Accouting time duratin calculation
Hi, how does freeradius calculate duration time? My NAS sends start and stop packet. In mysql table I can see accstarttime and accstoptime. Is the duration time automaticly created from start time and stop time or should NAS also send duration time? In other words is it possbile that freeradius automaticly calculate duration from start and stop packet:)? tnx! miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup.conf custom attributes failure in freeradius 2.2
On Jan 28, 2013, at 4:27 PM, Alan DeKok wrote: > Use the v2.x.x branch from git. > > We should release 2.2.1 soon. > > Alan DeKok. Hi Alan, I can wait till 2.2.1 is released, no problem, will wait for freebsd ports being updated with latest version and try again :) I just wanted to know if I am doing something wrong or something changed… Thanks for response!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup.conf custom attributes failure in freeradius 2.2
> yes, you dont seem to have 3GPP-IMSI in your dictionary file. thus the string > expansion fails Yes, that was my first thought but I am confident it is there, that's why it is strange… [root@server ~]# grep IMSI /usr/local/share/freeradius/dictionary.3gpp ATTRIBUTE 3GPP-IMSI 1 string ATTRIBUTE 3GPP-IMSI-MCC-MNC 8 string [root@server ~]# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup.conf custom attributes failure in freeradius 2.2
Hi, I need some help with inserting custom attributes to MySQL server. It seems that version 2.2 broke it, at least on my server… When I revert back to 2.1 it immediately starts to work with same config files. Below are config files and traces for both versions. Any idea? thanks, brm -- Relevant part of dialup.conf (modified to include custom attributes): accounting_start_query = " \ INSERT INTO ${acct_table1} \ (acctsessionid,acctuniqueid, username, \ imsi, imei, ms_timezone, \ rat_type, user_location_info,realm, \ nasipaddress, nasportid, \ nasporttype, acctstarttime,acctstoptime, \ acctsessiontime, acctauthentic,connectinfo_start, \ connectinfo_stop, acctinputoctets, acctoutputoctets, \ calledstationid, callingstationid, acctterminatecause, \ servicetype, framedprotocol, framedipaddress, \ acctstartdelay, acctstopdelay) \ VALUES \ ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \ '%{SQL-User-Name}', \ '%{3GPP-IMSI}', '%{3GGP-IMEISV}', '%{3GPP-MS-TimeZone}', \ '%{3GPP-RAT-type}', '%{3GPP-User-Location-Info}', '%{Realm}', \ '%{NAS-IP-Address}', '%{NAS-Port}', \ '%{NAS-Port-Type}', '%S', NULL, \ '0', '%{Acct-Authentic}', '%{Connect-Info}', \ '', '0', '0', \ '%{Called-Station-Id}', '%{Calling-Station-Id}', '', \ '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \ '%{%{Acct-Delay-Time}:-0}', '0')" Slightly modified dictionary.3gpp file to include custom attributes: # new attributes ATTRIBUTE 3GGP-IMEISV 20 string ATTRIBUTE 3GPP-RAT-type 21 byte ATTRIBUTE 3GPP-User-Location-Info 22 octets ATTRIBUTE 3GPP-MS-TimeZone23 integer has_tag # set RAT-TYPE VALUE 3GPP-RAT-Type Reserved0 VALUE 3GPP-RAT-Type UTRAN 1 VALUE 3GPP-RAT-Type GERAN 2 VALUE 3GPP-RAT-Type WLAN3 VALUE 3GPP-RAT-Type GAN 4 VALUE 3GPP-RAT-Type HSPA-Evolution 5 VALUE 3GPP-RAT-Type IEEE-802-16e101 VALUE 3GPP-RAT-Type 3GPP2-eHRPD 102 VALUE 3GPP-RAT-Type 3GPP2-HRPD 103 VALUE 3GPP-RAT-Type 3GPP2-1xRTT 104 VALUE 3GPP-RAT-Type 3GPP-EPS105 This is the accounting start record from debug mode: rad_recv: Accounting-Request packet from host port 54002, id=50, length=375 Acct-Status-Type = Start Event-Timestamp = "Jan 26 2013 18:20:08 CET" Framed-IP-Address = xxx Called-Station-Id = "xx" Calling-Station-Id = "xxx" NAS-IP-Address = xxx NAS-Identifier = "xxx" Service-Type = Framed-User NAS-Port-Type = Virtual Acct-Session-Id = "5BB9DD25a7846fd9" 3GPP-IMSI = "xxx" 3GPP-IMSI-MCC-MNC = "xxx" 3GPP-NSAPI = "5" 3GGP-IMEISV = "xxx" 3GPP-RAT-type = UTRAN 3GPP-User-Location-Info = 0x0192f307000a79be 3GPP-Charging-ID = 2810474457 3GPP-PDP-Type = IP 3GPP-Selection-Mode = "0" Error on version 2.2: ... +- entering group accounting {...} [sql] expand: %{Calling-Station-Id} -> [sql] sql_set_user escaped user --> 'x' [sql] WARNING: Unknown module "3GPP-IMSI" in string expansion "%', '%{3GGP-IMEISV}', '%{3GPP-MS-TimeZone}', '%{3GPP-RAT-type}', '%{3GPP-User-Location-Info}','%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0')" [sql] expand: /var/log/radius/sqltrace.sql -> /var/log/radius/sqltrace.sql rlm_sql (sql): Reserving sql socket id: 24 rlm_sql_mysql: query: INSERT INTO radacct (acctsessionid,acctuniqueid, username, imsi, imei, ms_timezone,rat_type, user_location_info, realm, nasipaddress, nasportid, nasporttype, acctstarttime,acctstoptime, acctsessiontime, acctauthentic,connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartde
Re: Realm
thanks! MIha Dne 1/23/2013 3:58 PM, piše Phil Mayers: On 23/01/13 14:47, Miha wrote: Hi, my radius client is sending with user-name and password aslo realm. I can not disable sending realm, is it possible to configure radius that will not user realm with user-name (user-name@realm)? [digest] Digest-Attributes look OK. Converting them to something more usful. *Digest-User-Name = "018108500"* *Digest-Realm = "test1.opensips.softnet.si"* Digest-Nonce = "510001fb0006c9cc728438be21e324f917a5ea234380" Digest-URI = "sip:+3858...@test1.opensips.test.si" Digest-Method = "INVITE" [digest] Adding Auth-Type = DIGEST ++[digest] returns ok [suffix] Looking up realm "test1.opensips.softnet.si" for User-Name = *"018108500@test1.opensips.**test.si*" [suffix] No such realm "test1.opensips.softnet.si" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> *018108500@test1.opensips.**test.si* Radius will need to chack only user-name (*018108500*). Sure. The easiest option is something like this: authorize { ... if (User-Name =~ /^(.+)@(.+)$/) { update request { Stripped-User-Name := "%{1}" Realm := "%{2}" } } ... } ...and then ensure your SQL/files/whatever modules use an appropriate expansion for their "key" value e.g. sql { ... sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name}}" ... } This is the default. So basically, you identify the realm yourself, set "Stripped-User-Name", and use that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realm
Hi, my radius client is sending with user-name and password aslo realm. I can not disable sending realm, is it possible to configure radius that will not user realm with user-name (user-name@realm)? [digest] Digest-Attributes look OK. Converting them to something more usful. *Digest-User-Name = "018108500"* *Digest-Realm = "test1.opensips.softnet.si"* Digest-Nonce = "510001fb0006c9cc728438be21e324f917a5ea234380" Digest-URI = "sip:+3858...@test1.opensips.test.si" Digest-Method = "INVITE" [digest] Adding Auth-Type = DIGEST ++[digest] returns ok [suffix] Looking up realm "test1.opensips.softnet.si" for User-Name = *"018108500@test1.opensips.**test.si*" [suffix] No such realm "test1.opensips.softnet.si" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop [sql] expand: %{User-Name} -> *018108500@test1.opensips.**test.si* Radius will need to chack only user-name (*018108500*). Thanks! Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: log error
On 11/5/2012 3:30 PM, Arran Cudbard-Bell wrote: On 5 Nov 2012, at 14:27, Arran Cudbard-Bell wrote: All signs point to tumblebeasts in the rlm_sql module. -Arran Apologies didn't mean to top post. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks to Arran, 2xAlan:), I was also looking in past users mail in mailing list and also see expentation from Alan:). Sorry for posting this before reading entire mailing list. BR; Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
log error
Hi, I am looking at this log radius file. What could be causing this? BR; Miha Mon Nov 5 08:35:03 2012 : Error: Discarding duplicate request from client intraswitch port 46634 - ID: 134 due to unfinished request 11902 Mon Nov 5 08:35:03 2012 : Error: Discarding duplicate request from client intraswitch port 40649 - ID: 231 due to unfinished request 11904 Mon Nov 5 09:10:02 2012 : Error: Discarding duplicate request from client intraswitch port 55647 - ID: 187 due to unfinished request 16624 Mon Nov 5 09:10:02 2012 : Error: Discarding duplicate request from client intraswitch port 57890 - ID: 139 due to unfinished request 16626 Mon Nov 5 09:25:03 2012 : Error: Discarding duplicate request from client intraswitch port 46201 - ID: 179 due to unfinished request 19014 Mon Nov 5 09:40:03 2012 : Error: Discarding duplicate request from client intraswitch port 38970 - ID: 184 due to unfinished request 21166 Mon Nov 5 09:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 46440 - ID: 227 due to unfinished request 21746 Mon Nov 5 09:50:02 2012 : Error: Discarding duplicate request from client intraswitch port 57355 - ID: 116 due to unfinished request 22475 Mon Nov 5 09:55:03 2012 : Error: Discarding duplicate request from client intraswitch port 48695 - ID: 154 due to unfinished request 23172 Mon Nov 5 10:00:02 2012 : Error: Discarding duplicate request from client intraswitch port 49085 - ID: 121 due to unfinished request 24106 Mon Nov 5 10:10:02 2012 : Error: Discarding duplicate request from client intraswitch port 36544 - ID: 26 due to unfinished request 25411 Mon Nov 5 10:20:02 2012 : Error: Discarding duplicate request from client intraswitch port 42534 - ID: 6 due to unfinished request 26755 Mon Nov 5 10:30:02 2012 : Error: Discarding duplicate request from client intraswitch port 32994 - ID: 173 due to unfinished request 28238 Mon Nov 5 11:00:03 2012 : Error: Discarding duplicate request from client intraswitch port 54529 - ID: 67 due to unfinished request 32859 Mon Nov 5 11:15:02 2012 : Error: Discarding duplicate request from client intraswitch port 56675 - ID: 60 due to unfinished request 35280 Mon Nov 5 11:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 60703 - ID: 225 due to unfinished request 39541 Mon Nov 5 12:03:12 2012 : Error: Discarding duplicate request from client intraswitch port 51296 - ID: 245 due to unfinished request 41695 Mon Nov 5 12:15:02 2012 : Error: Discarding duplicate request from client intraswitch port 35090 - ID: 24 due to unfinished request 42950 Mon Nov 5 12:20:02 2012 : Error: Discarding duplicate request from client intraswitch port 39325 - ID: 171 due to unfinished request 43408 Mon Nov 5 12:30:03 2012 : Error: Discarding duplicate request from client intraswitch port 36165 - ID: 89 due to unfinished request 44456 Mon Nov 5 12:40:02 2012 : Error: Discarding duplicate request from client intraswitch port 54846 - ID: 219 due to unfinished request 45559 Mon Nov 5 12:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 41737 - ID: 239 due to unfinished request 46056 Mon Nov 5 12:50:02 2012 : Error: Discarding duplicate request from client intraswitch port 34792 - ID: 111 due to unfinished request 46529 Mon Nov 5 13:05:02 2012 : Error: Discarding duplicate request from client intraswitch port 56632 - ID: 231 due to unfinished request 48180 Mon Nov 5 13:25:03 2012 : Error: Discarding duplicate request from client intraswitch port 50078 - ID: 75 due to unfinished request 50845 Mon Nov 5 13:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 33412 - ID: 88 due to unfinished request 53659 Mon Nov 5 14:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 50311 - ID: 25 due to unfinished request 60391 Mon Nov 5 15:03:05 2012 : Error: Discarding duplicate request from client intraswitch port 60010 - ID: 57 due to unfinished request 62264 Mon Nov 5 15:03:06 2012 : Error: Discarding duplicate request from client intraswitch port 35760 - ID: 215 due to unfinished request 62265 Mon Nov 5 15:03:06 2012 : Error: Discarding duplicate request from client intraswitch port 38622 - ID: 31 due to unfinished request 62266 Mon Nov 5 15:03:06 2012 : Error: Discarding duplicate request from client intraswitch port 33797 - ID: 214 due to unfinished request 62267 Mon Nov 5 15:03:06 2012 : Error: Discarding duplicate request from client intraswitch port 60010 - ID: 57 due to unfinished request 62264 Mon Nov 5 15:03:08 2012 : Error: Discarding duplicate request from client intraswitch port 40499 - ID: 176 due to unfinished request 62271 Mon Nov 5 15:03:08 2012 : Error: Discarding duplicate request from client intraswitch port 49325 - ID: 154 due to unfinished request 62272 Mon Nov 5 15:03:09 2012 : Error: Discarding duplicate request from client intraswitch port 40499 - ID: 176 due to unfinished
Re: simultaneous-Use is not worrking
Alan, just to let you know. I figure out where was the problem. In default file in session I was having set radutmp and also sql. After I comment radutmp and let just sql it begun to work:) Thanks! Miha On Sat, 03 Nov 2012 15:27:41 -0400 Alan DeKok wrote: > Miha wrote: > > i am turning out you due to issue with > simultaneous-Use. I > > readed mailing list but did not find any appropriate > > answer. > ... > > my config: > > > > [root@localhost sites-available]# radiusd -X > > FreeRADIUS Version 2.1.12, for host > ... > > Ready to process requests. > > The reason to post the debug output is to show what > happens when the > server receives a packet. You didn't show that. So the > debug output is > useless, and we can't help you. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: simultaneous-Use is not worrking
ute, Value, op FROM radgroupcheck WHERE groupname = 'testservice' ORDER BY id [sql] User found in group testservice [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'testservice' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "52166" [pap] Using clear text password "52166" [pap] User authenticated successfully ++[pap] returns ok # Executing section session from file /usr/local/etc/raddb/sites-enabled/default +- entering group session {...} [radutmp] expand: /usr/local/var/log/radius/radutmp -> /usr/local/var/log/radius/radutmp [radutmp] expand: %{User-Name} -> 018108753.enterprise ++[radutmp] returns ok # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 59 to xxx.xxx.xxx.xxx port 37173 Finished request 3. Going to the next request Waking up in 4.9 seconds. Cleaning up request 3 ID 59 with timestamp +3041 Ready to process requests. On Sat, 03 Nov 2012 15:27:41 -0400 Alan DeKok wrote: > Miha wrote: > > i am turning out you due to issue with > simultaneous-Use. I > > readed mailing list but did not find any appropriate > > answer. > ... > > my config: > > > > [root@localhost sites-available]# radiusd -X > > FreeRADIUS Version 2.1.12, for host > ... > > Ready to process requests. > > The reason to post the debug output is to show what > happens when the > server receives a packet. You didn't show that. So the > debug output is > useless, and we can't help you. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
simultaneous-Use is not worrking
_unique" from file /usr/local/etc/raddb/modules/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /usr/local/etc/raddb/modules/detail detail { detailfile = "/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" relaxed = no } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } # modules } # server server inner-tunnel { # from file /usr/local/etc/raddb/sites-enabled/inner-tunnel modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" relaxed = no } } # modules } # server radiusd: Opening IP addresses and Ports listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } listen { type = "control" listen { socket = "/usr/local/var/run/radiusd/radiusd.sock" } } listen { type = "auth" ipaddr = 127.0.0.1 port = 18120 } ... adding new socket proxy address * port 44469 Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. Thanks! Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius, memory consumption
Hi, I am using Freeradius for authorization with mysql. In my sql I have about 15k user entries and there si about 50 active calls all the time (just for information about traffic). Now Freeradius is in production for abot 4 months and I did not noticed any problems (works perfect). Today I noticed that it is using around 77% of memory. Is this normal? Thanks! Miha root 27533 0.0 77.4 13524108 9500600 ?Ssl Mar26 29:51 radiusd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rad client
@Fajar, thanks for you quick replay. I will ask vendor about it. BR, Miha On 2/14/2012 8:46 AM, Fajar A. Nugraha wrote: On Tue, Feb 14, 2012 at 2:34 PM, Miha Zoubek wrote: Hi, I need one information about radius behaviour regarding voip cdr (AAA). I know I get two stop packet and two start packets for every call that is made. For one softswitch I get session ID same for all paskets (stop&start for a leg, and stop&start for b leg), on other softswitch I get one session ID for one stop&start packet and other ID for second stop&start packet. So, for one softswitch as is only one ID I get one enetry in sql table, for other softswitch I get two enetries in my sql table as I get two session IDs. Which behaviour is right? I can't comment about softswitch, but a NAS in general should send only one acct start& stop for each session it handles. Unless they're re-sent due to transmission problems, in which case the session ID will be the same. I suggest you ask your softswitch vendor about that. If you know the difference betwenn those two different packets from the same session (e.g perhaps there's an attribute that's only present in one of them), then you should be able to filter it out so you can record only one entry per session in your acct table. -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rad client
Hi, I need one information about radius behaviour regarding voip cdr (AAA). I know I get two stop packet and two start packets for every call that is made. For one softswitch I get session ID same for all paskets (stop&start for a leg, and stop&start for b leg), on other softswitch I get one session ID for one stop&start packet and other ID for second stop&start packet. So, for one softswitch as is only one ID I get one enetry in sql table, for other softswitch I get two enetries in my sql table as I get two session IDs. Which behaviour is right? Thanks! Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update replay
On 2/13/2012 11:06 AM, Miha Zoubek wrote: On 2/13/2012 10:52 AM, Fajar A. Nugraha wrote: if ("%{NAS-IP-Address}" != "xxx.xxx.xxx.xxx"){ @Fajar sorry that I did not inform you about this. I have noticed right when I send email to the group. I have fix quotes but still getting error. fix: if (%{NAS-IP-Address} != "xxx.xxx.xxx.xxx"){ update reply { NAS-IP-Address = "%{NAS-IP-Address}" Acct-Multi-Session-Id = "%{Acct-Multi-Session-Id}" Acct-Session-Id = "%{Acct-Session-Id}" Event-Timestamp = "%{Event-Timestamp}" 3GPP2-Session-Termination-Capability = "%{3GPP2-Session-Termination-Capability}" 3GPP2-Prepaid-Acct-Quota = "%{3GPP2-Prepaid-Acct-Quota}" 3GPP2-Prepaid-acct-Capability = "%{3GPP2-Prepaid-acct-Capability}" # 3GPP2-Session-Termination-Capability = "{3GPP2-Session-Termination-Capability}" # Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} # 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator} } } Error: Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Bare %{...} is invalid in condition at: %{NAS-IP-Address} != "xxx.xxx.xxx.xxx") /usr/local/etc/raddb/sites-enabled/default[450]: Errors parsing post-auth section. [root@newbill sites-available]# BR, Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. Sorry:) forget. It is working perfectly:) Thanks! Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update replay
On 2/13/2012 10:52 AM, Fajar A. Nugraha wrote: if ("%{NAS-IP-Address}" != "xxx.xxx.xxx.xxx"){ @Fajar sorry that I did not inform you about this. I have noticed right when I send email to the group. I have fix quotes but still getting error. fix: if (%{NAS-IP-Address} != "xxx.xxx.xxx.xxx"){ update reply { NAS-IP-Address = "%{NAS-IP-Address}" Acct-Multi-Session-Id = "%{Acct-Multi-Session-Id}" Acct-Session-Id = "%{Acct-Session-Id}" Event-Timestamp = "%{Event-Timestamp}" 3GPP2-Session-Termination-Capability = "%{3GPP2-Session-Termination-Capability}" 3GPP2-Prepaid-Acct-Quota = "%{3GPP2-Prepaid-Acct-Quota}" 3GPP2-Prepaid-acct-Capability = "%{3GPP2-Prepaid-acct-Capability}" # 3GPP2-Session-Termination-Capability = "{3GPP2-Session-Termination-Capability}" # Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} # 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator} } } Error: Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Bare %{...} is invalid in condition at: %{NAS-IP-Address} != "xxx.xxx.xxx.xxx") /usr/local/etc/raddb/sites-enabled/default[450]: Errors parsing post-auth section. [root@newbill sites-available]# BR, Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update replay
On 2/13/2012 10:28 AM, Miha Zoubek wrote: On 2/13/2012 10:19 AM, Alan Buxey wrote: Hi, Hi, I have set in sql.conf multiple sql instance. I will also include further different dialup.conf for sql query. How can I configure default file in site-avalible as for one softswitch I do not need this variables to be replied: stick a if (%{NAS-IP-Address} != "192.168.0.1"){ } wrapper around it - where that IP address is the one you dont care about alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks for quick replay! Regards, Miha Hi, I have one problem: if (%{NAS-IP-Address} != "xxx.xxx.xxx.xxx"){ update reply { NAS-IP-Address = "%{NAS-IP-Address}" Acct-Multi-Session-Id = "%{Acct-Multi-Session-Id}" Acct-Session-Id = "%{Acct-Session-Id}" Event-Timestamp = "%{Event-Timestamp}" 3GPP2-Session-Termination-Capability = "%{3GPP2-Session-Termination-Capability}" 3GPP2-Prepaid-Acct-Quota = "%{3GPP2-Prepaid-Acct-Quota}" 3GPP2-Prepaid-acct-Capability = "%{3GPP2-Prepaid-acct-Capability}" # 3GPP2-Session-Termination-Capability = "{3GPP2-Session-Termination-Capability}" # Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} # 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator} } } I get this: Module: Checking post-auth {...} for more modules to load Bare %{...} is invalid in condition at: %{NAS-IP-Address} != "xxx.xxx.xx.xxx") /usr/local/etc/raddb/sites-enabled/default[450]: Errors parsing post-auth section. [root@newbill sites-available]# Thanks! -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update replay
On 2/13/2012 10:19 AM, Alan Buxey wrote: Hi, Hi, I have set in sql.conf multiple sql instance. I will also include further different dialup.conf for sql query. How can I configure default file in site-avalible as for one softswitch I do not need this variables to be replied: stick a if (%{NAS-IP-Address} != "192.168.0.1"){ } wrapper around it - where that IP address is the one you dont care about alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks for quick replay! Regards, Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
update replay
Hi, I have set in sql.conf multiple sql instance. I will also include further different dialup.conf for sql query. How can I configure default file in site-avalible as for one softswitch I do not need this variables to be replied: update reply { NAS-IP-Address = "%{NAS-IP-Address}" Acct-Multi-Session-Id = "%{Acct-Multi-Session-Id}" Acct-Session-Id = "%{Acct-Session-Id}" Event-Timestamp = "%{Event-Timestamp}" 3GPP2-Session-Termination-Capability = "%{3GPP2-Session-Termination-Capability}" 3GPP2-Prepaid-Acct-Quota = "%{3GPP2-Prepaid-Acct-Quota}" 3GPP2-Prepaid-acct-Capability = "%{3GPP2-Prepaid-acct-Capability}" # 3GPP2-Session-Termination-Capability = "{3GPP2-Session-Termination-Capability}" # Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} # 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator} } Thanks! Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More than one client
Hi @Fajar, yes that what I meant:) Thanks! Regards, Miha On 2/6/2012 12:05 PM, Fajar A. Nugraha wrote: On Mon, Feb 6, 2012 at 5:53 PM, Miha Zoubek wrote: Hi, I need a few information. We have to softswtichs, both are working with freeradius perfectly. Do you mean "two" softswtiches? Taking time to double-check what you write can help others understand your needs better. There is no problem to use to different clinets (softswitchs) to use one freeradious server. Problem is that softswitchs would need a different dialup.conf (for sql entry) and different default configuration for different AVP packets. I find it hard to understand what you meant there. Did you mean: - you want two softswitches to use one freeradius - each softswitch requires a different sql query is that correct? How to set to different dialup.conf and defult configuration? If you use FR2 (you should), see unlang: http://freeradius.org/radiusd/man/unlang.html Create two different instances of sql, each with its own dialup.conf. Then check for a unique attribute that the NAS sends (e.g. NAS-IP-Address) in authorize and accounting section (and whatever other sections you use). -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More than one client
Hi, I need a few information. We have to softswtichs, both are working with freeradius perfectly. There is no problem to use to different clinets (softswitchs) to use one freeradious server. Problem is that softswitchs would need a different dialup.conf (for sql entry) and different default configuration for different AVP packets. How to set to different dialup.conf and defult configuration? Thanks! Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with sql entry
Thanks @Fajar, I missed two different Acct-Session-Id. This the main reason for this. I fill chack why nas is sending different Acct-Session-ID regards, Miha On 12/20/2011 10:20 AM, Fajar A. Nugraha wrote: On Tue, Dec 20, 2011 at 3:55 PM, Miha Zoubek wrote: Hi, please help me out why I am getting two entries in mysql table (radacct) for outgoing call. If the call is answered I get two entries and one entry if the call is not answered (this is ok). Reason that I am asking this is that I do not see that my NAS is sending two start packet and to stop packet for answered call (you can see below). Please help me out understand why radius add two entries for stop packet if only one is send from NAS. First of all, if you're going to trim the debug log anyway, make sure you include debug from a full sesssion to make it easier to diagnose. 2. Call is answered. 3142.992787 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy RADIUS Accounting-Request(4) (id=195, l=265) 3142.994570 yyy.yyy.yyy.yyy -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=195, l=20) those two above most likely belong to a previous session. Accounting usually comes after Access-Request. So I don't think you need to include those. UNLESS your NAS is doing something funny, and it REALLY sends Accounting - Access Request - Accounting for a session. rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx port 48752, id=198, length=265 Acct-Status-Type = Start Acct-Session-Id = "d446d20a-6d1c-4ffd-9b59-1aedbf63b74c" I'd note Acct-Session-Id lines ... rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx port 35569, id=200, length=401 Acct-Status-Type = Stop Acct-Session-Id = "68507972-f9d9-46c7-bf22-59020602ffe2" ... and compare it with the next one. That's a different Acct-Session-Id, so it's two different sessions. Are you SURE you have two entries in radacct with Acct-Session-Id = "68507972-f9d9-46c7-bf22-59020602ffe2"? [sql] expand:UPDATE radacct SET acctstarttime = '%{Freeswitch-Callanswerdate}', acctstoptime = '%S', acctsessiontime= '%{Acct-Session-Time}', acctinputoctets= '%{%{Acct-Input-Gigawords}:-0}'<< 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}'<< 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' -> UPDATE radacct SET acctstarttime = '2011-12-20T09:49:30.669405=2B0100', acctstoptime = '2011-12-20 09:49:49', acctsessiontime= '3', acctinputoctets= '0'<< hmmm ... that query doesn't look right. " UPDATE radacct SET acctstarttime = '2011-12-20T09:49:30.669405=2B0100', acctstoptime = '2011-12-20 09:49:49', acctsessiontime= '3', acctinputoctets= '0'<< " seriously? Are you sure you didn't mess up the query while editing it manually? Or was it copy-and-paste error? Even acctstarttime looks wrong. [sql] expand:INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}'<< 32 | '%{%{Acct-Inpu Same thing here. It should print what the actual sql statement executed My best guess so far: - the double lines you see are from different session (i.e. different Acct-Session-Id). If so, the NAS sends two different acc
Problem with sql entry
User-Name = "123456789", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail]expand: %{Packet-Src-IP-Address} -> xxx.xxx.xxx.xxx [detail]expand: /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d -> /usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/detail-20111220 [detail] /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/detail-20111220 [detail]expand: %t -> Tue Dec 20 09:49:49 2011 ++[detail] returns ok ++[unix] returns ok [radutmp] expand: /usr/local/var/log/radius/radutmp -> /usr/local/var/log/radius/radutmp [radutmp] expand: %{User-Name} -> 123456789 rlm_radutmp: Logout entry for NAS xxx.xxx.xxx.xxx port 0 has wrong ID ++[radutmp] returns ok [sql] expand: %{User-Name} -> 123456789 [sql] sql_set_user escaped user --> '123456789' [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand:UPDATE radacct SET acctstarttime = '%{Freeswitch-Callanswerdate}', acctstoptime = '%S', acctsessiontime= '%{Acct-Session-Time}', acctinputoctets= '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Input-Octets}:-0}', acctoutputoctets = '%{%{Acct-Output-Gigawords}:-0}' << 32 | '%{%{Acct-Output-Octets}:-0}', acctterminatecause = '%{Acct-Terminate-Cause}', acctstopdelay = '%{%{Acct-Delay-Time}:-0}', connectinfo_stop = '%{Connect-Info}' WHERE acctsessionid = '%{Acct-Session-Id}' AND username = '%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}' ->UPDATE radacct SET acctstarttime = '2011-12-20T09:49:30.669405=2B0100', acctstoptime = '2011-12-20 09:49:49', acctsessiontime= '3', acctinputoctets= '0' << rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: %{Acct-Session-Time} -> 3 [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand: %{Acct-Input-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Input-Octets} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Gigawords} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Output-Octets} -> [sql] ... expanding second conditional [sql] expand: %{Acct-Delay-Time} -> 0 [sql] expand:INSERT INTO radacct (acctsessionid, acctuniqueid, username, realm, nasipaddress, nasportid, nasporttype, acctstarttime, acctstoptime, acctsessiontime, acctauthentic, connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32 | '%{%{Acct-Inpu rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> 123456789 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 200 to xxx.xxx.xxx.xxx port 35569 Finished request 50. Cleaning up request 50 ID 200 with timestamp +5710 Going to the next request Ready to process requests. -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius sql quastione
@Hi Alan, thank you for you answer. Is it possible to block second packages from NAS (that I would not get thous entries in my sqltables)? p.s.: I do not get any information about this issue on freeswitch maling list... 71.449050 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Request(4) (id=235, l=265) 71.517347 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=235, l=20) 73.536126 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Access-Request(1) (id=236, l=210) 73.567412 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Access-Accept(2) (id=236, l=20) 73.572794 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Request(4) (id=237, l=321) 73.574156 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=237, l=20) 83.482760 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Request(4) (id=238, l=401) 83.485670 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=238, l=20) 83.514594 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Request(4) (id=239, l=402) 83.516404 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=239, l=20) Regards, Miha On 11/9/2011 5:37 PM, Alan DeKok wrote: Miha Zoubek wrote: our freeradius is working with our softswitch perfect. All my columns in radacct are populating. That's good. Now I have set freeswitch and I also got it work with freeradius. This are two different softswitchs and I would like that bouth will populate same base. Problem appears as freeswitch is sending different attributes, so I make differences in dialup.conf (than the other softswitch will not populate right radacct table). This is why the SQL queries are editable. You can edit them to say "use attribute X, if it doesn't exist, use attribute Y". See "man unlang" for the syntax. Can I populate same base? But how to configure dialup.conf than? How can I set up in on radius to different base with to different dialup.conf (I must edit this file due to different attribute representation). Edit dialup.conf. Below you will find freeswitch attributes: Ok... which freeswitch attributes do you want to use? Which SQL column do they map to? Write that down. Then, edit the SQL queries as described above. P.s.: I am getting all inputs in radacct table duplicate. Can you help me out how can I deal with this issue? Your NAS is sending duplicate accounting packets. That's really how RADIUS works. You will need to figure out why the entries are duplicate (they're probably *not* duplicate), and figure out what fields make up the "same" session. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius sql quastione
Hi, our freeradius is working with our softswitch perfect. All my columns in radacct are populating. Now I have set freeswitch and I also got it work with freeradius. This are two different softswitchs and I would like that bouth will populate same base. Problem appears as freeswitch is sending different attributes, so I make differences in dialup.conf (than the other softswitch will not populate right radacct table). Can I populate same base? But how to configure dialup.conf than? How can I set up in on radius to different base with to different dialup.conf (I must edit this file due to different attribute representation). Below you will find freeswitch attributes: rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx port 33534, id=134, length=402 Acct-Status-Type = Stop Acct-Session-Id = "1d83c61f-3167-4c15-9da3-871cd76f3d7c" Freeswitch-Hangupcause = Normal-Clearing User-Name = "018108500" Freeswitch-Src = "018108500" Freeswitch-CLID = "018108500" Freeswitch-Dst = "051357952" Freeswitch-Dialplan = "XML" Framed-IP-Address = xxx.xxx.xxx.xxx Freeswitch-Context = "default" Freeswitch-Ani = "018108500" Freeswitch-Source = "mod_sofia" Freeswitch-Lastapp = "bridge" Freeswitch-Billusec = 2427061 Freeswitch-Callstartdate = "2011-11-09T14:30:45.095287+0100" Freeswitch-Callanswerdate = "2011-11-09T14:30:52.965479+0100" Freeswitch-Callenddate = "2011-11-09T14:30:55.392540+0100" Acct-Session-Time = 2 Freeswitch-Signalbond = "inbound" NAS-Port = 0 Acct-Delay-Time = 0 NAS-IP-Address = xxx.xxx.xxx.xxx # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default P.s.: I am getting all inputs in radacct table duplicate. Can you help me out how can I deal with this issue? I have put radius log on http://pastebin.freeswitch.org/17730 BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusclient problems
On 11/4/2011 3:01 PM, Fajar A. Nugraha wrote: On Fri, Nov 4, 2011 at 8:53 PM, Miha Zoubek wrote: Just curies do you maybe know if I can get radclient working with freeswitch? @Fajar I was trying to use with freeswitch as is written on http://wiki.freeswitch.org/wiki/Mod_rad_auth. But I am getting a few error s which I am unable to fix:) My GUESS it's similar to poptop setup. See http://wiki.freeradius.org/PopTop . In poptop's case you need to: - have a radius client library (vendor-provided package should be enough) - configure poptop to use the correct configuration file (radiusclient and radiusclient-ng has different configuration directory, but both should work) - configure additional needed dictionary items (e.g. to support MSCHAP, example in the wiki page) In your case I suggest try using distro-provided radiusclient first, and if it still doesn't work try checking radiusclient's dictionary. Thank you for help! BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusclient problems
On 11/4/2011 2:45 PM, Arran Cudbard-Bell wrote: On 4 Nov 2011, at 14:37, Fajar A. Nugraha wrote: On Fri, Nov 4, 2011 at 8:20 PM, Arran Cudbard-Bell wrote: On 4 Nov 2011, at 12:55, Miha Zoubek wrote: Sorry for bothering you. Is not radius client part of freeradius? No, radclient is part of FreeRADIUS @Arran: I think Miha is referring to http://wiki.freeradius.org/Radiusclient It's hard not to think it as part of FreeRADIUS when the first line of the wiki starts with "FreeRADIUS Client" It was adopted. It's like the orphan child that lives in the cupboard under the stairs. Arran Cudbard-Bell a.cudba...@freeradius.org Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ok I get it:) Thanks guys for information:) Just curies do you maybe know if I can get radclient working with freeswitch? @Fajar I was trying to use with freeswitch as is written onhttp://wiki.freeswitch.org/wiki/Mod_rad_auth. But I am getting a few error s which I am unable to fix:) BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusclient problems
On 11/4/2011 2:20 PM, Arran Cudbard-Bell wrote: On 4 Nov 2011, at 12:55, Miha Zoubek wrote: On 11/4/2011 12:12 PM, Phil Mayers wrote: On 04/11/11 10:53, Miha Zoubek wrote: Hi, I have installedradiusclient. When I start it for a test I get this: xxx.xxx.xxx.xxx: can't parse AV pair Radiusclientis on different server thatfreeradius. I checked dictionary s and all looks good. This isn't really a FreeRADIUS issue. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sorry for bothering you. Is not radius client part of freeradius? No, radclient is part of FreeRADIUS Arran Cudbard-Bell a.cudba...@freeradius.org <mailto:a.cudba...@freeradius.org> Betelwiki, Betelwiki, Betelwikihttp://wiki.freeradius.org/ ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This is written on Freeradius page: FreeRADIUS Client release is available from: ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.6.tar.bz2 Ok, do you meybe know where can I get help about this issue? Sorry for bothering you, but I really need some information to get this working. BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusclient problems
On 11/4/2011 12:12 PM, Phil Mayers wrote: On 04/11/11 10:53, Miha Zoubek wrote: Hi, I have installedradiusclient. When I start it for a test I get this: xxx.xxx.xxx.xxx: can't parse AV pair Radiusclientis on different server thatfreeradius. I checked dictionary s and all looks good. This isn't really a FreeRADIUS issue. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sorry for bothering you. Is not radius client part of freeradius? BR,Miha** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusclient problems
Hi, I have installedradiusclient. When I start it for a test I get this: xxx.xxx.xxx.xxx: can't parse AV pair Radiusclientis on different server thatfreeradius. I checked dictionary s and all looks good. Please help me out with this issue. Thank you! BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi, thank you for all your help!! Now it works perfectly!! Br, Miha On 9/26/2011 10:58 AM, Alan DeKok wrote: Miha Zoubek wrote: I add this to my post-auth { } section: update reply { 3GPP2-Prepaid-acct-Capability =%{request:3GPP2-Prepaid-acct-Capability} Acct-Multi-Session-Id =%{request:Acct-Multi-Session-Id} 3GPP2-Session-Termination-Capability =%{request:3GPP2-Session-Termination-Capability} 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator} Put quotes around the values, as suggested in another email, and in the "unlang" documentation. 3GPP2-Release-Indicator = "%{3GPP2-Release-Indicator}" And you don't need the "request" portion. The documentation says the "request" list is used by default. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
@Alexandre, I have one more question. I am looking at this post post-auth { } section. I can see that the values are not added to attributes in access-accept. For example: Module: Checking post-auth {...} for more modules to load /etc/raddb/sites-enabled/default[460]: ERROR: Failed to find IP address for %{request:NAS-IP-Address} /etc/raddb/sites-enabled/default[456]: Errors parsing post-auth section. if I look in access-reqest section (I have comment %{request:NAS-IP-Address}): Ready to process requests. rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx port 40239, id=140, length=206 Acct-Multi-Session-Id = "1317025759333" Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Calling-Station-Id = "81609000" NAS-Identifier = "intraswitch" NAS-IP-Address = xxx.xxx.xxx.xxx 3GPP2-Prepaid-acct-Capability = 0x01060002 3GPP2-Session-Termination-Capability = 1 h323-conf-id = "h323-conf-id=1317025759333" Vendor-Specific = 0x0009 Event-Timestamp = "Sep 26 2011 10:29:19 CEST" User-Name = "081609000" User-Password = "1122" I can see that the ip from NAS is send. If I have this line written (NAS-IP-Address = %{request:NAS-IP-Address}) the radius will not start. Should this be add the any other section then post-auth {...}? BR, MIha On 9/24/2011 2:43 PM, Alexandre Chapellon wrote: Le 23/09/2011 22:01, Miha a écrit : Hi @Alexandre, here is a copy from me default file: post-auth { # Get an address from the IP Pool. # main_pool update reply { 3GPP2-Prepaid-acct-Capability = %{request:3GPP2-Prepaid-acct-Capability} } update reply { Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} } IIRC I use double quoted variables in my config. Anyway, this is odd it happens for the second attributes and not the first one. I have also try this way, but still the same: update reply { 3GPP2-Prepaid-acct-Capability = %{request:3GPP2-Prepaid-acct-Capability} Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} } This sounds better. I do not see any problem with quotes. Thank you! Br, Miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4834972.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Alexandre Chapellon Ingénierie des systèmes open sources et réseaux. Follow me on twitter: @alxgomz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi @Alexandre, I add this to my post-auth { } section: update reply { 3GPP2-Prepaid-acct-Capability =%{request:3GPP2-Prepaid-acct-Capability} Acct-Multi-Session-Id =%{request:Acct-Multi-Session-Id} 3GPP2-Session-Termination-Capability =%{request:3GPP2-Session-Termination-Capability} 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator} } From the debug I get: } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load /etc/raddb/sites-enabled/default[462]: ERROR: Unknown value %{request:3GPP2-Session-Termination-Capability} for attribute 3GPP2-Session-Termination-Capability /etc/raddb/sites-enabled/default[456]: Errors parsing post-auth section. Why I am getting 3GPP2-Session-Termination-Capability as unknown value (I have this attribute in my dictionaries) as this value (value of 3GPP2-Session-Termination-Capability attribute) is send in access-request packet? For 3GPP2-Session-Termination-Capability =%{request:3GPP2-Session-Termination-Capability} I am still getting Acct-Multi-Session-Id = "%{request:Acct-Multi-Session-Id}". Here is access-request from Wireshark for batter pictre: access-request: Attribute Value Pairs AVP: l=15 t=Acct-Multi-Session-Id(50): 1317016867140 (I need this one in access-accept) Acct-Multi-Session-Id: 1317016867140 AVP: l=41 t=Vendor-Specific(26) v=Cisco(9) VSA: l=35 t=Unknown-Attribute(130): 683332332d63616c6c696e672d656e74657270726973652d... Unknown-Attribute: 683332332d63616c6c696e672d656e74657270726973652d... AVP: l=10 t=Calling-Station-Id(31): 81609000 Calling-Station-Id: 81609000 AVP: l=13 t=NAS-Identifier(32): intraswitch AVP: l=6 t=NAS-IP-Address(4): xxx.xxx.xxx.xxx AVP: l=14 t=Vendor-Specific(26) v=3GPP2(5535) (I need this one in access-accept) VSA: l=8 t=3GPP2-Prepaid-acct-Capability(91): 01060002 3GPP2-Prepaid-acct-Capability: 01060002 AVP: l=12 t=Vendor-Specific(26) v=3GPP2(5535) (I need this one in access-accept) VSA: l=6 t=3GPP2-Session-Termination-Capability(88): 1 3GPP2-Session-Termination-Capability: 1 AVP: l=34 t=Vendor-Specific(26) v=Cisco(9) VSA: l=28 t=h323-conf-id(24): h323-conf-id=1317016867140 h323-conf-id: h323-conf-id=1317016867140 AVP: l=6 t=Vendor-Specific(26) v=Cisco(9) AVP: l=6 t=Event-Timestamp(55): Sep 26, 2011 08:01:07.0 Central Europe Daylight Time AVP: l=11 t=User-Name(1): 081609000 AVP: l=18 t=User-Password(2): Encrypted Thank you! BR, Miha On 9/24/2011 2:43 PM, Alexandre Chapellon wrote: Le 23/09/2011 22:01, Miha a écrit : Hi @Alexandre, here is a copy from me default file: post-auth { # Get an address from the IP Pool. # main_pool update reply { 3GPP2-Prepaid-acct-Capability = %{request:3GPP2-Prepaid-acct-Capability} } update reply { Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} } IIRC I use double quoted variables in my config. Anyway, this is odd it happens for the second attributes and not the first one. I have also try this way, but still the same: update reply { 3GPP2-Prepaid-acct-Capability = %{request:3GPP2-Prepaid-acct-Capability} Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} } This sounds better. I do not see any problem with quotes. Thank you! Br, Miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4834972.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Alexandre Chapellon Ingénierie des systèmes open sources et réseaux. Follow me on twitter: @alxgomz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi @Alexandre, here is a copy from me default file: post-auth { # Get an address from the IP Pool. # main_pool update reply { 3GPP2-Prepaid-acct-Capability = %{request:3GPP2-Prepaid-acct-Capability} } update reply { Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} } I have also try this way, but still the same: update reply { 3GPP2-Prepaid-acct-Capability = %{request:3GPP2-Prepaid-acct-Capability} Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id} } I do not see any problem with quotes. Thank you! Br, Miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4834972.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi @Alen and @Alexandra, Hi, in radgroupreplay I have defined attribute 3GPP2-Prepaid-acct-Capability and put some value to it. I know this is wrong because this value should be dynamically get from Access-Request (attribute 3GPP2-Prepaid-acct-Capability). update reply { 3GPP2-Prepaid-acct-Capability = %{request:attributesValue} } What should be attributesValue if I whould like that attributesValue is value from Access-Request (attribute 3GPP2-Prepaid-acct-Capability)? If I am right this must I put in sites-available/default ? I have put it in default but replay is being sent in Accounting-Response packet. Thanks! BR, Miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4833410.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi, in radgroupreplay I have defined attribute 3GPP2-Prepaid-acct-Capability and put some value to it. I know this is wrong because this value should be dynamically get from Access-Request (attribute 3GPP2-Prepaid-acct-Capability). update reply { 3GPP2-Prepaid-acct-Capability= %{request:3GPP2-Prepaid-acct-Capability} } Is this right? If I am right this must I put in radiusd.conf ? Thanks! BR, Miha On 9/23/2011 2:00 PM, Alan DeKok wrote: Miha wrote: Problem is that I have put manually values for attributes in Accept packet (values should be from Access-Request) . What does that mean? How do you "manually add values" ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access Accept
Hi, I have read freeradius wiki and other topic on this forum concerning this thread but I did not find anything useful. I have problems whit Access Accept packet. I have put few attributes in radgroupreply. Now I can see attributes in Access Accept packet. Problem is that I have put manually values for attributes in Accept packet (values should be from Access-Request) . How can I add attributes values which was send in Access-Request to be send back in Access Accept? Thank you very much! BR, Miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4832711.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radgroup replay
Hello guys, I was bothering you one month ago about my radius problem with centile ( problem was that centile was not sending right secret). We have finally fixed this issue and now the call goes through. I am facing different problem. After I answer on phone my call is being dropped by centile because radius is not sending back few parameters. Do I have to put this parameters in radgroupreplay? thank you!!! Miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Radgroup-replay-tp4263674p4263674.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Thanks @Alan DeKok-2 and @Fajar A. Nugraha for your help! After exchanging few email with centile I noticed that they are unwilling to change there configuration setting. So dou to our softswitch (Centile) for voip It is just not so easy buy and set a new one. This radius that we have from Ibill (compatible with centile) we would relay like to replace due to problems with it. SO finaly Centile (from the start they telling us that the centile works with freeradius) said that centile is having problems with 3GPP2. Is there any way to get this working. Where the changes should be made on freeradius? Or to ask in a different way is there any way to get this working :) ? Thanks!! I have also tried with ACCEPT like @Fajar A. Nugrah said but I got this problem (finally my phone begun ringing but new problem rise with media): ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 212.13.228.58,NAS-IP-Address = 212.13.228.58,Acct-Session-Id = "129464837317821",User-Name = "081609000"' [acct_unique] Acct-Unique-Session-ID = "d9d5c2ea191e529f". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "081609000", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop Executing section accounting from file /etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radius/radacct/212.13.228.58/detail-20110110 [detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/212.13.228.58/detail-20110110 [detail] expand: %t -> Mon Jan 10 09:32:58 2011 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp [radutmp] expand: %{User-Name} -> 081609000 rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! ++[radutmp] returns noop ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} -> 081609000 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 3 to 212.13.228.58 port 35277 Finished request 4. Cleaning up request 4 ID 3 with timestamp +13 Going to the next request Waking up in 4.9 seconds. Cleaning up request 3 ID 66 with timestamp +13 Ready to process requests. [ Show » ] softnet added a comment - 10/Jan/11 09:53 AM Hello, what about this issue? I have put 081609000 to Accept in users file to try this way. The call reach the telefone but another problem appears due to port is not send in the request of NAS to freeradius. Thanks! ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "081609000", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry 081609000 at line 71 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = Accept Auth-Type = Accept, accepting the user Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 66 to 212.13.228.58 port 59985 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 212.13.228.58 port 35277, id=3, length=593 User-Name = "081609000" User-Password = "v7\265\345" Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Acct-Multi-Session-Id = "1294648373178" Calling-Station-Id = "81609000" Called-Station-Id = "38651357952" Cisco-AVPair = "h323-called-enterprise-id=NexTone" h323-remote-address = "h323-remote-address=212.13.249.90" Acct-Session-Id = "129464837317821" h323-conf-id = "h323-conf-id=1294648373178" h323-incoming-conf-id = "h323-incoming-conf-id=1294648373178" h323-call-origin = "h323-call-origin=originate" h323-call-type = "h323-call-type=VOIP" h323-setup-time = "h323-setup-time=08:32:53.182 GMT Mon Jan 10 2011" Acct-Multi-Session-Id = "1294648373178" h323-connect-time = "h323-connect-time=08:32:58.924 GMT Mon Jan 10 2011" h323-disconnect-time = "h323-disconnect-time=08:32:58.934 GMT Mon Jan 10 2011" h323-disconnect-cause = "h323-disconnect-cause=66" Acct-Status-Type = Stop Acct-Session-Time = 0 Event-Timestamp = "Jan 10 2011 09:32:58 CET" # Executing section preacct from file /etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 212.13.228.58,NAS-IP-Address = 212.13.228.58,Acct-Session-Id = "129464837317821",User-Name = "081609000"' [acct_unique] Acct-Un
Re: Voip database
Hello, I got answere what should I do that the freeradius will work with centile. Can you help me out where can I customized this settings? Thanks!!! miha Currently, there is a password matching issue because the User-Password encoding is different during the Authentication from the Authorization. During the Authentication step, the Centile's radius client send a User-Password encrypted with the secret. But during the Authorization step, we don't expect the Radius server to check again this password (which is sent anyway, I don't know if this is a bug or if it is required by Eyebill...). The Authorization request contains the attribute Acct-Status-Type with the value 17 that means "authorize only". It also contains the attribute Message-Authenticator with the digest value. So Freeradius should use those two attributes to accept or reject the request instead of the User-Name and User-Password. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3326679.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Voip database
Hello :) I got this from centile guys? I am now installing freeradius on different server with different equipment to see which section (equipment) is adding this fields to massagas. I have only one quastion. I am running freeradius on ESXi as a Vmware machine. Could this be the cause of the problem? THanks!!! According to the log, first step is done correctly. Issue is located on the second request, due to password received: User-Password = "{" It seems that Radius server receives a request which is not formatted correctly. Do you have any equipment used as proxy between IntraSwitch and Radius ? Some fields not provided by IntraSwitch are added into messages as the following: Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Do you have a specific architecture which would cause such behavior ? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3319133.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Voip database
Thank you very much for you help!!! I will ask them that and that I will report back! Thanks guys! miha > Date: Tue, 21 Dec 2010 18:11:21 +0700 > Subject: Re: Voip database > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Tue, Dec 21, 2010 at 3:52 PM, Miha Zoubek wrote: > > Belive me that I am asking centile people to. And to let you know I have > > begun asking centile.com before I made first post on this forum. > > I noticed from you earlier debug output that the NAS is sending > different attributes. The working one (I selected some attributes > only): > >NAS-Identifier = "intraswitch" >NAS-IP-Address = 1.2.3.4 >3GPP2-Prepaid-acct-Capability = 0x01060002 >3GPP2-Session-Termination-Capability = 1 >h323-conf-id = "h323-conf-id=1292574457509" >Vendor-Specific = 0x0009 > > the non working one > >Called-Station-Id = "38651357952" >Cisco-AVPair = "h323-called-enterprise-id=External" >h323-remote-address = "h323-remote-address=unknown" >Acct-Session-Id = "129257445750920" >h323-conf-id = "h323-conf-id=1292574457509" >h323-incoming-conf-id = "h323-incoming-conf-id=1292574457509" >3GPP2-Prepaid-Acct-Quota = 0x0a06564f495008040002 >Acct-Status-Type = One-Time >Message-Authenticator = 0x6f793daff586ab35701631c5f2a48d96 > > why is that? > It almost seems like the request was made from two different NAS. In > your question to centile people, it might help to also ask whether the > device has more than one radius config section. > > -- > Fajar > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Voip database
Belive me that I am asking centile people to. And to let you know I have begun asking centile.com before I made first post on this forum. thanks! > Date: Tue, 21 Dec 2010 09:44:47 +0100 > From: al...@deployingradius.com > To: freeradius-users@lists.freeradius.org > Subject: Re: Voip database > > miha- wrote: > > ##- Activate RADIUS connection > > setProperty com.centile.connectors.aaa.watchdog.enable false > > setProperty com.centile.connectors.aaa radius > > setProperty com.centile.connectors.aaa.localserv intraswitch > > setProperty com.centile.connectors.aaa.localpass 1122 > > setProperty com.centile.connectors.aaa.remotserv 1.2.3.5 (ip of freeradius) > > setProperty com.centile.connectors.aaa.remotport 1812 > > setProperty com.centile.connectors.aaa.calltype any > > Go ask the centile.com people why their RADIUS client doesn't work. > > It is *not* our problem. > > FreeRADIUS works with Cisco, Juniper, HP, SIP servers, firewalls, > switches, routers, open source, closed source, etc. > > Let me guess: in all of your time taken posting to this list, you > haven't bothered asking the centile.com people any questions. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
1. My ip 1.2.3.4 (if will not post right one for security reasons) 2. Configuration on NAS ##- Activate RADIUS connection setProperty com.centile.connectors.aaa.watchdog.enable false setProperty com.centile.connectors.aaa radius setProperty com.centile.connectors.aaa.localserv intraswitch setProperty com.centile.connectors.aaa.localpass 1122 setProperty com.centile.connectors.aaa.remotserv 1.2.3.5 (ip of freeradius) setProperty com.centile.connectors.aaa.remotport 1812 setProperty com.centile.connectors.aaa.calltype any 3. clients.conf client 1.2.3.4 (ip nas) { secret = 1122 shortname = intraswitch nastype = cisco # require_message_authenticator = no } Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3313149.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Thank you @Johan Meiring for that. It is not my intend to spam the group and asking same question again and again. Belive me that I have done everything that you said (I changed secret on the NAS and ond the radius and I restarted both,...). So please help me out with this problem. I can see that the secret is wrong. But why? First request goes through: +- entering group PAP {...} [pap] login attempt with password "1122" [pap] Using clear text password "1122" [pap] User authenticated successfully But the second what is rejected due to wrong secret. User-Name = "081609000" User-Password = "\257+\360\350" [pap] login attempt with password "¯+ðè" [pap] Using clear text password "1122" [pap] Passwords don't match SO this I am asking. If the first time secret is right and for the second request is wrong. Could the different encryption (the is sending nas) is causing the problem? I have also looked at the AVP pairs that the freeradius is sending to nas. IF I looked at the AVP pairs which are send from our radius (Ibill solution) to NAS I see that the freeradius is not sending all AVP pairs. Could this be cause of problem? I am realy greadful for you help! miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3313123.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Hello, this is user-name and password for phone that is registered on NAS. NAS is sending authentication to freeradius server. Is not shared secret different thing? I have shared secret entered in clients.conf and in sql NAS table. First he is trying with password 1122 for user name 081609000 and this is accepted: +- entering group PAP {...} [pap] login attempt with password "1122" [pap] Using MD5 encryption. [pap] User authenticated successfully ++[pap] returns ok # Executing section post Than he is trying with User-Password = "\022\312w\014 but the password is set on 1122 Why? Thank you p.s.: if I try with radtest everything goes throught! miha User-Password = "\022\312w\014" -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3309176.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Hello, in wireshark I can see now that the first request for access goes throught but the second one for accounting is rejected. Can you help me out why? What about encryption ? The secret on the nas server and on the radius is 100% same. Where can I look for this? I have chacked everything you said for now. Thanks! Miha Cleaning up request 1 ID 176 with timestamp +12 Ready to process requests. rad_recv: Access-Request packet from host 1.2.3.4 port 55983, id=139, length=206 Acct-Multi-Session-Id = "1292574457509" Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Calling-Station-Id = "81609000" NAS-Identifier = "intraswitch" NAS-IP-Address = 1.2.3.4 3GPP2-Prepaid-acct-Capability = 0x01060002 3GPP2-Session-Termination-Capability = 1 h323-conf-id = "h323-conf-id=1292574457509" Vendor-Specific = 0x0009 Event-Timestamp = "Dec 17 2010 09:27:37 CET" User-Name = "081609000" User-Password = "1122" # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "081609000", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [pgsql-voip]expand: %{User-Name} -> 081609000 [pgsql-voip] sql_set_user escaped user --> '081609000' rlm_sql (pgsql-voip): Reserving sql socket id: 22 [pgsql-voip]expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '081609000' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 3 , fields = 5 [pgsql-voip] User found in radcheck table [pgsql-voip]expand: SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radreply WHERE Username = '081609000' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 [pgsql-voip]expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='081609000' ORDER BY priority rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 1 [pgsql-voip]expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName = 'dynamic' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 1 , fields = 5 [pgsql-voip] User found in group dynamic [pgsql-voip]expand: SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id, GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName = 'dynamic' ORDER BY id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: query affected rows = 4 , fields = 5 rlm_sql (pgsql-voip): Released sql socket id: 22 ++[pgsql-voip] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Normalizing MD5-Password from hex encoding [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "1122" [pap] Using MD5 encryption. [pap] User authenticated successfully ++[pap] returns ok # Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 139 to 1.2.3.4 port 55983 Vendor-Specific := 0x3347505032 3GPP2-Prepaid-acct-Capability := 0x303130363030303030303032 3GPP2-Session-Termination-Capability := 1 3GPP2-Release-Indicator := 0 Finished request 2. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 1.2.3.4 port 55121, id=193, length=335 User-Name = "081609000" User-Password = "\022\312w\014" Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Acct-Multi-Session-Id = "1292574457509" Calling-Station-Id = "81609000" Called-Station-Id = "38651357952" Cisco-AVPair = &quo
RE: Voip database
Hello, I have tried with radtest from other server with the same configuration:I get this (this is ok) : pap] returns noopFound Auth-Type = PAP# Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt with password "12345"[pap] Using clear text password "12345"[pap] User authenticated successfully++[pap] returns ok# Executing section post-auth from file /etc/raddb/sites-enabled/default+- entering group post-auth {...}++[exec] returns noopSending Access-Accept of id 57 to 1.2.3.4 port 56067 Framed-Compression := Van-Jacobson-TCP-IPFramed-Protocol := PPP Service-Type := Framed-UserFinished request 0.Going to the next req When I try with same configuration from NAS I get:I guss that is something wrong with my NAS? +[expiration] returns noop++[logintime] returns noop[pap] WARNING: Auth-Type already set. Not setting to PAP++[pap] returns noopFound Auth-Type = PAP# Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt with password "áø{k?"[pap] Using clear text password "12345"[pap] Passwords don't match++[pap] returns rejectFailed to authenticate the user. WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Thank you!!! > Date: Wed, 8 Dec 2010 16:42:36 +0100 > From: al...@deployingradius.com > To: freeradius-users@lists.freeradius.org > Subject: Re: Voip database > > Miha Zoubek wrote: > > Ok, if I set operation := I get this ( secret is 100% right) > > Sorry... changing the contents of the "radcheck" table has *no* effect > on the shared secret for the client. > > Something else is going on. > > Since you previously butchered the default configuration and broke it, > my guess would be that you've broken something else, too. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Voip database
Ok, if I set operation := I get this ( secret is 100% right) _sql_postgresql: query affected rows = 3 , fields = 5rlm_sql (pgsql-voip): Released sql socket id: 11++[pgsql-voip] returns ok++[expiration] returns noop++[logintime] returns noop[pap] WARNING: Auth-Type already set. Not setting to PAP++[pap] returns noopFound Auth-Type = PAP# Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt with password " ûñ±?"[pap] Using clear text password "12345"[pap] Passwords don't match++[pap] returns rejectFailed to authenticate the user. WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS!Using Post-Auth-Type Reject# Executing group from file /etc/raddb/sites-enabled/default+- entering group REJECT {...}[attr_filter.access_reject] expand: %{User-Name} -> 081609000 attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject] returns updated From: miha_zou...@hotmail.com To: freeradius-users@lists.freeradius.org Subject: RE: Voip database Date: Wed, 8 Dec 2010 14:22:10 + Thank you for your help! I included dailup.conf in voip-postpaid.conf.Now I getting different error: I have put this in tables: Nas: nasname: intraswitch, shortname: intraswitch, type: other, port: 1812: sercet: b, server: 1.2.3.4 (ip server), nad for comunity and dicription nullRadcheck: id: 1, username: 081609000, attribure: Cleartext-Password, Value: 12345, op: :=Radreply: id:1 , username: 081609000: atributte: Fall-Through, op: =, vaule: yes Thank you! ecv: Access-Request packet from host 212.13.228.58 port 38380, id=198, length=206Acct-Multi-Session-Id = "1291817780502"Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Calling-Station-Id = "81609000"NAS-Identifier = "intraswitch" NAS-IP-Address = 212.13.228.583GPP2-Prepaid-acct-Capability = 0x010600023GPP2-Session-Termination-Capability = 1 h323-conf-id = "h323-conf-id=1291817780502"Vendor-Specific = 0x0009 Event-Timestamp = "Dec 8 2010 15:16:20 CET"User-Name = "081609000"User-Password = "12345"# Executing section authorize from file /etc/raddb/sites-enabled/default+- entering group authorize {...}++[preprocess] returns ok++[chap] returns noop++[mschap] returns noop++[digest] returns noop[suffix] No '@' in User-Name = "081609000", looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No EAP-Message, not doing EAP++[eap] returns noop[pgsql-voip]expand: %{User-Name} -> 081609000[pgsql-voip] sql_set_user escaped user --> '081609000'rlm_sql (pgsql-voip): Reserving sql socket id: 24[pgsql-voip] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '081609000' ORDER BY idrlm_sql_postgresql: Status: PGRES_TUPLES_OKrlm_sql_postgresql: query affected rows = 1 , fields = 5[pgsql-voip]expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='081609000' ORDER BY priorityrlm_sql_postgresql: Status: PGRES_TUPLES_OKrlm_sql_postgresql: query affected rows = 0 , fields = 1rlm_sql (pgsql-voip): Released sql socket id: 24[pgsql-voip] User 081609000 not found++[pgsql-voip] returns notfound++[expiration] returns noop++[logintime] returns noop[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.++[pap] returns noopERROR: No authenticate method (Auth-Type) found for the request: Rejecting the userFailed to authenticate the user.Using Post-Auth-Type Reject# Executing group from file /etc/raddb/sites-enabled/default+- entering group REJECT {...}[attr_filter.access_reject] expand: %{User-Name} -> 081609000 attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject] returns updatedDelaying reject of request 0 for 1 secondsGoing to the next requestWaking up in 0.9 seconds.rad_recv: Access-Request packet from host 212.13.228.58 port 38380, id=198, length=206Waiting to send Access-Reject to client intraswitch port 38380 - ID: 198Sending delayed reject for request 0Sending Access-Reject of id 198 to 212.13.228.58 port 38380Waking up in 4.9 seconds. > Date: Wed, 8 Dec 2010 16:29:27 +0700 > Subject: Re: Voip database > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Wed, Dec 8, 2010 at 2:55 PM, Miha Zoubek wrote: > > I have replace voip-postpaid.conf with new one but still the same. &
RE: Voip database
Thank you for your help! I included dailup.conf in voip-postpaid.conf.Now I getting different error: I have put this in tables: Nas: nasname: intraswitch, shortname: intraswitch, type: other, port: 1812: sercet: b, server: 1.2.3.4 (ip server), nad for comunity and dicription nullRadcheck: id: 1, username: 081609000, attribure: Cleartext-Password, Value: 12345, op: :=Radreply: id:1 , username: 081609000: atributte: Fall-Through, op: =, vaule: yes Thank you! ecv: Access-Request packet from host 212.13.228.58 port 38380, id=198, length=206Acct-Multi-Session-Id = "1291817780502"Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Calling-Station-Id = "81609000"NAS-Identifier = "intraswitch" NAS-IP-Address = 212.13.228.583GPP2-Prepaid-acct-Capability = 0x010600023GPP2-Session-Termination-Capability = 1 h323-conf-id = "h323-conf-id=1291817780502"Vendor-Specific = 0x0009 Event-Timestamp = "Dec 8 2010 15:16:20 CET"User-Name = "081609000"User-Password = "12345"# Executing section authorize from file /etc/raddb/sites-enabled/default+- entering group authorize {...}++[preprocess] returns ok++[chap] returns noop++[mschap] returns noop++[digest] returns noop[suffix] No '@' in User-Name = "081609000", looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No EAP-Message, not doing EAP++[eap] returns noop[pgsql-voip]expand: %{User-Name} -> 081609000[pgsql-voip] sql_set_user escaped user --> '081609000'rlm_sql (pgsql-voip): Reserving sql socket id: 24[pgsql-voip] expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE Username = '081609000' ORDER BY idrlm_sql_postgresql: Status: PGRES_TUPLES_OKrlm_sql_postgresql: query affected rows = 1 , fields = 5[pgsql-voip]expand: SELECT GroupName FROM radusergroup WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM radusergroup WHERE UserName='081609000' ORDER BY priorityrlm_sql_postgresql: Status: PGRES_TUPLES_OKrlm_sql_postgresql: query affected rows = 0 , fields = 1rlm_sql (pgsql-voip): Released sql socket id: 24[pgsql-voip] User 081609000 not found++[pgsql-voip] returns notfound++[expiration] returns noop++[logintime] returns noop[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this.++[pap] returns noopERROR: No authenticate method (Auth-Type) found for the request: Rejecting the userFailed to authenticate the user.Using Post-Auth-Type Reject# Executing group from file /etc/raddb/sites-enabled/default+- entering group REJECT {...}[attr_filter.access_reject] expand: %{User-Name} -> 081609000 attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject] returns updatedDelaying reject of request 0 for 1 secondsGoing to the next requestWaking up in 0.9 seconds.rad_recv: Access-Request packet from host 212.13.228.58 port 38380, id=198, length=206Waiting to send Access-Reject to client intraswitch port 38380 - ID: 198Sending delayed reject for request 0Sending Access-Reject of id 198 to 212.13.228.58 port 38380Waking up in 4.9 seconds. > Date: Wed, 8 Dec 2010 16:29:27 +0700 > Subject: Re: Voip database > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Wed, Dec 8, 2010 at 2:55 PM, Miha Zoubek wrote: > > I have replace voip-postpaid.conf with new one but still the same. > > I this configuration file (voip-postpaid.conf) is written: > > uthcheck_table = "radcheck" > > authreply_table = "radreply" > > groupcheck_table = "radgroupcheck" > > groupreply_table = "radgroupreply" > > usergroup_table = "radusergroup" > > Perhaps we started on the wrong assumptions. > What do you intend to use postgresql for? Is it > (a) only to store accounting data, or > (b) to store user names/password AND accounting data > > if it's (a), then there should be nothing wrong with your first > config. You simply need to place user data for "081609000" in whatever > "database" you choose (whether it's users file, or something else). > The error could simply be because you haven't define that user yet. > > > If it's (b), then you need to forget for a moment that you're using it > for voip. It doesn't really matter with regards to the problem you're > facing. Get freeradius working with postgresql first. > > Your debug log says >
RE: Voip database
I have replace voip-postpaid.conf with new one but still the same. I this configuration file (voip-postpaid.conf) is written: uthcheck_table = "radcheck"authreply_table = "radreply" groupcheck_table = "radgroupcheck"groupreply_table = "radgroupreply" usergroup_table = "radusergroup" But in readme file is written that I must import cisco_h323_db_schema.sql in postgresql. In this shema (cisco_h323_db_schema.sql) there is no rad check or radreplay, only startvoip, etc. Thank you very much with your help!!! miha > Date: Tue, 7 Dec 2010 22:43:32 +0700 > Subject: Re: Voip database > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Tue, Dec 7, 2010 at 9:39 PM, Miha Zoubek wrote: > > I put it there but still the same problem: > > No, it's not. It's a different problem. Look at the debug log you > posted and you'll see it's a different problem altogether. > > > [pgsql-voip]expand: %{User-Name} -> 081609000 > > [pgsql-voip] sql_set_user escaped user --> '081609000' > > rlm_sql (pgsql-voip): Reserving sql socket id: 24 > > [pgsql-voip]expand: -> > > [pgsql-voip] Error generating query; rejecting user > > I'd focus on the last two lines. > If the contents of your sql conf file contains something like this > (as shown in your previous debug) > >authorize_check_query = "" >authorize_group_check_query = "" >authorize_group_reply_query = "" > > then the simple answer is you broke the config. Look at the original > .conf file that comes with the distro/freeradius source (should be > dialup.conf or some other file under /etc/raddb/sql or its > subdirectory). > > -- > Fajar > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
I have uncomment only this # Cisco VoIP specific bulk accounting pgsql-voip under accounting section. I have not found it under authorize and authenticate. Must I put it there? Thanks! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3295827.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Voip database
Hello, I need a little help:) I am setting radius for voip. I comment sql in default file (authorize, Authentication) and I enable voip-postpaid for postgresql. I have import filw for databases in /etc/raddb/sql/postgresql/shema.sql. Please help me out! thanks! I have put users in table but I am getting this error: Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql/postgresql/voip-postpaid.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/default main { user = "radiusd" group = "radiusd" allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/radius" libdir = "/usr/lib64/freeradius" radacctdir = "/var/log/radius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/radiusd/radiusd.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = "auth" secret = "testing123" response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "status-server" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 irt = 2 mrt = 16
Help, authentication problems!!
Hello, I am having problems with authentication. I chacked secret on NAS and on Radius server. Bouth are some but the radius is keep telling to check the secret. What could be worng or I am missing ? Thanks!!! This is configuration on nas. ##- Activate RADIUS connection setProperty com.centile.connectors.aaa.watchdog.enable false setProperty com.centile.connectors.aaa radius setProperty com.centile.connectors.aaa.localserv intraswitch setProperty com.centile.connectors.aaa.localpass b(secret) setProperty com.centile.connectors.aaa.remotserv 1.2.3.4 setProperty com.centile.connectors.aaa.remotport 1812 setProperty com.centile.connectors.aaa.calltype any -- This is in cliente.cong client 212.13.228.58 { secret = b shortname = intraswitch nastype = cisco 1. Sample If I typed wrong pass in sql for user authentication I see password from user connection (12345) but it is wrong (12 in sql). In sample 2 I put right pass in sql for user, but you can see that is the radius is showing me that is encrypted and saying me WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! . why? 1. Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "12345" [pap] Using clear text password "12" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file 2. ap] returns noop [sql] expand: %{User-Name} -> 081609000 [sql] sql_set_user escaped user --> '081609000' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = '081609000' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = '081609000' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '081609000' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'static' ORDER BY id [sql] User found in group static [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'static' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "þqL?%" [pap] Using clear text password "12345" [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS! Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} -> 081609000 attr_filter: Matched entry DEFAULT at line 11 -- View this message in context: http://freeradius.1045715.n5.nabble.com/Help-authentication-problems-tp3293661p3293661.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text password (radius)
The interesting thig is this: If I change my password in sql (different password) I can see the password.If I put right password in sql, when I am trying to call I can see some encrypted password. So, why the login password is encrypted if it is the same as sql passord? thanks # Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt with password "/5§Ó?"[pap] Using clear text password "12345"[pap] Passwords don't match++[pap] returns rejectFailed to authenticate the user. WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS!Using Post-Auth-Type Reject ++[pap] returns updatedFound Auth-Type = PAP# Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt with password "12345"[pap] Using clear text password "12"[pap] Passwords don't match++[pap] returns rejectFailed to authenticate the user.Using Post-Auth-Type Reject From: miha_zou...@hotmail.com To: freeradius-users@lists.freeradius.org Subject: RE: Clear text password (radius) Date: Fri, 3 Dec 2010 10:00:10 + Hello, I have chacked all this thing but I do not see any problem. This is configuration on nas: ##- Activate RADIUS connection setProperty com.centile.connectors.aaa.watchdog.enable false setProperty com.centile.connectors.aaa radius setProperty com.centile.connectors.aaa.localserv intraswitch setProperty com.centile.connectors.aaa.localpass 12345 setProperty com.centile.connectors.aaa.remotserv 1.2.3.4 setProperty com.centile.connectors.aaa.remotport 1812 setProperty com.centile.connectors.aaa.calltype any You can see that the shered secret is 1235. Please help me. In attachment please find configuration files. Thanks!! miha > Date: Fri, 3 Dec 2010 16:40:59 +0700 > Subject: Re: Clear text password (radius) > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Fri, Dec 3, 2010 at 4:31 PM, Miha Zoubek wrote: > > Now my secret on nas and on radius is the same but I am still > > geting WARNING: Unprintable characters in the password.Double-check > > the shared secret on the server and the NAS!. > > Did you change anything on the radius config files? > Your previous debug does NOT show that problem. > Something you do cause the shared secret to be mismtached again after that. > > PLEASE check these basic things beforehand, nobody likes wasting time. > > Judging from your questions, I highly suggest you simply use > Cleartext-Password, and making sure you can authenticate succesfully > first. Don't even bother with Crypt-Password or MD5-Password just yet. > > -- > Fajar > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text password (radius)
Thanks for you help! I checked your links. But how can I know whitch encryption is using my nas server ? Now my secret on nas and on radius is the same but I am still geting WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS!. Thank you!!! ++[pap] returns updatedFound Auth-Type = PAP# Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt with password "wyE?"[pap] Using MD5 encryption.[pap] Passwords don't match++[pap] returns rejectFailed to authenticate the user. WARNING: Unprintable characters in the password.Double-check the shared secret on the server and the NAS!Using Post-Auth-Type Reject# Executing group from file /etc/raddb/sites-enabled/default+- entering group REJECT {...}[attr_filter.access_reject] expand: %{User-Name} -> 081609000 attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject] returns updatedDelaying reject of request 1 for 1 secondsGoing to the next requestWaking up in 0.9 seconds. > Date: Fri, 3 Dec 2010 16:02:04 +0700 > Subject: Re: Clear text password (radius) > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Fri, Dec 3, 2010 at 3:57 PM, Miha Zoubek wrote: > > Thanks! > > how can I get this cryped password that should look like "uTDRbHPzsi4IE" ? > > Did you read the links I sent? Jump to the third one if you're impatient. > > > I am using radius for voip, could it be causing this problem becuse I > > include sql.conf not voip-postpaid.conf ? > > No idea. > > I'd check first whether you REALLY want to use Crypt-password though. > Using it pretty much limits your authentication to pap, and MS-CHAP > won't work. Depending on your needs, that may or may not be > acceptable. > > -- > Fajar > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text password (radius)
Thanks! how can I get this cryped password that should look like "uTDRbHPzsi4IE" ? I am using radius for voip, could it be causing this problem becuse I include sql.conf not voip-postpaid.conf ? thanks!! miha > Date: Fri, 3 Dec 2010 15:33:04 +0700 > Subject: Re: Clear text password (radius) > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Fri, Dec 3, 2010 at 2:29 PM, Miha Zoubek wrote: > > > [pap] login attempt with password "1234" > > [pap] Using CRYPT password "1234" > > [pap] Passwords don't match > > > Why passwords do not match if they are the same. (1234)? > > Because Crypt-Password does not suppose to be the same as users' > password entry. You're supposed to store Unix-style "crypt"ed > passwords there. > > If the actual password is "1234", then the what you put in crypt > password column should look something like "uTDRbHPzsi4IE" > > See > http://freeradius.org/radiusd/man/rlm_pap.txt > http://en.wikipedia.org/wiki/Crypt_(Unix) > http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_encrypt > > -- > Fajar > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text password (radius)
'%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '081609000' ORDER BY priority[sql] expand: SELECT id, groupname, attribute, Value, op F ROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgro upcheck WHERE groupname = 'static' ORDER BY id[sql] User found in group static[sql] expand: SELECT id, groupname, attribute, value, op F ROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BYid -> SELECT id, groupname, attribute, value, op FROM radgro upreply WHERE groupname = 'static' ORDER BY idrlm_sql (sql): Released sql socket id: 4++[sql] returns ok[suffix] No '@' in User-Name = "081609000", looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No EAP-Message, not doing EAP++[eap] returns noop++[unix] returns notfound[sql] expand: %{User-Name} -> 081609000[sql] sql_set_user escaped user --> '081609000'rlm_sql (sql): Reserving sql socket id: 3[sql] expand: SELECT id, username, attribute, value, op FROM radchec k WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE usern ame = '081609000' ORDER BY id[sql] User found in radcheck table[sql] expand: SELECT id, username, attribute, value, op FROM radrepl y WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE usern ame = '081609000' ORDER BY id[sql] expand: SELECT groupname FROM radusergroup WHERE use rname = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = '081609000' ORDER BY priority[sql] expand: SELECT id, groupname, attribute, Value, op F ROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgro upcheck WHERE groupname = 'static' ORDER BY id[sql] User found in group static[sql] expand: SELECT id, groupname, attribute, value, op F ROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BYid -> SELECT id, groupname, attribute, value, op FROM radgro upreply WHERE groupname = 'static' ORDER BY idrlm_sql (sql): Released sql socket id: 3++[sql] returns ok++[expiration] returns noop++[logintime] returns noop++[pap] returns updatedFound Auth-Type = PAP# Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt with password "1234"[pap] Using CRYPT password "1234"[pap] Passwords don't match++[pap] returns rejectFailed to authenticate the user.Using Post-Auth-Type Reject# Executing group from file /etc/raddb/sites-enabled/default+- entering group REJECT {...}[attr_filter.access_reject] expand
SQL modul
Hello, at the end of this file I am getting massage Failed to load module"sql". Could you please help me what to do ? Thank you! miha[r...@localhost sites-available]# /usr/local/sbin/radiusd -XFreeRADIUS Version 2.1.10, for host x86_64-unknown-linux-gnu, built on Dec 1 2010 at 14:25:01Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ...including configuration file /usr/local/etc/raddb/radiusd.confincluding configuration file /usr/local/etc/raddb/proxy.confincluding configuration file /usr/local/etc/raddb/clients.confincluding files in directory /usr/local/etc/raddb/modules/including configuration file /usr/local/etc/raddb/modules/checkvalincluding configuration file /usr/local/etc/raddb/modules/krb5including configuration file /usr/local/etc/raddb/modules/sql_logincluding configuration file /usr/local/etc/raddb/modules/linelogincluding configuration file /usr/local/etc/raddb/modules/execincluding configuration file /usr/local/etc/raddb/modules/ldapincluding configuration file /usr/local/etc/raddb/modules/sradutmpincluding configuration file /usr/local/etc/raddb/modules/chapincluding configuration file /usr/local/etc/raddb/modules/radutmpincluding configuration file /usr/local/etc/raddb/modules/inner-eapincluding configuration file /usr/local/etc/raddb/modules/unixincluding configuration file/usr/local/etc/raddb/modules/sqlcounter_expire_on_loginincluding configuration file /usr/local/etc/raddb/modules/dynamic_clientsincluding configuration file /usr/local/etc/raddb/modules/mac2ipincluding configuration file /usr/local/etc/raddb/modules/counterincluding configuration file /usr/local/etc/raddb/modules/smbpasswdincluding configuration file /usr/local/etc/raddb/modules/filesincluding configuration file /usr/local/etc/raddb/modules/realmincluding configuration file /usr/local/etc/raddb/modules/etc_groupincluding configuration file /usr/local/etc/raddb/modules/pamincluding configuration file /usr/local/etc/raddb/modules/acct_uniqueincluding configuration file /usr/local/etc/raddb/modules/detail.example.comincluding configuration file /usr/local/etc/raddb/modules/preprocessincluding configuration file /usr/local/etc/raddb/modules/digestincluding configuration file /usr/local/etc/raddb/modules/mac2vlanincluding configuration file /usr/local/etc/raddb/modules/opendirectoryincluding configuration file /usr/local/etc/raddb/modules/attr_rewriteincluding configuration file /usr/local/etc/raddb/modules/otpincluding configuration file /usr/local/etc/raddb/modules/policyincluding configuration file /usr/local/etc/raddb/modules/ippoolincluding configuration file /usr/local/etc/raddb/modules/logintimeincluding configuration file /usr/local/etc/raddb/modules/wimaxincluding configuration file /usr/local/etc/raddb/modules/expirationincluding configuration file /usr/local/etc/raddb/modules/attr_filterincluding configuration file /usr/local/etc/raddb/modules/smsotpincluding configuration file /usr/local/etc/raddb/modules/ntlm_authincluding configuration file /usr/local/etc/raddb/modules/detailincluding configuration file /usr/local/etc/raddb/modules/mschapincluding configuration file /usr/local/etc/raddb/modules/detail.logincluding configuration file /usr/local/etc/raddb/modules/papincluding configuration file /usr/local/etc/raddb/modules/alwaysincluding configuration file /usr/local/etc/raddb/modules/passwdincluding configuration file /usr/local/etc/raddb/modules/cuiincluding configuration file /usr/local/etc/raddb/modules/exprincluding configuration file /usr/local/etc/raddb/modules/echoincluding configuration file /usr/local/etc/raddb/modules/perlincluding configuration file /usr/local/etc/raddb/eap.confincluding configuration file /usr/local/etc/raddb/sql.confincluding configuration file /usr/local/etc/raddb/policy.confincluding files in directory /usr/local/etc/raddb/sites-enabled/including configuration file/usr/local/etc/raddb/sites-enabled/control-socketincluding configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnelincluding configuration file /usr/local/etc/raddb/sites-enabled/defaultmain {allow_core_dumps = no}including dictionary file /usr/local/etc/raddb/dictionarymain {prefix = "/usr/local"localstatedir = "/usr/local/var"logdir = "/usr/local/var/log/radius"libdir = "/usr/local/lib"radacctdir = "/usr/local/var/log/radius/radacct"hostname_lookups = nomax_request_time = 30cleanup_delay = 5max_requests = 1024pidfile = "/usr/local/var/run/radiusd/radiusd.pid"checkrad = "/usr/local/sbin/checkrad"debug_level = 0proxy_requests = yeslog {stripped_names = noauth = noauth_badpass = noauth_goodpass = no}security {max_attrib
Re: Freeradius and Voip
cache { enable = no lifetime = 24 max_entries = 255 } verify { } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /usr/local/etc/raddb/modules/files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /usr/local/etc/raddb/modules/radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.access_reject" from file /usr/local/etc/raddb/modules/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" } } # modules } # server server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /usr/local/etc/raddb/modules/digest Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } /usr/local/etc/raddb/sites-enabled/default[159]: Failed to load module "sql". /usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize section. Where can I unable sql modul? Thanks guys:) miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-and-Voip-tp3287359p3287760.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and Voip
Hello, I am first time setting freeradius. I am setting it for voip accounting. I need a little help form you guys :) I read that I need to enable sql in radiusd.conf. I have also run a script for creating a tables. I changed sql.conf to voip-postpaid.conf ( I changed login, pass, and server in conf file). Is this the right scipt for crating tables : http://wiki.freeradius.org/MySQL_DDL_script http://wiki.freeradius.org/MySQL_DDL_script I am getting this error beacuse I do not know where must I put users and etc. sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'" sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to r...@localhost:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded System unix: cache = no unix: passwd = "/etc/passwd" unix: shadow = "(null)" unix: group = "/etc/group" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 212.13.228.58:47469, id=2, length=206 Acct-Multi-Session-Id = "1291187632294" Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Calling-Station-Id = "81609000" NAS-Identifier = "intraswitch" NAS-IP-Address = 212.13.228.58 3GPP2-Prepaid-acct-Capability = 0x01060002 3GPP2-Session-Termination-Capability = 1 h323-conf-id = "h323-conf-id=1291187632294" Vendor-Specific = 0x0009 Event-Timestamp = "Dec 1 2010 08:13:52 CET" User-Name = "081609000" User-Password = "1234" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "digest" returns noop for request 0 rlm_realm: No '@' in User-Name = "081609000", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry 081609000 at line 92 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: '081609000' rlm_sql (sql): sql_set_user escaped user --> '081609000' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '081609000' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql: Failed to create the pair: Unknown attribute "1234" rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Re
problem ./configure and MYSql
Hi I am having troubles setting freeRadius to work with MySql. I 've studied the FAQ at: http://wiki.freeradius.org/index.php/FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F, followed the instructions but I still can't get it to work. I'm using mysql-5.0.45-linux-i686-glibc23. I just unpacked it to /usr/local ,added a symbolic refference to it (ln -s /usr/local/mysql-5.0.45-linux-i686-glibc23 mysql) and ran the script to set up the database scripts/mysql_install_db --user=mysql. I didn't bother setting up the radius database but that shouldn't matter at this stage. location of mysql_congig: /usr/local/mysql/bin Other configuration: ubuntu linux 6.06.1 on VMWare Player, the latest version of freeRadius from cvs. //I set the path variable so it has the right path in it: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/usr/local/mysql/bin //To make sure: [EMAIL PROTECTED]:~/radiusd$ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/usr/local/mysql/bin [EMAIL PROTECTED]:~/radiusd$ export PATH//the tutorial suggest i should do a export //$PATH, but that doesnt work [EMAIL PROTECTED]:~/radiusd$ sudo ./configure | grep mysql_config //it outputs several lines, including unpopular: checking for mysql_config... no configure: WARNING: mysql libraries not found. Use --with-mysql-lib-dir=. configure: WARNING: mysql headers not found. Use --with-mysql-include-dir=. configure: WARNING: sql submodule 'mysql' disabled //I also tried to use it with lib dir and include-dir: [EMAIL PROTECTED]:~/radiusd$ sudo ./configure --with-mysql-lib-dir=/usr/local/mysql/lib -with-mysql-include-dir=/usr/local/mysql/include | grep mysql_config //Result: checking for mysql_config... no configure: WARNING: mysql headers not found. Use --with-mysql-include-dir=. configure: WARNING: sql submodule 'mysql' disabled //so it still doesn't find include dir?? Am I missing something ? Please HELP, i'm running out ideas, time and luck. Is it possible that the problem lies in the compiler ? I installed g++, because i was having troubles with gcc. I can change the OS or Mysql version if that is the problem. The official page says that freeRadius works "out of the box" with MySql. Does anyone know a configuration that works ? Miha Bicek Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html