Re: problem with initial setup
Received -bash: /usr/bin/radtest: No such file or directory It means radtest command was not found. On Mon, Sep 9, 2013 at 10:22 PM, Swenson, Chris cswen...@curry.edu wrote: Thanks for the replies: Ok, uninstalled #1 and updated to freeradius2 radiusd started without a hitch withtesting Cleartext-Password := password in users file. When I ran radtest testing password localhost 0 testing123 Received -bash: /usr/bin/radtest: No such file or directory For academics sake here is the radius -X output. (definitely not my granddads radius ) [root@ldap1 raddb]# radiusd -X FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Sep 25 2012 at 10:55:14 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/default main { user = radiusd group = radiusd allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = radiusd prefix = /usr localstatedir = /var sbindir = /usr/sbin logdir = /var/log/radius run_dir = /var/run/radiusd libdir = /usr/lib/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes
Re: FreeRADIUS Hotspot
On Mon, Jan 2, 2012 at 2:39 PM, hemant hem...@scopesky.com wrote: Hello Guys, I have Installed Freeradius2 with MYSQL and WEBMIN as DaloRadius. I want to setup the FreeRADIUS for the Login Access To the Mikrotik Routers. I am also Setting up the FreeRADIUS for the HOTSPOT Users-authentication,accounting. Login Access to Mikrotik Router or Internet ? I am assuming 1 profile for each !! Right now i have added a client with /24 network and shared-secret, and created profiles on the daloRADIUS by using the Mikrotik Attributes, I can have READ/FULL/WRITE access to my routers. I am also using the REALMS for the Login Hotspot Service Differentiations. I created two profiles with different realms as my router. i created users on these profiles one for login access and other only for hotspot access. But i have problem now that my HotSpot Users can also Login to My Router.. Use 2 Different IP Subnets. First Subnet which is same as the Mikrotik Router will be used by Mikrotik users. Second Subnet will be used for Internet . Use Internal Firewall to seperate inter subnet communication or remove the routes . Please help me here guys... I have to Submit the Project with detailed report in 5 days..And i am right now no where near to completing it..?? Please any one ..Reply ASAP ..:) -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRADIUS-Hotspot-tp5114296p5114296.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS Hotspot
Create Firewall Policy Between which will block all traffic from Internet Subnet to Mikrotik Subnet ! On Mon, Jan 2, 2012 at 4:00 PM, hemant hem...@scopesky.com wrote: But On this single Mikrotik Router, I am Giving access to internet for the HotSpot User, And also Creating users for the My Transmission team..?? So how will these two IP subnet give me Desired Diifferentiated result..?? -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRADIUS-Hotspot-tp5114296p5114376.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius with Java
Have you looked Jradius which is Radius Plugin for Java ? On Wed, Dec 21, 2011 at 1:01 AM, Jeisson Fabian Perez Rodriguez jeissonfabian...@gmail.com wrote: Hi, again, I've been trying to connect FreeRadius with an application on Java, but I don't find the correct way. Could somebody tell me something about it?, please! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed to run Freeradius on CentoS
Freeradius is already running or there is someone using the same port. Check the error message as it carries the solution. Regards Suman On Fri, Nov 25, 2011 at 3:12 PM, Bhanu Vegesna bhanu.vege...@gmail.comwrote: listen { type = auth ipaddr = 127.0.0.0 port = 1812 Failed binding to authentication address 127.0.0.0 port 1812 as server inner-tunnel: Address already in use /usr/local/etc/raddb/sites-enabled/inner-tunnel[32]: Error binding to port for 127.0.0.0 port 1812 I tried to check if duplicate version of freeradius and changing to use specifc ip no luck. Can any throw some light and help me out ? regards Bhanu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to solve below issues
symlink it to the actual file . On Thu, Nov 10, 2011 at 2:11 PM, Harshavardhan chillakuru harshac...@gmail.com wrote: 1. when i run the radius for debugging mode using *radusd -X*command i got error like *bash: radiusd: command not found* 2. ./radiusd: error while loading shared libraries: libfreeradius-radius-2.1.12.so: cannot open shared object file: No such file or directory - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed Duration Weekly, Monthly and Daily Accounts
Expiration is actually the validity of the account. It does not calculates the amount of time used. If you are looking to limit the session time i.e 100 hrs Monthly or anything , you need rlm_sqlcounter with attributes like Max-Session-Time with a value. In conjunction with Expiration, you can use Max-Session-Time to create packages such as 1 Month 100 Hrs Browsing etc . Feel to send any other query if you are stuck . Regards Suman On Sun, Oct 30, 2011 at 6:28 PM, Fajar A. Nugraha l...@fajar.net wrote: On Sun, Oct 30, 2011 at 7:39 PM, JennyBlunt jennyshoeh...@me.com wrote: How do I create a group which provides access for a preset amount of time, for instance one day, week or month. I've tried by using expiration but don't think thats right. Will the noreset parameter do this? In our current system (not freeradius), we'd set this up as a continuous account which starts the counter the first time the users logs on. I actually suggest you use rlm_sqlcounter instead, which (for me) is easier to understand and maintain. Use the example noresetcounter from http://wiki.freeradius.org/Rlm_sqlcounter You can see exactly how the module counts whatever-it-uses (in the example it's SUM(AcctSessionTime)), and you can run the query manually for debugging purposes. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed Duration Weekly, Monthly and Daily Accounts
Re-Correct - Max-All-Session = 43200 ( It's in Seconds , Not in Minutes ) Second, It is not under our control to decide how much time the user users. We can assign a continuous usage of XYZ minutes / Hours but what if the user disconnects early ? What happens when the user logins again ? Will you reject the user or accept the user ? Anyway, to answer your questions, Session-Timeout of 43200 is what needed to give a continuous Session session of 43200. But again when the user disconnects and re-logins , he/she will again get 43200 of time during re-login. Regards Suman On Sun, Oct 30, 2011 at 6:50 PM, JennyBlunt jennyshoeh...@me.com wrote: That's the one we're using. What I don't understand is that if we set up a group with max-all-session = 43200 the user would get in total 43200 minutes. When, in reality, we're trying to give them a continuous 43200 minutes from first login. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Fixed-Duration-Weekly-Monthly-and-Daily-Accounts-tp4950022p4950078.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed Duration Weekly, Monthly and Daily Accounts
Hi Alan, I think the poster is asking for a continuous amount of time after login. Setting Expiration will give a max valid period in which the user can login but under no circumstances it can provide a continuous period of usage. Poster is also not clear what will happen if the user disconnects and connects again So i think the question asked here is incomplete. Regards Suman On Sun, Oct 30, 2011 at 7:07 PM, Alan DeKok al...@deployingradius.comwrote: JennyBlunt wrote: That's the one we're using. What I don't understand is that if we set up a group with max-all-session = 43200 the user would get in total 43200 minutes. When, in reality, we're trying to give them a continuous 43200 minutes from first login. Then set the expiration date when they first log in. Remember: FreeRADIUS authenticates people. It isn't a DB. If you want to have it remember something, you need to store that information in a DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed Duration Weekly, Monthly and Daily Accounts
You have the exact solution given by Fajar. See his SQL query and modify as required. Regards Suman On Sun, Oct 30, 2011 at 10:26 PM, JennyBlunt jennyshoeh...@me.com wrote: Sorry if I wasn't clear. I want to be able to generate a monthly voucher - 30 days access from the exact time of first login. A continuous clock ticking from the start time. I'm going to look at Fajar's suggestion now... -- View this message in context: http://freeradius.1045715.n5.nabble.com/Fixed-Duration-Weekly-Monthly-and-Daily-Accounts-tp4950022p4950392.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Quota based on time with squid
You have not instantiated the counters in Post-Auth . Read more about counter and how it works and how you can enable the same. Regards Suman On Sat, Oct 29, 2011 at 4:40 PM, senthil kumar senthilkumaar2...@gmail.comwrote: Hello Team The user can authenticate and browse at any time. May i know which entry i have to add to make user 'test' deny authenticate after 1 hour? When ever a user authenticates it is logged in radpostauth. In /etc/raddb/users file i have a user test test Cleartext-Password := hello my database details are as follows mysql select * from radcheck; ++--+-++---+ | id | username | attribute | op | value | ++--+-++---+ | 45 | test | Max-All-Session | := | 540 | ++--+-++---+ INSERT into radcheck VALUES ('','test','Max-All-Session',':=','5400'); mysql select * from radpostauth; ++--+--+---+-+ | id | username | pass | reply | authdate| ++--+--+---+-+ | 54 | test | test | Access-Accept | 2011-10-19 13:59:18 | | 55 | test | test | Access-Accept | 2011-10-19 13:59:34 | | 56 | test | test | Access-Accept | 2011-10-19 14:22:57 | | 57 | test | test | Access-Accept | 2011-10-21 22:32:54 | | 58 | test | test | Access-Accept | 2011-10-25 15:11:34 | ++--+--+---+-+ 5 rows in set (0.00 sec) radtest test hello localhost 0 testing123 Sending Access-Request of id 67 to 127.0.0.1 port 1812 User-Name = test User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=67, length=20 Please help me , thanks in advance Thanks, Senthil On Tue, Oct 25, 2011 at 3:06 PM, senthil kumar senthilkumaar2...@gmail.com wrote: Thanks i will check in and let you know On Sat, Oct 22, 2011 at 12:37 AM, Alan DeKok al...@deployingradius.com wrote: senthil kumar wrote: I have installed free-radius in linux machine with accounting support and was able to authenticate using radtest client.and also I was also successfully authenticate with squid proxy server. That's good to hear. I need to assign quota to squid users based on the weekly/hourly basis. I need users radius server to return packet reject when time is expired. is it possible in radius? Yes. See the counter module, or the sqlcounter module. The main issue is that they require the NAS to send accounting packets. I don't know if squid does that. I am using only linux machine with proxy server. whether NAS is needed? In this case, squid is the NAS. (i.e. machine sending Access-Request) If so, can anyone help me in framing the rules for quota . eg 2 hours a day. I have basic configuration and now when a user authenticates login time is updated in the radpostauth. This is documented in the sqlcounter module. Look there first. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Custom MySQL Queries
If you would like to disable a user why not to use the Auth-Type := Reject which is natively available in freeradius. I don't think it is necessary to re-invent the wheel. Regards Suman On Thu, Oct 27, 2011 at 11:07 PM, JennyBlunt jennyshoeh...@me.com wrote: Hello What's the best approach regarding custom mysql queries? I'd like to check if a user is blocked whilst authorising.. Have tried to add something like this to my dictionary file: ATTRIBUTE User-Disabled-Attr 3002integer And then putting a 1 / 0 in to radcheck against the user. What's the best way to do this kind of request? Is it better to write a lookup somewhere else? Thanks J -- View this message in context: http://freeradius.1045715.n5.nabble.com/Custom-MySQL-Queries-tp4943692p4943692.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with F5 BigIP accouting : hexadecimal attribute
NAS-IP-Address = *[IP address unknown, not corresponding to NAS interfaces] * Did you added your F5 IP address to NAS Table ? Regards Suman * On Mon, Oct 17, 2011 at 4:56 PM, Vincent, Fabien fabien.vinc...@coreye.frwrote: Dear all, ** ** I’m using Radius for authenticating admin users on different network equipments. “group authorize {...}” works fine with rlm_ldap and group management. ** ** But I have some problem for accounting on F5 BigIP LTM / GTM. ** ** In fact, my radius accounting server is receiving accounting-request like this : ** ** Accounting-Request packet from host 10.10.10.10 port 36875, id=29, length=281 NAS-IP-Address = *[IP address unknown, not corresponding to NAS interfaces]* F5-Attr-14 = *[Hexa decimal output starting with 0x …]* WARNING: Empty section. Using default return values. +- entering group accounting {...} [sql] expand: packet has no accounting status type. [user '%{User-Name}', nas '%{NAS-IP-Address}'] - packet has no accounting status type. [user '', nas '*[nas IP unknown]*'] [sql] packet has no accounting status type. [user '', nas '*[nas IP unknown]*'] ++[sql] returns invalid Finished request 37. Cleaning up request 37 ID ** ** Did someone here already use accounting with F5 BigIP LTM or GTM ? I’m looking to make this working by changing audit_forward TCL script provided with F5 (syslog-ng) but I wasn’t able to produce something different … ** ** I also tried to edit the dictionnary for F5 in * /usr/share/freeradius/dictionary.f5* *ATTRIBUTE F5-LTM-User-Info-1 12 string* *ATTRIBUTE F5-LTM-User-Info-2 13 string* *++ ATTRIBUTE F5-Attr-14 14 octets* ** ** Thanks in advance for your help ! ** ** *Fabien VINCENT* fabien.vinc...@coreye.fr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Attributes Based on NAS Type !
Last night i also dreamt of sending all VSA to NAS but i was not sure what will be the outcome so thanks for the info. I have never worked with policies but it seems to be important so i will try to learn the same. Regards Suman On Sun, Oct 9, 2011 at 2:01 PM, Alan DeKok al...@deployingradius.comwrote: Stefan A. wrote: If you read it ‚one of the ideas of having different virtual servers is separation of policies for different NASses’ you are right. Suman was asking on how to send several NASses into the same policy. The simplest way to do it is to set *generic* policies, and then re-write them in post-auth. For example, define a Policy-Name attribute in the dictionary, and set it somewhere in the authorize section. Then: post-auth { ... if (%{client:nas_type} == foo) { // map policies for client foo } elsif (%{client:nas_type} == bar) { // map policies for client bar } ... } The underlying issue is that different NAS vendors have defined different attributes for the same functionality. An even simpler solution is to just return all of the VSAs to each NAS. As was said earlier, each NAS will ignore the ones it doesn't understand, and apply the ones it does. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Dynamic Attributes Based on NAS Type !
I would like to have some insight in using virtual servers. But I am really stuck at the point that if i use virtual server how will be the DB entry look like i.e radreply / radgroup reply ? As far i understand , the reply attributes with value should be available in the reply table which matches to those of the NAS. Regards Suman On Sun, Oct 9, 2011 at 4:32 PM, Alexandre Chapellon a.chapel...@horoa.netwrote: I personnally use post-auth sections of each of my virtual server to send diffrenet attributes. I find It to be very clean way to achieve this. regards Le 08/10/2011 20:02, Wegener, Norbert a écrit : The general idea is to setup a virtual server for each type of NAS and make sure, that every NAS is loaded into the correct virtual server. With best regards, --**--** Norbert Wegener Siemens IT Solutions and Services AIS MS NC PSU SDC Bruchstraße 5 45883 Gelsenkirchen, Germany Tel.: +49 (209) 94565716 Fax: +49 (201) 8165581284 mailto:norbert.wegener@atos.**net norbert.wege...@atos.net Atos IT Solutions and Services GmbH; Geschäftsführung: Winfried Holz, Christian Oecking, Rainer-Christian Koppitz; Vorsitzender des Aufsichtsrats: Charles Dehelly; Sitz der Gesellschaft: München, Deutschland; Registergericht: München, HRB 184933. --**--** *Von:* freeradius-users-bounces+**norbert.wegener=atos.net@** lists.freeradius.org atos@lists.freeradius.org[freeradius-users-bounces+ **norbert.wegener=atos.net@**lists.freeradius.orgatos@lists.freeradius.org] im Auftrag von Suman Dash [sumand...@gmail.com] *Gesendet:* Samstag, 8. Oktober 2011 16:39 *Bis:* FreeRadius users mailing list *Betreff:* Dynamic Attributes Based on NAS Type ! Hi Everyone ... Currently i am planning to integrate freeradius with different NAS like Chillispot , Cisco etc and enable roaming users so that they can log in from any of the NAS. As the reply items are different with different NAS , i am looking for ideas how to enable a single user to roam and connect from different NAS. In my case i think static reply items are not possible per user wise or per groupwise so my question is what trick can be used to achieve the same. I had not tried anything as i have no clue on the same so some highlights on the approach will be a good starting point for me. Cheers Suman - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html -- http://www.horoa.net Alexandre Chapellon Ingénierie des systèmes open sources et réseaux. Follow me on twitter: @alxgomz http://www.twitter.com/**alxgomzhttp://www.twitter.com/alxgomz - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dynamic Attributes Based on NAS Type !
Hi Everyone ... Currently i am planning to integrate freeradius with different NAS like Chillispot , Cisco etc and enable roaming users so that they can log in from any of the NAS. As the reply items are different with different NAS , i am looking for ideas how to enable a single user to roam and connect from different NAS. In my case i think static reply items are not possible per user wise or per groupwise so my question is what trick can be used to achieve the same. I had not tried anything as i have no clue on the same so some highlights on the approach will be a good starting point for me. Cheers Suman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Attributes Based on NAS Type !
To be specific , I am concerned about the QoS VSA's . For Example. Mikrotik NAS - Mikrotik-Rate-Limit Chillispot - Chillispot-Max-UP , Chillispot-Max-Down Cisco - Cisco-Policy-UP , Cisco-Policy-Down Now if the user logged from different NAS's the VSA will differ so it is not possible to have a single entry in radgroupreply or radreply pertaining to a kind of NAS. I guess that this is not an out of the box feature in freeradius , instead i need to use some kind of custom script in Post-Auth section which will check the NAS Type and reply out the correct VSA's I am looking for a unique identifier from NAS by which freeradius can understand what type of NAS it is. I tried it and it seems that i have no control on the Access-Request sent by NAS to freeradius. The only idea which currently comes into my mind is to use nas.type value in DB but incase the NAS Type is incorrectly specified reply attributes will go nuts . So any idea if there are any unique identifiers ? Regards Suman On Sat, Oct 8, 2011 at 9:40 PM, Stefan A. a.freerad...@premit.de wrote: ** ** Suman, As you did not say anything about the exact attributes, you will send to the NAC, here is how we do this: ** ** we are also using different NAS and have to reply with different VSAs for setting up the QOS. We use the “existence of a specific VSAs” (specified per NAS type) in the request to select the VSAs to be used in responses. ** ** e.g: if we found the Starent Networks VSA ‘SN-Service-Type’ in the request, we reply with ‘SN-QOS-Profile’ to set up QoS This is save, as we won’t see any Starent VSAs in Cisco or Chillispot NASses. ** ** To make this flexible, we have set up our own VSA to configure users QOS, which is then translated into the specific reply attributes for the NAS, the user is currently using. ** ** Regards Stefan ** ** *From:* freeradius-users-bounces+a.freeradius= premit...@lists.freeradius.org [mailto: freeradius-users-bounces+a.freeradius=premit...@lists.freeradius.org] *On Behalf Of *Suman Dash *Sent:* Saturday, October 08, 2011 4:40 PM *To:* FreeRadius users mailing list *Subject:* Dynamic Attributes Based on NAS Type ! ** ** Hi Everyone ... Currently i am planning to integrate freeradius with different NAS like Chillispot , Cisco etc and enable roaming users so that they can log in from any of the NAS. As the reply items are different with different NAS , i am looking for ideas how to enable a single user to roam and connect from different NAS. In my case i think static reply items are not possible per user wise or per groupwise so my question is what trick can be used to achieve the same. I had not tried anything as i have no clue on the same so some highlights on the approach will be a good starting point for me. Cheers Suman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Enforcing Login-Time on NAS
Use Unlang or Similar Scripts : If Nas = 1 then update Login Time = If Nas = 2 then update Login Time = Use this in PreAuth (I am not sure) Section and give it a try . Regards Suman On Tue, Sep 27, 2011 at 5:42 PM, Shiv shivkumar.j...@gmail.com wrote: I know that Login-Time can be used with Users and Groups but is there a way to use this with NAS'? For example, If I want NAS-A to allow logins only from 1700-1800 and NAS-B to allow logins only from 0900-1300. How would I be able to ensure this? I have tried this with Huntgroups, but only able to prevent/allow logins unconditionally. How do I attach the Login-Time attribute to NAS and not users or groups? -- Regards, Shivkumar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Enforcing Login-Time on NAS
Glad to be of some help !! Cheers On Tue, Sep 27, 2011 at 8:53 PM, shiv shivkumar.j...@gmail.com wrote: Update - I've managed to get it working against a custom table in the mysql radius database. The sites-enabled/default authorize section is as below:- update request { Huntgroup-Name := %{sql:SELECT `groupname` FROM `radhuntgroup` WHERE rtrmac='%{Called-Station-Id}'} } if (%{Huntgroup-Name} != ) { update request{ Tmp-String-0 = %{sql:SELECT `logintime` FROM `wifihotspots` WHERE hotspotname='%{Huntgroup-Name}'} } } if ( %{Tmp-String-0} != ) { update control{ Login-Time := %{Tmp-String-0} } } The wifihotspots table contains Huntgroup-Name and its Corresponding Login-Time Thanks again for the help! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Enforcing-Login-Time-on-NAS-tp4845142p4845762.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dialup Admin
Configure dialupadmin to use the correct mysql username / password. freeradius is working well.. On Mon, Sep 19, 2011 at 8:44 AM, shawky skaff shawkyskaff...@hotmail.comwrote: Hi, I am having issues viewing content on the dialup screen, I can see the html links, when I select one of them say acconuting I just receive a error saying DEBUG(SQL,MYSQL DRIVER): Connect: User=root,Password=* *I have allowed all sql options in site-enabled default file. Running radiusd -X gives me the following output [root@radius conf]# radiusd -X FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31 2010 at 00:25:31 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/sql.conf including configuration file /etc/raddb/sql/mysql/dialup.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/default group = radiusd user = radiusd including dictionary file /etc/raddb/dictionary main { prefix = /usr localstatedir = /var logdir = /var/log/radius libdir = /usr/lib/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 allow_core_dumps = no pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost {
Re: anybody out there?
ACK ! On Thu, Sep 15, 2011 at 8:28 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: poke poke Arran Cudbard-Bell a.cudba...@freeradius.org Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Test
Its UP !! On Fri, Sep 16, 2011 at 12:24 AM, Christ Schlacta li...@aarcane.org wrote: List is down. On 9/15/2011 07:49, Alan DeKok wrote: Is the list down, or are people quiet? - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rml_sqlcounter with GigaByte datavolume
check_item=0 , See why Max-Input-Octets is returned as 0 . On Wed, Sep 14, 2011 at 12:55 PM, nfourel nicolas.fou...@adipsys.comwrote: Hi, ** ** Here is the result of the SQL Query : ** ** SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=0 '; ** ** SUM(AcctInputOctets) 68882 ** ** And freeradius log for the counter section : ** ** Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: Entering module authorize code Wed Sep 14 09:17:45 2011 : Debug: WARNING: Please replace '%k' with '${key}' Wed Sep 14 09:17:45 2011 : Debug: sqlcounter_expand: 'SELECT SUM(AcctInputOctets) FROM radacct WHERE UserName='%{User-Name}'' Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : expand: SELECT SUM(AcctInputOctets) FROM radacct WHERE UserName='%{User-Name}' - SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=1 ' Wed Sep 14 09:17:45 2011 : Debug: WARNING: Please replace '%S' with '${sqlmod-inst}' Wed Sep 14 09:17:45 2011 : Debug: sqlcounter_expand: '%{sql:SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=2 '}' Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : sql_xlat Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : expand: %{User-Name} - [hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=3 Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : sql_set_user escaped user -- '[hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=4 ' Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : expand: SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=5' - SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=6 ' Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets: expand: /usr/local/var/log/radius/sqltrace.sql - /usr/local/var/log/radius/sqltrace.sql Wed Sep 14 09:17:45 2011 : Debug: rlm_sql (sql): Reserving sql socket id: 0 Wed Sep 14 09:17:45 2011 : Debug: rlm_sql_mysql: query: SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=7 ' Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets: sql_xlat finished** ** Wed Sep 14 09:17:45 2011 : Debug: rlm_sql (sql): Released sql socket id: 0 Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : expand: %{sql:SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=8'} - 68882 Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: (Check item - counter) is less than zero Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: Rejected user [hidden email] http://user/SendEmail.jtp?type=nodenode=4801856i=9, check_item=0, counter=68882 ** ** Any idea ? ** ** Thanks for your help ** ** Nicolas ** ** *De :* Suman Dash [via FreeRadius] [mailto:[hidden email]http://user/SendEmail.jtp?type=nodenode=4801856i=10] *Envoyé :* mardi 13 septembre 2011 19:44 *À :* nfourel *Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume ** ** SELECT SUM(AcctInputOctets) FROM radacct WHERE UserName='username' Run the above query in mysql and post the result then post the freeradius log specific to this section. On Tue, Sep 13, 2011 at 10:00 PM, Nicolas FOUREL [hidden email]http://user/SendEmail.jtp?type=nodenode=4799383i=0 wrote: Hi Arran, I have get version 3.0.0 with 64 bit counters support from Git and installed it. Unfortunatly, I still have the same problem with my sql counter which has always check_item=0 when I put a value bigger than 2^32. On Access-Request in debug mode, I have the following lines : Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is less than zero Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user [hidden email] http://user/SendEmail.jtp?type=nodenode=4799383i=1, check_item=0, counter=68882 Here is my counter definition : sqlcounter totalinputoctets { counter-name = Total-Max-Input-Octets check-name = Max-Input-Octets reply-name = ChilliSpot-Max-Input-Octets sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(AcctInputOctets) FROM radacct WHERE UserName='%{%k}' } I have added Max-Input-Octets in the dictionary file like that : ATTRIBUTE Max-Input-Octets3001integer64 In radcheck table: [hidden email] http://user/SendEmail.jtp?type=nodenode=4799383i=2 Max-Input-Octets:= 107374182400 Did I miss a thing ? Many thanks Nicolas -Message d'origine- De : freeradius-users-bounces
Re: Problem with rml_sqlcounter with GigaByte datavolume
I have a working setup which takes Check-Item over 100GB But being a 32Bit counter is wraps in 2GB limit. I have not tried Integer64. Can you check what happens when you change it to 32bit in dictionary instead of declaring it as 64bit ? On Wed, Sep 14, 2011 at 5:53 PM, nfourel nicolas.fou...@adipsys.com wrote: The « check_item=0 » is reason why I posted my messages on this ML. If I put a value lesser than 2^32 (for example 100) for “Max-Input-Octets” in radcheck for username ‘[hidden email]http://user/SendEmail.jtp?type=nodenode=4802561i=0’, everything is ok, check_item has the good value. If I put value bigger than 2^32, check_item is always equal to 0. ** ** Any idea ? ** ** Thanks ** ** Nicolas ** ** *De :* Suman Dash [via FreeRadius] [mailto:[hidden email]http://user/SendEmail.jtp?type=nodenode=4802561i=1] *Envoyé :* mercredi 14 septembre 2011 09:43 *À :* nfourel *Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume ** ** check_item=0 , See why Max-Input-Octets is returned as 0 . On Wed, Sep 14, 2011 at 12:55 PM, nfourel [hidden email]http://user/SendEmail.jtp?type=nodenode=4801896i=0 wrote: Hi, Here is the result of the SQL Query : SELECT SUM(AcctInputOctets) FROM radacct WHERE click here. -- View this message in context: RE: Problem with rml_sqlcounter with GigaByte datavolumehttp://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte-datavolume-tp4455164p4802561.html Sent from the FreeRadius - User mailing list archivehttp://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.htmlat Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rml_sqlcounter with GigaByte datavolume
It is a matter which needs attention of Alan or Arran. Kindly send a Bug Report so that this situation can be evaluated by the developers. On Wed, Sep 14, 2011 at 6:29 PM, nfourel nicolas.fou...@adipsys.com wrote: I have the same result with integer rather than integer64. I tried on a 32 bit server, and indeed, if I put a value bigger than 2^32 octets in Max-Input-Octets check-item, it wraps to 4294967295 octets and not to zero. So the problem seems to be with 64bit architecture and value bigger than 2^32 octets (like 100GB). Very strange behavior. ** ** Nicolas ** ** *De :* Suman Dash [via FreeRadius] [mailto:[hidden email]http://user/SendEmail.jtp?type=nodenode=4802672i=0] *Envoyé :* mercredi 14 septembre 2011 14:53 *À :* nfourel *Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume ** ** I have a working setup which takes Check-Item over 100GB But being a 32Bit counter is wraps in 2GB limit. I have not tried Integer64. Can you check what happens when you change it to 32bit in dictionary instead of declaring it as 64bit ? On Wed, Sep 14, 2011 at 5:53 PM, nfourel [hidden email]http://user/SendEmail.jtp?type=nodenode=4802642i=0 wrote: The « check_item=0 » is reason why I posted my messages on this ML. If I put a value lesser than 2^32 (for example 100) for “Max-Input-Octets” in radcheck for username ‘click here. -- View this message in context: RE: Problem with rml_sqlcounter with GigaByte datavolumehttp://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte-datavolume-tp4455164p4802672.html Sent from the FreeRadius - User mailing list archivehttp://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.htmlat Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiSPr
Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can be done ! On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond l...@dezignbrasil.com wrote: Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiSPr
Exactly ! Traffic Shaping has nothing to do with RADIUS. RADIUS will send values as configured to NAS. If NAS understands then NAS can use those attributes and do much more than just Traffic Shaping. Check the RADIUS dictionary of pfsense and you can find the attributes which will be used to control traffic. Once you get the attributes, use the same as Reply-Items and it will work like a charm. Read the basic documentation of RADIUS to understand how it works. There is already a lot of discussion regarding *lazy peoples* Regards Suman On Wed, Sep 14, 2011 at 9:18 PM, Luke Hammond l...@dezignbrasil.com wrote: By NAS i assume you men my pfsense. There isnt anywhere within Freeradius to traffic shape? are you saying it has to be done on the router and not in freeradius? On 14/09/2011 12:11 PM, Suman Dash wrote: Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can be done ! On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond l...@dezignbrasil.comwrote: Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiSPr
WISPr-Bandwidth-Max-Down / UP is indeed the Attribute which you are looking. But you need search the mailing lists and find out how to add those into radreply/radgroup reply. Hint : Read http://wiki.freeradius.org/Rlm_sql Regards Suman On Wed, Sep 14, 2011 at 9:34 PM, Suman Dash sumand...@gmail.com wrote: Exactly ! Traffic Shaping has nothing to do with RADIUS. RADIUS will send values as configured to NAS. If NAS understands then NAS can use those attributes and do much more than just Traffic Shaping. Check the RADIUS dictionary of pfsense and you can find the attributes which will be used to control traffic. Once you get the attributes, use the same as Reply-Items and it will work like a charm. Read the basic documentation of RADIUS to understand how it works. There is already a lot of discussion regarding *lazy peoples* Regards Suman On Wed, Sep 14, 2011 at 9:18 PM, Luke Hammond l...@dezignbrasil.comwrote: By NAS i assume you men my pfsense. There isnt anywhere within Freeradius to traffic shape? are you saying it has to be done on the router and not in freeradius? On 14/09/2011 12:11 PM, Suman Dash wrote: Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can be done ! On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond l...@dezignbrasil.comwrote: Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to connect FreeRADIUS uding JAVA
Look Into Jradius On Fri, Aug 26, 2011 at 1:02 PM, Rajkumar Balaji rajkumar.balaj...@gmail.com wrote: Hi, If anyone knows how to connect FreeRADIUS using JAVA Please help me to solve this Thanks Regards Rajkumar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
Hi Arran, I think i have managed to make the datacounter working. It may not be the best counter but it is the best i have ever done in freeradius. Below posted is the configs : Post-Auth { sql # Unlang Data-Counter. Sends Mikrotik-Recv-Limit to NAS update control { Tmp-Integer-0 = %{sql:SELECT ((SELECT tbl_groupcheck.value from tbl_groupcheck \ JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname \ WHERE tbl_usergroup.username = '%{User-Name}') (SELECT IFNULL(SUM(AcctInputOctets) \ +SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' \ AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW(} Tmp-Integer-1 = %{sql:SELECT ((SELECT tbl_groupcheck.value from tbl_groupcheck \ JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname \ WHERE tbl_usergroup.username = '%{User-Name}') - (SELECT IFNULL(SUM(AcctInputOctets) \ +SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' \ AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW(} } if (%{control:Tmp-Integer-0} == 1) { update reply{ Mikrotik-Recv-Limit := %{control:Tmp-Integer-1} } } if (%{control:Tmp-Integer-0} == 0) { update reply{ Reply-Message := Fair Usage Policy Enforced, Bandwidth Limited Mikrotik-Rate-Limit := 128K/256K 128K/256K 128K/256K 180/180 8 } } The caveats : It will return a negative value if Max-used-Traffic is more than Max-Monthly-Limit but we don't need that negative value as we will enforce Mikrotik-Rate-Limit (i.e Fair Usage Policy) If Max-Monthly-Limit - Max-used-Limit 32bit Integer, The Mikrotik-Recv-Limit will be wrapped and user will have a rough of 2GB per session limit. If user disconnects again and connects , the same thing applies. However, user will be able to use 100% of Max-Monthly-Traffic allocated in multiple sessions. I hope someone can make a hybrid of this counter. Regards Suman On Mon, Aug 8, 2011 at 8:04 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 8 Aug 2011, at 16:29, Suman Dash wrote: Just another small question before i jump into testing. If output from sub-query is less than 32bit, I can easily store it in Tmp-Integer , But sometimes when the user data usage is null, the sub-query will output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes. In that condition it is impossible to store it in Tmp-Integer . So ultimately the Integer passed by xlat and the stored in Tmp-Integer will differ. Yes. I'd imagine it'd be truncated. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unlang Condition Wrong Value !
I am trying to replace sqlcounter with Unland expression in Post Auth Section. The values are successfully called but while storing in Tmp-Interger those are stripped. Below are the logs . As you can see from the logs that Mysql returns a value of 20989570594 But it's stored as 3557549056 for Tmp-Integer-0 The same happens to Tmp-Integer-1 due to which the expression output becomes FALSE instead of TRUE. Is this the limitation of Tmp-Integer as it is an 32bit int ? ##Post-Auth Section sql update control{ Tmp-Integer-0 := %{sql:SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \ FROM tbl_acct WHERE UserName='%{User-Name}' \ AND MONTH(acctstoptime) = MONTH(NOW()) \ AND YEAR(acctstoptime) = YEAR(NOW())} Tmp-Integer-1 := %{sql:SELECT tbl_groupcheck.value from tbl_groupcheck \ JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname \ where tbl_usergroup.username = '%{User-Name}'} } if (%{control:Tmp-Integer-1} %{control:Tmp-Integer-0}) { update reply { Mikrotik-Recv-Limit := %{control:Tmp-Integer-1} - %{control:Tmp-Integer-0} } } if (%{control:Tmp-Integer-1} = %{control:Tmp-Integer-0}) { update reply { Reply-Message := Fair Usage Policy Enforced, Bandwidth Limited Mikrotik-Rate-Limit := 128K/256K 128K/256K 128K/256K 180/180 8 } } ##MySQL Table mysql SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) - FROM tbl_acct WHERE UserName='10021' - AND MONTH(acctstoptime) = MONTH(NOW()) - AND YEAR(acctstoptime) = YEAR(NOW()); +--+ | IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) | +--+ | 20989570594 | +--+ 1 row in set (0.00 sec) mysql SELECT tbl_groupcheck.value from tbl_groupcheck - JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname - where tbl_usergroup.username = '10021'; +-+ | value | +-+ | 20737418240 | +-+ 1 row in set (0.00 sec) ##RADIUS DEBUG LOG Finished request 4. Cleaning up request 4 ID 176 with timestamp +15 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198, id=236, length=132 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 56 NAS-Port-Type = Ethernet User-Name = 10021 Calling-Station-Id = XX:XX:XX:XX:XX:XX Called-Station-Id = Internet NAS-Port-Id = LAN User-Password = 10021 NAS-Identifier = XXX.XXX NAS-IP-Address = XXX.XX.XX.86 # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = 10021, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} - 10021 [sql] sql_set_user escaped user -- '10021' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '10021' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '10021' ORDER BY id [sql] expand: SELECT groupname FROM tbl_usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT
Re: Unlang Condition Wrong Value !
,acctstoptime, acctsessiontime, acctauthentic,connectinfo_start, connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid, callingstationid, acctterminatecause, servicetype, framedprotocol, framedipaddress, acctstartdelay, acctstopdelay,xascendsessionsvrkey) VALUES ('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL, '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} - 10021 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 56 to xxx.xx.xx.xx port 40276 Finished request 3. Cleaning up request 3 ID 56 with timestamp +17 Going to the next request Waking up in 4.8 seconds. The condition outputs 23737418240 21093361889 RETURNS FALSE . On Mon, Aug 8, 2011 at 12:51 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: RFC 2865: integer 32 bit unsigned value, most significant octet first. FreeRADIUS is just a RADIUS server, and the temporary integer attributes are just RADIUS attributes. -Arran On 8 Aug 2011, at 09:11, Suman Dash wrote: I am trying to replace sqlcounter with Unland expression in Post Auth Section. The values are successfully called but while storing in Tmp-Interger those are stripped. Below are the logs . As you can see from the logs that Mysql returns a value of 20989570594 But it's stored as 3557549056 for Tmp-Integer-0 The same happens to Tmp-Integer-1 due to which the expression output becomes FALSE instead of TRUE. Is this the limitation of Tmp-Integer as it is an 32bit int ? ##Post-Auth Section sql update control { Tmp-Integer-0 := %{sql:SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \ FROM tbl_acct WHERE UserName='%{User-Name}' \ AND MONTH(acctstoptime) = MONTH(NOW()) \ AND YEAR(acctstoptime) = YEAR(NOW())} Tmp-Integer-1 := %{sql:SELECT tbl_groupcheck.value from tbl_groupcheck \ JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname \ where tbl_usergroup.username = '%{User-Name}'} } if (%{control:Tmp-Integer-1} %{control:Tmp-Integer-0}) { update reply { Mikrotik-Recv-Limit := %{control:Tmp-Integer-1} - %{control:Tmp-Integer-0} } } if (%{control:Tmp-Integer-1} = %{control:Tmp-Integer-0}) { update reply { Reply-Message := Fair Usage Policy Enforced, Bandwidth Limited Mikrotik-Rate-Limit := 128K/256K 128K/256K 128K/256K 180/180 8 } } ##MySQL Table mysql SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) - FROM tbl_acct WHERE UserName='10021' - AND MONTH(acctstoptime) = MONTH(NOW()) - AND YEAR(acctstoptime) = YEAR(NOW()); +--+ | IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) | +--+ | 20989570594 | +--+ 1 row in set (0.00 sec) mysql SELECT tbl_groupcheck.value from tbl_groupcheck - JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname - where tbl_usergroup.username = '10021'; +-+ | value | +-+ | 20737418240 | +-+ 1 row in set (0.00 sec) ##RADIUS DEBUG LOG Finished request 4. Cleaning up request 4 ID 176 with timestamp +15 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198, id=236, length=132 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 56 NAS-Port-Type = Ethernet User-Name = 10021 Calling-Station-Id = XX:XX:XX:XX:XX:XX
Re: Unlang Condition Wrong Value !
What i mean to say is that i am not using an integer to store the value as integer is limited to 32bit, Instead i am directly comparing output from sql query in Unlanf but it doesn't seems to work either. It returns false where it should be returning true. Regards On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 8 Aug 2011, at 09:32, Suman Dash wrote: So it is not possible to store values more than 32 bit in Tmp-Integer. How about direct sql statements in Unlang not involving the Tmp-Integer. It is also not working in my scenario. You mean a comparison of two integers from two SQL statements? Attached is the logs. More useful would be the config... -Arran Going to the next request Ready to process requests. rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, id=55, length=132 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 60 NAS-Port-Type = Ethernet User-Name = 10021 Calling-Station-Id = F4:EC:38:BA:8A:3B Called-Station-Id = Internet NAS-Port-Id = LAN User-Password = 10021 NAS-Identifier = NTL.X NAS-IP-Address = xxx.xx.xx.xx # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = 10021, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} - 10021 [sql] sql_set_user escaped user -- '10021' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '10021' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '10021' ORDER BY id [sql] expand: SELECT groupname FROM tbl_usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM tbl_usergroup WHERE username = '10021' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = 'TEST-10G' ORDER BY id [sql] User found in group TEST-10G [sql] expand: SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = 'TEST-10G' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B ++[checkval] returns ok [expiration] Checking Expiration time: '1 Sep 2011' ++[expiration] returns ok ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password x [pap] Using CRYPT password Wh1vvjSX72NI6 [pap] User authenticated successfully ++[pap] returns ok # Executing section session from file /etc/freeradius/sites-enabled/default +- entering group session {...} [radutmp] expand: /var/log/freeradius/radutmp - /var/log/freeradius/radutmp [radutmp] expand: %{User-Name} - 10021 ++[radutmp] returns ok # Executing section post-auth from file /etc/freeradius/sites-enabled/default +- entering group post-auth {...} [sql] expand: %{User-Name} - 10021 [sql] sql_set_user escaped user -- '10021' [sql] expand: %{User-Password} - x [sql] expand: INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( '10021', '10021', 'Access-Accept', '2011-08-08 01:31:49') rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( '10021', '10021
Re: Unlang Condition Wrong Value !
Undermentioned is the complete config. This is a direct approach without storing the results in Tmp-Integer . I assume that this direct approach has nothing to do with 32bit length of Freeradius Attributes. What i am looking to accomplish is a data counter which does not wraps at 4GB, Checks whether total used traffic is less than Max-Monthly-Traffic and based on the result it updates the reply attribute. I have read a lot in mailing lists that people have accomplished it with rlm_perl but i unable to find a similar script in freeradius mailing list. I understand that this feature will be beneficial to a lot of people in community as a lot of people have done hacks and tricks to make it work. So till now official Session counter is available but no data counter. if (%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE tbl_usergroup.username = '%{User-Name}'} %{sql:SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())}) { update reply { Mikrotik-Recv-Limit := %{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE tbl_usergroup.username = '%{User-Name}'} - %{sql:SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) = YEAR(NOW())} } else { update reply { Reply-Message := Fair Usage Policy Enforced, Bandwidth Limited Mikrotik-Rate-Limit := 128K/256K } } } Regards Suman On Mon, Aug 8, 2011 at 2:39 PM, Suman Dash sumand...@gmail.com wrote: What i mean to say is that i am not using an integer to store the value as integer is limited to 32bit, Instead i am directly comparing output from sql query in Unlanf but it doesn't seems to work either. It returns false where it should be returning true. Regards On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 8 Aug 2011, at 09:32, Suman Dash wrote: So it is not possible to store values more than 32 bit in Tmp-Integer. How about direct sql statements in Unlang not involving the Tmp-Integer. It is also not working in my scenario. You mean a comparison of two integers from two SQL statements? Attached is the logs. More useful would be the config... -Arran Going to the next request Ready to process requests. rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, id=55, length=132 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 60 NAS-Port-Type = Ethernet User-Name = 10021 Calling-Station-Id = F4:EC:38:BA:8A:3B Called-Station-Id = Internet NAS-Port-Id = LAN User-Password = 10021 NAS-Identifier = NTL.X NAS-IP-Address = xxx.xx.xx.xx # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = 10021, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} - 10021 [sql] sql_set_user escaped user -- '10021' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '10021' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '10021' ORDER BY id [sql] expand: SELECT groupname FROM tbl_usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM tbl_usergroup WHERE username = '10021' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = 'TEST
Re: Unlang Condition Wrong Value !
Hi Arran, Unfortunately I am not much of a programmer . Therefore if you can put some examples / pointers based on my requirement, it will be a headstart for me . I had also read somewhere that if we can strip the last 3 octet then atleast 4TB of traffic can be managed in replying back . However, there are a lot of solutions but no examples or a working config which can be tweaked. Regards Suman On Mon, Aug 8, 2011 at 3:02 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 8 Aug 2011, at 11:09, Suman Dash wrote: What i mean to say is that i am not using an integer to store the value as integer is limited to 32bit, Instead i am directly comparing output from sql query in Unlanf but it doesn't seems to work either. Then no. AFAIK FreeRADIUS doesn't support arbitrary precision mathematics. In general performance is valued over completeness when it comes to things like unlang. Here are some workarounds: * You could store the result as a string and use an external utility to do the comparison. * You could also try expr xlat, but i'm not sure if it supports arbitrary precision either. * If you're just doing an equality check, then just write the value to a string and do a straight string comparison. * You could do the comparison in SQL and return a boolean value (i've used this as a workaround in the past). * You could write an xlat wrapper around one of the arbitrary precision libraries. -Arran It returns false where it should be returning true. Regards On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 8 Aug 2011, at 09:32, Suman Dash wrote: So it is not possible to store values more than 32 bit in Tmp-Integer. How about direct sql statements in Unlang not involving the Tmp-Integer. It is also not working in my scenario. You mean a comparison of two integers from two SQL statements? Attached is the logs. More useful would be the config... -Arran Going to the next request Ready to process requests. rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642, id=55, length=132 Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 60 NAS-Port-Type = Ethernet User-Name = 10021 Calling-Station-Id = F4:EC:38:BA:8A:3B Called-Station-Id = Internet NAS-Port-Id = LAN User-Password = 10021 NAS-Identifier = NTL.X NAS-IP-Address = xxx.xx.xx.xx # Executing section authorize from file /etc/freeradius/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = 10021, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry DEFAULT at line 172 ++[files] returns ok [sql] expand: %{User-Name} - 10021 [sql] sql_set_user escaped user -- '10021' rlm_sql (sql): Reserving sql socket id: 1 [sql] expand: SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '10021' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '10021' ORDER BY id [sql] expand: SELECT groupname FROM tbl_usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM tbl_usergroup WHERE username = '10021' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = 'TEST-10G' ORDER BY id [sql] User found in group TEST-10G [sql] expand: SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = 'TEST-10G' ORDER BY id rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B ++[checkval] returns ok [expiration] Checking Expiration time: '1 Sep 2011' ++[expiration] returns ok ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP # Executing group from file /etc/freeradius/sites-enabled/default +- entering group PAP {...} [pap] login attempt
Re: Unlang Condition Wrong Value !
So what you say is that i do all comparision within sql sub-query and whatever output i need to define if less than 32bit store it into an Integer and do Unlang control / reply updates ? Seems quite right .. Will try and get back with results. Thanks for the tip.. Regards Suman On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: Unfortunately I am not much of a programmer . Ok... but you know SQL right? Which is why i'm suggesting to do the comparison in the SQL database. Therefore if you can put some examples / pointers based on my requirement, it will be a headstart for me . http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html Use SELECT COUNT(*) for the outer query and then compare that value in unlang. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
Just another small question before i jump into testing. If output from sub-query is less than 32bit, I can easily store it in Tmp-Integer , But sometimes when the user data usage is null, the sub-query will output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes. In that condition it is impossible to store it in Tmp-Integer . So ultimately the Integer passed by xlat and the stored in Tmp-Integer will differ. Regards Suman Dash On Mon, Aug 8, 2011 at 7:45 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 8 Aug 2011, at 16:11, Suman Dash wrote: So what you say is that i do all comparision within sql sub-query and whatever output i need to define if less than 32bit store it into an Integer and do Unlang control / reply updates ? Seems quite right .. Will try and get back with results. Exactly :) Feel free to post some samples if you get it working and i'll put them up on the wiki. -Arran On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: Unfortunately I am not much of a programmer . Ok... but you know SQL right? Which is why i'm suggesting to do the comparison in the SQL database. Therefore if you can put some examples / pointers based on my requirement, it will be a headstart for me . http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html Use SELECT COUNT(*) for the outer query and then compare that value in unlang. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Opposite of Expiraton attribute?
Use First-Login , It may solve your purpose ! On 6/17/2011 10:53 AM, Matthew George wrote: Is there an attribute that is the opposite of expiration? I'm trying to setup accounts to have a specific login time range. For example; Start-Time = 5 June 2011 00:00:00 Expiration == 5 June 2011 02:00:00 I've been hunting googling for hours but I've been unable to find an attribute that would let me specific a start-time or a valid-after attribute. Any suggestions? __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Opposite of Expiraton attribute?
Or Else ! Expiration = First-Login + N (Days , Hours , Minutes ). This can be done by any script or Web Frontend. It will allow you to define an Expiration of N from the date of first login. Regards On 6/17/2011 10:53 AM, Matthew George wrote: Is there an attribute that is the opposite of expiration? I'm trying to setup accounts to have a specific login time range. For example; Start-Time = 5 June 2011 00:00:00 Expiration == 5 June 2011 02:00:00 I've been hunting googling for hours but I've been unable to find an attribute that would let me specific a start-time or a valid-after attribute. Any suggestions? __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:
Please read the documentation on how to setup freeradius. From your post it is unclear as what type of auth you need. There are official docs at freeradius.org which you might want to see. On 4/26/2011 10:16 AM, arpitha arpitha wrote: hi, 'm very new to freeradius, i want to setup radius server to authenticate another system connected through an access point. i'l b grateful if any1 can tell d steps 2 do this r give links 2 d related materials. Thnks in advance :-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please help me with sqlcounter
I am trying to do the same in sqlcounter but looks like the %b is hard coded and there is no way to make it dynamically read from database. I have tried using custom sqlcounter but it doe not escapes properly. Anyone effort in commenting on this thread will be highly appreciable as it will enable the user to do a custom time based session accounting instead of fixed 1 ~ 30 date accounting. Best Regards Suman On 3/21/2011 11:54 AM, frankfang wrote: I want to use sqlcounter to control the user's traffic usage, and I have these needs: 1. I have read http://wiki.freeradius.org/Rlm_sqlcounter the wiki about the sqlcounter, and I get %b as the unix time value of beginning of reset period but how can I set this value? I want to sqlcounter begin count at a specific time such as the register time.. Is it possible? 2. When user's traffic usage over a value, I hope the server will disconnect the connected user immediately, Is it possible for doing this? I have read some article about sqlcounter, but I'm still confused about these questions, can anyone help me? I'm very appreciate for your help -- View this message in context: http://freeradius.1045715.n5.nabble.com/Please-help-me-with-sqlcounter-tp4192991p4192991.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
Hi Alan, Did you managed to look into the issue ? or maybe any hints on how to use DATETIME in Expiration instead of String ? Regads Suman On 3/15/2011 4:04 PM, Suman Dash wrote: Dear Alan, I have not removed any debug messages. I will try to put everything once again . I was not aware that i sent you a mail. I am having a nightmare and accidently i clicked Send All instead of selecting the mailing list. sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session reply-name = Session-Timeout sqlmod-inst = sql key = User-Name reset = never query = SELECT SUM(acctsessiontime) FROM tbl_acct where \ username = '%{%k}' AND acctstarttime BETWEEN \ (SELECT STR_TO_DATE((SELECT value FROM tbl_check \ WHERE username = '%{%k}' AND attribute = 'Activation'), 'd M Y H:i:s')) \ AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{%k}' \ AND attribute = 'Expiration'), 'd M Y H:i:s')) } DEBUG Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 122.175.85.117 port 21658, id=10, length=59 User-Name = suman User-Password = duman12 Calling-Station-Id = 001122334455 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = suman, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop [sql] expand: %{User-Name} - suman [sql] sql_set_user escaped user -- 'suman' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM tbl_check WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_check WHERE username = 'suman' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM tbl_reply WHERE username = 'suman' ORDER BY id [sql] expand: SELECT groupname FROM tbl_usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM tbl_usergroup WHERE username = 'suman' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, Value, op FROM tbl_groupcheck WHERE groupname = 'Biz1Mbps-UL' ORDER BY id [sql] User found in group Biz1Mbps-UL [sql] expand: SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute, value, op FROM tbl_groupreply WHERE groupname = 'Biz1Mbps-UL' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[dailycounter] returns noop rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(acctsessiontime) FROM tbl_acct where username = '%{User-Name}' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{User-Name}' AND attribute = 'Activation'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{User-Name}' AND attribute = 'Expiration'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s'))' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt
Re: SQL Counter Escape String !
Much thanks Alan, That was some really good advice on how to make the thing work. So now i have to write unlang statement in preprocess so that it directly gives the Session-Timeout . Please correct me if i am wrong. Thanks Again On 3/16/2011 4:09 PM, Alan DeKok wrote: Suman Dash wrote: Hi Alan, Did you managed to look into the issue ? No. or maybe any hints on how to use DATETIME in Expiration instead of String ? Honestly, in 2.1.10, you can just write SELECT statements directly in unlang. update reply { Session-Timeout := %{sql: SELECT ...} } Couple that with a few other things, and you should be able to replace the sqlcounter module entirely. i.e. I don't use that module, and I know little or nothing about it. I have little time to do anything with it. Alan DeKok. __ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL Unlang !
I am looking forward for a short example on how to store a SQL query to a variable which can be used in next condition in UNLANG. I have no knowledge of unlang but i got a fair amount of idea with the condition checks , just need a little insight on the result stores . For Ex. result1 = {some sql query} result2 = {some sql query} update control Session-Timeout := Result1 - Result 2 Thanks in advance Suman On 3/16/2011 4:09 PM, Alan DeKok wrote: Suman Dash wrote: Hi Alan, Did you managed to look into the issue ? No. or maybe any hints on how to use DATETIME in Expiration instead of String ? Honestly, in 2.1.10, you can just write SELECT statements directly in unlang. update reply { Session-Timeout := %{sql: SELECT ...} } Couple that with a few other things, and you should be able to replace the sqlcounter module entirely. i.e. I don't use that module, and I know little or nothing about it. I have little time to do anything with it. Alan DeKok. __ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
: SELECT SUM(acctsessiontime) FROM tbl_acct where username = 'suman' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Activation'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Expiration'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s')); - SELECT SUM(acctsessiontime) FROM tbl_acct where username = 'suman' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Activation'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND rlm_sql (sql): Reserving sql socket id: 2 [monthlycounter] row[0] returned NULL rlm_sql (sql): Released sql socket id: 2 [monthlycounter]expand: %{sql:SELECT SUM(acctsessiontime) FROM tbl_acct where username = 'suman' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Activation'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Expiration'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s'));} - rlm_sqlcounter: No integer found in string ++[monthlycounter] returns noop On Tue, Mar 15, 2011 at 11:41 AM, Alan DeKok al...@deployingradius.com wrote: Suman Dash wrote: Please anyone advice me the way to escape run-time variables in freeradius. I am using STR_TO_DATE and freeradius run-time variable is over-riding the mysql time variables Yes... that's what it does. I have tried escaping as per the thread http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328 sigh What's wrong with reading the documentation? But no luck .. My Entire Counter is : ... which doesn't follow the escaping rules of either the above message, or the documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
I have tried almost all sql escape but looks like none are working or maybe i am missing something. I am stuck in this issue for more than 3 days and now i don't have any clue due to which i am trying to reach for help on the mailing list. SELECT SUM(acctsessiontime) FROM tbl_acct where username = '%{%k}' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{%k}' AND attribute = 'Activation'), '%d %M %Y %H:%i:%s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{%k}' AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s')); Doesn't Work SELECT SUM(acctsessiontime) FROM tbl_acct where username = '%{%k}' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{%k}' AND attribute = 'Activation'), '%%d %%M %%Y %%H:%%i:%%s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{%k}' AND attribute = 'Expiration'), '%%d %%M %%Y %%H:%%i:%s')); Doesn't Work All i am looking forward is a link to the proper documentation or a small example on this issue. Any help in this regard will be much appreciated. Best Regards Suman Dash On 3/15/2011 12:02 PM, Suman Dash wrote: New Modified Query ! SELECT SUM(acctsessiontime) FROM tbl_acct where \ username = '%{%k}' AND acctstarttime BETWEEN \ (SELECT STR_TO_DATE((SELECT value FROM tbl_check \ WHERE username = '%{%k}' AND attribute = 'Activation'), '%%d %%M %%Y %%H:%%i:%%s')) \ AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{%k}' \ AND attribute = 'Expiration'), '%%d %%M %%Y %%H:%%i:%%s')); DEBUG : sqlcounter_expand: 'SELECT SUM(acctsessiontime) FROM tbl_acct where username = '%{User-Name}' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{User-Name}' AND attribute = 'Activation'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{User-Name}' AND attribute = 'Expiration'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s'));' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt' [monthlycounter]expand: SELECT SUM(acctsessiontime) FROM tbl_acct where username = '%{User-Name}' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{User-Name}' AND attribute = 'Activation'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = '%{User-Name}' AND attribute = 'Expiration'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s')); - SELECT SUM(acctsessiontime) FROM tbl_acct where username = 'suman' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Activation'), '%1298917800d %1298917800M %1298917800Y %1298917800H:%1298917800i:%1298917800s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' sqlcounter_expand: '%{sql:SELECT SUM(acctsessiontime) FROM tbl_acct where username = 'suman' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Activation
Re: SQL Counter Escape String !
rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] returns noop rlm_checkval: Item Name: Calling-Station-Id, Value: 001122334455 rlm_checkval: Value Name: Calling-Station-Id, Value: 001122334455 ++[checkval] returns ok [expiration] Checking Expiration time: '13 Mar 2012 21:37:23' ++[expiration] returns ok ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password duman12 [pap] Using CRYPT encryption. [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} [sqlippool] No Pool-Name defined. [sqlippool] expand: No Pool-Name defined (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) - No Pool-Name defined (did cli 001122334455 port user suman) No Pool-Name defined (did cli 001122334455 port user suman) ++[sqlippool] returns noop [sql] expand: %{User-Name} - suman [sql] sql_set_user escaped user -- 'suman' [sql] expand: %{User-Password} - duman12 [sql] expand: INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( 'suman', 'duman12', 'Access-Accept', '2011-03-15 14:36:34') rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( 'suman', 'duman12', 'Access-Accept', '2011-03-15 14:36:34') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 6 to 122.175.85.117 port 19169 Session-Timeout = 31474849 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 6 with timestamp +3 Ready to process requests. ** When the Counter Reset Period is monthly , %%' becomes '%1298917800 When the Counter Reset Period is Never , New Problem Arises i.e %0d %0M %0Y %0H:%0i:%0s Best Regards Suman Suman Dash wrote: I have tried almost all sql escape but looks like none are working or maybe i am missing something. I am stuck in this issue for more than 3 days and now i don't have any clue due to which i am trying to reach for help on the mailing list. Hmm... the issue seems to be that the sqlcounter module does it's own string expansion, and gets it *horribly* wrong. As for why '%%' becomes '%1298917800', I have no idea. Posting *more* debug output might help. What you did post was the final result of the expansion, and didn't include *how* that expansion came about. Alan DeKok. __ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
%0H:%0%0i:%0%0s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Expiration'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s')) rlm_sql (sql): Reserving sql socket id: 2 [monthlycounter] row[0] returned NULL rlm_sql (sql): Released sql socket id: 2 [monthlycounter]expand: %{sql:SELECT SUM(acctsessiontime) FROM tbl_acct where username = 'suman' AND acctstarttime BETWEEN (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Activation'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s')) AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' AND attribute = 'Expiration'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s'))} - rlm_sqlcounter: No integer found in string ++[monthlycounter] returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair ++[noresetcounter] returns noop rlm_checkval: Item Name: Calling-Station-Id, Value: 001122334455 rlm_checkval: Value Name: Calling-Station-Id, Value: 001122334455 ++[checkval] returns ok [expiration] Checking Expiration time: '13 Mar 2012 21:37:23' ++[expiration] returns ok ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password duman12 [pap] Using CRYPT encryption. [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} [sqlippool] No Pool-Name defined. [sqlippool] expand: No Pool-Name defined (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) - No Pool-Name defined (did cli 001122334455 port user suman) No Pool-Name defined (did cli 001122334455 port user suman) ++[sqlippool] returns noop [sql] expand: %{User-Name} - suman [sql] sql_set_user escaped user -- 'suman' [sql] expand: %{User-Password} - duman12 [sql] expand: INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( 'suman', 'duman12', 'Access-Accept', '2011-03-15 15:57:53') rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth (username, pass, reply, authdate) VALUES ( 'suman', 'duman12', 'Access-Accept', '2011-03-15 15:57:53') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 10 to 122.175.85.117 port 21658 Session-Timeout = 31469970 Finished request 0. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 10 with timestamp +3 Ready to process requests. The above is the complete log , nothing removed . As you can see %0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s which is nothing but d %%%M Y H I am using freeradius 2.1.8 and now i am in a process of checking the same in the latest release. As for the read receipt is concerned then i am sorry in case i have annoyed you in any way. Best Regards Suman Dash On 3/15/2011 3:29 PM, Alan DeKok wrote: Suman Dash wrote: sqlcounter monthlycounter { ... WHERE username = '%{%k}' AND attribute = 'Activation'), 'd M Y H:i:s')) \ The debug log doesn't show that this string is being used. And *again* you delete large amounts of the debug log. Why? It just makes it harder to help you. In short: you are editing a configuration file, BUT the server isn't using the configuration file you're editing. That is likely the *major* source of the problems you're seeing. And don't CC me on messages to the list. I *do* read the list. And especially do NOT set return receipt requested. It's rude and annoying. If it keeps up, I'll just delete the messages unread. Alan DeKok. __ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
(username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'suman', 'duman12', 'Access-Accept', '2011-03-15 18:53:17') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'suman', 'duman12', 'Access-Accept', '2011-03-15 18:53:17') rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 ++[sql] returns ok ++[exec] returns noop Sending Access-Accept of id 35 to 122.175.85.117 port 12893 Session-Timeout = 1832802 Finished request 0. Going to the next request Waking up in 4.9 seconds. On 3/15/2011 3:29 PM, Alan DeKok wrote: Suman Dash wrote: sqlcounter monthlycounter { ... WHERE username = '%{%k}' AND attribute = 'Activation'), 'd M Y H:i:s')) \ The debug log doesn't show that this string is being used. And *again* you delete large amounts of the debug log. Why? It just makes it harder to help you. In short: you are editing a configuration file, BUT the server isn't using the configuration file you're editing. That is likely the *major* source of the problems you're seeing. And don't CC me on messages to the list. I *do* read the list. And especially do NOT set return receipt requested. It's rude and annoying. If it keeps up, I'll just delete the messages unread. Alan DeKok. __ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling-Station-Id problem
You need to check the Calling-Station-Id format sent by the NAS. Start radius in debug more and send a auth request, the debug will show whether your NAS sends Calling-Station-Id or not . If it sends the Calling-Station-Id you can clearly see the format of the same. Best Regads Suman Dash On Sun, Mar 13, 2011 at 5:07 PM, ziko emobux...@yahoo.com wrote: Hello. I am using freeradius2 on my CentOS5. It's working great. But now I have one problem. I need to use wireless and pppoe together in my network. Users must login both in wireless and pppoe. wireless using MAC format 00-00-00-00-00 and pppoe 00:00:00:00:00 How can i indicate calling-station-id for one user for both, wireless and pppoe? I tried both format together like this: user1 Calling-Station-Id == 00-00-00-00-00 user1 Calling-Station-Id == 00:00:00:00:00 but no success. I am using mikrotik and ubiquity products as NAS and ubiquity as clients. Please help me. Sorry for my poor English. *Looking up 00-00-00-00*... Please wait... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Concurrent Sessions per user
Yes .. Simultaneous-Use Attribute On Mon, Mar 14, 2011 at 10:38 PM, Moayad Mohammad mmoham...@thebluezone.com wrote: Dear, Is there is a way to control the concurrent sessions per user? Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Concurrent Sessions per user
Please anyone advice me the way to escap run-time variables in freeradius. I am using STR_TO_DATE and freeradius run-time variable is over-riding the mysql time variables SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives 2012-03-14 21:37:23 in MySQL Whereas in freeradius SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives '14 0 2011 20:001122334455:_ 14 = Current Date 0 = MTU 2011 = Current Year 001122334455 = Calling-Station-ID _ = Speed I have tried escaping as per the thread http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328 But no luck .. Thanks in advance !! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
String Escape in SQL Counter !
Please anyone advice me the way to escape run-time variables in freeradius. I am using STR_TO_DATE and freeradius run-time variable is over-riding the mysql time variables SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives 2012-03-14 21:37:23 in MySQL Whereas in freeradius SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives '14 0 2011 20:001122334455:_ 14 = Current Date 0 = MTU 2011 = Current Year 001122334455 = Calling-Station-ID _ = Speed I have tried escaping as per the thread http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328 But no luck .. My Entire Counter is : query = SELECT SUM(acctsessiontime) FROM tbl_acct where \ username = 'suman' AND acctstarttime BETWEEN \ (SELECT STR_TO_DATE((SELECT value FROM tbl_check \ WHERE username = 'suman' AND attribute = 'Activation'), '%d %M %Y %H:%i:%s')) \ AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' \ AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s')) The Above Query Ends Up Showing 14 0 2011 23:001122334455:_ Any help in this matter will be highly appreciated ! Cheers ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL Counter Escape String !
Please anyone advice me the way to escape run-time variables in freeradius. I am using STR_TO_DATE and freeradius run-time variable is over-riding the mysql time variables SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives 2012-03-14 21:37:23 in MySQL Whereas in freeradius SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives '14 0 2011 20:001122334455:_ 14 = Current Date 0 = MTU 2011 = Current Year 001122334455 = Calling-Station-ID _ = Speed I have tried escaping as per the thread http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328 But no luck .. My Entire Counter is : query = SELECT SUM(acctsessiontime) FROM tbl_acct where \ username = 'suman' AND acctstarttime BETWEEN \ (SELECT STR_TO_DATE((SELECT value FROM tbl_check \ WHERE username = 'suman' AND attribute = 'Activation'), '%d %M %Y %H:%i:%s')) \ AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username = 'suman' \ AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s')) The Above Query Ends Up Showing 14 0 2011 23:001122334455:_ Any help in this matter will be highly appreciated ! Cheers ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Encountering error when using radius -X
path issue. create symlink to the particular files. ln -s /usr/local/lib/* libfreeradius-radius-2.1.0.so /usr/lib there may be some more missing files whose symlink you need to do . Let me know if it works. * On Wed, Aug 18, 2010 at 5:53 PM, Fabien COMBERNOUS fcombern...@kezia.comwrote: kartik dadwal wrote: Hi, -freeradius version: freeradius-2.1.0+dfsg (downloaded from http://packages.ubuntu.com/source/karmic/freeradius) -OS: Ubuntu 9.10 (Karmic Koala) I was unable to download but now i get a page that is not empty. But, if i check depends of my binary deb : *Depends: lsb-base (= 3.0-6), libc6 (= 2.7-1), libfreeradius2 (= 2.0.4+dfsg-6), libgdbm3, libltdl3 (= 1.5.2-2), libpam0g (= 0.99.7.1), libperl5.10 (= 5.10.0), libsnmp15 (= 5.4.1~dfsg), libssl0.9.8 (= 0.9.8f-5), python2.5 (= 2.5), freeradius-common If you want to compile your own freeradius, it should be easier to use the .deb source. You'll get a .deb binary package and all the advantages of .deb. * -- *Fabien COMBERNOUS* /unix system engineer/ www.kezia.com http://www.kezia.com/ *Tel: +33 (0) 467 992 986* Kezia Group - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
No Worries .. I managed to get past the error. Actually, i was using a same username that was in my /etc/shadow . I renamed the user and it worked. Cheers On Sun, Mar 14, 2010 at 7:04 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, Hi, I am unable to locally authenticate a user from users file. Below is the log : what does the entry in your users file look like? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
Hi, I am unable to locally authenticate a user from users file. Below is the log : Server : rad_recv: Access-Request packet from host 127.0.0.1 port 37881, id=29, length=57 User-Name = suman User-Password = hello NAS-IP-Address = 20x.20x.20x.20x NAS-Port = 0 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = suman, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns updated [files] users: Matched entry suman at line 90 [files] expand: Hello, %{User-Name} - Hello, suman ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password hello [pap] Using CRYPT encryption. [pap] Passwords don't match ++[pap] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - suman attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 2 for 1 seconds Going to the next request Waking up in 0.10 seconds. Sending delayed reject for request 2 Sending Access-Reject of id 29 to 127.0.0.1 port 37881 Reply-Message = Hello, suman Waking up in 4.9 seconds. Cleaning up request 2 ID 29 with timestamp +164 Ready to process requests. Radtest sudo radtest suman hello 127.0.0.1 0 testing123 Log Sending Access-Request of id 203 to 127.0.0.1 port 1812 User-Name = suman User-Password = hello NAS-IP-Address = 204.232.205.196 NAS-Port = 0 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=203, length=34 Reply-Message = Hello, suman Please let me know what i am doing wrong as i am a complete starter. Thanks and Regards Suman Dash - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
No, The Password is in Cleartext. How do i disable / Enable the CRYPT password ? On Sun, Mar 14, 2010 at 1:45 AM, YvesDM ydm...@gmail.com wrote: On Sat, Mar 13, 2010 at 8:14 PM, Suman Dash sumand...@gmail.com wrote: +- entering group PAP {...} [pap] login attempt with password hello [pap] Using CRYPT encryption. [pap] Passwords don't match ++[pap] returns reject I don't think you used a crypt password in your users file - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html