More Questions
First off I am new to radius and am trying to figure how to do what I want it to do. ANY help is greatly appreciate and hope to be able to help others in the future. I will start off by stating what I am trying to do: I have 2 locations that have wireless access to internet and am trying to find a way to secure the access for any authed users (got that figured out). I am not using a traditional NAS since budget does not allow for that cost. What i am using is a FreeBSD box loaded with a program called OpenGate that uses CGI to query radius server for auth. (working). I am running FreeRadius on another FreeBSD machine and have it set up to use MySQL for usernames and such (working). In MySQL I am using the default database structure and have not modified any of it except for users and such. Now for the questions: 1: I have read all the Doc's that come with radius and searche dthe web and still have not found how to log accounting info in radius. I have turned on log_auth, log_auth_badpass, and log_auth_goodpass in radiusd.conf. Having done this I am still not getting any accounting info in the database or log file. Am I missing something here? 2: I am trying to limit simultaneous use and am a bit confused. One file says that it only works with users file and pam (i believe) but not with SQL, LDAP and so forth. In another doc it says to change in tablr radgruopcheck Attribute=Simultaneoius-use OP=:= and value to 1. I have done this and still allows multiples. Also saw in radiusd.conf where i need to uncomment simul_count_query but that appears to only work if you have accounting working. Am doing something wrong here as well? Concerns: 1: Does the traditional NAS send radius the accounting info or does radius insert as authed, denyied, etc? Thanks in advance for all your help Roy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More Questions
1: I have read all the Doc's that come with radius and searche dthe web and still have not found how to log accounting info in radius. I have turned on log_auth, log_auth_badpass, and log_auth_goodpass in radiusd.conf. Having done this I am still not getting any accounting info in the database or log file. Am I missing something here? This question was asked earlier this week. I guess it might be a good idea to ask Alan to put sql as a commented option in the authorize and accounting sections of the radiusd.conf. You need to add sql to your accounting section of radiusd.conf if you want it to write accounting info the the database. You also need to make sure the sql queries in sql.conf that use the radacct table are correct for your database. 2: I am trying to limit simultaneous use and am a bit confused. One file says that it only works with users file and pam (i believe) but not with SQL, LDAP and so forth. In another doc it says to change in tablr radgruopcheck Attribute=Simultaneoius-use OP=:= and value to 1. I have done this and still allows multiples. Also saw in radiusd.conf where i need to uncomment simul_count_query but that appears to only work if you have accounting working. Am doing something wrong here as well? It works with SQL, as you describe in the radgroupcheck table. At the bottom of the radiusd.conf is a section called session, in there is a flag which tells it to use the sql or radutmp for Simult-use checking. If you don't you don't uncomment the queries simult-use needs in the sql.conf, it will not work. Take a look at my radiusd.conf for reference: http://mrtizmo.com/freeradius/ Concerns: 1: Does the traditional NAS send radius the accounting info or does radius insert as authed, denyied, etc? radius just sits there waiting for an NAS to send it data, then it auth's/denies it and then logs everything. Hope that helps! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More Questions
Roy Wills [EMAIL PROTECTED] wrote: I have turned on log_auth, log_auth_badpass, and log_auth_goodpass in radiusd.conf. Having done this I am still not getting any accounting info in the database or log file. Am I missing something here? Your NAS needs to send accounting packets. Nothing you do to the server will make any difference. Also saw in radiusd.conf where i need to uncomment simul_count_query but that appears to only work if you have accounting working. Exactly. No accounting, no simultaneous-use checks. Am doing something wrong here as well? Make the NAS send accounting packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More Questions
Nick Davis [EMAIL PROTECTED] wrote: I guess it might be a good idea to ask Alan to put sql as a commented option in the authorize and accounting sections of the radiusd.conf. Done. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: More Questions
file. Am I missing something here? I guess it might be a good idea to ask Alan to put sql as a commented option in the authorize and accounting sections of the radiusd.conf. You need to add sql to your accounting section of radiusd.conf if you want it to write accounting info the the database. You also need to make sure the sql queries in sql.conf that use the radacct table are correct for your database. ...Assuming your NAS is even sending accounting packets to the server. Is it? Concerns: 1: Does the traditional NAS send radius the accounting info or does radius insert as authed, denyied, etc? radius just sits there waiting for an NAS to send it data, then it specifically authentication, authorization, and accounting packets auth's/denies it and then logs everything. Again, the NAS must send accounting packets before the server will log them in a details file or DB. I'd look at the NAS configuration. I'm not at all familiar with your setup, so I can't help there. Sorry. But, make sure it's sending accounting data. Then you can move onto making FreeRADIUS and your SQL DB work. Actually, I wouldn't even worry about the SQL stuff until you're getting what you want in a basic details file. Then I'd get the SQL accounting working. Battle one dragon at time, etc... -- Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
