When I am using FreeRadius as Proxy and when a timeout happens this is not been reported back to the application.
My Setup: Application <--> my-FreeRadius-proxy (my rlm_myapp listening on this) <---> Home Server listens on RADIUS AccessReq --> recived accessrequest to rlm_myapp decided to proxy --> --> Time out and we expect the timeout to be intimated to the rlm_myapp. Issue: when ever the time out happens I am getting the below error. /*Info: WARNING: Internal sanity check failed in event handler for request 0: Discarding the request!*/ Request: Can some one help me in doing the right configuration/suggestion to get the error reported back to the application. Thanks & Regards, Kiran... -- View this message in context: http://freeradius.1045715.n5.nabble.com/When-I-am-using-FreeRadius-as-Proxy-and-when-a-timeout-happens-this-is-not-been-reported-back-to-the-tp4633593p4633593.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting - limits
>Rizky Marunda Dinata >Mon, 25 Jul 2011 06:34:04 -0700 > >Dear Evgeny, > >Yes, freeradius is able to monitor and limit usage, for example will reject >login after 1 GB of sum ( download+upload), please read info about >sql-counter (http://wiki.freeradius.org/Rlm_sqlcounter) Thank you very much Rizky for your hint! I've figured out how to use rlm_counter for the same purpose but I can restrict only based on Acct-Input-Octets or on Acct-Output-Octets. Is there a way using rlm_counter to sum up these counters to make a decision on reaching limit? Evgeny. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Proxying based on a regex
> Not quite ... I see, that makes sense. Thanks for taking the time to explain. Jake Sallee Godfather of Bandwidth Network Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org [freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] on behalf of Arran Cudbard-Bell [a.cudba...@freeradius.org] Sent: Monday, July 25, 2011 4:02 PM To: FreeRadius users mailing list Subject: Re: Proxying based on a regex On 25 Jul 2011, at 22:49, Sallee, Stephen (Jake) wrote: >> Impressive, you've both made up entirely fictitious syntaxes for doing >> proxying... Um anyway. > > Glad you like it : ) > > I am still new to FR so forgive me if I am mistaken but that little bit of > unlang would go into the sites-enabled-default config correct? Yep, correct. > If so isn't it doing the same thing as the suffix module? Not quite, this proxies a whole bunch of suffixes to a single realm if the format matches. Suffix will proxy to different realms based on the realm in the request. -Arran > > Either way you need to setup the proxy config ... > > Ours may be working because we are only checking the domain the user uses and > then steering them to the correct inner-tunnel, my apologies if the advice > was incorrect. > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > 900 College St. > Belton, Texas > 76513 > Fone: 254-295-4658 > Phax: 254-295-4221 > > -Original Message- > From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org > [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] > On Behalf Of Arran Cudbard-Bell > Sent: Monday, July 25, 2011 3:33 PM > To: FreeRadius users mailing list > Subject: Re: Proxying based on a regex > > Impressive, you've both made up entirely fictitious syntaxes for doing > proxying... Um anyway. > > > if(User-Name =~ /REGEX/){ > update control { > Proxy-To-Realm := 'my_proxy_realm' > } > } > > Then configure the realm in proxy.conf. Subcapture groups can provide you > with parts of the User-Name string and can be accessed using the %{0}, %{1}, > %{2}... etc variables > > You don't need to do anything if you're just doing local authentication > > > -Arran > > On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote: > >> We did this through our realms see code: >> >> In your proxy.conf >> >> realm "~.*umhb\\.edu$" { >> some code here### >> ###usually the virtual server you want to proxy them to### } >> >> If I am understanding your question right that should do it, but others may >> have a better way .. or I could be on crack ... >> >> >> -Original Message- >> From: >> freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org >> [mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius >> .org] On Behalf Of Charles Plater >> Sent: Monday, July 25, 2011 3:05 PM >> To: freeradius-users@lists.freeradius.org >> Subject: Proxying based on a regex >> >> I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the >> format of the ID. I have a working regex that determines the domain to which >> the request should be sent, but I'm having a hard time figuring out the >> syntax of the proxy statement. Here's what I've tried: >> >> if (User-Name !~ ) { >> proxy: domain.name >> else { >> proxy: LOCAL >> } >> } >> >> FWIW, I can successfully authenticate do the "domain.name" realm by using >> use...@domain.name. >> >> Can anyone offer any suggestions? Thanks in advance. >> -- >> Charles Plater >> Lead Application Technical Analyst >> Internet Services >> +1-313-577-4620 >> ab3...@wayne.edu >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: View attributes of an connection
Thanks Arran, it's works for me. The reason i need this it's because a module is not set an attribute, see the log: Mon Jul 25 18:04:03 2011 : Debug: rlm_backcounter/time-limit: (rlm_backcounter.c#780) backcounter_authorize(): user prepago is over limit - adding 'Monthly-Time-Exceeded' attribute Mon Jul 25 18:04:03 2011 : Debug: rlm_sql (sql): Released sql socket id: 3 Mon Jul 25 18:04:03 2011 : Info: ++[time-limit] returns ok Mon Jul 25 18:04:03 2011 : Info:expand: %{Monthly-Time-Exceeded} -> In the source of module have this: vp = radius_paircreate(request, &request->reply->vps,data->overvap_attr, PW_TYPE_INTEGER); vp->vp_integer = 1; Any help? Em 25-07-2011 17:44, Arran Cudbard-Bell escreveu: > Make that: > > update request { > Tmp-String-0 := "%{variable I want to expand}" > } > > > On 25 Jul 2011, at 22:34, Arran Cudbard-Bell wrote: > >> >> On 25 Jul 2011, at 22:24, Jean Carlos Oliveira Guandalini wrote: >> >>> I need to find the value of an attribute created by a module, it is >>> possible? radiusd -X or radiusd -xxx does not show these values. >> >> Sure you just need to expand it somewhere. >> >> update request { >> Tmp-String-0 := "%{variable I want to expand} >> } >> >> -Arran >> >> Arran Cudbard-Bell >> a.cudba...@freeradius.org >> >> RADIUS - Half the complexity of Diameter >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying based on a regex
On 25 Jul 2011, at 22:49, Sallee, Stephen (Jake) wrote: >> Impressive, you've both made up entirely fictitious syntaxes for doing >> proxying... Um anyway. > > Glad you like it : ) > > I am still new to FR so forgive me if I am mistaken but that little bit of > unlang would go into the sites-enabled-default config correct? Yep, correct. > If so isn't it doing the same thing as the suffix module? Not quite, this proxies a whole bunch of suffixes to a single realm if the format matches. Suffix will proxy to different realms based on the realm in the request. -Arran > > Either way you need to setup the proxy config ... > > Ours may be working because we are only checking the domain the user uses and > then steering them to the correct inner-tunnel, my apologies if the advice > was incorrect. > > Jake Sallee > Godfather of Bandwidth > System Engineer > University of Mary Hardin-Baylor > 900 College St. > Belton, Texas > 76513 > Fone: 254-295-4658 > Phax: 254-295-4221 > > -Original Message- > From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org > [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] > On Behalf Of Arran Cudbard-Bell > Sent: Monday, July 25, 2011 3:33 PM > To: FreeRadius users mailing list > Subject: Re: Proxying based on a regex > > Impressive, you've both made up entirely fictitious syntaxes for doing > proxying... Um anyway. > > > if(User-Name =~ /REGEX/){ > update control { > Proxy-To-Realm := 'my_proxy_realm' > } > } > > Then configure the realm in proxy.conf. Subcapture groups can provide you > with parts of the User-Name string and can be accessed using the %{0}, %{1}, > %{2}... etc variables > > You don't need to do anything if you're just doing local authentication > > > -Arran > > On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote: > >> We did this through our realms see code: >> >> In your proxy.conf >> >> realm "~.*umhb\\.edu$" { >> some code here### >> ###usually the virtual server you want to proxy them to### } >> >> If I am understanding your question right that should do it, but others may >> have a better way .. or I could be on crack ... >> >> >> -Original Message- >> From: >> freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org >> [mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius >> .org] On Behalf Of Charles Plater >> Sent: Monday, July 25, 2011 3:05 PM >> To: freeradius-users@lists.freeradius.org >> Subject: Proxying based on a regex >> >> I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the >> format of the ID. I have a working regex that determines the domain to which >> the request should be sent, but I'm having a hard time figuring out the >> syntax of the proxy statement. Here's what I've tried: >> >> if (User-Name !~ ) { >> proxy: domain.name >> else { >> proxy: LOCAL >> } >> } >> >> FWIW, I can successfully authenticate do the "domain.name" realm by using >> use...@domain.name. >> >> Can anyone offer any suggestions? Thanks in advance. >> -- >> Charles Plater >> Lead Application Technical Analyst >> Internet Services >> +1-313-577-4620 >> ab3...@wayne.edu >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Proxying based on a regex
> Impressive, you've both made up entirely fictitious syntaxes for doing > proxying... Um anyway. Glad you like it : ) I am still new to FR so forgive me if I am mistaken but that little bit of unlang would go into the sites-enabled-default config correct? If so isn't it doing the same thing as the suffix module? Either way you need to setup the proxy config ... Ours may be working because we are only checking the domain the user uses and then steering them to the correct inner-tunnel, my apologies if the advice was incorrect. Jake Sallee Godfather of Bandwidth System Engineer University of Mary Hardin-Baylor 900 College St. Belton, Texas 76513 Fone: 254-295-4658 Phax: 254-295-4221 -Original Message- From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Monday, July 25, 2011 3:33 PM To: FreeRadius users mailing list Subject: Re: Proxying based on a regex Impressive, you've both made up entirely fictitious syntaxes for doing proxying... Um anyway. if(User-Name =~ /REGEX/){ update control { Proxy-To-Realm := 'my_proxy_realm' } } Then configure the realm in proxy.conf. Subcapture groups can provide you with parts of the User-Name string and can be accessed using the %{0}, %{1}, %{2}... etc variables You don't need to do anything if you're just doing local authentication -Arran On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote: > We did this through our realms see code: > > In your proxy.conf > > realm "~.*umhb\\.edu$" { > some code here### > ###usually the virtual server you want to proxy them to### } > > If I am understanding your question right that should do it, but others may > have a better way .. or I could be on crack ... > > > -Original Message- > From: > freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org > [mailto:freeradius-users-bounces+jake.sallee=umhb.edu@lists.freeradius > .org] On Behalf Of Charles Plater > Sent: Monday, July 25, 2011 3:05 PM > To: freeradius-users@lists.freeradius.org > Subject: Proxying based on a regex > > I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the > format of the ID. I have a working regex that determines the domain to which > the request should be sent, but I'm having a hard time figuring out the > syntax of the proxy statement. Here's what I've tried: > > if (User-Name !~ ) { > proxy: domain.name > else { > proxy: LOCAL > } > } > > FWIW, I can successfully authenticate do the "domain.name" realm by using > use...@domain.name. > > Can anyone offer any suggestions? Thanks in advance. > -- > Charles Plater > Lead Application Technical Analyst > Internet Services > +1-313-577-4620 > ab3...@wayne.edu > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: View attributes of an connection
Make that: update request { Tmp-String-0 := "%{variable I want to expand}" } On 25 Jul 2011, at 22:34, Arran Cudbard-Bell wrote: > > On 25 Jul 2011, at 22:24, Jean Carlos Oliveira Guandalini wrote: > >> I need to find the value of an attribute created by a module, it is >> possible? radiusd -X or radiusd -xxx does not show these values. > > Sure you just need to expand it somewhere. > > update request { > Tmp-String-0 := "%{variable I want to expand} > } > > -Arran > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: View attributes of an connection
Jean Carlos Oliveira Guandalini wrote: > I need to find the value of an attribute created by a module, it is > possible? What does that mean? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying based on a regex
Sorry only first one is fictitious, second one should work fine :) -Arran On 25 Jul 2011, at 22:33, Arran Cudbard-Bell wrote: > Impressive, you've both made up entirely fictitious syntaxes for doing > proxying... Um anyway. > > > if(User-Name =~ /REGEX/){ > update control { > Proxy-To-Realm := 'my_proxy_realm' > } > } > > Then configure the realm in proxy.conf. Subcapture groups can provide you > with parts of the User-Name string and can be accessed using the %{0}, %{1}, > %{2}... etc variables > > You don't need to do anything if you're just doing local authentication > > > -Arran > > On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote: > >> We did this through our realms see code: >> >> In your proxy.conf >> >> realm "~.*umhb\\.edu$" { >> some code here### >> ###usually the virtual server you want to proxy them to### >> } >> >> If I am understanding your question right that should do it, but others may >> have a better way .. or I could be on crack ... >> >> >> -Original Message- >> From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org >> [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] >> On Behalf Of Charles Plater >> Sent: Monday, July 25, 2011 3:05 PM >> To: freeradius-users@lists.freeradius.org >> Subject: Proxying based on a regex >> >> I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the >> format of the ID. I have a working regex that determines the domain to which >> the request should be sent, but I'm having a hard time figuring out the >> syntax of the proxy statement. Here's what I've tried: >> >> if (User-Name !~ ) { >> proxy: domain.name >> else { >> proxy: LOCAL >> } >> } >> >> FWIW, I can successfully authenticate do the "domain.name" realm by using >> use...@domain.name. >> >> Can anyone offer any suggestions? Thanks in advance. >> -- >> Charles Plater >> Lead Application Technical Analyst >> Internet Services >> +1-313-577-4620 >> ab3...@wayne.edu >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: View attributes of an connection
On 25 Jul 2011, at 22:24, Jean Carlos Oliveira Guandalini wrote: > I need to find the value of an attribute created by a module, it is > possible? radiusd -X or radiusd -xxx does not show these values. Sure you just need to expand it somewhere. update request { Tmp-String-0 := "%{variable I want to expand} } -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying based on a regex
The desired end result is for the end users to not have to type in the realm. The users would just type in their IDs. We have 2 campuses, and one campus uses a standard "license plate" format for the IDs - i.e. aa. The other campus uses a first initial followed by the last name i.e. jsmith. My regex correctly determines the type of ID, I'm just trying to figure out how to forward them to the correct realm based just on the ID. In my example, the looks for the aa format, if not found I'd like to proxy the request to one realm, and if found, it can be handled by the local server. On Jul 25, 2011, at 4:20 PM, Sallee, Stephen (Jake) wrote: > We did this through our realms see code: > > In your proxy.conf > > realm "~.*umhb\\.edu$" { > some code here### > ###usually the virtual server you want to proxy them to### > } > > If I am understanding your question right that should do it, but others may > have a better way .. or I could be on crack ... > > > -Original Message- > From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org > [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] > On Behalf Of Charles Plater > Sent: Monday, July 25, 2011 3:05 PM > To: freeradius-users@lists.freeradius.org > Subject: Proxying based on a regex > > I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the > format of the ID. I have a working regex that determines the domain to which > the request should be sent, but I'm having a hard time figuring out the > syntax of the proxy statement. Here's what I've tried: > > if (User-Name !~ ) { > proxy: domain.name > else { > proxy: LOCAL > } > } > > FWIW, I can successfully authenticate do the "domain.name" realm by using > use...@domain.name. > > Can anyone offer any suggestions? Thanks in advance. > -- > Charles Plater > Lead Application Technical Analyst > Internet Services > +1-313-577-4620 > ab3...@wayne.edu > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Charles Plater Lead Application Technical Analyst Internet Services +1-313-577-4620 ab3...@wayne.edu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying based on a regex
Impressive, you've both made up entirely fictitious syntaxes for doing proxying... Um anyway. if(User-Name =~ /REGEX/){ update control { Proxy-To-Realm := 'my_proxy_realm' } } Then configure the realm in proxy.conf. Subcapture groups can provide you with parts of the User-Name string and can be accessed using the %{0}, %{1}, %{2}... etc variables You don't need to do anything if you're just doing local authentication -Arran On 25 Jul 2011, at 22:20, Sallee, Stephen (Jake) wrote: > We did this through our realms see code: > > In your proxy.conf > > realm "~.*umhb\\.edu$" { > some code here### > ###usually the virtual server you want to proxy them to### > } > > If I am understanding your question right that should do it, but others may > have a better way .. or I could be on crack ... > > > -Original Message- > From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org > [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] > On Behalf Of Charles Plater > Sent: Monday, July 25, 2011 3:05 PM > To: freeradius-users@lists.freeradius.org > Subject: Proxying based on a regex > > I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the > format of the ID. I have a working regex that determines the domain to which > the request should be sent, but I'm having a hard time figuring out the > syntax of the proxy statement. Here's what I've tried: > > if (User-Name !~ ) { > proxy: domain.name > else { > proxy: LOCAL > } > } > > FWIW, I can successfully authenticate do the "domain.name" realm by using > use...@domain.name. > > Can anyone offer any suggestions? Thanks in advance. > -- > Charles Plater > Lead Application Technical Analyst > Internet Services > +1-313-577-4620 > ab3...@wayne.edu > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
View attributes of an connection
I need to find the value of an attribute created by a module, it is possible? radiusd -X or radiusd -xxx does not show these values. Thanks Jean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Proxying based on a regex
We did this through our realms see code: In your proxy.conf realm "~.*umhb\\.edu$" { some code here### ###usually the virtual server you want to proxy them to### } If I am understanding your question right that should do it, but others may have a better way .. or I could be on crack ... -Original Message- From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] On Behalf Of Charles Plater Sent: Monday, July 25, 2011 3:05 PM To: freeradius-users@lists.freeradius.org Subject: Proxying based on a regex I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the format of the ID. I have a working regex that determines the domain to which the request should be sent, but I'm having a hard time figuring out the syntax of the proxy statement. Here's what I've tried: if (User-Name !~ ) { proxy: domain.name else { proxy: LOCAL } } FWIW, I can successfully authenticate do the "domain.name" realm by using use...@domain.name. Can anyone offer any suggestions? Thanks in advance. -- Charles Plater Lead Application Technical Analyst Internet Services +1-313-577-4620 ab3...@wayne.edu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxying based on a regex
I'm trying to configure our FreeRadius (2.1.9) server to proxy based on the format of the ID. I have a working regex that determines the domain to which the request should be sent, but I'm having a hard time figuring out the syntax of the proxy statement. Here's what I've tried: if (User-Name !~ ) { proxy: domain.name else { proxy: LOCAL } } FWIW, I can successfully authenticate do the "domain.name" realm by using use...@domain.name. Can anyone offer any suggestions? Thanks in advance. -- Charles Plater Lead Application Technical Analyst Internet Services +1-313-577-4620 ab3...@wayne.edu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL - One RADIUS database per realm
I think that multiple SQL instances are exactly what I'm looking for! Thank you for the information! On Mon, Jul 25, 2011 at 2:54 PM, Danny Stemmet wrote: > Hi Dave, > > I have not tested this, but I will try it as soon as I have a chance.. > > Create a sql.conf file per client. > > Be sure to create an "instance" of type sql per client/realm. > eg. > client1_sql sql { > . > lots of configuration parameter (configurable per client, including > server/database/tables/queries) > . > } > > In the main server configuration you can then proxy to a client's virtual > server. > > > Best Regards, > Danny Stemmet > > MSB micro systems > > > On 25 Jul 2011, at 17:37, Dave Thompson wrote: > > > At my place of employment we have a web frontend to our radius server. > This frontend will be used by several different clients. We want to store > each client's usernames/passwords and MAC addresses in their own database. > The database name will be the client's realm name. > > The reason we want this database separation is to hide users and MAC > addresses that don't belong to a client from the web frontend. For obvious > reasons, the client should only be able to see and modify the authentication > details that belong to them. > > I haven't been able to find much documentation on the subject, leading me > to believe that either A) This is not a smart idea and not recommended or B) > Stuff like this isn't done often and therefore there isn't much > documentation. > > So, my question is this: Is there a better way for me to achieve the > desired results of client separation(modify the frontend and use one > database probably)? Or, if this is possible, any instructions would be > greatly appreciated. > > Thank you. > > > > -- > > - Dave > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- - Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL - One RADIUS database per realm
Hi Dave, I have not tested this, but I will try it as soon as I have a chance.. Create a sql.conf file per client. Be sure to create an "instance" of type sql per client/realm. eg. client1_sql sql { . lots of configuration parameter (configurable per client, including server/database/tables/queries) . } In the main server configuration you can then proxy to a client's virtual server. Best Regards, Danny Stemmet MSB micro systems On 25 Jul 2011, at 17:37, Dave Thompson wrote: > At my place of employment we have a web frontend to our radius server. This > frontend will be used by several different clients. We want to store each > client's usernames/passwords and MAC addresses in their own database. The > database name will be the client's realm name. > The reason we want this database separation is to hide users and MAC > addresses that don't belong to a client from the web frontend. For obvious > reasons, the client should only be able to see and modify the authentication > details that belong to them. > I haven't been able to find much documentation on the subject, leading me to > believe that either A) This is not a smart idea and not recommended or B) > Stuff like this isn't done often and therefore there isn't much documentation. > So, my question is this: Is there a better way for me to achieve the desired > results of client separation(modify the frontend and use one database > probably)? Or, if this is possible, any instructions would be greatly > appreciated. > Thank you. > > -- > - Dave > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL - One RADIUS database per realm
At my place of employment we have a web frontend to our radius server. This frontend will be used by several different clients. We want to store each client's usernames/passwords and MAC addresses in their own database. The database name will be the client's realm name. The reason we want this database separation is to hide users and MAC addresses that don't belong to a client from the web frontend. For obvious reasons, the client should only be able to see and modify the authentication details that belong to them. I haven't been able to find much documentation on the subject, leading me to believe that either A) This is not a smart idea and not recommended or B) Stuff like this isn't done often and therefore there isn't much documentation. So, my question is this: Is there a better way for me to achieve the desired results of client separation(modify the frontend and use one database probably)? Or, if this is possible, any instructions would be greatly appreciated. Thank you. -- - Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting - limits
.0.0.0 port 1812 > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -- > > Message: 4 > Date: Sun, 24 Jul 2011 10:11:15 -0400 > From: Evgeny Yurchenko > Subject: Accounting - limits > To: freeradius-users@lists.freeradius.org > Message-ID: <4e2c2803.9090...@tm-k.com> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > Hello list! > I am sorry if the question has been asked thousand times, searching > archives did not give me anything. -( > Is FreeRADIUS natively capable of data consumption monitoring and limiting > on per user basis. > Let's say I want a user to be disabled (no messages to be generated just > next authentication fails) after he > downloads/uploads 1GB of data. > Any hint in this direction would be highly appreciated. > Thanks, > Evgeny. > > > -- > > Message: 5 > Date: Mon, 25 Jul 2011 11:30:06 +0800 > From: Lingfeng Xiong > Subject: How to allow a user login in a certain time? > To: freeradius-users@lists.freeradius.org > Message-ID: > > > Content-Type: text/plain; charset="utf-8" > > hi there, > I am writing a authentication system for a public Cisco System laboratory > of > a university. This system allow user to subscribe a cisco device in a > certain time and during that time, the subscriber should be able to login > that device. I have already build a FreeRadius server and configure my > Cisco > device to authenticate user via Radius. But I have no idea how to configure > FreeRadius to control the login time. > For example, a user subscribe a device named 'Test1' for 'July 30, 2011' > from '10:00 a.m.' to '12:00 p.m.'. He should be able to login 'test1' > during > that time, but not before or after. > I know there existed a module named 'rlm_logintime', but it seems like that > module can only supply me with scheduled login plan, not a certain time > period. So could you give me some advice? Thanks. > BTW: I am runing FreeRadius 2.1.11 on a FreeBSD 8.2-RELEASE system. A MySQL > database is also running for FreeRadius. > -- next part -- > An HTML attachment was scrubbed... > URL: < > https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110725/2991ff1a/attachment.html > > > > -- > > Message: 6 > Date: Mon, 25 Jul 2011 16:29:04 +1000 > From: "Ryan Williams" > Subject: RE: Accounting - limits > To: "'FreeRadius users mailing list'" > > Message-ID: <008201cc4a94$2623aff0$726b0fd0$@com.au> > Content-Type: text/plain; charset="us-ascii" > > Hello anonymous! > You can write a custom SQL query and include it when authenticating the > user > to determine if the user has or has not downloaded in excess of 1GB. > Assuming of course that you're storing the accounting data in an SQL > database. > > Regards, > Ryan Williams > > > > > -- > > Message: 7 > Date: Mon, 25 Jul 2011 01:40:09 -0700 (PDT) > From: radiusus > Subject: Download/Upload Calculation > To: freeradius-users@lists.freeradius.org > Message-ID: <1311583209349-4630031.p...@n5.nabble.com> > Content-Type: text/plain; charset=us-ascii > > Hello, > > I am new to radius server and I need some information if possible. > > Can anybody help with any documentation regarding the calculation of > input/output octets on user/daily basis? > I am interested only in reporting and analyzing the traffic of > download/upload. > > I have been trying to use some Analytical functions and get somewhere but > still can't be sure as I do not need how to use the Gigawords condition > etc. > My cdr's are stored in Oracle DB. > > Some information would be really appreciated. > > Thanks. > > -- > View this message in context: > http://freeradius.1045715.n5.nabble.com/Download-Upload-Calculation-tp4630031p4630031.html > Sent from the FreeRadius - User mailing list archive at Nabble.com. > > > -- > > Message: 8 > Date: Mon, 25 Jul 2011 16:53:12 +0800 > From: Angus JIANG Jian > Subject: counter daily > To: FreeRadius users mailing list > > Message-ID: >< > b0720abafe326c44b7e498e5988c0dd33914194...@ouhkcms.staffdmn.ouhk.edu.hk> > > Content-Type: text/plain; charset="us-ascii" > > Dear all, > > > Can you give me an example of how to set the cache-size ? > This is my
Re: Accounting - limits
Sun, 24 Jul 2011 23:42:19 -0700, Ryan Williams wrote: >Hello anonymous! >You can write a custom SQL query and include it when authenticating the user >to determine if the user has or has not downloaded in excess of 1GB. >Assuming of course that you're storing the accounting data in an SQL >database. > >Regards, >Ryan Williams Hi Ryan, thanks for you reply. Where would I put this custom SQL query please? Evgeny. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with max-all-session check
Hello, I installed freeradius with SQL module but when I try to connect it always says : (Check item - counter) is less than zero Rejected user test, check_item=0, counter=1139 I have define the check-name in my counter (Max-All-Session) and I have a line for each user in the database with Max-All-Session attribute and other line for other parameter like password... I don't understand why it always return 0. I tried with another query for my counter which return a negative number but after it's transformed into unsigned integer and the soustraction doesn't work. Thanks for yout help. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-with-max-all-session-check-tp4630670p4630670.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please help me ASAP
On 07/24/2011 09:29 AM, Its Me wrote: Hi, I am new user in Linux,I have install freeradius2 rpm in my Linux machine(RHEL-5.5 Server),I m facing problem below detail ,please help me how can i install and setup my radiusd -X output below problem. radiusd: Opening IP addresses and Ports listen { type = "auth" ipaddr = * port = 0 Failed binding to authentication address * port 1812: Address already in use /etc/raddb/radiusd.conf[240]: Error binding to port for 0.0.0.0 port 1812 You probably have another copy of the server running, you can only have one copy running at a time. Did you start one as a service? If so: sudo service radiusd stop Need help on how to manage FreeRADIUS on Redhat systems? http://wiki.freeradius.org/Red_Hat_FAQ P.S.: It's not polite to demand help ASAP on a free volunteer mailing list. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
counter daily
Dear all, Can you give me an example of how to set the cache-size ? This is my config for the counter. counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 # The RADIUS request is normally cached internally for a short period # of time, after the reply is sent to the NAS. The reply packet may be # lost in the network, and the NAS will not see it. The NAS will then # re-send the request, and the server will respond quickly with the # cached reply. # # If this value is set too low, then duplicate requests from the NAS # MAY NOT be detected, and will instead be handled as seperate requests. # # If this value is set too high, then the server will cache too many # requests, and some new requests may get blocked. (See 'max_requests'.) # # Useful range of values: 2 to 10 # cleanup_delay = 5 Regards Angus <> This e-mail and its attachments, if any, are confidential and contain information for an intended recipient. The Open University of Hong Kong (OUHK) disclaims any liability for any loss or damage if this e-mail is received by any person who is not the intended recipient. E-mail transmissions cannot be guaranteed to be completely secure, error or virus free. No responsibility is accepted by the OUHK for any loss or damage arising in any way from receipt or use thereof. Arrangements or statements appearing to bind OUHK are not binding upon OUHK unless made in accordance with OUHK's constitution and duly authorised. OUHK staff are expressly prohibited from breaching applicable law, infringing third party rights, making defamatory statements and committing tortious acts by e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Download/Upload Calculation
Hello, I am new to radius server and I need some information if possible. Can anybody help with any documentation regarding the calculation of input/output octets on user/daily basis? I am interested only in reporting and analyzing the traffic of download/upload. I have been trying to use some Analytical functions and get somewhere but still can't be sure as I do not need how to use the Gigawords condition etc. My cdr's are stored in Oracle DB. Some information would be really appreciated. Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Download-Upload-Calculation-tp4630031p4630031.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html