On Thu, 2007-07-26 at 02:00 +0100, George Beitis wrote:
Hey guys
I am a bit new to the scene and i am having a few problems with
configuring freeradius. In essence what i want is that the user, once
verified to be assigned to a specific vlan and get an ip address from a
dhcp server, which
Hi everyone,
I can't find anything the various documentation sources
related to the debug_level parameter.
Made a grep on the doc folder, searched Google and FreeRadius Wiki...
It seems to be usually put to a value of 0.
Can you explain what are the relevant values for this parameter
and what it
Hi,
We are using freeradius 1.1.6, now, to provide
access for our wireless network only.
The accounting is very detailed and
comprehensive: IP addresses, usernames, packets, roles, APs, SSIDs, etc.
Now, we are starting to use the same radius to
give 802.1x access to our wired network.
The
Roy Walker wrote:
Ok chaning the indexes definately made some difference. The database load
still went off the charts, but the radius logs were much better with DB
errors connect errors. This still seems horribly slow.
The problem is that RADIUS servers take less time to do things than
Hi everyone,
does freeradius support multiple vlan assigment?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu 26 Jul 2007, ram wrote:
On 7/26/07, Alan DeKok [EMAIL PROTECTED] wrote:
ram wrote:
iam have installed fresh copy with freeradius+mysql document
What document? To install the server the server, you just follow the
instructions in the INSTALL.
On Fri 27 Jul 2007, Alan DeKok wrote:
ram wrote:
What document? To install the server the server, you just follow
the instructions in the INSTALL.
http://www.frontios.com/freeradius.html
Please explain why you would prefer to follow third-party instructions
that talk about a
Hi,
I was starting to look at checkrad, and found (based on
http://www.freeradius.org/radiusd/doc/Simultaneous-Use) that using
other as the NAS-type will actually check only radutmp instead of
looking at the actual NAS. Now, Could someone point me what would be the
proper NAS type to use for each
Roy,
The obvious really bad ones I have noted below.
Ken
On Thu, Jul 26, 2007 at 12:57:15PM -0500, Roy Walker wrote:
Here is the config lines:
max_connections = 100
shared_buffers = 400MB
Could be as much as 25% of RAM or 2GB.
temp_buffers = 32MB
work_mem = 1MB
Running EXPLAIN ANALYZE
Please explain why you would prefer to follow third-party instructions
that talk about a version YEARS out of date.
Even if it *is* referenced in doc/rlm_sql, it's obvious what you did.
You installed the server, and then BEFORE trying to see if it works,
you spent a lot of time
On Fri 27 Jul 2007, Roberto Greiner wrote:
Hi,
I was starting to look at checkrad, and found (based on
http://www.freeradius.org/radiusd/doc/Simultaneous-Use) that using
other as the NAS-type will actually check only radutmp instead of
looking at the actual NAS. Now, Could someone point me
Peter Nixon wrote:
That document is greater than 2 years old and there are several parts of
it that were ALWAYS wrong :-(
Oh... And we list it as a source in doc/rlm_sql
Alan we have to remove it immediately!
Done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Oh. I forgot to add:
effective_cache_size = 196608 # 3x shared_buffers
Cheers
Peter
On Thu 26 Jul 2007, Peter Nixon wrote:
Well, I have a pretty small, single core SunFire x2100 with 2GB ram and
SATA disks as my DB server. Your 8 Core box with 8g of ram and hardware
RAID should therefore
George Beitis wrote:
Hi everyone,
does freeradius support multiple vlan assigment?
What do you mean by that?
FreeRADIUS allows you to put just about anything in a response. See
your NAS documentation for what it expects, and what to send.
Alan DeKok.
-
List info/subscribe/unsubscribe?
On Thu 26 Jul 2007, George Beitis wrote:
Hi everyone,
does freeradius support multiple vlan assigment
yes
--
Peter Nixon
http://peternixon.net/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Well, I have a pretty small, single core SunFire x2100 with 2GB ram and SATA
disks as my DB server. Your 8 Core box with 8g of ram and hardware RAID
should therefore at least 4 times faster, possibly up to 10 times faster.
The major differences I have are:
max_connections = 400
shared_buffers
ram wrote:
rlm_acct_unique: Cannot find attribute 'NAS-IP-Address' in dictionary
Huh?
a) you didn't install the server correctly
b) you installed the server on top of a pre-existing server that was
broken
Alan DeKok.
-
List info/subscribe/unsubscribe? See
In 1.1.6 you can make several sql.conf modules with different accounting
queries. Then sort out which NAS uses which in acct_users file. Read
about multiple sql instances :
http://wiki.freeradius.org/Rlm_sql
Ivan Kalik
Kalik Informatika ISP
Dana 26/7/2007, Nicolas Velazquez [EMAIL PROTECTED]
Hi all, i need to configure a system that works with openldap +
freeradius and that assign the vlan automatic to the users... does
anybody has any howto to do it?
I read this one: http://www.freeradius.org/radiusd/doc/ldap_howto.txt
but, the versions of the softwares is very old, and in some
Date: Thu, 26 Jul 2007 13:31:37 +0100
From: [EMAIL PROTECTED]
Subject: Re: SQL and different accounting records by NAS
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-2
Have a look at
Hi All,
Ok, after reviewing all the information that was received, I've setup my
FreeRadius
as following:
1. The authorize and authenticate sections are setup to activate digest and
perl.
2. My rlm_perl script utilizes the following lines in order to return the
unencrypted
user password
On Thu 26 Jul 2007, Kenneth Marshall wrote:
Roy,
It sounds like you may need to adjust the DB parameters. The defaults,
even in 8.2, are still fairly conservative. Would you post your current
settings for things like:
max_connections
shared_buffers
work_mem
maintenance_work_mem
VM wrote:
I can't find anything the various documentation sources
related to the debug_level parameter.
There is none.
It seems to be usually put to a value of 0.
Can you explain what are the relevant values for this parameter
and what it is supposed to control ?
It controls debugging.
In access points it does not do any routing from what i can tell so far
Phil Mayers wrote:
On Thu, 2007-07-26 at 14:09 +0100, [EMAIL PROTECTED] wrote:
Are you sure? Type:
ip dhcp pool whatever(pool name)
in configuration mode and you should go into dhcp pool configuration. You
should
Dusty doris are you here? i need talk to you. and your mail
[EMAIL PROTECTED] doesnt work...
Sorry for all,
Regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PS. In real life case you would send your dynamic vlan configuration with
IP addresses etc. from radius and keep your authentication, accounting
and IP administration in one place. That scales best.
Ivan Kalik
Kalik Informatika ISP
Dana 26/7/2007, George Beitis [EMAIL PROTECTED] piše:
Hey Ivan
]: module preprocess returns ok for request 0
radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20070726'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20070726
modcall[authorize]: module auth_log
Have a look at 2.0. It can do if/than/else in .conf files so you should
be able to define different sql statements for different cases.
Ivan Kalik
Kalik Informatika ISP
Dana 26/7/2007, Nicolas Velazquez [EMAIL PROTECTED] piše:
Hi,
We are using freeradius 1.1.6, now, to provide
access for our
Dear Phil
Firstly thank you for taking the time to reply and for your straight
forward reply to this matter. I 'm doing this as part of my MSc
project, well this is actually part of the initial setup, not the
project it self, and i have in my disposal a limited number of
devices. I borrowed a
That's not exactly what I asked but thanks,
that's actually a link which I can use.
Liran.
On 7/25/07, Dennis Skinner [EMAIL PROTECTED] wrote:
liran tal wrote:
Hey everyone,
I was wondering... are the Op values for certain RADIUS attributes will
always be the same or it is completely
ram wrote:
What document? To install the server the server, you just follow the
instructions in the INSTALL.
http://www.frontios.com/freeradius.html
Please explain why you would prefer to follow third-party instructions
that talk about a version YEARS out of date.
Even if it
On Thu 26 Jul 2007, Alan DeKok wrote:
Roy Walker wrote:
Ok chaning the indexes definately made some difference. The database
load still went off the charts, but the radius logs were much better
with DB errors connect errors. This still seems horribly slow.
The problem is that RADIUS
On 7/26/07, Alan DeKok [EMAIL PROTECTED] wrote:
ram wrote:
rlm_acct_unique: Cannot find attribute 'NAS-IP-Address' in dictionary
Huh?
a) you didn't install the server correctly
b) you installed the server on top of a pre-existing server that was
broken
Hi
iam have installed fresh copy
Fabio Silva wrote:
Hi all, i need to configure a system that works with openldap +
freeradius and that assign the vlan automatic to the users... does
anybody has any howto to do it?
Read your NAS documentation on what attributes it needs to assign a
VLAN. Then, make FreeRADIUS send them.
Hi all
I have installed freeradius-1.1.6
with mysql
when i run radiusd -X
i get the following error
rlm_sql (sql): Connected new DB handle, #4
Module: Instantiated sql (sql)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Date: Thu, 26 Jul 2007 13:31:37 +0100
From: [EMAIL PROTECTED]
Subject: Re: SQL and different accounting records by NAS
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=ISO-8859-2
Have a look at
Hi all,
Please disregard, I've solved the thing ;-) Silly typo in the return.
Z2L
- Original Message -
From: FreeRadius-ML [EMAIL PROTECTED]
To: freeradius-users freeradius-users@lists.freeradius.org
Sent: Thursday, July 26, 2007 6:41:21 PM (GMT+0200) Asia/Jerusalem
Subject: Fwd:
users file line:
[EMAIL PROTECTED] Auth-Type := EAP, User-Password == a, Ldap-Group ==
wifi
Totally wrong. You want:
[EMAIL PROTECTED] Cleartext-Password := a, Ldap-Group == wifi
Thanks, I owe you one
Bye,
Inverse.
-
List info/subscribe/unsubscribe? See
On Thu, 2007-07-26 at 14:09 +0100, [EMAIL PROTECTED] wrote:
Are you sure? Type:
ip dhcp pool whatever(pool name)
in configuration mode and you should go into dhcp pool configuration. You
should be able to configure IP range (network), gateway
(derfault-router) and DNS (dns-server) from
My thinking from what you said is to setup the vlans/tunnels on the
access point, setup freeradius and then run a dhcp server on the old
computer. If i want to add the dhcp server to many virtual lans do i
need to create some sort of virtual interface for each? Or does the
router need to
Are you sure? Type:
ip dhcp pool whatever(pool name)
in configuration mode and you should go into dhcp pool configuration. You
should be able to configure IP range (network), gateway
(derfault-router) and DNS (dns-server) from there. I am sure dhcp is
included in IOS.
Ivan Kalik
Kalik
Hey Ivan
no i dont have to use an external one, but it seems like the only choice
as the Aironet 1200 access point does not come with one bundled it,
which would have made my life easier, but on the other hand it wouldn't
be extensible or simulate a real life case
thanks for your reply
regards
Roy,
It sounds like you may need to adjust the DB parameters. The defaults,
even in 8.2, are still fairly conservative. Would you post your current
settings for things like:
max_connections
shared_buffers
work_mem
maintenance_work_mem
max_fsm_pages
vacuum_cost_*
bgwriter_*
wal_buffers
Do you have to use an external DHCP server (project requirement)? Aironet
has one (Cisco IOS). You can define DHCP pools on the AP and pass avpair
for the pool with your vlan configuration from Freeradius. You can also
do away withDHCP, define ip_pools in Freeradius and pass addresses, DNS
etc.
Hi Roy
Thats good news. I am going to change the defaults queries to the ones I sent
you. A few questions..
Are you running accounting with your tests or is it all auth? Just an auth
test will not be representative. Throw accounting into the mix and it will
be worse :-D
Depending on the
On 7/26/07, Alan DeKok [EMAIL PROTECTED] wrote:
ram wrote:
iam have installed fresh copy with freeradius+mysql document
What document? To install the server the server, you just follow the
instructions in the INSTALL.
http://www.frontios.com/freeradius.html
ram
-
List
On Thu 26 Jul 2007, Peter Nixon wrote:
On Thu 26 Jul 2007, ram wrote:
On 7/26/07, Alan DeKok [EMAIL PROTECTED] wrote:
ram wrote:
iam have installed fresh copy with freeradius+mysql document
What document? To install the server the server, you just follow the
instructions in the
ram wrote:
iam have installed fresh copy with freeradius+mysql document
What document? To install the server the server, you just follow the
instructions in the INSTALL.
It appears you edited the dictionaries, and broke them. Don't do that.
iam trying to integrate with openser
any
Here is the config lines:
max_connections = 100
shared_buffers = 400MB
temp_buffers = 32MB
work_mem = 1MB
maintenance_work_mem = 128MB
max_fsm_pages = 204800
Didn't change any of these as for my testing I don't have autovacuum
enabled.
#vacuum_cost_delay = 0 # 0-1000
On Thu 26 Jul 2007, FreeRadius-ML wrote:
Hi all,
Please disregard, I've solved the thing ;-) Silly typo in the return.
Z2L
- Original Message -
From: FreeRadius-ML [EMAIL PROTECTED]
To: freeradius-users freeradius-users@lists.freeradius.org
Sent: Thursday, July 26, 2007 6:41:21
Thank you very much Ivan.
It´s very useful to know that 2.0 could include this features.
But, also, it's very useful to know if 1.1.6 includes or not any of these.
And this is an important question.
In the past I wasted so much time reading,
searching and testing features that finally were
radius_xlat: '/var/log/radius/radacct/127.0.0.1/auth-detail-20070726'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/auth-detail-20070726
modcall[authorize]: module auth_log returns ok for request 0
modcall[authorize
On Thu, 2007-07-26 at 13:11 +0100, [EMAIL PROTECTED] wrote:
Do you have to use an external DHCP server (project requirement)? Aironet
has one (Cisco IOS). You can define DHCP pools on the AP and pass avpair
for the pool with your vlan configuration from Freeradius. You can also
do away
53 matches
Mail list logo
