sqlcounter problem
Dear ALL
I have configure freeradius-1.1.4 version with mysql and my NSA
is cisco with VPDN configuration now i have create user "aaa" in mysql with
this attributes
Max-Daily-Session | := | 1800
my sql counter configuration is
sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sqlcca3
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
now problem is when i login throgh AAA user my user disconnect after 3 min but
when i login again through this user it was login again and disconnnect after 3
min why ??? i want to allow user to access only 3 min per day measn after 3
min completed use not allowd to login again what is the configuration for that
???
Urgent
Satish Patel
System administrator
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disconnect user and clear session
Dear ALL I have usering freeradius version 1.1.4 with mysql it is working fine but i dont know how to kick off user during login time means i want to disconnect user from radius then how to do it and i also have one more problem of session i have disconnected user but whn i use radwho command i give me u r login why ??? how do i clear old session in radwho caz whn i try to reconnect it give me error your are already connected - access denied??? Satish Pate system administrator - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and ssh
Hi All I hope you can help I’m net in the freeradius world and I’m trying to use freeradius as an authentication server for ssh sessions i have the following setup: client --> server (useing pam) --> radius server Under /etc/pam.d I have sshd with the following: # auth required pam_stack.so service auth required pam_radius_auth.so #auth required pam_nologin.soetc #accountrequired pam_stack.so service=system-auth accountrequired pam_radius_auth.so password required pam_stack.so service=system-auth sessionrequired pam_stack.so service=system-auth sessionrequired pam_limits.so sessionoptional pam_console.so . under /etc/raddb server testing123 3 On the client I have the radius server config file Radius server config files: users see the attach Can you please send me an example files foe the radius server or which files need to be change and which params are importuned for my setup Thanks in advance please be advice that the only wat for me to login is to have an entry in the server which i want to skip Zion - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and ssh
Hi, > #accountrequired pam_stack.so service=system-auth > accountrequired pam_radius_auth.so pam_radius_auth doesn't handle accounting. Use a dummy here; I'm not exactly sure how the module is called. THere should be some pam_null.so or pam_ignore.so on your system. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpnIw7128dep.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: One question about Access-Request packet
Hi again,
I set EAP-TLS with cert. - i use that text
http://www.fredprod.com/affiche_howtos.php
but ...
i set in radius.conf
authorize {
files
}
and
authenticate {
eap
}
and in users file
"username-the same what in cert" Auth-Type := EAP
but in debug mode i see:
---
rad_recv: Access-Request packet from host 192.168.1.245:3072, id=0,
length=135
User-Name = "rka"
NAS-IP-Address = 192.168.1.245
Called-Station-Id = "001217694588"
Calling-Station-Id = "0014a41e7112"
NAS-Identifier = "001217694588"
NAS-Port = 61
Framed-MTU = 1400
State = 0x7fb3974e3abaf6925a5284b2338f93a6
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x020400061900
Message-Authenticator = 0xd8e04dc8793f5401249372587b5867df
Thu Jan 18 11:42:51 2007 : Debug: Processing the authorize section of
radiusd.conf
Thu Jan 18 11:42:51 2007 : Debug: modcall: entering group authorize for
request 3
Thu Jan 18 11:42:51 2007 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 3
Thu Jan 18 11:42:51 2007 : Debug: users: Matched entry rka at line 141
Thu Jan 18 11:42:51 2007 : Debug: modsingle[authorize]: returned from
files (rlm_files) for request 3
Thu Jan 18 11:42:51 2007 : Debug: modcall[authorize]: module "files"
returns ok for request 3
Thu Jan 18 11:42:51 2007 : Debug: modcall: leaving group authorize
(returns ok) for request 3
Thu Jan 18 11:42:51 2007 : Debug: rad_check_password: Found Auth-Type EAP
Thu Jan 18 11:42:51 2007 : Debug: auth: type "EAP"
Thu Jan 18 11:42:51 2007 : Debug: Processing the authenticate section
of radiusd.conf
Thu Jan 18 11:42:51 2007 : Debug: modcall: entering group authenticate
for request 3
Thu Jan 18 11:42:51 2007 : Debug: modsingle[authenticate]: calling eap
(rlm_eap) for request 3
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap: Request found, released
from the list
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap: EAP/peap
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap: processing type peap
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_peap: Authenticate
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_tls: processing TLS
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_tls: Received EAP-TLS ACK message
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_tls: ack handshake fragment
handler
Thu Jan 18 11:42:51 2007 : Debug: eaptls_verify returned 1
Thu Jan 18 11:42:51 2007 : Debug: eaptls_process returned 13
Thu Jan 18 11:42:51 2007 : Debug: rlm_eap_peap: EAPTLS_HANDLED
Thu Jan 18 11:42:51 2007 : Debug: modsingle[authenticate]: returned
from eap (rlm_eap) for request 3
Thu Jan 18 11:42:51 2007 : Debug: modcall[authenticate]: module "eap"
returns handled for request 3
Thu Jan 18 11:42:51 2007 : Debug: modcall: leaving group authenticate
(returns handled) for request 3
Sending Access-Challenge of id 0 to 192.168.1.245 port 3072
EAP-Message = 0x010500061900
Message-Authenticator = 0x
State = 0xdaf79644eaea9256a1b9537be3c3f7bc
---
What i must change to be good auth ?
And
How i must set authentication and authorize if i will use that in future
with ldap?
BR,
Rafal Kaminski
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter problem
satish patel wrote:
> Dear ALL
>
> I have configure freeradius-1.1.4 version with mysql and my
> NSA is cisco with VPDN configuration now i have create user "aaa" in
> mysql with this attributes
...
> sqlcounter dailycounter {
> driver = "rlm_sqlcounter"
Where does that line come from? Why is it there?
> counter-name = Daily-Session-Time
> check-name = Max-Daily-Session
> sqlmod-inst = sqlcca3
Where does that line come from? Why is it there?
The default "radiusd.conf" shipped with 1.1.4 has a sample sqlcounter
entry. Please use it as the template.
> now problem is when i login throgh AAA user my user disconnect after 3
> min but when i login again through this user it was login again and
> disconnnect after 3 min why ??? i want to allow user to access only 3
> min per day measn after 3 min completed use not allowd to login again
> what is the configuration for that ???
Did you list dailycounter in the "authorize" section of
"radiusd.conf"? Did you list "sql" in the "accounting" section of
"radiusd.conf"?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter problem
thx for help i got it what u want to say.
I have one more question how do i disconnect user in
freeradius online user ??? and is it possible to bind per users bandwidth with
Cisco-AVpair attributes i have cisco vpdn NAS and i want to limit user
bandwidth restriction thruogh the radius .. is it possible and how do i
configure it
Satish Patel
Alan DeKok <[EMAIL PROTECTED]> wrote: satish patel wrote:
> Dear ALL
>
> I have configure freeradius-1.1.4 version with mysql and my
> NSA is cisco with VPDN configuration now i have create user "aaa" in
> mysql with this attributes
...
> sqlcounter dailycounter {
> driver = "rlm_sqlcounter"
Where does that line come from? Why is it there?
> counter-name = Daily-Session-Time
> check-name = Max-Daily-Session
> sqlmod-inst = sqlcca3
Where does that line come from? Why is it there?
The default "radiusd.conf" shipped with 1.1.4 has a sample sqlcounter
entry. Please use it as the template.
> now problem is when i login throgh AAA user my user disconnect after 3
> min but when i login again through this user it was login again and
> disconnnect after 3 min why ??? i want to allow user to access only 3
> min per day measn after 3 min completed use not allowd to login again
> what is the configuration for that ???
Did you list dailycounter in the "authorize" section of
"radiusd.conf"? Did you list "sql" in the "accounting" section of
"radiusd.conf"?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Feeding an LDAP replyItem to an MS-CHAPv2 ntlm_auth request
Haas Florian wrote: > So, to clarify my original question. What I want is this: > > 1. Put the value of an LDAP attribute (sAMAccountName) into a variable when > the > user is authorized in LDAP. > 2. Access that variable when the user is being authenticated via MS-CHAPv2, > and > put it into the --username argument of ntlm_auth. > > I do understand that this would require registering said variable in > dictionary > and ldap.attrmap. I also understand that I need to set up a proper filter in > the > configuration of the ldap module, for correct authorization of the "user" > that's > being identified by it servicePrincipalName in this case. I have done all > that. > What else would I need, if what I'm trying to do is at all possible? It sounds like that should work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS/seg fault with 4096 bit keys
James Lever wrote: > As soon as I migrate back to 2k keys it again works as expected. > > Can anybody make any suggestions on how to debug this? doc/bugs Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 3Com-User-Access-Level Not Applied
Alexandre Soares wrote: > > Hello Alean, > > I applied below changes in the source valuepair.c present in sr/lib but > the problem still present, do you have other ideia ? Could you please post: a) "users" file entry b) debugging output of what you see (request && response) for a simple request like PAP c) what you expect to see in the response packet. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to send tome clients to the same detail file
Angel L. Mateo wrote: > My problem is that this is working fine for the auth-detail file, but > detail file is still logging individually, without using the > Huntgroup-Name variable. Accounting requests aren't processed through the "huntgroups" file. You'll have to find another way to get the same configuration set up for accounting. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mschap and ldap auth-type together no more working
Hello,
I had a problem with ippool, but it is a NAS problem. I wanted to do
further checks so I upgrade to newer versions:
freeradius 1.0.2-4sarge3 stable (I come from this one)
freeradius 1.1.3-3 testing
freeradius 1.1.2-1bpo1 sarge-backports
Before, I was able to do LDAP or MSCHAP automatically.
I had and entry in users
lalot Auth-Type := ldap
Framed-IP-Address = XXX,
Framed-IP-Netmask = 255.255.255.0,
Fall-Through = Yes
If I put mschap in users, it's working for mschap..
The two new ones have the same problem. That's may ne due to an
incomplete update..
I don't put all the logs:
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=people,dc=xxx,dc=fr, with filter
(uid=lalot)
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding supannaffectation as Pool-Name, value Pharo & op=21
rlm_ldap: Adding ntPassword as NT-Password, value XXX & op=21
rlm_ldap: Adding lmPassword as LM-Password, value XXX & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user lalot authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 11
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module "mschap" returns ok for request 11
modcall: leaving group authorize (returns ok) for request 11
rad_check_password: Found Auth-Type ldap
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 11
and before:
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP'
modcall[authorize]: module "mschap" returns ok for request 2
modcall: group authorize returns ok for request 2
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 2
rlm_mschap: Found LM-Password
rlm_mschap: Found NT-Password
You can notice the diff
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = MS-CHAP'
and then rad_check_password: seems confused..
Any ideas?.
Config:
authorize {
preprocess
files
ldap
#
# If the users are logging in with an MS-CHAP-Challenge
# attribute for authentication, the mschap module will find
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
mschap
}
authenticate {
Auth-Type LDAP {
ldap
}
Auth-Type PAP {
pap
}
Auth-Type MS-CHAP {
mschap
}
}
--
Dominique LALOT
Ingenieur Systeme et Reseaux
http://annuaire.univmed.fr/showuser.php?uid=lalot
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap: Failed to link EAP-Type/peap: rlm_eap_peap.so:
Hi, At first, sorry for my english, (I'm spanish :). I've just installed freeradius, and I would like to use PEAP-MS-CHAP authentication, I've configured needed files, and when I try to start freeradius, with the debug option, y receive this messages: tls: private_key_file = "/ca/key_radius.pem" tls: certificate_file = "/ca/cert_radius.pem" tls: CA_file = "/ca/cacert.pem" tls: private_key_password = "radius" tls: dh_file = "/ca/dh" tls: random_file = "/ca/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" rlm_eap: Loaded and initialized type tls rlm_eap: Failed to link EAP-Type/peap: rlm_eap_peap.so: cannot open shared object file: No such file or directory radiusd.conf[9]: eap: Module instantiation failed. linux:/lib # I don't have too much experience in linux enviroments (this is a Suse Interprise Server 9), and I don't have idea about what is happening. I would need some kind of help, please. Thanks a lot !!! María. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 21, Issue 58
Mike wrote: > All, > When trying to use the "radauth" tool from nagios to monitor > freeradius, I get the following in the freeradius log: > > Error: WARNING: Malformed RADIUS packet from host ... too long (length > 18432 > maximum 4096) > > radtest seems to be ok. has anyone else experienced this or knows > what is wrong? I haven't seen it. I note that 18432 is hex 0x7200. I suspect that the NAGIOS people missed a 'htons()' somewhere, and the field should be 0x0072. Alan, You are exactly correct. Good catch. For mailing list archives, the simplest patch I came up with: /* copy the first 20 bytes of the radius header. this size is static * per RFC. */ radhead->rad_length = htons(radhead->rad_length); memcpy(packet,(char *)radhead,20); radhead->rad_length = ntohs(radhead->rad_length); rad_length is used elsewhere, so this is done to avoid breaking anything else. Thanks for your help! (I wonder how this always worked for xtradius from the same machine?) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mac OS X EAP-TLS with wrong usename kills freeradius when check_cert_cn is set
Hi, We are building freeradius server to authenticate WLAN users with EAP-TLS and EAP-PEAP. EAP-PEAP works great with all tested operating systems, but Mac OS X 802.1X client with EAP-TLS kills freeradius if check_cert_cn is set on and Mac OS X user sends user name which does not match with certificate's common name. Operating system version is 10.4.8 and it runs on Macbook. If Window XP user sets different outer identity than cert's common name freeradius works ok (user gets rejected). We have tested following freeradius server versions on following platforms Freeradius 1.1.1 / SUN Os 5.8 Freeradius 1.1.3 (FC6's rpm) / FC6 Freeradius 1.1.4 (build from source)/ FC6 Freeradius snapshot 20070118 (build from source) / FC6 Freeradius 1.1.4 (build from source) / CentOS 4.4 FC and Centos are using distros default openssl libs etc. Heres some log and debug from CentOS with freerad 1.1.4 http://cc.oulu.fi/~mraisane/tmp/radiusd.txt Any ideas, fixes or workarounds? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Restrict Password from detail file , accounting
I have the new version 1.1.4 up and running. I also have uncommented the
"suppress" stanza in radiusd.conf below. However, in radacct/auth-
files, the password is still showing up..???
Is there something else to do?
Scott
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
.org] On Behalf Of [EMAIL PROTECTED]
Sent: Wednesday, January 10, 2007 3:10 PM
To: FreeRadius users mailing list
Subject: Re: Restrict Password from detail file , accounting
Hi,
> Is there a way to eliminate the password from being written to the
> accounting log files? Either not in clear text or altogether?
which accounting logs?
with the recent versions of FreeRADIUS you can add the following to the
last part of each detail logging stanza
suppress {
User-Password
}
usage of obfuscation is also recommended for, eg MySQL logging. simply
replace the User-Password INSERT with the value of 'password'
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best practices for redundant servers
On Mon 06 Nov 2006 19:38, Aaron Paetznick wrote: > Thanks, this was helpful. I would rather not use LVS. I would prefer > to use the built-in functionality of the NAS to fall back from a primary > to secondary or tertiary auth/accounting servers. > > This whole setup would be far simpler and more robust if I could just do > master-master replication with the MySQL servers. Oh well. master-master = bad-bad Dont even consider it! MySQL's master-master implimentation is completely brain dead and WILL give you corrupt data is a very short time period (It doesn't do ANY locking across the cluster!!!). If you must use Mysql, use Master-Slave replication for as many authorization servers as you wish, but configure only ONE radius server to actually write accounting to the master database and all the others to use radrelay (or radsqlrelay) to get the data to that server Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpLGEtLj19cU.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best practices for redundant servers
Peter Nixon wrote: > If you must use Mysql, use Master-Slave replication for as many authorization > servers as you wish, but configure only ONE radius server to actually write > accounting to the master database and all the others to use radrelay (or > radsqlrelay) to get the data to that server We do something very much like this. We have 2 sql modules setup in the sql.conf file. The authorize section lists sql2 and then sql1 within a failover block and the accounting section only has sql1. MySQL does have a clustering option: http://www.mysql.com/products/database/cluster/ It has been a while since I read up on this, but I think it is fairly complex and requires more than 2 database servers (I could be wrong). In general I think it is overkill for a radius accounting situation. For serious billable accounting you probably want to write to files and then import them into the db (there is a module to help with this). Radius will happily skip queries that take too long or if there are not enough mysql connections available on the accounting side. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 3Com-User-Access-Level Not Applied
Service-Type = Login-User
Login-IP-Host = 192.168.0.30
Calling-Station-Id = "--"
Framed-IP-Address = 192.168.0.118
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: No '@' in User-Name = "asoares", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module "files" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
modcall[authenticate]: module "unix" returns ok for request 0
modcall: leaving group authenticate (returns ok) for request 0
Sending Access-Accept of id 0 to 192.168.0.30 port 5001
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 192.168.0.30:5001, id=0,
length=116
User-Name = "asoares"
NAS-Identifier = "0012a9a173c2"
NAS-Port = 268439553
NAS-Port-Type = Ethernet
Calling-Station-Id = "--"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Session-Id = "1100030123581"
Framed-IP-Address = 192.168.0.118
NAS-IP-Address = 192.168.0.30
Event-Timestamp = "Apr 1 2000 20:58:22 BRT"
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 268439553,Client-IP-Address =
192.168.0.30,NAS-IP-Address = 192.168.0.30,Acct-Session-Id =
"1100030123581",User-Name = "asoares"'
rlm_acct_unique: Acct-Unique-Session-ID = "eb49d1a90caa7493".
modcall[preacct]: module "acct_unique" returns ok for request 1
rlm_realm: No '@' in User-Name = "asoares", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[preacct]: module "suffix" returns noop for request 1
modcall[preacct]: module "files" returns noop for request 1
modcall: leaving group preacct (returns ok) for request 1
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat: '/usr/local/var/log/radius/radacct/192.168.0.30/detail-20070118'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/192.168.0.30/detail-20070118
modcall[accounting]: module "detail" returns ok for request 1
modcall[accounting]: module "unix" returns ok for request 1
radius_xlat: '/usr/local/var/log/radius/radutmp'
radius_xlat: 'asoares'
modcall[accounting]: module "radutmp" returns ok for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 0 to 192.168.0.30 port 5001
Finished request 1
Going to the next request
Cleaning up request 1 ID 0 with timestamp 45b00aa7
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 192.168.0.30:5001, id=1,
length=170
User-Name = "asoares"
NAS-Identifier = "0012a9a173c2"
NAS-Port = 268439553
NAS-Port-Type = Ethernet
Calling-Station-Id = "--"
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Acct-Session-Id = "1100030123581"
Framed-IP-Address = 192.168.0.118
NAS-IP-Address = 192.168.0.30
Event-Timestamp = "Apr 1 2000 20:58:26 BRT"
Acct-Session-Time = 4
Acct-Delay-Time = 1
Acct-Input-Octets = 0
Acct-Input-Packets = 0
Acct-Output-Octets = 0
Acct-Output-Packets = 0
Acct-Input-Gigawords = 0
Acct-Output-Gigawords = 0
Acct-Terminate-Cause = NAS-Error
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 2
modcall[preacct]: module "preprocess" returns noop for request 2
rlm_acct_unique: Hashing 'NAS-Port = 268439553,Client-IP-Address =
192.168.0.30,NAS-IP-Address = 192.168.0.30,Acct-Session-Id =
"1100030123581",User-Name = "asoares"'
rlm_acct_unique: Acct-Unique-Session-ID = "eb49d1a90caa7493".
modcall[preacct]: module "acct_unique" returns ok for request 2
rlm_realm: No '@' in User-Name = "asoares", looking up realm NULL
rlm_realm: No such
Re: Best practices for redundant servers
Dennis Skinner wrote: > For serious billable accounting you probably want to write to files and > then import them into the db (there is a module to help with this). > Radius will happily skip queries that take too long or if there are not > enough mysql connections available on the accounting side. > I remember reading about 'radsqlrelay' that does essentially this. It is also mentioned once in radiusd.conf but subsequent searching has brought up nothing worthwhile. Does anyone remember where there is doccumentation on this? regards Graham Beneke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco-AVpair rate-limit attributes
Dear all i have cisco VPDN with freeradius ( 1.1.4 ) on Suse 10.2 my users connect throgh the xp client useig vpn connection and useing Internet Services but now thing is that i wann restrict user base bandwidth means i want to set bandwidth 64kbps for user1 and 128 kbps for user2 so is it possible through the Cisco-Avpair attributes. i have find lots of document regarding cisco-AVpair attributes then i test it on my network but i dont know it will working or not my test exmple #cat /etc/raddb/users DEFAULT Service-Type := Framed-User Framed-Protocol = PPP, Cisco-Avpair = "lcp:interface-config#1=rate-limit output 512000 1 1 conform-action continue exceed-action drop" This rate-limt use for output what about input what rate-limit direction i use for it and how to verifying is it ok or not Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Suggestion for prepaid services
Dear all, Is there any solutions for prepaid services such as hotspot ? I look thru the mailing list archieve and only found one unanswered question. TIA PD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Best practices for redundant servers
Graham Beneke wrote: > > I remember reading about 'radsqlrelay' that does essentially this. It is > also mentioned once in radiusd.conf but subsequent searching has brought > up nothing worthwhile. > > Does anyone remember where there is doccumentation on this? rlm_sql_log writes the logs scripts/radsqlrelay reads them, and writes them to SQL. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 3Com-User-Access-Level Not Applied
Alexandre Soares wrote: > > the files resquested are attached Please follow instructions. It helps. I didn't ask for the radiusd.conf, or the dictionary files, or the clients.conf, or the naslist for a REASON. They don't help. I asked for one entry from the "users" file, not the whole thing. i.e. Rather than sending me what you've changed, you've sent me copies of files I already had, and forced me to search through other files for your edits. The whole point of my request was to ask *you* to do the work, which would make it easier for me to help you. In any case, the entries with the 3com attributes are wrong. They're not doing what you want because you didn't follow the documentation on how to create a "users" file entry. Please read "man users", and update your entries as per the documentation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Restrict Password from detail file , accounting
Ellis, Scott 1 (N-Comptel Inc.) wrote: > I have the new version 1.1.4 up and running. I also have uncommented the > "suppress" stanza in radiusd.conf below. However, in radacct/auth- > files, the password is still showing up..??? Did you add the "suppress" section to the configuration for *all* of the detail instances you're using? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
