Re: FreeRadius with Eduroam - Accounting

2011-10-04 Thread Arran Cudbard-Bell

On 5 Oct 2011, at 02:20, Mike Diggins wrote:

> 
> I'm running FreeRadius 2.1.3 on RedHat Enterprise Linux configured as an 
> Eduroam Radius proxy server. My Cisco Wireless Lan Controllers are constantly 
> failing over the Accounting Servers, due to lack of response from the Home 
> Servers, or so says the log. However, I believe the issue is that some remote 
> institutions Radius Servers are ignoring the Accounting packets, and timing 
> out my end, making it believe the Home Servers have failed to respond. 
> FreeRadius responds by marking the Home server dead. It then sends a 
> status-server query, to which is gets a reply, and enables the Dead Home 
> server. I believe that's the sequence of events anyway. I captured some of 
> that in debug mode:
> 
> Rejecting request 288 due to lack of any response from home server x.x.x.x 
> port 1813
> 
> Finished request 288.
> 
> Cleaning up request 288 ID 205 with timestamp +1161
> 
> PROXY: Marking home server x.x.x.x port 1813 as zombie (it looks like it is 
> dead).
> 
> Sending Status-Server of id 55 to x.x.x.x port 1813
>Message-Authenticator := 0x
>NAS-Identifier := "Status Check. Are you alive?"
> Waking up in 3.9 seconds.
> 
> rad_recv: Access-Accept packet from host x.x.x.x port 1813, id=55, length=806
> 
> I don't have any control over Accounting Packets being accepted, or not, by 
> other Eduroam members. Some do, some don't I imagine. Is there a 
> configuration for FreeRadius that handles this situation cleanly? Seems to me 
> that FR should check the Home server first, before marking it dead (at least).


No i've talked about this with Alan. The proposed solution is an enhancement to 
the detail writer/reader functionality where the server automagically spawns 
new reader instances to listen on per domain detail files.

For now i'd recommend using rlm_replicate, this allows you to send an entirely 
new request to the homeserver, whilst sending an Accounting-Response to the 
NAS. FR does not track the new request and so won't be able to retransmit.

Just use something like:

preacct {
if(Realm && Realm != 'local'){
update control {
Proxy-To-Realm := 'local'
Replicate-To-Realm = 'eduroam'
}
}
}

accounting {
replicate
}

Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


FreeRadius with Eduroam - Accounting

2011-10-04 Thread Mike Diggins


I'm running FreeRadius 2.1.3 on RedHat Enterprise Linux configured as an 
Eduroam Radius proxy server. My Cisco Wireless Lan Controllers are 
constantly failing over the Accounting Servers, due to lack of response 
from the Home Servers, or so says the log. However, I believe the issue is 
that some remote institutions Radius Servers are ignoring the Accounting 
packets, and timing out my end, making it believe the Home Servers have 
failed to respond. FreeRadius responds by marking the Home server dead. It 
then sends a status-server query, to which is gets a reply, and enables 
the Dead Home server. I believe that's the sequence of events anyway. I 
captured some of that in debug mode:


Rejecting request 288 due to lack of any response from home server x.x.x.x 
port 1813


Finished request 288.

Cleaning up request 288 ID 205 with timestamp +1161

PROXY: Marking home server x.x.x.x port 1813 as zombie (it looks like it 
is dead).


Sending Status-Server of id 55 to x.x.x.x port 1813
Message-Authenticator := 0x
NAS-Identifier := "Status Check. Are you alive?"
Waking up in 3.9 seconds.

rad_recv: Access-Accept packet from host x.x.x.x port 1813, id=55, 
length=806


I don't have any control over Accounting Packets being accepted, or not, 
by other Eduroam members. Some do, some don't I imagine. Is there a 
configuration for FreeRadius that handles this situation cleanly? Seems to 
me that FR should check the Home server first, before marking it dead (at 
least).


-Mike

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Version 2.1.12 has been released

2011-10-04 Thread John Dennis

FYI: I have built 2.1.12 RPM packages for Fedora 14, Fedora 15 & Fedora 16.

They have been pushed into the updates-testing channel (not updates). 
They will move into stable in two weeks or if they achieve the necessary 
"karma" before then. You can add a "karma vote" by visiting the updates 
page for freeradius.


https://admin.fedoraproject.org/updates/search/freeradius

Note: at the time of this mail only F16 has actually made it out into 
the channel, the others are waiting in the queue, but I expect they will 
appear within a few hours (you can check by viewing the updates page.


--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: MySQL and FreeRADIUS environment

2011-10-04 Thread Alan DeKok
tonimanel wrote:
> Is possible to make the data replica with TCP protocol with FreeRADIUS? Do
> you prefer FreeRADIUS replica or mysql replica? What is the best solution to
> make the replica?

  The best solution is to use RADIUS replication.  FreeRADIUS knows how
to do conflict resolution in the database.  MySQL does not.

  See "raddb/radrelay.conf", and the detail file readers for examples.
Also, raddb/sites-available/copy-acct-to-home-server

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: MySQL and FreeRADIUS environment

2011-10-04 Thread tonimanel
Hi again, 
I have a doubt, what happen if in my company we want to have two servers,
both with freeradius service and mysql service and this two servers could be
actives with mysql data replicated? We would like to have two servers as
actives with the ability to be both functional. I think that is more
difficult than the other solution but this is best. 

Is possible to make the data replica with TCP protocol with FreeRADIUS? Do
you prefer FreeRADIUS replica or mysql replica? What is the best solution to
make the replica?


Thank you very much!!! I hope your answers!!

--
View this message in context: 
http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4868964.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: rlm_sql_mysql UTF-8 encoding

2011-10-04 Thread Arran Cudbard-Bell
> 
> however as it gets to the rlm_sql_mysql module it shows
> # [sql]   expand: %{User-Name} -> g.?up.wór
> # [sql] sql_set_user escaped user --> 'g.?up.wór'
> 
> It does seem that the UserName string is iterated byte by byte and not UTF-8 
> aware way.
> 
> hence it shows:
> 
> # [sql]   expand: SELECT id, username, attribute, value, op   FROM # 
> radcheck   WHERE username = '%{SQL-User-Name}'   ORDER # BY 
> id -> SELECT id, username, attribute, value, op   FROM # radcheck 
> WHERE username = 'g=C5=82up.w=C3=B3r'   ORDER BY id
> # rlm_sql_mysql: query:  SELECT id, username, attribute, value, op # FROM 
> radcheck   WHERE username = 'g=C5=82up.w=C3=B3r' # ORDER BY id
> # [sql]   expand: SELECT groupname   FROM radusergroup # WHERE 
> username = '%{SQL-User-Name}'   ORDER BY priority -> # SELECT 
> groupname FROM radusergroup   WHERE username = # 'g=C5=82up.w=C3=B3r' 
> ORDER BY priority
> # rlm_sql_mysql: query:  SELECT groupname   FROM radusergroup # WHERE 
> username = 'g=C5=82up.w=C3=B3r'   ORDER BY priority
> 
> 
> the username is encoded as
> g=C5=82up.w=C3=B3r
> both UTF-8 encoded characters (=C5=82, =C3=B3) were treated as separate 
> characters (=C5, =82, =C3, =B3).
> 
> I found sth about the problem I am facing:
> http://freeradius.1045715.n5.nabble.com/rlm-sql-and-UTF8-encoded-strings-td2794683.html
> 


The problem is the safe chars check is not UTF8 capable, so it's looking at 
each byte of the User-Name string, comparing it to the list of safe chars, 
finding it doesn't match and mime encoding it.

Patches welcome.

Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Version 2.1.12 has been released

2011-10-04 Thread Alan DeKok
Jakob Hirsch wrote:
> Alan DeKok, 2011-09-30 16:33:
> 
>> * Added support for PCRE from Phil Mayers
> 
> Sorry for not stepping up before, but it seems to me that this only went
> into the master, not in the 2.1.x branch.

  Oh well.  Maybe the next rev.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


rlm_sql_mysql UTF-8 encoding

2011-10-04 Thread Krzyzagorski Tomek KOMA NORD



I am trying to setup FR with Mysql as backend.
FR is 2.1.10

The username that is sent to the FR contains the UTF-8 encoded characters.

From debugging:

# the rad_recv: Access-Request packet from host 127.0.0.1 # port 59305, id=76, 
length=62

#User-Name = "głup.wór"
#User-Password = "12345678"
#NAS-IP-Address = 192.168.1.56
#NAS-Port = 10

The username is properly shown (at least in my console)

This is hex from tcpdump packet capture

67;C582;75;70;2E,77,C3B3,72 - it seems to be properly UTF-8 encoded

however as it gets to the rlm_sql_mysql module it shows
# [sql]   expand: %{User-Name} -> g.?up.wór
# [sql] sql_set_user escaped user --> 'g.?up.wór'

It does seem that the UserName string is iterated byte by byte and not UTF-8 
aware way.


hence it shows:

# [sql]   expand: SELECT id, username, attribute, value, op   FROM # 
radcheck   WHERE username = '%{SQL-User-Name}'   ORDER # BY id 
-> SELECT id, username, attribute, value, op   FROM # radcheck WHERE 
username = 'g=C5=82up.w=C3=B3r'   ORDER BY id
# rlm_sql_mysql: query:  SELECT id, username, attribute, value, op # FROM 
radcheck   WHERE username = 'g=C5=82up.w=C3=B3r' # ORDER BY id
# [sql]   expand: SELECT groupname   FROM radusergroup # WHERE username 
= '%{SQL-User-Name}'   ORDER BY priority -> # SELECT groupname 
FROM radusergroup   WHERE username = # 'g=C5=82up.w=C3=B3r' 
ORDER BY priority
# rlm_sql_mysql: query:  SELECT groupname   FROM radusergroup # WHERE 
username = 'g=C5=82up.w=C3=B3r'   ORDER BY priority



the username is encoded as
g=C5=82up.w=C3=B3r
both UTF-8 encoded characters (=C5=82, =C3=B3) were treated as separate 
characters (=C5, =82, =C3, =B3).


I found sth about the problem I am facing:
http://freeradius.1045715.n5.nabble.com/rlm-sql-and-UTF8-encoded-strings-td2794683.html


but there is no solution.


Am I doing sth wrong, sth is misconfigured?


Any ideas?


regards,


tomek.


Below is the full debug output from FR


root@ubuntu:~# /usr/sbin/freeradius -X
FreeRADIUS Version 2.1.10, for host i686-pc-linux-gnu, built on Dec  9 2010 at 
17:54:26

Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including files in directory /etc/freeradius/modules/
including configuration file /etc/freeradius/modules/smsotp
including configuration file /etc/freeradius/modules/unix
including configuration file /etc/freeradius/modules/ntlm_auth
including configuration file /etc/freeradius/modules/inner-eap
including configuration file /etc/freeradius/modules/expr
including configuration file /etc/freeradius/modules/counter
including configuration file /etc/freeradius/modules/radutmp
including configuration file /etc/freeradius/modules/attr_rewrite
including configuration file /etc/freeradius/modules/checkval
including configuration file /etc/freeradius/modules/perl
including configuration file /etc/freeradius/modules/mschap
including configuration file /etc/freeradius/modules/files
including configuration file /etc/freeradius/modules/ldap
including configuration file /etc/freeradius/modules/otp
including configuration file /etc/freeradius/modules/detail
including configuration file /etc/freeradius/modules/realm
including configuration file /etc/freeradius/modules/detail.example.com
including configuration file /etc/freeradius/modules/pap
including configuration file /etc/freeradius/modules/passwd
including configuration file /etc/freeradius/modules/policy
including configuration file /etc/freeradius/modules/always
including configuration file /etc/freeradius/modules/mac2vlan
including configuration file /etc/freeradius/modules/expiration
including configuration file /etc/freeradius/modules/wimax
including configuration file /etc/freeradius/modules/logintime
including configuration file /etc/freeradius/modules/acct_unique
including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login
including configuration file /etc/freeradius/modules/sql_log
including configuration file /etc/freeradius/modules/opendirectory
including configuration file /etc/freeradius/modules/preprocess
including configuration file /etc/freeradius/modules/pam
including configuration file /etc/freeradius/modules/chap
including configuration file /etc/freeradius/modules/dynamic_clients
including configuration file /etc/freeradius/modules/exec
including configuration file /etc/freeradius/modules/sradutmp
including configuration file /etc/freeradius/modules/linelog
including configuration file /etc/freeradius/modules/detail.l

Re: Version 2.1.12 has been released

2011-10-04 Thread Jakob Hirsch
Alan DeKok, 2011-09-30 16:33:

> * Added support for PCRE from Phil Mayers

Sorry for not stepping up before, but it seems to me that this only went
into the master, not in the 2.1.x branch.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Multiple NAS freeradius

2011-10-04 Thread Alejandro Gandara
Thanks very much for the fastest and efectivest answer.


2011/10/4 Arran Cudbard-Bell 

>
> On 4 Oct 2011, at 13:32, Alejandro Gandara wrote:
>
> Hi list,
>
> Im using freeradius 2.1.10 with ldap and I have a doubt.
>
> Im testing radius with two NAS , first one an  openvpn service and the
> other one  is a switch Procurve.
>
> My question is the following:
>
>  Can I configure the openvpn nas to read some attribute from the ldap ( as
> framedipaddress) and at the same time configure switch procurve to read the
> attribute pool-name from the radius?
>  How can I tell freeradius which attribute read for each nas?
>
> For example:
>
> User1 connect trhough openvpn so it will get the ip provided from
> framedipaddress attribute.
> User 1 disconnect openvpn
> User 1 connect with wired connection so it will get  the IP provided for
> ippool after read poolname attribute from ldap.
>
>
> Sure...
>
> sites-available/default
>
> authorize {
> if(Client-shortname == 'openvpn'){
> update reply {
> Framed-IP-Address := "%{ldap:my ldap query}"
> }
> }
> else {
> update reply {
> My-Other-Attribute := "%{ldap:my ldap query}"
> }
> }
> }
>
> clients.conf
>
> client  {
> shortname = openvpn
> }
>
>
> Arran Cudbard-Bell
> a.cudba...@freeradius.org
>
> Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Multiple NAS freeradius

2011-10-04 Thread Arran Cudbard-Bell

On 4 Oct 2011, at 13:32, Alejandro Gandara wrote:

> Hi list,
> 
> Im using freeradius 2.1.10 with ldap and I have a doubt.  
> 
> Im testing radius with two NAS , first one an  openvpn service and the other 
> one  is a switch Procurve. 
> 
> My question is the following:
> 
>  Can I configure the openvpn nas to read some attribute from the ldap ( as 
> framedipaddress) and at the same time configure switch procurve to read the 
> attribute pool-name from the radius?
>  How can I tell freeradius which attribute read for each nas?
> 
> For example: 
> 
> User1 connect trhough openvpn so it will get the ip provided from 
> framedipaddress attribute.
> User 1 disconnect openvpn
> User 1 connect with wired connection so it will get  the IP provided for 
> ippool after read poolname attribute from ldap.

Sure...

sites-available/default

authorize {
if(Client-shortname == 'openvpn'){
update reply {
Framed-IP-Address := "%{ldap:my ldap query}"
}
}
else {
update reply {
My-Other-Attribute := "%{ldap:my ldap query}"
}
}
}

clients.conf 

client  {
shortname = openvpn
}


Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Multiple NAS freeradius

2011-10-04 Thread Alejandro Gandara
Hi list,

Im using freeradius 2.1.10 with ldap and I have a doubt.

Im testing radius with two NAS , first one an  openvpn service and the other
one  is a switch Procurve.

My question is the following:

 Can I configure the openvpn nas to read some attribute from the ldap ( as
framedipaddress) and at the same time configure switch procurve to read the
attribute pool-name from the radius?
 How can I tell freeradius which attribute read for each nas?

For example:

User1 connect trhough openvpn so it will get the ip provided from
framedipaddress attribute.
User 1 disconnect openvpn
User 1 connect with wired connection so it will get  the IP provided for
ippool after read poolname attribute from ldap.



Thanks very much for your time and peacence.

Regards,

Alejandro Gándara Álvarez
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Parsing the multiple attributes with same name

2011-10-04 Thread Arran Cudbard-Bell
> 
> For parsing the Cisco-Account-Info, I have wrote some unlang expression but
> I don't know it's the best way for freeradius performance. This makes a loop
> for every Cisco-Account-Info attribute. Is there any other ways that you can
> suggest?
> 

Yes, using the foreach construct in version 3 :)

-Arran

Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Parsing the multiple attributes with same name

2011-10-04 Thread denizaydin
Hi, 

Cisco ISG uses same attribute with different value's for multiple purposes.
The value format defines the usages!. 
Like ; 
Cisco-Account-Info attribute with value beginning with V represent accouting
cookie and value beginning with S defines session identifier. 


For parsing the Cisco-Account-Info, I have wrote some unlang expression but
I don't know it's the best way for freeradius performance. This makes a loop
for every Cisco-Account-Info attribute. Is there any other ways that you can
suggest?


if ("%{request:Cisco-Account-Info[*]}" =~
/(^|\n)(S([^\n]*))/) { 
update request { 
Cisco-Account-Info-Subscriber-Identifier := "%{3}" 
} 
} 
if ("%{request:Cisco-Account-Info[*]}" =~
/(^|\n)(V([^\n]*))/) { 
update request { 
Cisco-Account-Info-Accounting-Cookie := "%{3}" 
} 
} 
if ("%{request:Cisco-Service-Info[*]}" =~
/(^|\n)(N([^\n]*))/) { 
update request { 
Cisco-Service-Info-Service-Name := "%{3}" 
} 
}


-
Deniz AYDIN
Senior Network Engineer

--
View this message in context: 
http://freeradius.1045715.n5.nabble.com/Parsing-the-multiple-attributes-with-same-name-tp4868088p4868088.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: SQL IP Pool Not Accepting Redundant SQL

2011-10-04 Thread Arran Cudbard-Bell

> 
> You can't, 'redundant_sql' is not an sql-instance. You need to create two 
> instances of sqlippool, then wrap them in a redundant block...

If you're using FR >= 2.1.11 or 3.*

Overload the sqlippool module

policy.conf

policy {
sqlippool {
redundant {
sqlippool1
sqlippool2
}
}
}


Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: SQL IP Pool Not Accepting Redundant SQL

2011-10-04 Thread Arran Cudbard-Bell

On 4 Oct 2011, at 12:08, Det Det wrote:

> Hi,
> 
> How to make sqlippool accept redundant SQL as below?
> 
> sqlippool {
>  sql-instance-name = "redundant_sql"
>  ippool_table = "radippool"
> ...
> }
> 
> radiusd.conf
> ...
> redundant redundant_sql {
> sql1
> sql2
> }
> ...
> 
> if I use  sql-instance-name = "sql1" or sql-instance-name = "sql2", it works. 
> But then, I'd like to do redundancy. 
> 
> 
> sql-instance-name = "sql1 sql2" or sql-instance-name = "sql1, sql2" also does 
> not work.
> 
> -

You can't, 'redundant_sql' is not an sql-instance. You need to create two 
instances of sqlippool, then wrap them in a redundant block...

Arran Cudbard-Bell
a.cudba...@freeradius.org

Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


SQL IP Pool Not Accepting Redundant SQL

2011-10-04 Thread Det Det
Hi,

How to make sqlippool accept redundant SQL as below?

sqlippool {
 sql-instance-name = "redundant_sql"
 ippool_table = "radippool"
...
}

radiusd.conf
...
    redundant redundant_sql {
        sql1
        sql2
    }
...

if I use  sql-instance-name = "sql1" or sql-instance-name = "sql2", it works. 
But then, I'd like to do redundancy. 


sql-instance-name = "sql1 sql2" or sql-instance-name = "sql1, sql2" also does 
not work.


Thanks!
Det
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Using DB instead of radutmp for simultaneous-use tracking

2011-10-04 Thread Fajar A. Nugraha
On Tue, Oct 4, 2011 at 4:47 PM, Det Det  wrote:
> Hi,
> Thanks a lot! Got it working! I'd like to extend the simul-check to group
> simul value. That is a group has simul limit, then if limit is reached a
> user belonging to that group should be denied login. Any idea how to
> implement this?

That's tricky.

The easiest thing I can think of is to add a check using unlang in
authorize (use "%{sql:" expansion to get the data), and if it exceeds
the limit set Auth-Type := Reject

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Using DB instead of radutmp for simultaneous-use tracking

2011-10-04 Thread Det Det
Hi,

Thanks a lot! Got it working! I'd like to extend the simul-check to group simul 
value. That is a group has simul limit, then if limit is reached a user 
belonging to that group should be denied login. Any idea how to implement this?



Thanks!
Det




From: Fajar A. Nugraha 
To: Det Det ; FreeRadius users mailing list 

Sent: Friday, September 30, 2011 3:11 PM
Subject: Re: Using DB instead of radutmp for simultaneous-use tracking

On Fri, Sep 30, 2011 at 1:50 PM, Det Det  wrote:
> Hi there,
> In the accounting section, radutmp is used for tracking simultaneous-use. Is
> there a way to use DB::radacct table instead to check for simultaneous-use?

Sure. Comment-out radutmp and uncomment sql from "session" and
"accounting" section.

See also sql/*/dialup.conf, look for "simul_count_query". I usually
enable simul_count_query and comment-out simul_verify_query.

-- 
Fajar-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: How to specify python modules used by rlm_python?

2011-10-04 Thread Alan Buxey
Hi,

>I'm trying to use rlm_python to intergrate with my own authentication
>backend, but there's so little document about rlm_python. I even cannot
>find how to specify the path to the python module.

radiusd.py  living in PYTHONPATH  - EXPORT PYTHONPATH=$location

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html