Re: Stale Session and Simultaneous-Use Question
me either, i am use simulatineous-use attribute and got same problem like u, but i disconnect user that using simultaneous-use attribut manually from radius server using this command radview this command will show connected user. the user using simultaneous-use attribut that forget to log off will still listed as connected user and will be printed by radview command. select one of the user that failed to loggin, because RADIUS recognize that it is still connected, and then run this command echo user1 I radclient -x (i forgot the command, just google it.) --- On Fri, 8/14/09, Deepak d88...@gmail.com wrote: From: Deepak d88...@gmail.com Subject: Stale Session and Simultaneous-Use Question To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Friday, August 14, 2009, 1:50 PM Hi, I am simulating the problem on what if the AP goes down (due to various reasons). I observed that user is not properly disconnected and result is stale session. When the AP is up and when the previous user tries to log in he/she gets login failed message because Simultaneous-Use is in effect while previous session is still ticking. I am trying to find how to detect this problem automatically. Did some google and found this http://bisagunsara.blogspot.com/2007/03/stale-wifi-sessions-and-simultaneous.html Before getting my hands dirty, I want to know if this is the correct way to solve this problem in freeradius2 since the article is quite old. Or I am just missing something that needs to tweak few configs and is supported out of the box in freeradius2. It is suggested in the article that it will not work together with Simultaneous-Use enabled. I want to know how others have solved this problem. Need some suggestions Thanks -- == Registered Linux User #460714 Currently Using Fedora 10, CentOS 5.3 == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to prevent multiple login using 1 account in same time
Simultaneous-Use. do i have to give all user account in my radcheck table with this attribute?? --- On Sat, 5/16/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: how to prevent multiple login using 1 account in same time To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 16, 2009, 2:43 AM my radius server working well with sqlcounter and view attribut from chillispot.. but the user still able to do multiple login with one account in same time.. how to prevent this..?? Simultaneous-Use. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to limiting user bandwidth by quota..
i try to do bandwidth quota limitation like thisfirst i define the sqlcounter with attribut from ChilliSpot-Max-All-Total-Octets =start code===sqlcounter batasquota { counter-name = Max-All-MB check-name = Max-All-MB reply-name = ChilliSpot-Max-Total-Octets key = User-Name reset = never query = SELECT SUM(acctinputoctets+acctoutputoctets) from radacct WHERE UserName='%{%k}' sqlmod-inst = sql } end code=== then i defined the sqlcounter name in instantiate and authorize section.when i restart my radius server, the server cannot identify the attribut ChilliSpot-Max-Total-Octets, i try to find out and i know it because the attribute is not listed in dictionary, i do add the dictionary.chillispot to freeradius dictionary like this =start code # See the 'man' page for 'dictionary' for information on # the format of the dictionary files. # # If you want to add entries to the dictionary file, # which are NOT going to be placed in a RADIUS packet, # add them here. The numbers you pick should be between # 3000 and 4000. # #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer ATTRIBUTE ChilliSpot-Max-Input-Octets1 integer ChilliSpot ATTRIBUTE ChilliSpot-Max-Output-Octets 2 integer ChilliSpot ATTRIBUTE ChilliSpot-Max-Total-Octets3 integer ChilliSpot ===end code=i restart my radius server i found this on restart start code==Fri May 15 16:24:50 2009 : Info: Starting - reading configuration files ... Fri May 15 16:24:50 2009 : Error: Errors reading radiusd.conf ===end code== then i try to view debug and got this message=start code==read_config_files: reading dictionary Errors reading dictionary: dict_init: /etc/freeradius/dictionary[33]: unknown vendor ChilliSpot Errors reading radiusd.conf ===end code== unknown vendor..?? please help me for this...clue please, so much appreciate for any reply..regard --- On Thu, 5/14/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: how to limiting user bandwidth by quota.. To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Thursday, May 14, 2009, 4:54 PM thank you ahmed..which script??is that script belongs to freeradius or.. iam using chillispot, as alan sugest me there is no specified attribute to do limiting bandwidth by quota,.do you know what type attribut of chillispot can do this??or you can give simple or detailed tutorial to do so please.. ChilliSpot has attributes for input, output and total octets. Have a look in the dictionary.chillispot and in ChilliSpot documentation.You replace Session-Timeout with ChilliSpot attribute and alter counter query to count octets and not session time. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to prevent multiple login using 1 account in same time
my radius server working well with sqlcounter and view attribut from chillispot.. but the user still able to do multiple login with one account in same time.. how to prevent this..?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to limiting user bandwidth by quota..
thank you ahmed..which script??is that script belongs to freeradius or.. iam using chillispot, as alan sugest me there is no specified attribute to do limiting bandwidth by quota,.do you know what type attribut of chillispot can do this??or you can give simple or detailed tutorial to do so please.. --- On Thu, 5/14/09, ahmed adel ahmedadel...@yahoo.com wrote: From: ahmed adel ahmedadel...@yahoo.com Subject: Re: how to limiting user bandwidth by quota.. To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Thursday, May 14, 2009, 2:36 PM You can use a script that disconnect the user as soon as the user exceeds his limit. You should check for the bandwidth usage in the Input Octets and the Output Octets Fields Best Regards Ahmed Adel From: Ivan Kalik t...@kalik.net To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Wednesday, May 13, 2009 11:22:38 PM Subject: Re: how to limiting user bandwidth by quota.. dear all..i'am using freeradius 1.1.7 on ubuntu 8.04, i do implementing sqlcounter like noresetcounter,dailycounter and montly counter and it works properly. but i now i have 1 case how to limiting user bandwidth usage with sqlcounter, i've read and learn how do sqlcounter work, but i still dont have idea how to make a query to limiting user bandwidth. i have 1 user and i want to limit the bandwidth for this user 300mb in a week..how to perform this..clue please..really apreciate for your help Time counters work with Session-Timeout. There is no standard radius attribute for data counters - you have to use vendor specific ones. If your NAS vendor has data limiting attributes, then this can be done. If it doesn't - it can't. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -Inline Attachment Follows- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authentication failed because sqlcounter...
the problem solved it just because 30 second less than one minute, i've tried using Max-All-Sesion:=3600 and it works.. --- On Sat, 5/9/09, Nizar Zulmi siapa_bilang_emailku_panj...@yahoo.com wrote: From: Nizar Zulmi siapa_bilang_emailku_panj...@yahoo.com Subject: Re: authentication failed because sqlcounter... To: t...@kalik.net, FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 9, 2009, 2:03 PM i am using freeradius 1.1.7, not that old rite??? i've tried using := operator and cleartext-password but still doesn't work..this bellow is my radcheck table.. ++--++++ | id | UserName | Attribute | op | Value | ++--++++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | | 7 | denizaro | Cleartext-Password | := | 123456 | | 8 | denizaro | Max-All-Session | := | 30 | ++--++++ 6 rows in set (0.00 sec) i try to log in with user denizaro first time before i add attribute max-all-session its succesfully logged in, but after i adding max-all-session attribut its failed.. whats happen?? --- On Sat, 5/9/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: authentication failed because sqlcounter... To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 9, 2009, 2:51 AM mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. := not ==. And that password attribute Password is deprecated for many years. How old is your freeradius version? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -Inline Attachment Follows- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to limiting user bandwidth by quota..
dear all..i'am using freeradius 1.1.7 on ubuntu 8.04, i do implementing sqlcounter like noresetcounter,dailycounter and montly counter and it works properly. but i now i have 1 case how to limiting user bandwidth usage with sqlcounter, i've read and learn how do sqlcounter work, but i still dont have idea how to make a query to limiting user bandwidth. i have 1 user and i want to limit the bandwidth for this user 300mb in a week..how to perform this..clue please..really apreciate for your help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authentication failed because sqlcounter...
i am using freeradius 1.1.7, not that old rite??? i've tried using := operator and cleartext-password but still doesn't work..this bellow is my radcheck table.. ++--++++ | id | UserName | Attribute | op | Value | ++--++++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | | 7 | denizaro | Cleartext-Password | := | 123456 | | 8 | denizaro | Max-All-Session | := | 30 | ++--++++ 6 rows in set (0.00 sec) i try to log in with user denizaro first time before i add attribute max-all-session its succesfully logged in, but after i adding max-all-session attribut its failed.. whats happen?? --- On Sat, 5/9/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: authentication failed because sqlcounter... To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 9, 2009, 2:51 AM mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. := not ==. And that password attribute Password is deprecated for many years. How old is your freeradius version? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authentication failed because sqlcounter...
i am using freeradius 1.1.7, not that old rite??? i've tried using := operator and cleartext-password but still doesn't work..this bellow is my radcheck table.. ++--++++ | id | UserName | Attribute | op | Value | ++--++++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | | 7 | denizaro | Cleartext-Password | := | 123456 | | 8 | denizaro | Max-All-Session | := | 30 | ++--++++ 6 rows in set (0.00 sec) i try to log in with user denizaro first time before i add attribute max-all-session its succesfully logged in, but after i adding max-all-session attribut its failed.. whats happen?? --- On Sat, 5/9/09, Ivan Kalik t...@kalik.net wrote: From: Ivan Kalik t...@kalik.net Subject: Re: authentication failed because sqlcounter... To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 9, 2009, 2:51 AM mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. := not ==. And that password attribute Password is deprecated for many years. How old is your freeradius version? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authentication failed because sqlcounter...
mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. somebody help me please... freeradius debug result=== rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 User-Name = tes User-Password = tes NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = 00-1E-68-23-E9-C8 Called-Station-Id = 00-00-E2-78-FF-39 NAS-Identifier = nas01 Acct-Session-Id = 4a048168 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x1c3a148590ef0762aed6069cc9ac0715 WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = tes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 radius_xlat: 'tes' rlm_sql (sql): sql_set_user escaped user -- 'tes' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'tes' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'tes' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): No matching entry in the database for request from user [tes] modcall[authorize]: module sql returns notfound for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop for request 3 rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 3 modcall: leaving group authorize (returns ok) for request 3 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 Sending Access-Reject of id 0 to 192.168.0.1 port 56614 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 0 with timestamp 4a048180 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authentication failed because sqlcounter...
mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. somebody help me please... freeradius debug result=== rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 User-Name = tes User-Password = tes NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = 00-1E-68-23-E9-C8 Called-Station-Id = 00-00-E2-78-FF-39 NAS-Identifier = nas01 Acct-Session-Id = 4a048168 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x1c3a148590ef0762aed6069cc9ac0715 WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = tes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 radius_xlat: 'tes' rlm_sql (sql): sql_set_user escaped user -- 'tes' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'tes' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'tes' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): No matching entry in the database for request from user [tes] modcall[authorize]: module sql returns notfound for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop for request 3 rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 3 modcall: leaving group authorize (returns ok) for request 3 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 Sending Access-Reject of id 0 to 192.168.0.1 port 56614 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 0 with timestamp 4a048180 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
authentication failed because sqlcounter...
mm confusing..i just enable the sqlcounter in radiusd.conf. i just let it as default no change i made in noresetcounter module. then i adding noresetcounter in authorize and instantiate section. i have defined 1user named tes and password tes has loged in normally before i add attribut max-all-session in the table radcheck just like this. ++--+-+++ | id | UserName | Attribute | op | Value | ++--+-+++ | 1 | nizar | Password | == | nizar | | 2 | nizar1 | Password | == | nizar1 | | 6 | tes | Max-All-Session | == | 90 | | 4 | tes | Password | == | tes | ++--+-+++ after i adding the attribut max-all-session the user tes cannot login anymore. i do running freeradius in debug mode and the following si the result.. somebody help me please... freeradius debug result=== rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 User-Name = tes User-Password = tes NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = 00-1E-68-23-E9-C8 Called-Station-Id = 00-00-E2-78-FF-39 NAS-Identifier = nas01 Acct-Session-Id = 4a048168 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x1c3a148590ef0762aed6069cc9ac0715 WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 modcall[authorize]: module mschap returns noop for request 3 rlm_realm: No '@' in User-Name = tes, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 3 radius_xlat: 'tes' rlm_sql (sql): sql_set_user escaped user -- 'tes' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'tes' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'tes' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'tes' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 0 rlm_sql (sql): No matching entry in the database for request from user [tes] modcall[authorize]: module sql returns notfound for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop for request 3 rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 3 modcall: leaving group authorize (returns ok) for request 3 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 3 for 1 seconds Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... rad_recv: Access-Request packet from host 192.168.0.1:56614, id=0, length=194 Sending Access-Reject of id 0 to 192.168.0.1 port 56614 Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 3 ID 0 with timestamp 4a048180 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
user login once???
how to setup freeradius server to perform user log in to server once in a day or few login in a month.. help please.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user login once???
Thank u ivan, yaps..that's exactly what i mean..give me a clue please.. From: Ivan Kalik t...@kalik.net Subject: Re: user login once??? To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Thursday, May 7, 2009, 3:06 AM how to setup freeradius server to perform user log in to server once in a day or few login in a month.. help please.. Radius server doesn't log in users onto the server. Ever! Perhaps you want something else: allow one login per day (or a few per month)? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
upgrading freeradius .1.1.6 on ubuntu 7.10
i've read the previous tread on this mailing list about upgrading freeradius. in that tread i got this :this command to upgrade freeradius./configuremakemake install i did run those command and everything in my freeradiu going mess, like when i try to restart my freeradius it return like cannot found library freeradius-library.2.5.1.so what happen,,?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS table
dearl list all..don't know how to thanks to you to reply my email and answer my quest. and sorry for to much question.:Di've run this commandradiusd -X but it return this The program 'radiusd' can be found in the following packages: * radiusd-livingston * yardradius * xtradiusTry: apt-get install selected package i read freeradius documentation to do debug in ubuntu, and i try this command but i freeradius -X and return this messagefreeradius -XStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /etc/freeradius/proxy.confConfig: including file: /etc/freeradius/clients.confConfig: including file: /etc/freeradius/snmp.confConfig: including file: /etc/freeradius/eap.confConfig: including file: /etc/freeradius/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/freeradius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/freeradius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/freeradius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/freeradius/freeradius.pid main: user = freerad main: group = freerad main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon.read_config_files: reading clients this message after i comment out this inf clients.conf#client 127.0.0.1 {# secret = passwordradius# shortname = localhost# nastype = other # localhost isn't usually a NAS... # } but if i uncomment that then i run freeradius -X it return this message main: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon.read_config_files: reading clientsread_config_files: reading realmsradiusd: entering modules setupModule: Library search path is /usr/lib/freeradiusModule: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null)rlm_exec: Wait=yes but no output defined. Did you mean output=none?Module: Instantiated exec (exec)Module: Loaded exprModule: Instantiated expr (expr)Module: Loaded PAP pap: encryption_scheme = crypt pap: auto_header = yesModule: Instantiated pap (pap)Module: Loaded CHAPModule: Instantiated chap (chap)Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null)Module: Instantiated mschap (mschap)Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = /etc/shadow unix: group = (null) unix: radwtmp = /var/log/freeradius/radwtmp unix: usegroup = no unix: cache_reload = 600Module: Instantiated unix (unix)Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = norlm_eap: Loaded and initialized type md5rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAPrlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = norlm_eap: Loaded and initialized type mschapv2Module: Instantiated eap (eap)Module: Loaded preprocess preprocess: huntgroups = /etc/freeradius/huntgroups preprocess: hints = /etc/freeradius/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = noModule: Instantiated preprocess (preprocess)Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = noModule: Instantiated realm (suffix)Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = localhost sql: port = sql: login = root sql: password = jOeLya sql: radius_db = radius sql: nas_table = nas sql: sqltrace = no sql: sqltracefile = /var/log/freeradius/sqltrace.sql sql: readclients = yes sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} sql: default_user_profile = sql: query_on_not_found = no sql:
Re: NAS table
this is result of freeradius -X reread_config: reading radiusd.conf Config: including file: /etc/freeradius/proxy.conf Config: including file: /etc/freeradius/clients.conf Config: including file: /etc/freeradius/snmp.conf Config: including file: /etc/freeradius/eap.conf Config: including file: /etc/freeradius/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/freeradius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/freeradius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/freeradius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/freeradius/freeradius.pid main: user = freerad main: group = freerad main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients but if i uncommnet this on clients.conf client 127.0.0.1 { secret = passwordradius shortname = localhost nastype = other # localhost isn't usually a NAS... } the radius is running well and reply access-accept on radtest where do i make missconfiguration. clue please. From: Ivan Kalik t...@kalik.net To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, April 14, 2009 7:25:02 PM Subject: RE: NAS table Message Post radiusd -X output of server startup. Is sql enabled anywhere in the configuration? It isn't by default. Ivan Kalik Kalik Informatika ISP -Original Message- From: freeradius-users-bounces+tnt=kalik@lists.freeradius.org [mailto:freeradius-users-bounces+tnt=kalik@lists.freeradius.org] On Behalf Of Nizar Zulmi Sent: 14 April 2009 08:00 To: FreeRadius users mailing list Subject: Re: NAS table i comment out this on clients.conf #client 127.0.0.1 { #secret = passwordradius #shortname = localhost #nastype = other # localhost isn't usually a NAS... #} and i add this to NAS table on radius database. insert into nas (nasname, shortname, secret) values (client 127.0.0.1,localhost,passwordradius); i restart the mysql server and then i perform test using radtest and got this message: radtest Nizar 123456 localhost 1812 passwordradius Sending Access-Request of id 104 to 127.0.0.1 port 1812 User-Name = Nizar User-Password = 123456 NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Re-sending Access-Request of id 104 to 127.0.0.1 port 1812 User-Name = Nizar User-Password = 123456 NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 radclient: no response from server for ID 104 why its still dosn't work..?? clue plase... --- On Tue, 4/14/09, JDL j...@imaginenet.net wrote: From: JDL j...@imaginenet.net Subject: Re: NAS table To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Tuesday, April 14, 2009, 11:42 AM Nizar Zulmi wrote: i enable this on sql.conf readclients = yes do i have to remove this : client 127.0.0.1 { Do you have a 127.0.0.1 client in your the nas table? If so, then yes, you will need to remove it or else you will end up with a duplicate. If this client is not in your nas table, then you can just leave the 127.0.0.1 client in the clients.conf file. BTW, I think the 127.0.0.1 client is just there for testing purposes. I do not believe it will break anything if it is completely removed (unless, of course, you are running also running some sort of radius client on the same server as FreeRADIUS). Jim L. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.11.53/2054 - Release Date: 04/11/09 10:51:00 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS table
i comment out this on clients.conf #client 127.0.0.1 { # secret = passwordradius # shortname = localhost # nastype = other # localhost isn't usually a NAS... #} and i add this to NAS table on radius database. insert into nas (nasname, shortname, secret) values (client 127.0.0.1,localhost,passwordradius); i restart the mysql server and then i perform test using radtest and got this message: radtest Nizar 123456 localhost 1812 passwordradius Sending Access-Request of id 104 to 127.0.0.1 port 1812 User-Name = Nizar User-Password = 123456 NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Re-sending Access-Request of id 104 to 127.0.0.1 port 1812 User-Name = Nizar User-Password = 123456 NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 radclient: no response from server for ID 104 why its still dosn't work..?? clue plase... --- On Tue, 4/14/09, JDL j...@imaginenet.net wrote: From: JDL j...@imaginenet.net Subject: Re: NAS table To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Tuesday, April 14, 2009, 11:42 AM Nizar Zulmi wrote: i enable this on sql.conf readclients = yes do i have to remove this : client 127.0.0.1 { Do you have a 127.0.0.1 client in your the nas table? If so, then yes, you will need to remove it or else you will end up with a duplicate. If this client is not in your nas table, then you can just leave the 127.0.0.1 client in the clients.conf file. BTW, I think the 127.0.0.1 client is just there for testing purposes. I do not believe it will break anything if it is completely removed (unless, of course, you are running also running some sort of radius client on the same server as FreeRADIUS). Jim L. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS table
anyone can help.. i want to set my radius server reading the NAS from table NAS on radius database. my radius are still reading NAS from clients.conf. apreciate your help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS table
i enable this on sql.conf readclients = yes do i have to remove this : client 127.0.0.1 { # # The shared secret use to encrypt and sign packets between # the NAS and FreeRADIUS. You MUST change this secret from the # default, otherwise it's not a secret any more! # # The secret can be any string, up to 31 characters in length. # secret = passwordradius # # # The shared secret use to encrypt and sign packets between # the NAS and FreeRADIUS. You MUST change this secret from the # default, otherwise it's not a secret any more! # # The secret can be any string, up to 31 characters in length. # secret = passwordradius # # The short name is used as an alias for the fully qualified # domain name, or the IP address. # shortname = localhost # # the following three fields are optional, but may be used by # checkrad.pl for simultaneous use checks # # # The nastype tells 'checkrad.pl' which NAS-specific method to # use to query the NAS for simultaneous use. # # Permitted NAS types are: # # cisco # computone # livingston # max40xx # multitech # netserver # pathras # patton # portslave # tc # usrhiper # other # for all other types # nastype = other # localhost isn't usually a NAS... From: Ivan Kalik t...@kalik.net To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, April 14, 2009 5:11:55 AM Subject: RE: NAS table Have you enabled read_clients in sql.conf? Doing that doesn't disable reading clients.conf. Just remove duplicate clients from the file. Ivan Kalik Kalik Informatika ISP -Original Message- From: freeradius-users-bounces+tnt=kalik@lists.freeradius.org [mailto:freeradius-users-bounces+tnt=kalik@lists.freeradius.org] On Behalf Of Nizar Zulmi Sent: 13 April 2009 19:40 To: freeradius-users@lists.freeradius.org Subject: NAS table i want to set my radius server reading the NAS from table NAS on radius database. my radius are still reading NAS from clients.conf. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dear everyone..
iam a new bie freeradius user, i have a duty from my lecture to build a hotspot captive portal using chillispot and freeradius. now i make it, chilispot and freeradius working well on ubuntu machine, but the problem is my lecture want me to do stress test on the radius server to make sure that the system is still working well in any condition.. i still confused how to perform the stress test...anyone help me please..thank you for your attentionsorry for bad english :D - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dear everyone..
still can't get it. can u show me please which script to do benchmarking the RADIUS server, and how to running the script,. --- On Thu, 3/19/09, a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk wrote: From: a.l.m.bu...@lboro.ac.uk a.l.m.bu...@lboro.ac.uk Subject: Re: dear everyone.. To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Thursday, March 19, 2009, 4:20 PM -Inline Attachment Follows- Hi, iam a new bie freeradius user, i have a duty from my lecture to build a hotspot captive portal using chillispot and freeradius. now i make it, chilispot and freeradius working well on ubuntu machine, but the problem is my lecture want me to do stress test on the radius server to make sure that the system is still working well in any condition.. i still confused how to perform the stress test...anyone help me please..thank you for your attentionsorry for bad english :D there are a couple of scripts supplied with the server to allow benchmarking which hit the server fast and hard. run a couple of those whilst eg flood pinging the system. but 'any condition' is hardly any kind of scientific or useful phrase. for example, is the system working well if half the packets get lost? does the system work well if packets are routed in different directions? does the system work well when an idiot logs into the box and runs other random processes that take up CPU time (nice bit of SETI or D2OL etc)? quantify the scenarios before you can demonstrate behaviour. useful exercise as you might uncover some wierd corner case to help improve the server (I've found several Linux kernel issues over the years on very stressed servers) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to prevent account to do multiple login
i've configure freeradius and chillispot and running well, i jut have one user in radcheck table, the problem i use that account to login to the server from two client in same time both of computer got the access. how to prevent this..?? anyone help me. hope u understand. sorry for my very bad english really apreciate for your feedback - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dear everyone..
thanks, so nice...I'll Try it.. --- On Thu, 3/19/09, Alan DeKok al...@deployingradius.com wrote: From: Alan DeKok al...@deployingradius.com Subject: Re: dear everyone.. To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Thursday, March 19, 2009, 5:51 PM Nizar Zulmi wrote: still can't get it. can u show me please which script to do benchmarking the RADIUS server, and how to running the script,. $ man radclient Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html