On Mon, Nov 12, 2012 at 2:25 AM, Fajar A. Nugraha wrote:
> On Mon, Nov 12, 2012 at 2:29 PM, Dirk van der Walt
> wrote:
>> Although rlm_counter is primarily used as an introduction here to
>> better understand the counter modules, the next section covers the
>> rlm_sqlcounter module. This module i
On Mon, Nov 12, 2012 at 2:29 PM, Dirk van der Walt
wrote:
> Although rlm_counter is primarily used as an introduction here to
> better understand the counter modules, the next section covers the
> rlm_sqlcounter module. This module is more flexible and preferred.
If it were me I'd jump directly t
On Sun, Nov 11, 2012 at 5:45 AM, Alan DeKok wrote:
> Periko Support wrote:
>> On Sat, Nov 10, 2012 at 6:27 AM, Alan DeKok
>> wrote:
>>> What does the debug output say?
> ..
>> This is the output:
>
> You've given a lot of information, which is nice But please don't
> send the output of "ra
Periko Support wrote:
> On Sat, Nov 10, 2012 at 6:27 AM, Alan DeKok wrote:
>> What does the debug output say?
..
> This is the output:
You've given a lot of information, which is nice But please don't
send the output of "radtest". I didn't ask for it. It's not necessary.
And you've del
On Sat, Nov 10, 2012 at 6:27 AM, Alan DeKok wrote:
> Periko Support wrote:
>> This works, but I would like to understand, I can try that steps a
>> lot times and every time it give me the same result: 1770, doesn't
>> suppose that every time I run the same steps the counter must be
>> lower?
>
>
Periko Support wrote:
> This works, but I would like to understand, I can try that steps a
> lot times and every time it give me the same result: 1770, doesn't
> suppose that every time I run the same steps the counter must be
> lower?
Only if the NAS is sending accounting packets.
What does
My Fault, this message wasn't finish, I will continue here.:
On Fri, Nov 9, 2012 at 1:09 PM, Periko Support
wrote:
> Hi.
>
> Centos 5.x
> FreeRadius 2.1.1.
>
> I'm reading the book freeradius beginners Guide chapter 6: accounting.
>
> Page 139.
>
> Amount of Time.
>
> I have follow the book
I'm trying to find some sample accounting data from freeradius,
preferably in a mysql database to run some test analyses on. I'm
considdering using Freeradius + Mysql accounting in my environment, and
don't have the infrastructure to generate test data, and would like to
anal
xy.conf"
> }
> }
> }
>
Perfect! :D
Thank you very much Fajar A. Nugraha-2 and Alan DeKok.
Best regards from Spain
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/FreeRADIUS-Accounting-data-sync-tp5071166p5077038.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Dec 15, 2011 at 3:52 PM, KatsuroKurosaki wrote:
> realm radrelay {
> acct_pool = radrelay
> }
... so that is your realm
> server copy-acct-to-home-server {
> modules {
> Module: Checking preacct {...} for more modules to load
> Module: Linked to module rlm_preprocess
> Modu
On Wed, Dec 14, 2011 at 6:08 PM, KatsuroKurosaki wrote:
>> What I meant was, AFTER you enable copy-acct-to-home-server and stuff,
>> have you ACTUALLY send an accounting packet to server A? If yes, it
>> SHOULD display some things (like writing to a detail file), and then
>> there should be a log
KatsuroKurosaki wrote:
> And this is what I'm trying to configure, server A send the packet to server
> B, and vice-versa. Server A won't handle all requests, for example, if we
> have 50 NASes, 25 will handle requests to server A and B as fail-over, and
> the other 25 will handle requests to serve
opened signalled
0 waiting 1.043415 sec
Waking up in 1.0 seconds.
Polling for detail file /var/log/freeradius/radacct/detail
Detail listener /var/log/freeradius/radacct/detail state unopened signalled
0 waiting 1.090784 sec
Waking up in 1.0 seconds.
^C
/
Is this behaviour normal?
Fajar A. Nugraha-2
etail file, and then there's
something about it proxying the accounting to server B. Does all of
that happen? If not, which ones happen?
> I need some advices of how can I have all the Authorization, Authentication
> and Accounting data replicated to both servers (A and B), so one of them
KatsuroKurosaki wrote:
> I mean: while debugging ( /freeradius -X/ ) I have Server A as primary and
> server B as secondary (or back-up, fail-over,...). Then: I do a login
> process, and Server A is running, I'm logged in with no problems, and
> suddently server A fails (stopping the service). Then
er A and B receive it?
>
No, only server A receives and processes it. Then, if server A fails, server
B starts processing requests, and when receives the logout request sent
before to server A, server B debugs on the screen what I answered above (
the /No Login record/ thing ).
I need some ad
en on server A when
> server B fails.
FR shouldn't print that. What do you mean it "prints on the screen"?
> And then I uncommented, in the same file, under the sections /accounting {}/
> and /post-auth {}/ the line /sql_log/ to enable the module (I want
sql_log has nothing to d
freeradius/modules/detail/
And added, under //etc/freeradius/sites-available/default/ file, in the
section /accounting {} / the line /detail/
And then I uncommented, in the same file, under the sections /accounting {}/
and /post-auth {}/ the line /sql_log/ to enable the module (I want
Account
Dear All,
I would like to configure freeradius server to send accounting data to other
server. Could any one advice me or show me how can I achieve this method?
--
YOUK Sokvantha
Tell: (855) 89896589
email: sokvan...@gmail.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
Natr Brazell wrote:
> 1. I am using mysql for radacct data to keep track of sessions. The
> accounting data is going into flat files on each radius server. Is
> there a way to get the accounting data to go directly to into a mysql
> table? I don't want the accounting data in
I have two questions if I may. One I think I've asked before but just
getting around to trying to tackle it again.
1. I am using mysql for radacct data to keep track of sessions. The
accounting data is going into flat files on each radius server. Is there a
way to get the accounting da
Thanks Alan,
At the moment we have restricted the accounting data to a layer 2 VPLS
segment however I'll investigate the use of IPSEC as well to let those that
worry about these things sleep better at night.
n
On Tue, Aug 10, 2010 at 3:53 AM, Alan Buxey wrote:
> Hi,
>
> > M
Hi,
> My thinking was to use radsecproxy->freeradius (my nas, coova, supports
> radsec).
>
> Any comments on ipsec vs radsec?
RADIUS with TLS over TCP (what some define as 'RADSec') is good. cant wait
until
all mainstream RADIUS servers support it natively. until then, RADSecproxy
will do
w
On 2010/08/09 11:14 PM, Alan DeKok wrote:
The accounting data is sent in the clear on a LAN. This shouldn't be
a problem.
If you're sending accounting data across the Internet, use IPSec.
Don't even pretend to use anything else. RADIUS (and TACACS+) security
is simply
Natr Brazell wrote:
> Wasn't suggesting I'd use TACACS+. I am in the process of replacing my
> customers existing TACACS+ architecture however they keep coming back to
> the ability of TACACS+ over Radius to secure, or rather, not send
> accounting data across the network in
:)
Wasn't suggesting I'd use TACACS+. I am in the process of replacing my
customers existing TACACS+ architecture however they keep coming back to the
ability of TACACS+ over Radius to secure, or rather, not send accounting
data across the network in the clear. (I assume this is th
We would be stuck with static weak security built in to RADIUS just like
TACACS uses.
There are options for securely tunneling RADIUS packets that weren't
available in the early years. Secure tunneling doesn't require changes
to the RADIUS protocol. The EAP-TLS extension alone has made most of
om>> wrote:
>>
>>Natr Brazell wrote:
>> > Is there a way to secure the communication between the radius
>>server and
>> > the NAS especially wrt accounting data?
>>
>> IPSec.
>>
>> Most NASes implement IPv4, and not
6, 2010 at 4:09 PM, Alan DeKok <mailto:al...@deployingradius.com>> wrote:
Natr Brazell wrote:
> Is there a way to secure the communication between the radius
server and
> the NAS especially wrt accounting data?
IPSec.
Most NASes implement IPv4, and
Thanks,
I'm looking into IPSEC at the moment. I'm curious how TACACS+ does their
encryption?
N
On Fri, Aug 6, 2010 at 4:09 PM, Alan DeKok wrote:
> Natr Brazell wrote:
> > Is there a way to secure the communication between the radius server and
> > the NAS espec
Natr Brazell wrote:
> Is there a way to secure the communication between the radius server and
> the NAS especially wrt accounting data?
IPSec.
Most NASes implement IPv4, and not much else. "Security" means "don't
run RADIUS over a network where users have acce
On Aug 6, 2010, at 12:32 PM, Natr Brazell wrote:
> Is there a way to secure the communication between the radius server and the
> NAS especially wrt accounting data?
I assume RADSEC will handle Accounting data too, but it's only a draft
currently. IPSec? Create tunnels between the
Is there a way to secure the communication between the radius server and the
NAS especially wrt accounting data?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ok
thanks for your information. Now i can confidently use other method to get
the accounting data from Radius server. It is good & easy for me to get
whole radacct log file in NAS (using rsync) for now and use it accordingly.
Can you send me a good link to integrate accounting data on Ra
Rahul Panwar wrote:
Thanks for a quick response,
> You can't. FreeRadius has no such facility.
> Use a database server, or write a script process the radacct file.
You can put accounting into both the radacct & database if you want.
What is the use of Acct-Interim-Interval? Is it not possi
>> >> Is it possible to get the accounting data from the radius server using
>> >> radius client in NAS and how?
>>
>> > No. Use a database query language.
>>
>> I am not using any database server (MySQL etc.) on Radius server, i am
>> ju
Rahul Panwar wrote:
Thanks for replying Alan,
>> Is it possible to get the accounting data from the radius server using
>> radius client in NAS and how?
> No. Use a database query language.
I am not using any database server (MySQL etc.) on Radius server, i am
just using
Thanks for replying Alan,
>> Is it possible to get the accounting data from the radius server using
>> radius client in NAS and how?
> No. Use a database query language.
I am not using any database server (MySQL etc.) on Radius server, i am just
using the radacct log file. How
Rahul Panwar wrote:
> Is it possible to get the accounting data from the radius server using
> radius client in NAS and how?
No. Use a database query language.
> I am using freeradius server 2.X for
> collecting all the billing data (in radacct log files) of VOIP calls.
> Then
Hi,
Is it possible to get the accounting data from the radius server using
radius client in NAS and how? I am using freeradius server 2.X for
collecting all the billing data (in radacct log files) of VOIP calls. Then
generate bills using our software. But sometime the accounting data required
in
quot;
>>
>> Authentication works properly while User-Name in accounting data, the
>> @realm part is removed.
>
>Is it there in Access-Accept? If username is stripped in Access-Accept
it won't be present in accounting packets.
No, it's not in Access-Accept... Is
t; Authentication works properly while User-Name in accounting data, the
> @realm part is removed.
Is it there in Access-Accept? If username is stripped in Access-Accept it
won't be present in accounting packets.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
while User-Name in accounting data, the
@realm part is removed.
However, there is no problem for other 'simple' proxy settings (only
define realm in proxy.conf, without Proxy-to-realm).
We're using LDAP as authentication backend.
Would anyone please advise if we can keep the @rea
sers-bounces+p_beheshti=rasana@lists.freeradius.org on
behalf of ahmed adel
Sent: Sun 2/15/2009 12:43 PM
To: FreeRadius users mailing list
Subject: Re: Using accounting data for quotas
I have implemented quota service based on Freeradius before, and I
think that it is close to what you are l
hold the history in.
Best Regards
Ahmed Adel
From: Jonathan Gazeley
To: freeradius-users@lists.freeradius.org
Sent: Friday, February 13, 2009 12:56:14 PM
Subject: Using accounting data for quotas
I'm trying to find a way to extract useful data from accounting
I'm trying to find a way to extract useful data from accounting logs to
use towards a quota. I'm a bit stuck and I'm wondering if anyone has
tried anything similar with success. Let me explain...
My accounting logs are sent to SQL with the inner ID. Periodically, the
NAS updates the accounting
Jim L. wrote:
> Alan,
>
> The modifications to event.c now allow the server to correctly log to
> the detail file. That portion appears to be fixed. However, it appears
> that FS is still attempting to authenticate the accounting packet.
Ok.. I've put the fix in CVS. I've been having a confuse
maginenet.net port 0)
Sending Access-Reject of id 0 to 192.168.0.10 port 62518
Finished request 0.
Jim Lohiser
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Saturday, May 03, 2008 3:45 AM
Subject: R
Jim L. wrote:
> I recompiled with this patch, however, I am getting the same results as
> before.
Sorry...
>> DEBUG2(">>> Sending proxied request internally to virtual server.");
>> radius_handle_request(fake, rad_authenticate);
Change this line to:
radius_handle_request(fake, fun
Alan,
I recompiled with this patch, however, I am getting the same results as
before.
Jim Lohiser
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Friday, May 02, 2008 11:33 AM
Subject: Re: FS trying
Jim L. wrote:
...
Sending proxied request internally to virtual server.
> server ImagineNet_Detail {
> auth: No authenticate method (Auth-Type) configuration found for the
Ugh. The code that does the internal proxying doesn't check for
auth/acct differences. Oops.
Try the attached patc
part that it supposed
to send the accounting data to a detail file. However, even that small piece
does not work. The errors I am getting in the debug logs are
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user
GentlePersons,
I'm in the process of converting from flat file to mySQL database for
our RADIUS accounting. I've modified the accounting_start_query
entry in sql.conf to:
accounting_start_query = "INSERT into ${acct_table1} \
SET \
AcctSessionId = '%{Acct-Ses
TK Lew <[EMAIL PROTECTED]> wrote:
> This guys basically hacks the rlm_radutmp to use session id.
If that's all you want, it may work for you.
> a. Is possible to use the hacks for session id if NAS port is not an option ?
If it works for you.
> b. For high performance site , is radumtp perf
hi alan ::
Thanks but changing the NAS port is not an options for me :( since i
am actually using Freeradius for a streaming projects where there are
so many NAS's around.
Based on the Freeradius mailing list , I think i came across a similar
posting (i think your reply is there too).
http://lis
TK Lew <[EMAIL PROTECTED]> wrote:
> Ahthat why but all the NAS are using the same port !
Ask your NAS vendor.
> I understand that session index is based on NAS port . Any chance
> for it to be based on session id ? Is there a patch for it ??
No. That simply won't work.
If you're doin
hi ::
Ahthat why but all the NAS are using the same port ! I understand
that session index is based on NAS port . Any chance for it to be
based on session id ? Is there a patch for it ??
Thanks again !
On 11/15/05, Alan DeKok <[EMAIL PROTECTED]> wrote:
> TK Lew <[EMAIL PROTECTED]> wrote:
> >
TK Lew <[EMAIL PROTECTED]> wrote:
> I have a weird problem. If I am not mistaken sessions are logged and
> remove on accouting-start and accouting-stop but I have encountered
> where an active session for a particular users have been deleted from
> the session database without the corresponding acc
hi all ::
I have a weird problem. If I am not mistaken sessions are logged and
remove on accouting-start and accouting-stop but I have encountered
where an active session for a particular users have been deleted from
the session database without the corresponding accounting stop packet.
I am runni
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello All,
I'm using the default sql.conf for the Acount start/stop information
that will be inserted into the SQL database.
however I found some of the info was inserted into the SQL server.
E.g
NASPortType (I've sure the request have this)
"Alfred H. Dahl" <[EMAIL PROTECTED]> wrote:
> The field in the database is int(12) - but data logged to the database
> is never larger than an unsigned_int_32 (2147483647/7FFF)
>
> If this is a limitation in the RADIUS-server, what do I do to work
> around it?
It's a limitation of the clien
Hello all,
our PPPoE-servers log accounting data to the RADIUS-server, which in
turn is stored in a mysql-database.
The field in the database is int(12) - but data logged to the database
is never larger than an unsigned_int_32 (2147483647/7FFF)
If this is a limitation in the RADIUS-server
Hi,
I am running FR 1.0.0 on RedHat9. I have 2 radius servers
set up primarily for proxying but we do have some locally managed
realms. I have 2 special cases where I need to add realm
information to our accounting data. I had been trying this
with attr_rewrite with little success.
Case 1: ISP
On Fri, 17 Sep 2004, David wrote:
> Hi,
>
> I am running FR 1.0.0 on RedHat9. I have 2 radius servers
> set up primarily for proxying but we do have some locally managed
> realms. I have 2 special cases where I need to add realm
> information to our accounting data. I ha
Hi,
I am running FR 1.0.0 on RedHat9. I have 2 radius servers
set up primarily for proxying but we do have some locally managed
realms. I have 2 special cases where I need to add realm
information to our accounting data. I had been trying this
with attr_rewrite with little success.
Case 1
On Wed, 11 Aug 2004, david wrote:
>
> >> 1. What actually triggers a session to be logged in radutmp?
> >> - Is it logged upon successful authentication of the user or
> >> by the sending of an accounting start-packet?
>
> > radutmp works for accounting. Check radiusd.conf and you will see.
>> 1. What actually triggers a session to be logged in radutmp?
>> - Is it logged upon successful authentication of the user or
>> by the sending of an accounting start-packet?
> radutmp works for accounting. Check radiusd.conf and you will see. So
sessions
> are logged and remov
On Wed, 11 Aug 2004, david wrote:
> Hello All,
>
> I am in the process of learning about and setting up simultaneous
> usage and have a few questions about how it works.
>
> 1. What actually triggers a session to be logged in radutmp?
> - Is it logged upon successful authentication of the user or
Hello All,
I am in the process of learning about and setting up simultaneous
usage and have a few questions about how it works.
1. What actually triggers a session to be logged in radutmp?
- Is it logged upon successful authentication of the user or
by the sending of an accounting start-packet?
Kostas Kalevras <[EMAIL PROTECTED]> wrote:
> You could use the expr module to calculate the correct value for
> Acct-Input-Octets and Acct-Output-Octets. Probably something like:
>
> %{expr: %{Acct-Input-Octets} + 1024*1024*1024*4*%{Acct-Input-Gigawords:-0}}
rlm_expr handles 32-bit numbers only
}
Hmm, maybe adding support for KB,MB,GB,TB in rlm_expr would be nice.
>
> Hope that helps a bit... it works for us, so yeah :)
>
> Nikolas Geyer.
>
>
> - Original Message -
> From: "Russell Brenner" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]&
7; AND UserName = '%{SQL-User-Name}'
AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime =
0"
And we added the AcctInputGigaWords and AcctOutputGigawords to the radacct
table.
Hope that helps a bit... it works for us, so yeah :)
Nikolas Geyer.
----- Original Mess
Hi,
After checking out some the accounting data we've collected for our ADSL
users we obviously aren't getting usage data until we receieve a stop record
for the customer (ie sometimes upto a week later) when the customers
disconnects.
This isn't really that useful for da
"David" <[EMAIL PROTECTED]> wrote:
> so that [EMAIL PROTECTED] will get into our detail files (and database)?
attr_rewrite.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I am currently running several radius servers (version 0.9.3) on Red Hat 9.
The radius servers are used primarily to proxy to other radius servers.
Shortly I will be receving accounting data from another ISP who will
be using rad relay to send the accounting data.
The ISP that will be
>
> You can use rlm_attr_rewrite, but it would be a little more
> complicated, I think.
>
That's the path I was headed towards over the weekend but I couldn't get
it to work.
Thanks Again!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
<[EMAIL PROTECTED]> wrote:
> You mentioned that in the latest CVS head you can do this in the hints file,
> is this
> possible in the current production version (0.9.3) by adding it elsewhere?
You can use rlm_attr_rewrite, but it would be a little more
complicated, I think.
Alan DeKok.
-
L
> What IP range? Of the NAS?
I have used the NAS-IP as well as Client-IP in the past.
> In the latest CVS head, I think you can use the "Hints" file to do
> this:
>
> #---
> DEFAULT Called-Station-Id == "foo", User-Name =~ "^[a-zA-Z0-9]+"
> User-Name := [EMAIL PROTECTED]
> #---
You mention
<[EMAIL PROTECTED]> wrote:
> I have been working with setting up proxying by realm and/or IP range. It
> seems to be working well.
What IP range? Of the NAS?
> Is it possible to force that realm to be written to the detail file (and my
> SQL backend) when the request is proxied
> by IP?
Do
Hi,
I am running FreeRADIUS 0.9.3 on RedHat 9.0 and my radius server is used
primarily for proxying to other ISP's.
I have been working with setting up proxying by realm and/or IP range. It
seems to be working well.
My application requires the user to enter a username such as [EMAIL PROTECTED]
a
Zimmermann wrote:
Hi,
I hope, you can help me with an idea, how to filter/strip the
"Framed-IP-Address" of customers from the accounting data.
At the moment, I delete the these lines in the detail logs, but I'd
like to know, if there is a more elegant way to achieve this.
Has freeradius-
Hi,
I hope, you can help me with an idea, how to filter/strip the
"Framed-IP-Address" of customers from the accounting data.
At the moment, I delete the these lines in the detail logs, but I'd like
to know, if there is a more elegant way to achieve this.
Has freeradius-0.9.
82 matches
Mail list logo