Re: use_tunneled_reply
[EMAIL PROTECTED] wrote:
> > Did you set "User-Name = novelluser" in the *reply* for the tunneled
> > session?
>
> H...I did not explicitly do this. How to?
Set it as a reply attribute?
user blah-blah = blah
User-Name = `%{User-Name}`
> > You can verify that, independent of EAP, but using "radtest" with
> > the name & password of the tunneled user.
>
> I'm testing this now, but don't see the same "Access-Accept" message in
> the debug output. Guess I'm still missing something.
You will see the INNER TUNNEL Access-Accept. The reply attributes
in that Access accept are the ones which will be copied to the outer
tunnel, when TTLS is used.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius & BSDi 4.2
"Edward Rempala" <[EMAIL PROTECTED]> wrote > (Our Modem Racks gives that out - USR Total Control). When you try to go to > a webpage 99% of the time it just times out. So we turn off FR and turn on > the old radius server, and everything is fine again. > > Has anyone seen something like this before? It's always a configuration problem. i.e. You've configured FreeRADIUS to send different responses than the other server. Make FreeRADIUS send EXACTLY the same response as the other server, and it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use_tunneled_reply
Hi, > > You can verify that, independent of EAP, but using "radtest" with > > the name & password of the tunneled user. > > I'm testing this now, but don't see the same "Access-Accept" message in > the debug output. Guess I'm still missing something. Keep in mind that contrary to the "normal" RADIUS protocols where you just send a request and get an answer, EAP protocols are rather involved beasts, exchanging several packets between client and server before you get the final answer. Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use_tunneled_reply
- Original Message - From: Alan DeKok <[EMAIL PROTECTED]> Date: Saturday, June 18, 2005 11:46 am Subject: Re: use_tunneled_reply > [EMAIL PROTECTED] wrote: > > This leads a dunce like me to believe that radius will send a > reply > > back to AP/NAS that has User-Name equaling "novelluser", rather > > than "anonymous". > > Did you set "User-Name = novelluser" in the *reply* for the tunneled > session? H...I did not explicitly do this. How to? > > You can verify that, independent of EAP, but using "radtest" with > the name & password of the tunneled user. I'm testing this now, but don't see the same "Access-Accept" message in the debug output. Guess I'm still missing something. > > > I looked in the debug output (radiusd -A -X, right?). I think > this is > > what I am supposed to look for: > > Look at the REST of the debug output. It tells you what the reply > is in the tunnel, and what it's copying back to the outer session. > > Please, when you're reading the debug log, do MORE than just look at > the last few lines. Will do. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in DB
Hey Guys, I am trying to install the freeradius in sql on my server when I do the db dump I get the following error: mysql -u -pxx radius < db_mysql.sql ERROR 1067 (42000) at line 155: Invalid default value for 'id' This is the line in question: -> id int(10) DEFAULT '0' NOT NULL auto_increment, <-- Does anyone know How I can fix this problem? Thanks in Advance, Michael A Cooper BCCISP.net http://www.bccisp.net 281-854-2079 "Technology that counts, voices that matter!" - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Saturday, June 18, 2005 10:52 AM Subject: Re: 'authorize' module Edgars Klavinskis <[EMAIL PROTECTED]> wrote: it not required for me to check this in authenticate section, i just though it is the only place where I could check these passwd attributes. Can you please tell me how to check them in authorize section assuming that they are added to config_items? In the CVS head, rlm_policy. In 1.0.x, you can't. You also can't check them in the authenticate section in 1.0.x. It's a rare enough request that the server doesn't do it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.7.8/22 - Release Date: 6/17/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: warning "configure: error: no acceptable cc found in $PATH".
"freeradius" <[EMAIL PROTECTED]> wrote: > the system warning "configure: error: no acceptable cc found in $PATH". Any > idea why this could happen? You don't have a C compiler installed? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 'authorize' module
Edgars Klavinskis <[EMAIL PROTECTED]> wrote: > it not required for me to check this in authenticate section, i just > though it is the only place where I could check these passwd attributes. > Can you please tell me how to check them in authorize section assuming > that they are added to config_items? In the CVS head, rlm_policy. In 1.0.x, you can't. You also can't check them in the authenticate section in 1.0.x. It's a rare enough request that the server doesn't do it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use_tunneled_reply
[EMAIL PROTECTED] wrote: > This leads a dunce like me to believe that radius will send a reply > back to AP/NAS that has User-Name equaling "novelluser", rather > than "anonymous". Did you set "User-Name = novelluser" in the *reply* for the tunneled session? You can verify that, independent of EAP, but using "radtest" with the name & password of the tunneled user. > I looked in the debug output (radiusd -A -X, right?). I think this is > what I am supposed to look for: Look at the REST of the debug output. It tells you what the reply is in the tunnel, and what it's copying back to the outer session. Please, when you're reading the debug log, do MORE than just look at the last few lines. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
warning "configure: error: no acceptable cc found in $PATH".
Hi all: My OS is fedora 3. I download freeradius-1.0.4.tar.gz. After tar –zxvf it, I do # ./configure first. But the system warning “configure: error: no acceptable cc found in $PATH”. Any idea why this could happen? Thanks for any idea. Tommy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: stripping a slash?
On Fri, Jun 17, 2005 at 10:00:16AM -0500, Chris Sigler wrote: > Okay, checked into it, and we don't use a / as a delimiter at any > point that we can find. In that case, freeradius -X and see if you can spot where it's happening. -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS 1.0.4 has been released.
It appears that did the trick! Thank you for your prompt attention to this matter. It is greatly appreciated! Enjoy, Steve - Original Message - From: "Andrew Thompson" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Friday, June 17, 2005 10:56 PM Subject: Re: FreeRADIUS 1.0.4 has been released. > On Fri, Jun 17, 2005 at 08:38:10PM -0400, Stephen D. Bechard wrote: > > I am still having diffuculty building the freeradius on all > > of my FreeBSD Servers with the ports collection. > > > > Here are the errors I get when trying to build the port: > > > > In file included from rlm_attr_rewrite.c:31: > > /usr/include/regex.h:46: syntax error before `regoff_t' > > /usr/include/regex.h:46: warning: type defaults to `int' in declaration of > > `regoff_t' > > This has been fixed Steve, please cvsup and try again. Sorry for the > breakage. > > > cheers, > > Andrew > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter problem
sqlcounter noresetcounter {
## Look here
driver = "rlm_sqlcounter"
counter-name = Max-All-Session-Time
check-name = Max-All-Session
## Look here
check-item = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
## Look here
check-item = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
## Look here
driver = "rlm_sqlcounter"
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
## Look here
check-item = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
thanks ...
-
Roberto Gonzalez Azevedo
Carlos Martínez-Troncoso Cera wrote:
ok Roberto:
sqlcounter noresetcounter {
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{%k}'"
}
sqlcounter dailycounter {
driver = "rlm_sqlcounter"
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
query = "SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}'
AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
}
Carlos Martínez-Troncoso Cera
Coordinador de Servicios Internet/Intranet
Universidad del Norte
Barranquilla, Colombia
Tel: 57 5 3509367
Roberto Gonzalez Azevedo wrote:
Show us your sqlcounter.conf ...
You should define 'check-item' in sqlcounter.conf ...
-
Roberto Gonzalez Azevedo
Carlos Martínez-Troncoso Cera wrote:
Hello.
I have freradius-1.0.2 with autorizathion and authentication in LDAP
and accounting in MySQL. I configured to use rlm_sqlcounter to
control time connections, testing with NTRadping work well but
testing with my Cisco NAS it doesn´t work
With my cisco NAS this is the message:
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "noresetcounter" returns noop for request 3
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "monthlycounter" returns noop for request 3
With NTRadPing the message is:
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user cmartinez, check_item=108000,
counter=106750
rlm_sqlcounter: Sent Reply-Item for user cmartinez,
Type=Session-Timeout, value=1250
modcall[authorize]: module "monthlycounter" returns ok for request 8
My relevant conf files:
clients.conf
#PC with NTRadping
client 172.16.31.43/32 {
secret = x
shortname = Carlos
type= other
}
#Cisco NAS
client 200.106.138.14/32 {
secret= xx
shortname= cisco
type= cisco
}
radiusd.conf
prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = /usr/local/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 102
