Re: problem with initial setup
Received -bash: /usr/bin/radtest: No such file or directory
It means radtest command was not found.
On Mon, Sep 9, 2013 at 10:22 PM, Swenson, Chris cswen...@curry.edu wrote:
Thanks for the replies:
Ok, uninstalled #1 and updated to freeradius2
radiusd started without a hitch withtesting Cleartext-Password :=
password in users file.
When I ran radtest testing password localhost 0 testing123
Received -bash: /usr/bin/radtest: No such file or directory
For academics sake here is the radius -X output. (definitely not my
granddads radius )
[root@ldap1 raddb]# radiusd -X
FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Sep 25
2012 at 10:55:14
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
main {
user = radiusd
group = radiusd
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
name = radiusd
prefix = /usr
localstatedir = /var
sbindir = /usr/sbin
logdir = /var/log/radius
run_dir = /var/run/radiusd
libdir = /usr/lib/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
Re: FreeRADIUS Hotspot
On Mon, Jan 2, 2012 at 2:39 PM, hemant hem...@scopesky.com wrote: Hello Guys, I have Installed Freeradius2 with MYSQL and WEBMIN as DaloRadius. I want to setup the FreeRADIUS for the Login Access To the Mikrotik Routers. I am also Setting up the FreeRADIUS for the HOTSPOT Users-authentication,accounting. Login Access to Mikrotik Router or Internet ? I am assuming 1 profile for each !! Right now i have added a client with /24 network and shared-secret, and created profiles on the daloRADIUS by using the Mikrotik Attributes, I can have READ/FULL/WRITE access to my routers. I am also using the REALMS for the Login Hotspot Service Differentiations. I created two profiles with different realms as my router. i created users on these profiles one for login access and other only for hotspot access. But i have problem now that my HotSpot Users can also Login to My Router.. Use 2 Different IP Subnets. First Subnet which is same as the Mikrotik Router will be used by Mikrotik users. Second Subnet will be used for Internet . Use Internal Firewall to seperate inter subnet communication or remove the routes . Please help me here guys... I have to Submit the Project with detailed report in 5 days..And i am right now no where near to completing it..?? Please any one ..Reply ASAP ..:) -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRADIUS-Hotspot-tp5114296p5114296.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS Hotspot
Create Firewall Policy Between which will block all traffic from Internet Subnet to Mikrotik Subnet ! On Mon, Jan 2, 2012 at 4:00 PM, hemant hem...@scopesky.com wrote: But On this single Mikrotik Router, I am Giving access to internet for the HotSpot User, And also Creating users for the My Transmission team..?? So how will these two IP subnet give me Desired Diifferentiated result..?? -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRADIUS-Hotspot-tp5114296p5114376.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius with Java
Have you looked Jradius which is Radius Plugin for Java ? On Wed, Dec 21, 2011 at 1:01 AM, Jeisson Fabian Perez Rodriguez jeissonfabian...@gmail.com wrote: Hi, again, I've been trying to connect FreeRadius with an application on Java, but I don't find the correct way. Could somebody tell me something about it?, please! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed to run Freeradius on CentoS
Freeradius is already running or there is someone using the same port.
Check the error message as it carries the solution.
Regards
Suman
On Fri, Nov 25, 2011 at 3:12 PM, Bhanu Vegesna bhanu.vege...@gmail.comwrote:
listen {
type = auth
ipaddr = 127.0.0.0
port = 1812
Failed binding to authentication address 127.0.0.0 port 1812 as server
inner-tunnel: Address already in use
/usr/local/etc/raddb/sites-enabled/inner-tunnel[32]: Error binding to
port for 127.0.0.0 port 1812
I tried to check if duplicate version of freeradius and changing to
use specifc ip no luck.
Can any throw some light and help me out ?
regards
Bhanu
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to solve below issues
symlink it to the actual file . On Thu, Nov 10, 2011 at 2:11 PM, Harshavardhan chillakuru harshac...@gmail.com wrote: 1. when i run the radius for debugging mode using *radusd -X*command i got error like *bash: radiusd: command not found* 2. ./radiusd: error while loading shared libraries: libfreeradius-radius-2.1.12.so: cannot open shared object file: No such file or directory - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed Duration Weekly, Monthly and Daily Accounts
Expiration is actually the validity of the account. It does not calculates the amount of time used. If you are looking to limit the session time i.e 100 hrs Monthly or anything , you need rlm_sqlcounter with attributes like Max-Session-Time with a value. In conjunction with Expiration, you can use Max-Session-Time to create packages such as 1 Month 100 Hrs Browsing etc . Feel to send any other query if you are stuck . Regards Suman On Sun, Oct 30, 2011 at 6:28 PM, Fajar A. Nugraha l...@fajar.net wrote: On Sun, Oct 30, 2011 at 7:39 PM, JennyBlunt jennyshoeh...@me.com wrote: How do I create a group which provides access for a preset amount of time, for instance one day, week or month. I've tried by using expiration but don't think thats right. Will the noreset parameter do this? In our current system (not freeradius), we'd set this up as a continuous account which starts the counter the first time the users logs on. I actually suggest you use rlm_sqlcounter instead, which (for me) is easier to understand and maintain. Use the example noresetcounter from http://wiki.freeradius.org/Rlm_sqlcounter You can see exactly how the module counts whatever-it-uses (in the example it's SUM(AcctSessionTime)), and you can run the query manually for debugging purposes. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed Duration Weekly, Monthly and Daily Accounts
Re-Correct - Max-All-Session = 43200 ( It's in Seconds , Not in Minutes ) Second, It is not under our control to decide how much time the user users. We can assign a continuous usage of XYZ minutes / Hours but what if the user disconnects early ? What happens when the user logins again ? Will you reject the user or accept the user ? Anyway, to answer your questions, Session-Timeout of 43200 is what needed to give a continuous Session session of 43200. But again when the user disconnects and re-logins , he/she will again get 43200 of time during re-login. Regards Suman On Sun, Oct 30, 2011 at 6:50 PM, JennyBlunt jennyshoeh...@me.com wrote: That's the one we're using. What I don't understand is that if we set up a group with max-all-session = 43200 the user would get in total 43200 minutes. When, in reality, we're trying to give them a continuous 43200 minutes from first login. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Fixed-Duration-Weekly-Monthly-and-Daily-Accounts-tp4950022p4950078.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed Duration Weekly, Monthly and Daily Accounts
Hi Alan, I think the poster is asking for a continuous amount of time after login. Setting Expiration will give a max valid period in which the user can login but under no circumstances it can provide a continuous period of usage. Poster is also not clear what will happen if the user disconnects and connects again So i think the question asked here is incomplete. Regards Suman On Sun, Oct 30, 2011 at 7:07 PM, Alan DeKok al...@deployingradius.comwrote: JennyBlunt wrote: That's the one we're using. What I don't understand is that if we set up a group with max-all-session = 43200 the user would get in total 43200 minutes. When, in reality, we're trying to give them a continuous 43200 minutes from first login. Then set the expiration date when they first log in. Remember: FreeRADIUS authenticates people. It isn't a DB. If you want to have it remember something, you need to store that information in a DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fixed Duration Weekly, Monthly and Daily Accounts
You have the exact solution given by Fajar. See his SQL query and modify as required. Regards Suman On Sun, Oct 30, 2011 at 10:26 PM, JennyBlunt jennyshoeh...@me.com wrote: Sorry if I wasn't clear. I want to be able to generate a monthly voucher - 30 days access from the exact time of first login. A continuous clock ticking from the start time. I'm going to look at Fajar's suggestion now... -- View this message in context: http://freeradius.1045715.n5.nabble.com/Fixed-Duration-Weekly-Monthly-and-Daily-Accounts-tp4950022p4950392.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Quota based on time with squid
You have not instantiated the counters in Post-Auth . Read more about
counter and how it works and how you can enable the same.
Regards
Suman
On Sat, Oct 29, 2011 at 4:40 PM, senthil kumar
senthilkumaar2...@gmail.comwrote:
Hello Team
The user can authenticate and browse at any time. May i know which
entry i have to add to make user 'test' deny authenticate after 1
hour?
When ever a user authenticates it is logged in radpostauth.
In /etc/raddb/users file i have a user test test
Cleartext-Password := hello
my database details are as follows
mysql select * from radcheck;
++--+-++---+
| id | username | attribute | op | value |
++--+-++---+
| 45 | test | Max-All-Session | := | 540 |
++--+-++---+
INSERT into radcheck VALUES ('','test','Max-All-Session',':=','5400');
mysql select * from radpostauth;
++--+--+---+-+
| id | username | pass | reply | authdate|
++--+--+---+-+
| 54 | test | test | Access-Accept | 2011-10-19 13:59:18 |
| 55 | test | test | Access-Accept | 2011-10-19 13:59:34 |
| 56 | test | test | Access-Accept | 2011-10-19 14:22:57 |
| 57 | test | test | Access-Accept | 2011-10-21 22:32:54 |
| 58 | test | test | Access-Accept | 2011-10-25 15:11:34 |
++--+--+---+-+
5 rows in set (0.00 sec)
radtest test hello localhost 0 testing123
Sending Access-Request of id 67 to 127.0.0.1 port 1812
User-Name = test
User-Password = hello
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=67,
length=20
Please help me , thanks in advance
Thanks,
Senthil
On Tue, Oct 25, 2011 at 3:06 PM, senthil kumar
senthilkumaar2...@gmail.com wrote:
Thanks i will check in and let you know
On Sat, Oct 22, 2011 at 12:37 AM, Alan DeKok al...@deployingradius.com
wrote:
senthil kumar wrote:
I have installed free-radius in linux machine with accounting support
and was able to authenticate using radtest client.and also I was also
successfully authenticate with squid proxy server.
That's good to hear.
I need to assign quota to squid users based on the weekly/hourly
basis. I need users radius server to return packet reject when time is
expired. is it possible in radius?
Yes. See the counter module, or the sqlcounter module.
The main issue is that they require the NAS to send accounting
packets. I don't know if squid does that.
I am using only linux machine with proxy server. whether NAS is needed?
In this case, squid is the NAS. (i.e. machine sending Access-Request)
If so, can anyone help me in framing the rules for quota . eg 2 hours
a day. I have basic configuration and now when a user authenticates
login time is updated in the radpostauth.
This is documented in the sqlcounter module. Look there first.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Custom MySQL Queries
If you would like to disable a user why not to use the Auth-Type := Reject which is natively available in freeradius. I don't think it is necessary to re-invent the wheel. Regards Suman On Thu, Oct 27, 2011 at 11:07 PM, JennyBlunt jennyshoeh...@me.com wrote: Hello What's the best approach regarding custom mysql queries? I'd like to check if a user is blocked whilst authorising.. Have tried to add something like this to my dictionary file: ATTRIBUTE User-Disabled-Attr 3002integer And then putting a 1 / 0 in to radcheck against the user. What's the best way to do this kind of request? Is it better to write a lookup somewhere else? Thanks J -- View this message in context: http://freeradius.1045715.n5.nabble.com/Custom-MySQL-Queries-tp4943692p4943692.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with F5 BigIP accouting : hexadecimal attribute
NAS-IP-Address = *[IP address unknown, not corresponding to NAS interfaces]
* Did you added your F5 IP address to NAS Table ?
Regards
Suman
*
On Mon, Oct 17, 2011 at 4:56 PM, Vincent, Fabien
fabien.vinc...@coreye.frwrote:
Dear all,
** **
I’m using Radius for authenticating admin users on different network
equipments. “group authorize {...}” works fine with rlm_ldap and group
management.
** **
But I have some problem for accounting on F5 BigIP LTM / GTM.
** **
In fact, my radius accounting server is receiving accounting-request like
this :
** **
Accounting-Request packet from host 10.10.10.10 port 36875, id=29,
length=281
NAS-IP-Address = *[IP address unknown, not corresponding to NAS
interfaces]*
F5-Attr-14 = *[Hexa decimal output starting with 0x …]*
WARNING: Empty section. Using default return values.
+- entering group accounting {...}
[sql] expand: packet has no accounting status type. [user '%{User-Name}',
nas '%{NAS-IP-Address}'] - packet has no accounting status type. [user '',
nas '*[nas IP unknown]*']
[sql] packet has no accounting status type. [user '', nas '*[nas IP
unknown]*']
++[sql] returns invalid
Finished request 37.
Cleaning up request 37 ID
** **
Did someone here already use accounting with F5 BigIP LTM or GTM ? I’m
looking to make this working by changing audit_forward TCL script provided
with F5 (syslog-ng) but I wasn’t able to produce something different …
** **
I also tried to edit the dictionnary for F5 in *
/usr/share/freeradius/dictionary.f5*
*ATTRIBUTE F5-LTM-User-Info-1 12 string*
*ATTRIBUTE F5-LTM-User-Info-2 13 string*
*++ ATTRIBUTE F5-Attr-14 14 octets*
** **
Thanks in advance for your help !
** **
*Fabien VINCENT*
fabien.vinc...@coreye.fr
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Attributes Based on NAS Type !
Last night i also dreamt of sending all VSA to NAS but i was not sure what
will be the outcome so thanks for the info.
I have never worked with policies but it seems to be important so i will try
to learn the same.
Regards
Suman
On Sun, Oct 9, 2011 at 2:01 PM, Alan DeKok al...@deployingradius.comwrote:
Stefan A. wrote:
If you read it ‚one of the ideas of having different virtual servers is
separation of policies for different NASses’ you are right.
Suman was asking on how to send several NASses into the same policy.
The simplest way to do it is to set *generic* policies, and then
re-write them in post-auth. For example, define a Policy-Name
attribute in the dictionary, and set it somewhere in the authorize
section. Then:
post-auth {
...
if (%{client:nas_type} == foo) {
// map policies for client foo
}
elsif (%{client:nas_type} == bar) {
// map policies for client bar
}
...
}
The underlying issue is that different NAS vendors have defined
different attributes for the same functionality.
An even simpler solution is to just return all of the VSAs to each
NAS. As was said earlier, each NAS will ignore the ones it doesn't
understand, and apply the ones it does.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Dynamic Attributes Based on NAS Type !
I would like to have some insight in using virtual servers. But I am really stuck at the point that if i use virtual server how will be the DB entry look like i.e radreply / radgroup reply ? As far i understand , the reply attributes with value should be available in the reply table which matches to those of the NAS. Regards Suman On Sun, Oct 9, 2011 at 4:32 PM, Alexandre Chapellon a.chapel...@horoa.netwrote: I personnally use post-auth sections of each of my virtual server to send diffrenet attributes. I find It to be very clean way to achieve this. regards Le 08/10/2011 20:02, Wegener, Norbert a écrit : The general idea is to setup a virtual server for each type of NAS and make sure, that every NAS is loaded into the correct virtual server. With best regards, --**--** Norbert Wegener Siemens IT Solutions and Services AIS MS NC PSU SDC Bruchstraße 5 45883 Gelsenkirchen, Germany Tel.: +49 (209) 94565716 Fax: +49 (201) 8165581284 mailto:norbert.wegener@atos.**net norbert.wege...@atos.net Atos IT Solutions and Services GmbH; Geschäftsführung: Winfried Holz, Christian Oecking, Rainer-Christian Koppitz; Vorsitzender des Aufsichtsrats: Charles Dehelly; Sitz der Gesellschaft: München, Deutschland; Registergericht: München, HRB 184933. --**--** *Von:* freeradius-users-bounces+**norbert.wegener=atos.net@** lists.freeradius.org atos@lists.freeradius.org[freeradius-users-bounces+ **norbert.wegener=atos.net@**lists.freeradius.orgatos@lists.freeradius.org] im Auftrag von Suman Dash [sumand...@gmail.com] *Gesendet:* Samstag, 8. Oktober 2011 16:39 *Bis:* FreeRadius users mailing list *Betreff:* Dynamic Attributes Based on NAS Type ! Hi Everyone ... Currently i am planning to integrate freeradius with different NAS like Chillispot , Cisco etc and enable roaming users so that they can log in from any of the NAS. As the reply items are different with different NAS , i am looking for ideas how to enable a single user to roam and connect from different NAS. In my case i think static reply items are not possible per user wise or per groupwise so my question is what trick can be used to achieve the same. I had not tried anything as i have no clue on the same so some highlights on the approach will be a good starting point for me. Cheers Suman - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html -- http://www.horoa.net Alexandre Chapellon Ingénierie des systèmes open sources et réseaux. Follow me on twitter: @alxgomz http://www.twitter.com/**alxgomzhttp://www.twitter.com/alxgomz - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dynamic Attributes Based on NAS Type !
Hi Everyone ... Currently i am planning to integrate freeradius with different NAS like Chillispot , Cisco etc and enable roaming users so that they can log in from any of the NAS. As the reply items are different with different NAS , i am looking for ideas how to enable a single user to roam and connect from different NAS. In my case i think static reply items are not possible per user wise or per groupwise so my question is what trick can be used to achieve the same. I had not tried anything as i have no clue on the same so some highlights on the approach will be a good starting point for me. Cheers Suman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Attributes Based on NAS Type !
To be specific , I am concerned about the QoS VSA's . For Example. Mikrotik NAS - Mikrotik-Rate-Limit Chillispot - Chillispot-Max-UP , Chillispot-Max-Down Cisco - Cisco-Policy-UP , Cisco-Policy-Down Now if the user logged from different NAS's the VSA will differ so it is not possible to have a single entry in radgroupreply or radreply pertaining to a kind of NAS. I guess that this is not an out of the box feature in freeradius , instead i need to use some kind of custom script in Post-Auth section which will check the NAS Type and reply out the correct VSA's I am looking for a unique identifier from NAS by which freeradius can understand what type of NAS it is. I tried it and it seems that i have no control on the Access-Request sent by NAS to freeradius. The only idea which currently comes into my mind is to use nas.type value in DB but incase the NAS Type is incorrectly specified reply attributes will go nuts . So any idea if there are any unique identifiers ? Regards Suman On Sat, Oct 8, 2011 at 9:40 PM, Stefan A. a.freerad...@premit.de wrote: ** ** Suman, As you did not say anything about the exact attributes, you will send to the NAC, here is how we do this: ** ** we are also using different NAS and have to reply with different VSAs for setting up the QOS. We use the “existence of a specific VSAs” (specified per NAS type) in the request to select the VSAs to be used in responses. ** ** e.g: if we found the Starent Networks VSA ‘SN-Service-Type’ in the request, we reply with ‘SN-QOS-Profile’ to set up QoS This is save, as we won’t see any Starent VSAs in Cisco or Chillispot NASses. ** ** To make this flexible, we have set up our own VSA to configure users QOS, which is then translated into the specific reply attributes for the NAS, the user is currently using. ** ** Regards Stefan ** ** *From:* freeradius-users-bounces+a.freeradius= premit...@lists.freeradius.org [mailto: freeradius-users-bounces+a.freeradius=premit...@lists.freeradius.org] *On Behalf Of *Suman Dash *Sent:* Saturday, October 08, 2011 4:40 PM *To:* FreeRadius users mailing list *Subject:* Dynamic Attributes Based on NAS Type ! ** ** Hi Everyone ... Currently i am planning to integrate freeradius with different NAS like Chillispot , Cisco etc and enable roaming users so that they can log in from any of the NAS. As the reply items are different with different NAS , i am looking for ideas how to enable a single user to roam and connect from different NAS. In my case i think static reply items are not possible per user wise or per groupwise so my question is what trick can be used to achieve the same. I had not tried anything as i have no clue on the same so some highlights on the approach will be a good starting point for me. Cheers Suman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Enforcing Login-Time on NAS
Use Unlang or Similar Scripts : If Nas = 1 then update Login Time = If Nas = 2 then update Login Time = Use this in PreAuth (I am not sure) Section and give it a try . Regards Suman On Tue, Sep 27, 2011 at 5:42 PM, Shiv shivkumar.j...@gmail.com wrote: I know that Login-Time can be used with Users and Groups but is there a way to use this with NAS'? For example, If I want NAS-A to allow logins only from 1700-1800 and NAS-B to allow logins only from 0900-1300. How would I be able to ensure this? I have tried this with Huntgroups, but only able to prevent/allow logins unconditionally. How do I attach the Login-Time attribute to NAS and not users or groups? -- Regards, Shivkumar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Enforcing Login-Time on NAS
Glad to be of some help !!
Cheers
On Tue, Sep 27, 2011 at 8:53 PM, shiv shivkumar.j...@gmail.com wrote:
Update - I've managed to get it working against a custom table in the mysql
radius database. The sites-enabled/default authorize section is as below:-
update request {
Huntgroup-Name := %{sql:SELECT `groupname` FROM
`radhuntgroup` WHERE rtrmac='%{Called-Station-Id}'}
}
if (%{Huntgroup-Name} != ) {
update request{
Tmp-String-0 = %{sql:SELECT `logintime` FROM
`wifihotspots` WHERE hotspotname='%{Huntgroup-Name}'}
}
}
if ( %{Tmp-String-0} != ) {
update control{
Login-Time := %{Tmp-String-0}
}
}
The wifihotspots table contains Huntgroup-Name and its Corresponding
Login-Time
Thanks again for the help!
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Enforcing-Login-Time-on-NAS-tp4845142p4845762.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dialup Admin
Configure dialupadmin to use the correct mysql username / password.
freeradius is working well..
On Mon, Sep 19, 2011 at 8:44 AM, shawky skaff shawkyskaff...@hotmail.comwrote:
Hi,
I am having issues viewing content on the dialup screen, I can see the html
links, when I select one of them say acconuting I just receive a error
saying DEBUG(SQL,MYSQL DRIVER): Connect: User=root,Password=*
*I have allowed all sql options in site-enabled default file.
Running radiusd -X gives me the following output
[root@radius conf]# radiusd -X
FreeRADIUS Version 2.1.7, for host i686-redhat-linux-gnu, built on Mar 31
2010 at 00:25:31
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/sql.conf
including configuration file /etc/raddb/sql/mysql/dialup.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/default
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = /usr
localstatedir = /var
logdir = /var/log/radius
libdir = /usr/lib/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
Re: anybody out there?
ACK ! On Thu, Sep 15, 2011 at 8:28 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: poke poke Arran Cudbard-Bell a.cudba...@freeradius.org Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Test
Its UP !! On Fri, Sep 16, 2011 at 12:24 AM, Christ Schlacta li...@aarcane.org wrote: List is down. On 9/15/2011 07:49, Alan DeKok wrote: Is the list down, or are people quiet? - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rml_sqlcounter with GigaByte datavolume
check_item=0 , See why Max-Input-Octets is returned as 0 .
On Wed, Sep 14, 2011 at 12:55 PM, nfourel nicolas.fou...@adipsys.comwrote:
Hi,
** **
Here is the result of the SQL Query :
** **
SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=0
';
** **
SUM(AcctInputOctets)
68882
** **
And freeradius log for the counter section :
** **
Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: Entering module authorize
code
Wed Sep 14 09:17:45 2011 : Debug: WARNING: Please replace '%k' with
'${key}'
Wed Sep 14 09:17:45 2011 : Debug: sqlcounter_expand: 'SELECT
SUM(AcctInputOctets) FROM radacct WHERE UserName='%{User-Name}''
Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : expand: SELECT
SUM(AcctInputOctets) FROM radacct WHERE UserName='%{User-Name}' - SELECT
SUM(AcctInputOctets) FROM radacct WHERE [hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=1
'
Wed Sep 14 09:17:45 2011 : Debug: WARNING: Please replace '%S' with
'${sqlmod-inst}'
Wed Sep 14 09:17:45 2011 : Debug: sqlcounter_expand: '%{sql:SELECT
SUM(AcctInputOctets) FROM radacct WHERE [hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=2
'}'
Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : sql_xlat
Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : expand:
%{User-Name} - [hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=3
Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : sql_set_user
escaped user -- '[hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=4
'
Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : expand: SELECT
SUM(AcctInputOctets) FROM radacct WHERE [hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=5'
- SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=6
'
Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets: expand:
/usr/local/var/log/radius/sqltrace.sql -
/usr/local/var/log/radius/sqltrace.sql
Wed Sep 14 09:17:45 2011 : Debug: rlm_sql (sql): Reserving sql socket id: 0
Wed Sep 14 09:17:45 2011 : Debug: rlm_sql_mysql: query: SELECT
SUM(AcctInputOctets) FROM radacct WHERE [hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=7
'
Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets: sql_xlat finished**
**
Wed Sep 14 09:17:45 2011 : Debug: rlm_sql (sql): Released sql socket id: 0
Wed Sep 14 09:17:45 2011 : Info: (0) totalinputoctets : expand:
%{sql:SELECT SUM(AcctInputOctets) FROM radacct WHERE [hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=8'}
- 68882
Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
less than zero
Wed Sep 14 09:17:45 2011 : Debug: rlm_sqlcounter: Rejected user [hidden
email] http://user/SendEmail.jtp?type=nodenode=4801856i=9,
check_item=0, counter=68882
** **
Any idea ?
** **
Thanks for your help
** **
Nicolas
** **
*De :* Suman Dash [via FreeRadius] [mailto:[hidden
email]http://user/SendEmail.jtp?type=nodenode=4801856i=10]
*Envoyé :* mardi 13 septembre 2011 19:44
*À :* nfourel
*Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume
** **
SELECT SUM(AcctInputOctets) FROM radacct WHERE UserName='username'
Run the above query in mysql and post the result
then post the freeradius log specific to this section.
On Tue, Sep 13, 2011 at 10:00 PM, Nicolas FOUREL [hidden
email]http://user/SendEmail.jtp?type=nodenode=4799383i=0
wrote:
Hi Arran,
I have get version 3.0.0 with 64 bit counters support from Git and
installed
it. Unfortunatly, I still have the same problem with my sql counter which
has always check_item=0 when I put a value bigger than 2^32. On
Access-Request in debug mode, I have the following lines :
Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is
less than zero
Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user [hidden
email] http://user/SendEmail.jtp?type=nodenode=4799383i=1,
check_item=0, counter=68882
Here is my counter definition :
sqlcounter totalinputoctets {
counter-name = Total-Max-Input-Octets
check-name = Max-Input-Octets
reply-name = ChilliSpot-Max-Input-Octets
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT SUM(AcctInputOctets) FROM radacct WHERE
UserName='%{%k}'
}
I have added Max-Input-Octets in the dictionary file like that :
ATTRIBUTE Max-Input-Octets3001integer64
In radcheck table:
[hidden email] http://user/SendEmail.jtp?type=nodenode=4799383i=2
Max-Input-Octets:=
107374182400
Did I miss a thing ?
Many thanks
Nicolas
-Message d'origine-
De :
freeradius-users-bounces
Re: Problem with rml_sqlcounter with GigaByte datavolume
I have a working setup which takes Check-Item over 100GB But being a 32Bit counter is wraps in 2GB limit. I have not tried Integer64. Can you check what happens when you change it to 32bit in dictionary instead of declaring it as 64bit ? On Wed, Sep 14, 2011 at 5:53 PM, nfourel nicolas.fou...@adipsys.com wrote: The « check_item=0 » is reason why I posted my messages on this ML. If I put a value lesser than 2^32 (for example 100) for “Max-Input-Octets” in radcheck for username ‘[hidden email]http://user/SendEmail.jtp?type=nodenode=4802561i=0’, everything is ok, check_item has the good value. If I put value bigger than 2^32, check_item is always equal to 0. ** ** Any idea ? ** ** Thanks ** ** Nicolas ** ** *De :* Suman Dash [via FreeRadius] [mailto:[hidden email]http://user/SendEmail.jtp?type=nodenode=4802561i=1] *Envoyé :* mercredi 14 septembre 2011 09:43 *À :* nfourel *Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume ** ** check_item=0 , See why Max-Input-Octets is returned as 0 . On Wed, Sep 14, 2011 at 12:55 PM, nfourel [hidden email]http://user/SendEmail.jtp?type=nodenode=4801896i=0 wrote: Hi, Here is the result of the SQL Query : SELECT SUM(AcctInputOctets) FROM radacct WHERE click here. -- View this message in context: RE: Problem with rml_sqlcounter with GigaByte datavolumehttp://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte-datavolume-tp4455164p4802561.html Sent from the FreeRadius - User mailing list archivehttp://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.htmlat Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with rml_sqlcounter with GigaByte datavolume
It is a matter which needs attention of Alan or Arran. Kindly send a Bug Report so that this situation can be evaluated by the developers. On Wed, Sep 14, 2011 at 6:29 PM, nfourel nicolas.fou...@adipsys.com wrote: I have the same result with integer rather than integer64. I tried on a 32 bit server, and indeed, if I put a value bigger than 2^32 octets in Max-Input-Octets check-item, it wraps to 4294967295 octets and not to zero. So the problem seems to be with 64bit architecture and value bigger than 2^32 octets (like 100GB). Very strange behavior. ** ** Nicolas ** ** *De :* Suman Dash [via FreeRadius] [mailto:[hidden email]http://user/SendEmail.jtp?type=nodenode=4802672i=0] *Envoyé :* mercredi 14 septembre 2011 14:53 *À :* nfourel *Objet :* Re: Problem with rml_sqlcounter with GigaByte datavolume ** ** I have a working setup which takes Check-Item over 100GB But being a 32Bit counter is wraps in 2GB limit. I have not tried Integer64. Can you check what happens when you change it to 32bit in dictionary instead of declaring it as 64bit ? On Wed, Sep 14, 2011 at 5:53 PM, nfourel [hidden email]http://user/SendEmail.jtp?type=nodenode=4802642i=0 wrote: The « check_item=0 » is reason why I posted my messages on this ML. If I put a value lesser than 2^32 (for example 100) for “Max-Input-Octets” in radcheck for username ‘click here. -- View this message in context: RE: Problem with rml_sqlcounter with GigaByte datavolumehttp://freeradius.1045715.n5.nabble.com/Problem-with-rml-sqlcounter-with-GigaByte-datavolume-tp4455164p4802672.html Sent from the FreeRadius - User mailing list archivehttp://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.htmlat Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiSPr
Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can be done ! On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond l...@dezignbrasil.com wrote: Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiSPr
Exactly ! Traffic Shaping has nothing to do with RADIUS. RADIUS will send values as configured to NAS. If NAS understands then NAS can use those attributes and do much more than just Traffic Shaping. Check the RADIUS dictionary of pfsense and you can find the attributes which will be used to control traffic. Once you get the attributes, use the same as Reply-Items and it will work like a charm. Read the basic documentation of RADIUS to understand how it works. There is already a lot of discussion regarding *lazy peoples* Regards Suman On Wed, Sep 14, 2011 at 9:18 PM, Luke Hammond l...@dezignbrasil.com wrote: By NAS i assume you men my pfsense. There isnt anywhere within Freeradius to traffic shape? are you saying it has to be done on the router and not in freeradius? On 14/09/2011 12:11 PM, Suman Dash wrote: Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can be done ! On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond l...@dezignbrasil.comwrote: Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiSPr
WISPr-Bandwidth-Max-Down / UP is indeed the Attribute which you are looking. But you need search the mailing lists and find out how to add those into radreply/radgroup reply. Hint : Read http://wiki.freeradius.org/Rlm_sql Regards Suman On Wed, Sep 14, 2011 at 9:34 PM, Suman Dash sumand...@gmail.com wrote: Exactly ! Traffic Shaping has nothing to do with RADIUS. RADIUS will send values as configured to NAS. If NAS understands then NAS can use those attributes and do much more than just Traffic Shaping. Check the RADIUS dictionary of pfsense and you can find the attributes which will be used to control traffic. Once you get the attributes, use the same as Reply-Items and it will work like a charm. Read the basic documentation of RADIUS to understand how it works. There is already a lot of discussion regarding *lazy peoples* Regards Suman On Wed, Sep 14, 2011 at 9:18 PM, Luke Hammond l...@dezignbrasil.comwrote: By NAS i assume you men my pfsense. There isnt anywhere within Freeradius to traffic shape? are you saying it has to be done on the router and not in freeradius? On 14/09/2011 12:11 PM, Suman Dash wrote: Bandwidth Limit greatly depends on NAS. If yous NAS supports it then it can be done ! On Wed, Sep 14, 2011 at 7:29 PM, Luke Hammond l...@dezignbrasil.comwrote: Hey al, iread that i can rate limit on a per user basis with the WISPr-Bandwidth-Max-Down and Up.. correct? Can someone please tell me how i can do this? I have freeradius running on Ubuntu server, with mysql atabase and daloradius for web management. My users connect to the freeradius through the captive portal on my pfSense firewall. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to connect FreeRADIUS uding JAVA
Look Into Jradius On Fri, Aug 26, 2011 at 1:02 PM, Rajkumar Balaji rajkumar.balaj...@gmail.com wrote: Hi, If anyone knows how to connect FreeRADIUS using JAVA Please help me to solve this Thanks Regards Rajkumar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
Hi Arran,
I think i have managed to make the datacounter working. It may not be
the best counter but it is the best i have ever done in freeradius.
Below posted is the configs :
Post-Auth {
sql
# Unlang Data-Counter. Sends Mikrotik-Recv-Limit to NAS
update control {
Tmp-Integer-0 = %{sql:SELECT ((SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
WHERE
tbl_usergroup.username = '%{User-Name}') (SELECT
IFNULL(SUM(AcctInputOctets) \
+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}'
\
AND
MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) =
YEAR(NOW(}
Tmp-Integer-1 = %{sql:SELECT ((SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
WHERE
tbl_usergroup.username = '%{User-Name}') - (SELECT
IFNULL(SUM(AcctInputOctets) \
+SUM(AcctOutputOctets),0) FROM tbl_acct WHERE UserName='%{User-Name}'
\
AND
MONTH(acctstoptime) = MONTH(NOW()) AND YEAR(acctstoptime) =
YEAR(NOW(}
}
if (%{control:Tmp-Integer-0} == 1) {
update reply{
Mikrotik-Recv-Limit :=
%{control:Tmp-Integer-1}
}
}
if (%{control:Tmp-Integer-0} == 0) {
update reply{
Reply-Message := Fair
Usage Policy Enforced, Bandwidth Limited
Mikrotik-Rate-Limit :=
128K/256K 128K/256K 128K/256K 180/180 8
}
}
The caveats :
It will return a negative value if Max-used-Traffic is more than
Max-Monthly-Limit but we don't need that negative value as we will
enforce Mikrotik-Rate-Limit (i.e Fair Usage Policy)
If Max-Monthly-Limit - Max-used-Limit 32bit Integer, The
Mikrotik-Recv-Limit will be wrapped and user will have a rough of 2GB
per session limit. If user disconnects again and connects , the same
thing applies.
However, user will be able to use 100% of Max-Monthly-Traffic
allocated in multiple sessions.
I hope someone can make a hybrid of this counter.
Regards
Suman
On Mon, Aug 8, 2011 at 8:04 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 8 Aug 2011, at 16:29, Suman Dash wrote:
Just another small question before i jump into testing. If output from
sub-query is less than 32bit, I can easily store it in Tmp-Integer ,
But sometimes when the user data usage is null, the sub-query will
output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes.
In that condition it is impossible to store it in Tmp-Integer . So
ultimately the Integer passed by xlat and the stored in Tmp-Integer
will differ.
Yes. I'd imagine it'd be truncated.
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unlang Condition Wrong Value !
I am trying to replace sqlcounter with Unland expression in Post Auth
Section. The values are successfully called but while storing in
Tmp-Interger those are stripped. Below are the logs .
As you can see from the logs that Mysql returns a value of 20989570594
But it's stored as 3557549056 for Tmp-Integer-0
The same happens to Tmp-Integer-1 due to which the expression output
becomes FALSE instead of TRUE.
Is this the limitation of Tmp-Integer as it is an 32bit int ?
##Post-Auth Section
sql
update control{
Tmp-Integer-0 := %{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \
FROM tbl_acct WHERE
UserName='%{User-Name}' \
AND
MONTH(acctstoptime) = MONTH(NOW()) \
AND YEAR(acctstoptime)
= YEAR(NOW())}
Tmp-Integer-1 := %{sql:SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
where
tbl_usergroup.username = '%{User-Name}'}
}
if (%{control:Tmp-Integer-1} %{control:Tmp-Integer-0}) {
update reply {
Mikrotik-Recv-Limit :=
%{control:Tmp-Integer-1} - %{control:Tmp-Integer-0}
}
}
if (%{control:Tmp-Integer-1} = %{control:Tmp-Integer-0}) {
update reply {
Reply-Message := Fair Usage
Policy Enforced, Bandwidth Limited
Mikrotik-Rate-Limit :=
128K/256K 128K/256K 128K/256K 180/180 8
}
}
##MySQL Table
mysql SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
- FROM tbl_acct WHERE UserName='10021'
- AND MONTH(acctstoptime) = MONTH(NOW())
- AND YEAR(acctstoptime) = YEAR(NOW());
+--+
| IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) |
+--+
| 20989570594 |
+--+
1 row in set (0.00 sec)
mysql SELECT tbl_groupcheck.value from tbl_groupcheck
- JOIN tbl_usergroup on tbl_groupcheck.groupname =
tbl_usergroup.groupname
- where tbl_usergroup.username = '10021';
+-+
| value |
+-+
| 20737418240 |
+-+
1 row in set (0.00 sec)
##RADIUS DEBUG LOG
Finished request 4.
Cleaning up request 4 ID 176 with timestamp +15
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198,
id=236, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 56
NAS-Port-Type = Ethernet
User-Name = 10021
Calling-Station-Id = XX:XX:XX:XX:XX:XX
Called-Station-Id = Internet
NAS-Port-Id = LAN
User-Password = 10021
NAS-Identifier = XXX.XXX
NAS-IP-Address = XXX.XX.XX.86
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = 10021, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} - 10021
[sql] sql_set_user escaped user -- '10021'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '10021' ORDER BY
id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '10021' ORDER BY
id
[sql] expand: SELECT groupname FROM tbl_usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -
SELECT
Re: Unlang Condition Wrong Value !
,acctstoptime, acctsessiontime,
acctauthentic,connectinfo_start, connectinfo_stop,
acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay,xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL,
'0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0',
'0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} - 10021
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 56 to xxx.xx.xx.xx port 40276
Finished request 3.
Cleaning up request 3 ID 56 with timestamp +17
Going to the next request
Waking up in 4.8 seconds.
The condition outputs 23737418240 21093361889 RETURNS FALSE .
On Mon, Aug 8, 2011 at 12:51 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
RFC 2865:
integer 32 bit unsigned value, most significant octet first.
FreeRADIUS is just a RADIUS server, and the temporary integer attributes are
just RADIUS attributes.
-Arran
On 8 Aug 2011, at 09:11, Suman Dash wrote:
I am trying to replace sqlcounter with Unland expression in Post Auth
Section. The values are successfully called but while storing in
Tmp-Interger those are stripped. Below are the logs .
As you can see from the logs that Mysql returns a value of 20989570594
But it's stored as 3557549056 for Tmp-Integer-0
The same happens to Tmp-Integer-1 due to which the expression output
becomes FALSE instead of TRUE.
Is this the limitation of Tmp-Integer as it is an 32bit int ?
##Post-Auth Section
sql
update control {
Tmp-Integer-0 := %{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) \
FROM tbl_acct WHERE
UserName='%{User-Name}' \
AND
MONTH(acctstoptime) = MONTH(NOW()) \
AND YEAR(acctstoptime)
= YEAR(NOW())}
Tmp-Integer-1 := %{sql:SELECT
tbl_groupcheck.value from tbl_groupcheck \
JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname \
where
tbl_usergroup.username = '%{User-Name}'}
}
if (%{control:Tmp-Integer-1} %{control:Tmp-Integer-0}) {
update reply {
Mikrotik-Recv-Limit :=
%{control:Tmp-Integer-1} - %{control:Tmp-Integer-0}
}
}
if (%{control:Tmp-Integer-1} = %{control:Tmp-Integer-0})
{
update reply {
Reply-Message := Fair Usage
Policy Enforced, Bandwidth Limited
Mikrotik-Rate-Limit :=
128K/256K 128K/256K 128K/256K 180/180 8
}
}
##MySQL Table
mysql SELECT IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0)
- FROM tbl_acct WHERE UserName='10021'
- AND MONTH(acctstoptime) = MONTH(NOW())
- AND YEAR(acctstoptime) = YEAR(NOW());
+--+
| IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) |
+--+
| 20989570594 |
+--+
1 row in set (0.00 sec)
mysql SELECT tbl_groupcheck.value from tbl_groupcheck
- JOIN tbl_usergroup on tbl_groupcheck.groupname =
tbl_usergroup.groupname
- where tbl_usergroup.username = '10021';
+-+
| value |
+-+
| 20737418240 |
+-+
1 row in set (0.00 sec)
##RADIUS DEBUG LOG
Finished request 4.
Cleaning up request 4 ID 176 with timestamp +15
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host XXX.XX.XX.86 port 44198,
id=236, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 56
NAS-Port-Type = Ethernet
User-Name = 10021
Calling-Station-Id = XX:XX:XX:XX:XX:XX
Re: Unlang Condition Wrong Value !
What i mean to say is that i am not using an integer to store the
value as integer is limited to 32bit, Instead i am directly comparing
output from sql query in Unlanf but it doesn't seems to work either.
It returns false where it should be returning true.
Regards
On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 8 Aug 2011, at 09:32, Suman Dash wrote:
So it is not possible to store values more than 32 bit in Tmp-Integer.
How about direct sql statements in Unlang not involving the
Tmp-Integer. It is also not working in my scenario.
You mean a comparison of two integers from two SQL statements?
Attached is the logs.
More useful would be the config...
-Arran
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
id=55, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 60
NAS-Port-Type = Ethernet
User-Name = 10021
Calling-Station-Id = F4:EC:38:BA:8A:3B
Called-Station-Id = Internet
NAS-Port-Id = LAN
User-Password = 10021
NAS-Identifier = NTL.X
NAS-IP-Address = xxx.xx.xx.xx
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = 10021, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} - 10021
[sql] sql_set_user escaped user -- '10021'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '10021' ORDER BY
id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '10021' ORDER BY
id
[sql] expand: SELECT groupname FROM tbl_usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -
SELECT groupname FROM tbl_usergroup WHERE username
= '10021' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id - SELECT id, groupname, attribute,
Value, op FROM tbl_groupcheck WHERE groupname =
'TEST-10G' ORDER BY id
[sql] User found in group TEST-10G
[sql] expand: SELECT id, groupname, attribute, value, op
FROM tbl_groupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id - SELECT id, groupname, attribute,
value, op FROM tbl_groupreply WHERE groupname =
'TEST-10G' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
++[checkval] returns ok
[expiration] Checking Expiration time: '1 Sep 2011'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password x
[pap] Using CRYPT password Wh1vvjSX72NI6
[pap] User authenticated successfully
++[pap] returns ok
# Executing section session from file /etc/freeradius/sites-enabled/default
+- entering group session {...}
[radutmp] expand: /var/log/freeradius/radutmp -
/var/log/freeradius/radutmp
[radutmp] expand: %{User-Name} - 10021
++[radutmp] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/default
+- entering group post-auth {...}
[sql] expand: %{User-Name} - 10021
[sql] sql_set_user escaped user -- '10021'
[sql] expand: %{User-Password} - x
[sql] expand: INSERT INTO tbl_postauth
(username, pass, reply, authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO tbl_postauth
(username, pass, reply, authdate)
VALUES ( '10021',
'10021', 'Access-Accept', '2011-08-08
01:31:49')
rlm_sql (sql) in sql_postauth: query is INSERT INTO tbl_postauth
(username, pass, reply, authdate)
VALUES ( '10021',
'10021
Re: Unlang Condition Wrong Value !
Undermentioned is the complete config. This is a direct approach
without storing the results in Tmp-Integer . I assume that this direct
approach has nothing to do with 32bit length of Freeradius Attributes.
What i am looking to accomplish is a data counter which does not wraps
at 4GB, Checks whether total used traffic is less than
Max-Monthly-Traffic and based on the result it updates the reply
attribute.
I have read a lot in mailing lists that people have accomplished it
with rlm_perl but i unable to find a similar script in freeradius
mailing list.
I understand that this feature will be beneficial to a lot of people
in community as a lot of people have done hacks and tricks to make it
work. So till now official Session counter is available but no data
counter.
if (%{sql:SELECT tbl_groupcheck.value from tbl_groupcheck JOIN
tbl_usergroup on tbl_groupcheck.groupname = tbl_usergroup.groupname
WHERE tbl_usergroup.username = '%{User-Name}'} %{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
AND YEAR(acctstoptime) = YEAR(NOW())}) {
update reply {
Mikrotik-Recv-Limit := %{sql:SELECT
tbl_groupcheck.value from tbl_groupcheck JOIN tbl_usergroup on
tbl_groupcheck.groupname = tbl_usergroup.groupname WHERE
tbl_usergroup.username = '%{User-Name}'} - %{sql:SELECT
IFNULL(SUM(AcctInputOctets)+SUM(AcctOutputOctets),0) FROM tbl_acct
WHERE UserName='%{User-Name}' AND MONTH(acctstoptime) = MONTH(NOW())
AND YEAR(acctstoptime) = YEAR(NOW())}
}
else {
update reply {
Reply-Message := Fair
Usage Policy Enforced, Bandwidth Limited
Mikrotik-Rate-Limit :=
128K/256K
}
}
}
Regards
Suman
On Mon, Aug 8, 2011 at 2:39 PM, Suman Dash sumand...@gmail.com wrote:
What i mean to say is that i am not using an integer to store the
value as integer is limited to 32bit, Instead i am directly comparing
output from sql query in Unlanf but it doesn't seems to work either.
It returns false where it should be returning true.
Regards
On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 8 Aug 2011, at 09:32, Suman Dash wrote:
So it is not possible to store values more than 32 bit in Tmp-Integer.
How about direct sql statements in Unlang not involving the
Tmp-Integer. It is also not working in my scenario.
You mean a comparison of two integers from two SQL statements?
Attached is the logs.
More useful would be the config...
-Arran
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
id=55, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 60
NAS-Port-Type = Ethernet
User-Name = 10021
Calling-Station-Id = F4:EC:38:BA:8A:3B
Called-Station-Id = Internet
NAS-Port-Id = LAN
User-Password = 10021
NAS-Identifier = NTL.X
NAS-IP-Address = xxx.xx.xx.xx
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = 10021, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} - 10021
[sql] sql_set_user escaped user -- '10021'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '10021' ORDER BY
id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '10021' ORDER BY
id
[sql] expand: SELECT groupname FROM tbl_usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -
SELECT groupname FROM tbl_usergroup WHERE username
= '10021' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id - SELECT id, groupname, attribute,
Value, op FROM tbl_groupcheck WHERE groupname =
'TEST
Re: Unlang Condition Wrong Value !
Hi Arran,
Unfortunately I am not much of a programmer . Therefore if you can put
some examples / pointers based on my requirement, it will be a
headstart for me . I had also read somewhere that if we can strip the
last 3 octet then atleast 4TB of traffic can be managed in replying
back .
However, there are a lot of solutions but no examples or a working
config which can be tweaked.
Regards
Suman
On Mon, Aug 8, 2011 at 3:02 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 8 Aug 2011, at 11:09, Suman Dash wrote:
What i mean to say is that i am not using an integer to store the
value as integer is limited to 32bit, Instead i am directly comparing
output from sql query in Unlanf but it doesn't seems to work either.
Then no. AFAIK FreeRADIUS doesn't support arbitrary precision mathematics. In
general performance is valued over completeness when it comes to things like
unlang.
Here are some workarounds:
* You could store the result as a string and use an external utility to do
the comparison.
* You could also try expr xlat, but i'm not sure if it supports arbitrary
precision either.
* If you're just doing an equality check, then just write the value to a
string and do a straight string comparison.
* You could do the comparison in SQL and return a boolean value (i've used
this as a workaround in the past).
* You could write an xlat wrapper around one of the arbitrary precision
libraries.
-Arran
It returns false where it should be returning true.
Regards
On Mon, Aug 8, 2011 at 2:27 PM, Arran Cudbard-Bell
a.cudba...@freeradius.org wrote:
On 8 Aug 2011, at 09:32, Suman Dash wrote:
So it is not possible to store values more than 32 bit in Tmp-Integer.
How about direct sql statements in Unlang not involving the
Tmp-Integer. It is also not working in my scenario.
You mean a comparison of two integers from two SQL statements?
Attached is the logs.
More useful would be the config...
-Arran
Going to the next request
Ready to process requests.
rad_recv: Access-Request packet from host xxx.xx.xx.xx port 60642,
id=55, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 60
NAS-Port-Type = Ethernet
User-Name = 10021
Calling-Station-Id = F4:EC:38:BA:8A:3B
Called-Station-Id = Internet
NAS-Port-Id = LAN
User-Password = 10021
NAS-Identifier = NTL.X
NAS-IP-Address = xxx.xx.xx.xx
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = 10021, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
[sql] expand: %{User-Name} - 10021
[sql] sql_set_user escaped user -- '10021'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '10021' ORDER BY
id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '10021' ORDER BY
id
[sql] expand: SELECT groupname FROM tbl_usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -
SELECT groupname FROM tbl_usergroup WHERE username
= '10021' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op
FROM tbl_groupcheck WHERE groupname = '%{Sql-Group}'
ORDER BY id - SELECT id, groupname, attribute,
Value, op FROM tbl_groupcheck WHERE groupname =
'TEST-10G' ORDER BY id
[sql] User found in group TEST-10G
[sql] expand: SELECT id, groupname, attribute, value, op
FROM tbl_groupreply WHERE groupname = '%{Sql-Group}'
ORDER BY id - SELECT id, groupname, attribute,
value, op FROM tbl_groupreply WHERE groupname =
'TEST-10G' ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
rlm_checkval: Item Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
rlm_checkval: Value Name: Calling-Station-Id, Value: F4:EC:38:BA:8A:3B
++[checkval] returns ok
[expiration] Checking Expiration time: '1 Sep 2011'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt
Re: Unlang Condition Wrong Value !
So what you say is that i do all comparision within sql sub-query and whatever output i need to define if less than 32bit store it into an Integer and do Unlang control / reply updates ? Seems quite right .. Will try and get back with results. Thanks for the tip.. Regards Suman On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: Unfortunately I am not much of a programmer . Ok... but you know SQL right? Which is why i'm suggesting to do the comparison in the SQL database. Therefore if you can put some examples / pointers based on my requirement, it will be a headstart for me . http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html Use SELECT COUNT(*) for the outer query and then compare that value in unlang. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unlang Condition Wrong Value !
Just another small question before i jump into testing. If output from sub-query is less than 32bit, I can easily store it in Tmp-Integer , But sometimes when the user data usage is null, the sub-query will output more than 32bit ex. 10GB Limit But user downloaded 0 Bytes. In that condition it is impossible to store it in Tmp-Integer . So ultimately the Integer passed by xlat and the stored in Tmp-Integer will differ. Regards Suman Dash On Mon, Aug 8, 2011 at 7:45 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 8 Aug 2011, at 16:11, Suman Dash wrote: So what you say is that i do all comparision within sql sub-query and whatever output i need to define if less than 32bit store it into an Integer and do Unlang control / reply updates ? Seems quite right .. Will try and get back with results. Exactly :) Feel free to post some samples if you get it working and i'll put them up on the wiki. -Arran On Mon, Aug 8, 2011 at 3:31 PM, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: Unfortunately I am not much of a programmer . Ok... but you know SQL right? Which is why i'm suggesting to do the comparison in the SQL database. Therefore if you can put some examples / pointers based on my requirement, it will be a headstart for me . http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html Use SELECT COUNT(*) for the outer query and then compare that value in unlang. -Arran Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Opposite of Expiraton attribute?
Use First-Login , It may solve your purpose ! On 6/17/2011 10:53 AM, Matthew George wrote: Is there an attribute that is the opposite of expiration? I'm trying to setup accounts to have a specific login time range. For example; Start-Time = 5 June 2011 00:00:00 Expiration == 5 June 2011 02:00:00 I've been hunting googling for hours but I've been unable to find an attribute that would let me specific a start-time or a valid-after attribute. Any suggestions? __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Opposite of Expiraton attribute?
Or Else ! Expiration = First-Login + N (Days , Hours , Minutes ). This can be done by any script or Web Frontend. It will allow you to define an Expiration of N from the date of first login. Regards On 6/17/2011 10:53 AM, Matthew George wrote: Is there an attribute that is the opposite of expiration? I'm trying to setup accounts to have a specific login time range. For example; Start-Time = 5 June 2011 00:00:00 Expiration == 5 June 2011 02:00:00 I've been hunting googling for hours but I've been unable to find an attribute that would let me specific a start-time or a valid-after attribute. Any suggestions? __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:
Please read the documentation on how to setup freeradius. From your post it is unclear as what type of auth you need. There are official docs at freeradius.org which you might want to see. On 4/26/2011 10:16 AM, arpitha arpitha wrote: hi, 'm very new to freeradius, i want to setup radius server to authenticate another system connected through an access point. i'l b grateful if any1 can tell d steps 2 do this r give links 2 d related materials. Thnks in advance :-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 6042 (20110414) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please help me with sqlcounter
I am trying to do the same in sqlcounter but looks like the %b is hard coded and there is no way to make it dynamically read from database. I have tried using custom sqlcounter but it doe not escapes properly. Anyone effort in commenting on this thread will be highly appreciable as it will enable the user to do a custom time based session accounting instead of fixed 1 ~ 30 date accounting. Best Regards Suman On 3/21/2011 11:54 AM, frankfang wrote: I want to use sqlcounter to control the user's traffic usage, and I have these needs: 1. I have read http://wiki.freeradius.org/Rlm_sqlcounter the wiki about the sqlcounter, and I get %b as the unix time value of beginning of reset period but how can I set this value? I want to sqlcounter begin count at a specific time such as the register time.. Is it possible? 2. When user's traffic usage over a value, I hope the server will disconnect the connected user immediately, Is it possible for doing this? I have read some article about sqlcounter, but I'm still confused about these questions, can anyone help me? I'm very appreciate for your help -- View this message in context: http://freeradius.1045715.n5.nabble.com/Please-help-me-with-sqlcounter-tp4192991p4192991.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Information from ESET NOD32 Antivirus, version of virus signature database 5924 (20110303) __ The message was checked by ESET NOD32 Antivirus. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
Hi Alan,
Did you managed to look into the issue ?
or maybe any hints on how to use DATETIME in Expiration instead of String ?
Regads
Suman
On 3/15/2011 4:04 PM, Suman Dash wrote:
Dear Alan,
I have not removed any debug messages. I will try to put everything
once again . I was not aware that i sent you a mail. I am having a
nightmare and accidently i clicked Send All instead of selecting the
mailing list.
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
reply-name = Session-Timeout
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT SUM(acctsessiontime) FROM tbl_acct where \
username = '%{%k}' AND acctstarttime BETWEEN \
(SELECT STR_TO_DATE((SELECT value FROM tbl_check \
WHERE username = '%{%k}' AND attribute =
'Activation'), 'd M Y H:i:s')) \
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}' \
AND attribute = 'Expiration'), 'd M Y
H:i:s'))
}
DEBUG
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 122.175.85.117 port 21658,
id=10, length=59
User-Name = suman
User-Password = duman12
Calling-Station-Id = 001122334455
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = suman, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
[sql] expand: %{User-Name} - suman
[sql] sql_set_user escaped user -- 'suman'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_check WHERE username = 'suman' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = '%{SQL-User-Name}'
ORDER BY id - SELECT id, username, attribute, value, op
FROM tbl_reply WHERE username = 'suman' ORDER BY id
[sql] expand: SELECT groupname FROM
tbl_usergroup WHERE username = '%{SQL-User-Name}'
ORDER BY priority - SELECT groupname FROM
tbl_usergroup WHERE username = 'suman' ORDER BY
priority
[sql] expand: SELECT id, groupname, attribute, Value,
op FROM tbl_groupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, Value, op FROM tbl_groupcheck
WHERE groupname = 'Biz1Mbps-UL' ORDER BY id
[sql] User found in group Biz1Mbps-UL
[sql] expand: SELECT id, groupname, attribute, value,
op FROM tbl_groupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, value, op FROM tbl_groupreply
WHERE groupname = 'Biz1Mbps-UL' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[dailycounter] returns noop
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(acctsessiontime) FROM tbl_acct
where username = '%{User-Name}' AND acctstarttime
BETWEEN (SELECT STR_TO_DATE((SELECT value FROM
tbl_check WHERE username = '%{User-Name}' AND
attribute = 'Activation'), '%0%0d %0%0M %0%0Y
%0%0H:%0%0i:%0%0s')) AND (SELECT STR_TO_DATE((SELECT
value FROM tbl_check WHERE username = '%{User-Name}'
AND attribute = 'Expiration'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s'))'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%0': See 'doc/variables.txt
Re: SQL Counter Escape String !
Much thanks Alan,
That was some really good advice on how to make the thing work.
So now i have to write unlang statement in preprocess so that it
directly gives the Session-Timeout . Please correct me if i am wrong.
Thanks Again
On 3/16/2011 4:09 PM, Alan DeKok wrote:
Suman Dash wrote:
Hi Alan,
Did you managed to look into the issue ?
No.
or maybe any hints on how to use DATETIME in Expiration instead of String ?
Honestly, in 2.1.10, you can just write SELECT statements directly in
unlang.
update reply {
Session-Timeout := %{sql: SELECT ...}
}
Couple that with a few other things, and you should be able to replace
the sqlcounter module entirely.
i.e. I don't use that module, and I know little or nothing about it.
I have little time to do anything with it.
Alan DeKok.
__ Information from ESET NOD32 Antivirus, version of virus signature
database 5924 (20110303) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL Unlang !
I am looking forward for a short example on how to store a SQL query to
a variable which can be used in next condition in UNLANG.
I have no knowledge of unlang but i got a fair amount of idea with the
condition checks , just need a little insight on the result stores .
For Ex.
result1 = {some sql query}
result2 = {some sql query}
update control
Session-Timeout := Result1 - Result 2
Thanks in advance
Suman
On 3/16/2011 4:09 PM, Alan DeKok wrote:
Suman Dash wrote:
Hi Alan,
Did you managed to look into the issue ?
No.
or maybe any hints on how to use DATETIME in Expiration instead of String ?
Honestly, in 2.1.10, you can just write SELECT statements directly in
unlang.
update reply {
Session-Timeout := %{sql: SELECT ...}
}
Couple that with a few other things, and you should be able to replace
the sqlcounter module entirely.
i.e. I don't use that module, and I know little or nothing about it.
I have little time to do anything with it.
Alan DeKok.
__ Information from ESET NOD32 Antivirus, version of virus signature
database 5924 (20110303) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
: SELECT SUM(acctsessiontime) FROM tbl_acct where
username = 'suman' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM
tbl_check
WHERE username = 'suman' AND attribute =
'Activation'),
'%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
AND (SELECT STR_TO_DATE((SELECT value FROM
tbl_check WHERE
username = 'suman'
AND attribute = 'Expiration'), '%1298917800d
%1298917800M
%1298917800Y %1298917800H:%1298917800i:%1298917800s'));
- SELECT SUM(acctsessiontime) FROM tbl_acct
where
username = 'suman' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM
tbl_check
WHERE username = 'suman' AND attribute =
'Activation'),
'%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
AND (SELECT STR_TO_DATE((SELECT value FROM
tbl_check WHERE
username = 'suman'
AND
rlm_sql (sql): Reserving sql socket id: 2
[monthlycounter] row[0] returned NULL
rlm_sql (sql): Released sql socket id: 2
[monthlycounter]expand: %{sql:SELECT SUM(acctsessiontime) FROM
tbl_acct where
username = 'suman' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM
tbl_check
WHERE username = 'suman' AND attribute =
'Activation'),
'%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
AND (SELECT STR_TO_DATE((SELECT value FROM
tbl_check WHERE
username = 'suman'
AND attribute = 'Expiration'), '%1298917800d
%1298917800M
%1298917800Y %1298917800H:%1298917800i:%1298917800s'));} -
rlm_sqlcounter: No integer found in string
++[monthlycounter] returns noop
On Tue, Mar 15, 2011 at 11:41 AM, Alan DeKok al...@deployingradius.com wrote:
Suman Dash wrote:
Please anyone advice me the way to escape run-time variables in
freeradius. I am using STR_TO_DATE and freeradius run-time variable is
over-riding the mysql time variables
Yes... that's what it does.
I have tried escaping as per the thread
http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328
sigh What's wrong with reading the documentation?
But no luck ..
My Entire Counter is :
... which doesn't follow the escaping rules of either the above
message, or the documentation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
I have tried almost all sql escape but looks like none are working or
maybe i am missing something. I am stuck in this issue for more than 3
days and now i don't have any clue due to which i am trying to reach for
help on the mailing list.
SELECT SUM(acctsessiontime) FROM tbl_acct where
username = '%{%k}' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}' AND attribute = 'Activation'),
'%d %M %Y %H:%i:%s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}'
AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s'));
Doesn't Work
SELECT SUM(acctsessiontime) FROM tbl_acct where
username = '%{%k}' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}' AND attribute = 'Activation'),
'%%d %%M %%Y %%H:%%i:%%s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}'
AND attribute = 'Expiration'), '%%d %%M %%Y %%H:%%i:%s'));
Doesn't Work
All i am looking forward is a link to the proper documentation or a
small example on this issue. Any help in this regard will be much
appreciated.
Best Regards
Suman Dash
On 3/15/2011 12:02 PM, Suman Dash wrote:
New Modified Query !
SELECT SUM(acctsessiontime) FROM tbl_acct where \
username = '%{%k}' AND acctstarttime BETWEEN \
(SELECT STR_TO_DATE((SELECT value FROM tbl_check \
WHERE username = '%{%k}' AND attribute =
'Activation'), '%%d %%M %%Y %%H:%%i:%%s')) \
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{%k}' \
AND attribute = 'Expiration'), '%%d %%M %%Y %%H:%%i:%%s'));
DEBUG :
sqlcounter_expand: 'SELECT SUM(acctsessiontime) FROM tbl_acct where
username = '%{User-Name}' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{User-Name}' AND attribute = 'Activation'),
'%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = '%{User-Name}'
AND attribute = 'Expiration'), '%1298917800d
%1298917800M
%1298917800Y %1298917800H:%1298917800i:%1298917800s'));'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter] WARNING: Unknown variable '%1': See 'doc/variables.txt'
[monthlycounter]expand: SELECT SUM(acctsessiontime) FROM tbl_acct where
username = '%{User-Name}' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM
tbl_check
WHERE username = '%{User-Name}' AND attribute
= 'Activation'),
'%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
AND (SELECT STR_TO_DATE((SELECT value FROM
tbl_check WHERE
username = '%{User-Name}'
AND attribute = 'Expiration'), '%1298917800d
%1298917800M
%1298917800Y %1298917800H:%1298917800i:%1298917800s'));
- SELECT SUM(acctsessiontime) FROM tbl_acct
where
username = 'suman' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM
tbl_check
WHERE username = 'suman' AND attribute =
'Activation'),
'%1298917800d %1298917800M %1298917800Y
%1298917800H:%1298917800i:%1298917800s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = 'suman'
sqlcounter_expand: '%{sql:SELECT SUM(acctsessiontime) FROM tbl_acct where
username = 'suman' AND acctstarttime BETWEEN
(SELECT STR_TO_DATE((SELECT value FROM
tbl_check
WHERE username = 'suman' AND attribute =
'Activation
Re: SQL Counter Escape String !
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_checkval: Item Name: Calling-Station-Id, Value: 001122334455
rlm_checkval: Value Name: Calling-Station-Id, Value: 001122334455
++[checkval] returns ok
[expiration] Checking Expiration time: '13 Mar 2012 21:37:23'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password duman12
[pap] Using CRYPT encryption.
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sqlippool] No Pool-Name defined.
[sqlippool] expand: No Pool-Name defined (did %{Called-Station-Id}
cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) - No
Pool-Name defined (did cli 001122334455 port user suman)
No Pool-Name defined (did cli 001122334455 port user suman)
++[sqlippool] returns noop
[sql] expand: %{User-Name} - suman
[sql] sql_set_user escaped user -- 'suman'
[sql] expand: %{User-Password} - duman12
[sql] expand: INSERT INTO tbl_postauth
(username, pass, reply, authdate) VALUES
( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO
tbl_postauth (username, pass, reply,
authdate) VALUES (
'suman', 'duman12',
'Access-Accept', '2011-03-15 14:36:34')
rlm_sql (sql) in sql_postauth: query is INSERT INTO
tbl_postauth (username, pass, reply,
authdate) VALUES (
'suman', 'duman12',
'Access-Accept', '2011-03-15 14:36:34')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 6 to 122.175.85.117 port 19169
Session-Timeout = 31474849
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 6 with timestamp +3
Ready to process requests.
**
When the Counter Reset Period is monthly , %%' becomes '%1298917800
When the Counter Reset Period is Never , New Problem Arises i.e %0d %0M
%0Y %0H:%0i:%0s
Best Regards
Suman
Suman Dash wrote:
I have tried almost all sql escape but looks like none are working or
maybe i am missing something. I am stuck in this issue for more than 3
days and now i don't have any clue due to which i am trying to reach for
help on the mailing list.
Hmm... the issue seems to be that the sqlcounter module does it's own
string expansion, and gets it *horribly* wrong.
As for why '%%' becomes '%1298917800', I have no idea. Posting *more*
debug output might help. What you did post was the final result of the
expansion, and didn't include *how* that expansion came about.
Alan DeKok.
__ Information from ESET NOD32 Antivirus, version of virus signature
database 5924 (20110303) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
%0H:%0%0i:%0%0s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username =
'suman' AND attribute = 'Expiration'), '%0%0d %0%0M
%0%0Y %0%0H:%0%0i:%0%0s'))
rlm_sql (sql): Reserving sql socket id: 2
[monthlycounter] row[0] returned NULL
rlm_sql (sql): Released sql socket id: 2
[monthlycounter]expand: %{sql:SELECT SUM(acctsessiontime) FROM
tbl_acct where username = 'suman' AND acctstarttime
BETWEEN (SELECT STR_TO_DATE((SELECT value FROM
tbl_check WHERE username = 'suman' AND attribute =
'Activation'), '%0%0d %0%0M %0%0Y %0%0H:%0%0i:%0%0s'))
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check WHERE username =
'suman' AND attribute = 'Expiration'), '%0%0d %0%0M
%0%0Y %0%0H:%0%0i:%0%0s'))} -
rlm_sqlcounter: No integer found in string
++[monthlycounter] returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
++[noresetcounter] returns noop
rlm_checkval: Item Name: Calling-Station-Id, Value: 001122334455
rlm_checkval: Value Name: Calling-Station-Id, Value: 001122334455
++[checkval] returns ok
[expiration] Checking Expiration time: '13 Mar 2012 21:37:23'
++[expiration] returns ok
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password duman12
[pap] Using CRYPT encryption.
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
[sqlippool] No Pool-Name defined.
[sqlippool] expand: No Pool-Name defined (did %{Called-Station-Id}
cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) - No
Pool-Name defined (did cli 001122334455 port user suman)
No Pool-Name defined (did cli 001122334455 port user suman)
++[sqlippool] returns noop
[sql] expand: %{User-Name} - suman
[sql] sql_set_user escaped user -- 'suman'
[sql] expand: %{User-Password} - duman12
[sql] expand: INSERT INTO tbl_postauth
(username, pass, reply, authdate) VALUES
( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO
tbl_postauth (username, pass, reply,
authdate) VALUES (
'suman', 'duman12',
'Access-Accept', '2011-03-15 15:57:53')
rlm_sql (sql) in sql_postauth: query is INSERT INTO
tbl_postauth (username, pass, reply,
authdate) VALUES (
'suman', 'duman12',
'Access-Accept', '2011-03-15 15:57:53')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 10 to 122.175.85.117 port 21658
Session-Timeout = 31469970
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 10 with timestamp +3
Ready to process requests.
The above is the complete log , nothing removed . As you can see %0%0d
%0%0M %0%0Y %0%0H:%0%0i:%0%0s which is nothing but d %%%M Y
H
I am using freeradius 2.1.8 and now i am in a process of checking the
same in the latest release.
As for the read receipt is concerned then i am sorry in case i have
annoyed you in any way.
Best Regards
Suman Dash
On 3/15/2011 3:29 PM, Alan DeKok wrote:
Suman Dash wrote:
sqlcounter monthlycounter {
...
WHERE username = '%{%k}' AND attribute = 'Activation'),
'd M Y H:i:s')) \
The debug log doesn't show that this string is being used.
And *again* you delete large amounts of the debug log. Why? It just
makes it harder to help you.
In short: you are editing a configuration file, BUT the server isn't
using the configuration file you're editing. That is likely the *major*
source of the problems you're seeing.
And don't CC me on messages to the list. I *do* read the list. And
especially do NOT set return receipt requested. It's rude and
annoying. If it keeps up, I'll just delete the messages unread.
Alan DeKok.
__ Information from ESET NOD32 Antivirus, version of virus signature
database 5924 (20110303) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter Escape String !
(username, pass, reply, authdate) VALUES
( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'suman', 'duman12',
'Access-Accept', '2011-03-15 18:53:17')
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'suman', 'duman12',
'Access-Accept', '2011-03-15 18:53:17')
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 35 to 122.175.85.117 port 12893
Session-Timeout = 1832802
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
On 3/15/2011 3:29 PM, Alan DeKok wrote:
Suman Dash wrote:
sqlcounter monthlycounter {
...
WHERE username = '%{%k}' AND attribute = 'Activation'),
'd M Y H:i:s')) \
The debug log doesn't show that this string is being used.
And *again* you delete large amounts of the debug log. Why? It just
makes it harder to help you.
In short: you are editing a configuration file, BUT the server isn't
using the configuration file you're editing. That is likely the *major*
source of the problems you're seeing.
And don't CC me on messages to the list. I *do* read the list. And
especially do NOT set return receipt requested. It's rude and
annoying. If it keeps up, I'll just delete the messages unread.
Alan DeKok.
__ Information from ESET NOD32 Antivirus, version of virus signature
database 5924 (20110303) __
The message was checked by ESET NOD32 Antivirus.
http://www.eset.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling-Station-Id problem
You need to check the Calling-Station-Id format sent by the NAS. Start radius in debug more and send a auth request, the debug will show whether your NAS sends Calling-Station-Id or not . If it sends the Calling-Station-Id you can clearly see the format of the same. Best Regads Suman Dash On Sun, Mar 13, 2011 at 5:07 PM, ziko emobux...@yahoo.com wrote: Hello. I am using freeradius2 on my CentOS5. It's working great. But now I have one problem. I need to use wireless and pppoe together in my network. Users must login both in wireless and pppoe. wireless using MAC format 00-00-00-00-00 and pppoe 00:00:00:00:00 How can i indicate calling-station-id for one user for both, wireless and pppoe? I tried both format together like this: user1 Calling-Station-Id == 00-00-00-00-00 user1 Calling-Station-Id == 00:00:00:00:00 but no success. I am using mikrotik and ubiquity products as NAS and ubiquity as clients. Please help me. Sorry for my poor English. *Looking up 00-00-00-00*... Please wait... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Concurrent Sessions per user
Yes .. Simultaneous-Use Attribute On Mon, Mar 14, 2011 at 10:38 PM, Moayad Mohammad mmoham...@thebluezone.com wrote: Dear, Is there is a way to control the concurrent sessions per user? Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Concurrent Sessions per user
Please anyone advice me the way to escap run-time variables in freeradius. I
am using STR_TO_DATE and freeradius run-time variable is over-riding the
mysql time variables
SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
2012-03-14 21:37:23 in MySQL
Whereas in freeradius
SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
'14 0 2011 20:001122334455:_
14 = Current Date
0 = MTU
2011 = Current Year
001122334455 = Calling-Station-ID
_ = Speed
I have tried escaping as per the thread
http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328
But no luck ..
Thanks in advance !!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
String Escape in SQL Counter !
Please anyone advice me the way to escape run-time variables in
freeradius. I am using STR_TO_DATE and freeradius run-time variable is
over-riding the mysql time variables
SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
2012-03-14 21:37:23 in MySQL
Whereas in freeradius
SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
'14 0 2011 20:001122334455:_
14 = Current Date
0 = MTU
2011 = Current Year
001122334455 = Calling-Station-ID
_ = Speed
I have tried escaping as per the thread
http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328
But no luck ..
My Entire Counter is :
query = SELECT SUM(acctsessiontime) FROM tbl_acct where \
username = 'suman' AND acctstarttime BETWEEN \
(SELECT STR_TO_DATE((SELECT value FROM tbl_check \
WHERE username = 'suman' AND attribute =
'Activation'), '%d %M %Y %H:%i:%s')) \
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = 'suman' \
AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s'))
The Above Query Ends Up Showing 14 0 2011 23:001122334455:_
Any help in this matter will be highly appreciated !
Cheers !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL Counter Escape String !
Please anyone advice me the way to escape run-time variables in
freeradius. I am using STR_TO_DATE and freeradius run-time variable is
over-riding the mysql time variables
SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
2012-03-14 21:37:23 in MySQL
Whereas in freeradius
SELECT STR_TO_DATE('14 Mar 2012 21:37:23','%d %M %Y %H:%i:%s') gives
'14 0 2011 20:001122334455:_
14 = Current Date
0 = MTU
2011 = Current Year
001122334455 = Calling-Station-ID
_ = Speed
I have tried escaping as per the thread
http://freeradius.1045715.n5.nabble.com/Changing-the-format-of-a-date-attribute-tt2775323.html#a2775328
But no luck ..
My Entire Counter is :
query = SELECT SUM(acctsessiontime) FROM tbl_acct where \
username = 'suman' AND acctstarttime BETWEEN \
(SELECT STR_TO_DATE((SELECT value FROM tbl_check \
WHERE username = 'suman' AND attribute =
'Activation'), '%d %M %Y %H:%i:%s')) \
AND (SELECT STR_TO_DATE((SELECT value FROM tbl_check
WHERE username = 'suman' \
AND attribute = 'Expiration'), '%d %M %Y %H:%i:%s'))
The Above Query Ends Up Showing 14 0 2011 23:001122334455:_
Any help in this matter will be highly appreciated !
Cheers !
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Encountering error when using radius -X
path issue. create symlink to the particular files. ln -s /usr/local/lib/* libfreeradius-radius-2.1.0.so /usr/lib there may be some more missing files whose symlink you need to do . Let me know if it works. * On Wed, Aug 18, 2010 at 5:53 PM, Fabien COMBERNOUS fcombern...@kezia.comwrote: kartik dadwal wrote: Hi, -freeradius version: freeradius-2.1.0+dfsg (downloaded from http://packages.ubuntu.com/source/karmic/freeradius) -OS: Ubuntu 9.10 (Karmic Koala) I was unable to download but now i get a page that is not empty. But, if i check depends of my binary deb : *Depends: lsb-base (= 3.0-6), libc6 (= 2.7-1), libfreeradius2 (= 2.0.4+dfsg-6), libgdbm3, libltdl3 (= 1.5.2-2), libpam0g (= 0.99.7.1), libperl5.10 (= 5.10.0), libsnmp15 (= 5.4.1~dfsg), libssl0.9.8 (= 0.9.8f-5), python2.5 (= 2.5), freeradius-common If you want to compile your own freeradius, it should be easier to use the .deb source. You'll get a .deb binary package and all the advantages of .deb. * -- *Fabien COMBERNOUS* /unix system engineer/ www.kezia.com http://www.kezia.com/ *Tel: +33 (0) 467 992 986* Kezia Group - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
No Worries .. I managed to get past the error. Actually, i was using a same username that was in my /etc/shadow . I renamed the user and it worked. Cheers On Sun, Mar 14, 2010 at 7:04 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, Hi, I am unable to locally authenticate a user from users file. Below is the log : what does the entry in your users file look like? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
Hi,
I am unable to locally authenticate a user from users file. Below is the log
:
Server :
rad_recv: Access-Request packet from host 127.0.0.1 port 37881, id=29,
length=57
User-Name = suman
User-Password = hello
NAS-IP-Address = 20x.20x.20x.20x
NAS-Port = 0
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = suman, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] users: Matched entry suman at line 90
[files] expand: Hello, %{User-Name} - Hello, suman
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password hello
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - suman
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.10 seconds.
Sending delayed reject for request 2
Sending Access-Reject of id 29 to 127.0.0.1 port 37881
Reply-Message = Hello, suman
Waking up in 4.9 seconds.
Cleaning up request 2 ID 29 with timestamp +164
Ready to process requests.
Radtest
sudo radtest suman hello 127.0.0.1 0 testing123
Log
Sending Access-Request of id 203 to 127.0.0.1 port 1812
User-Name = suman
User-Password = hello
NAS-IP-Address = 204.232.205.196
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=203,
length=34
Reply-Message = Hello, suman
Please let me know what i am doing wrong as i am a complete starter.
Thanks and Regards
Suman Dash
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject packet from host 127.0.0.1 port 1812, id=29, length=34
No, The Password is in Cleartext. How do i disable / Enable the CRYPT
password ?
On Sun, Mar 14, 2010 at 1:45 AM, YvesDM ydm...@gmail.com wrote:
On Sat, Mar 13, 2010 at 8:14 PM, Suman Dash sumand...@gmail.com wrote:
+- entering group PAP {...}
[pap] login attempt with password hello
[pap] Using CRYPT encryption.
[pap] Passwords don't match
++[pap] returns reject
I don't think you used a crypt password in your users file
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
