Hi,
If your sql server allows that you can run a stored procedure here and
just pass all the required parameters there.
kind regards
Pshem
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
{cut}
There are some notes in the copy-acct-to-home-server example that talk
about automatic throttling of the reads depending on the backend. This
is what led me to question latency.
It might be a latency issue.
Is there any way to speed up the reading and shipping of acct records
2009/1/14 Bil Dert gugue...@hotmail.com:
Hello list!
I want to know if is possible create or modified coding in freeradius, for
example, make a filter say if the user try connect with some program
installed in your laptop dont let connect to net, or if user dont have the
last xp pack
Hi All,
Please don't forget that radius is UDP, and telnet TCP - firewall
might be protocol specific and the fact that you can't telnet to port
1812 doesn't mean you can't use radius.
kind regards
Pshem
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
You can use huntgroups and sql groups that check those huntgroups:
DIALUP NAS-Identifier == akl-grafton-diallns3
DIALUP NAS-Identifier == akl-grafton-diallns4
and then in the db - create groups that match the huntgroups.
radbackend= select * from radgroupcheck;
id |
Hi,
Another radius server is running there already. find and kill.
kind regards
Pshem
2008/8/7 Martin Silvero [EMAIL PROTECTED]:
: ERROR: Failed to open socket: cannot bind socket: Address already in use
hello! when ejecute radiusd -X -x :
Wed Aug 6 16:53:31 2008 : Error: ERROR: Failed
Hi,
You have to tell freeradius that the auth succeeded - otherwise it
just keeps on processing the modules until it runs out of them - and
then it just complains. control:Auth-Type - might help.
kind regards
Pshem
2008/8/4 Oguzhan Kayhan [EMAIL PROTECTED]:
Oguzhan Kayhan wrote:
But i got
Hi,
You have to find attributes that differentiate one request from the
other. You can use them to set up for example huntgroups, or if the
number of users is low - just put that as a part of the 'check' line
in the users file.
kind regards
Pshem
2008/8/4 Prasit Gebsaap [EMAIL PROTECTED]:
Hi,
Well, you have to clarify what you want to do - if you want your
radius server (A) to respond if the home server (B) is down or not.
But both scenarios are possible and can be achieved with freeradius.
kind regards
Pshem
2008/8/4 Mailing List [EMAIL PROTECTED]:
Hi,
I have freeradius (A)
Hi
I'm not sure what you mean by 'execute' but you can configure a
virtual server that simply reads a detail file. Packets 'received'
this way are treated as any other packets received over the network.
If you make multiple copies of the packets (to multiple detail files)
you can process them
Hi,
I tried your suggestion but still didn't work. Any other suggestion?
Does anything get logged at all? Or are they only missing the
additional attribute?
kind regards
Pshem
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
We only missing Freeradius-Proxied-To attribute which is the most
important one.
Below is what we have for accounting setting:
Accounting {
detail
sql
}
You have to do the logging in the pre-proxy section of the proxy
server, otherwise the server doesn't know yet that
Hi
We're using freeradius 2.0.5 in our test environment and noticed that our
detail record doesn't have Freeradius-Proxied-To information like our
current production radius which is still running an old version of
freeradius. We currently setup the accounting record to be proxied to a
remote
Hi
We've encountered exactly the same behaviour. Basically - you're not
supposed to relay on this functionality as it is was an unsupported
feature. If you have to add some attributes to the reply from the home
server - use unlang in the post proxy section, like this:
post-proxy {
if
Hi,
We use freeradius 2.0.5, currently for testing. I've encountered a
weird problem with if expansion:
config:
server local_logger {
listen {
type = detail
filename = ${radacctdir}/detail_local
load_factor = 20
}
listen {
aaah,
Thank you :-)
regards
Pshem
2008/7/2 Arran Cudbard-Bell [EMAIL PROTECTED]:
Pshem Kowalczyk wrote:
Hi,
We use freeradius 2.0.5, currently for testing. I've encountered a
weird problem with if expansion:
config:
server local_logger {
listen {
type = detail
Hi,
What do you have in the users file, starting from line 28?
kind regards
Pshem
2008/6/12 Breuer Nicolas [EMAIL PROTECTED]:
Just a question,
Is it normal that warning on the launch of the radiusd
[users]:28 WARNING! Check item Pool-Suffix found in reply item list for
user DEFAULT.
Hi,
For some reason the module returns noop ;-( I tried the following:
I created new 'files' instance:
files post_proxy_files {
usersfile = ${confdir}/post-proxy-users
acctusersfile = ${confdir}/post-proxy-users
auth_usersfile =
Hi,
I upgraded our test server from 2.0.4 to 2.0.5 today and proxy setup
we use stopped working.
Currently (2.0.4) we have following entries in the users.conf:
DEFAULT User-Name =~ '@bitstream.dsl.$', Proxy-To-Realm := quik-dsl
Cisco-AVpair += ip:dns-servers=x.y.129.67 x.y.129.68,
Hi,
Attaching output from a debug run (with -X) might help.
kind regards
Pshem
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you :-) brackets did the trick :-)
kind regards
Pshem
2008/5/7 Stefan Winter [EMAIL PROTECTED]:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
| if (%{proxy-reply:Framed-IP-Address} =~
| /([0-9]+).([0-9]+).([0-9]+).([0-9]+)/){
| if (\
|
2008/4/12 Mikhail Novikov [EMAIL PROTECTED]:
Hello!
How can I delete a attribute in request via unlang code?
In case anyone needs to remove multiple attributes using unlang,
without knowing their values:
if ( cond ){
attr_filter.strip-data
}
and set up
Hi,
I have the following entry in the config (post-proxy section on our
proxy server)
if (%{proxy-reply:Framed-IP-Address} =~
/([0-9]+).([0-9]+).([0-9]+).([0-9]+)/){
if (\
( %{expr: %{1} * 16777216 + %{2} *
65536 + %{3} * 256
On 08/02/2008, Alan DeKok [EMAIL PROTECTED] wrote:
{cut}
Please check that you've actually updated the source. The debug log
you posted did NOT include the new debug messages I added as part of
this fix. This suggests that you are NOT using the fix in your tests.
You were right - it
{cut}
It looks like there is still issue with reading from the file. From
the debugging I did I think that the problem is with freeradius
noticing that it already got to the end of the .work file and should
close it.
What does that mean?
That freeradius renames the detail file to
Hi
{cut}
You will likely need to grab CVS head, as I've just committed a patch
to fix some issues with reading the detail file.
It looks like there is still issue with reading from the file. From
the debugging I did I think that the problem is with freeradius
noticing that it already got
On 18/01/2008, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk wrote:
Is it possible to discard the packet on the proxy if the home server
doesn't reply and let the device to fall back to a different proxy?
Currently we use radius 1.1.7, but looking into upgrading it to 2.0.0
Hi,
We have quite extensive proxy step up. With a few dozens of realms
and a small army of home servers. Some of those home servers belong
to our wholesale customers. Normally devices send packets to to the
geographically closest proxy servers, which in turn use the closest
(geographically
Thx for your input. I guess I'll have to experiment a bit :-)
kind regards
Pshem
On 14/01/2008, Arran Cudbard-Bell [EMAIL PROTECTED] wrote:
Alan DeKok wrote:
Pshem Kowalczyk wrote:
Is it possible to use unlang to verify whether framed-ip-address is in
the right range or not?
Yes
Hi,
Is it possible to use unlang to verify whether framed-ip-address is in
the right range or not?
We would like to use it on our wholesale proxies. Wholesale customers
of ours are allowed to allocate IPs to their customers, but only from
certain ranges. Will a normal comparison ( ) work with IP
Hi
{cut}
We use freeradius for other uses in our network and have never had problems
with it. In fact, we are using it (v. 0.9.3) with a Cisco 10008SSG to
authenticate PPPOE clients on an MMDS system, with no problems. Has anyone
ever run into this type of problem or roadblock before?
It looks like it might be device (or even worse os version) dependant.
We use it with ME60E.
In most of the caseses it looks like just a different naming
convention. I got ours from rewriting the merit radius one.
kind regards
Pshem
-
List info/subscribe/unsubscribe? See
Hi,
I've noticed that there is no dictionary for Huawei in the source. Can
you please add this one:
#
# dictionary.huawei
#
VENDOR Huawei2011
#
# Huawei Attributes
ATTRIBUTE Huawei-Input-ATTRIB_UNUSED 1 integer Huawei
ATTRIBUTE
It's actually quite simple:
select * from radcheck;
id | username | attribute | op | value
++---++
12 | 2392382942 | Auth-Type | := | Accept
regards
Pshem
On 16/08/07, Pshem Kowalczyk [EMAIL PROTECTED] wrote:
Hi,
I'm trying to build a radius system
Hi,
I'm trying to build a radius system that accepts users only based on
their username (which in our case is a mixture of calling and called
station id). What should i put in the radcheck (and possibly radreply)
to achive it? Basically if the username is in the table is should get
accepted.
Any
Hi,
I'm most likely missing the point, but how can I execute a query on
post-proxy or preacounting using that module?
kind regards
Pshem
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi
Have you looked at cvs HEAD? We are doing exactly what you mention with an
unmodified cvs HEAD...
I just had a look at the current rlm_sql:
RCSID($Id: rlm_sql.c,v 1.171 2007/07/27 09:55:13 nbk Exp $)
(...)
module_t rlm_sql = {
RLM_MODULE_INIT,
SQL,
Hi,
We use freeradius mainly to proxy requests for wholesale customers of
ours. For some of them we provide additional services such as session
tracking and ip allocation. Currently we do it with our modified
version of rlm_sql.
The modification is just an extension of the module (no changes to
Hi,
We suffer from exactly the same issue (fr1.1.6). The only workaround I
found is to use a script that checks if freeradius is aliave and if
not - starts it again. Obviously it still causes some disruptions but
it's better then freeradius dying completely.
kind regards
Pshem
On 01/08/07,
Hi
On 19/07/07, Cliff Cole [EMAIL PROTECTED] wrote:
Hello all.
Here is my issue. This is very weird and would only affect one NAS.
I'm not sure freeradius is capable of this. I want a username that
comes in to check for an @domainname. If the domainname is there I
want it to be stripped
Hi,
I'm building 'backend' radius servers, that only have to know about
one domain - the default one, despite the stuff the users put into
their login names.
I have the following config (proxy.conf):
proxy server {
default_fallback = no
}
realm LOCAL {
}
realm NULL {
authhost
Some more details:
authorize {
preprocess
if (%{User-Name} =~ /^(.*)@(.*)$/) {
update request {
Stripped-User-Name := xyz
Realm := abc
}
}
auth_log
chap
suffix
On 10/07/07, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk wrote:
Is that functionality available in the 2.0.0-pre1?
No.
You need the CVS head.
Ok. Then I'll have a look into this later, for now - I figured out
that the easiest way of fixing my problem is to do it like
Hi,
I have a question regarding the usage of various flavours of passwords
with PAP module.
When I run the server in debugging mode it complains:
!!!
!!!Replacing User-Password in config items with
Hi,
I'm trying to set up rlm_sql for users that belong to multiple groups.
(1.1.6, postgresql 8.1).
If user belongs to only one group - everything works fine - i.e. user
can auth, gets correct attributes back.
If I add the user to another group - it stops working all together -
ie the user gets
Hi,
You haven't pasted the whole log, but judging from the following lines:
Postgresql check_error: PGRES_FATAL_ERROR, returning
SQL_DOWN
I suspect that freeradius can't talk to the database. Have a look at
the beginning of the debug messages, you should be able to see the
lines referring to the
Hi
I have a setup like this for most of the users in the users file:
rokkyHuntgroup-Name == ADSL, Password == xyx
Framed-Protocol = PPP,
Framed-IP-Address = 203.173.162.107,
IHUG-Speed-Down = 5000,
Service-Type = Framed-User
Hi,
I would prefer to avoid user files all together. Currently we have
over 100k customers (heaps of them have 'user-specific' setup, not
just static ips). Customers change connection properties through a
web-based interface and we need to speed up the propagation of those
changes (currently we
Freeradius expects exactly one answer:
rlm_ldap: object not found or got ambiguous search
result
kind regards
Pshem
On 22/05/07, xuebin gong [EMAIL PROTECTED] wrote:
Hi, All,
I am user and want to integrate freeradius v1.1.6 and
openLADP v2.3.32 for authorization and
authentication. Our
On 20/02/07, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk wrote:
Is there a way of setting the number of requests on per-client basis,
so a single device can't use up whole pool?
Not right now, but it shouldn't be too hard to add.
Can I also ask for ability to set the max number
Hi,
We run a farm of radius proxies for many different customers
(wholesale of services), our devices send requests to the proxies,
which in turn send them to the proper backend systems. Number of
requests doesn't usually exceed 40-60 a sec, however if one of the
client devices gets restarted
On 12/21/06, 梁增辉 [EMAIL PROTECTED] wrote:
hi all
hi,
I've seen many of these messages in the radius.log
(I am using freeradius 1.1.1 mysql version :5.1.11)
There are no DB handles to use! skipped 0, tried to connect 0
There are no DB handles
Hi,
I would like to proxy on a realm/domain basis. Users log in with
standard [EMAIL PROTECTED] logins, so this should be relatively
straightforward, the problem is that most of the providers that we
serve uses a lot of domains (and we have a few providers as well).
Which makes the proxy.conf
Another update
I've measured the time required by a single function under light load
(5-7req/sec) - on average it takes ~ 0.01 to 0.015 to process
authorize, pre-acct and less then half of that for pre/post proxy.
Under heavier load the boxes still spiral out of control (but only
after some
On 10/29/06, Alan DeKok [EMAIL PROTECTED] wrote:
{cut}
The server spawns more threads when all of the current threads are
busy. It looks to me like your Perl scripts are taking WAY too long
to process a request. i.e. If they take 1/10 of a second, then your
server can handle 10 requests/s.
On 10/29/06, Alan DeKok [EMAIL PROTECTED] wrote:
{cut}
The server spawns more threads when all of the current threads are
busy. It looks to me like your Perl scripts are taking WAY too long
to process a request. i.e. If they take 1/10 of a second, then your
server can handle 10 requests/s.
Hi group,
I'm trying to figure out optimal configuration for our radius-proxy
farm. atm the farm is handling about 10-15 req/sec per device with the
following config (two servers, load-balanced using an slb)
thread pool {
start_servers = 20
max_servers = 120
Hi,
We've built a radius-proxy using freeradius and rlm_perl (with
ithreads). Currently we have the following settings:
thread pool {
start_servers = 20
max_servers = 100
min_spare_servers = 20
max_spare_servers = 50
max_requests_per_server = 500
}
Hi,
I have a simple question - is it possible to check the status of
request (Accept/Reject) in a post-proxy phase using rlm_perl? And if
so - how?
kind regards
pshemko
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
We are building a proxy system using rlm_perl. Proxy is reposible for
IP allocation, attributes rewriting and keeping the session database.
The system works fine if all the NASes (and other proxies) behave
properly (ie they send all the packets they supposed to send etc).
Obviously real
On 9/29/06, Alan DeKok [EMAIL PROTECTED] wrote:
{cut}
Ideally we would like to see an ability to run some functions on
defined time intervals (not only when a packet comes) so the
housekeeping is done then.
If the data is in an external DB, you can use a cron job to do
that.
Hmm,
On 8/29/06, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk [EMAIL PROTECTED] wrote:
So I've compiled the source and gave it a try, but it behaved exactly
as the stable version - didn't replace nor removed any attributes. Is
this supposed to work?
I tested the pre and post proxy methods
On 8/30/06, Alan DeKok [EMAIL PROTECTED] wrote:
Pshem Kowalczyk [EMAIL PROTECTED] wrote:
$RAD_REQUEST{'User-Name'} = 'testuser';
You're re-writing the request packet (i.e. the one from the NAS),
not the packet that's about to be sent to the home server.
Try
Hi
I've noticed this comment in the cvs log (for rlm_perl.c):
Over-write existing vp's with new ones.
This means that the Perl module works more like the other modules,
which have absolute power over the VP's, and less like the users
file, which updates the VP's via
Hi,
I'm trying to implement proxy using rlm_perl, I've applied the patch
that should allow me to modify the attributes, but it doesn't seem to
work. (freeradius 1.1.2)
Perl code:
# Function to handle pre_proxy
sub pre_proxy {
radiusd::radlog(1, entering pre-proxy);
my %hash =
On 8/23/06, Alan DeKok [EMAIL PROTECTED] wrote:
I see the patch you're referring to, but after rethinking my question, I
think what I'm really trying to do is rewrite $RAD_REQUEST, not
$RAD_REPLY, and it does not appear that I can alter $RAD_REQUEST in any
way - either change or add.
On 8/23/06, Stephen Gran [EMAIL PROTECTED] wrote:
On Tue, Aug 22, 2006 at 08:14:30PM -0500, Michael Check said:
Hi all,
If you try and compile _without_ --disable_shared, the we get through
make with this at the end:
{cut}
Module: Library search path is /usr/local/lib
Hi,
I'm using freeradius 1.1.0 (this version comes with ubuntu). I'm
trying to build a radius proxy using freeradius and rlm_perl, but I
struck a problem.
The proxy will be responsible for rewriting the auth packets: adding
IPs, rewriting certain attributes and changing values of some others.
68 matches
Mail list logo