Re: /usr/local/sbin/radiusd -X problem
gmani wrote:
The same Problem I am getting My Solaris Servers while starting the radius
server. How can I fix this .
can U give me detailed explanation.
shivashankar wrote:
hi All,
i am using freeradius2.1.6
on solaris 10
when i run server i am getting following error
bash-3.00# /usr/local/sbin/radiusd -X
FreeRADIUS Version 2.1.6, for host sparc-sun-solaris2.10, built on Jul 30
2009 at 20:25:20
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including files in directory /usr/local/etc/raddb/modules/
including configuration file /usr/local/etc/raddb/modules/acct_unique
including configuration file /usr/local/etc/raddb/modules/always
including configuration file /usr/local/etc/raddb/modules/attr_filter
including configuration file /usr/local/etc/raddb/modules/attr_rewrite
including configuration file /usr/local/etc/raddb/modules/chap
including configuration file /usr/local/etc/raddb/modules/checkval
including configuration file /usr/local/etc/raddb/modules/counter
including configuration file /usr/local/etc/raddb/modules/detail
including configuration file
/usr/local/etc/raddb/modules/detail.example.com
including configuration file /usr/local/etc/raddb/modules/detail.log
including configuration file /usr/local/etc/raddb/modules/digest
including configuration file /usr/local/etc/raddb/modules/echo
including configuration file /usr/local/etc/raddb/modules/etc_group
including configuration file /usr/local/etc/raddb/modules/exec
including configuration file /usr/local/etc/raddb/modules/expiration
including configuration file /usr/local/etc/raddb/modules/expr
including configuration file /usr/local/etc/raddb/modules/files
including configuration file /usr/local/etc/raddb/modules/inner-eap
including configuration file /usr/local/etc/raddb/modules/ippool
including configuration file /usr/local/etc/raddb/modules/krb5
including configuration file /usr/local/etc/raddb/modules/ldap
including configuration file /usr/local/etc/raddb/modules/linelog
including configuration file /usr/local/etc/raddb/modules/logintime
including configuration file /usr/local/etc/raddb/modules/mac2ip
including configuration file /usr/local/etc/raddb/modules/mac2vlan
including configuration file /usr/local/etc/raddb/modules/otp
including configuration file /usr/local/etc/raddb/modules/mschap
including configuration file /usr/local/etc/raddb/modules/pam
including configuration file /usr/local/etc/raddb/modules/pap
including configuration file /usr/local/etc/raddb/modules/passwd
including configuration file /usr/local/etc/raddb/modules/perl
including configuration file /usr/local/etc/raddb/modules/policy
including configuration file /usr/local/etc/raddb/modules/preprocess
including configuration file /usr/local/etc/raddb/modules/radutmp
including configuration file /usr/local/etc/raddb/modules/realm
including configuration file /usr/local/etc/raddb/modules/smbpasswd
including configuration file /usr/local/etc/raddb/modules/smsotp
including configuration file /usr/local/etc/raddb/modules/sql_log
including configuration file
/usr/local/etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /usr/local/etc/raddb/modules/sradutmp
including configuration file /usr/local/etc/raddb/modules/unix
including configuration file /usr/local/etc/raddb/modules/wimax
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file
/usr/local/etc/raddb/sites-enabled/control-socket
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
Re: Building modules in C++ modules
Abu Marcose wrote: Exception handling for one. shrug C programming doesn't require that. Also, if one would like to use third party C++ libraries. C and C++ generally aren't compatible. You have access to git. You can edit the headers code to make them compatible with C++. Then, submit the patches back, or maintain a branch yourself. Git makes this trivial. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
framed-ip-address based on nas-ip-address
Hi , As there was a mistake in my previous email title and as I had big improvement in processing my problem I am sending a new email . As I said in previous email I want to configure freeradius to reply different framed-ip-addresses based on nas servers . I found following email in the archive which helped a lot : http://lists.cistron.nl/pipermail/freeradius-users/2009-January/msg00630.html the only problem that I have is if user is membership of 2 groups . freeradius is processing none of them ! even if both are matching ! but if I remove one of groups its working without any problem ! and assigning ip from ip pool read-groups is on here is my tables : select * from radcheck; ++--+---+++ | id | username | attribute | op | value | ++--+---+++ | 4 | test1| User-Password | := | 123456 | ++--+---+++ select * from radgroupcheck; ++---+++-+ | id | groupname | attribute | op | value | ++---+++-+ | 1 | group1| Nas-IP-Address | == | 192.168.1.5 | | 2 | group1| Pool-Name | := | pool1 | | 3 | group2| Nas-IP-Address | == | 192.168.1.6 | | 4 | group2| Pool-Name | := | pool2 | ++---+++-+ select * from radusergroup; +--+---+--+ | username | groupname | priority | +--+---+--+ | test1| group1|0 | | test1| group2|0 | +--+---+--+ select * from radippool; ++---+-+--+-+--+-+--+--+ | id | pool_name | framedipaddress | nasipaddress | calledstationid | callingstationid | expiry_time | username | pool_key | ++---+-+--+-+--+-+--+--+ | 1 | pool1 | 90.90.90.1 | | | | NULL| | 0| | 2 | pool1 | 90.90.90.2 | | | | NULL| | | | 5 | pool2 | 91.90.90.1 | | | | NULL| | 0| | 6 | pool2 | 91.90.90.2 | | | | NULL| | | ++---+-+--+-+--+-+--+--+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and vlan assignment
hi, assume that the switch does not support the auth-fail and has 2 vlan ( vlan inside and vlan outside ), is it possible in the users file to put a condition like: if (user belong to Ldap-group=inside) assign to vlan = inside else assign to vlan = outside is that possible ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Limit Bandwith
Sorry if this topic already posted or on wrong forum How can we set speed if the user already over quota ie first day of month they get 1Mbps bandwith after spent 1Gig the speed will decrease to 512Kbps until end of month without turning off modem and re-authenticate. is that possible? Lebih Bersih, Lebih Baik, Lebih Cepat - Rasakan Yahoo! Mail baru yang Lebih Cepat hari ini! http://id.mail.yahoo.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: framed-ip-address based on nas-ip-address
On Thu, Mar 18, 2010 at 2:21 PM, power159 power...@gmail.com wrote: the only problem that I have is if user is membership of 2 groups . freeradius is processing none of them ! even if both are matching ! but if I remove one of groups its working without any problem ! and assigning ip from ip pool +--+---+--+ | username | groupname | priority | +--+---+--+ | test1 | group1 | 0 | | test1 | group2 | 0 | +--+---+--+ See doc/rlm_sql in particular, I think the priority should be different. Also if you want both groups processed, you might need Fall-Through. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and vlan assignment
In the users file do this: DEFAULT Ldap-Group == cn=InsideGroup,o=Base Reply-Message = Your a member of the Inside Group, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 11, Fall-Through = No DEFAULT Auth-Type == LDAP Reply-Message = You did not match a LDAP Group, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 99 All members of the InsideGroup will get the first group of attributes and the FreeRadius will stop looking. Everyone else who authenticated through LDAP will get the second group of attributes. Bob On Thu, Mar 18, 2010 at 8:59 AM, omega bk omeg...@gmail.com wrote: hi, assume that the switch does not support the auth-fail and has 2 vlan ( vlan inside and vlan outside ), is it possible in the users file to put a condition like: if (user belong to Ldap-group=inside) assign to vlan = inside else assign to vlan = outside is that possible ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- The problem with socialism is that you eventually run out of other people's money. - Margaret Thatcher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: /usr/local/sbin/radiusd -X problem
I'm not anything even approaching an expert, but it looks like you don't have your certs setup properly or the file paths are pointing to the wrong place. Bob On Thu, Mar 18, 2010 at 6:13 AM, gmani gmanikandan...@gmail.com wrote: gmani wrote: The same Problem I am getting My Solaris Servers while starting the radius server. How can I fix this . can U give me detailed explanation. * /usr/local/etc/raddb/certs/**bootstrap: make: not found /usr/local/etc/raddb/certs/**bootstrap: openssl: not found Exec-Program output: Exec-Program: returned: 1 rlm_eap: Failed to initialize type tls /usr/local/etc/raddb/eap.conf[**17]: Instantiation failed for module eap /usr/local/etc/raddb/sites-**enabled/inner-tunnel[223]: Failed to find module eap. /usr/local/etc/raddb/sites-**enabled/inner-tunnel[176]: Errors parsing authenticate section. Errors initializing modules* plz hlp me out -- The problem with socialism is that you eventually run out of other people's money. - Margaret Thatcher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: framed-ip-address based on nas-ip-address
I have read doc/rlm_sql many times but I unable to find any solution . adding Fall-Through in radreply for user or radgroupreply for groups doesn't help .. even I tried to use huntgroups but same result .. it works just when the user is membership of a group .. mean if I add user to second group its not working any more and sqlippool is not processing ! its not matter if group checks is matching or no .. it seems there is something wrong when a user is membership of 2 groups because its checking none of them when user is in more than 1 group - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and vlan assignment
i could'nt imagine that would be so simple. i'll try that next time [?] thank u 2010/3/18 Bob Brandt b...@brandt.ie In the users file do this: DEFAULT Ldap-Group == cn=InsideGroup,o=Base Reply-Message = Your a member of the Inside Group, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 11, Fall-Through = No DEFAULT Auth-Type == LDAP Reply-Message = You did not match a LDAP Group, Tunnel-Medium-Type = IEEE-802, Tunnel-Type = VLAN, Tunnel-Private-Group-ID = 99 All members of the InsideGroup will get the first group of attributes and the FreeRadius will stop looking. Everyone else who authenticated through LDAP will get the second group of attributes. Bob On Thu, Mar 18, 2010 at 8:59 AM, omega bk omeg...@gmail.com wrote: hi, assume that the switch does not support the auth-fail and has 2 vlan ( vlan inside and vlan outside ), is it possible in the users file to put a condition like: if (user belong to Ldap-group=inside) assign to vlan = inside else assign to vlan = outside is that possible ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- The problem with socialism is that you eventually run out of other people's money. - Margaret Thatcher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 330.gif- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit Bandwith
sugiarto tjahyono stjahy...@yahoo.com : How can we set speed if the user already over quota ie first day of month they get 1Mbps bandwith after spent 1Gig the speed will decrease to 512Kbps until end of month without turning off modem and re-authenticate. is that possible? That is possible. But, with the few explanation you provided, it's a bit complicated and my idea goes to something like SQLCounter. -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche Developpement +261 34 29 155 34 / +261 33 11 207 36 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius PEAP/MSCHAPv2 against Apple OpenDirectory
I configured the LDAP module talks to Open Directory, based on the debug looks the password fetched from OD, but the authentication always failed. Is there any guide for freeRADIUS+ldap+OD integrating? I setup freeRADIUS talks to OpenLDAP, it works well. Can OD return cleartext password like OpenLDAP do? John. --- 10年3月15日,周一, Alan DeKok al...@deployingradius.com 写道: 发件人: Alan DeKok al...@deployingradius.com 主题: Re: Freeradius PEAP/MSCHAPv2 against Apple OpenDirectory 收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org 日期: 2010年3月15日,周一,下午12:59 John wrote: Hello, We want to setup freeRADIUS with Peap/MSCHAPv2 talk to Apple Open Directory. I found this option 'use_open_directory'. But looks we need to install freeRADIUS on the same machine with Open Directory.(https://lists.freeradius.org/pipermail/freeradius-users/2010-February/msg00307.html) Do we have to run freeRADIUS on the same machine with OpenDirectory? Yes. Is there a work-around that we can run freeRADIUS seperate from OpenDirectory? OpenDirectory is an LDAP server. Configure that way in FreeRADIUS. It might work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Clients Configuration on MySQL
Hi,
Could we move clients.conf to mysql table ?
yes.
How to do that ?
its well documented but basically, you need to
1) import the nas.sql so that your MySQL has the right table/structure
2) edit the mysql/dialup.conf make sure that nas_query is not commented
finally, edit sql.conf..right near the bottom you will find this:
# Set to 'yes' to read radius clients from the database ('nas' table)
# Clients will ONLY be read on server startup. For performance
# and security reasons, finding clients via SQL queries CANNOT
# be done live while the server is running.
#
#readclients = yes
read the text. uncomment the readclients
if you DO want new clients to work without restarting the service, then
enable the dynamic-clients virtual host. read the dynamic-clients config
well - it makes pretty good sense and is trivial to operate.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: /usr/local/sbin/radiusd -X problem
Hi, The same Problem I am getting My Solaris Servers while starting the radius server. How can I fix this . can U give me detailed explanation. the output is fairly obvious: /usr/local/etc/raddb/certs/bootstrap: make: not found /usr/local/etc/raddb/certs/bootstrap: openssl: not found Exec-Program output: Exec-Program: returned: 1 rlm_eap: Failed to initialize type tls (then it fails...because EAP section broken) okay - you need to have certificates to use EAP. if you havent already installed a CA and a server cert into the correct place (read eap.conf file!) then you probably also havent uncommented the 'bootstrap' line. this line tells the server to make a 'snake oil' CA and server cert (for testing purposes!). as you dont appear to have the right tools installed...eg 'make' and 'openssl', then this fails. to fix this either 1) install development environment and openssl tools or 2) put a server cert and CA cert onto the system and disable the bootstrap command alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug only for rlm_xxx (rlm_perl)
Hi Doug, I will try this. But - without my patch, the compile goes OK. Thanks Thomas. On Wed, 17 Mar 2010 15:15:20 -0700, Doug Hardie bc...@lafn.org wrote: Only one of those errors references the code you added. There should have been a line in my earlier email like: struct stat sb; The other errors indicate a problem with the normal build includes. How did you try and rebuild it? I suspect there is a way to just rebuild rlm_perl, but I haven't tried to do that on version 2. I suspect you may need to rebuild the entire freeradius. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC based Vlan problem
Hi, we're using freeradius to switch different computer into various vlans on our switches. We have had a working configuration for freeradius 1.x, but for 2.1.6 (running on SLES) this configuration is working different. We're including a file looking like this: --- # VLAN 14 # # DEFAULT Tunnel-Private-Group-ID = 14, Foundry-802_1x-enable = 0, Fall-Through = 1 # aaabbbcccddd User-Password == aaabbbcccddd # VLAN 15 # # DEFAULT Tunnel-Private-Group-ID = 15, Foundry-802_1x-enable = 0, Fall-Through = 1 # bbbcccdddaaa User-Password == bbbcccdddaaa --- On the new freeradius *all* valid mac addresses are getting the vlan Tunnel-Private-Group-ID from the first statement. All other vlan id's are ignored. The advantage was, to group all mac according to the vlan-id. Now you have to add all settings to each mac Is there a way to group the mac addresses with one header ? -- Bye, Peer _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 attachment: pkoch.vcf smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Max Query Length Exceeded and Field Truncated
Hello all,
Our network had some change somewhere and now all MySQL insert queries
are failing
with the last field been truncated and the character count is always
4097 from the CDRs
been sent by our NAS (Acme Packet SBC).
Having looked at the source we see:
src/modules/rlm_sql/conf.h
src/modules/rlm_sql/rlm_sql.c
/* SQL defines */
#define MAX_QUERY_LEN 4096
#define SQL_LOCK_LEN MAX_QUERY_LEN
I'm not sure here, can we just increase to 8192 etc. or is this being stupid?
Can I edit the above and recompile?
Unfortunately we are running FreeRADIUS 1.1.7 and yes, everyone must
be screaming upgrade!
Linux klio 2.6.24-21-server #1 SMP Wed Oct 22 00:18:13 UTC 2008 i686 GNU/Linux.
MySQL 5.0.51a-3ubuntu5.4-log.
I've looked at the above files in 2.1.8 and the values are the same.
Does this mean an upgrade will not fix this?
The RADIUS RFC says a maximum length of 4096, is this what we are
breaking or something else?
Please advise as to the best solution.
FreeRADIUS log:
Wed Mar 17 16:10:50 2010 : Error: rlm_sql_mysql: MySQL error 'You have
an error in your SQL syntax; check the manual that corresponds to y
our MySQL server version for the right syntax to use near
''sip:0827355...@hugetipjhb01' at line 1'
MySQL log (shortened for brevity's sake):
INSERT into accounting (AcctStatusType, AcctTerminateCause,
CalledStationId, NASIdentifier, h323setuptime, h323connecttime,
h323disconnecttime, h323disconnectcause) values ('0', '0', '0', '0',
'0', '0', '0', 'sip:0738063...@h
From the FreeRADIUS SQL trace (shortened for brevity's sake):
INSERT into accounting (AcctStatusType, AcctTerminateCause,
CalledStationId, NASIdentifier, h323setuptime, h323connecttime,
h323disconnecttime, h323disconnectcause, CallingRTCPMaxLatency_FS1,
CallingRTPPacketsLost_FS1, CallingRTPAvgJitter_FS1,
CallingRTPMaxJitter_FS1, SessionIngressRealm, SessionEgressRealm,
SessionProtocolType) values ('196.31.63.118', '15830', '0', '0', '0',
'0', '0', '0', '0', '0', '0', '0', 'sip:0823246912@;
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max Query Length Exceeded and Field Truncated
Robert Gabriel wrote:
Hello all,
Our network had some change somewhere and now all MySQL insert queries
are failing
with the last field been truncated and the character count is always
4097 from the CDRs
What does that mean? What's a character count?
been sent by our NAS (Acme Packet SBC).
Having looked at the source we see:
src/modules/rlm_sql/conf.h
src/modules/rlm_sql/rlm_sql.c
/* SQL defines */
#define MAX_QUERY_LEN4096
#define SQL_LOCK_LEN MAX_QUERY_LEN
I'm not sure here, can we just increase to 8192 etc. or is this being stupid?
Can I edit the above and recompile?
Yes. But I fail to see why the SQL queries are huge. There's really
no reason for this.
MySQL log (shortened for brevity's sake):
INSERT into accounting (AcctStatusType, AcctTerminateCause,
CalledStationId, NASIdentifier, h323setuptime, h323connecttime,
h323disconnecttime, h323disconnectcause) values ('0', '0', '0', '0',
'0', '0', '0', 'sip:0738063...@h
Think a bit: that line looks truncated, but there is NO WAY it's 4K in
size.
Something else is going on. Find out what, and fix it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit Bandwith
Title: Re: Limit Bandwith Здравствуйте, sugiarto. just change speed limiting rule in your firewall Вы писали 18 марта 2010 г., 11:27:20: Sorry if this topic already posted or on wrong forum How can we set speed if the user already over quota ie first day of month they get 1Mbps bandwith after spent 1Gig the speed will decrease to 512Kbps until end of month without turning off modem and re-authenticate. is that possible? Dapatkan nama yang Anda sukai! Sekarang Anda dapat memiliki email di @ymail.com dan @rocketmail.com. -- С уважением, Коньков mailto:kes-...@yandex.ru - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
TLS/SSL Error?
I just recently enabled a WPA SSID on our wireless network. PEAP with MSCHAP V2 is the EAP method. As far as I know it's working correctly (from all my test clients anyway), but I have seen a number of these messages logged (FreeRadius 2.1.3) and I don't know where they're coming from. My Free radius server has a Thawte Certificate installed. I'm not sure what the message means? Mar 18 15:01:01 rad01 radiusd[8452]: TLS Alert read:fatal:unknown CA Mar 18 15:01:01 rad01 radiusd[8452]: TLS_accept:failed in SSLv3 read client certificate A Mar 18 15:01:01 rad01 radiusd[8452]: rlm_eap: SSL error error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca -Mike attachment: mike_diggins.vcf- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unresponsive child for request
I am getting this error in my logs and I understand it is do to likley an issue with sql but was wondering what the criteria for this error to be generrated is. Error: WARNING: Unresponsive child for request 271737, in module sqlzuul component accounting Basically I assume and sql query is sent and if there is no response in x seconds this error is generated. Or am I completly wrong here? Mark Jones - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Unresponsive child for request
I wish resolving unresponsive child errors was as simple as posting to a msg board or reading a man page -Original Message- From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On Behalf Of Mark Jones Sent: Thursday, March 18, 2010 3:03 PM To: FreeRadius users mailing list Subject: Unresponsive child for request I am getting this error in my logs and I understand it is do to likley an issue with sql but was wondering what the criteria for this error to be generrated is. Error: WARNING: Unresponsive child for request 271737, in module sqlzuul component accounting Basically I assume and sql query is sent and if there is no response in x seconds this error is generated. Or am I completly wrong here? Mark Jones - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit Bandwith
Le jeudi 18 mars 2010 à 17:27 +0800, sugiarto tjahyono a écrit : Sorry if this topic already posted or on wrong forum How can we set speed if the user already over quota ie first day of month they get 1Mbps bandwith after spent 1Gig the speed will decrease to 512Kbps until end of month without turning off modem and re-authenticate. is that possible? If your NAS support it you could use CoA based on events triggerrd by iterim updates tickets. __ Dapatkan nama yang Anda sukai! Sekarang Anda dapat memiliki email di @ymail.com dan @rocketmail.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unresponsive child for request
Mark Jones wrote: I am getting this error in my logs and I understand it is do to likley an issue with sql but was wondering what the criteria for this error to be generrated is. Error: WARNING: Unresponsive child for request 271737, in module sqlzuul component accounting Basically I assume and sql query is sent and if there is no response in x seconds this error is generated. Yes. Go fix the SQL DB. It should NOT take 5-10s to do a query. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: TLS/SSL Error?
Mike Diggins wrote: I just recently enabled a WPA SSID on our wireless network. PEAP with MSCHAP V2 is the EAP method. As far as I know it's working correctly (from all my test clients anyway), but I have seen a number of these messages logged (FreeRadius 2.1.3) and I don't know where they're coming from. My Free radius server has a Thawte Certificate installed. I'm not sure what the message means? Mar 18 15:01:01 rad01 radiusd[8452]: TLS Alert read:fatal:unknown CA The client is connecting with a certificate that is unknown to the RADIUS server. i.e. blame the client. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and COA
Hi, I am trying to figure out to use the Coa functionality in Freeradius. I have two seperate questions. 1) For originating a COA packet, is it possible to trigger it from rlm_perl. i.e. cause an update coa. 2) For receiving a COA packet. How can I process it. I see that when perl instantiates, it claims it will use two funtions, send_coa and recv_coa. In what section must I put perl for it to call the functions? I've created a listen section for Coa. Freradius receives it, but does nothing and simply sends back an ack. Hope this makes sense... -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius PEAP/MSCHAPv2 against Apple OpenDirectory
I attached the captured packets. Please open it with wireshark. The password from OD is “”. It is neither cleartext password nor encrypted password. --- 10年3月18日,周四, John elmer_rad...@yahoo.com.cn 写道: 发件人: John elmer_rad...@yahoo.com.cn 主题: Re: Freeradius PEAP/MSCHAPv2 against Apple OpenDirectory 收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org 日期: 2010年3月18日,周四,下午7:01 I configured the LDAP module talks to Open Directory, based on the debug looks the password fetched from OD, but the authentication always failed. Is there any guide for freeRADIUS+ldap+OD integrating? I setup freeRADIUS talks to OpenLDAP, it works well. Can OD return cleartext password like OpenLDAP do? John. --- 10年3月15日,周一, Alan DeKok al...@deployingradius.com 写道: 发件人: Alan DeKok al...@deployingradius.com 主题: Re: Freeradius PEAP/MSCHAPv2 against Apple OpenDirectory 收件人: FreeRadius users mailing list freeradius-users@lists.freeradius.org 日期: 2010年3月15日,周一,下午12:59 John wrote: Hello, We want to setup freeRADIUS with Peap/MSCHAPv2 talk to Apple Open Directory. I found this option 'use_open_directory'. But looks we need to install freeRADIUS on the same machine with Open Directory.(https://lists.freeradius.org/pipermail/freeradius-users/2010-February/msg00307.html) Do we have to run freeRADIUS on the same machine with OpenDirectory? Yes. Is there a work-around that we can run freeRADIUS seperate from OpenDirectory? OpenDirectory is an LDAP server. Configure that way in FreeRADIUS. It might work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -下面为附件内容- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ODldap.pcap Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and COA
Johan Meiring wrote: 1) For originating a COA packet, is it possible to trigger it from rlm_perl. i.e. cause an update coa. Not really. 2) For receiving a COA packet. How can I process it. I see that when perl instantiates, it claims it will use two funtions, send_coa and recv_coa. In what section must I put perl for it to call the functions? The recv_coa send_coa sections. I've created a listen section for Coa. Freradius receives it, but does nothing and simply sends back an ack. Yup. The example CoA server was missed in 2.1.8. See: http://github.com/alandekok/freeradius-server/blob/master/raddb/sites-available/coa Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Max Query Length Exceeded and Field Truncated
On 18 March 2010 19:07, Alan DeKok al...@deployingradius.com wrote:
Robert Gabriel wrote:
Hello all,
Our network had some change somewhere and now all MySQL insert queries
are failing
with the last field been truncated and the character count is always
4097 from the CDRs
What does that mean? What's a character count?
been sent by our NAS (Acme Packet SBC).
Having looked at the source we see:
src/modules/rlm_sql/conf.h
src/modules/rlm_sql/rlm_sql.c
/* SQL defines */
#define MAX_QUERY_LEN 4096
#define SQL_LOCK_LEN MAX_QUERY_LEN
I'm not sure here, can we just increase to 8192 etc. or is this being stupid?
Can I edit the above and recompile?
Yes. But I fail to see why the SQL queries are huge. There's really
no reason for this.
MySQL log (shortened for brevity's sake):
INSERT into accounting (AcctStatusType, AcctTerminateCause,
CalledStationId, NASIdentifier, h323setuptime, h323connecttime,
h323disconnecttime, h323disconnectcause) values ('0', '0', '0', '0',
'0', '0', '0', 'sip:0738063...@h
Think a bit: that line looks truncated, but there is NO WAY it's 4K in
size.
Something else is going on. Find out what, and fix it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan, I don't appreciate your harsh response. One comes to these lists
for help not scorn and ridicule.
Character count meaning the below and as stated above (IT WAS
SHORTENED FOR BREVITY'S SAKE) so I didn't take up the whole post with
log lines
and surely now we can see it is 4KB in size (so it's 4096 bytes less
the semicolon my mistake).
Am I thinking a bit?
$ wc -c INSERT into accounting (AcctStatusType, AcctTerminateCause,
CalledStationId, NASIdentifier, h323setuptime, h323connecttime,
h323disconnecttime, h323disconnectcause, SessionGenericId,
FlowID_FS1_F, FlowType_FS1_F, SessionIngressCallId,
SessionEgressCallId, FlowInRealm_FS1_F, FlowInSrcAddr_FS1_F,
FlowInSrcPort_FS1_F, FlowInDstAddr_FS1_F, FlowInDstPort_FS1_F,
FlowOutRealm_FS1_F, FlowOutSrcAddr_FS1_F, FlowOutSrcPort_FS1_F,
FlowOutDstAddr_FS1_F, FlowOutDstPort_FS1_F, CallingOctets_FS1,
CallingPackets_FS1, CallingRTCPPacketsLost_FS1,
CallingRTCPAvgJitter_FS1, CallingRTCPAvgLatency_FS1,
CallingRTCPMaxJitter_FS1, CallingRTCPMaxLatency_FS1,
CallingRTPPacketsLost_FS1, CallingRTPAvgJitter_FS1,
CallingRTPMaxJitter_FS1, SessionIngressRealm, SessionEgressRealm,
SessionProtocolType, CalledOctets_FS1, CalledPackets_FS1,
CalledRTCPPacketsLost_FS1, CalledRTCPAvgJitter_FS1,
CalledRTCPAvgLatency_FS1, CalledRTCPMaxJitter_FS1,
CalledRTCPMaxLatency_FS1, CalledRTPPacketsLost_FS1,
CalledRTPAvgJitter_FS1, CalledRTPMaxJitter_FS1, SessionChargingVector,
SessionChargingFunction_Address, FirmwareVersion, LocalTimeZone,
PostDialDelay, CDRSequenceNumber, SessionDisposition,
DisconnectInitiator, DisconnectCause, Intermediate_Time,
PrimaryRoutingNumber, OriginatingTrunkGroup, TerminatingTrunkGroup,
OriginatingTrunkContext, TerminatingTrunkContext, PAssertedID,
SIPDiversion, SIPStatus, IngressLocalAddr, IngressRemoteAddr,
EgressLocalAddr, EgressRemoteAddr, FlowID_FS1_R, FlowType_FS1_R,
FlowInRealm_FS1_R, FlowInSrcAddr_FS1_R, FlowInSrcPort_FS1_R,
FlowInDstAddr_FS1_R, FlowInDstPort_FS1_R, FlowOutRealm_FS1_R,
FlowOutSrcAddr_FS1_R, FlowOutSrcPort_FS1_R, FlowOutDstAddr_FS1_R,
FlowOutDstPort_FS1_R, FlowID_FS2_F, FlowType_FS2_F, FlowInRealm_FS2_F,
FlowInSrcAddr_FS2_F, FlowInSrcPort_FS2_F, FlowInDstAddr_FS2_F,
FlowInDstPort_FS2_F, FlowOutRealm_FS2_F, FlowOutSrcAddr_FS2_F,
FlowOutSrcPort_FS2_F, FlowOutDstAddr_FS2_F, FlowOutDstPort_FS2_F,
CallingOctets_FS2, CallingPackets_FS2, CallingRTCPPacketsLost_FS2,
CallingRTCPAvgJitter_FS2, CallingRTCPAvgLatency_FS2,
CallingRTCPMaxJitter_FS2, CallingRTCPMaxLatency_FS2,
CallingRTPPacketsLost_FS2, CallingRTPAvgJitter_FS2,
CallingRTPMaxJitter_FS2, FlowID_FS2_R, FlowType_FS2_R,
FlowInRealm_FS2_R, FlowInSrcAddr_FS2_R, FlowInSrcPort_FS2_R,
FlowInDstAddr_FS2_R, FlowInDstPort_FS2_R, FlowOutRealm_FS2_R,
FlowOutSrcAddr_FS2_R, FlowOutSrcPort_FS2_R, FlowOutDstAddr_FS2_R,
FlowOutDstPort_FS2_R, CalledOctets_FS2, CalledPackets_FS2,
CalledRTCPPacketsLost_FS2, CalledRTCPAvgJitter_FS2,
CalledRTCPAvgLatency_FS2, CalledRTCPMaxJitter_FS2,
CalledRTCPMaxLatency_FS2, CalledRTPPacketsLost_FS2,
CalledRTPAvgJitter_FS2, CalledRTPMaxJitter_FS2,
EgressFinalRoutingNumber ) values ('Stop', 'User-Request',
'sip:27823246...@196.30.132.98:5060', 'acmepacket', '14:47:22.831
GMT+2 MAR 12 2010', '14:47:36.670 GMT+2 MAR 12 2010', '14:50:10.179
GMT+2 MAR 12 2010', '1', '', 'localhost:652024', 'G729',
'310075-3477386742-88...@nextone-msw.mydomain.com',
'310075-3477386742-88...@nextone-msw.mydomain.com', 'oscar_telecom',
'196.31.63.118', '15826', '172.28.18.226', '12450', 'QUESCFARM',
'10.0.64.10', '18334', '10.0.32.8', '11252', '624088', '7956', '72',
'215', '1784', '263', '2045', '41', '0', '45', 'oscar_telecom',
'QUESCFARM', 'SIP', '623574', '7945', '52', '3', '873', '4', '2047',
'60',
