Re: Cisco integration with priv-lvl=15 vs. priv-lvl=0
On 08/09/2012 10:29 PM, Casho, Craig L wrote: Basically, how does one go about configuring the radius server to forward requests to the Redhad LDAP server with these attributes. This is way too vague, and your terminology is all wrong which suggests you haven't read the docs and aren't familiar with FreeRADIUS. If you want a more specific answer, please ask a more specific question. However: there are several ways to accomplish what you want. Assuming that you have basic LDAP authenication (i.e. username/password checking) already working the simplest and most common approach is to use use LDAP groups. For example, in the users file you might put: DEFAULT Ldap-Group == cisco-admin-users Cisco-AVPair += shell:priv-lvl=15 The other common approach is to define an LDAP attribute, and map this to the Cisco-AVPair reply item, then populate your LDAP entries appropriately. For example, you could add an LDAP entry: dn: cn=username,ou=foo,o=bar myCiscoVals: shell:priv-lvl=15 ...and in ldap.attrmap add: replyItem Cisco-AVPairmyCiscoVals There are lots and lots of ways of doing this, but these are the most common. I suggest you read the docs carefully. Setup a basic case and get it working, then tune it to your needs. My advice would be to put the FreeRADIUS config into version control, and check in your changes each time you have a working config. Make small changes and test, then check in. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Volume based with Free radius
Dear Members, I would like to create an account that is based on Volume consumption, how would i do this with free Radius Say i create a user and when they say hit 2GB or xGB they are disconnected irrespective of the Qos i have provisioned them Rgds EM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql_log and Accounting On/Off
Hi,
Anyway, adding an example would still be nice :-)
Submit a patch, or edit the wiki? :D
Here goes a unified diff - took the statement from sql/mysql/dialup.conf.
Greetings,
Stefan Winter
--- sql_log.orig2012-08-10 11:05:49.690247808 +0200
+++ sql_log 2012-08-10 11:08:51.280864849 +0200
@@ -36,18 +36,42 @@
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '%S', '0', '0', '');
+
Stop = INSERT INTO ${acct_table} (AcctSessionId, UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \
'%{Acct-Terminate-Cause}');
+
Alive = INSERT INTO ${acct_table} (AcctSessionId, UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');
+ Accounting-On = UPDATE ${acct_table} \
+ SET \
+ acctstoptime = '%S', \
+ acctsessiontime= unix_timestamp('%S') - \
+ unix_timestamp(acctstarttime), \
+ acctterminatecause = '%{Acct-Terminate-Cause}', \
+ acctstopdelay = %{%{Acct-Delay-Time}:-0} \
+ WHERE acctstoptime IS NULL \
+ AND nasipaddress = '%{NAS-IP-Address}' \
+ AND acctstarttime = '%S'
+
+ Accounting-Off = UPDATE ${acct_table} \
+ SET \
+ acctstoptime = '%S', \
+ acctsessiontime= unix_timestamp('%S') - \
+ unix_timestamp(acctstarttime), \
+ acctterminatecause = '%{Acct-Terminate-Cause}', \
+ acctstopdelay = %{%{Acct-Delay-Time}:-0} \
+ WHERE acctstoptime IS NULL \
+ AND nasipaddress = '%{NAS-IP-Address}' \
+ AND acctstarttime = '%S'
+
Post-Auth = INSERT INTO ${postauth_table} \
(username, pass, reply, authdate) VALUES\
('%{User-Name}', '%{User-Password:-Chap-Password}', \
--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et
de la Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
Tel: +352 424409 1
Fax: +352 422473
signature.asc
Description: OpenPGP digital signature
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
support...@support.gandi.net
Whoever this person is, you need to unsubscribe NOW. If we find out who you are, you will be banned forever. The list admins have recently started getting spammed from that account. After some investigation, it turns out that some idiot subscribed to the list using an email account associated with Request Tracker. Every post to the list results in a new ticket being opened. The new ticket notification is getting sent to the list admins. For every single message to the list. However, the support...@support.gandi.net account is NOT subscribed. There seems to be an additional layer of email forwarding. That makes it difficult to track down the offending party. Whoever did this needs to fix it NOW. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sql_log and Accounting On/Off
Stefan Winter wrote: Hi, Anyway, adding an example would still be nice :-) Submit a patch, or edit the wiki? :D Here goes a unified diff - took the statement from sql/mysql/dialup.conf. Looks good to me, thanks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
