Re: Max TNT not respecting my Default profile

2004-07-02 Thread Chris Brotsos 
On Jul 2, 2004, at 10:40 AM, Drew Weaver wrote:
Alan,
I assume Idle-Timeout = 900
Means that after 900 seconds (15min) of the connection being idle it 
will
drop?

I have it set that way right now and this connection I made has been 
active
for 44 minutes (idle)

You might have a setting on the NAS that is overriding the Idle-Timeout 
RADIUS attribute.

Do this:
1. read answer-defaults
2. list session-info
Take a look at what is set for "idle-timer"
What I can tell you for sure is that this is not a problem with RADIUS.
HTH,
Chris Brotsos
Any ideas?
-Drew
-Original Message-
From: Alan DeKok [mailto:[EMAIL PROTECTED]
Sent: Friday, July 02, 2004 10:18 AM
To: [EMAIL PROTECTED]
Subject: Re: Max TNT not respecting my Default profile
Drew Weaver <[EMAIL PROTECTED]> wrote:
	Sorry to bother you guys with this.. I just noticed that this
command  Ascend-Idle-Limit = 900 appears to have no effect on the 
length
of
time our Ascend Max TNT will allow a user to be idle.
  So use the standard attribute "Idle-Timeout"
  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Leading \000 in accounting-records

2004-04-30 Thread Chris Brotsos 
On Apr 30, 2004, at 2:04 PM, Alan DeKok wrote:

Chris Brotsos <[EMAIL PROTECTED]> wrote:
Just out of curiosity, was this bug just recently introduced into the
system? I ask because we are running a CVS head after 0.9.3 and don't
have this problem.
  No, it's most likely due to a client doing weird things.

  If the tag is zero, then the client SHOULD not put it in the
attribute.  FreeRADIUS doesn't.  Apparently some clients do.
Excellent, thanks Alan.

Chris

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Leading \000 in accounting-records

2004-04-30 Thread Chris Brotsos 
On Apr 30, 2004, at 1:37 PM, Alan DeKok wrote:

"Michael Markstaller" <[EMAIL PROTECTED]> wrote:
I'm getting some strange leading "\000" in some L2tp-attributes within
accounting records like (IPs are changed):
Tunnel-Server-Endpoint:0 =3D "\00010.11.1.1""
  It's a bug.

Just out of curiosity, was this bug just recently introduced into the 
system? I ask because we are running a CVS head after 0.9.3 and don't 
have this problem.

Thanks,

Chris

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Filtering Accounting-Data

2004-03-23 Thread Chris Brotsos 
If you have the accounting compatible version of attr_filter, you 
should be able to do this. Instantiate attr_filter before detail in the 
accounting config, and whatever pairs you decide to strip should not 
make it into the detail file.

HTH,

Chris
On Mar 23, 2004, at 9:58 AM, Oliver Zimmermann wrote:
Hi,

I hope, you can help me with an idea, how to filter/strip the 
"Framed-IP-Address" of customers from the accounting data.

At the moment, I delete the these lines in the detail logs, but I'd 
like to know, if there is a more elegant way to achieve this.

Has freeradius-0.9.3 a feature, to filter these incoming data or not 
to write it to the accounting logs?

Regards,
Oliver


- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem in Radius Proxy during FailOver --

2004-02-23 Thread Chris Brotsos 
List,

I have a patch to suggest at the bottom of this email.

Thanks,

Chris

On Feb 20, 2004, at 1:51 PM, Alan DeKok wrote:

Chris Brotsos <[EMAIL PROTECTED]> wrote:
Isn't this actually correct? According to the DOCS, if Synchronous is
set to Yes, then all of the other parameters should be set to 0. How
will the server 'know' what the retry_delay, retry_count, and 
dead_time
are?
  The server should have some configuration to use, to decide that a
home server hasn't responded in N seconds, and marks it dead.  That
time can probably be "retry_delay * retry_count".
  Some code probably needs to be added to the server to support this.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


Index: request_list.c
===
RCS file: /source/radiusd/src/main/request_list.c,v
retrieving revision 1.26
diff -u -r1.26 request_list.c
--- request_list.c  19 Feb 2004 21:40:58 -  1.26
+++ request_list.c  23 Feb 2004 17:03:19 -
@@ -916,6 +916,14 @@
 *  in the given retry window.
 */
if (mainconfig.proxy_synchronous) {
+   if (info->now > (request->timestamp + 
(mainconfig.proxy_retry_delay * mainconfig.proxy_retry_count))) {
+   rad_assert(request->child_pid == 
NO_SUCH_CHILD_PID);
+   request_reject(request);
+   
realm_disable(request->proxy->dst_ipaddr,
+ request->proxy->dst_port);
+   request->finished = TRUE;
+   goto setup_timeout;
+   }
request->proxy_next_try = info->now + 
mainconfig.proxy_retry_delay;
}
difference = request->proxy_next_try - info->now;

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem in Radius Proxy during FailOver --

2004-02-20 Thread Chris Brotsos 
On Feb 20, 2004, at 6:41 AM, Alan DeKok wrote:

"Sudhagar Chinnaswamy" <[EMAIL PROTECTED]> wrote:
The failover doesn't work if the "synchronous" parameter is set to
"yes". Can someone explain this behaviour ?
  It's probably a bug in the server.  I don't think that configuration
has been well tested.
Isn't this actually correct? According to the DOCS, if Synchronous is 
set to Yes, then all of the other parameters should be set to 0. How 
will the server 'know' what the retry_delay, retry_count, and dead_time 
are?

Chris

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html