FreeRadius+Mysql Problem
After I install Mysql-standard-4.0.18-pc-linux-i686(in
/usr/local/mysql-x-linux-i686) + Freeradius(1.0.0.pre3),my OS is RedHat 9.0,and i
try to connect freeradius and mysql
radiusd -X give me the following message:
rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the
search path of your system's ld.
Then I try some way that i got from faq and google...
1) rebuild the freeradius with
./configure --disable_shared
make
make install
but it didn't work
2) cp /usr/local/lib/*.* /usr/lib
(vi /etc/ld.so.conf ; add the item: /usr/local/lib;)
they are same... and didn't work too
3) i reinstall the OS, and install mysql first,and then " cp
/usr/local/mysql/include/*.h /usr/include/mysql"
then build freeradius...
nothing changed ...I almost got crazy..
i cannot find the rlm_sql_mysql.la under any dir,but the freeradius docs seems tell
me that all db drivers are built into rlm_sql.so ,rlm_sql.a, rlm_sql.laI don't
understand, even if i am afraid that's problem of my os...
anybody know about this?
thanks a lot...
Yyc
[EMAIL PROTECTED]
2004-07-10
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What Protocol does freeradius rely on?
Hello, So far as i know,radius protocol which described by RFC28XX is less powerful than radius+ protocol which was extended by some device producer.The difference is that radius+ support Server Control and dynamic user service quality adjust. Does freeradius support radius+? or i can modify freeradius to fit the NAS ? Regards Yyc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
where i can get radius config information?
hello, where i can get some information about how to config freeradius with special device? for example, i will config 2 radius server, one for authentication, the other for accouting Regard Yyc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
what is the accouting format?
hello, i m building a radius accounting project and i want to acknowledge what format does the accounting files write. I have install freeradius&&MySql under RH 9.0 but i have no NAS device to test accounting. So far as i know,accouting info can be writen in DB,and I got the format in DB tables,radacct.Does DB have the same accounting format with files? Would u like tell me how I can test accounting OR how to get the format in files ,and in freeradius source code which func write the detail accounting files,do_detail()? Regards Yyc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: what is the accouting format?
hello, anybody knows? thanks. regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
make fail under Fedora
hello , I install freeradius-1.0.0-pre3 under Fedora(i m not clear with the versionKernal:Linux version 2.6.5-1.358smp ). ./configure --prefix=/usr/local/radius make and the error info : gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_krb5.c -o rlm_krb5.o rlm_krb5.c:40:21: com_err.h: No such file or directory rlm_krb5.c: In function `verify_krb5_tgt': rlm_krb5.c:105: warning: passing arg 2 of `krb5_kt_read_service_key' discards qualifiers from pointer target type rlm_krb5.c: In function `krb5_auth': rlm_krb5.c:305: warning: implicit declaration of function `krb5_get_in_tkt_with_password' gmake[6]: *** [rlm_krb5.o] Error 1 gmake[6]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src/modules/rlm_krb5' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/home/yyc/freeradius-1.0.0-pre3' make: *** [all] Error 2 what 's the matter? Regards. Yyc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
About Radius-LDAPv3.schema
hello , I have to config radius with ldap supported. Both Freeradius(pre3.1.0.0) and Openldap(2.2.13)+BerkeleyDB.4.2 can work normally under RH Linux 9. the problem is that , i notice freeradius give 2 schema file for ldap, but i dont know how to make use of them ,i m not very sure about what is the user and password ITEM in these schema file ,only "radiusStripUserName""radiusUserCategory" etc. in it.so two questions: 1.Must i use these schema files and those attributetype NAME? but I can't find any schema ITEM in freeradius src files, I don't know how does freeradius read from LDAP except giving radiusd.conf some DN,port etc. 2.is there any doc about ldap+freeradius configure except the /freeradius-pre3.1.0.0/doc/ldap-howto.txt? Thanks. Regards. Yyc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
subscribe
subscribe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to expand freeradius
hello, so far as i know ,freeradius bases standard radius protocol. and, there are some remain segement in standard protocol,how to make use of them the problem is the NAS we use can provide more powerful RADIUS+ regards. Yyc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius client
Title: radius client hi all, i will write a radius client which will be embeded in some NAS device. some one know about what program environment will be offered to me? Does the radclient of freeradius can run there? thanks a lot. Regards. Yyc
答复: 'There was no response configured: rejecting request xxx'
start radius server with: radiusd -X and snap the server reaction information -éäåä- åää: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] äè Evert Meulie åéæé: 2004å10æ13æ 15:55 æää: [EMAIL PROTECTED] äé: 'There was no response configured: rejecting request xxx' Hi everyone! I'm getting this in my (new) RADIUS server setup. I know it must be something very basic, but haven't been able to locate the exact location yet. Who can help me? Regards, Evert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: radius client
to Oliver: my boss let me try it . but our NAS device is under mading,and the chip was not here. i just build my code under RH9,sure it can be use...but i don't know what to do next. would u please tell me some knowledge about that. Thank u very much. Regards. Yyc -Mail- ???: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ?? Oliver Graf : 2004?10?13? 15:55 ???: Radius Free ??: Re: radius client On Wed, Oct 13, 2004 at 03:52:08PM +0800, Yyc wrote: > hi all, > i will write a radius client which will be embeded in some NAS device. > some one know about what program environment will be offered to me? Does the radclient of freeradius can run there? If you want to write something for an embdedded device, why don't you know its capabilities? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 'There was no response configured: rejecting request xxx'
rlm_counter: Could not find Check item value pair
check your radiusd.conf
i notice you use db to store user information
if u write it in 'users' files, does it ok?
-éäåä-
åää: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] äè Evert Meulie
åéæé: 2004å10æ13æ 16:06
æää: [EMAIL PROTECTED]
äé: Re: çå: 'There was no response configured: rejecting request xxx'
Yyc wrote:
> start radius server with: radiusd -X
>
> and snap the server reaction information
>
Here it is:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/eap.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = "/usr"
main: localstatedir = "/var"
main: logdir = "/var/log/radius"
main: libdir = "/usr/lib"
main: radacctdir = "/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "radiusd"
main: group = "radiusd"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/sbin/checkrad"
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = no
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups = "/etc/raddb/huntgroups"
preprocess: hints = "/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
"/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = "Password: "
gtc: auth_type = "PAP"
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded files
files: usersfile = "/etc/raddb/users"
files: acctusersfile = "/etc/raddb/acct_users"
files: preproxy_usersfile = "/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "root"
sql: password = [PASSWORD]
sql: radius_db = "radius&q
why i receive 4 same mail everytime.
Title: why i receive 4 same mail everytime. any kind of freeradius maillist mail. its weird...
Can I use radclient to simulate accouting?
Title: Can I use radclient to simulate accouting? hi all, I have no NAS ,but i want to test how to accouting with freeradius. Thanks. Regards. Yyc
re: Can I use radclient to simulate accouting?
thanks and another question. can i simulate a user who login at 7:00,and logout at 8:00,for example; does radclient can do this?and then server record the online time which will be given to billing module and calculate the money user spend. Regards. Yyc -éäåä- åää: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] äè Thor Spruyt åéæé: 2004å10æ13æ 21:52 æää: [EMAIL PROTECTED] äé: Re: Can I use radclient to simulate accouting? Can I use radclient to simulate accouting?Yes, just like you do authentication, but specify "acct" instead of "auth" :) Run radclient without any parameters: ./radclient -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - Original Message - From: Yyc To: Radius Free Sent: Wednesday, October 13, 2004 3:46 PM Subject: Can I use radclient to simulate accouting? hi all, I have no NAS ,but i want to test how to accouting with freeradius. Thanks. Regards. Yyc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: compiling errors ...
Title: compiling errors ... vi /etc/ld.so.conf (add the mysql lib dir) ./configure --with-rlm_sql-include-dir=/the/directory/of/mysql/include/dir if problem, ./configure --help Regards.YycAnd the vision that was planted in my brain.Still remains with the Sound of Silence. 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代表 Berry, William发送时间: 2004年10月13日 23:45收件人: [EMAIL PROTECTED]主题: compiling errors ... OK I am sure I am missing something simple .. I am trying to install on RH8 using MySQL .. I have mysql-3.23.52-3, mysql-devel-3.23.52-3 and mysql-server-3.23.52-3 installed and running but have not created the database structure yet .. during the ./configure I get the following at the end of the process .. Does this mean that I need to upgrade MySQL or did I miss something else?? sql_mysql.c:39:20: errmsg.h: No such file or directory sql_mysql.c:40:19: mysql.h: No such file or directory sql_mysql.c:47: parse error before "MYSQL" sql_mysql.c:47: warning: no semicolon at end of struct or union sql_mysql.c:48: warning: type defaults to `int' in declaration of `sock' sql_mysql.c:48: warning: data definition has no type or storage class sql_mysql.c:49: parse error before '*' token sql_mysql.c:49: warning: type defaults to `int' in declaration of `result' sql_mysql.c:49: warning: data definition has no type or storage class sql_mysql.c:51: parse error before '}' token sql_mysql.c:51: warning: type defaults to `int' in declaration of `rlm_sql_mysql_sock' sql_mysql.c:51: warning: data definition has no type or storage class sql_mysql.c: In function `sql_init_socket': sql_mysql.c:62: `mysql_sock' undeclared (first use in this function) sql_mysql.c:62: (Each undeclared identifier is reported only once sql_mysql.c:62: for each function it appears in.) sql_mysql.c:65: parse error before ')' token sql_mysql.c:76: warning: implicit declaration of function `mysql_init' sql_mysql.c:77: warning: implicit declaration of function `mysql_real_connect' sql_mysql.c:84: `CLIENT_FOUND_ROWS' undeclared (first use in this function) sql_mysql.c:86: warning: implicit declaration of function `mysql_error' sql_mysql.c:86: warning: format argument is not a pointer (arg 3) sql_mysql.c: In function `sql_destroy_socket': sql_mysql.c:103: warning: unused parameter `config' sql_mysql.c: In function `sql_check_error': sql_mysql.c:122: `CR_SERVER_GONE_ERROR' undeclared (first use in this function) sql_mysql.c:123: `CR_SERVER_LOST' undeclared (first use in this function) sql_mysql.c:131: `CR_OUT_OF_MEMORY' undeclared (first use in this function) sql_mysql.c:132: `CR_COMMANDS_OUT_OF_SYNC' undeclared (first use in this function) sql_mysql.c:133: `CR_UNKNOWN_ERROR' undeclared (first use in this function) sql_mysql.c: In function `sql_query': sql_mysql.c:151: `mysql_sock' undeclared (first use in this function) sql_mysql.c:160: warning: implicit declaration of function `mysql_query' sql_mysql.c:161: warning: implicit declaration of function `mysql_errno' sql_mysql.c: In function `sql_store_result': sql_mysql.c:175: `mysql_sock' undeclared (first use in this function) sql_mysql.c:181: warning: implicit declaration of function `mysql_store_result' sql_mysql.c:184: warning: format argument is not a pointer (arg 3) sql_mysql.c:173: warning: unused parameter `config' sql_mysql.c: In function `sql_num_fields': sql_mysql.c:202: `mysql_sock' undeclared (first use in this function) sql_mysql.c:204:5: warning: "MYSQL_VERSION_ID" is not defined sql_mysql.c:207: warning: implicit declaration of function `mysql_num_fields' sql_mysql.c:211: warning: format argument is not a pointer (arg 3) sql_mysql.c:199: warning: unused parameter `config' sql_mysql.c: In function `sql_num_rows': sql_mysql.c:257: `mysql_sock' undeclared (first use in this function) sql_mysql.c:260: warning: implicit declaration of function `mysql_num_rows' sql_mysql.c:255: warning: unused parameter `config' sql_mysql.c: In function `sql_fetch_row': sql_mysql.c:277: `mysql_sock' undeclared (first use in this function) sql_mysql.c:286: warning: implicit declaration of function `mysql_fetch_row' sql_mysql.c:286: warning: assignment makes pointer from integer without a cast sql_mysql.c:275: warning: unused parameter `config' sql_mysql.c: In function `sql_free_result': sql_mysql.c:305: `mysql_sock' undeclared (first use in this function) sql_mysql.c:308: warning: implicit declaration of function `mysql_free_result' sql_mysql.c:303: warning: unused parameter `config' sql_mysql.c: In function `sql_error': sql_mysql.c:327: `mysql_sock' undeclared (first use in this function) sql_mysql.c:330: warning: return discards qualifiers from pointer target type sql_mysql.c:332: warning: return makes pointer from integer without a cast sql_mysql.c
RE: Accounting && billing method.
which is more effective, DB and file access? anybody have used ? Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. -邮件原件- 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代表 Graeme Hinchliffe 发送时间: 2004年10月14日 16:42 收件人: FreeRADIUS list 主题: Re: Accounting && billing method. On Thu, 2004-10-14 at 04:18, Yyc wrote: > hi all, > I am in a project of our university's which give an billing solution for students dormitory , and the money is calculated by time. > And I dont't know how did the radius log file relating to our JSP accouting system. > My question: > 1.Can I write log file by freeradius, and the Accouting system read it every X minutes? > 2.Any other solution for this ? Use RADACCT to account to a database and then query that when you need to.. if you use a whizzy enough db (eg postgres) you can use embeded function calls to process the accounting information as it arrives from the NASes, so you have live accounting/billing. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Accounting && billing method.
To Graeme Hinchliffe: excuse me ; Would u like to tell me the number grade of user login and logout per hours of your system? Thanks. Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. -邮件原件- 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代表 Graeme Hinchliffe 发送时间: 2004年10月14日 20:03 收件人: FreeRADIUS list 主题: RE: Accounting && billing method. On Thu, 2004-10-14 at 11:49, Yyc wrote: > which is more effective, DB and file access? > > anybody have used ? I find a db is much nicer, if you have a lot of records and want to access them over a long period of time. If we need to find out what dates/times a user was on it's a simple select statement on a db, we have even got web interfaces so none technical staff can look at this info. Also it makes running stats reports (users who are online for more than 10 hours a day) quite simple to do, as you can get the db to do most of the leg work for you. I am a personal fan of the db accounting, although I would recommend you use a db which has a good speed and method of constant updates and insertions... I think MySQL still suffers from table locking? I use postgres for my accounting db. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
??: Accounting && billing method.
My opinion,if the NAS doesn't send packet to radius server,there maybe 2 conditions: 1.NAS is down,doesn't work ,usrs disconnect to internet. we can check NAS status every x mins, if down, write current time as all usrs' accouting stop time. 2.The traffic is too heavy. and UDP packet lost . but basicaly i don't think this will happen, because the line between NAS and RADIUS server should be strong and sometimes almost only radius packet are transporting on it. If this condition happens, ISP could not avoid loss some money ^_^; so buy a powerful NAS which fit your tracfic. Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. -- ???: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ?? Cristi Banciu : 2004?10?14? 21:14 ???: [EMAIL PROTECTED] ??: Re: Accounting && billing method. On Thursday 14 October 2004 14:59, Graeme Hinchliffe wrote: > Thats where accounting comes in with radacct.. you get an entry in > post auth as the RADIUS server knows they are logging on as an > authentication request has just been processed by it. However no > authentication is required when someone disconnects so alas it cannot > know they have logged off. > > Accounting will send a packet at logon and logoff and even (if > configured) every x minutes to update the accounting information. > > RADACCT is the way to go Thank you very much, but this doesn't answer to my question. If the NAS does not send accounting info, how could I determine how much a user was logged in ? I am not curious about workarounds, just want to know if is anything I can do at freeradius level. Thank you very much! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Somebody have develop some NAS ?
hi all, I have to simulate a NAS on Linux, radius client is in NAS, but i think it's different from the radclient of freeradius, this client should be able to listen port to forward some packet, and able to cooperate with WEB AA server(this may include some other private protocol) . Is there any code i can use directly? Thanks. Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
about mod_auth_radius on APACHE
hi all, Anybody can give me an html/php example for apache server which can be used as a radius client to do WEB authentication? I'm not familiar with web programing. Thanks. Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
答复: Freeradius on S390
Check windows XP firewall attached by SP2. Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. -邮件原件- 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代表 Kinder Martyn G 发送时间: 2004年10月19日 19:44 收件人: [EMAIL PROTECTED] 主题: Freeradius on S390 Hi, I have compiled Freeradius v1.0.1 onto an IBM S390 clone. (Port 1812) All OK. I am running the daemom in Diagnostic mode (-X). I am using a mysql database, but I don't think that's relevant. Using NTRADPING from my Windoze box, the daemon responds with: rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied CHAP-Password matches local User-Password Login OK: [EMAIL PROTECTED]/] (from client FEL01-IBM port 0) Sending Access-Accept of id 38 to 192.168.121.152:1627 Framed-Protocol := PPP Service-Type := Framed-User Framed-Compression := Van-Jacobson-TCP-IP Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... However, NTRADPING doesn't see the response. All networking checks out OK and no Firewalls in the way. Any suggestions please? Martyn ___ Martyn Kinder Solutions Architect FUJITSU Infinity House, Mallard Way, Crewe, Cheshire, CW1 6ZQ Mobile: +44 (0) 786 782 3139 Internal: 7382 3139 E-mail: [EMAIL PROTECTED] Web:http://uk.fujitsu.com <http://uk.fujitsu.com> Fujitsu Services Limited, Registered in England no 96056, Registered Office 26, Finsbury Square, London, EC2A 1SL This e-mail is only for the use of its intended recipient. Its contents are subject to a duty of confidence and may be privileged. Fujitsu Services does not guarantee that this e-mail has not been intercepted and amended or that it is virus-free. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
About WEB authentication.
hi all, About implementing Web Authentication and Accouting used in school network access? I have 2 problems: 1. where should the web server be, in NAS or independent? 2. if web server is independent , it can get info from radius server, but how does webserver or radiusserver give singnal to NAS ,and allow usrs accessing to internet (I just thinking about the steps in AA, and have no any device except my Celeron 1.0G ---- ). Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: About WEB authentication.
I think u misunderstand me, I mean i have no device but a bad computer + Linux :) Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. -éäåä- åää: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] äè Dirk Enrique Seiffert - CaribeNet åéæé: 2004å10æ20æ 21:27 æää: [EMAIL PROTECTED] äé: Re: About WEB authentication. On Wednesday 20 October 2004 07:34, Yyc wrote: > hi all, > About implementing Web Authentication and Accouting used in school > network access? I have 2 problems: > 1. where should the web server be, in NAS or independent? > 2. if web server is independent , it can get info from radius server, > but how does webserver or radiusserver give singnal to NAS ,and allow > usrs accessing to internet (I just thinking about the steps in AA, and > have no any device except my Celeron 1.0G ---- ). You might install Nocat (www.nocat.net) which talks to radius. If you have some old spare computer or are able to buy a Soekris Board (www.soekris.com) you might install Monowall http://www.m0n0.ch/wall/ - Monowall includes a captive portal that authenticates against Radius. There are lots of other features included like traffic shaping etc. Best wishes Enrique > > Regards. > Yyc > > And the vision that was planted in my brain. > Still remains with the Sound of Silence. > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- CaribeNet S.A. - Cartagena - Colombia www.caribenet.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: expiring accounts
This should be done in USER MANAGE MODULE of your OSS ,where u can set your own attribute ,and control the list radius server access user info. Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. -- ???: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ?? Florian Prester : 2004?10?20? 22:45 ???: [EMAIL PROTECTED] ??: expiring accounts Hi, is there an attribute for a user, like the tacacs "expires = \"DATE\"", which limits an account until a specific date? thanks in advance flo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap searching
Login Name should be unique. Regards.YycAnd the vision that was planted in my brain.Still remains with the Sound of Silence. 发件人: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 代表 Ron Wahler发送时间: 2004年11月1日 0:23收件人: [EMAIL PROTECTED]主题: ldap searching If there are multiple users in an LDAP database with the same login name what is The default behavior of the ldap module, will it stop at the first login name that Matches and compare the password ? I assume so. If I wanted it To keep comparing all the users it finds in the database until if either passes Or there is no more entries how would I configure that. Thanks, Ron.
How do i change the format of Accouting detail file?
hi all, my freeradius-1.0.1 installed under /usr/local/, and acct logfile under /usr/local/var/log/radius/radacct/xx.xx.xx.xx, in logfile format like this Tue Oct 26 11:16:38 2004 User-Name = "JohnDoe" Acct-Status-Type = Accounting-On Acct-Session-Id = "4496" NAS-IP-Address = xxx.xxx.xxx.xxx Client-IP-Address = xxx.xxx.xxx.xxx Acct-Unique-Session-Id = "9bb99e44a7ec7886" Timestamp = 1098760598 Can I change it simeply? or add some attributes?or use some funcs directely output the Online time ? Regards. Yyc And the vision that was planted in my brain. Still remains with the Sound of Silence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How do i change the format of Accouting detail file?
I notice the attributes logged in detail file were written in radiusd.conf:
acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port" }
but after i delete Client-IP-Address for acct_unique{}, Client-IP-Address
still in detail-2004;
what should i do if i want to reduce attributes.
I'll write a module to read detail file every x(maybe 1-3)min, and store the
data to our own DB for accouting.
So less attributes are easy for my module to read.
Thanks.
Regards.
Yyc
And the vision that was planted in my brain.
Still remains with the Sound of Silence.
-邮件原件-
发件人: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] 代表 Alan DeKok
发送时间: 2004年11月2日 0:11
收件人: [EMAIL PROTECTED]
主题: Re: How do i change the format of Accouting detail file?
"Yyc" <[EMAIL PROTECTED]> wrote:
> Can I change it simeply? or add some attributes?or use some funcs
> directely output the Online time ?
The detail file logs the accounting packets. If you want to log
additional attributes, use other modules to add them to the accounting
packets, before the detail module is executed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How do i change the format of Accouting detail file?
oh, I see, _-_
Would you like to tell me which modules I can use? rlm_sql? We worry about
the DB performance when too many users,but haven't experiment.
Regards.
Yyc
And the vision that was planted in my brain.
Still remains with the Sound of Silence.
>"Yyc" <[EMAIL PROTECTED]> wrote:
>> I notice the attributes logged in detail file were written in
>> radiusd.conf:
>> acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address,
>> Client-IP-Address, NAS-Port" }
>
> So? Those attributes are referenced all over the place.
>
>> but after i delete Client-IP-Address for acct_unique{},
>> Client-IP-Address still in detail-2004;
>
> Because you have completely misunderstood how the configuration files
work.
>
>> what should i do if i want to reduce attributes.
>> I'll write a module to read detail file every x(maybe 1-3)min, and
>> store the data to our own DB for accouting.
>> So less attributes are easy for my module to read.
>
> You're not going to write another FreeRADIUS module to do that.
> Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: A question about port 1646
I think it might caused by criston radius server which attached in SuSE.
you can check Linux service port under /etc.
1812 1813 1814 is for freeradius
Regards
Yyc
---
And the vision that was planted in my brain.
Still remains with the sound of silence.
- Original Message -
From: "Andreas Meyer" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 15, 2004 5:51 PM
Subject: A question about port 1646
Hello!
Very new to freeradius (and RADIUS) I have a question about accounting.
I compiled and installed freeradius-1.0.1 on a SuSE8.2.
If I enable accounting in acct_users
DEFAULT Acct-Status-Type == Start
DEFAULT Acct-Status-Type == Stop
I find in /var/log/messages the following:
radacct[23153]: rc_send_server: no reply from RADIUS server localhost:1646
radacct[23153]: accounting FAILED, type Start, username andreas, service
Login-Use
I then made an entry in radiusd.conf:
listen {
ipaddr = *
port = 1646
type = acct
}
When I now do a radlogin I get some duplicate entries:
Linux 2.4.20-4GB-athlon (gamma) (port 2)
-
login: andreas
Password:
RADIUS: Authentication OK
Starting.
RADIUS_SERVICE_TYPE = Login-User
RADIUS_USER_NAME = andreas
RADIUS_LOGIN_IP_HOST = 192.168.1.3
RADIUS_LOGIN_SERVICE = Telnet
RADIUS accounting OK
Running /usr/bin/telnet 192.168.1.3
RADIUS accounting OK
Running /usr/bin/telnet 192.168.1.3
Trying 192.168.1.3...
Connected to 192.168.1.3.
Escape character is '^]'.
Trying 192.168.1.3...
Connected to 192.168.1.3.
Escape character is '^]'.
Welcome to SuSE Linux 8.2 (i586) - Kernel 2.4.20-4GB-athlon (3).
Welcome to SuSE Linux 8.2 (i586) - Kernel 2.4.20-4GB-athlon (4).
gamma login:
gamma login:
Why is that so? I tried changing the ports in /etc/services without
success. Is there another way to tell freeradius to take port 1813
for accounting?
Thank you!
--
Andreas Meyer
"We only do well the things we like doing." - Colette
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius accounting problem
hi all, I want to get user online time from detail files and calc money spend by user. So My questiong: Must I read acct detail file written by radius server? or There are some existing methods? Thank you. Regards Yyc --- And the vision that was planted in my brain. Still remains with the sound of silence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can radrelay do realtime accouting?
hi all, There are servral radius server and one accouting server. if i want to do realtime accouting, what should i do? radrelay can run as deamon? or use crontab to let radrelay run every x mins? Thanks u. Regards Yyc
Re: Can radrelay do realtime accouting?
hi, radrelay can run as a daemon. But since you only have one accounting server i don't see a point in using it. radsqlrelay (bug #154) could be helpful in your installation. Must I modify radrelay source code to run it as a deamon? I mean than every radius server record accouting packet in detail file, and fw detail to accouting server which write accouting data in database. and this way can reduce loss when any server down . Regards Yyc -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
