Re: How do you pass Cleartext-Password from CHAP to another module
I think that should read %{control:Cleartext-Password}, not 'config' On Wed, Feb 16, 2011 at 3:48 PM, Phil Mayers wrote: > On 16/02/11 11:08, paul smith wrote: >> >> Thanks Phil, >> >> Unfortunately that doesn't seem to work. I get the following: >> >> Wed Feb 16 10:30:20 2011 : Info: [authz] expand: Cleartext-Password >> -> Cleartext-Password >> Wed Feb 16 10:30:20 2011 : Debug: WARNING: No such configuration item >> Cleartext-Password > > Interesting. > > Could you post a proper debug: > > radiusd -X | tee log > > ...and then send the contents of "log" > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Treating octets as string
Just add the line: ATTRIBUTE Class 25 string to the end of raddb/dictionary. It will override the type defined in the standard dictionaries, which you may not want to fiddle with too much. On Thu, Jan 27, 2011 at 2:45 PM, Brian Candler wrote: > In an accounting server, I would like to be able to parse the Class > attribute with a regexp to pull parts out. However the standard dictionary > defines it as 'octets' which makes it hard to parse - and I'd like to avoid > modifying the dictionary if possible. > > Copying it to a 'string' attribute doesn't help, because it gets > hex-expanded at that point. e.g. > > Reply-Message := "%{Class}" > } > > gives > > Class = 0x466f6f7c426172 > Reply-Message = "0x466f6f7c426172" > > I notice that recently a %{integer:...} expansion was added. Is there > perhaps a case for a corresponding %{string:...} expansion? Or is there a > better way to do this? > > Thanks, > > Brian. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Deleting stale session automatically with unlang
I should not give that error according to the source. It definitely works in the latest version. Perhaps its the space between 'sql:' and 'UPDATE' that is preventing the parser from recognising it as a non-select query. Try removing it? On Sat, Jan 15, 2011 at 4:02 AM, Bishal Pun wrote: > Hello Edi, > Enclosing sql statement inside empty if gives same error: > > if(User-Name){ > if("%{sql: UPDATE radacct set > AcctStopTime=ADDDATE(AcctStartTime,INTERVAL AcctSessionTime SECOND), > AcctTerminateCause='Clear-Stale Session' WHERE UserName='%{User-Name}' and > CallingStationId='%{Calling-Station-Id}' and AcctStopTime is NULL}"){ > } > } > Sat Jan 15 07:43:33 2011 : Auth: Login OK: [test] (from client nagios port > 0) > Sat Jan 15 07:44:47 2011 : Error: rlm_sql_mysql: MYSQL Error: No Fields > Sat Jan 15 07:44:47 2011 : Error: rlm_sql_mysql: MYSQL error: > Sat Jan 15 07:44:47 2011 : Info: rlm_sql_mysql: Starting connect to MySQL > server for #3 > Sat Jan 15 07:44:47 2011 : Error: rlm_sql (sql): failed after re-connect > > > On Fri, Jan 14, 2011 at 6:19 PM, Eddie Stassen wrote: >> >> On Fri, Jan 14, 2011 at 1:57 PM, Johan Meiring >> wrote: >> > On 2011/01/14 12:50 PM, Bishal Pun wrote: >> >> >> >> Alan, >> >> >> >> While running that command in mysql it clear the session of user. But >> >> with >> >> radius unlang it is giving error in radius log. >> >> >> > >> > I might be wrong, but as far as I know rlm_mysql expects something to >> > come >> > back from the query. >> > >> > Can't think of a solution though unless rlm_mysql will allow somehting >> > like >> > >> > "%{sql: SELECT 1; UPDATE radacct set >> > AcctStopTime=ADDDATE(AcctStartTime,INTERVAL >> > AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE >> > UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and >> > AcctStopTime is null}" >> > >> > -- >> >> Enclosing the UPDATE in an empty 'if' works: >> >> if ("%{sql: UPDATE ...}") { >> } >> >> That prevents the rlm_sql_mysql module from looking for returned fields. >> >> Eddie >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Deleting stale session automatically with unlang
On Fri, Jan 14, 2011 at 1:57 PM, Johan Meiring wrote: > On 2011/01/14 12:50 PM, Bishal Pun wrote: >> >> Alan, >> >> While running that command in mysql it clear the session of user. But >> with >> radius unlang it is giving error in radius log. >> > > I might be wrong, but as far as I know rlm_mysql expects something to come > back from the query. > > Can't think of a solution though unless rlm_mysql will allow somehting like > > "%{sql: SELECT 1; UPDATE radacct set > AcctStopTime=ADDDATE(AcctStartTime,INTERVAL > AcctSessionTime SECOND), AcctTerminateCause='Clear-Stale Session' WHERE > UserName='%{User-Name}' and CallingStationId='%{Calling-Station-Id}' and > AcctStopTime is null}" > > -- Enclosing the UPDATE in an empty 'if' works: if ("%{sql: UPDATE ...}") { } That prevents the rlm_sql_mysql module from looking for returned fields. Eddie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Use Event-Timestamp for Accounting Start/Stop with MySQL
On Tue, Dec 21, 2010 at 3:28 PM, Alan DeKok wrote: > Eddie Stassen wrote: >> 2.1.10 allows you to use "{%Event-Timestamp#}" to get date type >> attributes printed in numeric format. It doesn't seem to be >> documented, but its in the code. > > $ man unlang > > It's there. > Thanks, I was looking at the web man page at http://freeradius.org/radiusd/man/unlang.html, which I now notice is not quite up to date. > There's enough stuff in the server that I'm starting to forget what it > can do. Thats one of the best parts of programming - looking over your old code and finding all the awesome stuff you did and already forgot about ;-) > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Use Event-Timestamp for Accounting Start/Stop with MySQL
On Tue, Dec 21, 2010 at 11:26 AM, Alan DeKok wrote: > Juri Glaß wrote: >> I would like to write the Event-Timestamp from Accounting Start/Stop >> messages to my MySQL database instead of the server side time. >> >> I tried to configure the dialup.conf, but it doesn't work properly. >> >> I replaced %S with %{Event-Timestamp}, the result is "-00-00 00:00:00" >> in the database, the log file says : >> expand: UPDATE radacct SET acctstoptime = '%{Event-Timestamp}', ** snip >> ** -> UPDATE radacct SET acctstoptime = 'Dec 21 2010 10:02:30 CET' ** snip >> ** > > i.e. the Event-Timestamp is not in an SQL format. That's why the %S > variable exists. > >> When I use something like DATE_FORMAT(date,format) from MySQL, the format >> string is somehow expanded. FROM_UNIXTIME isn't working either. >> >> I understand that unix timestamps are printed as strings like 'Dec 21 2010 >> 10:02:30 CET', but only for logging or for the sql statements too? > > For everything, unfortunately. They cannot currently be printed as > 32-bit integers. Maybe in 2.1.11. > 2.1.10 allows you to use "{%Event-Timestamp#}" to get date type attributes printed in numeric format. It doesn't seem to be documented, but its in the code. Eddie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: misconfigured adsl modems hammering my freeradius
Alan DeKok wrote: > Tom De Wispelaere wrote: > >> we are using freeradius (with mysql backend) in an isp environment for >> authentication and accounting of adsl modems. >> Some of these modems are misconfigured with a wrong password and try >> to authenticate every 5 secs or so, so i was wondering if there is a >> simple way to tell radius not to do a lookup every 5 secs for these >> particular modems... >> > > Don't list them in clients.conf? > > Use rlm_passwd to put them into a group, and send an Access-Reject > early in the authentication session. See "man rlm_passwd" and the FAQ. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Or allow them access, but apply a 'deny any any' access list. Keeps them quiet till they fix or reset the modem. Eddie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVPair. Question!
Chelisant Pavel wrote: Good day! I ve got radius server installed on my FreeBSD. All auth logs i receive from Cisco router stored in MYSQL DB Here the info i write down in mysql : example : NAS-IP-Address = 192.168.200.8 NAS-Port = 179 Cisco-NAS-Port = "Async179" NAS-Port-Type = Async User-Name = "depcomcor" Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = "0413" Framed-Protocol = PPP Framed-IP-Address = 192.168.223.6 Acct-Terminate-Cause = Lost-Carrier Acct-Input-Octets = 188282 Acct-Output-Octets = 257069 Acct-Input-Packets = 884 Acct-Output-Packets = 916 Acct-Session-Time = 541 //its all ok till this moment How i should configure sql.conf to store subordinate info?? Cisco-AVPair = "disc-cause-ext=1011" Cisco-AVPair = "pre-bytes-in=112" Cisco-AVPair = "pre-bytes-out=171" Cisco-AVPair = "pre-paks-in=4" Cisco-AVPair = "pre-paks-out=8" Cisco-AVPair = "pre-session-time=51" Cisco-AVPair = "connect-progress=60" Cisco-AVPair = "nas-rx-speed=26400" Cisco-AVPair = "nas-tx-speed=12000" Acct-Delay-Time = 0 Thank you! Last time I looked you could'nt do this. I presume you are mainly interested in things like tx/rx speed. In that case you can specify the 'non-standard' option in you radius-server configs on the NAS, which will make the NAS send Ascend equivalent attributes instead of the Cisco-AVPairs. You can then store the Ascend stuff in your database. Here is a typical stop record using radius-server host 1.2.3.4 auth-port 1645 acct-port 1646 non-standard on the NAS: Wed Jan 28 00:00:01 2004 Acct-Session-Id = "000372DD" Framed-Protocol = PPP Framed-IP-Address = x.x.x.x Acct-Authentic = RADIUS Acct-Terminate-Cause = Lost-Carrier X-Ascend-Disconnect-Cause = 11 X-Ascend-Connect-Progress = 60 X-Ascend-PreSession-Time = 26 X-Ascend-Xmit-Rate = 28800 X-Ascend-Data-Rate = 48000 Acct-Session-Time = 1657 Acct-Input-Octets = 115908 Acct-Output-Octets = 2329924 X-Ascend-Pre-Input-Octets = 214 X-Ascend-Pre-Output-Octets = 99 Acct-Input-Packets = 1463 Acct-Output-Packets = 2007 X-Ascend-Pre-Input-Packets = 6 X-Ascend-Pre-Output-Packets = 4 User-Name = "[EMAIL PROTECTED]" Acct-Status-Type = Stop Calling-Station-Id = "0123456" Called-Station-Id = "0123456" NAS-Port-Type = Async NAS-Port = 176 Connect-Info = "48000/28800 V90/V44/LAPM (48000/26400)" Service-Type = Framed-User NAS-IP-Address = x.x.x.x - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html