Re: Freeradius-Users digest, Vol 1 #2201 - 12 msgs

Mon, 18 Aug 2003 03:47:26 -0700


that's right, you don't. eap module will authentify independently. it can be seen as a bug, since the authentication is not very consistent. everything else in the server - e.g. the accounting - is based on the user-name...


ciao
artur



arniel wrote:

Hi guys,

I am emplementing eaptls configuration using cisco aironet 350. Certificates
came from my linux server. Just want to ask if do we have to put the
username of our client from the /raddb/users file? Because I tried
generating a certificate and installed root.der and cert-clt.p12 to the
client it still went through even the username is not in the /raddb/user
file..


Thanks for some advise..

arniel

----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 14, 2003 6:15 PM
Subject: Freeradius-Users digest, Vol 1 #2201 - 12 msgs



Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]

You can reach the person managing the list at
[EMAIL PROTECTED]

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."


Today's Topics:

  1. Personal certificate usage problem (Antti Mattila)
  2. REPOST: rlm_sqlcounter not working... (Christos Kalantzis)
  3. EAP-TTLS and EAP-PEAP support (Janko Kersnik)
  4. Re: Personal certificate usage problem (Artur Hecker)
  5. EAP-TTLS and EAP-PEAP support (Janko Kersnik)
  6. Howto FreeRadius --Cisco350 --client win98/2k/xp (Kent Hansen)
  7. Users without a password (Brian Johnson)
  8. Memory leak... (Degrande_Samuel)
  9. RE: Users without a password (Alan Litster)
 10. RE: Users without a password (Brian Johnson)
 11. RE: Users without a password (Brian Johnson)
 12. dialup_admin - user_finger.php3 (Truong Manh Cuong)

--__--__--

Message: 1
Date: Thu, 14 Aug 2003 11:08:31 +0300
From: "Antti Mattila" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Personal certificate usage problem
Reply-To: [EMAIL PROTECTED]

Unfortunately you didn't get rid of me yet.

The problem doesn't relate anymore to Freeradius that much but to =
Certificate installation.

When I open the Personal certificate and select Details tab->Edit =
properties I have to select Enable only the following purposes and =
deselect all but Client Authentication. Doing this Windows 2000 finds the

=

certificate and EAP/TLS authentication goes OK. But if I don't do this it

=

says unable to find certificate.

I can't use the EKU described in Ken Roser's document because if I use it

=

Windows 2000 says that the certificate has a non-valid digital signature.

=

Does the EKU work only in XP? The detail tab shows only Client

authenticati=

on as authentication method on the Personal certificate as I need though.

I tried editing the openssl.cnf file and setting nsCertType =3D client, =
server (because it give this type to client and server certificate using =
the script). Then I removed the extensions bits from CA.all and made the =
certificate.=20

The Personal certificate still shows all the possible usages for the =
certificate and I have to pick the Client authentication to make it work.

The problem here is that we currently don't have a Certificate server =
installed to distribute the certificates so I would like to make the =
distribution as easy as possible.=20

Installing the two certificates is relatively easy. But if you have to =
start MMC-->Add Snap-in-->Go to Personal certificate and enable only the =
client authentication purpose it gets a lot more complicated.

Any idea how to edit CA.all, OpenSSL.cnf, CA.pl or any other place to give

=

the client certificate purpose to only function as client certificate so =
Windows 2000 would find it?

Best regards and thank you for any help in advance:

Antti Mattila
--
[EMAIL PROTECTED]



--__--__--

Message: 2
Date: Thu, 14 Aug 2003 11:03:14 +0300
From: Christos Kalantzis <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: REPOST: rlm_sqlcounter not working...
Reply-To: [EMAIL PROTECTED]

Hello,

I have the same problem,

have you find any solution to this ?

Thank you in advance,
Christos Kalantzis


I am trying to get the rlm_sqlcounter module working in freeradius-0.8.1

and am have a bit of trouble.  It appears that the module is not
querying the sql database...

When running radius -X, I get the following:

rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
 modcall[authorize]: module "allcounter" returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
 modcall[authorize]: module "dailycounter" returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
 modcall[authorize]: module "monthlycounter" returns noop

The configuration directive for the modules are as follows:

sqlcounter allcounter {
       counter-name = Max-All-Session-Time
       check-name = Max-All-Session
       sqlmod-inst = sql
       key = User-Name
       reset = never
       query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
       }

sqlcounter dailycounter {
       counter-name = Daily-Session-Time
       check-name = Max-Daily-Session
       sqlmod-inst = sql
       key = User-Name
       reset = daily
       query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
       }

sqlcounter monthlycounter {
       counter-name = Monthly-Session-Time
       check-name = Max-Monthly-Session
       sqlmod-inst = sql
       key = User-Name
       reset = monthly
       query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
       }


--Robert R. George





--__--__--

Message: 3
To: [EMAIL PROTECTED]
Subject: EAP-TTLS and EAP-PEAP support
Date: Thu, 14 Aug 2003 11:06:48 +0200
From: Janko Kersnik <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]

Hello,

do you have any information, when will you support
EAP-TTLS and EAP-PEAP. As it can be seen from
developers mailing list you are doing something on it.

Best regards,

Janko Kersnik
ARNES




--__--__--

Message: 4
Date: Thu, 14 Aug 2003 11:22:21 +0200
From: Artur Hecker <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Personal certificate usage problem
Reply-To: [EMAIL PROTECTED]

hi


When I open the Personal certificate and select Details tab->Edit 

properties I have to select Enable only the following purposes and deselect
all but Client Authentication. Doing this Windows 2000 finds the certificate
and EAP/TLS authentication goes OK. But if I don't do this it says unable to
find certificate.

interesting, so windows 2000 wants the certificate to be a pure Client
Auth certificate? why not, it would still work for you, right?



I can't use the EKU described in Ken Roser's document because if I use 

it Windows 2000 says that the certificate has a non-valid digital signature.
Does the EKU work only in XP? The detail tab shows only Client
authentication as authentication method on the Personal certificate as I
need though.

oups? perhaps i don't understand something, but in my case the Client
Authentication IS mentioned under the Extended Key usage uncritical
extension with the value of 1.3.6.1.5.5.7.3.2.

i don't get about which client authentication you are talking otherwise.
the only one i have is in the EKU. and: windows 2000 can't say it's not
valid because of EKU, this extension is not critical, so it does not
need to be there from the certification point of view. it's my
understanding...



I tried editing the openssl.cnf file and setting nsCertType = client, 

server (because it give this type to client and server certificate using the
script). Then I removed the extensions bits from CA.all and made the
certificate.

sorry, i don't know what nsCertType is, looks like netscape to me. and i
don't use CA.all, i use the openssl commands, one after another.



The Personal certificate still shows all the possible usages for the

certificate and I have to pick the Client authentication to make it work.

yes, the only usage i have is checked and this is client authentication.
unfortunately it's part of the EKU.



Installing the two certificates is relatively easy. But if you have to 

start MMC-->Add Snap-in-->Go to Personal certificate and enable only the
client authentication purpose it gets a lot more complicated.

i think you can achieve the same result by just clicking on
certificates. you chose the destination repository only for the root
certificate.

otherwise supply a .reg file, perhaps it will work in this way.



Any idea how to edit CA.all, OpenSSL.cnf, CA.pl or any other place to 

give the client certificate purpose to only function as client certificate
so Windows 2000 would find it?

hmm, i don't think you need any of those. i never edited openssl.cnf and
i didn't use ca.all nor ca.pl. i didn't use windows 2000 neither :-) but
it can't be that different.

if you want i'll produce you two bogus certificates and you can test
those on your 2000.


ciao
artur

--
Artur Hecker
artur[at]hecker.info


--__--__--

Message: 5
To: [EMAIL PROTECTED]
Subject: EAP-TTLS and EAP-PEAP support
Date: Thu, 14 Aug 2003 11:34:40 +0200
From: Janko Kersnik <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]

Hello,

do you have any information, when will you support
EAP-TTLS and EAP-PEAP. As it can be seen from
developers mailing list you are doing something on it.

Best regards,

Janko Kersnik
ARNES



--__--__--

Message: 6
Date: Thu, 14 Aug 2003 11:36:40 +0200
From: Kent Hansen <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Howto FreeRadius --Cisco350 --client win98/2k/xp
Reply-To: [EMAIL PROTECTED]

Oki.
Now i have setup the radius with EAP-MD5. And the wireless clients has to

type

in username and password to join the net now.

But 1 question:
How do i setup the xp klient, or win98 to automatic remember the username

and

password? When he reboot the machine, and want to join the net. As now he

have

to retype the username and password, to join the net.

Kent







--__--__--

Message: 7
From: "Brian Johnson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Users without a password
Date: Thu, 14 Aug 2003 04:44:49 -0500
Reply-To: [EMAIL PROTECTED]

I am in the process of helping a customer of ours figure this out.

He purchased a bunch of users from a competitor, but they can not provide
him with the passwords (only usernames). What I want to do is allow for

the

user to pass any password, but then log what they passed.

I have set the following in radiusd.conf:

log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes

And have created a users file as such:

testuser Auth-Type := Local, User-Password =* "test"
Fall-Through = Yes

DEFAULT Auth-Type := Local
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP

This isn't working. I am using radtest and getting the following results:

[EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0 testing123
Sending Access-Request of id 107 to 127.0.0.1:1812
       User-Name = "testuser"
       User-Password = "test"
       NAS-IP-Address = wraith.nvc.net
       NAS-Port = 0
Re-sending Access-Request of id 107 to 127.0.0.1:1812
       User-Name = "testuser"
       User-Password = "H%\201\271\r\361X\315\270zr\262P\367\265\374"
       NAS-IP-Address = wraith.nvc.net
       NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=107, length=20


The radius.log entries are as such:

Thu Aug 14 15:36:54 2003 : Auth: Login incorrect: [testuser/test] (from
client localhost port 0)



I think the problem is the operator I am using on the User-Password check
item, but have tried almost every other "reasonable" operator.

Any other ideas?

- Brian J.



--__--__--

Message: 8
Date: Thu, 14 Aug 2003 11:57:48 +0200
From: Degrande_Samuel <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Memory leak...
Reply-To: [EMAIL PROTECTED]

Hello...

I always have a memory leak problem (I use one of the last snapshot,
on Sparc Solaris 9).

I tried to track it and found the memory leak to be IN the solaris
pam modules. After some talks with other people, it seems that
every pam implementation (Solaris, Linux...) suffers from memory leak,
and everybody tell to use a forked process to proceed the pam
authentication. What do you think of that ? I could propose you
a rlm_pam module which fork a new child every <given_number>
authentication request.

By the way, I think that there is an 'array index out of bound' bug
in src/modules.c :
/*
* Allow old names, too.
*/
if (!next) {
 next = cf_subsection_find_next(cs, sub,
     old_section_type_value[comp].typename);
}

This supposes that old_section_type_value has the same length than
section_type_value (well, beeing at least as long). But
old_section_type_value is shorter, so 'comp' goes out of bound, right ?


Regards.

--
Samuel Degrande           LIFL - UMR 8022 CNRS - Bat M3
Phone: (33)3.20.43.47.38  USTL - Universite de Lille 1
Fax:   (33)3.20.43.65.66  59655 VILLENEUVE D'ASCQ CEDEX - FRANCE


--__--__--

Message: 9
From: "Alan Litster" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: Users without a password
Date: Thu, 14 Aug 2003 11:01:21 +0100
Reply-To: [EMAIL PROTECTED]


Have a look at section 5.5 of the FreeRADIUS FAQ, this should answer your
question - http://www.freeradius.org/faq/#5.5


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Brian
Johnson
Sent: 14 August 2003 10:45
To: [EMAIL PROTECTED]
Subject: Users without a password


I am in the process of helping a customer of ours figure this out.

He purchased a bunch of users from a competitor, but they can not

provide

him with the passwords (only usernames). What I want to do is
allow for the
user to pass any password, but then log what they passed.

I have set the following in radiusd.conf:

log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes

And have created a users file as such:

testuser Auth-Type := Local, User-Password =* "test"
Fall-Through = Yes

DEFAULT Auth-Type := Local
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP

This isn't working. I am using radtest and getting the following

results:

[EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0 testing123
Sending Access-Request of id 107 to 127.0.0.1:1812
       User-Name = "testuser"
       User-Password = "test"
       NAS-IP-Address = wraith.nvc.net
       NAS-Port = 0
Re-sending Access-Request of id 107 to 127.0.0.1:1812
       User-Name = "testuser"
       User-Password = "H%\201\271\r\361X\315\270zr\262P\367\265\374"
       NAS-IP-Address = wraith.nvc.net
       NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=107,

length=20


The radius.log entries are as such:

Thu Aug 14 15:36:54 2003 : Auth: Login incorrect: [testuser/test] (from
client localhost port 0)



I think the problem is the operator I am using on the User-Password

check

item, but have tried almost every other "reasonable" operator.

Any other ideas?

- Brian J.


-
List info/subscribe/unsubscribe? See

http://www.freeradius.org/list/users.html


--------------------------------------------------------------------------

-----------------------------

This email, and any files transmitted with it, is copyright and may

contain confidential information.

The contents are intended for the use of the addressee(s) only.
Unauthorized use may be unlawful.
If you receive this email by mistake, please advise sender immediately.
The views of the author may not necessarily constitute the views of Telco

Electronics Limited.

Nothing in this mail shall bind Telco Electronics Limited in any contract

or obligation.

Telco Electronics Limited
6-8 Oxford Court
Brackley
Northants
NN13 7XY

Tel 07000 701999
Fax 07000 701777


--__--__--

Message: 10
From: "Brian Johnson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: Users without a password
Date: Thu, 14 Aug 2003 05:08:57 -0500
Reply-To: [EMAIL PROTECTED]

Please excuse this post as I found my own answer:

testuser Auth-Type = Accept
Fall-Through = Yes

Please do not flame me. I've been working on this for 9 hours straight and
look at the time. :)

Thanks for understanding.

- Brian J.



-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Brian Johnson
Sent: Thursday, August 14, 2003 4:45 AM
To: [EMAIL PROTECTED]
Subject: Users without a password

I am in the process of helping a customer of ours figure this out.

He purchased a bunch of users from a competitor, but they can
not provide
him with the passwords (only usernames). What I want to do is
allow for the
user to pass any password, but then log what they passed.

I have set the following in radiusd.conf:

log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes

And have created a users file as such:

testuser Auth-Type := Local, User-Password =* "test"
Fall-Through = Yes

DEFAULT Auth-Type := Local
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP

This isn't working. I am using radtest and getting the
following results:

[EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0 testing123
Sending Access-Request of id 107 to 127.0.0.1:1812
       User-Name = "testuser"
       User-Password = "test"
       NAS-IP-Address = wraith.nvc.net
       NAS-Port = 0
Re-sending Access-Request of id 107 to 127.0.0.1:1812
       User-Name = "testuser"
       User-Password = "H%\201\271\r\361X\315\270zr\262P\367\265\374"
       NAS-IP-Address = wraith.nvc.net
       NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812,
id=107, length=20


The radius.log entries are as such:

Thu Aug 14 15:36:54 2003 : Auth: Login incorrect:
[testuser/test] (from
client localhost port 0)



I think the problem is the operator I am using on the
User-Password check
item, but have tried almost every other "reasonable" operator.

Any other ideas?

- Brian J.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




--__--__--

Message: 11
From: "Brian Johnson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: RE: Users without a password
Date: Thu, 14 Aug 2003 05:09:36 -0500
Reply-To: [EMAIL PROTECTED]

Thanks Alan. :)

- Brian J.


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Alan Litster
Sent: Thursday, August 14, 2003 5:01 AM
To: [EMAIL PROTECTED]
Subject: RE: Users without a password


Have a look at section 5.5 of the FreeRADIUS FAQ, this should
answer your
question - http://www.freeradius.org/faq/#5.5


-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Brian
Johnson
Sent: 14 August 2003 10:45
To: [EMAIL PROTECTED]
Subject: Users without a password


I am in the process of helping a customer of ours figure this out.

He purchased a bunch of users from a competitor, but they

can not provide

him with the passwords (only usernames). What I want to do is
allow for the
user to pass any password, but then log what they passed.

I have set the following in radiusd.conf:

log_auth = yes
log_auth_badpass = yes
log_auth_goodpass = yes

And have created a users file as such:

testuser Auth-Type := Local, User-Password =* "test"
Fall-Through = Yes

DEFAULT Auth-Type := Local
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP

This isn't working. I am using radtest and getting the

following results:

[EMAIL PROTECTED] raddb]# radtest testuser test 127.0.0.1:1812 0

testing123

Sending Access-Request of id 107 to 127.0.0.1:1812
       User-Name = "testuser"
       User-Password = "test"
       NAS-IP-Address = wraith.nvc.net
       NAS-Port = 0
Re-sending Access-Request of id 107 to 127.0.0.1:1812
       User-Name = "testuser"
       User-Password =

"H%\201\271\r\361X\315\270zr\262P\367\265\374"

       NAS-IP-Address = wraith.nvc.net
       NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812,

id=107, length=20


The radius.log entries are as such:

Thu Aug 14 15:36:54 2003 : Auth: Login incorrect:

[testuser/test] (from

client localhost port 0)



I think the problem is the operator I am using on the

User-Password check

item, but have tried almost every other "reasonable" operator.

Any other ideas?

- Brian J.


-
List info/subscribe/unsubscribe? See

http://www.freeradius.org/list/users.html


--------------------------------------------------------------
-----------------------------------------
This email, and any files transmitted with it, is copyright
and may contain confidential information.
The contents are intended for the use of the addressee(s) only.
Unauthorized use may be unlawful.
If you receive this email by mistake, please advise sender
immediately.
The views of the author may not necessarily constitute the
views of Telco Electronics Limited.
Nothing in this mail shall bind Telco Electronics Limited in
any contract or obligation.

Telco Electronics Limited
6-8 Oxford Court
Brackley
Northants
NN13 7XY

Tel 07000 701999
Fax 07000 701777

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




--__--__--

Message: 12
From: "Truong Manh Cuong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: dialup_admin - user_finger.php3
Date: Thu, 14 Aug 2003 16:39:22 +0700
Reply-To: [EMAIL PROTECTED]

This is a multi-part message in MIME format.

------=_NextPart_000_004A_01C36282.9D4C7510
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

This is an error when I use user_finger.php3:

$search =3D @da_sql_query($link,$config,

"SELECT UserName,AcctStartTime,FramedIPAddress,CallingStationId

FROM radacct=20

WHERE AcctStopTime IS NOT NULL AND NASIPAddress =3D '$name_data' $extra

GROUP BY username

ORDER BY AcctStartTime;") or die(da_sql_error($link,$config));

Error:

ERROR: Attribute radacct.acctstarttime must be GROUPed or used in an =
aggregate function=20
Could someone help me?

Thanks=20

*******************************************************
Truong M?nh Cu?ng
Engineer of R&D - ERD
Research & Development Division - RDD
Mobile:         84-90-8392986
Work Phone: 84-08-9321001 - 664=20
Email    [EMAIL PROTECTED]

EIS Service, Inc.
http://www.globaleis.com=20
Saigon Software Park, 2nd Floor.
123 Truong Dinh St., Dist. 3, HCM City, Vietnam.
Tel 84-8-932 1001 Fax 84-8-932 1002
*******************************************************=20


------=_NextPart_000_004A_01C36282.9D4C7510
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2726.2500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>This is an error when I use=20
user_finger.php3:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>
<P></FONT><FONT color=3D#800000 size=3D2>$search</FONT><FONT size=3D2> =
=3D=20
@da_sql_query(</FONT><FONT color=3D#800000 size=3D2>$link</FONT><FONT=20
size=3D2>,</FONT><FONT color=3D#800000 size=3D2>$config</FONT><FONT =
size=3D2>,</P>
<P></FONT><FONT color=3D#0000f0 size=3D2>"SELECT=20
UserName,AcctStartTime,FramedIPAddress,CallingStationId</P>
<P>FROM radacct </P>
<P>WHERE AcctStopTime IS NOT NULL AND NASIPAddress =3D '</FONT><B><FONT=20
size=3D2>$name_data</B></FONT><FONT color=3D#0000f0 size=3D2>' =
</FONT><B><FONT=20
size=3D2>$extra</P></B></FONT><FONT color=3D#0000f0 size=3D2>
<P>GROUP BY username</P>
<P>ORDER BY AcctStartTime;"</FONT><FONT size=3D2>) <B>or</B> =
die(</FONT><FONT=20
size=3D2>da_sql_error(</FONT><FONT color=3D#800000 =
size=3D2>$link</FONT><FONT=20
size=3D2>,</FONT><FONT color=3D#800000 size=3D2>$config</FONT><FONT =
size=3D2>));</P>
<P><FONT face=3DArial>Error:</FONT></P></FONT></DIV>
<DIV>ERROR: Attribute radacct.acctstarttime must be GROUPed or used in =
an=20
aggregate function </DIV>
<DIV><SPAN=20
style=3D"FONT-SIZE: 10pt; COLOR: blue; FONT-FAMILY: Verdana, Arial, =
Helvetica, sans-serif">
<P><FONT face=3DArial color=3D#000000>Could someone help me?</FONT></P>
<P><FONT face=3DArial color=3D#000000>Thanks </FONT></P>
<P>*******************************************************<BR><STRONG>Tr&=
#432;&#417;ng=20
M&#7841;nh C&#432;&#7901;ng</STRONG><BR>Engineer of R&amp;D - =
ERD<?xml:namespace prefix =3D o=20
/><o:p></o:p><BR>Research &amp; Development Division - RDD<BR><FONT=20
color=3D#990000>Mobile:=20
</FONT>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;84-90-8392986<BR><=
FONT=20
color=3D#990000>Work Phone:</FONT>&nbsp;84-08-9321001 - 664 <BR><FONT=20
color=3D#990000>Email</FONT>&nbsp;&nbsp;&nbsp; <A=20
href=3D"mailto:[EMAIL PROTECTED]">[EMAIL PROTECTED]</A> </P>
<P><STRONG>EIS Service, Inc.</STRONG><BR><A =
href=3D"http://www.globaleis.com"=20
target=3D_blank>http://www.globaleis.com</A> <BR>Saigon Software Park, =
2nd=20
Floor.<BR>123 Truong Dinh St., Dist. 3, HCM City, Vietnam.<BR><FONT=20
color=3D#990000>Tel</FONT> 84-8-932 1001 <FONT =
color=3D#990000>Fax</FONT> 84-8-932=20
1002<BR>*******************************************************=20
</P></SPAN></DIV></BODY></HTML>

------=_NextPart_000_004A_01C36282.9D4C7510--




--__--__--

-
List info/subscribe/unsubscribe? See

http://www.freeradius.org/list/users.html


End of Freeradius-Users Digest



- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to