> Sent: Sunday, October 09, 2011 7:35 PM
> To: FreeRadius users mailing list
> Subject: Re: Dynamic Attributes Based on NAS Type !
>
> Stefan A. wrote:
> > I never talked about sending policies to the NAS.
>
> That *was* the subject of conversation. If you're not
>
> Alan wrote:
> > What would you recommend to do, if your client is a proxy server?
> NAS-ID?
>
> No. Don't send policies back.
>
> You don't control the NAS. So you have no business sending it
> NAS-specific policies.
>
I never talked about sending policies to the NAS.
The question wa
Alan wrote:
> if ("%{client:nas_type}" == "foo") {
> // map policies for client foo
>
> }
What would you recommend to do, if your client is a proxy server? NAS-ID?
>
> An even simpler solution is to just return all of the VSAs to each
> NAS. As was said earlier
Norbert,
sorry, but you are taking a sledgehammer to crack the nut.
If you read it one of the ideas of having different virtual servers is
separation of policies for different NASses you are right.
Suman was asking on how to send several NASses into the same policy.
Regards
Stefan
Suman,
As you did not say anything about the exact attributes, you will send to the
NAC, here is how we do this:
we are also using different NAS and have to reply with different VSAs for
setting up the QOS.
We use the "existence of a specific VSAs" (specified per NAS type) in the
request
Hi,
is there an option to turn just SQL Errors and warnings on, to be written to
disk?
We are running 300 to 1000 Auth Requests per second (plus about 2-3000 Acct)
In some rare cases, FR seems to ignore the reply attributes, which are
comming from the DB. In that cases, we give the user a clean r
Hi,
if I'm using an expression like
if (control:VSA1=~/something/ || control:VSA2 =~/something_else/)
{...}
I do get the information"(Attribute control:VSA1 was not found)" in case
the VSA is not in the control context.
As the condition is '||', I would expect, that FR tries the next
Good morning,
for logging and monitoring purposes, I need to add the time spend for a
particular Flow to a Logfile.
Best would be to have something like '%l', but in a resolution of
milliseconds.
If I would have the runtime variable of (e.g.) %t for
"timestamp.milliseconds" I could try something
lists.freeradius.org] On Behalf Of
> Alan DeKok
> Sent: Wednesday, December 01, 2010 2:18 PM
> To: FreeRadius users mailing list
> Subject: Re: dynamically selecting, which attribute to evaluate
>
> Stefan A. wrote:
> > and then to evaluate TicetType specific Attribut
Hello,
I'm trying to dynamically select Attributes to check their values.
I have an application, which puts attribute (representing Prepaid Tickets)
into the Accept table.
All possible TicketTypes are defined in the dictionary.
Example: Ticket245-trigger-reactivation = 200
Depending on diffe
I'm using copy-acct-to-home-server .
Freeradius sends any acct request using the source port of 1814
My client sent me a trace, where wireshark is claiming duplicate requests.
We have to handle 1000+ Requests per second.
Is it possible to change the source port settings to get a new source port
f
Thank you, Alan,
that's what I've been looking for.
Regards
Stefan
> read raddb/templates.conf
>
> Alan DeKok.
> -
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have a detail configuration file, which has several sections for different
files, to be handled by different listener
As the NASses are GGSNs, which are sending more than 40 attributes, I will
save space on HD and will remove unneeded attributes using suppress.
Do I have to put every attribute i
Stephen,
I had have the same problem a few years ago.
In our case, the Firewall was broken and dropped Auth Accept packets on
their way to 2 of the 10 NASs.
We got flooded with requests from this NAS at a rate of about 600/s
At these days, the RADIUS Server was capable of handling only 200/s and
Stephen,
what's about using instances in the sql.conf like
sql sql_virtual_1{
database = "mysql"
driver = "rlm_sql_${database}"
server = "dbcnode2"
port="3306"
login = "user"
password = "pw"
radius_db = "dbname"
...all the other stuf
ts.freeradius.org [mailto:freeradius-
> users-bounces+a.freeradius=premit...@lists.freeradius.org] On Behalf Of
> Alan DeKok
> Sent: Tuesday, June 15, 2010 10:36 AM
> To: FreeRadius users mailing list
> Subject: Re: Proxy to two RADIUS Servers
>
> Stefan A. wrote:
> > I have to provision the
> Is it possible to configure freeradius for accounting only without
> authorization/authentication?
As FR handles Auth and Accounting independently, just do it.
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sent: Monday, June 14, 2010 7:57 PM
> To: FreeRadius users mailing list
> Subject: Re: Proxy to two RADIUS Servers
>
> Use copy-acct-to-home-server, it's what it's there for. Delay is
> usually sub second, but it depends on the throttling values you set in
> the detail re
I checked, whether I am able to manually proxy from sites-available/default,
using unlang.
It works fine, using the following commands.
if (request:Acct-Status-Type == "Start" || request:Acct-Status-Type
== "Stop") {
if (request:Called-Station-Id == "apn.isp.de") {
Thank you Alan,
> > The intended Flow:
> >
> > Packet comes in ...
> > - for Access type, check if user might be authenticated
> > - if OK, try to decide to send an Accounting packet to a Server on
> some
> > attributes (in my case, VSA from downstream RADIUS Proxy Server)
>
> Do you mean *cr
Hi,
I want to send RADIUS Accounting Messages to another RADIUS Server,
depending on some contents of a Packet.
'a Packet' in this context might be an Access or an Accounting Packet.
The intended Flow:
Packet comes in ...
- for Access type, check if user might be authenticated
- if OK, try to
I have some use cases, where I have to send an Accounting packet to an
RADIUS Accounting Server to provision the user on this server. The trigger
for that accounting packet must not be necessarily an accounting packet,
coming from a NAS. It might also be a RADIUS Access Request.
I will build th
Even If I assign values to THEattributes in hints file, some later
evaluations in the default file are pretending:
"Request:THEattributes not found"
I think, I've misconfigured something and the radiusd simply jumps out of
hints...
How may I debug the processing of the hints file?
Starting "r
Is there a function available to report the number of packets the RADIUS
Server handles at a given time?
Like counting Access Requests over a period of some seconds, dropping a line
into a file, rest the number and count again?
Currently we are doing "snoop -o /dev/null udp port 1812" to get an vi
Hi there,
Is there a way to get Information out of the
3GPP-GPRS-Negotiated-QoS-profile?
The Attribute is defined in the dictionary as:
ATTRIBUTE 3GPP-GPRS-Negotiated-QoS-profile5 string
The Value of a String might be: 99-0B811F739687877401
To get the encapsulated "Traff
Hi all,
I have been asking this in October 2008, while using 2.0.4
> >
> > > FR is eating Memory and I do not know how to troubleshoot this.
> > > It takes about 1 MB/ Minute which was about 3.5 GB over
> > some Days, before we
> > > rcognized this.
> >
> > Alan: There were issues with older ver
> freeradius.org] On Behalf Of Alan DeKok
> Sent: Wednesday, September 24, 2008 11:47 AM
> To: FreeRadius users mailing list
> Subject: Re: 1.Troubleshooting MySQL Connections , 2.
> troubleshooting possiblememory leak
>
>
> Stefan A. wrote:
> > in my radiusd.log, I
Gurus,
in my radiusd.log, I can see lots of these errors:
Wed Sep 24 09:40:54 2008 : Info: rlm_sql (sql_accounting): There are no DB
handles to use! skipped 0, tried to connect 0
Wed Sep 24 09:40:55 2008 : Info: rlm_sql (sql_accounting): There are no DB
handles to use! skipped 0, tried to connect
From:
> [EMAIL PROTECTED]
> us.org
> [mailto:[EMAIL PROTECTED]
> freeradius.org] On Behalf Of Alan DeKok
> Sent: Monday, August 11, 2008 7:52 AM
> To: FreeRadius users mailing list
> Subject: Re: Redundant waits for minutes to failover
>
>
> Stefan A. wrote:
>
All,
I'm using 'redundant' to failover from SQL to Filebased Authentication
At the time, my MySQL Server is gone, FR is waiting for minutes to go on to
the next step...
++- entering policy redundant
expand: %{User-Name} -> fred
rlm_sql (sql_access-1): sql_set_user escaped user --> fred
r
Thank you, Phil,
>
> >But the class will be expanded to something like %{Class} ->
> >0x4631323334, which does not match ^DDF.*
>
> The Class attribute is defined in the RFCs and the dictionary
> files as
> type "octets", which are coerced to their 0xaabbcc
> representation before
>
Gurus,
I will use the class attribute to pass information from Authentication to
Accounting Processes.
I'm doing this in my users file:
DEFAULT Auth-Type := Accept
Class = "DDF%{ContractInfo}"
Where ContractInfo is a number like '123456'
In the hints file on the accounting se
Gurus,
Would it be possible to BCD decode a VSA value coming from the NAS?
I'm working in 3GPP environment.
Some of my older GGSNs are sending the 3GPP-IMEISV as it will be delivered
to them by the SGSN, which is BCD encoded. They just put the information
into the 3GPP VSA. Times ago, it was not c
Gurus,
For my Application, I have to build a central error file, which will be
parsed by the HP Openview agents for monitoring.
I'd like to write major errors raised by FR also into this file. It would be
enough to have the DB errors in there.
How can I configure FR, that these Messages are appen
Gurus,
normally, I would do a short check, but currently I've no connection to one
of my running FR, but have to plan some extensions.
Has someone of you done something like the following?
Regarding 'hints' - file: Would it be possible to use
- $INCLUDE /path/file?
- Fall-Trough?
- temp A/V pai
ve trouble
Any further ideas?
Thank you.
Stefan
> -Original Message-
> From:
> [EMAIL PROTECTED]
> us.org
> [mailto:[EMAIL PROTECTED]
> freeradius.org] On Behalf Of Alan DeKok
> Sent: Sunday, June 08, 2008 6:24 PM
> To: FreeRadius users mailing list
> Subject:
Happy Sunday!
Trying to install FR 2.0.4 on my Solaris 10, I'm getting a lot of WARNINGS
during ./configure and "make" does nut run til the expected end.
I pasted the ./configure warnings at the end.
To me, it looks about a general error in my Solaris configuration, because
libgdbm, OpenSSL, snmpg
I've to set up my FR to let a User telnet into my Cisco Router.
Whithout further contact to my client until Friday, I will test my
environment in advance.
Accepting a session using this attributes will work fine. I'll get an IP and
can connect to the router using telnet.
Session-Timeout : 14400
Id
Hi
Our current RADIUS Server is unable to configure some VSAs dynamically for
me. It will be substituted by FR in the near future, but in the meantime, I
have to support the VSAs for my new NAS.
I'd like to use FreeRADIUS as a Proxy Server to add/delete Attributes and/or
modify their values.
Wha
Title: Nachricht
All,
is
Mobile IP a Subject for Freeradius?
Has
anybody a running Mobile IP environment to talk about the configuration of the
RADIUS server and possibly about other topics of Mobile IP?
Thanks.
Stefan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/
= Reject
Reply-Message = "Sorry, no access."
Unfortunately it did not :-(
Rg. Stefan
> -Original Message-
> From: Stefan A. [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, October 25, 2005 10:59 AM
> To: 'FreeRadius users mailing list'
> Subje
Gurus,
I want to give the user a second chance to type his password correctly by
using a radius challenge.
I'm not sure how to do this and did not find anything about this in the
documentation nor in my stored email of this list.
What should happen:
The user tries to authenticate using his User
Gurus,
I want to give the user a second chance to type his password correctly by
using a radius challenge.
I'm not sure how to do this and did not find anything about this in the
documentation nor in my stored email of this list.
What should happen:
The user tries to authenticate using his User
ow to configure freeradius to answer on two IP addresses
>
>
> Stefan A. wrote:
>
> > How may I advice freeradius, to bind to two IP addresses?
> > I tried the Listen option and the bind_address by
> separating my ip addresses
> > with an whitespace, a col
All,
How may I advice freeradius, to bind to two IP addresses?
I tried the Listen option and the bind_address by separating my ip addresses
with an whitespace, a colon or a semicolon...
Just guessing around, but did not find any documentation about this issue.
I can not bind to '*' becaus on an s
Hi,
I have to configure an async callback solution using Cisco IOS and
Freeradius.
Up to now, the user can dial in and will be authenticated against my
freeradius server. Anything works fine.
After setting up the callback things on the router and on the radius server,
the user will still be grant
46 matches
Mail list logo
