Re: PEAP/MSCHAPv2 problem
Am 05.04.2011 07:31, schrieb Stefan Winter: Hi, The solution to the problem is simple. The answer is in front of you. Alan DeKok. Looks like i'm blind...please give me a hint ;-) Dude... supplicants are typically configured to trust only the exact one certificate that is in the RADIUS Server (CN=... is in the supplicant conf). If you change the Subject in the cert... the supplicant won't like it any more. Stefan OK, once again; i have cloned a radius-server vm, the new radius-server has a new DNS-Entry, IP and a new certificate. The wlan-ssid is different from that one wich is used by the original radius. I checked both certificates, they match the requirements given by microsoft. The certificates are both singed by same CA, with same O,OU, hash-algorithm, key strength... CN is logically different and is set to host and dns name (are the same) from the new radius, like: CN=new-radius.mydomain.mycountry The complete certification path is installed on the client. The client don't have an extra client certificate, server certificate check is turned off in wireless settings. A cisco wireless controller is used for both SSIDs. Original radius works fine, with both SSIDs, new radius does not. So what's wrong? Juergen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/MSCHAPv2 problem
Hi, The complete certification path is installed on the client. The client don't have an extra client certificate, server certificate check is turned off in wireless settings. Turned off? Thanks, that's a new piece of info! That would hint towards a different problem indeed. Original radius works fine, with both SSIDs, new radius does not. So what's wrong? The debug output still points towards: the client doesn't want to speak to the server after starting the EAP conversation. If it's not a certificate problem, something else is different between the two RADIUS servers. What did you do after cloning the VM? Did you upgrade FreeRADIUS from an older version maybe? It would certainly help if you could post the debug output of the old server vs. the new one; for the EAP conversation in its entirety, not just the last packet exchange. If you positively want to rule out that the certificate change was the problem, you could, if your CA's policy allows, install the old server's certificate on the new instance. For IEEE 802.1X, there is no requirement that DNS names and CN/subjectAltNames match. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/MSCHAPv2 problem
Jürgen Stader wrote: OK, once again; i have cloned a radius-server vm, the new radius-server has a new DNS-Entry, IP and a new certificate. Well, that's likely the problem. Have you tried using the *working* certificate in the new machine? The wlan-ssid is different from that one wich is used by the original radius. I see. You've changed a number of things at the same time, and are trying to understand why it isn't working. That isn't good practice. I checked both certificates, they match the requirements given by microsoft. The certificates are both singed by same CA, with same O,OU, hash-algorithm, key strength... CN is logically different and is set to host and dns name (are the same) from the new radius, like: CN=new-radius.mydomain.mycountry The certificates are checked before the supplicant is on the network. Hostname and DNS names are irrelevant. The complete certification path is installed on the client. The client don't have an extra client certificate, server certificate check is turned off in wireless settings. A cisco wireless controller is used for both SSIDs. Original radius works fine, with both SSIDs, new radius does not. So what's wrong? The debug log points you a page on the Wiki. The Wiki contains complete instructions for debugging it both on the server side, and on the supplicant side. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Custom sql post-auth help
Trey Briggs wrote:
I'm trying to get similar logging in mysql to what you see with:
log {
You can use rsyslog to take syslog messages, and write them to SQL.
I've found how to log accepts and rejects using the sql module in the
post-auth section, but I'm unsure how to insert the client info (name or
IP is fine).
Use Packet-Src-IP-Address instead of NAS-IP-Address.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/MSCHAPv2 problem
Hello,
rad_recv: Access-Request packet from host ... port 32769, id=219,
length=159
User-Name = xy
[...]
EAP-Message = 0x0202000b01737461646572
It would also help not to mangle the debug output by hand, if that's
what happened here. The EAP-Message's EAP-Response/Identity says the
username is stader, while the RADIUS User-Name attribute says xy?
If that is *really* what came in over the wire, your Controller is doing
dumb things. If it was manual editing, please stop doing that, it really
doesn't help us helping you. Or mangle the EAP-Response/Identity to be
consistent with your other edit, at least :-)
Greetings,
Stefan Winter
Message-Authenticator = 0xe5b0ffbed84243bf27ac1ac9c9fcd0b5
server eduroam {
# Executing section authorize from file
/etc/freeradius/sites-enabled/eduroam
+- entering group authorize {...}
[suffix] No '@' in User-Name = xy, looking up realm NULL
[suffix] Found realm NULL
[suffix] Adding Realm = NULL
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
++[mschap] returns noop
[eap] EAP packet type response id 2 length 11
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/eduroam
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
} # server eduroam
Sending Access-Challenge of id 219 to ... port 32769
EAP-Message = 0x010300061920
Message-Authenticator = 0x
State = 0x3abc7e1c3abf6764392496688aff7b3f
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host ... port 32769, id=219,
length=159
Sending duplicate reply to client WLC-TUT port 32769 - ID: 219
Sending Access-Challenge of id 219 to ... port 32769
Waking up in 2.0 seconds.
Cleaning up request 0 ID 219 with timestamp +3
WARNING:
!!
WARNING: !! EAP session for state 0x3abc7e1c3abf6764 did not finish!
WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
WARNING:
!!
Ready to process requests.
eap.conf:
eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
tls {
certdir= /etc/hostcertkey
cadir = /etc/cacert
dh_file = ${certdir}/dh
private_key_file = ${certdir}/roaming.key
certificate_file = ${certdir}/roaming.pem
CA_file = ${cadir}/chain.txt
dh_file = ${certdir}/dh
random_file = /dev/urandom
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = DEFAULT
}
ttls {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
#use_tunneled_reply = yes
virtual_server = eduroam-inner-tunnel
}
peap {
default_eap_type = mschapv2
copy_request_to_tunnel = yes
#use_tunneled_reply = yes
#proxy_tunneled_request_as_eap = yes
virtual_server = eduroam-inner-tunnel
}
mschapv2 {
}
}
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bug
Rtz Poknat wrote: I deleted an entry in the database , yet it returns,, and session time is 59000 seconds. i check the openvpn server but no user is connected and it is continously updating the last update in sql table. also, even if i turn off the NAS,, the entry still updates by itself.. (a ghost??) The server doesn't magically invent packets. can anyone point out what other factors might causing this update? what files? Run the server in debugging mode as suggested in the FAQ, README, man page, and daily on this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I need help and some advice !!!
it still didn't work .
when I seperate command at clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = testing
}
client localhost {
ipv6addr = ::1
secret = testing123
}
result :
radclient: Failed to find ip address for host ::1: success
so I really confuse now. what i've done wrong and missing some config ?
please. HELP ME
thank you so much..
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/I-need-help-and-some-advice-tp4167834p4283543.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I need help and some advice !!!
Hi,
it still didn't work .
when I seperate command at clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = testing
}
client localhost {
ipv6addr = ::1
secret = testing123
}
result :
radclient: Failed to find ip address for host ::1: success
Give the two clients different names, otherwise, the server may well get
confused. How about:
client localhost-v4 {
ipaddr = 127.0.0.1
secret = testing
}
client localhost-v6 {
ipv6addr = ::1
secret = testing123
}
?
Stefan
so I really confuse now. what i've done wrong and missing some config ?
please. HELP ME
thank you so much..
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/I-need-help-and-some-advice-tp4167834p4283543.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I need help and some advice !!!
On Tue, Apr 5, 2011 at 3:54 PM, striderblue strider_b...@hotmail.com wrote:
it still didn't work .
when I seperate command at clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = testing
}
client localhost {
ipv6addr = ::1
secret = testing123
}
result :
radclient: Failed to find ip address for host ::1: success
so I really confuse now. what i've done wrong and missing some config ?
please. HELP ME
(1) There's an example on client.conf to specify an ipv6 address, use that
(2) radclient can use ipv6 with -6 option (see radclient -h).
AFAIK no such functionality is available for radtest (yet). So you
might need to use radclient directly.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP/MSCHAPv2 problem
Hi, No, the machines are indetical, only changed IP, hostname and certificates. No updates or something. Okay... I put the debug output in appendix. Sorry i had to remove passwords and IPs because of security reasons, i think you will understand ;-) That part of mangling is okay :-) If you positively want to rule out that the certificate change was the problem, you could, if your CA's policy allows, install the old server's certificate on the new instance. For IEEE 802.1X, there is no requirement that DNS names and CN/subjectAltNames match. This was the first thing i tried... Good! Looking at the output, things become clearer. The conversation ends when the server tries to send the first Access-Challenge packet to the client. It seems like that packet never gets there - and so the client retransmits the same Request over and over again. The server then repeatedly tries to re-send its reply, but again, it never seems to get there. Make sure that the changed IP address doesn't lead to some firewall (host FW? net FW? Cisco Controller's ACLs?) eats the responses. At least it is now apparent that it's not a certificate issue - the EAP conversation doesn't even get far enough to send certificate data at all. In any case, I don't think the FreeRADIUS server process is to be blamed - it sends a well-formed response to a reasonable request. Something's wrong between the server OS and the supplicant. Greetings, Stefan Winter -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to assign vlan / manage different user groups
Hi, may be someone can point me into the right direction: we do have a new wlan - freeradius - ldap setup and want to assign two main usergroups to two main wlans. Each wlan has an own vlan. We use cisco switches and APs and got a wlan controller. So far we do have different SSIDs and all users can access both WLANs with their username/password stored in our ldap. Now we'd like students only to be able to access the students WLAN and employees to access there WLAN. My question: Where is the point to start to configure such a setup? I think, somewhere there must be some sort of check if the user assceesing the e.g. student wlan is in the primary posixgroup student. Or do I have to 'send' the VLAN ID to the network devices? Thanks for any hint and best regards Götz Reinicke -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I need help and some advice !!!
On 04/05/2011 07:24 AM, Fajar A. Nugraha wrote: (1) There's an example on client.conf to specify an ipv6 address, use that (2) radclient can use ipv6 with -6 option (see radclient -h). AFAIK no such functionality is available for radtest (yet). So you might need to use radclient directly. Attached is a patch we created for radtest to support IPv6 and is in our current packages. I'm pretty sure we've already sent this to Alan. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ --- freeradius-server-2.1.10/src/main/radtest.in.orig 2011-02-14 16:19:05.0 -0500 +++ freeradius-server-2.1.10/src/main/radtest.in 2011-02-14 16:24:18.0 -0500 @@ -16,6 +16,8 @@ echo -t type Set authentication method 2 echo type can be pap, chap, mschap, or eap-md5 2 echo -x Enable debug output 2 + echo -4 Use IPv4 address family for the NAS (default) 2 + echo -6 Use IPv6 address family for the NAS 2 exit 1 } @@ -30,6 +32,7 @@ OPTIONS= PASSWORD=User-Password +family=IPv4 # We need at LEAST these many options if [ $# -lt 5 ] @@ -41,6 +44,14 @@ while [ `echo $1 | cut -c 1` = - ] do case $1 in + -4) + family=IPv4 + shift + ;; + -6) + family=IPv6 + shift + ;; -d) OPTIONS=$OPTIONS -d $2 shift;shift @@ -97,10 +108,25 @@ nas=`hostname` fi +# Set the address family +case $family in + IPv4) + OPTIONS=$OPTIONS -4 + NAS_ADDR_ATTR=NAS-IP-Address + ;; + IPv6) + OPTIONS=$OPTIONS -6 + NAS_ADDR_ATTR=NAS-IPv6-Address + ;; + *) + echo ERROR: unknown address family ($family) 2 + usage +esac + ( echo User-Name = \$1\ echo $PASSWORD = \$2\ - echo NAS-IP-Address = $nas + echo $NAS_ADDR_ATTR = $nas echo NAS-Port = $4 if [ $radclient = $radeapclient ] then - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to assign vlan / manage different user groups
We are using wlan - freeradius - ldap too. In the freeradius, you check ldap whether username is in student or nonstudent group, then you need to send back either IETF 64 65 81 or some vendor specific attributes On the WLAN controller, you then either use the IETF 64 65 81 or vendor specific attributes to drop the user session in the VLAN. Schilling On Tue, Apr 5, 2011 at 9:07 AM, Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de wrote: Hi, may be someone can point me into the right direction: we do have a new wlan - freeradius - ldap setup and want to assign two main usergroups to two main wlans. Each wlan has an own vlan. We use cisco switches and APs and got a wlan controller. So far we do have different SSIDs and all users can access both WLANs with their username/password stored in our ldap. Now we'd like students only to be able to access the students WLAN and employees to access there WLAN. My question: Where is the point to start to configure such a setup? I think, somewhere there must be some sort of check if the user assceesing the e.g. student wlan is in the primary posixgroup student. Or do I have to 'send' the VLAN ID to the network devices? Thanks for any hint and best regards Götz Reinicke -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to assign vlan / manage different user groups
Thanks, may I ask you to send me the config you use in freeradius? That would be great! /Götz Am 05.04.11 16:42, schrieb schilling: We are using wlan - freeradius - ldap too. In the freeradius, you check ldap whether username is in student or nonstudent group, then you need to send back either IETF 64 65 81 or some vendor specific attributes On the WLAN controller, you then either use the IETF 64 65 81 or vendor specific attributes to drop the user session in the VLAN. Schilling On Tue, Apr 5, 2011 at 9:07 AM, Götz Reinicke - IT-Koordinator goetz.reini...@filmakademie.de wrote: Hi, may be someone can point me into the right direction: we do have a new wlan - freeradius - ldap setup and want to assign two main usergroups to two main wlans. Each wlan has an own vlan. We use cisco switches and APs and got a wlan controller. So far we do have different SSIDs and all users can access both WLANs with their username/password stored in our ldap. Now we'd like students only to be able to access the students WLAN and employees to access there WLAN. My question: Where is the point to start to configure such a setup? I think, somewhere there must be some sort of check if the user assceesing the e.g. student wlan is in the primary posixgroup student. Or do I have to 'send' the VLAN ID to the network devices? Thanks for any hint and best regards Götz Reinicke -- -- Götz Reinicke IT-Koordinator Tel. +49 7141 969 420 Fax +49 7141 969 55 420 E-Mail goetz.reini...@filmakademie.de Filmakademie Baden-Württemberg GmbH Akademiehof 10 71638 Ludwigsburg www.filmakademie.de Eintragung Amtsgericht Stuttgart HRB 205016 Vorsitzende des Aufsichtsrats: Prof. Dr. Claudia Hübner Geschäftsführer: Prof. Thomas Schadt smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I need help and some advice !!!
John Dennis wrote: On 04/05/2011 07:24 AM, Fajar A. Nugraha wrote: (1) There's an example on client.conf to specify an ipv6 address, use that (2) radclient can use ipv6 with -6 option (see radclient -h). AFAIK no such functionality is available for radtest (yet). So you might need to use radclient directly. Attached is a patch we created for radtest to support IPv6 and is in our current packages. I'm pretty sure we've already sent this to Alan. OK. I've added it with some minor tweaks. We should release 2.1.11 some time soon. Anyone interested in testing the beta version? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: I need help and some advice !!!
On 04/05/2011 09:21 PM, Alan DeKok wrote: John Dennis wrote: On 04/05/2011 07:24 AM, Fajar A. Nugraha wrote: (1) There's an example on client.conf to specify an ipv6 address, use that (2) radclient can use ipv6 with -6 option (see radclient -h). AFAIK no such functionality is available for radtest (yet). So you might need to use radclient directly. Attached is a patch we created for radtest to support IPv6 and is in our current packages. I'm pretty sure we've already sent this to Alan. OK. I've added it with some minor tweaks. We should release 2.1.11 some time soon. Anyone interested in testing the beta version? We maintain a dedicated radius server, with (outbound) eduroam and all our standard configs monitoring probes for just this purpose. Which git branch/revision/tag should I pull? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can FreeRadius connect to ACT! database?
I've been tinkering with dialup_admin and MySQL with FR 2.1.10. I have been able to get it to work for doing MAC authentication of Motorola Canopy SM's. The problem is that the customer database is hosted on Windows using ACT! It already contains the user account info, radio type, MAC address, and specified rate limits. A couple of choices: 1. Duplicate much of the data from ACT! and populate the MySQL database, then forever perform dual maintenance manually. 2. Use the ACT! SDK to develop a custom add-on to update the Radius database, or to write to flat files and copy them over (yuk.) (or hopefully): 3. Have Radius query the ACT! database directly? Is there an ODBC that can be made to work here? (At this point, I could care less about accounting.) I just need a simple MAC address lookup, and an Accept reply with a few attributes. I'd consider choice #4 if someone knows of one ... Thanks, Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can FreeRadius connect to ACT! database?
Option 4.) Dump data from ACT to a real DB, then dump ACT completely? j/k - sorta... Does ACT support triggers and / or stored procedures? If so it would be relatively easy to keep a subset of the ACT DB in MySQL (or whatever) and keep it synchronized. If ACT is ODBC, I'm sure one could install an ODBC driver and write a query in SQL ( or whatever ACT uses). At that point it wouldn't be any different than any other backend data store. There is probably an option 5 - 10 as well. Is this a high volume environment? How many requests per sec / minute are we guestimating? I ask because if it's low you have many more options than if it's high. G -Original Message- From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On Behalf Of Jim Rice Sent: Tuesday, April 05, 2011 5:36 PM To: freeradius-users@lists.freeradius.org Subject: Can FreeRadius connect to ACT! database? I've been tinkering with dialup_admin and MySQL with FR 2.1.10. I have been able to get it to work for doing MAC authentication of Motorola Canopy SM's. The problem is that the customer database is hosted on Windows using ACT! It already contains the user account info, radio type, MAC address, and specified rate limits. A couple of choices: 1. Duplicate much of the data from ACT! and populate the MySQL database, then forever perform dual maintenance manually. 2. Use the ACT! SDK to develop a custom add-on to update the Radius database, or to write to flat files and copy them over (yuk.) (or hopefully): 3. Have Radius query the ACT! database directly? Is there an ODBC that can be made to work here? (At this point, I could care less about accounting.) I just need a simple MAC address lookup, and an Accept reply with a few attributes. I'd consider choice #4 if someone knows of one ... Thanks, Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system. /font - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can FreeRadius connect to ACT! database?
Hi Gary, Low volume. Since these are the SM's, they will stay connected once booted. The only time an SQL query would be needed is when something gets added or changed. A handful per day. That's why it isn't really worth trying to duplicate the entire database and maintain two copies. On the other hand, do I really want Radius to depend on ACT! as a single point of failure? A more robust solution would be to have a couple radius servers, and a couple database engines on the back end that are in sync for possible failover. There is only one ACT! box. By putting what I need into the Radius system (linux boxen), if ACT! should fail, Radius won't. It might not be getting any updates, but it won't bring down the entire network. I've come full circle here. I think I need to spend some time with ACT! and convince it to trigger an update in the MySQL database (and reboot the SM to force a new access-request). Just not sure what I will need on the FreeRadius side, if any. It might just be only between ACT! and MySQL. - Original Message - From: Gary Gatten ggat...@waddell.com To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Sent: Tuesday, April 05, 2011 03:52 PM Subject: RE: Can FreeRadius connect to ACT! database? Option 4.) Dump data from ACT to a real DB, then dump ACT completely? j/k - sorta... Does ACT support triggers and / or stored procedures? If so it would be relatively easy to keep a subset of the ACT DB in MySQL (or whatever) and keep it synchronized. If ACT is ODBC, I'm sure one could install an ODBC driver and write a query in SQL ( or whatever ACT uses). At that point it wouldn't be any different than any other backend data store. There is probably an option 5 - 10 as well. Is this a high volume environment? How many requests per sec / minute are we guestimating? I ask because if it's low you have many more options than if it's high. G - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can FreeRadius connect to ACT! database?
On 2011/04/06 12:52 AM, Gary Gatten wrote: Option 4.) Dump data from ACT to a real DB, then dump ACT completely? j/k - sorta... Does ACT support triggers and / or stored procedures? If so it would be relatively easy to keep a subset of the ACT DB in MySQL (or whatever) and keep it synchronized. If ACT is ODBC, I'm sure one could install an ODBC driver and write a query in SQL ( or whatever ACT uses). At that point it wouldn't be any different than any other backend data store. There is probably an option 5 - 10 as well. Is this a high volume environment? How many requests per sec / minute are we guestimating? I ask because if it's low you have many more options than if it's high. Hi all, ACT is actually a CRM system. Unsure what database it uses, but I suspect it is Access Based (that horrible M$ thing) My suggestion would be to use a php script (called using rlm_exec) that can query the ACT database directly. Php can query weird and wonderful databases using odbc, and rlm_exec can call any php script. Cheers, -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 --- Before acting on this email or opening any attachments you should read Cape PC Service's email disclaimer at: http://www.pcservices.co.za/disclaimer.html --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radutmp
hello, radutmp shows blank... pls help me- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
