NAS-PORT-ID in the auth. log instead of NAS-PORT
Hi All, Can i log the NAS-PORT-ID in the log file instead of the NAS-PORT? Thu Sep 3 10:53:10 2009 : Auth: Login OK: [627...@tedata.net.eg] (from client MNSREST port 4060295476) thanks Amr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkval module
Hi every one I am using freeradius 1.1.7 i am configuring checkval to check for Nas-Port-Type , i need to make it checks for Nas-Port-Id also . this is the radius.conf checkval sections checkval { item-name = NAS-Port-Id check-name = NAS-Port-Id item-name = NAS-Port-Type check-name = NAS-Port-Type data-type = string notfound-reject = yes } but actually it process the first entry only which is NAS-Port-Id and ignore the second one which is NAS-Port-Type . Is that possible to make the radius to check both items ?? thanks Amr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkval module
Hi Franois Thank you it worked out thanks a lot :-) Regards, Amr el-Saeed Senior Systems Engineer 94 Tahrir St., Maghraby Plaza, Dokki, Giza 12311, Egypt T: +20 (2) 33 32 0700 | Ext: 1107 F: +20 (2) 33 32 0800 | E: amr.elsa...@tedata.net www.tedata.net Franois Mehault wrote: Hi I think you have to do like this: checkval checkNasPortId { item-name = NAS-Port-Id check-name = NAS-Port-Id data-type = string notfound-reject = yes } checkval checkNasPortType { item-name = NAS-Port-Type check-name = NAS-Port-Type data-type = string notfound-reject = yes } and in your /site-available/default you load checkNasPortId checkNasPortType instead of checkval #checkval checkNasPortId checkNasPortType I hope I help you Franois De: freeradius-users-bounces+francois.mehault=netplus...@lists.freeradius.org [mailto:freeradius-users-bounces+francois.mehault=netplus...@lists.freeradius.org] De la part de Amr el-Saeed Envoy: mercredi 3 juin 2009 15:36 : FreeRadius users mailing list Objet: checkval module Hi every one I am using freeradius 1.1.7 i am configuring checkval to check for Nas-Port-Type , i need to make it checks for Nas-Port-Id also . this is the radius.conf checkval sections checkval { item-name = NAS-Port-Id check-name = NAS-Port-Id item-name = NAS-Port-Type check-name = NAS-Port-Type data-type = string notfound-reject = yes } but actually it process the first entry only which is NAS-Port-Id and ignore the second one which is NAS-Port-Type . Is that possible to make the radius to check both items ?? thanks Amr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP error
Hi Alan, Can't it be applied to 1.1.7 release, as there are many changes in the conf. files between 1.1.7 and 2.0 ?? Thanks Amr [EMAIL PROTECTED] wrote: hi, just a quick check... the smux.c patches ARE applied to the 2.0.x smux.c (but not part of the last 1.1.7 release). the radius_snmp.c patches - converting an int to a long (handling 64 bit better I'd guess)... havent been incorporated into the 2.0.x tree. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP error
Hi Alan, I have patches attached from RedHat for freeradius 1.1.3 . Can we have a patched release from freeradius 1.1.7 ?? Thanks Amr Alan DeKok wrote: Edvin Seferovic wrote: I am also curious about the answer on this question ! Are there any plans to implement AgentX protocol into freeradius project? No plans. At this point, the only plans for 2.0 are minor feature improvements and bug fixes. I plan on spending time working on the book, unless otherwise motivated. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- freeradius-1.1.3/src/main/smux.c.1819888 2008-05-15 15:05:49.0 +0100 +++ freeradius-1.1.3/src/main/smux.c 2008-05-15 16:17:30.0 +0100 @@ -243,7 +243,7 @@ int ret; u_char buf[BUFSIZ]; u_char *ptr, *h1, *h1e, *h2, *h2e; - int len, length; + size_t len, length; ptr = buf; len = BUFSIZ; @@ -293,8 +293,8 @@ ret = send (rad_snmp.smux_fd, buf, length, 0); } -static char * -smux_var (char *ptr, int len, oid objid[], size_t *objid_len, +static u_char * +smux_var (u_char *ptr, size_t len, oid objid[], size_t *objid_len, size_t *var_val_len, u_char *var_val_type, void **var_value) @@ -591,8 +591,8 @@ } /* GET message header. */ -static char * -smux_parse_get_header (char *ptr, size_t *len, long *reqid) +static u_char * +smux_parse_get_header (u_char *ptr, size_t *len, long *reqid) { u_char type; long errstat; @@ -617,7 +617,7 @@ } static void -smux_parse_set (char *ptr, size_t len, int action) +smux_parse_set (u_char *ptr, size_t len, int action) { long reqid; oid my_oid[MAX_OID_LEN]; @@ -646,7 +646,7 @@ } static void -smux_parse_get (char *ptr, size_t len, int exact) +smux_parse_get (u_char *ptr, size_t len, int exact) { long reqid; oid my_oid[MAX_OID_LEN]; @@ -679,7 +679,7 @@ /* Parse SMUX_CLOSE message. */ static void -smux_parse_close (char *ptr, int len) +smux_parse_close (u_char *ptr, int len) { long reason = 0; @@ -692,9 +692,9 @@ /* SMUX_RRSP message. */ static void -smux_parse_rrsp (char *ptr, int len) +smux_parse_rrsp (u_char *ptr, size_t len) { - char val; + u_char val; long errstat; ptr = asn_parse_int (ptr, len, val, errstat, sizeof (errstat)); @@ -704,7 +704,7 @@ /* Parse SMUX message. */ static int -smux_parse (char *ptr, int len) +smux_parse (u_char *ptr, size_t len) { /* this buffer we'll use for SOUT message. We could allocate it with malloc and save only static pointer/lenght, but IMHO static buffer is a faster solusion */ @@ -806,7 +806,7 @@ int smux_read () { - int len; + ssize_t len; u_char buf[SMUXMAXPKTSIZE]; int ret; @@ -835,7 +835,7 @@ DEBUG2 (SMUX read len: %d, len); /* Parse the message. */ - ret = smux_parse (buf, len); + ret = smux_parse (buf, (size_t) len); if (ret 0) { close (rad_snmp.smux_fd); @@ -854,8 +854,8 @@ { u_char buf[BUFSIZ]; u_char *ptr; - int len; - u_long smux_proto_version; + size_t len; + long smux_proto_version; u_char rad_progname[] = radiusd; smux_oid_dump (SMUX open oid, smux_oid, smux_oid_len); @@ -890,7 +890,7 @@ ptr = asn_build_string (ptr, len, (u_char) (ASN_UNIVERSAL | ASN_PRIMITIVE | ASN_OCTET_STR), - rad_snmp.smux_password, strlen(rad_snmp.smux_password)); + (u_char *) rad_snmp.smux_password, strlen(rad_snmp.smux_password)); /* Fill in real SMUX header. We exclude ASN header size (2). */ len = BUFSIZ; @@ -904,7 +904,8 @@ { u_char buf[BUFSIZ]; u_char *ptr; - int len, ret; + size_t len; + ssize_t ret; long priority; long operation; struct subtree *subtree; @@ -956,7 +957,7 @@ int smux_connect () { - int ret; + ssize_t ret; rad_snmp.smux_event=SMUX_NONE; DEBUG2 (SMUX connect try %d, rad_snmp.smux_failures + 1); --- freeradius-1.1.3/src/main/radius_snmp.c.type_long 2008-05-15 23:52:29.0 +0100 +++ freeradius-1.1.3/src/main/radius_snmp.c 2008-05-15 23:52:37.0 +0100 @@ -296,12 +296,12 @@ case RADIUSACCSERVUPTIME: rad_snmp.acct.uptime = (time(NULL) - rad_snmp.acct.start_time) * 100; - *var_len = sizeof(int32_t); + *var_len = sizeof(long); return (unsigned char *) rad_snmp.acct.uptime; case RADIUSACCSERVRESETTIME: rad_snmp.acct.reset_time = (time(NULL) - rad_snmp.acct.last_reset_time) * 100; - *var_len = sizeof(int32_t); + *var_len = sizeof(long); return (unsigned char *) rad_snmp.acct.reset_time; case RADIUSACCSERVCONFIGRESET: @@ -310,39 +310,39 @@ return (unsigned char *) result; case RADIUSACCSERVTOTALREQUESTS: - *var_len = sizeof(int32_t); + *var_len = sizeof(long); return (unsigned char *) rad_snmp.acct.total_requests; case RADIUSACCSERVTOTALINVALIDREQUESTS: - *var_len = sizeof(int32_t); + *var_len = sizeof(long); return (unsigned char *) rad_snmp.acct.total_invalid_requests; case RADIUSACCSERVTOTALDUPREQUESTS: - *var_len = sizeof(int32_t); + *var_len = sizeof(long); return (unsigned char *)
Re: SNMP error
Hi, any suggestions about what to do to make snmp work on 64-bit?? Amr el-Saeed wrote: Dear Alan, i build from the source file that i downloaded from freeradius.org i suspected the 64-bit i made several trials , and here is the result freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL3 , 32-bit working freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL5 , 32-bit working freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL5 , 64-bit NOT working freeradius-1.1.7 , snmp-5.3.1-19.el5 , RHEL5 , 32-bit NOT working freeradius-1.1.7 , snmp-5.3.1-19.el5 , RHEL5 , 64-bit NOT working any comments ?? [EMAIL PROTECTED] wrote: Hi, i have OS RHEL5 it looks like it didnt build with the required debug parts - once again, as you are using the SPEC for your distro they could have other things that mess it up - I can only help if you build from the source and leave package management stuff alone. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP error
Dear Alan, i build from the source file that i downloaded from freeradius.org i suspected the 64-bit i made several trials , and here is the result freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL3 , 32-bitworking freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL5 , 32-bitworking freeradius-1.1.7 , snmp-5.0.9-2.30E.20 , RHEL5 , 64-bitNOT working freeradius-1.1.7 , snmp-5.3.1-19.el5 , RHEL5 , 32-bitNOT working freeradius-1.1.7 , snmp-5.3.1-19.el5 , RHEL5 , 64-bitNOT working any comments ?? [EMAIL PROTECTED] wrote: Hi, i have OS RHEL5 it looks like it didnt build with the required debug parts - once again, as you are using the SPEC for your distro they could have other things that mess it up - I can only help if you build from the source and leave package management stuff alone. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP error
i have OS RHEL5 Amr el-Saeed wrote: Hi Alan, yes, i'm sure i added the option in the SPEC file and then build the RPM and about the second issue , i didn't have a debugging kernel but i got one and install it and boot with it and got the same output !! and ideas ?? thanks for help (gdb) set logging file gdb-radiusd.log (gdb) set logging on Copying output to gdb-radiusd.log. (gdb) run Starting program: /usr/sbin/radiusd (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 46912546236704 (LWP 5584)] (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Wed Jan 23 15:46:53 2008 : Info: Starting - reading configuration files ... (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Program exited normally. (gdb) [EMAIL PROTECTED] wrote: Hi, i followed the bugs file. i recompiled the freeradius with --enable-developer actually i made RPM file with ( rpmbuild -ta freeradius-1.1.7.tar.gz ) are you SURE That this worked fine - as if you used the standard SPEC then you wouldnt enable the developer stuff. (no debugging symbols found) you also need to ensure your kernel is built with debugging support alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP error
Hi Alan, yes, i'm sure i added the option in the SPEC file and then build the RPM and about the second issue , i didn't have a debugging kernel but i got one and install it and boot with it and got the same output !! and ideas ?? thanks for help (gdb) set logging file gdb-radiusd.log (gdb) set logging on Copying output to gdb-radiusd.log. (gdb) run Starting program: /usr/sbin/radiusd (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 46912546236704 (LWP 5584)] (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Wed Jan 23 15:46:53 2008 : Info: Starting - reading configuration files ... (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) (no debugging symbols found) Program exited normally. (gdb) [EMAIL PROTECTED] wrote: Hi, i followed the bugs file. i recompiled the freeradius with --enable-developer actually i made RPM file with ( rpmbuild -ta freeradius-1.1.7.tar.gz ) are you SURE That this worked fine - as if you used the standard SPEC then you wouldnt enable the developer stuff. (no debugging symbols found) you also need to ensure your kernel is built with debugging support alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP error
hi alan, i searched the freeradius.org for the debug instructions, but i found nothing. what do you mean exactly by debug instructions i already have this in the radius debug mode SMUX read start SMUX connection closed: 66 SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: yallasnmp SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 Waking up in 14 seconds... SMUX read start SMUX read len: 3 SMUX message received type: 0 rest len: 1 Unknown type: 0 Waking up in 14 seconds... SMUX read start SMUX connection closed: 66 SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: yallasnmp SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 Waking up in 14 seconds... thanks amr [EMAIL PROTECTED] wrote: hi, known SNMP issues with 64bit and that version of SNMP. you will need to follow the debug instructions to help debug alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SNMP error
Dear All, I have freeradius-1.1.7-1. it was installed on RHEL 3 SNMP net-snmp-5.0.9-2.30E.22 every thing was going OK i just installed RHEL 564-bit recompiled the freeradius on the new OS and reinstall the radius is working Ok i have SNMP version net-snmp-5.3.1-19.el5 but every time i wanted to snmpwalk from the radius i got that error RADIUS-AUTH-SERVER-MIB::radiusMIB = No Such Object available on this agent at this OID the command i execute is snmpwalk -v2c -c testsnmp -m /etc/raddb/RADIUS-AUTH-SERVER-MIB.txt localhost radius same command is working fine on the old machine. i searched for that on google but found nothing . any one can help ?? thanks Amr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP error
this is the log [smux_accept] accepted fd 12 from 127.0.0.1:57180 Jan 10 20:38:26 RADIUS-1-A snmpd[32488]: refused smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd Jan 10 20:38:26 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12 from 127.0.0.1:57181 Jan 10 20:38:26 RADIUS-1-A snmpd[32488]: refused smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd Jan 10 20:38:26 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12 from 127.0.0.1:57182 Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: refused smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12 from 127.0.0.1:57183 Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: refused smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12 from 127.0.0.1:57184 Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: refused smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12 from 127.0.0.1:57185 Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: refused smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12 from 127.0.0.1:57186 Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: refused smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: [smux_accept] accepted fd 12 from 127.0.0.1:57187 Jan 10 20:38:27 RADIUS-1-A snmpd[32488]: refused smux peer: oid SNMPv2-SMI::enterprises.3317.1.3.1, descr radiusd this is the debug mode SMUX read start SMUX connection closed: 66 SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: yallasnmp SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 Waking up in 14 seconds... SMUX read start SMUX read len: 3 SMUX message received type: 0 rest len: 1 Unknown type: 0 Waking up in 14 seconds... SMUX read start SMUX connection closed: 66 SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: yallasnmp SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 Waking up in 14 seconds... Kevin Bonner wrote: On Thursday 10 January 2008 08:41:30 Amr el-Saeed wrote: but every time i wanted to snmpwalk from the radius i got that error RADIUS-AUTH-SERVER-MIB::radiusMIB = No Such Object available on this agent at this OID the command i execute is snmpwalk -v2c -c testsnmp -m /etc/raddb/RADIUS-AUTH-SERVER-MIB.txt localhost radius same command is working fine on the old machine. i searched for that on google but found nothing . any one can help ?? What does debug mode (-X) show? Are there any errors in your snmpd log file? Kevin Bonner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
There are no DB handles to use
Dear Alan, I want to check some thing. When i got the error ( There are no DB handles to use ) in my log file, will the request be discarded and the router must resend it again or the RADIUS will buffer the request and wait till a DB connection is free to use and then process the request ? Regards, Amr Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS SNMP
Dear All, I want to monitor the RADIUS with SNMP. but i need to know exactly what is that OID means ( radiusAccServTotalNoRecords ) i searched and found that it means The number of RADIUS Accounting-Request packets which were received and responded to but not recorded but i can't understand how come that the radius respond to a packet but it is not recorded ?? i'm using mysql as accounting DB regards, Amr Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
replace the log file with mysql records
Dear All, I have this line in my log file ( Auth: Invalid user (rlm_checkval: This NAS-Port-Type is not allowed for the user): ) I just want to make the radius to insert it in mysql server like post auth as it inserts the Access accepts and rejects, i want to replace the log file with mysql table using the authentication query . can i ?? regrads - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Stress Test tool
Hi All i used radclient -f attr -p 10 -c 1 localhost:1812 auth local but also got one entry in my log file !! i guess i must get 10 entries . any idea ? Amr el-Saeed wrote: sorry but i was unsubscribed from the milling list, i don't know why ? so, i didn't get the answer !! can u just send it again if u not mind ?? thanks [EMAIL PROTECTED] wrote: any idea ? You have asked this a couple of days ago. Try reading the answer. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Stress Test tool
Dear All, i know this is too late to say that :-) but , i used radclient to test my freeradius server i wanted to use the ( -p num Send 'num' packets from a file in parallel. ) thats my command ( radclient -f attr -p 100 localhost:1812 auth local ) this is the file attr ( User-Name = amrali User-Password = 123456 NAS-IP-Address = 255.255.255.255 NAS-Port = 34 ) but the request is done only once not 100 times !! any idea ? my free radius version is freeradius-1.1.0-1 Amr Ali Alan DeKok wrote: Michael Lecuyer wrote: What we're seeing is that a long time out can make it appear that all packets are being processed but the long time out also slows the client load test. If half of those threads are waiting a very short time for responses and half are waiting a long time (essentially waiting for the short responses to be processed by the server) you're now down to half the threads testing the server. As time goes by more and more threads are waiting for fewer quick thread responses and the test becomes meaningless. I'm looking into creating a complex load testing tool (not radclient), that will be single threaded, but which will be able to have many 1000's of outstanding requests. It will track a number of pieces of information, including offered load, accepted load, histograms of delay over time, etc. It can be run on mltiple machines, and the results collated. Ping me privately if this is interesting. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Stress Test tool
sorry but i was unsubscribed from the milling list, i don't know why ? so, i didn't get the answer !! can u just send it again if u not mind ?? thanks [EMAIL PROTECTED] wrote: any idea ? You have asked this a couple of days ago. Try reading the answer. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS Stress Test tool
Dear All, i know this is too late to say that :-) but , i used radclient to test my freeradius server i wanted to use the ( -p num Send 'num' packets from a file in parallel. ) thats my command ( radclient -f attr -p 100 localhost:1812 auth local ) this is the file attr ( User-Name = amrali User-Password = 123456 NAS-IP-Address = 255.255.255.255 NAS-Port = 34 ) but the request is done only once not 100 times !! any idea ? Amr Ali Alan DeKok wrote: Michael Lecuyer wrote: What we're seeing is that a long time out can make it appear that all packets are being processed but the long time out also slows the client load test. If half of those threads are waiting a very short time for responses and half are waiting a long time (essentially waiting for the short responses to be processed by the server) you're now down to half the threads testing the server. As time goes by more and more threads are waiting for fewer quick thread responses and the test becomes meaningless. I'm looking into creating a complex load testing tool (not radclient), that will be single threaded, but which will be able to have many 1000's of outstanding requests. It will track a number of pieces of information, including offered load, accepted load, histograms of delay over time, etc. It can be run on mltiple machines, and the results collated. Ping me privately if this is interesting. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting requests and LDAP relation
Dear All, Is there any relation between the accounting requests and the LDAP, in case i'm using LDAP for authentication and MySql for accounting. Now i have many accounting requests and my DB machine is loaded , but what i can't understand is why my LDAP machine is loaded too. i make a debug on the RADIUS and found that when handling the accounting request the RADIUS contacts the sql and ldap to check GroupMember, in sql.conf i commented the group member query and nothing happens against the MySql , but still happens against the LDAP . any idea ??? thanks all - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting requests and LDAP relation
i just noticed that this happens in the Interim-Update packet only not the Start or the Stop !! Alan DeKok wrote: Amr el-Saeed wrote: Is there any relation between the accounting requests and the LDAP, in case i'm using LDAP for authentication and MySql for accounting. No. Now i have many accounting requests and my DB machine is loaded , but what i can't understand is why my LDAP machine is loaded too. i make a debug on the RADIUS and found that when handling the accounting request the RADIUS contacts the sql and ldap to check GroupMember, It only does that if you configured the server to look for LDAP groups as part of your local policy. i.e. LDAP-Group == in sql.conf i commented the group member query and nothing happens against the MySql , but still happens against the LDAP . If you want to use LDAP groups, then understand that doing so will involve using the LDAP server. If you don't want to use LDAP groups, then remove that configuration from your system. The default configuration does NOT do LDAP group matching on accounting requests. So it's definitely something you added locally to your system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting requests and LDAP relation
can i just drop the Interim-Update packet from the RADIUS server ?? Amr el-Saeed wrote: i just noticed that this happens in the Interim-Update packet only not the Start or the Stop !! Alan DeKok wrote: Amr el-Saeed wrote: Is there any relation between the accounting requests and the LDAP, in case i'm using LDAP for authentication and MySql for accounting. No. Now i have many accounting requests and my DB machine is loaded , but what i can't understand is why my LDAP machine is loaded too. i make a debug on the RADIUS and found that when handling the accounting request the RADIUS contacts the sql and ldap to check GroupMember, It only does that if you configured the server to look for LDAP groups as part of your local policy. i.e. LDAP-Group == in sql.conf i commented the group member query and nothing happens against the MySql , but still happens against the LDAP . If you want to use LDAP groups, then understand that doing so will involve using the LDAP server. If you don't want to use LDAP groups, then remove that configuration from your system. The default configuration does NOT do LDAP group matching on accounting requests. So it's definitely something you added locally to your system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server crashes
Dear Alan, Thanks for your reply first, i have about 200,000 users but there is some thin g in the configuration that makes the users connects and disconnects in less than 15 minutes , and that makes that huge number of requests (it's a temp. situation ) of-course. second i tried the configuration you sent. the server didn't start, so i guess it OS problem as you said but how to fix it ?? can you help me with that ?? thanks again Amr Alan DeKok wrote: Amr el-Saeed wrote: Sorry the config. was in the first email I have this configuration . ... thread stuff. There's usually a LOT more configuration than that. start_servers = 20 max_servers = 400 min_spare_servers = 30 max_spare_servers = 60 I would suggest setting: start_servers = 400 max_servers = 400 min_spare_servers = 0 max_spare_servers = 400 If the server doesn't start with those parameters, it's because your OS doesn't let you start that many threads. In that case, go fix the OS. i need 10,000 per second I doubt that very much. That's a billion packets per day. Or, it's 500K users logged in all of the time, each of whom is online for only 10 minutes. There are large ISP's with 10+ million users who see only hundreds of requests per second. You're talking about 100 times that, which is very unusual. Please explain why you need such a HUGE number of requests. It may help solve the problem you're seeing. Do you have a billion users in your ISP? Or do you have fewer users than that? How many users do you expect to see online at once? How many minutes are they online for at a time? Also, most databases can't handle 10k writes per second, (some can't handle 10k *reads* per second). So it's very doubtful that you'll be able to do anything with 10k packets/s, even if the RADIUS server itself can handle them. I'm not aware of a single RADIUS installation on the planet that needs 10K packets per second. And even the ones that handle hundreds to thousands of packets per second split those packets among multiple machines. i.e. If you have a 10M users in your ISP, you can't afford to have everyone go offline because your ONLY RADIUS server died. You will need 4-5 RADIUS servers for service stability, at least. The result is that any one RADIUS machine will normally NEVER handle more than a few hundred packets per second. If you need more than that, your network is designed wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server crashes
i'm running Linux version 2.4.21-51.EL ([EMAIL PROTECTED]) (gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-58)) Amr el-Saeed wrote: Dear Alan, Thanks for your reply first, i have about 200,000 users but there is some thin g in the configuration that makes the users connects and disconnects in less than 15 minutes , and that makes that huge number of requests (it's a temp. situation ) of-course. second i tried the configuration you sent. the server didn't start, so i guess it OS problem as you said but how to fix it ?? can you help me with that ?? thanks again Amr Alan DeKok wrote: Amr el-Saeed wrote: Sorry the config. was in the first email I have this configuration . ... thread stuff. There's usually a LOT more configuration than that. start_servers = 20 max_servers = 400 min_spare_servers = 30 max_spare_servers = 60 I would suggest setting: start_servers = 400 max_servers = 400 min_spare_servers = 0 max_spare_servers = 400 If the server doesn't start with those parameters, it's because your OS doesn't let you start that many threads. In that case, go fix the OS. i need 10,000 per second I doubt that very much. That's a billion packets per day. Or, it's 500K users logged in all of the time, each of whom is online for only 10 minutes. There are large ISP's with 10+ million users who see only hundreds of requests per second. You're talking about 100 times that, which is very unusual. Please explain why you need such a HUGE number of requests. It may help solve the problem you're seeing. Do you have a billion users in your ISP? Or do you have fewer users than that? How many users do you expect to see online at once? How many minutes are they online for at a time? Also, most databases can't handle 10k writes per second, (some can't handle 10k *reads* per second). So it's very doubtful that you'll be able to do anything with 10k packets/s, even if the RADIUS server itself can handle them. I'm not aware of a single RADIUS installation on the planet that needs 10K packets per second. And even the ones that handle hundreds to thousands of packets per second split those packets among multiple machines. i.e. If you have a 10M users in your ISP, you can't afford to have everyone go offline because your ONLY RADIUS server died. You will need 4-5 RADIUS servers for service stability, at least. The result is that any one RADIUS machine will normally NEVER handle more than a few hundred packets per second. If you need more than that, your network is designed wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server crashes
after the server finishes starting the mysql connections, it prints that error Error: FATAL: Thread create failed: Cannot allocate memory , and starts to connect to mysql again and the error again and so on Amr el-Saeed wrote: i'm running Linux version 2.4.21-51.EL ([EMAIL PROTECTED]) (gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-58)) Amr el-Saeed wrote: Dear Alan, Thanks for your reply first, i have about 200,000 users but there is some thin g in the configuration that makes the users connects and disconnects in less than 15 minutes , and that makes that huge number of requests (it's a temp. situation ) of-course. second i tried the configuration you sent. the server didn't start, so i guess it OS problem as you said but how to fix it ?? can you help me with that ?? thanks again Amr Alan DeKok wrote: Amr el-Saeed wrote: Sorry the config. was in the first email I have this configuration . ... thread stuff. There's usually a LOT more configuration than that. start_servers = 20 max_servers = 400 min_spare_servers = 30 max_spare_servers = 60 I would suggest setting: start_servers = 400 max_servers = 400 min_spare_servers = 0 max_spare_servers = 400 If the server doesn't start with those parameters, it's because your OS doesn't let you start that many threads. In that case, go fix the OS. i need 10,000 per second I doubt that very much. That's a billion packets per day. Or, it's 500K users logged in all of the time, each of whom is online for only 10 minutes. There are large ISP's with 10+ million users who see only hundreds of requests per second. You're talking about 100 times that, which is very unusual. Please explain why you need such a HUGE number of requests. It may help solve the problem you're seeing. Do you have a billion users in your ISP? Or do you have fewer users than that? How many users do you expect to see online at once? How many minutes are they online for at a time? Also, most databases can't handle 10k writes per second, (some can't handle 10k *reads* per second). So it's very doubtful that you'll be able to do anything with 10k packets/s, even if the RADIUS server itself can handle them. I'm not aware of a single RADIUS installation on the planet that needs 10K packets per second. And even the ones that handle hundreds to thousands of packets per second split those packets among multiple machines. i.e. If you have a 10M users in your ISP, you can't afford to have everyone go offline because your ONLY RADIUS server died. You will need 4-5 RADIUS servers for service stability, at least. The result is that any one RADIUS machine will normally NEVER handle more than a few hundred packets per second. If you need more than that, your network is designed wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server crashes
Sorry the config. was in the first email I have this configuration start_servers = 20 max_servers = 400 min_spare_servers = 30 max_spare_servers = 60 max_requests_per_server = 0 i have 4G memory , this is the Top result Mem: 4090068k av, 420312k used, 3669756k free, 0k shrd, 15408k buff i need 10,000 per second Alan DeKok wrote: Amr el-Saeed wrote: OS: Red Hat Enterprise Linux AS release 3 FreRadius : freeradius-1.1.0-1 Why not 1.1.7? Let me guess... RedHat doesn't ship it. Number of requests : i need about 10,000 request concurrent I don't know what that means. 10,000 requests per second? Or 10,000 users in the database? does any thing of my configuration is wrong ? I have no idea. You haven't posted any of your configuration, so it's impossible for me to comment on it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server crashes
Dear Alan, OS: Red Hat Enterprise Linux AS release 3 FreRadius : freeradius-1.1.0-1 Number of requests : i need about 10,000 request concurrent the server starts and after 1 or 2 mins it crashes does any thing of my configuration is wrong ? and how to fine tune my freeRadius server ?? thanks Alan DeKok wrote: Amr el-Saeed wrote: the log file each less than a minute logs that the server can't allocate memory Error: FATAL: Thread create failed: Cannot allocate memory Odds are that the server is trying to start too many threads, and that there is some OS limitation on the number of threads per process. What version of the server are you running? What OS are you running? How many requests does the server receive normally? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Server crashes
Dear All, I have a big problem with my freeRadius server the log file each less than a minute logs that the server can't allocate memory Error: FATAL: Thread create failed: Cannot allocate memory I have this configuration start_servers = 20 max_servers = 400 min_spare_servers = 30 max_spare_servers = 60 max_requests_per_server = 0 i have 4G memory , this is the Top result Mem: 4090068k av, 420312k used, 3669756k free, 0k shrd, 15408k buff i got about 3G free memory , how comes that the radius can't allocate memory !! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS Stress Test tool
Dear All, Does any one have any tool to stress test the freeRadius ?? regards, Amr el-Saeed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nas-Port-Type Attribute
Hi, I put this line in the users file ( DEFAULT NAS-Port-Type == PPPoEoA, Auth-Type = Accept). I just want any user with that NAS-Port-Type to be accepted, but the RDAIUS doesn't start at all when i do this !! I know that this Value ( PPPoEoA ) is not a standard NAS-Port-Type value, but what is the problem ?? Is there any limitation on using a non standard value ?? regards, amr ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User not found using LDAP
Hi, i did that, remove ( Auth-Type := LDAP ) now i got that error :Auth: Invalid user: [no User-Name attribute/test] when trying to authenticate with an empty username i have this in the user file ( DEFAULT NAS-Port-Id = 0/0/3/1, Auth-Type := Accept ), and the user come with that nas-port-id but with empty user-name ?? regards, Alan DeKok wrote: Amr el-Saeed wrote: ... but i still get the message ( rlm_ldap: Attribute User-Name is required for authentication ) Then you've set Auth-Type := LDAP. Don't do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User not found using LDAP
Dear Mr. Alan, Thanks a lot for your help. i need to do so as i have many ADSL customers connect without authentication, and i need to make them authenticate without calling them, they are more than 100,000 user . another question , can freeRdaius authenticate any one with a different attribute than the User-Name ?? i need to authenticate the customers with NasPortID or Calling StationID , is that possible ?? regards, Alan DeKok wrote: Amr el-Saeed wrote: i'm using freeradius-1.1.0-1 Why? 1.1.6 has been out for months. i need to make a default action if a user is not found . i need to make this action ( allow) for a while, i mean if the radius searched the LDAP and didn't find the user reply to the router with OK. i didn't find anything in the docs. doc/configurable_failover Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User not found using LDAP
ok i'm using LDAP module , and it can't accept empty User-Name. so, i used the users file beside the LDAP to allow an empty user to login and i made the order in the radius.conf files module then ldap module. but i still get the message ( rlm_ldap: Attribute User-Name is required for authentication ) i guess it must check the users file first then the LDAP module , am i right ?? regards, Alan DeKok wrote: Amr el-Saeed wrote: another question , can freeRdaius authenticate any one with a different attribute than the User-Name ?? i need to authenticate the customers with NasPortID or Calling StationID , is that possible ?? Yes. Set Auth-Type := accept. It's one of the few cases where it's reasonable to set Auth-Type. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User not found using LDAP
Dear all, i'm using freeradius-1.1.0-1 i need to make a default action if a user is not found . i need to make this action ( allow) for a while, i mean if the radius searched the LDAP and didn't find the user reply to the router with OK. i didn't find anything in the docs. any ideas ?? Regards Amr Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
execute more than one sql query
Dear All, I need to execute two queries using radius in sql.conf. i tried to put two queries like this : in the file i have accounting_update_query_alt = query_1 i made it accounting_update_query_alt = query_1 ; query_2 but i got an error from MySql concerning the second section '; query_2' how can i do it ?? Thanks Amr el-Saeed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : Radius Authentication
Dear Thibault, thanx for ur help yes ,my DB server used for accounting only not authentication. but i tried what u said, as i understand it makes the RADIUS be down while the DB is down. i don't want this. i need the RADIUS to authenticate the users without inserting accounting info into the DB to minimize the outage,i need it to try to insert accounting info if it fails NO PROBLEM authenticate the user forget about the accounting. that's it thanx alot Thibault Le Meur wrote: i'm facing a little problem. in some times my mysql DB server is down the radius can't insert records into it of-course, so the users can't login as the radius doesn't authenticate them unless he can record them. Is there any solution to make the radius authenticate the users without insert records in the DB. I suppose your mysql DB server isn't used to authenticate your users, otherwise having your radius server work even if your DB is down would make no sense (unless you have another module able to authenticate users?). If your DB server is used only for logging purpose (accounting, post-authenticate, ...). You may find interresting information in the doc/configurable_failover file in order to make the DB module failure be non-critial. Regards, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Authentication
Dear All, i'm using freeradius 1.1.0 . i'm facing a little problem. in some times my mysql DB server is down the radius can't insert records into it of-course, so the users can't login as the radius doesn't authenticate them unless he can record them. Is there any solution to make the radius authenticate the users without insert records in the DB. thanks for your help -- regards, Amr el-Saeed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Band-Width Limitation
Dear All, i'm using freeradius 1.1.0 . i want to use the monthly counter function of the sqlcounter module. i want to use it to calculate Band-Width not time. i modified it and it is working fine but it sends the remaining allowed bandwidth in the attribute 'Session Timeout' and the associated code of-course. what i want is to change that code !! how can i do something like that ?? thanks for your help -- regards, Amr el-Saeed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html