Re: Problem with proxy-radius function
= 101e73bfbe542522.
++[acct_unique] returns ok
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -
/var/log/radius/radacct/192.168.3.84/detail-20080412
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/detail-20080412
expand: %t - Sat Apr 12 19:07:58 2008
++[detail] returns ok
+- entering group pre-proxy
expand:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -
/var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
expand: %t - Sat Apr 12 19:07:58 2008
++[pre_proxy_log] returns ok
Acct-Status-Type = Start
User-Name = [EMAIL PROTECTED]
Proxy-State = 0x30
Proxying request 0 to home server 192.168.3.86 port 1813
Acct-Status-Type = Start
User-Name = [EMAIL PROTECTED]
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
Proxy-State = 0x30
+- entering group post-proxy
expand:
/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d -
/var/log/radius/radacct/192.168.3.84/post-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/post-proxy-detail-20080412
expand: %t - Sat Apr 12 19:07:58 2008
++[post_proxy_log] returns ok
Finished request 0.
Cleaning up request 0 ID 0 with timestamp +10
Going to the next request
Ready to process requests.
Acct-Status-Type = Start
User-Name = [EMAIL PROTECTED]
+- entering group preacct
rlm_realm: Looking up realm test.domain for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm test.domain
rlm_realm: Proxying request from user test to realm test.domain
rlm_realm: Adding Realm = test.domain
rlm_realm: Preparing to proxy accounting request to realm test.domain
++[suffix] returns updated
+- entering group accounting
rlm_acct_unique: WARNING: Attribute 3GPP2-Correlation-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Acct-Session-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: WARNING: Attribute Calling-Station-Id was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',,'
rlm_acct_unique: Acct-Unique-Session-ID = 101e73bfbe542522.
++[acct_unique] returns ok
expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d -
/var/log/radius/radacct/192.168.3.84/detail-20080412
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.3.84/detail-20080412
expand: %t - Sat Apr 12 19:07:59 2008
++[detail] returns ok
+- entering group pre-proxy
expand:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d -
/var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.3.84/pre-proxy-detail-20080412
expand: %t - Sat Apr 12 19:07:59 2008
++[pre_proxy_log] returns ok
Acct-Status-Type = Start
User-Name = [EMAIL PROTECTED]
Proxy-State = 0x30
Proxying request 1 to home server 192.168.3.86 port 1813
Acct-Status-Type = Start
User-Name = [EMAIL PROTECTED]
Proxy-State = 0x30
Going to the next request
Waking up in 0.9 seconds.
Ignoring request from unknown home server 192.168.3.86 port 1813
Waking up in 0.9 seconds.
Waking up in 28.9 seconds.
Discarding duplicate request from client localhost port 1349 - ID: 0 due to
unfinished request 1
Waking up in 27.0 seconds.
Discarding duplicate request from client localhost port 1349 - ID: 0 due to
unfinished request 1
Waking up in 24.1 seconds.
Alan DeKok-4 wrote:
banga wrote:
AnyOne?
Error: Rejecting request 20696 due to lack of any response from home
server
X.X.X.X port 1646
Error: Ignoring request from unknown home server X.X.X.X port 1646
How I can fix that ?
I think what's happening is that the home server is sending the
response from the wrong port. You would have to show *more* of the
debug log to be sure.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/Problem-with-proxy-radius-function-tp16610498p16654065.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with proxy-radius function
AnyOne?
Error: Rejecting request 20696 due to lack of any response from home server
X.X.X.X port 1646
Error: Ignoring request from unknown home server X.X.X.X port 1646
How I can fix that ?
banga wrote:
Hello All.
I Use freeradius 2.0.3 only for accounting purpose.
More than that, I have dozen realms that should be counted locally, and
only one that should be proxed to redundant AAA servers.
My current configuration is the next:
cat clients.conf
client test1 {
ipaddr = 192.168.100.1
secret = somesecret
shortname = test1
nastype = other
}
client test2 {
ipaddr = 192.168.100.2
secret = somesecret
shortname = test2
nastype = other
}
cat proxy.conf
proxy server {
default_fallback = no
}
home_server test1 {
type = acct
ipaddr = 192.168.100.1
port = 1646
secret = somesecret
status_check = request
}
home_server test2 {
type = acct
ipaddr = 192.168.100.2
port = 1646
secret = somesecret
status_check = request
}
home_server_pool test {
type = fail-over
home_server = test1
home_server = test2
Re: Freeradius 2.0.3 crashing when in proxy mode Segmentation fault.
banga wrote: I Will try to ask second side to change port of answer from 1646 to 1813 , but dont think that this avoid Not sure , but next can help ... Try to uncomment in your /etc/services #radius 1645/udp #radacct1646/udp It's safe to have in /etc/services radius 1645/udp radacct 1646/udp radius 1812/udp radacct 1813/udp -- View this message in context: http://www.nabble.com/Freeradius-2.0.3-crashing-when-in-proxy-mode-Segmentation-fault.-tp16603509p16605110.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with proxy-radius function
Hello All.
I Use freeradius 2.0.3 only for accounting purpose.
More than that, I have dozen realms that should be counted locally, and
only one that should be proxed to redundant AAA servers.
My current configuration is the next:
cat clients.conf
client test1 {
ipaddr = 192.168.100.1
secret = somesecret
shortname = test1
nastype = other
}
client test2 {
ipaddr = 192.168.100.2
secret = somesecret
shortname = test2
nastype = other
}
cat proxy.conf
proxy server {
default_fallback = no
}
home_server test1 {
type = acct
ipaddr = 192.168.100.1
port = 1646
secret = somesecret
status_check = request
}
home_server test2 {
type = acct
ipaddr = 192.168.100.2
port = 1646
secret = somesecret
status_check = request
}
home_server_pool test {
type = fail-over
home_server = test1
home_server = test2
}
realm dialup.domain.com {
acct_pool = test
Re: 2.0.2 Radius stop work with Error...
Alan DeKok-4 wrote:
Wed Mar 12 18:08:34 2008 : Error: ]event.c:1946] Failed to insert event
That message should only come if the server runs out of memory, OR the
time on your system stays the same...
Did anybody now how I can fix that?
The only one way to make radius working is start radius with -X (???).
Hmm... I don't see why that would help.
I use next settings:
...
Wed Mar 12 05:45:14 2008 : Debug: max_requests_per_server = 8192
Set this to zero.
Hello.
1)
max_requests_per_server = 0
Looks that this setting is better for server, but server again fails after 5
hour of work with the same error :
“Error: ]event.c:1946] Failed to insert event”
]event.c:1946] means [event.c:1946] ? :) .
Server has 2 Gb RAM and I’m sure that it’s not “out of memory”.
May be there some sysctl setting can help server allocate memory a bit
better, but 2 Gb looks quite enough.
2) I use –X like solution, it’s work just fine.
Then I start radius without –X I see only one process. Is it ok? How I
understand it should be at least 30 process because of “start_servers = 30”.
I’m I wrong?
3)
What do you mean then you write “OR the time on your system stays the
same...”
How the time can stays the same ?
4) What is incorrect ??
root@:/etc/raddb# check-radiusd-config
radiusd: The options -i and -p cannot be used individually.
root@:/etc/raddb#
#
listen {
ipaddr = *
port = 1813
type = acct
}
Lokks like this should be ok for radius (I use it only for accounting).
With Regards,
Banga
--
View this message in context:
http://www.nabble.com/2.0.2-Radius-stop-work-with-Error...-tp16046484p16349004.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Incorrect Acct-Session-Id format in Freradius 2.0.2
Hi all. I have found that format of Acct-Session-Id has been changed from v.1.x to 2.0.2 At debug I can see Acct-Session-Id = 1234567\000 not Acct-Session-Id = 1234567 (like in v.1.x) Is there any Idea why we get this \000 Acct-Session-Id is using for radacct_acctuniqueid_key (hash) and there are can be a problem between master and slave radius in case then Start record will be in v.1.x and STOP will be in v.2.0.2 where HASH for STOP will be completely different. -- View this message in context: http://www.nabble.com/Incorrect-Acct-Session-Id-format-in-Freradius-2.0.2-tp16046767p16046767.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.0.2 Radius stop work with Error...
Hello. I use FreeRadius + Postgres for accounting purpose only (avarage 3-5 accounting updates per second). For some reason very often radius stop work. Every time with the same error. Wed Mar 12 18:08:34 2008 : Error: ]event.c:1946] Failed to insert event Did anybody now how I can fix that? The only one way to make radius working is start radius with -X (???). -- View this message in context: http://www.nabble.com/2.0.2-Radius-stop-work-with-Error...-tp16046484p16046484.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postgres SQL Alarm on duplicated record
Hello. Some times my NAS resend START record to RADIUS. The And I get the alarm messages like that , because the differences in this start record is only in Start time and radacct_acctuniqueid_key are always equal for such sessions. : Wed Mar 12 18:05:10 2008 : Error: rlm_sql (sql): Couldn't insert SQL accounting START record - ERROR: duplicate key violates unique constraint radacct_acctuniqueid_key But, in any case all such start records are put to database. How I cat stop put such duplicate records? -- View this message in context: http://www.nabble.com/Postgres-SQL-Alarm-on-duplicated-record-tp16046727p16046727.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Incorrect Acct-Session-Id format in Freradius 2.0.2
Alan DeKok-4 wrote: banga wrote: Hi all. I have found that format of Acct-Session-Id has been changed from v.1.x to 2.0.2 Not really. Your NAS is broken. 1.1.x hides that fact. 2.x doesn't. At debug I can see Acct-Session-Id = 1234567\000 That's what your NAS sends. It's not supposed to send a terminal zero. Let me guess... this is very old Ascend hardware? not Acct-Session-Id = 1234567 (like in v.1.x) Is there any Idea why we get this \000 Acct-Session-Id is using for radacct_acctuniqueid_key (hash) and there are can be a problem between master and slave radius in case then Start record will be in v.1.x and STOP will be in v.2.0.2 where HASH for STOP will be completely different. You can update the code in v2.0.2 to delete the trailing zero, or to not print it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Sorry ,but I can not find place where i can delete the trailing zero. Could you please show me a place(way) from that I can start ? -- View this message in context: http://www.nabble.com/Incorrect-Acct-Session-Id-format-in-Freradius-2.0.2-tp16046767p16054225.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 2.0.2 Radius stop work with Error...
Alan DeKok-4 wrote:
banga wrote:
For some reason very often radius stop work. Every time with the same
error.
Wed Mar 12 18:08:34 2008 : Error: ]event.c:1946] Failed to insert event
That message should only come if the server runs out of memory, OR the
time on your system stays the same...
Did anybody now how I can fix that?
The only one way to make radius working is start radius with -X (???).
Hmm... I don't see why that would help.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Looks that this is because of HI LOAD and my misunderstanding in tunning
of Radius.
After detail debug I have found that sometimes Radius tries to insert more
then 50 Updates/sec.
This is the last messages in radius log before Radius die :
Wed Mar 12 05:47:23 2008 : Debug: expand: INSERT into radacct
(AcctSessionId, AcctUniqueId, CallingStationId, .
Wed Mar 12 05:47:23 2008 : Debug: rlm_sql (sql): Reserving sql socket id: 42
Wed Mar 12 05:47:23 2008 : Debug: Threads: total/active/spare threads =
29/13/16
Wed Mar 12 05:47:23 2008 : Debug: Threads: deleting 1 spare out of 6 spares
Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 32 ID 99 with
timestamp +128
Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 33 ID 100 with
timestamp +128
Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 34 ID 101 with
timestamp +128
Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 35 ID 102 with
timestamp +128
Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 36 ID 103 with
timestamp +128
Wed Mar 12 05:47:23 2008 : Debug: Cleaning up request 37 ID 104 with
timestamp +128
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Debug: Waking up in 0.1 seconds.
Wed Mar 12 05:47:23 2008 : Error: ]event.c:1946] Failed to insert event
More then that:
[EMAIL PROTECTED]:# grep : Acct-U failure.log
Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID =
d1040ecf26219792.
Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID =
c174b2c604f47ae6.
Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID =
fc4b1110b7b135ba.
Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID =
6d649716d3997349.
Wed Mar 12 05:47:21 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID =
dded11c824fb11d7.
Wed Mar 12 05:47:23 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID =
dea445efb6536a79.
Wed Mar 12 05:47:23 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID =
a4e39361eb2ce555.
Wed Mar 12 05:47:23 2008 : Debug: rlm_acct_unique: Acct-Unique-Session-ID =
9d1613bb69209f1b.
[EMAIL PROTECTED]:# grep : Acct-U failure.log | wc -l
59
[EMAIL PROTECTED]:#
So it really HI Load.
I use next settings:
Wed Mar 12 05:45:14 2008 : Debug: num_sql_socks = 50
..
Wed Mar 12 05:45:14 2008 : Debug: thread pool {
Wed Mar 12 05:45:14 2008 : Debug: start_servers = 30
Wed Mar 12 05:45:14 2008 : Debug: max_servers = 64
Wed Mar 12 05:45:14 2008 : Debug: min_spare_servers = 3
Wed Mar 12 05:45:14 2008 : Debug: max_spare_servers = 10
Wed Mar 12 05:45:14 2008 : Debug: max_requests_per_server = 8192
Wed Mar 12 05:45:14 2008 : Debug: cleanup_delay = 5
Wed Mar 12 05:45:14 2008 : Debug: max_queue_size = 65536
Wed Mar 12 05:45:14 2008 : Debug: }
May be I'm wrong with thread settings or it's better to degrease number of
SQL sock.
In any case Radius should not die anyway . Isn't it?
My system :
Kernel 2.6.22, 2G RAM, Xeon 2.00 Ghz.
Is that parameters enough to process 50-100 SQL updates/sec ?
Has anyone solution intunning?
Should I tune my postgres 8.2 first? How?
Thank you.
--
View this message in context:
http://www.nabble.com/2.0.2-Radius-stop-work-with-Error...-tp16046484p16058580.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7254733 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
John , I see the way now.
Thx, for help. I’m going to install test radius in nearest future.
I’ll try to check this query there.
John Longland wrote:
Here is the query that I put into sql.conf
Maybe use it and build on it for your
specific example ??
authorize_check_query = select id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE UserName in
(select UserName from ${authcheck_table} WHERE Value =
'%{Calling-Station-ID}')
ORDER BY id
John
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org]On Behalf Of banga
Sent: 08 November 2006 15:14
To: freeradius-users@lists.freeradius.org
Subject: Assign IP based on CallingStationID.
I use dafault table-layout.
How I understand you just change username authentication to
callingstationid
authentication inside sql.conf. Thx, it’s really good idea. I think that I
could do the same by myself, but it will take a time.
Therefore any examples will be very useful. Can you post it here?
If It’s too big you can send it to me - “nebula-at-inbox-lv”.
From other side, I need username/password authentication also (for other
users) therefore it will be difficult to implement this ( may be I’ll
install another freeradius specially for that).
In my situation radius for some users check username/password, for other
users it should do the next:
check username/password/callingstationid (in fact username and password
always the same)
if callingstationid has specific value (can be dosen specifc
callingstationid_s) then replay accept and some specific IP for each
specific callingstationid or just assign ip from radius pool.
if callingstationid is not in the list of “specific callingstationid”
then
just replay accept and NAS will assign ip from equipment’s IP pool
Main Idea: For now most users has the same username and password and it is
not possible to change anything in that. Some callingstationid is not
friendly for my network (they should have only http traffic). That’s why I
want to assign them IP from specific pool – I going to setup firewall
rules
for a such IPs.
Any idea ?
John Longland wrote:
Yes, I have just done it.
You need to change the sql-statement in /etc/raddb/sql.conf
That is the
autorize_check_query.Depending on how you use your tables, the query
that I am using may or may not work. If you want I can give you the
one that works for me if you supply your table-layout.
JOhn
P.S The statement I use does NOT check username/password !!!
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org]On Behalf Of banga
Sent: 08 November 2006 11:37
To: freeradius-users@lists.freeradius.org
Subject: Assign IP based on CallingStationID.
Hello all.
I use freeradius ver. 1.1.1 + mysql.
I use same login/password for couple of users but they has different
callingstationid.
Is it possible to check callingstationid and asiighn IP based on it?
Do I need to create some additional tables in mysql for that?
Thx.
--
View this message in context:
http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7
235317
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7
238235
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7257034
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assign IP based on CallingStationID.
Thx Peter, I will try to install 1.1.3 to check sqlippool functions. Peter Nixonn wrote: Hi Banga We have a large system in production that does almost exactly what you state. It can all be done with a few modifications of the sql queries. (Infact we have a rather complex postgresql stored procedure, but one simpler query is possible depending on what you need). If you wish to assign dynamic ips, but bound to callingstationid, not username this is also possible with sqlippool.. Read the comments in the config file in cvs. Cheers Peter On Thu 09 Nov 2006 11:10, banga wrote: I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html #a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7257093 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Assign IP based on CallingStationID.
I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7238235 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
