sqlcounter problem

2007-01-18 Thread satish patel
Dear ALL I have configure freeradius-1.1.4 version with mysql and my NSA is cisco with VPDN configuration now i have create user "aaa" in mysql with this attributes Max-Daily-Session | := | 1800 my sql counter configuration is sqlcounter dailycounter { driv

disconnect user and clear session

2007-01-18 Thread satish patel
Dear ALL I have usering freeradius version 1.1.4 with mysql it is working fine but i dont know how to kick off user during login time means i want to disconnect user from radius then how to do it and i also have one more problem of session i have disconnected user but whn i

freeradius and ssh

2007-01-18 Thread Zion
Hi All I hope you can help I’m net in the freeradius world and I’m trying to use freeradius as an authentication server for ssh sessions i have the following setup: client --> server (useing pam) --> radius server Under /etc/pam.d I have sshd with the following: # auth required

Re: freeradius and ssh

2007-01-18 Thread Stefan Winter
Hi, > #accountrequired pam_stack.so service=system-auth > accountrequired pam_radius_auth.so pam_radius_auth doesn't handle accounting. Use a dummy here; I'm not exactly sure how the module is called. THere should be some pam_null.so or pam_ignore.so on your system. Stefan --

Re: One question about Access-Request packet

2007-01-18 Thread Rafał Kamiński
Hi again, I set EAP-TLS with cert. - i use that text http://www.fredprod.com/affiche_howtos.php but ... i set in radius.conf authorize { files } and authenticate { eap } and in users file "username-the same what in cert" Auth-Type := EAP but in debug mode i see:

Re: sqlcounter problem

2007-01-18 Thread Alan DeKok
satish patel wrote: > Dear ALL > > I have configure freeradius-1.1.4 version with mysql and my > NSA is cisco with VPDN configuration now i have create user "aaa" in > mysql with this attributes ... > sqlcounter dailycounter { > driver = "rlm_sqlcounter" Where does that

Re: sqlcounter problem

2007-01-18 Thread satish patel
thx for help i got it what u want to say. I have one more question how do i disconnect user in freeradius online user ??? and is it possible to bind per users bandwidth with Cisco-AVpair attributes i have cisco vpdn NAS and i want to limit user bandwidth restriction thru

Re: AW: Feeding an LDAP replyItem to an MS-CHAPv2 ntlm_auth request

2007-01-18 Thread Alan DeKok
Haas Florian wrote: > So, to clarify my original question. What I want is this: > > 1. Put the value of an LDAP attribute (sAMAccountName) into a variable when > the > user is authorized in LDAP. > 2. Access that variable when the user is being authenticated via MS-CHAPv2, > and > put it into th

Re: EAP-TLS/seg fault with 4096 bit keys

2007-01-18 Thread Alan DeKok
James Lever wrote: > As soon as I migrate back to 2k keys it again works as expected. > > Can anybody make any suggestions on how to debug this? doc/bugs Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/su

Re: 3Com-User-Access-Level Not Applied

2007-01-18 Thread Alan DeKok
Alexandre Soares wrote: > > Hello Alean, > > I applied below changes in the source valuepair.c present in sr/lib but > the problem still present, do you have other ideia ? Could you please post: a) "users" file entry b) debugging output of what you see (request && response) for a simple re

Re: How to send tome clients to the same detail file

2007-01-18 Thread Alan DeKok
Angel L. Mateo wrote: > My problem is that this is working fine for the auth-detail file, but > detail file is still logging individually, without using the > Huntgroup-Name variable. Accounting requests aren't processed through the "huntgroups" file. You'll have to find another way to get

mschap and ldap auth-type together no more working

2007-01-18 Thread LALOT Dominique
Hello, I had a problem with ippool, but it is a NAS problem. I wanted to do further checks so I upgrade to newer versions: freeradius 1.0.2-4sarge3 stable (I come from this one) freeradius 1.1.3-3 testing freeradius 1.1.2-1bpo1 sarge-backports Before, I was able to do LDAP

rlm_eap: Failed to link EAP-Type/peap: rlm_eap_peap.so:

2007-01-18 Thread María Félix Rodríguez
Hi, At first, sorry for my english, (I'm spanish :). I've just installed freeradius, and I would like to use PEAP-MS-CHAP authentication, I've configured needed files, and when I try to start freeradius, with the debug option, y receive this messages: tls: private_key_file = "/ca/key_radius.pem"

Re: Freeradius-Users Digest, Vol 21, Issue 58

2007-01-18 Thread Mike
Mike wrote: > All, > When trying to use the "radauth" tool from nagios to monitor > freeradius, I get the following in the freeradius log: > > Error: WARNING: Malformed RADIUS packet from host ... too long (length > 18432 > maximum 4096) > > radtest seems to be ok. has anyone else experienced thi

Mac OS X EAP-TLS with wrong usename kills freeradius when check_cert_cn is set

2007-01-18 Thread Miika Räisänen
dius 1.1.1 / SUN Os 5.8 Freeradius 1.1.3 (FC6's rpm) / FC6 Freeradius 1.1.4 (build from source)/ FC6 Freeradius snapshot 20070118 (build from source) / FC6 Freeradius 1.1.4 (build from source) / CentOS 4.4 FC and Centos are using distros default openssl libs etc. Heres some log and debug f

RE: Restrict Password from detail file , accounting

2007-01-18 Thread Ellis, Scott 1 (N-Comptel Inc.)
I have the new version 1.1.4 up and running. I also have uncommented the "suppress" stanza in radiusd.conf below. However, in radacct/auth- files, the password is still showing up..??? Is there something else to do? Scott -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PRO

Re: Best practices for redundant servers

2007-01-18 Thread Peter Nixon
On Mon 06 Nov 2006 19:38, Aaron Paetznick wrote: > Thanks, this was helpful. I would rather not use LVS. I would prefer > to use the built-in functionality of the NAS to fall back from a primary > to secondary or tertiary auth/accounting servers. > > This whole setup would be far simpler and more

Re: Best practices for redundant servers

2007-01-18 Thread Dennis Skinner
Peter Nixon wrote: > If you must use Mysql, use Master-Slave replication for as many authorization > servers as you wish, but configure only ONE radius server to actually write > accounting to the master database and all the others to use radrelay (or > radsqlrelay) to get the data to that serve

Re: 3Com-User-Access-Level Not Applied

2007-01-18 Thread Alexandre Soares
uot; returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 268439553,Client-IP-Address = 192.168.0.30,NAS-IP-Address = 192.168.0.30,Acct-Session-Id = "1100030123581",User-Name = "asoares"' rlm_acct_unique: Acct-Unique-Session-ID = "eb49d1a90caa7493&q

Re: Best practices for redundant servers

2007-01-18 Thread Graham Beneke
Dennis Skinner wrote: > For serious billable accounting you probably want to write to files and > then import them into the db (there is a module to help with this). > Radius will happily skip queries that take too long or if there are not > enough mysql connections available on the accounting sid

Cisco-AVpair rate-limit attributes

2007-01-18 Thread satish patel
Dear all i have cisco VPDN with freeradius ( 1.1.4 ) on Suse 10.2 my users connect throgh the xp client useig vpn connection and useing Internet Services but now thing is that i wann restrict user base bandwidth means i want to set bandwidth 64kbps for user1 and 128 kbps for use

Suggestion for prepaid services

2007-01-18 Thread PD
Dear all, Is there any solutions for prepaid services such as hotspot ? I look thru the mailing list archieve and only found one unanswered question. TIA PD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Best practices for redundant servers

2007-01-18 Thread Alan DeKok
Graham Beneke wrote: > > I remember reading about 'radsqlrelay' that does essentially this. It is > also mentioned once in radiusd.conf but subsequent searching has brought > up nothing worthwhile. > > Does anyone remember where there is doccumentation on this? rlm_sql_log writes the logs scr

Re: 3Com-User-Access-Level Not Applied

2007-01-18 Thread Alan DeKok
Alexandre Soares wrote: > > the files resquested are attached Please follow instructions. It helps. I didn't ask for the radiusd.conf, or the dictionary files, or the clients.conf, or the naslist for a REASON. They don't help. I asked for one entry from the "users" file, not the whole thing.

Re: Restrict Password from detail file , accounting

2007-01-18 Thread Alan DeKok
Ellis, Scott 1 (N-Comptel Inc.) wrote: > I have the new version 1.1.4 up and running. I also have uncommented the > "suppress" stanza in radiusd.conf below. However, in radacct/auth- > files, the password is still showing up..??? Did you add the "suppress" section to the configuration for *a