server status/statistics with 2.0.5 or retention_time for current freeradius
Hi, I am searching a solution to get status information with freeradius 2.0.5. Because of the broken snmp implemantation on 64 bit Linux systems, I can not use snmp. So I tried to use the status interface. I configured a server status as written below. server status { listen { # ONLY Status-Server is allowed to this port. # ALL other packets are ignored. type = status ipaddr = 127.0.0.1 port = 18120 } client admin { ipaddr = 127.0.0.1 secret = adminsecret } # # Simple authorize section. The "Autz-Type Status-Server" # section will work here, too. See "raddb/sites-available/default". authorize { # respond to the Status-Server request. ok } } But the freeradius start fails: Mon Nov 24 13:57:36 2008 : Error: /opt/radius/etc/raddb/sites-enabled/stats[31]: Invalid type "status" in listen section. Is there any idea to get status information ? I can not upgrade to 2.1.x because the rlm_ippool was rewritten and the retention_time patch (which I need) does not work. -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] From: Fernando <[EMAIL PROTECTED]> To: FreeRadius users mailing list Date: 24.11.08 13:40 Subject: Re: Problems in TLS Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: >> What do these lines?: >> >> >> >> rlm_realm: No '@' in User-Name = "cert", looking up realm NULL >>rlm_realm: No such realm "NULL" >> >> > > You haven't configured NULL domain (in proxy.conf) for users without the > domain. Like most people. It's not a problem. > > Ivan Kalik > Kalik Informatika ISP > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > your problem is in supplicant or NAS side not in freeradius. Fernando. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementaerin: BIOTRONIK Mess- und Therapiegeraete GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschaeftsfuehrer: Dr. Max Schaldach, Christoph Boehmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to interpret rlm_ippool_tool output ?
Hi, I am using the ipppol modul. To check, wether IPs will put back to the pool, after them freed, sometimes I take a look to the IP-Pool. sudo /opt/radius/bin/rlm_ippool_tool -av /opt/radius/etc/raddb/db.ippool.one /opt/radius/etc/raddb/db.ipindex.one shows something like this: KEY: '9680138403a6e74f3b73aac7df6999b0' - ipaddr:10.0.194.251 active:1 cli:0 num:1 KEY: '713fff05450587a3211ea1f508fa8aeb' - ipaddr:10.0.194.32 active:1 cli:0 num:0 In my understanding the first is th unique key build as configured. TSsecond is very clear. But then active:1 means this IP is used ? cli:0 I saw no other then 0 ? num: 0|1 I have no idea what this means Can anybody help me ? -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementaerin: BIOTRONIK Mess- und Therapiegeraete GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschaeftsfuehrer: Dr. Max Schaldach, Christoph Boehmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
retention-time.patch for freeradius 2.0.x and 2.1.x
attached is the updated patch. User need this should add # retention-time: If not zero specifies the amount of seconds to wait # before releasing an entry after receiving an acct Stop packet. # Default: 0 retention-time = 0 to the raddb/modules/ippool configuration. -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementaerin: BIOTRONIK Mess- und Therapiegeraete GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschaeftsfuehrer: Dr. Max Schaldach, Christoph Boehmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately. retention-time_freeradius_2.1.x.patch Description: Binary data retention-time_freeradius_2.0.x.patch Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failure to compile 2.1.1 on Redhat ES3
>A.L.M.Buxey at lboro.ac.uk wrote: >> just tried to compile FR 2.1.1 on a more vintage system >> than what I normally find myself on - RedHat ES 3 >> >> Theres a compile issue with Python module which didnt >> exist on the same platform with 2.0.5 - but I'll ignore >> that one for now - the important part is the base daemon >> itself: >> >> /usr/src/freeradius-server-2.1.1/libtool --mode=compile gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall >-D_GNU_SOURCE -DNDEBUG -I/usr/src/freeradius-server-2.1.1/src -DHOSTINFO=\"i686-pc-linux-gnu\" >-DRADIUSD_VERSION=\"2.1.1\" -DOPENSSL_NO_KRB5 -c listen.c >> gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG >-I/usr/src/freeradius-server-2.1.1/src -DHOSTINFO=\"i686-pc-linux-gnu\" -DRADIUSD_VERSION=\"2.1.1\" -DOPENSSL_NO_KRB5 >-c listen.c -fPIC -DPIC -o .libs/listen.o >> listen.c:99:1: directives may not be used inside a macro argument > > Yuck. That assert can simply be deleted. > > Alan DeKok. Hi Alan, pls. give me a little hint, what exact can be deleted ? -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to interpret rlm_ippool_tool output ?
Hmm, nobody knows it ? -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: FreeRadius users mailing list Date: 24.11.08 14:31 Subject: How to interpret rlm_ippool_tool output ? Sent by: [EMAIL PROTECTED] Hi, I am using the ipppol modul. To check, wether IPs will put back to the pool, after them freed, sometimes I take a look to the IP-Pool. sudo /opt/radius/bin/rlm_ippool_tool -av /opt/radius/etc/raddb/db.ippool.one /opt/radius/etc/raddb/db.ipindex.one shows something like this: KEY: '9680138403a6e74f3b73aac7df6999b0' - ipaddr:10.0.194.251 active:1 cli:0 num:1 KEY: '713fff05450587a3211ea1f508fa8aeb' - ipaddr:10.0.194.32 active:1 cli:0 num:0 In my understanding the first is th unique key build as configured. TSsecond is very clear. But then active:1 means this IP is used ? cli:0 I saw no other then 0 ? num: 0|1 I have no idea what this means Can anybody help me ? -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementaerin: BIOTRONIK Mess- und Therapiegeraete GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschaeftsfuehrer: Dr. Max Schaldach, Christoph Boehmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: failure to compile 2.1.1 on Redhat ES3
I comment out these lines in src/main/listen.c: /* rad_assert((listener->type == RAD_LISTEN_AUTH) #ifdef WITH_STATS || (listener->type == RAD_LISTEN_NONE) #endif #ifdef WITH_ACCOUNTING || (listener->type == RAD_LISTEN_ACCT) #endif #ifdef WITH_VMPS || (listener->type == RAD_LISTEN_VQP) #endif #ifdef WITH_DHCP || (listener->type == RAD_LISTEN_DHCP) #endif ); */ Hope that is OK. And all works without these lines ? -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] From: Alan DeKok <[EMAIL PROTECTED]> To: FreeRadius users mailing list Date: 25.11.08 14:54 Subject: Re: failure to compile 2.1.1 on Redhat ES3 Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > />>/ listen.c:99:1: directives may not be used inside a macro argument/ >> >> Yuck. That assert can simply be deleted. ... > pls. give me a little hint, what exact can be deleted ? Read "listen.c". Go to line 99. See that it contains the word "assert". Delete the entire text, all the way to the closing ")". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Understanding stats
Hello, I am trying to get statistics information from the freeradius 2.1.1. As I understand the attribute "FreeRADIUS-Statistics-Type" represents the type of information wich will given back by the server. The value ist bit oriented. bit 0 = 1 --> give me Auth stats bit 1 = 1 --> give me Acc stats bit 0 = 1 and bit 1= 1 --> give me Auth stats and Acc stats ... bit 5 = 1--> give me client stats (according the to bit 1 and bit 2) IMHO bit 1 =1 and bit 2= 1 and bit 5 =1 --> should give me Auth stats and Acc stats from a specified client like this hostname> echo "Message-Authenticator = 0x00, FreeRADIUS-Statistics-Type = 35, FreeRADIUS-Stats-Client-IP-Address = 10.0.8.2" |/opt/radius/bin/radclient localhost:18120 status adminsecret FreeRADIUS-Stats-Client-IP-Address = 10.0.8.2 FreeRADIUS-Total-Access-Requests = 55 FreeRADIUS-Total-Access-Accepts = 54 FreeRADIUS-Total-Access-Rejects = 1 FreeRADIUS-Total-Access-Challenges = 0 FreeRADIUS-Total-Auth-Responses = 0 FreeRADIUS-Total-Auth-Duplicate-Requests = 0 FreeRADIUS-Total-Auth-Malformed-Requests = 0 FreeRADIUS-Total-Auth-Invalid-Requests = 0 FreeRADIUS-Total-Auth-Dropped-Requests = 0 FreeRADIUS-Total-Auth-Unknown-Types = 0 FreeRADIUS-Total-Proxy-Accounting-Requests = 108 FreeRADIUS-Total-Proxy-Accounting-Responses = 108 FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0 FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0 FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0 FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0 FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0 (i wonder me why the Acc data are marked as FreeRADIUS-Total-Proxy -Accounting-Requests) but i get the full server stats too. FreeRADIUS-Total-Access-Requests = 56 FreeRADIUS-Total-Access-Accepts = 118 FreeRADIUS-Total-Access-Rejects = 1 FreeRADIUS-Total-Access-Challenges = 0 FreeRADIUS-Total-Auth-Responses = 119 FreeRADIUS-Total-Auth-Duplicate-Requests = 0 FreeRADIUS-Total-Auth-Malformed-Requests = 0 FreeRADIUS-Total-Auth-Invalid-Requests = 0 FreeRADIUS-Total-Auth-Dropped-Requests = 0 FreeRADIUS-Total-Auth-Unknown-Types = 0 FreeRADIUS-Total-Accounting-Requests = 110 FreeRADIUS-Total-Accounting-Responses = 110 FreeRADIUS-Total-Acct-Duplicate-Requests = 0 FreeRADIUS-Total-Acct-Malformed-Requests = 0 FreeRADIUS-Total-Acct-Invalid-Requests = 0 FreeRADIUS-Total-Acct-Dropped-Requests = 0 FreeRADIUS-Total-Acct-Unknown-Types = 0 FreeRADIUS-Stats-Client-IP-Address = 10.0.8.2 FreeRADIUS-Total-Access-Requests = 55 FreeRADIUS-Total-Access-Accepts = 54 FreeRADIUS-Total-Access-Rejects = 1 FreeRADIUS-Total-Access-Challenges = 0 FreeRADIUS-Total-Auth-Responses = 0 FreeRADIUS-Total-Auth-Duplicate-Requests = 0 FreeRADIUS-Total-Auth-Malformed-Requests = 0 FreeRADIUS-Total-Auth-Invalid-Requests = 0 FreeRADIUS-Total-Auth-Dropped-Requests = 0 FreeRADIUS-Total-Auth-Unknown-Types = 0 FreeRADIUS-Total-Proxy-Accounting-Requests = 108 FreeRADIUS-Total-Proxy-Accounting-Responses = 108 FreeRADIUS-Total-Proxy-Acct-Duplicate-Requests = 0 FreeRADIUS-Total-Proxy-Acct-Malformed-Requests = 0 FreeRADIUS-Total-Proxy-Acct-Invalid-Requests = 0 FreeRADIUS-Total-Proxy-Acct-Dropped-Requests = 0 FreeRADIUS-Total-Proxy-Acct-Unknown-Types = 0 Is this a bug or a feature. Is my understanding wrong ? What can i do get only the client specific stats ? www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool
Maybe you can define your pools similiar like this (not tested) DEFAULT Called-Station-Id == ", Pool-Name :="pool_1" Fall-Through = Yes DEFAULT Called-Station-Id == ", Pool-Name :="pool_2" Fall-Through = Yes Ciao TF From: sugiarto tjahyono <[EMAIL PROTECTED]> To: freeradius-users@lists.freeradius.org Date: 26.11.08 10:30 Subject: ip pool Sent by: [EMAIL PROTECTED] Dear all, I have a few problem. i use ip pool and it's works fine if i define ip pool in mysql. 779084,"test","password","=","test123" 779085,"test","Pool-Name",":=","main_pool1" 779086,"test","Called-Station-Id","=","hostpot1" The problem happened if i have 2 access point in the same area and IP the different is only at called-station-id. what should i set in radius if any user can go to AP 1 with Called-Station-Id 1 or AP 2 with Called-Station-Id 2. if user logged in AP1 they will get main_pool1 and if user logged in AP2 they will get main_pool2 sorry for my bad language:) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Status Server on RHEL 4 64 bit fails
Hi, I enabled the status server and the freeradius 2.1.1 does not start: Wed Nov 26 15:43:59 2008 : Error: /opt/radius/etc/raddb/sites-enabled/status[63]: Failed to find module "ok". Wed Nov 26 15:43:59 2008 : Error: /opt/radius/etc/raddb/sites-enabled/status[61]: Errors parsing authorize section. Wed Nov 26 15:43:59 2008 : Error: Errors initializing modules or Wed Nov 26 15:53:18 2008 : Debug: radiusd: Loading Virtual Servers Wed Nov 26 15:53:18 2008 : Debug: server status { Wed Nov 26 15:53:18 2008 : Debug: modules { Wed Nov 26 15:53:18 2008 : Debug: Module: Checking authorize {...} for more modules to load Wed Nov 26 15:53:18 2008 : Error: /opt/radius/etc/raddb/sites-enabled/status[63]: Failed to find module "ok". Wed Nov 26 15:53:18 2008 : Error: /opt/radius/etc/raddb/sites-enabled/status[61]: Errors parsing authorize section. Wed Nov 26 15:53:18 2008 : Debug: } Wed Nov 26 15:53:18 2008 : Debug: } Wed Nov 26 15:53:18 2008 : Error: Errors initializing modules The same config works fine with REL3 and 32 bit. Any ideas what could be wrong ? -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] From: "Paul Bartell" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Date: 26.11.08 15:39 Subject: Re: Supported Acesspoints Sent by: [EMAIL PROTECTED] I find that my WRT54G-L works well with DD-WRT flashed on it. I know some weird linksys voip box from T-mobile supports WPA-ENT authentication, making me think that maybe in Linksys' enterprise products they would have some kind of WPA enterprise authentication possibility. Usually is it in the specifications weather or not an AP will work with radius. On Wed, Nov 26, 2008 at 6:35 AM, M.K. ten Napel <[EMAIL PROTECTED]> wrote: > Hi, > > Previously I asked if anyone had trouble with the Linksys WAP54G, Like I > did. I'm think about trying another type of Accesspoint. Before buying > one, I would like to know what AP's are being used with FreeRadius. > > Any tips/suggestions on buying an AP that works wel in WPA-enterprise > (EAP-TLS) with FreeRadius? > > Thanks! :) > > Mariourk > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Random quote of the week/month/whenever i get to updating it: "Opportunity knocked. My doorman threw him out." - Adrienne Gusoff "At school you don't get parole, good behavior only brings a longer sentence." - The History Boys - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Status Server on RHEL 4 64 bit fails
I comment out the authorize section and everything works fine. From: Alan DeKok <[EMAIL PROTECTED]> To: FreeRadius users mailing list Date: 26.11.08 17:33 Subject: Re: Status Server on RHEL 4 64 bit fails Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > /opt/radius/etc/raddb/sites-enabled/status[63]: Failed to find module "ok". > Wed Nov 26 15:53:18 2008 : Error: > /opt/radius/etc/raddb/sites-enabled/status[61]: Errors parsing authorize > section. > Wed Nov 26 15:53:18 2008 : Debug: } > Wed Nov 26 15:53:18 2008 : Debug: } > Wed Nov 26 15:53:18 2008 : Error: Errors initializing modules > > The same config works fine with REL3 and 32 bit. > > Any ideas what could be wrong ? Nope. I'll see if I have access to a 64-bit system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ippool per NAS
Since I changed to Freeradius 2.1.1 the ippols are not selected successfull. In 2.0.x my config is file: users # default ippools per NAS $INCLUDE users.ippools file: users.ippools # Addresspool for ll-us DEFAULT NAS-IP-Address == "172.16.30.2", Pool-Name := "ll-us_pool" Fall-Through = Yes The authentication is against an oracle database. The debug log shows the difference. The difference is, that the "files"-section returns with (freeradius 2.0.5) Thu Nov 27 18:05:56 2008 : Debug: ++[files] returns ok and the pool will be selected: Thu Nov 27 18:05:56 2008 : Debug: mmodsingle[post-auth]: calling ll-us_pool (rlm_ippool) for request 4 Thu Nov 27 18:05:56 2008 : Debug: expand: %{NAS-IP-Address} %{NAS-Port} %{Calling-Station-Id} -> 172.16.30.2 229 2706868263 Thu Nov 27 18:05:56 2008 : Debug: rlm_ippool: MD5 on 'key' directive maps to: 3a20a68a074b1e406aebcaa5e7e4ce51 Thu Nov 27 18:05:56 2008 : Debug: rlm_ippool: Searching for an entry for key: '3a20a68a074b1e406aebcaa5e7e4ce51' Thu Nov 27 18:05:56 2008 : Debug: rlm_ippool: Allocating ip to key: '3a20a68a074b1e406aebcaa5e7e4ce51' Thu Nov 27 18:05:56 2008 : Debug: rlm_ippool: num: 1 Thu Nov 27 18:05:56 2008 : Debug: rlm_ippool: Allocated ip 192.168.42.39 to client key: 3a20a68a074b1e406aebcaa5e7e4ce51 Thu Nov 27 18:05:56 2008 : Debug: modsingle[post-auth]: returned from ll-us_pool (rlm_ippool) for request 4 Thu Nov 27 18:05:56 2008 : Debug: ++[ll-us_pool] returns ok and with (freeradius 2.1.1) Thu Nov 27 17:50:23 2008 : Info: ++[files] returns noop and pool will not selected Thu Nov 27 17:50:23 2008 : Info: [ll-us_pool] Could not find Pool-Name attribute. Thu Nov 27 17:50:23 2008 : Info: ++[ll-us_pool] returns noop Was was changed between both version, what could causes this behaviour ? www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool per NAS
It doesn't make sense. And ist doesn't work. Hi Alan, do you have an idea ? Thanks for our support. TF From: <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Date: 28.11.08 00:11 Subject: Re: ippool per NAS Sent by: [EMAIL PROTECTED] >file: users > ># default ippools per NAS >$INCLUDE users.ippools > It looks like include doesn't work in users (? any more). >file: users.ippools > ># Addresspool for ll-us >DEFAULT NAS-IP-Address == "172.16.30.2", Pool-Name := "ll-us_pool" >Fall-Through = Yes > Just copy the content of users.ippools into the users file in place of the include line. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool per NAS
Hello Alan, thanks for your quick response. As described, all works fine in 2.0.5. Here the Access-Request: rad_recv: Access-Request packet from host 172.16.30.2 port 1645, id=20, length=130 Framed-Protocol = PPP User-Name = "[EMAIL PROTECTED]" User-Password = "4711" Calling-Station-Id = "123456789" Called-Station-Id = "987654321" NAS-Port = 270 NAS-Port-Type = Async Service-Type = Framed-User NAS-IP-Address = 172.16.30.2 -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] From: Alan DeKok <[EMAIL PROTECTED]> To: FreeRadius users mailing list Date: 28.11.08 09:43 Subject: Re: ippool per NAS Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > > It doesn't make sense. And ist doesn't work. Hi Alan, do you have an > idea ? Thanks for our support. All I can say is that it works for me. What *else* is going on? You haven't posted the contents of the Access-Request packet... maybe they don't match! Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool per NAS
The files readable for the user (and for testing purposes for all). I tried two ways. 1st) I took the working configuration from 2.0.5. 2nd) I build a new configuration with the files comming with 2.1.1 3rd) I put all the information in teh one and only user file. This is used, because static users configured in this file are authenticated. If the authentication comes from the sql modul, it seems all additional Attributes are lost ... ? How can I debug this ? -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: [EMAIL PROTECTED] From: Alan DeKok <[EMAIL PROTECTED]> To: FreeRadius users mailing list Date: 28.11.08 10:30 Subject: Re: ippool per NAS Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > thanks for your quick response. As described, all works fine in 2.0.5. > > Here the Access-Request: So far as I can tell, nothing changed from 2.0.5 to 2.1.x that should affect this. Are you sure it's reading the "users" file you're editing? Try also moving that entry to the top of the "users" file to see if it matches. If it doesn't, something is very wrong on your system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool per NAS
Hi Alan, I don' understand you. Yor first email was: > All I can say is that it works for me. > What *else* is going on? You haven't posted the contents of the >Access-Request packet... maybe they don't match! I sent Packet to the list. Than you asked: > So far as I can tell, nothing changed from 2.0.5 to 2.1.x that should >affect this. > > Are you sure it's reading the "users" file you're editing? Try also >moving that entry to the top of the "users" file to see if it matches. >If it doesn't, something is very wrong on your system. And I wrote: > 3rd) I put all the information in teh one and only user file. This is > used, because static users configured in this file are authenticated. Isn't it what you suggested - to put all into the users file ? This I did. Static user entries are used as expected and if the user ist authenticated by database, the defaults (for ippols) are not used . For me it seems, the sql module do anything other than in 2.0.x ? From: Alan DeKok <[EMAIL PROTECTED]> To: FreeRadius users mailing list Date: 28.11.08 11:42 Subject: Re: ippool per NAS Sent by: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > > The files readable for the user (and for testing purposes for all). I > tried two ways. > > 1st) I took the working configuration from 2.0.5. > 2nd) I build a new configuration with the files comming with 2.1.1 The configuration from 2.0.5 *should* pretty much work with 2.1.1. > 3rd) I put all the information in teh one and only user file. This is > used, because static users configured in this file are authenticated. If > the authentication comes from the sql modul, it seems all additional > Attributes are lost ... ? How can I debug this ? First, try the suggestion from my previous message. There is a step by step approach to debugging the problem. Changing multiple things at the same time isn't a good approach. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AUTO: Freitag, Thoralf is out of the office. (returning 05.01.2009)
I am out of the office until 05.01.2009. In urgent cases contact HSS via eMail ad...@ews.biotronik.de, or via telephone -4616. Note: This is an automated response to your message "Re: Restricting dialup users to certain client definitions only" sent on 12/19/08 19:26:08. This is the only notification you will receive while this person is away.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AUTO: Freitag, Thoralf is out of the office. (returning 02.02.2009)
I am out of the office until 02.02.2009. In urgent cases contact HSS via eMail ad...@ews.biotronik.de, or via telephone -4616. Note: This is an automated response to your message "Re: rlm_sql ignoring fall-through attripute in radreply" sent on 1/28/09 19:37:05. This is the only notification you will receive while this person is away.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco NAS and server side ip pool management
aaa new-model aaa authentication login default local aaa authentication ppp default group radius local aaa accounting network default start-stop group radius aaa authorization network default group radius radius-server host auth-port acct-port non-standard key A local ip pool is not used, if your radius sends a FRAMED_IP-ADRESS. There is no difference if it is configured or not. Radius wins. -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax:+49 (0) 30 68905-2940 Mail: thoralf.frei...@biotronik.com From: Sebastian Krieger To: freeradius-users@lists.freeradius.org Date: 13.02.09 16:56 Subject: Cisco NAS and server side ip pool management Sent by: freeradius-users-bounces+thoralf.freitag=biotronik@lists.freeradius.org Hi, for many hours now I am trying to configure a Cisco router as a NAS to authenticate dialup users against freeradius and provide the ip address dynamically from a server based ip pool. The authentication part works fine and the ip address also gets selected from the pool and sent as Framed-IP-Address back to the NAS. The only thing is that the ip address seems not to be catched up by the NAS and provided to the dialup user. I test the dialup connection from a Windows XP machine with an ISDN card and there it always ends in an error message that the NAS didn't provide the IP information. It is absolutely no problem to use a static ip pool on the Cisco router instead of a server based ip pool management. Can someone please send me a working configuration example for a Cisco IOS based NAS? Thanks Sebastian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Re: Migration from TACACS+ to RADIUS
To your first question: You can give every user in Radius it's own priv-level. You can configure your Cisco that CLI access is only allowed with a priv-level x and higher. This would be the same like Tacacs. -- Thoralf Freitag Manager Health Services System Administration Phone: +49 (0) 30 68905-4611 Cellular:+49 (0) 151 1631-4611 Fax: +49 (0) 30 68905-2940 Mail: thoralf.frei...@biotronik.com *** Sent via Blackberry. *** http://www.biotronik.com * BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementaerin: BIOTRONIK Mess- und Therapiegeraete GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschaeftsfuehrer: Dr. Max Schaldach, Christoph Boehmer, Dr. Werner Braun, Dr. Lothar Krings * This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately. - Originalnachricht - Von: Norbert Wegener [norbert.wege...@siemens.com] Gesendet: 14.02.2009 12:05 CET An: FreeRadius users mailing list Betreff: Re: Migration from TACACS+ to RADIUS Alan DeKok schrieb: Nicholas R. Cappelletti wrote: In the recent weeks, I have come across some downfalls to using TACACS+ such as no 802.1x authentication, no WPA integration, and the impossible integration into both Kerberos and LDAP. I hate to sound naive, but like many who need help, I'm new to RADIUS, its configuration, and its capabilities. With that said, I have a few questions concerning functionality that I had with TACACS+ and its equivalence in RADIUS. 1. How granular can I get with command authorization? Currently, TACACS+ is used for VPN authentication and device login, but not all those users should, or need, access to the CLI of the network equipment (We use both Cisco and HP devices). Eventually I would like to use the RADIUS setup for wireless authentication too. The hope is that we can add TACACS+ support to FreeRADIUS in a future version. That will help with migration. Can this be expected in the foreseeable future? Norbert Wegener Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AUTO: Freitag, Thoralf is out of the office. (returning 05.03.2009)
I am out of the office until 05.03.2009. In urgent cases contact HSS via eMail ad...@ews.biotronik.de, or via telephone -4616. Note: This is an automated response to your message "Re: Conversion to Version 2" sent on 2/28/09 0:05:11. This is the only notification you will receive while this person is away.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mrtg module for FreeRADIUS
How about the stats interface ? Write your own script for mrtg wich uses the stats interface. -- Thoralf Freitag Manager Health Services System Administration From: Michael Schwartzkopff To: FreeRadius users mailing list Date: 07.04.09 08:15 Subject: Re: mrtg module for FreeRADIUS Sent by: freeradius-users-bounces+thoralf.freitag=biotronik@lists.freeradius.org Am Dienstag, 7. April 2009 06:04:44 schrieb Tseveendorj: > Hello, > > Does FreeRADIUS have mrtg module for monitoring bandwidth usage? > > Sincerely, > Tseveen. You can also make use of the logmatch feature of net-snmp to monitor RADIUS messages in the logfile and make MRTG retrieve these values. No bandwidth, but something like auth/sec or auth/sec. -- Dr. Michael Schwartzkopff MultiNET Services GmbH Addresse: Bretonischer Ring 7; 85630 Grasbrunn; Germany Tel: +49 - 89 - 45 69 11 0 Fax: +49 - 89 - 45 69 11 21 mob: +49 - 174 - 343 28 75 mail: mi...@multinet.de web: www.multinet.de Sitz der Gesellschaft: 85630 Grasbrunn Registergericht: Amtsgericht München HRB 114375 Geschäftsführer: Günter Jurgeneit, Hubert Martens --- PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B Skype: misch42 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html www.biotronik.com BIOTRONIK GmbH & Co. KG Woermannkehre 1, 12359 Berlin, Germany Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRA 6501 Vertreten durch ihre Komplementärin: BIOTRONIK Mess- und Therapiegeräte GmbH Sitz der Gesellschaft: Berlin, Registergericht: Berlin HRB 2918 Geschäftsführer: Dr. Max Schaldach, Christoph Böhmer, Dr. Werner Braun, Dr. Lothar Krings This email and the information it contains including attachments are confidential and meant only for use by the intended recipient(s); disclosure or copying is strictly prohibited. If you are not addressed, but in the possession of this email, please notify the sender immediately and delete the document. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AUTO: Freitag, Thoralf is out of the office. (returning 20.04.2009)
I am out of the office until 20.04.2009. In urgent cases contact HSS via eMail ad...@ews.biotronik.de, or via telephone -4616. Note: This is an automated response to your message "RE: Parameter to limit user traffic in RouterOS" sent on 4/9/09 4:54:25. This is the only notification you will receive while this person is away.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html