Re: sql question
Hi Ivan, Thank you very much! I owe you guys a pack of beer! Worked finely! I will now take a breath and go deeply into radius manual to understand these operators. Felipe [EMAIL PROTECTED] wrote: OK. Put back: DEFAULT Auth-Type = System Fall-Through = 1 in your users file. Post radiusd -X output for SQL user. If he is found in the database but still rejected you might need to add Auth-Type Local with op := to your radgroupcheck table. Ivan Kalik Kalik Informatika ISP Dana 8/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED] piše: I just tried it, but then only the sql user is accepted. Thanks, Felipe [EMAIL PROTECTED] wrote: From radiusd.conf: # In general, you SHOULD NOT set the Auth-Type attribute. The server # will figure it out on its own, and will do the right thing. The # most common side effect of erroneously setting the Auth-Type # attribute is that one authentication method will work, but the # others will not. Remove both Auth-Types and let server sort it out. Make sure sql and unix entries in radiusd.conf are not commented out. Ivan Kalik Kalik Informatika ISP Dana 8/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED] piše: Hi Kevin and Ivan, Thank you for your replies. I now have it working ok. I do have a further question: I need to auth users both from system (unix passwd) and local (sql). How can I do that? I tried: DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type = local #Fall-Through = 1 # Exec-Program-Wait = /usr/bin/php/home/ispadmin/latest/src/checkradius.php %u %n , But it only works for the system entry. Thank you, Felipe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
I am using Freeradius as a Secondary Radius. The issue is sometimes not always but 98% of the time A user when they connect to the secondary (freeradius) and connect accounting packet start and then when they disconnect no accounting packet stop gets to the secondary Reason its going to the primary radius (VOPRAdius) Thus the problem being the secondary thinks they are still connected. The nas's are not onn site these are from level3 networks Does anyone know what to do for this? I am at a stump on this one. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
Please start your own thread. Don't hijack others. Use the same database for storing accounting data for both servers. If you store data from one server in one place and data from the other server in another ... Ivan Kalik Kalik Informatika ISP Dana 9/6/2007, Jeff [EMAIL PROTECTED] piše: I am using Freeradius as a Secondary Radius. The issue is sometimes not always but 98% of the time A user when they connect to the secondary (freeradius) and connect accounting packet start and then when they disconnect no accounting packet stop gets to the secondary Reason its going to the primary radius (VOPRAdius) Thus the problem being the secondary thinks they are still connected. The nas's are not onn site these are from level3 networks Does anyone know what to do for this? I am at a stump on this one. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
sorry my fault _ From: [EMAIL PROTECTED] To: FreeRadius users mailing list [mailto:[EMAIL PROTECTED] Sent: Sat, 09 Jun 2007 13:55:17 -0400 Subject: Re: sql question Please start your own thread. Don't hijack others. Use the same database for storing accounting data for both servers. If you store data from one server in one place and data from the other server in another ... Ivan Kalik Kalik Informatika ISP Dana 9/6/2007, Jeff [EMAIL PROTECTED] piše: I am using Freeradius as a Secondary Radius. The issue is sometimes not always but 98% of the time A user when they connect to the secondary (freeradius) and connect accounting packet start and then when they disconnect no accounting packet stop gets to the secondary Reason its going to the primary radius (VOPRAdius) Thus the problem being the secondary thinks they are still connected. The nas's are not onn site these are from level3 networks Does anyone know what to do for this? I am at a stump on this one. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
On Friday 08 June 2007 13:24:20 [EMAIL PROTECTED] wrote: radgroupreply: | 27 | dialup| Framed-IP-Address | 255.255.255.254 | == | | 28 | dialup| Framed-Compression | Van-Jacobson-TCP-IP | == | | 29 | dialup| Framed-IP-Netmask | 255.255.255.255 | == | | 30 | dialup| Framed-MTU | 576 | == | | 31 | dialup| Idle-Timeout | 900 | := | - change all ops to = Change all '==' to just '=' or ':=', depending on your needs. The operator for Idle-Timeout is correct. - is this (255.255.255.254) really the IP address you want to give your user; client is unlikely to accept IP address above 224 subnet The RFCs say that this IP tells the NAS to assign an IP from the dynamic pool. -Kevin pgpnDk4jIgQil.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
Did you pick the operators by chance? You are not very lucky, as only one (for the password) is correct. Even that is not correct if this is the latest version of the server (1.1.6) - you should use Cleartext-Password and := as an operator. radgroupcheck: ++---+--+---++ | id | GroupName | Attribute| Value | op | ++---+--+---++ | 1 | dialup| Auth-Type| Local | == | | 2 | dialup| Simultaneous-Use | 1 | == | ++---+--+---++ - delete Auth-Type; you don't need it for a recent server version - change op for Simultaneous-Use to := radgroupreply: ++---++-++ | id | GroupName | Attribute | Value | op | ++---++-++ | 27 | dialup| Framed-IP-Address | 255.255.255.254 | == | | 28 | dialup| Framed-Compression | Van-Jacobson-TCP-IP | == | | 29 | dialup| Framed-IP-Netmask | 255.255.255.255 | == | | 30 | dialup| Framed-MTU | 576 | == | | 31 | dialup| Idle-Timeout | 900 | := | ++---++-++ - change all ops to = - is this (255.255.255.254) really the IP address you want to give your user; client is unlikely to accept IP address above 224 subnet users file: users: Matched DEFAULT at 173 rad_check_password: Found Auth-Type System There is a DEFAULT entry towards the end of users file setting Auth-Type System. Comment it out. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
Hi Kevin and Ivan, Thank you for your replies. I now have it working ok. I do have a further question: I need to auth users both from system (unix passwd) and local (sql). How can I do that? I tried: DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type = local #Fall-Through = 1 # Exec-Program-Wait = /usr/bin/php/home/ispadmin/latest/src/checkradius.php %u %n , But it only works for the system entry. Thank you, Felipe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
From radiusd.conf: # In general, you SHOULD NOT set the Auth-Type attribute. The server # will figure it out on its own, and will do the right thing. The # most common side effect of erroneously setting the Auth-Type # attribute is that one authentication method will work, but the # others will not. Remove both Auth-Types and let server sort it out. Make sure sql and unix entries in radiusd.conf are not commented out. Ivan Kalik Kalik Informatika ISP Dana 8/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED] piše: Hi Kevin and Ivan, Thank you for your replies. I now have it working ok. I do have a further question: I need to auth users both from system (unix passwd) and local (sql). How can I do that? I tried: DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type = local #Fall-Through = 1 # Exec-Program-Wait = /usr/bin/php/home/ispadmin/latest/src/checkradius.php %u %n , But it only works for the system entry. Thank you, Felipe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
I just tried it, but then only the sql user is accepted. Thanks, Felipe [EMAIL PROTECTED] wrote: From radiusd.conf: # In general, you SHOULD NOT set the Auth-Type attribute. The server # will figure it out on its own, and will do the right thing. The # most common side effect of erroneously setting the Auth-Type # attribute is that one authentication method will work, but the # others will not. Remove both Auth-Types and let server sort it out. Make sure sql and unix entries in radiusd.conf are not commented out. Ivan Kalik Kalik Informatika ISP Dana 8/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED] piše: Hi Kevin and Ivan, Thank you for your replies. I now have it working ok. I do have a further question: I need to auth users both from system (unix passwd) and local (sql). How can I do that? I tried: DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type = local #Fall-Through = 1 # Exec-Program-Wait = /usr/bin/php/home/ispadmin/latest/src/checkradius.php %u %n , But it only works for the system entry. Thank you, Felipe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql question
OK. Put back: DEFAULT Auth-Type = System Fall-Through = 1 in your users file. Post radiusd -X output for SQL user. If he is found in the database but still rejected you might need to add Auth-Type Local with op := to your radgroupcheck table. Ivan Kalik Kalik Informatika ISP Dana 8/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED] piše: I just tried it, but then only the sql user is accepted. Thanks, Felipe [EMAIL PROTECTED] wrote: From radiusd.conf: # In general, you SHOULD NOT set the Auth-Type attribute. The server # will figure it out on its own, and will do the right thing. The # most common side effect of erroneously setting the Auth-Type # attribute is that one authentication method will work, but the # others will not. Remove both Auth-Types and let server sort it out. Make sure sql and unix entries in radiusd.conf are not commented out. Ivan Kalik Kalik Informatika ISP Dana 8/6/2007, Felipe Ceglia - PY1NB [EMAIL PROTECTED] piše: Hi Kevin and Ivan, Thank you for your replies. I now have it working ok. I do have a further question: I need to auth users both from system (unix passwd) and local (sql). How can I do that? I tried: DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Auth-Type = local #Fall-Through = 1 # Exec-Program-Wait = /usr/bin/php/home/ispadmin/latest/src/checkradius.php %u %n , But it only works for the system entry. Thank you, Felipe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html