Re: Install - Freeradius can't connect to MySQL

2006-06-07 Thread N White

Cliff Hayes wrote:

Hello,

Warning - newbie installing Freeradius.

I get this in the radius.log even though the sql.conf has the correct
host/user/password (and I can access MySQL from the command line using the
same login criteria):

Wed Jun  7 14:01:52 2006 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #0
Wed Jun  7 14:01:52 2006 : Error: rlm_sql_mysql: Couldn't connect socket to
MySQL server [EMAIL PROTECTED]:radius
Wed Jun  7 14:01:52 2006 : Error: rlm_sql_mysql: Mysql error 'Can't connect
to local MySQL server through socket '/var/lib/mysql/mysql.sock' (13)'
Wed Jun  7 14:01:52 2006 : Error: rlm_sql (sql): Failed to connect DB handle
#0
Wed Jun  7 14:01:52 2006 : Info: Ready to process requests.

Thanks,

Cliff

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



  
Just to clarify. It looks as though MySQL is running on the localhost 
(same machine as FreeRADIUS) and you are logging into it with username 
'root'. The FreeRADIUS database is named 'radius'. This is correct?


--
---
| Nick White  |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: mac address auth question

2005-10-19 Thread N White

kdr akm wrote:


Hi, i'm using freeradius 1.0.5.
i make a pppoe server with rp-pppoe and freeradius without mysql and i 
make auth by username and password all i need to add to my 
configuration a check if mac address and if valid accept ( a mac 
address authentication but without mysql ) so how can i make this 
think and thanks in advanced .

Sorry for my bad inglish


Yahoo! Music Unlimited - Access over 1 million songs. Try it free. 
 





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


If I understand this correctly, you want PPPoE users to be able to 
login, but only from a certain MAC address. I believe the MAC shows up 
as CallingStationID when using rp-pppoe and freeradius. So you would 
want a check like

CallingStationID == 00:11:22:33:aa:bb
For the particular user in the users file.

--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: howto reset rlm_sqlcounter

2005-09-22 Thread N White

Bart van Daal wrote:


Hi All,

I'm authenticating users who can buy a specified amount of time to 
go online. I'm using the rlm_sqlcounter module with a reset=never

option because there is no specified amount of time in which users
have to use their  minutes.
A user can also buy additional minutes or when his minutes are depleted,
a new subscription.

two possible options I think of to reset the counter are:
1. write a program to manipulate the gdbm file. Where is this file stored?
2. keep adding the minutes to the allready existing value for the
session-time.


I was wondering if there was an 'easy' way to reset the counter for a user.

thanks,
kind regards,
Bart van Daal



Bart van Daal
Network Operations

Van Landeghemstraat 20
9100 SINT-NIKLAAS
[EMAIL PROTECTED]
www.edpnet.be
T +32 (0)3 265 67 00
F +32 (0)3 265 67 01



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



 

I use this for hotspot customers - whenever their time runs out they 
purchase more time via a webpage, and the page updates their 
Max-All-Session in the SQL database(adds time).


--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: choosing userprofile by NAS

2005-09-22 Thread N White

Jonathan De Graeve wrote:


I'm looking for the same thing but then with an SQL backend instead of
LDAP

J.

 

Search for my previous post listed by the subject 
"Authenticate/Attributes based on NAS-IP-Address". I did this same thing 
- it requires modifying the SQL SELECT statements in sql.conf, and in my 
case, adding several columns to the radgroupcheck, radreply, and 
radgroupreply tables (one fo reach NAS/Client). Let me know if you need 
further help.


--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: radgroupreply table

2005-09-13 Thread N White

Alan DeKok wrote:


N White <[EMAIL PROTECTED]> wrote:
 

Can anyone explain to me the purpose and usage of the 'prio' column in 
the radgroupreply table?
   



 Order.  "SELECT ... by prio"

 See the "users" file for examples:

DEFAULT   ...
  Foo-Stuff = 1
  Bar-Junk = 2

 is *not* the same as

DEFAULT   ...
  Bar-Junk = 2
  Foo-Stuff = 1

 Sometimes order *does* matter.

 Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



 

I see. So, for example, if a user belongs to two groups, which group has 
the "prio"rity. So is a lower number a higher priority? 0 being highest? 
Thanks!


--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


radgroupreply table

2005-09-12 Thread N White
Can anyone explain to me the purpose and usage of the 'prio' column in 
the radgroupreply table? Much Googling has returned nothing, accept 
other questions.


--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


debian install and modules

2005-08-14 Thread N White
I would like to get rlm_sqlcounter working, but I have FreeRADIUS 
installed via "apt-get install freeradius freeradius-mysql" from the 
Debian sources. They do not apparently include the "experimental 
modules" in this package, and there is not another package for these 
modules. I tried compiling, and then copying the 'rlm_sqlcounter.*' 
files to where the other libraries are, and freeradius recognized 
sqlcounter(it started, and saw my entries in sqlcounter.conf and 
experimental.conf), but it would not work correctly with them. I 
compiled FreeRADIUS on a test server with the experimental modules 
option, and copied my configs from the debian server, and it works fine. 
Is there any way to get rlm_sqlcounter to work with the Debian package 
without having to recompile/install FreeRADIUS from source?


--
---
| Nick White  |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: more debug?

2005-08-14 Thread N White

Nicolas Baradakis wrote:


N White wrote:

 


Is there any way to get the debug to tell me more. For example:
freeradius -XX
   



In some parts of the server you can get more debug messages with
"radiusd -xxx -l stdout" but unfortunately not in rlm_sqlcounter.

 

I'd like to see exactly what rlm_sqlcounter is doing(sql query, file 
checking, etc). I've been stuck on trying to get sqlcounter to work for 
over a week now, and more debug is never bad.
   



At this point, I'd suggest to look directly at the source code.

 


Thanks for the reply. I'm looking into it.

--
---
| Nick White  |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


more debug?

2005-08-13 Thread N White

Is there any way to get the debug to tell me more. For example:
freeradius -XX

Tue Jul 26 12:46:55 2005 : Debug: rlm_sqlcounter: Entering module 
authorize code
Tue Jul 26 12:46:55 2005 : Debug: rlm_sqlcounter: Could not find Key 
value pair
Tue Jul 26 12:46:55 2005 : Debug:   modsingle[authorize]: returned from 
noresetcounter (rlm_sqlcounter) for request 0
Tue Jul 26 12:46:55 2005 : Debug:   modcall[authorize]: module 
"noresetcounter" returns noop for request 0


I'd like to see exactly what rlm_sqlcounter is doing(sql query, file 
checking, etc). I've been stuck on trying to get sqlcounter to work for 
over a week now, and more debug is never bad.

Thanks.

--

---
| Nick White  |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: rlm_sqlcounter noresetcounter

2005-08-09 Thread N White

Anyone have advice/input?


N White wrote:

I'm having trouble setting up the noresetcounter(Max-All-Session). I'm 
running freeradius 1.0.4(Debian). I have compiled and added the 
rlm_sqlcounter.so files to the proper folder in Debian, and freeradius 
-X shows the module starting up(I have renamed it "hotspotcounter"). 
If you would like to see the full output of either the request or 
startup let me know. I'd really like to tackle this thing, so any 
help/pointers are appreciated.


freeradius -X |grep sqlcounter
Config:   including file: /etc/freeradius/sqlcounter.conf
sqlcounter: counter-name = "Max-All-Session-Time"
sqlcounter: check-name = "Max-All-Session"
sqlcounter: key = "User-Name"
sqlcounter: sqlmod-inst = "sql"
sqlcounter: query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE 
UserName='%{%k}'"

sqlcounter: reset = "never"
rlm_sqlcounter: Counter attribute Max-All-Session-Time is number 1671
rlm_sqlcounter: Check attribute Max-All-Session is number 1672
rlm_sqlcounter: Current Time: 1123455447 [2005-08-07 15:57:27], Next 
reset 0 [2005-08-07 15:00:00]
rlm_sqlcounter: Current Time: 1123455447 [2005-08-07 15:57:27], Prev 
reset 0 [2005-08-07 15:00:00]

Module: Instantiated sqlcounter (hotspotcounter)


I keep getting this result on debug(NTRadping and Chillispot):

rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair

Here is what is in radcheck database(00-0B-6A-65-95-B8 is the username):

699  00-0B-6A-65-95-B8  User-Password  :=  password
700 00-0B-6A-65-95-B8 Max-All-Session := 1800

Here is sqlcounter.conf:

sqlcounter hotspotcounter {
   counter-name = Max-All-Session-Time
   check-name = Max-All-Session
   sqlmod-inst = sql
   key = User-Name
   reset = never
   query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE 
UserName='%{%k}'"

}

Here is radius.conf:

modules {
  $INCLUDE ${confdir}/sql.conf
  $INCLUDE ${confdir}/sqlcounter.conf
}

authorize{
   sql
   hotspotcounter
}

Thanks!

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


rlm_sqlcounter noresetcounter

2005-08-07 Thread N White
I'm having trouble setting up the noresetcounter(Max-All-Session). I'm 
running freeradius 1.0.4(Debian). I have compiled and added the 
rlm_sqlcounter.so files to the proper folder in Debian, and freeradius 
-X shows the module starting up(I have renamed it "hotspotcounter"). If 
you would like to see the full output of either the request or startup 
let me know. I'd really like to tackle this thing, so any help/pointers 
are appreciated.


freeradius -X |grep sqlcounter
Config:   including file: /etc/freeradius/sqlcounter.conf
sqlcounter: counter-name = "Max-All-Session-Time"
sqlcounter: check-name = "Max-All-Session"
sqlcounter: key = "User-Name"
sqlcounter: sqlmod-inst = "sql"
sqlcounter: query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE 
UserName='%{%k}'"

sqlcounter: reset = "never"
rlm_sqlcounter: Counter attribute Max-All-Session-Time is number 1671
rlm_sqlcounter: Check attribute Max-All-Session is number 1672
rlm_sqlcounter: Current Time: 1123455447 [2005-08-07 15:57:27], Next 
reset 0 [2005-08-07 15:00:00]
rlm_sqlcounter: Current Time: 1123455447 [2005-08-07 15:57:27], Prev 
reset 0 [2005-08-07 15:00:00]

Module: Instantiated sqlcounter (hotspotcounter)


I keep getting this result on debug(NTRadping and Chillispot):

rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair

Here is what is in radcheck database(00-0B-6A-65-95-B8 is the username):

699  00-0B-6A-65-95-B8  User-Password  :=  password
700 00-0B-6A-65-95-B8 Max-All-Session := 1800

Here is sqlcounter.conf:

sqlcounter hotspotcounter {
   counter-name = Max-All-Session-Time
   check-name = Max-All-Session
   sqlmod-inst = sql
   key = User-Name
   reset = never
   query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE 
UserName='%{%k}'"

}

Here is radius.conf:

modules {
  $INCLUDE ${confdir}/sql.conf
  $INCLUDE ${confdir}/sqlcounter.conf
}

authorize{
   sql
   hotspotcounter
}

Thanks!

--
---
| Nick White  |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Re. Max-Daily-Session

2005-08-06 Thread N White

Shannon Sariman wrote:


Nick White  wrote:

"Can I set "Max-Daily-Session = 1800" in the radgroupcheck table (MySQL),
and if so is the max of 1800 set for the entire group, or for each user
in that group?"

The max of 1800 will be set for the entire group. I you want to apply 
max of 1800 for certain users that don't belong to the group then use 
radcheck table.


Cheers,

Shannon

"From the land of the unexpected".

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html




Thanks for the reply. That's what I had thought.


--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Max-Daily-Session

2005-08-05 Thread N White
Can I set "Max-Daily-Session = 1800" in the radgroupcheck table (MySQL), 
and if so is the max of 1800 set for the entire group, or for each user 
in that group?


Thanks

--
---
| Nick White  |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Disconnect-Request packet

2005-07-29 Thread N White

Alan DeKok wrote:


[EMAIL PROTECTED] (Paul Hampson) wrote:
 


This last point seems trivial until you try to proxy backwards
through a chain you have only the last hop of, and the last hop
doesn't neccessarily know what the previous hop was.
   



 Exaclty.  Coupled with the problem that the server is *supposed* to
validate the disconnect request by running it through the *proxying*
code, to see if it came FROM the site an Access-Request would have
been proxied TO.

 Yuck.

 Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



 

I understand this now, and why it would be... as you put it "yuck". Ha 
Ha! Well thanks for answering my question and explaining it to me. Looks 
like some custom scripting for me then. :-) My only problem now is going 
to be figuring out how to send disconnect packets to different types of 
server. Thanks for your help!


--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Disconnect-Request packet

2005-07-28 Thread N White

Alan DeKok wrote:


N White <[EMAIL PROTECTED]> wrote:
 


Yes 192.168.1.1 is the NAS.
   



 Then it's running FreeRADIUS.  The error message you quoted above:

 

ad_recv: Disconnect-Request packet from host 192.168.1.2:47874, id=139, 
length=31

Unknown packet code 40 from client 192.168.1.2:47874 - ID 139 : IGNORED
   



 Can ONLY be produced from FreeRADIUS.

 Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



 

That's correct. Read my second reply. So other then writing custom 
scripts, is there a way for the RADIUS server(FreeRADIUS) to be told to 
send a disconnect packet to the NAS that a particular user is logged in 
to(NAS could vary - Portmaster, Cisco, PPPoE Server, VPN Server, etc))?


Thanks!

--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Disconnect-Request packet

2005-07-27 Thread N White

N White wrote:


Alan DeKok wrote:


N White <[EMAIL PROTECTED]> wrote:
 

Ok. I am trying to figure out how to disconnect a user, or to tell 
the radius server to send a disconnect packet to the NAS for a 
specific user. This is the command I am using:


echo "User-Name = nickwhite" | radclient 192.168.1.1 disconnect 
mysecret -x
  



 Is 192.168.1.1 the IP address of the NAS?

 

ad_recv: Disconnect-Request packet from host 192.168.1.2:47874, 
id=139, length=31

Unknown packet code 40 from client 192.168.1.2:47874 - ID 139 : IGNORED
  



 FreeRADIUS doesn't listen for disconnect packets.  And, you're
sending the disconnect packet to the authentication port.  There's a
special port for disconnects, but I forget what it is.

 

But why then is there a command as part of radclient to disconnect, 
and what does that response exactly mean. Is there any way to 
accomplish this?(disconnecting a user via radclient?)
  



 Send the disconnect packet to the NAS.

 Alan DeKok.

- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html



 

Yes 192.168.1.1 is the NAS. I thought that's what radclient did - told 
the RADIUS server to send a disconnect to the NAS that the 
client(user) is connected to. I've tried sending the disconnect to the 
NAS(Portmaster). Any particular port?


Thanks.

My apology. 192.168.1.1 is the IP of the RADIUS server, NOT the NAS. 
Sorry about that.


--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Disconnect-Request packet

2005-07-27 Thread N White

Alan DeKok wrote:


N White <[EMAIL PROTECTED]> wrote:
 

Ok. I am trying to figure out how to disconnect a user, or to tell the 
radius server to send a disconnect packet to the NAS for a specific 
user. This is the command I am using:


echo "User-Name = nickwhite" | radclient 192.168.1.1 disconnect mysecret -x
   



 Is 192.168.1.1 the IP address of the NAS?

 

ad_recv: Disconnect-Request packet from host 192.168.1.2:47874, id=139, 
length=31

Unknown packet code 40 from client 192.168.1.2:47874 - ID 139 : IGNORED
   



 FreeRADIUS doesn't listen for disconnect packets.  And, you're
sending the disconnect packet to the authentication port.  There's a
special port for disconnects, but I forget what it is.

 

But why then is there a command as part of radclient to disconnect, and 
what does that response exactly mean. Is there any way to accomplish 
this?(disconnecting a user via radclient?)
   



 Send the disconnect packet to the NAS.

 Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



 

Yes 192.168.1.1 is the NAS. I thought that's what radclient did - told 
the RADIUS server to send a disconnect to the NAS that the client(user) 
is connected to. I've tried sending the disconnect to the 
NAS(Portmaster). Any particular port?


Thanks.

--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Disconnect-Request packet

2005-07-27 Thread N White
Ok. I am trying to figure out how to disconnect a user, or to tell the 
radius server to send a disconnect packet to the NAS for a specific 
user. This is the command I am using:


echo "User-Name = nickwhite" | radclient 192.168.1.1 disconnect mysecret -x

This is the debug output from the radius server:

ad_recv: Disconnect-Request packet from host 192.168.1.2:47874, id=139, 
length=31

Unknown packet code 40 from client 192.168.1.2:47874 - ID 139 : IGNORED

I also came across this:
http://www.freeradius.org/faq/#4.3

But why then is there a command as part of radclient to disconnect, and 
what does that response exactly mean. Is there any way to accomplish 
this?(disconnecting a user via radclient?)


Thanks

--
---
| Nick White  |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: PPPOE Incorrect Subnet

2005-06-17 Thread N White

Cris Boisvert wrote:

I'm using a Microtik PPPOE Router solution 


All my users are up and autheticated fine

But some of them are recieveing an incorrect Subnet
Currently the customers are all receiving public IP addresses when
authenticated, from a Pool. Of 64  


I want them to received a 255.255.255.255 subnet...

But currently they are getting different ones.. 
255.255.255.192

255.255.255.240
255.255.255.224

I have tried setting them in Freeradius but to no avail.
192 I would understand because that's the subnet their in.. But
Not the others.

Is this something that should be defined in radius.. Or should the pppoe
concentrator know
To give them the correct subnet their?

Thanx
Cris


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



 

Normally this is defined in RADIUS. Are you using a MySQL backend or 
just the Users file?


--
---
| Nick White  |
| Network Administrator   |
| Tele-NET Internet   |
| http://www.tele-net.net |
| [EMAIL PROTECTED] |
---

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address - SOLVED

2005-06-09 Thread N White
 both the Dial-Up and Wireless 
groups. Now, if I run a test (I use NTRadPing) from anything other than 
68.190.182.200, it replies with the attributes for Dial-Up. If I run a 
test from 68.190.182.200, it replies with the attributes for Wireless, 
including the Static IP. Now, if I insert "testaccount2" into 
radreply(assuming the user is a part of Dial-Up already), with a Static 
IP, but nothing in "HuntGroup" and test from anything it returns the 
attributes only in radreply - Static IP.
You could expand upon this, as it may not be complete. Feel free to 
correct me or make other points.


-Nick


Graeme Hinchliffe wrote:


Hiya,
Use Client-IP rather than NAS-IP as NAS-IP can be spoofed.

Graeme

On Wed, 2005-06-08 at 15:30 -0700, N White wrote:
 


Graeme Hinchliffe wrote:

   


Hiya
perhaps you could do it using huntgroups.

Put the static attributes for the user in the radreply table, then
assign each nas to a huntgroup, so say

NAS-dynamic

Then in radgroupreply you put the attributes for for dynamic IP
assignment on the NAS-dynamic, and ensure there is an attribute to
override the static settings.

not 100% about the overriding of the static IP settings, but would think
it possible using the assignment ( := ) operator and possibly a null
value?

Hope thats of some help.


 

Do I need to setup a "HuntGroups" field like Mike suggested? Ok, so in 
huntgroups file:


Wireless NAS-IP-Address = (the IP of the Wireless NAS)
 Autz-Type = SQL1 (modify radiusd.conf to include 
this, and sql.conf like in Mike's post?)

NAS-dynamic  NAS-IP-Address = (ip of dialup NAS)
   NAS-IP-Address = (ip of isdn NAS)

in radgroupreply:

+-+++-+---+
|   GroupName | Attribute  | op | Value   | HuntGroup |
+-+++-+---+
| Wireless   | Service-Type   | =  | Framed-User | Wireless   |
| Wireless   | Framed-Protocol| =  | PPP | Wireless   |
| Wireless   | Framed-IP-Address  | =  | 255.255.255.254 | Wireless   |
| Wireless   | Framed-IP-Netmask  | =  | 255.255.255.255 | Wireless   |
| Wireless   | Framed-Compression | =  | Van-Jacobson-TCP-IP | Wireless   |
+-+++-+---+
All Other users would go into the Dial-Up Group, which would have a HuntGroup 
of NAS-dynamic?

in radreply:

+---+---+-+---+
| UserName  | Attribute | op  | Value |
+---+---+-+---+
| test123   | Framed-IP-Address | :=  | 192.168.2.10  |
+---+---+-+---+

Now in radgroupcheck do I need a NAS-IP-Address check for each group(or 
the wireless group?)?

Thanks for everyone's help.

-Nick

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
   




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


__ NOD32 1.1135 (20050609) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com

   




--

| Nick White   |
| Network Consultant   |
| http://www.edge9.net |
| [EMAIL PROTECTED]  |


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-08 Thread N White

Graeme Hinchliffe wrote:


Hiya
perhaps you could do it using huntgroups.

Put the static attributes for the user in the radreply table, then
assign each nas to a huntgroup, so say

NAS-dynamic

Then in radgroupreply you put the attributes for for dynamic IP
assignment on the NAS-dynamic, and ensure there is an attribute to
override the static settings.

not 100% about the overriding of the static IP settings, but would think
it possible using the assignment ( := ) operator and possibly a null
value?

Hope thats of some help.
 

Do I need to setup a "HuntGroups" field like Mike suggested? Ok, so in 
huntgroups file:


Wireless NAS-IP-Address = (the IP of the Wireless NAS)
 Autz-Type = SQL1 (modify radiusd.conf to include 
this, and sql.conf like in Mike's post?)

NAS-dynamic  NAS-IP-Address = (ip of dialup NAS)
   NAS-IP-Address = (ip of isdn NAS)

in radgroupreply:

+-+++-+---+
|   GroupName | Attribute  | op | Value   | HuntGroup |
+-+++-+---+
| Wireless   | Service-Type   | =  | Framed-User | Wireless   |
| Wireless   | Framed-Protocol| =  | PPP | Wireless   |
| Wireless   | Framed-IP-Address  | =  | 255.255.255.254 | Wireless   |
| Wireless   | Framed-IP-Netmask  | =  | 255.255.255.255 | Wireless   |
| Wireless   | Framed-Compression | =  | Van-Jacobson-TCP-IP | Wireless   |
+-+++-+---+
All Other users would go into the Dial-Up Group, which would have a HuntGroup 
of NAS-dynamic?

in radreply:

+---+---+-+---+
| UserName  | Attribute | op  | Value |
+---+---+-+---+
| test123   | Framed-IP-Address | :=  | 192.168.2.10  |
+---+---+-+---+

Now in radgroupcheck do I need a NAS-IP-Address check for each group(or 
the wireless group?)?

Thanks for everyone's help.

-Nick

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-08 Thread N White

Zoltan A. Ori wrote:


On Wednesday 08 June 2005 15:54, N White wrote:
 


That link doesn't give me anything. Page Not Found. I've done a lot of
searching through the archives though and haven't really found anything
like this.

-Nick

Mike Lampson wrote:
   


Nick,


http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg16842
.html

 



Pay attention to details. Take note that the the link wraps.  You can't just 
blindly click it. You'll have to enter the .html manually. The link is good. 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



__ NOD32 1.1134 (20050608) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



 


Already taken care of.
-Nick

--

| Nick White   |
| Network Consultant   |
| http://www.edge9.net |
| [EMAIL PROTECTED]  |


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-08 Thread N White

nevermind, i added "tml" to it. haha.
-Nick

N White wrote:

That link doesn't give me anything. Page Not Found. I've done a lot of 
searching through the archives though and haven't really found 
anything like this.


-Nick


Mike Lampson wrote:


Nick,

Extend the MySQL schema and change the SQL queries in sql.conf to do 
what
you want.  You could extend by HuntGroup, NAS-IP, Client-IP, 
whatever.  See

my previous post to this list archived here:


http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg16842.h 


tml

Cheers,

_Mike

-Original Message-
Message: 6
Date: Tue, 07 Jun 2005 19:20:28 -0700
From: N White <[EMAIL PROTECTED]>
Subject: Re: Authenticate/Attributes based on NAS-IP-Address
To: FreeRadius users mailing list

Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Actually I already have two running FreeRADIUS servers with SQL. That
isn't the hard part. The problem with your instructions is that I'm not
using ippool to assign dynamic IPs, our NASes are doing that (Portmaster
2/3). I don't have a problem setting up static IPs either, as we have
several Dial-Up users who need those also. The problem lies in that I
want to use the RADIUS server for PPPoE authentication also. But I want
to allow users who log in through PPPoE to also be able to log in
regularly(Dial-Up), when their PPPoE isn't logged in. BUT, when they log
in through PPPoE, I want them to be assigned a static IP, when they
login via Portmasters/Dial-Up, then they don't get the static IP, they
get a regular dynamic one.
Basically if a user logs in through NAS1, they are assigned X attributes
with dynamic IP, if they log in through NAS2, they are assigned Y
attributes with a static IP. And all this needs to be done in MySQL,
that way my own PHP frontend(which I intend to release GPL) can work
with it. Also I think MySQL scales better.

-Nick

--

| Nick White   |
| Network Consultant   |
| http://www.edge9.net |
| [EMAIL PROTECTED]  |


- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html



__ NOD32 1.1133 (20050608) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



 






--

| Nick White   |
| Network Consultant   |
| http://www.edge9.net |
| [EMAIL PROTECTED]  |


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-08 Thread N White
That link doesn't give me anything. Page Not Found. I've done a lot of 
searching through the archives though and haven't really found anything 
like this.


-Nick


Mike Lampson wrote:


Nick,

Extend the MySQL schema and change the SQL queries in sql.conf to do what
you want.  You could extend by HuntGroup, NAS-IP, Client-IP, whatever.  See
my previous post to this list archived here:


http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg16842.h
tml

Cheers,

_Mike

-Original Message-
Message: 6
Date: Tue, 07 Jun 2005 19:20:28 -0700
From: N White <[EMAIL PROTECTED]>
Subject: Re: Authenticate/Attributes based on NAS-IP-Address
To: FreeRadius users mailing list

Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Actually I already have two running FreeRADIUS servers with SQL. That
isn't the hard part. The problem with your instructions is that I'm not
using ippool to assign dynamic IPs, our NASes are doing that (Portmaster
2/3). I don't have a problem setting up static IPs either, as we have
several Dial-Up users who need those also. The problem lies in that I
want to use the RADIUS server for PPPoE authentication also. But I want
to allow users who log in through PPPoE to also be able to log in
regularly(Dial-Up), when their PPPoE isn't logged in. BUT, when they log
in through PPPoE, I want them to be assigned a static IP, when they
login via Portmasters/Dial-Up, then they don't get the static IP, they
get a regular dynamic one.
Basically if a user logs in through NAS1, they are assigned X attributes
with dynamic IP, if they log in through NAS2, they are assigned Y
attributes with a static IP. And all this needs to be done in MySQL,
that way my own PHP frontend(which I intend to release GPL) can work
with it. Also I think MySQL scales better.

-Nick

--

| Nick White   |
| Network Consultant   |
| http://www.edge9.net |
| [EMAIL PROTECTED]  |


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



__ NOD32 1.1133 (20050608) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



 



--

| Nick White   |
| Network Consultant   |
| http://www.edge9.net |
| [EMAIL PROTECTED]  |


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-08 Thread N White

Jeff Green wrote:


Hi Nick,


I've modified FreeRadius to retrieve NAS specific reply
items from
a (Postgresql) table as I have three different NAS h/w that users can
connect using
- they have different IP pools.

Is this similar to what you want to do ?


Regards,



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of N
White
Sent: 07 June 2005 22:29
To: FreeRadius users mailing list
Subject: Authenticate/Attributes based on NAS-IP-Address

Using MySQL as a backend, is there any way to configure Authentication
and Attribute (replies), based on the NAS-IP-Address sent to the
FreeRADIUS server? Allow requests from NAS1 to authenticate and have
certain attributes for users in that group and then allow requests from
NAS2 to authenticate and have different attributes. Would there be
anyway to allow a user to be a part of both groups?

Thanks,
Nick
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


Confidentiality Note: The information contained in this email and document(s)
attached are for the exclusive use of the addressee and may contain 
confidential,
privileged and non-disclosable information. If the recipient of this email is 
not
the addressee, such recipient is strictly prohibited from reading, photocopying,
distribution or otherwise using this email or its contents in any way.

Please notify the Sapiens (UK) Ltd. Systems Administrator via e-mail 
immediately at
[EMAIL PROTECTED], if you have received this email in error.

Disclaimer: The views, opinions and guidelines contained in this confidential
e-mail are those of the originating author and may not be representative of 
Sapiens (UK) Ltd.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



__ NOD32 1.1133 (20050608) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



 


Here's my other post:
Actually I already have two running FreeRADIUS servers with SQL. That 
isn't the hard part. The problem with your instructions is that I'm not 
using ippool to assign dynamic IPs, our NASes are doing that (Portmaster 
2/3). I don't have a problem setting up static IPs either, as we have 
several Dial-Up users who need those also. The problem lies in that I 
want to use the RADIUS server for PPPoE authentication also. But I want 
to allow users who log in through PPPoE to also be able to log in 
regularly(Dial-Up), when their PPPoE isn't logged in. BUT, when they log 
in through PPPoE, I want them to be assigned a static IP, when they 
login via Portmasters/Dial-Up, then they don't get the static IP, they 
get a regular dynamic one.
Basically if a user logs in through NAS1, they are assigned X attributes 
with dynamic IP, if they log in through NAS2, they are assigned Y 
attributes with a static IP. And all this needs to be done in MySQL, 
that way my own PHP frontend(which I intend to release GPL) can work 
with it. Also I think MySQL scales better.


-Nick
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-07 Thread N White

Dustin Doris wrote:


On Tue, 7 Jun 2005, N White wrote:

 


Well, thanks for the input. With MySQL, 1500 users is easier to
maintain. Perhaps I should just run a second FreeRADIUS server for the
second NAS. It means more equipment, but whatever it takes.

-Nick
   



You don't need to do that, you can do it with SQL in one server.  First,
work on reading the documentation and installing the server and setting up
mysql for authorization.  Once you've got that down, then move on to the
reply values and groups if you want them.

Alan gave you a good start with the users file entries.  Read man 5 users,
that will tell you about the users file.  You'll take that info and
transfer it to sql.

It would look something like this.

users file only format
bob NAS-IP-Address == foo, Pool-Name := "foo"

bob NAS-IP-Address == bar
   Framed-IP-Address := 1.2.3.4


SQL Format.

in the users file

DEFAULT NAS-IP-Address == foo, Pool-Name := "foo"

This says any user from that nas-ip will have Pool-Name set to foo.  That
is what ippool will use to assign ips.

in radiusd.conf, in your ip_pool section be sure to include.

override = no

That makes it so a dynamic ip from ippool will not override one statically
assigned to the user as a reply value.

In sql in the radcheck table you put your users and their passwords.  In
radreply you put the users and their static ip.

for example,

insert into radcheck (username,attribute,value,op) VALUES
('bob','User-Password','bobspassword','==');

insert into radreply (username,attribute,value,op) VALUES
('bob','Framed-IP-Address','1.1.1.1',':='),
('bob','Framed-IP-Netmask','255.255.255.0',':=');


That should give you a good start.  Get it setup and if you run into
problems post radiusd -X to the list and describe what you are trying to
do.

You can add groups into if you want but right now you probably won't need
it.

Hope that is helpful.

Dusty Doris


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



__ NOD32 1.1132 (20050607) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



 

Actually I already have two running FreeRADIUS servers with SQL. That 
isn't the hard part. The problem with your instructions is that I'm not 
using ippool to assign dynamic IPs, our NASes are doing that (Portmaster 
2/3). I don't have a problem setting up static IPs either, as we have 
several Dial-Up users who need those also. The problem lies in that I 
want to use the RADIUS server for PPPoE authentication also. But I want 
to allow users who log in through PPPoE to also be able to log in 
regularly(Dial-Up), when their PPPoE isn't logged in. BUT, when they log 
in through PPPoE, I want them to be assigned a static IP, when they 
login via Portmasters/Dial-Up, then they don't get the static IP, they 
get a regular dynamic one.
Basically if a user logs in through NAS1, they are assigned X attributes 
with dynamic IP, if they log in through NAS2, they are assigned Y 
attributes with a static IP. And all this needs to be done in MySQL, 
that way my own PHP frontend(which I intend to release GPL) can work 
with it. Also I think MySQL scales better.


-Nick

--

| Nick White   |
| Network Consultant   |
| http://www.edge9.net |
| [EMAIL PROTECTED]  |


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-07 Thread N White

Alan DeKok wrote:


N White <[EMAIL PROTECTED]> wrote:
 


Yeah, but I want to use MySQL, not the users file.
   



 I don't use MySQL, sorry.

 If you want someone to give you the exact answer you're looking for,
I suggest you hire a contracter.

 Alan Dekok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



__ NOD32 1.1132 (20050607) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



 



Well, thanks for the input. With MySQL, 1500 users is easier to 
maintain. Perhaps I should just run a second FreeRADIUS server for the 
second NAS. It means more equipment, but whatever it takes.


-Nick
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-07 Thread N White

Alan DeKok wrote:


N White <[EMAIL PROTECTED]> wrote:
 

Ok,  so is it possible for them to be a part of two groups? The reason I 
ask is that if a customer logs in through NAS1, I want them to be 
assigned a dynamic IP, if they are logged in from NAS2, I want them to 
be assigned a static IP. Is this possible?
   



 Sure, but it's not really a "group".  In the "users" file, you can do:

bob NAS-IP-Address == foo, Pool-Name := "foo"

bob NAS-IP-Address == bar
Framed-IP-Address := 1.2.3.4

 Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



__ NOD32 1.1132 (20050607) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



 


Yeah, but I want to use MySQL, not the users file.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Authenticate/Attributes based on NAS-IP-Address

2005-06-07 Thread N White

Alan DeKok wrote:


N White <[EMAIL PROTECTED]> wrote:
 

Using MySQL as a backend, is there any way to configure Authentication 
and Attribute (replies), based on the NAS-IP-Address sent to the 
FreeRADIUS server?
   



 Yes. Use it as a check item, like anything else.

 Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



__ NOD32 1.1132 (20050607) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



 



Ok,  so is it possible for them to be a part of two groups? The reason I 
ask is that if a customer logs in through NAS1, I want them to be 
assigned a dynamic IP, if they are logged in from NAS2, I want them to 
be assigned a static IP. Is this possible? I guess two groups may not 
even play a role in a statically assigned IP.


Thanks
-Nick
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Authenticate/Attributes based on NAS-IP-Address

2005-06-07 Thread N White
Using MySQL as a backend, is there any way to configure Authentication 
and Attribute (replies), based on the NAS-IP-Address sent to the 
FreeRADIUS server? Allow requests from NAS1 to authenticate and have 
certain attributes for users in that group and then allow requests from 
NAS2 to authenticate and have different attributes. Would there be 
anyway to allow a user to be a part of both groups?


Thanks,
Nick
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Port-Limit/Simultaneous Use based on NAS IP

2005-06-06 Thread N White
Is this possible? Set a Port-Limit/Simultaneous-Use based on the NAS-IP 
that is sent to the FreeRadius server? Here is the setup I am looking at:
I have several users on Dial-Up that are only allowed 1 login at a time. 
Now I have several Wireless users that will be logging in twice via 
PPPoE (Twice because once for their CPE/Radio and once more for their 
home Router). The wireless users are allowed Dial-Up on top of their 
wireless service, but only when their Wireless is not in use. I want 
them to be able to login twice if they are logging in through the PPPoE 
server, otherwise only login once for Dial-Up. So then is this setup 
possible? I've read through a lot of the docs that are included with 
FreeRADIUS but haven't really seen anything relating to this. Any 
guidance/examples/input is appreciated.


Thanks

-Nick
[EMAIL PROTECTED]
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


monthly hourly statistics per user

2005-02-17 Thread N White
I currently have freeradius 1.0.1 running with the dialupadmin from 
1.0.2 on Debian Sarge. I was just curious if there is anyway to pull 
monthly total hours for all users. The user statistics isn't exactly 
what i need, it shows daily user statistics, so if I show a week of 
statistics, i get 7 entries per user(assuming the user has logged on 
every day).
Basically I'd like to be able to see how much total time in a month 
users/a user are connected.

Thanks!
-Nick
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html