prepaid counter
dear all, I need your advice for my prepaid billing, i have several scenario : 1. prepaid for 4 hours and expire in 2 days after login. 2. prepaid for 8 hours and expire in 4 days after login. 3. prepaid for 24 hours and expire in 1 day. i have configured my freeradius and mysql using rlm_sqlcounter, i have tested with sample account from sqlcounter doc and its works. . i need to make or change default scripts for above schemes. can any body help me. best regards, rusma permana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ld: error fatal: library -lssl: no encontrado
Alvaro Quiñones wrote: I have this mistake ld: error fatal: library -lssl: no encontrado when i try to make. Version is freeradius-1.1.0 and my SO is Solaris10. how can i compile freeradius without support OpenSSL?? You need to disable all the modules that use OpenSSL: $ ./configure --without-rlm_eap_peap \ --without-rlm_eap_tls \ --without-rlm_eap_ttls \ --without-rlm_otp -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Peap and LDAP
I thought this line in LDAP entry gives NT password. sambaNTPassword: AA182541927C4597271A8CAE2393FA4E sambaLMPassword: 53DCAC0777C3A618AAD3B435B51404EE - Original Message - From: Josh Howlett [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Friday, February 10, 2006 17:12 Subject: Re: Peap and LDAP Jefri bin Dahari wrote: Hi all, I try to implement wireless users with PEAP but I face problem. It works if password in LDAP in clear text. With PEAP, the password *must* either be in clear-text or the NTLM hash. josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS ID re-write
Nicola Iotti wrote: I'm using freeradius 1.0.5 just as proxy to do a realm based messages redirection... How can I re-write NAS_ID ( attribute 32) with different ID for different redirection options... Please no HTML to the list. You might add some entries in file /etc/raddb/preproxy_users: DEFAULT Realm == foo.net NAS-Identifier := abcd DEFAULT Realm == bar.com NAS-Identifier := wxyz And make sure you have the module files in section pre-proxy of radiusd.conf. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:problem with simultanous use...any idea
On Fri, 2006-02-10 at 11:15 +0100, [EMAIL PROTECTED] wrote: problem with simultanous use...any idea???tommy garsia Hi guys... I've finished compile and install freeradius v1.1.0 with mysql...and work great... and i'm happy with it... now i have a problem during the accounting what should i do if i want to limit only one connection per one user..?? what should i do with my freeradius configuration? best regards, tommy Set simultaneous-use :=1 in radcheck and enable simultaneous use checking in sql.conf Regards, Sean http://swarmhotspots.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SIGHUP and instantiate method
Hy all, I am going to develop a custom module. I would like to know if the instantiate method of my new module would be called again when I send the server a SIGHUP (in order to do the reinitialization of my variables with the new values inserted) Regards, Susana __ LLama Gratis a cualquier PC del Mundo. Llamadas a fijos y móviles desde 1 céntimo por minuto. http://es.voice.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using scripts for sql.conf
Thanks. Will this allow me to run 1 of a number of queries in sql.conf depending on whats in the access-request the server receives? So I need to run some queries every time an access-request packet is received and then choose which authorize query to run in sql.conf. Alan DeKok wrote: Maqbool Hashim [EMAIL PROTECTED] wrote: Is it possible to reference a script from within sql.conf? I'd like to do some checks and inserts on the sql database just before the auth_check query in sql.conf. Whats the best way of doing this? rlm_exec. List it before sql. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-MD5, PEAP TTLS
Hi all, I plan to implement 802.1x for wired and wireless users. For wired using EAP-MD5 and wireless using PEAP. From my reading, EAP-MD5 only support clear-text password and PEAP only support clear text and NT password. Am I correct on these facts? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius client
Hallo everybody, As far as i know, Freeradius only act as a AAA server. so do you guys have preference for which radius client that I can use? Or can I use freeradius also as Radius client also? Many thanks for your help san __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
multiple huntgroup, same NAS-IP
first, thanks for writting and giving out FR. I have been given $$ to buy commercial radius but I haven't since I love FR, I think it has more featurs then the commercial one we looked at so good job!!! now, Is it possible for same NAS-IP to be in multiple huntgroups? I tried to do this but then it got confusing since the users file can only specify one huntgroup per user (which is okay if I can do multiple huntgroups with same NAS-IP) see what I am trying to do is limit access based on NAS-IP address, is there any other way to do this? one more thing, I wrote a dictionay.raritan file, where do I contribute? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MD5, PEAP TTLS
Jefri bin Dahari wrote: Hi all, I plan to implement 802.1x for wired and wireless users. For wired using EAP-MD5 and wireless using PEAP. From my reading, EAP-MD5 only support clear-text password and PEAP only support clear text and NT password. Am I correct on these facts? Yes. josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MD5, PEAP TTLS
Jefri bin Dahari wrote: Hi all, I plan to implement 802.1x for wired and wireless users. For wired using EAP-MD5 and wireless using PEAP. From my reading, EAP-MD5 only support clear-text password and PEAP only support clear text and NT password. Am I correct on these facts? Referencing the Subject header of your mail, if you use TTLS you have more flexibility with the password. josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius client
San wrote: Hallo everybody, As far as i know, Freeradius only act as a AAA server. so do you guys have preference for which radius client that I can use? Or can I use freeradius also as Radius client also? FreeRADIUS ships with a radius client. If you want to do EAP testing, my preferred tool is eapol_test from wpa_supplicant. josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Peap and LDAP
Jefri bin Dahari wrote: I thought this line in LDAP entry gives NT password. sambaNTPassword: AA182541927C4597271A8CAE2393FA4E sambaLMPassword: 53DCAC0777C3A618AAD3B435B51404EE It does - however, the default ldap.attrmap reads: checkItem LM-Password lmPassword checkItem NT-Password ntPassword Your attributes are named differently in LDAP, so you will need to update the 3rd field in that file for those attributes. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MD5, PEAP TTLS
Jefri bin Dahari wrote: Hi all, I plan to implement 802.1x for wired and wireless users. For wired using EAP-MD5 and wireless using PEAP. From my reading, EAP-MD5 only support clear-text password and PEAP only support clear text and NT password. Am I correct on these facts? Yes. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cntinue with mistake
Hi Continue with the same problem, the mistake continue and when i tried with ./configure --without-openssl --without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls --without-rlm_otp and ./configure --without-openssl --without-rlm_eap_peap --without-rlm_eap_tls --without-rlm_eap_ttls --without-rlm_otp bash-3.00# make gmake[1]: Entering directory `/usr/local/freeradius-1.1.0' Making all in libltdl... gmake[2]: Entering directory `/usr/local/freeradius-1.1.0/libltdl' /bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c mkdir .libs gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -fPIC -DPIC -o .libs/ltdl.lo ltdl.c: In function `lt_dlopenext': ltdl.c:2926: warning: unused variable `file_found' gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -o ltdl.o /dev/null 21 mv -f .libs/ltdl.lo ltdl.lo /bin/sh ./libtool --mode=link gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -o libltdl.la -rpath /usr/local/lib -no-undefined -version-info 4:0:1 ltdl.lo -ldl -lssl -lcrypto -lnsl -lresolv -lsocket -lposix4 -lpthread rm -fr .libs/libltdl.la .libs/libltdl.* .libs/libltdl.* /usr/ccs/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0 ltdl.lo -ldl -lssl -lcrypto -lnsl -lresolv -lscket -lposix4 -lpthread -lc ld: error fatal: library -lssl: no encontrado ld: error fatal: library -lcrypto: no encontrado ld: error fatal: Errores en el proceso de archivos. No se escribirá la salida en .libs/libltdl.so.3.1.0 gmake[2]: *** [libltdl.la] Error 1 gmake[2]: Leaving directory `/usr/local/freeradius-1.1.0/libltdl' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/usr/local/freeradius-1.1.0' make: *** [all] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius client
Hi Josh, Thanks a lot for quick reply. I have another question then, how do I invoke this client? I already install the freeradius in the other computer (acting as client) do I just use radclient command or? I want to see how they interact (server and client) What I got until now is the server succesfully authenticate the client by sending access_accept. And afterwards I still confused how to see the process. I want to extend the functionality of the client, so I need to know which file that i must extend. Many many thanks for the help San --- Josh Howlett [EMAIL PROTECTED] wrote: FreeRADIUS ships with a radius client. If you want to do EAP testing, my preferred tool is eapol_test from wpa_supplicant. josh. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius client
Hi, I have another question then, how do I invoke this client? I already install the freeradius in the other computer (acting as client) do I just use radclient command or? I want to see how they interact (server and client) What I got until now is the server succesfully authenticate the client by sending access_accept. And afterwards I still confused how to see the process. I want to extend the functionality of the client, so I need to know which file that i must extend. what exactly do you want the FreeRADIUS test client to do? as it comes, it will just take back an Accept or Reject response from the server... do you wish the client to actually do something like allow the system to be on the network? if so you need to wrap radclient into some script or use a proper dot1x client and set up the networking environment accordingly. to 'SEE' the process you should be looking at the logs on the server...or turn on the debugging ( eg radiusd -X ) on the server to see whats going on. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius client
Hi Alan, Thanks for the help. Also, what I really want to do is that I want radclient to do calculation like in the prepaid billing. So, when the client receive access_accept from the server, then it start the calculation. and after sometime report the result to the server. And the server will respond according to the message. I think what i need to extend is the radclient file into some script right? or maybe other suggestion or other file? And for the process interaction that i want to see (between client and server) is for example the case of session timeout. How do i see if the client sending the message to the server.How do I make untill all of these information show in let say tcpdump. In the debug out (when i run radiusd -X) it only written Nothing to do. Sleeping until we see a request. Am I do something wrong or miss some important thing? Fyi, I am using linux box for my client. Many thanks for your help san --- [EMAIL PROTECTED] wrote: what exactly do you want the FreeRADIUS test client to do? as it comes, it will just take back an Accept or Reject response from the server... do you wish the client to actually do something like allow the system to be on the network? if so you need to wrap radclient into some script or use a proper dot1x client and set up the networking environment accordingly. to 'SEE' the process you should be looking at the logs on the server...or turn on the debugging ( eg radiusd -X ) on the server to see whats going on. alan __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius client
Hi, Also, what I really want to do is that I want radclient to do calculation like in the prepaid billing. So, when the client receive access_accept from the server, then it start the calculation. and after sometime report the result to the server. And the server will respond according to the message. oh. generally you do all the accounting and pre-paid stuff and timing of sessions etc on the SERVER. all the required bits are already there. various rlm_* modules that can interface nicely to a database backend etc. And for the process interaction that i want to see (between client and server) is for example the case of session timeout. How do i see if the client sending the message to the server.How do I make untill all of these information show in let say tcpdump. you can see the stuff with tcpdump (in the usual way) but there are special filters for RADIUS in ethereal package - which some people prefer to use when looking at the network stuff. you could look at the server end still - since you can see all the into that the server sends and that the server receives. if you have a problem with the network so that packets dont arrive than thats another issue altogether. In the debug out (when i run radiusd -X) it only written Nothing to do. Sleeping until we see a request. ah. if you are ONLY seeing this and yet you are trying to run the radclient on another box...then the packets arent arriving to the server. in this case perhaps there is a firewall in the way (usual suspect and reason). if you have misconfigured the client/server relationship (wrong passphrase etc) then you would see info...and it would tell you! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_eap_tls error
Alan: What file. Certificate? Thank you, John John Metcalfe, Jr. IT Specialist - AIS IBM Business Consulting Services, Public Sector Telephone: 240-396-5305 email: [EMAIL PROTECTED] Alan DeKok [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 02/09/2006 05:30 PM Please respond to FreeRadius users mailing list To FreeRadius users mailing list freeradius-users@lists.freeradius.org cc Subject Re: rlm_eap_tls error John Metcalfe [EMAIL PROTECTED] wrote: address:bss_file.c:245:fopen('','r') The filename is empty. Specify a filename in the TLS configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Root Certificate via ADS
This is probably really a question for a windows mailing list. :) You can install the root certificates via GPO Under Computer Configuration - Windows Settings - Security Settings - Public Key policies. The problem you're going to run into is configuring the 802.1x client on all 300 machines, it's quite a manual process. :) Good luck and HTH -Bob Armin Krämer wrote: Hi, im planing to install my generated root Certifikate via W2k ADS to the Clients. How can i do this via AADS? What do i have to do in ADS and Group Policies? The second question ist that i will have to set a mark onto my certifikate at the Trusted RootCertifikate Field at the network Connection (hoe you understand what i mean) . How can i do this? Intall Root Certifikate and set this mark that i can use EAP-TLS wit Freeradius? I dont want to put it on 300 clients per hand :-) Thank Armin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS work but with errors
You can also add the following to a file called xpextensions RPM-vmware ssl # cat xpextensions [ xpclient_ext] extendedKeyUsage = 1.3.6.1.5.5.7.3.2 [ xpserver_ext ] extendedKeyUsage = 1.3.6.1.5.5.7.3.1 Then when you sign the cert, you add -extfile = xpextensions That should get rid of the error, I believe I found all of this in the EAP-TLS howto, right off the main page of the freeradius site. -BOb Alan DeKok wrote: =?ISO-8859-15?Q?Frank_B=FCttner?= [EMAIL PROTECTED] wrote: When a client try to log in with an valid certificate it works. But I get this error: TLS_accept:error in SSLv3 read client certificate A Ignore it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Deleting VLAN information while proxying
Phil Mayers [EMAIL PROTECTED] wrote: Alan (DeKok) - is there a quick two-line description of what issues would need to be addressed to run attr_filter in post-auth? If it's easy I'll take a crack at it, as it would simplify our config as well. Port the changes from CVS head, I think. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SIGHUP and instantiate method
Susana Macias [EMAIL PROTECTED] wrote: I would like to know if the instantiate method of my new module would be called again when I send the server a SIGHUP (in order to do the reinitialization of my variables with the new values inserted) Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using scripts for sql.conf
Maqbool Hashim [EMAIL PROTECTED] wrote: Will this allow me to run 1 of a number of queries in sql.conf You said script not additional queries. Please describe *accurately* what you want to do. Giving information in bits and pieces is annoying. So I need to run some queries every time an access-request packet is received and then choose which authorize query to run in sql.conf. The SQL module supports only one authorize query. So that won't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiple huntgroup, same NAS-IP
Agent Smith [EMAIL PROTECTED] wrote: first, thanks for writting and giving out FR. I have been given $$ to buy commercial radius but I haven't since I love FR, I think it has more featurs then the commercial one we looked at so good job!!! Thanks. Is it possible for same NAS-IP to be in multiple huntgroups? I'm not sure. see what I am trying to do is limit access based on NAS-IP address, is there any other way to do this? Limit who's access to what? one more thing, I wrote a dictionay.raritan file, where do I contribute? Mail it to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius client
San [EMAIL PROTECTED] wrote: How do i see if the client sending the message to the server.How do I make untill all of these information show in let say tcpdump. Why use tcpdump? Try reading the documentation that comes with the server. Honestly. It helps a lot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_eap_tls error
John Metcalfe [EMAIL PROTECTED] wrote: What file. Certificate? I have no idea. You didn't post your configs or any additional information, so it's impossible to guess context from no information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius client
Hi Alan, Thanks a lot for your help to explain this to me. oh. generally you do all the accounting and pre-paid stuff and timing of sessions etc on the SERVER. all the required bits are already there. various rlm_* modules that can interface nicely to a database backend etc. But I still have this puzzle inside my head :) My scenario is that the client will do some meassurement after it receive access_accept from server. I think I can trigger this by writing shell script when the packet access_accept received. (am i right?) Second question : How do I learn to use the command line to run client? I just using this command to send access_request for user name Maria, # echo User-Name = Maria, User-Password = testing | radclient 10.1.0.76 auth testing123 How do I find other command to start and stop accounting? I think I can use the same command like above just change the auth become acct. But the problem is how do i tell the server that I want to stop the acct session? And for the process interaction that i want to see (between client and server) is for example the case of session timeout. How do i see if the client sending the message to the server.How do I make untill all of these information show in let say tcpdump. you can see the stuff with tcpdump (in the usual way) but there are special filters for RADIUS in ethereal package - which some people prefer to use when looking at the network stuff. you could look at the server end still - since you can see all the into that the server sends and that the server receives. if you have a problem with the network so that packets dont arrive than thats another issue altogether. In the debug out (when i run radiusd -X) it only written Nothing to do. Sleeping until we see a request. ah. if you are ONLY seeing this and yet you are trying to run the radclient on another box...then the packets arent arriving to the server. in this case perhaps there is a firewall in the way (usual suspect and reason). if you have misconfigured the client/server relationship (wrong passphrase etc) then you would see info...and it would tell you! alan I finally make progres so the server send this access-Accept to the client. Sending Access-Accept of id 131 to 10.1.0.15:32768 Framed-Protocol = PPP Session-Timeout = 600 Login-Service = Telnet Idle-Timeout = 360 But why the session-TImeout is not working? I already set this attributes in users file. seems no sign that it works. How do I see if the time already passed, the client will be disconnected from server? Sorry for long questions. I really apreciate if you want to answer them. Have a great weekend San __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sending radius attributes....
Is there any way to send back specific radius attributes based on a sql query? So, say I have a user, and then I want to sernd back a specific attribute based on some other information. Is this a case for a custom module? -Bob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
postgres sql accounting....
Anyone seen this? I'm getting some strange errors from postgres, it's almost as if my queries aren't filled in the whole way. What am I missing? Is my switch just not returning all of the proper accounting info? -Bob --- Walking the entire request list --- Cleaning up request 2 ID 87 with timestamp 43e8bcea Waking up in 2 seconds... rad_recv: Access-Request packet from host 192.168.2.160:1045, id=90, length=70 User-Name = root User-Password = something NAS-IP-Address = 192.168.2.160 NAS-Identifier = HP5304 NAS-Port-Type = Virtual Service-Type = NAS-Prompt-User Processing the authorize section of radiusd.conf modcall: entering group authorize for request 5 modcall[authorize]: module preprocess returns ok for request 5 modcall[authorize]: module chap returns noop for request 5 modcall[authorize]: module mschap returns noop for request 5 rlm_realm: No '@' in User-Name = root, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 5 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 5 users: Matched entry DEFAULT at line 157 modcall[authorize]: module files returns ok for request 5 modcall: group authorize returns ok for request 5 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_unix: [root]: invalid password modcall[authenticate]: module unix returns reject for request 5 modcall: group authenticate returns reject for request 5 auth: Failed to validate the user. Delaying request 5 for 1 seconds Finished request 5 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 88 with timestamp 43e8bcec Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 90 to 192.168.2.160:1045 Waking up in 2 seconds... rad_recv: Accounting-Request packet from host 192.168.2.160:1050, id=91, length=99 Acct-Session-Id = 00070009 Acct-Status-Type = Stop Service-Type = NAS-Prompt-User Acct-Authentic = Local Acct-Delay-Time = 15 NAS-IP-Address = 192.168.2.160 NAS-Identifier = HP5304 Calling-Station-Id = 192.168.2.152 Acct-Terminate-Cause = User-Request Acct-Session-Time = 29 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 6 modcall[preacct]: module preprocess returns noop for request 6 rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.2.160,NAS-IP-Address = 192.168.2.160,Acct-Session-Id = 00070009,' rlm_acct_unique: Acct-Unique-Session-ID = e8b7a55267489b1f. modcall[preacct]: module acct_unique returns ok for request 6 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[preacct]: module suffix returns noop for request 6 modcall[preacct]: module files returns noop for request 6 modcall: group preacct returns ok for request 6 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 6 radius_xlat: '/var/log/radius/radacct/192.168.2.160/detail-20060207' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.2.160/detail-20060207 modcall[accounting]: module detail returns ok for request 6 modcall[accounting]: module unix returns noop for request 6 radius_xlat: '/var/log/radius/radutmp' radius_xlat: '' rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! modcall[accounting]: module radutmp returns noop for request 6 radius_xlat: '' radius_xlat: 'UPDATE radacct ??SET AcctStopTime = (now() - '15'::interval), ??AcctSessionTime = NULLIF('29', '')::bigint, ??AcctInputOctets = (('0'::bigint 32) + '0'::bigint), ??AcctOutputOctets = (('0'::bigint 32) + '0'::bigint), ??AcctTerminateCause = 'User-Request', AcctStopDelay = '15', ??FramedIPAddress = NULLIF('', '')::inet, ConnectInfo_stop = '' ??WHERE AcctSessionId = '00070009' AND UserName = '' ??AND NASIPAddress = '192.168.2.160' AND AcctStopTime IS NULL' radius_xlat: '/var/log/radius/sqltrace.sql' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_postgresql: query: UPDATE radacct ??SET AcctStopTime = (now() - '15'::interval), ??AcctSessionTime = NULLIF('29', '')::bigint, ??AcctInputOctets = (('0'::bigint 32) + '0'::bigint), ??AcctOutputOctets = (('0'::bigint 32) + '0'::bigint), ??AcctTerminateCause = 'User-Request', AcctStopDelay = '15', ??FramedIPAddress = NULLIF('', '')::inet, ConnectInfo_stop = '' ??WHERE AcctSessionId = '00070009'
Re: Radius client
Hi, server. I think I can trigger this by writing shell script when the packet access_accept received. (am i right?) you can do. if the reply conatins whatever string you want... Second question : How do I learn to use the command line to run client? man radclient at the bottom of that man page is a trivial example much like what you are testing with # echo User-Name = Maria, User-Password = testing | radclient 10.1.0.76 auth testing123 How do I find other command to start and stop accounting? I think I can use the same command like above just change the auth become acct. But the problem is how do i tell the server that I want to stop the acct session? attribute types help here. I would recommend reading some detailed material on RADIUS. there are many online resources and FreeRADIUS itself has plentiful documentation Sending Access-Accept of id 131 to 10.1.0.15:32768 Framed-Protocol = PPP Session-Timeout = 600 Login-Service = Telnet Idle-Timeout = 360 But why the session-TImeout is not working? I would guess because you arent dealing with, for example, a NAS or checking the RADIUS status before denying/allowing actions. How do I see if the time already passed, the client will be disconnected from server? ideally you run a full AAA piece of software or control box. without a lot of external wrappers, radclient isnt the all-singing NAS tool that I believe you think it is. the man page also explains what radclient is. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: multiple huntgroup, same NAS-IP
Is it possible for same NAS-IP to be in multiple huntgroups? I'm not sure. No, it will match the first huntgroup it reaches in the huntgroups file. I tried that to. -- Jonathan De Graeve Network/System Administrator Imelda vzw Informatica Dienst 015/50.52.98 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Deleting VLAN information while proxying
Alan DeKok wrote: Phil Mayers [EMAIL PROTECTED] wrote: Alan (DeKok) - is there a quick two-line description of what issues would need to be addressed to run attr_filter in post-auth? If it's easy I'll take a crack at it, as it would simplify our config as well. Port the changes from CVS head, I think. Ha! I ought to have known you'd have done it already. Alan, in case anyone hasn't said it recently - you do an excellent job maintaining this project under difficult conditions. You have my and I suspect many other peoples sincere gratitude, and I can only hope it's as rewarding for you as it is helpful for us. Cheers, Phil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html