Re: how to use != == =~ and !~ on multiple keys?
On 10/22/06, Joe Maimon <[EMAIL PROTECTED]> wrote: > I have the following keys in a radius request: > >Cisco-AVPair = "src-codec=g729 g711A64k g711U64k g7231 gsmFR > NS:iLBC-15k2 " >Cisco-AVPair = "dst-codec=g729 " > > When using the != == =~ and !~ conditionals with Cisco-AVPair key, > which one(s) are checked? In the order provided by the order they were written on the check line until there is either a match or none. Joe, Thanks for your answer, but I'm afraid I don't understand what you mean. Can you please clarify or point me to a reference where I can find this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sole remaining configure error [utmpx]
Andrew Long <[EMAIL PROTECTED]> wrote: > Because it's my first build of freeradius and I am just learning. I was > concerned the error might indicate that something may not function in > the final install. Did the "configure" program print out an error? No. Why are you going out of your way to search for errors? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sole remaining configure error [utmpx]
On Sun, 2006-10-22 at 10:56 -0400, Alan DeKok wrote: > Andrew Long <[EMAIL PROTECTED]> wrote: > > Well, I'm on the way to building my first freeradius server and have one > > remaining configure error. Can anyone tell me about this one, how to fix > > it and will it break anything? > ... > > Below is the config.log > > Why? Does "configure" give an error? > > The *normal* config.log process has tons of errors, because it looks > for many things that may not exist. But the "configure" script > catches those errors, and continues with things that do exist. > > Perhaps you could explain why you're worried about the contents of a > log file produced during the "configure" process, instead of looking > at the output (and return status) of "configure". > > Alan DeKok. > -- Because it's my first build of freeradius and I am just learning. I was concerned the error might indicate that something may not function in the final install. Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Support for Sub-TLVs within VSA TLVs
"Santhosh Thodupunoori" <[EMAIL PROTECTED]> wrote: > Does Freeradius have support for Sub-TLVs inside VSA TLVs today? No. > If Freeradius does not currently support sub-attributes, is there a plan to > support this in future? Sure. Send in a patch. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: configure options
>> wouldn't it be useful to publish all configure options ( like modules >> options ) in WIKI ? > > Yes. >> I am trying to build debian packages for my machines >> with only those modules I need. And at the moment I don't have a clue how >>to >> deactivate the modules I don't need. > Many modules don't even have "configure" scripts. The solution is >to either delete the source directory (src/modules/rlm_foo), or to >delete the resulting rlm_foo.so files. I wanted to deactivate mysql module ( rlm_sql ). But since I built debian package, I was able to install only the freeradius and freeradius-ldap which are needed for my setup. Something like this would be sure usefull if it were possible to enable/disable it in configure script. Thank you for your answer Alan ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to use != == =~ and !~ on multiple keys?
Mike wrote: I have the following keys in a radius request: Cisco-AVPair = "src-codec=g729 g711A64k g711U64k g7231 gsmFR NS:iLBC-15k2 " Cisco-AVPair = "dst-codec=g729 " When using the != == =~ and !~ conditionals with Cisco-AVPair key, which one(s) are checked? In the order provided by the order they were written on the check line until there is either a match or none. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: SQLcounter patch - Addition of reply-attribute
> That's really what multiple module are for. Have the sqlcounter
> module return a special return code when the user is over the limit,
> and use module failover to switch on that return code, and run another
> module.
Ok, any idea on the return code to be used?
>
> > - char *counter_name; /* Daily-Session-Time */
> > - char *check_name; /* Max-Daily-Session */
> > - char *key_name; /* User-Name */
> > + char *counter_name; /* Daily-Session-Time */
>
> Why? Gratuitous whitespace changes don't belong in a patch.
My bad, sorry
>
> > - if ((reply_item = pairfind(request->reply->vps,
> > PW_SESSION_TIMEOUT)) != NULL) {
> > + /* if ((reply_item = pairfind(request->reply->vps,
> > PW_SESSION_TIMEOUT)) != NULL) { */
>
> If you're changing code PLEASE do not leave the old code in
> comments. It's confusing, and pointless. CVS will tell you what the
> old code was. This practice is just unnecessary.
This was for internal purposes only. I'll submit the patch in the form
you want it to bugs.freeradius.org. I hope its compatible with the CVS
code.
J.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Decreasing connection time (Session-Timeout)
> Now, how could I subtract the elapsed time from the original Session- > Timeout time? So that the user will, at the next login, only have > 40minutes left. > SQLcounter is the module you need. J. -- Jonathan De Graeve IMELDA vzw Informatica Dienst Network System Engineer [EMAIL PROTECTED] +32(0)15/50.52.98 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sole remaining configure error [utmpx]
Andrew Long <[EMAIL PROTECTED]> wrote: > Well, I'm on the way to building my first freeradius server and have one > remaining configure error. Can anyone tell me about this one, how to fix > it and will it break anything? ... > Below is the config.log Why? Does "configure" give an error? The *normal* config.log process has tons of errors, because it looks for many things that may not exist. But the "configure" script catches those errors, and continues with things that do exist. Perhaps you could explain why you're worried about the contents of a log file produced during the "configure" process, instead of looking at the output (and return status) of "configure". Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure options
"Seferovic Edvin" <[EMAIL PROTECTED]> wrote: > wouldn't it be useful to publish all configure options ( like modules > options ) in WIKI ? Yes. > I am trying to build debian packages for my machines > with only those modules I need. And at the moment I don't have a clue how to > deactivate the modules I don't need. Many modules don't even have "configure" scripts. The solution is to either delete the source directory (src/modules/rlm_foo), or to delete the resulting rlm_foo.so files. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQLcounter patch - Addition of reply-attribute
"Jonathan De Graeve" <[EMAIL PROTECTED]> wrote:
> I just made a patch against 1.1.3 for the SQLcounter module.
Please submit patches on bugs.freeradius.org. It's easier to manage
them that way.
> I'm planning the following additions:
>
> The ability to override the reject behaviour with an accept but adding
> attributes.
>
> For example: if the user has reached his volume limit, accept the user
> but add speed-limitation attributes.
That's really what multiple module are for. Have the sqlcounter
module return a special return code when the user is over the limit,
and use module failover to switch on that return code, and run another
module.
> - char *counter_name; /* Daily-Session-Time */
> - char *check_name; /* Max-Daily-Session */
> - char *key_name; /* User-Name */
> + char *counter_name; /* Daily-Session-Time */
Why? Gratuitous whitespace changes don't belong in a patch.
> - if ((reply_item = pairfind(request->reply->vps,
> PW_SESSION_TIMEOUT)) != NULL) {
> + /* if ((reply_item = pairfind(request->reply->vps,
> PW_SESSION_TIMEOUT)) != NULL) { */
If you're changing code PLEASE do not leave the old code in
comments. It's confusing, and pointless. CVS will tell you what the
old code was. This practice is just unnecessary.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authenicate internet access through MACs
Hi Ive got a debian router and a switch through which I provide internet access to some of the residents of my building...I want to implement a mechanism so that only the computers I specify can access the Internet...I could do it through squid but if I do so it would allow me only to restrict traffic going through port 80 what about Internet applications that use other ports such as ftp, smtp, yahoo and msn. I want to use a mechanism that allows me to authenicate PCs based on mac address and only those computers are allowed to access the internet. One particular solution could be blocking all access to the router unless the request have the source mac from an authorised PC..but I would prefer another approach if available...since Iam not going to operate the router..and the firewall script was written using VIM and the oprerator needs a web interface to operate the router. I ve got a freeradius server setup and running on the router with the dialup admin interface..I have done this setup previoulsy with pppoe and freeradius. I can not use pppoe this time..so I would like to know if there is a mechanism that allows me to redirect all the requests coming to the router through radius and access is granted upon the authenication info found in the radius database. I use to do that by loading radius.so each time a request to the pppoe server is made by including radius.so in the pppoe.options file..but I have no clue on how to do it this time. Any suggestions are welcome -- With Regards Ali Jawad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authenicate internet access through MACs
Hi Ive got a debian router and a switch through which I provide internet access to some of the residents of my building...I want to implement a mechanism so that only the computers I specify can access the Internet...I could do it through squid but if I do so it would allow me only to restrict traffic going through port 80 what about Internet applications that use other ports such as ftp, smtp, yahoo and msn. I want to use a mechanism that allows me to authenicate PCs based on mac address and only those computers are allowed to access the internet. One particular solution could be blocking all access to the router unless the request have the source mac from an authorised PC..but I would prefer another approach if available...since Iam not going to operate the router..and the firewall script was written using VIM and the oprerator needs a web interface to operate the router. I ve got a freeradius server setup and running on the router with the dialup admin interface..I have done this setup previoulsy with pppoe and freeradius. I can not use pppoe this time..so I would like to know if there is a mechanism that allows me to redirect all the requests coming to the router through radius and access is granted upon the authenication info found in the radius database. I use to do that by loading radius.so each time a request to the pppoe server is made by including radius.so in the pppoe.options file..but I have no clue on how to do it this time. Any suggestions are welcome -- With Regards Ali Jawad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Decreasing connection time (Session-Timeout)
Hello, I have a wisp solution working with mysql+freeradius and chillispot (ver 1.1) working pretty well together (bandwdth limit, user/password, connection time, etc.). But… there’s one more thing I need… Lets say a user has 1 hour of connection time (Session-Timeout := 3600) and stays on the network for 20 minutes than disconnects… Chillispot is informed of this and sends freeradius an “Accounting-Request” message with “Acct-Status-Type=stop” attribute and “Acct-Session-Time=1200” attribute. Now, how could I subtract the elapsed time from the original Session-Timeout time? So that the user will, at the next login, only have 40minutes left. Cheers, mico "The only way to get rid of a temptation is to yield to it." (Oscar Wilde) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radutmp and/or SQL Accounting
Many thanks, this is what happens when i spend my nights toying with things when i should be asleep, i suppose i can just watch the postauth responses for an indication as to who is logged in as my AP requires automatic re-authing every 15 minutes. Thanks for the help pete. On 22/10/2006, at 5:15 PM, Peter Nixon wrote: On Sat 21 Oct 2006 13:25, Matt Harlum wrote: Actually, is anyone able to confirm if the accounting is actually dependant on my hardware? because i'm thinking the RADIUS on my Access Point doesn't support the accounting functions. Yes. Your access point has to SEND you the accounting.. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radutmp and/or SQL Accounting
On Sat 21 Oct 2006 13:25, Matt Harlum wrote: > Actually, is anyone able to confirm if the accounting is actually > dependant on my hardware? because i'm thinking the RADIUS on my > Access Point doesn't support the accounting functions. Yes. Your access point has to SEND you the accounting.. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgp1jtunZHaNB.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
