Re: Duplicate requests in a session
If you aplly this change and add this rule, you do the same that freeradius
does to build acctuniqueid attribute and put this attribute as primery key.
> Good question. Does anyone have anything against changing this?
>
> -Peter
>
> On Thu 31 Aug 2006 10:11, Santiago Balaguer GarcÃa wrote:
> > Thanks James, I don't figure out to use primary key solves the problem
of
> > duplicate keys.
> > I had in radacct as primary key <> but now I am going to
have
> > <>.
> >
> > This proble cause a new thread: why radacctid is the primary key of
radacct
> > table instead od acctuniqueid?
I used a slightly different solution in my PostgreSQL implementation :
ALTER TABLE ONLY radacct
ADD CONSTRAINT radacct_unique_session UNIQUE (
username, nasipaddress, nasportid, acctsessionid
);
NOTE: When duplicate records come in you will see errors in the
log file like these :
Fri Jul 7 13:06:47 2006 : Error: rlm_sql (sql): failed after re-connect
Fri Jul 7 13:06:47 2006 : Error: rlm_sql (sql): Couldn't insert SQL
accounting START record - ERROR: duplicate key violates unique
constraint "radacct_unique_session"
These errors are mostly informational, because when the insert
fails, rlm_sql will use the alternate "update" method and will
succeed.
This is the same method I used on a customized Cistron
server I used for over 5 years and had no problems.
For some reason acctuniqueid was not unique in the duplicate
packets, so my initial attempts at using it were unsuccessful.
PostgreSQL can have a primary key that spans multiple
columns, and would look like this {IIRC} :
ALTER TABLE ONLY radacct
ADD CONSTRAINT radacct_pkey_session PRIMARY KEY (
username, nasipaddress, nasportid, acctsessionid
);
I did not use this, because I did not want to significantly change
the default configuration of most of the tables. Once I get a chance
to clean up the admin interface I have been developing I will
likely want to add some changes to the PostgreSQL default schema
that will allow better management without affecting the default
configuration, but since I am not finished I don't want to add
the changes to CVS quite yet.
_
Acepta el reto MSN Premium: Protección para tus hijos en internet.
Descárgalo y pruébalo 2 meses gratis.
http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_proteccioninfantil
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WPA/RADIUS Problems
Hi list, I'm a FreeRADIUS noob, and I've been charged with getting some WiFi APs authenticating against an existing FreeRADIUS server being used for dialup users. I've configured FreeRADIUS as best I can figure from what I've found on the web, but I'm having no success with getting WPA to work. I'm using a D-Link 2100AP access point, and a Mac OS X 10.4 client. From what I can gather it seems that I might have misconfigured FreeRADIUS, based on the error message below. I've configured a test user as follows: pants Auth-Type := Accept Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = 1 The last 3 lines I found in a tutorial on the web, but I'm not sure if they are necessary or not (and commenting them out makes no difference). When I run radtest everything looks OK: $ radtest pants "" localhost 1 XX Sending Access-Request of id 141 to 127.0.0.1:1812 User-Name = "pants" User-Password = "" NAS-IP-Address = newdeewhy NAS-Port = 1 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=141, length=35 Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "1" When I try to connect from my Mac OS X client I get the following error: And the following appears in the radius.log: Fri Sep 1 15:50:59 2006 : Auth: Login OK: [pants] (from client testap port 1 cli 00-0D-93-86-48-8E) Fri Sep 1 15:51:02 2006 : Error: Authentication reply packet code 2 sent to a non-proxy reply port from client testap:1025 - ID 0 : IGNORED Watching the traffic shows the Access-Accept packet being sent back to the AP, but confusingly the AP sends an Access-Accept back to the RADIUS server! (10.0.0.100 is the AP, 10.0.0.101 is the RADIUS server): # tcpdump -nXi eth1 -s 65535 host 10.0.0.100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes 16:08:43.990613 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x00 length: 193 0x: 4500 00dd 0008 4011 6540 0a00 0064 [EMAIL PROTECTED]@...d 0x0010: 0a00 0065 0403 0714 00c9 0613 0100 00c1 ...e 0x0020: 3daa 0458 77d9 5edd 5149 6230 7717 7c71 =..Xw.^.QIb0w.|q 0x0030: 5012 091d 4b11 cb44 3587 c0cd d27e c929 P...K..D5~.) 0x0040: 2bbd 0606 0002 0108 7061 6e74 7300 +.pants. 0x0050: 0c06 05d0 1e1b 3030 2d31 312d 3935 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 134d ess.Point=.M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0: 3830 322e 3131 674f 0c02 0a01 7061 802.11gO..pa 0x00c0: 6e74 7304 060a 6405 0600 0157 nts.d..W 0x00d0: 0e53 5441 2070 6f72 7420 2320 31 .STA.port.#.1 16:08:43.992271 IP 10.0.0.101.1812 > 10.0.0.100.1027: RADIUS, Access Accept (2), id: 0x00 length: 35 0x: 4500 003f 0015 4000 4011 25d1 0a00 0065 [EMAIL PROTECTED]@. %e 0x0010: 0a00 0064 0714 0403 002b fc7c 0200 0023 ...d. +.|...# 0x0020: a6d5 7da7 33d8 c5a1 b0d4 f206 098f 1394 ..}. 3... 0x0030: 4006 000d 4106 0006 5103 31 @.A.Q.1 16:08:46.987506 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Accept (2), id: 0x00 length: 35 0x: 4500 003f 0009 4011 65dd 0a00 0064 [EMAIL PROTECTED] 0x0010: 0a00 0065 0403 0714 002b 1ab7 0200 0023 ...e. +.# 0x0020: 3daa 0458 77d9 5edd 5149 6230 7717 7c71 =..Xw.^.QIb0w.|q 0x0030: 4006 000d 4106 0006 5103 31 @.A.Q.1 16:08:48.382840 IP 10.0.0.100.1027 > 10.0.0.101.1812: RADIUS, Access Request (1), id: 0x01 length: 193 0x: 4500 00dd 000a 4011 653e 0a00 0064 [EMAIL PROTECTED]>...d 0x0010: 0a00 0065 0403 0714 00c9 bedd 0101 00c1 ...e 0x0020: 0489 1566 53aa 5f00 1842 47e4 38e0 661d ...fS._..BG.8.f. 0x0030: 5012 46a9 7407 9185 bbc4 4d10 7445 1df2 P.F.t.M.tE.. 0x0040: 301d 0606 0002 0108 7061 6e74 7300 0.pants. 0x0050: 0c06 05d0 1e1b 3030 2d31 312d 3935 00-11-95 0x0060: 2d44 422d 3337 2d30 423a 5465 7374 5750 - DB-37-0B:TestWP 0x0070: 411f 1330 302d 3044 2d39 332d 3836 2d34 A.. 00-0D-93-86-4 0x0080: 382d 3845 2015 442d 4c69 6e6b 2041 6363 8-8E..D- Link.Acc 0x0090: 6573 7320 506f 696e 743d 0600 134d ess.Point=.M 0x00a0: 1843 4f4e 4e45 4354 2035 344d 6270 7320 .CONNECT. 54Mbps. 0x00b0:
How to catch the Mc address of the user into radius databases,
Hi Users,please for give in my english, Can anyone let me, How to catch the Mac Address of the user and their public ip , that need to insert in radius database , which we having the radamin adnd dialadmin fro radius adminstrator tools, please help me -- Thanks and Regards with cheersSunkara Ravi Prakash (Voip Developer)Hyperion Technologywww.hyperion-tech.com+91-9985077535 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and SNMP
On Wednesday 30 August 2006 11:09, Michael Schwartzkopff wrote: > Hi, > > thanks to that explanation. But my question was: Why I do get no answer if > I do > snmpwalk (...) localhost enterprises.3317 > > while walking mib-2.67 gives results? > > Michael. The ent.3317 OID is only used to establish the SMUX session with the SNMP daemon. It is never registered with snmpd, which is why you receive no results. -Kevin pgpEsIkqBW2xE.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ascend 16 Bit VSAs
"Alan DeKok" <[EMAIL PROTECTED]> wrote: > Please put a tcpdump or ethereal capture of the Ascend box sending > or receiving 16-bit VSA's on a web site. Email the link here. Odds > are it can be done with just dictionary updates. You know, if the "ascend" 16-bit VSA's are really the Lucent ones, just add the attributes to the lucent dictionary, and it will work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WebDAV HTTP Auth to RADIUS, possible?
"Michael Check" <[EMAIL PROTECTED]> wrote: > [Thu Aug 31 14:28:45 2006] [crit] [client 192.168.2.147] configuration > error: couldn't check user. No user file?: / That's Apache saying it can't authenticate the user, and isn't doing RADIUS. > #AuthAuthoritative Off I think you have to uncomment that. Apache is a bit magic, to be honest. I was never clear on what it was doing or why. It doesn't have the equivalent to FreeRADIUS's "debugging mode", which means my efforts to get apache to work the way I want are limited to random changes and best wishes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ascend 16 Bit VSAs
Adam <[EMAIL PROTECTED]> wrote: > Is there support for 16 bit Ascend VSAs? If so how do I enable and use > them? There is currently no support, because we know nothing about the format of those attributes. Ascend already has 8-bit VSA's, so how does the server work with the 16-bit ones? Please put a tcpdump or ethereal capture of the Ascend box sending or receiving 16-bit VSA's on a web site. Email the link here. Odds are it can be done with just dictionary updates. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disconnect
Sean <[EMAIL PROTECTED]> wrote: > It's a pity that you can't send a disconnect request directly to Radius > for a particular user. As always, patches are welcome. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disconnect
Thanks for the replies. I'd already worked out that I was barking up the wrong tree. I was asked by a client to create a PHP script to disconnect a user. I'll probably use a script to change Expiration or Max-Session and get him to get the NAS to check back to Radius every five minutes. It's a pity that you can't send a disconnect request directly to Radius for a particular user. Anyway, once again thanks for the advice. Regards, Sean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: WebDAV HTTP Auth to RADIUS, possible?
On 8/31/06, Michael Check <[EMAIL PROTECTED]> wrote: WebDAV will allow either Basic or Digest (it uses the same HTTP Auth mechanism that Apache provides) so I think it will work. Even with DAV On, you can have AuthType Basic - so my assumption at this point is that it will work. I'll report back to the list. I'm having difficulty getting Basic authentication done with mod_auth_radius As the docs say, I'm getting an Internal Error 500 with apache when I try to authenticate. The apache error is: [Thu Aug 31 14:28:45 2006] [crit] [client 192.168.2.147] configuration error: couldn't check user. No user file?: / [Thu Aug 31 14:28:45 2006] [crit] [client 192.168.2.147] configuration error: couldn't check user. No user file?: /favicon.ico [Thu Aug 31 14:28:53 2006] [crit] [client 192.168.2.147] configuration error: couldn't check user. No user file?: / Here is the http conf directives used: AddRadiusAuth 127.0.0.1:1812 testing123 5:3 AddRadiusCookieValid 5 AllowOverride None Options None AuthType Basic AuthName "Calendars" #AuthAuthoritative Off AuthRadiusAuthoritative On AuthRadiusCookieValid 5 AuthRadiusActive On require valid-user Running radiusd -X, I do not get any response at the radius server at all when it appears that apache is supposed to send the radius packet. So that leadds me to believe that the apache server does not have an authoritative authentication mechanism like in the docs? Is there something I should be looking for? Any direction you can help with would be great. Thanks! Michael Check - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ascend 16 Bit VSAs
Version: freeradius-1.1.3 I need to be able to send Ascend 16 bit VSAs to my NAS. The two that I need to be able to send are: Ascend-LCP-Keepalive-Period and Ascend-LCP-Keepalive-Missed-Limit. In my "/etc/raddb/dictionary" file I have place the following two lines: ATTRIBUTE Ascend-LCP-Keepalive-Period 321 integer Ascend ATTRIBUTE Ascend-LCP-Keepalive-Missed-Limit 322 integer Ascend When I start Radius I get the following errors: ... read_config_files: reading dictionary Errors reading dictionary: dict_init: /etc/raddb/dictionary[34]: dict_addattr: ATTRIBUTE has invalid number (larger than 255). Is there support for 16 bit Ascend VSAs? If so how do I enable and use them? Thanks Adam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disconnect
You need to send it to your NAS, not FreeRadius. Radius does not disconnect your clients, your NAS does... :) Regards, Chris. - Original Message - From: "Sean" <[EMAIL PROTECTED]> To: Sent: Thursday, August 31, 2006 4:24 PM Subject: Disconnect Hi, Does anyone know how to get disconnect to work with radclient? I can get it to return status but when I try disconnect radiusd -X returns the following:- rad_recv: Disconnect-Request packet from host 127.0.0.1:57181, id=9, length=29 Unknown packet code 40 from client swarm:57181 - ID 9 : IGNORED Any help or hints would be much appreciated. Thanks, Sean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT! Dialupadmin "Could not connect to SQL database"
Ok Peter,It's 10g.But why my test.php worked in cli mode, even without the sqlplus working?Another test, in oracle/functions.php3, I changed the $config[sql_username] for the real username. After doing that, I can see communications with the oracle server with tcpdump, but the pages appears blank... So, it's not totally oracle's fault.Anyway, I'm desperate for fix this!HELP!On 8/31/06, Peter Nixon < [EMAIL PROTECTED]> wrote:We made the changes to dialup_admin to make it work with oracle, however I am afraid you are going to have to solve the problems with your Oracleinstallation yourself.The first thing you need to do is get sqlplus working, then PHP.For your info, we have it working fine with Oracle 10g. If you are running an older version you are on your own :-)CheersPeterOn Thu 31 Aug 2006 17:16, Guilherme Franco wrote:> Hello,>> Yes, I configured it with the option "--with-oci8", and phpinfo() shows > oci8 support as enabled.>> This machine (dialupadmin server) is standalone (oracle in other server and> radius in other).>> I'm trying to use sqlplus from the dialupadmin server but it gives me > either ORA-12546 TNS permission denied or ORA-12514 TNS listener does not> currently know of service requested in connect descriptor.>> I've researched a lot about this problems but found nothing. >> note: (I've read somewhere that oci does not work well with modules, just> with static php links)>> Please help.>> Thank you very much.>> On 8/31/06, Peter Nixon < [EMAIL PROTECTED]> wrote:> > On Thu 31 Aug 2006 16:17, Guilherme Franco wrote:> > > URGENT!> > >> > > Hi,> > > > > > I'm getting this error *Could not connect to SQL database. *in> >> > dialupadmin.> >> > > (using OCI8 with ORACLE)> > > *> > > *Radiusd connects to Oracle without any problems, dialupadmin don't. > >> > Does your PHP module have Oracle support?> >> > --> >> > Peter Nixon> > http://www.peternixon.net/> > PGP Key: http://www.peternixon.net/public.asc> >> >> > -> > List info/subscribe/unsubscribe? See> > http://www.freeradius.org/list/users.html--Peter Nixonhttp://www.peternixon.net/PGP Key: http://www.peternixon.net/public.asc -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disconnect
Sean <[EMAIL PROTECTED]> wrote: > Does anyone know how to get disconnect to work with radclient? I can get > it to return status but when I try disconnect radiusd -X returns the > following:- The server doesn't support Disconnect-Request. And if it did, it would be on a separate port, not 1812. The main problem with Disconnect-Request is that all Access-Accept's have to contain a State attribute. That state has to be unique to the server. That state has to be maintained across server re-starts. The state has to be kept in conjunction with a bunch of other data. And that's not even getting into the reverse proxying nightmare. And that's not even getting into the fact that many NASes don't support Disconnect-Request. For local use of Disconnect-Request, it's easiest to have the server log information to an SQL table, and then query the SQL table for the necessary data, and run radclient using it. Sending the server a Disconnect-Request is probably not that useful... Can I ask what you're trying to do with Disconnect-Request, and why you're sending it to the server? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disconnect
On Thu 31 Aug 2006 17:24, Sean wrote: > Hi, > > Does anyone know how to get disconnect to work with radclient? I can get > it to return status but when I try disconnect radiusd -X returns the > following:- > > rad_recv: Disconnect-Request packet from host 127.0.0.1:57181, id=9, > length=29 > Unknown packet code 40 from client swarm:57181 - ID 9 : IGNORED > > Any help or hints would be much appreciated. Who are you trying to send disconnect to? It appears you are trying to send it to the RADIUS server, not the NAS which will obviously not work :-) -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpZBRGd2rXQJ.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate requests in a session
On Thu, 2006-08-31 at 12:31 +0300, Peter Nixon wrote:
> Good question. Does anyone have anything against changing this?
>
> -Peter
>
> On Thu 31 Aug 2006 10:11, Santiago Balaguer García wrote:
> > Thanks James, I don't figure out to use primary key solves the problem of
> > duplicate keys.
> > I had in radacct as primary key <> but now I am going to have
> > <>.
> >
> > This proble cause a new thread: why radacctid is the primary key of radacct
> > table instead od acctuniqueid?
I used a slightly different solution in my PostgreSQL implementation :
ALTER TABLE ONLY radacct
ADD CONSTRAINT radacct_unique_session UNIQUE (
username, nasipaddress, nasportid, acctsessionid
);
NOTE: When duplicate records come in you will see errors in the
log file like these :
Fri Jul 7 13:06:47 2006 : Error: rlm_sql (sql): failed after re-connect
Fri Jul 7 13:06:47 2006 : Error: rlm_sql (sql): Couldn't insert SQL
accounting START record - ERROR: duplicate key violates unique
constraint "radacct_unique_session"
These errors are mostly informational, because when the insert
fails, rlm_sql will use the alternate "update" method and will
succeed.
This is the same method I used on a customized Cistron
server I used for over 5 years and had no problems.
For some reason acctuniqueid was not unique in the duplicate
packets, so my initial attempts at using it were unsuccessful.
PostgreSQL can have a primary key that spans multiple
columns, and would look like this {IIRC} :
ALTER TABLE ONLY radacct
ADD CONSTRAINT radacct_pkey_session PRIMARY KEY (
username, nasipaddress, nasportid, acctsessionid
);
I did not use this, because I did not want to significantly change
the default configuration of most of the tables. Once I get a chance
to clean up the admin interface I have been developing I will
likely want to add some changes to the PostgreSQL default schema
that will allow better management without affecting the default
configuration, but since I am not finished I don't want to add
the changes to CVS quite yet.
> >
> > >From: James Wakefield <[EMAIL PROTECTED]>
> > >Reply-To: FreeRadius users mailing list
> > >
> > >To: FreeRadius users mailing list
> > >Subject: Re: Duplicate requests in a session
> > >Date: Wed, 30 Aug 2006 22:07:09 +1000
> > >
> > >Santiago Balaguer García wrote:
> > >>Hi people,
> > >>
> > >>1)
> > >> In my activity I realize that when the conexion to Internet of a NAS is
> > >>NOT good (there are some reday in the DSL), the NAS send several Start
> > >>requests. My problen is my RADIUS server ask for all these requests and
> > >>they are inserted in my DB. So, when the user or the NAS finalize the
> > >>session and NAS sends Stop Request, the credit associates to the user
> > >>account is decremented several times. It happens so because I put a
> > >> trgger in my DB to decrement the user credit atomatically.
> > >>
> > >> Can I avoid the problem of inserting several times the start request?
> > >> If it is so, how??
> > >>
> > >>2) Is it supposed that the value of acctsessionid and acctuniqueid in
> > >>radacct table are UNIQUE and they can not be duplicated ?
> > >>
> > >>Thanks,
> > >>Santiago
> > >
> > >Hi Santiago,
> > >
> > >Does your DBMS enforce primary key constraints? Do you have a primary key
> > >defined for your radacct table? If I recall correctly, MySQL by default
> > >doesn't, are you using MySQL?
> > >
> > >Cheers,
> > >--
> > >James Wakefield,
> > >Unix Administrator, Information Technology Services Division
> > >Deakin University, Geelong, Victoria 3217 Australia.
> > >
> > >Phone: 03 5227 8690 International: +61 3 5227 8690
> > >Fax: 03 5227 8866 International: +61 3 5227 8866
> > >E-mail: [EMAIL PROTECTED]
> > >Website: http://www.deakin.edu.au
> > >- List info/subscribe/unsubscribe? See
> > >http://www.freeradius.org/list/users.html
> >
> > _
> > Acepta el reto MSN Premium: Protección para tus hijos en internet.
> > Descárgalo y pruébalo 2 meses gratis.
> > http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_proteccionin
> >fantil
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Guy Fraser
Network Administrator
The Internet Centre
1-888-450-6787
(780)450-6787
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT! Dialupadmin "Could not connect to SQL database"
We made the changes to dialup_admin to make it work with oracle, however I am afraid you are going to have to solve the problems with your Oracle installation yourself. The first thing you need to do is get sqlplus working, then PHP. For your info, we have it working fine with Oracle 10g. If you are running an older version you are on your own :-) Cheers Peter On Thu 31 Aug 2006 17:16, Guilherme Franco wrote: > Hello, > > Yes, I configured it with the option "--with-oci8", and phpinfo() shows > oci8 support as enabled. > > This machine (dialupadmin server) is standalone (oracle in other server and > radius in other). > > I'm trying to use sqlplus from the dialupadmin server but it gives me > either ORA-12546 TNS permission denied or ORA-12514 TNS listener does not > currently know of service requested in connect descriptor. > > I've researched a lot about this problems but found nothing. > > note: (I've read somewhere that oci does not work well with modules, just > with static php links) > > Please help. > > Thank you very much. > > On 8/31/06, Peter Nixon <[EMAIL PROTECTED]> wrote: > > On Thu 31 Aug 2006 16:17, Guilherme Franco wrote: > > > URGENT! > > > > > > Hi, > > > > > > I'm getting this error *Could not connect to SQL database. *in > > > > dialupadmin. > > > > > (using OCI8 with ORACLE) > > > * > > > *Radiusd connects to Oracle without any problems, dialupadmin don't. > > > > Does your PHP module have Oracle support? > > > > -- > > > > Peter Nixon > > http://www.peternixon.net/ > > PGP Key: http://www.peternixon.net/public.asc > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpQELm4ALEsR.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate requests in a session
[EMAIL PROTECTED] wrote: > NOP, the default definition of the acctuniqueid attribute is correct. I don't think you're clear on what is being discussed. > It is more possible that a user connect and disconnect several times in a > same session. No, it is not possible. > I think it is task of the NAS to assign a unique session id to > a user. Yes, and many NASes don't do that. > With acct_unique specification freeradius builds acctuniqueid > attribute. Yes, which is why I wrote the "acct_unique" module. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT! Dialupadmin "Could not connect to SQL database"
Mr. Peter,I did a test right now with the command line "php", for example "php test.php" and it works!test.php is a program I've created to retrieve some tables from the oracle server. (tcpdump in oracle server shows traffic correctly this way) But when I try to open test.php from the apache web page, it states Parse error: syntax error, unexpected '>' in /www/htdocs/test.php on line 10 (then, tcpdump in oracle server shows nothing) I think that the same problem is blocking dialupadmin from connecting with oracle. What might it be?Thanks.On 8/31/06, Guilherme Franco <[EMAIL PROTECTED]> wrote: Hello,Yes, I configured it with the option "--with-oci8", and phpinfo() shows oci8 support as enabled.This machine (dialupadmin server) is standalone (oracle in other server and radius in other). I'm trying to use sqlplus from the dialupadmin server but it gives me either ORA-12546 TNS permission denied or ORA-12514 TNS listener does not currently know of service requested in connect descriptor.I've researched a lot about this problems but found nothing. note: (I've read somewhere that oci does not work well with modules, just with static php links)Please help.Thank you very much. On 8/31/06, Peter Nixon <[EMAIL PROTECTED]> wrote: On Thu 31 Aug 2006 16:17, Guilherme Franco wrote:> URGENT!>> Hi,>> I'm getting this error *Could not connect to SQL database. *in dialupadmin.> (using OCI8 with ORACLE)> * > *Radiusd connects to Oracle without any problems, dialupadmin don't.Does your PHP module have Oracle support?--Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Disconnect
Hi, Does anyone know how to get disconnect to work with radclient? I can get it to return status but when I try disconnect radiusd -X returns the following:- rad_recv: Disconnect-Request packet from host 127.0.0.1:57181, id=9, length=29 Unknown packet code 40 from client swarm:57181 - ID 9 : IGNORED Any help or hints would be much appreciated. Thanks, Sean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT! Dialupadmin "Could not connect to SQL database"
Hello,Yes, I configured it with the option "--with-oci8", and phpinfo() shows oci8 support as enabled.This machine (dialupadmin server) is standalone (oracle in other server and radius in other). I'm trying to use sqlplus from the dialupadmin server but it gives me either ORA-12546 TNS permission denied or ORA-12514 TNS listener does not currently know of service requested in connect descriptor.I've researched a lot about this problems but found nothing. note: (I've read somewhere that oci does not work well with modules, just with static php links)Please help.Thank you very much.On 8/31/06, Peter Nixon <[EMAIL PROTECTED]> wrote: On Thu 31 Aug 2006 16:17, Guilherme Franco wrote:> URGENT!>> Hi,>> I'm getting this error *Could not connect to SQL database. *in dialupadmin.> (using OCI8 with ORACLE)> * > *Radiusd connects to Oracle without any problems, dialupadmin don't.Does your PHP module have Oracle support?--Peter Nixonhttp://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issue with attribute 97 from rfc3162 in users file
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all,
here my summary for this issue:
- - I used FreeRADIUS Version 2.0.0-pre0 (20060830) from CVS
- - Attribute 97 is properly coded and delivered to the asking NAS
- - so if you need all the rfc3162 attributes use the CVS code
thanks for the help and of course for freeradius,
Christian
Christian Hahn wrote:
>>> /usr/local/etc/raddb/users[227]: Parse error (reply) for entry
>>> hextest: unknown attribute type 8
>>> Errors reading /usr/local/etc/raddb/users
>> thsi works with the 2.0pre CVS code.. so theres something not quite
>> right
>> in the 1.1.3 code. and yes, theres no IPV6PREFIX handler in valuepair.c
>> or in the print debugger or full handling in radius.c
> Thanks for the hint, I will try the cvs version and probably check the
> code of the 1.1.3 version.
> Are there any information how mature the 2.0.0-pre0 code is? Is it
> just a development branch for new features or will this be eventually
> the next release train?
>
> best regards,
> Christian
>
>> FreeRADIUS Version 2.0.0-pre0
>
>> dict.c: { "ipv6prefix", PW_TYPE_IPV6PREFIX },
>> print.c:case PW_TYPE_IPV6PREFIX:
>> radius.c: case PW_TYPE_IPV6PREFIX:
>> radius.c: case PW_TYPE_IPV6PREFIX:
>> radius.c: case PW_TYPE_IPV6PREFIX:
>> radius.c: case PW_TYPE_IPV6PREFIX:
>> valuepair.c:case PW_TYPE_IPV6PREFIX:
>> valuepair.c:case PW_TYPE_IPV6PREFIX:
>> valuepair.c:case PW_TYPE_IPV6PREFIX:
>
>
>> FreeRADIUS Version 1.1.3
>
>> dict.c: { "ipv6prefix", PW_TYPE_IPV6PREFIX },
>> radius.c: case PW_TYPE_IPV6PREFIX:
>> radius.c: case PW_TYPE_IPV6PREFIX:
>
>
>> so thats why it isnt working for you
>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
- -
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFE9u4g6kMW7HW8620RAv4fAJ49kZiKXqMsKFpbtAlAmSHrghbM+QCgmsbU
+kZPowN1aWySzEdexIE7vc4=
=0YaX
-END PGP SIGNATURE-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WebDAV HTTP Auth to RADIUS, possible?
On 8/30/06, Alan DeKok <[EMAIL PROTECTED]> wrote: "Michael Check" <[EMAIL PROTECTED]> wrote: > Is it possible to set up an Apache 1.3 server with WebDAV to > authenticate to a freeRADIUS? Unless I'm mistaken, webdav uses HTTP digest for authentication. That makes it difficult. If it's using basic authentication, mod_auth_radius can help. > We're using freeRadius 1.1.0 on OSX.4, successfully authenticatiing > off an Active Directory master. If it's using HTTP digest authentication, then this is impossible. HTTP digest requires the clear-text password, and AD doesn't supply it. Thanks Alan and Samuel. I d/l the mod-auth_radius and got it installed. I haven't successfully gotten it to work, but I haven't spent enough time yet. Task for today. WebDAV will allow either Basic or Digest (it uses the same HTTP Auth mechanism that Apache provides) so I think it will work. Even with DAV On, you can have AuthType Basic - so my assumption at this point is that it will work. I'll report back to the list. Thanks! Michael Check - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT! Dialupadmin "Could not connect to SQL database"
On Thu 31 Aug 2006 16:17, Guilherme Franco wrote: > URGENT! > > Hi, > > I'm getting this error *Could not connect to SQL database. *in dialupadmin. > (using OCI8 with ORACLE) > * > *Radiusd connects to Oracle without any problems, dialupadmin don't. Does your PHP module have Oracle support? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgp3gJXSB7dTB.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter
Guy Fraser wrote: There is also some "documentation" in the config file. Most of that is specifically related to sqlcounter for time based billing I believe this has been discussed many times and there should be some information in the archives. Have you Googled for it? I have indeed - and everything I have come up with has been questions... with no answers. From the mailing list archives as well. Once you figure it out, maybe you wouldn't mind contributing some better documentation for rlm_sqlcounter to the project. I am sure future implementers would appreciate it. I figured last night that I should probably do this in the end - think I'm gonna have to sit with the source and figure out the solution myself. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
URGENT! Dialupadmin "Could not connect to SQL database"
URGENT!Hi,I'm getting this error Could not connect to SQL database. in dialupadmin. (using OCI8 with ORACLE) Radiusd connects to Oracle without any problems, dialupadmin don't.Please help.Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem using radiusMaxBandwidthDown attribute
Hello I need to use the radiusMaxBandwidthDown and radiusMaxBandwidthUp in ldap but RADIUS-LDAPv3.schema doesn't contain those attribute. Could someone tell me where I can take a complete RADIUS-LDAPv3.schema containing these attributes or could someone tell me the scheme about these two attributes so that I can add them in RADIUS-LDAPv3.schema? What I must add in ldap.attrmap? Many thanks to all Best Regards, Luigi _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
acctsessionid is void
Following with my questions, I propose the next question: Is it acceptable that a NAS always sends as a acctsession attribute a null or void value ? Santiago _ Moda para esta temporada. Ponte al día de todas las tendencias. http://www.msn.es/Mujer/moda/default.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate requests in a session
They primary key should be a synthetic field, and not something
derived directly from the packet. Calling it 'acctuniqueid' is
awkward, maybe renaming it to 'radiuskey'?
It can then be used in the SQL queries as
%{Acct-Unique-ID:-%{Acct-Session-id}}, which should be safe for all
configuration.
NOP, the default definition of the acctuniqueid attribute is correct.
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
It is more possible that a user connect and disconnect several times in a
same session. I think it is task of the NAS to assign a unique session id to
a user. With acct_unique specification freeradius builds acctuniqueid
attribute.
This is my reason for the change. Do you agree???
_
Grandes éxitos, superhéroes, imitaciones, cine y TV...
http://es.msn.kiwee.com/ Lo mejor para tu móvil.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous-Use implementation in rlm_python
Hi, I have noticed that more recent rlm_python versions have function bindings for implementing Simultaneous-Use checking in python module. Something like this ... python_init done Module: Loaded python python: mod_instantiate = "pppoe" python: func_instantiate = "instantiate" python: mod_authorize = "pppoe" python: func_authorize = "authorize" python: mod_authenticate = "pppoe" python: func_authenticate = "authenticate" python: mod_preacct = "pppoe" python: func_preacct = "preacct" python: mod_accounting = "pppoe" python: func_accounting = "accounting" python: mod_checksimul = "pppoe" python: func_checksimul = "checksimul" python: mod_detach = "pppoe" python: func_detach = "detach" Module: Instantiated python (PPPoE) ... What should func_checksimul return to signify that user is already logged on / not loged on ? Is it safe to use this feature in production ? Regards, Flamur Rogova - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Short Deployment Platform Questionaire
Zitat von Peter Nixon <[EMAIL PROTECTED]>: > Hi Guys > > In order to bring our documentation up to date, can everyone please take a > few > seconds to report to me (either privately or to the list) what deployment > platform(s) you are running FreeRADIUS on. In particular I am looking for non > Linux/x86 information. > > The more information you can give me the better, but everything helps. I > would > like to know answers to the following questions (In order of importance) > > * What Operating System and Version are you running FreeRADIUS on? Debian Sarge 3.1 (in use) SuSE Linux Enterprise Server 9 (updated by SLES 10, see below) SuSE Linux Enterprise Server 10 OpenSuSE 10.0 (just for testing) Mac OS X 10.4.7 (_not_ Server, for testing only) > * What architecture are you running on (x86, x86_64, Sparc, IA64, PPC etc)? x86 (in use, all Linux systems) PPC (Mac OS X) > * What version of FreeRADIUS do you have in production? 1.1.3 (all updated lately) > * Approximately how many AAA users do you have? ~ 900 users (in use, currently in LDAP) ~ 1200 devices (mac authentication, planned, still testing ...) > * Did you install a vendor package, downloaded package, selfbuilt package or > source install? Debian: selfbuilt package SuSE: selfbuilt package Mac OS X 10.4.7 (not server!): source install > * If you built FreeRADIUS yourself, please list any special > installation/compilation steps you needed to take to make it work on your > platform. Debian and SuSE: worked out of the box Mac OS X 10.4.7 (not server!): the "./configure" script adds a line "INSTALLSTRIP = -s" in "Make.inc" which produces errors (as reported: "Symbol not found: _debug_flag"). Remove the "-s" option solves the problem, another solution is running "./configure --enable-developer". so the following works: # ./configure --enable-developer # make # sudo make install maybe important: i did not build any of the following modules due to missing libraries (did it just for testing and contriubution, its not a productive system; maybe next year ...): any sql-module, unixodbc, rlm_counter, rlm_ippool > > Thanks in Advance from the FreeRADIUS Development Team thanks in return to all developers for their great work and assistance! markus -- Markus Krause email: [EMAIL PROTECTED] Mogli-Soft: Support for Mac OS X, Webmail/Horde, LDAP, RADIUS by order of the Computing Center of the Max-Planck-Institute of Biochemistry Tel.: 089 - 89 40 85 99 Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate requests in a session
Peter Nixon <[EMAIL PROTECTED]> wrote:
> Good question. Does anyone have anything against changing this?
They primary key should be a synthetic field, and not something
derived directly from the packet. Calling it 'acctuniqueid' is
awkward, maybe renaming it to 'radiuskey'?
It can then be used in the SQL queries as
%{Acct-Unique-ID:-%{Acct-Session-id}}, which should be safe for all
configuration.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Generic info rqrd...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I can only answer to question 1) [EMAIL PROTECTED] wrote: > > I need some general info on Free Radius. > > 1)Does it support 64-bit compilers? Yes it compiles on CentOS 4.3 x86_64. I just use the CVS version for some tests and it works. Christian > 2)Does it has support for both Solaris and HP-Unix. > 3)Is it Multi Threaded safe. > > Thanks in advance, > > Ram. > > > > > Tech Mahindra, formerly Mahindra-British Telecom. > > Disclaimer: > > This message and the information contained herein is proprietary and > confidential and subject to the Tech Mahindra policy statement, you may > review at href="http://www.techmahindra.com/Disclaimer.html";>http://www.techmahindra.com/Disclaimer.html > externally and href="http://tim.techmahindra.com/Disclaimer.html";>http://tim.techmahindra.com/Disclaimer.html > internally within Tech Mahindra. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9q7r6kMW7HW8620RAkvsAJ4oaNRjD51cYE+NcGdxO8S0+HaFSQCfTUxx Qd/jgIRQrKwEOgqH8PyiWeQ= =DMlG -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vendor attribute in radius-accept message
Hi. How to configure freeradius to send vendor specif attribute in a radius-accept message based on eap-tls? ___ Mutui a tassi scontati da 30 banche. Richiedi online e risparmia. Servizio gratuito. http://click.libero.it/mutuionline - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.0-pre0 from CVS: Invalid version in module
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alan DeKok wrote: > Christian Hahn <[EMAIL PROTECTED]> wrote: >> I've just compiled the CVS version from 20060830 with >> prefix=/root/bin/freeradius-cvs. When starting radiusd it complains >> that the compiled modules have the wrong version: >> >> - 8< >> radiusd: entering modules setup >> Module: Library search path is /root/bin/freeradius-cvs/lib >> radiusd.conf[1634] Invalid version in module 'rlm_exec' >> Errors setting up modules > > You've installed the CVS version on a box which already had 1.1.3, > and it's picking up the old modules. Those modules are incompatible, > hence the error message. You are right there is a v1.1.3 installed, but I configured the CVS version with completely different prefix and the lib path points only to /root/bin/freeradius-cvs/lib , so I thought this would be enough. I've just got around this by commenting out the user=radiusd and group=radiusd statements in the radiusd.conf. If I start the server with root privileges it don't complains about the modules. But I would not do this longer then for testing purposes. > >> And all the modules in lib are freshly build and installed with the >> server. I have also checked the radiusd.conf for wrong lib paths. > > The only other thing is that maybe it's a 64 bit issue? The CVS > version works fine for me, but I don't run on a 64-bit platform. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE9qyG6kMW7HW8620RAoqGAJ4vUimIvVmSGzsSwb5e3ub1/EtxKwCgzJON AcIqjl5UHZ4Funp/fnzKFcw= =lR4d -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate requests in a session
Good question. Does anyone have anything against changing this? -Peter On Thu 31 Aug 2006 10:11, Santiago Balaguer García wrote: > Thanks James, I don't figure out to use primary key solves the problem of > duplicate keys. > I had in radacct as primary key <> but now I am going to have > <>. > > This proble cause a new thread: why radacctid is the primary key of radacct > table instead od acctuniqueid? > > >From: James Wakefield <[EMAIL PROTECTED]> > >Reply-To: FreeRadius users mailing list > > > >To: FreeRadius users mailing list > >Subject: Re: Duplicate requests in a session > >Date: Wed, 30 Aug 2006 22:07:09 +1000 > > > >Santiago Balaguer García wrote: > >>Hi people, > >> > >>1) > >> In my activity I realize that when the conexion to Internet of a NAS is > >>NOT good (there are some reday in the DSL), the NAS send several Start > >>requests. My problen is my RADIUS server ask for all these requests and > >>they are inserted in my DB. So, when the user or the NAS finalize the > >>session and NAS sends Stop Request, the credit associates to the user > >>account is decremented several times. It happens so because I put a > >> trgger in my DB to decrement the user credit atomatically. > >> > >> Can I avoid the problem of inserting several times the start request? > >> If it is so, how?? > >> > >>2) Is it supposed that the value of acctsessionid and acctuniqueid in > >>radacct table are UNIQUE and they can not be duplicated ? > >> > >>Thanks, > >>Santiago > > > >Hi Santiago, > > > >Does your DBMS enforce primary key constraints? Do you have a primary key > >defined for your radacct table? If I recall correctly, MySQL by default > >doesn't, are you using MySQL? > > > >Cheers, > >-- > >James Wakefield, > >Unix Administrator, Information Technology Services Division > >Deakin University, Geelong, Victoria 3217 Australia. > > > >Phone: 03 5227 8690 International: +61 3 5227 8690 > >Fax: 03 5227 8866 International: +61 3 5227 8866 > >E-mail: [EMAIL PROTECTED] > >Website: http://www.deakin.edu.au > >- List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > _ > Acepta el reto MSN Premium: Protección para tus hijos en internet. > Descárgalo y pruébalo 2 meses gratis. > http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_proteccionin >fantil > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpyzIw2sQxcd.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Short Deployment Platform Questionaire
Hi Guys In order to bring our documentation up to date, can everyone please take a few seconds to report to me (either privately or to the list) what deployment platform(s) you are running FreeRADIUS on. In particular I am looking for non Linux/x86 information. The more information you can give me the better, but everything helps. I would like to know answers to the following questions (In order of importance) * What Operating System and Version are you running FreeRADIUS on? * What architecture are you running on (x86, x86_64, Sparc, IA64, PPC etc)? * What version of FreeRADIUS do you have in production? * Approximately how many AAA users do you have? * Did you install a vendor package, downloaded package, selfbuilt package or source install? * If you built FreeRADIUS yourself, please list any special installation/compilation steps you needed to take to make it work on your platform. Thanks in Advance from the FreeRADIUS Development Team -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpZP28RuS6Ok.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Generic info rqrd...
On Thu 31 Aug 2006 08:16, [EMAIL PROTECTED] wrote: > Hi All, > > I need some general info on Free Radius. > > 1)Does it support 64-bit compilers? http://wiki.freeradius.org/index.php/Platforms > 2)Does it has support for both Solaris and HP-Unix. http://wiki.freeradius.org/index.php/Platforms > 3)Is it Multi Threaded safe. FreeRADIUS is multi-threaded. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpGcasmBkNkk.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: no Client-IP-Address in packet
Mitaine Yoann wrote: > the only problem is that "preprocess" is present in the authorize > section in the radiusd.conf file of the radius server A You should check also the config of the radius server B. And please stop posting with HTML to the mailing list. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: why radacctid is the primary key of radacct table instead of acctuniqueid ?
On 8/31/06, Santiago Balaguer García <[EMAIL PROTECTED]> wrote: why radacctid is the primary key of radacct table instead of acctuniqueid ? accuniqueid is a configurable item (as in might not be present). Furthermore depending on the configuration (see radiusd.conf) it tries to be unique but isn't guaranteed to be so (at least in default setup). regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: certificate issue
On 8/31/06, Kartthik <[EMAIL PROTECTED]> wrote: I ran the CA.all script, before it issues the 2nd certificate i get this error message. Surely i know someone should have faced this issue, could [...] Using configuration from /usr/local/openssl/ssl/openssl.cnf [...] failed to update database TXT_DB error number 2 I suspect the index.txt for the generated CA being not writeable/not present. On rechecking the CA.all script I find it a bit fragile with respect to local environments. As ist would be nice (judging from numerous reports about problems users encounter due to certificate issues) to provide a known (almost always) working set of generation tools, I'm contemplating a few improvements just now. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
why radacctid is the primary key of radacct table instead of acctuniqueid ?
After solving the problem of duplicate registers in radacct, see https://list.xs4all.nl/pipermail/freeradius-users/2006-August/056246.html I have this doubt: why radacctid is the primary key of radacct table instead of acctuniqueid ? This is a way to avoid this problem and the DBMS equally works. Santiago _ Acepta el reto MSN Premium: Protección para tus hijos en internet. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_proteccioninfantil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Difference between Auth-type=System and Auth type=Local
On 8/31/06, ys.hsia <[EMAIL PROTECTED]> wrote: Why ? any \one can help ? Had you followed the advice in the FAQ, http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21 you and perhaps even the readers would perhaps have been able to answer the question. Furthermore the contents of users file do contain information as to those Auth-Types. And to forestall further problems, please keep in mind: http://deployingradius.com/documents/configuration/auth_type.html regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : Re: RE : Re: no Client-IP-Address in packet
Phil Mayers <[EMAIL PROTECTED]> a écrit : Mitaine Yoann wrote:> > */Michael Mitchell <[EMAIL PROTECTED]>/* a écrit :> > Client-IP-Address is an internal freeRADIUS attribute, and is not> defined in the RFC's. Hence it is never proxied to another server.Yes, I am aware of that. I said that, in fact.> > In fact, the "Client-IP-Address" for server B in the example above> would be the address of server A, and not the NAS.> > Exactly, but it would seem that never arrives.> Could you tell me, how to make so that the Client-IP-Address have the > IP address value of server A .Don't remove the preprocess module from authorize.- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.htmlthe only problem is that "preprocess" is present in the authorize section in the radiusd.conf file of the radius server A :authorize { preprocess suffix eap files Autz-Type LDAP { ldap }}so I don't understand when a proxying request arrives, why the server B didn't match the rule in the users file :DEFAULT Huntgroup-Name == "foo", Ldap-Group == "interne", Autz-Type := Ldapwhere foo Client-IP-Address == x.x.x.xthere is perhaps a bug in the version which I use?
Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet !
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS multi clients
Hi, Well, as I have already told you, you should look for information regarding ssl (so, openssl.org is a most prominent starting point), which isn't a freeradius issue and as such is off topic here. In any event, even if it were, to keep pounding this list, because nobody did serve immediately to your needs, is considered not very nice. hth K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Building Freeradius RPM on Redhat ES 4.0
On Wed, Aug 30, 2006 at 06:48:41PM -0400, King, Michael wrote: > I seem to be having the same problem. > > Editing Line 102 allowed the package to build. > > Where did you remove /usr/local/bin from your path? It may be that you don't have to remove it at all, and just changing the order so that /usr/bin appears before /usr/local/bin might do the trick. To view your path : # echo $PATH /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin To change your path : # export PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin:/usr/local/bin" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate requests in a session
Thanks James, I don't figure out to use primary key solves the problem of duplicate keys. I had in radacct as primary key <> but now I am going to have <>. This proble cause a new thread: why radacctid is the primary key of radacct table instead od acctuniqueid? From: James Wakefield <[EMAIL PROTECTED]> Reply-To: FreeRadius users mailing list To: FreeRadius users mailing list Subject: Re: Duplicate requests in a session Date: Wed, 30 Aug 2006 22:07:09 +1000 Santiago Balaguer García wrote: Hi people, 1) In my activity I realize that when the conexion to Internet of a NAS is NOT good (there are some reday in the DSL), the NAS send several Start requests. My problen is my RADIUS server ask for all these requests and they are inserted in my DB. So, when the user or the NAS finalize the session and NAS sends Stop Request, the credit associates to the user account is decremented several times. It happens so because I put a trgger in my DB to decrement the user credit atomatically. Can I avoid the problem of inserting several times the start request? If it is so, how?? 2) Is it supposed that the value of acctsessionid and acctuniqueid in radacct table are UNIQUE and they can not be duplicated ? Thanks, Santiago Hi Santiago, Does your DBMS enforce primary key constraints? Do you have a primary key defined for your radacct table? If I recall correctly, MySQL by default doesn't, are you using MySQL? Cheers, -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Acepta el reto MSN Premium: Protección para tus hijos en internet. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697&DI=1055&HL=Footer_mailsenviados_proteccioninfantil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS multi clients
Matteo Lazzarini wrote: K. Hoercher wrote: On 8/29/06, Lazzarini Matteo <[EMAIL PROTECTED]> wrote: First of all I excuseme for my English. :-( Ah no problem, after it got sorted out. itself correctly to the wlan, authenticated from freeradius whit eap-tls. Now therefore not there are more problems for that it regards the authentication. Grats. So it was just my pessimism to suppose there are still issues. The CA.all script generates me only 1 server, 1 client and 1 root Hm. Ok, those are just provided to be able to check the freeradius setup with respect to eap et al., they are not meant to be a production CA. So I'd suggest looking at openssl.org for further information (looking at the scripts might give you some starting point though). Basically you are to issue (unique) client certs (modelled to the one CA.all gave you) to other users either by acting as your own CA or using some commercial CA. regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I have need of certs for 3 clients, for some tests on freeradius with a sniffer that it capture the input . Therefore I want certs of test the type which already use, generated with the CA.all script. How I can make 3 certs for distinct for the clients? Is it possible to modify CA.all in order to create certs for 1 root, 1 serveur and 3 or more client certs for EAP-TLS (xpextension incuded)? Someone knows gives me of the information also on the guides who can help me? Thousand thanks for all Matteo ;-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Someone knows to give to me of info/help? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
