Re: RADGROUPREPLY QUERY NOT EXECUTED
On Mon, Sep 10, 2012 at 12:33 AM, Mada wrote: > > Have tried several version builds on Centos 5.x - currently using FR 2.1.12 > > rlm_mysql stops after the group check query and does not execute the group > reply query. > > 19:00:43 2012 : Info: [sql] expand: SELECT id, username, attribute, value, > op FROM radreply > Sun Sep 9 19:00:43 2012 : Info: [sql] expand: SELECT groupname FROM > usergroup > Sun Sep 9 19:00:43 2012 : Info: [sql] expand: SELECT id, groupname, > attribute,Value, op FROM radgroupcheck > Sun Sep 9 19:00:43 2012 : Debug: rlm_sql (sql): Released sql socket id: 4 > > Queries are listed during module instantiation and queries work when run > manually. Have seen similar unresolved thread. I'm guessing you keep all the config files from the old versions, instead of using fresh config and modify-as-necessary? What's the value of "read_groups" in sql.conf (or whatever file contains your sql module instance)? Have you tried explicitly setting it to "yes"? -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADGROUPREPLY QUERY NOT EXECUTED
On 9 Sep 2012, at 20:39, Arran Cudbard-Bell wrote: > > On 9 Sep 2012, at 18:33, Mada wrote: > >> >> Have tried several version builds on Centos 5.x - currently using FR 2.1.12 >> >> rlm_mysql stops after the group check query and does not execute the group >> reply query. >> >> 19:00:43 2012 : Info: [sql] expand: SELECT id, username, attribute, value, >> op FROM radreply >> Sun Sep 9 19:00:43 2012 : Info: [sql] expand: SELECT groupname FROM >> usergroup >> Sun Sep 9 19:00:43 2012 : Info: [sql] expand: SELECT id, groupname, >> attribute,Value, op FROM radgroupcheck >> Sun Sep 9 19:00:43 2012 : Debug: rlm_sql (sql): Released sql socket id: 4 >> >> Queries are listed during module instantiation and queries work when run >> manually. Have seen similar unresolved thread. > > Um weird... > > Don't suppose you want to build with 3.0 and see if the problem still exists? > :) > > I'll check the code for something obvious. Wait... your query strings are massively truncated? -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADGROUPREPLY QUERY NOT EXECUTED
On 9 Sep 2012, at 18:33, Mada wrote: > > Have tried several version builds on Centos 5.x - currently using FR 2.1.12 > > rlm_mysql stops after the group check query and does not execute the group > reply query. > > 19:00:43 2012 : Info: [sql] expand: SELECT id, username, attribute, value, > op FROM radreply > Sun Sep 9 19:00:43 2012 : Info: [sql] expand: SELECT groupname FROM > usergroup > Sun Sep 9 19:00:43 2012 : Info: [sql] expand: SELECT id, groupname, > attribute,Value, op FROM radgroupcheck > Sun Sep 9 19:00:43 2012 : Debug: rlm_sql (sql): Released sql socket id: 4 > > Queries are listed during module instantiation and queries work when run > manually. Have seen similar unresolved thread. Um weird... Don't suppose you want to build with 3.0 and see if the problem still exists? :) I'll check the code for something obvious. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADGROUPREPLY QUERY NOT EXECUTED
Works fine for me... All centos versions, all FR versions since 1.1.3... On 9/9/2012 7:33 PM, Mada wrote: Have tried several version builds on Centos 5.x - currently using FR 2.1.12 rlm_mysql stops after the group check query and does not execute the group reply query. 19:00:43 2012 : Info: [sql] expand: SELECT id, username, attribute, value, op FROM radreply Sun Sep 9 19:00:43 2012 : Info: [sql] expand: SELECT groupname FROM usergroup Sun Sep 9 19:00:43 2012 : Info: [sql] expand: SELECT id, groupname, attribute,Value, op FROM radgroupcheck Sun Sep 9 19:00:43 2012 : Debug: rlm_sql (sql): Released sql socket id: 4 Queries are listed during module instantiation and queries work when run manually. Have seen similar unresolved thread. Greatly appreciate any help. Thanks Message sent using DataCom.MW 1.2.0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply issue with freeradius,mysql and daloradius
Hello again. Forget about this post. I found it. From the debug. Seems it was checking for radusergroup instead of usergroup... Sorry. Regards M -- View this message in context: http://www.nabble.com/radgroupreply-issue-with-freeradius%2Cmysql-and-daloradius-tp24184189p24184245.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Arlinelson Fernandes dos Santos wrote: > The pre1 version is buggy!!! Yes... which is why 2.0.0 was released. > Now, I'm working to solver this: rlm_acct_unique: WARNING: Attribute > Client-IP-Address was not found in request, unique ID MAY be inconsistent Grab the latest version from CVS. It has this issue fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Thank'sAlan DeKok!The pre1 version is buggy!!!I did install the final version like you said and all works fine!Now, I'm working to solver this: rlm_acct_unique: WARNING: Attribute Client-IP-Address was not found in request, unique ID MAY be inconsistentIf I release Client-IP-Address to Fremed-IP-Address in acct_unique session (radiusd.conf) the warning stop and unique session appers fine. But, I know this not the solution. I'm reading the wiki.freeradius.org to know how to solver. Arlinelson Fernandes dos Santos wrote: > If you are using the freeradius version 2.0.0-pre1Please upgrade to 2.0.0. It is *much* better. 2.0.0-pre1 is horrible in comparison to the final release.Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Acelerador POP Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É grátis, pegue já o seu. http://www.pop.com.br/acelerador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Arlinelson Fernandes dos Santos wrote: > If you are using the freeradius version 2.0.0-pre1 Please upgrade to 2.0.0. It is *much* better. 2.0.0-pre1 is horrible in comparison to the final release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Oh my God!!! This problem is killing me!I back the original sql.conf and have no Auth-Type in radcheck and other no in tables too.I put := in Simultaneous-Use.I test the connection and no groups table was read. The radius log is the same.I did install freeradius in other server and do the same. No radgroupreply. If you are using the freeradius version 2.0.0-pre1 working with reply attributes to NAS (same mine), PLEASE!!! Send me the config files. I need to know what is buggy. OK, since that's correct I had a look at the debug. You are not doing group checking at all. You have done something to sql.conf to break it. Go back to the original sql.conf and just alter the connection details (user, pass, server). Leave rest as it is (we will sort out sumultaneous use later). Default configuration will do group checking. Remove Auth-Type from the radcheck table - let the server sort it out. Put := as an operator for Simultaneous-Use. Ivan Kalik Kalik Informatika ISP Dana 16/1/2008, "Arlinelson Fernandes dos Santos" pi¹e: >Sorry! I was writing this post and correcting the align spaces when press the >"e" for accident. In my usergroup is test-pap. thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Acelerador POP Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É grátis, pegue já o seu. http://www.pop.com.br/acelerador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
OK, since that's correct I had a look at the debug. You are not doing group checking at all. You have done something to sql.conf to break it. Go back to the original sql.conf and just alter the connection details (user, pass, server). Leave rest as it is (we will sort out sumultaneous use later). Default configuration will do group checking. Remove Auth-Type from the radcheck table - let the server sort it out. Put := as an operator for Simultaneous-Use. Ivan Kalik Kalik Informatika ISP Dana 16/1/2008, "Arlinelson Fernandes dos Santos" <[EMAIL PROTECTED]> piše: >Sorry! I was writing this post and correcting the align spaces when press the >"e" for accident. In my usergroup is test-pap. thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Sorry! I was writing this post and correcting the align spaces when press the
"e" for accident. In my usergroup is test-pap. thanks. There is a typo in usergroup table. Group is set as teste-pap, while other
tables have group test-pap. Ivan Kalik Kalik Informatika ISP Dana 15/1/2008, "Arlinelson Fernandes dos Santos"
pi¹e: >Don't take your ball, not good. ;) Here's
informations:##
>radcheck++---+++-+| >id |
UserName | Attribute > | op | Value
|++---+++-+| 3 | >test-pap
| Cleartext-Password | := | pw123
|++---+++-+##
>radreply++---+-++---+| id > |
UserName | Attribute > | op | Value
|++---+-++---+| 6 | >test-pap
| Upstream-Speed | = | 800 >|| 7 | test-pap | Downstream-Speed
| >= | 800
|++---+-++---+##
>radgroupcheck+++++---+| id |
GroupName| Attribute > | op | Value
|+++++---+| >5 |
f_pppoe_250k | Auth-Type > | = | PAP|| 6 | f_pppoe_250k
| >Simultaneous-Use | = | 1
|+++++---+ ##
>radgroupreply
>++--+---++--+| >id | GroupName| Attribute> | op |
>Value >
|++--+---++--+|
>13 | f_pppoe_250k | Framed-Protocol| = | >PPP
> || 14 | f_pppoe_250k | >Framed-MTU | = | >1492> || 15 | f_pppoe_250k |
>Framed-Compression | = | Van-Jacobsen-TCP-IP || 16 | f_pppoe_250k |
>Service-Type| = | >Framed-User
|+---++--++--+
>## radusergroup (same usergroup table in 1.3 version freeradius, I have both >tables) +---++--+ | UserName |
>GroupName| priority|
>+---++--+ | teste-pap | f_pppoe_250k
>|1| >+---++--+ ## radiusd
-X > rad_recv: Access-Request packet from host 7.7.7.1 port 32790,
id=163, >length=73 Service-Type >Framed-User
Framed-Protocol >PPP User-Name >"test-pap"
User-Password >= "pw123" NAS-IP-Address >=
NAS-Port = 0 >Processing the authorize section of radiusd.conf +-
entering group >authorize ++[preprocess] returns ok ++[chap] returns
noop >++[mschap] returns noop rlm_eap: No EAP-Message, not doing EAP >++[eap] returns noop radius_xlat: 'test-pap' rlm_sql (sql):
>sql_set_user escaped user --> 'test-pap' rlm_sql (sql): Reserving sql
>socket id: 3 radius_xlat: 'SELECT id, UserName, Attribute, Value, >op
FROM >radcheck WHERE Username >= 'test-pap'
ORDER BY >id' loading radcheck table ##
rlm_sql >(sql): User found in radcheck table radius_xlat: 'SELECT id,
UserName, >Attribute, Value, op >FROM radreply
WHERE >Username = 'test-pap' >ORDER BY id' ###
loading radreply table ## rlm_sql >(sql): Released sql socket
id: >3
> if found "Fall-Through = Yes" attribute, radgroupcheck is
loaded, >but not radgroupreply # ++[sql] returns ok
++[expiration] >returns noop ++[logintime] returns noop ++[pap] returns
updated >+- group authorize returns updated rad_check_password:
Found >Auth-Type auth: type "PAP" Processing the
authenticate >section of radiusd.conf +- entering group PAP rlm_pap: login
attempt >with password ngc0bqi rlm_pap: Using clear text password.
rlm_pap: User >authenticated successfully ++[pap] returns ok +- group PAP
returns >ok Processing the post-auth section of radiusd.conf +-
entering >group post-auth rlm_sql (sql): Processing sql_postauth rlm_sql
(sql): >sql_set_user escaped user --> 'test-pap' radius_xlat: 'INSERT
into >radpostauth (id, user, pass, reply, date) values ('', 'test-pap',
'ngc0bqi', >'Access-Accept', '2008-01-15 20:33:58')' rlm_sql (sql) in
sql_postauth: query >is INSERT into radpostauth (id, user, pass, reply,
date) values ('', 'test-pap', >'pw123', 'Access-Accept', '2008-01-15
20:33:58') rlm_sql (sql): Reserving sql >socket id: 2 rlm_sql (sql):
Released sql socket id: 2 ++[sql] returns >ok +- group post-auth returns
ok Sending Access-Accept of id 163 to >7.7.7.1 port 32790
# Here is >when radius server send "items reply" to
radiusclient ># Upstream-Speed >800
attribute in >radreply Downstream-Speed
>=
Re: radgroupreply do not read (read_grous directive)
There is a typo in usergroup table. Group is set as teste-pap, while
other tables have group test-pap.
Ivan Kalik
Kalik Informatika ISP
Dana 15/1/2008, "Arlinelson Fernandes dos Santos" <[EMAIL PROTECTED]>
piše:
>Don't take your ball, not good. ;) Here's informations:##
>radcheck++---+++-+|
>id | UserName | Attribute
> | op | Value
> |++---+++-+| 3 |
>test-pap | Cleartext-Password | := | pw123
>|++---+++-+##
>radreply++---+-++---+| id
> | UserName | Attribute
> | op | Value |++---+-++---+| 6 |
>test-pap | Upstream-Speed | = | 800
>|| 7 | test-pap | Downstream-Speed |
>= | 800 |++---+-++---+##
>radgroupcheck+++++---+| id |
>GroupName| Attribute
> | op | Value
> |+++++---+|
>5 | f_pppoe_250k | Auth-Type
> | = | PAP|| 6 | f_pppoe_250k |
>Simultaneous-Use | = | 1
>|+++++---+ ##
>radgroupreply
>++--+---++--+|
>id | GroupName| Attribute
> | op |
>Value
>
> |++--+---++--+|
>13 | f_pppoe_250k | Framed-Protocol| = |
>PPP
> || 14 | f_pppoe_250k |
>Framed-MTU | = |
>1492
> || 15 | f_pppoe_250k |
>Framed-Compression | = | Van-Jacobsen-TCP-IP || 16 | f_pppoe_250k |
>Service-Type| = |
>Framed-User
>|+---++--++--+
>## radusergroup (same usergroup table in 1.3 version freeradius, I have both
>tables) +---++--+ | UserName |
>GroupName| priority|
>+---++--+ | teste-pap | f_pppoe_250k
>|1|
>+---++--+ ## radiusd -X
> rad_recv: Access-Request packet from host 7.7.7.1 port 32790, id=163,
>length=73 Service-Type =
>Framed-User Framed-Protocol =
>PPP User-Name =
>"test-pap" User-Password
>= "pw123" NAS-IP-Address
>= NAS-Port = 0
>Processing the authorize section of radiusd.conf +- entering group
>authorize ++[preprocess] returns ok ++[chap] returns noop
>++[mschap] returns noop rlm_eap: No EAP-Message, not doing EAP
>++[eap] returns noop radius_xlat: 'test-pap' rlm_sql (sql):
>sql_set_user escaped user --> 'test-pap' rlm_sql (sql): Reserving sql
>socket id: 3 radius_xlat: 'SELECT id, UserName, Attribute, Value,
>op FROM
>radcheck WHERE Username
>= 'test-pap' ORDER BY
>id' loading radcheck table ## rlm_sql
>(sql): User found in radcheck table radius_xlat: 'SELECT id, UserName,
>Attribute, Value, op
>FROM radreply WHERE
>Username = 'test-pap'
>ORDER BY id' ### loading radreply table ## rlm_sql
>(sql): Released sql socket id:
>3
> if found "Fall-Through = Yes" attribute, radgroupcheck is loaded,
>but not radgroupreply # ++[sql] returns ok ++[expiration]
>returns noop ++[logintime] returns noop ++[pap] returns updated
>+- group authorize returns updated rad_check_password: Found
>Auth-Type auth: type "PAP" Processing the authenticate
>section of radiusd.conf +- entering group PAP rlm_pap: login attempt
>with password ngc0bqi rlm_pap: Using clear text password. rlm_pap: User
>authenticated successfully ++[pap] returns ok +- group PAP returns
>ok Processing the post-auth section of radiusd.conf +- entering
>group post-auth rlm_sql (sql): Processing sql_postauth rlm_sql (sql):
>sql_set_user escaped user --> 'test-pap' radius_xlat: 'INSERT into
>radpostauth (id, user, pass, reply, date) values ('', 'test-pap', 'ngc0bqi',
>'Access-Accept', '2008-01-15 20:33:58')' rlm_sql (sql) in sql_postauth: query
>is INSERT into radpostauth (id, user, pass, reply, date) values ('',
>'test-pap',
>'pw123', 'Access-Accept', '2008-01-15 20:33:58') rlm_sql (sql): Reserving sql
>socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns
>ok +- group post-auth returns ok Sending Access-Accept of id 163 to
>7.7.7.1 port 32790# Here is
>when radius server send "items reply" to radiusclient
># Upstream-Speed =
>800 attribute in
>radreply Downstream-Speed
>= 800 ## attribute in radreply Finished
>request 0 state 5 Going to the next request rad_recv:
>Accounting-Request packet from host 7.7.7.1 port 32790,
Re: radgroupreply do not read (read_grous directive)
Don't take your ball, not good. ;) Here's informations:##
radcheck++---+++-+|
id | UserName | Attribute
| op | Value |++---+++-+| 3 |
test-pap | Cleartext-Password | := | pw123 |++---+++-+##
radreply++---+-++---+| id
| UserName | Attribute
| op | Value |++---+-++---+| 6 |
test-pap | Upstream-Speed | = | 800
|| 7 | test-pap | Downstream-Speed |
= | 800 |++---+-++---+##
radgroupcheck+++++---+| id | GroupName | Attribute
| op | Value |+++++---+|
5 | f_pppoe_250k | Auth-Type
| = | PAP || 6 | f_pppoe_250k |
Simultaneous-Use | = | 1 |+++++---+ ##
radgroupreply
++--+---++--+|
id | GroupName | Attribute
| op |
Value
|++--+---++--+|
13 | f_pppoe_250k | Framed-Protocol | = |
PPP
|| 14 | f_pppoe_250k |
Framed-MTU | = |
1492
|| 15 | f_pppoe_250k |
Framed-Compression | = | Van-Jacobsen-TCP-IP || 16 | f_pppoe_250k |
Service-Type | = |
Framed-User |+---++--++--+
## radusergroup (same usergroup table in 1.3 version freeradius, I have both
tables) +---++--+ | UserName |
GroupName | priority |
+---++--+ | teste-pap | f_pppoe_250k
| 1 |
+---++--+ ## radiusd -X
rad_recv: Access-Request packet from host 7.7.7.1 port 32790, id=163,
length=73 Service-Type =
Framed-User Framed-Protocol =
PPP User-Name =
"test-pap" User-Password
= "pw123" NAS-IP-Address
= NAS-Port = 0
Processing the authorize section of radiusd.conf +- entering group
authorize ++[preprocess] returns ok ++[chap] returns noop
++[mschap] returns noop rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop radius_xlat: 'test-pap' rlm_sql (sql):
sql_set_user escaped user --> 'test-pap' rlm_sql (sql): Reserving sql
socket id: 3 radius_xlat: 'SELECT id, UserName, Attribute, Value,
op FROM
radcheck WHERE Username
= 'test-pap' ORDER BY
id' loading radcheck table ## rlm_sql
(sql): User found in radcheck table radius_xlat: 'SELECT id, UserName,
Attribute, Value, op
FROM radreply WHERE
Username = 'test-pap'
ORDER BY id' ### loading radreply table ## rlm_sql
(sql): Released sql socket id:
3
if found "Fall-Through = Yes" attribute, radgroupcheck is loaded,
but not radgroupreply # ++[sql] returns ok ++[expiration]
returns noop ++[logintime] returns noop ++[pap] returns updated
+- group authorize returns updated rad_check_password: Found
Auth-Type auth: type "PAP" Processing the authenticate
section of radiusd.conf +- entering group PAP rlm_pap: login attempt
with password ngc0bqi rlm_pap: Using clear text password. rlm_pap: User
authenticated successfully ++[pap] returns ok +- group PAP returns
ok Processing the post-auth section of radiusd.conf +- entering
group post-auth rlm_sql (sql): Processing sql_postauth rlm_sql (sql):
sql_set_user escaped user --> 'test-pap' radius_xlat: 'INSERT into
radpostauth (id, user, pass, reply, date) values ('', 'test-pap', 'ngc0bqi',
'Access-Accept', '2008-01-15 20:33:58')' rlm_sql (sql) in sql_postauth: query
is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'test-pap',
'pw123', 'Access-Accept', '2008-01-15 20:33:58') rlm_sql (sql): Reserving sql
socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns
ok +- group post-auth returns ok Sending Access-Accept of id 163 to
7.7.7.1 port 32790 # Here is
when radius server send "items reply" to radiusclient
# Upstream-Speed =
800 attribute in
radreply Downstream-Speed
= 800 ## attribute in radreply Finished
request 0 state 5 Going to the next request rad_recv:
Accounting-Request packet from host 7.7.7.1 port 32790, id=164, length=101
Acct-Session-Id =
"478D34D61E1F00"
User-Name = "test-pap"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
NAS-Port-Type = Virtual
Framed-IP-Address = 7.7.7.123
NAS-IP-Address = 7.7
Re: radgroupreply do not read (read_grous directive)
Ivan, While you're at it, can you check up on my forth-coming paperwork grade for Statistics B class? :-) Regards, Liran. 2008/1/15 <[EMAIL PROTECTED]>: > OK, can we see database entries for a user (and group he belongs to) and > the debug of the access request? Or should I get my crystal ball back > from the polisher? > > Ivan Kalik > Kalik Informatika ISP > > > Dana 15/1/2008, "Arlinelson Fernandes dos Santos" <[EMAIL PROTECTED]> > piše: > > >Yes! I did. And I put attributes into all tables ckeck and > reply. > Did you put something in usergroup table to link users and groups? > >Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, > >"Arlinelson Fernandes dos Santos": >Hi,I am > >usind freeradius 2.0 an need to load radcheck, radreply, >radgroupcheck > >and radgroupreply tables. But radcheck and radreply work. To load > >>radgroupcheck e need to set Fall-Through = Yes, but radgroupreply don't > work. > >The >read_groups directive is 'Yes' but not appers in the radius debug > >mode.How >can I do freeradius load radgroupreply? I have the > >Simultaneous-Use attribut in >this table, I need to use this attribute to > >all users. Someone >please? > > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
OK, can we see database entries for a user (and group he belongs to) and the debug of the access request? Or should I get my crystal ball back from the polisher? Ivan Kalik Kalik Informatika ISP Dana 15/1/2008, "Arlinelson Fernandes dos Santos" <[EMAIL PROTECTED]> piše: >Yes! I did. And I put attributes into all tables ckeck and >reply. > Did you put something in usergroup table to link users and groups? >Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, >"Arlinelson Fernandes dos Santos": >Hi,I am >usind freeradius 2.0 an need to load radcheck, radreply, >radgroupcheck >and radgroupreply tables. But radcheck and radreply work. To load >>radgroupcheck e need to set Fall-Through = Yes, but radgroupreply don't work. >The >read_groups directive is 'Yes' but not appers in the radius debug >mode.How >can I do freeradius load radgroupreply? I have the >Simultaneous-Use attribut in >this table, I need to use this attribute to >all users. Someone >please? > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Yes! I did. And I put attributes into all tables ckeck and reply. Did you put something in usergroup table to link users and groups? Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, "Arlinelson Fernandes dos Santos" pi¹e: >Hi,I am usind freeradius 2.0 an need to load radcheck, radreply, >radgroupcheck and radgroupreply tables. But radcheck and radreply work. To load >radgroupcheck e need to set Fall-Through = Yes, but radgroupreply don't work. The >read_groups directive is 'Yes' but not appers in the radius debug mode.How >can I do freeradius load radgroupreply? I have the Simultaneous-Use attribut in >this table, I need to use this attribute to all users. Someone >please? > > > >-- >Acelerador POP >Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É grátis, pegue já o seu. >http://www.pop.com.br/acelerador > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Acelerador POP Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É grátis, pegue já o seu. http://www.pop.com.br/acelerador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply do not read (read_grous directive)
Did you put something in usergroup table to link users and groups? Ivan Kalik Kalik Informatika ISP Dana 14/1/2008, "Arlinelson Fernandes dos Santos" <[EMAIL PROTECTED]> piše: >Hi,I am usind freeradius 2.0 an need to load radcheck, radreply, >radgroupcheck and radgroupreply tables. But radcheck and radreply work. To load >radgroupcheck e need to set Fall-Through = Yes, but radgroupreply don't work. >The >read_groups directive is 'Yes' but not appers in the radius debug mode.How >can I do freeradius load radgroupreply? I have the Simultaneous-Use attribut in >this table, I need to use this attribute to all users. Someone >please? > > > >-- >Acelerador POP >Acelere a sua conexão discada em até 19 x. Use o Acelerador POP. É >grátis, pegue já o seu. >http://www.pop.com.br/acelerador > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply table
N White <[EMAIL PROTECTED]> wrote: > I see. So, for example, if a user belongs to two groups, which group has > the "prio"rity. So is a lower number a higher priority? 0 being highest? > Thanks! See your SQL docs for what priority means. The SQL queries use it, but other than that, FreeRADIUS doesn't even know it exists. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply table
Alan DeKok wrote: N White <[EMAIL PROTECTED]> wrote: Can anyone explain to me the purpose and usage of the 'prio' column in the radgroupreply table? Order. "SELECT ... by prio" See the "users" file for examples: DEFAULT ... Foo-Stuff = 1 Bar-Junk = 2 is *not* the same as DEFAULT ... Bar-Junk = 2 Foo-Stuff = 1 Sometimes order *does* matter. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html I see. So, for example, if a user belongs to two groups, which group has the "prio"rity. So is a lower number a higher priority? 0 being highest? Thanks! -- --- | Nick White | | Network Administrator | | Tele-NET Internet | | http://www.tele-net.net | | [EMAIL PROTECTED] | --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply table
N White <[EMAIL PROTECTED]> wrote: > Can anyone explain to me the purpose and usage of the 'prio' column in > the radgroupreply table? Order. "SELECT ... by prio" See the "users" file for examples: DEFAULT ... Foo-Stuff = 1 Bar-Junk = 2 is *not* the same as DEFAULT ... Bar-Junk = 2 Foo-Stuff = 1 Sometimes order *does* matter. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : RE : RE : radgroupreply
Hi,
I know I'm a bit stressing but is this something new about radgroupreply
?
Thx a lot
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de EROS
Envoyé : lundi 4 octobre 2004 19:31
À : [EMAIL PROTECTED]
Objet : RE : RE : radgroupreply
Hi,
Thx for you help
I've commented out the sql { } lines, causes it doesn't want to work
with it. I've this line in my radiusd.conf
sql sql1 {
$INCLUDE ${confdir}/sql_local.conf
}
If I don't comment the sql { } line in sql_local.conf the debug tells me
that it doesn't know the rlm_sql_sql1 driver
So the now the sql_local.conf :
#
# Configuration for the SQL module, when using MySQL.
#
# The database schema is available at:
#
# src/radiusd/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql
#
# If you are using PostgreSQL, please use 'postgresql.conf', instead. #
If you are using Oracle, please use 'oracle.conf', instead. # If you
are using MS-SQL, please use 'mssql.conf', instead. #
# $Id: sql.conf,v 1.41.2.1 2004/06/10 00:45:01 phampson Exp $
#
#sql {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc,
rlm_sql_freetds
driver = "rlm_sql_mysql"
# Connect info
server = "localhost"
login = "X"
password = "YY"
# Database table configuration
radius_db = "freeradius"
# If you want both stop and start records logged to the
# same SQL table, leave this as is. If you want them in
# different tables, put the start table in acct_table1
# and stop table in acct_table2
acct_table1 = "radacct"
acct_table2 = "radacct"
# Allow for storing data after authentication
postauth_table = "radpostauth"
authcheck_table = "radcheck"
authreply_table = "radreply"
groupcheck_table = "radgroupcheck"
groupreply_table = "radgroupreply"
usergroup_table = "usergroup"
# Remove stale session if checkrad does not see a double login
deletestalesessions = yes
# Print all SQL statements when in debug mode (-x)
sqltrace = no
sqltracefile = ${logdir}/sqltrace.sql
# number of sql connections to make to server
num_sql_socks = 5
# number of seconds to dely retrying on a failed database
# connection (per_socket)
connect_failure_retry_delay = 60
# Safe characters list for sql queries. Everything else is
replaced
# with their mime-encoded equivalents.
# The default list should be ok
#safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
###
# Query config: Username
###
# This is the username that will get substituted, escaped, and
added
# as attribute 'SQL-User-Name'. '%{SQL-User-Name}' should be
used below
# everywhere a username substitution is needed so you you can be
sure
# the username passed from the client is escaped properly.
#
# Uncomment the next line, if you want the sql_user_name to
mean:
#
#Use Stripped-User-Name, if it's there.
#Else use User-Name, if it's there,
#Else use hard-coded string "DEFAULT" as the user name.
#sql_user_name = "%{Stripped-User-Name:-%{User-Name:-DEFAULT}}"
#
sql_user_name = "%{User-Name}"
###
# Default profile
###
# This is the default profile. It is found in SQL by group
membership.
# That means that this profile must be a member of at least one
group
# which will contain the corresponding check and reply items.
# This profile will be queried in the authorize section for
every user.
# The point is to assign all users a default profile without
having to
# manually add each one to a group that will contain the
profile.
# The SQL module will also honor the User-Profile attribute.
This
# attribute can be set anywhere in the authorize section (ie the
users
# file). It is found exactly as the default profile is found.
# If it is set then it will *overwrite* the default profile
setting.
# The idea is to select profiles based on check
RE : RE : radgroupreply
imul_count_query - query for the number of current
connections
# - If this is not defined, no
simultaneouls use checking
# - will be performed by this module
instance
# simul_verify_query- query to return details of current
connections for verification
# - Leave blank or commented out to
disable verification step
# - Note that the returned field order
should not be changed.
###
# Uncomment simul_count_query to enable simultaneous use
checking
# simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId,
FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND
AcctStopTime = 0"
###
# Group Membership Queries
###
# group_membership_query- Check user group membership
###
group_membership_query = "SELECT GroupName FROM
${usergroup_table} WHERE UserName='%{SQL-User-Name}'"
###
# Authentication Logging Queries
###
# postauth_query- Insert some info after
authentication
###
postauth_query = "INSERT into ${postauth_table} (id, user, pass,
reply, date) values ('', '%{User-Name}',
'%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())"
#
# Set to 'yes' to read radius clients from the database ('nas'
table)
readclients = yes
#}
Thx :)
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de
Kostas Kalevras
Envoyé : lundi 4 octobre 2004 14:34
À : [EMAIL PROTECTED]
Objet : Re: RE : radgroupreply
On Sun, 3 Oct 2004, EROS wrote:
> I'm still trying to make the radgroupreply work but it doesn't want
>
>
> Is somebody has it working (which freeradius version...) and how do I
> do to succeed ?
>
>
> thx
>
> modcall: entering group redundant for request 0
> radius_xlat: 'test001'
> rlm_sql (sql1): sql_set_user escaped user --> 'test001' rlm_sql
> (sql1): Reserving sql socket id: 3
> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck
> WHERE Username = 'test001' ORDER BY id' rlm_sql (sql1): User found in
> radcheck table
> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply
> WHERE Username = 'test001' ORDER BY id' rlm_sql (sql1): Released sql
> socket
> id: 3
The group queries don't seem to be called at all. What do you have in
your sql.conf?
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : radgroupreply
On Sun, 3 Oct 2004, EROS wrote: > I'm still trying to make the radgroupreply work but it doesn't want > > Is somebody has it working (which freeradius version...) and how do I do > to succeed ? > > > thx > > modcall: entering group redundant for request 0 > radius_xlat: 'test001' > rlm_sql (sql1): sql_set_user escaped user --> 'test001' > rlm_sql (sql1): Reserving sql socket id: 3 > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE > Username = 'test001' ORDER BY id' rlm_sql (sql1): User found in radcheck > table > radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE > Username = 'test001' ORDER BY id' rlm_sql (sql1): Released sql socket > id: 3 The group queries don't seem to be called at all. What do you have in your sql.conf? -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE : radgroupreply
, 'test001', 'Chap-Password', 'Access-Accept', NOW()) rlm_sql (sql1): Reserving sql socket id: 1 rlm_sql (sql1): Released sql socket id: 1 modcall[post-auth]: module "sql1" returns ok for request 0 modcall: group redundant returns ok for request 0 modcall: group post-auth returns ok for request 0 Sending Access-Accept of id 1 to 192.168.200.1:4395 Session-Timeout = 29612 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 3 seconds... rad_recv: Access-Request packet from host 192.168.200.1:4395, id=1, length=48 Sending duplicate reply to client Chillispot:4395 - ID: 1 Re-sending Access-Accept of id 1 to 192.168.200.1:4395 Waking up in 3 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 1 with timestamp 415c71f8 Nothing to do. Sleeping until we see a request. There is no request on group it seems... So -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Kostas Kalevras Envoyé : jeudi 30 septembre 2004 16:13 À : [EMAIL PROTECTED] Objet : Re: radgroupreply On Thu, 30 Sep 2004, EROS wrote: > Yes I have it > > I have the user test001 with group1 in usergroup > And group1 Idle-Timeout = 600 in radgroupreply > I have some items in radreply for this user but none about > idle-timeout > > So... ..so run the server in debug to see what happens > > > -Message d'origine- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] De la part de > Kostas Kalevras Envoy? : jeudi 30 septembre 2004 15:32 ? : > [EMAIL PROTECTED] > Objet : Re: radgroupreply > > > On Thu, 30 Sep 2004, EROS wrote: > > > Hi, > > > > > > I've put in the radgroupreply table (mysql) some reply item like > > idle-timeout. But in the radius accept response there is none of > > those > > > items. If I put those same items on the radreply itworks. > > > > So anyone any idea ? > > Have you also configured group membership (table usergroup)? > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply
On Thu, 30 Sep 2004, EROS wrote: > Yes I have it > > I have the user test001 with group1 in usergroup > And group1 Idle-Timeout = 600 in radgroupreply > I have some items in radreply for this user but none about idle-timeout > > So... ...so run the server in debug to see what happens > > > -Message d'origine- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] De la part de > Kostas Kalevras > Envoy? : jeudi 30 septembre 2004 15:32 > ? : [EMAIL PROTECTED] > Objet : Re: radgroupreply > > > On Thu, 30 Sep 2004, EROS wrote: > > > Hi, > > > > > > I've put in the radgroupreply table (mysql) some reply item like > > idle-timeout. But in the radius accept response there is none of those > > > items. If I put those same items on the radreply itworks. > > > > So anyone any idea ? > > Have you also configured group membership (table usergroup)? > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply
On Thu, 30 Sep 2004, EROS wrote: > Hi, > > > I've put in the radgroupreply table (mysql) some reply item like > idle-timeout. But in the radius accept response there is none of those > items. > If I put those same items on the radreply itworks. > > So anyone any idea ? Have you also configured group membership (table usergroup)? > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radgroupreply field explanations?
On Fri, 17 Sep 2004, Scott A. H. Phillips wrote: > Hi all, > > I'm upgraded to FreeRADIUS from an old version of ICRADIUS but having > trouble migrating my old tables. To start with, the radgroupreply table of > FreeRADIUS has two fields, op CHAR(2) and prio INT(10) not present in my > older ICRADIUS table. > > I'm wondering if anyone can tell me what these two fields are for and maybe > make a suggestion about what to do about them through the migration. > > Many thanks, > --Scott! Take a look at doc/rlm_sql: http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/doc/rlm_sql?rev=1.4&content-type=text/x-cvsweb-markup > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
