Re: problem with proxy configuration

2006-10-17 Thread Prabhdeep Singh
Hi Alan,


Thanks for the response. 

 It looks like you've configured the server to proxy to itself. Why?

 

I do understand your technical objection of doing what I am doing, but 
I have a valid application reson, which is that I support multiple realms on this particular radius server.
For some realms, I want the UserName to strip the Realm name (nostrip) and for some I don't 

Is there any other way to achieve the same than not using striop and nostrip flag in proxy.conf

Thanks again for your comments.

Prabh
-- MyBlog: http://things-on-my-mind.blogspot.com/Get your news at www.DailyHeadlines.NET
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

problem with proxy configuration

2006-10-16 Thread Prabhdeep Singh

Hello,

I am having following problem with proxy.

In proxy.conf, I have following entries

realm myPartnerRealm {
  type= radius
  authhost= mypartner.server.com:1812
  accthost= mypartner.server.com:1813
  secret  = mypartnersecret
  nostrip
}

realm myCustomRealm {
  type= radius
  authhost= localhost:1812
  accthost= localhost:1813
  secret  = mysecret
  nostrip
}

realm DEFAULT {
   type= radius
   authhost= localhost:1812
   accthost= localhost:1813
   secret  = mysecret
}

I am able to authenticate against myPartnerRealm and default relam,
but when I submit request for myCustomRealm, the server seems to go
in a loop and marks the myCustomRealm as dead with the following
error.

marking authentication server localhost:1812 for realm myCustomRealm dead

I also get the following warning message
WARNING: Possible DoS attack from host 127.0.0.1: Too many attributes
in request (received 201, max 200 are allowed).

I read in one of the post that proxying to same server (localhost) is
not allowed  , but i need this feature as I do not want to strip
certain Realms.

Thanks for your help.

Prabh

--
MyBlog: http://things-on-my-mind.blogspot.com/
Get your news at www.DailyHeadlines.NET
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Banking Time

2006-09-19 Thread Prabhdeep Singh
Hi,  I am trying to figure out how can i support two sets of users on same  DB (radius/MySQL), where one set of users are able to bank the time,  and others not.  For example.  User A buys a plan that is good for 2 hour he/she logs in and after 
 1 hour logs out.  One day after User A is again able to log in and use the remaining 1  hour.  User B buys a plan that is also good for 2 hours he/she logs in and  after 1 hour logs out. But One day after User B is not able to log in 
 as the time was calculated from the time, when user first logged in.  Thanks.  With Regards, Prabh --Get your news at www.DailyHeadlines.NET

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Retry Delay and Retry Count in Proxy.conf

2004-12-20 Thread prabhdeep
Hi,
I would like to know if there is a way to set retry_delay ...
at realm level, as I would like to wait longer for some re...
Thanks
Prabh
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Server is being hit by requests as old as one week..... how to stop?

2004-11-16 Thread Prabhdeep
Hi guys,

We had a problem with multiple accounting records,
which we resolved by adding unique key to radacct
table and modifying the insert/update SQL for
accounting records. 

It seems that by solving this problem we had taken on
a bigger problem. Because server is now returning
error for any duplicate accounting record, clients are
submitting the request again and again  we are
being hit by requests as old as one week.

I guess, my question is that if there is any way to
stop this requests. 

Thanks
Prabh

__ 
Post your free ad now! http://personals.yahoo.ca

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


problem with ServiceType in radacct table

2004-08-31 Thread prabhdeep
Hi,
I am having problem with ServiceType field in radacct.
I have setup Service-Type Attribute in radgroupreply to 1 i.e. 
Login-User, but
radacct table is not updated accordingly. Infact, the field remains empty.

Any ideas.
Thanks.
Prabh
Freeradius Version 1.0.
Linux 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Delay in updating accounting table

2004-06-21 Thread prabhdeep
Hi,
Does anybody know why accounting table is updated only when Account Stop 
packet is sent?
Although the Account Start is not lost, but its only inserted when Account 
Stop is triggered.

Does Freeradius saves the Accounting packets in some intermediary files 
before updating database?
If it does then in which file? and if there is any way to push the insert 
without delay.

FreeRadius: 0.93
Database: mySQL
Thanks
prabh

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Unknown Clients

2004-06-17 Thread prabhdeep
Hi,
Could you please post your configuration file... as its not working for 
me its only in clients.conf?
is there any change in radius.conf?

I am using 0.93 version.
Thanks
Prabh
[EMAIL PROTECTED] (Alan DeKok) wrote in message 
news:[EMAIL PROTECTED]...
 Timothy Tan [EMAIL PROTECTED] wrote:
  I had a similar problem when I tried out the freeradius-1.0.0-pre1 build
  with fedora core 2... whenever I try to get my cisco AP to auth with
  freeradius, I get the same unknown client message, and the IP is already
  added in the clients.conf file...

   Hmmm... I don't run fedora, but it works for me here, even 0.0.0.0/0.

   Alan DeKok.

 -
 List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


NAS client authentication

2004-06-14 Thread prabhdeep
Hi,
How can one allow any NAS client to be authenticated as long as secret matches?
0.0.0.0/0 does not work in clients.conf there does not seem to be any 
default entry that I can set
something like if the IP does not match then use this.

Thannk.
with regards,
prabh
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


(no subject)

2004-06-14 Thread prabhdeep
Thanks Thor,
I tried 0.0.0.0/1, but it still does not work... I keep getting following 
messages.
Just curious what the networking standard... I thought it was 0/8/16/24 or 
is it 1/8/16/24?

rad_recv: Accounting-Request packet from host 192.168.0.121:1024, id=243, 
length=141
Ignoring request from unknown client 192.168.0.121:1024
--- Walking the entire request list ---
Nothing to do.  Sleeping until we see a request.
rad_recv: Access-Request packet from host 192.168.0.121:1024, id=206, 
length=228
Ignoring request from unknown client 192.168.0.121:1024

Thanks again.
prabh


 Hi,

 How can one allow any NAS client to be authenticated as long as secret
matches?

client 0.0.0.0/1 {
...
}
client 128.0.0.0/1 {
...
}
 0.0.0.0/0 does not work in clients.conf there does not seem to be any
 default entry that I can set
 something like if the IP does not match then use this.

 Thannk.

 with regards,
 prabh

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


NAS Id and clients.conf

2004-06-10 Thread Prabhdeep
Hi,
Does anybody know how I can add NAS-ID instead of
NAS-IP Address for identification?

In other words if NAS-ID and secret matches then its
as good as matching NAS-IP Address and secret.

Thanks.
With regards,
Prabh








__ 
Post your free ad now! http://personals.yahoo.ca

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Colubris

2004-06-05 Thread Prabhdeep
Thanks.

I was able to resolve the problem.
The operator type was wrong. 

Prabh

 --- Livraizone [EMAIL PROTECTED] wrote:  Hi,
  
 I am new to FreeRadius and trying to configure it
 with Colubris device.
 I have defined many Colubris-AVPair in radgroupreply
 table but for some reason only first AVPair is
 being passed.
  
 Thanks for your help.
  
 Debug Log:
  
 rlm_mschap: adding MS-CHAPv1 MPPE keys
   modcall[authenticate]: module mschap returns ok
 for request 0
 modcall: group Auth-Type returns ok for request 0
 Login OK: [john/no User-Password attribute] (from
 client colubris port 0 cli 00-02-6F-08-50-B8)
 Sending Access-Accept of id 40 to 121.138.0.150:1026
 Colubris-AVPair =

login-url=https://login.xyz.net/CN3000BI/login.php?NASid=%n;
 Port-Limit = 1
 MS-CHAP-MPPE-Keys =

0x1375b00d2ad7d73bea5a4a3jsp0cd188b0c2613a1d6b26aa
 MS-MPPE-Encryption-Policy = 0x0001
 MS-MPPE-Encryption-Types = 0x0006
 Finished request 0
 
  
  
  
 
 
 
 -
 Post your free ad now! Yahoo! Canada Personals
  

__ 
Post your free ad now! http://personals.yahoo.ca

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html