DATE_SUB (rlm_perl)
Hi all,
I was inserting start and stop time using rlm_perl
example.pl file. But i am doing some mistake. i
modified the following code for start date, but not
working.
DATE_SUB('CURDATE()',INTERVAL
($RAD_REQUEST{'Acct-Session-Time:-0'} +
$RAD_REQUEST{'Acct-Delay-Time:-0'}) SECOND)
Can anyone suggest me what is the right code to insert
start date and time?
this is the error what i am getting.
/raddb/MaxTime.pl , func = accounting exit status=
DBD::mysql::st execute failed: You have an error in
your SQL syntax near '+ ) SECOND),..
Yours,
Abdul Lateef
Computer Programmer
HATIF COM
Mob: +974 - 5405022
Tel: +974 - 4883068
ICQ: 276994704
YM!: abdul_zu
Fax: +974 - 4883063
Doha Qatar
http://www.hatif.com
__
Yahoo! Mail - PC Magazine Editors' Choice 2005
http://mail.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Grab caller id and insert into radcheck how to
Jonathan De Graeve wrote:
You should use: IF NOT EXISTS
Thanks Jonathan, I did some more testing today and came up with
something that works for us...
Shane
Hi all,
I an attempting to add an additional attribute upon the first login for
user accounts and I am a bit lost.
The way I am testing this is with postauth query.
postauth_query = "INSERT into ${authcheck_table} (id, UserName,
Attribute, op, value) values('', '%{SQL-User-Name}',
'Calling-Station-Id', '==', '%{Calling-Station-Id}' )"
This works great but it adds a new record every time the user
successfully authenticates. Not a problem really but there are also
users I don't need to lock to a caller id.
I tried using postauth_query = "UPDATE in various ways but I just can't
get my head around it.
If I manually create an entry in radcheck for a user with the attribute
"Calling-Station-Id" and a "NULL" value, then the user can't login
obviously.
Does anybody have any ideas how to have this attribute somehow
dynamically created when the user first logs in if they are a member of
a group and ultimately not create it if the record already exists?
Any ideas or pointers greatly appreciated.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Post Accounting
Thanks for reply Paolo, But i wonder that can i use both sql accounting and acctusersfile same time? And i i do how? Thanks.. devrim I do some post-proccesing for accounting and I do it through the exec module. I call at the end of accounting section one instance of the exec module wich calls a script wich does some post-processing, updates some tables and distinguish processing between Start/Alive/Stop. - Original Message - From: Devrim Seral To: freeradius-users at lists.freeradius.org Sent: Friday, October 07, 2005 6:04 PM Subject: Post Accounting Hi freeradius community! I want to do something with freeradius but i haven't find any information how to do that. The problem is I want to run SQL query after accounting stop request with in sql module. I found that sql module have postauth_query feature. So i want same functionality but after accounting stop request.. Is there any way to do it? (Note that i don't want to use SQL trigger) Thanks for your responses devrim -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- next part --An HTML attachment was scrubbed...URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20051007/611a308e/attachment-0001.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy when module_accounting rejects the request
I noticed that accounting requests are proxied anyway even if a module of the accounting section rejected the request. I don't know whether this is the expected behaviour or not. In other words: is this a bug or feature ? :-) Perhaps there are reasons to always proxy an accounting request, but I'm thinking the action might be: Return valueProxy Drop -- RLM_MODULE_REJECT X RLM_MODULE_FAIL X RLM_MODULE_OK X RLM_MODULE_HANDLEDX RLM_MODULE_INVALIDX RLM_MODULE_USERLOCK X RLM_MODULE_NOTFOUND X RLM_MODULE_NOOP X RLM_MODULE_UPDATEDX -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DATE_SUB (rlm_perl)
Abdul Lateef <[EMAIL PROTECTED]> wrote:
> DATE_SUB('CURDATE()',INTERVAL
> ($RAD_REQUEST{'Acct-Session-Time:-0'} +
You're mixing Perl hash expansion and FreeRADIUS variable expansion.
$RAD_REQUEST{'Acct-Session-Time'} contains the value of
Acct-Session-Time. If it doesn't exist, you'll have to use *perl*
code to check that. Using 'Acct-Session-Time:-0' won't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy when module_accounting rejects the request
Nicolas Baradakis <[EMAIL PROTECTED]> wrote: > I noticed that accounting requests are proxied anyway even if a module > of the accounting section rejected the request. I don't know whether > this is the expected behaviour or not. In other words: is this a bug > or feature ? :-) I would say there's a few bugs there. If "preacct" says that the request should be proxied, we probably shouldn't even run "accounting" at all. That will let people log local accounting data only for requests that are handled locally. > Perhaps there are reasons to always proxy an accounting request, but > I'm thinking the action might be: > > Return value Proxy Drop > -- > RLM_MODULE_REJECT X > RLM_MODULE_FAIL X > RLM_MODULE_OK X > RLM_MODULE_HANDLED X > RLM_MODULE_INVALID X > RLM_MODULE_USERLOCK X > RLM_MODULE_NOTFOUND X > RLM_MODULE_NOOP X > RLM_MODULE_UPDATED X That sounds reasonable, except for FAIL. If we fail to log accounting data, it's even more useful to proxy it. And most of those return codes don't make sense for accounting requests. Since accounting just does logging, the return codes should be: FAIL, OK, HANDLED, INVALID, NOOP. REJECT doesn't make sense. USERLOCK doesn't make sense, and I'm not sure what UPDATED means. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Online Status with FR & SQL
"Gunther" <[EMAIL PROTECTED]> wrote: > how do I know that the AcctStopTime=0 is not a 'leftover' ... > Would it make sense to add a TIMESTAMP to the radacct table to record the > last update? Sure. If the NAS is supposed to send accounting updates every 15 minutes, and it's been an hour since the last one, you can guess that the user isn't logged in any more. > And would the use of TIMESTAMP for the radacct table produce some form of > performance degrade? I doubt it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS expert NEEDED in NYC for a quick project
Hello FR experts. I need someone to setup and preconfigure a FreeRADIUS server from scratch for me. Overview of what I accomplished: Give registered authenticated users network access in private network setting. User must log in. Web tool for administrator to register new users for above. Setup multi-cast VPN for remote user access to a server Give guest users free wireless internet access for browsing only (simple web registration required) A way to specify bandwidth for each user or group of users. Soneone in NYC preferred If you have deep experience in FreeRADIUS and network security please send CV to [EMAIL PROTECTED] with your $$ fee estimate. Thank you. Casey Sung Grace Corporate Park - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy when module_accounting rejects the request
Alan DeKok wrote: > If "preacct" says that the request should be proxied, we probably > shouldn't even run "accounting" at all. I think there are some cases when there is a need to do both logging and proxying. (for example if the server and the proxy belong to different ISP) In those cases logging could be done in pre-proxy section instead of accounting, but currently not all the modules have a method for both accounting and pre-proxy. (for example rlm_sql can do accounting only) I've never understood why we have pre-proxy and post-proxy for accounting requests. As it is now, everything done in pre-proxy can be done in accounting, too. And post-proxy is meaningless since Accounting-Response packets are empty. > That will let people log local accounting data only for > requests that are handled locally. For now that can be achieved using Acct-Type stanzas. > That sounds reasonable, except for FAIL. If we fail to log > accounting data, it's even more useful to proxy it. I understand your reasons. The logs of the proxy may be incoherent, but that's probably better than to have nothing at all. > And most of those return codes don't make sense for accounting > requests. Since accounting just does logging, the return codes should > be: > > FAIL, OK, HANDLED, INVALID, NOOP. I agree. It should be the same for preacct modules, too. > REJECT doesn't make sense. USERLOCK doesn't make sense, and I'm not > sure what UPDATED means. Comments in modules.h says UPDATED is "OK (pairs modified)". However if a module returns REJECT or USERLOCK, it just means the module is seriously broken. It's unclear whether the packet should be proxied in this case. If something that shouldn't happen actually happens, I would vote to drop the packet. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
effort required to create passwd DB nsswitch lookup using AAA server..
Currently, there's LDAP lookup support for passwd DB in nsswitch.conf. I don't think similar service exist for AAA server lookup for passwd DB in nsswitch. How much effort is required to accomplish this. Any pointers are apprecaited... --- Raj <[EMAIL PROTECTED]> wrote: > If I have a Radius client setup on a RHEL 4.0 linux > with pam_auth_radius module > active for telnet/ssh service, do I need to create > a > linux user (with no passwd) that > is same as the Radius user for this authentication > to > work? > This is assuming "sufficient" control flag for > pam_radius_auth as the very first > entry in the related service files under /etc/pam.d > dir. > > > Basically, I don't want to create a user account on > AAA client machine but only on AAA server. Is there > a > way I can accomplish this using pam_auth_radius and > nsswitch.conf ? i.e if there's a way to specify AAA > server lookup for passwd DB in nsswitch.conf? > > > > __ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
