Looking for benchmarks
Title: Looking for benchmarks # of transactions per secord, # of concurrent calls in a VoIP system, etc. Shimon Bollinger [EMAIL PROTECTED] 054-530-0515 02/621-8032 There are 10 types of people. Those that understand binary notation, and those that don't. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius, three NAS types and users privileges
Hi My current network is running DSL services (PPPoE), Dial-Up services and VPN services. All NAS devices are Cisco - 7206VXR BRAS for DSL, AS5300 for Dial-Up and Cisco PIX520 for VPN (EasyVPN). Currently all those NASes uses one common FreeRadius (all data is in MySQL). The problem is that DSL user can configure their PPPoE connection as username from Dial-Up user (eg. ppp/ppp) and there will be no rate-limit on his connection (VirtualAccess interface). Silimar problem with VPNs - sometimes we have duplicated login names... Is any way to resolv this issue other than installing 3 FreeRadiuses using different MySQL databases, and different TCP/UDP ports ? I was wondering about class in MySQL database, eg. class = 0 Dialup class = 1 DSL class = 2 VPN class = ... ... And and 'class' varible into USERS and NAS tables. I'm looking for ready solution for above described problem. Robert Hass - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-mysql rpm
Dear FR users I've an enquiry.Please response. I'm using RHEL 4.It has no rlm_mysql.so files and I found that it has no freeradius-mysql rpm either. So, can anyone help me providing the info. that where I find that rpm for redhat linux enterprise 4 to use with freeradius-1.1.2? I'm looking fr ur response soon. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: non-authentication port
Leandro Pereira de Lima e Silva - ViaLink [EMAIL PROTECTED] wrote: I've already set up a sniffer on the machine to check to what port they are sending the packets and it's to 1812. To 1812, or from 1812? That message is printed only when Access-Request packets go to non-1812 ports. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, three NAS types and users privileges
Robert Hass [EMAIL PROTECTED] wrote: The problem is that DSL user can configure their PPPoE connection as username from Dial-Up user (eg. ppp/ppp) and there will be no rate-limit on his connection (VirtualAccess interface). Silimar problem with VPNs - sometimes we have duplicated login names... Duplicate names make it more complicated. If the names were unique. you'd just put the users into different groups. Is any way to resolv this issue other than installing 3 FreeRadiuses using different MySQL databases, and different TCP/UDP ports ? Configure 3 Autz-Type's. (see doc/Autz-Type). Put 3 SQL databases in there, one for each cass of users. In the users file, key off of the Client-IP-Address, and set Autz-Type. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: non-authentication port
Alan, it's going to 1812. As we can see at the log that I posted, it's coming from port 49852. Thanks, Leandro. Alan DeKok escreveu: Leandro Pereira de Lima e Silva - ViaLink [EMAIL PROTECTED] wrote: I've already set up a sniffer on the machine to check to what port they are sending the packets and it's to 1812. To 1812, or from 1812? That message is printed only when Access-Request packets go to non-1812 ports. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Leandro Pereira de Lima e Silva http://www.vialink.com.br/ A verdadeira medida do caráter de um homem é o que ele faria se soubesse que nunca seria descoberto. -- Thomas B. Macaulay - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: non-authentication port
By the way, there is any way of authorizing the other ports (1813 and 1814) to receive auth packets? I tried that with listen directive, but the port was already open so it didn't worked. Thanks, Leandro. Alan DeKok escreveu: Leandro Pereira de Lima e Silva - ViaLink [EMAIL PROTECTED] wrote: I've already set up a sniffer on the machine to check to what port they are sending the packets and it's to 1812. To 1812, or from 1812? That message is printed only when Access-Request packets go to non-1812 ports. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Leandro Pereira de Lima e Silva http://www.vialink.com.br/ A verdadeira medida do caráter de um homem é o que ele faria se soubesse que nunca seria descoberto. -- Thomas B. Macaulay - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, three NAS types and users privileges
Duplicate names make it more complicated. If the names were unique. you'd just put the users into different groups. Can you give me some example ? Becouse different groups gives me only ability to set uniq parameters (like static IP address, QoS). In this case user 'ppp' doesn't have any special abilities. It's just Framed-User which can logon to Dial-Up and also DSL (PPPoE)... using different MySQL databases, and different TCP/UDP ports ? Configure 3 Autz-Type's. (see doc/Autz-Type). Put 3 SQL databases in there, one for each cass of users. In the users file, key off of the Client-IP-Address, and set Autz-Type. Thanks, I will check this out. Robert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help
Hello i am trying to put my freeradius server to work as follows i need a group of user let say group A i need they can connect 1 hour daily and 25 hours mounthly with a session-timeout of 30 minutes second group of user let say group B with 50 hours mounthly and no daily limit and another group without any limits I know probably this is realy easy to do but i am trying to understand how freeradius works i will like to know if any one knows a realy good handbook of freeradius Thank in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help
Hello i am trying to put my freeradius server to work as follows i need a group of user let say group A i need they can connect 1 hour daily and 25 hours mounthly with a session-timeout of 30 minutes second group of user let say group B with 50 hours mounthly and no daily limit and another group without any limits I know probably this is realy easy to do but i am trying to understand how freeradius works i will like to know if any one knows a realy good handbook of freeradius Thank in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: non-authentication port
Leandro Pereira de Lima e Silva - ViaLink [EMAIL PROTECTED] wrote: Alan, it's going to 1812. As we can see at the log that I posted, it's coming from port 49852. OK. I've never seen that problem before, so I'm not sure what to say. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, three NAS types and users privileges
Robert Hass [EMAIL PROTECTED] wrote: Can you give me some example ? Becouse different groups gives me only ability to set uniq parameters (like static IP address, QoS). In this case user 'ppp' doesn't have any special abilities. It's just Framed-User which can logon to Dial-Up and also DSL (PPPoE)... I have no idea what you mean by that. You're seem to be referring to some special local configuration that you haven't described. ALan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius, three NAS types and users privileges
I don't know how those equipments are configured, but can you configure them to send some special attribute to radius? If your DSL device sends something like Connect-Info == DSL, so you can put Connect-Info == DSL to the users in DSL group in radgroupcheck table. Have I made myself clear? The idea is making radius to check if the user that is in group dsl (or dial-up, or vpn) has the attribute relative to his group. Best regards, Leandro. Robert Hass escreveu: Hi My current network is running DSL services (PPPoE), Dial-Up services and VPN services. All NAS devices are Cisco - 7206VXR BRAS for DSL, AS5300 for Dial-Up and Cisco PIX520 for VPN (EasyVPN). Currently all those NASes uses one common FreeRadius (all data is in MySQL). The problem is that DSL user can configure their PPPoE connection as username from Dial-Up user (eg. ppp/ppp) and there will be no rate-limit on his connection (VirtualAccess interface). Silimar problem with VPNs - sometimes we have duplicated login names... Is any way to resolv this issue other than installing 3 FreeRadiuses using different MySQL databases, and different TCP/UDP ports ? I was wondering about class in MySQL database, eg. class = 0 Dialup class = 1 DSL class = 2 VPN class = ... ... And and 'class' varible into USERS and NAS tables. I'm looking for ready solution for above described problem. Robert Hass - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Leandro Pereira de Lima e Silva http://www.vialink.com.br/ A verdadeira medida do caráter de um homem é o que ele faria se soubesse que nunca seria descoberto. -- Thomas B. Macaulay - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Assigning Vlan
I want to assign vlan base on ldap group and this is
my setup. I have multiple instances of ldap in the
module section.
ldap ldap1{
}
ldap ldap2{
}
l
authorize {
Autz-Type LDAP1{
ldap_ldap1
}
Autz-Type LDAP2{
ldap_ldap2
}
}
To assign vlan, in the users file I have
DEFAULT ldap_ldap1-Ldap-Group == xx, Autz-Type :=
LDAP1, Auth-Type := LDAP1
Fall-Through = No,
Reply-Message = Active D
DEFAULT ldap_ldap2-Ldap-Group == people, Autz-Type
:= LDAP2, Auth-Type = LDAP2
Fall-Through = No,
Reply-Message = LDAP
When I run radius in debug mode, I saw that it found
the ldap group rlm_ldap: Entering ldap_groupcmp()
and it successfully bind to ldap. However, when
searching for group, I am getting these errors
rlm_ldap::ldap_groupcmp: Group not found or user is
not a member.
rlm_ldap: object not found or got ambiguous search
result. Am I getting this error because the
groupmembership filter is incorrect? Anyone knows
what the problem is?
--- fvt3 [EMAIL PROTECTED] wrote:
Hi,
How do I assign vlan base on authentication method.
Say if user is authenticated from ldap1 assign
vlan1,
if user is authenticated from ldap2 assign vlan2.
How
do I configure radius to do this?
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius-mysql rpm
It's on the one of cds I can't remember which one which version are you using? Dvd or cds? Just look through the cds. I actually saw it this week while looking for it to make a package for a cobalt RaQ550 box. It has the mysql rpm too. I'll try see which cd it's on when I get home. Hope this helped -Original Message- From: Abul Monsur Mannan [mailto:[EMAIL PROTECTED] Sent: 18 June 2006 14:56 To: FreeRadius users mailing list Subject: freeradius-mysql rpm Dear FR users I've an enquiry.Please response. I'm using RHEL 4.It has no rlm_mysql.so files and I found that it has no freeradius-mysql rpm either. So, can anyone help me providing the info. that where I find that rpm for redhat linux enterprise 4 to use with freeradius-1.1.2? I'm looking fr ur response soon. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: non-authentication port
Alan, thank you very much for your help. I saw in sniffer packets going to 1812 and 1813, so I presumed that auth and acct ports were correct. Today I modified freeradius source to show me the destination port in the error and got a little surprise. They were sending auth to 1813 and acct to 1812. To bypass this problem I set port = 1234 and used listen directive to open 1812 to acct and 1813 to auth. I will make a request for them (to my dial-up backbone) to correct the port in NAS. I will send my little patch to freeradius too, this little new information in log ended up helping a lot. Best regards, Leando. Alan DeKok escreveu: Leandro Pereira de Lima e Silva - ViaLink [EMAIL PROTECTED] wrote: Alan, it's going to 1812. As we can see at the log that I posted, it's coming from port 49852. OK. I've never seen that problem before, so I'm not sure what to say. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Leandro Pereira de Lima e Silva http://www.vialink.com.br/ A verdadeira medida do caráter de um homem é o que ele faria se soubesse que nunca seria descoberto. -- Thomas B. Macaulay - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
