Re: Digest authentication over FreeRadius against an LDAP server
On Apr 2, 2005 12:14 AM, Craig Huckabee [EMAIL PROTECTED] wrote: Or use EAP-TTLS/PAP to get a clear text password from your clients and use encrypted passwords in LDAP. Well, this is not possible since my NAS is a RFC3261-compliant SIP server, which is not allowed to request cleartext passwords from its clients (3261 does not allow basic authentication). Therefore, it cannot pass cleartext passwords to the radius server. Thanks for the suggestion, anyway. A. Burak Gurdag Software Engineer Argela Technologies - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attach mac address to username
eg: would I have to add the table.
radcheck
id - - - - - - - - 4567
UserName - - user1
Attribute - - - Calling-Session-Id
op - - - - - - - :=
Value - - - - - 000bcdfxxx
I think this example is OK, but the op which should be '==' (':='
always matches and sets a freeradius parameter, I don't think that's
what we're looking for).
Looking at radacct, I am receiving CallingStationID which appears to
be the mac of the connecting client.
You're right, it is Calling-Station-Id, not session... apologizes.
Would your suggestion be automatic or would I need to manually add the
attribute.
I think you can do it automatically, provided your NAS sends
Calling-Station-Id with the authentication request. In this case you
may rewrite the post-auth request to add the row in radcheck (see
sql.conf). But I'm quite new to freeradius, and there may be 2 issues
: I'm not sure wether it's possible to use an INSERT in post-auth, and
I'm not sure wether the NAS will send the calling-station-id with the
authentication-request (but if it doesn't, there will be no
solution...). Anyway, this will be easy to check, but I have no radius
server for the week-end.
If this doesn't work, then you'll have to use a trigger or any other
mean, in order to insert the row in radcheck when the first accounting
start for this user occurs. This would be less convenient, but still
not very complicated.
Joachim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and MySQL -- missing libraries?
On Fri, Apr 01, 2005 at 12:42:18PM -0800, Rick Kunkel wrote: Hello all, When I run an ldd though, I see this: # ldd rlm_sql_mysql.so libmysqlclient.so.12 = not found libz.so.1 = /usr/lib/libz.so.1 (0x4000b000) libcrypt.so.1 = /lib/libcrypt.so.1 (0x40019000) libnsl.so.1 = /lib/libnsl.so.1 (0x40046000) libm.so.6 = /lib/libm.so.6 (0x4005a000) libc.so.6 = /lib/libc.so.6 (0x4007b000) /lib/ld-linux.so.2 = /lib/ld-linux.so.2 (0x8000) Am I getting that error in debugging more since libmysqlclient.so.12 is missing, which causes rlm_sql_mysql.so to fail as well? Yes. OK..on the OTHER RADIUS machine, when attempting to implement SQL, I get: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius rlm_sql_mysql: Mysql error 'Client does not support authentication protocol requested by server; consider upgrading MySQL client' This machine DOES have the libmysqlclient libraries, but maybe they're too old? That's right. You'll find you've got a mySQL 4.1 server, and libmysqlclient.so.10 (from mySQL 3.x) installed. They won't work together out of the box. You can tell the mySQL server to use the old style of password authentication, as a workaround, I believe. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segmentation fault
On Apr 1, 2005 11:40 PM, Alan DeKok [EMAIL PROTECTED] wrote:
Larry Riffle [EMAIL PROTECTED] wrote:
I'm trying to decide if this is just a couple of us doing something
wrong or if check_cert_cn is broken.
It might be broken.
Does anybody have it working on any platform? By working I mean when
the CN doesn't match your server doesn't crash.
I haven't tested it.
177 radlog(L_INFO, -- User-Name = %s,
handler-identity);
The identity SHOULD NOT be NULL. The rest of the EAP code ensures
that IF the handler exists, THEN the identity is valid. I'm confused
by why this is happening at all...
Hmm in rlm_eap_tls.c, function eaptls_authenticate(), try adding
the following code at the top:
...
EAP_HANDLER *ssl_handler = SSL_get_ex_data(ssn-ssl, 0);
rad_assert(ssl_handler == handler);
...
*/
static int eaptls_authenticate(void *arg UNUSED, EAP_HANDLER *handler)
{
eaptls_status_t status;
tls_session_t *tls_session = (tls_session_t *) handler-opaque;
EAP_HANDLER *ssl_handler = SSL_get_ex_data(tls_session-ssl, 0);
rad_assert(ssl_handler == handler);
DEBUG2( rlm_eap_tls: Authenticate);
Added the code, changed ssn for tls_session, as ssn is no avail in
this function, no assertion error, coredumps at same place as before.
#0 0x001c75ce in cbtls_verify (ok=1, ctx=0xbfe934b0) at cb.c:177
177 radlog(L_INFO, -- User-Name = %s, handler-identity);
(gdb) bt
#0 0x001c75ce in cbtls_verify (ok=1, ctx=0xbfe934b0) at cb.c:177
#1 0x035dcc58 in X509_verify_cert () from /lib/libcrypto.so.4
#2 0x035dc1a0 in X509_verify_cert () from /lib/libcrypto.so.4
#3 0x00d6dcc6 in ssl_verify_cert_chain () from /lib/libssl.so.4
If that assertion fails, then the problem is that the handler is
getting freed part-way through the SSL session, when it shouldn't be.
A hack to fix it would be to add one line to the top of that function:
SSL_set_ex_data(ssn-ssl, 0, handler);
That SHOULD work around the problem. If so, I'll commit a fix.
Alan DeKok.
Willem Eradus
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Got a problem - mysql and radius table
I am new to this list so perhaps this has been brought up already but: Using freeradius 1.0.1 with mysql. I insert the tables from db_mysql.sql into the radius database and i get an error on id default for the nas table. I simply delete the default entry for that row and everything goes well. But later when I start radius it hangs. The log looks like this Sat Apr 2 16:25:43 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net hm? Radiusd never gets started. It's not a mysql user problem because the user I am useing is allowed ALL PRIVELAGES on database radius. Anyone out there having this issue? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:05 AM, Blake [EMAIL PROTECTED] wrote: I am new to this list so perhaps this has been brought up already but: Using freeradius 1.0.1 with mysql. I insert the tables from db_mysql.sql into the radius database and i get an error on id default for the nas table. I simply delete the default entry for that row and everything goes well. But later when I start radius it hangs. The log looks like this Sat Apr 2 16:25:43 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to MySQL server for #1 I assume this output is from the -X debugging switch? and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net TCP or Unix socket, it's still a network connection. humm... maybe try switching to TCP? hm? Radiusd never gets started. It's not a mysql user problem because the user I am useing is allowed ALL PRIVELAGES on database radius. Anyone out there having this issue? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Good luck! Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
Scott Edwards wrote: and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net TCP or Unix socket, it's still a network connection. humm... maybe try switching to TCP? hm? Radiusd never gets started. It's not a mysql user problem because the user I am useing is allowed ALL PRIVELAGES on database radius. Anyone out there having this issue? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Good luck! Scott Edwards Scott, I think that it is using tcp. I have tried connecting to another mysql server from the same machine with the same results. How do I know if it's tcp? Where is the settings? -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:33 AM, Blake [EMAIL PROTECTED] wrote: Scott Edwards wrote: and just sits there trying to start I look at the mysql process table and it shows that the user has logged in and is reading from net TCP or Unix socket, it's still a network connection. humm... maybe try switching to TCP? Scott, I think that it is using tcp. I have tried connecting to another mysql server from the same machine with the same results. How do I know if it's tcp? TCP for remote (and sometimes local) connections, and unix sockets (most always) localy. Where is the settings? sql.conf Thanks, Scott Edwards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
Scott Edwards wrote:
On Apr 2, 2005 11:33 AM, Blake [EMAIL PROTECTED] wrote:
Scott Edwards wrote:
and just sits there trying to start I look at the mysql process
table and it shows that the user has logged in and is reading from net
TCP or Unix socket, it's still a network connection. humm... maybe try
switching to TCP?
Scott,
I think that it is using tcp. I have tried connecting to another mysql
server from the same machine with the same results.
How do I know if it's tcp?
TCP for remote (and sometimes local) connections, and unix sockets
(most always) localy.
Where is the settings?
sql.conf
Thanks,
Scott Edwards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I don't see the option in sql.conf. Here is what I do have
sql {
driver = rlm_sql_mysql
server = localhost
login = sqladmin
password = ***
radius_db = radius
acct_table1 = radacct
acct_table2 = radacct
postauth_table = radpostauth
authcheck_table = radcheck
authreply_table = radreply
groupcheck_table = radgroupcheck
groupreply_table = radgroupreply
usergroup_table = usergroup
deletestalesessions = yes
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
num_sql_socks = 5
connect_failure_retry_delay = 60
sql_user_name = %{User-Name}
authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE Username = '%{SQL-User-Name}' $
authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM
${authreply_table} WHERE Username = '%{SQL-User-Name}' $
authorize_group_check_query = SELECT
${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${$
authorize_group_reply_query = SELECT
${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${$
accounting_onoff_query = UPDATE ${acct_table1} SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_$
accounting_update_query = UPDATE ${acct_table1} \
SET FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Octets}', \
AcctOutputOctets = '%{Acct-Output-Octets}' \
WHERE AcctSessionId = '%{Acct-Session-Id}' \
AND UserName = '%{SQL-User-Name}' \
AND NASIPAddress= '%{NAS-IP-Address}'
accounting_update_query_alt = INSERT into ${acct_table1}
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddre$
accounting_start_query = INSERT into ${acct_table1}
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, N$
accounting_start_query_alt = UPDATE ${acct_table1} SET
AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}$
simul_verify_query = SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingS$
group_membership_query = SELECT GroupName FROM ${usergroup_table}
WHERE UserName='%{SQL-User-Name}'
postauth_query = INSERT into ${postauth_table} (id, user, pass,
reply, date) values ('', '%{User-Name}', '%{User-P$
readclients = yes
}
Any help?
-Blake-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
My guess is that it has something to do with the error when importing the tables from the db_mysql.sql file. The error was on the nas table. Like I said I ended up having to omit the entry for default '0' on the id row. No matter how I worded the default. I would get a syntax error everytime. perhaps the db_mysql.sql is outdated and doesn't work with mysql 4.1.10a -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
Blake wrote: My guess is that it has something to do with the error when importing the tables from the db_mysql.sql file. The error was on the nas table. Like I said I ended up having to omit the entry for default '0' on the id row. No matter how I worded the default. I would get a syntax error everytime. perhaps the db_mysql.sql is outdated and doesn't work with mysql 4.1.10a -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Another clue is: When I delete the radius database out of mysql. The radius server starts fine. The log says that it's running. It does of course say that the database radius doesn't exist. This tells me that radius is connecting to the database without any problems. It's only when it acctually starts to read the database it has a problem. Another little clue is that when the database exists and I have the wrong username and password in the sql.conf file it will not authenticate. I can run this command from the prompt mysqlcheck -c --host=127.0.0.1 -u chilli -p -B radius and type the password and it reads and checks the tables. they all come back ok So it's definatly not a connection problem. It must be the radius database. -Blake- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Webmin Module
I almost hate to post this because in my searches I have seen this question posted many times, just haven't really seen an answer. So, here goes.. Is there a Webmin module for FreeRadius? If not, is there a list of GUIS somewhere for FreeRadius? Thanks! -- Private Label Wholesale Internet Access! http://www.YourOwnISP.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table - more output from debuging mode
Here is the last few lines from radiusd -X output:
sql: accounting_stop_query_alt = INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} +
%{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')
sql: group_membership_query = SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}'
sql: connect_failure_retry_delay = 60
sql: simul_count_query =
sql: simul_verify_query = SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId,
FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND
AcctStopTime = 0
sql: postauth_table = radpostauth
sql: postauth_query = INSERT into radpostauth (id, user, pass, reply,
date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())
sql: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
Segmentation fault
If that helps
-Blake-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Webmin Module
Me wrote: I almost hate to post this because in my searches I have seen this question posted many times, just haven't really seen an answer. So, here goes.. Is there a Webmin module for FreeRadius? If not, is there a list of GUIS somewhere for FreeRadius? Thanks! -- Private Label Wholesale Internet Access! http://www.YourOwnISP.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Give dialup_admin a try. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Daemonizing problem
I have FreeRADIUS 1.0.2 on FreeBSD 4.10 configured as followed: CPPFLAGS=-I/usr/local/include -I/usr/local/pgsql/include LDDFLAGS=-L/usr/local/lib -L/usr/local/pgsql/lib ./configure --prefix=/usr/local/freeradius --with-raddbdir=/usr/local/freeradius/etc --with-logdir=/var/log/radius --with-radacctdir=/var/log/radacct --without-rlm-krb5 --without-rlm-sql-mysql --without-rlm-sql-unixodbc --without-rlm-sql-iodbc --without-rlm-sql-oracle --without-rlm-ldap 21 script-fradius.log When I try to start up freeradius after installation and configuration as followed: /usr/local/freeradius/sbin/radiusd -A -g local6 -y -z It starts up but does not daemonize and deattach from tty. Can anybody prompt where to look up to search and correct this? Oleg Golovanov Krasnoyarsk city - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:50 AM, Blake [EMAIL PROTECTED] wrote:
[snip]
I don't see the option in sql.conf. Here is what I do have
sql {
driver = rlm_sql_mysql
server = localhost
login = sqladmin
password = ***
radius_db = radius
[snip]
Here's your connection settings. server = localhost is what I was
referencing. You're using localhost, which is not to be confused
with 127.0.0.1. localhost only uses the unix socket, otherwise a
decimal dotted IP (or a hostname that will resolve to an IP) will be
used via TCP.
Just to fiddle, try switching to 127.0.0.1 and start freeradius. I
don't expect it to work any different, but if it does, you've narrowed
it down. If I were stuck in this situation, I would consider using
strace on radius -X and maybe even mysql (to different log files).
You'll have to use a few terms for this (and read those fine man
pages). I'm not sure what else to try at this point, save to revert
the configs, and carefully reconfigure from defaults.
Best of luck!
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table - more output from debuging mode
On Apr 2, 2005 4:27 PM, Blake [EMAIL PROTECTED] wrote:
Here is the last few lines from radiusd -X output:
AcctStopTime = 0
sql: postauth_table = radpostauth
sql: postauth_query = INSERT into radpostauth (id, user, pass, reply,
date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())
sql: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
Segmentation fault
If that helps
-Blake-
Happens every time? What release of freeradius? (upgrade if you're
not on the latest, start over, and continue if it's still doing this)
Recompile with gdb debugging support+symbols (if not present), and try
running under gdb. Provide the output from the full backtrace when
you encounter the segfault.
(gdb) bt full
I'd suggest filing a bug report with this information. (I don't think
it'll do much good to post it here).
Thank you,
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation fault
FreeRADIUS 1.0.2 on FreeBSD 4.10 # check-radiusd-config Segmentation fault Radius server configuration looks OK. # /usr/local/freeradius/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/freeradius/etc/clients.conf Config: including file: /usr/local/freeradius/etc/eap.conf Config: including file: /usr/local/freeradius/etc/pgsql.conf main: prefix = /usr/local/freeradius main: localstatedir = /usr/local/freeradius/var main: logdir = /var/log/radius main: libdir = /var/backups/freeradius/lib main: radacctdir = /var/db/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd.pid main: user = radius main: group = network main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/freeradius/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/freeradius/lib Segmentation fault Where to search the source of problem - maybe in module's configs? Oleg Golovanov Krasnoyarsk city - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attach mac address to username
Joachim Bloche wrote:
eg: would I have to add the table.
radcheck
id - - - - - - - - 4567
UserName - - user1
Attribute - - - Calling-Session-Id
op - - - - - - - :=
Value - - - - - 000bcdfxxx
I think this example is OK, but the op which should be '==' (':='
always matches and sets a freeradius parameter, I don't think that's
what we're looking for).
I seem to get these parameters mixed up all the time. must read doc's
again
Looking at radacct, I am receiving CallingStationID which appears to
be the mac of the connecting client.
You're right, it is Calling-Station-Id, not session... apologizes.
Would your suggestion be automatic or would I need to manually add the
attribute.
I think you can do it automatically, provided your NAS sends
Calling-Station-Id with the authentication request. In this case you
may rewrite the post-auth request to add the row in radcheck (see
sql.conf). But I'm quite new to freeradius, and there may be 2 issues
: I'm not sure wether it's possible to use an INSERT in post-auth, and
I'm not sure wether the NAS will send the calling-station-id with the
authentication-request (but if it doesn't, there will be no
solution...). Anyway, this will be easy to check, but I have no radius
server for the week-end.
If this doesn't work, then you'll have to use a trigger or any other
mean, in order to insert the row in radcheck when the first accounting
start for this user occurs. This would be less convenient, but still
not very complicated.
Joachim
I will perform some tests this week and see if I can nut this one out.
Thanks again for your help Joachim
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
