Hola: [EMAIL PROTECTED] wrote: Send Freeradius-Users mailing list submissions to [email protected]
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. Re: web based admin (Peter Nixon) 2. RE: web based admin (Hawkins, Michael) 3. Class attribute in accounting record. (Mark J Elkins) 4. Re: Class attribute in accounting record. (Michael da Silva Pereira) 5. Re: Class attribute in accounting record. ([EMAIL PROTECTED]) 6. Re: Class attribute in accounting record. (Mark Elkins) ---------------------------------------------------------------------- Message: 1 Date: Mon, 29 Oct 2007 15:58:13 +0200 From: Peter Nixon Subject: Re: web based admin To: [email protected] Cc: "Hawkins, Michael" Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" On Mon 29 Oct 2007, Hawkins, Michael wrote: > Hi all, > > I am very familiar with Cisco Secure ACS for AAA of Cisco devices. I am > considering using FreeRadius at another customer site instead of Cisco > Secure ACS. > > Will I still be able to control command execution (authorization) etc > via FreeRadius? Or would I be restricted to authentication only? By using the word "still" it implies that SecureACS can do this also, but as far as I know, unless something has changed recently, cisco equipment only supports this feature with TACACS+ and not RADIUS.. Comparing a SecureACS TACACS+ server with FreeRADIUS is comparing apples and oranges... FreeRADIUS is generally MUCH more powerfull than SecureACS in its RADIUS functionality.. FreeRADIUS, doe not however support TACACS+ at present.. -- Peter Nixon http://peternixon.net/ ------------------------------ Message: 2 Date: Mon, 29 Oct 2007 10:21:32 -0400 From: "Hawkins, Michael" Subject: RE: web based admin To: Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="us-ascii" Peter, Yes, I was comparing TACACS+ to RADIUS - my mistake. Any recommendations on the most appropriate web front end for FreeRadius when managing a Cisco network that is pointing at a FreeRadius AAA server? Mike Hawkins Office: 212-208-3888 Mobile: 917-887-3614 -----Original Message----- From: Peter Nixon [mailto:[EMAIL PROTECTED] Sent: Monday, October 29, 2007 9:58 AM To: [email protected] Cc: Hawkins, Michael Subject: Re: web based admin On Mon 29 Oct 2007, Hawkins, Michael wrote: > Hi all, > > I am very familiar with Cisco Secure ACS for AAA of Cisco devices. I am > considering using FreeRadius at another customer site instead of Cisco > Secure ACS. > > Will I still be able to control command execution (authorization) etc > via FreeRadius? Or would I be restricted to authentication only? By using the word "still" it implies that SecureACS can do this also, but as far as I know, unless something has changed recently, cisco equipment only supports this feature with TACACS+ and not RADIUS.. Comparing a SecureACS TACACS+ server with FreeRADIUS is comparing apples and oranges... FreeRADIUS is generally MUCH more powerfull than SecureACS in its RADIUS functionality.. FreeRADIUS, doe not however support TACACS+ at present.. -- Peter Nixon http://peternixon.net/ --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient please notify the sender immediately; you should not retain this message or disclose its content to anyone. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ------------------------------ Message: 3 Date: Mon, 29 Oct 2007 16:45:14 +0200 From: Mark J Elkins Subject: Class attribute in accounting record. To: [email protected] Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset=ISO-8859-1 My access provider is setting and sending me the "Class" attribute in an accounting record... I use MySQL to store such info in... and I'm using freeradius 1.1.6 in order to Capture the value - I modified all accounting "Insert" statements to.... (as an example) accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, Class) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Telkom-Access-Type:-!SAIX} %{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0', '%{Class}')" This captures the info fine.... (yes - also changed the MySQL table) | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress | NASPortId | NASPortType | AcctStartTime | AcctStopTime | AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId | AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress | AcctStartDelay | AcctStopDelay | Class | +-----------+----------------------+------------------+---------------------------------+--------------+--------------+------------+-------------+---------------------+---------------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------+ | 21488415 | 7/0/0/2.157_13B0EB0F | 32161edf2c7a5dec | [EMAIL PROTECTED] | realmname | 1.2.3.4 | 1879179421 | Virtual | 2007-10-29 16:15:07 | 0000-00-00 00:00:00 | 0 | RADIUS | DSL AutoShapedVC | | 0 | 0 | | | | Framed-User | PPP | 1.2.4.99 | 0 | 0 | 0x4e5331 | ... However - I get a Hex String ... 0x4e5331 - where I was expecting "NS1" Reading the RFC's (with FreeRadius documentation) - this should be a Char Octets kindof field... Should the access provider sent the string in ASCII rather? Did something in FreeRadius convert the ASCII to Hex? What can I do to convert this on the fly into ASCII - save a bit of space in my Database - etc. Reading the mailing-lists archives - I see that it can contain binary data - thus the Hex. Which is "better" - to change the dictionary definition from octet to string or some sort of mysql function call? (better ==> less things to remember/patch between updates) The access provider states that the info provided will always be ascii (or translate to ascii - if decoded). -- . . ___. .__ Posix Systems - Sth Africa /| /| / /__ [EMAIL PROTECTED] - Mark J Elkins, SCO ACE, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 ------------------------------ Message: 4 Date: Mon, 29 Oct 2007 16:52:41 +0200 From: Michael da Silva Pereira Subject: Re: Class attribute in accounting record. To: FreeRadius users mailing list Message-ID: 1ImVyq-00038W-15 Content-Type: text/plain Hi Mark, The provider is obviously SAIX (ZA based ISP), Looks like SAIX are sending it through as ASCII text, on my side? Tue Sep 18 14:25:53 2007 Acct-Session-Id = "7/0/2/20.557_30429449" Framed-Protocol = PPP Framed-IP-Address = 41.242.121.175 User-Name = "[EMAIL PROTECTED]" X-Ascend-Connect-Progress = 60 Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Virtual NAS-Port = 1913913901 NAS-Port-Id = "7/0/2/20.557" Connect-Info = "AutoShapedVC" Class = "NS1" Service-Type = Framed-User NAS-IP-Address = 196.43.27.23 Check you /share/freeradius/dictionary file and check what you have for the Class Attribute. I have the following: dictionary:ATTRIBUTE Class 25 string Kind Regards, Michael da Silva Pereira Tradepage ;) -----Original Message----- From: Mark J Elkins Reply-To: FreeRadius users mailing list To: [email protected] Subject: Class attribute in accounting record. Date: Mon, 29 Oct 2007 16:45:14 +0200 My access provider is setting and sending me the "Class" attribute in an accounting record... I use MySQL to store such info in... and I'm using freeradius 1.1.6 in order to Capture the value - I modified all accounting "Insert" statements to.... (as an example) accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, Class) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Telkom-Access-Type:-!SAIX} %{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0', '%{Class}')" This captures the info fine.... (yes - also changed the MySQL table) | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm | NASIPAddress | NASPortId | NASPortType | AcctStartTime | AcctStopTime | AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId | AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress | AcctStartDelay | AcctStopDelay | Class | +-----------+----------------------+------------------+---------------------------------+--------------+--------------+------------+-------------+---------------------+---------------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------+ | 21488415 | 7/0/0/2.157_13B0EB0F | 32161edf2c7a5dec | [EMAIL PROTECTED] | realmname | 1.2.3.4 | 1879179421 | Virtual | 2007-10-29 16:15:07 | 0000-00-00 00:00:00 | 0 | RADIUS | DSL AutoShapedVC | | 0 | 0 | | | | Framed-User | PPP | 1.2.4.99 | 0 | 0 | 0x4e5331 | ... However - I get a Hex String ... 0x4e5331 - where I was expecting "NS1" Reading the RFC's (with FreeRadius documentation) - this should be a Char Octets kindof field... Should the access provider sent the string in ASCII rather? Did something in FreeRadius convert the ASCII to Hex? What can I do to convert this on the fly into ASCII - save a bit of space in my Database - etc. Reading the mailing-lists archives - I see that it can contain binary data - thus the Hex. Which is "better" - to change the dictionary definition from octet to string or some sort of mysql function call? (better ==> less things to remember/patch between updates) The access provider states that the info provided will always be ascii (or translate to ascii - if decoded). This email and all its contents are subject to the following disclaimer: "http://www.tradepage.net/disclaimer.aspx"; ------------------------------ Message: 5 Date: Mon, 29 Oct 2007 16:20:15 +0100 From: Subject: Re: Class attribute in accounting record. To: "FreeRadius users mailing list" Message-ID: Content-Type: text/plain; charset=ISO-8859-2 You can use CHAR() in the sql statement if you recieving Class attribute ASCII encoded. Ivan Kalik Kalik Informatika ISP Dana 29/10/2007, "Mark J Elkins" pi?e: >My access provider is setting and sending me the "Class" attribute in an >accounting record... > >I use MySQL to store such info in... and I'm using freeradius 1.1.6 > >in order to Capture the value - I modified all accounting "Insert" >statements to.... (as an example) > >accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId, >AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, >AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, >ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, >CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, >FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, Class) >values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', >'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', >'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', >'%{Telkom-Access-Type:-!SAIX} %{Connect-Info}', '', '0', '0', >'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', >'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0', >'%{Class}')" > >This captures the info fine.... (yes - also changed the MySQL table) > >| RadAcctId | AcctSessionId | AcctUniqueId | >UserName | Realm | NASIPAddress | >NASPortId | NASPortType | AcctStartTime | AcctStopTime | >AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop | >AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId >| AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress | >AcctStartDelay | AcctStopDelay | Class | >+-----------+----------------------+------------------+---------------------------------+--------------+--------------+------------+-------------+---------------------+---------------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------+ >| 21488415 | 7/0/0/2.157_13B0EB0F | 32161edf2c7a5dec | >[EMAIL PROTECTED] | realmname | 1.2.3.4 | 1879179421 | >Virtual | 2007-10-29 16:15:07 | 0000-00-00 00:00:00 | >0 | RADIUS | DSL AutoShapedVC | | >0 | 0 | | >| | Framed-User | PPP | 1.2.4.99 >| 0 | 0 | 0x4e5331 | > > >.... However - I get a Hex String ... 0x4e5331 - where I was expecting "NS1" > >Reading the RFC's (with FreeRadius documentation) - this should be a >Char Octets kindof field... > >Should the access provider sent the string in ASCII rather? >Did something in FreeRadius convert the ASCII to Hex? >What can I do to convert this on the fly into ASCII - save a bit of >space in my Database - etc. > >Reading the mailing-lists archives - I see that it can contain binary >data - thus the Hex. >Which is "better" - to change the dictionary definition from octet to >string or some sort of mysql function call? >(better ==> less things to remember/patch between updates) >The access provider states that the info provided will always be ascii >(or translate to ascii - if decoded). > >-- > . . ___. .__ Posix Systems - Sth Africa > /| /| / /__ [EMAIL PROTECTED] - Mark J Elkins, SCO ACE, Cisco CCIE >/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > ------------------------------ Message: 6 Date: Mon, 29 Oct 2007 18:22:04 +0200 From: Mark Elkins Subject: Re: Class attribute in accounting record. To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain On Mon, 2007-10-29 at 16:45 +0200, Mark J Elkins wrote: > My access provider is setting and sending me the "Class" attribute in an > accounting record... > > I use MySQL to store such info in... and I'm using freeradius 1.1.6 Wisdom prevails.. (touching the dictionaries is probably a bad* thing to do...) I'm using ... accounting_stop_query_alt = "INSERT.... , UNHEX(SUBSTR('%{Class}',3)))" .. which keeps personal changes to one place (sql.conf and files in /etc/raddb) and saves me from upsetting Alan DeKok's karma* - a bad thing to do. -- . . ___. .__ Posix Systems - Sth Africa /| /| / /__ [EMAIL PROTECTED] - Mark J Elkins, Cisco CCIE / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496 ------------------------------ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 30, Issue 105 ************************************************* CON CARIÑO MARIBEL HERNÁNDEZ LÓPEZ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
