Hallo all,
First of all thanks Kalik for your responses. I checked the link you you
sent but I couldn't get the info I am looking for. Let me expand further on
the problem:-
I have MySQL 5.0.67 and PostgreSQL 8.3.6 and freeRADIUS 2.17 installed on
GNU/Linux Fedora 10 distribution. I have
Hello!
Please help!
I’ve got the following situation:
In radcheck I’ve got:
___
|Username|ATTRIBUTE |OP|VALUE|
|test|Cleartext-Password |:=|test |
---
in radreply:
__
Ilya wrote:
I’ve got the following situation:
..
__
|Username|ATTRIBUTE|OP|VALUE |
|test|Framed-IP-Address|:=|081.018.118.238|
---
That isn't a good IP address.
But if I, just for
Ivan,
Hello
Thanks for your reply. I have got some questions to ask. We have different
types of clients (Or, connections) in our system; Dial-Up, ADSL, VoIP, CHAP,
MS-CHAP, MS-CHAPv2 and ... . Each of these clients need different
authorization method. Now, where should our authorization code
HI again Ivan
Do you know how can I modify the source code, in order to print in the error
message the exact time when the child was created/forked? If I want to find
errors in my sql backend server, I need to know the exact time when the
requests are lost.. checking the code, It looks
First, optimize your database, add indexes and use storage engines which
will give you the best performance... Increase interim-update interval
After that, try to add more handlers and see what will happen.
If you're using mysql, check tuning-primer.sh and mysqltuner.pl scripts.
On Thu, Feb 26,
tnt-4 wrote:
3) Currently I receive something like Reply-Message = Your maximum
never usage time has been reached when the counter reaches its limit -
even when what was counted as not time but data volume. Can Reply-Message
for sqlcounter be configured as in the expiration module?
magicboiz wrote:
Do you know how can I modify the source code, in order to print in the error
message the exact time when the child was created/forked? If I want to find
errors in my sql backend server, I need to know the exact time when the
requests are lost.. checking the code, It
alt_ wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if noresetBytecounter return reject freeradius immediatly return reject
to
On Thu, 26 Feb 2009 12:03:22 +0200, Alan DeKok al...@deployingradius.com
wrote:
alt_ wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if
Great! It works perfectly.
Other than enabling ldap in authorize and authenticate in
inner-tunnel, I also had to change eap.conf's gtc section to auth_type
= LDAP.
This works, but it brings up another problem. Setting auth_type to
PAP, Local, or commented out on gtc section does not work for
I have MySQL 5.0.67 and PostgreSQL 8.3.6 and freeRADIUS 2.17 installed on
GNU/Linux Fedora 10 distribution. I have identical radius databases on both
MySQL and PostgreSQL. When I use the PostgreSQL, the groupname field in the
radacct table gets filled in but when I change the database to MySQL,
Alexander Solodukhin wrote:
/etc/freeradius/sites-enabled/default[412]: SQL Counter modules aren't
allowed in 'post-auth' sections -- they have no such method.
The REJECT handler needs to be put into the post-auth section. Not
the sqlcounter module.
Please READ the default configuration
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if noresetBytecounter return reject freeradius immediatly return
reject
to user and do not
Thanks for your reply. I have got some questions to ask. We have different
types of clients (Or, connections) in our system; Dial-Up, ADSL, VoIP, CHAP,
MS-CHAP, MS-CHAPv2 and ... . Each of these clients need different
authorization method. Now, where should our authorization code reside? Shall
we
Ivan,
Hello
Thanks for your reply. Sorry if my question is elementary, but this is the
last one. What is the difference between creating a customized module to do
Authorization/Post-Authentication and using external programs as instances
of rlm_exec module to the so-called functionalities?
Kind
Thanks for your reply. Sorry if my question is elementary, but this is the
last one. What is the difference between creating a customized module to do
Authorization/Post-Authentication and using external programs as instances
of rlm_exec module to the so-called functionalities?
Module is much
Ivan,
Thanks for your reply. I think I should start writing my own module, because
the AAA system itself is in C. In other words, all of our external programs
are C programs. Thanks again for your patience and guidance.
Kind Regards
Ali Majdzadeh Kohbanani
-
List info/subscribe/unsubscribe? See
On Thu, 26 Feb 2009 13:19:06 +0200, t...@kalik.net wrote:
Can you show some examples please? I try to do like this:
noresetBytecounter
if (reject) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if noresetBytecounter return reject
Sorry, i read mans and comments in config and try to do like you say but
it's not work as i need. I have sqlcounter:
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst =
Alan,
I encountered the following problem (see below) when attempting to compile the
latest version
of 2.1.3 (stable code) from the git tree. Your help in fixing this problem
would be appreciated.
Thanks,
Chris
Environment: SunOS XX 5.10 Generic_120012-14 i86pc i386 i86p
gcc
On Thu, 26 Feb 2009 16:55:00 +0200, t...@kalik.net wrote:
Sorry, i read mans and comments in config and try to do like you say but
it's not work as i need. I have sqlcounter:
sqlcounter noresetBytecounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
Looking for lt__PROGRAM__LTX_preloaded_symbols in my email archive,
this was already reported on 2009-02-02 for Linux ( thread
Installation Problem), but as far as I know no definite answer was
given.
Have a nice day!
Am 26.02.2009 um 16:16 schrieb Chris Howley:
Alan,
I encountered the
Hello,
is it possible to call only a simple Stored Procedure (SP) on the
MySQL-Server to
do the Accounting Job, like the sql-log module (rlm_sql_log(5)), but
do not log in file,
instead of this, call the SP:
I can't find more Information for such configuration.
Thanx for help,
Tim
-
List
is it possible to call only a simple Stored Procedure (SP) on the
MySQL-Server to
do the Accounting Job, like the sql-log module (rlm_sql_log(5)), but
do not log in file,
instead of this, call the SP:
I can't find more Information for such configuration.
unlang supports only SELECT statements.
I can do like this:
if (!reply:ChilliSpot-Max-Total-Octets) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if user enter wrong password Traffic limit exceeded. error message
will be displayed.
I had a look at the
On Thu, 26 Feb 2009 20:56:03 +0200, t...@kalik.net wrote:
I can do like this:
if (!reply:ChilliSpot-Max-Total-Octets) {
update reply {
Reply-Message := Traffic limit exceeded.
}
}
but if user enter wrong password Traffic limit exceeded.
Thank you. I see this solution in the internet, but i need configurable
Reply-Message, becouse i want to limit not only traffic, but session time
too.
Actually, I can recall that sqlcounter had configurable Reply-Message in
early days (I had 1.0.5 where it was configurable). Download 1.0.5 and
unlang supports only SELECT statements. Call your procedure from a perl
script.
1) can I access to all accounting releated information from the perl
module like in the sql-module?
Are any examples out there?
# Start = INSERT INTO ${acct_table} (AcctSessionId, UserName, \
#
1) can I access to all accounting releated information from the perl
module like in the sql-module?
You said that you want to call a stored procedure. Yes, your database
does have access to all the information stored in it.
Are any examples out there?
$query = CALL your_procedure;
If you need
Hi Ivan,
t...@kalik.net wrote:
Yes. There is no problem in composing Cleartext-Password on the fly
from users password and the token.It shouldn't be too difficult to
create a perl script that does that.
Excellent! So the username and tokencode/password is passed from the
NAS (ASA5500) to the
On Oct 6, 2008, at 02:22, Alan DeKok wrote:
Doug Hardie wrote:
Thats not that big a deal as for the basic stuff, the code is quite
straight forward. However, the bigger issue is for modules. The
wiki
page is still completely oriented towards version 1 as I have never
tried version 2.
Doug Hardie wrote:
Is there still a way to compile the module away from the freeradius
source structure like there was for version 1?
That was difficult to do in version 1. It should be a lot easier now,
as all of the include files have been cleaned up and regularized.
Alan DeKok.
-
List
On Feb 26, 2009, at 21:52, Alan DeKok wrote:
Doug Hardie wrote:
Is there still a way to compile the module away from the freeradius
source structure like there was for version 1?
That was difficult to do in version 1. It should be a lot easier
now,
as all of the include files have been
Doug Hardie wrote:
Are there any worked examples. I have not figured out how to get it
done yet.
There are no worked examples.
However, you should just have to set CFLAGS=-I/path/to/include, where
that directory contains /freeradius/libradius.h, etc.
Alan DeKok.
-
List
On Thu, Feb 26, 2009 at 5:14 PM, t...@kalik.net wrote:
Is there a way I can authenticate with BOTH system user and LDAP using
PEAP-GTC?
the main radiusd.conf can have multiple authorize methods available,
right? Why does gct have to explicitly set auth_type?
Leave gtc as pap. Change
2009/2/27 t...@kalik.net:
1) can I access to all accounting releated information from the perl
module like in the sql-module?
You said that you want to call a stored procedure. Yes, your database
does have access to all the information stored in it.
Are any examples out there?
$query = CALL
Thanks for help !!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
38 matches
Mail list logo