> haries fajar nugroho wrote:
>>> Well... the shared secret is wrong. There really isn't much else to
>>> say.
>>
>> But what i am wondering is, why the authentication sections run
>> normally.
>> My user can be authenticated, but the accounting cannot be logged.
>
> Accounting uses a *different
haries fajar nugroho wrote:
>> Well... the shared secret is wrong. There really isn't much else to say.
>
> But what i am wondering is, why the authentication sections run normally.
> My user can be authenticated, but the accounting cannot be logged.
Accounting uses a *different* shared secret
Thanks for replying..
haries fajar nugroho wrote:
>> I wanna migrate my radius server from icradius to freeradius 2.1.5.'
> 2.1.6.
[r...@rina2 haries]# /usr/local/freeradius/sbin/radiusd -v
radiusd: FreeRADIUS Version 2.1.5, for host i686-pc-linux-gnu, built
on Apr 15 2009 at 13:33:02
Copyright
haries fajar nugroho wrote:
> I wanna migrate my radius server from icradius to freeradius 2.1.5.'
2.1.6.
> In my freeradius debugging mode, the error message was :
> rad_recv: Accounting-Request packet from host x.x.x.x (* encrypted ip)
> port 1646, id=63, length=405
> Received Accounting-Requ
Hi All,
I wanna migrate my radius server from icradius to freeradius 2.1.5. i
have two ras modem for my nas (patton and usr-hiper).
When I do some migration simulation, client that connect from patton
goes normally (authentication,accounting,authorization).
But when they use usr-hiper (system vers
Peder Bach wrote:
> Freeradius on wintendo, seems to have problem with accounting.
> It send the accounting data as hex values.
No. It's *printing* them as hex, because it doesn't know what they are.
> Bay-Networks-Attr-196 = 0x73686f77206c6f672066696c65207461696c
> Bay-Networks-Attr-196 = 0x6
Hi.
Freeradius on wintendo, seems to have problem with accounting.
It send the accounting data as hex values.
Bay-Networks-Attr-196 = 0x73686f77206c6f672066696c65207461696c
Bay-Networks-Attr-196 = 0x65786974
The strange is that this works on Linux and Sun.
And the dictionary.bay doesn't contain
You are right on with the NFS locking issue.
I believe that is exactly the problem, my only concern now is why it happens
with CentOS 4.x and not with Fedora Core 3.
More info in the morning as I'm currently having a beer (or 4) and watching
the Hockey playoffs.
Thanks for the help.
Regards,
Rick Macdougall wrote:
> Well, I went through everything in the accounting { } and the problems
> turns out to be radutmp
>
> Any reason this might be a problem. The file gets created but never
> written to. If I comment it out of the accounting { }, then everything,
> including mysql records be
On Thu 19 Apr 2007, Rick Macdougall wrote:
> Well, I went through everything in the accounting { } and the problems
> turns out to be radutmp
>
> Any reason this might be a problem. The file gets created but never
> written to. If I comment it out of the accounting { }, then everything,
> includi
Well, I went through everything in the accounting { } and the problems turns
out to be radutmp
Any reason this might be a problem. The file gets created but never written
to. If I comment it out of the accounting { }, then everything, including
mysql records being written, works just fine.
Reg
Ok,
I've taken out the SQL accounting completely, left in the SQL authentication
and the problem still persists. On accounting packets with threads
disabled, the accounting process stops completely after one packet, on
accounting packets with threads enabled, the accounts process reports the
ma
On 4/19/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
Rick Macdougall wrote:
> Recompiled with --without-threads and it locks up hard on the first
> accounting request. And when I say locks up hard, I mean not even a kill
> -9 will stop it, I have to reboot the server.
Are you sure your OS isn't
Rick Macdougall wrote:
> Recompiled with --without-threads and it locks up hard on the first
> accounting request. And when I say locks up hard, I mean not even a kill
> -9 will stop it, I have to reboot the server.
Are you sure your OS isn't buggy? It's a bad problem if "kill -9"
doesn't work.
Rick Macdougall wrote:
> It is updating/inserting records into the mysql radacct database but it
> seems that an ACK is not sent back to the remote server and the thread
> is not released. A minute later the remote server tries again, etc etc
> until the threds max out at 32.
That says that the
Recompiled with --without-threads and it locks up hard on the first
accounting request. And when I say locks up hard, I mean not even a kill -9
will stop it, I have to reboot the server.
Output from radiusd -
Wed Apr 18 15:43:13 2007 : Debug: radius_xlat: 'INSERT into radacct
(RadAcctId,
A
Yep. Your backend is too slow to keep up. Accounting is inserts and
updates... Auth is selects.. BIG difference in speed...
Not a speed issue, the mysql records are inserted within milliseconds of the
detail file being written. Running radiusd -x shows the sql accounting
happening almost i
Follow up.
It is updating/inserting records into the mysql radacct database but it
seems that an ACK is not sent back to the remote server and the thread is
not released. A minute later the remote server tries again, etc etc until
the threds max out at 32.
Regards,
Rick
-
List info/subscribe/
On Wed 18 Apr 2007, Rick Macdougall wrote:
> On 4/17/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > Rick Macdougall wrote:
> > > Hi,
> > >
> > > We seem to be having the "The maximum number of threads (32) are
> > > active" with Freeradius 1.0.3. Version 1.0.1 works just fine.
> >
> > Upgrade to
On 4/17/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
Rick Macdougall wrote:
> Hi,
>
> We seem to be having the "The maximum number of threads (32) are active"
> with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole host of fixes.
Hi,
Upgraded to 1.1.6 and
On Tue 17 Apr 2007, Rick Macdougall wrote:
> On 4/17/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
> > Rick Macdougall wrote:
> > > Hi,
> > >
> > > We seem to be having the "The maximum number of threads (32) are
> > > active" with Freeradius 1.0.3. Version 1.0.1 works just fine.
> >
> > Upgrade to
On 4/17/07, Alan DeKok <[EMAIL PROTECTED]> wrote:
Rick Macdougall wrote:
> Hi,
>
> We seem to be having the "The maximum number of threads (32) are active"
> with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole host of fixes.
Yah, I've already downloaded
Hi,
We seem to be having the "The maximum number of threads (32) are active"
with Freeradius 1.0.3. Version 1.0.1 works just fine.
I tried to do a valgrind with - but when radiusd displays that message,
you can no longer kill it.
I have the debug output from the - and it shows the acco
Rick Macdougall wrote:
> Hi,
>
> We seem to be having the "The maximum number of threads (32) are active"
> with Freeradius 1.0.3. Version 1.0.1 works just fine.
Upgrade to 1.1.6. It has a whole host of fixes.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
h
Hello, Alan!
You wrote on Mon, 26 Mar 2007 10:50:17 +0100:
AD> I' ve committed a fix to "-r branch_1_1". Please test it, to see
AD> if
AD> it works.
Yes, freeradius works without crashes when DB suddenly comes down and then
up.
With best regards, Alexander V. Klepikov. E-mail: [EMAIL PROTE
Hello, Eshun!
You wrote on Mon, 26 Mar 2007 14:50:52 + (GMT):
EB> $ cvs -d :pserver:[EMAIL PROTECTED]:/source login CVS
EB> password: anoncvs $ cvs -d
EB> :pserver:[EMAIL PROTECTED]:/source checkout -r branch_1_1
Yes, I already did it, thank you!
With best regards, Alexander V. Klepikov.
ROTECTED]>
À : FreeRadius users mailing list
Envoyé le : Lundi, 26 Mars 2007, 14h40mn 11s
Objet : Re: Redundant SQL servers accounting problem, FreeRadius 1.1.4
Hello, Alan!
You wrote on Mon, 26 Mar 2007 10:50:17 +0100:
AD> I' ve committed a fix to "-r branch_1_1". Please
Alexander V. Klepikov wrote:
> To get it I typed
>
> cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -r branch_1_1
> radiusd
>
> Am I right?
Yes.
> I got troubles with running it:
...
> Program received signal SIGSEGV, Segmentation fault.
> 0x28349e28 in rad_mangle () from /usr/local/lib
Hello, Alan!
You wrote on Mon, 26 Mar 2007 10:50:17 +0100:
AD> I' ve committed a fix to "-r branch_1_1". Please test it, to see
AD> if
AD> it works.
To get it I typed
cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -r branch_1_1
radiusd
Am I right?
I got troubles with running it:
Alexander V. Klepikov wrote:
> I make some additional tests. When DB connection suddenly breakes,
> sqlsocket->state == sockconnected.
I' ve committed a fix to "-r branch_1_1". Please test it, to see if
it works.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
Alexander V. Klepikov wrote:
> It seemes to me, it's almost impossible to write code which will allow
> sqlsocket->conn to provide accurate information about connection state. But
> again, I'm not a programmer.
If that's true, then we still need to audit all of the sql code. Some
code does "
Hello, Alan!
You wrote on Wed, 21 Mar 2007 12:57:46 +0100:
After Nicolas Baradakis's patch some things changed. Now I know that if
connection to PostgreSQL DB became broken, libpq does not free
pg_sock->conn, so PQfinish(pg_sock->conn) MUST be called.
AD> If pg_sock->conn is freed, that poin
Hello, Nicolas!
You wrote on Wed, 21 Mar 2007 12:37:03 +0100:
NB> It seems to me this is the real cause of the problem: pg_sock->conn
NB> becomes
NB> an invalid pointer. The libpq manpage says the PGconn pointer should
NB> not be
NB> used after PQfinish has been called.
NB> Please try the follow
Nicolas Baradakis wrote:
> It seems to me this is the real cause of the problem: pg_sock->conn becomes
> an invalid pointer. The libpq manpage says the PGconn pointer should not be
> used after PQfinish has been called.
>
> Please try the following patch:
I think it should be applied, independe
Alexander V. Klepikov wrote:
>... If connection to DB fails, PQfinish(pg_sock->conn) is called, which frees
> pg_sock->conn - need to do this is described in libpq docs. So even in case
> of unsuccessefull connection we have good "database handle" sqlsocket->conn,
> which should not be NULL.
Alexander V. Klepikov wrote:
> I did not find any information about what is going on when database or SQL
> server suddenly comes down, but it looks like pg_sock->conn is freed when
> connection to DB became broken. And pg_sock->conn != NULL . That's why libpq
> crashes when PQfinish(pg_sock->c
Hello, Alan!
You wrote on Tue, 20 Mar 2007 12:47:01 +0100:
AD> Alexander V. Klepikov wrote:
>> I applied the patch and it does not work. It seemes to me, it's
>> becuase
>> SQL socket may be unconnected and sqlsocket->conn != NULL,
AD> That sounds like a bug to me.
It seemes to me I begin t
Alexander V. Klepikov wrote:
>
> I applied the patch and it does not work. It seemes to me, it's becuase
> SQL socket may be unconnected and sqlsocket->conn != NULL,
That sounds like a bug to me.
> so I think
> it's better to check sqlsocket->state . Corrected patch is attached.
OK.
Alan
Hello, Alan!
You wrote on Mon, 19 Mar 2007 17:54:52 +0100:
AD> Hmm... it looks like similar patches were added in revision 1.72
AD> of
AD> that file. I've double-checked the code, and found one more
AD> location.
AD> Please try the attached patch.
I applied the patch and it does not work.
Alexander V. Klepikov wrote:
>
> Well, I think I found why FreeRadius crashes. Unconnected SQL socket is
> passed to sql_close function in module rlm_sql in function rlm_sql_query
> (src/modules/rlm_sql/sql.c line 499). Here is the patch:
Hmm... it looks like similar patches were added in revi
Hello, Alexander!
You wrote to All on Fri, 16 Mar 2007 17:23:19 +0200:
AVK> It looks like accounting module cannot properly make a connection
AVK> to SQL
AVK> server, but authorize module can. I found that with num_sql_socks
AVK> <= 2
AVK> FreeRadius works perfect, I made several tests stopping an
Alexander V. Klepikov wrote:
...
> rlm_sql_postgresql: PostgreSQL Query failed Error: no connection to the
> server
> radiusd in free(): error: chunk is already free
Please run the server under valgrind. I don't use postgresql, so I
can't tell what's going wrong.
Alan DeKok.
--
http://dep
Hello!
I set up redundant SQL PostgeSQL servers configuration:
modules{
...
sql sql2 {
server = "gw-core.up.ua"
num_sql_socks = 3
...
}
sql sql1 {
server = "sql.up.ua"
num_sql_socks = 3
...
}
}
authorize {
...
redundant {
sql2
s
on 12/06/2006 18.21 Alan DeKok said the following:
doc/Simultaneous-Use
ok now I read the document
It is possible to do accounting without the sql database?
Yes.
how do I have to configure the radiusd.conf to do accounting without sql db?
thanks a lot
Bye Antonio
-
List info/
Antonio Matera <[EMAIL PROTECTED]> wrote:
> Hi, I tried to configure my freeradius with EAP-PEAP auth with
> accounting. My aim is to have unique account, in other words only one
> user can access with the same user and password.
doc/Simultaneous-Use
> In this way I suppose that I have enable
Hi, I tried to configure my freeradius with EAP-PEAP auth with
accounting. My aim is to have unique account, in other words only one
user can access with the same user and password.
I read that there are two method for accounting the first is using the
radutmp file and the second is using the
Hello!
I have CISCO 5200 with the following config:
aaa accounting delay-start
aaa accounting update periodic 5
aaa accounting network default start-stop radius
Also, I have freeradius server connected with SQL database.
Alive-packets (from cisco) don't include information about sent/received
silvia troselj <[EMAIL PROTECTED]> wrote:
> How can I find out how many octets are transfered
> between 2005-04-06 14:38:39 and 2005-04-06 23:59:59
> and 2005-04-07 00:00:00 and 2005-04-07 10:01:19?
The NAS should send this information. If it doesn't, you can't get
it.
Alan DeKok.
-
List
yy <[EMAIL PROTECTED]> wrote:
> I'm new to freeradius and SER, hence I'm having some problem in
> accounting calls from my sip phone. My configuration file (ser.cfg) for
> my SER is as follows,
Please ask SER questions on the SER list. This is the FreeRADIUS list.
> The accounting log detail
Hi,
I'm new to freeradius and SER, hence I'm having some problem in
accounting calls from my sip phone. My configuration file (ser.cfg) for
my SER is as follows, and currently the radius accounting module is used
to keep track of start and stop times for VoIP calls made.
The accounting log deta
Hello all,
I use freeradius with mysql to authenticate VPN users
and also I use mysql accounting.
Now I want to make some reports like daily/monthly
traffic usage. Problem for me are connections that
started in one day and end in second day...
for example:
AcctStartTime 2005-04-06 14:38:39
AcctSt
hi all,
I want to get user online time from detail files and calc money spend by
user.
So My questiong:
Must I read acct detail file written by radius server?
or There are some existing methods?
Thank you.
Regards
Yyc
---
On Fri, 2004-09-24 at 11:10 -0400, Alan DeKok wrote:
> Stephan Jaeger <[EMAIL PROTECTED]> wrote:
> > But it's not possible to get only one detail file with the local
> > tickets?
>
> Yes. You can set Acct-Type for the non-proxied requests, and have a
> sub-section of accounting{}, with that Acc
Stephan Jaeger <[EMAIL PROTECTED]> wrote:
> But it's not possible to get only one detail file with the local
> tickets?
Yes. You can set Acct-Type for the non-proxied requests, and have a
sub-section of accounting{}, with that Acct-Type, and put "detail"
inside of it.
Alan DeKok.
-
List in
Hi,
thanks, for your fast answer.
On Fri, 2004-09-24 at 10:29 -0400, Alan DeKok wrote:
> Stephan Jaeger <[EMAIL PROTECTED]> wrote:
> > i'm having a proxy problem with newer freeradius versions. While 0.9.2
> > as a proxy send an accounting response for a request which wasn't to be
> > proxied a
Stephan Jaeger <[EMAIL PROTECTED]> wrote:
> i'm having a proxy problem with newer freeradius versions. While 0.9.2
> as a proxy send an accounting response for a request which wasn't to be
> proxied and with an empty accounting section (in radiusd.conf), newer
> versions at least everything >= s
Hi,
i'm having a proxy problem with newer freeradius versions. While 0.9.2
as a proxy send an accounting response for a request which wasn't to be
proxied and with an empty accounting section (in radiusd.conf), newer
versions at least everything >= snapshot 2004/21/06 and <= 1.0.1 just
ignore t
Hello Mario.
Dne sobota 07 avgust 2004 11:09 je Mario Duve napisal(a):
> I have here a Wireless Cisco Aironet 1200 Access Point.
You _really_ should also append output of these commands to you message:
sh ver
sh run | inc aaa
> The Problem is, the AP send only the AcctSessionTime in
> Accountin
Hello,
Sorry for this OT.
I have here a Wireless Cisco Aironet 1200 Access Point.
The Problem is, the AP send only the AcctSessionTime in
Accounting Update/Stop Request. But the AP send no
AcctInputOctets or AcctOutputOctets Accounting Information.
Acct-Session-Id = "0023"
C
Christophe Saillard <[EMAIL PROTECTED]> wrote:
> I use this configuration to rewrite the "tunneled" identity in
> accounting otherwise I get "anonymous"
> for all usernames, it works without WDS
If it works for your other NASes, but not that one, then the problem
is in the NAS. FreeRADIUS i
Hello,
When WDS is activated, all EAP requests coming from APs are proxied by
the WDS "master", there's no authentication
problem (it works fine with TTLS/PAP and PEAP/MS-CHAPv2) but the
username in the accounting detail files is replaced
by the MAC address of the supplicant (the same as calling-
> Has anyone else come across this (or a similar issue)? Should "radiusd
> -X" show the INSERT statement in the debug output?
>
Yes.
Do radiusd -X | grep INSERT
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have installed FreeRadius 0.9.3 on Debian 3, using MySQL for
authentication and accounting, but the radacct table is not being
populated. I had been using FreeRadius 0.8.1 under Solaris 7 and has
been authenticating and maintaining the radacct table until after I
configured the Debian server, I
63 matches
Mail list logo