radwho

2012-06-22 Thread Luo, Frank Y.F. Mr.
I have noticed that radwho command only return one entry at any time but obviously there are more than one people logged in $ sudo radwho Login Name What TTY When FromLocation d0c1b122dc d0c1b122dc75 shell S29 Fri 11:43 172.18.47.242 172.24.192.42 Any

Re: accounting in syslog

2012-06-04 Thread Luo, Frank Y.F. Mr.
oops, yes it is described in the config file - thanks anyway On Jun 4, 2012, at 10:10 AM, Jens Weibler wrote: > On 06/04/2012 04:02 PM, Luo, Frank Y.F. Mr. wrote: >> thanks. will do some research. But I guess I can not send this as syslog >> entry to a syslog server, right? &g

Re: accounting in syslog

2012-06-04 Thread Luo, Frank Y.F. Mr.
.47.242" Cisco-AVPair = "nas-update=true" On May 30, 2012, at 1:30 PM, Phil Mayers wrote: > On 30/05/12 18:00, Luo, Frank Y.F. Mr. wrote: >> Is there a way to send accounting log to syslog instead of detail >> file in radacct? > > See "linelog&quo

accounting in syslog

2012-05-30 Thread Luo, Frank Y.F. Mr.
Is there a way to send accounting log to syslog instead of detail file in radacct? Also instead of sending it to sql db, i tried to use sql-file but it results in a lot of sql command (we really don't want to run the sql command later). INSERT INTO radacct (AcctSessionId, UserName,NASIPAd

Re: Reject users based on LDAP attribute

2012-05-17 Thread Luo, Frank Y.F. Mr.
rom file /opt/freeradius/etc/raddb/sites-enabled/default +- entering group PAP {...} [pap] login attempt with password "x" [pap] Using NT encryption. [pap] expand: %{User-Password} -> x [pap] NT-Hash of xx) = x [pap] expand: %{mschap:NT-Hash %{User-P

Re: Reject users based on LDAP attribute

2012-05-17 Thread Luo, Frank Y.F. Mr.
i have a similar situation $ sudo grep Profile dictionary ATTRIBUTE Profile 3000 string $ sudo grep Profile ldap.attrmap replyItem Profile VPN $ more default . post-auth { if (Profile == g1) { update reply { class = "ou=g1;" } } But in the log # Executing section post-auth fro

return list

2012-05-14 Thread Luo, Frank Y.F. Mr.
I have a senario, no ldap schema extension is wanted ( no ldap group or profile is wanted); we do use ldap authentication though; and it works fine. after authentication, we need to check one ldap attribute like "vpn" and and return "class: ou={ldap vpn value}" back to the radius client (the ci

Re: max_request

2012-05-11 Thread Luo, Frank Y.F. Mr.
I want to find out more info about the current status of the server. If I read logs, what do I look for if it reaches "max_request" Thanks Frank On May 11, 2012, at 4:03 PM, Alan DeKok wrote: > Luo, Frank Y.F. Mr. wrote: >> I will read the logs - but what I

Re: max_request

2012-05-11 Thread Luo, Frank Y.F. Mr.
ank On May 11, 2012, at 2:39 PM, Alan DeKok wrote: > Luo, Frank Y.F. Mr. wrote: >> are you sure? >> >> Then how do i know I run out of request number and need to increase it? > > You read the logs. > > You CANNOT increase it while the server is running. >

Re: max_request

2012-05-11 Thread Luo, Frank Y.F. Mr.
are you sure? Then how do i know I run out of request number and need to increase it? Thanks Frank On May 11, 2012, at 2:25 PM, Alan DeKok wrote: > Luo, Frank Y.F. Mr. wrote: >> So there is this setting max_request that the server keeps track of. The >> question is how

max_request

2012-05-11 Thread Luo, Frank Y.F. Mr.
So there is this setting max_request that the server keeps track of. The question is how i can find the current active request that the server keeps track of. My experience is the sever silently drops the connection if max_request is reached. So I want to find out more info about the current