Re: How do you pass Cleartext-Password from CHAP to another module
I think that should read %{control:Cleartext-Password}, not 'config'
On Wed, Feb 16, 2011 at 3:48 PM, Phil Mayers wrote:
> On 16/02/11 11:08, paul smith wrote:
>>
>> Thanks Phil,
>>
>> Unfortunately that doesn't seem to work. I get the following:
>>
>> Wed Feb 16 10:30:20 2011 : Info: [authz] expand: Cleartext-Password
>> -> Cleartext-Password
>> Wed Feb 16 10:30:20 2011 : Debug: WARNING: No such configuration item
>> Cleartext-Password
>
> Interesting.
>
> Could you post a proper debug:
>
> radiusd -X | tee log
>
> ...and then send the contents of "log"
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Treating octets as string
Just add the line:
ATTRIBUTE Class 25 string
to the end of raddb/dictionary. It will override the type defined in
the standard dictionaries, which you may not want to fiddle with too
much.
On Thu, Jan 27, 2011 at 2:45 PM, Brian Candler wrote:
> In an accounting server, I would like to be able to parse the Class
> attribute with a regexp to pull parts out. However the standard dictionary
> defines it as 'octets' which makes it hard to parse - and I'd like to avoid
> modifying the dictionary if possible.
>
> Copying it to a 'string' attribute doesn't help, because it gets
> hex-expanded at that point. e.g.
>
> Reply-Message := "%{Class}"
> }
>
> gives
>
> Class = 0x466f6f7c426172
> Reply-Message = "0x466f6f7c426172"
>
> I notice that recently a %{integer:...} expansion was added. Is there
> perhaps a case for a corresponding %{string:...} expansion? Or is there a
> better way to do this?
>
> Thanks,
>
> Brian.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Deleting stale session automatically with unlang
I should not give that error according to the source. It definitely
works in the latest version. Perhaps its the space between 'sql:' and
'UPDATE' that is preventing the parser from recognising it as a
non-select query. Try removing it?
On Sat, Jan 15, 2011 at 4:02 AM, Bishal Pun wrote:
> Hello Edi,
> Enclosing sql statement inside empty if gives same error:
>
> if(User-Name){
> if("%{sql: UPDATE radacct set
> AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND),
> AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and
> CallingStationId='%{Calling-Station-Id}' and AcctStopTime is NULL}"){
> }
> }
> Sat Jan 15 07:43:33 2011 : Auth: Login OK: [test] (from client nagios port
> 0)
> Sat Jan 15 07:44:47 2011 : Error: rlm_sql_mysql: MYSQL Error: No Fields
> Sat Jan 15 07:44:47 2011 : Error: rlm_sql_mysql: MYSQL error:
> Sat Jan 15 07:44:47 2011 : Info: rlm_sql_mysql: Starting connect to MySQL
> server for #3
> Sat Jan 15 07:44:47 2011 : Error: rlm_sql (sql): failed after re-connect
>
>
> On Fri, Jan 14, 2011 at 6:19 PM, Eddie Stassen wrote:
>>
>> On Fri, Jan 14, 2011 at 1:57 PM, Johan Meiring
>> wrote:
>> > On 2011/01/14 12:50 PM, Bishal Pun wrote:
>> >>
>> >> Alan,
>> >>
>> >> While running that command in mysql it clear the session of user. But
>> >> with
>> >> radius unlang it is giving error in radius log.
>> >>
>> >
>> > I might be wrong, but as far as I know rlm_mysql expects something to
>> > come
>> > back from the query.
>> >
>> > Can't think of a solution though unless rlm_mysql will allow somehting
>> > like
>> >
>> > "%{sql: SELECT 1; UPDATE radacct set
>> > AcctStopTime=ADDDATE(AcctStartTime,INTERVAL
>> > AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE
>> > UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and
>> > AcctStopTime is null}"
>> >
>> > --
>>
>> Enclosing the UPDATE in an empty 'if' works:
>>
>> if ("%{sql: UPDATE ...}") {
>> }
>>
>> That prevents the rlm_sql_mysql module from looking for returned fields.
>>
>> Eddie
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Deleting stale session automatically with unlang
On Fri, Jan 14, 2011 at 1:57 PM, Johan Meiring
wrote:
> On 2011/01/14 12:50 PM, Bishal Pun wrote:
>>
>> Alan,
>>
>> While running that command in mysql it clear the session of user. But
>> with
>> radius unlang it is giving error in radius log.
>>
>
> I might be wrong, but as far as I know rlm_mysql expects something to come
> back from the query.
>
> Can't think of a solution though unless rlm_mysql will allow somehting like
>
> "%{sql: SELECT 1; UPDATE radacct set
> AcctStopTime=ADDDATE(AcctStartTime,INTERVAL
> AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE
> UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and
> AcctStopTime is null}"
>
> --
Enclosing the UPDATE in an empty 'if' works:
if ("%{sql: UPDATE ...}") {
}
That prevents the rlm_sql_mysql module from looking for returned fields.
Eddie
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Use Event-Timestamp for Accounting Start/Stop with MySQL
On Tue, Dec 21, 2010 at 3:28 PM, Alan DeKok wrote:
> Eddie Stassen wrote:
>> 2.1.10 allows you to use "{%Event-Timestamp#}" to get date type
>> attributes printed in numeric format. It doesn't seem to be
>> documented, but its in the code.
>
> $ man unlang
>
> It's there.
>
Thanks, I was looking at the web man page at
http://freeradius.org/radiusd/man/unlang.html, which I now notice is
not quite up to date.
> There's enough stuff in the server that I'm starting to forget what it
> can do.
Thats one of the best parts of programming - looking over your old
code and finding all the awesome stuff you did and already forgot
about ;-)
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Use Event-Timestamp for Accounting Start/Stop with MySQL
On Tue, Dec 21, 2010 at 11:26 AM, Alan DeKok wrote:
> Juri Glaß wrote:
>> I would like to write the Event-Timestamp from Accounting Start/Stop
>> messages to my MySQL database instead of the server side time.
>>
>> I tried to configure the dialup.conf, but it doesn't work properly.
>>
>> I replaced %S with %{Event-Timestamp}, the result is "-00-00 00:00:00"
>> in the database, the log file says :
>> expand: UPDATE radacct SET acctstoptime = '%{Event-Timestamp}', ** snip
>> ** -> UPDATE radacct SET acctstoptime = 'Dec 21 2010 10:02:30 CET' ** snip
>> **
>
> i.e. the Event-Timestamp is not in an SQL format. That's why the %S
> variable exists.
>
>> When I use something like DATE_FORMAT(date,format) from MySQL, the format
>> string is somehow expanded. FROM_UNIXTIME isn't working either.
>>
>> I understand that unix timestamps are printed as strings like 'Dec 21 2010
>> 10:02:30 CET', but only for logging or for the sql statements too?
>
> For everything, unfortunately. They cannot currently be printed as
> 32-bit integers. Maybe in 2.1.11.
>
2.1.10 allows you to use "{%Event-Timestamp#}" to get date type
attributes printed in numeric format. It doesn't seem to be
documented, but its in the code.
Eddie
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: misconfigured adsl modems hammering my freeradius
Alan DeKok wrote: > Tom De Wispelaere wrote: > >> we are using freeradius (with mysql backend) in an isp environment for >> authentication and accounting of adsl modems. >> Some of these modems are misconfigured with a wrong password and try >> to authenticate every 5 secs or so, so i was wondering if there is a >> simple way to tell radius not to do a lookup every 5 secs for these >> particular modems... >> > > Don't list them in clients.conf? > > Use rlm_passwd to put them into a group, and send an Access-Reject > early in the authentication session. See "man rlm_passwd" and the FAQ. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Or allow them access, but apply a 'deny any any' access list. Keeps them quiet till they fix or reset the modem. Eddie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVPair. Question!
Chelisant Pavel wrote: Good day! I ve got radius server installed on my FreeBSD. All auth logs i receive from Cisco router stored in MYSQL DB Here the info i write down in mysql : example : NAS-IP-Address = 192.168.200.8 NAS-Port = 179 Cisco-NAS-Port = "Async179" NAS-Port-Type = Async User-Name = "depcomcor" Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "0413" Framed-Protocol = PPP Framed-IP-Address = 192.168.223.6 Acct-Terminate-Cause = Lost-Carrier Acct-Input-Octets = 188282 Acct-Output-Octets = 257069 Acct-Input-Packets = 884 Acct-Output-Packets = 916 Acct-Session-Time = 541 //its all ok till this moment How i should configure sql.conf to store subordinate info?? Cisco-AVPair = "disc-cause-ext=1011" Cisco-AVPair = "pre-bytes-in=112" Cisco-AVPair = "pre-bytes-out=171" Cisco-AVPair = "pre-paks-in=4" Cisco-AVPair = "pre-paks-out=8" Cisco-AVPair = "pre-session-time=51" Cisco-AVPair = "connect-progress=60" Cisco-AVPair = "nas-rx-speed=26400" Cisco-AVPair = "nas-tx-speed=12000" Acct-Delay-Time = 0 Thank you! Last time I looked you could'nt do this. I presume you are mainly interested in things like tx/rx speed. In that case you can specify the 'non-standard' option in you radius-server configs on the NAS, which will make the NAS send Ascend equivalent attributes instead of the Cisco-AVPairs. You can then store the Ascend stuff in your database. Here is a typical stop record using radius-server host 1.2.3.4 auth-port 1645 acct-port 1646 non-standard on the NAS: Wed Jan 28 00:00:01 2004 Acct-Session-Id = "000372DD" Framed-Protocol = PPP Framed-IP-Address = x.x.x.x Acct-Authentic = RADIUS Acct-Terminate-Cause = Lost-Carrier X-Ascend-Disconnect-Cause = 11 X-Ascend-Connect-Progress = 60 X-Ascend-PreSession-Time = 26 X-Ascend-Xmit-Rate = 28800 X-Ascend-Data-Rate = 48000 Acct-Session-Time = 1657 Acct-Input-Octets = 115908 Acct-Output-Octets = 2329924 X-Ascend-Pre-Input-Octets = 214 X-Ascend-Pre-Output-Octets = 99 Acct-Input-Packets = 1463 Acct-Output-Packets = 2007 X-Ascend-Pre-Input-Packets = 6 X-Ascend-Pre-Output-Packets = 4 User-Name = "[EMAIL PROTECTED]" Acct-Status-Type = Stop Calling-Station-Id = "0123456" Called-Station-Id = "0123456" NAS-Port-Type = Async NAS-Port = 176 Connect-Info = "48000/28800 V90/V44/LAPM (48000/26400)" Service-Type = Framed-User NAS-IP-Address = x.x.x.x - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
