Re: Stops working all of a sudden
On 5/5/07, Matt Neumark <[EMAIL PROTECTED]> wrote: > I have a radius server and it works great for days upon days then all of a > sudden it stops authenticating users… > > > > Sat May 5 00:17:07 2007 : Error: rlm_sql_mysql: Couldn't connect socket to > MySQL server [EMAIL PROTECTED]:freeradius > > Sat May 5 00:17:07 2007 : Error: rlm_sql_mysql: Mysql error 'Lost > connection to MySQL server during query' > > Sat May 5 00:17:07 2007 : Error: rlm_sql (sql): Failed to connect DB handle > #1 > > Sat May 5 00:17:07 2007 : Error: rlm_sql (sql): reconnect failed, database > down? sorry about the silly question, but.. have you tried connecting to the SQL server during one of the incidents? did it work for you? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication with Novell 802.1x client fails butWinXP supplicant works fine ?
Marc Charbonneau wrote: > Hi, > I had truncated the log. Here's more of it (still truncated because of No need to email me directly. I'm on the list. > list limit). > It's probably stuck in a re-iterative process, visible in this log, but > I wouldn't be able to spot where it starts and finishes. As I said in my original email, it looks like it stops with FreeRadius issuing an Access-Challenge, and the Novell supplicant stops responding (for at least 6 seconds). Presumably it then drops the link and tries again. If your server works with the native XP supplicant then you've probably got everything configured (the XP supplicant is pretty picky) and there's probably little you can do - you will need to debug the Novell supplicant. I've never used it, so can't advise you how to go about doing that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pam_mysql
Hi, I'm trying to get freeradius 1.1.6 (debian) to work with pam_mysql Why? you may ask, as freeradius already supports mysql. Well I have my reasons. The first being that I have already got an authentication backend setup using mysql that I'm using for among other things samba and email access, it uses mysql 5 crypted passwords which freeradius does not support. The really odd thing is that freeradius just comes back with access denied. I'm have tried running as root, but it makes no difference. I wondered if it was cheating and looking directly at the shadow file, but the source code does not mention it. Both exim and cyrus-saslauthd have no problems with authenticating users using the exact same pam.d config files, yet freeradius just sits there giving access denied messages. Apex:/etc/pam.d# ps aux |grep radius root 5849 0.1 0.1 3808 2484 pts/7S+ 20:12 0:00 freeradius -AXxx root 5857 0.0 0.0 1736 544 pts/2S+ 20:13 0:00 grep radius root 11478 0.0 0.0 3112 576 pts/8S16:11 0:00 /usr/sbin/radiusd -b -p 1645 Sun May 6 20:12:08 2007 : Debug: auth: type "PAM" Sun May 6 20:12:08 2007 : Debug: Processing the authenticate section of radiusd.conf Sun May 6 20:12:08 2007 : Debug: modcall: entering group authenticate for request 0 Sun May 6 20:12:08 2007 : Debug: modsingle[authenticate]: calling pam (rlm_pam) for request 0 Sun May 6 20:12:08 2007 : Debug: pam_pass: using pamauth string for pam.conf lookup Sun May 6 20:12:08 2007 : Debug: pam_pass: function pam_authenticate FAILED for . Reason: Permission denied Sun May 6 20:12:08 2007 : Debug: modsingle[authenticate]: returned from pam (rlm_pam) for request 0 Sun May 6 20:12:08 2007 : Debug: modcall[authenticate]: module "pam" returns reject for request 0 Sun May 6 20:12:08 2007 : Debug: modcall: leaving group authenticate (returns reject) for request 0 Sun May 6 20:12:08 2007 : Debug: auth: Failed to validate the user. Any ideas? Regards Jon Westgate (Oryn) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dyndns.org domain in Clients.conf
Hello black, Friday, May 04, 2007, 12:18:00 PM, you wrote: black devils> Hi, black devils> I have created one hotspot with a openwrt router and chillispot. I use a black devils> remote server radius (freeradius) for authenticate users of hotspot. Move your clients.conf to SQL database. You can use the dyndns settings of the openwrt router to send the IP address to your own server (choose "custom" on your dyndns configuration). On your server, have a script to parse the info, update the database with the new IP address and (this is the hardest thing :) restart FR to learn the IP. Cheers, Claudiu FILIP Globtel Internet @: [EMAIL PROTECTED] Http://www.globtel.ro - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR with MySQL - Stored Procedures
Despite that several people reported that their FreeRadius 1.x installation
is working fine with MySQL Stored Procedures, I run into quite some
problems.
Here my environment:
- CentOS 4.4 on Xen Server 3.1
- FreeRadius 1.1.6
- MySQL 5.0.37 Community Edition with INNODB Tables
I used a very simple stored procedure to track down the problem:
---
DELIMITER //
DROP PROCEDURE IF EXISTS CheckIt //
CREATE PROCEDURE CheckIt ()
BEGIN
SELECT 12345;
END//
---
This routine will always return the value 12345.
Anyhow, when I called this procedure from FreeRadius I always go an error:
"PROCEDURE myDB.CheckIt can't return a result set in the given context"
-
Sun May 6 07:23:10 2007 : Debug: rlm_sql_mysql: query: CALL CheckIt()
Sun May 6 07:23:10 2007 : Debug: rlm_sql_mysql: MYSQL check_error: 1312
received
Sun May 6 07:23:10 2007 : Error: rlm_sql (sql): database query error, CALL
CheckIt(): PROCEDURE myDB.CheckIt can't return a result set in the given
context
-
I then tried to call the same function via a PHP script (w/o FreeRadius
involved) and run into the same problem.
Then I found the information that it is required for MySQL Stored Procedures
to function
the client_flag 'CLIENT_MULTI_STATEMENTS' (refer to mysql.h) has to be added
to the mysql_real_connect call.
After adding it to the call within PHP all worked fine.
Then I added the flag to
freeradius-1.1.6/src/modules/rlm_sql/drivers/rlm_sql_mysql/sql_mysql.c :
-
if (!(mysql_sock->sock = mysql_real_connect(&(mysql_sock->conn),
config->sql_server,
config->sql_login,
config->sql_password,
config->sql_db,
atoi(config->sql_port),
NULL,
CLIENT_FOUND_ROWS|CLIENT_MULTI_STATEMENTS))) {
-
./configure; make; make install
Note: CLIENT_MULTI_STATEMENTS automatically also sets CLIENT_MULTI_RESULTS
within MySQL
Started FreeRadius and procedure calls were accepted and results were
correct.
-
Sun May 6 21:29:08 2007 : Debug: rlm_sql_mysql: query: CALL CheckIt()
Sun May 6 21:29:08 2007 : Debug: rlm_sql (sql): - sql_xlat finished
Sun May 6 21:29:08 2007 : Debug: rlm_sql (sql): Released sql socket id: 0
Sun May 6 21:29:08 2007 : Debug: radius_xlat: '12345'
-
A user can now login and things seem to work fine. But then consecutive
MySQL queries started
showing new error results:
-
Sun May 6 21:41:42 2007 : Debug: rlm_sql_mysql: MYSQL check_error: 2014
received
Sun May 6 21:41:42 2007 : Error: rlm_sql (sql): database query error,
: Commands out of sync; you can't run this command
now
-
MySQL seems to track the state of each call and when the order of this state
is incorrect,
MySQL responds with 'CR_COMMANDS_OUT_OF_SYNC' = 'Commands out of sync; you
can't run this command now'.
>From what I found on the net ... "When the result of a statement isn't freed
MySQL gives an error when
trying to process a new query"
Could it be that there is somewhere a 'mysql_free_result' missing?
This is what the MySQL documentation is saying:
B.1.2.13. Commands out of sync
If you get Commands out of sync; you can't run this command now in your
client code, you are calling client functions in the wrong order.
This can happen, for example, if you are using mysql_use_result() and try to
execute a new query before you have called mysql_free_result(). It can also
happen if you try to execute two queries that return data without calling
mysql_use_result() or mysql_store_result() in between.
2.4.16. Upgrading MySQL
If, after an upgrade, you experience problems with recompiled client
programs, such as Commands out of sync or unexpected core dumps, you
probably have used old header or library files when compiling your programs.
In this case, you should check the date for your mysql.h file and
libmysqlclient.a library to verify that they are from the new MySQL
distribution. If not, recompile your programs with the new headers and
libraries.
... Did that ...
When I leave some time between a login/logout/login it works ... Looks like
the MySQL status information
times out after a short while.
Any hints on getting this up and running without changing O/S ? Thanks!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter monthly counter impementation problem
I have the following configuration in my radius.conf file. The counter does
function as such and if the user has utilized the allotted time it will not
allow them to connect.
However I'm looking to see how to also apply it to the session limit.
(IE adjust the session time. If user has a max session defined as 4 hrs but
only has 2 hrs left of the monthly limit then adjust this to have them
dropped automatically once this has been reached)
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
# This query properly handles calls that span from the
# previous reset period into the current period but
# involves more work for the SQL server than those
# below
# The same notes above about the differences between mysql
# versus postgres queries apply here.
query = "SELECT SUM(AcctSessionTime - \
GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
FROM radacct WHERE UserName='%{%k}' AND \
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
How would I implement this to enforce the session time limits?
Cory
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR with MySQL - Stored Procedures
I forgot to mention that the problem I reported previously is actually not 'Stored Procedure' related, but related to the MySQL client_flag 'CLIENT_MULTI_STATEMENTS'. This flag is required to support Stored Procedures and is causing the problem (at least with my operating system (CentOS 4.4)). So no need to create any stored procedures ... just compile FR with CLIENT_MULTI_STATEMENTS in the rlm_sql/drivers/rlm_sql_mysql/sql_mysql.c module. Looking forward using Stored Procedures (no more 253 byte limit for my SQL statements!!!). Gunther - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter monthly counter impementation problem
Dear all
Here I am shareing my Knowledge. for freeradius users. i have
done freeradius-1.1.4 with mysql with cisco VPDN configuration as well as i
have configuraed per user base bandwidth configuration and simultanious user
login configuration i have sharing my configuration for my freeradius users
I have cisco router with this configuration
aaa new-model
!
!
aaa group server radius testing123
server-private 71.5.250.243 auth-port 1812 acct-port 1813 key tulipconnect
ip radius source-interface FastEthernet0/1
deadtime 0
!
aaa authentication login default local group radius group testing123
aaa authentication ppp default group testing123 local
aaa authorization exec default local group radius group testing123
aaa authorization network default group testing123 local
aaa accounting update periodic 1
aaa accounting exec default start-stop group testing123
aaa accounting network default start-stop group testing123
aaa accounting connection default start-stop group testing123
!
_
My all user databases in mysql and simultanius login also in mysql
mysql tables :-
mysql> select * from radcheck;
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | satish | User-Password | := | tulip |
| 2 | priya| User-Password | := | tulip |
++--+---++---+
2 rows in set (0.00 sec)
mysql> select * from radgroupcheck;;
++---+--++---+
| id | GroupName | Attribute| op | Value |
++---+--++---+
| 1 | 64KB | Simultaneous-Use | := | 1 |
| 4 | 128KB | Simultaneous-Use | := | 1 |
++---+--++---+
2 rows in set (0.00 sec)
mysql> select * from radgroupreply;;
++---+-+++--+
| id | GroupName | Attribute | op | Value
| prio |
++---+-+++--+
| 1 | 64KB | Framed-Protocol | = | PPP
|0 |
| 2 | 64KB | Framed-MTU | = | 1400
|0 |
| 3 | 64KB | Service-Type| = | Framed-User
|0 |
| 4 | 128KB | Framed-Protocol | = | PPP
|0 |
| 5 | 128KB | Framed-MTU | = | 1450
|0 |
| 6 | 128KB | Service-Type| = | Framed-User
|0 |
| 7 | 128KB | Cisco-Avpair| = | lcp:interface-config#1=rate-limit
output 128000 1 1 conform-action continue exceed-action drop |0 |
++---+-+++--+
7 rows in set (0.00 sec)
mysql> select * from usergroup;
++--+---+
| id | UserName | GroupName |
++--+---+
| 1 | satish | 64KB |
| 3 | priya| 128KB |
++--+---+
2 rows in set (0.00 sec)
Simultanious Login configuration ( edit this file /etc/raddb/sql.conf )
###
# Simultaneous Use Checking Queries
###
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use
checking
# - will be performed by this module instance
# simul_verify_query- query to return details of current
connections for verification
# - Leave blank or commented out to disable
verification step
# - Note that the returned field order should not
be changed.
###
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-
