Re: Problem with proxy-radius function
= 101e73bfbe542522. ++[acct_unique] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radius/radacct/192.168.3.84/detail-20080412 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.3.84/detail-20080412 expand: %t - Sat Apr 12 19:07:58 2008 ++[detail] returns ok +- entering group pre-proxy expand: /var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d - /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412 expand: %t - Sat Apr 12 19:07:58 2008 ++[pre_proxy_log] returns ok Acct-Status-Type = Start User-Name = [EMAIL PROTECTED] Proxy-State = 0x30 Proxying request 0 to home server 192.168.3.86 port 1813 Acct-Status-Type = Start User-Name = [EMAIL PROTECTED] Proxy-State = 0x30 Going to the next request Waking up in 0.9 seconds. Proxy-State = 0x30 +- entering group post-proxy expand: /var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d - /var/log/radius/radacct/192.168.3.84/post-proxy-detail-20080412 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.3.84/post-proxy-detail-20080412 expand: %t - Sat Apr 12 19:07:58 2008 ++[post_proxy_log] returns ok Finished request 0. Cleaning up request 0 ID 0 with timestamp +10 Going to the next request Ready to process requests. Acct-Status-Type = Start User-Name = [EMAIL PROTECTED] +- entering group preacct rlm_realm: Looking up realm test.domain for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm test.domain rlm_realm: Proxying request from user test to realm test.domain rlm_realm: Adding Realm = test.domain rlm_realm: Preparing to proxy accounting request to realm test.domain ++[suffix] returns updated +- entering group accounting rlm_acct_unique: WARNING: Attribute 3GPP2-Correlation-Id was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute Calling-Station-Id was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',,' rlm_acct_unique: Acct-Unique-Session-ID = 101e73bfbe542522. ++[acct_unique] returns ok expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radius/radacct/192.168.3.84/detail-20080412 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/192.168.3.84/detail-20080412 expand: %t - Sat Apr 12 19:07:59 2008 ++[detail] returns ok +- entering group pre-proxy expand: /var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d - /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412 rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands to /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412 expand: %t - Sat Apr 12 19:07:59 2008 ++[pre_proxy_log] returns ok Acct-Status-Type = Start User-Name = [EMAIL PROTECTED] Proxy-State = 0x30 Proxying request 1 to home server 192.168.3.86 port 1813 Acct-Status-Type = Start User-Name = [EMAIL PROTECTED] Proxy-State = 0x30 Going to the next request Waking up in 0.9 seconds. Ignoring request from unknown home server 192.168.3.86 port 1813 Waking up in 0.9 seconds. Waking up in 28.9 seconds. Discarding duplicate request from client localhost port 1349 - ID: 0 due to unfinished request 1 Waking up in 27.0 seconds. Discarding duplicate request from client localhost port 1349 - ID: 0 due to unfinished request 1 Waking up in 24.1 seconds. Alan DeKok-4 wrote: banga wrote: AnyOne? Error: Rejecting request 20696 due to lack of any response from home server X.X.X.X port 1646 Error: Ignoring request from unknown home server X.X.X.X port 1646 How I can fix that ? I think what's happening is that the home server is sending the response from the wrong port. You would have to show *more* of the debug log to be sure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Problem-with-proxy-radius-function-tp16610498p16654065.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with proxy-radius function
AnyOne? Error: Rejecting request 20696 due to lack of any response from home server X.X.X.X port 1646 Error: Ignoring request from unknown home server X.X.X.X port 1646 How I can fix that ? banga wrote: Hello All. I Use freeradius 2.0.3 only for accounting purpose. More than that, I have dozen realms that should be counted locally, and only one that should be proxed to redundant AAA servers. My current configuration is the next: cat clients.conf client test1 { ipaddr = 192.168.100.1 secret = somesecret shortname = test1 nastype = other } client test2 { ipaddr = 192.168.100.2 secret = somesecret shortname = test2 nastype = other } cat proxy.conf proxy server { default_fallback = no } home_server test1 { type = acct ipaddr = 192.168.100.1 port = 1646 secret = somesecret status_check = request } home_server test2 { type = acct ipaddr = 192.168.100.2 port = 1646 secret = somesecret status_check = request } home_server_pool test { type = fail-over home_server = test1 home_server = test2
Re: Freeradius 2.0.3 crashing when in proxy mode Segmentation fault.
banga wrote: I Will try to ask second side to change port of answer from 1646 to 1813 , but dont think that this avoid Not sure , but next can help ... Try to uncomment in your /etc/services #radius 1645/udp #radacct1646/udp It's safe to have in /etc/services radius 1645/udp radacct 1646/udp radius 1812/udp radacct 1813/udp -- View this message in context: http://www.nabble.com/Freeradius-2.0.3-crashing-when-in-proxy-mode-Segmentation-fault.-tp16603509p16605110.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with proxy-radius function
Hello All. I Use freeradius 2.0.3 only for accounting purpose. More than that, I have dozen realms that should be counted locally, and only one that should be proxed to redundant AAA servers. My current configuration is the next: cat clients.conf client test1 { ipaddr = 192.168.100.1 secret = somesecret shortname = test1 nastype = other } client test2 { ipaddr = 192.168.100.2 secret = somesecret shortname = test2 nastype = other } cat proxy.conf proxy server { default_fallback = no } home_server test1 { type = acct ipaddr = 192.168.100.1 port = 1646 secret = somesecret status_check = request } home_server test2 { type = acct ipaddr = 192.168.100.2 port = 1646 secret = somesecret status_check = request } home_server_pool test { type = fail-over home_server = test1 home_server = test2 } realm dialup.domain.com { acct_pool = test
Re: 2.0.2 Radius stop work with Error...
Alan DeKok-4 wrote: Wed Mar 12 18:08:34 2008 : Error: ]event.c:1946] Failed to insert event That message should only come if the server runs out of memory, OR the time on your system stays the same... Did anybody now how I can fix that? The only one way to make radius working is start radius with -X (???). Hmm... I don't see why that would help. I use next settings: ... Wed Mar 12 05:45:14 2008 : Debug: max_requests_per_server = 8192 Set this to zero. Hello. 1) max_requests_per_server = 0 Looks that this setting is better for server, but server again fails after 5 hour of work with the same error : “Error: ]event.c:1946] Failed to insert event” ]event.c:1946] means [event.c:1946] ? :) . Server has 2 Gb RAM and I’m sure that it’s not “out of memory”. May be there some sysctl setting can help server allocate memory a bit better, but 2 Gb looks quite enough. 2) I use –X like solution, it’s work just fine. Then I start radius without –X I see only one process. Is it ok? How I understand it should be at least 30 process because of “start_servers = 30”. I’m I wrong? 3) What do you mean then you write “OR the time on your system stays the same...” How the time can stays the same ? 4) What is incorrect ?? root@:/etc/raddb# check-radiusd-config radiusd: The options -i and -p cannot be used individually. root@:/etc/raddb# # listen { ipaddr = * port = 1813 type = acct } Lokks like this should be ok for radius (I use it only for accounting). With Regards, Banga -- View this message in context: http://www.nabble.com/2.0.2-Radius-stop-work-with-Error...-tp16046484p16349004.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Incorrect Acct-Session-Id format in Freradius 2.0.2
Hi all. I have found that format of Acct-Session-Id has been changed from v.1.x to 2.0.2 At debug I can see Acct-Session-Id = 1234567\000 not Acct-Session-Id = 1234567 (like in v.1.x) Is there any Idea why we get this \000 Acct-Session-Id is using for radacct_acctuniqueid_key (hash) and there are can be a problem between master and slave radius in case then Start record will be in v.1.x and STOP will be in v.2.0.2 where HASH for STOP will be completely different. -- View this message in context: http://www.nabble.com/Incorrect-Acct-Session-Id-format-in-Freradius-2.0.2-tp16046767p16046767.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.0.2 Radius stop work with Error...
Hello. I use FreeRadius + Postgres for accounting purpose only (avarage 3-5 accounting updates per second). For some reason very often radius stop work. Every time with the same error. Wed Mar 12 18:08:34 2008 : Error: ]event.c:1946] Failed to insert event Did anybody now how I can fix that? The only one way to make radius working is start radius with -X (???). -- View this message in context: http://www.nabble.com/2.0.2-Radius-stop-work-with-Error...-tp16046484p16046484.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postgres SQL Alarm on duplicated record
Hello. Some times my NAS resend START record to RADIUS. The And I get the alarm messages like that , because the differences in this start record is only in Start time and radacct_acctuniqueid_key are always equal for such sessions. : Wed Mar 12 18:05:10 2008 : Error: rlm_sql (sql): Couldn't insert SQL accounting START record - ERROR: duplicate key violates unique constraint radacct_acctuniqueid_key But, in any case all such start records are put to database. How I cat stop put such duplicate records? -- View this message in context: http://www.nabble.com/Postgres-SQL-Alarm-on-duplicated-record-tp16046727p16046727.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Incorrect Acct-Session-Id format in Freradius 2.0.2
Alan DeKok-4 wrote: banga wrote: Hi all. I have found that format of Acct-Session-Id has been changed from v.1.x to 2.0.2 Not really. Your NAS is broken. 1.1.x hides that fact. 2.x doesn't. At debug I can see Acct-Session-Id = 1234567\000 That's what your NAS sends. It's not supposed to send a terminal zero. Let me guess... this is very old Ascend hardware? not Acct-Session-Id = 1234567 (like in v.1.x) Is there any Idea why we get this \000 Acct-Session-Id is using for radacct_acctuniqueid_key (hash) and there are can be a problem between master and slave radius in case then Start record will be in v.1.x and STOP will be in v.2.0.2 where HASH for STOP will be completely different. You can update the code in v2.0.2 to delete the trailing zero, or to not print it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sorry ,but I can not find place where i can delete the trailing zero. Could you please show me a place(way) from that I can start ? -- View this message in context: http://www.nabble.com/Incorrect-Acct-Session-Id-format-in-Freradius-2.0.2-tp16046767p16054225.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.2 Radius stop work with Error...
Alan DeKok-4 wrote: banga wrote: For some reason very often radius stop work. Every time with the same error. Wed Mar 12 18:08:34 2008 : Error: ]event.c:1946] Failed to insert event That message should only come if the server runs out of memory, OR the time on your system stays the same... Did anybody now how I can fix that? The only one way to make radius working is start radius with -X (???). Hmm... I don't see why that would help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Looks that this is because of HI LOAD and my misunderstanding in tunning of Radius. After detail debug I have found that sometimes Radius tries to insert more then 50 Updates/sec. This is the last messages in radius log before Radius die : Wed Mar 12 05:47:23 2008 : Debug: expand: INSERT into radacct (AcctSessionId, AcctUniqueId, CallingStationId, . Wed Mar 12 05:47:23 2008 : Debug: rlm_sql (sql): Reserving sql socket id: 42 Wed Mar 12 05:47:23 2008 : Debug: Threads: total/active/spare threads = 29/13/16 Wed Mar 12 05:47:23 2008 : Debug: Threads: deleting 1 spare out of 6 spares Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 32 ID 99 with timestamp +128 Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 33 ID 100 with timestamp +128 Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 34 ID 101 with timestamp +128 Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 35 ID 102 with timestamp +128 Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 36 ID 103 with timestamp +128 Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 37 ID 104 with timestamp +128 Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds. Wed Mar 12 05:47:23 2008 : Error: ]event.c:1946] Failed to insert event More then that: [EMAIL PROTECTED]:# grep : Acct-U failure.log Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = d1040ecf26219792. Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = c174b2c604f47ae6. Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = fc4b1110b7b135ba. Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = 6d649716d3997349. Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = dded11c824fb11d7. Wed Mar 12 05:47:23 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = dea445efb6536a79. Wed Mar 12 05:47:23 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = a4e39361eb2ce555. Wed Mar 12 05:47:23 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID = 9d1613bb69209f1b. [EMAIL PROTECTED]:# grep : Acct-U failure.log | wc -l 59 [EMAIL PROTECTED]:# So it really HI Load. I use next settings: Wed Mar 12 05:45:14 2008 : Debug: num_sql_socks = 50 .. Wed Mar 12 05:45:14 2008 : Debug: thread pool { Wed Mar 12 05:45:14 2008 : Debug: start_servers = 30 Wed Mar 12 05:45:14 2008 : Debug: max_servers = 64 Wed Mar 12 05:45:14 2008 : Debug: min_spare_servers = 3 Wed Mar 12 05:45:14 2008 : Debug: max_spare_servers = 10 Wed Mar 12 05:45:14 2008 : Debug: max_requests_per_server = 8192 Wed Mar 12 05:45:14 2008 : Debug: cleanup_delay = 5 Wed Mar 12 05:45:14 2008 : Debug: max_queue_size = 65536 Wed Mar 12 05:45:14 2008 : Debug: } May be I'm wrong with thread settings or it's better to degrease number of SQL sock. In any case Radius should not die anyway . Isn't it? My system : Kernel 2.6.22, 2G RAM, Xeon 2.00 Ghz. Is that parameters enough to process 50-100 SQL updates/sec ? Has anyone solution intunning? Should I tune my postgres 8.2 first? How? Thank you. -- View this message in context: http://www.nabble.com/2.0.2-Radius-stop-work-with-Error...-tp16046484p16058580.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7254733 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
John , I see the way now. Thx, for help. I’m going to install test radius in nearest future. I’ll try to check this query there. John Longland wrote: Here is the query that I put into sql.conf Maybe use it and build on it for your specific example ?? authorize_check_query = select id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE UserName in (select UserName from ${authcheck_table} WHERE Value = '%{Calling-Station-ID}') ORDER BY id John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 15:14 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 238235 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7257034 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assign IP based on CallingStationID.
Thx Peter, I will try to install 1.1.3 to check sqlippool functions. Peter Nixonn wrote: Hi Banga We have a large system in production that does almost exactly what you state. It can all be done with a few modifications of the sql queries. (Infact we have a rather complex postgresql stored procedure, but one simpler query is possible depending on what you need). If you wish to assign dynamic ips, but bound to callingstationid, not username this is also possible with sqlippool.. Read the comments in the config file in cvs. Cheers Peter On Thu 09 Nov 2006 11:10, banga wrote: I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html #a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7257093 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Assign IP based on CallingStationID.
I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7238235 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html