Re: sqlcounter_expire_on_login module
Thanks for your answer. I had been testing some queries ... Now works fine with SELECT IFNULL((query),0) Thank you very much. Best regards, Antonio. -- View this message in context: http://freeradius.1045715.n5.nabble.com/sqlcounter-expire-on-login-module-tp5682512p5682577.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter_expire_on_login module
Hi everybody, I have been looking for how to solve this: A user log in to freeradius, and after the first login, exactly one day later the access should to expire. Example: User: 'aaa' - 1 day (24hours). First login: 2012-04-02 12:00:00 Expires on: 2012-04-03 12:00:00 I have enabled sqlcounter_expire_on_login module, when user log in first time, there are not uses (radacct is empty for this user) but, sqlcounter_expire_on_login's query returns empty set value, not returns a valid value (for example 0) so, when freeradius check the return, says this: (freeradius -X output) rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacct WHERE UserName='%{User-Name}' ORDER BY acctstarttime LIMIT 1;' [expire_on_login] expand: SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacctWHERE UserName='%{User-Name}' ORDER BY acctstarttimeLIMIT 1; -> SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacctWHERE UserName='sa373YIMET' ORDER BY acctstarttimeLIMIT 1; sqlcounter_expand: '%{sql:SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacctWHERE UserName='sa373YIMET' ORDER BY acctstarttimeLIMIT 1;}' [expire_on_login] sql_xlat [expire_on_login] expand: %{User-Name} -> sa373YIMET [expire_on_login] sql_set_user escaped user --> 'sa373YIMET' [expire_on_login] expand: SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacctWHERE UserName='sa373YIMET' ORDER BY acctstarttimeLIMIT 1; -> SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacctWHERE UserName='sa373YIMET' ORDER BY acctstarttimeLIMIT 1; rlm_sql (sql): Reserving sql socket id: 3 [expire_on_login] SQL query did not return any results rlm_sql (sql): Released sql socket id: 3 [expire_on_login] expand: %{sql:SELECT TIME_TO_SEC(TIMEDIFF(NOW(), acctstarttime)) FROM radacctWHERE UserName='sa373YIMET' ORDER BY acctstarttimeLIMIT 1;} -> rlm_sqlcounter: No integer found in string "" ++[expire_on_login] returns noop Anybody could tell me how can I do to solve it? I hope your answers. Thank you very much. Best regards, Antonio. -- View this message in context: http://freeradius.1045715.n5.nabble.com/sqlcounter-expire-on-login-module-tp5682512.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rejecting login with radgroupcheck attributes
Hi again, Sorry if this message gets doubled. I thought it had not been sent. I have been testing with the definition of DEFAULT Auth-Type := Reject in users file, but does not works. I don't know if I should to define this into another directive or in another file or in sql table. Now, I'm thinking in to define radgroupcheck's attributes directly into radcheck table and the same with radgroupreply's attributes because, I'm interested in reject a user if doesn't correspond with its group's attributes. Is this really the way to achieve this? Thanks and regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Rejecting-login-with-radgroupcheck-attributes-tp5470210p5470210.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using radgroupcheck to reject user's login
Hi again, I have been testing with the definition of DEFAULT Auth-Type := Reject in users file, but does not works. I don't know if I should to define this into another directive or in another file or in sql table. Now, I'm thinking in to define radgroupcheck's attributes directly into radcheck table and the same with radgroupreply's attributes because, I'm interested in reject a user if doesn't correspond with its group's attributes. Is this really the way to achieve this? Thanks and regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-radgroupcheck-to-reject-user-s-login-tp5467069p5470064.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using radgroupcheck to reject user's login
Hi (Alan), Thanks for your answer. I have read about that ... Maybe to fix this problem, I should to reject all users and then add an accept by each group. That's correct? Or, are there a better solution? I hope your answers because I would like to do some tests to achieve it. Thanks and regards, Toni.? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-radgroupcheck-to-reject-user-s-login-tp5467069p5469097.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using radgroupcheck to reject user's login
Hi, Do you know if is possible to reject a login with radgroupcheck? In latest versions of FreeRADIUS, if we want to reject a user's request that tries to do login with some attributes, we should to use radcheck because if we use radgroupcheck FreeRADIUS doesn't produce a reject. In radcheck we should to define all compulsary attributes, because if there are attributes into radgroupchek and not correspond with NAS' attributes, FreeRADIUS will continues checking other groups. I would like to know if any attribute doesn't correspond, if is possible, that FreeRADIUS rejects the request and doesn't continues checking other groups from radgroupcheck. We are interested in maintain radgroupcheck table with compulsary attributes (if is possible). Maybe changing some settings, can we achieve this? Thanks for your help. Best regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-radgroupcheck-to-reject-user-s-login-tp5467069p5467069.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorize with extra attributes
Hi Alan, Thaks for your answer. I really appreciate your comments, but now I'm blocked. I have checked all files, about sql and anothers. I can not find/understand why I'm wrong. If it is configuration, I don't know what I should to do. My job partner says me that is not necessary to do nothing, only adding the attribute in radgroupcheck is sufficient. In FreeRADIUS 1.1.7, my job partner doesn't need to do extra configuration. Thanks again. Regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorize-with-extra-attributes-tp5462759p5462884.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authorize with extra attributes
Hi, I have been testing in my FreeRADIUS, login with some users. I would like that these users could to do login to my NAS that contains an extra attribute called WISPr-location-name. I think that when users try to login, this attribute is not being checked by FreeRADIUS server or my NAS device has not sent it. I have defined in radgroupcheck this attribute with its groupname, attribute name, op (==) and its Value. If I configured my NAS with location1 in Location name, and in radgroupcheck table I have got location2, login process should not works? In my case works fine. So I think that is wrong. I have been reading and is not necessary to add an extra configuration. These attributes would should works fine with standard configuration. Any advice or idea? Thank you very much. Output result: FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/sql/mysql/counter.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_l
Re: Problems sending session-timeout
Sorry. I wouldn't like to be ban of list. Thanks for your help. I will read again the configuration and then I will try to configure it. I had copied an old configuration, for this reason appears this error in sql query. Thanks for your help and sorry again. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-sending-session-timeout-tp5433107p5453949.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems sending session-timeout
I think that I have not explained very well. I disagree Alan Dekok. Sorry if you think that I'm talking about my implementation, but I think that is correct to explain (or at least try) what happen in my case. I think that another users could have these problems. Or if you configure some service and it works fine, but something you don't know how works, what would you do? I'm using Mikrotik's field names, sorry. So I would like to know why if FreeRADIUS reads from radgroupcheck an attribute, it is not compared with NAS' attibute. In my case, I have configured in Mikrotik a location name that in radgroupcheck is WISPr-Location-Name, why these values were not compared? And another problem that I'm having is that when user login seems that NAS (Mikrotik in my case) does nor receive session time left (Session-Timeout). Why? Have I to configure something? I have added dictionary. Any idea? Thanks. Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-sending-session-timeout-tp5433107p5453735.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems sending session-timeout
Hi, I'm having problems configuring authentication attributes which were send to the NAS. I don't know why FreeRADIUS doesn't check attributes that NAS sends - only check called-stattion-id (maybe I should to complete the configuration... I don't know how). I don't have clear what I should to do. I would like to get that when a user login to the NAS, NAS has to send some attributes like radius location name, radius location id, called station id and then FreeRADIUS compare with database. Now, called station id functions correctly. After that, FreeRADIUS has to send to the NAS the user's time session. In my case, these attributes were not sent/received and I can't to get a complete functionality. I write the output result. Thanks for your help and pay your attention. Toni. OUTPUT: === FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/sql/mysql/counter.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookup
Re: Problems sending session-timeout
Hi Alan, Thanks again for your reply. I will check later. I will report news here ... Regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-sending-session-timeout-tp5433107p5451438.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems sending session-timeout
First sorry for the inconvenience of my consultations. I think that I have been clear. When a user wants access to my FreeRADIUS, user tries login, and then FreeRADIUS service checks session time of username, make some actions and lastly replies with attributes to the NAS (in my case Mikrotik). NAS, in my case, should receives session timeout, radius-id-location... If I must to configure freeradius to replies with these attributes, I should to add it inside of sql/mysql/counter.conf (a file that contains noresetcounter, monthly or daily directives), that's correct? If I'm wrong or I have some mistakes, please, sorry. I think that it's clear (I think). I could put the output result but maybe it isn't necessary. Thank you very much for your answers and your time. Regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-sending-session-timeout-tp5433107p5451234.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems sending session-timeout
Hi Alan, Thanks for your reply. I wanted to say counter.conf. In that file we can define counters that theorically sends attributes to the NAS, in my case Mikrotik. I have enabled Mikrotik's dictionary. So, I should to add all attributes inside of counter.conf file in all directives defined , ¿that's correct? Thanks for your attention. Best regards, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-sending-session-timeout-tp5433107p5450548.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems sending session-timeout
Hi again, I don't know why my FreeRADIUS server doesn't send session-timeout and another attributes like radius-location-name or radius-location-id (all in Mikrotik NAS). In FreeRADIUS older versions, I think that this attributes were sent automatically with the dictionary activation. Anybody can tell me how could I do to send all attributes automatically without adding one per one in counter.sql file? Thanks for your help. Best regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-sending-session-timeout-tp5433107p5449960.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems sending session-timeout
Thanks for your answer. Sorry if my question was a lot of basic ... I have solved this adding reply-name (reply-name = Session-Timeout) in all modules defined in counter.sql. Thank you very much. Best regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-sending-session-timeout-tp5433107p5434802.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems sending session-timeout
Hi guys, I have a problem with my freeradius service. I would like to get that freeradius sends to my NAS the session-timeout attribute. Can you tell my how could I get it? This is the output result: FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/sql/mysql/counter.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/inner-tunnel main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 50 reject_delay = 3 status_server = yes } } radiusd: Loading Realms and Home Servers radiusd: Loading Clients radiusd: Instantiating modules instantiate { Module: Linked to
Radius testing.
Hi everybody, Anybody knows a tool to test radius performance? I have seen radperf (without userguide or tutorial) and radtest application. Any advice or ideas? Thanks. Best regards, Toni. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Radius-testing-tp5001965p5001965.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Anybody can confirm this?
Hi, I have not tried it yet (to build my own sql query). Have you got any idea to do this? I think that I should to check source ip address and then execute one or another query. I have checked Event-Timestamp parameter in packet that NAS sends to radius server only. I have a question. I think that there are a lot of companies that are using FreeRADIUS currently. Do you think that they have not thought in replicate the same set of information (same records in more than one database)? Or maybe they have thought in other solutions types? Thanks. I hope your answers and advices. Best regards, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Anybody-can-confirm-this-tp4939606p4964487.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Anybody can confirm this?
Hi everybody, Anybody can tell me something about this? I can't believe that if in copy-acct-to-home-server file specifies "That way, each server has the same set of information, and can make the same decision about the user", I can't get the same set of accounting information. Or this is wrong or I have a mistake (I have not modified default configuration, only some parameters to specify my lan configuration). I hope your answers and advices. Best regards, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Anybody-can-confirm-this-tp4939606p4963974.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending accounting packets to more than one server?
Hi Alan, Sorry very much, but I was desperate. Now I understand how can I do this. Following documentation and re-reading it, I understand that I can use radrelay.conf configuration to do an exactly replica, obviously with a second detail file created and with a reader and a writer configurated. I have opened my eyes! However, I think that there are a lot of answers that cause confusion. Thanks! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Sending-accounting-packets-to-more-than-one-server-tp3408816p4942835.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius mysql acct copy
Hi, This configuration is correctly? Nowadays, could I use this to copy acct to a remote server? Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Freeradius-mysql-acct-copy-tp4272880p4942524.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to configure proxy server to send a copy of acct to remote/home server
Have you got this configuration? How have you done it? I can't get to sync accountin data to remote server with same set of information (acctstarttime and acctstoptime have got differents times - I think that this is because servers catching its local time at the moment on recieve the packets). Any idea? -- View this message in context: http://freeradius.1045715.n5.nabble.com/How-to-configure-proxy-server-to-send-a-copy-of-acct-to-remote-home-server-tp2843198p4942508.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending accounting packets to more than one server?
Is it possible to do this with copy-acct-to-home-server? Whit copy-acct-to-home-server I can't get it. Have you get to copy the same set of information from one server to another? Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Sending-accounting-packets-to-more-than-one-server-tp3408816p4942465.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why is not writting in second detail file?
Hi, I have checked my NAS' packets and I can confirm that sends Event-Timestamp (I have seen it from output of freeradius -X). Now, What have I to do? I have seen that Event-Timestamp has not a good mysql format: "Oct 26 2011 13:03:14 CEST". Any idea? Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Why-is-not-writting-in-second-detail-file-tp4935451p4942366.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anybody can confirm this?
Hi, I have two servers A and B configured. I have some doubts: I would like to get to copy accounting data (same set of information) from A to B. I have configured this and works fine (copy-acct-to-home-server & proxy.conf), BUT in radacct table of server B, the records have different acctstartime and different acctstoptime from server A. I know that this happens because server B catchs its time and records it (exists a delay - few seconds). In other post, suggest me modify sql queries to get this (I should catch time of packet that send A - Event-Timestamp, and record it). For do this, I have thought in to check "Packet-Src-IP-Address" and if it is equal to B's address, I have to use my query modified. I have a problem, "Event-Timestamp" has the follows format: "Oct 26 2011 13:03:14 CEST" and I want to get -mm-dd HH:MM:ss (mysql format and current format of freeradius' dates). Do you know how can I do it? I can't believe that I can't do this more easy... Any suggestions? I have to think that I will get it... Thanks and regards! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Anybody-can-confirm-this-tp4939606p4939606.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why is not writting in second detail file?
First, thanks for your answer. I think that I understand the basics but I had a doubt with second_detail file because before appeared when I executed a ls. Now I have clear (I knew that second_detail was removed when was readed, but only if the packets were transmited). I have redone the configurations three times getting forever an insufficient solution, but I have learnt a lot. Now, I'm reading a book about RADIUS to expand my knowledge. Now, I don't have clear why configuring proxy.conf and implementing copy-acct-to-home-server, accounting packets have different times(I know that these are using different timestamp). You have said that this is possible changing sql quieries, is not exist another solution for do that? This is my big doubt and now, my big problem. Thanks for your attention and your answers! I hope your answers again. Regards. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Why-is-not-writting-in-second-detail-file-tp4935451p4939014.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why is not writting in second detail file?
I have got the same result writting "update control" inside of preacct. This is proxy configuration, but I don't want a proxy configuration, I would like to get a copy-acct-to-home-server configuration with the same set of information in radacct table. I have configured proxy.conf because in copy-acct-tome-server says that proxy.conf must to have realms, pool and home_server. What is wrong? What I should to do? In the last, I had got the same set of information with radrelay configuration (this is deprecated). Then I got proxy configuration, but copy-acct-to-home-server configuration is being very difficult. :( Regards. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Why-is-not-writting-in-second-detail-file-tp4935451p4936443.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why is not writting in second detail file?
I have got the same result writting "update control" inside of preacct. This is proxy configuration, but I don't want a proxy configuration, I would like to get a copy-acct-to-home-server configuration with the same set of information in radacct table. I have configured proxy.conf because in copy-acct-tome-server says that proxy.conf must to have realms, pool and home_server. What is wrong? What I should to do? In the last, I had got the same set of information with radrelay configuration (this is deprecated). Then I got proxy configuration, but copy-acct-to-home-server configuration is being very difficult. :( Regards. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Why-is-not-writting-in-second-detail-file-tp4935451p4935766.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why is not writting in second detail file?
Thanks for your answer. I hadn't put "update control" inside accounting. Now, accounting packets are write, but with different time in "acctstarttime" and "acctstoptime" fields. This fields should to have the same values (I would like to get this). -- View this message in context: http://freeradius.1045715.n5.nabble.com/Why-is-not-writting-in-second-detail-file-tp4935451p4935704.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why is not writting in second detail file?
I have check that I had not defined the pool as acct_pool, for this reason server's type was wrong. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Why-is-not-writting-in-second-detail-file-tp4935451p4935604.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why is not writting in second detail file?
Yes, I knew that code is to define a reader. Thanks. ;) I think that this function incorrectly (I have some mistake) because when I list /var/log/freeradius/radacct, not appears second_detail file. Now I have included proxy.conf ($INCLUDE proxy.conf) in radiusd.conf and when I launch freeradius -X, I got this output: /etc/freeradius/proxy.conf[114]: Home server radiusB of unexpected type "acct". I think that I can define a home_server as acct type. Maybe this is the problem. Also, I think that this is wrong because my home_server not receives accounting requests. I knew that I had defined the second writer fine, but something it's happening because I think that this file doesn't get to exist. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Why-is-not-writting-in-second-detail-file-tp4935451p4935527.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Why is not writting in second detail file?
I have defined a second detail file writer that functions correct writting a second file. When I define in radiusd.conf this code: server radiusB { listen { type = detail filename = /var/log/freeradius/radacct/second_detail load_factor = 25 } preacct { preprocess suffix } accounting { ok } pre-proxy { } post-proxy { } } Writer doesn't writes to the file. I don't know why. If I comment the previous code, function correctly. I have configured in proxy.conf my home server. So, when reader try to reads records from second detail file, this file not exists. Output: FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/detail_ori including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no
Re: Problems with radrelay
Hi everybody. I guess that it's normal but I would like to know it. I have configured two servers with robust-proxy-accounting model. My doubt is, when radiusA server writes a record into database, writes Its current time and then sends accounting packet to radiusB server (proxying). RadiusB server receives the packet and writes the record into database but with different time (obviously Its current time) (a few seconds of difference). This is correct? I thnik that yes... So, if I want to have the same data between radiusA and radiusB, must I to use copy-acct-to-home configuration model to get it? Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-radrelay-tp4918721p4924613.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with radrelay
I did not write the output result. > The first server only writes in detail file if it is not launch with -n > radrelay option. > That's how it's supposed to work. Yes, but I want to say that only writes in detail_file (second detail file) when it's launch without -n radrelay option, when it should writes in detail_file (second detail file) with or without -n option, I think. I am going to write the steps that I have followed to check the result of the freeradius service. - I have tested both freeradius servers and both work fine when work individually. The first freeradius server writes in second_detail file, and second freeradius server doesn't writes in second_detail file because it is not configured (correct!). Both servers work fine with authentication and accounting processes. - When I launch first freeradius server with -X -n radrelay options, radrelay reads from second_detail file (that exists) and send records to second freeradius server. The second freeradius server writes records in radacct table (database). Then, first freeradius server delete the second_detail file. - When I try to authenticate to first freeradius server I get a timeout message. - The service is continuing trying to read from second_detail file (that not exists because was deleted by first freeradius service) and it's ignoring all authentication requests (in output result not appears nothing about authentication requests). Outputs: First freeradius server with -X option: http://freeradius.1045715.n5.nabble.com/file/n4920900/first_freeradius-X_authentication%26accounting.txt first_freeradius-X_authentication%26accounting.txt Second detail_file exists: root@debian:/var/log/freeradius/radacct# ls -l total 12 drwxr-xr-x 2 freerad freerad 4096 oct 19 10:34 192.168.1.163 drwxr-xr-x 2 freerad freerad 4096 oct 20 09:30 192.168.1.7 -rw--- 1 freerad freerad 368 oct 20 11:11 second_detail <-- This root@debian:/var/log/freeradius/radacct# First freeradius server with -X -n radrelay and second freeradius server with -X option and listening: http://freeradius.1045715.n5.nabble.com/file/n4920900/first_freerasius-X-n_synchronize_nothningmore.txt first_freerasius-X-n_synchronize_nothningmore.txt http://freeradius.1045715.n5.nabble.com/file/n4920900/second_listentingradrelay.txt second_listentingradrelay.txt At the end, first freeradius server says: violation of the segment Would you need the configuration files? First freeradius server: http://freeradius.1045715.n5.nabble.com/file/n4920900/radiusd.conf radiusd.conf http://freeradius.1045715.n5.nabble.com/file/n4920900/radrelay.conf radrelay.conf Second freeradius server: http://freeradius.1045715.n5.nabble.com/file/n4920900/radiusd.conf radiusd.conf If yuo need any thing else, please tell me. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-radrelay-tp4918721p4920900.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with radrelay
Hi everybody, I had configured freeradius with mysql and writting in a second detail. This second file was readed by radrelay and accounting data was replicated between both servers. All worked fine. Now when I have tried to configure a second radrelay on the second server (that only recieved account data from the other server), first radrelay from the first server not works and all the system not works fine. The first server only writes in detail file if it is not launch with -n radrelay option. I think that it's very rare. Is it possible that radrelay works between two servers but only in one sense? What is happening? Regards, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-radrelay-tp4918721p4918721.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Thank you very much to all! I have gotten configurate freeradius logging with mysql, writting in detail file and radrelay reading from this detail file. Now I am testing this with 100 requests. I have understood freeradius protocol and differences between AAA (Authorization, Authentication and Accounting) and I have understood that radrelay synchronize Accounting data only. So, now I am going to configure the second freeradius server that recieves data from radrelay to send data to the other freeradius server (the first). When I understood how to function freeradius was all very easy. Thanks again. Maybe, I will need to write to ask about some problem. I will hope your help. Can you close this thread? Maybe not... because it's open forever. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4917040.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Thanks again with your answer. When you speak about "an external mechanism" to synchronize user data for authentication, this means that for example, I should to do a mysql replica with this table? I want to get to synchronize both concepts, authentication and accounting data because I want to get two servers with identical data and functionality in real time. So, I have it clear. I should to get to write accounting records into a detail file. I have tested it with radlogin client, in authentication mode and accounting mode and both works fine. Thanks for your answer again. I am going to begin with a original configuration files, with basic functionality and I'm going to work to get write accounting records in detail file. Regards, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4909812.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Thank you for your answer. I am going to follow this guide. I think that there are some points that maybe it isn't necessary for the objective. I can tell you that: 1.- I thought that the achieve of this configuration was to have two services with authentication and accounting data synchronized. First service writes in database and in detail file and second service would make the same and both would read from detail file and then write to database. 2.- Yes, I think the same. Great phrase. ;) 2.1- I have configured a simple freeradius, logging with database, with nas and writting account data in database too. I don't know if getting this, data would write in detail file or not. 2.2- I don't know how to get that service writes records into detail file. 2.3- I have used "Radius test client" to test the authentication and accounting processes. Not more. 2.4- I don't know how to read accounting records (because I don't know how to write it) and I don't know how to forward it to a remote radius server (I think that this is my objective. Do you agree?) I have read copy-acct-to-home-server and robust-proxy-accounting files. Now, I think that I'm at a point wich I don't know what I should to do. I have modified the configuration files, maybe I should to restore original files and start again, but I will spend time doing this. I would like know if with these modifications, I have got a more or less good configuration or not. For this reason, I think that is necessary for me your help. Thanks. I hope your answers. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4909625.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Any body can help me? Please!! I need to get a good configuration! Thanks! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4909025.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
I think that I have detected an error. In radiusd.conf I had two listeners, I have commented the second listener (appears in the last post): listen { type = auth ipaddr = * port = 0 } listen { ipaddr = * port = 0 type = acct } This is correct? When I launch freeradius -X, I get this output: FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/radrelay-detail including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/detail-relay main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names =
Re: Problems with my radrelay configuration?
Hi, Yes I have written more. I have modified proxy.conf file with home_servers configuration. This is its content: proxy server { default_fallback = no } home_server radiusa { type = auth+acct ipaddr = 192.168.1.129 port = 1812 secret = testing123 require_message_authenticator = no response_window = 20 zombie_period = 40 revive_interval = 120 status_check = status-server check_interval = 30 num_answers_to_alive = 3 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server radiusb{ type=auth+acct ipaddr = 192.168.1.130 port=1812 secret=testing123 require_message_authenticator = no response_window = 20 zombie_period = 40 revive_interval = 120 status_check = status-server check_interval = 30 num_answers_to_alive = 3 coa{ irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool my_auth_failover { type = fail-over home_server = radiusa } home_server_pool my_acct_relay { type = fail-over home_server = radiusa } realm example.com { auth_pool = my_auth_failover } realm relay_realm { acct_pool = my_acct_relay } realm LOCAL { } Also, I have modified copy-acct-to-hom-server file: server copy-acct-to-home-server { listen { type = detail filename = ${radacctdir}/detail load_factor = 10 } preacct { if (Proxy-State){ update control{ Proxy-To-Realm := LOCAL } } else { update control { Proxy-To-Realm := relay_realm } } preprocess suffix files } accounting { ok } pre-proxy { } post-proxy { } } In sites-enabled I have created a simbolic link to copy-acct-to-home-server. root@debian:/etc/freeradius/sites-enabled# ls -l total 0 lrwxrwxrwx 1 root freerad 26 oct 4 18:54 default -> ../sites-available/default lrwxrwxrwx 1 root freerad 43 oct 13 14:18 detail-relay -> ../sites-available/copy-acct-to-home-server lrwxrwxrwx 1 root freerad 31 oct 4 18:54 inner-tunnel -> ../sites-available/inner-tunnel In modules directory, I don't have detail_relay file, should I have it? This is the detail's file code in modules directory: detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 header = "%t" } My radrelay.conf file: prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct name = radrelay confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} libdir = @libdir@ pidfile = ${run_dir}/${name}.pid max_request_time = 30 cleanup_delay = 5 max_requests = 65536 log { destination = files file = ${logdir}/${name}.log } security { max_attributes = 200 } modules { $INCLUDE ${confdir}/modules/always } instantiate { } proxy_requests = yes home_server radrelay { type = acct ipaddr = 192.168.1.130 port = 1812 secret = testing123 require_message_authenticator = yes } home_server_pool radrelay { type = fail-over home_server = radrelay } realm radrelay { acct_pool = radrelay } listen { type = detail filename = ${radacctdir}/radacct/detail load_factor = 50 max_outstanding = 100 } preacct { update control { Proxy-To-Realm := "radrelay" } } accounting { } And radiusd.conf file: prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = /var/log/freeradius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct name = freeradius confdir = ${raddbdir} run_dir = ${localstatedir}/run/${name} db_dir = ${raddbdir} libdir = /usr/lib/freeradius pidfile = ${run_dir}/${name}.pid user = freerad group = freerad max_request_time = 30 cleanup_delay = 5 max_requests = 1024 listen { type = auth ipaddr = * port = 0 } listen { ipaddr = * port = 0 type = acct } hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions= yes log { destination = files file = ${logdir}/radius.log syslog_facility = daemon stripped_names = no auth = no
Re: Problems with my radrelay configuration?
I think that I have a mistake. In proxy.conf file I have defined home_server's, Have I to remove it from radrelay.conf? I should to start the configuration with files without modifications, but to do this I should to know very well what files I have to modify. What suggest me to do? -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4899773.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Sorry Alan, I have to ask because I don't know how to configure this service. Thank you very much for your answer. Now, after to do some modifications following some indications, I have returned to previous situation. I'm sorry! When I launch freeradius -X I get this output: FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/radrelay-detail including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default including configuration file /etc/freeradius/sites-enabled/detail-relay main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no
Re: Problems with my radrelay configuration?
Do you know if I must to configure two servers or only one is necessary? Thanks again. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4899608.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Ok, the service running ok. The authentication and accounting it's ok only in one server, in the other server not appears nothing about accounting, so the synchronization not function correct. What can to be happening? I have in radrelay.conf a home_server such as radrelay with this code: home_server radrelay { type = acct # # This directive replaces the "-r" command-line option # in radrelay # ipaddr = 192.168.1.130 port = 1812 # # This directive replaces the "-i" command-line option # in radrelay # # src_ipaddr = 192.168.1.1 # # This directive replaces the "-s", "-S", and "-n" command-line # options in radrelay # secret = testing123 require_message_authenticator = yes } home_server_pool radrelay { type = fail-over home_server = radrelay } # # A dummy realm. # realm radrelay { acct_pool = radrelay } # # Read the detail file. # listen { type = detail # # The "radacctdir" parameter below replaces the "-a" command- # line option in radrelay. The "detail" parameter replaces # the "detailfile" command-line option in radrelay # filename = ${radacctdir}/radacct/detail load_factor = 50 max_outstanding = 100 } # # See also raddb/sites-available/copy-acct-to-home-server # for additional description. # preacct { # # Proxy the packet using the given realm. # Note that we do not use the realm for anything else such # as prefix/suffix stripping or comparisons. # update control { Proxy-To-Realm := "radrelay" } } accounting { # sql } Do you see any thing wrong? Thanks and regards. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4898878.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Ok. Thank you for your answer. Now the service running ok when I execute freeradius -X. I am going to check the replication. I would like to get authentication and accounting replication because I want to have two identical servers with data replicated. Please, if you know about this, tell me if I need anything else to get this. After I will write the news. Thanks nad regards! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4898858.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Yes, I have copied detail file with radrelay-detail name. This is wrong? So, how I have to define this module? I thought that this was enough. I should to undo this change, ok? Thanks for your answer. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4898589.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Thanks for your answer Alan. I haver in modules directory radrelay-detail file with this code: # -*- text -*- # # $Id$ # Write a detailed log of all accounting records received. # detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 header = "%t" } I guess that load radacctdir from radiusd.conf and I don't have to define it again. Have I to define any thing else? Thanks again. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4898473.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Hi, After that to modify the configuration files, when I lunch freeradius -X I get this output: FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/proxy.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/modules/ including configuration file /etc/freeradius/modules/pap including configuration file /etc/freeradius/modules/detail including configuration file /etc/freeradius/modules/attr_filter including configuration file /etc/freeradius/modules/inner-eap including configuration file /etc/freeradius/modules/dynamic_clients including configuration file /etc/freeradius/modules/detail.log including configuration file /etc/freeradius/modules/acct_unique including configuration file /etc/freeradius/modules/etc_group including configuration file /etc/freeradius/modules/expr including configuration file /etc/freeradius/modules/passwd including configuration file /etc/freeradius/modules/realm including configuration file /etc/freeradius/modules/radutmp including configuration file /etc/freeradius/modules/linelog including configuration file /etc/freeradius/modules/mac2ip including configuration file /etc/freeradius/modules/smbpasswd including configuration file /etc/freeradius/modules/detail.example.com including configuration file /etc/freeradius/modules/digest including configuration file /etc/freeradius/modules/chap including configuration file /etc/freeradius/modules/policy including configuration file /etc/freeradius/modules/files including configuration file /etc/freeradius/modules/perl including configuration file /etc/freeradius/modules/mac2vlan including configuration file /etc/freeradius/modules/smsotp including configuration file /etc/freeradius/modules/attr_rewrite including configuration file /etc/freeradius/modules/wimax including configuration file /etc/freeradius/modules/mschap including configuration file /etc/freeradius/modules/ntlm_auth including configuration file /etc/freeradius/modules/preprocess including configuration file /etc/freeradius/modules/ippool including configuration file /etc/freeradius/modules/ldap including configuration file /etc/freeradius/modules/expiration including configuration file /etc/freeradius/modules/sradutmp including configuration file /etc/freeradius/modules/opendirectory including configuration file /etc/freeradius/modules/echo including configuration file /etc/freeradius/modules/sqlcounter_expire_on_login including configuration file /etc/freeradius/modules/unix including configuration file /etc/freeradius/modules/logintime including configuration file /etc/freeradius/modules/exec including configuration file /etc/freeradius/modules/pam including configuration file /etc/freeradius/modules/sql_log including configuration file /etc/freeradius/modules/cui including configuration file /etc/freeradius/modules/counter including configuration file /etc/freeradius/modules/krb5 including configuration file /etc/freeradius/modules/checkval including configuration file /etc/freeradius/modules/otp including configuration file /etc/freeradius/modules/always including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sql/mysql/dialup.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/inner-tunnel including configuration file /etc/freeradius/sites-enabled/default main { user = "freerad" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server loc
Re: Problems with my radrelay configuration?
Thank you for your answer Alan. You have reason. I was probing some definitions inside of configuration, for this reason appears identity... Also I was very lost. I hope to gradually understanding the freeradius configuration because it's very difficult. Now, I am going to probe it with my configuration files and then I will write the output. Thanks again. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4892232.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Thanks. Now, I have configured radiusd.conf with this code: #Detail module instance detail radrelay-detail { detailfile = ${radacctdir}/radacct/detail detailperm = 0600 dirperm = 0755 locking = yes } accounting { radrealay-detail } And radrelay.conf with this code: listen { type = detail # # The "radacctdir" parameter below replaces the "-a" command- # line option in radrelay. The "detail" parameter replaces # the "detailfile" command-line option in radrelay # filename = ${radacctdir}/radacct/detail load_factor = 50 max_outstanding = 100 identity = radrelay } # # See also raddb/sites-available/copy-acct-to-home-server # for additional description. # preacct { # # Proxy the packet using the given realm. # Note that we do not use the realm for anything else such # as prefix/suffix stripping or comparisons. # update control { Proxy-To-Realm := "radrelay" } } accounting { # sql } In accounting I have commented sql (you can see) and I have appended listen instance. I get this output and server continueing without to write the detail file: root@debian:/etc/freeradius# clear; freeradius -X -n radrelay FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radrelay.conf including configuration file /etc/freeradius/modules/always main { allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "@libdir@" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 65536 pidfile = "/var/run/radrelay/radrelay.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 0 status_server = no } } radrelay: Loading Realms and Home Servers home_server radrelay { ipaddr = 192.168.1.130 port = 1812 type = "acct" secret = "testing123" response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool radrelay { type = fail-over home_server = radrelay } realm radrelay { acct_pool = radrelay } radrelay: Loading Clients radrelay: Instantiating modules instantiate { } radrelay: Loading Virtual Servers server { # from file /etc/freeradius/radrelay.conf modules { Module: Checking preacct {...} for more modules to load } # modules } # server radrelay: Opening IP addresses and Ports listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/radacct/detail" load_factor = 50 poll_interval = 1 retry_interval = 30 } } Listening on /var/log/freeradius/radacct/radacct/detail Detail listener /var/log/freeradius/radacct/radacct/detail state unopened signalled 0 waiting 1.00 sec Listening on proxy address * port 1139 Waking up in 0.9 seconds. Polling for detail file /var/log/freeradius/radacct/radacct/detail Detail listener /var/log/freeradius/radacct/radacct/detail state unopened signalled 0 waiting 0.843392 sec Waking up in 0.8 seconds. Polling for detail file /var/log/freeradius/radacct/radacct/detail Detail listener /var/log/freeradius/radacct/radacct/detail state unopened signalled 0 waiting 1.246242 sec Waking up in 1.2 seconds. Polling for detail file /var/log/freeradius/radacct/radacct/detail Detail listener /var/log/freeradius/radacct/radacct/detail state unopened signalled 0 waiting 1.052300 sec Waking up in 1.0 seconds. ^C The same output! What's happening? Thank you for your help and aswers. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4891338.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Hi, Thank you for your answer Alan. I supposed this too (detail file not exist), so read process fails. So, I should to configure in radiusd.conf the server to write to the detail file. Then in radrelay.conf, the configuration is correct? Now radrelay is configurated to read detail file, ok? I think that this is correct. Thank you again. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4891247.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
I have changed the line detailfil that was wrong. I have written this: detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d And the output is: root@debian:/etc/freeradius# freeradius -X -n radrelay FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radrelay.conf including configuration file /etc/freeradius/modules/always main { allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "@libdir@" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 65536 pidfile = "/var/run/radrelay/radrelay.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 0 status_server = no } } radrelay: Loading Realms and Home Servers home_server radrelay { ipaddr = 192.168.1.130 port = 1812 type = "acct" secret = "testing123" response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool radrelay { type = fail-over home_server = radrelay } realm radrelay { acct_pool = radrelay } radrelay: Loading Clients radrelay: Instantiating modules instantiate { } radrelay: Loading Virtual Servers server { # from file /etc/freeradius/radrelay.conf modules { Module: Checking preacct {...} for more modules to load Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/radrelay.conf detail { detailfile = "/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server radrelay: Opening IP addresses and Ports listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail" load_factor = 50 poll_interval = 1 retry_interval = 30 } } Listening on /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 1.00 sec Listening on proxy address * port 1377 Waking up in 0.9 seconds. Polling for detail file /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 0.813745 sec Waking up in 0.8 seconds. Polling for detail file /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 1.131002 sec Waking up in 1.1 seconds. ^C Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4891007.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with my radrelay configuration?
Hi, After append inside modules section of radrelay.conf file this code: detail { detailfile = /var/log/freeradius/radacct/detail detailperm = 0600 dirperm = 0755 locking = no } When I lunch freeradius -X -n radrelay appear this: root@debian:/etc/freeradius# freeradius -X -n radrelay FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radrelay.conf including configuration file /etc/freeradius/modules/always main { allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "@libdir@" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 65536 pidfile = "/var/run/radrelay/radrelay.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 0 status_server = no } } radrelay: Loading Realms and Home Servers home_server radrelay { ipaddr = 192.168.1.130 port = 1812 type = "acct" secret = "testing123" response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool radrelay { type = fail-over home_server = radrelay } realm radrelay { acct_pool = radrelay } radrelay: Loading Clients radrelay: Instantiating modules instantiate { } radrelay: Loading Virtual Servers server { # from file /etc/freeradius/radrelay.conf modules { Module: Checking preacct {...} for more modules to load Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/radrelay.conf detail { detailfile = "/var/log/freeradius/radacct/detail" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } } # modules } # server radrelay: Opening IP addresses and Ports listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail" load_factor = 50 poll_interval = 1 retry_interval = 30 } } Listening on /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 1.00 sec Listening on proxy address * port 1187 Waking up in 0.9 seconds. Polling for detail file /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 1.085288 sec Waking up in 1.0 seconds. Polling for detail file /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 0.914222 sec Waking up in 0.9 seconds. Polling for detail file /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 1.185128 sec Waking up in 1.1 seconds. ^C I think that is the same result. Do you know what can be happening? Is correct this change? I think that I'm very lost... But I will get! With your help! Regards and thank you for your help. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4890956.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with my radrelay configuration?
Hi, When I launch freeradius with -X and -n radrelay options, I get this message: Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 0.851083 sec The radacct directory exists, but the detail file not exists, is it an error? What's happened? I post the result in debug mode. Thanks, root@debian:/etc/freeradius# freeradius -X -n radrelay FreeRADIUS Version 2.1.10, for host i486-pc-linux-gnu, built on Nov 14 2010 at 20:41:03 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radrelay.conf including configuration file /etc/freeradius/modules/always main { allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { prefix = "/usr" localstatedir = "/var" logdir = "/var/log/freeradius" libdir = "@libdir@" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 65536 pidfile = "/var/run/radrelay/radrelay.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 0 status_server = no } } radrelay: Loading Realms and Home Servers home_server radrelay { ipaddr = 192.168.1.130 port = 1812 type = "acct" secret = "testing123" response_window = 30 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = "none" ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 300 status_check_timeout = 4 irt = 2 mrt = 16 mrc = 5 mrd = 30 } home_server_pool radrelay { type = fail-over home_server = radrelay } realm radrelay { acct_pool = radrelay } radrelay: Loading Clients radrelay: Instantiating modules instantiate { } radrelay: Loading Virtual Servers server { # from file /etc/freeradius/radrelay.conf modules { Module: Checking preacct {...} for more modules to load } # modules } # server radrelay: Opening IP addresses and Ports listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail" load_factor = 50 poll_interval = 1 retry_interval = 30 } } Listening on /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 1.00 sec Listening on proxy address * port 1188 Waking up in 0.9 seconds. Polling for detail file /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 0.914341 sec Waking up in 0.9 seconds. Polling for detail file /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 1.093880 sec Waking up in 1.0 seconds. Polling for detail file /var/log/freeradius/radacct/detail Detail listener /var/log/freeradius/radacct/detail state unopened signalled 0 waiting 0.851083 sec Waking up in 0.8 seconds. ^C -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problems-with-my-radrelay-configuration-tp4876089p4876089.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRADIUS environment
Sorry did not mean to cause this series of comments to me. I just found something missing, I think, by the discrepancy between files with respect to the installation I have done and what you say here. Once again I apologize. Thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4875626.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRADIUS environment
Sorry, can you tell me where are "detail file readers for examples"? Thank you for your help. We apologize for any inconvenience caused -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4875532.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRADIUS environment
I have readed the "sites-available/example" file that contains an example of how to define a client and a server. I should to define a client and a server in both machines (serverA's client is server B AND serverB's client is server A). Do you understand me? Thanks again. -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4872439.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL and FreeRADIUS environment
I have readed the example file. I have some doubts. Do I get with this example file? I don't have a radrelay.conf example (or is this?) ... I have readed in Internet that in radiusd.conf I should to define a detail block information like detail detail-name {some information} to get two binary files with my main server data (then the other server should to use to replicate data), it is true? And then I should create radrelay.conf file (because not exists in /etc/freeradius) with what information? I think that with listen block of copy-acct-to-home-server file, it is true? Then, when I have got radrelay.conf file with listen block information from "copy-acct-to-home-server" file, where I should to define the second server? I think that in some place I should to define the second server for make the replica... Can you help me? Can you tell me about that? Thank you. -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4872393.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRADIUS environment
I'm going to read this example file. I don't know if I will understand it but I will try it. Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4872336.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRADIUS environment
My FreeRADIU version is 2.1.10 on Debian. Suggest me update? Or is a valid verstion to work and implement freeradius replication with radrelay? Thanks, -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4872269.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRADIUS environment
Hi again, How can I do freeradius replication with radrelay? Do you know any tutorial or howto? I have a basic freeradius service installed and function!!! Thanks! -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4872147.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRADIUS environment
Hi again, I have a doubt, what happen if in my company we want to have two servers, both with freeradius service and mysql service and this two servers could be actives with mysql data replicated? We would like to have two servers as actives with the ability to be both functional. I think that is more difficult than the other solution but this is best. Is possible to make the data replica with TCP protocol with FreeRADIUS? Do you prefer FreeRADIUS replica or mysql replica? What is the best solution to make the replica? Thank you very much!!! I hope your answers!! -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4868964.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL and FreeRADIUS environment.
Hi, thank you for your answer. I think the same. We are thinking in two servers: First server with one freeradius and mysql service, both services as actives. Second server, another freeradius service with mysql service running also. Two servers must to have data replicated. I think that this is the best solution for my company, it's possible with mysql and freeradius in Debian? Do you know how we have to make the configuration to replicate data for mysql and freeradius? Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/Fwd-MySQL-and-FreeRADIUS-environment-tp4846037p4857295.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL and FreeRADIUS environment
Hi, thank you for your answer. We are thinking in two servers: First server with one freeradius and mysql service, both services as actives. Second server, another freeradius service with mysql service running also. Two servers must to have data replicated. I think that this is the best solution for my company, it's possible with mysql and freeradius in Debian? Thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4857276.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL and FreeRADIUS environment
Hi everybody, In my company we are thinking to implement a FreeRADIUS server with MySQL on Linux. We need to duplicate FreeRADIUS service because we think that this is a critical service for us but the authentication process only could be done with the master server(FreeRADIUS and MySQL service, both in only one server). For the other hand, if we want to replicate the data base servers, we would have to synchronize two database servers but we would not know wich would be the best solution, cluster or synchronize. Maybe we will not to need a MySQL cluster service and we will need two servers only. First with master FreeRADIUS service and master MySQL service and the second with slave FreeRADIUS service and slave MySQL service. What do you think about the best solution to implement this environment? I hope your answer. Thank you very much. Regards, -- View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4845985.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html