Testing accounting
Hi, I've got 2 radius servers in HA mode behind a load balancer. My load balancer needs to test the 2 radius servers to make sure they are responding. I need to send some payload to the accounting port to test this. Can someone tell me which payload I could send to test the accounting port ? Regards, -- Sebastien Cantos [EMAIL PROTECTED] Network / System Manager Neopost DIVA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Testing accounting
Hi, On Fri, 2005-10-28 at 10:06 +0200, Sébastien Cantos wrote: I've got 2 radius servers in HA mode behind a load balancer. My load balancer needs to test the 2 radius servers to make sure they are responding. I need to send some payload to the accounting port to test this. Can someone tell me which payload I could send to test the accounting port ? Try radclient with its various options. You can generate a dummy payload file then use the -f option to send the data. HTH, Roy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can someone guide to configuring pgsql-voip docs
I read through the list archives but I still reading for almost a week now no success yet. What I a looking for is a document on how to enter my rate table i.e. tariff for the prepaid VoIP and to which table of the radius db? I have a successfully running radius server with pgsql-voip module. And the NAS Cisco 5350 is able to send all the accounting record. However, I need to have a rate table in place that will actually bill the call traffic and disconnect the call if the h323-credit-amount turns to zero. Can someone guide me on this? goksie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem using Calling-Station-Id-Attribute in radcheck
Hello,I´m using freeradius-1.0.1-0.FC2.i386.rpm and freeradius-mysql-1.0.1-0.FC2.i386.rpm with Mysql for Authentication for my lan client . Now, I want also to check the MAC-Address of this Lan Client.Therefore I added the "Calling-Station-Id"-Attribute to the radchecktable.mysql select * from radcheck;++--+++--+| id | UserName | Attribute | op | Value |++--+++--+| 1 |tala | User-Password | == | 123123 || 2 |tala | Calling-Station-Id | == | 000d88522f1f |++--+++--+2 rows in set (0.00 sec)Unfortunatelly, freeradius cannot validate this user anymore. Are thereany config-files I have to change? or i use this attribut w! rong i.am a beginner in radius and thanks in advanced . Yahoo! FareChase - Search multiple travel sites in one click. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem installing freeradius 1.0.1 or 1.05 on 64 bit platform
Good day I am attempting to install freeradius on a 64 bit platform with Suse Linux 9. However I get the following error during make. What maybe the problem ? /usr/software/freeradius-1.0.1/libtool --mode=link gcc -release 1.0.1 \ -module -export-dynamic -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../../include \ -o rlm_counter.la -rpath /usr/local/lib rlm_counter.lo -lgdbm -lnsl -lresolv -lpthread -lcrypto -lssl rm -fr .libs/rlm_counter.la .libs/rlm_counter.* .libs/rlm_counter-1.0.1.* gcc -shared rlm_counter.lo /usr/lib/libgdbm.so -lnsl -lresolv -lpthread -lcrypto -lssl -Wl,-soname -Wl,rlm_counter-1.0.1.so -o .libs/rlm_counter-1.0.1.so /usr/lib/libgdbm.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status gmake[6]: *** [rlm_counter.la] Error 1 gmake[6]: Leaving directory `/usr/software/freeradius-1.0.1/src/modules/rlm_counter' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/usr/software/freeradius-1.0.1/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/usr/software/freeradius-1.0.1/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/usr/software/freeradius-1.0.1/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/software/freeradius-1.0.1/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/usr/software/freeradius-1.0.1' make: *** [all] Error 2 This e-mail is sent on the Terms and Conditions that can be accessed by Clicking on this link http://www.vodacom.net/legal/email.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem using Calling-Station-Id-Attribute in radcheck
In what format does your NAS send the calling-station-id? Mine uses 00-00-00-00-00-00. Maybe you're simply not matching the format? Rgds, Guy From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kdr akmSent: 28 October 2005 15:16To: freeradius-users@lists.freeradius.orgSubject: Problem using "Calling-Station-Id"-Attribute in radcheck Hello,I´m using freeradius-1.0.1-0.FC2.i386.rpm and freeradius-mysql-1.0.1-0.FC2.i386.rpm with Mysql for Authentication for my lan client . Now, I want also to check the MAC-Address of this Lan Client.Therefore I added the "Calling-Station-Id"-Attribute to the radchecktable.mysql select * from radcheck;++--+++--+| id | UserName | Attribute | op | Value |++--+++--+| 1 |tala | User-Password | == | 123123 || 2 |tala | Calling-Station-Id | == | 000d88522f1f |++--+++--+2 rows in set (0.00 sec)Unfortunatelly, freeradius cannot validate this user anymore. Are thereany config-files I have to change? or i use this attribut w! rong i.am a beginner in radius and thanks in advanced . Yahoo! FareChase - Search multiple travel sites in one click. This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP MS_CHAP V2: problem with tunnel attributes on enterasys V2 switch
Hello, I am new to this list and would like to know if someone out there has been successfull in implementing eap-PEAP user authentication and VLAN assignment with freeradius and Enterasys V2 switches ? It wasn´t a problem to configure EAP-PEAP with freeradius server (running on suze) and Enterasys switches. I already use it for client authentication but I had no success with switch/port based authentication and VLAN assignment at a enterasys switch. The users and their RADIUS attributes are on LDAP base on a Novell server (version 6.5) I know from reading our enterasys notice that the switch expects the following parameters within access_accept tunnel-type= 13 (VLAN) tunnel-medium-type=6 (802) tunnel-private-group-ID=vlan_id but with no success. I didnt see the attribute on FreeRADIUS LOG. I have put a sniffer machine between the FreeRadius Server and the Novell server, but I didnt see any Tunnel attribute. In fact, I dont know: - if the switch dont receive the tunnel parameters - OR if the switch dont understand the tunnel parameters it is receiving Any tips ?? Is it necessary to active or configure something on FreeRADIUS to use tunnel parameters ??? thank you in advance. Best regards Stephane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem using Calling-Station-Id-Attribute in radcheck
Im about to try to do the same but to log the MAC addresses. Im newbie to freerad, but some times depends on swiches and routers that you have on your netror, your MAC addrs gets hashed along the way ( I saw that on MS IAS). So check in logs if you can see the Mac of the user first, although how to do that is my question? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of kdr akm Sent: Friday, October 28, 2005 10:16 AM To: freeradius-users@lists.freeradius.org Subject: Problem using Calling-Station-Id-Attribute in radcheck Hello, I´m using freeradius-1.0.1-0.FC2.i386.rpm and freeradius-mysql-1.0.1-0.FC2.i386.rpm with Mysql for Authentication for my lan client . Now, I want also to check the MAC-Address of this Lan Client. Therefore I added the Calling-Station-Id-Attribute to the radcheck table. mysql select * from radcheck; ++--+++--+ | id | UserName | Attribute | op | Value | ++--+++--+ | 1 |tala | User-Password | == | 123123 | | 2 |tala | Calling-Station-Id | == | 000d88522f1f | ++--+++--+ 2 rows in set (0.00 sec) Unfortunatelly, freeradius cannot validate this user anymore. Are there any config-files I have to change? or i use this attribut w! rong i.am a beginner in radius and thanks in advanced . Yahoo! FareChase - Search multiple travel sites in one click. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP MS_CHAP V2: problem with tunnel attributes on enterasys V2 switch
On Friday 28 October 2005 10:40, [EMAIL PROTECTED] wrote: I am new to this list and would like to know if someone out there has been successfull in implementing eap-PEAP user authentication and VLAN assignment with freeradius and Enterasys V2 switches ? The V2 switches (and all Enterasys switches) support EAP-MD5. Zoltan Ori - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: return ALL the AVPs for a username that belongs multiple groups
Lenir [EMAIL PROTECTED] wrote: Radius replies with the AVPs of the first group that it matches that the user belongs to. Instead of returning all the AVPs for all the groups that the user belongs to. The example you posted didn't include groups or reply AVP's. So I guess the question is, can a user belong to multiple groups? If so, how can radius reply with all the AVPs that correspond to ALL the groups that the user belongs to? Yes, and you configure the server to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius, 802.1x, PEAP for wlan
Juan Mauel Lopez Villalobos [EMAIL PROTECTED] wrote: is there a way of not using ntlm_auth-samba-ldap if I only have ldap? If your LDAP server gives FreeRADIUS clear-text passwords, yes, it will work. how works ntlm_auth --request-nt-key --username=%{St ripped-User-Name:-%{User-Name:-None}} --challenge= %{mschap:Challenge:-00} --nt-r esponse=%{mschap:NT-Response:-00}, what values return? See the documentation for ntlm_auth. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
controling bandwidth
Hi, How can I control bandwidth for specific users? And how can I block all ports except one, for their connection? Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem installing freeradius 1.0.1 or 1.05 on 64 bit platform
Ashwin Gobind [EMAIL PROTECTED] wrote: I am attempting to install freeradius on a 64 bit platform with Suse Linux 9. However I get the following error during make. What maybe the problem ? ... /usr/lib/libgdbm.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status The tools on your system cannot link to the libraries on your system. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting and anonymous outer identity in EAP-TTLS
I've been searching the mail list about this, but haven't found a definitive sollution. The scenario, I'm using WPA2 access points, they are setup to authorize users against my freeradius server. The freeradius server is setup to use a MySQL database, and eap-ttls is configured (and that works ok). My Windows clients connect with the SecureW2 (1) supplicant. The problem is that radius accounting requests have the User-Name = anonymous attribute/value, so I can't separate accounting from different users. I've tried to replace the User-Name in the Access-Accept reply, with this configuration: - I have this in the users file: DEFAULT FreeradiusProxiedTo == 127.0.0.1 User-Name := %{User-Name}, FallThrough = yes BTW I've tried User-Name = %{User-Name} too. And this is the authorize section in radiusd.conf: authorize { preprocess chap mschap suffix eap files sql } The problem is that the Access-Accept reply from freeradius has two User-Name AV pairs, like this: User-Name := anonymous User-Name := damjan And the accounting packet has the User-Name = anonymous AV pair. Shouldn't the := operator in user replace the User-Name = anonymous, or it doesn't because files is before sql in the authorize section, and my users are in the MySQL database?... and if I put sql before files, that DEFAULT entry will not be triggered, am I right? Can I just remove UserName from the authorize_reply_query SELECT in sql.conf? Note however that the same radius instance is used for non-EAP clients too, those clients authenticate through chillispot and use plain and simple PAP. My platform is: slackware linux 10.1 openssl-0.9.7e freeradius-1.0.2 (I'd update if that's a sollution but this system has several radius instances (ports) in production use) (1) http://www.securew2.com/ -- damjan | дамјан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting and anonymous outer identity in EAP-TTLS
Damjan [EMAIL PROTECTED] wrote: Shouldn't the := operator in user replace the User-Name = anonymous, or it doesn't because files is before sql in the authorize section, and my users are in the MySQL database? Yes, and it shouldn't matter that the users are in SQL. I suspect that something else is adding the anonymous username in the reply. The EAP module does this, but it checks to see if a User-name already exists. If so, it doesn't copy it. I would say read the debug log for one of these sessions. It won't tell you when it adds the two usernames, but it will tell you which modules run, and what they do. You can use that information to walk through the configuration by hand, to see what's going on, and why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql module won't compile under Solaris 10
Hello, I'm trying to get FreeRadius 1.0.5 to compile with MySQL / RLM_SQL, under Solaris 10. Configure works just fine, however, after running make, I get the following: gmake[7]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql' Making static in drivers... gmake[8]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers' /usr/sfw/bin/gmake -w WHAT_TO_MAKE=static common gmake[9]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers' Making static in rlm_sql_iodbc... gmake[10]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers/rlm_sql_iodbc' gmake[10]: Nothing to be done for `static'. gmake[10]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers/rlm_sql_iodbc' Making static in rlm_sql_mysql... gmake[10]: Entering directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers/rlm_sql_mysql' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../.. -I../../../../include -I/usr/local/mysql/include -xO3 -mt -D_FORTEC_ -xarch=v8 -xc99=none -c sql_mysql.c -o sql_mysql.o gcc: language c99=none not recognized gcc: sql_mysql.c: linker input file unused because linking not done /export/home/freeradius-1.0.5/libtool --mode=link ld -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../.. -I../../../../include -I/usr/local/mysql/include -xO3 -mt -D_FORTEC_ -xarch=v8 -xc99=none sql_mysql.o -o rlm_sql_mysql.a mkdir .libs (cd . ln -s sql_mysql.lo sql_mysql.o) ar cru rlm_sql_mysql.a sql_mysql.o ar: cannot open sql_mysql.o No such file or directory ar: sql_mysql.o not found gmake[10]: *** [rlm_sql_mysql.a] Error 1 gmake[10]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers/rlm_sql_mysql' gmake[9]: *** [common] Error 2 gmake[9]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers' gmake[8]: *** [static] Error 2 gmake[8]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql/drivers' gmake[7]: *** [common] Error 2 gmake[7]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql' gmake[6]: *** [static] Error 2 gmake[6]: Leaving directory `/export/home/freeradius-1.0.5/src/modules/rlm_sql' gmake[5]: *** [common] Error 2 gmake[5]: Leaving directory `/export/home/freeradius-1.0.5/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/export/home/freeradius-1.0.5/src/modules' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/export/home/freeradius-1.0.5/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/export/home/freeradius-1.0.5/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/export/home/freeradius-1.0.5' *** Error code 2 The following command caused the error: /usr/sfw/bin/gmake WHAT_TO_MAKE=all common make: Fatal error: Command failed for target `all' I dowloaded the binary MySQL package from mysql.com and added /usr/local/mysql to my PATH and LD_LIBRARY_PATH variables. FreeRadius can see the files, however, it will *not* compile the rlm_sql module. I've combed the mailing list archive, but I have yet to find a solution to this problem. Has anyone else experienced this issue ? Best Regards, Mike McNeil Sr. Network Engineer Communications Network Services University of California Berkeley - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - 802.1x WPA-TKIP, WPA2-AES settings
add to it: forward the DHCPDISCOVER to the DS if no internal table entry for this MAC is found. yapp, that would be even very easy to integrate. but i don't think that _any_ AP does that. Well, an AP that does 802.1x + chillispot is all you need :) You get the accounting, bandwidth shapping and traffic limits for free just for the case: no, it is NOT possible to assign IP addresses by 802.1X; you have to do DHCP after the authentication (yes, it is strange). A clever AP could support this: 1. Serving DHCP to the wireless netowork only 2. Getting the Framed-IP-Address from the radius Access-Accept, and putting it in a internal table (MAC - IP) 3. Serving that exact IP via DHCP when the subsciber asks for a lease. I don't know of an AP that does that, though. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- damjan | дамјан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html