Re: use_tunneled_reply
[EMAIL PROTECTED] wrote: > > Did you set "User-Name = novelluser" in the *reply* for the tunneled > > session? > > H...I did not explicitly do this. How to? Set it as a reply attribute? user blah-blah = blah User-Name = `%{User-Name}` > > You can verify that, independent of EAP, but using "radtest" with > > the name & password of the tunneled user. > > I'm testing this now, but don't see the same "Access-Accept" message in > the debug output. Guess I'm still missing something. You will see the INNER TUNNEL Access-Accept. The reply attributes in that Access accept are the ones which will be copied to the outer tunnel, when TTLS is used. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius & BSDi 4.2
"Edward Rempala" <[EMAIL PROTECTED]> wrote > (Our Modem Racks gives that out - USR Total Control). When you try to go to > a webpage 99% of the time it just times out. So we turn off FR and turn on > the old radius server, and everything is fine again. > > Has anyone seen something like this before? It's always a configuration problem. i.e. You've configured FreeRADIUS to send different responses than the other server. Make FreeRADIUS send EXACTLY the same response as the other server, and it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use_tunneled_reply
Hi, > > You can verify that, independent of EAP, but using "radtest" with > > the name & password of the tunneled user. > > I'm testing this now, but don't see the same "Access-Accept" message in > the debug output. Guess I'm still missing something. Keep in mind that contrary to the "normal" RADIUS protocols where you just send a request and get an answer, EAP protocols are rather involved beasts, exchanging several packets between client and server before you get the final answer. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use_tunneled_reply
- Original Message - From: Alan DeKok <[EMAIL PROTECTED]> Date: Saturday, June 18, 2005 11:46 am Subject: Re: use_tunneled_reply > [EMAIL PROTECTED] wrote: > > This leads a dunce like me to believe that radius will send a > reply > > back to AP/NAS that has User-Name equaling "novelluser", rather > > than "anonymous". > > Did you set "User-Name = novelluser" in the *reply* for the tunneled > session? H...I did not explicitly do this. How to? > > You can verify that, independent of EAP, but using "radtest" with > the name & password of the tunneled user. I'm testing this now, but don't see the same "Access-Accept" message in the debug output. Guess I'm still missing something. > > > I looked in the debug output (radiusd -A -X, right?). I think > this is > > what I am supposed to look for: > > Look at the REST of the debug output. It tells you what the reply > is in the tunnel, and what it's copying back to the outer session. > > Please, when you're reading the debug log, do MORE than just look at > the last few lines. Will do. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in DB
Hey Guys, I am trying to install the freeradius in sql on my server when I do the db dump I get the following error: mysql -u -pxx radius < db_mysql.sql ERROR 1067 (42000) at line 155: Invalid default value for 'id' This is the line in question: -> id int(10) DEFAULT '0' NOT NULL auto_increment, <-- Does anyone know How I can fix this problem? Thanks in Advance, Michael A Cooper BCCISP.net http://www.bccisp.net 281-854-2079 "Technology that counts, voices that matter!" - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Saturday, June 18, 2005 10:52 AM Subject: Re: 'authorize' module Edgars Klavinskis <[EMAIL PROTECTED]> wrote: it not required for me to check this in authenticate section, i just though it is the only place where I could check these passwd attributes. Can you please tell me how to check them in authorize section assuming that they are added to config_items? In the CVS head, rlm_policy. In 1.0.x, you can't. You also can't check them in the authenticate section in 1.0.x. It's a rare enough request that the server doesn't do it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.8/22 - Release Date: 6/17/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: warning "configure: error: no acceptable cc found in $PATH".
"freeradius" <[EMAIL PROTECTED]> wrote: > the system warning "configure: error: no acceptable cc found in $PATH". Any > idea why this could happen? You don't have a C compiler installed? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 'authorize' module
Edgars Klavinskis <[EMAIL PROTECTED]> wrote: > it not required for me to check this in authenticate section, i just > though it is the only place where I could check these passwd attributes. > Can you please tell me how to check them in authorize section assuming > that they are added to config_items? In the CVS head, rlm_policy. In 1.0.x, you can't. You also can't check them in the authenticate section in 1.0.x. It's a rare enough request that the server doesn't do it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use_tunneled_reply
[EMAIL PROTECTED] wrote: > This leads a dunce like me to believe that radius will send a reply > back to AP/NAS that has User-Name equaling "novelluser", rather > than "anonymous". Did you set "User-Name = novelluser" in the *reply* for the tunneled session? You can verify that, independent of EAP, but using "radtest" with the name & password of the tunneled user. > I looked in the debug output (radiusd -A -X, right?). I think this is > what I am supposed to look for: Look at the REST of the debug output. It tells you what the reply is in the tunnel, and what it's copying back to the outer session. Please, when you're reading the debug log, do MORE than just look at the last few lines. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
warning "configure: error: no acceptable cc found in $PATH".
Hi all: My OS is fedora 3. I download freeradius-1.0.4.tar.gz. After tar –zxvf it, I do # ./configure first. But the system warning “configure: error: no acceptable cc found in $PATH”. Any idea why this could happen? Thanks for any idea. Tommy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: stripping a slash?
On Fri, Jun 17, 2005 at 10:00:16AM -0500, Chris Sigler wrote: > Okay, checked into it, and we don't use a / as a delimiter at any > point that we can find. In that case, freeradius -X and see if you can spot where it's happening. -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 1.0.4 has been released.
It appears that did the trick! Thank you for your prompt attention to this matter. It is greatly appreciated! Enjoy, Steve - Original Message - From: "Andrew Thompson" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Friday, June 17, 2005 10:56 PM Subject: Re: FreeRADIUS 1.0.4 has been released. > On Fri, Jun 17, 2005 at 08:38:10PM -0400, Stephen D. Bechard wrote: > > I am still having diffuculty building the freeradius on all > > of my FreeBSD Servers with the ports collection. > > > > Here are the errors I get when trying to build the port: > > > > In file included from rlm_attr_rewrite.c:31: > > /usr/include/regex.h:46: syntax error before `regoff_t' > > /usr/include/regex.h:46: warning: type defaults to `int' in declaration of > > `regoff_t' > > This has been fixed Steve, please cvsup and try again. Sorry for the > breakage. > > > cheers, > > Andrew > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter problem
sqlcounter noresetcounter { ## Look here driver = "rlm_sqlcounter" counter-name = Max-All-Session-Time check-name = Max-All-Session ## Look here check-item = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session ## Look here check-item = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { ## Look here driver = "rlm_sqlcounter" counter-name = Monthly-Session-Time check-name = Max-Monthly-Session ## Look here check-item = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } thanks ... - Roberto Gonzalez Azevedo Carlos Martínez-Troncoso Cera wrote: ok Roberto: sqlcounter noresetcounter { counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'" } sqlcounter dailycounter { driver = "rlm_sqlcounter" counter-name = Daily-Session-Time check-name = Max-Daily-Session sqlmod-inst = sql key = User-Name reset = daily query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } sqlcounter monthlycounter { counter-name = Monthly-Session-Time check-name = Max-Monthly-Session sqlmod-inst = sql key = User-Name reset = monthly query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" } Carlos Martínez-Troncoso Cera Coordinador de Servicios Internet/Intranet Universidad del Norte Barranquilla, Colombia Tel: 57 5 3509367 Roberto Gonzalez Azevedo wrote: Show us your sqlcounter.conf ... You should define 'check-item' in sqlcounter.conf ... - Roberto Gonzalez Azevedo Carlos Martínez-Troncoso Cera wrote: Hello. I have freradius-1.0.2 with autorizathion and authentication in LDAP and accounting in MySQL. I configured to use rlm_sqlcounter to control time connections, testing with NTRadping work well but testing with my Cisco NAS it doesn´t work With my cisco NAS this is the message: rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "noresetcounter" returns noop for request 3 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "monthlycounter" returns noop for request 3 With NTRadPing the message is: rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user cmartinez, check_item=108000, counter=106750 rlm_sqlcounter: Sent Reply-Item for user cmartinez, Type=Session-Timeout, value=1250 modcall[authorize]: module "monthlycounter" returns ok for request 8 My relevant conf files: clients.conf #PC with NTRadping client 172.16.31.43/32 { secret = x shortname = Carlos type= other } #Cisco NAS client 200.106.138.14/32 { secret= xx shortname= cisco type= cisco } radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = /usr/local/lib pidfile = ${run_dir}/radiusd.pid user = radiusd group = radiusd max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 102