I am not interested in any argument, i wanted to check what may be the problem with my radius server as accounting is successful with free radius on other server. On May 26, 2013 6:51 AM, <[email protected]> wrote:
> Send Freeradius-Users mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. Re: Issue with radius accounting (Alan DeKok) > 2. user from particular NAS-IP-Address (Pete Ashdown) > 3. Re: user from particular NAS-IP-Address (Alan DeKok) > 4. Error: rlm_sql_unixodbc: SQL down 08S01 > [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server > is unavailable or does not exist (Bill Grant) > 5. Re: Error: rlm_sql_unixodbc: SQL down 08S01 > [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server > is unavailable or does not exist (Alan DeKok) > 6. RE: Error: rlm_sql_unixodbc: SQL down 08S01 > [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server > is unavailable or does not exist (Bill Grant) > 7. Re: Auth-Type = Reject not being obeyed (Matthew Melbourne) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Sat, 25 May 2013 13:30:57 -0400 > From: Alan DeKok <[email protected]> > To: FreeRadius users mailing list > <[email protected]> > Cc: "[email protected]" > <[email protected]> > Subject: Re: Issue with radius accounting > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > On 2013-05-25, at 12:39 PM, Arvind Bahuguni <[email protected]> wrote: > > > Hi Alan, > > I am suspecting some radius setting on my server because free radius on > other server is responding and authentication and accounting is successful > > > For one, you need to edit your posts. It's ridiculous to reply to a > digest message, and include hundreds of lines of irrelevant text. > > And if you know so much more than me about RADIUS, you shouldn't be > asking questions on this list. > > If you're going to ask questions and then argue with the answers, you > will be unsubscribed from the list and banned permanently. > > Alan DeKok. > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: < > http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130525/dc49bb28/attachment-0001.html > > > > ------------------------------ > > Message: 2 > Date: Sat, 25 May 2013 14:31:12 -0600 > From: Pete Ashdown <[email protected]> > To: [email protected] > Subject: user from particular NAS-IP-Address > Message-ID: <[email protected]> > Content-Type: text/plain; charset=us-ascii > > I'm trying to restrict a guest user from a single NAS-IP-Address via > "users" > and I can't get it to work. > > Doesn't work: > > test NAS-IP-Address == "127.0.0.1" > Auth-Type := Accept > > test NAS-IP-Address == "127.0.1.1" > Auth-Type := Accept > > Works, but it isn't restricted by NAS: > > test Auth-Type := Accept > > I've also tried "Calling-Station-ID == 127.0.1.1" to no avail. > > > Also, how would I do this for a group of NAS IP addresses? Is it possible > to > assign them to a group in "clients.conf" that can be later checked against > in > "users"? Where is the documentation of what can be tested against in the > "users" file? > > > ------------------------------ > > Message: 3 > Date: Sat, 25 May 2013 18:23:44 -0400 > From: Alan DeKok <[email protected]> > To: FreeRadius users mailing list > <[email protected]> > Subject: Re: user from particular NAS-IP-Address > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > Pete Ashdown wrote: > > I'm trying to restrict a guest user from a single NAS-IP-Address via > "users" > > and I can't get it to work. > > > > Doesn't work: > > > > test NAS-IP-Address == "127.0.0.1" > > Auth-Type := Accept > > That's wrong. Why? See the debug output. It *tells* you what's > wrong, and how to fix it. See "man users". It *documents* the format > of the "users" file. See the sample "raddb/users" file. Look for > "Auth-Type". There are *examples* of how to do this. > > > Also, how would I do this for a group of NAS IP addresses? Is it > possible to > > assign them to a group in "clients.conf" that can be later checked > against in > > "users"? > > See raddb/huntgroups. You can group NASes, and check the group > membership later. > > > Where is the documentation of what can be tested against in the > > "users" file? > > What does that mean? "man users" describes how the "users" file > works. After that, if you get something wrong, the debug output will > tell you. > > You *did* run the server in debugging mode, as suggested in the FAQ, > README, "man" page, and daily on this list? > > Alan DeKok. > > > ------------------------------ > > Message: 4 > Date: Sat, 25 May 2013 23:28:13 +0000 > From: Bill Grant <[email protected]> > To: "[email protected]" > <[email protected]> > Subject: Error: rlm_sql_unixodbc: SQL down 08S01 > [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server > is > unavailable or does not exist > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-1" > > I am having trouble starting freeradius at boot on CentOS 6.4. It starts, > but it does not connect to my database; however, if run it manually from > the command the it works fine. I think there is permission issue somewhere. > See the log below: > > when I run following command as root it works > > # radiusd > > Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Driver rlm_sql_unixodbc > (module rlm_sql_unixodbc) loaded and linked > Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect to > radius@EBHorizon:5000/Horizon > Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect > rlm_sql_unixodbc #0 > Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Connected new DB handle, #0 > Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect > rlm_sql_unixodbc #1 > Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Connected new DB handle, #1 > Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect > rlm_sql_unixodbc #2 > Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #2 > Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Attempting to connect > rlm_sql_unixodbc #3 > Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #3 > Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Attempting to connect > rlm_sql_unixodbc #4 > Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #4 > Sat May 25 10:26:21 2013 : Info: Loaded virtual server <default> > Sat May 25 10:26:21 2013 : Info: Loaded virtual server inner-tunnel > Sat May 25 10:26:21 2013 : Info: ... adding new socket proxy address * > port 35688 > Sat May 25 10:26:21 2013 : Info: Ready to process requests. > > When I run the command below it does not connect. > #service radiusd start > > > Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Driver rlm_sql_unixodbc > (module rlm_sql_unixodbc) loaded and linked > Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Attempting to connect to > radius@EBHorizon:5000/Horizon > Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Attempting to connect > rlm_sql_unixodbc #0 > Sat May 25 10:29:05 2013 : Error: rlm_sql_unixodbc: SQL down 08S01 > [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is > unavailable or does not exist > Sat May 25 10:29:05 2013 : Error: rlm_sql_unixodbc: Connection failed > Sat May 25 10:29:05 2013 : Error: rlm_sql (sql): Failed to connect DB > handle #0 > Sat May 25 10:29:05 2013 : Info: Loaded virtual server <default> > Sat May 25 10:29:05 2013 : Info: Loaded virtual server inner-tunnel > Sat May 25 10:29:05 2013 : Info: ... adding new socket proxy address * > port 59524 > Sat May 25 10:29:05 2013 : Info: Ready to process requests. > > Any help would be greatly appreciated. > > > ------------------------------ > > Message: 5 > Date: Sat, 25 May 2013 19:44:55 -0400 > From: Alan DeKok <[email protected]> > To: FreeRadius users mailing list > <[email protected]> > Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01 > [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server > is > unavailable or does not exist > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1 > > Bill Grant wrote: > > I am having trouble starting freeradius at boot on CentOS 6.4. It > starts, but it does not connect to my database; however, if run it manually > from the command the it works fine. I think there is permission issue > somewhere. See the log below: > > > > when I run following command as root it works > > It's probably some SELinux rule. The normal Linux APIs allow *any* > process to make outbound connections. > > Alan DeKok. > > > ------------------------------ > > Message: 6 > Date: Sun, 26 May 2013 00:29:28 +0000 > From: Bill Grant <[email protected]> > To: FreeRadius users mailing list > <[email protected]> > Subject: RE: Error: rlm_sql_unixodbc: SQL down 08S01 > [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server > is > unavailable or does not exist > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > You are right I temporarily disabled SE Linux with "echo 0 > >/selinux/enforce" and it worked. Now I just need to figure out exactly > what it is blocking. Thanks for the help! > ________________________________________ > From: Alan DeKok [[email protected]] > Sent: Saturday, May 25, 2013 7:44 PM > To: FreeRadius users mailing list > Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01 > [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is > unavailable or does not exist > > Bill Grant wrote: > > I am having trouble starting freeradius at boot on CentOS 6.4. It > starts, but it does not connect to my database; however, if run it manually > from the command the it works fine. I think there is permission issue > somewhere. See the log below: > > > > when I run following command as root it works > > It's probably some SELinux rule. The normal Linux APIs allow *any* > process to make outbound connections. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > ------------------------------ > > Message: 7 > Date: Sun, 26 May 2013 01:41:14 +0100 > From: "Matthew Melbourne" <[email protected]> > To: <[email protected]> > Subject: Re: Auth-Type = Reject not being obeyed > Message-ID: <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > I think Phil's diagnosis is correct; 'Auth-Type := Reject' requires the > ':=' > operator to reject a CHAP authentication. > > Unfortunately, it's not always easy to place a live production system in > debug mode, hence the initial "is this something stupid" question :) > > (And apologies for the lack of a subject line in the original post). > > Cheers, > Matt > > -----Original Message----- > Date: Fri, 24 May 2013 17:31:29 +0100 > From: Phil Mayers <[email protected]> > To: [email protected] > Subject: Re: Auth-Type = Reject not being obeyed > Message-ID: <[email protected]> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed > > On 24/05/13 17:19, Alan Buxey wrote: > > > The only difference I can see is that the first example uses a > > plain-text password, and the RADIUS on the LNS is using CHAP? > > > > The backend database has "=" in the 'op' field (and not ":="), so the > > returned attribute is "Auth-Type = Reject" and not "Auth-Type := > > Reject", but it is correctly rejected using radtest/radclient, and I > > believe the "=" operand to be correct. > > You might have this: > > authorize { > ... > chap > sql > ... > } > > ..and Auth-Type is already set by chap, hence "=" doesn't overwrite it. > > Anyway, you're not correct that "=" is the right operator; ":=" means > "force" i.e. set this attribute to this value, always, and that's what you > want to do here, right? "=" means "set if unset" > > As has also been pointed out - show "radiusd -X" for a problem auth (and > set > a subject line...) > > > > ------------------------------ > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > End of Freeradius-Users Digest, Vol 97, Issue 83 > ************************************************ >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
