[OFF-TOPIC] Freeradius and MySQL Cluster
Good Morning, I am doing some tests with MySQL Cluster, and I want to migrate my backend to it. But I am having some troubles/doubts with it. When I use a empty radius database, it works ok. But when I try to import my current database to MySQL with the NDBCLUSTER engine, I got this error: ERROR 1114 (HY000) at line 143: The table 'radacct' is full I think that I must do some tuning to adjust MySQL cluster to my requirements, but I don't know exactly what to change, below is my config.ini: [ndbd default] # Options affecting ndbd processes on all data nodes: NoOfReplicas=2# Number of replicas DataMemory=512M# How much memory to allocate for data storage IndexMemory=512M # How much memory to allocate for index storage # For DataMemory and IndexMemory, we have used the # default values. Since the world database takes up # only about 500KB, this should be more than enough for # this example Cluster setup. [tcp default] # TCP/IP options: portnumber=2202 # This the default; however, you can use any # port that is free for all the hosts in the cluster # Note: It is recommended that you do not specify the port # number at all and simply allow the default value to be used # instead [ndb_mgmd] # Management process options: hostname=192.168.1.32 # Hostname or IP address of MGM node datadir=/var/lib/mysql-cluster # Directory for MGM node log files [ndbd] hostname=192.168.1.30 # Hostname or IP address datadir=/usr/local/mysql/data # Directory for this data node's data files [ndbd] hostname=192.168.1.31 # Hostname or IP address datadir=/usr/local/mysql/data # Directory for this data node's data files [mysqld] [mysqld] I know that this is not the best place to talk about database problems, but I think that there is a lot of people here that use Freeradius with MySQL Cluster that could help me. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [OFF-TOPIC] Freeradius and MySQL Cluster
Hi, I know that this is not the best place to talk about database problems, but I think that there is a lot of people here that use Freeradius with MySQL Cluster that could help me. used to - moved to postgres. anyway, there *are* other more useful resources for using MySQL: http://www.lmgtfy.com/?q=mysql+cluster+reference+the+table+is+fulll=1 alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [OFF-TOPIC] Freeradius and MySQL Cluster
2012/2/27 Antonio Modesto mode...@isimples.com.br: Good Morning, I am doing some tests with MySQL Cluster, and I want to migrate my backend to it. But I am having some troubles/doubts with it. When I use a empty radius database, it works ok. But when I try to import my current database to MySQL with the NDBCLUSTER engine, I got this error: ERROR 1114 (HY000) at line 143: The table 'radacct' is full Is your cluster full? I think that I must do some tuning to adjust MySQL cluster to my requirements, but I don't know exactly what to change, below is my config.ini: mysql cluster is a different beast altogether. My best advice, if you go down that route, is to get the help of an expert. Seriously. If you DO get it running though, it will worth every effort. Some things you could try to check: - is the db full? mysql cluster is limited by how much amount of memory you allocate to the data nodes. Don't be surpised if you ended up with only 1 or 2 GB usable space. - try splitting the import into smaller transaction. It's a hassle, I know. But if you try to insert/update/delete a large number of rows (e.g. 1 million rows) at once, then mysql cluster will complain. Splitting it manually into a small number (e.g. 1k rows) on each transaction should work. Again, if you still can't get it to work, hire an expert. Or ask in mysql list/forums, as this is not really radius-specific. Any huge write in one transaction should cause the same problem. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [OFF-TOPIC] Freeradius and MySQL Cluster
This is about the best tool for MySQL cluster for tuning your DB. http://www.severalnines.com/cluster-configurator/ David -Original Message- From: freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org [mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freera dius.org] On Behalf Of Fajar A. Nugraha Sent: Monday, February 27, 2012 8:20 AM To: FreeRadius users mailing list Subject: Re: [OFF-TOPIC] Freeradius and MySQL Cluster 2012/2/27 Antonio Modesto mode...@isimples.com.br: Good Morning, I am doing some tests with MySQL Cluster, and I want to migrate my backend to it. But I am having some troubles/doubts with it. When I use a empty radius database, it works ok. But when I try to import my current database to MySQL with the NDBCLUSTER engine, I got this error: ERROR 1114 (HY000) at line 143: The table 'radacct' is full Is your cluster full? I think that I must do some tuning to adjust MySQL cluster to my requirements, but I don't know exactly what to change, below is my config.ini: mysql cluster is a different beast altogether. My best advice, if you go down that route, is to get the help of an expert. Seriously. If you DO get it running though, it will worth every effort. Some things you could try to check: - is the db full? mysql cluster is limited by how much amount of memory you allocate to the data nodes. Don't be surpised if you ended up with only 1 or 2 GB usable space. - try splitting the import into smaller transaction. It's a hassle, I know. But if you try to insert/update/delete a large number of rows (e.g. 1 million rows) at once, then mysql cluster will complain. Splitting it manually into a small number (e.g. 1k rows) on each transaction should work. Again, if you still can't get it to work, hire an expert. Or ask in mysql list/forums, as this is not really radius-specific. Any huge write in one transaction should cause the same problem. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [OFF-TOPIC] Freeradius and MySQL Cluster
On Mon, 2012-02-27 at 20:20 +0700, Fajar A. Nugraha wrote: 2012/2/27 Antonio Modesto mode...@isimples.com.br: Good Morning, I am doing some tests with MySQL Cluster, and I want to migrate my backend to it. But I am having some troubles/doubts with it. When I use a empty radius database, it works ok. But when I try to import my current database to MySQL with the NDBCLUSTER engine, I got this error: ERROR 1114 (HY000) at line 143: The table 'radacct' is full Is your cluster full? I am not using the cluster, it was inactive, I just set it up, did some tests, then I tried to import the actual radius database to it. I think that I must do some tuning to adjust MySQL cluster to my requirements, but I don't know exactly what to change, below is my config.ini: mysql cluster is a different beast altogether. My best advice, if you go down that route, is to get the help of an expert. Seriously. If you DO get it running though, it will worth every effort. Some things you could try to check: - is the db full? mysql cluster is limited by how much amount of memory you allocate to the data nodes. Don't be surpised if you ended up with only 1 or 2 GB usable space. - try splitting the import into smaller transaction. It's a hassle, I know. But if you try to insert/update/delete a large number of rows (e.g. 1 million rows) at once, then mysql cluster will complain. Splitting it manually into a small number (e.g. 1k rows) on each transaction should work. Again, if you still can't get it to work, hire an expert. Or ask in mysql list/forums, as this is not really radius-specific. Any huge write in one transaction should cause the same problem. I didn't know about the memory limit. So if I have a 10GB database, Must I have, at least, 10GB configured for each cluster node? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [OFF-TOPIC] Freeradius and MySQL Cluster
On Mon, Feb 27, 2012 at 9:48 PM, Antonio Modesto mode...@isimples.com.br wrote: I didn't know about the memory limit. So if I have a 10GB database, Must I have, at least, 10GB configured for each cluster node? David posted a link which can help assign memory on data nodes. Short version is: - while mysql cluster can store some data on disk, you really should put it all on memory. Otherwise there wouldn't be much speed improvement - only a portion of memory on data node can be used as data memory - multiple data nodes can add the available data memory, but replicas trade memory for availability (thus reducing the number of memory for data) so if you have (for example) 4 datanodes, 16GB total memory each, and configure them as 2 node group @2 replicas, don't be surprised if total usable memory for data is around 10-20 GB. When your memory is limited and radacct is huge, better keep them separated: - put tables OTHER than radacct on cluster - put radacct on normal mysql instance - store live accouting data on cluster The last part is kinda hard, since you need to create your own queries. The default sql queries doesn't split live (e.g. records that don't have acct-stop yet) and archive data. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [OFF-TOPIC] Freeradius and MySQL Cluster
On Mon, 2012-02-27 at 22:09 +0700, Fajar A. Nugraha wrote: On Mon, Feb 27, 2012 at 9:48 PM, Antonio Modesto mode...@isimples.com.br wrote: I didn't know about the memory limit. So if I have a 10GB database, Must I have, at least, 10GB configured for each cluster node? David posted a link which can help assign memory on data nodes. Short version is: - while mysql cluster can store some data on disk, you really should put it all on memory. Otherwise there wouldn't be much speed improvement - only a portion of memory on data node can be used as data memory - multiple data nodes can add the available data memory, but replicas trade memory for availability (thus reducing the number of memory for data) so if you have (for example) 4 datanodes, 16GB total memory each, and configure them as 2 node group @2 replicas, don't be surprised if total usable memory for data is around 10-20 GB. When your memory is limited and radacct is huge, better keep them separated: - put tables OTHER than radacct on cluster - put radacct on normal mysql instance - store live accouting data on cluster The last part is kinda hard, since you need to create your own queries. The default sql queries doesn't split live (e.g. records that don't have acct-stop yet) and archive data. Understood. Today my radius database is small, about 1GB, I think I can run everything on memory. I will configure another datanodes with more available memory and see what happens. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Documentation for Setting up Freeradius with MYSQL
Hi All, I have a requirement to set up freeradius with MySQL in my environment. I was able to find the DDL Script required for MYSQL Database to be built. Is there a complete How-to from Scratch for compiling free radius to work with MySQL on Ubuntu. Please advice. Thanks JK - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2 + MySQL + MD5 hash don't work
Okay folks, I appreciate the help. Already managed to solve. Basically there were two details, the first was as the supplicant was trying to authenticate, it was either use MSCHAPv2, but the passwords were encrypted at the base with MD5, just like CHAP authentication would not work . By forcing the supplicant to use TTLS + PAP, the authentication worked. I thank you all. 2011/3/17 Alan Buxey a.l.m.bu...@lboro.ac.uk Hi, Dear Phil, By removing this option, it tries to authenticate with EAP/MSCHAPv2, and also fails. no...it works - but you havent got the 'sql' module enabled in the inner-tunnel (which is where the server goes to when its doing EAP) put sql into the inner-tunnel virtual-server and then the password will be exposed in the EAP tunnel...et voila, it will work(tm) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- João Paulo de Lima Barbosa Fone: (45) 9938-8399 Blog: http://joao.us Twitter: @joaocdc O erro dos que tem poder é colocar barreiras para que ninguém os alcance, incentivando-nos a buscar todas as formas que encontramos para alcança-los. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2 + MySQL + MD5 hash don't work
Hello,
Someone already has implemented two freeradius with mysql
I'm using version 2.1.10 of freeradius on a debian 6
If I try a plaintext based authentication, everything works.
But if I try to do an authentication with an MD5 password, I get the message
seguite:
*[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain
a User-Password attribute!*
Below is my debug and table structures of authentication.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server
inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 172.25.3.0 port 1814, id=40,
length=143
User-Name = usql2@visitantes
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = 02-00-00-00-00-01
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message = 0x0215017573716c32407669736974616e746573
Message-Authenticator = 0x026cbd100d0b63cacb106f91006b21f2
Proxy-State = 0x30
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] Looking up realm visitantes for User-Name = usql2@visitantes
[suffix] Found realm visitantes
[suffix] Adding Stripped-User-Name = usql2
[suffix] Adding Realm = visitantes
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++? if (Realm == visitantes )
? Evaluating (Realm == visitantes ) - TRUE
++? if (Realm == visitantes ) - TRUE
++- entering if (Realm == visitantes ) {...}
[sql_visitantes] expand: %{Stripped-User-Name} - usql2
[sql_visitantes] sql_set_user escaped user -- 'usql2'
rlm_sql (sql_visitantes): Reserving sql socket id: 4
[sql_visitantes] expand: SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute,
value, op FROM radcheck WHERE username =
'usql2' ORDER BY id
[sql_visitantes] User found in radcheck table
[sql_visitantes] expand: SELECT id, username, attribute, value,
op FROM radreply WHERE username =
'%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute,
value, op FROM radreply WHERE username =
'usql2' ORDER BY id
[sql_visitantes] expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER
BY priority - SELECT groupname FROM radusergroup WHERE
username = 'usql2' ORDER BY priority
[sql_visitantes] expand: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE
groupname = 'visitantes' ORDER BY id
[sql_visitantes] User found in group visitantes
[sql_visitantes] expand: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE
groupname = 'visitantes' ORDER BY id
rlm_sql (sql_visitantes): Released sql socket id: 4
+++[sql_visitantes] returns ok
++- if (Realm == visitantes ) returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Normalizing MD5-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = PAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group PAP {...}
*[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain
a User-Password attribute!*
++[pap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
++? if (Realm == visitantes )
? Evaluating (Realm == visitantes ) - TRUE
++? if (Realm == visitantes ) - TRUE
++- entering if (Realm == visitantes ) {...}
[sql_visitantes] expand: %{Stripped-User-Name} - usql2
[sql_visitantes] sql_set_user escaped user -- 'usql2'
[sql_visitantes] expand: %{User-Password} -
[sql_visitantes] ... expanding second conditional
[sql_visitantes] expand: %{Chap-Password} -
[sql_visitantes] expand: INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO
radpostauth
Re: Freeradius 2 + MySQL + MD5 hash don't work
On 03/17/2011 08:01 PM, joao...@gmail.com wrote: *[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute!* This is very clear: mysql select * from radgroupcheck; +++---++---+ | id | groupname | attribute | op | value | +++---++---+ | 1 | visitantes | Auth-Type | := | PAP | +++---++---+ 1 row in set (0.00 sec) This is wrong. Remove it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2 + MySQL + MD5 hash don't work
Dear Phil,
By removing this option, it tries to authenticate with EAP/MSCHAPv2, and also
fails.
Authentication is what I'm doing wireless network.
Below is the result of debugging when I removed the Auth-Type PAP table
radgroupcheck:
[sql_visitantes] expand: %{Stripped-User-Name} - usql2
[sql_visitantes] sql_set_user escaped user -- 'usql2'
rlm_sql (sql_visitantes): Reserving sql socket id: 1
[sql_visitantes] expand: SELECT id, username, attribute, value,
op FROM radcheck WHERE username =
'%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute,
value, op FROM radcheck WHERE username =
'usql2' ORDER BY id
[sql_visitantes] User found in radcheck table
[sql_visitantes] expand: SELECT id, username, attribute, value,
op FROM radreply WHERE username =
'%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute,
value, op FROM radreply WHERE username =
'usql2' ORDER BY id
[sql_visitantes] expand: SELECT groupname FROM
radusergroup WHERE username = '%{SQL-User-Name}' ORDER
BY priority - SELECT groupname FROM radusergroup WHERE
username = 'usql2' ORDER BY priority
[sql_visitantes] expand: SELECT id, groupname, attribute,
Value, op FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, Value, op FROM radgroupcheck WHERE
groupname = 'visitantes' ORDER BY id
[sql_visitantes] User found in group visitantes
[sql_visitantes] expand: SELECT id, groupname, attribute,
value, op FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute, value, op FROM radgroupreply WHERE
groupname = 'visitantes' ORDER BY id
rlm_sql (sql_visitantes): Released sql socket id: 1
+++[sql_visitantes] returns ok
++- if (Realm == visitantes ) returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
+- entering group authenticate {...}
[eap] Request found, released from the list
*[eap] EAP/mschapv2*
[eap] processing type mschapv2
[mschapv2] # Executing group from file
/etc/freeradius/sites-enabled/inner-tunnel
[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Creating challenge hash with username: usql2@visitantes
[mschap] Told to do MS-CHAPv2 for usql2@visitantes with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
2011/3/17 Phil Mayers p.may...@imperial.ac.uk
On 03/17/2011 08:01 PM, joao...@gmail.com wrote:
*[pap] ERROR: You set 'Auth-Type = PAP' for a request that does not
contain a User-Password attribute!*
This is very clear:
mysql select * from radgroupcheck;
+++---++---+
| id | groupname | attribute | op | value |
+++---++---+
| 1 | visitantes | Auth-Type | := | PAP |
+++---++---+
1 row in set (0.00 sec)
This is wrong. Remove it.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
João Paulo de Lima Barbosa
Fone: (45) 9938-8399
Blog: http://joao.us
Twitter: @joaocdc
O erro dos que tem poder é colocar barreiras para que ninguém os alcance,
incentivando-nos a buscar todas as formas que encontramos para alcança-los.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2 + MySQL + MD5 hash don't work
Hi, [pap] ERROR: You set 'Auth-Type = PAP' for a request that does not contain a User-Password attribute! its fair enough. you've set Auth-Type = PAP why? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2 + MySQL + MD5 hash don't work
Hi, Dear Phil, By removing this option, it tries to authenticate with EAP/MSCHAPv2, and also fails. no...it works - but you havent got the 'sql' module enabled in the inner-tunnel (which is where the server goes to when its doing EAP) put sql into the inner-tunnel virtual-server and then the password will be exposed in the EAP tunnel...et voila, it will work(tm) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dhcp over freeradius with mysql
hi,
i would like to implement dhcp over radius! is there any mysql support?
my dhcp config looks like this!
=== snip ==
shared-network X {
if substring(option vendor-class-identifier, 0, 2) = SN {
next-server X.X.X.X;
filename = concat(/inalp/, option vendor-class-identifier, _,
binary-to-ascii (16, 8, -, substring (hardware, 1, 6)));
}
if substring(option vendor-class-identifier, 0, 9) = Mediatrix {
option vendor-encapsulated-options c9:4:c3:3a:a0:d9;
}
subnet X.X.X.X netmask 255.255.255.0 {
option routers 172.28.96.1;
option domain-name-servers X.X.X.X,X.X.X.X;
pool {
range X.X.X.X X.X.X.X;
}
}
}
=== snap ===
is there any way that i can this implement in my radius servers?
on cisco routers i configre ip-helper radius-server-ip-address
thx.
This e-mail is confidential and may well also be legally privileged. If you
have received it in error, you are on notice of its status. Please notify us
immediately by reply e-mail and then delete this message from your system.
Please do not copy it or use it for any purposes, or disclose its contents to
any other person: to do so could be a breach of confidence. Thank you for your
cooperation.
Information pursuant to paragraph 14 Austrian Companies Code: UPC Austria GmbH;
Registered Office: Wolfganggasse 58-60, 1120 Vienna Company Register Number: FN
189858d at the Commercial Court of Vienna
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Automatically Generating Expiration - Freeradius 2.1.9 / mysql 5.1 / dialup admin
On Wed, Nov 24, 2010 at 7:50 AM, mikal m...@atceast.com wrote: What I'm trying to do is enable a non-technical person to create temporary, guest like accounts using the dialup admin interface. The accounts will be created as needed, they need to expire within a predetermined time frame(s) and I'm trying to avoid asking the person creating the accounts to be entering Expiration. So how would I approach having the Expiration field auto populated based on the account creation date/time and a predetermined account lifetime? For instance, creation date/time + 12-hours, or date + 1-day. Thanks in advance for any guidance. Why don't you simply write some kind of small webif in php to do this? It's easy to predefine values and just add them to the database when a non-technical person presses a button or something like it. (you could even add multiple timeframes in a dropdownbox or so) With a little coding you could even integrate such a page in the existing dialup admin if this is desired. I would not use expiration also, but some no-resetting sql counter. You will also need to find a way to auto-delete expired accounts. Just my 2cents. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Automatically Generating Expiration - Freeradius 2.1.9 / mysql 5.1 / dialup admin
I don't know of a way to do that in dialup_admin, but you could potentially look at using a trigger on insert in MySQL. That might be problematic however if you have some users that you don't want to automatically assign this Expiration to. Otherwise if the services assigned are simple it might be easier to create a pared down account creation script either as an extension of dialup_admin or as a standalone app. Ben -Original Message- From: freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org [mailto:freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org] On Behalf Of mikal Sent: Wednesday, November 24, 2010 12:51 AM To: freeradius-users@lists.freeradius.org Subject: Automatically Generating Expiration - Freeradius 2.1.9 / mysql 5.1 / dialup admin What I'm trying to do is enable a non-technical person to create temporary, guest like accounts using the dialup admin interface. The accounts will be created as needed, they need to expire within a predetermined time frame(s) and I'm trying to avoid asking the person creating the accounts to be entering Expiration. So how would I approach having the Expiration field auto populated based on the account creation date/time and a predetermined account lifetime? For instance, creation date/time + 12-hours, or date + 1-day. Thanks in advance for any guidance. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Automatically-Generating- Expiration-Freeradius-2-1-9-mysql-5-1-dialup-admin- tp3277961p3277961.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Automatically Generating Expiration - Freeradius 2.1.9 / mysql 5.1 / dialup admin
What I'm trying to do is enable a non-technical person to create temporary, guest like accounts using the dialup admin interface. The accounts will be created as needed, they need to expire within a predetermined time frame(s) and I'm trying to avoid asking the person creating the accounts to be entering Expiration. So how would I approach having the Expiration field auto populated based on the account creation date/time and a predetermined account lifetime? For instance, creation date/time + 12-hours, or date + 1-day. Thanks in advance for any guidance. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Automatically-Generating-Expiration-Freeradius-2-1-9-mysql-5-1-dialup-admin-tp3277961p3277961.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: 802.1x with freeRadius and mySql database
Hi, Then I start to use mySql database, instead of clients.conf and users. I followed the instructions from this link [1]http://wiki.freeradius.org/SQL_HOWTO. I use the radtest command to test the username/password. It works fine. Then I use the Cisco switch to test the username/password and NAS, it also works fine. But the 802.1x authentication does not work. Here is the output from freeradius -X I'm guessing that you havent enabled sql in the inner-tunnel configuration (which EAP packets get sent through) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help: 802.1x with freeRadius and mySql database
Hi Everyone
I have set up a freeRadius in Ubuntu server 10.0.4. I also set up a Cisco
switch as a NAS and enable 802.1x in the switch port. I used the
configuration first (clients.conf, users). The 802.1x authentication just
works fine.
Then I start to use mySql database, instead of clients.conf and users.
I followed the instructions from this link
http://wiki.freeradius.org/SQL_HOWTO.
I use the radtest command to test the username/password. It works fine.
Then I use the Cisco switch to test the username/password and NAS, it also
works fine.
But the 802.1x authentication does not work. Here is the output from
freeradius -X
Ready to process requests.
rad_recv: Access-Request packet from host 10.5.84.14 port 1645, id=213,
length=265
User-Name = anonymous
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = 00-1A-6C-79-7F-89
Calling-Station-Id = 00-18-8B-B2-74-CE
EAP-Message =
0x0207006b190017030100603436ac7bdf2130158ce653dea69c9c5c155d4a677f8bf6a3330838e2ca749c29c00d7fef558443728826479cb9dbd75b4e3fc4e62b27ecc64a942b06784ae85df1499325a9c927f9e0de86a9989d7349874019e3a286ebb4ab95347d704aaf79
Message-Authenticator = 0x8a020beb0674cb778f3feb2400792a88
NAS-Port-Type = Ethernet
NAS-Port = 50107
NAS-Port-Id = FastEthernet1/0/7
State = 0xc7b0e155c2nt (0018.8bb2.74ce) on Interface Fa1/0/7
AuditSessionID 0A05540E005E17970995b7f81cdb855c0280b00b4a
NAS-IP-Address = 10.5.84.14
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = anonymous, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 7 length 107
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] EAP type mschapv2
[peap] Got tunneled request
EAP-Message =
0x020700401a0207003b31c49dddfb7a41c1b1af6d0248706af94ed2f582ba4490575f7f0c78eb1e81b3dc81c41b0cb19cfc81003833303038
server {
PEAP: Setting User-Name to 83008
Sending tunneled r
020358: Nov 17 11:41:28.199 PST: %AUTHMGR-5-FAIL: Authorization failed for
client (0018.8bb2.74ce) on Interface Fa1/0/7 AuditSessionID 0equest
EAP-Message =
0x020700401a0207003b31c49dddfb7a41c1b1af6d0248706af94ed2f582ba4490575f7f0c78eb1e81b3dc81c41b0cb19cfc81003833303038
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name = 83008
State = 0xe741fb76e746e148ba5c58c22edbac30
server inner-tunnel {
+- entering group authorize {...}
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
[suffix] No '@' in User-Name = 83008, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
++[control] returns noop
[eap] EAP packet type response id 7 length 64
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/mschapv2
[eap] processing type mschapv2
[mschapv2] +- enA05540E005E17970995tering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for 83008 with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
83008 is my user id. Why it tries to use MSCHAP module and use NT-Password ?
Here is the fradius database information in mySql.
mysql show tables;
+---+
| Tables_in_fradius |
+---+
| nas |
| radacct |
| radcheck |
| radgroupcheck |
| radgroupreply |
| radpostauth |
| radreply |
| radusergroup |
+---+
8 rows in set (0.00 sec)
mysql select * from nas;
+++--+-+---++---+---+
| id | nasname| shortname| type| ports | secret |
community | description |
+++--+-+---++---+---+
| 2 | 10.5.84.14 | lab-3750b | cisco | NULL | spl00t | NULL | RADIUS
Client |
+++--+-+---++---+---+
1 row in set (0.00 sec)
mysql select * from radcheck;
Cisco LNS with Freeradius and MySQL
Hi I request a small help for my configuration, sorry for my english: I have a cisco router with VRF I have a Freeradius server with sql I have a lot of Adsl user in L2TP. I want add one user to a specific vrf, i have added to the mysql table: INSERT INTO `radgroupreply` VALUES (9, 'IAccess', 'cisco-avpair', '+=', 'lcp:interface-config=ip vrf forwarding INT002\\n ip unnumbered Loopback250'); but when the user connect, that's don't work ... On my cisco router, i have: One Loopback: interface Loopback250 ip vrf forwarding INT002 no ip address One Vrf: ip vrf INT002 rd 65509:501 route-target export 65509:101 route-target import 65509:100 route-target import 65509:50 where is my error ? Second question: I use sqlippool for dynamic IP, if i want specify a IP to a username (static) what is the process ? create a specific group ? thanks for your help stephane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LNS with Freeradius and MySQL
On 10/18/2010 06:07 PM, Stephane MAGAND wrote:
but when the user connect, that's don't work ...
See the FAQ for it doesn't work.
Second question: I use sqlippool for dynamic IP, if i want specify a IP
to a username (static) what is the process ? create a specific group ?
You can assign an IP manually, and sqlippool will see this and do
nothing. For example:
authorize {
...
files
...
}
post-auth {
...
sqlippool
}
...and in /etc/raddb/users:
specialuser1
Framed-IP-Address := a.b.c.d
otheruser2
Framed-IP-Address := e.f.g.h
You can use any FreeRadius module (SQL, rlm_passwd) to do this. Another
example:
post-auth {
update control {
Tmp-IP-Address-0 = %{sql:select staticip from mytable where ...}
}
if (control:Tmp-IP-Address-0) {
update reply {
Framed-IP-Address := %{control:Tmp-IP-Address-0}
}
}
else {
sqlippool
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LNS with Freeradius and MySQL
2010/10/18 Phil Mayers p.may...@imperial.ac.uk: On 10/18/2010 06:07 PM, Stephane MAGAND wrote: but when the user connect, that's don't work ... See the FAQ for it doesn't work. Thanks for your answer Phil, but i don't see in the FAQ a answer at my question. Do you create the VRF on the cisco ? Do you create the loopback on the cisco ? Do you put the Loopback into the vrf ? Bye Stephane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LNS with Freeradius and MySQL
Ok i have resolved my problems ;=) 2010/10/18 Stephane MAGAND stmagconsult...@gmail.com: 2010/10/18 Phil Mayers p.may...@imperial.ac.uk: On 10/18/2010 06:07 PM, Stephane MAGAND wrote: but when the user connect, that's don't work ... See the FAQ for it doesn't work. Thanks for your answer Phil, but i don't see in the FAQ a answer at my question. Do you create the VRF on the cisco ? Do you create the loopback on the cisco ? Do you put the Loopback into the vrf ? Bye Stephane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco LNS with Freeradius and MySQL
On 10/18/2010 06:51 PM, Stephane MAGAND wrote: 2010/10/18 Phil Mayersp.may...@imperial.ac.uk: On 10/18/2010 06:07 PM, Stephane MAGAND wrote: but when the user connect, that's don't work ... See the FAQ for it doesn't work. I meant literally the FAQ item It still doesn't work, which advises posting the debug output, but I see you've solved it now. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuration freeradius with mysql
Have you decommented the $INCLUDE sql.conf line in radiusd.conf?
I had the same problem when I compiled freeradius-2.1.8. If I compiled
freeradius without libmysqlclient15-dev package the problem appeared.
Try it.
2010/5/14 dorra aa dj_dido2...@hotmail.com
hi
i installed mysql.
and i modify in /etc/freeradius/sql.conf:
readclients=yes
also, i decommented in /etc/freeradius/radiusd.conf:
accounting
{
sql}
authorize
{...
sql}
i run again freeradius -X:
but it seems failed because of sql: this is the output
[...]
sql: postauth_query = INSERT into radpostauth (user, pass, reply, date)
values ('%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())
sql: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to r...@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_s! ql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql_mysql: Couldn't connect socket to MySQL server r! o...@localhost
:radius
rlm_sql_mysql: Mysql error 'Access denied for user 'root'@'localhost'
(using password: YES)'
# but i check it and it's ok i have in sql.conf: sql{server = localhost
login = root
password = rootpass}
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
#but i begin with installing mysql-server and i add a user in the database
rlm_sql (sql): - generate_sql_clients
rlm_sql (sql): Query: SELECT * FROM nas
rlm_sql (sql): Ignoring unconnected handle 4..
rlm_sql (sql): Ignoring unconnected handle 3..
rlm_sql (sql): Ignoring unconnected handle 2..
rlm_sql (s! ql): Ignoring unconnected handle 1..
rlm_sql (sql): Ignoring unconn ected handle 0..
rlm_sql (sql): There are no DB handles to use! sk! ipped 5, tried to
connect 0
rlm_sql (sql): generate_sql_clients() r eturned error
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
radiusd.conf[14]: sql: Module instantiation failed.
radiusd.conf[1860] Unknown module sql.
radiusd.conf[1789] Failed to parse authorize section.
--
Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up
now. https://signup.live.com/signup.aspx?id=60969
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius with mysql failed
hi
i installed mysql.
and i modify in /etc/freeradius/sql.conf:
readclients=yes
also, i decommented in /etc/freeradius/radiusd.conf:
accounting
{
sql}
authorize
{...
sql}
i run again freeradius -X:
but it seems failed because of sql: this is the output
[...]
sql: postauth_query = INSERT into radpostauth (user, pass, reply, date)
values ('%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())
sql: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to r...@localhost:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql_mysql: Couldn't connect socket to MySQL server r...@localhost:radius
rlm_sql_mysql: Mysql error 'Access denied for user 'root'@'localhost' (using
password: YES)'
# but i check it and it's ok i have in sql.conf: sql{server = localhost
login = root
password = rootpass}
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
#but i begin with installing mysql-server and i add a user in the database
rlm_sql (sql): - generate_sql_clients
rlm_sql (sql): Query: SELECT * FROM nas
rlm_sql (sql): Ignoring unconnected handle 4..
rlm_sql (sql): Ignoring unconnected handle 3..
rlm_sql (sql): Ignoring unconnected handle 2..
rlm_sql (sql): Ignoring unconnected handle 1..
rlm_sql (sql): Ignoring unconnected handle 0..
rlm_sql (sql): There are no DB handles to use! skipped 5, tried to connect 0
rlm_sql (sql): generate_sql_clients() returned error
rlm_sql (sql): Closing sqlsocket 4
rlm_sql (sql): Closing sqlsocket 3
rlm_sql (sql): Closing sqlsocket 2
rlm_sql (sql): Closing sqlsocket 1
rlm_sql (sql): Closing sqlsocket 0
radiusd.conf[14]: sql: Module instantiation failed.
radiusd.conf[1860] Unknown module sql.
radiusd.conf[1789] Failed to parse authorize section.
_
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with reading user data in Freeradius with Mysql
You can try to put Password attribute instead of Cleartext-Password. The operator is also important: user Password == pass 2010/4/29 John Dennis jden...@redhat.com On 04/29/2010 02:27 PM, VU VAN HUNG wrote: Hi all, I got a problem with freeradius and mysql. My freeradius server cannot read data from radcheck table. It notice that No Cleartext-Password's Configured, even if I totally set Attribute field in radcheck table is Cleartext-Password. Could someones help me solve this problem ? Read the output of radiusd -X, it will show you what is happening. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with reading user data in Freeradius with Mysql
David Seira wrote: You can try to put Password attribute instead of Cleartext-Password. Please no. Don't use Password or User-Password. The operator is also important: user Password == pass Again, no. userCleartext-Password := password The FAQ has an example of this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with reading user data in Freeradius with Mysql
I use MD5 pass and SHA pass: user SHA-Password := pass user MD5-Password := pass 2010/4/30 Alan DeKok al...@deployingradius.com David Seira wrote: You can try to put Password attribute instead of Cleartext-Password. Please no. Don't use Password or User-Password. The operator is also important: user Password == pass Again, no. userCleartext-Password := password The FAQ has an example of this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with reading user data in Freeradius with Mysql
Hi all, I got a problem with freeradius and mysql. My freeradius server cannot read data from radcheck table. It notice that No Cleartext-Password's Configured, even if I totally set Attribute field in radcheck table is Cleartext-Password. Could someones help me solve this problem ? Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with reading user data in Freeradius with Mysql
On 04/29/2010 02:27 PM, VU VAN HUNG wrote: Hi all, I got a problem with freeradius and mysql. My freeradius server cannot read data from radcheck table. It notice that No Cleartext-Password's Configured, even if I totally set Attribute field in radcheck table is Cleartext-Password. Could someones help me solve this problem ? Read the output of radiusd -X, it will show you what is happening. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius AND Mysql ? or Freeradius-mysql package??? or both?
Dear all: i have installed debian, mysql server 5.0 (by aptitude install) and freeradius-server-2.1.7 by wget and untar -xvfz , manually. i have no errors on freeradius run. i have a 3com RAS with PPP and PPPoE users, i would like to put my debian-freeradius as a Radius for them (AAA). Question is: it is necessary install freeradius-mysql package? if yes, then: must i install freeradius-mysql as a repository package (aptitude install freeradius-mysql) ? or it's not recommended this way? Its better do it by downloading and untar manually ? there is no problem if i aptitude install freeradius-mysql with my actual freeradius version? thanks sorry my poor english. Carlos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius AND Mysql ? or Freeradius-mysql package??? or both?
i have installed debian, mysql server 5.0 (by aptitude install) and freeradius-server-2.1.7 by wget and untar -xvfz , manually. Question is: it is necessary install freeradius-mysql package? If you installed freeradius from source - no. Source has complete server. But it is dependany on development headers. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Remote access control in freeradius with mysql
Dear all, Problem solved. Using Auth-Type attribute in radcheck table solve the problem. Cheers. cktan wrote: Dear all, I've a freeradius server running with LDAP as the Authentication and Authorization where else Accounting running on Mysql. It was working well at the moment and I'm looking to migrate from LDAP to run fully in Mysql. Question is I need to have control on remote access for certain users. In LDAP, I used to have dialupAccess attribute to control the access for user and I can't find it in Mysql. I come across to radreply table but not sure which attribute should I use to have authorization for user to access. Looking for your kind information in this matter. Regards -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Remote access control in freeradius with mysql
Dear all, I've a freeradius server running with LDAP as the Authentication and Authorization where else Accounting running on Mysql. It was working well at the moment and I'm looking to migrate from LDAP to run fully in Mysql. Question is I need to have control on remote access for certain users. In LDAP, I used to have dialupAccess attribute to control the access for user and I can't find it in Mysql. I come across to radreply table but not sure which attribute should I use to have authorization for user to access. Looking for your kind information in this matter. Regards -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS Cluster MySQL Webinar: online!
The webinar is now recorded, and available online: http://www.mysql.com/news-and-events/on-demand-webinars/display-od-419.html Anyone wanting to know more about cluster performance should check it out. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reminder: Webinar with FreeRADIUS and MySQL: Sept. 30
I will be giving a Webinar with MySQL on September 30. Registration is available at: http://www.mysql.com/news-and-events/web-seminars/display-419.html The webinar will be given via Webex. You will need an account on mysql.com in order to register and see webex details. The full announcement is below. Alan DeKok. +++ FreeRADIUS MySQL Cluster: Scalable and Highly Available AAA Services Wednesday, September 30, 2009 As network use grows and services become more dynamic, so existing Authentication, Authorization and Accounting (AAA) environments can struggle to keep pace with demand Tune into this webinar where you can hear from the Alan DeKok, one of the founders of the FreeRADIUS project and CEO of Network RADIUS, discuss the concepts and implementation of RADIUS services using the FreeRADIUS server and the MySQL Cluster database to deliver highly available and scalable AAA services In this session, you will learn about: - potential AAA limitations as network environments grow - advantages of deploying FreeRADIUS with MySQL Cluster - Performance, sizing and deployment of an AAA environment using FreeRADIUS with MySQL Cluster - customer case studies - how to get started WHO: * Alan DeKok, Founder of FreeRADIUS and CEO of Network RADIUS * Matthew Keep, MySQL Cluster Product Management WHAT: FreeRADIUS MySQL Cluster: Scalable and Highly Available AAA Services WHEN: Wednesday, September 30, 2009: 09:30 Pacific time (America) 06:30 Hawaii time 10:30 Mountain time (America) 11:30 Central time (America) 12:30 Eastern time (America) 16:30 UTC 17:30 Western European time 18:30 Central European time 19:30 Eastern European time The presentation will be approximately 45 minutes long followed by QA. WHERE: Simply access the web seminar from the comfort of your own office. WHY: To learn more about how you can use FreeRADIUS and MySQL Cluster 7.0 to deliver highly available and scalable AAA Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unable to connection freeradius with mysql
shivashankar wrote: i am useing freeradius2.1.6 and mysql5.0 on solaris10. when ever i start the server radiusd -X . i am getting below problem. i think it is not connected to mysql.plz help me how to connect READ the debug messages? rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server rad...@localhost:radius rlm_sql_mysql: Mysql error 'Client does not support authentication protocol requested by server; consider upgrading MySQL client' What part of that message is unclear? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: unable to connection freeradius with mysql
http://lmgtfy.com/?q=does+not+support+authentication+protocol+requested+by%2 0server+consider+upgrading+MySQL+client -Original Message- From: freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org [mailto:freeradius-users- bounces+wiechman.lists=gmail@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, August 05, 2009 3:30 AM To: FreeRadius users mailing list Subject: Re: unable to connection freeradius with mysql shivashankar wrote: i am useing freeradius2.1.6 and mysql5.0 on solaris10. when ever i start the server radiusd -X . i am getting below problem. i think it is not connected to mysql.plz help me how to connect READ the debug messages? rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server rad...@localhost:radius rlm_sql_mysql: Mysql error 'Client does not support authentication protocol requested by server; consider upgrading MySQL client' What part of that message is unclear? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unable to connection freeradius with mysql
attr_filter.accounting_response
attr_filter attr_filter.accounting_response {
attrsfile = /usr/local/etc/raddb/attrs.accounting_response
key = %{User-Name}
}
Module: Checking session {...} for more modules to load
Module: Checking post-proxy {...} for more modules to load
Module: Checking post-auth {...} for more modules to load
Module: Instantiating reply_log
detail reply_log {
detailfile =
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
header = %t
detailperm = 384
dirperm = 493
locking = no
log_packet_header = no
}
} # modules
} # server
radiusd: Opening IP addresses and Ports
listen {
type = auth
ipaddr = *
port = 0
}
listen {
type = acct
ipaddr = *
port = 0
}
listen {
type = control
listen {
socket = /usr/local/var/run/radiusd/radiusd.sock
}
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
--
View this message in context:
http://www.nabble.com/unable-to-connection-freeradius-with-mysql-tp24820558p24820558.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius and MySql custom attributes
Hello,
I work in the NOC of an isp. Currently we have VIRCOM Radius servers
set up to authenticate against a MySql server cluster, but we'd like to
switch to FreeRadius. There is a profiles column that contains a few
different service definitions (slip for SlipStream, newsgroups, a combo
slip-news, etc.) What I can't figure out how to do is have the Radius
server evaluate that column for the authenticated user, and send a reply
so that the client knows that the user is authenticated for that
specific service. Currently, I'm just trying to get the slip service to
work. I have created a dictionary.slipstream file with the following:
VENDOR Slipstream 7000
ATTRIBUTE SlipStream-Auth True string Slipstream
However, that will not authenticate the slip client. If I hardcode
the attribute into the auth_reply query, the client is then
authenticated. (Query = authorize_reply_query = SELECT
'','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username =
'%{SQL-User-Name}'
Any ideas where to go to get this working correctly?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
have created a dictionary.slipstream file with the following:
VENDOR Slipstream 7000
ATTRIBUTE SlipStream-Auth True string Slipstream
However, that will not authenticate the slip client. If I hardcode
the attribute into the auth_reply query, the client is then
authenticated. (Query = authorize_reply_query = SELECT
'','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username =
'%{SQL-User-Name}'
Any ideas where to go to get this working correctly?
Post the output of radiusd -X.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
I'll also add that the dictionary.slipstream is included in the
dictionary file. FreeRadius running on freeBSD
On Wed, 2008-11-05 at 12:14 -0500, Aaron Seibert wrote:
Hello,
I work in the NOC of an isp. Currently we have VIRCOM Radius servers
set up to authenticate against a MySql server cluster, but we'd like to
switch to FreeRadius. There is a profiles column that contains a few
different service definitions (slip for SlipStream, newsgroups, a combo
slip-news, etc.) What I can't figure out how to do is have the Radius
server evaluate that column for the authenticated user, and send a reply
so that the client knows that the user is authenticated for that
specific service. Currently, I'm just trying to get the slip service to
work. I have created a dictionary.slipstream file with the following:
VENDOR Slipstream 7000
ATTRIBUTE SlipStream-Auth True string Slipstream
However, that will not authenticate the slip client. If I hardcode
the attribute into the auth_reply query, the client is then
authenticated. (Query = authorize_reply_query = SELECT
'','Slipstream-Auth','true',':-' FROM radius_auth WHERE Username =
'%{SQL-User-Name}'
Any ideas where to go to get this working correctly?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
Posting relevant sections along with an explanation -
I was doing some fiddling in between posting and responding here. Here
is the current setup, as I was trying to make it work:
dictionary.slipstream -
VENDOR Slipstream 7000
ATTRIBUTE Profile 1 string Slipstream
reply query in mssql.conf -
authorize_reply_query = SELECT '',Username,'Profile',Profiles,':=' FROM
radius_auth WHERE Username = '%{SQL-User-Name}'
Relevant output when running radiusd -X -
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
rlm_realm: Looking up realm evenlink.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm evenlink.com
modcall[authorize]: module suffix returns noop for request 0
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]'
radius_xlat: 'SELECT '',Username,'Cleartext-Password',Password,':='
FROM radius_auth WHERE Username = '[EMAIL PROTECTED]''
rlm_sql (sql): Reserving sql socket id: 4
query: SELECT '',Username,'Cleartext-Password',Password,':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]'
radius_xlat: ''
radius_xlat: 'SELECT '',Username,'Profile',Profiles,':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]''
query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth
WHERE Username = '[EMAIL PROTECTED]'
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module sql returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 46 to 206.174.130.217 port 40278
Profile := Slip
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 46 with timestamp 4911f770
Nothing to do. Sleeping until we see a request.
This doesn't allow the slip user to connect to the slip service.
However, if I change everything to the following:
dictionary.slipstream:
VENDOR Slipstream 7000
ATTRIBUTE Slipstream-Auth 1 string Slipstream
mssql query:
authorize_reply_query = SELECT
'',Username,'Slipstream-Auth','true',':=' FROM radius_auth WHERE
Username = '%{SQL-User-Name}'
Output:
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
rlm_realm: Looking up realm evenlink.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm evenlink.com
modcall[authorize]: module suffix returns noop for request 0
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]'
radius_xlat: 'SELECT '',Username,'Cleartext-Password',Password,':='
FROM radius_auth WHERE Username = '[EMAIL PROTECTED]''
rlm_sql (sql): Reserving sql socket id: 4
query: SELECT '',Username,'Cleartext-Password',Password,':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]'
radius_xlat: ''
radius_xlat: 'SELECT '',Username,'Slipstream-Auth','true',':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]''
query: SELECT '',Username,'Slipstream-Auth','true',':=' FROM
radius_auth WHERE Username = '[EMAIL PROTECTED]'
radius_xlat: ''
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module sql returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 230 to 206.174.130.217 port 56427
Slipstream-Auth := true
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 230 with timestamp 4911fa44
Nothing to do. Sleeping until we see a request.
As you can see, what I need to do is basically say if the Profiles
column in the sql database has a value of Slip, then Slipstream-Auth =
true needs to be passed back in the reply query. I just can't figure
out how to do that...
On Wed, 2008-11-05 at 13:56 -0500, Stephen Bowman wrote:
have created a dictionary.slipstream file with the following:
VENDOR Slipstream 7000
ATTRIBUTE SlipStream-Auth True string Slipstream
However, that will not authenticate the slip client. If I
hardcode
the attribute into the auth_reply query, the client is then
authenticated. (Query = authorize_reply_query = SELECT
'','Slipstream-Auth','true',':-' FROM radius_auth WHERE
Username =
'%{SQL-User-Name}'
Any ideas where to go to get this working correctly?
Post the output of radiusd -X.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
Re: FreeRadius and MySql custom attributes
authorize_reply_query = SELECT '',Username,'Profile',Profiles,':=' FROM
radius_auth WHERE Username = '%{SQL-User-Name}'
It's doing exactly what you tell it to do.
query: SELECT '',Username,'Profile',Profiles,':=' FROM radius_auth
WHERE Username = '[EMAIL PROTECTED]'
There's the query as you defined it above...
Sending Access-Accept of id 46 to 206.174.130.217 port 40278
Profile := Slip
And there's the access-accept with a reply attribute of Profile := Slip.
In your database you clearly have a column titled 'Profile' in radius_auth
with value of Slip for the row for the username [EMAIL PROTECTED]
To get what you want, you would need a column titled Slipstream-Auth with
a value of True for the row for the username [EMAIL PROTECTED].
But all this is actually a bit horkie. It makes little sense to have to add
a column everytime you want a random check/reply attribute. It's bad
practice and going to be terribly inefficient by any database backend.
Why is it that you don't want to follow the provided schema (in 2.x
raddb/sql/mysql/) and predefined queries?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
Becuase the database is already established with thousands of
customers We're looking to migrate from an existing VOPRadius
system. The MsSql database is tied into our account management system
as well
On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote:
authorize_reply_query = SELECT
'',Username,'Profile',Profiles,':=' FROM
radius_auth WHERE Username = '%{SQL-User-Name}'
It's doing exactly what you tell it to do.
query: SELECT '',Username,'Profile',Profiles,':=' FROM
radius_auth
WHERE Username = '[EMAIL PROTECTED]'
There's the query as you defined it above...
Sending Access-Accept of id 46 to 206.174.130.217 port 40278
Profile := Slip
And there's the access-accept with a reply attribute of Profile :=
Slip. In your database you clearly have a column titled 'Profile'
in radius_auth with value of Slip for the row for the username
[EMAIL PROTECTED]
To get what you want, you would need a column titled Slipstream-Auth
with a value of True for the row for the username
[EMAIL PROTECTED].
But all this is actually a bit horkie. It makes little sense to have
to add a column everytime you want a random check/reply attribute.
It's bad practice and going to be terribly inefficient by any database
backend.
Why is it that you don't want to follow the provided schema (in 2.x
raddb/sql/mysql/) and predefined queries?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
You can extend the rlm_sql module to read from your schema though it
is some work. Alternatively you can go with perl and scripting.
I believe extending rlm_sql module to read your schema and generate
AVP's will give better performance, but I might be wrong. I have taken
this path for a custom database.
Regards,
Venkatesh K
On Thu, Nov 6, 2008 at 3:17 AM, Aaron Seibert [EMAIL PROTECTED] wrote:
Becuase the database is already established with thousands of
customers We're looking to migrate from an existing VOPRadius
system. The MsSql database is tied into our account management system
as well
On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote:
authorize_reply_query = SELECT
'',Username,'Profile',Profiles,':=' FROM
radius_auth WHERE Username = '%{SQL-User-Name}'
It's doing exactly what you tell it to do.
query: SELECT '',Username,'Profile',Profiles,':=' FROM
radius_auth
WHERE Username = '[EMAIL PROTECTED]'
There's the query as you defined it above...
Sending Access-Accept of id 46 to 206.174.130.217 port 40278
Profile := Slip
And there's the access-accept with a reply attribute of Profile :=
Slip. In your database you clearly have a column titled 'Profile'
in radius_auth with value of Slip for the row for the username
[EMAIL PROTECTED]
To get what you want, you would need a column titled Slipstream-Auth
with a value of True for the row for the username
[EMAIL PROTECTED].
But all this is actually a bit horkie. It makes little sense to have
to add a column everytime you want a random check/reply attribute.
It's bad practice and going to be terribly inefficient by any database
backend.
Why is it that you don't want to follow the provided schema (in 2.x
raddb/sql/mysql/) and predefined queries?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Venkatesh. K
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius and MySql custom attributes
I think what I'll do is just change the reply query to pull from the
Profiles table so the query would look like
id,username,profiles,'true',';='. Then I'll change the dictionary file
so the Slip profile gets the correct attributes, and true will be
passed tith each of the account types
On Thu, 2008-11-06 at 04:15 +0530, Venkatesh K wrote:
You can extend the rlm_sql module to read from your schema though it
is some work. Alternatively you can go with perl and scripting.
I believe extending rlm_sql module to read your schema and generate
AVP's will give better performance, but I might be wrong. I have taken
this path for a custom database.
Regards,
Venkatesh K
On Thu, Nov 6, 2008 at 3:17 AM, Aaron Seibert [EMAIL PROTECTED] wrote:
Becuase the database is already established with thousands of
customers We're looking to migrate from an existing VOPRadius
system. The MsSql database is tied into our account management system
as well
On Wed, 2008-11-05 at 16:45 -0500, Stephen Bowman wrote:
authorize_reply_query = SELECT
'',Username,'Profile',Profiles,':=' FROM
radius_auth WHERE Username = '%{SQL-User-Name}'
It's doing exactly what you tell it to do.
query: SELECT '',Username,'Profile',Profiles,':=' FROM
radius_auth
WHERE Username = '[EMAIL PROTECTED]'
There's the query as you defined it above...
Sending Access-Accept of id 46 to 206.174.130.217 port 40278
Profile := Slip
And there's the access-accept with a reply attribute of Profile :=
Slip. In your database you clearly have a column titled 'Profile'
in radius_auth with value of Slip for the row for the username
[EMAIL PROTECTED]
To get what you want, you would need a column titled Slipstream-Auth
with a value of True for the row for the username
[EMAIL PROTECTED].
But all this is actually a bit horkie. It makes little sense to have
to add a column everytime you want a random check/reply attribute.
It's bad practice and going to be terribly inefficient by any database
backend.
Why is it that you don't want to follow the provided schema (in 2.x
raddb/sql/mysql/) and predefined queries?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with Freeradius and MySQL
Hello, my name is Andre, I need your help for configuration of the Freeradius with MySQL. I can use the password in the tables of mysql with anything crypt, but I dont know the configuration. Please help-me. Sorry for my bad English. I am Brazilian. Andre Luiz B. Lemos- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with Freeradius and MySQL
Are you trying to get your FreeRADIUS SQL able, or are you trying to use crypted passwords for users in the SQL table? Case one: (Talking of FreeRADIUS versions 2.*.*) First of all you need the SQL schemes provided in freeradius-server-2.1.1/raddb/sql/mysql/ You also might want to have a look at those files and uncomment the SQL stuff inside: /etc/raddb/sql.conf /etc/raddb/radiusd.conf /etc/raddb/sites-enabled/default run:$ radiusd -X ^^ should provide you errors or a lot of querries ... Second case: It depends on what kind of authentication you're expecting to use ... as far as I know i.e. isn't it possible to youse crypted passwords in combination with ms-chap ... Good luck! Regards, Leander Andre Luiz B. Lemos schrieb: Hello, my name is Andre, I need your help for configuration of the Freeradius with MySQL. I can use the password in the tables of mysql with anything crypt, but I dont know the configuration. Please help-me. Sorry for my bad English. I am Brazilian. Andre Luiz B. Lemos - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with Freeradius and MySQL
Hello, my name is Andre, I need your help for configuration of the Freeradius with MySQL. I can use the password in the tables of mysql with anything crypt, but I dont know the configuration. There is nothing to configure. Just use appropriate password attribute. If you are using crypt - Crypt-Password; if you are using md5 - MD5-Password, salted sha1 - SSHA1-Password etc. You can find the supported password attributes in share/dictionary.freeradius.internal. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access rights for some users ou users groups with freeradius and mysql
If I understood you well, you want some users or groups to have access from NAS1 but not from NAS2. Add attribute NAS-IP Address with appropriate value to radcheck or radgroupcheck table. Ivan Kalik Kalik Informatika ISP Dana 13/10/2008, BADAOUI Nasr-Eddine (P) [EMAIL PROTECTED] piše: Hi, I'd like to know how to authorize some users or users's group created in mysql tables can logged only on some mysql's clients, with freeradius. Mysql's tables are : nas table for clients radcheck table for users radgropucheck table usergroup table many thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
access rights for some users ou users groups with freeradius and mysql
Hi, I'd like to know how to authorize some users or users's group created in mysql tables can logged only on some mysql's clients, with freeradius. Mysql's tables are : nas table for clients radcheck table for users radgropucheck table usergroup table many thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Startdate for sessions in FreeRadius with MySql?
Yeah. That's kind of my rescue solution. To create a que that is processed on a daily basis. But I thought that since there is an expire attribute that it might be a start as well. It would obviously take less effort to just add that kind of attribute instead of adding a que and some kind of quehandler to our application. //Johan tnt-4 wrote: Any thoughts? Don't create the username before the startdate. There is absolutely no reason for it to be in the database before it. Make a script that creates the user entry when startdate is reached. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Startdate-for-sessions-in-FreeRadius-with-MySql--tp19837587p19892931.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Startdate for sessions in FreeRadius with MySql?
Or create all you need and add Auth Type Reject in radcheck table for that user and delete this entry on start date with cron script On Thu, Oct 9, 2008 at 8:06 AM, Bladan2000 [EMAIL PROTECTED] wrote: Yeah. That's kind of my rescue solution. To create a que that is processed on a daily basis. But I thought that since there is an expire attribute that it might be a start as well. It would obviously take less effort to just add that kind of attribute instead of adding a que and some kind of quehandler to our application. //Johan tnt-4 wrote: Any thoughts? Don't create the username before the startdate. There is absolutely no reason for it to be in the database before it. Make a script that creates the user entry when startdate is reached. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Startdate-for-sessions-in-FreeRadius-with-MySql--tp19837587p19892931.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Startdate for sessions in FreeRadius with MySql?
You can always add your own. http://freeradius.org/radiusd/man/dictionary.html Ivan Kalik Kalik Informatika ISP Dana 9/10/2008, Bladan2000 [EMAIL PROTECTED] piše: Yeah. That's kind of my rescue solution. To create a que that is processed on a daily basis. But I thought that since there is an expire attribute that it might be a start as well. It would obviously take less effort to just add that kind of attribute instead of adding a que and some kind of quehandler to our application. //Johan tnt-4 wrote: Any thoughts? Don't create the username before the startdate. There is absolutely no reason for it to be in the database before it. Make a script that creates the user entry when startdate is reached. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Startdate-for-sessions-in-FreeRadius-with-MySql--tp19837587p19892931.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Startdate for sessions in FreeRadius with MySql?
Hello! We're using FreeRadius 1.1.7 along with MySql on an Ubuntu server. We have a web application to create users for FreeRadius and administrators can set the expire date for when a session should expire. This is achieved with the Expiration attribute in the table called RadCheck in the MySql database. However, a customer would like to be able to also set a start-date for when the session should become valid i.e. if I set 2008-10-06 it won't be possible to log in before that date. I haven't found a way to do this in FreeRadius. Does anyone have a solution for this? I thought that it might exist an attribute for Start as well when there is one for Expire but I haven't found any. The only solution I can come up with is some kind of own customized que handling for this altough I would prefer a simple attribute. Any thoughts? Johan -- View this message in context: http://www.nabble.com/Startdate-for-sessions-in-FreeRadius-with-MySql--tp19837587p19837587.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Startdate for sessions in FreeRadius with MySql?
Any thoughts? Don't create the username before the startdate. There is absolutely no reason for it to be in the database before it. Make a script that creates the user entry when startdate is reached. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Most likely. Can you post the content of your dictionary file? Or download 2.0.2 and see if that attribute is in dictionary.slipstream. If it is include it with the other dictionaries. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše: Can I just add it ? On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTESlipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Ok I found that. Where do I add the stuff in my mysql database to allow that attribute. On Feb 29, 2008, at 5:19 AM, Ivan Kalik wrote: Most likely. Can you post the content of your dictionary file? Or download 2.0.2 and see if that attribute is in dictionary.slipstream. If it is include it with the other dictionaries. Ivan Kalik Kalik Informatika ISP Dana 29/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše: Can I just add it ? On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1 mysql Attribute
Im working with dialup provider that is acting as the nas and they are authenticating off my radius server. Authentication works fine. They have this fastnet program that is supposed to make the internet faster. Attached is what they told me to do. I have added it to the dynamic group in mysql and the user is part of that group. But nothing. If you run your own radius server: For those of you that run your own radius server, you must configure your radius server to authenticate the enduser. The authentication will be passed to you, via the same radius servers that authentication currently comes from for pass through radius. The customer must login to the software using their dial-up username and password. You will need to pass back to us the following attribute. (You will need to add this to your dictionary file): VENDORATTR 7000 Slipstream-Auth 1 string Set this equal to 'true' for those that have web acceleration and 'false' for those that do not. By default right now it accepts all users, so be sure to test it with setting one user equal to false and trying to login, it should deny them. Example of how this can be done (using Radiator): Add to your dictionary file at /usr/local/etc/raddb/dictionary: VENDORATTR 7000 Slipstream-Auth 1 string Next, In Radiator you will want to configure like we have listed below. The default entry should be listed after all the webcompress users but before all normal users. Example of how this can be done (Most Radius's): Open up your current dictionary file. Search for the word : cisco- avpair . This is attribute # 1 of vendor 9. You need to create a similar entry, but it should be attribute # 1 of vendor 7000. Follow the example of how the other entry is in your dictionary file. If you cannot find this attribute, it could be under a sub dictionary file. Perhaps something called dictionary.cisco . You may have some INCLUDE lines at the top of your dictionary file that call include dictionary.cisco. If so, you will want to add an INCLUDE line for something like dictionary.slipstream and then follow the example on how dictionary.cisco is setup to make your own dictionary.slipstream file and add that one attribute in it. To Accept a user (this will accept dial-up and accept slipstream): [EMAIL PROTECTED] Auth-Type := Local, User-Password == trial Slipstream-Auth = true To Deny a user from Slipstream. Do not pass back the Slipstream-Auth = true. We deny all customers that do not hae a Slipstream-Auth = true attribute. Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
I don't have anything like this in my dictionary. This is free radius 1 On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
So is this. 1.1.7 file /usr/local/etc/raddb/dictionary. Ivan Kalik Kalik Informatika ISP Dana 28/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše: I don't have anything like this in my dictionary. This is free radius 1 On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTESlipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
This is version 1.1.3 I don't see this anywhere in this file. #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer On Feb 28, 2008, at 8:16 PM, Ivan Kalik wrote: So is this. 1.1.7 file /usr/local/etc/raddb/dictionary. Ivan Kalik Kalik Informatika ISP Dana 28/2/2008, Dustin Schuemann [EMAIL PROTECTED] piše: I don't have anything like this in my dictionary. This is free radius 1 On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer .. . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
Can I just add it ? On Feb 28, 2008, at 5:51 PM, Ivan Kalik wrote: Add to your dictionary file at /usr/local/etc/raddb/dictionary: Same file in Freeradius. VENDORATTR 7000 Slipstream-Auth 1 string You will find this in there: #ATTRIBUTE My-Local-String 3000string #ATTRIBUTE My-Local-IPAddr 3001ipaddr #ATTRIBUTE My-Local-Integer3002integer Change the first one to: ATTRIBUTE Slipstream-Auth 3000string Restart the server for this to take effect. Use the attribute as instructed (but correct the first line as per instructions in users file if you are using a recent freeradius version). Attribute should appear in the Access-Accept packet if all goes well. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dustin Schuemann . Network Engineer . . . . . . . . . . . . . . . . . . . . . . . . . . AMS/The Support Dept 400 Ann St NW Suite 102 Grand Rapids, MI 49504 p. 616.235.0725 ext. 7007 e. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1 mysql Attribute
On Thu, Feb 28, 2008 at 05:08:46PM -0500, Dustin Schuemann wrote: Im working with dialup provider that is acting as the nas and they are authenticating off my radius server. Authentication works fine. They have this fastnet program that is supposed to make the internet faster. Attached is what they told me to do. I have added it to the dynamic group in mysql and the user is part of that group. But nothing. If you run your own radius server: VENDORATTR 7000 Slipstream-Auth 1 string There is a dictionary.slipstream file in FreeRADIUS 2.x. You could just use that file even if you are on FreeRADIUS 1.x. Just make sure to add the appropriated $INCLUDE to the primary dictionary file. -- Scott LambertKC5MLE Unix SysAdmin [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_mysql.so where do I locate this file and its associated files for CentOS to run freeRadius and MySQL
Hi, I am trying to build a radius with free radius 2.0.0 using MySql 4.1.2and I am getting the following errors rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[124]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[34]: Errors parsing authorize section. where do I locate this file With Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql.so where do I locate this file and its associated files for CentOS to run freeRadius and MySQL
johnson elangbam wrote: Hi, I am trying to build a radius with free radius 2.0.0 using MySql 4.1.2 and I am getting the following errors rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory This is in the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Don't work freeradius with MySQL.
hi, turn on the SQL debug logging in FreeRADIUS and see what the output of the SQl was alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Don't work freeradius with MySQL.
rad_recv: Access-Request packet from host 192.168.1.7:1119, id=0, length=44 User-Name = fred User-Password = wilma Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = fred, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 ==radius_xlat: '' ## modcall[authorize]: module sql returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 OK. You have done something to radiusd.conf and broken the configuration. Username should appear in there. Go back to the default configuration, only uncomment sql entries and try again. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Don't work freeradius with MySQL.
Hi dears, I install freeradius, MySQL on Ubuntu 7 and work correctly with file authentication, but where follow http://wiki.freeradius.org/SQL_HOWTO; instruction don't get any response. my output when run 'freeradius -x' are: Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail Module: Instantiated detail (detail) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Module: Loaded sql_log Module: Instantiated sql_log (sql_log) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. debug msg are: # rad_recv: Access-Request packet from host 192.168.1.7:1500, id=2, length=45 User-Name = fred CHAP-Password = 0xdd72a5e140beedbac0d9088eb9a4fb1bce rlm_chap: Setting 'Auth-Type := CHAP' rad_recv: Access-Request packet from host 192.168.1.7:1500, id=2, length=45 rad_recv: Access-Request packet from host 192.168.1.7:1500, id=2, length=45 # I add my client IP (192.168.1.7) on clients.conf and naslist and insert a record in nas table . I use NTRadPing for test FreeRadius. Why? -- Best Regards Rahmanian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Don't work freeradius with MySQL.
Debug with capital X == radiusd -X. Ivan Kalik Kalik Informatika ISP Dana 23/1/2008, mohsen rahmanian [EMAIL PROTECTED] piše: Hi dears, I install freeradius, MySQL on Ubuntu 7 and work correctly with file authentication, but where follow http://wiki.freeradius.org/SQL_HOWTO; instruction don't get any response. my output when run 'freeradius -x' are: Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail Module: Instantiated detail (detail) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Module: Loaded sql_log Module: Instantiated sql_log (sql_log) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. debug msg are: # rad_recv: Access-Request packet from host 192.168.1.7:1500, id=2, length=45 User-Name = fred CHAP-Password = 0xdd72a5e140beedbac0d9088eb9a4fb1bce rlm_chap: Setting 'Auth-Type := CHAP' rad_recv: Access-Request packet from host 192.168.1.7:1500, id=2, length=45 rad_recv: Access-Request packet from host 192.168.1.7:1500, id=2, length=45 # I add my client IP (192.168.1.7) on clients.conf and naslist and insert a record in nas table . I use NTRadPing for test FreeRadius. Why? -- Best Regards Rahmanian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Don't work freeradius with MySQL.
): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): starting 4
rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
rlm_sql_mysql: Starting connect to MySQL server for #4
rlm_sql (sql): Connected new DB handle, #4
rlm_sql (sql): - generate_sql_clients
rlm_sql (sql): Query: SELECT * FROM nas
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT * FROM nas
rlm_sql (sql): Read entry nasname=192.168.1.7,shortname=myNAS,secret=test
rlm_sql (sql): Adding client 192.168.1.7 (myNAS) to clients list
rlm_sql (sql): Released sql socket id: 4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = /var/log/freeradius/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
*
receive client request output:*
rad_recv: Access-Request packet from host 192.168.1.7:1119, id=0, length=44
User-Name = fred
User-Password = wilma
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = fred, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 0
radius_xlat: ''
modcall[authorize]: module sql returns fail for request 0
modcall: leaving group authorize (returns fail) for request 0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 0 with timestamp 47980e3a
Nothing to do. Sleeping until we see a request.
2008/1/23 [EMAIL PROTECTED]:
Debug with capital X == radiusd -X.
Ivan Kalik
Kalik Informatika ISP
Dana 23/1/2008, mohsen rahmanian [EMAIL PROTECTED] piše:
Hi dears,
I install freeradius, MySQL on Ubuntu 7 and work correctly with file
authentication, but where follow http://wiki.freeradius.org/SQL_HOWTO;
instruction don't get any response. my output when run 'freeradius -x'
are:
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded eap
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded SQL
rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB handle, #1
rlm_sql (sql): starting 2
rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
rlm_sql_mysql: Starting connect to MySQL server for #2
rlm_sql (sql): Connected new DB handle, #2
rlm_sql (sql): starting 3
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
Re: data limit in Mikrotik with Freeradius and Mysql
Hi iam trying to achive the same any inputs ram On 9/20/07, ravi sawant [EMAIL PROTECTED] wrote: Hi Does anyone have solution for limiting users with data traffic. I have working setup of Mikrotik with freeradius and mysql. Have searched on net and found one solution but I can put limit to max 4 GB data. After 4 GB the counter resets to 0. I know the reason of that. It's b'coz of the values stored in protocol are 32 bits only. Awaiting your reply. Thanks Regards, Ravin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: data limit in Mikrotik with Freeradius and Mysql
On Fri, 2007-09-21 at 22:18 +0530, ram wrote: Hi iam trying to achive the same any inputs ram Have you tried using ; Acct-Input-Gigawords and Acct-Output-Gigawords instead of ; Acct-Input-Octets and Acct-Output-Octets in the counter calculations ? On 9/20/07, ravi sawant [EMAIL PROTECTED] wrote: Hi Does anyone have solution for limiting users with data traffic. I have working setup of Mikrotik with freeradius and mysql. Have searched on net and found one solution but I can put limit to max 4 GB data. After 4 GB the counter resets to 0. I know the reason of that. It's b'coz of the values stored in protocol are 32 bits only. Awaiting your reply. Thanks Regards, Ravin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
data limit in Mikrotik with Freeradius and Mysql
Hi Does anyone have solution for limiting users with data traffic. I have working setup of Mikrotik with freeradius and mysql. Have searched on net and found one solution but I can put limit to max 4 GB data. After 4 GB the counter resets to 0. I know the reason of that. It's b'coz of the values stored in protocol are 32 bits only. Awaiting your reply. Thanks Regards, Ravin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: data limit in Mikrotik with Freeradius and Mysql
Upgrade to 1.1.7 or: http://www.netexpertise.eu/en/FreeRadius/GigaWordsSupport.html Ivan Kalik Kalik Informatika ISP Dana 20/9/2007, ravi sawant [EMAIL PROTECTED] piše: Hi Does anyone have solution for limiting users with data traffic. I have working setup of Mikrotik with freeradius and mysql. Have searched on net and found one solution but I can put limit to max 4 GB data. After 4 GB the counter resets to 0. I know the reason of that. It's b'coz of the values stored in protocol are 32 bits only. Awaiting your reply. Thanks Regards, Ravin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange behaviour of rlm_chap (freeradius 1.1.7+mysql)
Hi, Hello? Is there anybody out there? Can someone who knows how CHAP works please explain to me how this could be happening? Does a CHAP challenge time-out after a certain amount of time? Does the rlm_chap module hold a copy of old CHAP challenge's and prevent the same one being re-used to stop replay attacks? If so how do I switch this off? Anyone? Anything? Dan... Thursday, August 30, 2007, 3:08:16 PM, you wrote: Hi, I've been running a free radius server for a while now, but today for no apparent reason I'm getting a lot of intermittent authentication failures using the rlm_chap module. Here's a trace of two login's the first works fine, the second a few moments later fails, the username and password supplied in both cases are correct and exactly the same. Can anyone shed any light on this? I've tried rebuilding the mysql database from scratch, and recompiling and installing the radius server, but to no avail... rad_recv: Access-Request packet from host 81.178.20.107:1024, id=25, length=204 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 00:14:A4:87:DF:FF Called-Station-Id = rural-ap1 NAS-Port-Id = wlan2 User-Name = [EMAIL PROTECTED] NAS-Port = 2149580817 Acct-Session-Id = 80200011 Framed-IP-Address = 10.5.50.254 Mikrotik-Host-IP = 10.5.50.254 CHAP-Challenge = 0xx[removed] CHAP-Password = 0xx[removed] Service-Type = Login-User WISPr-Logoff-URL = http://10.5.50.1/logout; NAS-Identifier = rural-ap1 NAS-IP-Address = 10.0.0.249 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 3 users: Matched entry DEFAULT at line 54 radius_xlat: '/usr/local/bin/mtauth.pl [EMAIL PROTECTED]' modcall[authorize]: module files returns ok for request 3 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module sql returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 3 rlm_chap: login attempt by [EMAIL PROTECTED] with CHAP password rlm_chap: Using clear text password xxx for user [EMAIL PROTECTED] authentication. rlm_chap: chap user [EMAIL PROTECTED] authenticated succesfully modcall[authenticate]: module chap returns ok for request 3 modcall: leaving group CHAP (returns ok) for request 3 Exec-Program output: Session-Timeout=1173, Mikrotik-Xmit-Limit=1073222818, Mikrotik-Recv-Limit=1073515121, Exec-Program-Wait: value-pairs: Session-Timeout=1173, Mikrotik-Xmit-Limit=1073222818, Mikrotik-Recv-Limit=1073515121, Exec-Program: returned: 0 Sending
Re: Strange behaviour of rlm_chap (freeradius 1.1.7+mysql)
And how can anyone help? You have deleted the most relevant parts of the debug (CHAP attributes and the password, which, according to the server, are not the same in both cases). If you don't want to use data from a real user, create a test one and post that. Ivan Kalik Kalik Informatika ISP Dana 6/9/2007, Dan Searle [EMAIL PROTECTED] piše: Hi, Hello? Is there anybody out there? Can someone who knows how CHAP works please explain to me how this could be happening? Does a CHAP challenge time-out after a certain amount of time? Does the rlm_chap module hold a copy of old CHAP challenge's and prevent the same one being re-used to stop replay attacks? If so how do I switch this off? Anyone? Anything? Dan... Thursday, August 30, 2007, 3:08:16 PM, you wrote: Hi, I've been running a free radius server for a while now, but today for no apparent reason I'm getting a lot of intermittent authentication failures using the rlm_chap module. Here's a trace of two login's the first works fine, the second a few moments later fails, the username and password supplied in both cases are correct and exactly the same. Can anyone shed any light on this? I've tried rebuilding the mysql database from scratch, and recompiling and installing the radius server, but to no avail... rad_recv: Access-Request packet from host 81.178.20.107:1024, id=25, length=204 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 00:14:A4:87:DF:FF Called-Station-Id = rural-ap1 NAS-Port-Id = wlan2 User-Name = [EMAIL PROTECTED] NAS-Port = 2149580817 Acct-Session-Id = 80200011 Framed-IP-Address = 10.5.50.254 Mikrotik-Host-IP = 10.5.50.254 CHAP-Challenge = 0xx[removed] CHAP-Password = 0xx[removed] Service-Type = Login-User WISPr-Logoff-URL = http://10.5.50.1/logout; NAS-Identifier = rural-ap1 NAS-IP-Address = 10.0.0.249 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 3 users: Matched entry DEFAULT at line 54 radius_xlat: '/usr/local/bin/mtauth.pl [EMAIL PROTECTED]' modcall[authorize]: module files returns ok for request 3 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module sql returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 3 rlm_chap: login attempt by [EMAIL PROTECTED] with CHAP password rlm_chap: Using clear text password xxx for user [EMAIL PROTECTED] authentication. rlm_chap: chap user [EMAIL PROTECTED] authenticated succesfully modcall[authenticate]: module chap returns ok for request 3 modcall:
Re[2]: Strange behaviour of rlm_chap (freeradius 1.1.7+mysql)
Hi, I can assure you the password is exactly the same in both cases. I'll try and setup a test user later on and post the results. But the passwords in the two traces I posted below were the same. Dan... Thursday, September 6, 2007, 10:47:34 AM, you wrote: And how can anyone help? You have deleted the most relevant parts of the debug (CHAP attributes and the password, which, according to the server, are not the same in both cases). If you don't want to use data from a real user, create a test one and post that. Ivan Kalik Kalik Informatika ISP Dana 6/9/2007, Dan Searle [EMAIL PROTECTED] piše: Hi, Hello? Is there anybody out there? Can someone who knows how CHAP works please explain to me how this could be happening? Does a CHAP challenge time-out after a certain amount of time? Does the rlm_chap module hold a copy of old CHAP challenge's and prevent the same one being re-used to stop replay attacks? If so how do I switch this off? Anyone? Anything? Dan... Thursday, August 30, 2007, 3:08:16 PM, you wrote: Hi, I've been running a free radius server for a while now, but today for no apparent reason I'm getting a lot of intermittent authentication failures using the rlm_chap module. Here's a trace of two login's the first works fine, the second a few moments later fails, the username and password supplied in both cases are correct and exactly the same. Can anyone shed any light on this? I've tried rebuilding the mysql database from scratch, and recompiling and installing the radius server, but to no avail... rad_recv: Access-Request packet from host 81.178.20.107:1024, id=25, length=204 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 00:14:A4:87:DF:FF Called-Station-Id = rural-ap1 NAS-Port-Id = wlan2 User-Name = [EMAIL PROTECTED] NAS-Port = 2149580817 Acct-Session-Id = 80200011 Framed-IP-Address = 10.5.50.254 Mikrotik-Host-IP = 10.5.50.254 CHAP-Challenge = 0xx[removed] CHAP-Password = 0xx[removed] Service-Type = Login-User WISPr-Logoff-URL = http://10.5.50.1/logout; NAS-Identifier = rural-ap1 NAS-IP-Address = 10.0.0.249 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 3 users: Matched entry DEFAULT at line 54 radius_xlat: '/usr/local/bin/mtauth.pl [EMAIL PROTECTED]' modcall[authorize]: module files returns ok for request 3 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 0 modcall[authorize]: module sql returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 3 rlm_chap: login attempt by
Re[4]: Strange behaviour of rlm_chap (freeradius 1.1.7+mysql)
Hi, No, again I can assure you that the same password is sent in both cases, and it matches the password on the server (stored in clear text). Thursday, September 6, 2007, 11:04:12 AM, you wrote: Password on the server is most likely the same. Password sent most likely isn't. Ivan Kalik Kalik Informatika ISP Dana 6/9/2007, Dan Searle [EMAIL PROTECTED] piše: Hi, I can assure you the password is exactly the same in both cases. I'll try and setup a test user later on and post the results. But the passwords in the two traces I posted below were the same. Dan... Thursday, September 6, 2007, 10:47:34 AM, you wrote: And how can anyone help? You have deleted the most relevant parts of the debug (CHAP attributes and the password, which, according to the server, are not the same in both cases). If you don't want to use data from a real user, create a test one and post that. Ivan Kalik Kalik Informatika ISP Dana 6/9/2007, Dan Searle [EMAIL PROTECTED] piše: Hi, Hello? Is there anybody out there? Can someone who knows how CHAP works please explain to me how this could be happening? Does a CHAP challenge time-out after a certain amount of time? Does the rlm_chap module hold a copy of old CHAP challenge's and prevent the same one being re-used to stop replay attacks? If so how do I switch this off? Anyone? Anything? Dan... Thursday, August 30, 2007, 3:08:16 PM, you wrote: Hi, I've been running a free radius server for a while now, but today for no apparent reason I'm getting a lot of intermittent authentication failures using the rlm_chap module. Here's a trace of two login's the first works fine, the second a few moments later fails, the username and password supplied in both cases are correct and exactly the same. Can anyone shed any light on this? I've tried rebuilding the mysql database from scratch, and recompiling and installing the radius server, but to no avail... rad_recv: Access-Request packet from host 81.178.20.107:1024, id=25, length=204 NAS-Port-Type = Wireless-802.11 Calling-Station-Id = 00:14:A4:87:DF:FF Called-Station-Id = rural-ap1 NAS-Port-Id = wlan2 User-Name = [EMAIL PROTECTED] NAS-Port = 2149580817 Acct-Session-Id = 80200011 Framed-IP-Address = 10.5.50.254 Mikrotik-Host-IP = 10.5.50.254 CHAP-Challenge = 0xx[removed] CHAP-Password = 0xx[removed] Service-Type = Login-User WISPr-Logoff-URL = http://10.5.50.1/logout; NAS-Identifier = rural-ap1 NAS-IP-Address = 10.0.0.249 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 3 users: Matched entry DEFAULT at line 54 radius_xlat: '/usr/local/bin/mtauth.pl [EMAIL PROTECTED]' modcall[authorize]: module files returns ok for request 3 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 0 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER
Re: Strange behaviour of rlm_chap (freeradius 1.1.7+mysql)
Dan Searle wrote: Hello? Is there anybody out there? Are you going to read previous responses on this list? http://lists.freeradius.org/pipermail/freeradius-users/2007-August/065807.html Can someone who knows how CHAP works please explain to me how this could be happening? See the previous message. Does a CHAP challenge time-out after a certain amount of time? Does the rlm_chap module hold a copy of old CHAP challenge's and prevent the same one being re-used to stop replay attacks? No, and no. Try it using radclient. Take the attributes printed out in debugging mode from the Access-Request, and put them into a file. Replace the CHAP-Password hex stuff with the real password (radclient will do the CHAP hashing). Use radclient to send the packet to the server... multiple times a) you see the same thing: bad RAM or memory corruption b) radclient always works: throw away your NAS and buy one that works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange behaviour of rlm_chap (freeradius 1.1.7+mysql)
Dan Searle wrote: Here's a trace of two login's the first works fine, the second a few moments later fails, the username and password supplied in both cases are correct and exactly the same. Can anyone shed any light on this? I've tried rebuilding the mysql database from scratch, and recompiling and installing the radius server, but to no avail... (a) bad RAM on the server (b) other memory corruption in the RADIUS daemon process (c) a buggy NAS Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Yeahh!!! Openser + Freeradius + CDRTool + MySQL + Freeradius-CDRTool python module almost working
Thanks Dan!! I have successfully compiled freeradius 1.1.6 with the rlm_python compiled statically! So the freeradius-cdrtool module works!! My problem is that is cannot find the destination whereas it's in the Canonical-URI, so that with To=None, it cannot calculate the max session time But in the radacct database, there is the Canonical-URI A Parsing problem? Stange, I don't know where to search for it Aug 23 16:57:23 sd-7501 CDRTool[20011]: MaxSessionTime [EMAIL PROTECTED] To=None Duration=7200 Lock=1 Aug 23 16:57:23 sd-7501 CDRTool[20011]: Load last minute: 5 calls @ 0.04 cps, memory: 10.13 MB Aug 23 16:57:23 sd-7501 CDRTool[20011]: Call to none, no limit imposed Aug 23 16:57:23 sd-7501 CDRTool[20011]: GetBalance [EMAIL PROTECTED] Aug 23 16:57:23 sd-7501 CDRTool[20011]: Customer: [EMAIL PROTECTED] Aug 23 16:57:23 sd-7501 CDRTool[20011]: Balance : 1000. Aug 23 16:57:23 sd-7501 CDRTool[20011]: MaxSessionTime [EMAIL PROTECTED] To=None Duration=7200 Lock=1 Aug 23 16:57:23 sd-7501 CDRTool[20011]: Call to none, no limit imposed Aug 23 16:57:23 sd-7501 CDRTool[20011]: GetBalance [EMAIL PROTECTED] Aug 23 16:57:23 sd-7501 CDRTool[20011]: Customer: [EMAIL PROTECTED] Aug 23 16:57:23 sd-7501 CDRTool[20011]: Balance : 1000. Aug 23 16:57:24 sd-7501 CDRTool[20011]: MaxSessionTime [EMAIL PROTECTED] To=None Duration=7200 Lock=1 Aug 23 16:57:24 sd-7501 CDRTool[20011]: Call to none, no limit imposed Aug 23 16:57:24 sd-7501 CDRTool[20011]: GetBalance [EMAIL PROTECTED] Aug 23 16:57:24 sd-7501 CDRTool[20011]: Customer: [EMAIL PROTECTED] Aug 23 16:57:24 sd-7501 CDRTool[20011]: Balance : 1000. Aug 23 16:57:45 sd-7501 CDRTool[20011]: DebitBalance From=None To=sip:[EMAIL PROTECTED]:5060;user=phone Duration=0 Aug 23 16:57:45 sd-7501 CDRTool[20011]: Warning: Account none is not prepaid rad_recv: Accounting-Request packet from host 127.0.0.1:59701, id=79, length=318 Acct-Status-Type = Failed Service-Type = Sip-Session Sip-Response-Code = 487 Sip-Method = INVITE Event-Timestamp = Aug 23 2007 16:51:33 CEST Sip-From-Tag = c0a80101-29f6f83 Sip-To-Tag = c0a80101-29f6daa Acct-Session-Id = [EMAIL PROTECTED] Sip-Src-IP = 81.57.0.22 Sip-Src-Port = 62854 Canonical-URI = sip:[EMAIL PROTECTED]:5060;user=phone Billing-Party = sip:[EMAIL PROTECTED]:5060;user=phone SIP-Proxy-IP = 88.191.45.91 User-Agent = THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4 NAS-Port = 5060 Acct-Delay-Time = 0 NAS-IP-Address = 127.0.0.1 Processing the preacct section of radiusd.conf Dan-Cristian Bogos a écrit : Marc, try this (as I have written in freeradius list) - should work fine if u follow the exact steps. I am compiling it statically since this was the building policy recommended by developers: 1. Grab the sources and unpack them (1.1.7 version) 2. After unpacking, run from within the source folder: ./configure --with-static-modules=python make 3. Your make will stop here: libtool: link: cannot find the library `../modules/rlm_python/rlm_python.la' or unhandled argument `../modules/rlm_python/rlm_python.la' 4. Go into ./src/modules/rlm_python 5. run ./configure + make + make install 6. Go back to root of sources and run again make + make install. Hope that will do, DanB On 8/23/07, Marc LEURENT [EMAIL PROTECTED] wrote: I'm receiving freeradius-users@lists.freeradius.org Did you sent it there? I have posted some message there and some developpers said that rlm_python shouldn't be compiled statically... And that I should use the experimental module option. So I don't know what to do in order to get your module working PS: I have tested it in console with python directly, Congratulations!! It works perfectly Dan-Cristian Bogos a écrit : SOLVED, check the freeradius list, I have posted there the solution. DanB On 8/23/07, Marc LEURENT [EMAIL PROTECTED] wrote: I have copied the missing radpaths.h from 1.1.7 source, but there is still an error! (libradius.la) Why is ir so important de compile de python module statically?? Can we compile the experimental modules?? rlm_python.c: At top level: rlm_python.c:244: warning: function declaration isn't a prototype rlm_python.c: In function 'python_load_function': rlm_python.c:456: warning: passing argument 2 of 'PyObject_GetAttrString' discards qualifiers from pointer target type gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I/home/mleurent/freeradius/official/freeradius-1.1.6/src/include -I/usr/include/python2.4 -c rlm_python.c -o rlm_python.o /dev/null 21 /home/mleurent/freeradius/official/freeradius-1.1.6/libtool --mode=link
RE: freeradius and mysql
You have posted the beginning of the error statement (which is irrelevant) and left out the most important bit that comes after: Check the manual that corresponds to your MySQL server version for the right syntax to use near Script provided with the server doesn't have any errors. You have done something to it. You should also post the lines just before the line with the error (including the line with the error). Ivan Kalik Kalik Informatika ISP Dana 5/8/2007, zahra bahar [EMAIL PROTECTED] piše: yes I had mistake in writing.I used # mysql -u root -p mysql.sql but it has that error. [EMAIL PROTECTED] wrote: USE : # mysql -u root -p mysql.sql NOT : # mysql -u root -p mysql.sql By; -Message d'origine- De :[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]la part de zahra bahar Envoyé : samedi 4 aoűt 200706:05 Ŕ : FreeRadius users mailing list Objet :Re: freeradius and mysql I send the error in my email.this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED]wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar piše: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Joinour Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
yes I had mistake in writing.I used # mysql -u root -p mysql.sql but it has that error. [EMAIL PROTECTED] wrote: USE : # mysql -u root -p mysql.sql NOT : # mysql -u root -p mysql.sql By; -Message d'origine- De :[EMAIL PROTECTED][mailto:[EMAIL PROTECTED]la part de zahra bahar Envoyé : samedi 4 août 200706:05 À : FreeRadius users mailing list Objet :Re: freeradius and mysql I send the error in my email.this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED]wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Joinour Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Be a better Heartthrob. Get better relationship answers from someone who knows. Yahoo! Answers - Check it out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Shape Yahoo! in your own image. Join our Network Research Panel today!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
USE : # mysql -u root -p mysql.sql NOT : # mysql -u root -p mysql.sql By; -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de zahra bahar Envoyé : samedi 4 août 2007 06:05 À : FreeRadius users mailing list Objet : Re: freeradius and mysql I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Shape Yahoo! in your own image. Join our Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
Sorry, USE : # mysql -u root -p radius mysql.sql and not : # mysql -u root -p mysql.sql -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de zahra bahar Envoyé : samedi 4 août 2007 06:05 À : FreeRadius users mailing list Objet : Re: freeradius and mysql I send the error in my email. this error is: ERROR 1064(42000) at line 1:you have an error in your sql syntax,.. [EMAIL PROTECTED] wrote: And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar pi¹e: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Shape Yahoo! in your own image. Join our Network Research Panel today! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
On Wed 01 Aug 2007, zahra bahar wrote: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: You are using the wrong pipe.. Use instead ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. http://wiki.freeradius.org/SQL_HOWTO -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and mysql
Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
# mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. You want to feed the commands from the file mysql.sql to the mysql command? Then you must use , not . I.e.: mysql -u root -p mysql.sql Also, IIRC the mysql.sql script does only create the tables, not the database itself. So, first create a database called radius, and then make your client use this database to execute the commands: mysql -u root -p radius mysql.sql Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 signature.asc Description: This is a digitally signed message part. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql
And the error is? Ivan Kalik Kalik Informatika ISP Dana 1/8/2007, zahra bahar [EMAIL PROTECTED] piše: Hi I am new in radius, I want to use sql for accounting in freeradius. for creating tables of radius I use # mysql -u root -p mysql.sql after entering password there is this error: ERROR 1064(42000) at line 1:you have an error in your sql syntax,... use the ql.sal rlm_sql Freeradius sql module. I don't know the reason of this error. - Ready for the edge of your seat? Check out tonight's top picks on Yahoo! TV. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius and mysql
jose a. zúñiga said I need a tutorial in order to connect freeradius and mysql It kind of depends on what you want to do with the MySQL: Authenticate? Handle per-user check/return attributes? Handle per-group check/return attributes? Accounting? Dynamic IP assignment? Whatever your requirements, I would recommend waiting a few days. Version 1.1.7 is in the process of being released, and there is an effort underway to get the MySQL version of the various queries whipped into shape, and the schema modified slighty. I'm testing some of the changes this weekend. I'd be happy to help you out with the MySQL stuff once 1.1.7 is out. jose a. -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and mysql
Hi: I need a tutorial in order to connect freeradius and mysql thanks jose a. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-1.1.6 - mysql failover issue - bus error -
Hi all,
I'm setting up module fail-over for mysql backend following the guide from the
wiki, but something goes wrong.
I included two sql.conf (mysql1.conf and mysql2.conf) in the modules section
and radiusd -X reports the two files are included, but I only see the
parameters from the first file get loaded and everything stops with bus error
when trying to connect to the server.
I checked name resolution, mysql user/password, network reachability and
everything it's ok.
I also set a tcpdump session on mysql1 but no packets for mysql are coming in.
Then I straced radiusd execution and I noticed it fails after reading
/etc/hosts (?!?).
Here's the relevant output from radiusd -X:
Module: Loaded SQL
sql: driver = rlm_sql_mysql
sql: server = mysql1.satcom.it
sql: port = 3306
sql: login = radius
sql: password = radius
sql: radius_db = radius
sql: nas_table = nas
sql: sqltrace = no
sql: sqltracefile = /var/log/freeradius/sqltrace.sql
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 100
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
sql: query_on_not_found = no
sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id
sql: authorize_group_check_query = SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
sql: authorize_group_reply_query = SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}'
AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S'
sql: accounting_update_query = UPDATE radacct ? SET FramedIPAddress =
'%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ?
AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets =
'%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND
UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}'
sql: accounting_update_query_alt = INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}',
'%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0})
SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0')
sql: accounting_start_query = INSERT into radacct (AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0',
'%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')
sql: accounting_start_query_alt = UPDATE radacct SET AcctStartTime = '%S',
AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}'
WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}'
sql: accounting_stop_query = UPDATE radacct SET AcctStopTime = '%S',
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId
= '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress =
'%{NAS-IP-Address}'
sql: accounting_stop_query_alt =
R: freeradius-1.1.6 - mysql failover issue - bus error -
Hi all,
further investigations show that it's a name resolution problem (if I put IP
addresses in mysql1.conf and mysql2.conf everything works fine).
So it doesn't seem to be a FR problem.
Regards,
Francesco Cristofori.
-Messaggio originale-
Da:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
freeradius
.org]Per conto di Francesco Cristofori
Inviato: martedì 3 luglio 2007 9.54
A: freeradius-users@lists.freeradius.org
Oggetto: freeradius-1.1.6 - mysql failover issue - bus error -
Hi all,
I'm setting up module fail-over for mysql backend following
the guide from the wiki, but something goes wrong.
I included two sql.conf (mysql1.conf and mysql2.conf) in the
modules section and radiusd -X reports the two files are
included, but I only see the parameters from the first file
get loaded and everything stops with bus error when trying
to connect to the server.
I checked name resolution, mysql user/password, network
reachability and everything it's ok.
I also set a tcpdump session on mysql1 but no packets for
mysql are coming in.
Then I straced radiusd execution and I noticed it fails after
reading /etc/hosts (?!?).
Here's the relevant output from radiusd -X:
Module: Loaded SQL
sql: driver = rlm_sql_mysql
sql: server = mysql1.satcom.it
sql: port = 3306
sql: login = radius
sql: password = radius
sql: radius_db = radius
sql: nas_table = nas
sql: sqltrace = no
sql: sqltracefile = /var/log/freeradius/sqltrace.sql
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 100
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
sql: query_on_not_found = no
sql: authorize_check_query = SELECT
id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'%{SQL-User-Name}' ORDER BY id
sql: authorize_reply_query = SELECT
id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'%{SQL-User-Name}' ORDER BY id
sql: authorize_group_check_query = SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribu
te,radgroupcheck.Value,radgroupcheck.op FROM
radgroupcheck,usergroup WHERE usergroup.Username =
'%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
sql: authorize_group_reply_query = SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribu
te,radgroupreply.Value,radgroupreply.op FROM
radgroupreply,usergroup WHERE usergroup.Username =
'%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
sql: accounting_onoff_query = UPDATE radacct SET
AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') -
unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}' WHERE AcctSessionTime=0 AND
AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStartTime = '%S'
sql: accounting_update_query = UPDATE radacct ? SET
FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime =
'%{Acct-Session-Time}', ? AcctInputOctets =
'%{Acct-Input-Octets}', ? AcctOutputOctets =
'%{Acct-Output-Octets}' ? WHERE AcctSessionId =
'%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ?
AND NASIPAddress= '%{NAS-IP-Address}'
sql: accounting_update_query_alt = INSERT into radacct
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
NASPortId, NASPortType, AcctStartTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL
(%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND),
'%{Acct-Session-Time}', '%{Acct-Authentic}', '',
'%{Acct-Input-Octets}', '%{Acct-Output-Octets}',
'%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0')
sql: accounting_start_query = INSERT into radacct
(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress,
NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start,
ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay,
AcctStopDelay) values('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S',
'0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0',
'0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0')
sql: accounting_start_query_alt = UPDATE radacct SET
AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time
Freeradius and MySQL problem!!!
Dear all, I have been using freeradius properly configured with mysql for some time now. However it suddenly stopped working. What more, I upgraded to the 1.6 version, and now when I run radiusd -X, it doesn't even show that its tied in with the MySQL database... Can anyone please help me? I have done all the right things i.e. sql in radius.conf, but its not tying in with the mysql database. Am I missing anything obvious ??? Thanks Al - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
