Re: 2.0.0pre1 not starting when reading NAS from mysql

2007-08-22 Thread A . L . M . Buxey 
Hi,

> I just downloaded the CVS and had a minor quirk with it. Teh daemon
> refuses to start because it does not find the file
> 
> /usr/share/freeradius/dictionary.dhcp
> 
> I commented the respective line in /usr/share/freeradius/dictionary and
> the daemon started. With some search, I found that there is no such file
> in the cvs tree I received.

ah! yes, i forgot to bring this up yesterday. 

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Unlang regular expression string expansion.

2007-08-22 Thread Arran Cudbard-Bell 

Hi,

HP access point with mac authentication.

Sends mac as User-Name in lower case,
Sends mac as Calling-Station-ID in upper case.

Check to see if mac based authentication is being attempted is if 
User-Name == Calling-Station-ID.


As the case differs the two don't match.


if(%{User-Name} =~ /%{Calling-Station-ID}/i){

Doesn't expand %{Calling-Station-ID} , but thats expected.

if(%{User-Name} =~ "/%{Calling-Station-ID}/i"){

Gives error.

Leaves no way to do case insensitive equality checks between strings 
with unlang...


Any chance of expanding regex strings before passing them to the regex 
parser ?

Or == becomes non-strict equality and === becomes strict equality.

Thanks,
Arran

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.0pre1 not starting when reading NAS from mysql

2007-08-22 Thread Roberto Greiner 
Alan DeKok wrote:
> Roberto Greiner wrote:
>> I'm having a problem with 2.0.0pre1.
> 
>   Please use the CVS head.  I think I'll remove 2.0.0pre1 from the web site.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

I just downloaded the CVS and had a minor quirk with it. Teh daemon
refuses to start because it does not find the file

/usr/share/freeradius/dictionary.dhcp

I commented the respective line in /usr/share/freeradius/dictionary and
the daemon started. With some search, I found that there is no such file
in the cvs tree I received.

Note: I compiled/installed using the debian/.deb generation path.

Roberto

PS: Using the CVS version solved another problem I was having, in that
the contents of the mysql table 'radgroupreply' weren't being read.

Thank you very much,

Roberto Greiner


-- 
  -
Marcos Roberto Greiner

   Os otimistas acham que estamos no melhor dos mundos
Os pessimistas tem medo de que isto seja verdade
   Murphy
  -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [OpenSER-Users] Re: Prepaid acounts CDRTool

2007-08-22 Thread Marc LEURENT 
Ok, now it's a true question!
When I start freeradius, it said that it can't find rlm_python.so, but this is 
normal because we added --with-static-modules=python
Do you know how to correct it?

Thanks

rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
radiusd.conf[544] Failed to link to module 'rlm_python': rlm_python.so: cannot 
open shared object file: No such file or directory
radiusd.conf[1884] Unknown module "python".
radiusd.conf[1792] Failed to parse authorize section.
zsh: exit 1 freeradius -X



[EMAIL PROTECTED]:[~mleurent/../freeradius-1.1.3]# ls src/modules/rlm_python
Makefile config.log  configure*prepaid.py   radiusd.py   
rlm_python.c   rlm_python.lo
Makefile.in  config.status*  configure.in  prepaid.sql  radiusd_test.py  
rlm_python.la  rlm_python.o




Marc LEURENT a écrit :
> Oups , I simply forgot the 
> src/modules/rlm_sql/drivers/rlm_sql_mysql/sql_mysql.c patch
> 
> Marc LEURENT a écrit :
>> I have followed your advice, Freeradius is recompiled with rlm_python,
>> byt know, rlm_sql seems to encountered troubles
>> like :
>>
>> rlm_sql (sql): Reserving sql socket id: 2
>> rlm_sql_mysql: MYSQL check_error: 1312 received
>>
>> Any idea of how to repair this?
>> Thanks
>>
>>
>> I have added this in my debian/rules file:
>>
>> modulelist=krb5 ldap sql_mysql sql_iodbc python
>> ...
>> ...
>> ./configure \
>> $(confflags) \
>> --prefix=/usr \
>>  ... \
>> --with-static-modules=python
>>
>>
>>
>> Here is my freeradius debug:
>>
>> rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d 
>> expands to /var/log/freeradius/radacct/127.0.0.1/detail-20070822
>>   modcall[accounting]: module "detail" returns ok for request 5
>>   modcall[accounting]: module "unix" returns noop for request 5
>> radius_xlat:  '/var/log/freeradius/radutmp'
>> radius_xlat:  ''
>>   modcall[accounting]: module "radutmp" returns ok for request 5
>> radius_xlat:  ''
>> radius_xlat:  '  CALL insert_radacct_record( 
>> 'radius', '[EMAIL PROTECTED]',
>> '36afb36cd5c82c34', 'sip:[EMAIL 
>> PROTECTED]:5060=3Buser=3Dphone',
>> 'sip:[EMAIL PROTECTED]:5060=3Buser=3Dphone', '88.191.45.91', 
>> '5060', '2007-08-22 13:59:25',
>>'0', '0', '0', 
>> '0', '', '', '200',
>> 'Sip-Session', '', '',   
>>   '0', '0', '200',
>> 'INVITE', '', 'c0a80101-5766ea7',
>>  'c0a80101-4e8244', '', '',
>>'', 'sip:[EMAIL PROTECTED]:5060=3Buser=3Dphone',  
>>'', '' )'
>> rlm_sql (sql): Reserving sql socket id: 2
>> rlm_sql_mysql: MYSQL check_error: 1312 received
>> rlm_sql (sql): Couldn't insert SQL accounting START record - PROCEDURE 
>> radius.insert_radacct_record can't return a result set in the given context
>> radius_xlat:  ''
>> rlm_sql (sql): Released sql socket id: 2
>>   modcall[accounting]: module "sql" returns ok for request 5
>>
>>
>>
>>
>>
>> Dan-Cristian Bogos a écrit :
>>> Marc,
>>>
>>> I would suggest as first step reading about how  prepaid works in
>>> CDRTool. (see PREPAID.txt in doc folder).
>>>
>>> I personally use freeradius-cdrtool connector
>>> (sourceforge.net/projects/frad-cdrtool), which I have written in
>>> python and which needs rlm_python compiled into freeradius server.
>>>
>>> Have a look on all the info and let me know if u need any additional.
>>>
>>> Cheers,
>>> DanB
>>>
>>> On 8/20/07, Marc LEURENT <[EMAIL PROTECTED]> wrote:
>>>> No...
>>>> Is it possible to do it with openser or is it compulsory to use asterisk?
>>>> What do you use?
>>>>
>>>> Thanks
>>>>
>>>>
>>>> Dan-Cristian Bogos a écrit :
>>>>> Hi there Marc,
>>>>>
>>>>> are you using any application which locks, unlocks the prepaid
>>>>> accounts, and instructs CDRTool to update the user's balance? Are you
>>>>> aware that CDRTool uses separate applications for prepaid and postpaid
>>>>> accounts?
>>>>>
>>>>> DanB
>> ___
>> Users mailing list
>> [EMAIL PROTECTED]
>> http://openser.org/cgi-bin/mailman/listinfo/users
> 
> ___
> Users mailing list
> [EMAIL PROTECTED]
> http://openser.org/cgi-bin/mailman/listinfo/users
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Patch for >1 match in hints file

2007-08-22 Thread Phil Mayers 
All,

I would appreciate comments on:

http://bugs.freeradius.org/show_bug.cgi?id=477

This allows slightly more flexibility. Obviously tricks like this are
obsolete in 2.x but we're not there yet. We'll be running this locally -
I'd very much like it accepted upstream if possible.

Usage would be:

/etc/raddb/hints:

# lookup the machine zone in SQL
DEFAULT
Zone = `%{sql:...}`,
Fall-Through = yes

# strip the leading 3 bytes from MAC addresses
DEFAULT Calling-Station-Id =~ "(..):(..):(..):..:..:.."
Vendor = `%{1}-%{2}-%{3}`

/etc/raddb/eth2name (used in a "passwd" to map Vendor to VendorName):

00-0c-29:virtual-vmware
00-16-3e:virtual-xen

/etc/raddb/users:

# don't send banned vlan to virtual machines
DEFAULT VendorName =~ "virtual.*", Zone == "banned", Auth-Type := Reject

# real machines get a banned vlan as opposed to rejection
DEFAULT Zone == "banned"
Tunnel-Medium-Type = IEEE-802,
Tunnel-Type = VLAN,
Tunnel-Private-Group-Id = `%{sql:...}`

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Nas-Port-Type Attribute

2007-08-22 Thread Alan DeKok 
Amr el-Saeed wrote:
> Hi,
> 
> I put this line in the users file  (  DEFAULT   NAS-Port-Type ==
> "PPPoEoA", Auth-Type = Accept).
> 
> I just want any user with that  NAS-Port-Type to be accepted, but the
> RDAIUS doesn't start at all when i do this !!

  Because that's not a valid value for NAS-Port-Type.

> I know that this Value ( PPPoEoA ) is not a standard  NAS-Port-Type 
> value, but what is the problem ??
> Is there any limitation  on using a non  standard value ??

  Yes.  You can't use values that aren't defined in the dictionaries.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: customise dialup admin

2007-08-22 Thread liran tal 
Hey Kostas,

It's been a while since we talked... in the meanwhile I've done
much progress with
daloRADIUSand it's
pretty mature and stable.

Can we discuss further development?


Regards,
Liran.

On 8/22/07, Kostas Kalevras <[EMAIL PROTECTED]> wrote:
>
> O/H Carl aniams έγραψε:
> >
> > Hi
> > i'm presently using dialup admin for client connexion to the net.
> > but my handicap is the time counter
> Which time counter, there are plenty of them
>
> > . i would like to know if it would be possible
> > to set graphical time counter for a customer
> What do you mean exactly?
>
> > . also is it possible to increase the time limit
> > for a customer that may require an hour more.
> You can increase the time limit by one hour (3600 seconds). See the
> documentation for the counter module as well as the dialupadmin
> configuration files in the config catalog
>
> > if yes how please.
> > thanks
> > --
> > -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
> >
> > ANIAMBOSSOU Carl
> > NIAMS TECHNOLOGIES
> > tel: +229 90 04 08 58 +229 97 48 01 33
> > COTONOU
> > REPUBLIC OF BENIN
> > WEST AFRICA
> > 
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> --
> Kostas Kalevras - Network Operations Center
> National Technical University of Athens
> http://kkalev.wordpress.com
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: customise dialup admin

2007-08-22 Thread Kostas Kalevras 

O/H Carl aniams έγραψε:


Hi
i'm presently using dialup admin for client connexion to the net.
but my handicap is the time counter

Which time counter, there are plenty of them


. i would like to know if it would be possible
to set graphical time counter for a customer

What do you mean exactly?


. also is it possible to increase the time limit
for a customer that may require an hour more.
You can increase the time limit by one hour (3600 seconds). See the 
documentation for the counter module as well as the dialupadmin 
configuration files in the config catalog



if yes how please.
thanks
--
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

ANIAMBOSSOU Carl
NIAMS TECHNOLOGIES
tel: +229 90 04 08 58 +229 97 48 01 33
COTONOU
REPUBLIC OF BENIN
WEST AFRICA


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
Kostas Kalevras - Network Operations Center
National Technical University of Athens
http://kkalev.wordpress.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

strange problem with client certificate

2007-08-22 Thread HBA BOX 
Hello for every one,
   
  I'm using freeradius installed in an linux machine; I have generated my 
certificates (CA, client and cerver ) according to the HOWTO: EAP/TLS setup for 
FreeRADIUS and  windows xp supplicant , until now every thing is ok, i have 
used my certs to secure my wi-fi network  for 14 days after that I'm not able 
to use it again  the radiuse.log file give the following 
   
   
   
  Wed Aug 22 09:16:05 2007 : Info: rlm_eap_tls:  Length Included
Wed Aug 22 09:16:05 2007 : Error: TLS_accept:error in SSLv3 read client 
certi
ficate A
Wed Aug 22 09:16:05 2007 : Info: rlm_eap_tls: Received EAP-TLS ACK message
Wed Aug 22 09:16:05 2007 : Info: rlm_eap_tls: Received EAP-TLS ACK message
   
  when I have cheked my client certificate in windows xp certificate store 
(access using mmc) I have found that my certificate in giving the following 
problem:
   
   
  this certificate is not valide because one of the certificate authority in 
certification path does not appear to be allowed to issue certificates or this 
certificate can not be used as an end -entity certificat.
   
  NB: I have use this certificate for 14 days without any problem.
   
  can any one tell me what can be the problem.
   
  best regards


   
-
 Ne gardez plus qu'une seule adresse mail ! Copiez vos mails vers Yahoo! Mail -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Help me please

2007-08-22 Thread liran tal 
Hey Hyunok,

I'm extensively working on a web management for RADIUS which you
can use as a replacement for dialup admin.

The project is called daloRADIUS and is much more comprehensive than
dialup admin with support for accounting, reports, visual graphs, and
even hotspots management integrated already into it.

I hope you find it useful and you can feel free to
always contact me at [EMAIL PROTECTED]

Website: http://sourceforge.net/projects/daloradius/


Yours,
Liran Tal.



On 8/12/07, hyunok <[EMAIL PROTECTED]> wrote:
>
>  Help me please
>
> My linux box : Fedora core 5
>
> service want   --->  freeradius + mysql + pptpd
>
> My linux box visit  Please
>
> rpm build install  freeradius 1.1.7
> rpm install pptpd  1.3.3
> rpm install mysql 5.0.27
> dialup admin install
> mysql db name --> radius
>
> ssh : vpn.itx.in
>
> user: help123
> passwd:help123
>
> root,mysql passwd  --> help123
>
> dialup admin url : http://vpn.itx.in/dialup/
> passwd --> help123
>
> Thank very much
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: customise dialup admin + daloRADIUS Web Management

2007-08-22 Thread liran tal 
Hey Carl,

I'm extensively working on a web management for RADIUS which you
can use as a replacement for dialup admin.

The project is called daloRADIUS and is much more comprehensive than
dialup admin with support for accounting, reports, visual graphs, and
even hotspots management integrated already into it.

I hope you find it useful and you can feel free to
always contact me at [EMAIL PROTECTED]

Website: http://sourceforge.net/projects/daloradius/


Yours,
Liran Tal.


On 8/21/07, Carl aniams <[EMAIL PROTECTED]> wrote:
>
>
> Hi
>
> i'm presently using dialup admin for client connexion to the net.
> but my handicap is the time counter. i would like to know if it would be
> possible
> to set graphical time counter for a customer . also is it possible to
> increase the time limit
> for a customer that may require an hour more.
> if yes how please.
> thanks
> --
> -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
>
> ANIAMBOSSOU Carl
> NIAMS TECHNOLOGIES
> tel: +229 90 04 08 58   +229 97 48 01 33
> COTONOU
> REPUBLIC OF BENIN
> WEST AFRICA
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Nas-Port-Type Attribute

2007-08-22 Thread Amr el-Saeed 

Hi,

I put this line in the users file  (  DEFAULT   NAS-Port-Type == 
"PPPoEoA", Auth-Type = Accept).


I just want any user with that  NAS-Port-Type to be accepted, but the 
RDAIUS doesn't start at all when i do this !!


I know that this Value ( PPPoEoA ) is not a standard  NAS-Port-Type  
value, but what is the problem ??

Is there any limitation  on using a non  standard value ??

regards,
amr ali
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html