Re: Digest authentication over FreeRadius against an LDAP server
On Apr 2, 2005 12:14 AM, Craig Huckabee [EMAIL PROTECTED] wrote: Or use EAP-TTLS/PAP to get a clear text password from your clients and use encrypted passwords in LDAP. Well, this is not possible since my NAS is a RFC3261-compliant SIP server, which is not allowed to request cleartext passwords from its clients (3261 does not allow basic authentication). Therefore, it cannot pass cleartext passwords to the radius server. Thanks for the suggestion, anyway. A. Burak Gurdag Software Engineer Argela Technologies - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attach mac address to username
eg: would I have to add the table. radcheck id - - - - - - - - 4567 UserName - - user1 Attribute - - - Calling-Session-Id op - - - - - - - := Value - - - - - 000bcdfxxx I think this example is OK, but the op which should be '==' (':=' always matches and sets a freeradius parameter, I don't think that's what we're looking for). Looking at radacct, I am receiving CallingStationID which appears to be the mac of the connecting client. You're right, it is Calling-Station-Id, not session... apologizes. Would your suggestion be automatic or would I need to manually add the attribute. I think you can do it automatically, provided your NAS sends Calling-Station-Id with the authentication request. In this case you may rewrite the post-auth request to add the row in radcheck (see sql.conf). But I'm quite new to freeradius, and there may be 2 issues : I'm not sure wether it's possible to use an INSERT in post-auth, and I'm not sure wether the NAS will send the calling-station-id with the authentication-request (but if it doesn't, there will be no solution...). Anyway, this will be easy to check, but I have no radius server for the week-end. If this doesn't work, then you'll have to use a trigger or any other mean, in order to insert the row in radcheck when the first accounting start for this user occurs. This would be less convenient, but still not very complicated. Joachim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySQL -- missing libraries?
On Fri, Apr 01, 2005 at 12:42:18PM -0800, Rick Kunkel wrote: Hello all, When I run an ldd though, I see this: # ldd rlm_sql_mysql.so libmysqlclient.so.12 = not found libz.so.1 = /usr/lib/libz.so.1 (0x4000b000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x40019000) libnsl.so.1 = /lib/libnsl.so.1 (0x40046000) libm.so.6 = /lib/libm.so.6 (0x4005a000) libc.so.6 = /lib/libc.so.6 (0x4007b000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000) Am I getting that error in debugging more since libmysqlclient.so.12 is missing, which causes rlm_sql_mysql.so to fail as well? Yes. OK..on the OTHER RADIUS machine, when attempting to implement SQL, I get: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius rlm_sql_mysql: Mysql error 'Client does not support authentication protocol requested by server; consider upgrading MySQL client' This machine DOES have the libmysqlclient libraries, but maybe they're too old? That's right. You'll find you've got a mySQL 4.1 server, and libmysqlclient.so.10 (from mySQL 3.x) installed. They won't work together out of the box. You can tell the mySQL server to use the old style of password authentication, as a workaround, I believe. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segmentation fault
On Apr 1, 2005 11:40 PM, Alan DeKok [EMAIL PROTECTED] wrote: Larry Riffle [EMAIL PROTECTED] wrote: I'm trying to decide if this is just a couple of us doing something wrong or if check_cert_cn is broken. It might be broken. Does anybody have it working on any platform? By working I mean when the CN doesn't match your server doesn't crash. I haven't tested it. 177 radlog(L_INFO, -- User-Name = %s, handler-identity); The identity SHOULD NOT be NULL. The rest of the EAP code ensures that IF the handler exists, THEN the identity is valid. I'm confused by why this is happening at all... Hmm in rlm_eap_tls.c, function eaptls_authenticate(), try adding the following code at the top: ... EAP_HANDLER *ssl_handler = SSL_get_ex_data(ssn-ssl, 0); rad_assert(ssl_handler == handler); ... */ static int eaptls_authenticate(void *arg UNUSED, EAP_HANDLER *handler) { eaptls_status_t status; tls_session_t *tls_session = (tls_session_t *) handler-opaque; EAP_HANDLER *ssl_handler = SSL_get_ex_data(tls_session-ssl, 0); rad_assert(ssl_handler == handler); DEBUG2( rlm_eap_tls: Authenticate); Added the code, changed ssn for tls_session, as ssn is no avail in this function, no assertion error, coredumps at same place as before. #0 0x001c75ce in cbtls_verify (ok=1, ctx=0xbfe934b0) at cb.c:177 177 radlog(L_INFO, -- User-Name = %s, handler-identity); (gdb) bt #0 0x001c75ce in cbtls_verify (ok=1, ctx=0xbfe934b0) at cb.c:177 #1 0x035dcc58 in X509_verify_cert () from /lib/libcrypto.so.4 #2 0x035dc1a0 in X509_verify_cert () from /lib/libcrypto.so.4 #3 0x00d6dcc6 in ssl_verify_cert_chain () from /lib/libssl.so.4 If that assertion fails, then the problem is that the handler is getting freed part-way through the SSL session, when it shouldn't be. A hack to fix it would be to add one line to the top of that function: SSL_set_ex_data(ssn-ssl, 0, handler); That SHOULD work around the problem. If so, I'll commit a fix. Alan DeKok. Willem Eradus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Got a problem - mysql and radius table
I am new to this list so perhaps this has been brought up already but: Using freeradius 1.0.1 with mysql. I insert the tables from db_mysql.sql into the radius database and i get an error on id default for the nas table. I simply delete the default entry for that row and everything goes well. But later when I start radius it hangs. The log looks like this Sat Apr 2 16:25:43 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net hm? Radiusd never gets started. It's not a mysql user problem because the user I am useing is allowed ALL PRIVELAGES on database radius. Anyone out there having this issue? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:05 AM, Blake [EMAIL PROTECTED] wrote: I am new to this list so perhaps this has been brought up already but: Using freeradius 1.0.1 with mysql. I insert the tables from db_mysql.sql into the radius database and i get an error on id default for the nas table. I simply delete the default entry for that row and everything goes well. But later when I start radius it hangs. The log looks like this Sat Apr 2 16:25:43 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 I assume this output is from the -X debugging switch? and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net TCP or Unix socket, it's still a network connection. humm... maybe try switching to TCP? hm? Radiusd never gets started. It's not a mysql user problem because the user I am useing is allowed ALL PRIVELAGES on database radius. Anyone out there having this issue? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Good luck! Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
Scott Edwards wrote: and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net TCP or Unix socket, it's still a network connection. humm... maybe try switching to TCP? hm? Radiusd never gets started. It's not a mysql user problem because the user I am useing is allowed ALL PRIVELAGES on database radius. Anyone out there having this issue? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Good luck! Scott Edwards Scott, I think that it is using tcp. I have tried connecting to another mysql server from the same machine with the same results. How do I know if it's tcp? Where is the settings? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:33 AM, Blake [EMAIL PROTECTED] wrote: Scott Edwards wrote: and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net TCP or Unix socket, it's still a network connection. humm... maybe try switching to TCP? Scott, I think that it is using tcp. I have tried connecting to another mysql server from the same machine with the same results. How do I know if it's tcp? TCP for remote (and sometimes local) connections, and unix sockets (most always) localy. Where is the settings? sql.conf Thanks, Scott Edwards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
Scott Edwards wrote: On Apr 2, 2005 11:33 AM, Blake [EMAIL PROTECTED] wrote: Scott Edwards wrote: and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net TCP or Unix socket, it's still a network connection. humm... maybe try switching to TCP? Scott, I think that it is using tcp. I have tried connecting to another mysql server from the same machine with the same results. How do I know if it's tcp? TCP for remote (and sometimes local) connections, and unix sockets (most always) localy. Where is the settings? sql.conf Thanks, Scott Edwards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I don't see the option in sql.conf. Here is what I do have sql { driver = rlm_sql_mysql server = localhost login = sqladmin password = *** radius_db = radius acct_table1 = radacct acct_table2 = radacct postauth_table = radpostauth authcheck_table = radcheck authreply_table = radreply groupcheck_table = radgroupcheck groupreply_table = radgroupreply usergroup_table = usergroup deletestalesessions = yes sqltrace = no sqltracefile = ${logdir}/sqltrace.sql num_sql_socks = 5 connect_failure_retry_delay = 60 sql_user_name = %{User-Name} authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username = '%{SQL-User-Name}' $ authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM ${authreply_table} WHERE Username = '%{SQL-User-Name}' $ authorize_group_check_query = SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${$ authorize_group_reply_query = SELECT ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${$ accounting_onoff_query = UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_$ accounting_update_query = UPDATE ${acct_table1} \ SET FramedIPAddress = '%{Framed-IP-Address}', \ AcctSessionTime = '%{Acct-Session-Time}', \ AcctInputOctets = '%{Acct-Input-Octets}', \ AcctOutputOctets = '%{Acct-Output-Octets}' \ WHERE AcctSessionId = '%{Acct-Session-Id}' \ AND UserName = '%{SQL-User-Name}' \ AND NASIPAddress= '%{NAS-IP-Address}' accounting_update_query_alt = INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddre$ accounting_start_query = INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, N$ accounting_start_query_alt = UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}$ simul_verify_query = SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingS$ group_membership_query = SELECT GroupName FROM ${usergroup_table} WHERE UserName='%{SQL-User-Name}' postauth_query = INSERT into ${postauth_table} (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-P$ readclients = yes } Any help? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
My guess is that it has something to do with the error when importing the tables from the db_mysql.sql file. The error was on the nas table. Like I said I ended up having to omit the entry for default '0' on the id row. No matter how I worded the default. I would get a syntax error everytime. perhaps the db_mysql.sql is outdated and doesn't work with mysql 4.1.10a -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
Blake wrote: My guess is that it has something to do with the error when importing the tables from the db_mysql.sql file. The error was on the nas table. Like I said I ended up having to omit the entry for default '0' on the id row. No matter how I worded the default. I would get a syntax error everytime. perhaps the db_mysql.sql is outdated and doesn't work with mysql 4.1.10a -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Another clue is: When I delete the radius database out of mysql. The radius server starts fine. The log says that it's running. It does of course say that the database radius doesn't exist. This tells me that radius is connecting to the database without any problems. It's only when it acctually starts to read the database it has a problem. Another little clue is that when the database exists and I have the wrong username and password in the sql.conf file it will not authenticate. I can run this command from the prompt mysqlcheck -c --host=127.0.0.1 -u chilli -p -B radius and type the password and it reads and checks the tables. they all come back ok So it's definatly not a connection problem. It must be the radius database. -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Webmin Module
I almost hate to post this because in my searches I have seen this question posted many times, just haven't really seen an answer. So, here goes.. Is there a Webmin module for FreeRadius? If not, is there a list of GUIS somewhere for FreeRadius? Thanks! -- Private Label Wholesale Internet Access! http://www.YourOwnISP.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table - more output from debuging mode
Here is the last few lines from radiusd -X output: sql: accounting_stop_query_alt = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}') sql: group_membership_query = SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' sql: connect_failure_retry_delay = 60 sql: simul_count_query = sql: simul_verify_query = SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0 sql: postauth_table = radpostauth sql: postauth_query = INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW()) sql: safe-characters = @abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: / rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 Segmentation fault If that helps -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Webmin Module
Me wrote: I almost hate to post this because in my searches I have seen this question posted many times, just haven't really seen an answer. So, here goes.. Is there a Webmin module for FreeRadius? If not, is there a list of GUIS somewhere for FreeRadius? Thanks! -- Private Label Wholesale Internet Access! http://www.YourOwnISP.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Give dialup_admin a try. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Daemonizing problem
I have FreeRADIUS 1.0.2 on FreeBSD 4.10 configured as followed: CPPFLAGS=-I/usr/local/include -I/usr/local/pgsql/include LDDFLAGS=-L/usr/local/lib -L/usr/local/pgsql/lib ./configure --prefix=/usr/local/freeradius --with-raddbdir=/usr/local/freeradius/etc --with-logdir=/var/log/radius --with-radacctdir=/var/log/radacct --without-rlm-krb5 --without-rlm-sql-mysql --without-rlm-sql-unixodbc --without-rlm-sql-iodbc --without-rlm-sql-oracle --without-rlm-ldap 21 script-fradius.log When I try to start up freeradius after installation and configuration as followed: /usr/local/freeradius/sbin/radiusd -A -g local6 -y -z It starts up but does not daemonize and deattach from tty. Can anybody prompt where to look up to search and correct this? Oleg Golovanov Krasnoyarsk city - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:50 AM, Blake [EMAIL PROTECTED] wrote: [snip] I don't see the option in sql.conf. Here is what I do have sql { driver = rlm_sql_mysql server = localhost login = sqladmin password = *** radius_db = radius [snip] Here's your connection settings. server = localhost is what I was referencing. You're using localhost, which is not to be confused with 127.0.0.1. localhost only uses the unix socket, otherwise a decimal dotted IP (or a hostname that will resolve to an IP) will be used via TCP. Just to fiddle, try switching to 127.0.0.1 and start freeradius. I don't expect it to work any different, but if it does, you've narrowed it down. If I were stuck in this situation, I would consider using strace on radius -X and maybe even mysql (to different log files). You'll have to use a few terms for this (and read those fine man pages). I'm not sure what else to try at this point, save to revert the configs, and carefully reconfigure from defaults. Best of luck! Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table - more output from debuging mode
On Apr 2, 2005 4:27 PM, Blake [EMAIL PROTECTED] wrote: Here is the last few lines from radiusd -X output: AcctStopTime = 0 sql: postauth_table = radpostauth sql: postauth_query = INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW()) sql: safe-characters = @abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: / rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 Segmentation fault If that helps -Blake- Happens every time? What release of freeradius? (upgrade if you're not on the latest, start over, and continue if it's still doing this) Recompile with gdb debugging support+symbols (if not present), and try running under gdb. Provide the output from the full backtrace when you encounter the segfault. (gdb) bt full I'd suggest filing a bug report with this information. (I don't think it'll do much good to post it here). Thank you, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation fault
FreeRADIUS 1.0.2 on FreeBSD 4.10 # check-radiusd-config Segmentation fault Radius server configuration looks OK. # /usr/local/freeradius/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/freeradius/etc/clients.conf Config: including file: /usr/local/freeradius/etc/eap.conf Config: including file: /usr/local/freeradius/etc/pgsql.conf main: prefix = /usr/local/freeradius main: localstatedir = /usr/local/freeradius/var main: logdir = /var/log/radius main: libdir = /var/backups/freeradius/lib main: radacctdir = /var/db/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd.pid main: user = radius main: group = network main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/freeradius/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/freeradius/lib Segmentation fault Where to search the source of problem - maybe in module's configs? Oleg Golovanov Krasnoyarsk city - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attach mac address to username
Joachim Bloche wrote: eg: would I have to add the table. radcheck id - - - - - - - - 4567 UserName - - user1 Attribute - - - Calling-Session-Id op - - - - - - - := Value - - - - - 000bcdfxxx I think this example is OK, but the op which should be '==' (':=' always matches and sets a freeradius parameter, I don't think that's what we're looking for). I seem to get these parameters mixed up all the time. must read doc's again Looking at radacct, I am receiving CallingStationID which appears to be the mac of the connecting client. You're right, it is Calling-Station-Id, not session... apologizes. Would your suggestion be automatic or would I need to manually add the attribute. I think you can do it automatically, provided your NAS sends Calling-Station-Id with the authentication request. In this case you may rewrite the post-auth request to add the row in radcheck (see sql.conf). But I'm quite new to freeradius, and there may be 2 issues : I'm not sure wether it's possible to use an INSERT in post-auth, and I'm not sure wether the NAS will send the calling-station-id with the authentication-request (but if it doesn't, there will be no solution...). Anyway, this will be easy to check, but I have no radius server for the week-end. If this doesn't work, then you'll have to use a trigger or any other mean, in order to insert the row in radcheck when the first accounting start for this user occurs. This would be less convenient, but still not very complicated. Joachim I will perform some tests this week and see if I can nut this one out. Thanks again for your help Joachim Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html