FreeRADIUS as LEAP-Proxy RADIUS
Hello everybody, I would like to that : Access POINT -- CISCO ACS RADIUS -- FreeRADIUS LEAP Proxy -- LDAP How I configure the FreeRADIUS ? Do i need to configure it as a proxy or simply declare the CISCO ACS RADIUS server as a client ? Thank you in advance, for your answer. Best Regards, Idriss MAMODALY Email1 : [EMAIL PROTECTED] Email2 : [EMAIL PROTECTED] Accédez au courrier électronique de La Poste : www.laposte.net ; 3615 LAPOSTENET (0,34/mn) ; tél : 08 92 68 13 50 (0,34/mn) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting with freeradius
Hello, I'm trying to install a Radius server and I would like to do accounting. I don't know what I must do with the file 'acct_users' because when I log in, there is authentication but no accounting. what do I do Thanks, Thomas. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool: No available ip addresses in pool
Hello, I'm using 2 different ip pools. After some time my dialin users doesn't get IP addresses. iptool reported that only a small amount of avaiable ip addresses are in use. Running radiusd -X I see modcall: entering group post-auth modcall[post-auth]: module wpool returns noop rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module dpool returns noop modcall: group post-auth returns noop modcall: entering group post-auth rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: Found a stale entry for ip/port: 192.168.127.46/0 rlm_ippool: num: 0 rlm_ippool: Allocating ip to nas/port: 255.255.255.255/0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.127.46 to client on nas 255.255.255.255,port 0 modcall[post-auth]: module wpool returns ok modcall[post-auth]: module dpool returns noop modcall: group post-auth returns ok (so it's working for wpool this time). I'm running 0.9.0-pre3, the config looks so: modules { ippool wpool { session-db = ${raddbdir}/wpool-sess-db ip-index = ${raddbdir}/wpool-idx-db range-start = 192.168.127.1 range-stop = 192.168.127.127 netmask = 255.255.255.255 #netmask = 255.255.255.128 cache-size = 5000 } ippool dpool { session-db = ${raddbdir}/dpool-sess-db ip-index = ${raddbdir}/dpool-idx-db range-start = 192.168.126.160 range-stop = 192.168.126.255 netmask = 255.255.255.255 cache-size = 800 } ... } accounting { ... wpool dpool } post-auth { ... wpool dpool } So, what's wrong? Thanks for any hints! Regards, Thomas. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and LDAP
Hello all, I working under Linux Mandrake 9.0 I installed FreeRADIUS and OpenLDAP into the same server. How can I make the users autentication via LDAP? Do you have bibliography? Thanks Octavio As a matter, I just need the name and the VLAN ID in the LDAP server to authenticate the users. The user's certificates are checked with the root certificate. After, I won't have to modify the user file, all will be in the LDAP server. But I don't know how I can set the user file to do this ! If someone can help me ?? Thanks Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and LDAP
On Thu, Jul 17, 2003 at 11:36:54AM +0200, Octavio Ramirez Rojas wrote: Hello all, I working under Linux Mandrake 9.0 I installed FreeRADIUS and OpenLDAP into the same server. How can I make the users autentication via LDAP? Do you have bibliography? the comments in radiusd.conf, the archive of this list, doc/rlm_ldap Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool
i have a big problem, the file rlm_ippool does not exist , is it normal? how can i have ths file? do i create them ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
Hi, add rlm_ippool at src/modules/stable and compile freeradius again. Regards, Thomas. labis siegfried wrote: i have a big problem, the file rlm_ippool does not exist , is it normal? how can i have ths file? do i create them ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius with ldap
Hello, Is there anyone with examples of configuration files(radiusd.conf, users,...) for freeradius with ldap. If there any steps to follow and examples file I will appreciate Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Difference between pgsql_schema and start/stop queries
Hi list/Peter, In the billing/pgsql-voip.conf, the INSERT queries have column names such as, RadiusServerName, AcctSessionId, AcctUniqueId. But in the schema file this columns are not created in the startvoip,starttelephony,... tables. Do you suggest I create these fields in the tables or remove them from the INSERT queries. Or am I missing something? Thanks, Umut - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Replication
Hi, Example : I have many local radius server with different config I have a single radius server that it's used for modify, add, delete users-group...etc configs I would want that the single user updates the local servers with his new infos it's possible and how can do it ? Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Difference between pgsql_schema and start/stop queries
I forgot to say, I'm talking about the files that I just checked out from CVS a bit ago. destan writes: Hi list/Peter, In the billing/pgsql-voip.conf, the INSERT queries have column names such as, RadiusServerName, AcctSessionId, AcctUniqueId. But in the schema file this columns are not created in the startvoip,starttelephony,... tables. Do you suggest I create these fields in the tables or remove them from the INSERT queries. Or am I missing something? Thanks, Umut - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Replication
Put all the user information in a MySQL database and then replicate de database to the other servers. http://www.frontios.com/freeradius.html Bye, Joao Frade -Original Message- From: Broussard Philippe [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 17 de Julho de 2003 11:29 To: [EMAIL PROTECTED] Subject: Replication Hi, Example : I have many local radius server with different config I have a single radius server that it's used for modify, add, delete users-group...etc configs I would want that the single user updates the local servers with his new infos it's possible and how can do it ? Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stored procedures on MsSQL
Hi, Anyone knows if it's possible to use stored procedures on Micosoft SQL Server with FreeRadius ? Mvh, Regards, Eivind Ravndal NetPower Int - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
importing db_postgresql.sql file
Hi all I'm trying to import the db_postgresql.sql file that comes with =freeradius-0.9.0-pre3=20into postgres. I'm using \copy /filename and I get the following error :\copy : parse error at end of line Any idea what may be causing this ? ThanksBarry
Re: importing db_postgresql.sql file
On Thu, 17 Jul 2003 [EMAIL PROTECTED] wrote: Hi all I'm trying to import the db_postgresql.sql file that comes with = freeradius-0.9.0-pre3=20 into postgres. I'm using \copy /filename and I get the following error : \copy : parse error at end of line Any idea what may be causing this ? createdb myfavouritedbname psql -f db_postgresql.sql myfavouritedbname Geller Sandor [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: importing db_postgresql.sql file
[EMAIL PROTECTED] wrote: I'm using \copy /filename and I get the following error : \copy : parse error at end of line Any idea what may be causing this ? Yes. Use \i filename instead. \copy is the wrong command. -- Regards, Daryl Tester, Software Wrangler and Bit Herder, IOCANE Pty. Ltd. SCO Rep: Linux must die! We shall prevail! Offsider: Bill, they can see your shirt sleeve. -- http://ars.userfriendly.org/cartoons/?id=20030609 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Difference between pgsql_schema and start/stop queries
On Thu, 17 Jul 2003 01:31 pm, destan wrote: I forgot to say, I'm talking about the files that I just checked out from CVS a bit ago. destan writes: Hi list/Peter, In the billing/pgsql-voip.conf, the INSERT queries have column names such as, RadiusServerName, AcctSessionId, AcctUniqueId. But in the schema file this columns are not created in the startvoip,starttelephony,... tables. Do you suggest I create these fields in the tables or remove them from the INSERT queries. Or am I missing something? Hi Umut As I said to you off list last night, the files got a little out of sync, and I will fix them today. Actually I updated the -rbranch_0_9 in CVS late last night but have not yet double checked it or copied that code over into normal CVS. I will have it done in an hour or so. I have been rather busy this morning... Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius debian dependencies
From: Kirt Runolfson Sent: Thursday, 17 July 2003 8:36 AM Kirt Runolfson [EMAIL PROTECTED] wrote: I really don't want these x packages installed on my radius server. Since I don't intend to use odbc, how can I remove the dependency on libiodbc2? Or is my best bet some other method? Alan DeKok wrote: Don't configure the sql module to use iodbc, and it won't be linked against. Thank you for the response Alan. I tried using the --without-rlm_sql configure option in the debian/rules script, but that broke the package build. You could try removing iodbc from src/modules/rlm_sql/stable, if you don't want it to build. It shouldn't _break_ the packaging in any way... Leaving out the entire rlm_sql _will_ break things, sadly. A previous thread mentioned breaking off the rlm stuff into Yet Another debian package. There are cons to this, but I think in this case, the pros out weigh the cons. As it is now, just installing freeradius wants to install 17.5 MB worth of packages on a woody server and pulls all sorts of X packages: The following NEW packages will be installed: freeradius libfreetype6 libglib1.2 libgtk1.2 libgtk1.2-common libiodbc2 libltdl3 libsnmp-base libsnmp4.2 xfree86-common xlibs 0 packages upgraded, 11 newly installed, 0 to remove and 0 not upgraded. Need to get 6590kB of archives. After unpacking 17.6MB will be used. Blaargh! OK, that's the kind of argument I wanted to see to make splitting it out worthwhile. However, it's (I suspect) too late for 0.9.0 to have this, but 0.9.1 might be in scope. Eitherway, I'm going to bring it back onto the agenda once 0.9.0's finally done. Certainly when I looked at unixodbc it wanted to install a similarly large set of dependancies that I didn't want on my RADIUS server. However, due to -dev package conflicts, we don't get both in Debian anyway. Anyway, here's the patch to make freeradius-iodbc a seperate package: It'll save packages on your _install_ machine only, sadly. And of course if there're any problems, I'm all ears... (I'm running it locally without problems, mind you.) diff -ruN radiusd.org/debian/control radiusd/debian/control --- radiusd.org/debian/control 14 May 2003 09:04:36 - 1.33 +++ radiusd/debian/control 8 Jul 2003 11:55:54 - @@ -57,3 +57,10 @@ Description: MySQL module for FreeRADIUS server The FreeRADIUS server can use MySQL to authenticate users and do accounting, and this module is necessary for that. + +Package: freeradius-iodbc +Architecture: any +Depends: freeradius, ${shlibs:Depends} +Description: iODBC module for FreeRADIUS server + The FreeRADIUS server can use iODBC to access databases to authenticate users + and do accounting, and this module is necessary for that. diff -u -r1.43 rules --- radiusd.org/debian/rules16 Jun 2003 07:28:57 - 1.43 +++ radiusd/debian/rules8 Jul 2003 11:55:55 - @@ -84,7 +84,7 @@ rm -rf $(freeradius_dir)/usr/share/doc/freeradius-0.9-pre # split out inconvenient/controversal modules to other places - for modname in krb5 ldap mysql postgresql; do \ + for modname in krb5 ldap mysql postgresql iodbc; do \ mkdir -p $(debiandir)/$(package)-$${modname}/$(libdir); \ mv $(freeradius_dir)/$(libdir)/rlm*_$${modname}* $(debiandir)/$(package)-$${modname}/$(libdir)/; \ done @@ -131,7 +131,7 @@ rm -f stamp-build debian/{files,substvars} debian/*.debhelper [ -f Make.inc ] make distclean || true dh_clean - rm -rf $(freeradius_dir) $(debiandir)/$(package)-{ldap,postgresql,mysql,krb5}{,.substvars} + rm -rf $(freeradius_dir) $(debiandir)/$(package)-{ldap,postgresql,mysql,krb5,iodbc}{,.substvars} binary: binary-indep binary-arch diff -ruN radiusd.org/debian/freeradius-iodbc.postinst radiusd/debian/freeradius-iodbc.postinst --- radiusd.org/debian/freeradius-iodbc.postinst1970-01-01 10:00:00.0 +1000 +++ radiusd/debian/freeradius-iodbc.postinst2003-06-12 00:06:39.0 +1000 @@ -0,0 +1,21 @@ +#! /bin/sh + +set -e + +case $1 in + configure) + if [ -x /usr/sbin/invoke-rc.d ] ; then + invoke-rc.d freeradius restart + else + /etc/init.d/freeradius restart + fi + ;; + abort-upgrade) + ;; + abort-remove) + ;; + abort-deconfigure) + ;; +esac + +#DEBHELPER# diff -ruN radiusd.org/debian/freeradius-iodbc.prerm radiusd/debian/freeradius-iodbc.prerm --- radiusd.org/debian/freeradius-iodbc.prerm 1970-01-01 10:00:00.0 +1000 +++ radiusd/debian/freeradius-iodbc.prerm 2003-06-12 00:06:39.0 +1000 @@ -0,0 +1,5 @@ +#! /bin/sh + +set -e + +#DEBHELPER# -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department
RE : Replication (Complement)
Hi, Example : I have many local radius server with different config I have a single (master) radius server that it's used for modify, add, delete users-group...etc configs I would want that the single user updates the local servers with his new infos it's possible and how can do it ? I precise that authentification have made in the local server not in the master server and I use the ldap method The master is here only for the replication of the data on the local server Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Callback
How to implement Callback using freeradius ? Ricardo.
RE: rlm_ippool: No available ip addresses in pool
From: Thomas Krause (Webmatic) Sent: Thursday, 17 July 2003 7:05 PM I'm using 2 different ip pools. After some time my dialin users doesn't get IP addresses. iptool reported that only a small amount of avaiable ip addresses are in use. Running radiusd -X I see Assuming you're not out of IP addresses... modcall: entering group post-auth modcall[post-auth]: module wpool returns noop rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module dpool returns noop modcall: group post-auth returns noop So, what's wrong? Stop the server, and use ippooltool (if you can't find it, look in the mailling list archives, or google should pick it up) to make sure that your IP pools have all the entries available that you expect them to... This looks like a bug that was noticed before, but no-one had a good solution for (that I remember). -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Callback
what do you use? is a router use? your question is too vague A 09:41 17/07/03 -0300, Ricardo Batista a écrit : How to implement Callback using freeradius ? Ricardo.
small patch / create-users.pl
Hi list, just a small patch that creates INSERT statements for db use. ...if anyone needs it... Cheers, OoLee --- create-users.pl.orig2003-06-30 20:00:27.0 +0200 +++ create-users.pl 2003-07-17 15:02:57.0 +0200 @@ -3,12 +3,18 @@ # Purpose: create lots of random users and passes # for testing your radius server # Read doc/README.testing for more information +# 2003-07: Added loop to create INSERTS for db-backends + +# Change here the name of the db table +$authcheck_table = radcheck; $passfile = ./passwd; $shadfile = ./shadow; $radfile = ./radius.test; $nocrypt = ./passwd.nocrypt; $users = ./radius.users; +$sql = ./radius.users.sql; + if($ARGV[0] eq ) { print \n\tUsage: $0 number of users\n\n; @@ -24,6 +30,7 @@ open(RAD, $radfile) || die Can't open $radfile; open(NOCRYPT, $nocrypt) || die Can't open $nocrypt; open(USERS, $users) || die Can't open $users; +open(SQL, $sql) || die Can't open $sql; for ($num=0; $num$numusers; $num++) { # generate username @@ -51,6 +58,7 @@ printf RAD User-Name=$username, User-Password=$password,NAS-IP-Address=127.0.0.1,NAS-Port-Id=0\n\n; print NOCRYPT $username:$password\n; print USERS $username Auth-Type:=Local, User-Password==\$password\\n\tClass=\0x$num\\n\n; + print SQL INSERT INTO $authcheck_table (username,attribute,op,value) VALUES ('$username','User-Password','==','$password');\n; } close(PASS); @@ -58,4 +66,6 @@ close(RAD); close(NOCRYPT); close(USERS); +close(SQL); + print \nCreated $numusers random users and passwords\n\n; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
In 0.8.1 and before you need to set --enable-experimental modules . With 0.9-pre1 and up the module will be compiled by itself, check the dependencies and the output of configure On Thu, 2003-07-17 at 04:43, labis siegfried wrote: i have a big problem, the file rlm_ippool does not exist , is it normal? how can i have ths file? do i create them ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous use of two DBs
Hi, I want to log start/stop packets in postgresql and use DB2 for authentication information. All my user information resides in DB2.. I cannot migrate it to postgresql. I couldn't figure out how I could do this in sql.conf.. Anyone has any suggestions or documents about this? Thanks Ali Gunduz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RES: Callback
I agree, but I sent this message and anybody answer me. Here you are : I have a problem using Callback. When I connect in Portmaster the radius proceed the authentication but a prompt appears Login and Password. I dont know whats happen Then a try some users/passwords but callback doesnt happens. In sniffer I see Invalid login A have the follow configuration in Radius : Auth-Type := Local, Password == x Service-Type = Callback-Login-User, Login-Service = PortMaster, Callback-Number = I need to configure any think in Portmaster ? What ? Can you send the commands ? My final project is : I user dials using windows XP/2K to Portmaster à Radius Authentic and do the callback à WINDOWS XP answers and access the network. Ps.: Radius send IP Address/Mask /Gateway/DNS etc. A main idea is let the Radius to do all process, to eliminate or to use the minimum possible of configurations in PMaster. Im using Portmaster 2 an 2e COMOS 3.7 and Freeradius 0.4. Can you help me ? I need a lot to solve this problem as soon as possible. Thank you and best regards. Ricardo. -Mensagem original- De: [EMAIL PROTECTED]cistron.nl [mailto:[EMAIL PROTECTED] Em nome de labis siegfried Enviada em: quinta-feira, 17 de julho de 2003 10:02 Para: Ricardo Batista; [EMAIL PROTECTED]cistron.nl Assunto: Re: Callback what do you use? is a router use? your question is too vague A 09:41 17/07/03 -0300, Ricardo Batista a écrit : How to implement Callback using freeradius ? Ricardo.
RE: Simultaneous use of two DBs
I don't know for sure about DB2 and Postgres but databases I am familiar with (Oracle, SqlServer, MySql) have the ability to export and import tables via csv files. That would let you move the data. There are also some commercial utilities to let you do it, and there are ODBC drivers available for most databases as well. Depending on the referential integrity that is implemented and the features of your particular database, the order that you import them may be important. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ali Gunduz Sent: Thursday, July 17, 2003 8:25 AM To: [EMAIL PROTECTED] Subject: Simultaneous use of two DBs Hi, I want to log start/stop packets in postgresql and use DB2 for authentication information. All my user information resides in DB2.. I cannot migrate it to postgresql. I couldn't figure out how I could do this in sql.conf.. Anyone has any suggestions or documents about this? Thanks Ali Gunduz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Simultaneous use of two DBs
Well, I'm sure there are some migration utilities but I can't stop using DB2 (management's decision).. I can't use DB2 for start/stop packet logging (that's another issue that can't be solved) So I have to use DB2 for authentication purposes and I have to use postgresql (or any other lightweight DB) for logging purposes.. Any more suggestions? :) Thanks Ali -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim McCracken Sent: Thursday, July 17, 2003 16:51 To: [EMAIL PROTECTED] Subject: RE: Simultaneous use of two DBs I don't know for sure about DB2 and Postgres but databases I am familiar with (Oracle, SqlServer, MySql) have the ability to export and import tables via csv files. That would let you move the data. There are also some commercial utilities to let you do it, and there are ODBC drivers available for most databases as well. Depending on the referential integrity that is implemented and the features of your particular database, the order that you import them may be important. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ali Gunduz Sent: Thursday, July 17, 2003 8:25 AM To: [EMAIL PROTECTED] Subject: Simultaneous use of two DBs Hi, I want to log start/stop packets in postgresql and use DB2 for authentication information. All my user information resides in DB2.. I cannot migrate it to postgresql. I couldn't figure out how I could do this in sql.conf.. Anyone has any suggestions or documents about this? Thanks Ali Gunduz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Simultaneous use of two DBs
Define 2 db instances. Use one for autentication and the other for accounting. Joao Frade -Original Message- From: Ali Gunduz [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 17 de Julho de 2003 14:59 To: [EMAIL PROTECTED] Subject: RE: Simultaneous use of two DBs Well, I'm sure there are some migration utilities but I can't stop using DB2 (management's decision).. I can't use DB2 for start/stop packet logging (that's another issue that can't be solved) So I have to use DB2 for authentication purposes and I have to use postgresql (or any other lightweight DB) for logging purposes.. Any more suggestions? :) Thanks Ali -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim McCracken Sent: Thursday, July 17, 2003 16:51 To: [EMAIL PROTECTED] Subject: RE: Simultaneous use of two DBs I don't know for sure about DB2 and Postgres but databases I am familiar with (Oracle, SqlServer, MySql) have the ability to export and import tables via csv files. That would let you move the data. There are also some commercial utilities to let you do it, and there are ODBC drivers available for most databases as well. Depending on the referential integrity that is implemented and the features of your particular database, the order that you import them may be important. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ali Gunduz Sent: Thursday, July 17, 2003 8:25 AM To: [EMAIL PROTECTED] Subject: Simultaneous use of two DBs Hi, I want to log start/stop packets in postgresql and use DB2 for authentication information. All my user information resides in DB2.. I cannot migrate it to postgresql. I couldn't figure out how I could do this in sql.conf.. Anyone has any suggestions or documents about this? Thanks Ali Gunduz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and LDAP
ok, I modified radiusd.conf to ldap autentication, into the database of openldap (*.dbd) I have users, what is the command that I must to add to specify that database??? and... What is the command to test if all this is correct? Regards Le jeu 17/07/2003 à 11:39, Oliver Graf a écrit : On Thu, Jul 17, 2003 at 11:36:54AM +0200, Octavio Ramirez Rojas wrote: Hello all, I working under Linux Mandrake 9.0 I installed FreeRADIUS and OpenLDAP into the same server. How can I make the users autentication via LDAP? Do you have bibliography? the comments in radiusd.conf, the archive of this list, doc/rlm_ldap Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius debian dependencies
Kirt Runolfson [EMAIL PROTECTED] wrote: A previous thread mentioned breaking off the rlm stuff into Yet Another debian package. There are cons to this, but I think in this case, the pros out weigh the cons. As it is now, just installing freeradius wants to install 17.5 MB worth of packages on a woody server and pulls all sorts of X packages: It's inappropriate, I agree. My suggestion is to put as many modules as possible into the base distribution, which will make a simple working server. pap, chap, mschap, eap-md5, detail, radutmp, ... The modules which pull in massive amounts of libraries should probably each be in a seperate package: sql, ldap, ... The following NEW packages will be installed: freeradius libfreetype6 libglib1.2 libgtk1.2 libgtk1.2-common libiodbc2 libltdl3 libsnmp-base libsnmp4.2 xfree86-common xlibs xlibs? What the heck for? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MS-CHAP and PAP
Hi all, I am currently using DTC radius to authenticate IPsec users by PAP on VPN (Contivity) box. Now I want to support PPTP and it is required to support MS-CHAP in radius. Then I am trying to use FreeRadius. As my user is over 20,000, I must shift (collect clear password) slowly. So I am now considering to use passwd and smbpasswd file simultaneously. This means that radius searches smbpasswd file first, and if it can find the user, authenticates by MS-CHAP. If not, radius searches passwd file next. And if it can find the user in passwd file, authenticates by PAP. Would someone tell me the settings of radiusd.conf and users file? Or is there any other solution? Thanks in advance, Kouji Nishimura Information Media Center Hiroshima University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP and PAP
Kouji Nishimura [EMAIL PROTECTED] wrote: So I am now considering to use passwd and smbpasswd file simultaneously. This means that radius searches smbpasswd file first, and if it can find the user, authenticates by MS-CHAP. If not, radius searches passwd file next. And if it can find the user in passwd file, authenticates by PAP. That won't work. The RADIUS client sends either a request with MS-CHAP, or one with a User-Password. So the server cannot handle both. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stopping radius responding
Hiya Not sure if I have asked this already... I need to be able to have freeRadius not respond AT ALL if it cannot contact any databases, as opposed to sending auth rejections. The logic (crazy as it sounds initially) is this. Imagine the setup. 3 locations (A,B C) each with their own NAS (A,B C) and also each with their own FreeRADIUS (A,B C). They are configured so that NAS A talks to RADIUS A primarily, and then fails over to RADIUS B or C, and equivalent for each of the other sites. RADIUS A is configured to use it's local database as well as the databases of RADIUS B C, and the same for the other RADIUS servers. Now. Suppose there are some problems, and RADIUS A cannot talk to it's local db, but also cannot talk to RADIUS B or C's db's. It is going to send out Auth Rejects for every request NAS A sends to it. This doesn't sound too much like a problem, except that NAS A can see RADIUS B without issue and RADIUS B is still happy. So what we have here is a NAS refusing connections due to RADIUS A, when infact if RADIUS A didn't respond it would try using RADIUS B, and be able to authenticate connections. I know this situation is very unlikley, but I am sure most people are aware that 1 in a million chances happen 9 times out of 10 (especially when computers are involved! :) ) Is it possible to configure this into freeRADIUS? or am I going to require some sort of exterior monitor to kill off freeRADIUS should this occur? Thanks for your help -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Sales : 0870 6000 971 Fax : 0870 6000 972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Replication
I have found that openldap works the best for this. Connect all of your radius servers to an ldap directory and put the changes there. If you want to have more than one directory then use openldap's built in replication. schu Broussard Philippe wrote: Hi, Example : I have many local radius server with different config I have a single radius server that it's used for modify, add, delete users-group...etc configs I would want that the single user updates the local servers with his new infos it's possible and how can do it ? Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Stopping radius responding
Use something like this: Modules { ... always handled { rcode = handled } ... } authorize { ... redundant { sql_master primary db sql_slave secondary db handled } ... } -Original Message- From: Graeme Hinchliffe [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 17 de Julho de 2003 16:33 To: freeradius-users Subject: Stopping radius responding Hiya Not sure if I have asked this already... I need to be able to have freeRadius not respond AT ALL if it cannot contact any databases, as opposed to sending auth rejections. The logic (crazy as it sounds initially) is this. Imagine the setup. 3 locations (A,B C) each with their own NAS (A,B C) and also each with their own FreeRADIUS (A,B C). They are configured so that NAS A talks to RADIUS A primarily, and then fails over to RADIUS B or C, and equivalent for each of the other sites. RADIUS A is configured to use it's local database as well as the databases of RADIUS B C, and the same for the other RADIUS servers. Now. Suppose there are some problems, and RADIUS A cannot talk to it's local db, but also cannot talk to RADIUS B or C's db's. It is going to send out Auth Rejects for every request NAS A sends to it. This doesn't sound too much like a problem, except that NAS A can see RADIUS B without issue and RADIUS B is still happy. So what we have here is a NAS refusing connections due to RADIUS A, when infact if RADIUS A didn't respond it would try using RADIUS B, and be able to authenticate connections. I know this situation is very unlikley, but I am sure most people are aware that 1 in a million chances happen 9 times out of 10 (especially when computers are involved! :) ) Is it possible to configure this into freeRADIUS? or am I going to require some sort of exterior monitor to kill off freeRADIUS should this occur? Thanks for your help -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Sales : 0870 6000 971 Fax : 0870 6000 972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting CISCO MySQL problem! Need HELP!! URGENT!
Hi there, I bukld CISCO h323 accounting using FreeRadius, first problem is that I do accounting start-stop packets, It works well, it is full info in radacct files, but I have the problem with MySQL. I have no disconnect couse in MySQL base! It works only when I make only Stop packets accounting. I've changed sql.conf file like this: accounting_onoff_query = UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' accounting_update_query = UPDATE ${acct_table1} SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct- Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0 accounting_start_query = INSERT into ${acct_table1} (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') accounting_start_query_alt = UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0 accounting_stop_query = UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputO ctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0 accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddre ss, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '0', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{h323-disconnect-cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}') Maybe something is wrong. Please help!!! It is really URGENT! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Search under several OU
Hello, I am trying to implement Freeradius 0.8 with Active Directory (LDAP). Here is the LDAP part of the radiusd.conf file: . . . identity = "CN=radiustest,CN=Users,DC=mycompany,DC=w2k"password = radiusbasedn = "CN=Users,DC=mycompany,DC=w2k"filter = "(sAMAccountName=%u)" . . . When I try to authenticate a user which is under the OU "Users", it works correctly, but as soon as the to be authenticated user is under another OU,the radius serverdoes not succed in finding it, even if I update the basedn as basedn = "DC=mycompany,DC=w2k" Is there a way to tell the radius server that it should search under all the OU of the "DC=mycompany,DC=w2k"? Thank you in advance, Best Regards, Simpel Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
Securid PAM with Freeradius
I saw a couple of messages dated earlier this month referring to the use of the SecurID PAM module and Freeradius. Does anyone have this working? If so, can you please tell me how it is configured? Best Regards, Roger McClurg [EMAIL PROTECTED] This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
example from mysql
Hello, Can anyone send me an example database so I can see what everything will look like? I would really appreciate it. Thanks in advance! Bryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: example from mysql
Hello Brian just loock here: http://www.frontios.com/freeradius.html when I has need a help I've used thit link! Very useful! Oleg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bryan Koschmann - GKT Sent: Thursday, July 17, 2003 8:28 PM To: Freeradius List Subject: example from mysql Hello, Can anyone send me an example database so I can see what everything will look like? I would really appreciate it. Thanks in advance! Bryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Accounting CISCO MySQL problem! Need HELP!! URGENT!
Hi there, I've this problem solved, but still follow problem: When I account only stop packets, I have succesful call records in the MySQL, where is unsuccessful? What I need change? Oleg Please help urgent! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Oleg Ustinov Sent: Thursday, July 17, 2003 7:35 PM To: [EMAIL PROTECTED] Subject: Accounting CISCO MySQL problem! Need HELP!! URGENT! Hi there, I bukld CISCO h323 accounting using FreeRadius, first problem is that I do accounting start-stop packets, It works well, it is full info in radacct files, but I have the problem with MySQL. I have no disconnect couse in MySQL base! It works only when I make only Stop packets accounting. I've changed sql.conf file like this: accounting_onoff_query = UPDATE ${acct_table1} SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' accounting_update_query = UPDATE ${acct_table1} SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct- Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStopTime = 0 accounting_start_query = INSERT into ${acct_table1} (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') accounting_start_query_alt = UPDATE ${acct_table1} SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0 accounting_stop_query = UPDATE ${acct_table2} SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputO ctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0 accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId, AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddre ss, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '0', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{h323-disconnect-cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}') Maybe something is wrong. Please help!!! It is really URGENT! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
H323 Accounting Information error
Hi there, is it an error? h323-call-type = h323-call-type=VoIP h323-setup-time = h323-setup-time=06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = h323-connect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = h323-disconnect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = h323-disconnect-cause=1C h323-remote-address = h323-remote-address=212.119.32.112 h323-voice-quality = h323-voice-quality=0 h323-conf-id = h323-conf-id=2F655453 B4ED11D7 80F8FCBE 79B038C9 Why it is not like that: h323-call-type = VoIP h323-setup-time = 06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = 1C h323-remote-address = 212.119.32.112 h323-voice-quality = 0 h323-conf-id = 2F655453 B4ED11D7 80F8FCBE 79B038C9 Has anybody solve it? Oleg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: H323 Accounting Information error
Got the same, but what is more interesting - I've got both formats from the same cisco. It's nice. First format is from our post-paid service, second from the pre-paid. On 9:24pm, Oleg Ustinov wrote: is it an error? h323-call-type = h323-call-type=VoIP h323-setup-time = h323-setup-time=06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = h323-connect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = h323-disconnect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = h323-disconnect-cause=1C h323-remote-address = h323-remote-address=212.119.32.112 h323-voice-quality = h323-voice-quality=0 h323-conf-id = h323-conf-id=2F655453 B4ED11D7 80F8FCBE 79B038C9 Why it is not like that: h323-call-type = VoIP h323-setup-time = 06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = 1C h323-remote-address = 212.119.32.112 h323-voice-quality = 0 h323-conf-id = 2F655453 B4ED11D7 80F8FCBE 79B038C9 Has anybody solve it? Oleg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Gregory G. V. --- Any opinions in this posting are my own and not those of my present or previous employers. According Isham Research's Devil's IT Dictionary mainframe is: an obsolete device still used by thousands of obsolete companies serving billions of obsolete customers and making huge obsolete profits for their obsolete shareholders. And this year's run twice as fast as last year's. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius benchmark
What is a good tool for radius benchmarking? Jeremy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius-0.9.0-pre3 on BSDI4.3, Makefile error
Hi I'm trying to install freeradius-0.9.0-on BSDI4.3 doing: ./configure make make install but when i do make, i get the following: Makefile, line 10: Need an operator Fatal errors encountered -- cannot continue and line 10 is: include Make.inc Can anybody help me? Thanks Guillermo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-0.9.0-pre3 on BSDI4.3, Makefile error
Make sure you are using gmake and not make. I had the same problem. If you cant use gmake, you will need to paste the contents of Make.inc into you Makefile, but I don't recommend it. Ross Reed -Original Message- From: Guillermo Delmastro [mailto:[EMAIL PROTECTED] Sent: Thursday, July 17, 2003 4:01 PM To: [EMAIL PROTECTED] Subject: Freeradius-0.9.0-pre3 on BSDI4.3, Makefile error Hi I'm trying to install freeradius-0.9.0-on BSDI4.3 doing: ./configure make make install but when i do make, i get the following: Makefile, line 10: Need an operator Fatal errors encountered -- cannot continue and line 10 is: include Make.inc Can anybody help me? Thanks Guillermo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dictionary for Nortel's Passport 1000/8000 products
hi, i've tested the following dictionary using freeradius 0.8.1. could you please include this dictionary in the next release? and since Bay-Networks merged with/bought by Nortel; is it possible to combine the two and name the dictionary file as dictionary.nortel? thank you. # dictionary.nortel - Nortel Networks Passport 1000,8000 dictionary # ATTRIBUTE Access-Priority 192 integer Nortel VALUE Access-Priority None-Access 0 VALUE Access-Priority Read-Only-Access1 VALUE Access-Priority L1-Read-Write-Access2 VALUE Access-Priority L2-Read-Write-Access3 VALUE Access-Priority L3-Read-Write-Access4 VALUE Access-Priority Read-Write-Access 5 VALUE Access-Priority Read-Write-All-Access 6 ATTRIBUTE Cli-Command 193 string Nortel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
Who has the ippooltool module working in Solaris? I cant compile it: # make gcc -o iptool iptool.c -I/usr/local/include -L/usr/local/lib -lgdbm Undefined first referenced symbol in file inet_ntoa /var/tmp//cc5pKDtj.o ld: fatal: Symbol referencing errors. No output written to iptool collect2: ld returned 1 exit status make: *** [iptool] Error 1 On Thu, 2003-07-17 at 08:01, Paul Hampson wrote: From: Thomas Krause (Webmatic) Sent: Thursday, 17 July 2003 7:05 PM I'm using 2 different ip pools. After some time my dialin users doesn't get IP addresses. iptool reported that only a small amount of avaiable ip addresses are in use. Running radiusd -X I see Assuming you're not out of IP addresses... modcall: entering group post-auth modcall[post-auth]: module wpool returns noop rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module dpool returns noop modcall: group post-auth returns noop So, what's wrong? Stop the server, and use ippooltool (if you can't find it, look in the mailling list archives, or google should pick it up) to make sure that your IP pools have all the entries available that you expect them to... This looks like a bug that was noticed before, but no-one had a good solution for (that I remember). -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
Lame me! add -lsocket -lnsl to the compilation flags... Seems I am 2 tired after 18 hours of work. C ya On Thu, 2003-07-17 at 16:34, Gustavo Lozano wrote: Who has the ippooltool module working in Solaris? I cant compile it: # make gcc -o iptool iptool.c -I/usr/local/include -L/usr/local/lib -lgdbm Undefined first referenced symbol in file inet_ntoa /var/tmp//cc5pKDtj.o ld: fatal: Symbol referencing errors. No output written to iptool collect2: ld returned 1 exit status make: *** [iptool] Error 1 On Thu, 2003-07-17 at 08:01, Paul Hampson wrote: From: Thomas Krause (Webmatic) Sent: Thursday, 17 July 2003 7:05 PM I'm using 2 different ip pools. After some time my dialin users doesn't get IP addresses. iptool reported that only a small amount of avaiable ip addresses are in use. Running radiusd -X I see Assuming you're not out of IP addresses... modcall: entering group post-auth modcall[post-auth]: module wpool returns noop rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module dpool returns noop modcall: group post-auth returns noop So, what's wrong? Stop the server, and use ippooltool (if you can't find it, look in the mailling list archives, or google should pick it up) to make sure that your IP pools have all the entries available that you expect them to... This looks like a bug that was noticed before, but no-one had a good solution for (that I remember). -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: H323 Accounting Information error
You need to enable: with_cisco_vsa_hack = yes That will fix your problem. I also highly recommend you look at the src/billing directory as it has a sample config for doing VoIP accounting from Cisco. You will have to use Postgresql instead of MySQL though if you want to use the config there as it relies on some features of Postgresql that MySQL cannot do. You should get the latest version from CVS as I updated it about 3 hours ago... Regards Peter On Thu, 17 Jul 2003 10:24 pm, Oleg Ustinov wrote: Hi there, is it an error? h323-call-type = h323-call-type=VoIP h323-setup-time = h323-setup-time=06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = h323-connect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = h323-disconnect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = h323-disconnect-cause=1C h323-remote-address = h323-remote-address=212.119.32.112 h323-voice-quality = h323-voice-quality=0 h323-conf-id = h323-conf-id=2F655453 B4ED11D7 80F8FCBE 79B038C9 Why it is not like that: h323-call-type = VoIP h323-setup-time = 06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = 1C h323-remote-address = 212.119.32.112 h323-voice-quality = 0 h323-conf-id = 2F655453 B4ED11D7 80F8FCBE 79B038C9 Has anybody solve it? Oleg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: H323 Accounting Information error
Hello, I have version 0.8.1 and there is no src/billing Next one question - where I need enable with_cisco_vsa_hack = yes please. Oleg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peter Nixon Sent: Friday, July 18, 2003 1:06 AM To: [EMAIL PROTECTED] Subject: Re: H323 Accounting Information error You need to enable: with_cisco_vsa_hack = yes That will fix your problem. I also highly recommend you look at the src/billing directory as it has a sample config for doing VoIP accounting from Cisco. You will have to use Postgresql instead of MySQL though if you want to use the config there as it relies on some features of Postgresql that MySQL cannot do. You should get the latest version from CVS as I updated it about 3 hours ago... Regards Peter On Thu, 17 Jul 2003 10:24 pm, Oleg Ustinov wrote: Hi there, is it an error? h323-call-type = h323-call-type=VoIP h323-setup-time = h323-setup-time=06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = h323-connect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = h323-disconnect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = h323-disconnect-cause=1C h323-remote-address = h323-remote-address=212.119.32.112 h323-voice-quality = h323-voice-quality=0 h323-conf-id = h323-conf-id=2F655453 B4ED11D7 80F8FCBE 79B038C9 Why it is not like that: h323-call-type = VoIP h323-setup-time = 06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = 1C h323-remote-address = 212.119.32.112 h323-voice-quality = 0 h323-conf-id = 2F655453 B4ED11D7 80F8FCBE 79B038C9 Has anybody solve it? Oleg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
typo in pgsql-voip.conf from Peter
Hi Peter/All I just check the last updates of your voip config, and have noticed a little typo: in the insert stop query of pgsql-voip.conf accounting_stop_query = INSERT into ${acct_table2}%{h323-call-type} \ (RadiusServerName, UserName, NASIPAddress, AcctTime, \ AcctSessionTime, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, \ AcctDelayTime, H323RemoteAddress, CiscoNASPort, h323callorigin, h323confid, \ h323connecttime, h323disconnectcause, h323disconnecttime, h323gwid, h323setuptime) \ values('${radius_server_name}', '%{SQL-User-Name}', '%{NAS-IP-Address}', now(), '%{Acct-Session-Time:-0}', \ '%{Acct-Input-Octets:-0}', '%{Acct-Output-Octets:-0}', '%{Called-Station-Id}', '%{Calling-Station-Id}', \ '%{Acct-Delay-Time:-0}', NULLIF('%{h323-remote-address}', '')::inet', '%{Cisco-NAS-Port}', \ '%{h323-call-origin}', '%{h323-conf-id}', strip_dot('%{h323-connect-time}'), '%{h323-disconnect-cause}', \ strip_dot('%{h323-disconnect-time}'), '%{h323-gw-id}', strip_dot('%{h323-setup-time}')) in the '%{h323-remote-address}', '')::inet' part, you have to drop the last ' after the ::inet, otherwise the record will not be inserted, giving POSTGRES FATAL ERROR, Hope this help, Bye - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: H323 Accounting Information error
Oops, sorry, have check CVS... But we use MySQL database... Oleg -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Peter Nixon Sent: Friday, July 18, 2003 1:06 AM To: [EMAIL PROTECTED] Subject: Re: H323 Accounting Information error You need to enable: with_cisco_vsa_hack = yes That will fix your problem. I also highly recommend you look at the src/billing directory as it has a sample config for doing VoIP accounting from Cisco. You will have to use Postgresql instead of MySQL though if you want to use the config there as it relies on some features of Postgresql that MySQL cannot do. You should get the latest version from CVS as I updated it about 3 hours ago... Regards Peter On Thu, 17 Jul 2003 10:24 pm, Oleg Ustinov wrote: Hi there, is it an error? h323-call-type = h323-call-type=VoIP h323-setup-time = h323-setup-time=06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = h323-connect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = h323-disconnect-time=06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = h323-disconnect-cause=1C h323-remote-address = h323-remote-address=212.119.32.112 h323-voice-quality = h323-voice-quality=0 h323-conf-id = h323-conf-id=2F655453 B4ED11D7 80F8FCBE 79B038C9 Why it is not like that: h323-call-type = VoIP h323-setup-time = 06:48:02.621 CEST Mon Jul 14 2003 h323-connect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-time = 06:48:02.765 CEST Mon Jul 14 2003 h323-disconnect-cause = 1C h323-remote-address = 212.119.32.112 h323-voice-quality = 0 h323-conf-id = 2F655453 B4ED11D7 80F8FCBE 79B038C9 Has anybody solve it? Oleg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Updated User Survey - Which DB backend do you use?
* Peter Nixon [EMAIL PROTECTED] [2003-07-14 09:59]: On Mon, 14 Jul 2003 10:30 am, Peter Nixon wrote: a) If you use a Database backend for FreeRadius which one do you use? most users are stored in ldap, some in oracle. d) If you do use a DB backend for FR do you use the default SQL queries that come with FR or have you written your own? If you wrote your own, would you mind sharing them with us (with a description please)? we have our own: authorize_check_query = SELECT 1,'%{SQL-User-Name}','User-Password',radius.getPWD('%{SQL-User-Name}'),'==' FROM DUAL authorize_reply_query = SELECT id,GroupName,Attribute,Value,op,DECODE (z.checkresult, 'invalidpassword0001','reject','wlan') FROM radgroupreply o, (SELECT radius.getPWD('%{SQL-User-Name}') checkresult FROM DUAL ) z WHERE o.GroupName = DECODE (z.checkresult, 'invalidpassword0001','reject','wlan') ORDER BY o.id unfortunately i don't know much about oracle, but we're basically just calling a few functions here (sorry, can't post them here now cause i don't have access to them). an sms gateway generates a one-time password and stores it in oracle, radius calls a function which checks if username/password are correct, if the password is not older than 2 hours, and if the user is provisioned for this service. as soon as we receive an accounting start packet, the password is set invalid. accounting is also done in oracle. so long, randy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: H323 Accounting Information error
Oops, sorry, have check CVS... But we use MySQL database... Submit a patch or adapt some how. -- Steve - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html