freeradius 2.2 COA capability
hi all freeradius 2.2 can support COA (for something like changing bandwidth) or just can handel POD? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Thanks Mattias, I get an error saying; Unknown attribute "Attr-2352-145" This is how i have it setup user20001@ut3 Password = "006060", Simultaneous-Use = 1 Attr-2352-145 = "5c-7d-5e-3f-d0-f7", Service-Type = Framed-User, Qos_Policy_Policing = broadband_128_policing, Qos_Policy_Metering = broadband_128_metering, Framed-Protocol = PPP, Ip_Address_Pool_Name = pool_128, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Fall-Through = 0 Eric M From: Matthias Nagel To: freeradius-users@lists.freeradius.org Sent: Thursday, April 4, 2013 5:41 PM Subject: Re: MAC Address Auth Hello, add the correct check item to your user database. In the case below (User-Name = user2000@ut3) you should have the check item Attr-2352-145 == "5c-7d-5e-3f-d0-f7" for this speicifc user in your user database. Then you repeat this for every user/mac-address pair you want. Best regards, Matthias Am Donnerstag 04 April 2013, 07:25:55 schrieb Mulindwa: > Great, i have run the debug and i did get the attribute required. > If i want to full fill the two conditions i.e username/passwd and Mac Address > = Attr-2352-145 > > How would i need to twick my radiusd.conf file to achieve this? > > > > > User-Name = "user2000@ut3" > CHAP-Password = "cccddd'" > CHAP-Challenge = "" > Service-Type = Framed-User > Framed-Protocol = PPP > NAS-Identifier = "UT-BRAS-EDGE" > NAS-IP-Address = x.x.x.x > NAS-Port = 855649483 > NAS_Real_Port = 855638816 > NAS-Port-Type = Virtual > Attr-87 = "3/3 vlan-id 800 pppoe 11467" > Medium_Type = 11 > Attr-2352-145 = "5c-7d-5e-3f-d0-f7" MAC Address > Attr-2352-98 = "3" > Attr-2352-112 = "6.2.1.9" > Acct-Session-Id = "020268008FC9-515D8419" > > > Eric M > > > > From: Mulindwa > To: Alan DeKok ; FreeRadius users mailing list > > Sent: Thursday, April 4, 2013 4:58 PM > Subject: Re: MAC Address Auth > > > Thanks Alan, > > Let me do so. > > > Eric M > > > > From: Alan DeKok > To: Mulindwa ; FreeRadius users mailing list > > Sent: Thursday, April 4, 2013 4:47 PM > Subject: Re: MAC Address Auth > > Mulindwa wrote: > > Hi All, > > > > Have been trying to authenticate my ADSL users using Mac Address Auth, > > however i have failed even after going through the documentation. > > > > I want to authenticate with the highlighted, anyone done this and can help? > > It's been done. > > > This is how the accounting file looks; > > If you're trying to debug authentication, it helps to look at > *authentication* traffic, and not *accounting* data. > > And run the server in debugging mode as suggested in the FAQ, "man" > page, web pages, and daily on this list. > > Honestly, there is NO excuse for refusing to do this. > > Alan DeKok. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Matthias Nagel Willy-Andreas-Allee 1, Zimmer 506 76131 Karlsruhe Telefon: +49-721-8695-1506 Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radwho doesn't show full name
Hello, I have installed Debian Squeeze 6.0 with freeradius 2.1.10 + accel-ppp (PPPoE). Everything is working fine, but radwho and radwho -s doesn't return full username fetched from /etc/passwd. All users have real linux account and proper entry in /etc/freeradius/users. All details login and passwords are included in users file. In old freeradius 1.1.3 I got radwho output: zycha AnetaZych PPP S338 Sun 16:28 127.0.0.1 192.168.1.223 -where AnetaZych is full name fetched from /etc/passwd in new I have: zycha zycha PPP S338 Sun 16:28 127.0.0.1 192.168.1.223 Could you please advice where should I change configuration? I have made strace on radwho and I didn't find and information for checking file /etc/passwd. Please advice Best regards Marek - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Groupname is not written in the table radacct
That's not how it works.
Sql-group is a virtual attribute that only exists when you're checking it, and
is multi-valued. You can't record it in accounting packets - that doesn't make
sense.
What you *can* do is copy a matching group to an attribute that is recorded in
accounting, such as "Class". For example
authorize {
...
if (SQL-Group == foo) {
update reply {
Class := "sqlgroup=foo"
}
}
...
}
Geovanny Varela wrote:
>Hi. I need the groupname field radacct table is informed. Configured in
>Section Accounting_stat_query in File dialup.conf the groupname field
>and
>value '% {SQL-Group}' according to information obtained on the internet
>but
>got no success. I can appreciate a solution because of the success of
>my
>project depends on this configuration.
>Thank you.
>
>Greetings from Brazil
>
>
>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
--
Sent from my mobile device, please excuse brevity and typos.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Groupname is not written in the table radacct
Hi. I need the groupname field radacct table is informed. Configured in
Section Accounting_stat_query in File dialup.conf the groupname field and
value '% {SQL-Group}' according to information obtained on the internet but
got no success. I can appreciate a solution because of the success of my
project depends on this configuration.
Thank you.
Greetings from Brazil
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disconected after one second
On 04/04/13 16:57, Łukasz Kopiszka wrote: Moore debug "show log fac aaa": Please take the Cisco debugging somewhere else, like a Cisco list (or to private emails). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disconected after one second
Moore debug "show log fac aaa": Apr 4 17:43:26: %AAA-7-RADIUS: rad_mgr, Process radius requests in db request queue Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: rad_process_aaad_req: Receive request (Authentication) Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RAD_ATTR: aaa_idx 5358: rad_add_attr_to_tlv_list, Add attr NAS_Port_ID (2/1 vlan-id 1000 clips 131927) with len 30 to t lv list Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: aaaidx_tree_insert: insert aaa_idx to idx tree for context rad_idx 2212 db_request_type Authentic ation. (00:17:08:2e:76:d2) Apr 4 17:43:26: %AAA-7-RADIUS: rad_send, Process radius requests in authen low priority queue Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: do_auth_send: Find free server 91.231.70.50 (ctx CLIPS, src port 1812, dst port 1812). (00:17:08: 2e:76:d2) Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/1 User_Name tag=32 data_type=4 vlen=17 size=19 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/2 User_Password tag=32 data_type=5 vlen=16 size=18 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/6 Service_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/32 NAS_Identifier tag=32 data_type=4 vlen=10 size=12 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/5 NAS_Port tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/62 NAS_Real_Port tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/61 NAS_Port_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/87 NAS_Port_ID tag=32 data_type=4 vlen=29 size=31 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/38 Medium_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/145 Mac-Address tag=32 data_type=4 vlen=17 size=19 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/98 Platform_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/112 OS_Version tag=32 data_type=4 vlen=7 size=9 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/202 DHCP_Option tag=32 data_type=5 vlen=7 size=9 Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RAD_PKT: aaa_idx 5358: Send packet (209 bytes) to 91.231.70.50/1812 (00:17:08:2e:76:d2): 001 8a 00 d1 1a bb b5 44 61 cd 05 90 95 aa f3 47 1646 c9 34 68 01 13 30 30 3a 31 37 3a 30 38 3a 32 3265 3a 37 36 3a 64 32 02 12 81 a3 9a b1 14 9c 7f 4832 8e 56 91 c5 26 39 7f 22 06 06 00 00 00 05 20 640c 41 4c 46 41 53 59 53 54 45 4d 05 06 02 01 00 8000 1a 0c 00 00 09 30 3e 06 21 00 03 e8 3d 06 00 9600 00 05 57 1f 32 2f 31 20 76 6c 61 6e 2d 69 64 11220 31 30 30 30 20 63 6c 69 70 73 20 31 33 31 39 12832 37 1a 0c 00 00 09 30 26 06 00 00 00 0b 1a 19 14400 00 09 30 91 13 30 30 2d 31 37 2d 30 38 2d 32 16065 2d 37 36 2d 64 32 1a 0c 00 00 09 30 62 06 00 17600 00 04 1a 0f 00 00 09 30 70 09 36 2e 35 2e 31 1922e 35 1a 0f 00 00 09 30 ca 09 0c 0c 04 61 6c 66 20861 Apr 4 17:43:26: [0258]: %AAA-7-RADIUS: Using local address 91.231.70.5 Apr 4 17:43:26: [0258]: %AAA-7-RADIUS: do_send: 209 bytes send to radius server 91.231.70.50 (1812). Apr 4 17:43:26: %AAA-7-RADIUS: rad_process_send_queue, 1 requests processed (0 retransmit) [local]ALFASYSTEM#show log active fac aaa since 2013:04:04:17:40 Apr 4 17:43:26: %AAA-7-RADIUS: rad_mgr, Process radius requests in db request queue Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: rad_process_aaad_req: Receive request (Authentication) Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RAD_ATTR: aaa_idx 5358: rad_add_attr_to_tlv_list, Add attr NAS_Port_ID (2/1 vlan-id 1000 clips 131927) with len 30 to t lv list Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: aaaidx_tree_insert: insert aaa_idx to idx tree for context rad_idx 2212 db_request_type Authentic ation. (00:17:08:2e:76:d2) Apr 4 17:43:26: %AAA-7-RADIUS: rad_send, Process radius requests in authen low priority queue Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: do_auth_send: Find free server 91.231.70.50 (ctx CLIPS, src port 1812, dst port 1812). (00:17:08: 2e:76:d2) Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/1 User_Name tag=32 data_type=4 vlen=17 size=19 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/2 User_Password tag=32 data_type=5 vlen=16 size=18 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/6 Service_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/32 NAS_Identifier tag=32 data_type=4 vlen=10 size=12 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/5 NAS_Port tag=32 data_type=2 vlen=
Re: disconected after one second
Moore debug "show log fac aaa": Apr 4 17:43:26: %AAA-7-RADIUS: rad_mgr, Process radius requests in db request queue Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: rad_process_aaad_req: Receive request (Authentication) Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RAD_ATTR: aaa_idx 5358: rad_add_attr_to_tlv_list, Add attr NAS_Port_ID (2/1 vlan-id 1000 clips 131927) with len 30 to t lv list Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: aaaidx_tree_insert: insert aaa_idx to idx tree for context rad_idx 2212 db_request_type Authentic ation. (00:17:08:2e:76:d2) Apr 4 17:43:26: %AAA-7-RADIUS: rad_send, Process radius requests in authen low priority queue Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: do_auth_send: Find free server 91.231.70.50 (ctx CLIPS, src port 1812, dst port 1812). (00:17:08: 2e:76:d2) Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/1 User_Name tag=32 data_type=4 vlen=17 size=19 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/2 User_Password tag=32 data_type=5 vlen=16 size=18 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/6 Service_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/32 NAS_Identifier tag=32 data_type=4 vlen=10 size=12 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/5 NAS_Port tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/62 NAS_Real_Port tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/61 NAS_Port_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/87 NAS_Port_ID tag=32 data_type=4 vlen=29 size=31 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/38 Medium_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/145 Mac-Address tag=32 data_type=4 vlen=17 size=19 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/98 Platform_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/112 OS_Version tag=32 data_type=4 vlen=7 size=9 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 2352/202 DHCP_Option tag=32 data_type=5 vlen=7 size=9 Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RAD_PKT: aaa_idx 5358: Send packet (209 bytes) to 91.231.70.50/1812 (00:17:08:2e:76:d2): 001 8a 00 d1 1a bb b5 44 61 cd 05 90 95 aa f3 47 1646 c9 34 68 01 13 30 30 3a 31 37 3a 30 38 3a 32 3265 3a 37 36 3a 64 32 02 12 81 a3 9a b1 14 9c 7f 4832 8e 56 91 c5 26 39 7f 22 06 06 00 00 00 05 20 640c 41 4c 46 41 53 59 53 54 45 4d 05 06 02 01 00 8000 1a 0c 00 00 09 30 3e 06 21 00 03 e8 3d 06 00 9600 00 05 57 1f 32 2f 31 20 76 6c 61 6e 2d 69 64 11220 31 30 30 30 20 63 6c 69 70 73 20 31 33 31 39 12832 37 1a 0c 00 00 09 30 26 06 00 00 00 0b 1a 19 14400 00 09 30 91 13 30 30 2d 31 37 2d 30 38 2d 32 16065 2d 37 36 2d 64 32 1a 0c 00 00 09 30 62 06 00 17600 00 04 1a 0f 00 00 09 30 70 09 36 2e 35 2e 31 1922e 35 1a 0f 00 00 09 30 ca 09 0c 0c 04 61 6c 66 20861 Apr 4 17:43:26: [0258]: %AAA-7-RADIUS: Using local address 91.231.70.5 Apr 4 17:43:26: [0258]: %AAA-7-RADIUS: do_send: 209 bytes send to radius server 91.231.70.50 (1812). Apr 4 17:43:26: %AAA-7-RADIUS: rad_process_send_queue, 1 requests processed (0 retransmit) [local]ALFASYSTEM#show log active fac aaa since 2013:04:04:17:40 Apr 4 17:43:26: %AAA-7-RADIUS: rad_mgr, Process radius requests in db request queue Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: rad_process_aaad_req: Receive request (Authentication) Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RAD_ATTR: aaa_idx 5358: rad_add_attr_to_tlv_list, Add attr NAS_Port_ID (2/1 vlan-id 1000 clips 131927) with len 30 to t lv list Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: aaaidx_tree_insert: insert aaa_idx to idx tree for context rad_idx 2212 db_request_type Authentic ation. (00:17:08:2e:76:d2) Apr 4 17:43:26: %AAA-7-RADIUS: rad_send, Process radius requests in authen low priority queue Apr 4 17:43:26: [0258]: [2/1:511:63:31/7/2/855]: %AAA-7-RADIUS: aaa_idx 5358: do_auth_send: Find free server 91.231.70.50 (ctx CLIPS, src port 1812, dst port 1812). (00:17:08: 2e:76:d2) Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/1 User_Name tag=32 data_type=4 vlen=17 size=19 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/2 User_Password tag=32 data_type=5 vlen=16 size=18 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/6 Service_Type tag=32 data_type=2 vlen=4 size=6 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/32 NAS_Identifier tag=32 data_type=4 vlen=10 size=12 Apr 4 17:43:26: %AAA-7-RAD_ATTR: rad_fill_attr_value: 1/5 NAS_Port tag=32 data_type=2 vlen=
Re: MAC Address Auth
Hello, add the correct check item to your user database. In the case below (User-Name = user2000@ut3) you should have the check item Attr-2352-145 == "5c-7d-5e-3f-d0-f7" for this speicifc user in your user database. Then you repeat this for every user/mac-address pair you want. Best regards, Matthias Am Donnerstag 04 April 2013, 07:25:55 schrieb Mulindwa: > Great, i have run the debug and i did get the attribute required. > If i want to full fill the two conditions i.e username/passwd and Mac Address > = Attr-2352-145 > > How would i need to twick my radiusd.conf file to achieve this? > > > > > User-Name = "user2000@ut3" >CHAP-Password = "cccddd'" > CHAP-Challenge = "" > Service-Type = Framed-User > Framed-Protocol = PPP > NAS-Identifier = "UT-BRAS-EDGE" > NAS-IP-Address = x.x.x.x > NAS-Port = 855649483 > NAS_Real_Port = 855638816 > NAS-Port-Type = Virtual > Attr-87 = "3/3 vlan-id 800 pppoe 11467" > Medium_Type = 11 > Attr-2352-145 = "5c-7d-5e-3f-d0-f7" MAC Address > Attr-2352-98 = "3" > Attr-2352-112 = "6.2.1.9" > Acct-Session-Id = "020268008FC9-515D8419" > > > Eric M > > > > From: Mulindwa > To: Alan DeKok ; FreeRadius users mailing list > > Sent: Thursday, April 4, 2013 4:58 PM > Subject: Re: MAC Address Auth > > > Thanks Alan, > > Let me do so. > > > Eric M > > > > From: Alan DeKok > To: Mulindwa ; FreeRadius users mailing list > > Sent: Thursday, April 4, 2013 4:47 PM > Subject: Re: MAC Address Auth > > Mulindwa wrote: > > Hi All, > > > > Have been trying to authenticate my ADSL users using Mac Address Auth, > > however i have failed even after going through the documentation. > > > > I want to authenticate with the highlighted, anyone done this and can help? > > It's been done. > > > This is how the accounting file looks; > > If you're trying to debug authentication, it helps to look at > *authentication* traffic, and not *accounting* data. > > And run the server in debugging mode as suggested in the FAQ, "man" > page, web pages, and daily on this list. > > Honestly, there is NO excuse for refusing to do this. > > Alan DeKok. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Matthias Nagel Willy-Andreas-Allee 1, Zimmer 506 76131 Karlsruhe Telefon: +49-721-8695-1506 Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SV: disconected after one second
Hard to know what you missconfigured but...i can give you some "usual suspects" maybe.. Also can you post a "show subscribers active all" while trying to auth. Also debug with Term mon debug aaa rad-attr debug rad-packet Your forward policy looks wicked Forward-Policy == "in:CLIPS-DEFAULT" are you sure that is the name of your forwarding policy? And if you are using netop make sure that this forwarding policy is the one in the database. Also double check that you have below Metering and policing on the router and that they are configured with the right rate and burst. Qos-Policing-Profile-Name = "customer-out" Qos-Metering-Profile-Name = "customer-in" Also if you are using netop check that you have those customer-out and customer-in in Netops service attribute Variation/bandwidth variation and that they point to existing valid customer-out and customer-in on the router. From the look of it from your reply attributes they should look like.. qos policy customer-out metering rate 20480 burst 10 ! qos customer-in policing rate 2048 burst 1 ! And of course make sure you have a context with the name "CLIPS" to bound the session to. And since i have never used below attributes in a SME before that makes me suspicious..Just make sure they aren't doing anything crazy:) Connect-Info == "1" Port-Limit == 1 Cheers Alex -Ursprungligt meddelande- Från: freeradius-users-bounces+alexander.silverohrt=itux...@lists.freeradius.org [mailto:freeradius-users-bounces+alexander.silverohrt=itux...@lists.freeradius.org] För Lukasz Kopiszka Skickat: den 4 april 2013 15:19 Till: freeradius-users@lists.freeradius.org Ämne: disconected after one second Hi, I have strange problem host can't receive IP becouse he get Acct-Status-Type = Stop Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_DOWN after one second before: Acct-Status-Type = Start Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_UP short log: Sending Access-Accept of id 126 to 91.231.70.5 port 1812 Service-Type = Outbound-User Framed-IP-Address == 91.231.71.17 Acct-Interim-Interval == 300 Service-Type == Outbound-User Connect-Info == "1" Port-Limit == 1 DHCP_Max_Leases == 1 Context-Name == "CLIPS" HTTP-Redirect-Profile-Name == "" Forward-Policy == "in:CLIPS-DEFAULT" QOS-Rate-Outbound == "20480" QOS-Rate-Inbound == "2048" Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 91.231.70.5 port 1812, id=223, length=385 User-Name = "00:17:08:2e:76:d2" Acct-Status-Type = Start Acct-Session-Id = "01007800029F-515D7656" Service-Type = Outbound-User Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_UP NAS-Identifier = "ALFASYSTEM" NAS-Port = 33619968 NAS-Real-Port = 553649127 NAS-Port-Type = Virtual NAS-Port-Id = "2/1 vlan-id 999 clips 131743" Medium-Type = DSL Mac-Addr = "00-17-08-2e-76-d2" Platform-Type = SE-100 OS-Version = "6.5.1.5" Acct-Authentic = RADIUS Port-Limit = 1 DHCP-Max-Leases = 1 Framed-IP-Address = 91.231.71.17 Source-Validation = Enabled DHCP-Option = "\014\014\004alfa" Acct-Interim-Interval = 600 Forward-Policy = "in:CLIPS-DEFAULT" QOS-Rate-Outbound = "20480:0:0" QOS-Rate-Inbound = "2048:0:0" Qos-Policing-Profile-Name = "customer-out" Qos-Metering-Profile-Name = "customer-in" Event-Timestamp = "Apr 4 2013 14:47:18 CEST" << start rad_recv: Accounting-Request packet from host 91.231.70.5 port 1812, id=224, length=603 User-Name = "00:17:08:2e:76:d2" Acct-Status-Type = Stop Acct-Session-Id = "01007800029F-515D7656" Service-Type = Outbound-User Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_DOWN NAS-Identifier = "ALFASYSTEM" NAS-Port = 33619968 NAS-Real-Port = 553649127 NAS-Port-Type = Virtual NAS-Port-Id = "2/1 vlan-id 999 clips 131743" Medium-Type = DSL Mac-Addr = "00-17-08-2e-76-d2" Platform-Type = SE-100 OS-Version = "6.5.1.5" Acct-Authentic = RADIUS Port-Limit = 1 DHCP-Max-Leases = 1 Framed-IP-Address = 91.231.71.17 Source-Validation = Enabled DHCP-Option = "\014\014\004alfa" Acct-Session-Time = 1 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets-64 = 0x Acct-Output-Packets-64 = 0x Acct-Input-Octets-64 = 0x Acct-Output-Octets-64 = 0x Acct-Mcast-In-Packets = 0 Acct-Mcast-Out-Packets = 0 Acct-Mcast-In-Octets = 0 Acct-Mcast-Out-Octets = 0 Acct-Mcast-In-Packets-64 = 0x Acct-Mcast-Out-Packets-64 = 0x Acct-Mcast-In-Octets-64 = 0x Acct-
Re: MAC Address Auth
Great, i have run the debug and i did get the attribute required. If i want to full fill the two conditions i.e username/passwd and Mac Address = Attr-2352-145 How would i need to twick my radiusd.conf file to achieve this? User-Name = "user2000@ut3" CHAP-Password = "cccddd'" CHAP-Challenge = "" Service-Type = Framed-User Framed-Protocol = PPP NAS-Identifier = "UT-BRAS-EDGE" NAS-IP-Address = x.x.x.x NAS-Port = 855649483 NAS_Real_Port = 855638816 NAS-Port-Type = Virtual Attr-87 = "3/3 vlan-id 800 pppoe 11467" Medium_Type = 11 Attr-2352-145 = "5c-7d-5e-3f-d0-f7" MAC Address Attr-2352-98 = "3" Attr-2352-112 = "6.2.1.9" Acct-Session-Id = "020268008FC9-515D8419" Eric M From: Mulindwa To: Alan DeKok ; FreeRadius users mailing list Sent: Thursday, April 4, 2013 4:58 PM Subject: Re: MAC Address Auth Thanks Alan, Let me do so. Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Thursday, April 4, 2013 4:47 PM Subject: Re: MAC Address Auth Mulindwa wrote: > Hi All, > > Have been trying to authenticate my ADSL users using Mac Address Auth, > however i have failed even after going through the documentation. > > I want to authenticate with the highlighted, anyone done this and can help? It's been done. > This is how the accounting file looks; If you're trying to debug authentication, it helps to look at *authentication* traffic, and not *accounting* data. And run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list. Honestly, there is NO excuse for refusing to do this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Thanks Alan, Let me do so. Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Thursday, April 4, 2013 4:47 PM Subject: Re: MAC Address Auth Mulindwa wrote: > Hi All, > > Have been trying to authenticate my ADSL users using Mac Address Auth, > however i have failed even after going through the documentation. > > I want to authenticate with the highlighted, anyone done this and can help? It's been done. > This is how the accounting file looks; If you're trying to debug authentication, it helps to look at *authentication* traffic, and not *accounting* data. And run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list. Honestly, there is NO excuse for refusing to do this. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Mulindwa wrote: > Hi All, > > Have been trying to authenticate my ADSL users using Mac Address Auth, > however i have failed even after going through the documentation. > > I want to authenticate with the highlighted, anyone done this and can help? It's been done. > This is how the accounting file looks; If you're trying to debug authentication, it helps to look at *authentication* traffic, and not *accounting* data. And run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list. Honestly, there is NO excuse for refusing to do this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Hi All, Have been trying to authenticate my ADSL users using Mac Address Auth, however i have failed even after going through the documentation. I want to authenticate with the highlighted, anyone done this and can help? Thanx This is how the accounting file looks; User-Name = "user2000@ut3" Acct-Status-Type = Interim-Update Acct-Session-Id = "02026800C44B-515D1107" Service-Type = Framed-User Framed-Protocol = PPP Acct-Update-Reason = AAA_LOAD_ACCT_PERIODIC NAS-Identifier = "UT-BRAS-EDGE" NAS-IP-Address = x.x.x.x NAS-Port = 855648779 NAS-Real-Port = 855638316 NAS-Port-Type = Virtual NAS-Port-Id = "3/3 vlan-id 300 pppoe 10763" Medium-Type = DSL Mac-Addr = "b4-82-fe-ed-2c-7c" Platform-Type = 3 OS-Version = "6.2.1.9" Acct-Authentic = RADIUS Ip-Address-Pool-Name = "pool_256" Port-Limit = 1 Client-DNS-Pri = x.x.x.x Client-DNS-Sec = x.x.x.x Framed-IP-Address = 10.40.141.152 Acct-Session-Time = 27601 Acct-Input-Packets = 2756 Acct-Output-Packets = 2973 Acct-Input-Octets = 94115 Acct-Output-Octets = 106491 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets-64 = 0x0ac4 Acct-Output-Packets-64 = 0x0b9d Acct-Input-Octets-64 = 0x00016fa3 Acct-Output-Octets-64 = 0x00019ffb Acct-Mcast-In-Packets = 0 Acct-Mcast-Out-Packets = 221 Acct-Mcast-In-Octets = 0 Acct-Mcast-Out-Octets = 12818 Acct-Mcast-In-Packets-64 = 0x Acct-Mcast-Out-Packets-64 = 0x00dd Acct-Mcast-In-Octets-64 = 0x Acct-Mcast-Out-Octets-64 = 0x3212 Qos-Policy-Metering = "broadband_256_metering" Qos-Policy-Policing = "broadband_256_policing" NAT-Policy-Name = "NAT_POLICY1" Event-Timestamp = "Apr 4 2013 16:15:05 EAT" Acct-Unique-Session-Id = "4f2a5dc771fd3034" Timestamp = 1365082454 Request-Authenticator = Verified Eric M - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disconected after one second
On 04/04/13 14:17, Łukasz Kopiszka wrote: Everything was working great until I change something but I don't remember what was it :) That's unfortunate. I suggest you look into using version control for your configs. Anyway, the NAS is the one doing the disconnect - you should debug this on the NAS. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disconected after one second
Hi, I have strange problem host can't receive IP becouse he get Acct-Status-Type = Stop Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_DOWN after one second before: Acct-Status-Type = Start Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_UP short log: Sending Access-Accept of id 126 to 91.231.70.5 port 1812 Service-Type = Outbound-User Framed-IP-Address == 91.231.71.17 Acct-Interim-Interval == 300 Service-Type == Outbound-User Connect-Info == "1" Port-Limit == 1 DHCP_Max_Leases == 1 Context-Name == "CLIPS" HTTP-Redirect-Profile-Name == "" Forward-Policy == "in:CLIPS-DEFAULT" QOS-Rate-Outbound == "20480" QOS-Rate-Inbound == "2048" Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 91.231.70.5 port 1812, id=223, length=385 User-Name = "00:17:08:2e:76:d2" Acct-Status-Type = Start Acct-Session-Id = "01007800029F-515D7656" Service-Type = Outbound-User Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_UP NAS-Identifier = "ALFASYSTEM" NAS-Port = 33619968 NAS-Real-Port = 553649127 NAS-Port-Type = Virtual NAS-Port-Id = "2/1 vlan-id 999 clips 131743" Medium-Type = DSL Mac-Addr = "00-17-08-2e-76-d2" Platform-Type = SE-100 OS-Version = "6.5.1.5" Acct-Authentic = RADIUS Port-Limit = 1 DHCP-Max-Leases = 1 Framed-IP-Address = 91.231.71.17 Source-Validation = Enabled DHCP-Option = "\014\014\004alfa" Acct-Interim-Interval = 600 Forward-Policy = "in:CLIPS-DEFAULT" QOS-Rate-Outbound = "20480:0:0" QOS-Rate-Inbound = "2048:0:0" Qos-Policing-Profile-Name = "customer-out" Qos-Metering-Profile-Name = "customer-in" Event-Timestamp = "Apr 4 2013 14:47:18 CEST" << start rad_recv: Accounting-Request packet from host 91.231.70.5 port 1812, id=224, length=603 User-Name = "00:17:08:2e:76:d2" Acct-Status-Type = Stop Acct-Session-Id = "01007800029F-515D7656" Service-Type = Outbound-User Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_DOWN NAS-Identifier = "ALFASYSTEM" NAS-Port = 33619968 NAS-Real-Port = 553649127 NAS-Port-Type = Virtual NAS-Port-Id = "2/1 vlan-id 999 clips 131743" Medium-Type = DSL Mac-Addr = "00-17-08-2e-76-d2" Platform-Type = SE-100 OS-Version = "6.5.1.5" Acct-Authentic = RADIUS Port-Limit = 1 DHCP-Max-Leases = 1 Framed-IP-Address = 91.231.71.17 Source-Validation = Enabled DHCP-Option = "\014\014\004alfa" Acct-Session-Time = 1 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets-64 = 0x Acct-Output-Packets-64 = 0x Acct-Input-Octets-64 = 0x Acct-Output-Octets-64 = 0x Acct-Mcast-In-Packets = 0 Acct-Mcast-Out-Packets = 0 Acct-Mcast-In-Octets = 0 Acct-Mcast-Out-Octets = 0 Acct-Mcast-In-Packets-64 = 0x Acct-Mcast-Out-Packets-64 = 0x Acct-Mcast-In-Octets-64 = 0x Acct-Mcast-Out-Octets-64 = 0x Acct-Interim-Interval = 600 Forward-Policy = "in:CLIPS-DEFAULT" QOS-Rate-Outbound = "20480:0:0" QOS-Rate-Inbound = "2048:0:0" Qos-Policing-Profile-Name = "customer-out" Qos-Metering-Profile-Name = "customer-in" Event-Timestamp = "Apr 4 2013 14:47:19 CEST" << stop after 1 second! full log: http://pastebin.com/HTYxdg1B Everything was working great until I change something but I don't remember what was it -- Pozdrawiam, Łukasz Kopiszka tel. 694-212-718 www.alfa-system.pl - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disconected after one second
Hi, I have strange problem host can't receive IP becouse he get Acct-Status-Type = Stop Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_DOWN after one second before: Acct-Status-Type = Start Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_UP short log: Sending Access-Accept of id 126 to 91.231.70.5 port 1812 Service-Type = Outbound-User Framed-IP-Address == 91.231.71.17 Acct-Interim-Interval == 300 Service-Type == Outbound-User Connect-Info == "1" Port-Limit == 1 DHCP_Max_Leases == 1 Context-Name == "CLIPS" HTTP-Redirect-Profile-Name == "" Forward-Policy == "in:CLIPS-DEFAULT" QOS-Rate-Outbound == "20480" QOS-Rate-Inbound == "2048" Finished request 5. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 91.231.70.5 port 1812, id=223, length=385 User-Name = "00:17:08:2e:76:d2" Acct-Status-Type = Start Acct-Session-Id = "01007800029F-515D7656" Service-Type = Outbound-User Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_UP NAS-Identifier = "ALFASYSTEM" NAS-Port = 33619968 NAS-Real-Port = 553649127 NAS-Port-Type = Virtual NAS-Port-Id = "2/1 vlan-id 999 clips 131743" Medium-Type = DSL Mac-Addr = "00-17-08-2e-76-d2" Platform-Type = SE-100 OS-Version = "6.5.1.5" Acct-Authentic = RADIUS Port-Limit = 1 DHCP-Max-Leases = 1 Framed-IP-Address = 91.231.71.17 Source-Validation = Enabled DHCP-Option = "\014\014\004alfa" Acct-Interim-Interval = 600 Forward-Policy = "in:CLIPS-DEFAULT" QOS-Rate-Outbound = "20480:0:0" QOS-Rate-Inbound = "2048:0:0" Qos-Policing-Profile-Name = "customer-out" Qos-Metering-Profile-Name = "customer-in" Event-Timestamp = "Apr 4 2013 14:47:18 CEST" << start rad_recv: Accounting-Request packet from host 91.231.70.5 port 1812, id=224, length=603 User-Name = "00:17:08:2e:76:d2" Acct-Status-Type = Stop Acct-Session-Id = "01007800029F-515D7656" Service-Type = Outbound-User Acct-Update-Reason = AAA_LOAD_ACCT_SESSION_DOWN NAS-Identifier = "ALFASYSTEM" NAS-Port = 33619968 NAS-Real-Port = 553649127 NAS-Port-Type = Virtual NAS-Port-Id = "2/1 vlan-id 999 clips 131743" Medium-Type = DSL Mac-Addr = "00-17-08-2e-76-d2" Platform-Type = SE-100 OS-Version = "6.5.1.5" Acct-Authentic = RADIUS Port-Limit = 1 DHCP-Max-Leases = 1 Framed-IP-Address = 91.231.71.17 Source-Validation = Enabled DHCP-Option = "\014\014\004alfa" Acct-Session-Time = 1 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets-64 = 0x Acct-Output-Packets-64 = 0x Acct-Input-Octets-64 = 0x Acct-Output-Octets-64 = 0x Acct-Mcast-In-Packets = 0 Acct-Mcast-Out-Packets = 0 Acct-Mcast-In-Octets = 0 Acct-Mcast-Out-Octets = 0 Acct-Mcast-In-Packets-64 = 0x Acct-Mcast-Out-Packets-64 = 0x Acct-Mcast-In-Octets-64 = 0x Acct-Mcast-Out-Octets-64 = 0x Acct-Interim-Interval = 600 Forward-Policy = "in:CLIPS-DEFAULT" QOS-Rate-Outbound = "20480:0:0" QOS-Rate-Inbound = "2048:0:0" Qos-Policing-Profile-Name = "customer-out" Qos-Metering-Profile-Name = "customer-in" Event-Timestamp = "Apr 4 2013 14:47:19 CEST" << stop after 1 second! full log: http://pastebin.com/HTYxdg1B Everything was working great until I change something but I don't remember what was it :) -- Pozdrawiam, Łukasz Kopiszka tel. 694-212-718 www.alfa-system.pl - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
