Insert billiplan code in radacct table during authenticaiton
Hi all, I am using freeradius for AAA of my cable users. Now what I want to do is, insert billiplan code 001 into radacct table during authentication so that I can view online users according to billingplan code. There will be Billingplan field in radcheck table and when users tries to login the script will check the radcheck table and update that billingplan code into radacct table. Is it possible with rlm_perl module? Thank you Bishal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hey Ivan 2008/10/24 <[EMAIL PROTECTED]> > It (daily sqlcounter) does the same in 2.0.5: > > rlm_sqlcounter: Authorized user jagoda, check_item=1000, counter=2635 > rlm_sqlcounter: Sent Reply-Item for user jagoda, Type=Session-Timeout, > value=10027850 > > Returns value that is greater than the limit. I am using noreset > sqlcounter and that one works fine. Thanks for confirming this on a more up to date version. Alan, this smells like a bug (unless we missed something along the way), should I open up a bug ticket? And what would be the chances it can be backported to 1.1.7? Thanks, Liran. > > > > Dana 24/10/2008, "liran tal" <[EMAIL PROTECTED]> piše: > > >Hey, > > > >2008/10/24 <[EMAIL PROTECTED]> > > > >> No, he wants a data not time counter. > > > > > >That's right Evan. Moreover, there is no sense in changing the attribute > to > >be Session-Timeout when Chilli expects something else. > >Any thoughts on this issue? > > > > > >Thanks, > > > > > > > >Dana 24/10/2008, "mulianto" <[EMAIL PROTECTED]> piše: > > > >> > >> >hi..i think you should fix this one : > >> > > >> >reply-name = ChilliSpot-Max-Total-Octets to : > >> >reply-name = Session-Timeout > >> > > >> >try it.. > >> >rgds, > >> >Mulianto > >> > > >> >http://www.indohotspot.net > >> >Your Hotspot solution > >> > -Original Message- > >> > From: freeradius-users-bounces+mulianto=cni.co.id@ > lists.freeradius.org > >> > >[mailto:freeradius-users-bounces+mulianto > > >> [EMAIL PROTECTED] > >> >Behalf Of liran tal > >> > Sent: Friday, October 24, 2008 1:07 AM > >> > To: FreeRadius users mailing list > >> > Subject: sqlcounter returning wrong value? > >> > > >> > > >> > > >> > Hey, > >> > > >> > I'm experimenting with some sqlcounter directives in radiusd.conf and > >> >chilli as the NAS. > >> > I've defined the following sqlcounter stanza for a daily traffic > limit: > >> > > >> > sqlcounter defined in radiusd.conf: > >> > (the query was corrected as suggested by tnt on a previous thread on > the > >> >list, correct me if I got it wrong please) > >> > > >> > sqlcounter counterChilliSpotMaxDailyOctets { > >> > counter-name = ChilliSpot-Max-Daily-Octets > >> > check-name = ChilliSpot-Max-Daily-Octets > >> > reply-name = ChilliSpot-Max-Total-Octets > >> > sqlmod-inst = sql > >> > key = User-Name > >> > reset = daily > >> > error-msg = "Sorry, your maximum traffic usage > (download > >> >and upload) has exceed the provided limit" > >> > query = "SELECT (SUM(AcctInputOctets + > >> AcctOutputOctets)) > >> >FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + > >> >AcctSessionTime > '%b'" > >> > } > >> > > >> > > >> > > >> > In the authorization phase, I'm seeing the following in debug log: > >> >rlm_sqlcounter: Entering module authorize code > >> >sqlcounter_expand: 'SELECT > >> (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) > >> >FROM radacct WHERE UserName='%{User-Name}'' > >> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) > >> FROM > >> >radacct WHERE UserName='tester1'' > >> >sqlcounter_expand: '%{sql:SELECT > >> >(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE > >> >UserName='tester1'}' > >> >radius_xlat: Running registered xlat function of module sql for > string > >> >'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE > >> >UserName='tester1'' > >> >rlm_sql (sql): - sql_xlat > >> >radius_xlat: 'tester1' > >> >rlm_sql (sql): sql_set_user escaped user --> 'tester1' > >> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) > >> FROM > >> >radacct WHERE UserName='tester1'' > >> >rlm_sql (sql): Reserving sql socket id: 2 > >> >rlm_sql (sql): - sql_xlat finished > >> >rlm_sql (sql): Released sql socket id: 2 > >> >radius_xlat: '24004370' > >> >rlm_sqlcounter: (Check item - counter) is greater than zero > >> >rlm_sqlcounter: Authorized user tester1, check_item=26214400, > >> >counter=24004370 > >> >rlm_sqlcounter: Sent Reply-Item for user tester1, > >> >Type=ChilliSpot-Max-Total-Octets, value=26239950 > >> > modcall[authorize]: module "counterChilliSpotMaxDailyOctets" > returns > >> >ok for request 0 > >> > The entry in radcheck is as follows: > >> > > >> >| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 | > >> > What happens is that it seems the counter doesn't work as expected. > When > >> a > >> >user logs in, performs some traffic usage, logs out and logs in again, > >> > the replied back attribute for chilli doesn't contain a value which > is > >> the > >> >remainder of the traffic usage, but something else. > >> > > >> > According to the radius debug above, if check_item=26214400 and > >> >counter=24004370, how come value=26239950? > >> > So I'm guessing I
RE: 1.Troubleshooting MySQL Connections , 2. troubleshooting possiblememory leak
Hi all, @Alan: yes, I do have indexes. I still have the following issue: Fri Oct 24 18:21:33 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:34 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:35 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:36 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:37 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:39 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:42 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:57 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:58 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:59 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:00 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:01 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:02 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:03 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:04 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:05 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:07 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tri While my server seems to be OK. last pid: 18091; load avg: 0.22, 0.21, 0.23; up 44+02:44:36 18:22:33 82 processes: 81 sleeping, 1 on cpu CPU states: 96.2% idle, 2.4% user, 1.4% kernel, 0.0% iowait, 0.0% swap Memory: 8192M phys mem, 5979M free mem, 518M total swap, 518M free swap PID USERNAME LWP PRI NICE SIZE RES STATETIMECPU COMMAND 26627 mysql 59 590 585M 572M sleep 499.5H 2.29% mysqld 12576 root 1 540 15M 12M sleep 437:52 0.57% perl 11522 root 26 590 33M 29M sleep0:27 0.32% radiusd 12574 root 1 590 14M 11M sleep 530:58 0.04% perl It handles about 100 Interim updates per second, but my client detects something about 1000 losses per day. Where exactly does the logfile message poit to? To me it says: I did not try and therefore I did not skip anything While the server is workung like this, I'm able to do randamly update about 600 additional sets/s, using the statemants from dialup.conf in a perl script I'm afraid to check more, because it is live traffic. So I'm not sure, if it must be the database. Can set up a more detailed debug on this section? '-X' literally stops my service... Even that the log entry is marked as 'info', I'd like to understand, what's going on. Thank You. Stefan > -Original Message- > From: > [EMAIL PROTECTED] > us.org > [mailto:[EMAIL PROTECTED] > freeradius.org] On Behalf Of Alan DeKok > Sent: Wednesday, September 24, 2008 11:47 AM > To: FreeRadius users mailing list > Subject: Re: 1.Troubleshooting MySQL Connections , 2. > troubleshooting possiblememory leak > > > Stefan A. wrote: > > in my radiusd.log, I can see lots of these errors: > > Wed Sep 24 09:40:54 2008 : Info: rlm_sql (sql_accounting): > There are no DB > > handles to use! skipped 0, tried to connect 0 > > Your database is probably slow. Do you have indexes? > > > FR is eating Memory and I do not know how to troubleshoot this. > > It takes about 1 MB/ Minute which was about 3.5 GB over > some Days, before we > > rcognized this. > > There were issues with older versions of the server, but > 2.1.0 should > be fine. > > > I configured the option to die a server after 500 packets, > but this does not > > help for me. > > Because it stops the *thread*, not the *server*. And all > threads use > the same shared memory file. > > > May I unconfigure radutmp? I think I do not need this. > > Delete all references to it from the configuration file. > > > Do I really need the sqltrace-file? How my I unconfigure > it? Just deleting > > the config line > > Yes. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tr : error when using radtest
Please i need your help for this error message i get when i want to use radtest utility. #radtest jerry cool 127.0.0.1:1812 0 testing123 Here are results i get: Sending Access-Request of id 197 to 192.168.1.30 port 1812 User-Name = "jery" User-Password = "cool" NAS-IP-Address = 127.0.1.1 NAS-Port = 43459 Sending Access-Request of id 197 to 192.168.1.30 port 1812 User-Name = "jery" User-Password = "cool" NAS-IP-Address = 127.0.1.1 NAS-Port = 43459 Sending Access-Request of id 197 to 192.168.1.30 port 1812 User-Name = "jery" User-Password = "cool" NAS-IP-Address = 127.0.1.1 NAS-Port = 43459 Sending Access-Request of id 197 to 192.168.1.30 port 1812 User-Name = "jery" User-Password = "cool" NAS-IP-Address = 127.0.1.1 NAS-Port = 43459 radclient: no response from server for ID 197 socket 3 Here is the result of the command radiusd -X: Starting - reading configuration files ... client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: Loading Realms and Home Servers home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: Loading Virtual Servers server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "tls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "EsCuJePaII" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/usr/l
SMD5 format, for hash and salt?
I'm using FreeRADIUS v 2.1.1 on CentOS 5.2. I have everything working well, where I'm reading the user file for Cleartext and MD5 hashes. Here are two examples from my user file: bob Cleartext-Password := "testing123" carol MD5-Password := "f30aa7a662c728b7407c54ae6bfd27d1" (where carol's password is just hello123) However, it appears the data I have access to is actually stored as salted MD5 hashes. An example of an SMD5 hash that doesn't work in my user file: abe SMD5-Password := "37d0aa2d0d2b1f282eb2b393c9413998:rqZAS049NrEgN9bD" (where the above is :=salted MD5 hash:salt) I see the rlm_pap man page lists SMD5-Password as an attribute, but I'm at a loss as to the correct format for the MD5 hash and its associated salt. I've tried not just the colon above, but a semicolon, dash, period, a space, or tacked the salt to the beginning or to the end. I tried looking through the src, but couldn't figure it out. The output from radiusd -X and radtest for user abe is: Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 55280, id=91, length=55 User-Name = "abe" User-Password = "hellojulie" NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "abe", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry abe at line 3 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "hellojulie" [pap] Using SMD5 encryption. [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> abe attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 91 to 127.0.0.1 port 55280 Waking up in 4.9 seconds. And if anyone is curious, I was told this is how these particular SMD5 entries I was given were generated: function mosMakePassword($length=8) { $salt = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; $makepass = ''; mt_srand(1000*(double)microtime()); for ($i = 0; $i < $length; $i++) $makepass .= $salt[mt_rand(0,61)]; return $makepass; } list($hash, $salt) = explode(':', $row->password); $cryptpass = md5($passwd.$salt); if ($hash != $cryptpass) { if ( $bypost ) { mosErrorAlert(_LOGIN_INCORRECT); } else { $this->logout(); mosRedirect('index.php'); } exit(); } If anyone has any ideas or point out what I've completely misunderstood, please let me know. thanks, Julie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
undefined symbol: eaptls_session_idx
I built my own version of freeradius from the ubuntu package for 8.10. The ubuntu version stamp on it is 2.1.0+dfsg-0ubuntu2 so I expect it is freeradius 2.1.0 (and the source confirms this). I modified the package scripts so that I can link the program to openssl and get the eap modules. The program built without a hitch so I was a bit shocked to find that I get a linking error when I start the server. What can I do to fix this? Ubuntu 8.04, x86 My guess is recompile, but without knowing what I did wrong I will just get a bad build again and again and again. Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 2048 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } rlm_eap: Failed to link EAP-Type/tls: /usr/lib/freeradius/rlm_eap_tls.so: undefined symbol: eaptls_session_idx /etc/freeradius/eap.conf[17]: Instantiation failed for module "eap" /etc/freeradius/sites-enabled/inner-tunnel-ldap[223]: Failed to find module "eap". /etc/freeradius/sites-enabled/inner-tunnel-ldap[176]: Errors parsing authenticate section. } } Errors initializing modules - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: error when using radtest
>#radtest jerry cool 127.0.0.1:1812 0 testing123 > >Here are results i get: > > >Sending Access-Request of id 197 to 192.168.1.30 port 1812 >User-Name = "jery" >User-Password = "cool" >NAS-IP-Address = 127.0.1.1 >NAS-Port = 43459 Your system is broken. It's not resolving localhost to 127.0.0.1 but to 192.168.1.30. Fix it. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: error when using radtest
Hi, > Please i need your help for this error message i get when i want to use > radtest utility. > #radtest jerry cool 127.0.0.1:1812 0 testing123 which is mapped in /etc/hosts to some other addresses. you need to add 192.168.1.30 to your clients.conf - as 192.168.1.30 is the address you are appearing to the server as. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
It (daily sqlcounter) does the same in 2.0.5: rlm_sqlcounter: Authorized user jagoda, check_item=1000, counter=2635 rlm_sqlcounter: Sent Reply-Item for user jagoda, Type=Session-Timeout, value=10027850 Returns value that is greater than the limit. I am using noreset sqlcounter and that one works fine. Ivan Kalik Kalik Informatika ISP Dana 24/10/2008, "liran tal" <[EMAIL PROTECTED]> piše: >Hey, > >2008/10/24 <[EMAIL PROTECTED]> > >> No, he wants a data not time counter. > > >That's right Evan. Moreover, there is no sense in changing the attribute to >be Session-Timeout when Chilli expects something else. >Any thoughts on this issue? > > >Thanks, > > > >Dana 24/10/2008, "mulianto" <[EMAIL PROTECTED]> piše: > >> >> >hi..i think you should fix this one : >> > >> >reply-name = ChilliSpot-Max-Total-Octets to : >> >reply-name = Session-Timeout >> > >> >try it.. >> >rgds, >> >Mulianto >> > >> >http://www.indohotspot.net >> >Your Hotspot solution >> > -Original Message- >> > From: [EMAIL PROTECTED] >> >[mailto:freeradius-users-bounces+mulianto >> [EMAIL PROTECTED] >> >Behalf Of liran tal >> > Sent: Friday, October 24, 2008 1:07 AM >> > To: FreeRadius users mailing list >> > Subject: sqlcounter returning wrong value? >> > >> > >> > >> > Hey, >> > >> > I'm experimenting with some sqlcounter directives in radiusd.conf and >> >chilli as the NAS. >> > I've defined the following sqlcounter stanza for a daily traffic limit: >> > >> > sqlcounter defined in radiusd.conf: >> > (the query was corrected as suggested by tnt on a previous thread on the >> >list, correct me if I got it wrong please) >> > >> > sqlcounter counterChilliSpotMaxDailyOctets { >> > counter-name = ChilliSpot-Max-Daily-Octets >> > check-name = ChilliSpot-Max-Daily-Octets >> > reply-name = ChilliSpot-Max-Total-Octets >> > sqlmod-inst = sql >> > key = User-Name >> > reset = daily >> > error-msg = "Sorry, your maximum traffic usage (download >> >and upload) has exceed the provided limit" >> > query = "SELECT (SUM(AcctInputOctets + >> AcctOutputOctets)) >> >FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + >> >AcctSessionTime > '%b'" >> > } >> > >> > >> > >> > In the authorization phase, I'm seeing the following in debug log: >> >rlm_sqlcounter: Entering module authorize code >> >sqlcounter_expand: 'SELECT >> (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) >> >FROM radacct WHERE UserName='%{User-Name}'' >> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) >> FROM >> >radacct WHERE UserName='tester1'' >> >sqlcounter_expand: '%{sql:SELECT >> >(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE >> >UserName='tester1'}' >> >radius_xlat: Running registered xlat function of module sql for string >> >'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE >> >UserName='tester1'' >> >rlm_sql (sql): - sql_xlat >> >radius_xlat: 'tester1' >> >rlm_sql (sql): sql_set_user escaped user --> 'tester1' >> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) >> FROM >> >radacct WHERE UserName='tester1'' >> >rlm_sql (sql): Reserving sql socket id: 2 >> >rlm_sql (sql): - sql_xlat finished >> >rlm_sql (sql): Released sql socket id: 2 >> >radius_xlat: '24004370' >> >rlm_sqlcounter: (Check item - counter) is greater than zero >> >rlm_sqlcounter: Authorized user tester1, check_item=26214400, >> >counter=24004370 >> >rlm_sqlcounter: Sent Reply-Item for user tester1, >> >Type=ChilliSpot-Max-Total-Octets, value=26239950 >> > modcall[authorize]: module "counterChilliSpotMaxDailyOctets" returns >> >ok for request 0 >> > The entry in radcheck is as follows: >> > >> >| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 | >> > What happens is that it seems the counter doesn't work as expected. When >> a >> >user logs in, performs some traffic usage, logs out and logs in again, >> > the replied back attribute for chilli doesn't contain a value which is >> the >> >remainder of the traffic usage, but something else. >> > >> > According to the radius debug above, if check_item=26214400 and >> >counter=24004370, how come value=26239950? >> > So I'm guessing I'm missing something but I'm too obsessed with the >> >sqlcounter to notice it. (is the subtractation not a normal decimal >> action?) >> > >> > The FreeRADIUS version used is 1.1.7 >> >> > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
error when using radtest
Please i need your help for this error message i get when i want to use radtest utility. #radtest jerry cool 127.0.0.1:1812 0 testing123 Here are results i get: Sending Access-Request of id 197 to 192.168.1.30 port 1812 User-Name = "jery" User-Password = "cool" NAS-IP-Address = 127.0.1.1 NAS-Port = 43459 Sending Access-Request of id 197 to 192.168.1.30 port 1812 User-Name = "jery" User-Password = "cool" NAS-IP-Address = 127.0.1.1 NAS-Port = 43459 Sending Access-Request of id 197 to 192.168.1.30 port 1812 User-Name = "jery" User-Password = "cool" NAS-IP-Address = 127.0.1.1 NAS-Port = 43459 Sending Access-Request of id 197 to 192.168.1.30 port 1812 User-Name = "jery" User-Password = "cool" NAS-IP-Address = 127.0.1.1 NAS-Port = 43459 radclient: no response from server for ID 197 socket 3 Here is the result of the command radiusd -X: Starting - reading configuration files ... client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: Loading Realms and Home Servers home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 zombie_period = 40 status_check = "status-server" ping_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 } home_server_pool my_auth_failover { type = fail-over home_server = localhost } realm example.com { auth_pool = my_auth_failover } realm LOCAL { } radiusd: Instantiating modules instantiate { Module: Linked to module rlm_exec Module: Instantiating exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating expr Module: Linked to module rlm_expiration Module: Instantiating expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: Loading Virtual Servers server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "tls" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 pem_file_type = yes private_key_file = "/usr/local/etc/raddb/certs/server.pem" certificate_file = "/usr/local/etc/raddb/certs/server.pem" CA_file = "/usr/local/etc/raddb/certs/ca.pem" private_key_password = "EsCuJePaII" dh_file = "/usr/local/etc/raddb/certs/dh" random_file = "/usr/local/etc/raddb/certs/random" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/usr/lo
Re: Need some help with Access-Reject messages in upgrade from FreeRadius1.1.0 to FreeRadius 2.0.5
Adam Bultman wrote: > I decided it would be easier (in the long run) to simply start with a > default freeRadius 2.0.5 config file, and then adjust it to match our > setup. This has so far been going well, except now I've run into a > problem where variables in my users file are not being expanded. I suggest using 2.1.1, or the "stable" tree. See git.freeradius.org. > Example from the user's file: > DEFAULT Huntgroup-Name == dsl, serveriron-Ldap-Group == dsl10m, > User-Profile := "uid=dsl10m,ou > =profiles,ou=radius,dc=mtaonline,dc=net", Ldap-UserDN := > `uid=%{User-Name},ou=dsl,dc=domain > ,dc=com` > Fall-Through = no This won't work because the "users" file doesn't dynamically expand everything. I suggest using "unlang": if ((Huntgroup-Nmae == "dsl") && (serveridon... == ...)) { update control { User-Profile := "uid=..." LDAP-UserDN := "uid=%{User-Name},ou=..." } } That will cause the %{User-Name} to be expanded properly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hey, 2008/10/24 <[EMAIL PROTECTED]> > No, he wants a data not time counter. That's right Evan. Moreover, there is no sense in changing the attribute to be Session-Timeout when Chilli expects something else. Any thoughts on this issue? Thanks, Dana 24/10/2008, "mulianto" <[EMAIL PROTECTED]> piše: > > >hi..i think you should fix this one : > > > >reply-name = ChilliSpot-Max-Total-Octets to : > >reply-name = Session-Timeout > > > >try it.. > >rgds, > >Mulianto > > > >http://www.indohotspot.net > >Your Hotspot solution > > -Original Message- > > From: [EMAIL PROTECTED] > >[mailto:freeradius-users-bounces+mulianto > [EMAIL PROTECTED] > >Behalf Of liran tal > > Sent: Friday, October 24, 2008 1:07 AM > > To: FreeRadius users mailing list > > Subject: sqlcounter returning wrong value? > > > > > > > > Hey, > > > > I'm experimenting with some sqlcounter directives in radiusd.conf and > >chilli as the NAS. > > I've defined the following sqlcounter stanza for a daily traffic limit: > > > > sqlcounter defined in radiusd.conf: > > (the query was corrected as suggested by tnt on a previous thread on the > >list, correct me if I got it wrong please) > > > > sqlcounter counterChilliSpotMaxDailyOctets { > > counter-name = ChilliSpot-Max-Daily-Octets > > check-name = ChilliSpot-Max-Daily-Octets > > reply-name = ChilliSpot-Max-Total-Octets > > sqlmod-inst = sql > > key = User-Name > > reset = daily > > error-msg = "Sorry, your maximum traffic usage (download > >and upload) has exceed the provided limit" > > query = "SELECT (SUM(AcctInputOctets + > AcctOutputOctets)) > >FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + > >AcctSessionTime > '%b'" > > } > > > > > > > > In the authorization phase, I'm seeing the following in debug log: > >rlm_sqlcounter: Entering module authorize code > >sqlcounter_expand: 'SELECT > (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) > >FROM radacct WHERE UserName='%{User-Name}'' > >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) > FROM > >radacct WHERE UserName='tester1'' > >sqlcounter_expand: '%{sql:SELECT > >(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE > >UserName='tester1'}' > >radius_xlat: Running registered xlat function of module sql for string > >'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE > >UserName='tester1'' > >rlm_sql (sql): - sql_xlat > >radius_xlat: 'tester1' > >rlm_sql (sql): sql_set_user escaped user --> 'tester1' > >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) > FROM > >radacct WHERE UserName='tester1'' > >rlm_sql (sql): Reserving sql socket id: 2 > >rlm_sql (sql): - sql_xlat finished > >rlm_sql (sql): Released sql socket id: 2 > >radius_xlat: '24004370' > >rlm_sqlcounter: (Check item - counter) is greater than zero > >rlm_sqlcounter: Authorized user tester1, check_item=26214400, > >counter=24004370 > >rlm_sqlcounter: Sent Reply-Item for user tester1, > >Type=ChilliSpot-Max-Total-Octets, value=26239950 > > modcall[authorize]: module "counterChilliSpotMaxDailyOctets" returns > >ok for request 0 > > The entry in radcheck is as follows: > > > >| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 | > > What happens is that it seems the counter doesn't work as expected. When > a > >user logs in, performs some traffic usage, logs out and logs in again, > > the replied back attribute for chilli doesn't contain a value which is > the > >remainder of the traffic usage, but something else. > > > > According to the radius debug above, if check_item=26214400 and > >counter=24004370, how come value=26239950? > > So I'm guessing I'm missing something but I'm too obsessed with the > >sqlcounter to notice it. (is the subtractation not a normal decimal > action?) > > > > The FreeRADIUS version used is 1.1.7 > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: any other suggestions?
Martin Silvero wrote: > - I created all the certificates as they said in README, I tried and > nothing. *Something* happens. The error messages you posted indicate that there were problems with the certificates. My suggestion is to configure PEAP on the client first. If you can get that working, the adding a client certificate shouldn't be difficult. If PEAP doesn't work, then something is terribly wrong. Follow the instructions on my web page for configuring EAP: http://deployingradius.com. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounter returning wrong value?
No, he wants a data not time counter. Ivan Kalik Kalik Informatika ISP Dana 24/10/2008, "mulianto" <[EMAIL PROTECTED]> piše: >hi..i think you should fix this one : > >reply-name = ChilliSpot-Max-Total-Octets to : >reply-name = Session-Timeout > >try it.. >rgds, >Mulianto > >http://www.indohotspot.net >Your Hotspot solution > -Original Message- > From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] >Behalf Of liran tal > Sent: Friday, October 24, 2008 1:07 AM > To: FreeRadius users mailing list > Subject: sqlcounter returning wrong value? > > > > Hey, > > I'm experimenting with some sqlcounter directives in radiusd.conf and >chilli as the NAS. > I've defined the following sqlcounter stanza for a daily traffic limit: > > sqlcounter defined in radiusd.conf: > (the query was corrected as suggested by tnt on a previous thread on the >list, correct me if I got it wrong please) > > sqlcounter counterChilliSpotMaxDailyOctets { > counter-name = ChilliSpot-Max-Daily-Octets > check-name = ChilliSpot-Max-Daily-Octets > reply-name = ChilliSpot-Max-Total-Octets > sqlmod-inst = sql > key = User-Name > reset = daily > error-msg = "Sorry, your maximum traffic usage (download >and upload) has exceed the provided limit" > query = "SELECT (SUM(AcctInputOctets + AcctOutputOctets)) >FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + >AcctSessionTime > '%b'" > } > > > > In the authorization phase, I'm seeing the following in debug log: >rlm_sqlcounter: Entering module authorize code >sqlcounter_expand: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) >FROM radacct WHERE UserName='%{User-Name}'' >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM >radacct WHERE UserName='tester1'' >sqlcounter_expand: '%{sql:SELECT >(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE >UserName='tester1'}' >radius_xlat: Running registered xlat function of module sql for string >'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE >UserName='tester1'' >rlm_sql (sql): - sql_xlat >radius_xlat: 'tester1' >rlm_sql (sql): sql_set_user escaped user --> 'tester1' >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM >radacct WHERE UserName='tester1'' >rlm_sql (sql): Reserving sql socket id: 2 >rlm_sql (sql): - sql_xlat finished >rlm_sql (sql): Released sql socket id: 2 >radius_xlat: '24004370' >rlm_sqlcounter: (Check item - counter) is greater than zero >rlm_sqlcounter: Authorized user tester1, check_item=26214400, >counter=24004370 >rlm_sqlcounter: Sent Reply-Item for user tester1, >Type=ChilliSpot-Max-Total-Octets, value=26239950 > modcall[authorize]: module "counterChilliSpotMaxDailyOctets" returns >ok for request 0 > The entry in radcheck is as follows: > >| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 | > What happens is that it seems the counter doesn't work as expected. When a >user logs in, performs some traffic usage, logs out and logs in again, > the replied back attribute for chilli doesn't contain a value which is the >remainder of the traffic usage, but something else. > > According to the radius debug above, if check_item=26214400 and >counter=24004370, how come value=26239950? > So I'm guessing I'm missing something but I'm too obsessed with the >sqlcounter to notice it. (is the subtractation not a normal decimal action?) > > The FreeRADIUS version used is 1.1.7 > > > > Regards, > Liran. > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounter returning wrong value?
hi..i think you should fix this one : reply-name = ChilliSpot-Max-Total-Octets to : reply-name = Session-Timeout try it.. rgds, Mulianto http://www.indohotspot.net Your Hotspot solution -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of liran tal Sent: Friday, October 24, 2008 1:07 AM To: FreeRadius users mailing list Subject: sqlcounter returning wrong value? Hey, I'm experimenting with some sqlcounter directives in radiusd.conf and chilli as the NAS. I've defined the following sqlcounter stanza for a daily traffic limit: sqlcounter defined in radiusd.conf: (the query was corrected as suggested by tnt on a previous thread on the list, correct me if I got it wrong please) sqlcounter counterChilliSpotMaxDailyOctets { counter-name = ChilliSpot-Max-Daily-Octets check-name = ChilliSpot-Max-Daily-Octets reply-name = ChilliSpot-Max-Total-Octets sqlmod-inst = sql key = User-Name reset = daily error-msg = "Sorry, your maximum traffic usage (download and upload) has exceed the provided limit" query = "SELECT (SUM(AcctInputOctets + AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } In the authorization phase, I'm seeing the following in debug log: rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='%{User-Name}'' radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='tester1'' sqlcounter_expand: '%{sql:SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='tester1'}' radius_xlat: Running registered xlat function of module sql for string 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='tester1'' rlm_sql (sql): - sql_xlat radius_xlat: 'tester1' rlm_sql (sql): sql_set_user escaped user --> 'tester1' radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='tester1'' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): - sql_xlat finished rlm_sql (sql): Released sql socket id: 2 radius_xlat: '24004370' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user tester1, check_item=26214400, counter=24004370 rlm_sqlcounter: Sent Reply-Item for user tester1, Type=ChilliSpot-Max-Total-Octets, value=26239950 modcall[authorize]: module "counterChilliSpotMaxDailyOctets" returns ok for request 0 The entry in radcheck is as follows: | 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 | What happens is that it seems the counter doesn't work as expected. When a user logs in, performs some traffic usage, logs out and logs in again, the replied back attribute for chilli doesn't contain a value which is the remainder of the traffic usage, but something else. According to the radius debug above, if check_item=26214400 and counter=24004370, how come value=26239950? So I'm guessing I'm missing something but I'm too obsessed with the sqlcounter to notice it. (is the subtractation not a normal decimal action?) The FreeRADIUS version used is 1.1.7 Regards, Liran. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html