hi,
i tried to get coopa chilli running, but i have problems with radius and
mysql. Radius works with users from files, but not with mysql. I can
only see on startup some mysql messages (connect) but no queries at all.
The system Debian Lenny.
sql.conf
sql {
database = mysql
Denny,
A couple of things:
1. Check the SQL How To at: http://wiki.freeradius.org/SQL_HOWTO
2. The radcheck table should have entries like:
mysql select * from radcheck;
++++--+--+
| id | UserName | Attribute
i tried to get coopa chilli running, but i have problems with radius and
mysql. Radius works with users from files, but not with mysql. I can
only see on startup some mysql messages (connect) but no queries at all.
..
Wed Mar 4 20:00:03 2009 : Debug: modsingle[authorize]: calling sql
(rlm_sql)
Given the circumstances, the company has now decided to go forward with a Linux
solution. I'm going for Ubuntu, since I have a desktop version at home. If
there are any problems with this brand, I guess you'll give me a warning. ;-)
A big thanks to everone who responded.
Best regards
Ove
HI!
Can you help me,
I don't know how can i send back the client ip address to the openvpn
client.
The cisco vpn 3000 works correctly with cvpn3000 directory.
Are there any directory for openvpn?
or which return attrib name I can use?
Thank you!
Gabor
-
List info/subscribe/unsubscribe?
We are using eap-tls for authetication assisted with a database for filling
in some attributes.
FreeRADIUS Version 2.1.3 with minimal configuration will do a sql lookup for
each round.
(Four selects: radcheck, radusergroup, radgroupcheck and radgroupreply).
There are 6-9 rounds depending on
Hegedus Gabor a écrit :
HI!
Can you help me,
I don't know how can i send back the client ip address to the openvpn
client.
The cisco vpn 3000 works correctly with cvpn3000 directory.
Are there any directory for openvpn?
or which return attrib name I can use?
This is a little off-topic for
3. Send all of the debug output from the radius server. The useful
information is missing from this section of the debug output:
Wed Mar 4 20:00:03 2009 : Debug: ++[unix] returns notfound
Wed Mar 4 20:00:03 2009 : Debug: modsingle[authorize]: calling sql
(rlm_sql) for request 1
Wed Mar 4
Johan F2 wrote:
We are using eap-tls for authetication assisted with a database for filling
in some attributes.
FreeRADIUS Version 2.1.3 with minimal configuration will do a sql lookup for
each round.
(Four selects: radcheck, radusergroup, radgroupcheck and radgroupreply).
There are 6-9 rounds
Thanks Phil,
I have tried that but regrettably it does not work.
According to my logs eap returns updated every round when doing authorize.
(During the authenticate stage eap returns handled except the last round
where it returns ok)
The comment preceeding eap in the default config says:
Thanks Phil,
I have tried that but regrettably it does not work.
According to my logs eap returns updated every round when doing authorize.
(During the authenticate stage eap returns handled except the last round
where it returns ok)
The comment preceeding eap in the default config says:
#
I have tested updated = return and it behaves as expected.
That is authorize always returns without reading the database so the
attributes are never set.
Remeber that eap returns updated every round including the last one where
the database should be consulted.
I need a test that returns true
I've read a few posts about increasing this value when There are no DB
handles to use occur. Not sure if it's a good idea.
Granted your DB is fast enough to query quickly.
Upping this value on a slow DB will severely degrade performance.
What's sort of values are you guys using for production
We set num_sql_socks to 25. We had them set to 10 but ran into issues when
massive numbers of subscribers were attempting to enter the network at once
- for example when we would power cycle a base station with 400 subscribers
on it for maintenance.
Ben Wiechman
From:
I have tested updated = return and it behaves as expected.
That is authorize always returns without reading the database so the
attributes are never set.
Remeber that eap returns updated every round including the last one where
the database should be consulted.
I need a test that returns true
Both authorize:sql and sql:authorize cause an error Failed to find module.
Plain
sql
or
sql authorize {
}
lead to the documented post-auth behaviour of sql (that is writing to log).
I have not found any documentation about forcing a module into running code
for
for another phase
Johan F2 wrote:
Both authorize:sql and sql:authorize cause an error Failed to find module.
Use sql.authorize
I have not found any documentation about forcing a module into running code
for
for another phase (authorize when doing post-auth).
It's not documented. It was a feature that
Hello,
we're about to migrate from Freeradius 0.9 to 2.1. During this we're
noticed, that the Atribute Exec-Progam-Wait and Exec-Program are
deprecated.
We used this feature to start a script (which generates special Cisco
AV-Pairs).
Our Freeradius backend is a mysql database.
Now my Problem is
Michael Schramm wrote:
we're about to migrate from Freeradius 0.9 to 2.1. During this we're
noticed, that the Atribute Exec-Progam-Wait and Exec-Program are
deprecated.
We used this feature to start a script (which generates special Cisco
AV-Pairs).
They still work in 2.x.
Now my Problem
It works!
Now there is only one database access per authetication.
The relevant part of the config is now:
authorize {
eap
}
authenticate {
eap
}
post-auth {
sql.authorize
Hi,
Granted your DB is fast enough to query quickly.
Upping this value on a slow DB will severely degrade performance.
What's sort of values are you guys using for production servers?
we found that any value over 20 caused issues with mysql... we moved
to postgresql anyway a year back.
I am running FreeRADIUS 2.1.3 on a machine that is also a NIS client.
Using radtest, I find that local user accounts are accepted, but NIS
accounts are rejected.
I have not changed anything from the default configuration other than
adding client info and setting DEFAULT Auth-Type = System in the
I am running FreeRADIUS 2.1.3 on a machine that is also a NIS client.
Using radtest, I find that local user accounts are accepted, but NIS
accounts are rejected.
Well, yes. How is freeradius suposed to talk to NIS? Perhaps PAM? Or is
there some ntlm_auth type script?
I have not changed anything
If it is not a secret, how many users do you have (active users in the
same time) and how many connections per minute can your system handle
without problems.
a.l.m.bu...@lboro.ac.uk wrote:
Hi,
Granted your DB is fast enough to query quickly.
Upping this value on a slow DB will severely
Hi,
If it is not a secret, how many users do you have (active users in the
same time) and how many connections per minute can your system handle
without problems.
around 15k concurrent users, hundreds of thousand per minute could be handled
(when we last did a load test)
alan
-
List
Hello all!
I've been trying unsuccessfully to get this setup to work, but unfortunately
haven't been able so far.
My need is to return the contents of three LDAP fields as replies on the
Access-Accept package.
The setup is for EAP/TTLS, mostly following eduRoam's setup guide (EduROAM
Hi All.
Is there any reason why Freeradius would exceed the limit set by the
num_sql_socks directive?
--
Regards
Stelio Gouveia
--
Skyrove Software Engineer,
Skyrove (Pty) Ltd
Technology Top 100 Award Winner (2006)
Mobile: +27 82 34 09 120
Tel: +27 861 ROVERS (0861 768 377)
Fax: +27 86 6204077
Hi ALL
i have attribute Session-Timeout with value 36 at radreply database
and want to modify the value when the radius return it when radius replies, i
enabled perl module
and enable it at post-auth
at the perl sub post-auth i added
.
print attr
$RAD_REPLY{'Session-Timeout'} = 5
Hello,
I am a new user of freeradius ( no experience with the 1.x version at all ).
I am in the process of setting up radius for accounting of voip records.
Due to the nature of my system blocking must be avoided at all costs.
With this in mind I have configure FR to write accounting records
any hint please ?!! , can i modify the value of reply attributes ?
Are you using server version that is years out of date? This works in
current version.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I've been trying unsuccessfully to get this setup to work, but unfortunately
haven't been able so far.
My need is to return the contents of three LDAP fields as replies on the
Access-Accept package.
The setup is for EAP/TTLS, mostly following eduRoam's setup guide (EduROAM
Cookbook -- DJ
Hi,
I need to upgrade our freeRADIUS 1.1.7 config to 2.1.3 on
an embedded Linux platform.
I can build everything just fine but all our authentication
attempts are rejected. I didn't do the 1.1.7 work so I am
sure I am missing something simple.
This is for a private wireless network using
[IOS Version 12.1(22)EA11] [freeradius-2.1.3]
--
Hello!
I'm trying to accounting all commands on cisco in enable mode and other
level, which user run:
aaa accounting delay-start
aaa accounting exec default start-stop group
Stelio Gouveia wrote:
Is there any reason why Freeradius would exceed the limit set by the
num_sql_socks directive?
If you have one SQL modules, no.
If you have two SQL modules, each will open up it's own sockets.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
TR Missner wrote:
I am a new user of freeradius ( no experience with the 1.x version at all ).
Don't use 1.x. Use the latest version.
I am in the process of setting up radius for accounting of voip records.
Due to the nature of my system blocking must be avoided at all costs.
With this in
Drew Johnson wrote:
I am running FreeRADIUS 2.1.3 on a machine that is also a NIS client.
Using radtest, I find that local user accounts are accepted, but NIS
accounts are rejected.
See the debug log for why.
...
++[unix] returns notfound
That's pretty definitive. The server asks for
36 matches
Mail list logo