date:20091009

 I am wondering if I have to write some scripts to save
 the user id, his connection duration ect ...in postgres database.

No. Just configure postgre in sql.conf and uncoment sql entries in
radiusd.conf and accounting section of default virtual server. Schema for
the database is provided.

 I want to
 implement the following situation: I don't care what my ldap_server ll
 return when a user sends a access request packet, but I want to save the
 name, passwd,

That goes into radacct by default.

 the connection duration(so at this time I initialize the
 connection time which will be incremented until the disconnection time ).

For that you will need to enable accounting updates on your NAS. If your
NAS supports Acct-Interim-Interval you can send it in the Access-Accept.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radiusExpiration attirbute declared in the LdapGroup

2009-10-09 Thread aangles

I'm sorry man, i am new with this. Exactly in which file I configure ,and in
which section of that file: radiusd.conf, or expiration module, or ldap
module, users file? Because I know that in the users file radius can check
ittems stored in the LDAP, only in a per user basis. But i would like to do
that in a per ldap group basis.

if (LDAP-Group == blah) {
update control {
Expiration := wibble
}
}

in which file do I confiugre

Alexander Clouter wrote:

Hi,

aangles aav_1...@hotmail.com wrote:

I would Like to know if there is a way to define an expiration time for
all
those users which belong to an LDAP Group, instead of defining this
attribute for each of those users?

Moreover, after expiration time , RADIUS send an access-reject to the
user.
Is there any tool or something that send a message to the wifi users in
a
windows form?

I think you have two options, some LDAP xlat'ing after you have called
your LDAP autz module based around 'control:Ldap-UserDn' or
alternatively (and probably better) is just to use some unlang to say:

if (LDAP-Group == blah) {
update control {
Expiration := wibble
}
}

Then called the 'expiration' module after that.

Cheers

--
Alexander Clouter
.sigmonster says: Life is the urge to ecstasy.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

--
View this message in context:
http://www.nabble.com/radiusExpiration-attirbute-declared-in-the-LdapGroup-tp25803278p25820411.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radiusExpiration attirbute declared in the LdapGroup

 I'm sorry man, i am new with this. Exactly in which file I configure ,and
 in
 which section of that file: radiusd.conf, or expiration module, or ldap
 module, users file?

None of the above. In authorize section of default or inner-tunnel virtual
server depending on the protocol used.

 Because I know that in the users file radius can check
 ittems stored in the LDAP, only in a per user basis. But i would like to
 do
 that in a per ldap group basis.

If you like users file that much you can also put it there as DEFAULT entry:

DEFAULT Ldap-Group == some_group, Expiration := when

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Adding vendor specific attributes to dictionary

 I am attempting to add vendor specific attributes to my dictionary
 without success :(

 I was given the following information to add:

 Class   Number  Attribute   Value  Type
 VENDORATTR  12345   Vendor-Attribute-A  1  string
 VENDORATTR  12345   Vendor-Attribute-A  2  string


 Now since VENDORATTR is not a freeradius dictionary format I assume this
 comes from a different RADIUS server, which I need to now implement in
 my freeradius dicitonary.

 I have had a look at the dictionary man page, and see that one can use
 ATTRIBUTE for this, but since the Number is the same for both attributes
 I would assume that I need to define a vendor  specific  attribute
 encapsulation so that I can list multiple attributes for this vendor,
 but this does not seem to be working for me - This is what I have done:

 File dictionary:
 

 $INCLUDE/usr/share/freeradius/dictionary
 $INCLUDE/etc/raddb/dictionary.myvendor


 File dictionary.myvendor:
 -

 VENDOR   MyVendor 12345
 BEGIN-VENDOR MyVendor
 ATTRIBUTE Vendor-Attribute-A 1 string
 ATTRIBUTE Vendor-Attribute-B 2 string
 END-VENDOR   MyVendor


That looks OK.

 When I attempt to start my freeradius server with this dictionary file
 all I get is the following message to std out:

 Errors reading dictionary: dict_init: /etc/raddb/dictionary.myvendor[1]:
 dict_init: /etc/raddb/dictionary.myvendor[1]: dict_init: /etc/

Check stuff like permissions on the file.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: acct_postgresql+auth_ldap

2009-10-09 Thread José Johnny RANDRIAMAMPIONONA

Thank u guys!

2009/10/9 Ivan Kalik t...@kalik.net

  I am wondering if I have to write some scripts to save
  the user id, his connection duration ect ...in postgres database.

 No. Just configure postgre in sql.conf and uncoment sql entries in
 radiusd.conf and accounting section of default virtual server. Schema for
 the database is provided.

  I want to
  implement the following situation: I don't care what my ldap_server ll
  return when a user sends a access request packet, but I want to save the
  name, passwd,

 That goes into radacct by default.

  the connection duration(so at this time I initialize the
  connection time which will be incremented until the disconnection time ).

 For that you will need to enable accounting updates on your NAS. If your
 NAS supports Acct-Interim-Interval you can send it in the Access-Accept.

 Ivan Kalik
 Kalik Informatika ISP

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




-- 
JJohnny RANDRIAMAMPIONONA
Phone: +212663682554, +212533158575
National School of Applied Sciences
ZIP 1818 TANGIER 9
-Morocco ---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Adding vendor specific attributes to dictionary

2009-10-09 Thread Patric



Ivan Kalik wrote:

...
File dictionary.myvendor:
-

VENDOR   MyVendor 12345
BEGIN-VENDOR MyVendor
ATTRIBUTE Vendor-Attribute-A 1 string
ATTRIBUTE Vendor-Attribute-B 2 string
END-VENDOR   MyVendor



That looks OK.

As always thank you for your reply Ivan :)

I have narrowed the problem down to the number field. The actual number 
I have been given to use is 32768, and the problem seems to be the fact 
that the number is 5 digits long. If I make the number 4 digits long my 
server starts up without complaint.


Any suggestions?

Many thanks,
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Adding vendor specific attributes to dictionary

Patric wrote:
 I have narrowed the problem down to the number field. The actual number
 I have been given to use is 32768,

  Install 2.1.7.

  See doc/ChangeLog

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Adding vendor specific attributes to dictionary

 File dictionary.myvendor:
 -

 VENDOR   MyVendor 12345
 BEGIN-VENDOR MyVendor
 ATTRIBUTE Vendor-Attribute-A 1 string
 ATTRIBUTE Vendor-Attribute-B 2 string
 END-VENDOR   MyVendor


 That looks OK.

 I have narrowed the problem down to the number field. The actual number
 I have been given to use is 32768, and the problem seems to be the fact
 that the number is 5 digits long. If I make the number 4 digits long my
 server starts up without complaint.

 Any suggestions?

Vendor number must be smaller than 32K. 32766 is max.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Adding vendor specific attributes to dictionary

2009-10-09 Thread Patric



Alan DeKok wrote:

Patric wrote:

I have narrowed the problem down to the number field. The actual number
I have been given to use is 32768,


  Install 2.1.7.

  See doc/ChangeLog

Aaah,

2.1.7 Changelog:

   * Allowed vendor IDs to be be higher than 32767.


Fantastic, upgrading now, thank you once again Alan  Ivan :)

Have a great weekend,
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

errors There are no DB handles to use and Discarding conflicting packet from client


Hi, I have a dedicated server with freeradius 2.05

i'm getting 2 errors

Error: Discarding conflicting packet from client net port 25000 - ID: 100
due to recent request 7343.

There are no DB handles to use! skipped 0, tried to connect 0


I'm searching on the forums and a lot of people has this problem..

I change sql_num_socks = 30
I increase the max_connections=500
I increase everything that what was possible

but the problem still happens

I see on the forums in alot of web sites and nobody has the solution

somebody can help?
-- 
View this message in context: 
http://www.nabble.com/errors-There-are-no-DB-handles-to-use-and-Discarding-conflicting-packet-from-client-tp25823175p25823175.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radiusExpiration attirbute declared in the LdapGroup

2009-10-09 Thread aangles


Like this?

DEFAULT guests-Ldap-Group == cn=wlanguests,ou=Groups,dc=CELLS,dc=ES,
Expiration := 09 Oct 2009 17:00, Auth-Type = LDAPGUESTS

Because with this radius says:

/etc/raddb/users[65]: Parse error (check) for entry DEFAULT: Expected end of
line or comma
and i tried to add a comma at the end of the line but still it says the same
alert.


Ivan Kalik wrote:
 
 I'm sorry man, i am new with this. Exactly in which file I configure ,and
 in
 which section of that file: radiusd.conf, or expiration module, or ldap
 module, users file?
 
 None of the above. In authorize section of default or inner-tunnel virtual
 server depending on the protocol used.
 
 Because I know that in the users file radius can check
 ittems stored in the LDAP, only in a per user basis. But i would like to
 do
 that in a per ldap group basis.
 
 If you like users file that much you can also put it there as DEFAULT
 entry:
 
 DEFAULT Ldap-Group == some_group, Expiration := when
 
 Ivan Kalik
 Kalik Informatika ISP
 
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html
 
 

-- 
View this message in context: 
http://www.nabble.com/radiusExpiration-attirbute-declared-in-the-LdapGroup-tp25803278p25823181.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problems with radutmp


Hi.

I'm having some problems with radutmp.

I'm using an Aruba Mobility Controller which has radauth and radacct 
configured to this freeradius server. In fact, I've tried with 
freeradius both on centOS and ubuntu with same results.


When a user logs in, a corresponding entry is added to radutmp, and 
indeed, nobody can log in with this user account (if I activate 
Simultaneous-use). But if another users logs in, the entry for the 
previous user gets deleted from radutmp, and a new one is added for this 
new user. Then, a user with the account from the first user can log in 
indeed. In other words, only the last logged in user gets to the radutmp 
file.


On both boxes, using freeradius 2.1.0.

Any idea?

--
Gerardo Contreras
NetX
http://netx.com.mx/
T: +52 (614) 2010101 x 121
M: +52 (614) 2479727
Sin costo: 01800 GO2NETX

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with radutmp



It even happens without using Simultaneous-use. Even if the same user 
authenticates, radius will delete the previous entry from the radutmp. 
It only keeps the last logged in user.


By the way, radlast shows the previous users like if there were logged 
out, but they are indeed still logged in.


I've run tcpdump on the system and the radius server is NOT receiving 
any STOP accounting package from the NAS.


Gerardo Contreras wrote:

Hi.

I'm having some problems with radutmp.

I'm using an Aruba Mobility Controller which has radauth and radacct 
configured to this freeradius server. In fact, I've tried with 
freeradius both on centOS and ubuntu with same results.


When a user logs in, a corresponding entry is added to radutmp, and 
indeed, nobody can log in with this user account (if I activate 
Simultaneous-use). But if another users logs in, the entry for the 
previous user gets deleted from radutmp, and a new one is added for 
this new user. Then, a user with the account from the first user can 
log in indeed. In other words, only the last logged in user gets to 
the radutmp file.


On both boxes, using freeradius 2.1.0.

Any idea?




--
Gerardo Contreras
NetX
http://netx.com.mx/
T: +52 (614) 2010101 x 121
M: +52 (614) 2479727
Sin costo: 01800 GO2NETX

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with radutmp



I've been watching the log records from users sessions, and I noted that 
every access from the NAS comes from the same NAS-Port. Could it be the 
reason? If so, is there any way so radutmp registers all of the entries 
even if the nas port is the same?


Gerardo Contreras wrote:


It even happens without using Simultaneous-use. Even if the same user 
authenticates, radius will delete the previous entry from the radutmp. 
It only keeps the last logged in user.


By the way, radlast shows the previous users like if there were logged 
out, but they are indeed still logged in.


I've run tcpdump on the system and the radius server is NOT receiving 
any STOP accounting package from the NAS.


Gerardo Contreras wrote:

Hi.

I'm having some problems with radutmp.

I'm using an Aruba Mobility Controller which has radauth and radacct 
configured to this freeradius server. In fact, I've tried with 
freeradius both on centOS and ubuntu with same results.


When a user logs in, a corresponding entry is added to radutmp, and 
indeed, nobody can log in with this user account (if I activate 
Simultaneous-use). But if another users logs in, the entry for the 
previous user gets deleted from radutmp, and a new one is added for 
this new user. Then, a user with the account from the first user can 
log in indeed. In other words, only the last logged in user gets to 
the radutmp file.


On both boxes, using freeradius 2.1.0.

Any idea?







--
Gerardo Contreras
NetX
http://netx.com.mx/
T: +52 (614) 2010101 x 121
M: +52 (614) 2479727
Sin costo: 01800 GO2NETX

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with radutmp

What is the NAS-Port value?  I don't THINK radutmp can handle multiple 
sessions sharing a port.

-craig
- Original Message - 
From: Gerardo Contreras gcontre...@netx.com.mx

To: freeradius-users@lists.freeradius.org
Sent: Friday, October 09, 2009 1:00 PM
Subject: Problems with radutmp

Hi.

I'm having some problems with radutmp.

I'm using an Aruba Mobility Controller which has radauth and radacct 
configured to this freeradius server. In fact, I've tried with freeradius 
both on centOS and ubuntu with same results.

When a user logs in, a corresponding entry is added to radutmp, and 
indeed, nobody can log in with this user account (if I activate 
Simultaneous-use). But if another users logs in, the entry for the 
previous user gets deleted from radutmp, and a new one is added for this 
new user. Then, a user with the account from the first user can log in 
indeed. In other words, only the last logged in user gets to the radutmp 
file.

On both boxes, using freeradius 2.1.0.

Any idea?

--
Gerardo Contreras
NetX
http://netx.com.mx/
T: +52 (614) 2010101 x 121
M: +52 (614) 2479727
Sin costo: 01800 GO2NETX

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

__ Information from ESET Smart Security, version of virus 
signature database 4493 (20091009) __

The message was checked by ESET Smart Security.

http://www.eset.com

__ Information from ESET Smart Security, version of virus signature 
database 4493 (20091009) __

The message was checked by ESET Smart Security.

http://www.eset.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radiusExpiration attirbute declared in the LdapGroup

aangles wrote:
 Like this?
 
 DEFAULT guests-Ldap-Group == cn=wlanguests,ou=Groups,dc=CELLS,dc=ES,
 Expiration := 09 Oct 2009 17:00, Auth-Type = LDAPGUESTS

  No.

 Because with this radius says:
 
 /etc/raddb/users[65]: Parse error (check) for entry DEFAULT: Expected end of
 line or comma
 and i tried to add a comma at the end of the line but still it says the same
 alert.

  Read the comments at the top of the users file.

  Read the man page for the users file.

  Read the examples in the users file.

  There is no excuse for getting the format wrong.

  You have the LDAP-Group wrong.  It's a group name, not an LDAP query.

  You have the expiration attribute wrong.  You need to QUOTE the text,
and not put a random series of characters.

   Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

Alisson wrote:
 Hi, I have a dedicated server with freeradius 2.05
 
 i'm getting 2 errors
 
 Error: Discarding conflicting packet from client net port 25000 - ID: 100
 due to recent request 7343.
 
 There are no DB handles to use! skipped 0, tried to connect 0

  Your database is broken.  Fix it.

 I'm searching on the forums and a lot of people has this problem..

  They all have broken databases.

 I change sql_num_socks = 30
 I increase the max_connections=500
 I increase everything that what was possible
 
 but the problem still happens
 
 I see on the forums in alot of web sites and nobody has the solution

  Really?  This question has been asked and answered probably hundreds
of times on this list.  The answer is always the same:

  Fix the database.

  The database is either down, or it is not responding to queries.  No
amount of forum-shopping or poking at FreeRADIUS will fix the DB.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

ok.. but what I need to do on my DB?

Repair? Create another DB? alter some variable?

2009/10/9 Alan DeKok al...@deployingradius.com

 Alisson wrote:
  Hi, I have a dedicated server with freeradius 2.05
 
  i'm getting 2 errors
 
  Error: Discarding conflicting packet from client net port 25000 - ID: 100
  due to recent request 7343.
 
  There are no DB handles to use! skipped 0, tried to connect 0

   Your database is broken.  Fix it.

  I'm searching on the forums and a lot of people has this problem..

   They all have broken databases.

  I change sql_num_socks = 30
  I increase the max_connections=500
  I increase everything that what was possible
 
  but the problem still happens
 
  I see on the forums in alot of web sites and nobody has the solution

   Really?  This question has been asked and answered probably hundreds
 of times on this list.  The answer is always the same:

  Fix the database.

  The database is either down, or it is not responding to queries.  No
 amount of forum-shopping or poking at FreeRADIUS will fix the DB.

  Alan DeKok.
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




-- 
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

2009-10-09 Thread Roberto Greiner


http://forums.mysql.com/

Alisson wrote:

ok.. but what I need to do on my DB?

Repair? Create another DB? alter some variable?

2009/10/9 Alan DeKok al...@deployingradius.com 
mailto:al...@deployingradius.com


Alisson wrote:
 Hi, I have a dedicated server with freeradius 2.05

 i'm getting 2 errors

 Error: Discarding conflicting packet from client net port 25000
- ID: 100
 due to recent request 7343.

 There are no DB handles to use! skipped 0, tried to connect 0

 Your database is broken.  Fix it.

 I'm searching on the forums and a lot of people has this problem..

 They all have broken databases.

 I change sql_num_socks = 30
 I increase the max_connections=500
 I increase everything that what was possible

 but the problem still happens

 I see on the forums in alot of web sites and nobody has the solution

 Really?  This question has been asked and answered probably hundreds
of times on this list.  The answer is always the same:

 Fix the database.

 The database is either down, or it is not responding to queries.  No
amount of forum-shopping or poking at FreeRADIUS will fix the DB.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




--
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



--
 -
   Marcos Roberto Greiner

  Os otimistas acham que estamos no melhor dos mundos
   Os pessimistas tem medo de que isto seja verdade
 James Branch Cabell
 -

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

somebody have this same problem?

2009/10/9 Roberto Greiner mrgrei...@gmail.com

 http://forums.mysql.com/

 Alisson wrote:

 ok.. but what I need to do on my DB?

 Repair? Create another DB? alter some variable?

 2009/10/9 Alan DeKok al...@deployingradius.com mailto:
 al...@deployingradius.com


Alisson wrote:
 Hi, I have a dedicated server with freeradius 2.05

 i'm getting 2 errors

 Error: Discarding conflicting packet from client net port 25000
- ID: 100
 due to recent request 7343.

 There are no DB handles to use! skipped 0, tried to connect 0

 Your database is broken.  Fix it.

 I'm searching on the forums and a lot of people has this problem..

 They all have broken databases.

 I change sql_num_socks = 30
 I increase the max_connections=500
 I increase everything that what was possible

 but the problem still happens

 I see on the forums in alot of web sites and nobody has the solution

 Really?  This question has been asked and answered probably hundreds
of times on this list.  The answer is always the same:

 Fix the database.

 The database is either down, or it is not responding to queries.  No
amount of forum-shopping or poking at FreeRADIUS will fix the DB.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




 --
 Att.
 Alisson F. Gonçalves
 Sistemas de Informação - UFGD
 

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html



 --
  -
   Marcos Roberto Greiner

  Os otimistas acham que estamos no melhor dos mundos
   Os pessimistas tem medo de que isto seja verdade
 James Branch Cabell
  -


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




-- 
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

Alisson wrote:
 ok.. but what I need to do on my DB?
 
 Repair? Create another DB? alter some variable?

  Ask the people who wrote and support the DB.

  Asking DB questions on a RADIUS list isn't the best way to solve the
problem.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

Did you set up the database?

If not, check out /usr/local/etc/raddb/sql/mysql/admin.sql  (assuming you are 
intending to use mysql.)

Good luck,
-craig
  - Original Message - 
  From: Alisson 
  To: FreeRadius users mailing list 
  Sent: Friday, October 09, 2009 2:53 PM
  Subject: Re: errors There are no DB handles to use and Discarding conflicting 
packet from client

  somebody have this same problem?

  2009/10/9 Roberto Greiner mrgrei...@gmail.com

http://forums.mysql.com/

Alisson wrote:

  ok.. but what I need to do on my DB?

  Repair? Create another DB? alter some variable?

  2009/10/9 Alan DeKok al...@deployingradius.com 
mailto:al...@deployingradius.com

 Alisson wrote:
  Hi, I have a dedicated server with freeradius 2.05

  i'm getting 2 errors

  Error: Discarding conflicting packet from client net port 25000
 - ID: 100
  due to recent request 7343.

  There are no DB handles to use! skipped 0, tried to connect 0

  Your database is broken.  Fix it.

  I'm searching on the forums and a lot of people has this problem..

  They all have broken databases.

  I change sql_num_socks = 30
  I increase the max_connections=500
  I increase everything that what was possible

  but the problem still happens

  I see on the forums in alot of web sites and nobody has the solution

  Really?  This question has been asked and answered probably hundreds
 of times on this list.  The answer is always the same:

  Fix the database.

  The database is either down, or it is not responding to queries.  No
 amount of forum-shopping or poking at FreeRADIUS will fix the DB.

  Alan DeKok.
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

  -- 
  Att.
  Alisson F. Gonçalves
  Sistemas de Informação - UFGD

  -
  List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-- 
 -
  Marcos Roberto Greiner

 Os otimistas acham que estamos no melhor dos mundos
  Os pessimistas tem medo de que isto seja verdade
James Branch Cabell
 -

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

  -- 
  Att.
  Alisson F. Gonçalves
  Sistemas de Informação - UFGD

--

  -
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  __ Information from ESET Smart Security, version of virus signature 
database 4494 (20091009) __

  The message was checked by ESET Smart Security.

  http://www.eset.com

__ Information from ESET Smart Security, version of virus signature 
database 4494 (20091009) __

The message was checked by ESET Smart Security.

http://www.eset.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

but this problem is on radius or db?

2009/10/9 Alan DeKok al...@deployingradius.com

 Alisson wrote:
  ok.. but what I need to do on my DB?
 
  Repair? Create another DB? alter some variable?

   Ask the people who wrote and support the DB.

  Asking DB questions on a RADIUS list isn't the best way to solve the
 problem.

  Alan DeKok.
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




-- 
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

Also check out http://wiki.freeradius.org/SQL_HOWTO
  - Original Message - 
  From: Alisson 
  To: FreeRadius users mailing list 
  Sent: Friday, October 09, 2009 2:53 PM
  Subject: Re: errors There are no DB handles to use and Discarding conflicting 
packet from client

  somebody have this same problem?

  2009/10/9 Roberto Greiner mrgrei...@gmail.com

http://forums.mysql.com/

Alisson wrote:

  ok.. but what I need to do on my DB?

  Repair? Create another DB? alter some variable?

  2009/10/9 Alan DeKok al...@deployingradius.com 
mailto:al...@deployingradius.com

 Alisson wrote:
  Hi, I have a dedicated server with freeradius 2.05

  i'm getting 2 errors

  Error: Discarding conflicting packet from client net port 25000
 - ID: 100
  due to recent request 7343.

  There are no DB handles to use! skipped 0, tried to connect 0

  Your database is broken.  Fix it.

  I'm searching on the forums and a lot of people has this problem..

  They all have broken databases.

  I change sql_num_socks = 30
  I increase the max_connections=500
  I increase everything that what was possible

  but the problem still happens

  I see on the forums in alot of web sites and nobody has the solution

  Really?  This question has been asked and answered probably hundreds
 of times on this list.  The answer is always the same:

  Fix the database.

  The database is either down, or it is not responding to queries.  No
 amount of forum-shopping or poking at FreeRADIUS will fix the DB.

  Alan DeKok.
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

  -- 
  Att.
  Alisson F. Gonçalves
  Sistemas de Informação - UFGD

  -
  List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-- 
 -
  Marcos Roberto Greiner

 Os otimistas acham que estamos no melhor dos mundos
  Os pessimistas tem medo de que isto seja verdade
James Branch Cabell
 -

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

  -- 
  Att.
  Alisson F. Gonçalves
  Sistemas de Informação - UFGD

--

  -
  List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  __ Information from ESET Smart Security, version of virus signature 
database 4494 (20091009) __

  The message was checked by ESET Smart Security.

  http://www.eset.com

__ Information from ESET Smart Security, version of virus signature 
database 4494 (20091009) __

The message was checked by ESET Smart Security.

http://www.eset.com

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

the radius DB is working with user root

the Users are authenticanting, and everything is working

but

i have this 2 errors

and I tried do fix altering some variables from mysql and radius,

but still appearing the message



2009/10/9 Craig Campbell cr...@ccraft.ca

  Also check out http://wiki.freeradius.org/SQL_HOWTO

 - Original Message -
 *From:* Alisson alisson...@gmail.com
 *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org
 *Sent:* Friday, October 09, 2009 2:53 PM
 *Subject:* Re: errors There are no DB handles to use and Discarding
 conflicting packet from client

 somebody have this same problem?

 2009/10/9 Roberto Greiner mrgrei...@gmail.com

 http://forums.mysql.com/

 Alisson wrote:

 ok.. but what I need to do on my DB?

 Repair? Create another DB? alter some variable?

 2009/10/9 Alan DeKok al...@deployingradius.com mailto:
 al...@deployingradius.com


Alisson wrote:
 Hi, I have a dedicated server with freeradius 2.05

 i'm getting 2 errors

 Error: Discarding conflicting packet from client net port 25000
- ID: 100
 due to recent request 7343.

 There are no DB handles to use! skipped 0, tried to connect 0

 Your database is broken.  Fix it.

 I'm searching on the forums and a lot of people has this problem..

 They all have broken databases.

 I change sql_num_socks = 30
 I increase the max_connections=500
 I increase everything that what was possible

 but the problem still happens

 I see on the forums in alot of web sites and nobody has the solution

 Really?  This question has been asked and answered probably hundreds
of times on this list.  The answer is always the same:

 Fix the database.

 The database is either down, or it is not responding to queries.  No
amount of forum-shopping or poking at FreeRADIUS will fix the DB.

 Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




 --
 Att.
 Alisson F. Gonçalves
 Sistemas de Informação - UFGD
 

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html



 --
  -
   Marcos Roberto Greiner

  Os otimistas acham que estamos no melhor dos mundos
   Os pessimistas tem medo de que isto seja verdade
 James Branch Cabell
  -


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




 --
 Att.
 Alisson F. Gonçalves
 Sistemas de Informação - UFGD

 --

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 __ Information from ESET Smart Security, version of virus signature
 database 4494 (20091009) __

 The message was checked by ESET Smart Security.

 http://www.eset.com



 __ Information from ESET Smart Security, version of virus signature
 database 4494 (20091009) __

 The message was checked by ESET Smart Security.

 http://www.eset.com

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




-- 
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

 ok.. but what I need to do on my DB?

Is your database server/process running? Is database IP/port/user/password
correct in sql.conf? Is correct type of database selected? Is your
database configured to recieve queries from radius server (ie. not
localhost) if they are not on the same machine? Have you created radius
database? Does user configured in radius have permissions to run queries
on radius database? Is there a firewall stopping traffic? Do you see
radius handles connected to the database server when you start radius
server?

Should I go on?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

 but this problem is on radius or db?

 2009/10/9 Alan DeKok al...@deployingradius.com

 Alisson wrote:
  ok.. but what I need to do on my DB?
 
  Repair? Create another DB? alter some variable?

   Ask the people who wrote and support the DB.

  Asking DB questions on a RADIUS list isn't the best way to solve the
 problem.

  Alan DeKok.
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




 --
 Att.
 Alisson F. Gonçalves
 Sistemas de Informação - UFGD
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

 but this problem is on radius or db?

Database, network between radius and sql or incorrect data in sql.conf.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

 the radius DB is working with user root

 the Users are authenticanting, and everything is working

 but

 i have this 2 errors

 and I tried do fix altering some variables from mysql and radius,

 but still appearing the message

Do debug (radiusd -X) and see what causes the error. Maybe some queries
are failing.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

Hi,

Answering your questions

1) Is your database server/process running?
R: Yes

2) Is database IP/port/user/password  correct in sql.conf?
R:Yes

3) Is correct type of database selected?
R:Yes Radchecks=Innodb and the another tables are MyIsam

4) Is your  database configured to recieve queries from radius server (ie.
not
localhost) if they are not on the same machine?
R: Yes, the users are authenticanting. They are on the same machine.

5)Have you created radius database?
R: Yes, users are authenticant with the radius db

6) Does user configured in radius have permissions to run queries on radius
database?
R; yes, i'm using root

7) Is there a firewall stopping traffic?
R: I dont use

8) Do you see  radius handles connected to the database server when you
start radius
server?
R: Yes, I have 10 handles

thank you



2009/10/9 Ivan Kalik t...@kalik.net

  the radius DB is working with user root
 
  the Users are authenticanting, and everything is working
 
  but
 
  i have this 2 errors
 
  and I tried do fix altering some variables from mysql and radius,
 
  but still appearing the message

 Do debug (radiusd -X) and see what causes the error. Maybe some queries
 are failing.

 Ivan Kalik
 Kalik Informatika ISP

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html




-- 
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with radutmp

Gerardo Contreras wrote:
 
 I've been watching the log records from users sessions, and I noted that
 every access from the NAS comes from the same NAS-Port. Could it be the
 reason?

  Yes.

 If so, is there any way so radutmp registers all of the entries
 even if the nas port is the same?

  Use SQL.  Update the queries and schema to depend on something other
than NAS-Port.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: acct_postgresql+auth_ldap

José Johnny RANDRIAMAMPIONONA wrote:
 I d like to know if someone has already tried to do the accounting (only
 accounting) thing with postgres and authentication with OpenLdap? 

  Yes.  Configure SQL and LDPA.  Uncomment ldap in authorize 
authenticate.  Uncomment sql in accounting.

 There is nothing on wiki ...

  How about the comments in theconfig file?

 I am wondering if I have to write some scripts to
 save the user id, his connection duration ect ...in postgres database.

  Yes... see the sample queries and schema.  This *is* documented.

 I
 want to implement the following situation: I don't care what my
 ldap_server ll return when a user sends a access request packet, but I
 want to save the name, passwd, the connection duration(so at this time I
 initialize the connection time which will be incremented until the
 disconnection time ).

  I'm not sure what this means.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: over 30 radiusd processes

Craig Campbell wrote:
 radius-a seems to be getting the bulk of the radius records.  Normally,
 it has a single process.
 Last night it spawned a bunch of children that seem to be loitering... 

  Are you forking shell scripts via exec?

 radius-b and radius-c don't have more than a single radiusd process.
  
 Any idea what is going on?  Why all the children?  Do I need to be
 concerned?  Is this normal?

  It's not normal.  They're likely zombies that need to go away.  The
server normally cleans up any zombie children, but...

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy/Realm problem in 2.1.7

Palmer J.D.F. wrote:
 There are three servers in the auth and acct pools, but unless I comment
 two of them out (as below) I receive a 'Request Denied' message back in
 response to the first access-request packet that is proxied to one of
 the auth servers.

  ?  The only way that happens is if the proxy is using the wrong shared
secret.

 Is this a bug in 2.1.7, or is there a difference in configuration file
 format between the versions?  

  I've never tried that particular configuration.  I would suggest using
templates, instead.

  e.g. define a template, and then do:

home_server foo {
$template foo-template
secret = testing123
}

  All of the common configuration can go into the template.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problems with radutmp





https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00809.html

Oh! I see...

thanks.

Alan DeKok wrote:

  Gerardo Contreras wrote:
  
  
I've been watching the log records from users sessions, and I noted that
every access from the NAS comes from the same NAS-Port. Could it be the
reason?

  
  
  Yes.

  
  
If so, is there any way so radutmp registers all of the entries
even if the nas port is the same?

  
  
  Use SQL.  Update the queries and schema to depend on something other
than NAS-Port.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  



-- 
Gerardo Contreras
NetX
http://netx.com.mx/
T: +52 (614) 2010101 x 121
M: +52 (614) 2479727
Sin costo: 01800 GO2NETX


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

Alisson wrote:
 but this problem is on radius or db?

  What part of fix your database is hard to understand?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Proxy/Realm problem in 2.1.7

Alan Buxey wrote:
 there does seem to be an issue with 2.1.7 - I've had a couple
 of reports stating that the proxy doesnt seem to 'stick' to one
 remote proxy during EAP (eg with client-balance or client-ip-balance
 methods). not sure what has changed since 2.1.6 - but a rollback to 2.1.6
 with exactly the same configuration works

  2.1.7 is more aggressive about failing requests from one server to
another when a home server goes down.  See no_response_fail in proxy.conf.

  It's also more aggressive about *not* using zombie servers.  It treats
zombie servers as dead for new requests.  i.e. it will retransmit the
*same* request to a zombie server, but a *new* request will ignore the
zombie server.

  That change was really made for stability.  If a home server isn't
responding, we shouldn't really be sending it new packets.  Yes, this
might break EAP.  But if the home server isn't responding, it's not
doing EAP already, right?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Manage IPv6 pools using freeradius

Ram Akuka wrote:
 I want to manage my ipv6 users using ip_pool from FreeRadius. And I have
 few question regarding this.
 
 1.   how can I use ip_pool to allocate ipv6 address to a users?

  That isn't currently supported.

 2.   How can I assign ipv6 address to client based on the NAS he
 came from?(different prefix for different NAS).

$ man unlang

 3.   Is there any documentation regarding this (looked in FreeRadius
 wiki and can’t find anything useful).

  You'll need to update the IP pool module to handle this.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: over 30 radiusd processes

Yes, two(2) binaries and one (1) shell script are called via exec as follows 
from the file,


   - user (an authentication binary program - Exec-Program-Wait = 
/usr/local/sbin/auth -- %{User-Name} %{User-Password} 
%{%{Called-Station-Id}:-Missing} %{%{NAS-IP-Address}:-Missing} 
%{%{Calling-Station-Id}:-Missing} %{%{NAS-Port-Type}:-Missing} 
%{Vendor-Specific} ,)


   -acct_user (shell script - Exec-Program = 
%{exec:/usr/local/sbin/acctstop.sh}, )

and
   -attr_rewrite module (a hex translation binary -  replacewith = 
%{exec:/usr/local/sbin/hexconvert -lX %{User-Name} })


Is this bad?
Is there a better alternative?


Thanks so much!
-craig



- Original Message - 
From: Alan DeKok al...@deployingradius.com

To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Friday, October 09, 2009 4:17 PM
Subject: Re: over 30 radiusd processes



Craig Campbell wrote:

radius-a seems to be getting the bulk of the radius records.  Normally,
it has a single process.
Last night it spawned a bunch of children that seem to be loitering...


 Are you forking shell scripts via exec?


radius-b and radius-c don't have more than a single radiusd process.

Any idea what is going on?  Why all the children?  Do I need to be
concerned?  Is this normal?


 It's not normal.  They're likely zombies that need to go away.  The
server normally cleans up any zombie children, but...

 Alan DeKok.
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


__ Information from ESET Smart Security, version of virus 
signature database 4494 (20091009) __


The message was checked by ESET Smart Security.

http://www.eset.com






__ Information from ESET Smart Security, version of virus signature 
database 4494 (20091009) __

The message was checked by ESET Smart Security.

http://www.eset.com



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: errors There are no DB handles to use and Discarding conflicting packet from client

2009-10-09 Thread Marinko Tarlac


This is not database list but here what you can do:
- install sysbench and do some tests with your current settings
- tunning-primer.sh (http://www.day32.com/MySQL/tuning-primer.sh),
- mytop,
- mysqlreport (http://hackmysql.com/mysqlreport) and
- mysqltuner.pl (http://wiki.mysqltuner.com/MySQLTuner)

Tools I mentioned above will help you to track down the bottleneck you 
have with your database.


Of course, you have a task to find a problem and tell us about it :)

Best regards

Ivan Kalik wrote:

ok.. but what I need to do on my DB?



Is your database server/process running? Is database IP/port/user/password
correct in sql.conf? Is correct type of database selected? Is your
database configured to recieve queries from radius server (ie. not
localhost) if they are not on the same machine? Have you created radius
database? Does user configured in radius have permissions to run queries
on radius database? Is there a firewall stopping traffic? Do you see
radius handles connected to the database server when you start radius
server?

Should I go on?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

  


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: when to use exec / echo external script query

2009-10-09 Thread Marinko Tarlac


post-auth ?

c...@gateway.net.au wrote:


freeradius 1.1.3-1.1

freeradius mysql

Redhat Linux Fedora 6

 

I was looking for information on at what point i would fire an 
external script.


What i wish to do is once a client is authenticated and a framed-ip 
address allocated to fire an external script to push the IP address 
into my postfix access table and remove it on disconnect.


 


If anyone has suggestions and can advise on this please chime in.

 

 


Cory



__ Information from ESET NOD32 Antivirus, version of virus 
signature database 4491 (20091008) __


The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Enabling ldap causes freeradius server to not start up.

2009-10-09 Thread Jesper Klit Jensen


Freeradius: 2.1.6 OS: Open Suse 11.0 LDAP 2.4.9

Problem is when running radiusd in forground with logging:
Thread spawned new child 1. Total threads in pool: 1
Thread 1 waiting to be assigned a request
Thread pool initialized
radiusd:  Opening IP addresses and Ports 
listen {
   type = auth
   ipaddr = x.x.x.x
   port = 0
}
listen {
   type = acct
   ipaddr = x.x.x.x
   port = 0

No more after that. It will only startup if ldap is total disabled.
LDAP user account works.

Please help me with some hints for finding this problem.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: over 30 radiusd processes