Hi guys, I am emplementing eaptls configuration using cisco aironet 350. Certificates came from my linux server. Just want to ask if do we have to put the username of our client from the /raddb/users file? Because I tried generating a certificate and installed root.der and cert-clt.p12 to the client it still went through even the username is not in the /raddb/user file..
Thanks for some advise.. arniel ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, August 14, 2003 6:15 PM Subject: Freeradius-Users digest, Vol 1 #2201 - 12 msgs > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cistron.nl/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. Personal certificate usage problem (Antti Mattila) > 2. REPOST: rlm_sqlcounter not working... (Christos Kalantzis) > 3. EAP-TTLS and EAP-PEAP support (Janko Kersnik) > 4. Re: Personal certificate usage problem (Artur Hecker) > 5. EAP-TTLS and EAP-PEAP support (Janko Kersnik) > 6. Howto FreeRadius --Cisco350 --client win98/2k/xp (Kent Hansen) > 7. Users without a password (Brian Johnson) > 8. Memory leak... (Degrande_Samuel) > 9. RE: Users without a password (Alan Litster) > 10. RE: Users without a password (Brian Johnson) > 11. RE: Users without a password (Brian Johnson) > 12. dialup_admin - user_finger.php3 (Truong Manh Cuong) > > --__--__-- > > Message: 1 > Date: Thu, 14 Aug 2003 11:08:31 +0300 > From: "Antti Mattila" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Personal certificate usage problem > Reply-To: [EMAIL PROTECTED] > > Unfortunately you didn't get rid of me yet. > > The problem doesn't relate anymore to Freeradius that much but to = > Certificate installation. > > When I open the Personal certificate and select Details tab->Edit = > properties I have to select Enable only the following purposes and = > deselect all but Client Authentication. Doing this Windows 2000 finds the = > certificate and EAP/TLS authentication goes OK. But if I don't do this it = > says unable to find certificate. > > I can't use the EKU described in Ken Roser's document because if I use it = > Windows 2000 says that the certificate has a non-valid digital signature. = > Does the EKU work only in XP? The detail tab shows only Client authenticati= > on as authentication method on the Personal certificate as I need though. > > I tried editing the openssl.cnf file and setting nsCertType =3D client, = > server (because it give this type to client and server certificate using = > the script). Then I removed the extensions bits from CA.all and made the = > certificate.=20 > > The Personal certificate still shows all the possible usages for the = > certificate and I have to pick the Client authentication to make it work. > > The problem here is that we currently don't have a Certificate server = > installed to distribute the certificates so I would like to make the = > distribution as easy as possible.=20 > > Installing the two certificates is relatively easy. But if you have to = > start MMC-->Add Snap-in-->Go to Personal certificate and enable only the = > client authentication purpose it gets a lot more complicated. > > Any idea how to edit CA.all, OpenSSL.cnf, CA.pl or any other place to give = > the client certificate purpose to only function as client certificate so = > Windows 2000 would find it? > > Best regards and thank you for any help in advance: > > Antti Mattila > -- > [EMAIL PROTECTED] > > > > --__--__-- > > Message: 2 > Date: Thu, 14 Aug 2003 11:03:14 +0300 > From: Christos Kalantzis <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: REPOST: rlm_sqlcounter not working... > Reply-To: [EMAIL PROTECTED] > > Hello, > > I have the same problem, > > have you find any solution to this ? > > Thank you in advance, > Christos Kalantzis > > > I am trying to get the rlm_sqlcounter module working in freeradius-0.8.1 > > and am have a bit of trouble. It appears that the module is not > querying the sql database... > > When running radius -X, I get the following: > > rlm_sqlcounter: Entering module authorize code > rlm_sqlcounter: Could not find Check item value pair > modcall[authorize]: module "allcounter" returns noop > rlm_sqlcounter: Entering module authorize code > rlm_sqlcounter: Could not find Check item value pair > modcall[authorize]: module "dailycounter" returns noop > rlm_sqlcounter: Entering module authorize code > rlm_sqlcounter: Could not find Check item value pair > modcall[authorize]: module "monthlycounter" returns noop > > The configuration directive for the modules are as follows: > > sqlcounter allcounter { > counter-name = Max-All-Session-Time > check-name = Max-All-Session > sqlmod-inst = sql > key = User-Name > reset = never > query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE > UserName='%{%k}'" > } > > sqlcounter dailycounter { > counter-name = Daily-Session-Time > check-name = Max-Daily-Session > sqlmod-inst = sql > key = User-Name > reset = daily > query = "SELECT SUM(AcctSessionTime - GREATEST((%b - > UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' > AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" > } > > sqlcounter monthlycounter { > counter-name = Monthly-Session-Time > check-name = Max-Monthly-Session > sqlmod-inst = sql > key = User-Name > reset = monthly > query = "SELECT SUM(AcctSessionTime - GREATEST((%b - > UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' > AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" > } > > > --Robert R. George > > > > > > --__--__-- > > Message: 3 > To: [EMAIL PROTECTED] > Subject: EAP-TTLS and EAP-PEAP support > Date: Thu, 14 Aug 2003 11:06:48 +0200 > From: Janko Kersnik <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > Hello, > > do you have any information, when will you support > EAP-TTLS and EAP-PEAP. As it can be seen from > developers mailing list you are doing something on it. > > Best regards, > > Janko Kersnik > ARNES > > > > > --__--__-- > > Message: 4 > Date: Thu, 14 Aug 2003 11:22:21 +0200 > From: Artur Hecker <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Personal certificate usage problem > Reply-To: [EMAIL PROTECTED] > > hi > > > When I open the Personal certificate and select Details tab->Edit properties I have to select Enable only the following purposes and deselect all but Client Authentication. Doing this Windows 2000 finds the certificate and EAP/TLS authentication goes OK. But if I don't do this it says unable to find certificate. > > interesting, so windows 2000 wants the certificate to be a pure Client > Auth certificate? why not, it would still work for you, right? > > > > I can't use the EKU described in Ken Roser's document because if I use it Windows 2000 says that the certificate has a non-valid digital signature. Does the EKU work only in XP? The detail tab shows only Client authentication as authentication method on the Personal certificate as I need though. > > oups? perhaps i don't understand something, but in my case the Client > Authentication IS mentioned under the Extended Key usage uncritical > extension with the value of 1.3.6.1.5.5.7.3.2. > > i don't get about which client authentication you are talking otherwise. > the only one i have is in the EKU. and: windows 2000 can't say it's not > valid because of EKU, this extension is not critical, so it does not > need to be there from the certification point of view. it's my > understanding... > > > > I tried editing the openssl.cnf file and setting nsCertType = client, server (because it give this type to client and server certificate using the script). Then I removed the extensions bits from CA.all and made the certificate. > > sorry, i don't know what nsCertType is, looks like netscape to me. and i > don't use CA.all, i use the openssl commands, one after another. > > > > The Personal certificate still shows all the possible usages for the certificate and I have to pick the Client authentication to make it work. > > yes, the only usage i have is checked and this is client authentication. > unfortunately it's part of the EKU. > > > > Installing the two certificates is relatively easy. But if you have to start MMC-->Add Snap-in-->Go to Personal certificate and enable only the client authentication purpose it gets a lot more complicated. > > i think you can achieve the same result by just clicking on > certificates. you chose the destination repository only for the root > certificate. > > otherwise supply a .reg file, perhaps it will work in this way. > > > > Any idea how to edit CA.all, OpenSSL.cnf, CA.pl or any other place to give the client certificate purpose to only function as client certificate so Windows 2000 would find it? > > hmm, i don't think you need any of those. i never edited openssl.cnf and > i didn't use ca.all nor ca.pl. i didn't use windows 2000 neither :-) but > it can't be that different. > > if you want i'll produce you two bogus certificates and you can test > those on your 2000. > > > ciao > artur > > -- > Artur Hecker > artur[at]hecker.info > > > --__--__-- > > Message: 5 > To: [EMAIL PROTECTED] > Subject: EAP-TTLS and EAP-PEAP support > Date: Thu, 14 Aug 2003 11:34:40 +0200 > From: Janko Kersnik <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > Hello, > > do you have any information, when will you support > EAP-TTLS and EAP-PEAP. As it can be seen from > developers mailing list you are doing something on it. > > Best regards, > > Janko Kersnik > ARNES > > > > --__--__-- > > Message: 6 > Date: Thu, 14 Aug 2003 11:36:40 +0200 > From: Kent Hansen <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Howto FreeRadius --Cisco350 --client win98/2k/xp > Reply-To: [EMAIL PROTECTED] > > Oki. > Now i have setup the radius with EAP-MD5. And the wireless clients has to type > in username and password to join the net now. > > But 1 question: > How do i setup the xp klient, or win98 to automatic remember the username and > password? When he reboot the machine, and want to join the net. As now he have > to retype the username and password, to join the net. > > Kent > > > > > > > > --__--__-- > > Message: 7 > From: "Brian Johnson" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Users without a password > Date: Thu, 14 Aug 2003 04:44:49 -0500 > Reply-To: [EMAIL PROTECTED] > > I am in the process of helping a customer of ours figure this out. > > He purchased a bunch of users from a competitor, but they can not provide > him with the passwords (only usernames). What I want to do is allow for the > user to pass any password, but then log what they passed. > > I have set the following in radiusd.conf: > > log_auth = yes > log_auth_badpass = yes > log_auth_goodpass = yes > > And have created a users file as such: > > testuser Auth-Type := Local, User-Password =* "test" > Fall-Through = Yes > > DEFAULT Auth-Type := Local > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-MTU = 1500, > Framed-Compression = Van-Jacobsen-TCP-IP > > This isn't working. I am using radtest and getting the following results: > > [EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0 testing123 > Sending Access-Request of id 107 to 127.0.0.1:1812 > User-Name = "testuser" > User-Password = "test" > NAS-IP-Address = wraith.nvc.net > NAS-Port = 0 > Re-sending Access-Request of id 107 to 127.0.0.1:1812 > User-Name = "testuser" > User-Password = "H%\201\271\r\361X\315\270zr\262P\367\265\374" > NAS-IP-Address = wraith.nvc.net > NAS-Port = 0 > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=107, length=20 > > > The radius.log entries are as such: > > Thu Aug 14 15:36:54 2003 : Auth: Login incorrect: [testuser/test] (from > client localhost port 0) > > > > I think the problem is the operator I am using on the User-Password check > item, but have tried almost every other "reasonable" operator. > > Any other ideas? > > - Brian J. > > > > --__--__-- > > Message: 8 > Date: Thu, 14 Aug 2003 11:57:48 +0200 > From: Degrande_Samuel <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Memory leak... > Reply-To: [EMAIL PROTECTED] > > Hello... > > I always have a memory leak problem (I use one of the last snapshot, > on Sparc Solaris 9). > > I tried to track it and found the memory leak to be IN the solaris > pam modules. After some talks with other people, it seems that > every pam implementation (Solaris, Linux...) suffers from memory leak, > and everybody tell to use a forked process to proceed the pam > authentication. What do you think of that ? I could propose you > a rlm_pam module which fork a new child every <given_number> > authentication request. > > By the way, I think that there is an 'array index out of bound' bug > in src/modules.c : > /* > * Allow old names, too. > */ > if (!next) { > next = cf_subsection_find_next(cs, sub, > old_section_type_value[comp].typename); > } > > This supposes that old_section_type_value has the same length than > section_type_value (well, beeing at least as long). But > old_section_type_value is shorter, so 'comp' goes out of bound, right ? > > > Regards. > > -- > Samuel Degrande LIFL - UMR 8022 CNRS - Bat M3 > Phone: (33)3.20.43.47.38 USTL - Universite de Lille 1 > Fax: (33)3.20.43.65.66 59655 VILLENEUVE D'ASCQ CEDEX - FRANCE > > > --__--__-- > > Message: 9 > From: "Alan Litster" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: RE: Users without a password > Date: Thu, 14 Aug 2003 11:01:21 +0100 > Reply-To: [EMAIL PROTECTED] > > > Have a look at section 5.5 of the FreeRADIUS FAQ, this should answer your > question - http://www.freeradius.org/faq/#5.5 > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of Brian > > Johnson > > Sent: 14 August 2003 10:45 > > To: [EMAIL PROTECTED] > > Subject: Users without a password > > > > > > I am in the process of helping a customer of ours figure this out. > > > > He purchased a bunch of users from a competitor, but they can not provide > > him with the passwords (only usernames). What I want to do is > > allow for the > > user to pass any password, but then log what they passed. > > > > I have set the following in radiusd.conf: > > > > log_auth = yes > > log_auth_badpass = yes > > log_auth_goodpass = yes > > > > And have created a users file as such: > > > > testuser Auth-Type := Local, User-Password =* "test" > > Fall-Through = Yes > > > > DEFAULT Auth-Type := Local > > Service-Type = Framed-User, > > Framed-Protocol = PPP, > > Framed-MTU = 1500, > > Framed-Compression = Van-Jacobsen-TCP-IP > > > > This isn't working. I am using radtest and getting the following results: > > > > [EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0 testing123 > > Sending Access-Request of id 107 to 127.0.0.1:1812 > > User-Name = "testuser" > > User-Password = "test" > > NAS-IP-Address = wraith.nvc.net > > NAS-Port = 0 > > Re-sending Access-Request of id 107 to 127.0.0.1:1812 > > User-Name = "testuser" > > User-Password = "H%\201\271\r\361X\315\270zr\262P\367\265\374" > > NAS-IP-Address = wraith.nvc.net > > NAS-Port = 0 > > rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=107, length=20 > > > > > > The radius.log entries are as such: > > > > Thu Aug 14 15:36:54 2003 : Auth: Login incorrect: [testuser/test] (from > > client localhost port 0) > > > > > > > > I think the problem is the operator I am using on the User-Password check > > item, but have tried almost every other "reasonable" operator. > > > > Any other ideas? > > > > - Brian J. > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > -------------------------------------------------------------------------- ----------------------------- > This email, and any files transmitted with it, is copyright and may contain confidential information. > The contents are intended for the use of the addressee(s) only. > Unauthorized use may be unlawful. > If you receive this email by mistake, please advise sender immediately. > The views of the author may not necessarily constitute the views of Telco Electronics Limited. > Nothing in this mail shall bind Telco Electronics Limited in any contract or obligation. > > Telco Electronics Limited > 6-8 Oxford Court > Brackley > Northants > NN13 7XY > > Tel 07000 701999 > Fax 07000 701777 > > > --__--__-- > > Message: 10 > From: "Brian Johnson" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: RE: Users without a password > Date: Thu, 14 Aug 2003 05:08:57 -0500 > Reply-To: [EMAIL PROTECTED] > > Please excuse this post as I found my own answer: > > testuser Auth-Type = Accept > Fall-Through = Yes > > Please do not flame me. I've been working on this for 9 hours straight and > look at the time. :) > > Thanks for understanding. > > - Brian J. > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Brian Johnson > > Sent: Thursday, August 14, 2003 4:45 AM > > To: [EMAIL PROTECTED] > > Subject: Users without a password > > > > I am in the process of helping a customer of ours figure this out. > > > > He purchased a bunch of users from a competitor, but they can > > not provide > > him with the passwords (only usernames). What I want to do is > > allow for the > > user to pass any password, but then log what they passed. > > > > I have set the following in radiusd.conf: > > > > log_auth = yes > > log_auth_badpass = yes > > log_auth_goodpass = yes > > > > And have created a users file as such: > > > > testuser Auth-Type := Local, User-Password =* "test" > > Fall-Through = Yes > > > > DEFAULT Auth-Type := Local > > Service-Type = Framed-User, > > Framed-Protocol = PPP, > > Framed-MTU = 1500, > > Framed-Compression = Van-Jacobsen-TCP-IP > > > > This isn't working. I am using radtest and getting the > > following results: > > > > [EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0 testing123 > > Sending Access-Request of id 107 to 127.0.0.1:1812 > > User-Name = "testuser" > > User-Password = "test" > > NAS-IP-Address = wraith.nvc.net > > NAS-Port = 0 > > Re-sending Access-Request of id 107 to 127.0.0.1:1812 > > User-Name = "testuser" > > User-Password = "H%\201\271\r\361X\315\270zr\262P\367\265\374" > > NAS-IP-Address = wraith.nvc.net > > NAS-Port = 0 > > rad_recv: Access-Reject packet from host 127.0.0.1:1812, > > id=107, length=20 > > > > > > The radius.log entries are as such: > > > > Thu Aug 14 15:36:54 2003 : Auth: Login incorrect: > > [testuser/test] (from > > client localhost port 0) > > > > > > > > I think the problem is the operator I am using on the > > User-Password check > > item, but have tried almost every other "reasonable" operator. > > > > Any other ideas? > > > > - Brian J. > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > --__--__-- > > Message: 11 > From: "Brian Johnson" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: RE: Users without a password > Date: Thu, 14 Aug 2003 05:09:36 -0500 > Reply-To: [EMAIL PROTECTED] > > Thanks Alan. :) > > - Brian J. > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Alan Litster > > Sent: Thursday, August 14, 2003 5:01 AM > > To: [EMAIL PROTECTED] > > Subject: RE: Users without a password > > > > > > Have a look at section 5.5 of the FreeRADIUS FAQ, this should > > answer your > > question - http://www.freeradius.org/faq/#5.5 > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of Brian > > > Johnson > > > Sent: 14 August 2003 10:45 > > > To: [EMAIL PROTECTED] > > > Subject: Users without a password > > > > > > > > > I am in the process of helping a customer of ours figure this out. > > > > > > He purchased a bunch of users from a competitor, but they > > can not provide > > > him with the passwords (only usernames). What I want to do is > > > allow for the > > > user to pass any password, but then log what they passed. > > > > > > I have set the following in radiusd.conf: > > > > > > log_auth = yes > > > log_auth_badpass = yes > > > log_auth_goodpass = yes > > > > > > And have created a users file as such: > > > > > > testuser Auth-Type := Local, User-Password =* "test" > > > Fall-Through = Yes > > > > > > DEFAULT Auth-Type := Local > > > Service-Type = Framed-User, > > > Framed-Protocol = PPP, > > > Framed-MTU = 1500, > > > Framed-Compression = Van-Jacobsen-TCP-IP > > > > > > This isn't working. I am using radtest and getting the > > following results: > > > > > > [EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0 > > testing123 > > > Sending Access-Request of id 107 to 127.0.0.1:1812 > > > User-Name = "testuser" > > > User-Password = "test" > > > NAS-IP-Address = wraith.nvc.net > > > NAS-Port = 0 > > > Re-sending Access-Request of id 107 to 127.0.0.1:1812 > > > User-Name = "testuser" > > > User-Password = > > "H%\201\271\r\361X\315\270zr\262P\367\265\374" > > > NAS-IP-Address = wraith.nvc.net > > > NAS-Port = 0 > > > rad_recv: Access-Reject packet from host 127.0.0.1:1812, > > id=107, length=20 > > > > > > > > > The radius.log entries are as such: > > > > > > Thu Aug 14 15:36:54 2003 : Auth: Login incorrect: > > [testuser/test] (from > > > client localhost port 0) > > > > > > > > > > > > I think the problem is the operator I am using on the > > User-Password check > > > item, but have tried almost every other "reasonable" operator. > > > > > > Any other ideas? > > > > > > - Brian J. > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > -------------------------------------------------------------- > > ----------------------------------------- > > This email, and any files transmitted with it, is copyright > > and may contain confidential information. > > The contents are intended for the use of the addressee(s) only. > > Unauthorized use may be unlawful. > > If you receive this email by mistake, please advise sender > > immediately. > > The views of the author may not necessarily constitute the > > views of Telco Electronics Limited. > > Nothing in this mail shall bind Telco Electronics Limited in > > any contract or obligation. > > > > Telco Electronics Limited > > 6-8 Oxford Court > > Brackley > > Northants > > NN13 7XY > > > > Tel 07000 701999 > > Fax 07000 701777 > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > --__--__-- > > Message: 12 > From: "Truong Manh Cuong" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: dialup_admin - user_finger.php3 > Date: Thu, 14 Aug 2003 16:39:22 +0700 > Reply-To: [EMAIL PROTECTED] > > This is a multi-part message in MIME format. > > ------=_NextPart_000_004A_01C36282.9D4C7510 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > This is an error when I use user_finger.php3: > > $search =3D @da_sql_query($link,$config, > > "SELECT UserName,AcctStartTime,FramedIPAddress,CallingStationId > > FROM radacct=20 > > WHERE AcctStopTime IS NOT NULL AND NASIPAddress =3D '$name_data' $extra > > GROUP BY username > > ORDER BY AcctStartTime;") or die(da_sql_error($link,$config)); > > Error: > > ERROR: Attribute radacct.acctstarttime must be GROUPed or used in an = > aggregate function=20 > Could someone help me? > > Thanks=20 > > ******************************************************* > Truong M?nh Cu?ng > Engineer of R&D - ERD > Research & Development Division - RDD > Mobile: 84-90-8392986 > Work Phone: 84-08-9321001 - 664=20 > Email [EMAIL PROTECTED] > > EIS Service, Inc. > http://www.globaleis.com=20 > Saigon Software Park, 2nd Floor. > 123 Truong Dinh St., Dist. 3, HCM City, Vietnam. > Tel 84-8-932 1001 Fax 84-8-932 1002 > *******************************************************=20 > > > ------=_NextPart_000_004A_01C36282.9D4C7510 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; = > charset=3Diso-8859-1"> > <META content=3D"MSHTML 6.00.2726.2500" name=3DGENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV><FONT face=3DArial size=3D2>This is an error when I use=20 > user_finger.php3:</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT size=3D2> > <P></FONT><FONT color=3D#800000 size=3D2>$search</FONT><FONT size=3D2> = > =3D=20 > @da_sql_query(</FONT><FONT color=3D#800000 size=3D2>$link</FONT><FONT=20 > size=3D2>,</FONT><FONT color=3D#800000 size=3D2>$config</FONT><FONT = > size=3D2>,</P> > <P></FONT><FONT color=3D#0000f0 size=3D2>"SELECT=20 > UserName,AcctStartTime,FramedIPAddress,CallingStationId</P> > <P>FROM radacct </P> > <P>WHERE AcctStopTime IS NOT NULL AND NASIPAddress =3D '</FONT><B><FONT=20 > size=3D2>$name_data</B></FONT><FONT color=3D#0000f0 size=3D2>' = > </FONT><B><FONT=20 > size=3D2>$extra</P></B></FONT><FONT color=3D#0000f0 size=3D2> > <P>GROUP BY username</P> > <P>ORDER BY AcctStartTime;"</FONT><FONT size=3D2>) <B>or</B> = > die(</FONT><FONT=20 > size=3D2>da_sql_error(</FONT><FONT color=3D#800000 = > size=3D2>$link</FONT><FONT=20 > size=3D2>,</FONT><FONT color=3D#800000 size=3D2>$config</FONT><FONT = > size=3D2>));</P> > <P><FONT face=3DArial>Error:</FONT></P></FONT></DIV> > <DIV>ERROR: Attribute radacct.acctstarttime must be GROUPed or used in = > an=20 > aggregate function </DIV> > <DIV><SPAN=20 > style=3D"FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Verdana, Arial, = > Helvetica, sans-serif"> > <P><FONT face=3DArial color=3D#000000>Could someone help me?</FONT></P> > <P><FONT face=3DArial color=3D#000000>Thanks </FONT></P> > <P>*******************************************************<BR><STRONG>Tr&= > #432;ơng=20 > Mạnh Cường</STRONG><BR>Engineer of R&D - = > ERD<?xml:namespace prefix =3D o=20 > /><o:p></o:p><BR>Research & Development Division - RDD<BR><FONT=20 > color=3D#990000>Mobile:=20 > </FONT> 84-90-8392986<BR><= > FONT=20 > color=3D#990000>Work Phone:</FONT> 84-08-9321001 - 664 <BR><FONT=20 > color=3D#990000>Email</FONT> <A=20 > href=3D"mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A> </P> > <P><STRONG>EIS Service, Inc.</STRONG><BR><A = > href=3D"http://www.globaleis.com"=20 > target=3D_blank>http://www.globaleis.com</A> <BR>Saigon Software Park, = > 2nd=20 > Floor.<BR>123 Truong Dinh St., Dist. 3, HCM City, Vietnam.<BR><FONT=20 > color=3D#990000>Tel</FONT> 84-8-932 1001 <FONT = > color=3D#990000>Fax</FONT> 84-8-932=20 > 1002<BR>*******************************************************=20 > </P></SPAN></DIV></BODY></HTML> > > ------=_NextPart_000_004A_01C36282.9D4C7510-- > > > > > --__--__-- > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
