Re: sqlcounters for traffic
Looking at the source of rlm_sqlcounter i saw that when a users tries to
conect at a time close to the next reset time, the value of the
check-item for the next cycle is added to the reply item.
I'd like to avoid this behaviour for **some** of my users. Indeed I want
to use counters to count traffic and **not** time while rlm_sqlcounter
decide it's closed to reset time when check-item - counter (in my case:
bytes) is less than the number of second untill reset time.
Can i disable this behaviour? how?
[EMAIL PROTECTED] a écrit :
> reset parameter controls value of %b.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 9/9/2008, "Alexandre Chapellon" <[EMAIL PROTECTED]> piše:
>
>
>> so what's the use of the reset parameter if th sql query is managing it
>> all by its own?
>>
>> Alexandre Chapellon a écrit :
>>
>>> [EMAIL PROTECTED] a écrit :
>>>
> here is the counter definition:
> sqlcounter bytesQuota {
>counter-name = traffic_quota
>check-name = Max-Traffic
>reply-name = Tmp-Integer-0
>sqlmod-inst = mysqldb
>key = User-Name
>reset = hourly
>query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
> radacct WHERE UserName='%{%k}'"
> }
>
> sounds good to me... what could be the reasn for noreset?
>
>
>
>query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
> radacct WHERE UserName='%{%k}'"
>
>
You need to add to WHERE one of the statements using %b.
>>> Ouch i didn't saw that in the example queries... spank my ...!
>>>
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/usershtml
>>>
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/users.html
>>>
>>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
KLIK IKLAN DAPAT RUPIAH LANGSUNG DI BAYAR KE BANK ANDA
Di Klikrupiah, anda akan mendapatkan uang setiap klik iklan. Prosesnya cukup mudah anda cuma klik iklan dan lihat beberapa detik kemudian uang masuk kesaldo anda. Anda tidak membutuhkan keahlian. Yang anda butuhkan hanya lihat iklan dan klik yang ada di website kami. Anda bisa mengajak teman anda untuk bergabung dengan kami. Pembayaran bisa kapan saja dan akan kami proses lewat Bank BCA dan Mandiri. Mimimal pembayaran Rp50.000. Contoh pendapatan » Anda klik 10 iklan per hari = Rp 1000 » 20 referrals klik 10 iklan per hari = Rp 1 » Pendapatan harian anda = Rp 11000 » Pendapatan mingguan= Rp 77000 » Pendapatan bulanan= Rp 33 » Pendapatan pertahun= Rp 396 Mau Join Klik di sini http://klikrupiah.com/register.php?r=fatriyanto http://indoptc.com/news.php?r=fatriyanto http://gedebux.info/register.php?r=fatriyanto Mau nambah penghasilan lagi klik link di bawah ini terbukti membayar http://wwRe: log incorrect login to mysql A . L . M . Buxey Reply via email to
Re: another 2.1.0 compile error
Greg Woods wrote: > Hopefully the feedback provided from that was useful. Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
reset parameter controls value of %b.
Ivan Kalik
Kalik Informatika ISP
Dana 9/9/2008, "Alexandre Chapellon" <[EMAIL PROTECTED]> piše:
>so what's the use of the reset parameter if th sql query is managing it
>all by its own?
>
>Alexandre Chapellon a écrit :
>>
>>
>> [EMAIL PROTECTED] a écrit :
here is the counter definition:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Tmp-Integer-0
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'"
}
sounds good to me... what could be the reasn for noreset?
>>>
>>>
query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'"
>>>
>>> You need to add to WHERE one of the statements using %b.
>>>
>>
>> Ouch i didn't saw that in the example queries... spank my ...!
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>> -
>>> List info/subscribe/unsubscribe? See
>>> http://www.freeradius.org/list/usershtml
>>>
>>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 22:48 +0100, [EMAIL PROTECTED] wrote: > a nightly tarball, i guess, would be what you would > prefer for this sort of action? What I generally prefer is to wait for a stable release. For my own needs, I could well have done that this time too. But in this case, Alan asked me if I would try building the current pre-release. Since some of the things supposedly fixed were compile problems on systems similar to mine, I went ahead and went through the extra effort. Hopefully the feedback provided from that was useful. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
so what's the use of the reset parameter if th sql query is managing it
all by its own?
Alexandre Chapellon a écrit :
>
>
> [EMAIL PROTECTED] a écrit :
>>> here is the counter definition:
>>> sqlcounter bytesQuota {
>>>counter-name = traffic_quota
>>>check-name = Max-Traffic
>>>reply-name = Tmp-Integer-0
>>>sqlmod-inst = mysqldb
>>>key = User-Name
>>>reset = hourly
>>>query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
>>> radacct WHERE UserName='%{%k}'"
>>> }
>>>
>>> sounds good to me... what could be the reasn for noreset?
>>>
>>>
>>
>>
>>>query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
>>> radacct WHERE UserName='%{%k}'"
>>>
>>
>> You need to add to WHERE one of the statements using %b.
>>
>
> Ouch i didn't saw that in the example queries... spank my ...!
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
[EMAIL PROTECTED] a écrit :
>> here is the counter definition:
>> sqlcounter bytesQuota {
>>counter-name = traffic_quota
>>check-name = Max-Traffic
>>reply-name = Tmp-Integer-0
>>sqlmod-inst = mysqldb
>>key = User-Name
>>reset = hourly
>>query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
>> radacct WHERE UserName='%{%k}'"
>> }
>>
>> sounds good to me... what could be the reasn for noreset?
>>
>>
>
>
>>query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
>> radacct WHERE UserName='%{%k}'"
>>
>
> You need to add to WHERE one of the statements using %b.
>
Ouch i didn't saw that in the example queries... spank my ...!
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
>here is the counter definition:
>sqlcounter bytesQuota {
>counter-name = traffic_quota
>check-name = Max-Traffic
>reply-name = Tmp-Integer-0
>sqlmod-inst = mysqldb
>key = User-Name
>reset = hourly
>query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
>radacct WHERE UserName='%{%k}'"
>}
>
>sounds good to me... what could be the reasn for noreset?
>
>query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
>radacct WHERE UserName='%{%k}'"
You need to add to WHERE one of the statements using %b.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Hi, > Much of the time, by the time I get around to wanting to build > freeradius, it's been months since the server was installed, so I don't > really know what's installed on it unless I check. I do know that when > include files are not found, it might mean a -devel package needs to be > installed. I just ran into a couple of unusual problems doing that this > time. - ah, what i meant was ./configure --help (you'll see a couple of 'use our version rather than system version) things. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Hi, > While this was on CentOS, I expect the same things could bite somebody > using RHEL (or any x86_64 system with yum). i'm usually torn between advocating the use of ./configure or the use of eg rpmbuild and the .spec file for CentOS and Fedora folk. if you used the spec and built your own RPM from source then the required RPMs should have been dealt with. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Hi, > CentOS box for configure and make. Just a bit more of a pain than > downloading a release tar file. but thats the point...the stuff you want isnt in a release tar just yet - a nightly tarball, i guess, would be what you would prefer for this sort of action? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
[EMAIL PROTECTED] a écrit :
>> Good it's sent in the reply to the nas! Thx
>> But the sqlcounter i setup was supposed to reset every hours , but
>> apparently doesn't...
>> Where can i take a look to find out why?
>>
>
> Check the sql query definition and value of reset in counter.conf.
>
here is the counter definition:
sqlcounter bytesQuota {
counter-name = traffic_quota
check-name = Max-Traffic
reply-name = Tmp-Integer-0
sqlmod-inst = mysqldb
key = User-Name
reset = hourly
query = "SELECT SUM(acctinputoctets + acctoutputoctets) FROM
radacct WHERE UserName='%{%k}'"
}
sounds good to me... what could be the reasn for noreset?
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 21:56 +0100, [EMAIL PROTECTED] wrote: > but you chose to use the system stuff in the configure stage > rather than the supplied version, yes? Much of the time, by the time I get around to wanting to build freeradius, it's been months since the server was installed, so I don't really know what's installed on it unless I check. I do know that when include files are not found, it might mean a -devel package needs to be installed. I just ran into a couple of unusual problems doing that this time. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VPN Server 3000 + Radius + LDAP = heeelp!!
>Thanks for your answer Leonardo but, if I define the groups in the Cisco >VPN Server, it will be enough with knowing the password of other defined >group's to obtain an address from a group to which I don't really >belong. I.e., if Sale's user know password of Development group, will >can receive an Development address. > Ahem, passwords are in user profile and have nothing to do with groups. Person who is added to the Sales group can't move to Development group by changing his password. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 21:57 +0100, [EMAIL PROTECTED] wrote: > > congrats! - GIT is far nicer than some of the older methods of > source retrieval. I've heard that, but I didn't really get far enough to tell. I had to go through the process of figuring out which packages were needed, that they aren't available on CentOS so I had to use a Fedora workstation, get the packages installed, then poke around long enough to figure out that "git clone git://git.freeradius.org/freeradius-server local-dir-name" was what I needed. Then copy the source tree back to the CentOS box for configure and make. Just a bit more of a pain than downloading a release tar file. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 15:17 -0400, John Dennis wrote: > > I'm inclined to think for those people who wish to build from upstream > they are better off using the autotools configure script included in > the freeradius source distribution and not use rpm mechanisms Yes, but there are still packages that are part of the system that are needed to build freeradius (or any other application). In this case, since the freeradius packages that come with CentOS (and RHEL) are for a very old version, and I'm doing this because I really want a feature that is available only in the latest version (even Fedora 9 doesn't have it yet), I build from freeradius source. But that doesn't mean I want (or need) to build all the libraries that freeradius uses from source, since the ones that come with the system are perfectly adequate for that. It's just that as soon as you want to build something from source, now you need the -devel packages that might not have been installed at system install time. That's fine, I'm used to installing -devel packages the first time I want to compile something from source. I just ran into two issues: the first one was the thing with the wildcards happening to match directory names in the freeradius source tree, so that "yum" didn't find the packages. So my usual technique of running "yum list libtool*" didn't list the devel packages because the wildcard matched the "libtool" directory. So I couldn't figure out which -devel package I needed. Quoting the wildcard or executing the command in a different directory solves that. The second problem is that there are packages for both i386 and x86_64 that are both available when running on an x86_64, and the freeradius build craps out if it tries to link against the i386 version (invalid symbol format), so I actually had to remove the -devel.i386 packages before the build could happen. While this was on CentOS, I expect the same things could bite somebody using RHEL (or any x86_64 system with yum). --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
>Good it's sent in the reply to the nas! Thx >But the sqlcounter i setup was supposed to reset every hours , but >apparently doesn't... >Where can i take a look to find out why? Check the sql query definition and value of reset in counter.conf. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 15:24 -0400, John Dennis wrote: > Wildcards passed to commands must always be quoted or escaped Well, no, not always any more. If I did something like "cd /root" first, then the yum commands work just fine. It's a bash feature that if the wildcard doesn't actually match anything, then it is passed as an argument verbatim (as opposed to csh, which would have complained "no match" and not done anything). However, you are correct in the sense that quoting it is the only way to guarantee that it will do what I expect every time. I've just gotten lazy since not quoting it works 99% of the time. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:RE: Cisco VPN Server 3000 + Radius + LDAP = heeelp!!
Add Pool-Name as check item with operator := to ldap.attrmap. Map it to
something like radiusPool. Add radiusPool to user profile in ldap. Add
value pool1 for radiusPool to those with attribute = 1 ...
Ivan Kalik
Kalik Informatika ISP
Dana 9/9/2008, "Osvaldo Campos M. - Administrador Red STI"
<[EMAIL PROTECTED]> piše:
>Thanks for your answer, but I can't use LDAP groups in this case because
>I haven'ts groups defined in LDAP according to LDAP "attribute". For
>example, I haven't a group "Sales" in LDAP with only users with the
>value "attribute=1".
>
>And I need to assign addresses according to the value "attribute" .
>
>Other ideas for this, please??
>
>Thanks...
>
>Osvaldo H. Campos Molina
>Administrador de Red
>STI - Univ. de Chile
>
>
>
>Parham Beheshti escribió:
>> this is how we do it:
>> radius.conf:
>> get user's group from ldap
>>
>> users file:
>> if user is member of groupA assign ip pool1
>>
>> if user is member of groupB assign ip pool2
>>
>> here is users file(This is not using ip pools, just limits connection
>> duration and when they can login):
>> DEFAULT LDAP-Group == "VPN12", Max-Daily-Session :=43200
>> Fall-Through = Yes
>>
>> DEFAULT LDAP-GROUP == "VPNSALES", Max-Daily-Session :=7200,
>> Login-Time:="Any0730-0830,Any1630-1730"
>> Fall-Through = Yes
>>
>>
>>
>>
>> -Original Message-
>> From: [EMAIL PROTECTED] on behalf of Osvaldo Campos M. - Administrador Red
>> STI
>> Sent: Tue 9/9/2008 2:36 AM
>> To: FreeRadius users mailing list
>> Subject: Cisco VPN Server 3000 + Radius + LDAP = heeelp!!
>>
>> Hi people:
>>
>> First of all, sorry but my english is not good.
>>
>> I'm newie in FreeRadius and I am in a hurry with Cisco VPN Server 3000,
>> FreeRadius and LDAP, to permit vpn user's access.
>>
>> When vpn users connect (with "Cisco VPN Client"), Radius consult to LDAP
>> if user exist. If exist, then user can connect to vpn. If not, can't
>> connect. This works well.
>>
>> Now, also I should assign IP addresses according to an LDAP attribute.
>> For example, if attribute==1 assign 10.0.0.10/24, if attribute==2 assign
>> 10.0.0.20/24.
>>
>> I try to assign IP addresses with "ippool module" and filters in the
>> "ldap module" in FreeRadius, but it doesn't work.
>>
>> How can I work with many ippool's according to a value of LDAP
>> attribute? Where should I ask for the attribute value in order to assign
>> the corresponding ippool?. Please, help me with that.
>>
>>
>> My config is something like that:
>>
>> In the radius.conf file...
>> ldap vpnldap1 {
>> server = "x.x.x.x"
>> identity = "cn=Directory Manager"
>> password = **
>> basedn = "ou=People, dc:blah, dc=cl"
>> filter = "(&(uid=%u)(attribute=1))"
>> authtype = ldap
>> set_asuth_type = yes
>> }
>> ldap vpnldap2 {
>> server = "x.x.x.x"
>> identity = "cn=Directory Manager"
>> password = **
>> basedn = "ou=People, dc:blah, dc=cl"
>> filter = "(&(uid=%u)(attribute=2))"
>> authtype = ldap
>> set_asuth_type = yes
>> }
>>
>> authorize {
>> files
>> Autz-Type LDAPVPN1 {
>> vpnldap1
>> }
>> Autz-Type LDAPVPN2 {
>> vpnldap2
>> }
>> }
>>
>> authentication {
>> Auth-Type LDAPVPN1 {
>> vpnldap1
>> }
>> Auth-Type LDAPVPN2 {
>> vpnldap2
>> }
>> }
>>
>> ippool vpnusers1 {
>> range-start= 10.0.0.10
>> range-stop= 10.0.0.19
>> netmask= 255.255.255.0
>> cache-size= 10
>> session-db= ${raddbdir}/db.vpnusers1-session
>> ip-index= ${raddbdir}/db.vpnusers1-index
>> override= yes
>> }
>>
>> ippool vpnusers2 {
>> range-start= 10.0.0.20
>> range-stop= 10.0.0.29
>> netmask= 255.255.255.0
>> cache-size= 10
>> session-db= ${raddbdir}/db.vpnusers2-session
>> ip-index= ${raddbdir}/db.vpnusers2-index
>> override= yes
>> }
>>
>> In the user file...
>> (i don`t know how to configure this file to several "Ippool" I think
>> that here's the problem)
>>
>> DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN1, AUTZ-Type
>> :=LDAPVPN1, Pool-Name :=vpnusers1
>> DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN2, AUTZ-Type
>> :=LDAPVPN2, Pool-Name :=vpnusers2
>> # y.y.y.y= address of VPN Server
>>
>>
>> In the ldap.attrmap...
>> checkItemvpnusers1attribute
>> checkItemvpnusers2attribute
>>
>> Please, help me with this config.
>>
>> Thank's you...
>>
>> Osvaldo H. Campos Molina
>> Administrador de Red
>> STI - Univ. de Chile
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VPN Server 3000 + Radius + LDAP = heeelp!!
Hi...
Thanks for your answer Leonardo but, if I define the groups in the Cisco
VPN Server, it will be enough with knowing the password of other defined
group's to obtain an address from a group to which I don't really
belong. I.e., if Sale's user know password of Development group, will
can receive an Development address.
For this reason it is that I should assign the address according to the
value of the attribute LDAP, because this value identifies user's type
and, therefore, the address that should have.
Other ideas for this, please??
Osvaldo H. Campos Molina
Administrador de Red
STI - Univ. de Chile
Leonardo Reginin escribió:
If I understood what you need ...
Using Cisco VPN Client, you can define "Groups" in the Cisco
Concentrator ...
Configuration -> User Management -> Groups
... and assign an "Address Pool" to each group. According the Group
used in the Cisco VPN Client, the user will receive an IP addresses
from a different Address Pool.
Create the Group and upon that create the Address Pool
Configuration -> User Management -> Groups -> Address Pools
Best Regards,
Leonardo
Osvaldo Campos M. - Administrador Red STI wrote:
Hi people:
First of all, sorry but my english is not good.
I'm newie in FreeRadius and I am in a hurry with Cisco VPN Server
3000, FreeRadius and LDAP, to permit vpn user's access.
When vpn users connect (with "Cisco VPN Client"), Radius consult to
LDAP if user exist. If exist, then user can connect to vpn. If not,
can't connect. This works well.
Now, also I should assign IP addresses according to an LDAP
attribute. For example, if attribute==1 assign 10.0.0.10/24, if
attribute==2 assign 10.0.0.20/24.
I try to assign IP addresses with "ippool module" and filters in the
"ldap module" in FreeRadius, but it doesn't work.
How can I work with many ippool's according to a value of LDAP
attribute? Where should I ask for the attribute value in order to
assign the corresponding ippool?. Please, help me with that.
My config is something like that:
In the radius.conf file...
ldap vpnldap1 {
server = "x.x.x.x"
identity = "cn=Directory Manager"
password = **
basedn = "ou=People, dc:blah, dc=cl"
filter = "(&(uid=%u)(attribute=1))"
authtype = ldap
set_asuth_type = yes
}
ldap vpnldap2 {
server = "x.x.x.x"
identity = "cn=Directory Manager"
password = **
basedn = "ou=People, dc:blah, dc=cl"
filter = "(&(uid=%u)(attribute=2))"
authtype = ldap
set_asuth_type = yes
}
authorize {
files
Autz-Type LDAPVPN1 {
vpnldap1
}
Autz-Type LDAPVPN2 {
vpnldap2
}
}
authentication {
Auth-Type LDAPVPN1 {
vpnldap1
}
Auth-Type LDAPVPN2 {
vpnldap2
}
}
ippool vpnusers1 {
range-start= 10.0.0.10
range-stop= 10.0.0.19
netmask= 255.255.255.0
cache-size= 10
session-db= ${raddbdir}/db.vpnusers1-session
ip-index= ${raddbdir}/db.vpnusers1-index
override= yes
}
ippool vpnusers2 {
range-start= 10.0.0.20
range-stop= 10.0.0.29
netmask= 255.255.255.0
cache-size= 10
session-db= ${raddbdir}/db.vpnusers2-session
ip-index= ${raddbdir}/db.vpnusers2-index
override= yes
}
In the user file...
(i don`t know how to configure this file to several "Ippool" I
think that here's the problem)
DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN1, AUTZ-Type
:=LDAPVPN1, Pool-Name :=vpnusers1
DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN2, AUTZ-Type
:=LDAPVPN2, Pool-Name :=vpnusers2
# y.y.y.y= address of VPN Server
In the ldap.attrmap...
checkItemvpnusers1attribute
checkItemvpnusers2attribute
Please, help me with this config.
Thank's you...
Osvaldo H. Campos Molina
Administrador de Red
STI - Univ. de Chile
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Hi, > Nah! We've all done things like this more times than we care to admit. > Welcome to the club, your turn to bring refreshments next time :-) hey! you cant skip *your* turn! ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Hi, > OK, I got this done. It configures and makes on my system (CentOS congrats! - GIT is far nicer than some of the older methods of source retrieval. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Hi, > But if libfoo.h actually exists in the source tree (as in the case of > ltdl.h), then it's not so blindingly obvious that the problem is a > missing -devel package rather than a configuration/compilation issue. but you chose to use the system stuff in the configure stage rather than the supplied version, yes? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ***SPAM*** Re: How to modify dialup.conf for each virtual server?
Yes. Create multiple sql instances. List the name of the instance you want to use in place of "sql" in appropriate sections (authorize, accounting, post-auth, etc.). Ivan Kalik Kalik Informatika ISP Dana 9/9/2008, "Nataniel Klug" <[EMAIL PROTECTED]> piše: >Thanks Ivan. > >Another question: is there any way to have one database for each virtual >server? > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
error when created client certificates
hello again!! =) when i run "make client.pem", according the file certs/README, have this error: [EMAIL PROTECTED] certs]# make client.pem openssl req -new -out client.csr -keyout client.key -config ./client.cnf Generating a 2048 bit RSA private key ..+++ ...+++ writing new private key to 'client.key' - openssl ca -batch -keyfile server.key -cert server.crt -in client.csr -key `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf Using configuration from ./client.cnf unable to load CA private key 24500:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461: 24500:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425: make: *** [client.crt] Error 1 some know why? many thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
John Dennis wrote: > I know the freeradius source tree and source tarball contains rpm spec > files and some suse and redhat specific info but I wonder if that is the > right place for that information, the distribution in question will have > up to date spec files specific to their distributions, I'm not sure > upstream is the place to go looking for it. The last time I looked at > the redhat directory it was way out of date. I've taken occasional looks at the upstream spec files, and pulled changes in. But the integration should be a little stronger. > This is one reason I'm > dubious upstream is the place to maintain spec files (IMHO it's kinda > backwards ;-) Some people want custom installations. Having an "almost OK' spec file distributed with the source is often easier than pulling the spec file from elsewhere. > Now having said that, I realize there isn't a 2.1.0 rpm spec file in > Fedora yet, so you would be right to say "how can I consult it?", but > I'm willing to bet the current 2.0.5 spec file would be pretty close to > what 2.1.0 needs. Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: minor prefix problem with 2.1.1 git
Greg Woods wrote: > I tried to use a non-default prefix, and it craps out on "make install" > because one of the sql-related files refuses to install in a directory > name that didn't end with /usr/local/lib . That's libtool insanity. It drives me crazy. > I was able to work around > this by using a --prefix like "/local/freeradius-git/usr/local" instead > of just "/local/freeradius-git". A minor annoyance but I thought others > might want to hear about it. At least the error message was clear enough > that coming up with the workaround was easy. Ugh. If *I* say install in /local/foo, or /local/i/hate/libtool, then it should damned well install the libraries there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Greg Woods wrote: On Tue, 2008-09-09 at 19:43 +0100, John Horne wrote: Does something a bit more generic like 'yum list *td*' show you a list of installed and available packages? It works for me on CentOS 5.2, AAAUGH! I got it figured out. I was in the freeradius-server directory when I tried this, so it turns out that "libtool*" and "*tdl*" actually match directory names, so bash wasn't passing the wildcard to yum. Wildcards passed to commands must always be quoted or escaped otherwise the shell will process it. Yum info is a classic case of needing to do this. Maybe csh wasn't so wrong to always assume an unquoted wildcard meant you were file globbing. Cost me a couple hours of wasted time (not to mention looking like a moron on the list :-) Nah! We've all done things like this more times than we care to admit. Welcome to the club, your turn to bring refreshments next time :-) -- John Dennis <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Greg Woods wrote: On Tue, 2008-09-09 at 16:53 +0100, [EMAIL PROTECTED] wrote: yep, you havent got all the required development packages installed. libtool-ltdl-devel libtool-ltdl Thanks, that was it. However, I discovered what I think is a bug in yum in the process. I tried "yum list *ltdl*" and this failed to show these packages; otherwise I might have found this myself. Even "yum list libtool*" doesn't show them, I had to actually list libtool-ltdl-devel* to see the devel package. We maintain rpm spec files that are known to work on Fedora (some RHEL, CentOS) and if you had consulted that spec file you would have seen the libtool-ltdl-devel dependency. I know the freeradius source tree and source tarball contains rpm spec files and some suse and redhat specific info but I wonder if that is the right place for that information, the distribution in question will have up to date spec files specific to their distributions, I'm not sure upstream is the place to go looking for it. The last time I looked at the redhat directory it was way out of date. I'm inclined to think for those people who wish to build from upstream they are better off using the autotools configure script included in the freeradius source distribution and not use rpm mechanisms unless the srpm comes from the distribution in question. Afterall autotools was meant to solve the "correctly build on a foreign unknown platform" problem, rpm is not the tool for that job. This is one reason I'm dubious upstream is the place to maintain spec files (IMHO it's kinda backwards ;-) Now having said that, I realize there isn't a 2.1.0 rpm spec file in Fedora yet, so you would be right to say "how can I consult it?", but I'm willing to bet the current 2.0.5 spec file would be pretty close to what 2.1.0 needs. It's the Fedora project's job to make sure our spec file and pre-built packages get upgraded to current upstream in a timely fashion (where the definition of timely is open for vigorous discussion, flames, etc. :-) BTW, RHEL, CentOS, etc. are enterprise stable distributions, don't expect them to contain current versions, it's not in their mandate, Fedora is the place to look for current up-to-date versions of packages. -- John Dennis <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with the authentication TLS
ok, ready! my problem now is the certificates. when I create, the problem is dont can created the user certificate, reading the howto of wiki in the page ( http://freeradius.org/doc/EAPTLS.pdf ). i have this: [EMAIL PROTECTED] certs]# make client.pem openssl ca -batch -keyfile server.key -cert server.crt -in client.csr -key `grep output_password server.cnf | sed 's/.*=//;s/^ *//'` -out client.crt -extensions xpclient_ext -extfile xpextensions -config ./client.cnf Using configuration from ./client.cnf unable to load CA private key 23294:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:461: 23294:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:425: make: *** [client.crt] Error 1 then the user certificates dont created somewhere now exactly which thw certificates of the last version im install in user pc? this? --> ca.der and client.key? why is the extension of certificates than used for the users? thanks!! -- -- Silvero Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
minor prefix problem with 2.1.1 git
I tried to use a non-default prefix, and it craps out on "make install" because one of the sql-related files refuses to install in a directory name that didn't end with /usr/local/lib . I was able to work around this by using a --prefix like "/local/freeradius-git/usr/local" instead of just "/local/freeradius-git". A minor annoyance but I thought others might want to hear about it. At least the error message was clear enough that coming up with the workaround was easy. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 19:43 +0100, John Horne wrote: > Does something a bit more generic like 'yum list *td*' show you a list > of installed and available packages? It works for me on CentOS 5.2, AAAUGH! I got it figured out. I was in the freeradius-server directory when I tried this, so it turns out that "libtool*" and "*tdl*" actually match directory names, so bash wasn't passing the wildcard to yum. Maybe csh wasn't so wrong to always assume an unquoted wildcard meant you were file globbing. Cost me a couple hours of wasted time (not to mention looking like a moron on the list :-) --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 11:24 -0600, Greg Woods wrote: > On Tue, 2008-09-09 at 16:53 +0100, [EMAIL PROTECTED] wrote: > > > yep, you havent got all the required development packages installed. > > > > libtool-ltdl-devel > > libtool-ltdl > > Thanks, that was it. However, I discovered what I think is a bug in yum > in the process. I tried "yum list *ltdl*" and this failed to show these > packages; otherwise I might have found this myself. Even "yum list > libtool*" doesn't show them, I had to actually list libtool-ltdl-devel* > to see the devel package. > Does something a bit more generic like 'yum list *td*' show you a list of installed and available packages? It works for me on CentOS 5.2, 64-bit. The 'list *ltdl*' worked for me on CentOS 52, 32-bit. John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounters for traffic
Good it's sent in the reply to the nas! Thx
But the sqlcounter i setup was supposed to reset every hours , but
apparently doesn't...
Where can i take a look to find out why?
Is it supposed to update the database to reset counters (which seems a
bad solution to me) or does freeradius maintain separate counters
elsewhere, using accounting database to feed them?
Alan DeKok a écrit :
> Alexandre Chapellon wrote:
>
>> Here is the full debug outputed during the auth query/reply
>>
> ...
>
>> rlm_sqlcounter: Sent Reply-Item for user scott,
>> Type=Session-Traffic-Limit, value=12694
>>
> ...
>
>> Sending Access-Accept of id 201 to 127.0.0.1 port 37792
>> Session-Traffic-Limit = ""
>>
>
> That's the problem. Looking at dictionary.redback,
> Session-Traffic-Limit is a string. It's not an integer counter.
>
> If you do really want to use Session-Traffic-Limit, you will have to
> change sqlcounter to use a *different* attribute in the reply, such as
> Tmp-Integer-0, which is a server-side attribute. Then use "unlang" in
> post-auth to copy it to Session-Traffic-Limit:
>
> update reply {
> Session-Traffic-Limit = "%{reply:Tmp-Integer-0}"
> }
>
> That should work.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 19:50 +0200, Alan DeKok wrote: > Please checkout and build git.freeradius.org. OK, I got this done. It configures and makes on my system (CentOS release 5.2 (Final) -- x86_64) with no problems. Now on to some fun with dynamic clients. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Yes I know... ( Last few weeks I'm trying to build test system for 2.x.x version. I want to test DHCP functions. All systems we have are already in use and I don't have enough "space" to do some testings :) Alan DeKok wrote: Marinko Tarlac wrote: 1.1.7 also requires ltdl The only changes made to 1.1.x from now on will be security related. i.e. no new features. no build fixes, etc. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 18:54 +0100, [EMAIL PROTECTED] wrote: > generally, its blindingly obvious when you see something like > > Error - libfoo.h missing > > you think, hmmm, i dont have an include. But if libfoo.h actually exists in the source tree (as in the case of ltdl.h), then it's not so blindingly obvious that the problem is a missing -devel package rather than a configuration/compilation issue. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 19:50 +0200, Alan DeKok wrote: > Please checkout and build git.freeradius.org. If I get time to do this before 2.1.1 comes out, I'll give it a shot, but there are no git packages for CentOS and I've never used it before, so I'll have to install git on my Fedora 9 workstation (where git packages do exist), learn to use it, check out the code, copy it to the CentOS box, etc. All doable if I can find the time. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Hi, > Marinko Tarlac wrote: > > 1.1.7 also requires ltdl > > The only changes made to 1.1.x from now on will be security related. > > i.e. no new features. no build fixes, etc. I dont think it was a build fix request - more a comment that 1.1.7 needs ltdl on some platforms due to the way that chosen distro operates. - its a helpful note to others who get caught out by this error. generally, its blindingly obvious when you see something like Error - libfoo.h missing you think, hmmm, i dont have an include. what package provides that include? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Greg Woods wrote: > After this I ran into the previously-noted issue compiling radmin. In > Makefile.inc, define LIBREADLINE as "-lreadline -lncurses". Which is also fixed in git.freeradius.org. > But I now have 2.1.0 compiled so I can work on setting up dynamic > clients, which is a feature we really need here since many of our > clients are DHCP-configured workstations. The dynamic clients code has a bug. This is fixed in git.freeradius.org. Please checkout and build git.freeradius.org. Unless there are major panics, it will be issued as version 2.1.1 this week. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Marinko Tarlac wrote: > 1.1.7 also requires ltdl The only changes made to 1.1.x from now on will be security related. i.e. no new features. no build fixes, etc. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
On Tue, 2008-09-09 at 16:53 +0100, [EMAIL PROTECTED] wrote: > yep, you havent got all the required development packages installed. > > libtool-ltdl-devel > libtool-ltdl Thanks, that was it. However, I discovered what I think is a bug in yum in the process. I tried "yum list *ltdl*" and this failed to show these packages; otherwise I might have found this myself. Even "yum list libtool*" doesn't show them, I had to actually list libtool-ltdl-devel* to see the devel package. After this I ran into the previously-noted issue compiling radmin. In Makefile.inc, define LIBREADLINE as "-lreadline -lncurses". Another thing I discovered is that I have to remove the i386 versions of several -devel packages, or I get errors about symbols in wrong format when linking. But I now have 2.1.0 compiled so I can work on setting up dynamic clients, which is a feature we really need here since many of our clients are DHCP-configured workstations. Thanks for the help! --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ***SPAM*** Re: How to modify dialup.conf for each virtual server?
Thanks Ivan.
Another question: is there any way to have one database for each virtual
server?
[EMAIL PROTECTED] escreveu:
Can't I change the way it's look into MySQL table? Even this comming
with User-Name I can't look for the value in another field? This is a
MySQL query, not the way it came... i hope... :)
You have three options:
- fill your database with (useless) data and try to change rlm_sql code
and queries in order to match up requests and data. Don't expect much
help there - if you want to customize the database you should know what
you are doing. It is quite likely that this will render that sql
instance (and possibly whole sql module) useless for any other request
apart form mac auth.
You will need to:
rewrite value of User-Name into Calling-Station-Id
pull new User-Name from the database (WHERE
Attribute='Calling-Sattion-Id' and Value='%{User-Name})
fix code in rlm_sql where this brakes it
or:
- authenticate with a special script (perl or such). Adjust queries for
this type of authentication as much as you like without affecting other
authentication types. You can use multiple queries to match up data and
request. Easier and more sensible than above.
or:
- fill your database with correct data - what you expect to come in
User-Name field should be used as UserName etc. No adjustments needed.
mac auth works together with other authentication types.
Take your pick.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Att,
NATANIEL KLUG
[EMAIL PROTECTED]
LEIA O DIA-A-DIA DO NATA
http://nataklug.blogspot.com/
Cyber Nett - Internet Banda Larga
www.cnett.com.br
(42) 3635-2957
Rua Diogo Pinto, 1046, Centro
Laranjeiras do Sul - PR
Brasil - 85301-290
"... também os sábios possuem coração tangível e podem, por vezes, usar da ciência
como meio de demonstrar impressões sentimentais de que muitos não os julgam
suscetíveis."
Visconde de Taunay
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
1.1.7 also requires ltdl (CentOS 5.x) Alan DeKok wrote: Greg Woods wrote: I am running on CentOS 5.2 on an x86_64 architecture. I note a previous report for a similar system here on the list, but this is not the same error. That one was an error compiling radmin, this is an error compiling the server: ... /local/src/freeradius-server-2.1.0/src/freeradius-devel/modpriv.h:9:18: error: ltdl.h: No such file or directory Yeah, I caught that on another system, too. It should be fixed in git.freeradius.org. Part of the issue is that the latest version in source control isn't widely tested until it becomes an official release... at which point lots of people run into issues. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:RE: Cisco VPN Server 3000 + Radius + LDAP = heeelp!!
Thanks for your answer, but I can't use LDAP groups in this case because
I haven'ts groups defined in LDAP according to LDAP "attribute". For
example, I haven't a group "Sales" in LDAP with only users with the
value "attribute=1".
And I need to assign addresses according to the value "attribute" .
Other ideas for this, please??
Thanks...
Osvaldo H. Campos Molina
Administrador de Red
STI - Univ. de Chile
Parham Beheshti escribió:
this is how we do it:
radius.conf:
get user's group from ldap
users file:
if user is member of groupA assign ip pool1
if user is member of groupB assign ip pool2
here is users file(This is not using ip pools, just limits connection duration
and when they can login):
DEFAULT LDAP-Group == "VPN12", Max-Daily-Session :=43200
Fall-Through = Yes
DEFAULT LDAP-GROUP == "VPNSALES", Max-Daily-Session :=7200,
Login-Time:="Any0730-0830,Any1630-1730"
Fall-Through = Yes
-Original Message-
From: [EMAIL PROTECTED] on behalf of Osvaldo Campos M. - Administrador Red STI
Sent: Tue 9/9/2008 2:36 AM
To: FreeRadius users mailing list
Subject: Cisco VPN Server 3000 + Radius + LDAP = heeelp!!
Hi people:
First of all, sorry but my english is not good.
I'm newie in FreeRadius and I am in a hurry with Cisco VPN Server 3000,
FreeRadius and LDAP, to permit vpn user's access.
When vpn users connect (with "Cisco VPN Client"), Radius consult to LDAP
if user exist. If exist, then user can connect to vpn. If not, can't
connect. This works well.
Now, also I should assign IP addresses according to an LDAP attribute.
For example, if attribute==1 assign 10.0.0.10/24, if attribute==2 assign
10.0.0.20/24.
I try to assign IP addresses with "ippool module" and filters in the
"ldap module" in FreeRadius, but it doesn't work.
How can I work with many ippool's according to a value of LDAP
attribute? Where should I ask for the attribute value in order to assign
the corresponding ippool?. Please, help me with that.
My config is something like that:
In the radius.conf file...
ldap vpnldap1 {
server = "x.x.x.x"
identity = "cn=Directory Manager"
password = **
basedn = "ou=People, dc:blah, dc=cl"
filter = "(&(uid=%u)(attribute=1))"
authtype = ldap
set_asuth_type = yes
}
ldap vpnldap2 {
server = "x.x.x.x"
identity = "cn=Directory Manager"
password = **
basedn = "ou=People, dc:blah, dc=cl"
filter = "(&(uid=%u)(attribute=2))"
authtype = ldap
set_asuth_type = yes
}
authorize {
files
Autz-Type LDAPVPN1 {
vpnldap1
}
Autz-Type LDAPVPN2 {
vpnldap2
}
}
authentication {
Auth-Type LDAPVPN1 {
vpnldap1
}
Auth-Type LDAPVPN2 {
vpnldap2
}
}
ippool vpnusers1 {
range-start= 10.0.0.10
range-stop= 10.0.0.19
netmask= 255.255.255.0
cache-size= 10
session-db= ${raddbdir}/db.vpnusers1-session
ip-index= ${raddbdir}/db.vpnusers1-index
override= yes
}
ippool vpnusers2 {
range-start= 10.0.0.20
range-stop= 10.0.0.29
netmask= 255.255.255.0
cache-size= 10
session-db= ${raddbdir}/db.vpnusers2-session
ip-index= ${raddbdir}/db.vpnusers2-index
override= yes
}
In the user file...
(i don`t know how to configure this file to several "Ippool" I think
that here's the problem)
DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN1, AUTZ-Type
:=LDAPVPN1, Pool-Name :=vpnusers1
DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN2, AUTZ-Type
:=LDAPVPN2, Pool-Name :=vpnusers2
# y.y.y.y= address of VPN Server
In the ldap.attrmap...
checkItemvpnusers1attribute
checkItemvpnusers2attribute
Please, help me with this config.
Thank's you...
Osvaldo H. Campos Molina
Administrador de Red
STI - Univ. de Chile
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Alan DeKok wrote: Greg Woods wrote: I am running on CentOS 5.2 on an x86_64 architecture. I note a previous report for a similar system here on the list, but this is not the same error. That one was an error compiling radmin, this is an error compiling the server: ... /local/src/freeradius-server-2.1.0/src/freeradius-devel/modpriv.h:9:18: error: ltdl.h: No such file or directory Yeah, I caught that on another system, too. It should be fixed in git.freeradius.org. Part of the issue is that the latest version in source control isn't widely tested until it becomes an official release... at which point lots of people run into issues. I you want to tag and announce -pre I can arrange for it to be built in a bunch of clean buildroots (we maintain such for building our local RPMs) at least for some RedHat/Fedora variants. Or there's "buildbot"; I might be able to scrounge a server or two to run some VMs on, and host them here. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Greg Woods wrote: > I am running on CentOS 5.2 on an x86_64 architecture. I note a previous > report for a similar system here on the list, but this is not the same > error. That one was an error compiling radmin, this is an error > compiling the server: ... > /local/src/freeradius-server-2.1.0/src/freeradius-devel/modpriv.h:9:18: > error: ltdl.h: No such file or directory Yeah, I caught that on another system, too. It should be fixed in git.freeradius.org. Part of the issue is that the latest version in source control isn't widely tested until it becomes an official release... at which point lots of people run into issues. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: another 2.1.0 compile error
Hi, > I am running on CentOS 5.2 on an x86_64 architecture. I note a previous > report for a similar system here on the list, but this is not the same > error. That one was an error compiling radmin, this is an error > compiling the server: > > gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE > -DNDEBUG -I/local/src/freeradius-server-2.1.0/src -DHOSTINFO= > \"x86_64-unknown-linux-gnu\" -DRADIUSD_VERSION=\"2.1.0\" > -DOPENSSL_NO_KRB5 -c listen.c -fPIC -DPIC -o .libs/listen.o > listen.c: In function 'client_listener_find': > listen.c:189: warning: assignment discards qualifiers from pointer > target type > In file included from command.c:26, > from listen.c:1046: > /local/src/freeradius-server-2.1.0/src/freeradius-devel/modpriv.h:9:18: > error: ltdl.h: No such file or directory ^^6 yep, you havent got all the required development packages installed. libtool-ltdl-devel libtool-ltdl alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
another 2.1.0 compile error
I am running on CentOS 5.2 on an x86_64 architecture. I note a previous report for a similar system here on the list, but this is not the same error. That one was an error compiling radmin, this is an error compiling the server: gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I/local/src/freeradius-server-2.1.0/src -DHOSTINFO= \"x86_64-unknown-linux-gnu\" -DRADIUSD_VERSION=\"2.1.0\" -DOPENSSL_NO_KRB5 -c listen.c -fPIC -DPIC -o .libs/listen.o listen.c: In function 'client_listener_find': listen.c:189: warning: assignment discards qualifiers from pointer target type In file included from command.c:26, from listen.c:1046: /local/src/freeradius-server-2.1.0/src/freeradius-devel/modpriv.h:9:18: error: ltdl.h: No such file or directory In file included from command.c:26, from listen.c:1046: /local/src/freeradius-server-2.1.0/src/freeradius-devel/modpriv.h: At top level: /local/src/freeradius-server-2.1.0/src/freeradius-devel/modpriv.h:30: error: expected specifier-qualifier-list before 'lt_dlhandle' gmake[4]: *** [listen.lo] Error 1 gmake[4]: Leaving directory `/local/src/freeradius-server-2.1.0/src/main' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/local/src/freeradius-server-2.1.0/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/local/src/freeradius-server-2.1.0/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/local/src/freeradius-server-2.1.0' make: *** [all] Error 2 I realize this isn't a complete enough report to fully debug this, I'm just curious to know if anyone else has seen this one or whether it's something obvious. I also know that the ltdl.h file is actually there in the libltdl subdirectory, so I can probably figure out how to get around this if I have to. --Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius version 1.0.x Vs 2.x.x
Hi,
I have been using freeradius 1.0.5 for captive portal authentication
in our internal network. I use mysql as backend for radius and using
sqlcounter to check monthly usage.
I was trying out freeradius version 2.1.0 and found out that check
attribute values from radcheck table being replaced by values from
radgroupcheck. For example, sqlcounter is using Session-Timeout =
28800 if I use freeradius version 1.0.5 and Session-Timeout = 14400 if
I use version 2.1.0.
Debug from 1.0.5:
rlm_sqlcounter: Authorized user test, check_item=28800, counter=509
rlm_sqlcounter: Sent Reply-Item for user test, Type=Session-Timeout, value=28291
modcall[authorize]: module "noresetcounter" returns ok for request 2
modcall: leaving group authorize (returns ok) for request 2
Debug from 2.1.0:
rlm_sqlcounter: Authorized user test, check_item=14400, counter=509
rlm_sqlcounter: Sent Reply-Item for user akj, Type=Session-Timeout, value=13891
++[noresetcounter] returns ok
radcheck table:
++--++++
| id | username | attribute | value | op |
++--++++
| 7 | test | Crypt-Password |
$1$WXkDxOPI$hZadd2xez2Xl7k4asVqOG. | := |
| 9 | test | Session-Timeout| 28800
| := |
++--++++
radgroupcheck table:
++---+--+---++
| id | groupname | attribute| Value | op |
++---+--+---++
| 1 | test | Session-Timeout | 14400 | := |
++---+--+---++
radusergroup table:
+--+---+--+
| username | groupname | priority |
+--+---+--+
| test | test |1 |
+--+---+--+
sqlcounter:
sqlcounter noresetcounter {
counter-name = sess_timeout
check-name = Session-Timeout
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"
}
I have tested this with version 2.0.5 and got same result. Is this the
expected behavior in version 2.x.x?
Thanks,
Abraham
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with the authentication TLS
and install the new version and the probe, probe with radtest and I get
this:
Sending Access-Request of id 236 to 127.0.0.1 port 1812
User-Name = "test"
User-Password = "testing123"
NAS-IP-Address = 10.30.1.104
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=236,
length=20
its ok but...
radiusd -X run and I get this::
FreeRADIUS Version 2.0.5, for host x86_64-unknown-linux-gnu, built on Sep 3
2008 at 17:32:08
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = "/usr/local"
localstatedir = "/usr/local/var"
logdir = "/usr/local/var/log/radius"
libdir = "/usr/local/lib"
radacctdir = "/usr/local/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
checkrad = "/usr/local/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
}
client 10.0.6.29 {
require_message_authenticator = no
secret = "testing123"
shortname = "ap"
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
Re: Problems with the authentication TLS
>ERROR: Failed to open socket: cannot bind socket: Address already in use >/usr/local/etc/raddb/radiusd.conf[236]: Error binding to port for >0.0.0.0port 1812 > > > > > > >Why is this wrong? > >I triyin with user root > Is radiusd already running? You need to stop it and restart it with radiusd -X. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to modify dialup.conf for each virtual server?
>Can't I change the way it's look into MySQL table? Even this comming
>with User-Name I can't look for the value in another field? This is a
>MySQL query, not the way it came... i hope... :)
>
You have three options:
- fill your database with (useless) data and try to change rlm_sql code
and queries in order to match up requests and data. Don't expect much
help there - if you want to customize the database you should know what
you are doing. It is quite likely that this will render that sql
instance (and possibly whole sql module) useless for any other request
apart form mac auth.
You will need to:
rewrite value of User-Name into Calling-Station-Id
pull new User-Name from the database (WHERE
Attribute='Calling-Sattion-Id' and Value='%{User-Name})
fix code in rlm_sql where this brakes it
or:
- authenticate with a special script (perl or such). Adjust queries for
this type of authentication as much as you like without affecting other
authentication types. You can use multiple queries to match up data and
request. Easier and more sensible than above.
or:
- fill your database with correct data - what you expect to come in
User-Name field should be used as UserName etc. No adjustments needed.
mac auth works together with other authentication types.
Take your pick.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.1.0 has been released.
Alan DeKok wrote:
Phil Mayers wrote:
if (condition) {
call debug 2
}
Nah.
radmin> debug file /var/log/radius/bob.log
radmin> debug condition '(User-Name == "bob")'
...
radmin> debug condition
That's better. Very powerful, and very clean.
Nice!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.1.0 has been released.
Phil Mayers wrote:
> if (condition) {
> call debug 2
> }
Nah.
radmin> debug file /var/log/radius/bob.log
radmin> debug condition '(User-Name == "bob")'
...
radmin> debug condition
That's better. Very powerful, and very clean.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco VPN Server 3000 + Radius + LDAP = heeelp!!
If I understood what you need ...
Using Cisco VPN Client, you can define "Groups" in the Cisco
Concentrator ...
Configuration -> User Management -> Groups
... and assign an "Address Pool" to each group. According the Group used
in the Cisco VPN Client, the user will receive an IP addresses from a
different Address Pool.
Create the Group and upon that create the Address Pool
Configuration -> User Management -> Groups -> Address Pools
Best Regards,
Leonardo
Osvaldo Campos M. - Administrador Red STI wrote:
Hi people:
First of all, sorry but my english is not good.
I'm newie in FreeRadius and I am in a hurry with Cisco VPN Server
3000, FreeRadius and LDAP, to permit vpn user's access.
When vpn users connect (with "Cisco VPN Client"), Radius consult to
LDAP if user exist. If exist, then user can connect to vpn. If not,
can't connect. This works well.
Now, also I should assign IP addresses according to an LDAP attribute.
For example, if attribute==1 assign 10.0.0.10/24, if attribute==2
assign 10.0.0.20/24.
I try to assign IP addresses with "ippool module" and filters in the
"ldap module" in FreeRadius, but it doesn't work.
How can I work with many ippool's according to a value of LDAP
attribute? Where should I ask for the attribute value in order to
assign the corresponding ippool?. Please, help me with that.
My config is something like that:
In the radius.conf file...
ldap vpnldap1 {
server = "x.x.x.x"
identity = "cn=Directory Manager"
password = **
basedn = "ou=People, dc:blah, dc=cl"
filter = "(&(uid=%u)(attribute=1))"
authtype = ldap
set_asuth_type = yes
}
ldap vpnldap2 {
server = "x.x.x.x"
identity = "cn=Directory Manager"
password = **
basedn = "ou=People, dc:blah, dc=cl"
filter = "(&(uid=%u)(attribute=2))"
authtype = ldap
set_asuth_type = yes
}
authorize {
files
Autz-Type LDAPVPN1 {
vpnldap1
}
Autz-Type LDAPVPN2 {
vpnldap2
}
}
authentication {
Auth-Type LDAPVPN1 {
vpnldap1
}
Auth-Type LDAPVPN2 {
vpnldap2
}
}
ippool vpnusers1 {
range-start= 10.0.0.10
range-stop= 10.0.0.19
netmask= 255.255.255.0
cache-size= 10
session-db= ${raddbdir}/db.vpnusers1-session
ip-index= ${raddbdir}/db.vpnusers1-index
override= yes
}
ippool vpnusers2 {
range-start= 10.0.0.20
range-stop= 10.0.0.29
netmask= 255.255.255.0
cache-size= 10
session-db= ${raddbdir}/db.vpnusers2-session
ip-index= ${raddbdir}/db.vpnusers2-index
override= yes
}
In the user file...
(i don`t know how to configure this file to several "Ippool" I
think that here's the problem)
DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN1, AUTZ-Type
:=LDAPVPN1, Pool-Name :=vpnusers1
DEFAULT NAS-IP-Address = "y.y.y.y", Auth-Type :=LDAPVPN2, AUTZ-Type
:=LDAPVPN2, Pool-Name :=vpnusers2
# y.y.y.y= address of VPN Server
In the ldap.attrmap...
checkItemvpnusers1attribute
checkItemvpnusers2attribute
Please, help me with this config.
Thank's you...
Osvaldo H. Campos Molina
Administrador de Red
STI - Univ. de Chile
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to modify dialup.conf for each virtual server?
Can't I change the way it's look into MySQL table? Even this comming with User-Name I can't look for the value in another field? This is a MySQL query, not the way it came... i hope... :) [EMAIL PROTECTED] escreveu: Well, you don't have much say in this because NAS sends it that way: rad_recv: Access-Request packet from host 172.30.0.142 port 6001, id=1, length=69 User-Name = "00:19:79:0f:98:3d" User-Password = "wireless" NAS-IP-Address = 172.30.0.142 NAS-Port = 0 You see what is in the User-Name field? That's how mac authentication works. Ivan Kalik Kalik Informatika ISP Dana 8/9/2008, "Nataniel Klug" <[EMAIL PROTECTED]> piše: Ivan, I can't use User-Name as MAC becouse this is being used by another systema I run... I just need to change some settings in dialup.conf to meet my requirements, all said in other message. [EMAIL PROTECTED] escreveu: In mac authentication mac address is sent as User-Name not Calling-Station-Id. You don't have to make any changes to dialup.conf - just use database properly: username: AA:AA:AA:AA:AA:AA attribute: Auth-Type op: := Value: Accept or Reject Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att, NATANIEL KLUG [EMAIL PROTECTED] LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 "... também os sábios possuem coraça~o tangível e podem, por vezes, usar da cie^ncia como meio de demonstrar impresso~es sentimentais de que muitos na~o os julgam suscetíveis." Visconde de Taunay - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.1.0 has been released.
Phil Mayers wrote:
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Didn't you alter the parser slightly to allow just:
...
%{debug:2}
...
Err, yes. But that's horrible syntax, and I don't think it will stay.
It's not a horrible syntax it's useful syntax, especially when being
used with horrible hacks such as this... makes them less horrible. It's
also good for making arbitrary calls to modules when you don't care
about the return value, such as sql insert and update statements (if the
SQL module supported xlated insert and update statements).
Having to wrap the whole thing in an update stanza and having to assign
the return value to a temporary string, now that's horrible syntax.
if (condition) {
call debug 2
}
Might also be useful for:
post-auth {
call sql "insert into blah ..."
}
I don't see that extra syntax is required...
--
Arran Cudbard-Bell ([EMAIL PROTECTED]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.1.0 has been released.
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Didn't you alter the parser slightly to allow just:
...
%{debug:2}
...
Err, yes. But that's horrible syntax, and I don't think it will stay.
if (condition) {
call debug 2
}
Might also be useful for:
post-auth {
call sql "insert into blah ..."
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.1.0 has been released.
Arran Cudbard-Bell wrote:
> Didn't you alter the parser slightly to allow just:
>
>...
>%{debug:2}
>...
Err, yes. But that's horrible syntax, and I don't think it will stay.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Clients with FreeRADIUS
Johan Meiring wrote: > Is the the "availibility of Nas-Identendifier" to the virtual server thing?? No. Maybe in 2.1.2. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dynamic Clients with FreeRADIUS
> Sent: 09 September 2008 11:16 AM > To: FreeRadius users mailing list > Subject: Re: Dynamic Clients with FreeRADIUS > > > It's a bug in 2.1.0 that will be fixed in 2.1.1. > Hi, Is the the "availibility of Nas-Identendifier" to the virtual server thing?? Thanks Johan Meiring > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.1.0 has been released.
Yes, that isn't documented there. I've added some text for 2.1.1.
In short, you can do:
...
update control {
Tmp-String-0 = "%{debug:2}"
}
...
Didn't you alter the parser slightly to allow just:
...
%{debug:2}
...
Or did you remove it before 2.1.0 ?
--
Arran Cudbard-Bell ([EMAIL PROTECTED]),
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Clients with FreeRADIUS
It's a bug in 2.1.0 that will be fixed in 2.1.1. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.1.0 has been released.
Norbert Wegener wrote:
> It seems to me, the log section contains the same items as in 2.0.5.
The "requests" entry is new. It can send logs to different
destinations based on dynamic expansions.
> So I am not sure how to turn logging on for a specific user when the
> server is running:
Yes, that isn't documented there. I've added some text for 2.1.1.
In short, you can do:
...
update control {
Tmp-String-0 = "%{debug:2}"
}
...
to set the debug level to 2 for *this* request. That "update" section
can be wrapped in an "if", to check for users, groups, realms, etc.
2.1.1 will also have the ability to change the global debug level from
radmin. 2.1.2 will have the ability to change the debug level for
requests coming from a particular client.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 2.1.0 has been released.
Alan DeKok wrote:
..
* Debug logs can now be turned on/off while the server is
running, for a user, group, realm, etc. See the "log" section
of radiusd.conf.
It seems to me, the log section contains the same items as in 2.0.5.
So I am not sure how to turn logging on for a specific user when the
server is running:
log {
destination = files
file = ${logdir}/radius.log
#
#requests =
${logdir}/radiusd-%{%{Virtual-Server}:-DEFAULT}-%Y%m%d.log
syslog_facility = daemon
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
Maybe I missed something?
Norbert Wegener
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius2 + MySQL: NAS x Usergroup
Carlos Eduardo Tavares Terra wrote:
> Sorry, but maybe I didn't understand how virtual servers really work.
raddb/sites-available/README
Each virtual server is a RADIUS server, just like in 1.x. The only
difference is that you don't need to run multiple processes to get
multiple server configurations.
> I have separated into different virtual servers because each type of
> service have different modules implemented by me. In freeradius1 I was
> using the groupreply 'Exec-Program-Wait' and different radius servers
> for each service. In each server I have modified the sql querys
i.e. in 1.x, you modified the SQL queries in the sql module
configuration, for each server. i.e. you were running TWO different
instances of the SQL module.
I think the problem is that you're trying to use only ONE instance of
the SQL module in 2.x. Instead, do this in the "modules" section:
sql sql1 {
... content from 1.x server1, INCLUDING queries
}
sql sql2 {
... content from 1.x server2, INCLUDING queries
}
Then, use "sql1" in the virtual server for server1, and "sql2" in the
virtual server for sql2.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Two radius server on same machine
andreiv wrote: > Hi, > > what is there to be done if you want a running instance and a standby > instance ? There's no such thing as a "standby" instance. It's either listening on the RADIUS port, or it's not. You're better off using a wrapper to watch the server, such as daemontools, or svtools. Or, installing servers on two independent machines, and configuring both of them on the clients. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
