Re: Missing Attributes

[Graham Beneke]

Alan DeKok wrote:


Graham Beneke <[EMAIL PROTECTED]> wrote:
  

  Add it... where?
  
  
The chillispot daemon is not locking the user out once their transfer 
limit has been reached...



  Huh?  You said you added the dictionary, and I asked where.

  Your answer makes no sense, other than as a statement unrelated to
my question.
  


sorry - missunderstood the question... was refering to 'it' from the 
origonal text...
I added the dictionary file in the /etc/freeradius/ directory and then 
added a $include into 'dictionary'
Also tried 'cut-n-pasting' the contents of the additional dictionary to 
'dictionary' and that also made no differnence.



  Did you tell the server to send the attributes in the reply?
  
  

Ok so how do i go about doing that?



  See the "users" file.
  


Correct me if I am wrong - but 'users' is not parsed when i'm using a 
MySQL backend?

Pretty sure I disabled it in my setup.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Freeradius on connection / disconnect run commands

[Michael da Silva Pereira]

Hi,
 
I have currently got 
freeradius setup using a SQL database for authentication and accouting. Is there 
any way I can get freeradius to run a system command every time a new client 
connects and disconnects, also bearing in mind to pass information like username 
and clients ip address as arguments to my program.
 
Thanks
Michael
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need help on PHP and Radius

[raviprakash sunkara]

Hi Guys...I need to integrate php and raadius...Actually i want to  create the  own  user interface on OPENSER.That on PHP 5 is having the radis integration .So i need it...Now  ,  I'm using the  Radius in openser for "
 AAA " purpose only...Now I need to develop  web interface for my application with radius...plz help me on this.-- Thanks and Regards with cheers
Sunkara Ravi Prakash (Voip Developer)Hyperion TechnologyKondapur, Hi-tech city,Hyderabad.www.hyperion-tech.com+91-9985077535
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

pam client ->password change packet problem

[나종현]

pam_radius_auth.c
 
 if (password) {
   get_random_vector(request->vector);
   if (old_password) { /* password change request */
 add_password(request, PW_PASSWORD, password, old_password);
 add_password(request, PW_OLD_PASSWORD, old_password, old_password);
   } else {  /* authentication request */
 add_password(request, PW_PASSWORD, password, server->secret);
   }
 }

Why change secret key?
 
old password -> secret key ??




	
		
	
	
		

		
			
	
	
 ☞ 실시간 메일 알림! 이제 U2에서~  악성코드 무료 치료 기능, SMS 100건 무료 제공!  ☜

			

		
		




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need radius.log as SQL

[Gregory J. Marsh]

I need to completely replace the radius.log file with SQL. 
I need this because I’m running multiple servers and I need the logs in a
single location that can be watched by one helpdesk staffer.  The current
post auth logs only handle accept and reject – I need the complete log. 
For instance, when a shared secret is wrong, I need to know!  My C programming
skills are very rusty so I hope someone has this already so don’t have to
do it myself.  I’m currently using Version 1.1.2.

 

Greg…






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: More documentation on Auth-Type

[Alan DeKok]

"Rohaizam Abu Bakar" <[EMAIL PROTECTED]> wrote:
> I've read the docs about auth-type configuration. And agree that without 
> setting auth-type and leave FR to auto detect it, the auth will work even up 
> to EAP. But sometimes we have to specify auth-type in order to search for 
> different tree in LDAP

  ... which isn't authentication.  You just described searching an
LDAP tree for information.  That's using LDAP for what it was designed
to do best: database lookups.

  Once the information is found in LDAP, the RADIUS server can do
CHAP, MS-CHAP, etc. for authentication.  LDAP servers don't handle
those authentication protocols, so you're stuck with using LDAP for DB
lookups, and RADIUS for authentication.

> normally EAP sequence works OK but when up to comparing password, it will 
> failed. I've reported my problem a few times in mailing list.

  I don't recall seeing that, sorry.  What was the problem?

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: More documentation on Auth-Type

[Rohaizam Abu Bakar]

I've read the docs about auth-type configuration. And agree that without 
setting auth-type and leave FR to auto detect it, the auth will work even up 
to EAP. But sometimes we have to specify auth-type in order to search for 
different tree in LDAP for each services. Even Autz-Type also need to be 
specified but some of the EAP won't work such as EAP-TTLS-PAP.


normally EAP sequence works OK but when up to comparing password, it will 
failed. I've reported my problem a few times in mailing list.


Any comments?

--haizam

- Original Message - 
From: "Alan DeKok" <[EMAIL PROTECTED]>

To: "FreeRadius users mailing list" 
Sent: Friday, August 04, 2006 2:47 AM
Subject: More documentation on Auth-Type



http://deployingradius.com/documents/configuration/auth_type.html

 Many web sites contain all sorts of recommendations about Auth-Type.
This one is correct.

 Alan DeKok.
--
 http://deployingradius.com   - The web site of the book
 http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Missing Attributes

[Alan DeKok]

Graham Beneke <[EMAIL PROTECTED]> wrote:
> >   Add it... where?
> >   
> The chillispot daemon is not locking the user out once their transfer 
> limit has been reached...

  Huh?  You said you added the dictionary, and I asked where.

  Your answer makes no sense, other than as a statement unrelated to
my question.

> >   Did you tell the server to send the attributes in the reply?
> >   
> Ok so how do i go about doing that?

  See the "users" file.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Missing Attributes

[Graham Beneke]

Pls be gently - I'm a noob at radius...

Alan DeKok wrote:

Graham Beneke <[EMAIL PROTECTED]> wrote:
  
I've added the additional Chillispot dictionary that has attributes for 
data volume limiting - but it does not appear to be working.



  Add it... where?
  
The chillispot daemon is not locking the user out once their transfer 
limit has been reached...
  
I did a test radius request from a little win app called RadiusTest and 
it appears that the custom attributes are not been sent in the rad-reply 
packet by the radius server...



  Did you tell the server to send the attributes in the reply?
  

Ok so how do i go about doing that?
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

sqlcounter measuring weird times

[Olivier Cant]

Hi all,

I'm new to freeradius configuration, but I have read trough the 
documentation and ggogled quite a lot about freeradius configuration.  
I'm using freeradius with chillispot to implement an hourly prepaid card 
WiFi service.  Chillispot talks to the radius server with no problem and 
accoutning is properly written into the mysql table radacct.  The 
problem is that chillispot says to the user that he can still connect 
for 4531 hours even when the Max-All-Session attribute for that login 
says 3600 (the total od the corresponding entries in radacct for 
AcctSessionTime gives 5056.  The user can still connect trough the 
captive portal.


Here is my sqlcounter.conf file :

sqlcounter noresetcounter{
   counter-name = Max-All-Session-Time
   check-name = Max-All-Session
   sqlmod-inst = sql
   key = User-Name
   reset = never
   query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE 
UserName='%{%k}'"

}

noresetcounter and sql are in the authorize section
and sql is in the accounting section

Has anyone run into this issue ?

Thanks a lot, sorry if this is a newbie question

Oli

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Missing Attributes

[Alan DeKok]

Graham Beneke <[EMAIL PROTECTED]> wrote:
> I've added the additional Chillispot dictionary that has attributes for 
> data volume limiting - but it does not appear to be working.

  Add it... where?

> I did a test radius request from a little win app called RadiusTest and 
> it appears that the custom attributes are not been sent in the rad-reply 
> packet by the radius server...

  Did you tell the server to send the attributes in the reply?

  There are literally thousands of RADIUS attributes.  You *don't*
want all of them in the reply packet.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Question about RADIUS proxy

[Alan DeKok]

"Ali Majdzadeh" <[EMAIL PROTECTED]> wrote:
> Is it possible to configure a forwarding RADIUS server to broadcast a
> request to all remote RADIUS servers? (I mean, without paying attention to
> athentication realms)

  No.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR-1.1.2 dies with error

[Alexander Serkin]

Laker Netman wrote:

How large a DB is this?  And what type of link is
there between FR and the DB?


It's about 36 million records since april 2005.



Unless there are, literally, (tens of) thousands of
records and/or a *slow* link (think "dial-up") and/or
ancient hardware there should be some reasonable ways
to speed up the DB response.  Archiving of records and
indexing are two that come to mind first.  More
complicated, but effective, would be clustering or
optimization, even review of the DB version
(deprecated?).


I was partially wrong with the environment description. The 
authentication DB is very small (less than 1 records in all the 
tables). It is local on Sun Netra 1120 (2x440MHz) and Oracle 9.2.0.6. It 
serves about 2 to 5 radius requests per second.

And the accounting DB is located on remote server (HP DL380 3GHz,
Red Hat Enterprise with Oracle 10.2.0.1), connected to AAA server via 
100BaseT link (loaded by 1-5%). The accounting process takes up to 25 
requests per second. I suppose this is what bites the radius process 
periodically.




Alan is correct, you are "fixing" (hiding) a symptom,
and I can say from personal experience it *will* bite
you in the butt at some point :)  The worst part of
it, too, will be that the new issue may not be clearly
linkable back to the FR problem you have currently and
you may not remember this piece of the puzzle.


You are definitely right. We'll consider archiving. Indexing is already 
done on all the columns taking part in "where" clauses.

Commenting rad_assert is just a temporary solution.
Just for me to spend weekend with my friends and some beer.
And not to be awaken in the night by damned SMS from dead AAA process :-)

Thanks,
--
Alexander
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Question about RADIUS proxy

[Ali Majdzadeh]

Hi
I am new to freeRADIUS.
I have a question about RADIUS proxies.
Is it possible to configure a forwarding RADIUS server to broadcast a
request to all remote RADIUS servers? (I mean, without paying attention
to athentication realms)

Best Regards
Ali
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Missing Attributes

[Graham Beneke]

I have FreeRadius 1.1 installed on a Ubuntu 6.06 Server Edition.

I have integrated it with MySQL and a PHP admin application called 
phpMyPrepaid

It is serving requests for a ChilliSpot daemon at my hotspot.

I've added the additional Chillispot dictionary that has attributes for 
data volume limiting - but it does not appear to be working.
I did a test radius request from a little win app called RadiusTest and 
it appears that the custom attributes are not been sent in the rad-reply 
packet by the radius server...


As this is my first experience with radius - i have no idea where to 
start looking for where the problem may be.


regards


Graham Beneke
Apolix Internet Services

E-Mail: [EMAIL PROTECTED] 
WEB: www.apolix.co.za 
Cell: 082-432-1873 
Skype: grbeneke 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html