Accouting time duratin calculation
Hi, how does freeradius calculate duration time? My NAS sends start and stop packet. In mysql table I can see accstarttime and accstoptime. Is the duration time automaticly created from start time and stop time or should NAS also send duration time? In other words is it possbile that freeradius automaticly calculate duration from start and stop packet:)? tnx! miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup.conf custom attributes failure in freeradius 2.2
On Jan 28, 2013, at 4:27 PM, Alan DeKok wrote: > Use the v2.x.x branch from git. > > We should release 2.2.1 soon. > > Alan DeKok. Hi Alan, I can wait till 2.2.1 is released, no problem, will wait for freebsd ports being updated with latest version and try again :) I just wanted to know if I am doing something wrong or something changed… Thanks for response!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup.conf custom attributes failure in freeradius 2.2
> yes, you dont seem to have 3GPP-IMSI in your dictionary file. thus the string > expansion fails Yes, that was my first thought but I am confident it is there, that's why it is strange… [root@server ~]# grep IMSI /usr/local/share/freeradius/dictionary.3gpp ATTRIBUTE 3GPP-IMSI 1 string ATTRIBUTE 3GPP-IMSI-MCC-MNC 8 string [root@server ~]# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup.conf custom attributes failure in freeradius 2.2
Hi, I need some help with inserting custom attributes to MySQL server. It seems
that version 2.2 broke it, at least on my server… When I revert back to 2.1 it
immediately starts to work with same config files.
Below are config files and traces for both versions.
Any idea?
thanks,
brm
--
Relevant part of dialup.conf (modified to include custom attributes):
accounting_start_query = " \
INSERT INTO ${acct_table1} \
(acctsessionid,acctuniqueid, username, \
imsi, imei, ms_timezone, \
rat_type, user_location_info,realm, \
nasipaddress, nasportid, \
nasporttype, acctstarttime,acctstoptime, \
acctsessiontime, acctauthentic,connectinfo_start, \
connectinfo_stop, acctinputoctets, acctoutputoctets, \
calledstationid, callingstationid, acctterminatecause, \
servicetype, framedprotocol, framedipaddress, \
acctstartdelay, acctstopdelay) \
VALUES \
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{3GPP-IMSI}', '%{3GGP-IMEISV}', '%{3GPP-MS-TimeZone}', \
'%{3GPP-RAT-type}', '%{3GPP-User-Location-Info}', '%{Realm}', \
'%{NAS-IP-Address}', '%{NAS-Port}', \
'%{NAS-Port-Type}', '%S', NULL, \
'0', '%{Acct-Authentic}', '%{Connect-Info}', \
'', '0', '0', \
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', \
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', \
'%{%{Acct-Delay-Time}:-0}', '0')"
Slightly modified dictionary.3gpp file to include custom attributes:
# new attributes
ATTRIBUTE 3GGP-IMEISV 20 string
ATTRIBUTE 3GPP-RAT-type 21 byte
ATTRIBUTE 3GPP-User-Location-Info 22 octets
ATTRIBUTE 3GPP-MS-TimeZone23 integer has_tag
# set RAT-TYPE
VALUE 3GPP-RAT-Type Reserved0
VALUE 3GPP-RAT-Type UTRAN 1
VALUE 3GPP-RAT-Type GERAN 2
VALUE 3GPP-RAT-Type WLAN3
VALUE 3GPP-RAT-Type GAN 4
VALUE 3GPP-RAT-Type HSPA-Evolution 5
VALUE 3GPP-RAT-Type IEEE-802-16e101
VALUE 3GPP-RAT-Type 3GPP2-eHRPD 102
VALUE 3GPP-RAT-Type 3GPP2-HRPD 103
VALUE 3GPP-RAT-Type 3GPP2-1xRTT 104
VALUE 3GPP-RAT-Type 3GPP-EPS105
This is the accounting start record from debug mode:
rad_recv: Accounting-Request packet from host port 54002, id=50,
length=375
Acct-Status-Type = Start
Event-Timestamp = "Jan 26 2013 18:20:08 CET"
Framed-IP-Address = xxx
Called-Station-Id = "xx"
Calling-Station-Id = "xxx"
NAS-IP-Address = xxx
NAS-Identifier = "xxx"
Service-Type = Framed-User
NAS-Port-Type = Virtual
Acct-Session-Id = "5BB9DD25a7846fd9"
3GPP-IMSI = "xxx"
3GPP-IMSI-MCC-MNC = "xxx"
3GPP-NSAPI = "5"
3GGP-IMEISV = "xxx"
3GPP-RAT-type = UTRAN
3GPP-User-Location-Info = 0x0192f307000a79be
3GPP-Charging-ID = 2810474457
3GPP-PDP-Type = IP
3GPP-Selection-Mode = "0"
Error on version 2.2:
...
+- entering group accounting {...}
[sql] expand: %{Calling-Station-Id} ->
[sql] sql_set_user escaped user --> 'x'
[sql] WARNING: Unknown module "3GPP-IMSI" in string expansion "%',
'%{3GGP-IMEISV}', '%{3GPP-MS-TimeZone}', '%{3GPP-RAT-type}',
'%{3GPP-User-Location-Info}','%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S',
NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}',
'', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{%{Acct-Delay-Time}:-0}', '0')"
[sql] expand: /var/log/radius/sqltrace.sql -> /var/log/radius/sqltrace.sql
rlm_sql (sql): Reserving sql socket id: 24
rlm_sql_mysql: query: INSERT INTO radacct
(acctsessionid,acctuniqueid, username, imsi,
imei, ms_timezone,rat_type, user_location_info,
realm, nasipaddress, nasportid,
nasporttype, acctstarttime,acctstoptime, acctsessiontime,
acctauthentic,connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress, acctstartde
Re: Realm
thanks!
MIha
Dne 1/23/2013 3:58 PM, piše Phil Mayers:
On 23/01/13 14:47, Miha wrote:
Hi,
my radius client is sending with user-name and password aslo realm. I
can not disable sending realm, is it possible to configure radius that
will not user realm with user-name (user-name@realm)?
[digest] Digest-Attributes look OK. Converting them to something more
usful.
*Digest-User-Name = "018108500"*
*Digest-Realm = "test1.opensips.softnet.si"*
Digest-Nonce = "510001fb0006c9cc728438be21e324f917a5ea234380"
Digest-URI = "sip:+3858...@test1.opensips.test.si"
Digest-Method = "INVITE"
[digest] Adding Auth-Type = DIGEST
++[digest] returns ok
[suffix] Looking up realm "test1.opensips.softnet.si" for User-Name =
*"018108500@test1.opensips.**test.si*"
[suffix] No such realm "test1.opensips.softnet.si"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> *018108500@test1.opensips.**test.si*
Radius will need to chack only user-name (*018108500*).
Sure. The easiest option is something like this:
authorize {
...
if (User-Name =~ /^(.+)@(.+)$/) {
update request {
Stripped-User-Name := "%{1}"
Realm := "%{2}"
}
}
...
}
...and then ensure your SQL/files/whatever modules use an appropriate
expansion for their "key" value e.g.
sql {
...
sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name}}"
...
}
This is the default. So basically, you identify the realm yourself,
set "Stripped-User-Name", and use that.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realm
Hi,
my radius client is sending with user-name and password aslo realm. I
can not disable sending realm, is it possible to configure radius that
will not user realm with user-name (user-name@realm)?
[digest] Digest-Attributes look OK. Converting them to something more
usful.
*Digest-User-Name = "018108500"*
*Digest-Realm = "test1.opensips.softnet.si"*
Digest-Nonce = "510001fb0006c9cc728438be21e324f917a5ea234380"
Digest-URI = "sip:+3858...@test1.opensips.test.si"
Digest-Method = "INVITE"
[digest] Adding Auth-Type = DIGEST
++[digest] returns ok
[suffix] Looking up realm "test1.opensips.softnet.si" for User-Name =
*"018108500@test1.opensips.**test.si*"
[suffix] No such realm "test1.opensips.softnet.si"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
[sql] expand: %{User-Name} -> *018108500@test1.opensips.**test.si*
Radius will need to chack only user-name (*018108500*).
Thanks!
Miha
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: log error
On 11/5/2012 3:30 PM, Arran Cudbard-Bell wrote: On 5 Nov 2012, at 14:27, Arran Cudbard-Bell wrote: All signs point to tumblebeasts in the rlm_sql module. -Arran Apologies didn't mean to top post. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks to Arran, 2xAlan:), I was also looking in past users mail in mailing list and also see expentation from Alan:). Sorry for posting this before reading entire mailing list. BR; Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
log error
Hi, I am looking at this log radius file. What could be causing this? BR; Miha Mon Nov 5 08:35:03 2012 : Error: Discarding duplicate request from client intraswitch port 46634 - ID: 134 due to unfinished request 11902 Mon Nov 5 08:35:03 2012 : Error: Discarding duplicate request from client intraswitch port 40649 - ID: 231 due to unfinished request 11904 Mon Nov 5 09:10:02 2012 : Error: Discarding duplicate request from client intraswitch port 55647 - ID: 187 due to unfinished request 16624 Mon Nov 5 09:10:02 2012 : Error: Discarding duplicate request from client intraswitch port 57890 - ID: 139 due to unfinished request 16626 Mon Nov 5 09:25:03 2012 : Error: Discarding duplicate request from client intraswitch port 46201 - ID: 179 due to unfinished request 19014 Mon Nov 5 09:40:03 2012 : Error: Discarding duplicate request from client intraswitch port 38970 - ID: 184 due to unfinished request 21166 Mon Nov 5 09:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 46440 - ID: 227 due to unfinished request 21746 Mon Nov 5 09:50:02 2012 : Error: Discarding duplicate request from client intraswitch port 57355 - ID: 116 due to unfinished request 22475 Mon Nov 5 09:55:03 2012 : Error: Discarding duplicate request from client intraswitch port 48695 - ID: 154 due to unfinished request 23172 Mon Nov 5 10:00:02 2012 : Error: Discarding duplicate request from client intraswitch port 49085 - ID: 121 due to unfinished request 24106 Mon Nov 5 10:10:02 2012 : Error: Discarding duplicate request from client intraswitch port 36544 - ID: 26 due to unfinished request 25411 Mon Nov 5 10:20:02 2012 : Error: Discarding duplicate request from client intraswitch port 42534 - ID: 6 due to unfinished request 26755 Mon Nov 5 10:30:02 2012 : Error: Discarding duplicate request from client intraswitch port 32994 - ID: 173 due to unfinished request 28238 Mon Nov 5 11:00:03 2012 : Error: Discarding duplicate request from client intraswitch port 54529 - ID: 67 due to unfinished request 32859 Mon Nov 5 11:15:02 2012 : Error: Discarding duplicate request from client intraswitch port 56675 - ID: 60 due to unfinished request 35280 Mon Nov 5 11:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 60703 - ID: 225 due to unfinished request 39541 Mon Nov 5 12:03:12 2012 : Error: Discarding duplicate request from client intraswitch port 51296 - ID: 245 due to unfinished request 41695 Mon Nov 5 12:15:02 2012 : Error: Discarding duplicate request from client intraswitch port 35090 - ID: 24 due to unfinished request 42950 Mon Nov 5 12:20:02 2012 : Error: Discarding duplicate request from client intraswitch port 39325 - ID: 171 due to unfinished request 43408 Mon Nov 5 12:30:03 2012 : Error: Discarding duplicate request from client intraswitch port 36165 - ID: 89 due to unfinished request 44456 Mon Nov 5 12:40:02 2012 : Error: Discarding duplicate request from client intraswitch port 54846 - ID: 219 due to unfinished request 45559 Mon Nov 5 12:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 41737 - ID: 239 due to unfinished request 46056 Mon Nov 5 12:50:02 2012 : Error: Discarding duplicate request from client intraswitch port 34792 - ID: 111 due to unfinished request 46529 Mon Nov 5 13:05:02 2012 : Error: Discarding duplicate request from client intraswitch port 56632 - ID: 231 due to unfinished request 48180 Mon Nov 5 13:25:03 2012 : Error: Discarding duplicate request from client intraswitch port 50078 - ID: 75 due to unfinished request 50845 Mon Nov 5 13:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 33412 - ID: 88 due to unfinished request 53659 Mon Nov 5 14:45:02 2012 : Error: Discarding duplicate request from client intraswitch port 50311 - ID: 25 due to unfinished request 60391 Mon Nov 5 15:03:05 2012 : Error: Discarding duplicate request from client intraswitch port 60010 - ID: 57 due to unfinished request 62264 Mon Nov 5 15:03:06 2012 : Error: Discarding duplicate request from client intraswitch port 35760 - ID: 215 due to unfinished request 62265 Mon Nov 5 15:03:06 2012 : Error: Discarding duplicate request from client intraswitch port 38622 - ID: 31 due to unfinished request 62266 Mon Nov 5 15:03:06 2012 : Error: Discarding duplicate request from client intraswitch port 33797 - ID: 214 due to unfinished request 62267 Mon Nov 5 15:03:06 2012 : Error: Discarding duplicate request from client intraswitch port 60010 - ID: 57 due to unfinished request 62264 Mon Nov 5 15:03:08 2012 : Error: Discarding duplicate request from client intraswitch port 40499 - ID: 176 due to unfinished request 62271 Mon Nov 5 15:03:08 2012 : Error: Discarding duplicate request from client intraswitch port 49325 - ID: 154 due to unfinished request 62272 Mon Nov 5 15:03:09 2012 : Error: Discarding duplicate request from client intraswitch port 40499 - ID: 176 due to unfinished
Re: simultaneous-Use is not worrking
Alan, just to let you know. I figure out where was the problem. In default file in session I was having set radutmp and also sql. After I comment radutmp and let just sql it begun to work:) Thanks! Miha On Sat, 03 Nov 2012 15:27:41 -0400 Alan DeKok wrote: > Miha wrote: > > i am turning out you due to issue with > simultaneous-Use. I > > readed mailing list but did not find any appropriate > > answer. > ... > > my config: > > > > [root@localhost sites-available]# radiusd -X > > FreeRADIUS Version 2.1.12, for host > ... > > Ready to process requests. > > The reason to post the debug output is to show what > happens when the > server receives a packet. You didn't show that. So the > debug output is > useless, and we can't help you. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: simultaneous-Use is not worrking
ute, Value,
op FROM radgroupcheck WHERE groupname =
'testservice' ORDER BY id
[sql] User found in group testservice
[sql] expand: SELECT id, groupname, attribute,
value, op FROM radgroupreply
WHERE groupname = '%{Sql-Group}' ORDER
BY id -> SELECT id, groupname, attribute, value,
op FROM radgroupreply WHERE groupname =
'testservice' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "52166"
[pap] Using clear text password "52166"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group session {...}
[radutmp] expand: /usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> 018108753.enterprise
++[radutmp] returns ok
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 59 to xxx.xxx.xxx.xxx port
37173
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 3 ID 59 with timestamp +3041
Ready to process requests.
On Sat, 03 Nov 2012 15:27:41 -0400
Alan DeKok wrote:
> Miha wrote:
> > i am turning out you due to issue with
> simultaneous-Use. I
> > readed mailing list but did not find any appropriate
> > answer.
> ...
> > my config:
> >
> > [root@localhost sites-available]# radiusd -X
> > FreeRADIUS Version 2.1.12, for host
> ...
> > Ready to process requests.
>
> The reason to post the debug output is to show what
> happens when the
> server receives a packet. You didn't show that. So the
> debug output is
> useless, and we can't help you.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
simultaneous-Use is not worrking
_unique" from file
/usr/local/etc/raddb/modules/acct_unique
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
}
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_detail
Module: Instantiating module "detail" from file
/usr/local/etc/raddb/modules/detail
detail {
detailfile =
"/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
header = "%t"
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Linked to module rlm_attr_filter
Module: Instantiating module
"attr_filter.accounting_response" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.accounting_response {
attrsfile =
"/usr/local/etc/raddb/attrs.accounting_response"
key = "%{User-Name}"
relaxed = no
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
} # modules
} # server
server inner-tunnel { # from file
/usr/local/etc/raddb/sites-enabled/inner-tunnel
modules {
Module: Checking authenticate {...} for more modules to
load
Module: Checking authorize {...} for more modules to load
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating module "attr_filter.access_reject"
from file /usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
relaxed = no
}
} # modules
} # server
radiusd: Opening IP addresses and Ports
listen {
type = "auth"
ipaddr = *
port = 0
}
listen {
type = "acct"
ipaddr = *
port = 0
}
listen {
type = "control"
listen {
socket = "/usr/local/var/run/radiusd/radiusd.sock"
}
}
listen {
type = "auth"
ipaddr = 127.0.0.1
port = 18120
}
... adding new socket proxy address * port 44469
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file
/usr/local/var/run/radiusd/radiusd.sock
Listening on authentication address 127.0.0.1 port 18120 as
server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
Thanks!
Miha
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius, memory consumption
Hi, I am using Freeradius for authorization with mysql. In my sql I have about 15k user entries and there si about 50 active calls all the time (just for information about traffic). Now Freeradius is in production for abot 4 months and I did not noticed any problems (works perfect). Today I noticed that it is using around 77% of memory. Is this normal? Thanks! Miha root 27533 0.0 77.4 13524108 9500600 ?Ssl Mar26 29:51 radiusd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rad client
@Fajar, thanks for you quick replay. I will ask vendor about it. BR, Miha On 2/14/2012 8:46 AM, Fajar A. Nugraha wrote: On Tue, Feb 14, 2012 at 2:34 PM, Miha Zoubek wrote: Hi, I need one information about radius behaviour regarding voip cdr (AAA). I know I get two stop packet and two start packets for every call that is made. For one softswitch I get session ID same for all paskets (stop&start for a leg, and stop&start for b leg), on other softswitch I get one session ID for one stop&start packet and other ID for second stop&start packet. So, for one softswitch as is only one ID I get one enetry in sql table, for other softswitch I get two enetries in my sql table as I get two session IDs. Which behaviour is right? I can't comment about softswitch, but a NAS in general should send only one acct start& stop for each session it handles. Unless they're re-sent due to transmission problems, in which case the session ID will be the same. I suggest you ask your softswitch vendor about that. If you know the difference betwenn those two different packets from the same session (e.g perhaps there's an attribute that's only present in one of them), then you should be able to filter it out so you can record only one entry per session in your acct table. -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rad client
Hi, I need one information about radius behaviour regarding voip cdr (AAA). I know I get two stop packet and two start packets for every call that is made. For one softswitch I get session ID same for all paskets (stop&start for a leg, and stop&start for b leg), on other softswitch I get one session ID for one stop&start packet and other ID for second stop&start packet. So, for one softswitch as is only one ID I get one enetry in sql table, for other softswitch I get two enetries in my sql table as I get two session IDs. Which behaviour is right? Thanks! Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update replay
On 2/13/2012 11:06 AM, Miha Zoubek wrote:
On 2/13/2012 10:52 AM, Fajar A. Nugraha wrote:
if ("%{NAS-IP-Address}" != "xxx.xxx.xxx.xxx"){
@Fajar sorry that I did not inform you about this. I have noticed
right when I send email to the group. I have fix quotes but still
getting error.
fix:
if (%{NAS-IP-Address} != "xxx.xxx.xxx.xxx"){
update reply {
NAS-IP-Address = "%{NAS-IP-Address}"
Acct-Multi-Session-Id = "%{Acct-Multi-Session-Id}"
Acct-Session-Id = "%{Acct-Session-Id}"
Event-Timestamp = "%{Event-Timestamp}"
3GPP2-Session-Termination-Capability =
"%{3GPP2-Session-Termination-Capability}"
3GPP2-Prepaid-Acct-Quota = "%{3GPP2-Prepaid-Acct-Quota}"
3GPP2-Prepaid-acct-Capability = "%{3GPP2-Prepaid-acct-Capability}"
# 3GPP2-Session-Termination-Capability =
"{3GPP2-Session-Termination-Capability}"
# Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
# 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator}
}
}
Error:
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Bare %{...} is invalid in condition at: %{NAS-IP-Address} !=
"xxx.xxx.xxx.xxx")
/usr/local/etc/raddb/sites-enabled/default[450]: Errors parsing
post-auth section.
[root@newbill sites-available]#
BR,
Miha
--
Best regards / Lep Pozdrav
Miha Zoubek
Softnet d.o.o.
Sorry:)
forget. It is working perfectly:)
Thanks!
Miha
--
Best regards / Lep Pozdrav
Miha Zoubek
Softnet d.o.o.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update replay
On 2/13/2012 10:52 AM, Fajar A. Nugraha wrote:
if ("%{NAS-IP-Address}" != "xxx.xxx.xxx.xxx"){
@Fajar sorry that I did not inform you about this. I have noticed right
when I send email to the group. I have fix quotes but still getting error.
fix:
if (%{NAS-IP-Address} != "xxx.xxx.xxx.xxx"){
update reply {
NAS-IP-Address = "%{NAS-IP-Address}"
Acct-Multi-Session-Id = "%{Acct-Multi-Session-Id}"
Acct-Session-Id = "%{Acct-Session-Id}"
Event-Timestamp = "%{Event-Timestamp}"
3GPP2-Session-Termination-Capability =
"%{3GPP2-Session-Termination-Capability}"
3GPP2-Prepaid-Acct-Quota = "%{3GPP2-Prepaid-Acct-Quota}"
3GPP2-Prepaid-acct-Capability = "%{3GPP2-Prepaid-acct-Capability}"
# 3GPP2-Session-Termination-Capability =
"{3GPP2-Session-Termination-Capability}"
# Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
# 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator}
}
}
Error:
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Bare %{...} is invalid in condition at: %{NAS-IP-Address} !=
"xxx.xxx.xxx.xxx")
/usr/local/etc/raddb/sites-enabled/default[450]: Errors parsing
post-auth section.
[root@newbill sites-available]#
BR,
Miha
--
Best regards / Lep Pozdrav
Miha Zoubek
Softnet d.o.o.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update replay
On 2/13/2012 10:28 AM, Miha Zoubek wrote:
On 2/13/2012 10:19 AM, Alan Buxey wrote:
Hi,
Hi,
I have set in sql.conf multiple sql instance. I will also include
further different dialup.conf for sql query.
How can I configure default file in site-avalible as for one softswitch
I do not need this variables to be replied:
stick a
if (%{NAS-IP-Address} != "192.168.0.1"){
}
wrapper around it - where that IP address is the one you dont care about
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Thanks for quick replay!
Regards,
Miha
Hi,
I have one problem:
if (%{NAS-IP-Address} != "xxx.xxx.xxx.xxx"){
update reply {
NAS-IP-Address = "%{NAS-IP-Address}"
Acct-Multi-Session-Id = "%{Acct-Multi-Session-Id}"
Acct-Session-Id = "%{Acct-Session-Id}"
Event-Timestamp = "%{Event-Timestamp}"
3GPP2-Session-Termination-Capability =
"%{3GPP2-Session-Termination-Capability}"
3GPP2-Prepaid-Acct-Quota = "%{3GPP2-Prepaid-Acct-Quota}"
3GPP2-Prepaid-acct-Capability = "%{3GPP2-Prepaid-acct-Capability}"
# 3GPP2-Session-Termination-Capability =
"{3GPP2-Session-Termination-Capability}"
# Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
# 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator}
}
}
I get this:
Module: Checking post-auth {...} for more modules to load
Bare %{...} is invalid in condition at: %{NAS-IP-Address} !=
"xxx.xxx.xx.xxx")
/usr/local/etc/raddb/sites-enabled/default[450]: Errors parsing
post-auth section.
[root@newbill sites-available]#
Thanks!
--
Best regards / Lep Pozdrav
Miha Zoubek
Softnet d.o.o.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: update replay
On 2/13/2012 10:19 AM, Alan Buxey wrote:
Hi,
Hi,
I have set in sql.conf multiple sql instance. I will also include
further different dialup.conf for sql query.
How can I configure default file in site-avalible as for one softswitch
I do not need this variables to be replied:
stick a
if (%{NAS-IP-Address} != "192.168.0.1"){
}
wrapper around it - where that IP address is the one you dont care about
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for quick replay!
Regards,
Miha
--
Best regards / Lep Pozdrav
Miha Zoubek
Softnet d.o.o.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
update replay
Hi,
I have set in sql.conf multiple sql instance. I will also include
further different dialup.conf for sql query.
How can I configure default file in site-avalible as for one softswitch
I do not need this variables to be replied:
update reply {
NAS-IP-Address = "%{NAS-IP-Address}"
Acct-Multi-Session-Id = "%{Acct-Multi-Session-Id}"
Acct-Session-Id = "%{Acct-Session-Id}"
Event-Timestamp = "%{Event-Timestamp}"
3GPP2-Session-Termination-Capability =
"%{3GPP2-Session-Termination-Capability}"
3GPP2-Prepaid-Acct-Quota = "%{3GPP2-Prepaid-Acct-Quota}"
3GPP2-Prepaid-acct-Capability = "%{3GPP2-Prepaid-acct-Capability}"
# 3GPP2-Session-Termination-Capability =
"{3GPP2-Session-Termination-Capability}"
# Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
# 3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator}
}
Thanks!
Miha
--
Best regards / Lep Pozdrav
Miha Zoubek
Softnet d.o.o.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More than one client
Hi @Fajar, yes that what I meant:) Thanks! Regards, Miha On 2/6/2012 12:05 PM, Fajar A. Nugraha wrote: On Mon, Feb 6, 2012 at 5:53 PM, Miha Zoubek wrote: Hi, I need a few information. We have to softswtichs, both are working with freeradius perfectly. Do you mean "two" softswtiches? Taking time to double-check what you write can help others understand your needs better. There is no problem to use to different clinets (softswitchs) to use one freeradious server. Problem is that softswitchs would need a different dialup.conf (for sql entry) and different default configuration for different AVP packets. I find it hard to understand what you meant there. Did you mean: - you want two softswitches to use one freeradius - each softswitch requires a different sql query is that correct? How to set to different dialup.conf and defult configuration? If you use FR2 (you should), see unlang: http://freeradius.org/radiusd/man/unlang.html Create two different instances of sql, each with its own dialup.conf. Then check for a unique attribute that the NAS sends (e.g. NAS-IP-Address) in authorize and accounting section (and whatever other sections you use). -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More than one client
Hi, I need a few information. We have to softswtichs, both are working with freeradius perfectly. There is no problem to use to different clinets (softswitchs) to use one freeradious server. Problem is that softswitchs would need a different dialup.conf (for sql entry) and different default configuration for different AVP packets. How to set to different dialup.conf and defult configuration? Thanks! Miha -- Best regards / Lep Pozdrav Miha Zoubek Softnet d.o.o. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with sql entry
Thanks @Fajar,
I missed two different Acct-Session-Id. This the main reason for this. I
fill chack why nas is sending different Acct-Session-ID
regards,
Miha
On 12/20/2011 10:20 AM, Fajar A. Nugraha wrote:
On Tue, Dec 20, 2011 at 3:55 PM, Miha Zoubek wrote:
Hi,
please help me out why I am getting two entries in mysql table (radacct) for
outgoing call. If the call is answered I get two entries and one entry if
the call is not answered (this is ok).
Reason that I am asking this is that I do not see that my NAS is sending two
start packet and to stop packet for answered call (you can see below).
Please help me out understand why radius add two entries for stop packet if
only one is send from NAS.
First of all, if you're going to trim the debug log anyway, make sure
you include debug from a full sesssion to make it easier to diagnose.
2. Call is answered.
3142.992787 xxx.xxx.xxx.xxx -> yyy.yyy.yyy.yyy RADIUS Accounting-Request(4)
(id=195, l=265)
3142.994570 yyy.yyy.yyy.yyy -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5)
(id=195, l=20)
those two above most likely belong to a previous session. Accounting
usually comes after Access-Request. So I don't think you need to
include those. UNLESS your NAS is doing something funny, and it REALLY
sends Accounting - Access Request - Accounting for a session.
rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx port 48752,
id=198, length=265
Acct-Status-Type = Start
Acct-Session-Id = "d446d20a-6d1c-4ffd-9b59-1aedbf63b74c"
I'd note Acct-Session-Id lines ...
rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx port 35569,
id=200, length=401
Acct-Status-Type = Stop
Acct-Session-Id = "68507972-f9d9-46c7-bf22-59020602ffe2"
... and compare it with the next one. That's a different
Acct-Session-Id, so it's two different sessions.
Are you SURE you have two entries in radacct with Acct-Session-Id =
"68507972-f9d9-46c7-bf22-59020602ffe2"?
[sql] expand:UPDATE radacct SET acctstarttime =
'%{Freeswitch-Callanswerdate}', acctstoptime =
'%S', acctsessiontime= '%{Acct-Session-Time}',
acctinputoctets= '%{%{Acct-Input-Gigawords}:-0}'<< 32
|
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}'<< 32 |
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'
-> UPDATE radacct SET acctstarttime =
'2011-12-20T09:49:30.669405=2B0100', acctstoptime = '2011-12-20
09:49:49', acctsessiontime= '3',
acctinputoctets= '0'<<
hmmm ... that query doesn't look right.
"
UPDATE radacct SET acctstarttime =
'2011-12-20T09:49:30.669405=2B0100', acctstoptime = '2011-12-20
09:49:49', acctsessiontime= '3',
acctinputoctets= '0'<<
"
seriously? Are you sure you didn't mess up the query while editing it
manually? Or was it copy-and-paste error?
Even acctstarttime looks wrong.
[sql] expand:INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay)
VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL
(%{%{Acct-Session-Time}:-0} + %{%{Acct-Delay-Time}:-0})
SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}',
'', '%{Connect-Info}',
'%{%{Acct-Input-Gigawords}:-0}'<< 32 | '%{%{Acct-Inpu
Same thing here. It should print what the actual sql statement executed
My best guess so far:
- the double lines you see are from different session (i.e. different
Acct-Session-Id). If so, the NAS sends two different acc
Problem with sql entry
User-Name = "123456789", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]expand: %{Packet-Src-IP-Address} -> xxx.xxx.xxx.xxx
[detail]expand:
/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/detail-20111220
[detail]
/usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/xxx.xxx.xxx.xxx/detail-20111220
[detail]expand: %t -> Tue Dec 20 09:49:49 2011
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> 123456789
rlm_radutmp: Logout entry for NAS xxx.xxx.xxx.xxx port 0 has wrong ID
++[radutmp] returns ok
[sql] expand: %{User-Name} -> 123456789
[sql] sql_set_user escaped user --> '123456789'
[sql] expand: %{Acct-Input-Gigawords} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Input-Octets} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Output-Gigawords} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Output-Octets} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Delay-Time} -> 0
[sql] expand:UPDATE radacct SET acctstarttime
= '%{Freeswitch-Callanswerdate}', acctstoptime =
'%S', acctsessiontime=
'%{Acct-Session-Time}', acctinputoctets=
'%{%{Acct-Input-Gigawords}:-0}' << 32
|
'%{%{Acct-Input-Octets}:-0}', acctoutputoctets =
'%{%{Acct-Output-Gigawords}:-0}' << 32
|
'%{%{Acct-Output-Octets}:-0}', acctterminatecause =
'%{Acct-Terminate-Cause}', acctstopdelay =
'%{%{Acct-Delay-Time}:-0}', connectinfo_stop =
'%{Connect-Info}' WHERE acctsessionid =
'%{Acct-Session-Id}' AND username =
'%{SQL-User-Name}' AND nasipaddress = '%{NAS-IP-Address}'
->UPDATE radacct SET acctstarttime =
'2011-12-20T09:49:30.669405=2B0100', acctstoptime =
'2011-12-20 09:49:49', acctsessiontime=
'3', acctinputoctets= '0' <<
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: %{Acct-Session-Time} -> 3
[sql] expand: %{Acct-Delay-Time} -> 0
[sql] expand: %{Acct-Input-Gigawords} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Input-Octets} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Output-Gigawords} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Output-Octets} ->
[sql] ... expanding second conditional
[sql] expand: %{Acct-Delay-Time} -> 0
[sql] expand:INSERT INTO radacct
(acctsessionid, acctuniqueid, username, realm,
nasipaddress, nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay)
VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S', INTERVAL (%{%{Acct-Session-Time}:-0}
+ %{%{Acct-Delay-Time}:-0}) SECOND), '%S',
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Connect-Info}', '%{%{Acct-Input-Gigawords}:-0}' << 32
| '%{%{Acct-Inpu
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> 123456789
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 200 to xxx.xxx.xxx.xxx port 35569
Finished request 50.
Cleaning up request 50 ID 200 with timestamp +5710
Going to the next request
Ready to process requests.
--
Best regards / Lep Pozdrav
Miha Zoubek
Softnet d.o.o.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius sql quastione
@Hi Alan, thank you for you answer. Is it possible to block second packages from NAS (that I would not get thous entries in my sqltables)? p.s.: I do not get any information about this issue on freeswitch maling list... 71.449050 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Request(4) (id=235, l=265) 71.517347 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=235, l=20) 73.536126 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Access-Request(1) (id=236, l=210) 73.567412 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Access-Accept(2) (id=236, l=20) 73.572794 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Request(4) (id=237, l=321) 73.574156 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=237, l=20) 83.482760 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Request(4) (id=238, l=401) 83.485670 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=238, l=20) 83.514594 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Request(4) (id=239, l=402) 83.516404 xxx.xxx.xxx.xxx -> xxx.xxx.xxx.xxx RADIUS Accounting-Response(5) (id=239, l=20) Regards, Miha On 11/9/2011 5:37 PM, Alan DeKok wrote: Miha Zoubek wrote: our freeradius is working with our softswitch perfect. All my columns in radacct are populating. That's good. Now I have set freeswitch and I also got it work with freeradius. This are two different softswitchs and I would like that bouth will populate same base. Problem appears as freeswitch is sending different attributes, so I make differences in dialup.conf (than the other softswitch will not populate right radacct table). This is why the SQL queries are editable. You can edit them to say "use attribute X, if it doesn't exist, use attribute Y". See "man unlang" for the syntax. Can I populate same base? But how to configure dialup.conf than? How can I set up in on radius to different base with to different dialup.conf (I must edit this file due to different attribute representation). Edit dialup.conf. Below you will find freeswitch attributes: Ok... which freeswitch attributes do you want to use? Which SQL column do they map to? Write that down. Then, edit the SQL queries as described above. P.s.: I am getting all inputs in radacct table duplicate. Can you help me out how can I deal with this issue? Your NAS is sending duplicate accounting packets. That's really how RADIUS works. You will need to figure out why the entries are duplicate (they're probably *not* duplicate), and figure out what fields make up the "same" session. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius sql quastione
Hi, our freeradius is working with our softswitch perfect. All my columns in radacct are populating. Now I have set freeswitch and I also got it work with freeradius. This are two different softswitchs and I would like that bouth will populate same base. Problem appears as freeswitch is sending different attributes, so I make differences in dialup.conf (than the other softswitch will not populate right radacct table). Can I populate same base? But how to configure dialup.conf than? How can I set up in on radius to different base with to different dialup.conf (I must edit this file due to different attribute representation). Below you will find freeswitch attributes: rad_recv: Accounting-Request packet from host xxx.xxx.xxx.xxx port 33534, id=134, length=402 Acct-Status-Type = Stop Acct-Session-Id = "1d83c61f-3167-4c15-9da3-871cd76f3d7c" Freeswitch-Hangupcause = Normal-Clearing User-Name = "018108500" Freeswitch-Src = "018108500" Freeswitch-CLID = "018108500" Freeswitch-Dst = "051357952" Freeswitch-Dialplan = "XML" Framed-IP-Address = xxx.xxx.xxx.xxx Freeswitch-Context = "default" Freeswitch-Ani = "018108500" Freeswitch-Source = "mod_sofia" Freeswitch-Lastapp = "bridge" Freeswitch-Billusec = 2427061 Freeswitch-Callstartdate = "2011-11-09T14:30:45.095287+0100" Freeswitch-Callanswerdate = "2011-11-09T14:30:52.965479+0100" Freeswitch-Callenddate = "2011-11-09T14:30:55.392540+0100" Acct-Session-Time = 2 Freeswitch-Signalbond = "inbound" NAS-Port = 0 Acct-Delay-Time = 0 NAS-IP-Address = xxx.xxx.xxx.xxx # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default P.s.: I am getting all inputs in radacct table duplicate. Can you help me out how can I deal with this issue? I have put radius log on http://pastebin.freeswitch.org/17730 BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusclient problems
On 11/4/2011 3:01 PM, Fajar A. Nugraha wrote: On Fri, Nov 4, 2011 at 8:53 PM, Miha Zoubek wrote: Just curies do you maybe know if I can get radclient working with freeswitch? @Fajar I was trying to use with freeswitch as is written on http://wiki.freeswitch.org/wiki/Mod_rad_auth. But I am getting a few error s which I am unable to fix:) My GUESS it's similar to poptop setup. See http://wiki.freeradius.org/PopTop . In poptop's case you need to: - have a radius client library (vendor-provided package should be enough) - configure poptop to use the correct configuration file (radiusclient and radiusclient-ng has different configuration directory, but both should work) - configure additional needed dictionary items (e.g. to support MSCHAP, example in the wiki page) In your case I suggest try using distro-provided radiusclient first, and if it still doesn't work try checking radiusclient's dictionary. Thank you for help! BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusclient problems
On 11/4/2011 2:45 PM, Arran Cudbard-Bell wrote: On 4 Nov 2011, at 14:37, Fajar A. Nugraha wrote: On Fri, Nov 4, 2011 at 8:20 PM, Arran Cudbard-Bell wrote: On 4 Nov 2011, at 12:55, Miha Zoubek wrote: Sorry for bothering you. Is not radius client part of freeradius? No, radclient is part of FreeRADIUS @Arran: I think Miha is referring to http://wiki.freeradius.org/Radiusclient It's hard not to think it as part of FreeRADIUS when the first line of the wiki starts with "FreeRADIUS Client" It was adopted. It's like the orphan child that lives in the cupboard under the stairs. Arran Cudbard-Bell a.cudba...@freeradius.org Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ok I get it:) Thanks guys for information:) Just curies do you maybe know if I can get radclient working with freeswitch? @Fajar I was trying to use with freeswitch as is written onhttp://wiki.freeswitch.org/wiki/Mod_rad_auth. But I am getting a few error s which I am unable to fix:) BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusclient problems
On 11/4/2011 2:20 PM, Arran Cudbard-Bell wrote: On 4 Nov 2011, at 12:55, Miha Zoubek wrote: On 11/4/2011 12:12 PM, Phil Mayers wrote: On 04/11/11 10:53, Miha Zoubek wrote: Hi, I have installedradiusclient. When I start it for a test I get this: xxx.xxx.xxx.xxx: can't parse AV pair Radiusclientis on different server thatfreeradius. I checked dictionary s and all looks good. This isn't really a FreeRADIUS issue. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sorry for bothering you. Is not radius client part of freeradius? No, radclient is part of FreeRADIUS Arran Cudbard-Bell a.cudba...@freeradius.org <mailto:a.cudba...@freeradius.org> Betelwiki, Betelwiki, Betelwikihttp://wiki.freeradius.org/ ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This is written on Freeradius page: FreeRADIUS Client release is available from: ftp://ftp.freeradius.org/pub/freeradius/freeradius-client-1.1.6.tar.bz2 Ok, do you meybe know where can I get help about this issue? Sorry for bothering you, but I really need some information to get this working. BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusclient problems
On 11/4/2011 12:12 PM, Phil Mayers wrote: On 04/11/11 10:53, Miha Zoubek wrote: Hi, I have installedradiusclient. When I start it for a test I get this: xxx.xxx.xxx.xxx: can't parse AV pair Radiusclientis on different server thatfreeradius. I checked dictionary s and all looks good. This isn't really a FreeRADIUS issue. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sorry for bothering you. Is not radius client part of freeradius? BR,Miha** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusclient problems
Hi, I have installedradiusclient. When I start it for a test I get this: xxx.xxx.xxx.xxx: can't parse AV pair Radiusclientis on different server thatfreeradius. I checked dictionary s and all looks good. Please help me out with this issue. Thank you! BR, Miha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi,
thank you for all your help!!
Now it works perfectly!!
Br,
Miha
On 9/26/2011 10:58 AM, Alan DeKok wrote:
Miha Zoubek wrote:
I add this to my post-auth { } section:
update reply {
3GPP2-Prepaid-acct-Capability
=%{request:3GPP2-Prepaid-acct-Capability}
Acct-Multi-Session-Id =%{request:Acct-Multi-Session-Id}
3GPP2-Session-Termination-Capability
=%{request:3GPP2-Session-Termination-Capability}
3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator}
Put quotes around the values, as suggested in another email, and in
the "unlang" documentation.
3GPP2-Release-Indicator = "%{3GPP2-Release-Indicator}"
And you don't need the "request" portion. The documentation says the
"request" list is used by default.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
@Alexandre,
I have one more question.
I am looking at this post post-auth { } section.
I can see that the values are not added to attributes in
access-accept. For example:
Module: Checking post-auth {...} for more modules to load
/etc/raddb/sites-enabled/default[460]: ERROR: Failed to find IP
address for %{request:NAS-IP-Address}
/etc/raddb/sites-enabled/default[456]: Errors parsing post-auth
section.
if I look in access-reqest section (I have comment
%{request:NAS-IP-Address}):
Ready to process requests.
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx port
40239, id=140, length=206
Acct-Multi-Session-Id = "1317025759333"
Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Calling-Station-Id = "81609000"
NAS-Identifier = "intraswitch"
NAS-IP-Address = xxx.xxx.xxx.xxx
3GPP2-Prepaid-acct-Capability = 0x01060002
3GPP2-Session-Termination-Capability = 1
h323-conf-id = "h323-conf-id=1317025759333"
Vendor-Specific = 0x0009
Event-Timestamp = "Sep 26 2011 10:29:19 CEST"
User-Name = "081609000"
User-Password = "1122"
I can see that the ip from NAS is send. If I have this line written
(NAS-IP-Address = %{request:NAS-IP-Address}) the radius will not
start.
Should this be add the any other section then post-auth {...}?
BR,
MIha
On 9/24/2011 2:43 PM, Alexandre Chapellon wrote:
Le 23/09/2011 22:01, Miha a écrit :
Hi @Alexandre,
here is a copy from me default file:
post-auth {
# Get an address from the IP Pool.
# main_pool
update reply {
3GPP2-Prepaid-acct-Capability =
%{request:3GPP2-Prepaid-acct-Capability}
}
update reply {
Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
}
IIRC I use double quoted variables
in my config. Anyway, this is odd it happens for the second
attributes and not the first one.
I have also try this way, but still the same:
update reply {
3GPP2-Prepaid-acct-Capability =
%{request:3GPP2-Prepaid-acct-Capability}
Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
}
This sounds better.
I do not see any problem with quotes.
Thank you!
Br,
Miha
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4834972.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Alexandre Chapellon
Ingénierie des systèmes open sources et
réseaux.
Follow me on twitter: @alxgomz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi @Alexandre,
I add this to my post-auth { } section:
update reply {
3GPP2-Prepaid-acct-Capability
=%{request:3GPP2-Prepaid-acct-Capability}
Acct-Multi-Session-Id =%{request:Acct-Multi-Session-Id}
3GPP2-Session-Termination-Capability
=%{request:3GPP2-Session-Termination-Capability}
3GPP2-Release-Indicator =%{request:3GPP2-Release-Indicator}
}
From the debug I get:
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
/etc/raddb/sites-enabled/default[462]: ERROR: Unknown value
%{request:3GPP2-Session-Termination-Capability} for attribute
3GPP2-Session-Termination-Capability
/etc/raddb/sites-enabled/default[456]: Errors parsing post-auth
section.
Why I am getting 3GPP2-Session-Termination-Capability as unknown
value (I have this attribute in my dictionaries) as this value
(value of 3GPP2-Session-Termination-Capability attribute) is send in
access-request packet?
For 3GPP2-Session-Termination-Capability
=%{request:3GPP2-Session-Termination-Capability} I am still getting
Acct-Multi-Session-Id = "%{request:Acct-Multi-Session-Id}".
Here is access-request from Wireshark for batter pictre:
access-request:
Attribute Value Pairs
AVP: l=15 t=Acct-Multi-Session-Id(50): 1317016867140 (I
need this one in access-accept)
Acct-Multi-Session-Id: 1317016867140
AVP: l=41 t=Vendor-Specific(26) v=Cisco(9)
VSA: l=35 t=Unknown-Attribute(130):
683332332d63616c6c696e672d656e74657270726973652d...
Unknown-Attribute:
683332332d63616c6c696e672d656e74657270726973652d...
AVP: l=10 t=Calling-Station-Id(31): 81609000
Calling-Station-Id: 81609000
AVP: l=13 t=NAS-Identifier(32): intraswitch
AVP: l=6 t=NAS-IP-Address(4): xxx.xxx.xxx.xxx
AVP: l=14 t=Vendor-Specific(26) v=3GPP2(5535) (I need this
one in access-accept)
VSA: l=8 t=3GPP2-Prepaid-acct-Capability(91):
01060002
3GPP2-Prepaid-acct-Capability: 01060002
AVP: l=12 t=Vendor-Specific(26) v=3GPP2(5535) (I need
this one in access-accept)
VSA: l=6 t=3GPP2-Session-Termination-Capability(88): 1
3GPP2-Session-Termination-Capability: 1
AVP: l=34 t=Vendor-Specific(26) v=Cisco(9)
VSA: l=28 t=h323-conf-id(24): h323-conf-id=1317016867140
h323-conf-id: h323-conf-id=1317016867140
AVP: l=6 t=Vendor-Specific(26) v=Cisco(9)
AVP: l=6 t=Event-Timestamp(55): Sep 26, 2011
08:01:07.0 Central Europe Daylight Time
AVP: l=11 t=User-Name(1): 081609000
AVP: l=18 t=User-Password(2): Encrypted
Thank you!
BR,
Miha
On 9/24/2011 2:43 PM, Alexandre Chapellon wrote:
Le 23/09/2011 22:01, Miha a écrit :
Hi @Alexandre,
here is a copy from me default file:
post-auth {
# Get an address from the IP Pool.
# main_pool
update reply {
3GPP2-Prepaid-acct-Capability =
%{request:3GPP2-Prepaid-acct-Capability}
}
update reply {
Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
}
IIRC I use double quoted variables
in my config. Anyway, this is odd it happens for the second
attributes and not the first one.
I have also try this way, but still the same:
update reply {
3GPP2-Prepaid-acct-Capability =
%{request:3GPP2-Prepaid-acct-Capability}
Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
}
This sounds better.
I do not see any problem with quotes.
Thank you!
Br,
Miha
--
View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4834972.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Alexandre Chapellon
Ingénierie des systèmes open sources et
réseaux.
Follow me on twitter: @alxgomz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi @Alexandre,
here is a copy from me default file:
post-auth {
# Get an address from the IP Pool.
# main_pool
update reply {
3GPP2-Prepaid-acct-Capability =
%{request:3GPP2-Prepaid-acct-Capability}
}
update reply {
Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
}
I have also try this way, but still the same:
update reply {
3GPP2-Prepaid-acct-Capability =
%{request:3GPP2-Prepaid-acct-Capability}
Acct-Multi-Session-Id = %{request:Acct-Multi-Session-Id}
}
I do not see any problem with quotes.
Thank you!
Br,
Miha
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4834972.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi @Alen and @Alexandra,
Hi,
in radgroupreplay I have defined attribute 3GPP2-Prepaid-acct-Capability
and put some value to it.
I know this is wrong because this value should be dynamically get from
Access-Request (attribute 3GPP2-Prepaid-acct-Capability).
update reply {
3GPP2-Prepaid-acct-Capability = %{request:attributesValue}
}
What should be attributesValue if I whould like that attributesValue is
value from Access-Request (attribute 3GPP2-Prepaid-acct-Capability)?
If I am right this must I put in sites-available/default ?
I have put it in default but replay is being sent in Accounting-Response
packet.
Thanks!
BR,
Miha
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4833410.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access Accept
Hi,
in radgroupreplay I have defined attribute
3GPP2-Prepaid-acct-Capability and put some value to it.
I know this is wrong because this value should be dynamically get from
Access-Request (attribute 3GPP2-Prepaid-acct-Capability).
update reply {
3GPP2-Prepaid-acct-Capability= %{request:3GPP2-Prepaid-acct-Capability}
}
Is this right?
If I am right this must I put in radiusd.conf ?
Thanks!
BR,
Miha
On 9/23/2011 2:00 PM, Alan DeKok wrote:
Miha wrote:
Problem is that I have put
manually values for attributes in Accept packet (values should be from
Access-Request) .
What does that mean?
How do you "manually add values" ?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access Accept
Hi, I have read freeradius wiki and other topic on this forum concerning this thread but I did not find anything useful. I have problems whit Access Accept packet. I have put few attributes in radgroupreply. Now I can see attributes in Access Accept packet. Problem is that I have put manually values for attributes in Accept packet (values should be from Access-Request) . How can I add attributes values which was send in Access-Request to be send back in Access Accept? Thank you very much! BR, Miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Access-Accept-tp4832711p4832711.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radgroup replay
Hello guys, I was bothering you one month ago about my radius problem with centile ( problem was that centile was not sending right secret). We have finally fixed this issue and now the call goes through. I am facing different problem. After I answer on phone my call is being dropped by centile because radius is not sending back few parameters. Do I have to put this parameters in radgroupreplay? thank you!!! Miha -- View this message in context: http://freeradius.1045715.n5.nabble.com/Radgroup-replay-tp4263674p4263674.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Thanks @Alan DeKok-2 and @Fajar A. Nugraha for your help!
After exchanging few email with centile I noticed that they are unwilling to
change there configuration setting.
So dou to our softswitch (Centile) for voip It is just not so easy buy and
set a new one.
This radius that we have from Ibill (compatible with centile) we would relay
like to replace due to problems with it.
SO finaly Centile (from the start they telling us that the centile works
with freeradius) said that centile is having problems with 3GPP2.
Is there any way to get this working. Where the changes should be made on
freeradius?
Or to ask in a different way is there any way to get this working :) ?
Thanks!!
I have also tried with ACCEPT like @Fajar A. Nugrah said but I got this
problem (finally my phone begun ringing but new problem rise with media):
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique
ID MAY be inconsistent
[acct_unique] Hashing ',Client-IP-Address = 212.13.228.58,NAS-IP-Address =
212.13.228.58,Acct-Session-Id = "129464837317821",User-Name = "081609000"'
[acct_unique] Acct-Unique-Session-ID = "d9d5c2ea191e529f".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "081609000", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
-> /var/log/radius/radacct/212.13.228.58/detail-20110110
[detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radius/radacct/212.13.228.58/detail-20110110
[detail] expand: %t -> Mon Jan 10 09:32:58 2011
++[detail] returns ok
++[unix] returns noop
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> 081609000
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> 081609000
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 3 to 212.13.228.58 port 35277
Finished request 4.
Cleaning up request 4 ID 3 with timestamp +13
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 3 ID 66 with timestamp +13
Ready to process requests.
[ Show » ] softnet added a comment - 10/Jan/11 09:53 AM Hello, what about
this issue? I have put 081609000 to Accept in users file to try this way.
The call reach the telefone but another problem appears due to port is not
send in the request of NAS to freeradius. Thanks! ++[mschap] returns noop
++[digest] returns noop [suffix] No '@' in User-Name = "081609000", looking
up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No
EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry
081609000 at line 71 ++[files] returns ok ++[expiration] returns noop
++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting
to PAP ++[pap] returns noop Found Auth-Type = Accept Auth-Type = Accept,
accepting the user
Executing section post-auth from file /etc/raddb/sites-enabled/default +-
entering group post-auth {...} ++[exec] returns noop Sending Access-Accept
of id 66 to 212.13.228.58 port 59985 Finished request 3. Going to the next
request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from
host 212.13.228.58 port 35277, id=3, length=593 User-Name = "081609000"
User-Password = "v7\265\345" Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Acct-Multi-Session-Id = "1294648373178" Calling-Station-Id = "81609000"
Called-Station-Id = "38651357952" Cisco-AVPair =
"h323-called-enterprise-id=NexTone" h323-remote-address =
"h323-remote-address=212.13.249.90" Acct-Session-Id = "129464837317821"
h323-conf-id = "h323-conf-id=1294648373178" h323-incoming-conf-id =
"h323-incoming-conf-id=1294648373178" h323-call-origin =
"h323-call-origin=originate" h323-call-type = "h323-call-type=VOIP"
h323-setup-time = "h323-setup-time=08:32:53.182 GMT Mon Jan 10 2011"
Acct-Multi-Session-Id = "1294648373178" h323-connect-time =
"h323-connect-time=08:32:58.924 GMT Mon Jan 10 2011" h323-disconnect-time =
"h323-disconnect-time=08:32:58.934 GMT Mon Jan 10 2011"
h323-disconnect-cause = "h323-disconnect-cause=66" Acct-Status-Type = Stop
Acct-Session-Time = 0 Event-Timestamp = "Jan 10 2011 09:32:58 CET" #
Executing section preacct from file /etc/raddb/sites-enabled/default +-
entering group preacct {...} ++[preprocess] returns ok [acct_unique]
WARNING: Attribute NAS-Port was not found in request, unique ID MAY be
inconsistent [acct_unique] Hashing ',Client-IP-Address =
212.13.228.58,NAS-IP-Address = 212.13.228.58,Acct-Session-Id =
"129464837317821",User-Name = "081609000"' [acct_unique]
Acct-Un
Re: Voip database
Hello, I got answere what should I do that the freeradius will work with centile. Can you help me out where can I customized this settings? Thanks!!! miha Currently, there is a password matching issue because the User-Password encoding is different during the Authentication from the Authorization. During the Authentication step, the Centile's radius client send a User-Password encrypted with the secret. But during the Authorization step, we don't expect the Radius server to check again this password (which is sent anyway, I don't know if this is a bug or if it is required by Eyebill...). The Authorization request contains the attribute Acct-Status-Type with the value 17 that means "authorize only". It also contains the attribute Message-Authenticator with the digest value. So Freeradius should use those two attributes to accept or reject the request instead of the User-Name and User-Password. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3326679.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Voip database
Hello :)
I got this from centile guys?
I am now installing freeradius on different server with different equipment
to see which section (equipment) is adding this fields to massagas.
I have only one quastion. I am running freeradius on ESXi as a Vmware
machine. Could this be the cause of the problem?
THanks!!!
According to the log, first step is done correctly.
Issue is located on the second request, due to password received:
User-Password = "{"
It seems that Radius server receives a request which is not formatted
correctly.
Do you have any equipment used as proxy between IntraSwitch and Radius ?
Some fields not provided by IntraSwitch are added into messages as the
following:
Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Do you have a specific architecture which would cause such behavior ?
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3319133.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Voip database
Thank you very much for you help!!! I will ask them that and that I will report back! Thanks guys! miha > Date: Tue, 21 Dec 2010 18:11:21 +0700 > Subject: Re: Voip database > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Tue, Dec 21, 2010 at 3:52 PM, Miha Zoubek wrote: > > Belive me that I am asking centile people to. And to let you know I have > > begun asking centile.com before I made first post on this forum. > > I noticed from you earlier debug output that the NAS is sending > different attributes. The working one (I selected some attributes > only): > >NAS-Identifier = "intraswitch" >NAS-IP-Address = 1.2.3.4 >3GPP2-Prepaid-acct-Capability = 0x01060002 >3GPP2-Session-Termination-Capability = 1 >h323-conf-id = "h323-conf-id=1292574457509" >Vendor-Specific = 0x0009 > > the non working one > >Called-Station-Id = "38651357952" >Cisco-AVPair = "h323-called-enterprise-id=External" >h323-remote-address = "h323-remote-address=unknown" >Acct-Session-Id = "129257445750920" >h323-conf-id = "h323-conf-id=1292574457509" >h323-incoming-conf-id = "h323-incoming-conf-id=1292574457509" >3GPP2-Prepaid-Acct-Quota = 0x0a06564f495008040002 >Acct-Status-Type = One-Time >Message-Authenticator = 0x6f793daff586ab35701631c5f2a48d96 > > why is that? > It almost seems like the request was made from two different NAS. In > your question to centile people, it might help to also ask whether the > device has more than one radius config section. > > -- > Fajar > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Voip database
Belive me that I am asking centile people to. And to let you know I have begun asking centile.com before I made first post on this forum. thanks! > Date: Tue, 21 Dec 2010 09:44:47 +0100 > From: al...@deployingradius.com > To: freeradius-users@lists.freeradius.org > Subject: Re: Voip database > > miha- wrote: > > ##- Activate RADIUS connection > > setProperty com.centile.connectors.aaa.watchdog.enable false > > setProperty com.centile.connectors.aaa radius > > setProperty com.centile.connectors.aaa.localserv intraswitch > > setProperty com.centile.connectors.aaa.localpass 1122 > > setProperty com.centile.connectors.aaa.remotserv 1.2.3.5 (ip of freeradius) > > setProperty com.centile.connectors.aaa.remotport 1812 > > setProperty com.centile.connectors.aaa.calltype any > > Go ask the centile.com people why their RADIUS client doesn't work. > > It is *not* our problem. > > FreeRADIUS works with Cisco, Juniper, HP, SIP servers, firewalls, > switches, routers, open source, closed source, etc. > > Let me guess: in all of your time taken posting to this list, you > haven't bothered asking the centile.com people any questions. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
1.
My ip 1.2.3.4 (if will not post right one for security reasons)
2. Configuration on NAS
##- Activate RADIUS connection
setProperty com.centile.connectors.aaa.watchdog.enable false
setProperty com.centile.connectors.aaa radius
setProperty com.centile.connectors.aaa.localserv intraswitch
setProperty com.centile.connectors.aaa.localpass 1122
setProperty com.centile.connectors.aaa.remotserv 1.2.3.5 (ip of freeradius)
setProperty com.centile.connectors.aaa.remotport 1812
setProperty com.centile.connectors.aaa.calltype any
3. clients.conf
client 1.2.3.4 (ip nas) {
secret = 1122
shortname = intraswitch
nastype = cisco
# require_message_authenticator = no
}
Thanks
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3313149.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Thank you @Johan Meiring for that.
It is not my intend to spam the group and asking same question again and
again. Belive me that I have done everything that you said (I changed secret
on the NAS and ond the radius and I restarted both,...).
So please help me out with this problem.
I can see that the secret is wrong. But why?
First request goes through:
+- entering group PAP {...}
[pap] login attempt with password "1122"
[pap] Using clear text password "1122"
[pap] User authenticated successfully
But the second what is rejected due to wrong secret.
User-Name = "081609000"
User-Password = "\257+\360\350"
[pap] login attempt with password "¯+ðè"
[pap] Using clear text password "1122"
[pap] Passwords don't match
SO this I am asking. If the first time secret is right and for the second
request is wrong. Could the different encryption (the is sending nas) is
causing the problem?
I have also looked at the AVP pairs that the freeradius is sending to nas.
IF I looked at the AVP pairs which are send from our radius (Ibill solution)
to NAS I see that the freeradius is not sending all AVP pairs.
Could this be cause of problem?
I am realy greadful for you help!
miha
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3313123.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Hello,
this is user-name and password for phone that is registered on NAS. NAS is
sending authentication to freeradius server.
Is not shared secret different thing? I have shared secret entered in
clients.conf and in sql NAS table.
First he is trying with password 1122 for user name 081609000 and this is
accepted:
+- entering group PAP {...}
[pap] login attempt with password "1122"
[pap] Using MD5 encryption.
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post
Than he is trying with User-Password = "\022\312w\014 but the password is
set on 1122
Why?
Thank you
p.s.: if I try with radtest everything goes throught!
miha
User-Password = "\022\312w\014"
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3309176.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Hello,
in wireshark I can see now that the first request for access goes throught
but the second one for accounting is rejected.
Can you help me out why?
What about encryption ? The secret on the nas server and on the radius is
100% same.
Where can I look for this?
I have chacked everything you said for now.
Thanks!
Miha
Cleaning up request 1 ID 176 with timestamp +12
Ready to process requests.
rad_recv: Access-Request packet from host 1.2.3.4 port 55983, id=139,
length=206
Acct-Multi-Session-Id = "1292574457509"
Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Calling-Station-Id = "81609000"
NAS-Identifier = "intraswitch"
NAS-IP-Address = 1.2.3.4
3GPP2-Prepaid-acct-Capability = 0x01060002
3GPP2-Session-Termination-Capability = 1
h323-conf-id = "h323-conf-id=1292574457509"
Vendor-Specific = 0x0009
Event-Timestamp = "Dec 17 2010 09:27:37 CET"
User-Name = "081609000"
User-Password = "1122"
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "081609000", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[pgsql-voip]expand: %{User-Name} -> 081609000
[pgsql-voip] sql_set_user escaped user --> '081609000'
rlm_sql (pgsql-voip): Reserving sql socket id: 22
[pgsql-voip]expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
UserName, Attribute, Value, Op FROM radcheck WHERE Username =
'081609000' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 3 , fields = 5
[pgsql-voip] User found in radcheck table
[pgsql-voip]expand: SELECT id, UserName, Attribute, Value, Op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id,
UserName, Attribute, Value, Op FROM radreply WHERE Username =
'081609000' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[pgsql-voip]expand: SELECT GroupName FROM radusergroup WHERE
UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='081609000' ORDER BY priority
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 1
[pgsql-voip]expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupcheck WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id,
GroupName, Attribute, Value, op FROM radgroupcheck WHERE GroupName =
'dynamic' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 1 , fields = 5
[pgsql-voip] User found in group dynamic
[pgsql-voip]expand: SELECT id, GroupName, Attribute, Value, op FROM
radgroupreply WHERE GroupName = '%{Sql-Group}' ORDER BY id -> SELECT id,
GroupName, Attribute, Value, op FROM radgroupreply WHERE GroupName =
'dynamic' ORDER BY id
rlm_sql_postgresql: Status: PGRES_TUPLES_OK
rlm_sql_postgresql: query affected rows = 4 , fields = 5
rlm_sql (pgsql-voip): Released sql socket id: 22
++[pgsql-voip] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "1122"
[pap] Using MD5 encryption.
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 139 to 1.2.3.4 port 55983
Vendor-Specific := 0x3347505032
3GPP2-Prepaid-acct-Capability := 0x303130363030303030303032
3GPP2-Session-Termination-Capability := 1
3GPP2-Release-Indicator := 0
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 1.2.3.4 port 55121, id=193,
length=335
User-Name = "081609000"
User-Password = "\022\312w\014"
Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Acct-Multi-Session-Id = "1292574457509"
Calling-Station-Id = "81609000"
Called-Station-Id = "38651357952"
Cisco-AVPair = &quo
RE: Voip database
Hello,
I have tried with radtest from other server with the same configuration:I get
this (this is ok) :
pap] returns noopFound Auth-Type = PAP# Executing group from file
/etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt
with password "12345"[pap] Using clear text password "12345"[pap] User
authenticated successfully++[pap] returns ok# Executing section post-auth from
file /etc/raddb/sites-enabled/default+- entering group post-auth {...}++[exec]
returns noopSending Access-Accept of id 57 to 1.2.3.4 port 56067
Framed-Compression := Van-Jacobson-TCP-IPFramed-Protocol := PPP
Service-Type := Framed-UserFinished request 0.Going to the next req
When I try with same configuration from NAS I get:I guss that is something
wrong with my NAS?
+[expiration] returns noop++[logintime] returns noop[pap] WARNING: Auth-Type
already set. Not setting to PAP++[pap] returns noopFound Auth-Type = PAP#
Executing group from file /etc/raddb/sites-enabled/default+- entering group PAP
{...}[pap] login attempt with password "áø{k?"[pap] Using clear text password
"12345"[pap] Passwords don't match++[pap] returns rejectFailed to authenticate
the user. WARNING: Unprintable characters in the password.Double-check
the shared secret on the server and the NAS!
Thank you!!!
> Date: Wed, 8 Dec 2010 16:42:36 +0100
> From: al...@deployingradius.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Voip database
>
> Miha Zoubek wrote:
> > Ok, if I set operation := I get this ( secret is 100% right)
>
> Sorry... changing the contents of the "radcheck" table has *no* effect
> on the shared secret for the client.
>
> Something else is going on.
>
> Since you previously butchered the default configuration and broke it,
> my guess would be that you've broken something else, too.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Voip database
Ok, if I set operation := I get this ( secret is 100% right)
_sql_postgresql: query affected rows = 3 , fields = 5rlm_sql (pgsql-voip):
Released sql socket id: 11++[pgsql-voip] returns ok++[expiration] returns
noop++[logintime] returns noop[pap] WARNING: Auth-Type already set. Not
setting to PAP++[pap] returns noopFound Auth-Type = PAP# Executing group from
file /etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login
attempt with password " ûñ±?"[pap] Using clear text password "12345"[pap]
Passwords don't match++[pap] returns rejectFailed to authenticate the user.
WARNING: Unprintable characters in the password.Double-check the shared
secret on the server and the NAS!Using Post-Auth-Type Reject# Executing group
from file /etc/raddb/sites-enabled/default+- entering group REJECT
{...}[attr_filter.access_reject] expand: %{User-Name} -> 081609000
attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject]
returns updated
From: miha_zou...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: RE: Voip database
Date: Wed, 8 Dec 2010 14:22:10 +
Thank you for your help!
I included dailup.conf in voip-postpaid.conf.Now I getting different error:
I have put this in tables:
Nas: nasname: intraswitch, shortname: intraswitch, type: other, port: 1812:
sercet: b, server: 1.2.3.4 (ip server), nad for comunity and dicription
nullRadcheck: id: 1, username: 081609000, attribure: Cleartext-Password, Value:
12345, op: :=Radreply: id:1 , username: 081609000: atributte: Fall-Through, op:
=, vaule: yes
Thank you!
ecv: Access-Request packet from host 212.13.228.58 port 38380, id=198,
length=206Acct-Multi-Session-Id = "1291817780502"Cisco-Attr-130
= 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Calling-Station-Id = "81609000"NAS-Identifier = "intraswitch"
NAS-IP-Address = 212.13.228.583GPP2-Prepaid-acct-Capability =
0x010600023GPP2-Session-Termination-Capability = 1
h323-conf-id = "h323-conf-id=1291817780502"Vendor-Specific = 0x0009
Event-Timestamp = "Dec 8 2010 15:16:20 CET"User-Name =
"081609000"User-Password = "12345"# Executing section authorize from
file /etc/raddb/sites-enabled/default+- entering group authorize
{...}++[preprocess] returns ok++[chap] returns noop++[mschap] returns
noop++[digest] returns noop[suffix] No '@' in User-Name = "081609000", looking
up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No
EAP-Message, not doing EAP++[eap] returns noop[pgsql-voip]expand:
%{User-Name} -> 081609000[pgsql-voip] sql_set_user escaped user -->
'081609000'rlm_sql (pgsql-voip): Reserving sql socket id: 24[pgsql-voip]
expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute,
Value, Op FROM radcheck WHERE Username = '081609000' ORDER BY
idrlm_sql_postgresql: Status: PGRES_TUPLES_OKrlm_sql_postgresql: query affected
rows = 1 , fields = 5[pgsql-voip]expand: SELECT GroupName FROM radusergroup
WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='081609000' ORDER BY priorityrlm_sql_postgresql:
Status: PGRES_TUPLES_OKrlm_sql_postgresql: query affected rows = 0 , fields =
1rlm_sql (pgsql-voip): Released sql socket id: 24[pgsql-voip] User 081609000
not found++[pgsql-voip] returns notfound++[expiration] returns
noop++[logintime] returns noop[pap] WARNING! No "known good" password found for
the user. Authentication may fail because of this.++[pap] returns noopERROR:
No authenticate method (Auth-Type) found for the request: Rejecting the
userFailed to authenticate the user.Using Post-Auth-Type Reject# Executing
group from file /etc/raddb/sites-enabled/default+- entering group REJECT
{...}[attr_filter.access_reject] expand: %{User-Name} -> 081609000
attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject]
returns updatedDelaying reject of request 0 for 1 secondsGoing to the next
requestWaking up in 0.9 seconds.rad_recv: Access-Request packet from host
212.13.228.58 port 38380, id=198, length=206Waiting to send Access-Reject to
client intraswitch port 38380 - ID: 198Sending delayed reject for request
0Sending Access-Reject of id 198 to 212.13.228.58 port 38380Waking up in 4.9
seconds.
> Date: Wed, 8 Dec 2010 16:29:27 +0700
> Subject: Re: Voip database
> From: w...@fajar.net
> To: freeradius-users@lists.freeradius.org
>
> On Wed, Dec 8, 2010 at 2:55 PM, Miha Zoubek wrote:
> > I have replace voip-postpaid.conf with new one but still the same.
&
RE: Voip database
Thank you for your help!
I included dailup.conf in voip-postpaid.conf.Now I getting different error:
I have put this in tables:
Nas: nasname: intraswitch, shortname: intraswitch, type: other, port: 1812:
sercet: b, server: 1.2.3.4 (ip server), nad for comunity and dicription
nullRadcheck: id: 1, username: 081609000, attribure: Cleartext-Password, Value:
12345, op: :=Radreply: id:1 , username: 081609000: atributte: Fall-Through, op:
=, vaule: yes
Thank you!
ecv: Access-Request packet from host 212.13.228.58 port 38380, id=198,
length=206Acct-Multi-Session-Id = "1291817780502"Cisco-Attr-130
= 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Calling-Station-Id = "81609000"NAS-Identifier = "intraswitch"
NAS-IP-Address = 212.13.228.583GPP2-Prepaid-acct-Capability =
0x010600023GPP2-Session-Termination-Capability = 1
h323-conf-id = "h323-conf-id=1291817780502"Vendor-Specific = 0x0009
Event-Timestamp = "Dec 8 2010 15:16:20 CET"User-Name =
"081609000"User-Password = "12345"# Executing section authorize from
file /etc/raddb/sites-enabled/default+- entering group authorize
{...}++[preprocess] returns ok++[chap] returns noop++[mschap] returns
noop++[digest] returns noop[suffix] No '@' in User-Name = "081609000", looking
up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap] No
EAP-Message, not doing EAP++[eap] returns noop[pgsql-voip]expand:
%{User-Name} -> 081609000[pgsql-voip] sql_set_user escaped user -->
'081609000'rlm_sql (pgsql-voip): Reserving sql socket id: 24[pgsql-voip]
expand: SELECT id, UserName, Attribute, Value, Op FROM radcheck WHERE
Username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, UserName, Attribute,
Value, Op FROM radcheck WHERE Username = '081609000' ORDER BY
idrlm_sql_postgresql: Status: PGRES_TUPLES_OKrlm_sql_postgresql: query affected
rows = 1 , fields = 5[pgsql-voip]expand: SELECT GroupName FROM radusergroup
WHERE UserName='%{SQL-User-Name}' ORDER BY priority -> SELECT GroupName FROM
radusergroup WHERE UserName='081609000' ORDER BY priorityrlm_sql_postgresql:
Status: PGRES_TUPLES_OKrlm_sql_postgresql: query affected rows = 0 , fields =
1rlm_sql (pgsql-voip): Released sql socket id: 24[pgsql-voip] User 081609000
not found++[pgsql-voip] returns notfound++[expiration] returns
noop++[logintime] returns noop[pap] WARNING! No "known good" password found for
the user. Authentication may fail because of this.++[pap] returns noopERROR:
No authenticate method (Auth-Type) found for the request: Rejecting the
userFailed to authenticate the user.Using Post-Auth-Type Reject# Executing
group from file /etc/raddb/sites-enabled/default+- entering group REJECT
{...}[attr_filter.access_reject] expand: %{User-Name} -> 081609000
attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject]
returns updatedDelaying reject of request 0 for 1 secondsGoing to the next
requestWaking up in 0.9 seconds.rad_recv: Access-Request packet from host
212.13.228.58 port 38380, id=198, length=206Waiting to send Access-Reject to
client intraswitch port 38380 - ID: 198Sending delayed reject for request
0Sending Access-Reject of id 198 to 212.13.228.58 port 38380Waking up in 4.9
seconds.
> Date: Wed, 8 Dec 2010 16:29:27 +0700
> Subject: Re: Voip database
> From: w...@fajar.net
> To: freeradius-users@lists.freeradius.org
>
> On Wed, Dec 8, 2010 at 2:55 PM, Miha Zoubek wrote:
> > I have replace voip-postpaid.conf with new one but still the same.
> > I this configuration file (voip-postpaid.conf) is written:
> > uthcheck_table = "radcheck"
> > authreply_table = "radreply"
> > groupcheck_table = "radgroupcheck"
> > groupreply_table = "radgroupreply"
> > usergroup_table = "radusergroup"
>
> Perhaps we started on the wrong assumptions.
> What do you intend to use postgresql for? Is it
> (a) only to store accounting data, or
> (b) to store user names/password AND accounting data
>
> if it's (a), then there should be nothing wrong with your first
> config. You simply need to place user data for "081609000" in whatever
> "database" you choose (whether it's users file, or something else).
> The error could simply be because you haven't define that user yet.
>
>
> If it's (b), then you need to forget for a moment that you're using it
> for voip. It doesn't really matter with regards to the problem you're
> facing. Get freeradius working with postgresql first.
>
> Your debug log says
>
RE: Voip database
I have replace voip-postpaid.conf with new one but still the same.
I this configuration file (voip-postpaid.conf) is written:
uthcheck_table = "radcheck"authreply_table = "radreply"
groupcheck_table = "radgroupcheck"groupreply_table =
"radgroupreply"
usergroup_table = "radusergroup"
But in readme file is written that I must import cisco_h323_db_schema.sql in
postgresql.
In this shema (cisco_h323_db_schema.sql) there is no rad check or radreplay,
only startvoip, etc.
Thank you very much with your help!!!
miha
> Date: Tue, 7 Dec 2010 22:43:32 +0700
> Subject: Re: Voip database
> From: w...@fajar.net
> To: freeradius-users@lists.freeradius.org
>
> On Tue, Dec 7, 2010 at 9:39 PM, Miha Zoubek wrote:
> > I put it there but still the same problem:
>
> No, it's not. It's a different problem. Look at the debug log you
> posted and you'll see it's a different problem altogether.
>
> > [pgsql-voip]expand: %{User-Name} -> 081609000
> > [pgsql-voip] sql_set_user escaped user --> '081609000'
> > rlm_sql (pgsql-voip): Reserving sql socket id: 24
> > [pgsql-voip]expand: ->
> > [pgsql-voip] Error generating query; rejecting user
>
> I'd focus on the last two lines.
> If the contents of your sql conf file contains something like this
> (as shown in your previous debug)
>
>authorize_check_query = ""
>authorize_group_check_query = ""
>authorize_group_reply_query = ""
>
> then the simple answer is you broke the config. Look at the original
> .conf file that comes with the distro/freeradius source (should be
> dialup.conf or some other file under /etc/raddb/sql or its
> subdirectory).
>
> --
> Fajar
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
I have uncomment only this # Cisco VoIP specific bulk accounting pgsql-voip under accounting section. I have not found it under authorize and authenticate. Must I put it there? Thanks! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Voip-database-tp3295546p3295827.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Voip database
Hello,
I need a little help:) I am setting radius for voip. I comment sql in
default file (authorize, Authentication) and I enable voip-postpaid for
postgresql. I have import filw for databases in
/etc/raddb/sql/postgresql/shema.sql.
Please help me out!
thanks!
I have put users in table but I am getting this error:
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql/postgresql/voip-postpaid.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
main {
user = "radiusd"
group = "radiusd"
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib64/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = "/var/run/radiusd/radiusd.pid"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = "status-server"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
irt = 2
mrt = 16
Help, authentication problems!!
Hello,
I am having problems with authentication. I chacked secret on NAS and on
Radius server. Bouth are some but the radius is keep telling to check the
secret.
What could be worng or I am missing ?
Thanks!!!
This is configuration on nas.
##- Activate RADIUS connection
setProperty com.centile.connectors.aaa.watchdog.enable false
setProperty com.centile.connectors.aaa radius
setProperty com.centile.connectors.aaa.localserv intraswitch
setProperty com.centile.connectors.aaa.localpass b(secret)
setProperty com.centile.connectors.aaa.remotserv 1.2.3.4
setProperty com.centile.connectors.aaa.remotport 1812
setProperty com.centile.connectors.aaa.calltype any
--
This is in cliente.cong
client 212.13.228.58 {
secret = b
shortname = intraswitch
nastype = cisco
1. Sample
If I typed wrong pass in sql for user authentication I see password from
user connection (12345) but it is wrong (12 in sql).
In sample 2 I put right pass in sql for user, but you can see that is the
radius is showing me that is encrypted and saying me WARNING: Unprintable
characters in the password.Double-check the shared secret on the
server and the NAS! . why?
1.
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "12345"
[pap] Using clear text password "12"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file
2.
ap] returns noop
[sql] expand: %{User-Name} -> 081609000
[sql] sql_set_user escaped user --> '081609000'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op FROM
radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radcheck
WHERE username = '081609000' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM
radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
-> SELECT id, username, attribute, value, op FROM radreply
WHERE username = '081609000' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE
username = '%{SQL-User-Name}' ORDER BY priority -> SELECT
groupname FROM radusergroup WHERE username = '081609000'
ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, Value, op
FROM radgroupcheck WHERE groupname = 'static' ORDER BY
id
[sql] User found in group static
[sql] expand: SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id -> SELECT id, groupname, attribute, value, op
FROM radgroupreply WHERE groupname = 'static' ORDER BY
id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "þqL?%"
[pap] Using clear text password "12345"
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
WARNING: Unprintable characters in the password.Double-check the
shared secret on the server and the NAS!
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> 081609000
attr_filter: Matched entry DEFAULT at line 11
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Help-authentication-problems-tp3293661p3293661.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text password (radius)
The interesting thig is this: If I change my password in sql (different
password) I can see the password.If I put right password in sql, when I am
trying to call I can see some encrypted password.
So, why the login password is encrypted if it is the same as sql passord?
thanks
# Executing group from file /etc/raddb/sites-enabled/default+- entering group
PAP {...}[pap] login attempt with password "/5§Ó?"[pap] Using clear text
password "12345"[pap] Passwords don't match++[pap] returns rejectFailed to
authenticate the user. WARNING: Unprintable characters in the password.
Double-check the shared secret on the server and the NAS!Using Post-Auth-Type
Reject
++[pap] returns updatedFound Auth-Type = PAP# Executing group from file
/etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt
with password "12345"[pap] Using clear text password "12"[pap] Passwords don't
match++[pap] returns rejectFailed to authenticate the user.Using Post-Auth-Type
Reject
From: miha_zou...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: RE: Clear text password (radius)
Date: Fri, 3 Dec 2010 10:00:10 +
Hello,
I have chacked all this thing but I do not see any problem.
This is configuration on nas:
##- Activate RADIUS connection
setProperty com.centile.connectors.aaa.watchdog.enable false
setProperty com.centile.connectors.aaa radius
setProperty com.centile.connectors.aaa.localserv intraswitch
setProperty com.centile.connectors.aaa.localpass 12345
setProperty com.centile.connectors.aaa.remotserv 1.2.3.4
setProperty com.centile.connectors.aaa.remotport 1812
setProperty com.centile.connectors.aaa.calltype any
You can see that the shered secret is 1235.
Please help me.
In attachment please find configuration files.
Thanks!!
miha
> Date: Fri, 3 Dec 2010 16:40:59 +0700
> Subject: Re: Clear text password (radius)
> From: w...@fajar.net
> To: freeradius-users@lists.freeradius.org
>
> On Fri, Dec 3, 2010 at 4:31 PM, Miha Zoubek wrote:
> > Now my secret on nas and on radius is the same but I am still
> > geting WARNING: Unprintable characters in the password.Double-check
> > the shared secret on the server and the NAS!.
>
> Did you change anything on the radius config files?
> Your previous debug does NOT show that problem.
> Something you do cause the shared secret to be mismtached again after that.
>
> PLEASE check these basic things beforehand, nobody likes wasting time.
>
> Judging from your questions, I highly suggest you simply use
> Cleartext-Password, and making sure you can authenticate succesfully
> first. Don't even bother with Crypt-Password or MD5-Password just yet.
>
> --
> Fajar
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text password (radius)
Thanks for you help!
I checked your links. But how can I know whitch encryption is using my nas
server ?
Now my secret on nas and on radius is the same but I am still geting WARNING:
Unprintable characters in the password.Double-check the shared secret
on the server and the NAS!.
Thank you!!!
++[pap] returns updatedFound Auth-Type = PAP# Executing group from file
/etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt
with password "wyE?"[pap] Using MD5 encryption.[pap] Passwords don't
match++[pap] returns rejectFailed to authenticate the user. WARNING:
Unprintable characters in the password.Double-check the shared secret
on the server and the NAS!Using Post-Auth-Type Reject# Executing group from
file /etc/raddb/sites-enabled/default+- entering group REJECT
{...}[attr_filter.access_reject] expand: %{User-Name} -> 081609000
attr_filter: Matched entry DEFAULT at line 11++[attr_filter.access_reject]
returns updatedDelaying reject of request 1 for 1 secondsGoing to the next
requestWaking up in 0.9 seconds.
> Date: Fri, 3 Dec 2010 16:02:04 +0700
> Subject: Re: Clear text password (radius)
> From: w...@fajar.net
> To: freeradius-users@lists.freeradius.org
>
> On Fri, Dec 3, 2010 at 3:57 PM, Miha Zoubek wrote:
> > Thanks!
> > how can I get this cryped password that should look like "uTDRbHPzsi4IE" ?
>
> Did you read the links I sent? Jump to the third one if you're impatient.
>
> > I am using radius for voip, could it be causing this problem becuse I
> > include sql.conf not voip-postpaid.conf ?
>
> No idea.
>
> I'd check first whether you REALLY want to use Crypt-password though.
> Using it pretty much limits your authentication to pap, and MS-CHAP
> won't work. Depending on your needs, that may or may not be
> acceptable.
>
> --
> Fajar
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text password (radius)
Thanks! how can I get this cryped password that should look like "uTDRbHPzsi4IE" ? I am using radius for voip, could it be causing this problem becuse I include sql.conf not voip-postpaid.conf ? thanks!! miha > Date: Fri, 3 Dec 2010 15:33:04 +0700 > Subject: Re: Clear text password (radius) > From: w...@fajar.net > To: freeradius-users@lists.freeradius.org > > On Fri, Dec 3, 2010 at 2:29 PM, Miha Zoubek wrote: > > > [pap] login attempt with password "1234" > > [pap] Using CRYPT password "1234" > > [pap] Passwords don't match > > > Why passwords do not match if they are the same. (1234)? > > Because Crypt-Password does not suppose to be the same as users' > password entry. You're supposed to store Unix-style "crypt"ed > passwords there. > > If the actual password is "1234", then the what you put in crypt > password column should look something like "uTDRbHPzsi4IE" > > See > http://freeradius.org/radiusd/man/rlm_pap.txt > http://en.wikipedia.org/wiki/Crypt_(Unix) > http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_encrypt > > -- > Fajar > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Clear text password (radius)
'%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup
WHERE username = '081609000' ORDER BY
priority[sql] expand: SELECT id,
groupname, attribute, Value, op F
ROM radgroupcheck WHERE groupname
= '%{Sql-Group}' ORDER BY
id -> SELECT id, groupname, attribute, Value, op
FROM radgro
upcheck WHERE groupname = 'static' ORDER BY id[sql] User
found in group static[sql] expand: SELECT id, groupname, attribute,
value, op F
ROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BYid ->
SELECT id, groupname, attribute, value, op FROM radgro
upreply
WHERE groupname = 'static' ORDER BY idrlm_sql (sql): Released sql
socket id: 4++[sql] returns ok[suffix] No '@' in User-Name = "081609000",
looking up realm NULL[suffix] No such realm "NULL"++[suffix] returns noop[eap]
No EAP-Message, not doing EAP++[eap] returns noop++[unix] returns notfound[sql]
expand: %{User-Name} -> 081609000[sql] sql_set_user escaped user -->
'081609000'rlm_sql (sql): Reserving sql socket id: 3[sql] expand: SELECT id,
username, attribute, value, op FROM radchec
k WHERE username =
'%{SQL-User-Name}' ORDER BY id -> SELECT
id, username, attribute, value, op
FROM radcheck WHERE usern
ame = '081609000' ORDER BY id[sql] User found in
radcheck table[sql] expand: SELECT id, username, attribute, value, op
FROM radrepl y
WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT
id, username,
attribute, value, op FROM radreply WHERE usern
ame = '081609000'
ORDER BY id[sql] expand: SELECT groupname FROM radusergroup
WHERE use rname
= '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname
FROM radusergroup
WHERE username = '081609000' ORDER BY
priority[sql] expand: SELECT id,
groupname, attribute, Value, op F
ROM radgroupcheck WHERE groupname
= '%{Sql-Group}' ORDER BY
id -> SELECT id, groupname, attribute, Value, op
FROM radgro
upcheck WHERE groupname = 'static' ORDER BY id[sql] User
found in group static[sql] expand: SELECT id, groupname, attribute,
value, op F
ROM radgroupreply WHERE groupname = '%{Sql-Group}'
ORDER BYid ->
SELECT id, groupname, attribute, value, op FROM radgro
upreply
WHERE groupname = 'static' ORDER BY idrlm_sql (sql): Released sql
socket id: 3++[sql] returns ok++[expiration] returns noop++[logintime] returns
noop++[pap] returns updatedFound Auth-Type = PAP# Executing group from file
/etc/raddb/sites-enabled/default+- entering group PAP {...}[pap] login attempt
with password "1234"[pap] Using CRYPT password "1234"[pap] Passwords don't
match++[pap] returns rejectFailed to authenticate the user.Using Post-Auth-Type
Reject# Executing group from file /etc/raddb/sites-enabled/default+- entering
group REJECT {...}[attr_filter.access_reject] expand
SQL modul
Hello,
at the end of this file I am getting massage Failed to load module"sql".
Could you please help me what to do ?
Thank you!
miha[r...@localhost sites-available]# /usr/local/sbin/radiusd -XFreeRADIUS
Version 2.1.10, for host x86_64-unknown-linux-gnu, built on Dec 1 2010 at
14:25:01Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU
General Public License v2. Starting - reading configuration files ...including
configuration file /usr/local/etc/raddb/radiusd.confincluding configuration
file /usr/local/etc/raddb/proxy.confincluding configuration file
/usr/local/etc/raddb/clients.confincluding files in directory
/usr/local/etc/raddb/modules/including configuration file
/usr/local/etc/raddb/modules/checkvalincluding configuration file
/usr/local/etc/raddb/modules/krb5including configuration file
/usr/local/etc/raddb/modules/sql_logincluding configuration file
/usr/local/etc/raddb/modules/linelogincluding configuration file
/usr/local/etc/raddb/modules/execincluding configuration file
/usr/local/etc/raddb/modules/ldapincluding configuration file
/usr/local/etc/raddb/modules/sradutmpincluding configuration file
/usr/local/etc/raddb/modules/chapincluding configuration file
/usr/local/etc/raddb/modules/radutmpincluding configuration file
/usr/local/etc/raddb/modules/inner-eapincluding configuration file
/usr/local/etc/raddb/modules/unixincluding configuration
file/usr/local/etc/raddb/modules/sqlcounter_expire_on_loginincluding
configuration file /usr/local/etc/raddb/modules/dynamic_clientsincluding
configuration file /usr/local/etc/raddb/modules/mac2ipincluding configuration
file /usr/local/etc/raddb/modules/counterincluding configuration file
/usr/local/etc/raddb/modules/smbpasswdincluding configuration file
/usr/local/etc/raddb/modules/filesincluding configuration file
/usr/local/etc/raddb/modules/realmincluding configuration file
/usr/local/etc/raddb/modules/etc_groupincluding configuration file
/usr/local/etc/raddb/modules/pamincluding configuration file
/usr/local/etc/raddb/modules/acct_uniqueincluding configuration file
/usr/local/etc/raddb/modules/detail.example.comincluding configuration file
/usr/local/etc/raddb/modules/preprocessincluding configuration file
/usr/local/etc/raddb/modules/digestincluding configuration file
/usr/local/etc/raddb/modules/mac2vlanincluding configuration file
/usr/local/etc/raddb/modules/opendirectoryincluding configuration file
/usr/local/etc/raddb/modules/attr_rewriteincluding configuration file
/usr/local/etc/raddb/modules/otpincluding configuration file
/usr/local/etc/raddb/modules/policyincluding configuration file
/usr/local/etc/raddb/modules/ippoolincluding configuration file
/usr/local/etc/raddb/modules/logintimeincluding configuration file
/usr/local/etc/raddb/modules/wimaxincluding configuration file
/usr/local/etc/raddb/modules/expirationincluding configuration file
/usr/local/etc/raddb/modules/attr_filterincluding configuration file
/usr/local/etc/raddb/modules/smsotpincluding configuration file
/usr/local/etc/raddb/modules/ntlm_authincluding configuration file
/usr/local/etc/raddb/modules/detailincluding configuration file
/usr/local/etc/raddb/modules/mschapincluding configuration file
/usr/local/etc/raddb/modules/detail.logincluding configuration file
/usr/local/etc/raddb/modules/papincluding configuration file
/usr/local/etc/raddb/modules/alwaysincluding configuration file
/usr/local/etc/raddb/modules/passwdincluding configuration file
/usr/local/etc/raddb/modules/cuiincluding configuration file
/usr/local/etc/raddb/modules/exprincluding configuration file
/usr/local/etc/raddb/modules/echoincluding configuration file
/usr/local/etc/raddb/modules/perlincluding configuration file
/usr/local/etc/raddb/eap.confincluding configuration file
/usr/local/etc/raddb/sql.confincluding configuration file
/usr/local/etc/raddb/policy.confincluding files in directory
/usr/local/etc/raddb/sites-enabled/including configuration
file/usr/local/etc/raddb/sites-enabled/control-socketincluding configuration
file /usr/local/etc/raddb/sites-enabled/inner-tunnelincluding configuration
file /usr/local/etc/raddb/sites-enabled/defaultmain {allow_core_dumps =
no}including dictionary file /usr/local/etc/raddb/dictionarymain {prefix =
"/usr/local"localstatedir = "/usr/local/var"logdir =
"/usr/local/var/log/radius"libdir = "/usr/local/lib"radacctdir =
"/usr/local/var/log/radius/radacct"hostname_lookups = nomax_request_time =
30cleanup_delay = 5max_requests = 1024pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"checkrad =
"/usr/local/sbin/checkrad"debug_level = 0proxy_requests = yeslog
{stripped_names = noauth = noauth_badpass = noauth_goodpass = no}security
{max_attrib
Re: Freeradius and Voip
cache {
enable = no
lifetime = 24
max_entries = 255
}
verify {
}
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
include_length = yes
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating module "files" from file
/usr/local/etc/raddb/modules/files
files {
usersfile = "/usr/local/etc/raddb/users"
acctusersfile = "/usr/local/etc/raddb/acct_users"
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
compat = "no"
}
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file
/usr/local/etc/raddb/modules/radutmp
radutmp {
filename = "/usr/local/var/log/radius/radutmp"
username = "%{User-Name}"
case_sensitive = yes
check_with_nas = yes
perm = 384
callerid = yes
}
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.access_reject" from file
/usr/local/etc/raddb/modules/attr_filter
attr_filter attr_filter.access_reject {
attrsfile = "/usr/local/etc/raddb/attrs.access_reject"
key = "%{User-Name}"
}
} # modules
} # server
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_digest
Module: Instantiating module "digest" from file
/usr/local/etc/raddb/modules/digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
/usr/local/etc/raddb/sites-enabled/default[159]: Failed to load module
"sql".
/usr/local/etc/raddb/sites-enabled/default[62]: Errors parsing authorize
section.
Where can I unable sql modul?
Thanks guys:)
miha
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Freeradius-and-Voip-tp3287359p3287760.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and Voip
Hello,
I am first time setting freeradius. I am setting it for voip accounting. I
need a little help form you guys :)
I read that I need to enable sql in radiusd.conf. I have also run a script
for creating a tables. I changed sql.conf to voip-postpaid.conf ( I changed
login, pass, and server in conf file).
Is this the right scipt for crating tables :
http://wiki.freeradius.org/MySQL_DDL_script
http://wiki.freeradius.org/MySQL_DDL_script
I am getting this error beacuse I do not know where must I put users and
etc.
sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE
UserName='%{SQL-User-Name}'"
sql: connect_failure_retry_delay = 60
sql: simul_count_query = ""
sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol
FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply,
date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())"
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to r...@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "(null)"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded radutmp
radutmp: filename = "/var/log/radius/radutmp"
radutmp: username = "%{User-Name}"
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
rad_recv: Access-Request packet from host 212.13.228.58:47469, id=2,
length=206
Acct-Multi-Session-Id = "1291187632294"
Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Calling-Station-Id = "81609000"
NAS-Identifier = "intraswitch"
NAS-IP-Address = 212.13.228.58
3GPP2-Prepaid-acct-Capability = 0x01060002
3GPP2-Session-Termination-Capability = 1
h323-conf-id = "h323-conf-id=1291187632294"
Vendor-Specific = 0x0009
Event-Timestamp = "Dec 1 2010 08:13:52 CET"
User-Name = "081609000"
User-Password = "1234"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "digest" returns noop for request 0
rlm_realm: No '@' in User-Name = "081609000", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 0
users: Matched entry 081609000 at line 92
modcall[authorize]: module "files" returns ok for request 0
radius_xlat: '081609000'
rlm_sql (sql): sql_set_user escaped user --> '081609000'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = '081609000' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql: Failed to create the pair: Unknown attribute "1234"
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Re
problem ./configure and MYSql
Hi I am having troubles setting freeRadius to work with MySql. I 've studied the FAQ at: http://wiki.freeradius.org/index.php/FAQ#It_says_.22Could_not_link_..._file_not_found.22.2C_what_do_I_do.3F, followed the instructions but I still can't get it to work. I'm using mysql-5.0.45-linux-i686-glibc23. I just unpacked it to /usr/local ,added a symbolic refference to it (ln -s /usr/local/mysql-5.0.45-linux-i686-glibc23 mysql) and ran the script to set up the database scripts/mysql_install_db --user=mysql. I didn't bother setting up the radius database but that shouldn't matter at this stage. location of mysql_congig: /usr/local/mysql/bin Other configuration: ubuntu linux 6.06.1 on VMWare Player, the latest version of freeRadius from cvs. //I set the path variable so it has the right path in it: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/usr/local/mysql/bin //To make sure: [EMAIL PROTECTED]:~/radiusd$ echo $PATH /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11:/usr/games:/usr/local/mysql/bin [EMAIL PROTECTED]:~/radiusd$ export PATH//the tutorial suggest i should do a export //$PATH, but that doesnt work [EMAIL PROTECTED]:~/radiusd$ sudo ./configure | grep mysql_config //it outputs several lines, including unpopular: checking for mysql_config... no configure: WARNING: mysql libraries not found. Use --with-mysql-lib-dir=. configure: WARNING: mysql headers not found. Use --with-mysql-include-dir=. configure: WARNING: sql submodule 'mysql' disabled //I also tried to use it with lib dir and include-dir: [EMAIL PROTECTED]:~/radiusd$ sudo ./configure --with-mysql-lib-dir=/usr/local/mysql/lib -with-mysql-include-dir=/usr/local/mysql/include | grep mysql_config //Result: checking for mysql_config... no configure: WARNING: mysql headers not found. Use --with-mysql-include-dir=. configure: WARNING: sql submodule 'mysql' disabled //so it still doesn't find include dir?? Am I missing something ? Please HELP, i'm running out ideas, time and luck. Is it possible that the problem lies in the compiler ? I installed g++, because i was having troubles with gcc. I can change the OS or Mysql version if that is the problem. The official page says that freeRadius works "out of the box" with MySql. Does anyone know a configuration that works ? Miha Bicek Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
