Re: radiusExpiration attirbute declared in the LdapGroup
Hello, In which file i configure the Ldap-Group Expiration? thanks Ivan Kalik wrote: I would Like to know if there is a way to define an expiration time for all those users which belong to an LDAP Group, instead of defining this attribute for each of those users? if(Ldap-Group == some_group) { update control { Expiration := when } } Moreover, after expiration time , RADIUS send an access-reject to the user. Is there any tool or something that send a message to the wifi users in a windows form? You can configure the Reply-Message server sends with Access-Rejecy in raddb/modules/expoiration. No guarantee that it will be displayed to the user. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/radiusExpiration-attirbute-declared-in-the-LdapGroup-tp25803278p25816081.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusExpiration attirbute declared in the LdapGroup
Hi, aangles aav_1...@hotmail.com wrote: I would Like to know if there is a way to define an expiration time for all those users which belong to an LDAP Group, instead of defining this attribute for each of those users? Moreover, after expiration time , RADIUS send an access-reject to the user. Is there any tool or something that send a message to the wifi users in a windows form? I think you have two options, some LDAP xlat'ing after you have called your LDAP autz module based around 'control:Ldap-UserDn' or alternatively (and probably better) is just to use some unlang to say: if (LDAP-Group == blah) { update control { Expiration := wibble } } Then called the 'expiration' module after that. Cheers -- Alexander Clouter .sigmonster says: Life is the urge to ecstasy. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: when to use exec / echo external script query
Hi, c...@gateway.net.au wrote: freeradius 1.1.3-1.1 freeradius mysql Redhat Linux Fedora 6 A fine vintage... :-/ I was looking for information on at what point i would fire an external script. What i wish to do is once a client is authenticated and a framed-ip address allocated to fire an external script to push the IP address into my postfix access table and remove it on disconnect. If anyone has suggestions and can advise on this please chime in. Do things properly, looking at using the accounting side of RADIUS and on RADIUS start use the existing infrastructure that natively can fire off SQL statements...and then on Accounting Stop packets it can run a clean-up SQL statement. Unsurprisingly, this is all detailed in the documentation :-/ Cheers -- Alexander Clouter .sigmonster says: You need more time; and you probably always will. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Adding vendor specific attributes to dictionary
Hi all :) Hope someone can point me in the right direction once again! freeradius v 2.1.3 I am attempting to add vendor specific attributes to my dictionary without success :( I was given the following information to add: Class Number Attribute Value Type VENDORATTR 12345 Vendor-Attribute-A 1 string VENDORATTR 12345 Vendor-Attribute-A 2 string Now since VENDORATTR is not a freeradius dictionary format I assume this comes from a different RADIUS server, which I need to now implement in my freeradius dicitonary. I have had a look at the dictionary man page, and see that one can use ATTRIBUTE for this, but since the Number is the same for both attributes I would assume that I need to define a vendor specific attribute encapsulation so that I can list multiple attributes for this vendor, but this does not seem to be working for me - This is what I have done: File dictionary: $INCLUDE/usr/share/freeradius/dictionary $INCLUDE/etc/raddb/dictionary.myvendor File dictionary.myvendor: - VENDOR MyVendor 12345 BEGIN-VENDOR MyVendor ATTRIBUTE Vendor-Attribute-A 1 string ATTRIBUTE Vendor-Attribute-B 2 string END-VENDOR MyVendor When I attempt to start my freeradius server with this dictionary file all I get is the following message to std out: Errors reading dictionary: dict_init: /etc/raddb/dictionary.myvendor[1]: dict_init: /etc/raddb/dictionary.myvendor[1]: dict_init: /etc/ Thats it - even in debug mode no other message is printed. Any pointers would as always be very much appreciated :) Many thanks and have a great Friday, Patric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
acct_postgresql+auth_ldap
Hi all, I d like to know if someone has already tried to do the accounting (only accounting) thing with postgres and authentication with OpenLdap? There is nothing on wiki ... I am wondering if I have to write some scripts to save the user id, his connection duration ect ...in postgres database.I want to implement the following situation: I don't care what my ldap_server ll return when a user sends a access request packet, but I want to save the name, passwd, the connection duration(so at this time I initialize the connection time which will be incremented until the disconnection time ). Your opinions will be very useful for me. -- JJohnny R Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct_postgresql+auth_ldap
10/09/2009 01:58 PM, José Johnny RANDRIAMAMPIONONA:: Hi all, I d like to know if someone has already tried to do the accounting (only accounting) thing with postgres and authentication with OpenLdap? I am going to try that. Not yet, but I will. and I think it's globally about: auth { ldap } accouting { sql } Authenticating and Accounting are independant. For example, using radclient, I can directly account without auth-ing. It's up to the NAS (RADIUS client) to send the User-Name to the RADIUS when Start/Stopping accounting, so that you _always_ know what User-Name is concerned by the accounting packet. PS: that is just my understanding of the thing, I really expect people to kindly correct if I am wrong. -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche Developpement +261 34 29 155 34 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct_postgresql+auth_ldap
I am wondering if I have to write some scripts to save the user id, his connection duration ect ...in postgres database. No. Just configure postgre in sql.conf and uncoment sql entries in radiusd.conf and accounting section of default virtual server. Schema for the database is provided. I want to implement the following situation: I don't care what my ldap_server ll return when a user sends a access request packet, but I want to save the name, passwd, That goes into radacct by default. the connection duration(so at this time I initialize the connection time which will be incremented until the disconnection time ). For that you will need to enable accounting updates on your NAS. If your NAS supports Acct-Interim-Interval you can send it in the Access-Accept. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusExpiration attirbute declared in the LdapGroup
I'm sorry man, i am new with this. Exactly in which file I configure ,and in which section of that file: radiusd.conf, or expiration module, or ldap module, users file? Because I know that in the users file radius can check ittems stored in the LDAP, only in a per user basis. But i would like to do that in a per ldap group basis. if (LDAP-Group == blah) { update control { Expiration := wibble } } in which file do I confiugre Alexander Clouter wrote: Hi, aangles aav_1...@hotmail.com wrote: I would Like to know if there is a way to define an expiration time for all those users which belong to an LDAP Group, instead of defining this attribute for each of those users? Moreover, after expiration time , RADIUS send an access-reject to the user. Is there any tool or something that send a message to the wifi users in a windows form? I think you have two options, some LDAP xlat'ing after you have called your LDAP autz module based around 'control:Ldap-UserDn' or alternatively (and probably better) is just to use some unlang to say: if (LDAP-Group == blah) { update control { Expiration := wibble } } Then called the 'expiration' module after that. Cheers -- Alexander Clouter .sigmonster says: Life is the urge to ecstasy. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/radiusExpiration-attirbute-declared-in-the-LdapGroup-tp25803278p25820411.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusExpiration attirbute declared in the LdapGroup
I'm sorry man, i am new with this. Exactly in which file I configure ,and in which section of that file: radiusd.conf, or expiration module, or ldap module, users file? None of the above. In authorize section of default or inner-tunnel virtual server depending on the protocol used. Because I know that in the users file radius can check ittems stored in the LDAP, only in a per user basis. But i would like to do that in a per ldap group basis. If you like users file that much you can also put it there as DEFAULT entry: DEFAULT Ldap-Group == some_group, Expiration := when Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding vendor specific attributes to dictionary
I am attempting to add vendor specific attributes to my dictionary without success :( I was given the following information to add: Class Number Attribute Value Type VENDORATTR 12345 Vendor-Attribute-A 1 string VENDORATTR 12345 Vendor-Attribute-A 2 string Now since VENDORATTR is not a freeradius dictionary format I assume this comes from a different RADIUS server, which I need to now implement in my freeradius dicitonary. I have had a look at the dictionary man page, and see that one can use ATTRIBUTE for this, but since the Number is the same for both attributes I would assume that I need to define a vendor specific attribute encapsulation so that I can list multiple attributes for this vendor, but this does not seem to be working for me - This is what I have done: File dictionary: $INCLUDE/usr/share/freeradius/dictionary $INCLUDE/etc/raddb/dictionary.myvendor File dictionary.myvendor: - VENDOR MyVendor 12345 BEGIN-VENDOR MyVendor ATTRIBUTE Vendor-Attribute-A 1 string ATTRIBUTE Vendor-Attribute-B 2 string END-VENDOR MyVendor That looks OK. When I attempt to start my freeradius server with this dictionary file all I get is the following message to std out: Errors reading dictionary: dict_init: /etc/raddb/dictionary.myvendor[1]: dict_init: /etc/raddb/dictionary.myvendor[1]: dict_init: /etc/ Check stuff like permissions on the file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct_postgresql+auth_ldap
Thank u guys! 2009/10/9 Ivan Kalik t...@kalik.net I am wondering if I have to write some scripts to save the user id, his connection duration ect ...in postgres database. No. Just configure postgre in sql.conf and uncoment sql entries in radiusd.conf and accounting section of default virtual server. Schema for the database is provided. I want to implement the following situation: I don't care what my ldap_server ll return when a user sends a access request packet, but I want to save the name, passwd, That goes into radacct by default. the connection duration(so at this time I initialize the connection time which will be incremented until the disconnection time ). For that you will need to enable accounting updates on your NAS. If your NAS supports Acct-Interim-Interval you can send it in the Access-Accept. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding vendor specific attributes to dictionary
Ivan Kalik wrote: ... File dictionary.myvendor: - VENDOR MyVendor 12345 BEGIN-VENDOR MyVendor ATTRIBUTE Vendor-Attribute-A 1 string ATTRIBUTE Vendor-Attribute-B 2 string END-VENDOR MyVendor That looks OK. As always thank you for your reply Ivan :) I have narrowed the problem down to the number field. The actual number I have been given to use is 32768, and the problem seems to be the fact that the number is 5 digits long. If I make the number 4 digits long my server starts up without complaint. Any suggestions? Many thanks, Patric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding vendor specific attributes to dictionary
Patric wrote: I have narrowed the problem down to the number field. The actual number I have been given to use is 32768, Install 2.1.7. See doc/ChangeLog Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding vendor specific attributes to dictionary
File dictionary.myvendor: - VENDOR MyVendor 12345 BEGIN-VENDOR MyVendor ATTRIBUTE Vendor-Attribute-A 1 string ATTRIBUTE Vendor-Attribute-B 2 string END-VENDOR MyVendor That looks OK. I have narrowed the problem down to the number field. The actual number I have been given to use is 32768, and the problem seems to be the fact that the number is 5 digits long. If I make the number 4 digits long my server starts up without complaint. Any suggestions? Vendor number must be smaller than 32K. 32766 is max. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding vendor specific attributes to dictionary
Alan DeKok wrote: Patric wrote: I have narrowed the problem down to the number field. The actual number I have been given to use is 32768, Install 2.1.7. See doc/ChangeLog Aaah, 2.1.7 Changelog: * Allowed vendor IDs to be be higher than 32767. Fantastic, upgrading now, thank you once again Alan Ivan :) Have a great weekend, Patric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
errors There are no DB handles to use and Discarding conflicting packet from client
Hi, I have a dedicated server with freeradius 2.05 i'm getting 2 errors Error: Discarding conflicting packet from client net port 25000 - ID: 100 due to recent request 7343. There are no DB handles to use! skipped 0, tried to connect 0 I'm searching on the forums and a lot of people has this problem.. I change sql_num_socks = 30 I increase the max_connections=500 I increase everything that what was possible but the problem still happens I see on the forums in alot of web sites and nobody has the solution somebody can help? -- View this message in context: http://www.nabble.com/errors-There-are-no-DB-handles-to-use-and-Discarding-conflicting-packet-from-client-tp25823175p25823175.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusExpiration attirbute declared in the LdapGroup
Like this? DEFAULT guests-Ldap-Group == cn=wlanguests,ou=Groups,dc=CELLS,dc=ES, Expiration := 09 Oct 2009 17:00, Auth-Type = LDAPGUESTS Because with this radius says: /etc/raddb/users[65]: Parse error (check) for entry DEFAULT: Expected end of line or comma and i tried to add a comma at the end of the line but still it says the same alert. Ivan Kalik wrote: I'm sorry man, i am new with this. Exactly in which file I configure ,and in which section of that file: radiusd.conf, or expiration module, or ldap module, users file? None of the above. In authorize section of default or inner-tunnel virtual server depending on the protocol used. Because I know that in the users file radius can check ittems stored in the LDAP, only in a per user basis. But i would like to do that in a per ldap group basis. If you like users file that much you can also put it there as DEFAULT entry: DEFAULT Ldap-Group == some_group, Expiration := when Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/radiusExpiration-attirbute-declared-in-the-LdapGroup-tp25803278p25823181.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with radutmp
Hi. I'm having some problems with radutmp. I'm using an Aruba Mobility Controller which has radauth and radacct configured to this freeradius server. In fact, I've tried with freeradius both on centOS and ubuntu with same results. When a user logs in, a corresponding entry is added to radutmp, and indeed, nobody can log in with this user account (if I activate Simultaneous-use). But if another users logs in, the entry for the previous user gets deleted from radutmp, and a new one is added for this new user. Then, a user with the account from the first user can log in indeed. In other words, only the last logged in user gets to the radutmp file. On both boxes, using freeradius 2.1.0. Any idea? -- Gerardo Contreras NetX http://netx.com.mx/ T: +52 (614) 2010101 x 121 M: +52 (614) 2479727 Sin costo: 01800 GO2NETX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with radutmp
It even happens without using Simultaneous-use. Even if the same user authenticates, radius will delete the previous entry from the radutmp. It only keeps the last logged in user. By the way, radlast shows the previous users like if there were logged out, but they are indeed still logged in. I've run tcpdump on the system and the radius server is NOT receiving any STOP accounting package from the NAS. Gerardo Contreras wrote: Hi. I'm having some problems with radutmp. I'm using an Aruba Mobility Controller which has radauth and radacct configured to this freeradius server. In fact, I've tried with freeradius both on centOS and ubuntu with same results. When a user logs in, a corresponding entry is added to radutmp, and indeed, nobody can log in with this user account (if I activate Simultaneous-use). But if another users logs in, the entry for the previous user gets deleted from radutmp, and a new one is added for this new user. Then, a user with the account from the first user can log in indeed. In other words, only the last logged in user gets to the radutmp file. On both boxes, using freeradius 2.1.0. Any idea? -- Gerardo Contreras NetX http://netx.com.mx/ T: +52 (614) 2010101 x 121 M: +52 (614) 2479727 Sin costo: 01800 GO2NETX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with radutmp
I've been watching the log records from users sessions, and I noted that every access from the NAS comes from the same NAS-Port. Could it be the reason? If so, is there any way so radutmp registers all of the entries even if the nas port is the same? Gerardo Contreras wrote: It even happens without using Simultaneous-use. Even if the same user authenticates, radius will delete the previous entry from the radutmp. It only keeps the last logged in user. By the way, radlast shows the previous users like if there were logged out, but they are indeed still logged in. I've run tcpdump on the system and the radius server is NOT receiving any STOP accounting package from the NAS. Gerardo Contreras wrote: Hi. I'm having some problems with radutmp. I'm using an Aruba Mobility Controller which has radauth and radacct configured to this freeradius server. In fact, I've tried with freeradius both on centOS and ubuntu with same results. When a user logs in, a corresponding entry is added to radutmp, and indeed, nobody can log in with this user account (if I activate Simultaneous-use). But if another users logs in, the entry for the previous user gets deleted from radutmp, and a new one is added for this new user. Then, a user with the account from the first user can log in indeed. In other words, only the last logged in user gets to the radutmp file. On both boxes, using freeradius 2.1.0. Any idea? -- Gerardo Contreras NetX http://netx.com.mx/ T: +52 (614) 2010101 x 121 M: +52 (614) 2479727 Sin costo: 01800 GO2NETX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with radutmp
What is the NAS-Port value? I don't THINK radutmp can handle multiple sessions sharing a port. -craig - Original Message - From: Gerardo Contreras gcontre...@netx.com.mx To: freeradius-users@lists.freeradius.org Sent: Friday, October 09, 2009 1:00 PM Subject: Problems with radutmp Hi. I'm having some problems with radutmp. I'm using an Aruba Mobility Controller which has radauth and radacct configured to this freeradius server. In fact, I've tried with freeradius both on centOS and ubuntu with same results. When a user logs in, a corresponding entry is added to radutmp, and indeed, nobody can log in with this user account (if I activate Simultaneous-use). But if another users logs in, the entry for the previous user gets deleted from radutmp, and a new one is added for this new user. Then, a user with the account from the first user can log in indeed. In other words, only the last logged in user gets to the radutmp file. On both boxes, using freeradius 2.1.0. Any idea? -- Gerardo Contreras NetX http://netx.com.mx/ T: +52 (614) 2010101 x 121 M: +52 (614) 2479727 Sin costo: 01800 GO2NETX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET Smart Security, version of virus signature database 4493 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4493 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusExpiration attirbute declared in the LdapGroup
aangles wrote: Like this? DEFAULT guests-Ldap-Group == cn=wlanguests,ou=Groups,dc=CELLS,dc=ES, Expiration := 09 Oct 2009 17:00, Auth-Type = LDAPGUESTS No. Because with this radius says: /etc/raddb/users[65]: Parse error (check) for entry DEFAULT: Expected end of line or comma and i tried to add a comma at the end of the line but still it says the same alert. Read the comments at the top of the users file. Read the man page for the users file. Read the examples in the users file. There is no excuse for getting the format wrong. You have the LDAP-Group wrong. It's a group name, not an LDAP query. You have the expiration attribute wrong. You need to QUOTE the text, and not put a random series of characters. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
Alisson wrote: Hi, I have a dedicated server with freeradius 2.05 i'm getting 2 errors Error: Discarding conflicting packet from client net port 25000 - ID: 100 due to recent request 7343. There are no DB handles to use! skipped 0, tried to connect 0 Your database is broken. Fix it. I'm searching on the forums and a lot of people has this problem.. They all have broken databases. I change sql_num_socks = 30 I increase the max_connections=500 I increase everything that what was possible but the problem still happens I see on the forums in alot of web sites and nobody has the solution Really? This question has been asked and answered probably hundreds of times on this list. The answer is always the same: Fix the database. The database is either down, or it is not responding to queries. No amount of forum-shopping or poking at FreeRADIUS will fix the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? 2009/10/9 Alan DeKok al...@deployingradius.com Alisson wrote: Hi, I have a dedicated server with freeradius 2.05 i'm getting 2 errors Error: Discarding conflicting packet from client net port 25000 - ID: 100 due to recent request 7343. There are no DB handles to use! skipped 0, tried to connect 0 Your database is broken. Fix it. I'm searching on the forums and a lot of people has this problem.. They all have broken databases. I change sql_num_socks = 30 I increase the max_connections=500 I increase everything that what was possible but the problem still happens I see on the forums in alot of web sites and nobody has the solution Really? This question has been asked and answered probably hundreds of times on this list. The answer is always the same: Fix the database. The database is either down, or it is not responding to queries. No amount of forum-shopping or poking at FreeRADIUS will fix the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
http://forums.mysql.com/ Alisson wrote: ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? 2009/10/9 Alan DeKok al...@deployingradius.com mailto:al...@deployingradius.com Alisson wrote: Hi, I have a dedicated server with freeradius 2.05 i'm getting 2 errors Error: Discarding conflicting packet from client net port 25000 - ID: 100 due to recent request 7343. There are no DB handles to use! skipped 0, tried to connect 0 Your database is broken. Fix it. I'm searching on the forums and a lot of people has this problem.. They all have broken databases. I change sql_num_socks = 30 I increase the max_connections=500 I increase everything that what was possible but the problem still happens I see on the forums in alot of web sites and nobody has the solution Really? This question has been asked and answered probably hundreds of times on this list. The answer is always the same: Fix the database. The database is either down, or it is not responding to queries. No amount of forum-shopping or poking at FreeRADIUS will fix the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade James Branch Cabell - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
somebody have this same problem? 2009/10/9 Roberto Greiner mrgrei...@gmail.com http://forums.mysql.com/ Alisson wrote: ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? 2009/10/9 Alan DeKok al...@deployingradius.com mailto: al...@deployingradius.com Alisson wrote: Hi, I have a dedicated server with freeradius 2.05 i'm getting 2 errors Error: Discarding conflicting packet from client net port 25000 - ID: 100 due to recent request 7343. There are no DB handles to use! skipped 0, tried to connect 0 Your database is broken. Fix it. I'm searching on the forums and a lot of people has this problem.. They all have broken databases. I change sql_num_socks = 30 I increase the max_connections=500 I increase everything that what was possible but the problem still happens I see on the forums in alot of web sites and nobody has the solution Really? This question has been asked and answered probably hundreds of times on this list. The answer is always the same: Fix the database. The database is either down, or it is not responding to queries. No amount of forum-shopping or poking at FreeRADIUS will fix the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade James Branch Cabell - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
Alisson wrote: ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? Ask the people who wrote and support the DB. Asking DB questions on a RADIUS list isn't the best way to solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
Did you set up the database? If not, check out /usr/local/etc/raddb/sql/mysql/admin.sql (assuming you are intending to use mysql.) Good luck, -craig - Original Message - From: Alisson To: FreeRadius users mailing list Sent: Friday, October 09, 2009 2:53 PM Subject: Re: errors There are no DB handles to use and Discarding conflicting packet from client somebody have this same problem? 2009/10/9 Roberto Greiner mrgrei...@gmail.com http://forums.mysql.com/ Alisson wrote: ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? 2009/10/9 Alan DeKok al...@deployingradius.com mailto:al...@deployingradius.com Alisson wrote: Hi, I have a dedicated server with freeradius 2.05 i'm getting 2 errors Error: Discarding conflicting packet from client net port 25000 - ID: 100 due to recent request 7343. There are no DB handles to use! skipped 0, tried to connect 0 Your database is broken. Fix it. I'm searching on the forums and a lot of people has this problem.. They all have broken databases. I change sql_num_socks = 30 I increase the max_connections=500 I increase everything that what was possible but the problem still happens I see on the forums in alot of web sites and nobody has the solution Really? This question has been asked and answered probably hundreds of times on this list. The answer is always the same: Fix the database. The database is either down, or it is not responding to queries. No amount of forum-shopping or poking at FreeRADIUS will fix the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade James Branch Cabell - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
but this problem is on radius or db? 2009/10/9 Alan DeKok al...@deployingradius.com Alisson wrote: ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? Ask the people who wrote and support the DB. Asking DB questions on a RADIUS list isn't the best way to solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
Also check out http://wiki.freeradius.org/SQL_HOWTO - Original Message - From: Alisson To: FreeRadius users mailing list Sent: Friday, October 09, 2009 2:53 PM Subject: Re: errors There are no DB handles to use and Discarding conflicting packet from client somebody have this same problem? 2009/10/9 Roberto Greiner mrgrei...@gmail.com http://forums.mysql.com/ Alisson wrote: ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? 2009/10/9 Alan DeKok al...@deployingradius.com mailto:al...@deployingradius.com Alisson wrote: Hi, I have a dedicated server with freeradius 2.05 i'm getting 2 errors Error: Discarding conflicting packet from client net port 25000 - ID: 100 due to recent request 7343. There are no DB handles to use! skipped 0, tried to connect 0 Your database is broken. Fix it. I'm searching on the forums and a lot of people has this problem.. They all have broken databases. I change sql_num_socks = 30 I increase the max_connections=500 I increase everything that what was possible but the problem still happens I see on the forums in alot of web sites and nobody has the solution Really? This question has been asked and answered probably hundreds of times on this list. The answer is always the same: Fix the database. The database is either down, or it is not responding to queries. No amount of forum-shopping or poking at FreeRADIUS will fix the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade James Branch Cabell - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
the radius DB is working with user root the Users are authenticanting, and everything is working but i have this 2 errors and I tried do fix altering some variables from mysql and radius, but still appearing the message 2009/10/9 Craig Campbell cr...@ccraft.ca Also check out http://wiki.freeradius.org/SQL_HOWTO - Original Message - *From:* Alisson alisson...@gmail.com *To:* FreeRadius users mailing listfreeradius-users@lists.freeradius.org *Sent:* Friday, October 09, 2009 2:53 PM *Subject:* Re: errors There are no DB handles to use and Discarding conflicting packet from client somebody have this same problem? 2009/10/9 Roberto Greiner mrgrei...@gmail.com http://forums.mysql.com/ Alisson wrote: ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? 2009/10/9 Alan DeKok al...@deployingradius.com mailto: al...@deployingradius.com Alisson wrote: Hi, I have a dedicated server with freeradius 2.05 i'm getting 2 errors Error: Discarding conflicting packet from client net port 25000 - ID: 100 due to recent request 7343. There are no DB handles to use! skipped 0, tried to connect 0 Your database is broken. Fix it. I'm searching on the forums and a lot of people has this problem.. They all have broken databases. I change sql_num_socks = 30 I increase the max_connections=500 I increase everything that what was possible but the problem still happens I see on the forums in alot of web sites and nobody has the solution Really? This question has been asked and answered probably hundreds of times on this list. The answer is always the same: Fix the database. The database is either down, or it is not responding to queries. No amount of forum-shopping or poking at FreeRADIUS will fix the DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade James Branch Cabell - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
ok.. but what I need to do on my DB? Is your database server/process running? Is database IP/port/user/password correct in sql.conf? Is correct type of database selected? Is your database configured to recieve queries from radius server (ie. not localhost) if they are not on the same machine? Have you created radius database? Does user configured in radius have permissions to run queries on radius database? Is there a firewall stopping traffic? Do you see radius handles connected to the database server when you start radius server? Should I go on? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
but this problem is on radius or db? 2009/10/9 Alan DeKok al...@deployingradius.com Alisson wrote: ok.. but what I need to do on my DB? Repair? Create another DB? alter some variable? Ask the people who wrote and support the DB. Asking DB questions on a RADIUS list isn't the best way to solve the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
but this problem is on radius or db? Database, network between radius and sql or incorrect data in sql.conf. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
the radius DB is working with user root the Users are authenticanting, and everything is working but i have this 2 errors and I tried do fix altering some variables from mysql and radius, but still appearing the message Do debug (radiusd -X) and see what causes the error. Maybe some queries are failing. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
Hi, Answering your questions 1) Is your database server/process running? R: Yes 2) Is database IP/port/user/password correct in sql.conf? R:Yes 3) Is correct type of database selected? R:Yes Radchecks=Innodb and the another tables are MyIsam 4) Is your database configured to recieve queries from radius server (ie. not localhost) if they are not on the same machine? R: Yes, the users are authenticanting. They are on the same machine. 5)Have you created radius database? R: Yes, users are authenticant with the radius db 6) Does user configured in radius have permissions to run queries on radius database? R; yes, i'm using root 7) Is there a firewall stopping traffic? R: I dont use 8) Do you see radius handles connected to the database server when you start radius server? R: Yes, I have 10 handles thank you 2009/10/9 Ivan Kalik t...@kalik.net the radius DB is working with user root the Users are authenticanting, and everything is working but i have this 2 errors and I tried do fix altering some variables from mysql and radius, but still appearing the message Do debug (radiusd -X) and see what causes the error. Maybe some queries are failing. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att. Alisson F. Gonçalves Sistemas de Informação - UFGD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with radutmp
Gerardo Contreras wrote: I've been watching the log records from users sessions, and I noted that every access from the NAS comes from the same NAS-Port. Could it be the reason? Yes. If so, is there any way so radutmp registers all of the entries even if the nas port is the same? Use SQL. Update the queries and schema to depend on something other than NAS-Port. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: acct_postgresql+auth_ldap
José Johnny RANDRIAMAMPIONONA wrote: I d like to know if someone has already tried to do the accounting (only accounting) thing with postgres and authentication with OpenLdap? Yes. Configure SQL and LDPA. Uncomment ldap in authorize authenticate. Uncomment sql in accounting. There is nothing on wiki ... How about the comments in theconfig file? I am wondering if I have to write some scripts to save the user id, his connection duration ect ...in postgres database. Yes... see the sample queries and schema. This *is* documented. I want to implement the following situation: I don't care what my ldap_server ll return when a user sends a access request packet, but I want to save the name, passwd, the connection duration(so at this time I initialize the connection time which will be incremented until the disconnection time ). I'm not sure what this means. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: over 30 radiusd processes
Craig Campbell wrote: radius-a seems to be getting the bulk of the radius records. Normally, it has a single process. Last night it spawned a bunch of children that seem to be loitering... Are you forking shell scripts via exec? radius-b and radius-c don't have more than a single radiusd process. Any idea what is going on? Why all the children? Do I need to be concerned? Is this normal? It's not normal. They're likely zombies that need to go away. The server normally cleans up any zombie children, but... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy/Realm problem in 2.1.7
Palmer J.D.F. wrote: There are three servers in the auth and acct pools, but unless I comment two of them out (as below) I receive a 'Request Denied' message back in response to the first access-request packet that is proxied to one of the auth servers. ? The only way that happens is if the proxy is using the wrong shared secret. Is this a bug in 2.1.7, or is there a difference in configuration file format between the versions? I've never tried that particular configuration. I would suggest using templates, instead. e.g. define a template, and then do: home_server foo { $template foo-template secret = testing123 } All of the common configuration can go into the template. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with radutmp
https://lists.freeradius.org/pipermail/freeradius-users/2009-September/msg00809.html Oh! I see... thanks. Alan DeKok wrote: Gerardo Contreras wrote: I've been watching the log records from users sessions, and I noted that every access from the NAS comes from the same NAS-Port. Could it be the reason? Yes. If so, is there any way so radutmp registers all of the entries even if the nas port is the same? Use SQL. Update the queries and schema to depend on something other than NAS-Port. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gerardo Contreras NetX http://netx.com.mx/ T: +52 (614) 2010101 x 121 M: +52 (614) 2479727 Sin costo: 01800 GO2NETX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
Alisson wrote: but this problem is on radius or db? What part of fix your database is hard to understand? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy/Realm problem in 2.1.7
Alan Buxey wrote: there does seem to be an issue with 2.1.7 - I've had a couple of reports stating that the proxy doesnt seem to 'stick' to one remote proxy during EAP (eg with client-balance or client-ip-balance methods). not sure what has changed since 2.1.6 - but a rollback to 2.1.6 with exactly the same configuration works 2.1.7 is more aggressive about failing requests from one server to another when a home server goes down. See no_response_fail in proxy.conf. It's also more aggressive about *not* using zombie servers. It treats zombie servers as dead for new requests. i.e. it will retransmit the *same* request to a zombie server, but a *new* request will ignore the zombie server. That change was really made for stability. If a home server isn't responding, we shouldn't really be sending it new packets. Yes, this might break EAP. But if the home server isn't responding, it's not doing EAP already, right? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Manage IPv6 pools using freeradius
Ram Akuka wrote: I want to manage my ipv6 users using ip_pool from FreeRadius. And I have few question regarding this. 1. how can I use ip_pool to allocate ipv6 address to a users? That isn't currently supported. 2. How can I assign ipv6 address to client based on the NAS he came from?(different prefix for different NAS). $ man unlang 3. Is there any documentation regarding this (looked in FreeRadius wiki and can’t find anything useful). You'll need to update the IP pool module to handle this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: over 30 radiusd processes
Yes, two(2) binaries and one (1) shell script are called via exec as follows from the file, - user (an authentication binary program - Exec-Program-Wait = /usr/local/sbin/auth -- %{User-Name} %{User-Password} %{%{Called-Station-Id}:-Missing} %{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing} %{%{NAS-Port-Type}:-Missing} %{Vendor-Specific} ,) -acct_user (shell script - Exec-Program = %{exec:/usr/local/sbin/acctstop.sh}, ) and -attr_rewrite module (a hex translation binary - replacewith = %{exec:/usr/local/sbin/hexconvert -lX %{User-Name} }) Is this bad? Is there a better alternative? Thanks so much! -craig - Original Message - From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Friday, October 09, 2009 4:17 PM Subject: Re: over 30 radiusd processes Craig Campbell wrote: radius-a seems to be getting the bulk of the radius records. Normally, it has a single process. Last night it spawned a bunch of children that seem to be loitering... Are you forking shell scripts via exec? radius-b and radius-c don't have more than a single radiusd process. Any idea what is going on? Why all the children? Do I need to be concerned? Is this normal? It's not normal. They're likely zombies that need to go away. The server normally cleans up any zombie children, but... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: errors There are no DB handles to use and Discarding conflicting packet from client
This is not database list but here what you can do: - install sysbench and do some tests with your current settings - tunning-primer.sh (http://www.day32.com/MySQL/tuning-primer.sh), - mytop, - mysqlreport (http://hackmysql.com/mysqlreport) and - mysqltuner.pl (http://wiki.mysqltuner.com/MySQLTuner) Tools I mentioned above will help you to track down the bottleneck you have with your database. Of course, you have a task to find a problem and tell us about it :) Best regards Ivan Kalik wrote: ok.. but what I need to do on my DB? Is your database server/process running? Is database IP/port/user/password correct in sql.conf? Is correct type of database selected? Is your database configured to recieve queries from radius server (ie. not localhost) if they are not on the same machine? Have you created radius database? Does user configured in radius have permissions to run queries on radius database? Is there a firewall stopping traffic? Do you see radius handles connected to the database server when you start radius server? Should I go on? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: when to use exec / echo external script query
post-auth ? c...@gateway.net.au wrote: freeradius 1.1.3-1.1 freeradius mysql Redhat Linux Fedora 6 I was looking for information on at what point i would fire an external script. What i wish to do is once a client is authenticated and a framed-ip address allocated to fire an external script to push the IP address into my postfix access table and remove it on disconnect. If anyone has suggestions and can advise on this please chime in. Cory __ Information from ESET NOD32 Antivirus, version of virus signature database 4491 (20091008) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Enabling ldap causes freeradius server to not start up.
Freeradius: 2.1.6 OS: Open Suse 11.0 LDAP 2.4.9 Problem is when running radiusd in forground with logging: Thread spawned new child 1. Total threads in pool: 1 Thread 1 waiting to be assigned a request Thread pool initialized radiusd: Opening IP addresses and Ports listen { type = auth ipaddr = x.x.x.x port = 0 } listen { type = acct ipaddr = x.x.x.x port = 0 No more after that. It will only startup if ldap is total disabled. LDAP user account works. Please help me with some hints for finding this problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: over 30 radiusd processes
Craig Campbell wrote: Yes, two(2) binaries and one (1) shell script are called via exec as follows from the file, Could you NOT CC me on messages to the list? I subscribe, and I read the messages. And fix your mailer. I saw a *large* number of duplicates. - user (an authentication binary program - Exec-Program-Wait = /usr/local/sbin/auth -- %{User-Name} %{User-Password} %{%{Called-Station-Id}:-Missing} %{%{NAS-IP-Address}:-Missing} %{%{Calling-Station-Id}:-Missing} %{%{NAS-Port-Type}:-Missing} %{Vendor-Specific} ,) -acct_user (shell script - Exec-Program = %{exec:/usr/local/sbin/acctstop.sh}, ) and -attr_rewrite module (a hex translation binary - replacewith = %{exec:/usr/local/sbin/hexconvert -lX %{User-Name} }) Is this bad? Is there a better alternative? Thanks so much! -craig - Original Message - From: Alan DeKok al...@deployingradius.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Friday, October 09, 2009 4:17 PM Subject: Re: over 30 radiusd processes Craig Campbell wrote: radius-a seems to be getting the bulk of the radius records. Normally, it has a single process. Last night it spawned a bunch of children that seem to be loitering... Are you forking shell scripts via exec? radius-b and radius-c don't have more than a single radiusd process. Any idea what is going on? Why all the children? Do I need to be concerned? Is this normal? It's not normal. They're likely zombies that need to go away. The server normally cleans up any zombie children, but... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com __ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __ The message was checked by ESET Smart Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html