
/var/tmp/freeradius-1.0.0-pre3-root
error: Installed (but unpackaged) file(s) found:
   /usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
   /usr/share/doc/freeradius-1.0.0-pre3/DIFFS
   /usr/share/doc/freeradius-1.0.0-pre3/MACOSX
   /usr/share/doc/freeradius-1.0.0-pre3/OS2
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
   /usr/share/doc/freeradius-1.0.0-pre3/README
   /usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)
RPM build errors:
Installed (but unpackaged) file(s) found:
   /usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
   /usr/share/doc/freeradius-1.0.0-pre3/DIFFS
   /usr/share/doc/freeradius-1.0.0-pre3/MACOSX
   /usr/share/doc/freeradius-1.0.0-pre3/OS2
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
   /usr/share/doc/freeradius-1.0.0-pre3/README
   /usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)

I am not very good with spec files. I did try changing the doc line in 
the files section to
%doc doc/*
but that didn't work either.

Thanks
dave


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Proxy server knows password

[Thor Spruyt]

Hi,

I have a homeserver and a proxyserver running on the same machine, but on
different ports and different compilations (so they're actually independant
of each other).

When I run the homeserver with -X, it prints out the User-Password attribute
of the Access-Request packet, which I think is normal.
But when I run the proxyserver with -X, it also prints out the User-Password
attribute of the Access-Request packet... I don't want anyone to see my
users' passwords!

Is there any reason why the proxy server sees the password?
Is there any way to prevent this from happening on the homeserver?

Thor.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Alan DeKok]

"issa rabba'" <[EMAIL PROTECTED]> wrote...
(  1-2 sentences, followed by reams of quoted material. )

  Can people PLEASE edit their posts, to NOT include all of the
previous messages in a thread?  If you need to see the older
messages, read the archives.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using multi-valued string LDAP attributes for user lockout in freeradius-1.x

[Dustin Doris]

On Fri, 23 Jul 2004, Daniel Epstein wrote:

> Greetings all,
>
> We run a freeradius-0.9.3 installation handling authentications for a
> number of different NASs on our campus.  The RADIUS servers are using
> an openldap directory as the primary user credentials store.  For a
> number of reasons, we designed our LDAP schema such that authorization
> for services is indicated by one or more values set in a multi-valued
> string attribute of the user object.  This is as opposed to using group
> membership or a series of discrete boolean or string attributes for
> authorization to each service type.  It should also be noted that the
> RADIUS server does not bind to LDAP in the context of a privileged
> account, but with the credentials supplied by the NAS client.
>
> When we initially deployed this infrastructure three years ago, we
> found that the rlm_ldap module was not able to query a multi-valued
> attribute for authorization using the 'access-attr' option.  Following
> suggestions from this list, we instead extended the 'filter' value to
> cause the authentication to fail if a particular string appears in the
> access attribute.  We have the following configuration:
>
> - radiusd.conf -
>   ldap ldap-vpn {
>   ...
>   filter = "(&(uid=%u)(!(ucPriv=novpn)))"
>   ...
>   }
>   ldap ldap-modem {
>   ...
>   filter = "(&(uid=%u)(!(ucPriv=nomodem)))"
>   ...
>   }
>   ldap ldap-soup {
>   ...
>   filter = "(&(uid=%u)(!(ucPriv=nosoup)))"
>   ...
>   }
>   ...
>   authenticate {
>   Auth-Type aldap-vpn {
>   ldap-vpn
>   }
>   Auth-Type aldap-modem {
>   ldap-modem
>   }
>   Auth-Type aldap-soup {
>   ldap-soup
>   }
>   }
>   authorize {
>   preprocess
>   files
>   Autz-Type zldap-vpn {
>   ldap-vpn
>   }
>   Autz-Type zldap-modem {
>   ldap-modem
>   }
>   Autz-Type zldap-soup {
>   ldap-soup
>   }
>   }
>   ...
> 
>
> - huntgroups.conf -
>
> vpn NAS-IP-Address == x.x.x.x
> vpn NAS-IP-Address == x.x.x.x
> vpn NAS-IP-Address == x.x.x.x
> modem   NAS-IP-Address == x.x.x.x
> modem   NAS-IP-Address == x.x.x.x
> modem   NAS-IP-Address == x.x.x.x
> soup  NAS-IP-Address == x.x.x.x
> 
>
> - users -
>
> DEFAULT Huntgroup-Name == vpn,
> Auth-Type := aldap-vpn,
> Autz-Type := zldap-vpn
>
> DEFAULT Huntgroup-Name == modem,
> Auth-Type := aldap-modem,
> Autz-Type := zldap-modem
>
> DEFAULT Huntgroup-Name == soup,
> Auth-Type := aldap-soup,
> Autz-Type := zldap-soup
>
> 
>
> While this works for us in terms of allowing and denying access
> appropriately, it is not optimal in that it does not allow us to log or
> return to the NAS the proper reason for authentication failure (because
> we are bundling authorization with authentication).  We're now in the
> middle of a redesign of the RADIUS infrastructure (including possible
> plans to test and deploy version 1.0.0 when released).  I was wondering
> if there is now a better way to approach this problem under the current
> version.  I've looked at the checkval module, but this seems to really
> work in the opposite direction, checking values from the NAS, not from
> the auth store, but I confess I don't understand it entirely.  Any help
> or suggestions would be appreciated.
>
> Cheers,
>
> Dan
>
> --
>

You may like the way we did it using the ldap-group option.  That way you
don't have to define different ldap instances to use.

The documentation is located at http://doris.cc/radius.  It is a little
outdated in versions, but should work with 1.0 and newer openldap
versions.  I will get around to updating that documentation for 1.0 one of
these days, although not much will be different.

That doc is also located in the doc directory in recent versions
(doc/ldap_howto.txt).

-Dusty Doris


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin (was Re: New Opensource project-AAAadmin )

[Alan DeKok]

"issa rabba'" <[EMAIL PROTECTED]> wrote:
> I want to know where I can find more about the AAAadmin priject

  The AAAadmin project is NOT part of FreeRADIUS.

  Everyone, stop posting AAAadmin questions to this list.  It should
have its own list, hosted elsewhere.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Checking SubjectAltName instead of CN

[Kraemmer Thomas]

Title: Checking SubjectAltName instead of CN






I've setup freeradius to authenticate users via EAP-TLS. To enforce security I'd like

to check the username contained in the client certificate. Is there a way to do it

based on the SubjectAltName instead of the CN? 


The eap.conf knows only the CN based option:

check_cert_cn = %{User-Name}


The SubjectAltName in my certificates contains an email address and is more easily

to handle.




Regards,

Thomas


--


Thomas Kraemmer

Re: dialup admin replacement

[Gary McKinney]

Hi Barry,

Would it not be better to contact the maintainer of the pppd for the Debian 
distribution and ask him/her why pppd is not sending the stop accounting packet to the 
radius server when a connection is dropped (for whatever reason)  That would "fix" 
the problem the way it should be corrected instead of bandaiding it
 
 
Gary N. McKinney


-- Original Message --
From: Barry Murphy <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
Date:  Mon, 26 Jul 2004 22:35:54 +1200

>Anyone know how to get dialup_admin to check a poptop NAS to see if users
>are still connected or not. If a user disconnects by unplugging his wireless
>card or by loosing signal to the wireless node they remain connected even
>though there pc has thrown them out. This causes multiple connections and
>long connection durations with no bandwidth info. Perhaps there is a way to
>check every hour or so if the user is connected or not?
>
>  base-nas.albanywireless.co.nz
>  Network Access Server 2 users connected 3 free lines
>  # user ip address caller id name duration
>  1 icepick 219.88.249.83 - Barry Murphy 104:32:29
>  2 casper 219.88.249.85 - - 83:25:39
>
>- Original Message - 
>From: "issa rabba'" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Tuesday, July 27, 2004 8:13 AM
>Subject: RE: dialup admin replacement
>
>
>> Ok, I will make another template for your uses, and you can change to that
>> template
>>
>>
>>
>> -Original Message-
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
>> Murphy
>> Sent: Monday, July 26, 2004 2:58 AM
>> To: [EMAIL PROTECTED]
>> Subject: Re: dialup admin replacement
>>
>> Thats great!!!
>>
>> Now just to add some functionality for a per month basis and bandwidth
>usage
>> info.
>>
>> My users are charged on usage not time.
>>
>> Barry
>>
>> - Original Message -
>> From: "issa rabba'" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Sent: Tuesday, July 27, 2004 6:33 AM
>> Subject: RE: dialup admin replacement
>>
>>
>> > Ok no problem
>> >
>> > Go to login2.php
>> > Commet line 32
>> > // $passwd = da_encrypt($passwd,$enc_passwd);
>> >
>> > If this not work try this
>> > Commet line 31, and 32
>> >
>> > // $passwd = $FF_valPassword;
>> > // $passwd = da_encrypt($passwd,$enc_passwd);
>> >
>> > And change line 34
>> > From
>> > if (!strcmp($passwd,$enc_passwd)){
>> > To
>> > if (!strcmp($FF_valPassword,$enc_passwd)){
>> >
>> > That's all
>> >
>> > Regards
>> > Issa rabba
>> >
>> >
>> > -Original Message-
>> > From: [EMAIL PROTECTED]
>> > [mailto:[EMAIL PROTECTED] On Behalf Of Barry
>> > Murphy
>> > Sent: Monday, July 26, 2004 12:57 AM
>> > To: [EMAIL PROTECTED]
>> > Subject: Re: dialup admin replacement
>> >
>> > I'm using clear text passwords.
>> >
>> > Thanks
>> > Barry
>> >
>> > - Original Message -
>> > From: "issa rabba'" <[EMAIL PROTECTED]>
>> > To: <[EMAIL PROTECTED]>
>> > Sent: Tuesday, July 27, 2004 5:12 AM
>> > Subject: RE: dialup admin replacement
>> >
>> >
>> > > I used the crypt function because all the password will be saved as
>> > crypted
>> > > password, if not please tell me I will tell you what to change at the
>> > > login2.php file
>> > >
>> > > Regards
>> > >
>> > > -Original Message-
>> > > From: [EMAIL PROTECTED]
>> > > [mailto:[EMAIL PROTECTED] On Behalf Of
>Barry
>> > > Murphy
>> > > Sent: Sunday, July 25, 2004 11:48 PM
>> > > To: [EMAIL PROTECTED]
>> > > Subject: Re: dialup admin replacement
>> > >
>> > > Same here, is there a way to disable the crypt part of things, I can
>> only
>> > > comment out a little, but still cant get it working.
>> > >
>> > > Barry
>> > >
>> > > - Original Message -
>> > > From: "Nick Marino" <[EMAIL PROTECTED]>
>> > > To: <[EMAIL PROTECTED]>
>> > > Sent: Monday, July 26, 2004 11:16 AM
>> > > Subject: Re: dialup admin replacement
>> > >
>> > >
>> > > > I tried it and no matter what username and password I put in it just
>> > goes
>> > > > back to the login page.
>> > > >
>> > > > I did configure pp.php to point to my database with the correct
>> username
>> > > and
>> > > > password and database name.
>> > > >
>> > > > Any ideas?
>> > > >
>> > > > - Original Message - 
>> > > > From: "issa rabba'" <[EMAIL PROTECTED]>
>> > > > To: <[EMAIL PROTECTED]>
>> > > > Sent: Monday, July 26, 2004 12:18 AM
>> > > > Subject: RE: dialup admin replacement
>> > > >
>> > > >
>> > > > > Ok:
>> > > > >
>> > > > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
>> > > > >
>> > > > > Please note that this interface for the mysql database only.
>> > > > >
>> > > > > Extract the stat.tar and edit Connections/pp.php, change the
>valuse
>> of
>> > > the
>> > > > > hostname, username, password and database name.
>> > > > >
>> > > > > Then upload it to websever support PHP.
>> > > > >
>> > > > > Please contact me if you need any question.
>> > > > >
>> > > > > Regards,
>> > > > >
>> > > > > -Ori

Re: Exec-Program-Wait attributes not included in Access-Accept

[Thor Spruyt]

Got it...

The script has to output ",\n" after each pair like so:

Acct-Interim-Interval = 600,
Idle-Timeout = 3600,
Session-Timeout = 171454526

Regards,
Thor.

- Original Message - 
From: "Paul Hampson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 4:16 PM
Subject: Re: Exec-Program-Wait attributes not included in Access-Accept


> On Mon, Jul 26, 2004 at 03:58:37PM +0200, Thor Spruyt wrote:
> > I have freeradius 0.9.3 running with Postgresql database backend.
> > The only thing the radius checks is the password and then executes an
> > external script if authentication is ok.
>
> > The section in the users file is:
>
> > DEFAULT Auth-Type = Local
> > Exec-Program-Wait = "/opt/radius1/bin/auth.pl"
>
> > Everything runs fine, except the attributes output by the script (attr =
> > value seperated by newlines) are not added to the reply as you can see
in
> > this debugging output:
>
> > auth: type Local
> > auth: user supplied User-Password matches local User-Password
> > radius_xlat:  '/opt/radius1/bin/auth.pl'
> > Exec-Program: /opt/radius1/bin/auth.pl
> > Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600
> > Session-Timeout = 171454526
> > Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout =
> > 3600 Session-Timeout = 171454526
> > Exec-Program: returned: 0
> > Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22)
> > Sending Access-Accept of id 112 to 192.168.250.105:32780
> > Finished request 0
> > Going to the next request
>
> > Any idea what might be wrong?
>
> Hmm. I'd suggest outputting the attributes on seperate lines...
>
> I'd also suggest moving to rlm_exec, which is less bug-prone as far as
> we know. ^_^
>
>
> -- 
> Paul "TBBle" Hampson, on an alternate email client.
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Enforcement rules after EAP authentication

[Tacio Santos]

I haven't noticed it before. The AP sends the MAC in the Calling Station ID.
Tacio

On Monday 26 July 2004 08:11, Tacio Santos wrote:
> Hi,
> I'm new to freeradius (and also to radius) and I've sucessfully setup
> EAP/TTLS authentication (thanks for this great project). Now I need to be
> able to do enforcement rules on my firewall per user basis (not only for
> authorization, but also for measurement). Is there a way to get the client
> MAC address from the radius server right after the EAP authentication fase?
> If not, how could I achieve this level of control?
>
> Thanks for you attention,
> Tacio
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How to distinguih between MAC an 802.1x auth requests

[Zdenek Pizl]

Hallo,

 We are using Orinoco AP600 accesspoint. This AP can do Radius MAC
Access control and EAP/802.1x Auth control.

The question is how have I configure the FreeRadius server to
distinguish between these two options.

I am not able to get it work. I am trying to distinguish these two cases
in according to User-Name, because there is a difference in it (a mac
address in the first case and the defined user name from X.509 cet in
the second one). But I am not successful :(

hints file:
***

DEFAULT User-Name =~ "^[A-Z]{1}.* [A-Z]{1}.*"
Auth-Type := EAP,
Hint := "EAP"

DEFAULT User-Name =~ "^[0-9a-f]{12}$"
Auth-Type := Local,
User-Password := "MACADDRESS",
Hint := "WEP"


users file:


DEFAULT Hint == WEP, Auth-Type := Local
Framed-IP-Address = 255.255.255.255,
Framed-IP-Netmask = 255.255.255.0,

DEFAULT Hint == EAP, Auth-Type := EAP
Framed-IP-Address = 255.255.255.255,
Framed-IP-Netmask = 255.255.255.0,



Doe anybody resolve similar scenario? Thanks in advance. z.p.


-- 
Zdenek Pizl
Systinet Corporation
Vinohradska 190
130 00 Praha 3



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[sarky]

maybe a fault of mine for not going through the logs, when i look at patches
or release i always see it the same so i assumed that it is not active.

but now i know and as for an email asking for features never did cause of the above
reason but now i know.

Sarky

On Mon, 26 Jul 2004 16:28:54 +0300 (EEST), Kostas Kalevras wrote:
> On Mon, 26 Jul 2004, sarky wrote:
>
>
>> Actualy I care i dont know about the rest, but i have been using
>> freeradius/dialup-admin for a while
>> and development just seem to have stoped on dialup-admin, hence i
>> was loosing hope.
>>
>
> 1. It never stoped. Have you looked in the Changelog, or in the
> dialupadmin CVS?
>
>
> 2. I don't remember ever seeing an email asking for such a feature
> like the one you asked.
>



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

problem with huntgroups file in freeradius-1.0.0-pre3

[David Mifsud]

Hi,

We are experiencing problems using the huntgroups file with freeradius-1.0.0-pre3.

Please note that the NAS-IP-Address is the same for both
huntgroups ie 217.15.97.19. Using different NAS-IP-Addresses works fine

 

Huntgroups file is as follows :-

 

streamgamers   NAS-IP-Address == 217.15.97.19

   
Group == users,

   
Group == tech

 

gaming      NAS-IP-Address
== 217.15.97.19

   
Group == gamers,

   
Group == users,

   
Group == tech

 

 

Users file is as follows :-

 

DEFAULT
Auth-Type := System, Hint == "gamestream", Huntgroup-Name ==
"gaming", Service-Type == Framed-User

   
Service-Type = Framed-User,

   
Framed-Protocol = PPP,

 

DEFAULT
Auth-Type := System, Hint == "stream", Huntgroup-Name ==
"streamgamers", Service-Type == Framed-User

   
Service-Type = Framed-User,

   
Framed-Protocol = PPP,

 

Hints file is as follows :-

 

DEFAULT Suffix == "@stream", Strip-User-Name = Yes

    Hint =
"stream"

 

DEFAULT Suffix == "@gamestream", Strip-User-Name =
Yes

    Hint =
"gamestream"

 

 

The problem we have is the following :-

Imagine 2 users

john1 in group gamers

peter1 in group tech

 

we require john1 to obtain access using only the @gamestream
realm

if [EMAIL PROTECTED] tries to connect he is denied access
stating the following error :-

    Mon
Jul 26 10:39:24 2004 : Auth: No huntgroup access: [john1]

If [EMAIL PROTECTED] tries to connect he is denied access

If [EMAIL PROTECTED] tries to connect he is allowed access

If [EMAIL PROTECTED] tries to connect he is allowed access

 

 

Now if we modify the huntgroups file as follows putting the
gaming huntgorup first (the one with more groups):-

 

gaming      NAS-IP-Address
== 217.15.97.19

   
Group == gamers,

   
Group == users,

   
Group == tech

 

streamgamers   NAS-IP-Address == 217.15.97.19

   
Group == users,

   
Group == tech

 

And try the users again :-

we require john1 to obtain access using only the @gamestream
realm

if [EMAIL PROTECTED] tries to connect he is allowed access

If [EMAIL PROTECTED] tries to connect he is allowed access (which
is not required)

If [EMAIL PROTECTED] tries to connect he is allowed access

If [EMAIL PROTECTED] tries to connect he is allowed access

 

This means that for some reason only the first list of
groups is matching

 

Can you help us out. If you require further details just
ask. 

Thanks for your time!

 

Regards,



David
Mifsud
Network Engineer 
DataStream Ltd. 
Office Direct: 2567 7230 
Office General: 2567 7000 
URL: 


This
Email is confidential and intended solely for the use of the individual to whom
it is addressed. Any views or opinions represented are solely those of the
author and do not necessarily represent those of Datastream Ltd. If you are not
the intended recipient, be advised that you have received this e-mail in error
and that any use, dissemination, forwarding,printing or copying of this Email
is strictly prohibited. Please notify the sender immediately by e-mail if you
have received this e-mail by mistake or call +356 21482000 and delete this
e-mail from your system. E-mail transmission cannot be guaranteed to be secure
or free of errors as information could be intercepted, corrupted, lost,
destroyed, delayed or incomplete, and/or contain viruses. The sender therefore
does not accept liability for any errors or omissions in the contents of this
message, which arise as a result of Email Transmission.

 

RE: x99_rlm.c error

[Willey Kurt D]

Follow-up: FreeRADIUS 1.0.0-pre2 seems to compile and install correctly

-Original Message-
From: Willey Kurt D 
Sent: Friday, July 23, 2004 4:03 PM
To: [EMAIL PROTECTED]
Subject: x99_rlm.c error

Can anyone shed some light on this error??
Fedora Core 2, FreeRADIUS 1.0.0-pre3

# CC=/usr/local/gcc-3.4.0/bin/gcc ./configure
--prefix=/usr/local/radiusd --with-ldap
--with-rlm-ldap-lib-dir=/usr/local/ldap/lib
--with-rlm-ldap-include-dir=/usr/local/ldap/include/
--with-openssl-includes=/usr/local/ssl/include/
--with-openssl-libraries=/usr/local/ssl/lib/
# make



Making static dynamic in rlm_unix...
gmake[6]: Entering directory
`/root/freeradius-1.0.0-pre3/src/modules/rlm_unix'
/root/freeradius-1.0.0-pre3/libtool --mode=link ld \
-module -static  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS
-DOPENSSL_NO_KRB5 -I/usr/local/ssl/include -Wall -D_GNU_SOURCE -DNDEBUG
-I../../include  rlm_unix.o cache.o compat.o -o rlm_unix.a 
ar cru rlm_unix.a rlm_unix.o cache.o compat.o  
ranlib rlm_unix.a
gmake[6]: Leaving directory
`/root/freeradius-1.0.0-pre3/src/modules/rlm_unix'
Making static dynamic in rlm_x99_token...
gmake[6]: Entering directory
`/root/freeradius-1.0.0-pre3/src/modules/rlm_x99_token'
/usr/local/gcc-3.4.0/bin/gcc  -g -O2 -D_REENTRANT
-D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I/usr/local/ssl/include
-Wall -D_GNU_SOURCE -DNDEBUG  -I../../include
-DX99_MODULE_NAME=\"rlm_x99_token\"  -I/usr/local/ssl/include
-DFREERADIUS -c x99_rlm.c -o x99_rlm.o
x99_rlm.c: In function `x99_token_authenticate':
x99_rlm.c:550: error: label at end of compound statement
gmake[6]: *** [x99_rlm.o] Error 1
gmake[6]: Leaving directory
`/root/freeradius-1.0.0-pre3/src/modules/rlm_x99_token'
gmake[5]: *** [common] Error 1
gmake[5]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules'
gmake[4]: *** [all] Error 2
gmake[4]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules'
gmake[3]: *** [common] Error 1
gmake[3]: Leaving directory `/root/freeradius-1.0.0-pre3/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/root/freeradius-1.0.0-pre3/src'
gmake[1]: *** [common] Error 1
gmake[1]: Leaving directory `/root/freeradius-1.0.0-pre3'
make: *** [all] Error 2

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Exec-Program-Wait attributes not included in Access-Accept

[Paul Hampson]

On Mon, Jul 26, 2004 at 03:58:37PM +0200, Thor Spruyt wrote:
> I have freeradius 0.9.3 running with Postgresql database backend.
> The only thing the radius checks is the password and then executes an
> external script if authentication is ok.

> The section in the users file is:

> DEFAULT Auth-Type = Local
> Exec-Program-Wait = "/opt/radius1/bin/auth.pl"

> Everything runs fine, except the attributes output by the script (attr =
> value seperated by newlines) are not added to the reply as you can see in
> this debugging output:

> auth: type Local
> auth: user supplied User-Password matches local User-Password
> radius_xlat:  '/opt/radius1/bin/auth.pl'
> Exec-Program: /opt/radius1/bin/auth.pl
> Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600
> Session-Timeout = 171454526
> Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout =
> 3600 Session-Timeout = 171454526
> Exec-Program: returned: 0
> Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22)
> Sending Access-Accept of id 112 to 192.168.250.105:32780
> Finished request 0
> Going to the next request

> Any idea what might be wrong?

Hmm. I'd suggest outputting the attributes on seperate lines...

I'd also suggest moving to rlm_exec, which is less bug-prone as far as
we know. ^_^


-- 
Paul "TBBle" Hampson, on an alternate email client.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Acct-Unique-Session-Id and exec

[Thor Spruyt]

Might be caused by acct packets for the same sessions coming from different
IP addresses, which causes Client-IP-Address to have a different value.

- Original Message - 
From: "George Chelidze" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 1:37 PM
Subject: Acct-Unique-Session-Id and exec


> Hello,
>
> I am running freeradius 0.9.3. I need to run an external program after
> stop record arrives. I pass %{Acct-Unique-Session-Id}, %{User-Name} and
> %{Calling-Station-Id} to this external program. according to this
> username and callingnumber it does some calculations and should update
> radacct table for this acctuniquesessionid. The problem is that often my
> external program receives uniquesessionid which is not found in radacct.
> As noted in config, exec is called after sql so it should be there
> but... Is there any obvious reason for this? Now I decided to use
> Acct-Session-Id instead and since then I have no problems. Any
suggestions?
>
>
> my config:
>
> ...
>
> modules {
>  realm RealM {
>  format = suffix
>  delimiter = "@"
>  }
>  preprocess {
>  with_cisco_vsa_hack = yes
>  }
>  files {
>  usersfile = ${confdir}/users
>  }
>  exec setprice {
>  wait = no
>  program = "/usr/local/radius/share/epw %{Acct-Status-Type}
> %{User-Name} %{Acct-Session-Id} %{Calling-Station-Id}"
>  input_pairs = request
>  }
>  detail {
>  detailfile =
> ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>  detailperm = 0600
>  }
>  detail auth_log {
>  detailfile =
> ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
>  detailperm = 0600
>  }
>  acct_unique {
>  key = "User-Name, Acct-Session-Id, NAS-IP-Address,
> Client-IP-Address, NAS-Port-Id"
>  }
>  $INCLUDE  ${confdir}/sql.conf
> }
>
> ...
>
> preacct {
>  preprocess
> }
>
> accounting {
>  acct_unique
>  sql
>  setprice
>  detail
> }
>
>
> Best Regards,
> -- 
> George Chelidze
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Exec-Program-Wait attributes not included in Access-Accept

[Thor Spruyt]

Hi,

I have freeradius 0.9.3 running with Postgresql database backend.
The only thing the radius checks is the password and then executes an
external script if authentication is ok.

The section in the users file is:

DEFAULT Auth-Type = Local
Exec-Program-Wait = "/opt/radius1/bin/auth.pl"


Everything runs fine, except the attributes output by the script (attr =
value seperated by newlines) are not added to the reply as you can see in
this debugging output:

auth: type Local
auth: user supplied User-Password matches local User-Password
radius_xlat:  '/opt/radius1/bin/auth.pl'
Exec-Program: /opt/radius1/bin/auth.pl
Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600
Session-Timeout = 171454526
Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout =
3600 Session-Timeout = 171454526
Exec-Program: returned: 0
Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22)
Sending Access-Accept of id 112 to 192.168.250.105:32780
Finished request 0
Going to the next request

Any idea what might be wrong?

Thor.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Is Release 1.0.0 available?

[Graeme Hinchliffe]

On Mon, 2004-07-26 at 14:25, Raimund Sacherer wrote:
> just curious ..., what's a toddler? ;-)

:) a more mobile/noisey/destructive/stressful version of a baby :)


-- 
-
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk/)

ICQ 3842605 (link)

Direct: 0845 058 9074
Main  : 0845 058 9000
Fax   : 0845 058 9005




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Thor Spruyt]

I think poptop is able to disconnect the user automatically when the session
is lost.

- Original Message - 
From: "Barry Murphy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 12:56 PM
Subject: Re: dialup admin replacement


> My problem is the poptop pptp server (with debian's ppp) is acting as the
> NAS server for my wireless clients, so there is no IOS to update. Not many
> people tend to be using pptp with radius and can answer this question.
>
> Barry
>
> - Original Message - 
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 27, 2004 8:47 AM
> Subject: RE: dialup admin replacement
>
>
> > I face this problem before, it was Cisco IOS bug, and they fix the it, I
> > think you have to update your IOS
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> > Murphy
> > Sent: Monday, July 26, 2004 3:36 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup admin replacement
> >
> > Anyone know how to get dialup_admin to check a poptop NAS to see if
users
> > are still connected or not. If a user disconnects by unplugging his
> wireless
> > card or by loosing signal to the wireless node they remain connected
even
> > though there pc has thrown them out. This causes multiple connections
and
> > long connection durations with no bandwidth info. Perhaps there is a way
> to
> > check every hour or so if the user is connected or not?
> >
> >   base-nas.albanywireless.co.nz
> >   Network Access Server 2 users connected 3 free lines
> >   # user ip address caller id name duration
> >   1 icepick 219.88.249.83 - Barry Murphy 104:32:29
> >   2 casper 219.88.249.85 - - 83:25:39
> >
> > - Original Message -
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, July 27, 2004 8:13 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > Ok, I will make another template for your uses, and you can change to
> that
> > > template
> > >
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
Barry
> > > Murphy
> > > Sent: Monday, July 26, 2004 2:58 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: dialup admin replacement
> > >
> > > Thats great!!!
> > >
> > > Now just to add some functionality for a per month basis and bandwidth
> > usage
> > > info.
> > >
> > > My users are charged on usage not time.
> > >
> > > Barry
> > >
> > > - Original Message -
> > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Tuesday, July 27, 2004 6:33 AM
> > > Subject: RE: dialup admin replacement
> > >
> > >
> > > > Ok no problem
> > > >
> > > > Go to login2.php
> > > > Commet line 32
> > > > // $passwd = da_encrypt($passwd,$enc_passwd);
> > > >
> > > > If this not work try this
> > > > Commet line 31, and 32
> > > >
> > > > // $passwd = $FF_valPassword;
> > > > // $passwd = da_encrypt($passwd,$enc_passwd);
> > > >
> > > > And change line 34
> > > > From
> > > > if (!strcmp($passwd,$enc_passwd)){
> > > > To
> > > > if (!strcmp($FF_valPassword,$enc_passwd)){
> > > >
> > > > That's all
> > > >
> > > > Regards
> > > > Issa rabba
> > > >
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> Barry
> > > > Murphy
> > > > Sent: Monday, July 26, 2004 12:57 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: dialup admin replacement
> > > >
> > > > I'm using clear text passwords.
> > > >
> > > > Thanks
> > > > Barry
> > > >
> > > > - Original Message -
> > > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Tuesday, July 27, 2004 5:12 AM
> > > > Subject: RE: dialup admin replacement
> > > >
> > > >
> > > > > I used the crypt function because all the password will be saved
as
> > > > crypted
> > > > > password, if not please tell me I will tell you what to change at
> the
> > > > > login2.php file
> > > > >
> > > > > Regards
> > > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > Barry
> > > > > Murphy
> > > > > Sent: Sunday, July 25, 2004 11:48 PM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: Re: dialup admin replacement
> > > > >
> > > > > Same here, is there a way to disable the crypt part of things, I
can
> > > only
> > > > > comment out a little, but still cant get it working.
> > > > >
> > > > > Barry
> > > > >
> > > > > - Original Message -
> > > > > From: "Nick Marino" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Monday, July 26, 2004 11:16 AM
> > > > > Subject: Re: dialup admin replacement
> > > > >
> > > > >
> > > > > > I tried it and no matter what username and password I put in it
> just
> > > > goes
> > > > > > back to the login page.
> > > > > >
> > > > > > I did configure pp.php to point to my databas

Re: dialup admin replacement

[Kostas Kalevras]

On Mon, 26 Jul 2004, sarky wrote:

> Actualy I care i dont know about the rest, but i have been using 
> freeradius/dialup-admin for a while
> and development just seem to have stoped on dialup-admin, hence i was loosing hope.

1. It never stoped. Have you looked in the Changelog, or in the dialupadmin CVS?

2. I don't remember ever seeing an email asking for such a feature like the one
you asked.

>
> Sarky
>
> Thanx
>
> On Mon, 26 Jul 2004 11:48:05 +0300 (EEST), Kostas Kalevras wrote:
> > On Sat, 24 Jul 2004, sarky wrote:
> >
> >
> >> Hello all,
> >>
> >>
> >> I am looking for a web interface which does what dialup admin
> >> does and allows users to access it via there login/password and
> >> get all the information they require download limits, what they
> >> have downloaded and so on.
> >>
> >
> > You are actually describing the functionality of dialupadmin? Why
> > are you asking for a replacement instead of just adding this
> > capability to dialupadmin?
> >
> > Anyway, after i 've finished with my security audit of dialupadmin
> > i 'll add that functionality. If you care you can use it.
> >
> >>
> >> Anything out there which does that ?
> >>
> >>
> >> Sarky
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> > --
> > Kostas KalevrasNetwork Operations Center
> > [EMAIL PROTECTED]National Technical University of Athens, Greece
> > Work Phone:+30 210 7721861 'Go back to the shadow'Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to resolve following scenario: two groups of clients accessing wifi AP ++

[Zdenek Pizl]

On Mon, 2004-07-26 at 09:14, Zdenek Pizl wrote:
> On Fri, 2004-07-23 at 17:54, Alan DeKok wrote:
> > Zdenek Pizl <[EMAIL PROTECTED]> wrote:
> > > I don't know exactly what do I need to search, the optimal version how
> > > to distinguish between groups of EAP/TLS and MAC users would be:
> > > 
> > > "[0-9a-fA-F]{6}-[0-9a-fA-F]{6}" Auth-Type := Local
> > > DEFAULT Auth-Type := EAP
> > >
> > > But there is no posibility to use regexp in users file, isn't it?
> >   Why do you say that?


Sorry, it works, my mistake.

 DEFAULT User-Name =~ "^[A-Z]{1}.* [A-Z]{1}.*"



-- 
Zdenek Pizl
Systinet Corporation
Vinohradska 190
130 00 Praha 3



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Is Release 1.0.0 available?

[Raimund Sacherer]

just curious ..., what's a toddler? ;-)

congrulations from me to :)

regards

On Mon, 2004-07-26 at 14:15 +0100, Graeme Hinchliffe wrote:
> On Thu, 2004-07-22 at 22:25, Alan DeKok wrote:
> > "David" <[EMAIL PROTECTED]> wrote:
> > > I saw on the list last week that 1.0.0 was just about ready and I have
> > > seen some other posts referring to 1.0.0 , is 1.0.0 ready for download yet?
> > 
> >   No.  I was going to release it last Friday, but my wife released
> > "Baby 1.0" first.  That took priority, oddly enough.
> > 
> >   Give me a few days to sleep...
> 
> congratulations!, welcome to the world of parenting and sleepless nights
> of stress :)
> 
> enjoy your few days of sleep (if you get them) you may not be getting
> any more for a while :)
> 
> Congratulations...
> 
> (I have both baby 2.0 and Toddler 1.0 at home :) )
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Is Release 1.0.0 available?

[Graeme Hinchliffe]

On Thu, 2004-07-22 at 22:25, Alan DeKok wrote:
> "David" <[EMAIL PROTECTED]> wrote:
> > I saw on the list last week that 1.0.0 was just about ready and I have
> > seen some other posts referring to 1.0.0 , is 1.0.0 ready for download yet?
> 
>   No.  I was going to release it last Friday, but my wife released
> "Baby 1.0" first.  That took priority, oddly enough.
> 
>   Give me a few days to sleep...

congratulations!, welcome to the world of parenting and sleepless nights
of stress :)

enjoy your few days of sleep (if you get them) you may not be getting
any more for a while :)

Congratulations...

(I have both baby 2.0 and Toddler 1.0 at home :) )

-- 
-
Graeme Hinchliffe (BSc)
Core Internet Systems Designer
Zen Internet (http://www.zen.co.uk/)

ICQ 3842605 (link)

Direct: 0845 058 9074
Main  : 0845 058 9000
Fax   : 0845 058 9005




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[sarky]

Actualy I care i dont know about the rest, but i have been using 
freeradius/dialup-admin for a while
and development just seem to have stoped on dialup-admin, hence i was loosing hope.

Sarky

Thanx

On Mon, 26 Jul 2004 11:48:05 +0300 (EEST), Kostas Kalevras wrote:
> On Sat, 24 Jul 2004, sarky wrote:
>
>
>> Hello all,
>>
>>
>> I am looking for a web interface which does what dialup admin
>> does and allows users to access it via there login/password and
>> get all the information they require download limits, what they
>> have downloaded and so on.
>>
>
> You are actually describing the functionality of dialupadmin? Why
> are you asking for a replacement instead of just adding this
> capability to dialupadmin?
>
> Anyway, after i 've finished with my security audit of dialupadmin
> i 'll add that functionality. If you care you can use it.
>
>>
>> Anything out there which does that ?
>>
>>
>> Sarky
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> --
> Kostas KalevrasNetwork Operations Center
> [EMAIL PROTECTED]National Technical University of Athens, Greece
> Work Phone:+30 210 7721861 'Go back to the shadow'Gandalf
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup admin replacement

[issa rabba']

Ok, when save the password at the database what interface you use, do send
the password to the encrypt function do you send a salt with the password?
If yes what is it? 

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Nick
Marino
Sent: Monday, July 26, 2004 5:39 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement

MD5


- Original Message -
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 11:05 AM
Subject: RE: dialup admin replacement


> what is the is the encrypt password type?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Nick
> Marino
> Sent: Sunday, July 25, 2004 4:17 PM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> I tried it and no matter what username and password I put in it just goes
> back to the login page.
>
> I did configure pp.php to point to my database with the correct username
and
> password and database name.
>
> Any ideas?
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 12:18 AM
> Subject: RE: dialup admin replacement
>
>
> > Ok:
> >
> > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> >
> > Please note that this interface for the mysql database only.
> >
> > Extract the stat.tar and edit Connections/pp.php, change the valuse of
the
> > hostname, username, password and database name.
> >
> > Then upload it to websever support PHP.
> >
> > Please contact me if you need any question.
> >
> > Regards,
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of sarky
> > Sent: Sunday, July 25, 2004 11:20 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: dialup admin replacement
> >
> > cool if you can send it over to me that will be great.
> > I think the dialup admin author is on this list, you can ask
> >
> > Sarky
> >
> > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > I did some thing like that, but it's not a part of the dialupadmin, it
> > > web interface for our customers, I will customize it and send it to
> > > you. Or if you know how can we publish it to be part of the dialup
> > > admin project.
> > >
> > > Regards
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > >
> > > Hello all,
> > >
> > >
> > > I am looking for a web interface which does what dialup admin does and
> > > allows users to access it via there login/password and get all the
> > > information they require download limits, what they have downloaded
> > > and so on.
> > >
> > > Anything out there which does that ?
> > >
> > >
> > > Sarky
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>



- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Nick Marino]

I am using md5 which is the default in radius.conf

- Original Message - 
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 12:12 PM
Subject: RE: dialup admin replacement


> I used the crypt function because all the password will be saved as
crypted
> password, if not please tell me I will tell you what to change at the
> login2.php file
>
> Regards
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Sunday, July 25, 2004 11:48 PM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> Same here, is there a way to disable the crypt part of things, I can only
> comment out a little, but still cant get it working.
>
> Barry
>
> - Original Message -
> From: "Nick Marino" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 11:16 AM
> Subject: Re: dialup admin replacement
>
>
> > I tried it and no matter what username and password I put in it just
goes
> > back to the login page.
> >
> > I did configure pp.php to point to my database with the correct username
> and
> > password and database name.
> >
> > Any ideas?
> >
> > - Original Message - 
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, July 26, 2004 12:18 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > Ok:
> > >
> > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> > >
> > > Please note that this interface for the mysql database only.
> > >
> > > Extract the stat.tar and edit Connections/pp.php, change the valuse of
> the
> > > hostname, username, password and database name.
> > >
> > > Then upload it to websever support PHP.
> > >
> > > Please contact me if you need any question.
> > >
> > > Regards,
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
sarky
> > > Sent: Sunday, July 25, 2004 11:20 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: dialup admin replacement
> > >
> > > cool if you can send it over to me that will be great.
> > > I think the dialup admin author is on this list, you can ask
> > >
> > > Sarky
> > >
> > > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > > I did some thing like that, but it's not a part of the dialupadmin,
it
> > > > web interface for our customers, I will customize it and send it to
> > > > you. Or if you know how can we publish it to be part of the dialup
> > > > admin project.
> > > >
> > > > Regards
> > > >
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > > >
> > > > Hello all,
> > > >
> > > >
> > > > I am looking for a web interface which does what dialup admin does
and
> > > > allows users to access it via there login/password and get all the
> > > > information they require download limits, what they have downloaded
> > > > and so on.
> > > >
> > > > Anything out there which does that ?
> > > >
> > > >
> > > > Sarky
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Nick Marino]

MD5


- Original Message - 
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 11:05 AM
Subject: RE: dialup admin replacement


> what is the is the encrypt password type?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Nick
> Marino
> Sent: Sunday, July 25, 2004 4:17 PM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> I tried it and no matter what username and password I put in it just goes
> back to the login page.
>
> I did configure pp.php to point to my database with the correct username
and
> password and database name.
>
> Any ideas?
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 12:18 AM
> Subject: RE: dialup admin replacement
>
>
> > Ok:
> >
> > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> >
> > Please note that this interface for the mysql database only.
> >
> > Extract the stat.tar and edit Connections/pp.php, change the valuse of
the
> > hostname, username, password and database name.
> >
> > Then upload it to websever support PHP.
> >
> > Please contact me if you need any question.
> >
> > Regards,
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of sarky
> > Sent: Sunday, July 25, 2004 11:20 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: dialup admin replacement
> >
> > cool if you can send it over to me that will be great.
> > I think the dialup admin author is on this list, you can ask
> >
> > Sarky
> >
> > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > I did some thing like that, but it's not a part of the dialupadmin, it
> > > web interface for our customers, I will customize it and send it to
> > > you. Or if you know how can we publish it to be part of the dialup
> > > admin project.
> > >
> > > Regards
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > >
> > > Hello all,
> > >
> > >
> > > I am looking for a web interface which does what dialup admin does and
> > > allows users to access it via there login/password and get all the
> > > information they require download limits, what they have downloaded
> > > and so on.
> > >
> > > Anything out there which does that ?
> > >
> > >
> > > Sarky
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

redhat spec file problem?

[Dave Weis]

I'm trying to build an rpm on fedora core 1 with the included redhat spec 
file but not having much luck. I had to make symlink from 
/usr/include/com_err.h -> /usr/include/et/com_err.h to get the kerberos 
stuff to compile. I also modified the header to include the prerelease 
portion:
Name: freeradius
Version: 1.0.0
Release: pre3
License: GPL
Group: Networking/Daemons
Packager: FreeRADIUS.org
Source0: %{name}-%{version}-%{release}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

I have gotten to the point where it compiles but dies when it tries to 
package the RPM:
Checking for unpackaged file(s): /usr/lib/rpm/check-files 
/var/tmp/freeradius-1.0.0-pre3-root
error: Installed (but unpackaged) file(s) found:
   /usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
   /usr/share/doc/freeradius-1.0.0-pre3/DIFFS
   /usr/share/doc/freeradius-1.0.0-pre3/MACOSX
   /usr/share/doc/freeradius-1.0.0-pre3/OS2
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
   /usr/share/doc/freeradius-1.0.0-pre3/README
   /usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)
RPM build errors:
Installed (but unpackaged) file(s) found:
   /usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
   /usr/share/doc/freeradius-1.0.0-pre3/DIFFS
   /usr/share/doc/freeradius-1.0.0-pre3/MACOSX
   /usr/share/doc/freeradius-1.0.0-pre3/OS2
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
   /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
   /usr/share/doc/freeradius-1.0.0-pre3/README
   /usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)

I am not very good with spec files. I did try changing the doc line in the 
files section to
%doc doc/*
but that didn't work either.

Thanks
dave
--
Dave Weis
[EMAIL PROTECTED]
http://www.internetsolver.com/
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin functional changes

[Amit Gupta]

I think development of AAAadmin has kicked discussion on what dialup admin
lacks and what need to be improved
- Original Message -
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 4:25 AM
Subject: Re: dialup_admin functional changes


> On Mon, 26 Jul 2004, Gary McKinney wrote:
>
> > Kostas,
> >
> > One thing I have noticed in going through the "preceived user
intuitiveness"
> > ( is that a word?) of the dialup_admin program is the links contained in
the
> > different pages displayed tend to "blend into the background" and unless
a
> > person using the program either moves the mouse over the link(s) or is
aware
> > of the links on the page the user will miss them completely...
> >
> > Case in point:
> >
> > The User Statistics page displays the usernames in the second column of
the
> > user statistics table.  Since the link=black and alink=black in the body
tag
> > the links are not apparent (blend into the background of normal text) to
the
> > user of the dialup_admin program.
> >
> > Would it not be better to have the link, alink and vlink definitions in
the
> > style.css file so they could be set as by the user of the program to
> > differentiate the links from normal text?  This change (and I see the
link,
> > vlink definitions are contained within the different php files in the
body
> > tag) would help to differentiate the links on the pages from the normal
text
> > display (more intuitive that the link(s) exist)...
>
> That's a nice idea. It will go in CVS. Since i 've already done a lot of
> security changes to the php files, they 'll all go in at the same. Thanks
for
> the suggestion, if you can find any other place where style sheets can
help i
> 'll be glad to hear it.
>
> >
> > Just a suggestion...
> >
> > gm...
> >
> > ---
> > [This E-mail scanned for viruses by Declude Ant-Virus Scanner]
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
> >
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Ivo]

On Mon, Jul 26, 2004 at 10:56:47PM +1200, Barry Murphy wrote:
> My problem is the poptop pptp server (with debian's ppp) is acting as the
> NAS server for my wireless clients, so there is no IOS to update. Not many
> people tend to be using pptp with radius and can answer this question.
> 
> Barry
> 

Hi Barry,

Can you tell me how would you like to check if users are still on-line?
Namely, I have similar situation (dbian woody) in which ppp "hangs" so it 
looks like user is still on-line but it is not. 

Regards,

Ivo.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Acct-Unique-Session-Id and exec

[George Chelidze]

Hello,
I am running freeradius 0.9.3. I need to run an external program after 
stop record arrives. I pass %{Acct-Unique-Session-Id}, %{User-Name} and 
%{Calling-Station-Id} to this external program. according to this 
username and callingnumber it does some calculations and should update 
radacct table for this acctuniquesessionid. The problem is that often my 
external program receives uniquesessionid which is not found in radacct. 
As noted in config, exec is called after sql so it should be there 
but... Is there any obvious reason for this? Now I decided to use 
Acct-Session-Id instead and since then I have no problems. Any suggestions?

my config:
...
modules {
realm RealM {
format = suffix
delimiter = "@"
}
preprocess {
with_cisco_vsa_hack = yes
}
files {
usersfile = ${confdir}/users
}
exec setprice {
wait = no
program = "/usr/local/radius/share/epw %{Acct-Status-Type} 
%{User-Name} %{Acct-Session-Id} %{Calling-Station-Id}"
input_pairs = request
}
detail {
detailfile = 
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
detail auth_log {
detailfile = 
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, 
Client-IP-Address, NAS-Port-Id"
}
$INCLUDE  ${confdir}/sql.conf
}

...
preacct {
preprocess
}
accounting {
acct_unique
sql
setprice
detail
}
Best Regards,
--
George Chelidze
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Appending a realm to a username based on the NAS ip address

[Sherwin Crown]

Hello all, 

   I’m a newbie to Freeradius and I’m
trying to find out how to append a realm to a username if one has not been
submitted based on a particular IP address of a NAS during authentication. 
We are presently adding a previously existing domain to authenticate on our
radius server but most of the user did not enter a domain during
authentication.  Is there anyway for m to do this???

 

Sherwin

   

Re: dialup_admin functional changes

[Kostas Kalevras]

On Mon, 26 Jul 2004, Gary McKinney wrote:

> Kostas,
>
> One thing I have noticed in going through the "preceived user intuitiveness"
> ( is that a word?) of the dialup_admin program is the links contained in the
> different pages displayed tend to "blend into the background" and unless a
> person using the program either moves the mouse over the link(s) or is aware
> of the links on the page the user will miss them completely...
>
> Case in point:
>
> The User Statistics page displays the usernames in the second column of the
> user statistics table.  Since the link=black and alink=black in the body tag
> the links are not apparent (blend into the background of normal text) to the
> user of the dialup_admin program.
>
> Would it not be better to have the link, alink and vlink definitions in the
> style.css file so they could be set as by the user of the program to
> differentiate the links from normal text?  This change (and I see the link,
> vlink definitions are contained within the different php files in the body
> tag) would help to differentiate the links on the pages from the normal text
> display (more intuitive that the link(s) exist)...

That's a nice idea. It will go in CVS. Since i 've already done a lot of
security changes to the php files, they 'll all go in at the same. Thanks for
the suggestion, if you can find any other place where style sheets can help i
'll be glad to hear it.

>
> Just a suggestion...
>
> gm...
>
> ---
> [This E-mail scanned for viruses by Declude Ant-Virus Scanner]
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup admin replacement

[issa rabba']

I was using Cisco as my NAS, I did this untell Cisco update there IOS

I made the max session at the radius server 6 houes, then I made a small
script running every houre collect the uses has session more than 6 houes
and terminat there session, don's this works with you?

Regards
Issa rabba'

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 3:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement

My problem is the poptop pptp server (with debian's ppp) is acting as the
NAS server for my wireless clients, so there is no IOS to update. Not many
people tend to be using pptp with radius and can answer this question.

Barry

- Original Message -
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 8:47 AM
Subject: RE: dialup admin replacement


> I face this problem before, it was Cisco IOS bug, and they fix the it, I
> think you have to update your IOS
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Monday, July 26, 2004 3:36 AM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> Anyone know how to get dialup_admin to check a poptop NAS to see if users
> are still connected or not. If a user disconnects by unplugging his
wireless
> card or by loosing signal to the wireless node they remain connected even
> though there pc has thrown them out. This causes multiple connections and
> long connection durations with no bandwidth info. Perhaps there is a way
to
> check every hour or so if the user is connected or not?
>
>   base-nas.albanywireless.co.nz
>   Network Access Server 2 users connected 3 free lines
>   # user ip address caller id name duration
>   1 icepick 219.88.249.83 - Barry Murphy 104:32:29
>   2 casper 219.88.249.85 - - 83:25:39
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 27, 2004 8:13 AM
> Subject: RE: dialup admin replacement
>
>
> > Ok, I will make another template for your uses, and you can change to
that
> > template
> >
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> > Murphy
> > Sent: Monday, July 26, 2004 2:58 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup admin replacement
> >
> > Thats great!!!
> >
> > Now just to add some functionality for a per month basis and bandwidth
> usage
> > info.
> >
> > My users are charged on usage not time.
> >
> > Barry
> >
> > - Original Message -
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, July 27, 2004 6:33 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > Ok no problem
> > >
> > > Go to login2.php
> > > Commet line 32
> > > // $passwd = da_encrypt($passwd,$enc_passwd);
> > >
> > > If this not work try this
> > > Commet line 31, and 32
> > >
> > > // $passwd = $FF_valPassword;
> > > // $passwd = da_encrypt($passwd,$enc_passwd);
> > >
> > > And change line 34
> > > From
> > > if (!strcmp($passwd,$enc_passwd)){
> > > To
> > > if (!strcmp($FF_valPassword,$enc_passwd)){
> > >
> > > That's all
> > >
> > > Regards
> > > Issa rabba
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
Barry
> > > Murphy
> > > Sent: Monday, July 26, 2004 12:57 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: dialup admin replacement
> > >
> > > I'm using clear text passwords.
> > >
> > > Thanks
> > > Barry
> > >
> > > - Original Message -
> > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Tuesday, July 27, 2004 5:12 AM
> > > Subject: RE: dialup admin replacement
> > >
> > >
> > > > I used the crypt function because all the password will be saved as
> > > crypted
> > > > password, if not please tell me I will tell you what to change at
the
> > > > login2.php file
> > > >
> > > > Regards
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> Barry
> > > > Murphy
> > > > Sent: Sunday, July 25, 2004 11:48 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: dialup admin replacement
> > > >
> > > > Same here, is there a way to disable the crypt part of things, I can
> > only
> > > > comment out a little, but still cant get it working.
> > > >
> > > > Barry
> > > >
> > > > - Original Message -
> > > > From: "Nick Marino" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Monday, July 26, 2004 11:16 AM
> > > > Subject: Re: dialup admin replacement
> > > >
> > > >
> > > > > I tried it and no matter what username and password I put in it
just
> > > goes
> > > > > back to the login page.
> > > > >
> > > > > I did configure pp.php to point to my database with the correct
> > username
> > > > and
> > > > > password and database n

Re: dialup admin replacement

[Barry Murphy]

My problem is the poptop pptp server (with debian's ppp) is acting as the
NAS server for my wireless clients, so there is no IOS to update. Not many
people tend to be using pptp with radius and can answer this question.

Barry

- Original Message - 
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 8:47 AM
Subject: RE: dialup admin replacement


> I face this problem before, it was Cisco IOS bug, and they fix the it, I
> think you have to update your IOS
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Monday, July 26, 2004 3:36 AM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> Anyone know how to get dialup_admin to check a poptop NAS to see if users
> are still connected or not. If a user disconnects by unplugging his
wireless
> card or by loosing signal to the wireless node they remain connected even
> though there pc has thrown them out. This causes multiple connections and
> long connection durations with no bandwidth info. Perhaps there is a way
to
> check every hour or so if the user is connected or not?
>
>   base-nas.albanywireless.co.nz
>   Network Access Server 2 users connected 3 free lines
>   # user ip address caller id name duration
>   1 icepick 219.88.249.83 - Barry Murphy 104:32:29
>   2 casper 219.88.249.85 - - 83:25:39
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 27, 2004 8:13 AM
> Subject: RE: dialup admin replacement
>
>
> > Ok, I will make another template for your uses, and you can change to
that
> > template
> >
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> > Murphy
> > Sent: Monday, July 26, 2004 2:58 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup admin replacement
> >
> > Thats great!!!
> >
> > Now just to add some functionality for a per month basis and bandwidth
> usage
> > info.
> >
> > My users are charged on usage not time.
> >
> > Barry
> >
> > - Original Message -
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, July 27, 2004 6:33 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > Ok no problem
> > >
> > > Go to login2.php
> > > Commet line 32
> > > // $passwd = da_encrypt($passwd,$enc_passwd);
> > >
> > > If this not work try this
> > > Commet line 31, and 32
> > >
> > > // $passwd = $FF_valPassword;
> > > // $passwd = da_encrypt($passwd,$enc_passwd);
> > >
> > > And change line 34
> > > From
> > > if (!strcmp($passwd,$enc_passwd)){
> > > To
> > > if (!strcmp($FF_valPassword,$enc_passwd)){
> > >
> > > That's all
> > >
> > > Regards
> > > Issa rabba
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
Barry
> > > Murphy
> > > Sent: Monday, July 26, 2004 12:57 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: dialup admin replacement
> > >
> > > I'm using clear text passwords.
> > >
> > > Thanks
> > > Barry
> > >
> > > - Original Message -
> > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Tuesday, July 27, 2004 5:12 AM
> > > Subject: RE: dialup admin replacement
> > >
> > >
> > > > I used the crypt function because all the password will be saved as
> > > crypted
> > > > password, if not please tell me I will tell you what to change at
the
> > > > login2.php file
> > > >
> > > > Regards
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> Barry
> > > > Murphy
> > > > Sent: Sunday, July 25, 2004 11:48 PM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: Re: dialup admin replacement
> > > >
> > > > Same here, is there a way to disable the crypt part of things, I can
> > only
> > > > comment out a little, but still cant get it working.
> > > >
> > > > Barry
> > > >
> > > > - Original Message -
> > > > From: "Nick Marino" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Monday, July 26, 2004 11:16 AM
> > > > Subject: Re: dialup admin replacement
> > > >
> > > >
> > > > > I tried it and no matter what username and password I put in it
just
> > > goes
> > > > > back to the login page.
> > > > >
> > > > > I did configure pp.php to point to my database with the correct
> > username
> > > > and
> > > > > password and database name.
> > > > >
> > > > > Any ideas?
> > > > >
> > > > > - Original Message - 
> > > > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Monday, July 26, 2004 12:18 AM
> > > > > Subject: RE: dialup admin replacement
> > > > >
> > > > >
> > > > > > Ok:
> > > > > >
> > > > > > Please download this file
http://www.issa.ps/dialup_admin/stat.rar
> > > > > >
> > > > > > Please note that this interface for the mysql database only.
> > > > > >
> > >

RE: dialup admin replacement

[issa rabba']

I face this problem before, it was Cisco IOS bug, and they fix the it, I
think you have to update your IOS

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 3:36 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement

Anyone know how to get dialup_admin to check a poptop NAS to see if users
are still connected or not. If a user disconnects by unplugging his wireless
card or by loosing signal to the wireless node they remain connected even
though there pc has thrown them out. This causes multiple connections and
long connection durations with no bandwidth info. Perhaps there is a way to
check every hour or so if the user is connected or not?

  base-nas.albanywireless.co.nz
  Network Access Server 2 users connected 3 free lines
  # user ip address caller id name duration
  1 icepick 219.88.249.83 - Barry Murphy 104:32:29
  2 casper 219.88.249.85 - - 83:25:39

- Original Message -
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 8:13 AM
Subject: RE: dialup admin replacement


> Ok, I will make another template for your uses, and you can change to that
> template
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Monday, July 26, 2004 2:58 AM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> Thats great!!!
>
> Now just to add some functionality for a per month basis and bandwidth
usage
> info.
>
> My users are charged on usage not time.
>
> Barry
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 27, 2004 6:33 AM
> Subject: RE: dialup admin replacement
>
>
> > Ok no problem
> >
> > Go to login2.php
> > Commet line 32
> > // $passwd = da_encrypt($passwd,$enc_passwd);
> >
> > If this not work try this
> > Commet line 31, and 32
> >
> > // $passwd = $FF_valPassword;
> > // $passwd = da_encrypt($passwd,$enc_passwd);
> >
> > And change line 34
> > From
> > if (!strcmp($passwd,$enc_passwd)){
> > To
> > if (!strcmp($FF_valPassword,$enc_passwd)){
> >
> > That's all
> >
> > Regards
> > Issa rabba
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> > Murphy
> > Sent: Monday, July 26, 2004 12:57 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup admin replacement
> >
> > I'm using clear text passwords.
> >
> > Thanks
> > Barry
> >
> > - Original Message -
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, July 27, 2004 5:12 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > I used the crypt function because all the password will be saved as
> > crypted
> > > password, if not please tell me I will tell you what to change at the
> > > login2.php file
> > >
> > > Regards
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
Barry
> > > Murphy
> > > Sent: Sunday, July 25, 2004 11:48 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: dialup admin replacement
> > >
> > > Same here, is there a way to disable the crypt part of things, I can
> only
> > > comment out a little, but still cant get it working.
> > >
> > > Barry
> > >
> > > - Original Message -
> > > From: "Nick Marino" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Monday, July 26, 2004 11:16 AM
> > > Subject: Re: dialup admin replacement
> > >
> > >
> > > > I tried it and no matter what username and password I put in it just
> > goes
> > > > back to the login page.
> > > >
> > > > I did configure pp.php to point to my database with the correct
> username
> > > and
> > > > password and database name.
> > > >
> > > > Any ideas?
> > > >
> > > > - Original Message - 
> > > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Monday, July 26, 2004 12:18 AM
> > > > Subject: RE: dialup admin replacement
> > > >
> > > >
> > > > > Ok:
> > > > >
> > > > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> > > > >
> > > > > Please note that this interface for the mysql database only.
> > > > >
> > > > > Extract the stat.tar and edit Connections/pp.php, change the
valuse
> of
> > > the
> > > > > hostname, username, password and database name.
> > > > >
> > > > > Then upload it to websever support PHP.
> > > > >
> > > > > Please contact me if you need any question.
> > > > >
> > > > > Regards,
> > > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > sarky
> > > > > Sent: Sunday, July 25, 2004 11:20 AM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: RE: dialup admin replacement
> > > > >
> > > > > cool if you can send it over to me that will be great.
> > > > > I think the dialup admin author is on this list, you can a

Re: dialup admin replacement

[Barry Murphy]

Anyone know how to get dialup_admin to check a poptop NAS to see if users
are still connected or not. If a user disconnects by unplugging his wireless
card or by loosing signal to the wireless node they remain connected even
though there pc has thrown them out. This causes multiple connections and
long connection durations with no bandwidth info. Perhaps there is a way to
check every hour or so if the user is connected or not?

  base-nas.albanywireless.co.nz
  Network Access Server 2 users connected 3 free lines
  # user ip address caller id name duration
  1 icepick 219.88.249.83 - Barry Murphy 104:32:29
  2 casper 219.88.249.85 - - 83:25:39

- Original Message - 
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 8:13 AM
Subject: RE: dialup admin replacement


> Ok, I will make another template for your uses, and you can change to that
> template
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Monday, July 26, 2004 2:58 AM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> Thats great!!!
>
> Now just to add some functionality for a per month basis and bandwidth
usage
> info.
>
> My users are charged on usage not time.
>
> Barry
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 27, 2004 6:33 AM
> Subject: RE: dialup admin replacement
>
>
> > Ok no problem
> >
> > Go to login2.php
> > Commet line 32
> > // $passwd = da_encrypt($passwd,$enc_passwd);
> >
> > If this not work try this
> > Commet line 31, and 32
> >
> > // $passwd = $FF_valPassword;
> > // $passwd = da_encrypt($passwd,$enc_passwd);
> >
> > And change line 34
> > From
> > if (!strcmp($passwd,$enc_passwd)){
> > To
> > if (!strcmp($FF_valPassword,$enc_passwd)){
> >
> > That's all
> >
> > Regards
> > Issa rabba
> >
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> > Murphy
> > Sent: Monday, July 26, 2004 12:57 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup admin replacement
> >
> > I'm using clear text passwords.
> >
> > Thanks
> > Barry
> >
> > - Original Message -
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Tuesday, July 27, 2004 5:12 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > I used the crypt function because all the password will be saved as
> > crypted
> > > password, if not please tell me I will tell you what to change at the
> > > login2.php file
> > >
> > > Regards
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
Barry
> > > Murphy
> > > Sent: Sunday, July 25, 2004 11:48 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: dialup admin replacement
> > >
> > > Same here, is there a way to disable the crypt part of things, I can
> only
> > > comment out a little, but still cant get it working.
> > >
> > > Barry
> > >
> > > - Original Message -
> > > From: "Nick Marino" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Monday, July 26, 2004 11:16 AM
> > > Subject: Re: dialup admin replacement
> > >
> > >
> > > > I tried it and no matter what username and password I put in it just
> > goes
> > > > back to the login page.
> > > >
> > > > I did configure pp.php to point to my database with the correct
> username
> > > and
> > > > password and database name.
> > > >
> > > > Any ideas?
> > > >
> > > > - Original Message - 
> > > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Monday, July 26, 2004 12:18 AM
> > > > Subject: RE: dialup admin replacement
> > > >
> > > >
> > > > > Ok:
> > > > >
> > > > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> > > > >
> > > > > Please note that this interface for the mysql database only.
> > > > >
> > > > > Extract the stat.tar and edit Connections/pp.php, change the
valuse
> of
> > > the
> > > > > hostname, username, password and database name.
> > > > >
> > > > > Then upload it to websever support PHP.
> > > > >
> > > > > Please contact me if you need any question.
> > > > >
> > > > > Regards,
> > > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > sarky
> > > > > Sent: Sunday, July 25, 2004 11:20 AM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: RE: dialup admin replacement
> > > > >
> > > > > cool if you can send it over to me that will be great.
> > > > > I think the dialup admin author is on this list, you can ask
> > > > >
> > > > > Sarky
> > > > >
> > > > > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > > > > I did some thing like that, but it's not a part of the
> dialupadmin,
> > it
> > > > > > web interface for our customers, I will customize it and send it
> to
> > > > > > you. Or if you know 

dialup_admin functional changes

[Gary McKinney]

Kostas,

One thing I have noticed in going through the "preceived user intuitiveness"
( is that a word?) of the dialup_admin program is the links contained in the
different pages displayed tend to "blend into the background" and unless a
person using the program either moves the mouse over the link(s) or is aware
of the links on the page the user will miss them completely...

Case in point:

The User Statistics page displays the usernames in the second column of the
user statistics table.  Since the link=black and alink=black in the body tag
the links are not apparent (blend into the background of normal text) to the
user of the dialup_admin program.

Would it not be better to have the link, alink and vlink definitions in the
style.css file so they could be set as by the user of the program to
differentiate the links from normal text?  This change (and I see the link,
vlink definitions are contained within the different php files in the body
tag) would help to differentiate the links on the pages from the normal text
display (more intuitive that the link(s) exist)...

Just a suggestion...

gm...

---
[This E-mail scanned for viruses by Declude Ant-Virus Scanner]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup admin replacement

[issa rabba']

Ok, I will make another template for your uses, and you can change to that
template



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 2:58 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement

Thats great!!!

Now just to add some functionality for a per month basis and bandwidth usage
info.

My users are charged on usage not time.

Barry

- Original Message -
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement


> Ok no problem
>
> Go to login2.php
> Commet line 32
> // $passwd = da_encrypt($passwd,$enc_passwd);
>
> If this not work try this
> Commet line 31, and 32
>
> // $passwd = $FF_valPassword;
> // $passwd = da_encrypt($passwd,$enc_passwd);
>
> And change line 34
> From
> if (!strcmp($passwd,$enc_passwd)){
> To
> if (!strcmp($FF_valPassword,$enc_passwd)){
>
> That's all
>
> Regards
> Issa rabba
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Monday, July 26, 2004 12:57 AM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> I'm using clear text passwords.
>
> Thanks
> Barry
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 27, 2004 5:12 AM
> Subject: RE: dialup admin replacement
>
>
> > I used the crypt function because all the password will be saved as
> crypted
> > password, if not please tell me I will tell you what to change at the
> > login2.php file
> >
> > Regards
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> > Murphy
> > Sent: Sunday, July 25, 2004 11:48 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup admin replacement
> >
> > Same here, is there a way to disable the crypt part of things, I can
only
> > comment out a little, but still cant get it working.
> >
> > Barry
> >
> > - Original Message -
> > From: "Nick Marino" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, July 26, 2004 11:16 AM
> > Subject: Re: dialup admin replacement
> >
> >
> > > I tried it and no matter what username and password I put in it just
> goes
> > > back to the login page.
> > >
> > > I did configure pp.php to point to my database with the correct
username
> > and
> > > password and database name.
> > >
> > > Any ideas?
> > >
> > > - Original Message - 
> > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Monday, July 26, 2004 12:18 AM
> > > Subject: RE: dialup admin replacement
> > >
> > >
> > > > Ok:
> > > >
> > > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> > > >
> > > > Please note that this interface for the mysql database only.
> > > >
> > > > Extract the stat.tar and edit Connections/pp.php, change the valuse
of
> > the
> > > > hostname, username, password and database name.
> > > >
> > > > Then upload it to websever support PHP.
> > > >
> > > > Please contact me if you need any question.
> > > >
> > > > Regards,
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> sarky
> > > > Sent: Sunday, July 25, 2004 11:20 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: dialup admin replacement
> > > >
> > > > cool if you can send it over to me that will be great.
> > > > I think the dialup admin author is on this list, you can ask
> > > >
> > > > Sarky
> > > >
> > > > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > > > I did some thing like that, but it's not a part of the
dialupadmin,
> it
> > > > > web interface for our customers, I will customize it and send it
to
> > > > > you. Or if you know how can we publish it to be part of the dialup
> > > > > admin project.
> > > > >
> > > > > Regards
> > > > >
> > > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > > > >
> > > > > Hello all,
> > > > >
> > > > >
> > > > > I am looking for a web interface which does what dialup admin does
> and
> > > > > allows users to access it via there login/password and get all the
> > > > > information they require download limits, what they have
downloaded
> > > > > and so on.
> > > > >
> > > > > Anything out there which does that ?
> > > > >
> > > > >
> > > > > Sarky
> > > > >
> > > > >
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > > >
> > > > >
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius

Re: dialup admin replacement

[Barry Murphy]

Thats great!!!

Now just to add some functionality for a per month basis and bandwidth usage
info.

My users are charged on usage not time.

Barry

- Original Message - 
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement


> Ok no problem
>
> Go to login2.php
> Commet line 32
> // $passwd = da_encrypt($passwd,$enc_passwd);
>
> If this not work try this
> Commet line 31, and 32
>
> // $passwd = $FF_valPassword;
> // $passwd = da_encrypt($passwd,$enc_passwd);
>
> And change line 34
> From
> if (!strcmp($passwd,$enc_passwd)){
> To
> if (!strcmp($FF_valPassword,$enc_passwd)){
>
> That's all
>
> Regards
> Issa rabba
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Monday, July 26, 2004 12:57 AM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> I'm using clear text passwords.
>
> Thanks
> Barry
>
> - Original Message -
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, July 27, 2004 5:12 AM
> Subject: RE: dialup admin replacement
>
>
> > I used the crypt function because all the password will be saved as
> crypted
> > password, if not please tell me I will tell you what to change at the
> > login2.php file
> >
> > Regards
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> > Murphy
> > Sent: Sunday, July 25, 2004 11:48 PM
> > To: [EMAIL PROTECTED]
> > Subject: Re: dialup admin replacement
> >
> > Same here, is there a way to disable the crypt part of things, I can
only
> > comment out a little, but still cant get it working.
> >
> > Barry
> >
> > - Original Message -
> > From: "Nick Marino" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, July 26, 2004 11:16 AM
> > Subject: Re: dialup admin replacement
> >
> >
> > > I tried it and no matter what username and password I put in it just
> goes
> > > back to the login page.
> > >
> > > I did configure pp.php to point to my database with the correct
username
> > and
> > > password and database name.
> > >
> > > Any ideas?
> > >
> > > - Original Message - 
> > > From: "issa rabba'" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Monday, July 26, 2004 12:18 AM
> > > Subject: RE: dialup admin replacement
> > >
> > >
> > > > Ok:
> > > >
> > > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> > > >
> > > > Please note that this interface for the mysql database only.
> > > >
> > > > Extract the stat.tar and edit Connections/pp.php, change the valuse
of
> > the
> > > > hostname, username, password and database name.
> > > >
> > > > Then upload it to websever support PHP.
> > > >
> > > > Please contact me if you need any question.
> > > >
> > > > Regards,
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> sarky
> > > > Sent: Sunday, July 25, 2004 11:20 AM
> > > > To: [EMAIL PROTECTED]
> > > > Subject: RE: dialup admin replacement
> > > >
> > > > cool if you can send it over to me that will be great.
> > > > I think the dialup admin author is on this list, you can ask
> > > >
> > > > Sarky
> > > >
> > > > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > > > I did some thing like that, but it's not a part of the
dialupadmin,
> it
> > > > > web interface for our customers, I will customize it and send it
to
> > > > > you. Or if you know how can we publish it to be part of the dialup
> > > > > admin project.
> > > > >
> > > > > Regards
> > > > >
> > > > >
> > > > > -Original Message-
> > > > > From: [EMAIL PROTECTED]
> > > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > > > >
> > > > > Hello all,
> > > > >
> > > > >
> > > > > I am looking for a web interface which does what dialup admin does
> and
> > > > > allows users to access it via there login/password and get all the
> > > > > information they require download limits, what they have
downloaded
> > > > > and so on.
> > > > >
> > > > > Anything out there which does that ?
> > > > >
> > > > >
> > > > > Sarky
> > > > >
> > > > >
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > > >
> > > > >
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> >
> > -
> >

Re: pap + md5

[Sergei Koveshnikov]

Hello! 
I solved this problem: I changed encryption_scheme from `md5' to `crypt'. ;-}

-- 
Best regards,
Sergei Koveshnikov.

> Hi, im also using freeradius-1.0.0-pre3 + Postgres + pap + md5  without any
> problem. Im using DIALUP_ADMIN to create user with md5 password.
>
>
>
> - Original Message -
> From: "Sergei Koveshnikov" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, July 23, 2004 4:44 PM
> Subject: pap + md5
>
> > Hello to everyone!
> > I'm trying to use MAX6000 + freeradius-1.0.0-pre3 + Postgres + pap + md5
> > encryption for users passwords in the DB.
> > But I've got auth error:
> > =
> > auth: Failed to validate the user.
> > Login incorrect (rlm_pap: Configured MD5 password has incorrect length):
> > [testuser/password]
> > =
> > Why User-Password = 'plain text password' in 'rad_recv' log ?
> > Does radius decrypt password for debus purpouse before puts it on the
>
> screen?
>
> > Any ideas?
> > Thank you!
> >
> >  radiusd.conf:
> > modules {
> >pap {
> > encryption_scheme = md5
> > }
> > }
> > authorize {
> > auth_log
> > files
> > sql
> > }
> > authenticate {
> > authtype MD5 {
> > pap
> > }
> > }
> >
> >  radiusd logs:
> > rad_recv: Access-Request packet from host 192.168.0.1:1026, id=145,
>
> length=173
>
> > User-Name = "testuser"
> > User-Password = "password"
> > NAS-IP-Address = 192.168.0.1
> > NAS-Port = 20214
> > NAS-Port-Type = Async
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Calling-Station-Id = "8048232"
> > Ascend-Calling-Id-Type-Of-Num = Unknown
> > Ascend-Calling-Id-Number-Plan = Unknown
> > Ascend-Calling-Id-Presentatn = Allowed
> > Ascend-Calling-Id-Screening = Network-Provided
> > Acct-Session-Id = "429965508"
> > Ascend-Data-Rate = 31200
> > Ascend-Xmit-Rate = 33600
> >  skip some lines...
> > rlm_sql (sql): Released sql socket id: 3
> >   modcall[authorize]: module "sql" returns ok for request 0
> > modcall: group authorize returns ok for request 0
> >   rad_check_password:  Found Auth-Type MD5
> > auth: type "MD5"
> >   Processing the authenticate section of radiusd.conf
> > modcall: entering group authtype for request 0
> > rlm_pap: login attempt by "testuser" with password password
> > rlm_pap: Using password "$1$L8If2hAa$Oy91qkyF8lkWClyBi1I.u0" for user
>
> testuser
>
> > authentication.
> > rlm_pap: Using MD5 encryption.
> > rlm_pap: Configured MD5 password has incorrect length
> >   modcall[authenticate]: module "pap" returns reject for request 0
> > modcall: group authtype returns reject for request 0
> > auth: Failed to validate the user.
> > Login incorrect (rlm_pap: Configured MD5 password has incorrect length):
> > [testuser/password] (from client max2 port 20214 cli 8048232)
> > Delaying request 0 for 1 seconds
> > Finished request 0
> >
> > --
> > Best regards,
> > Sergei Koveshnikov.
> >
> > -
> > List info/subscribe/unsubscribe? See
>
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin (was Re: New Opensource project-AAAadmin )

[Amit Gupta]

dmin.sourceforge.net

Amit Gupta
- Original Message -
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 11:36 AM
Subject: RE: dialup_admin (was Re: New Opensource project-AAAadmin )


> I want to know where I can find more about the AAAadmin priject
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Amit
Gupta
> Sent: Monday, July 26, 2004 2:01 PM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin )
>
> ok I will
> - Original Message -
> From: "Milver S. Nisay" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 12:33 AM
> Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin )
>
>
> > >Amin wrote:
> >
> > > May I join development team of dailup_admin. I wish not to be a
> competitor
> > > (as I am going to develop AAAadmin) but contributor to dailup_admin
> also.
> > >
> > i wish you can tell me more of this dmin off the list? i can be a
> > beta tester or something more than that, how can i be of help with
> > this project?
> > //milver
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin (was Re: New Opensource project-AAAadmin )

[Kostas Kalevras]

On Mon, 26 Jul 2004, Amit Gupta wrote:

> May I join development team of dailup_admin. I wish not to be a competitor
> (as I am going to develop AAAadmin) but contributor to dailup_admin also.

There's no special elite development team which you need to join. You either
send in patches or not. Simple as that.

>
> Amit Gupta
> sourceforge_id: amit_gupta
>
>
>
> - Original Message -
> From: "Alan DeKok" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, July 24, 2004 8:44 AM
> Subject: dialup_admin (was Re: New Opensource project-AAAadmin )
>
>
> > "Gary McKinney" <[EMAIL PROTECTED]> wrote:
> > > I realize dialup_admin is in the radiusd CVS - I would have thought it
> would
> > > have been at least a separate CVS to make allowing others to work with
> it
> > > directly and not mess with the radiusd CVS - but I suppose it works the
> way
> > > it is...
> >
> >   The intent is to distribute it as part of the server, so that people
> > can use it to administer the server.
> >
> > > I would think things like Realm configurations, SQL configurations, LDAP
> > > configurations, SNMP configurations and so one would be a nice addition
> to
> > > the system.
> >
> >   That's probably a longer-term work item.
> >
> >   Once Kostas finds time to put a web page on freeradius.org about the
> > project, I expect to see a LOT more interest in it, and a lot more
> > patches.
> >
> >   Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sqlcounter versus rlm_counter

[Kostas Kalevras]

On Mon, 26 Jul 2004, Shannon Sariman wrote:

> Hi Fellow FreeRadius Users,
>
> I have freeradius-0.9.3 configured with MySQL and experimental modules on a
> Linux RH 9.0 machine. I've been pulling my hair out trying to get a definite
> working solution with rlm_sqlcounter to restrict dialup user accounts to
> prescribed dial-up online access times. For example, 2 hours per user per
> day and disconnection after 2 hours is up. I tried changing sql instances
> like sqlcca3 to sql in my sqlcounter.conf to see if it would make any
> difference but still to no avail. I even had problems trying to compile
> (rmpbuild) the latest pre-release of version 1.0 of FreeRadius on my Linux
> RH 9.0 box and resorted back to using ver 0.9.3.
>
> I've noticed while searching previous archives of the freeradius mailing
> lists that there is another counter called "rlm_counter" but which works
> with the "users" file. Can I use this rlm_counter to work with my current
> setup of FreeRadius and MySQL? How can I do this if possible?

Where did you find that it works with the users file? What do you mean by that
exactly? rlm_counter keeps it's own database (in GDBM file) while configuration
can be in the users file or in a db (sql/ldap). By configuration i mean per user
limits. Keeping data in a gdbm file actually makes rlm_counter faster than sql
in installations where many rows of accounting are kept for each user.

rlm_counter is a stable module while rlm_sqlcounter is an experimental module
without a maintainer (as far as i know). Keep that in mind.

>
> Any help or hint is much appreciated.
>
> Regards,
>
> Shannon
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Kostas Kalevras]

On Sat, 24 Jul 2004, sarky wrote:

> Hello all,
>
> I am looking for a web interface which does what dialup admin does and allows
> users to access it via there login/password and get all the information they require
> download limits, what they have downloaded and so on.

You are actually describing the functionality of dialupadmin? Why are you asking
for a replacement instead of just adding this capability to dialupadmin?

Anyway, after i 've finished with my security audit of dialupadmin i 'll add
that functionality. If you care you can use it.

>
> Anything out there which does that ?
>
> Sarky
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup_admin (was Re: New Opensource project-AAAadmin )

[issa rabba']

I want to know where I can find more about the AAAadmin priject

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Amit Gupta
Sent: Monday, July 26, 2004 2:01 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin )

ok I will
- Original Message -
From: "Milver S. Nisay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 12:33 AM
Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin )


> >Amin wrote:
>
> > May I join development team of dailup_admin. I wish not to be a
competitor
> > (as I am going to develop AAAadmin) but contributor to dailup_admin
also.
> >
> i wish you can tell me more of this dmin off the list? i can be a 
> beta tester or something more than that, how can i be of help with 
> this project?
> //milver
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup admin replacement

[issa rabba']

Ok no problem

Go to login2.php
Commet line 32
//  $passwd = da_encrypt($passwd,$enc_passwd);

If this not work try this
Commet line 31, and 32

//  $passwd = $FF_valPassword;
//  $passwd = da_encrypt($passwd,$enc_passwd);

And change line 34 
>From   
if (!strcmp($passwd,$enc_passwd)){ 
To
if (!strcmp($FF_valPassword,$enc_passwd)){

That's all

Regards
Issa rabba


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement

I'm using clear text passwords.

Thanks
Barry

- Original Message -
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement


> I used the crypt function because all the password will be saved as
crypted
> password, if not please tell me I will tell you what to change at the
> login2.php file
>
> Regards
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Sunday, July 25, 2004 11:48 PM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> Same here, is there a way to disable the crypt part of things, I can only
> comment out a little, but still cant get it working.
>
> Barry
>
> - Original Message -
> From: "Nick Marino" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 11:16 AM
> Subject: Re: dialup admin replacement
>
>
> > I tried it and no matter what username and password I put in it just
goes
> > back to the login page.
> >
> > I did configure pp.php to point to my database with the correct username
> and
> > password and database name.
> >
> > Any ideas?
> >
> > - Original Message - 
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, July 26, 2004 12:18 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > Ok:
> > >
> > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> > >
> > > Please note that this interface for the mysql database only.
> > >
> > > Extract the stat.tar and edit Connections/pp.php, change the valuse of
> the
> > > hostname, username, password and database name.
> > >
> > > Then upload it to websever support PHP.
> > >
> > > Please contact me if you need any question.
> > >
> > > Regards,
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
sarky
> > > Sent: Sunday, July 25, 2004 11:20 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: dialup admin replacement
> > >
> > > cool if you can send it over to me that will be great.
> > > I think the dialup admin author is on this list, you can ask
> > >
> > > Sarky
> > >
> > > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > > I did some thing like that, but it's not a part of the dialupadmin,
it
> > > > web interface for our customers, I will customize it and send it to
> > > > you. Or if you know how can we publish it to be part of the dialup
> > > > admin project.
> > > >
> > > > Regards
> > > >
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > > >
> > > > Hello all,
> > > >
> > > >
> > > > I am looking for a web interface which does what dialup admin does
and
> > > > allows users to access it via there login/password and get all the
> > > > information they require download limits, what they have downloaded
> > > > and so on.
> > > >
> > > > Anything out there which does that ?
> > > >
> > > >
> > > > Sarky
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup_admin (was Re: New Opensource project-AAAadmin )

[Amit Gupta]

ok I will
- Original Message -
From: "Milver S. Nisay" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 12:33 AM
Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin )


> >Amin wrote:
>
> > May I join development team of dailup_admin. I wish not to be a
competitor
> > (as I am going to develop AAAadmin) but contributor to dailup_admin
also.
> >
> i wish you can tell me more of this dmin off the list? i can be a beta
> tester
> or something more than that, how can i be of help with this project?
> //milver
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup admin replacement

[Barry Murphy]

I'm using clear text passwords.

Thanks
Barry

- Original Message - 
From: "issa rabba'" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement


> I used the crypt function because all the password will be saved as
crypted
> password, if not please tell me I will tell you what to change at the
> login2.php file
>
> Regards
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On Behalf Of Barry
> Murphy
> Sent: Sunday, July 25, 2004 11:48 PM
> To: [EMAIL PROTECTED]
> Subject: Re: dialup admin replacement
>
> Same here, is there a way to disable the crypt part of things, I can only
> comment out a little, but still cant get it working.
>
> Barry
>
> - Original Message -
> From: "Nick Marino" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 11:16 AM
> Subject: Re: dialup admin replacement
>
>
> > I tried it and no matter what username and password I put in it just
goes
> > back to the login page.
> >
> > I did configure pp.php to point to my database with the correct username
> and
> > password and database name.
> >
> > Any ideas?
> >
> > - Original Message - 
> > From: "issa rabba'" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, July 26, 2004 12:18 AM
> > Subject: RE: dialup admin replacement
> >
> >
> > > Ok:
> > >
> > > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> > >
> > > Please note that this interface for the mysql database only.
> > >
> > > Extract the stat.tar and edit Connections/pp.php, change the valuse of
> the
> > > hostname, username, password and database name.
> > >
> > > Then upload it to websever support PHP.
> > >
> > > Please contact me if you need any question.
> > >
> > > Regards,
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
sarky
> > > Sent: Sunday, July 25, 2004 11:20 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: RE: dialup admin replacement
> > >
> > > cool if you can send it over to me that will be great.
> > > I think the dialup admin author is on this list, you can ask
> > >
> > > Sarky
> > >
> > > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > > I did some thing like that, but it's not a part of the dialupadmin,
it
> > > > web interface for our customers, I will customize it and send it to
> > > > you. Or if you know how can we publish it to be part of the dialup
> > > > admin project.
> > > >
> > > > Regards
> > > >
> > > >
> > > > -Original Message-
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > > >
> > > > Hello all,
> > > >
> > > >
> > > > I am looking for a web interface which does what dialup admin does
and
> > > > allows users to access it via there login/password and get all the
> > > > information they require download limits, what they have downloaded
> > > > and so on.
> > > >
> > > > Anything out there which does that ?
> > > >
> > > >
> > > > Sarky
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Simultaneous Login Problem

[Milver S. Nisay]

my guess is stop request packet has not been 
received nor acknowledged on portmaster. are you using NTRadping?if yes, try 
changing NAS port.
//milver
 
 
>Hello, im using freeradius-1.0.0-pre3 and 
postgresql as database backend. I got this error when implemeting 
Simultaneous Use. Just reading docs( Simultaneous Use) >and here's my 
radgroupcheck...
 
 

   
   
  Sun Jul 25 22:42:50 2004 : Error: Discarding 
  duplicate request from client portmaster:1026 - ID: 50 due to unfinished 
  requestSun Jul 25 22:42:53 2004 : Error: Discarding duplicate request from 
  client portmaster:1026 - ID: 50 due to unfinished requestSun Jul 25 
  22:42:56 2004 : Error: Discarding duplicate request from client 
  portmaster:1026 - ID: 50 due to unfinished requestSun Jul 25 22:42:57 2004 
  : Error: Check-TS: timeout waiting for checkrad
   
   

Re: dialup_admin (was Re: New Opensource project-AAAadmin )

[Milver S. Nisay]

Amin wrote:

May I join development team of dailup_admin. I wish not to be a competitor
(as I am going to develop AAAadmin) but contributor to dailup_admin also.
i wish you can tell me more of this dmin off the list? i can be a beta 
tester
or something more than that, how can i be of help with this project?
//milver


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to resolve following scenario: two groups of clients accessing wifi AP ++

[Zdenek Pizl]

On Fri, 2004-07-23 at 17:54, Alan DeKok wrote:
> Zdenek Pizl <[EMAIL PROTECTED]> wrote:
> > I don't know exactly what do I need to search, the optimal version how
> > to distinguish between groups of EAP/TLS and MAC users would be:
> > 
> > "[0-9a-fA-F]{6}-[0-9a-fA-F]{6}" Auth-Type := Local
> > DEFAULT Auth-Type := EAP
> >
> > But there is no posibility to use regexp in users file, isn't it?
>   Why do you say that?

I have tried the regexp above, it did not work, therefore I said that.
BTW - it was a question ...

Maybe there is different style of regexp  ??

z.p.

>   Alan DeKok.

-- 
Zdenek Pizl
Systinet Corporation
Vinohradska 190
130 00 Praha 3



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: dialup admin replacement

[issa rabba']

I used the crypt function because all the password will be saved as crypted
password, if not please tell me I will tell you what to change at the
login2.php file

Regards

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement

Same here, is there a way to disable the crypt part of things, I can only
comment out a little, but still cant get it working.

Barry

- Original Message -
From: "Nick Marino" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement


> I tried it and no matter what username and password I put in it just goes
> back to the login page.
>
> I did configure pp.php to point to my database with the correct username
and
> password and database name.
>
> Any ideas?
>
> - Original Message - 
> From: "issa rabba'" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 26, 2004 12:18 AM
> Subject: RE: dialup admin replacement
>
>
> > Ok:
> >
> > Please download this file http://www.issa.ps/dialup_admin/stat.rar
> >
> > Please note that this interface for the mysql database only.
> >
> > Extract the stat.tar and edit Connections/pp.php, change the valuse of
the
> > hostname, username, password and database name.
> >
> > Then upload it to websever support PHP.
> >
> > Please contact me if you need any question.
> >
> > Regards,
> >
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of sarky
> > Sent: Sunday, July 25, 2004 11:20 AM
> > To: [EMAIL PROTECTED]
> > Subject: RE: dialup admin replacement
> >
> > cool if you can send it over to me that will be great.
> > I think the dialup admin author is on this list, you can ask
> >
> > Sarky
> >
> > On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
> > > I did some thing like that, but it's not a part of the dialupadmin, it
> > > web interface for our customers, I will customize it and send it to
> > > you. Or if you know how can we publish it to be part of the dialup
> > > admin project.
> > >
> > > Regards
> > >
> > >
> > > -Original Message-
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] On Behalf Of
> > > sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
> > > [EMAIL PROTECTED] Subject: dialup admin replacement
> > >
> > > Hello all,
> > >
> > >
> > > I am looking for a web interface which does what dialup admin does and
> > > allows users to access it via there login/password and get all the
> > > information they require download limits, what they have downloaded
> > > and so on.
> > >
> > > Anything out there which does that ?
> > >
> > >
> > > Sarky
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html