Re: freeradius2.1.6| buffered-sql | acctstoptime problems
Alan DeKok wrote: > Ivan Kalik wrote: > >> Counter? Write detail.work.counter onto the disk, increment it every time >> packet is processed and return to zero when detail.work is deleted. It >> will say how many packets to skip when radiusd is restarted. >> > > Hmm... OK. Or slightly differently: the offset in the file of where > it last read a packet. > > Yep that's a good option. > Maybe for 2.1.8. > > This is pretty much a none issue. Just have the detail file writer start a new file every minute/hour, then the number of repeated entries is very small. It's only when you have it start a new file every day, or use one monolithic detail file that you run into problems. -Arran signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
>> ... >>>rad_check_password: Found Auth-Type LDAP >>> auth: type "LDAP" >> >> Remove that from users file. Let pap module do the authentication. Ldap >> should return the password to radius via ldap.attrmap. > > I still need this in the users file though. Without it, I get rejections. > It seems like this is all working well right now. Thanks a lot! Then your ldap isn't passing the user password to radius (or is encrypted and has a header and auto-headers aren't enabled). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Huntgroup only work with user check, not group check
On Wed, Sep 2, 2009 at 5:13 AM, Ivan Kalik wrote: >> I am having trouble while trying to work with huntgroups. Maybe I >> misunderstand the way how huntgroups works. >> >> When I use 'Huntgroup-Name' into radcheck, everything works fine. But >> when I put the 'Huntgroup-Name' into radgroupcheck, the radius is just >> ignoring it. > > Nothing wrong with huntgroups. That's how sql groups work. If they don't > match they are ignored - user doesn't get rejected. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Is there anyway to reject if groupcheck fails? Thanks -- Carlos Eduardo Tavares Terra GNU/Linux #413291 [http://counter.li.org] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-release of 2.1.7
On Wednesday 02 September 2009 09:46:01 Alan DeKok wrote: > It's been a while since 2.1.6, and it's getting close to time for > 2.1.7. In order to ensure the stability of the software, we need your > help. > > Please download the "pre" release of 2.1.7 from: > > http://git.freeradius.org/pre/ > > Build it, install it, and see if there are issues. The directory also > includes Debian packages for Ubuntu 8.0.4. > > If there are no issues, we can release 2.1.7 this week. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html Tested in Ubuntu 9.04 from sources and no problems found so far. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-release of 2.1.7
On 09/02/2009 04:46 AM, Alan DeKok wrote: It's been a while since 2.1.6, and it's getting close to time for 2.1.7. In order to ensure the stability of the software, we need your help. Build it, install it, and see if there are issues. I've done a basic sanity check. * it builds * it installs * it runs * it can do pap sorry, but I don't have more time at the moment for further testing. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
Quoting "Ivan Kalik" : Ok. You can remove redundant (module is not failing, so no failover needed). Just list the two modules one below the other. Removing the redundant lines, seems to make this work! ... rad_check_password: Found Auth-Type LDAP auth: type "LDAP" Remove that from users file. Let pap module do the authentication. Ldap should return the password to radius via ldap.attrmap. I still need this in the users file though. Without it, I get rejections. It seems like this is all working well right now. Thanks a lot! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
> Quoting "Ivan Kalik" :
>
>> So what does first ldap section return when user is missling - fail or
>> reject (I see you have access attribute configured there)? If it's
>> reject
>> you need unlang (ie 2.x).
>>
>
> Here is my output of radtest with a user on the second LDAP server.
> This server never gets quieried unless the first one is offline. I
> also made these changes to radiusd.conf after re-reading the
> configurable_failover document.
> I would appreciate some pointers because I am just not getting it.
>
> redundant {
>
> rhds_ldap
> notfound = 1
> ok = return
> ad_ldap
> notfound = 1
> ok = return
> }
>
>
> modcall: entering group authorize for request 0
>modcall[authorize]: module "preprocess" returns ok for request 0
> rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
> rlm_realm: No such realm "NULL"
>modcall[authorize]: module "suffix" returns noop for request 0
>rlm_eap: No EAP-Message, not doing EAP
>modcall[authorize]: module "eap" returns noop for request 0
> modcall: entering group redundant for request 0
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for testuser
> radius_xlat: '(uid=testuser)'
> radius_xlat: 'dc=xx,dc=xx,dc=xx'
> rlm_ldap: ldap_get_conn: Checking Id: 0
> rlm_ldap: ldap_get_conn: Got Id: 0
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to xx.xx.com:389, authentication 0
> rlm_ldap: bind as cn=ciscoap,ou=System,dc=xx,dc=xx,dc=xx/ to
> xx.xx.com:389
> rlm_ldap: waiting for bind result ...
> rlm_ldap: Bind was successful
> rlm_ldap: performing search in dc=xx,dc=xx,dc=xx, with filter
> (uid=testuser)
> rlm_ldap: object not found or got ambiguous search result
> rlm_ldap: search failed
> rlm_ldap: ldap_release_conn: Release Id: 0
>modcall[authorize]: module "rhds_ldap" returns notfound for request 0
Ok. You can remove redundant (module is not failing, so no failover
needed). Just list the two modules one below the other.
...
> users: Matched entry DEFAULT at line 216
...
>rad_check_password: Found Auth-Type LDAP
> auth: type "LDAP"
Remove that from users file. Let pap module do the authentication. Ldap
should return the password to radius via ldap.attrmap.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
AJ wrote:
> I would appreciate some pointers because I am just not getting it.
>
> redundant {
>
> rhds_ldap
> notfound = 1
> ok = return
You need brackets around everything:
redundant {
rhds_ldap {
notfound = 1
ok = return
} #rdhs_ldap
...
} # redundant
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-release of 2.1.7
The dictionary.airespace file should probably be updated. Airespace is now owned by Cisco and the VSAs that are published are different from those included with the FR distribution. See http://www.cisco.com/en/US/products/ps6366/products_configuration_example09186a0080891919.shtml for additional details. I've included the copy of the dictionary.airespace file that I'm using. -r # -*- text -*- # # As found on the net. # # $Id$ # VENDOR Airespace 14179 BEGIN-VENDORAirespace ATTRIBUTE Airespace-Wlan-Id 1 integer ATTRIBUTE Airespace-QOS-Level 2 integer ATTRIBUTE Airespace-DSCP 3 integer ATTRIBUTE Airespace-8021p-Tag 4 integer ATTRIBUTE Airespace-Interface-Name5 string ATTRIBUTE Airespace-ACL-Name 6 string VALUE Airespace-QOS-Level Bronze 3 VALUE Airespace-QOS-Level Silver 0 VALUE Airespace-QOS-Level Gold1 VALUE Airespace-QOS-Level Platinum2 END-VENDOR Airespace On (09/02/09 10:46), Alan DeKok wrote: > It's been a while since 2.1.6, and it's getting close to time for > 2.1.7. In order to ensure the stability of the software, we need your help. > > Please download the "pre" release of 2.1.7 from: > > http://git.freeradius.org/pre/ > > Build it, install it, and see if there are issues. The directory also > includes Debian packages for Ubuntu 8.0.4. > > If there are no issues, we can release 2.1.7 this week. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Ryan Steinmetz Lead Security/Systems Administrator Infrastructure Engineering Rochester Institute of Technology 585.475.5663 PGP: EF36 D45A 5CA9 28B1 A550 18CD A43C D111 7AD7 FAF2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
Quoting "Ivan Kalik" :
So what does first ldap section return when user is missling - fail or
reject (I see you have access attribute configured there)? If it's reject
you need unlang (ie 2.x).
Here is my output of radtest with a user on the second LDAP server.
This server never gets quieried unless the first one is offline. I
also made these changes to radiusd.conf after re-reading the
configurable_failover document.
I would appreciate some pointers because I am just not getting it.
redundant {
rhds_ldap
notfound = 1
ok = return
ad_ldap
notfound = 1
ok = return
}
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
modcall: entering group redundant for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for testuser
radius_xlat: '(uid=testuser)'
radius_xlat: 'dc=xx,dc=xx,dc=xx'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to xx.xx.com:389, authentication 0
rlm_ldap: bind as cn=ciscoap,ou=System,dc=xx,dc=xx,dc=xx/ to xx.xx.com:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=xx,dc=xx,dc=xx, with filter (uid=testuser)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "rhds_ldap" returns notfound for request 0
modcall: leaving group redundant (returns notfound) for request 0
users: Matched entry DEFAULT at line 153
users: Matched entry DEFAULT at line 216
modcall[authorize]: module "files" returns ok for request 0
rlm_pap: WARNING! No "known good" password found for the user.
Authentication may fail because of this.
modcall[authorize]: module "pap" returns noop for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group LDAP for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "testuser" with password "password"
radius_xlat: '(uid=testuser)'
radius_xlat: 'dc=xx,dc=xx,dc=xx'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=xx,dc=xx,dc=xx, with filter (uid=testuser)
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authenticate]: module "rhds_ldap" returns notfound for request 0
modcall: leaving group LDAP (returns notfound) for request 0
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 236 to 127.0.0.1 port 41511
Waking up in 4 seconds...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
>> Redundant should work in 1.1.7. But in 2.x you can use unlang for even >> more flexibility. Not to mention all the bug and security fixes and >> enhancements in years since 1.1.7. If you are upgrading go for the >> latest >> version. > > I have upgraded to 1.1.7, and I still have the same behavior. Is my > configuration right for what I want to do? So what does first ldap section return when user is missling - fail or reject (I see you have access attribute configured there)? If it's reject you need unlang (ie 2.x). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
AJ wrote: > I know this has been discussed before on the list and there is > documentation for this, but I have literally spent days on this and I > cannot get the result that I am looking for. I am hoping someone can > share a configuration with me that works. Basically, I am looking to > have radius authenticate to two LDAP servers one after the other. It is > not a true failover or load balance situation, as both servers need to > be queried at the same time. Basically, I want the first LDAP server to > be queried for a username/password, then if the user is not found, try > the second one. In 1.1.x, read doc/configurable_failover It explains how to configure what you want, including the module return codes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
Quoting "Ivan Kalik" : Redundant should work in 1.1.7. But in 2.x you can use unlang for even more flexibility. Not to mention all the bug and security fixes and enhancements in years since 1.1.7. If you are upgrading go for the latest version. I have upgraded to 1.1.7, and I still have the same behavior. Is my configuration right for what I want to do? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
>> Upgrade. Then create redundant section for ldap servers in authorize. >> > > Would I be able to go to latest 1.1.x release to get this working or > do I need to go to 2.x? Redundant should work in 1.1.7. But in 2.x you can use unlang for even more flexibility. Not to mention all the bug and security fixes and enhancements in years since 1.1.7. If you are upgrading go for the latest version. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
Quoting "Ivan Kalik" : Upgrade. Then create redundant section for ldap servers in authorize. Would I be able to go to latest 1.1.x release to get this working or do I need to go to 2.x? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with multiple LDAP servers
> I know this has been discussed before on the list and there is > documentation for this, but I have literally spent days on this and I > cannot get the result that I am looking for. I am hoping someone can > share a configuration with me that works. Basically, I am looking to > have radius authenticate to two LDAP servers one after the other. It > is not a true failover or load balance situation, as both servers need > to be queried at the same time. Basically, I want the first LDAP > server to be queried for a username/password, then if the user is not > found, try the second one. > > radiusd -v: > radiusd: FreeRADIUS Version 1.1.3 > > rpm -qa | grep freeradius: > freeradius-1.1.3-1.2.el5 Upgrade. Then create redundant section for ldap servers in authorize. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-release of 2.1.7
Alan DeKok wrote: It's been a while since 2.1.6, and it's getting close to time for 2.1.7. In order to ensure the stability of the software, we need your help. Please download the "pre" release of 2.1.7 from: http://git.freeradius.org/pre/ Build it, install it, and see if there are issues. The directory also includes Debian packages for Ubuntu 8.0.4. If there are no issues, we can release 2.1.7 this week. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Seems to build & run ok with out config. FYI we've been running with this patch: --- freeradius-server-2.1.4/share/dictionary.extreme.old 2009-04-29 14:16:30.0 +0100 +++ freeradius-server-2.1.4/share/dictionary.extreme2009-04-29 14:18:40.0 +0100 @@ -17,6 +17,8 @@ ATTRIBUTE Extreme-Netlogin-Only 206 integer ATTRIBUTE Extreme-User-Location 208 string ATTRIBUTE Extreme-Netlogin-Vlan-Tag 209 integer +ATTRIBUTE Extreme-Netlogin-Extended-Vlan 211 string +ATTRIBUTE Extreme-Security-Profile212 string VALUE Extreme-CLI-Authorization Disabled0 VALUE Extreme-CLI-Authorization Enabled 1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with multiple LDAP servers
Hi,
I know this has been discussed before on the list and there is
documentation for this, but I have literally spent days on this and I
cannot get the result that I am looking for. I am hoping someone can
share a configuration with me that works. Basically, I am looking to
have radius authenticate to two LDAP servers one after the other. It
is not a true failover or load balance situation, as both servers need
to be queried at the same time. Basically, I want the first LDAP
server to be queried for a username/password, then if the user is not
found, try the second one. I did not extend the schema on either LDAP
server, and I do not really want to do that if at all possible, since
I am just using freeradius for authentication. One a side note, if I
just use one LDAP server in the configuration, it works fine. I can
authenticate to both LDAP servers if I only list one. What seems to
happen with this configuration is that it only trys the first LDAP
server, and if the user does not exist, it quits right there and does
not try the second (ad_ldap). Any help would be greatly appreciated.
I am running the following version of freeradius:
radiusd -v:
radiusd: FreeRADIUS Version 1.1.3
rpm -qa | grep freeradius:
freeradius-1.1.3-1.2.el5
Here are the relevant parts of my config:
$sysconfdir/raddb/radiusd.conf:
modules {
ldap rhds_ldap {
server = "xxx.xxx.com"
identity = "cn=ciscoap,ou=System,dc=xx,dc=xx,dc=xx"
password = ""
basedn = "dc=xx,dc=xx,dc=xx"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=DUser)"
start_tls = no
access_attr = "uid"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
ldap ad_ldap {
server = "yyy.yyy.com"
identity = "CN=CiscoAP,CN=Users,DC=yy,DC=yy"
password = ""
basedn = "dc=yy,dc=yy"
filter =
"(samAccountName=%{Stripped-User-Name:-%{User-Name}})"
base_filter = "(objectclass=person)"
start_tls = no
access_attr = "samAccountName"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 4
timelimit = 3
net_timeout = 1
}
}
authorize {
redundant {
rhds_ldap
rhds_ldap
notfound = reject
}
}
authenticate {
Auth-Type LDAP {
rhds_ldap
ad_ldap
}
}
$sysconfdir/raddb/users: (added)
DEFAULT Auth-Type := LDAP
Fall-Through = Yes
$sysconfdir/raddb/ldap.attrmap: (added)
checkItem User-Password userPassword
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-release of 2.1.7
> It's been a while since 2.1.6, and it's getting close to time for > 2.1.7. In order to ensure the stability of the software, we need your help. > > Please download the "pre" release of 2.1.7 from: > > http://git.freeradius.org/pre/ > > Build it, install it, and see if there are issues. The directory also > includes Debian packages for Ubuntu 8.0.4. Would this packages work on Debian Lenny? -- damjan | дамјан This is my jabber ID --> dam...@bagra.net.mk -- not my mail address, it's a Jabber ID --^ :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-release of 2.1.7
hi, yeh, that'll work - i just moved the module into modules-disabled (a local config option here) , so it, along with exec, expiration, and ldap arent loaded up upon server startup at all. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-release of 2.1.7
Alan Buxey wrote: > Unable to open file "/etc/raddb/sql/mysql/cui.conf": No such file or directory > > this file is being called by the new modules/cui file > which cannot be used properly until cui has been configured, > cui.conf configured and the cui schema has been imported > into the SQL - so I'm not sure why its active and on by default. The intent was to add more CUI configuration, but there isn't time to finish that before 2.1.7. I've removed the $INCLUDE line that was causing the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius2.1.6| buffered-sql | acctstoptime problems
ramesh p wrote: > If the db freezes. When db comes up, radius starting filling data to db. > But the current packets are logged after 2 days, which our reporting > will be effected. And it's starting filling the entire detail.work > file(updating the old packets in db). > Is the detial.work file fix is in FR dev roadmap? Eventually. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pre-release of 2.1.7
hi, quick initial feedback..if you do a straight upgrade over an existing installation then the daemon wont start because of missing config file Unable to open file "/etc/raddb/sql/mysql/cui.conf": No such file or directory this file is being called by the new modules/cui file which cannot be used properly until cui has been configured, cui.conf configured and the cui schema has been imported into the SQL - so I'm not sure why its active and on by default. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius2.1.6| buffered-sql | acctstoptime problems
> If the db freezes. When db comes up, radius starting filling data to db. > But > the current packets are logged after 2 days, which our reporting will be > effected. How is database breakdown freeradius fault??? And what were you doing those two days if you haven't noticed that new packets aren't written into the database? > And it's starting filling the entire detail.work file(updating > the > old packets in db). > Is the detial.work file fix is in FR dev roadmap? Could be in 2.1.8. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius2.1.6| buffered-sql | acctstoptime problems
If the db freezes. When db comes up, radius starting filling data to db. But the current packets are logged after 2 days, which our reporting will be effected. And it's starting filling the entire detail.work file(updating the old packets in db). Is the detial.work file fix is in FR dev roadmap? ramesh p wrote: > db frozen in my production env. This issue has been seen. Exeperiencing > Outages in prod. environment. Please suggest a fix to overcome this issue. Outages? If the DB is down, the server should still write to the detail file. When the DB comes back up, it will read from the detail file, and write to the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: conditionally call ldap module instance?
Gary Prosser wrote:
> Hi
> I have 3 ldap instances (one for each of staff, student, faculty users
> on different hosts). In authorise section I want FR to call eg ldap2
> only if ldap1 returns fail or notfound.
>
> How can I refer to an instance of the ldap module within a conditional
> statement?
$ man unlang
> authorise {
> preprocess
> ldap1 if(fail || notfound){
Almost. Every *different* thing needs to be on a different line:
ldap1
if (fail || notfound {
That's it. Everything else you had was OK.
> ldap2
> }
> files
> }
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Pre-release of 2.1.7
It's been a while since 2.1.6, and it's getting close to time for 2.1.7. In order to ensure the stability of the software, we need your help. Please download the "pre" release of 2.1.7 from: http://git.freeradius.org/pre/ Build it, install it, and see if there are issues. The directory also includes Debian packages for Ubuntu 8.0.4. If there are no issues, we can release 2.1.7 this week. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius2.1.6| buffered-sql | acctstoptime problems
Ivan Kalik wrote: > Counter? Write detail.work.counter onto the disk, increment it every time > packet is processed and return to zero when detail.work is deleted. It > will say how many packets to skip when radiusd is restarted. Hmm... OK. Or slightly differently: the offset in the file of where it last read a packet. Maybe for 2.1.8. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Huntgroup only work with user check, not group check
> I am having trouble while trying to work with huntgroups. Maybe I > misunderstand the way how huntgroups works. > > When I use 'Huntgroup-Name' into radcheck, everything works fine. But > when I put the 'Huntgroup-Name' into radgroupcheck, the radius is just > ignoring it. Nothing wrong with huntgroups. That's how sql groups work. If they don't match they are ignored - user doesn't get rejected. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius2.1.6| buffered-sql | acctstoptime problems
ramesh p wrote: > db frozen in my production env. This issue has been seen. Exeperiencing > Outages in prod. environment. Please suggest a fix to overcome this issue. Outages? If the DB is down, the server should still write to the detail file. When the DB comes back up, it will read from the detail file, and write to the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius2.1.6| buffered-sql | acctstoptime problems
db frozen in my production env. This issue has been seen. Exeperiencing Outages in prod. environment. Please suggest a fix to overcome this issue. > Alan Buxey wrote: >>> Hmmm... maybe over-writing it with spaces would work... or something >>> else might go wrong. >> >> or reverse it when making the .work copy and read from the end of the >> file > > That's hard... the detail.work file is created via a "rename", which > is nearly zero cost. > > Alan DeKok. Counter? Write detail.work.counter onto the disk, increment it every time packet is processed and return to zero when detail.work is deleted. It will say how many packets to skip when radiusd is restarted. Ivan Kalik Kalik Informatika ISP - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
