RE: incorrect radacct AcctSessionTime
Thanks for the hint ... !! The details file shows: Thu Mar 16 02:41:46 2006 Acct-Status-Type = Stop User-Name = "[EMAIL PROTECTED]" Calling-Station-Id = "00-0D-88-00-aa-aa" Called-Station-Id = "00-14-BF-20-ff-dd" NAS-Port-Type = Wireless-802.11 NAS-Port = 2 NAS-Port-Id = "0002" NAS-IP-Address = 0.0.0.0 ... (how come it is always 0.0.0.0?) NAS-Identifier = "myIdent" Framed-IP-Address = 192.168.182.251 Acct-Session-Id = "00150002" Acct-Input-Octets = 130 Acct-Output-Octets = 48 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 1 Acct-Output-Packets = 1 Acct-Session-Time = 1142462484 ... that looks like a timestamp !!! Acct-Terminate-Cause = Session-Timeout Client-IP-Address = My-IP Acct-Unique-Session-Id = "dd506e4d4bda70aa" Timestamp = 1142476906 Means it is from the Chillispot wrt54g nas! Not a FR problem at all! Gunther > -Original Message- >Peter Nixon wrote: > Sent: Thursday, March 16, 2006 3:11 AM > > On Tue 14 Mar 2006 08:51, Gunther wrote: > > I presume that the NAS (wrt54g with Chillispot) is sending the > > incorrect information ... > > Is this correct? > > Please check your detail files (If you have them enabled) to > confirm if the NAS is sending you this data or not. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: incorrect radacct AcctSessionTime
On Tue 14 Mar 2006 08:51, Gunther wrote: > I presume that the NAS (wrt54g with Chillispot) is sending the incorrect > information ... > Is this correct? Please check your detail files (If you have them enabled) to confirm if the NAS is sending you this data or not. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpa9SSM7N5dy.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication problem if CHAP is not used
"Alex M" <[EMAIL PROTECTED]> wrote: > Ok, I here is full debug info... ... > [EMAIL PROTECTED] root]# radiusd -x Uh, no. Try reading the FAQ, README, INSTALL, and half of the messages to this list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: incorrect radacct AcctSessionTime
> Guy Fraser wrote > Sent: Wednesday, March 15, 2006 11:24 AM > > On Tue, 2006-14-03 at 15:16 -0500, Alan DeKok wrote: > > "Gunther" <[EMAIL PROTECTED]> wrote: > > > From time to time I see entries in the radacct AcctSessionTime > > > column with over 1 billion seconds, despite that the > StopTime minus > > > StartTime is less than 5 seconds. > > > With FR 1.0.5 it was a few times 2147483647: > > > > 2147483647 is 2^31-1. It looks like a signed/unsigned problem to > > me. > > I used to see Acct-Session-Time responses from USR Hyper > Cards like that every so often, the NAS was at fault and > required a reboot. > > We would then calculate the time : > Example, > Acct-Session-Time = (Acct-Stop-Time - Acct-Stop-Delay) - > (Acct-Start-Time + Acct-Start-Delay) > > We did it that way to give the customer the benefit of any > error possibly incurred by delays. How you do this in real > life will depend on what kind of DB you use to store the > accounting data. > I am using MySQL and I simply exclude these entries as the amount of data is usually below 200 bytes. The problem seem to come from Chillispot in connection with mac authentication (macallowed). We put the number of macallowed users down, using UAM instead and it seems to work. Had no entries of that kind for over 24 hours. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: incorrect radacct AcctSessionTime
> -Original Message- > Alan DeKok wrote: > Sent: Tuesday, March 14, 2006 4:17 PM > To: FreeRadius users mailing list > Subject: Re: incorrect radacct AcctSessionTime > > > From time to time I see entries in the radacct > AcctSessionTime column > > with over 1 billion seconds, despite that the StopTime > minus StartTime > > is less than 5 seconds. > > > I presume that the NAS (wrt54g with Chillispot) is sending the > > incorrect information ... > > Is this correct? > > Maybe. See the SQL queries. If the NAS is sending > Acct-Session-Time, that goes into the column. If it doesn't > send Acct-Session-Time, then the session time is calculated > based on the local system time, and other info. Yes, it is in the SQL queries and as far as I understand Chillispot is sending the Acct-Session-Time. It only seems to happen with MAC authenticated addresses (macallowed). Looks still like a Chillispot problem. But it could help to actually subtract AcctStopTime - AcctStartTime to get the AcctSessionTime. > > It looks to me like the clocks on your NAS and the RADIUS > server may be quite a ways off from each other. Not sure if I can change that at all. The wrt54G & Chillispot box does not always set the time correct. If there is no Internet connection at boottime to synchronize with a time server, it is using some very old time. But that is not the case here as the unit was on the 'right local time', while the server runs on GMT. Gunther - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Authentication problem if CHAP is not used
Ok, I here is full debug info... I first sent the CHAP request and it's OK, then I deselected CHAP Check Box and request was rejected... I don't see any errors; maybe you would see something why it doesn't authenticate without chap? [EMAIL PROTECTED] root]# radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded files Module: Instantiated files (files) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 rlm_sql (sql): - generate_sql_clients rlm_sql (sql): Query: SELECT * FROM nas rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT * FROM nas rlm_sql (sql): Read entry nasname=192.168.0.100,shortname=nas2,secret=testing123 rlm_sql (sql): Adding client 192.168.0.100 (nas2) to clients list rlm_sql (sql): Read entry nasname=10.0.1.102,shortname=bntest,secret=testing123 rlm_sql (sql): Adding client 10.0.1.102 (bntest) to clients list rlm_sql (sql): Read entry nasname=192.168.0.104,shortname=homesegment_local,secret=testing123 rlm_sql (sql): Adding client 192.168.0.104 (homesegment_local) to clients list rlm_sql (sql): Read entry nasname=192.168.0.100,shortname=PFSense,secret=testing123 rlm_sql (sql): Adding client 192.168.0.100 (PFSense) to clients list rlm_sql (sql): Read entry nasname=192.168.0.107,shortname=laptop,secret=testing123 rlm_sql (sql): Adding client 192.168.0.107 (laptop) to clients list rlm_sql (sql): Released sql socket id: 4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail Module: Instantiated detail (detail) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.107:2848, id=0, length=47 User-Name = "homepc" CHAP-Password = 0x1b13f913ed86b3207ad5be3007add7f5bc rlm_chap: Setting 'Auth-Type := CHAP' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'homepc' ORDER BY id rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'homepc' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'homepc' ORDER BY id rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'homepc' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 3 rlm_chap: login attempt by "homepc" with CHAP password rlm_chap: Using clear text password homepc for user homepc authentication. rlm_chap: chap user homepc authenticated succesfully Sending Access-Accept of id 0 to 192.168.0.107 port 2848 rad_recv: Access-Request packet from host 192.168.0.107:2849, id=1, length=
Re: Mysql problem
"Fabiano Rodrigo Boscatto" <[EMAIL PROTECTED]> wrote: > Hi there, i have freeradius working fine with mysql authentication. The > problem is that the User-Password is stored in mysql table as clear text. Is > there a way to crypt that? Change User-Password to Crypt-Password, and encrypt the password with the Unix crypt() tool. Then CHAP & MS-CHAP stop working. If you want to encrypt the password with some kind of key, and then make the key available to FreeRADIUS too, that might be useful. Maybe. But it's not as useful as it might first look. You're better off controlling access to the entire MySQL DB, which contains a lot more security information than the clear-text password. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql problem
Hi there, i have freeradius working fine with mysql authentication. The problem is that the User-Password is stored in mysql table as clear text. Is there a way to crypt that? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Creating unique monthly counter entries
Hello I'm going to have users trying to authenticate with the same user name from different nases and would like to keep unique monthly counter entries based on what huntgroup they login from. So, what I would like to know if either of the following is possible: 1) Can I have my monthly counter run only on accounting packets received from a certain NAS? or 2) Can I run attr_rewrite only on accounting packets received from certain nases or huntgroups and leave all others untouched? If this solution is possible, I would like to change the username from whatever it comes in as to [EMAIL PROTECTED] but I don't know if that's possible since huntgroup is not an attribute that is contained in the accounting packets. I tried changing it using attr_rewrite using this line: replacewith = [EMAIL PROTECTED] but this won't work b/c we want to limit some dialup users to 10 hrs/mo but they can dialup to many different nases so they would end up getting a different entry in the counter for each different nas that they dialed into and would not get cut off properly. I have tried to use the acct_users file to set the huntgoup but cannot figure out how to pass that information on to the counter module. Please help point me in the right direction or if there is a better way to do this, please let me know. Thank you -- "Microsoft is not the answer, it's the question. NO is the answer." Ben Plimpton Network Engineer [EMAIL PROTECTED] 970-963-SURF(7873) ext 5174 www.sopris.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 11, Issue 58
Hi, > I am away that this book is available, and we are trying to purchase it, > but it will need to be delivered. O'reilly have an online service. very handy. http://safari.oreilly.com > I did exactly what the instructions told me to do. I downloaded and > extracted the tarball. Configured, make and make install. Was there > more I need to do to configure it with mysql? download and extract the tarballs? in that case you are NOT using the Fedora RPMS. which means that you need to make sure 1% that the ./configure script did not print out ANY error messages...and means that you have to have all of the prerequisite development RPMs installed on your box. > > make sure the right calls are in it. > > Not sure what this means!!! in radius.conf you must ensure that the 'sql' method is used in the correct places. in sql.conf you must ensure the correct DB is used, the correct service and use the correct SQL procedures to query the tables. > > use mysql or use one of the myriad of front-ends to use MySQL via a > web > interface - mysqladmin etc. PERL scripts using the DBD system too. > > Where do I find these myriads of front-ends? google. > > Users? the users should be looking at FreeRADIUS. it authenticates > them and > accounts them via the NAS. or do you mean system admin users? > > For sys admin users. we use the command line and SQL directly. have a few scripts to query, show and enter any new data. its all too easy to wipe your entire DB away with a GUI ;-) > > yes. in MySQL tables - then use rlm_accounting calls to make sure the > dates > etc are within those ranges. > > Where do I find these. > > I have been to the archives and back. I have searched countless hours > for some better examples of installing this process using MySql on > Fedora. yum install freeradius-mysql chkconfig radiusd on chkconfig mysqld on then edit the /etc/raddb files until happiness as mentioned before, simple searched with any decent web search engine will give you fantastic resources. eg http://www.frontios.com/freeradius.html (thanks Scott!) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: Freeradius-Users Digest, Vol 11, Issue 57
Hi, > Can you explain a little better what you mean? I am not stuck on > loading this. The documentation is way too gray for me and I know that > O'Reilly's have put out a Radius book, but it is not in any of the local > stores and I am trying to get this done this week instead of the normal > 3 -5 business days. I will order it, for reference. the documentation is pretty clear. there are plenty of sites out there - can you not google for 'using freeradius mysql' ? > I see where is called the sql.conf, but I so not see anything more. > What is it actually suppose to look like when I run the Radiusd -X? > Also, is there a way that I can get this to start without doing this. > Can it run in the background? radiusd -X is for debugging. you should see success messages when you try to authenticate against the server using accounts in the authorized mysql table. running in the background? of course! but you can only run it int he background once you've got it working - for otherwise it wont be working and you wont know why. to run it in background as a Fedora install package you simply make sure the service is known by the init scripts. 'chkconfig radiusd on' and you can start it with /sbin/service radius start without rebooting. (future reboots will have radiusd process starting by default after the chkconfig) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius-Users Digest, Vol 11, Issue 58
Hi, > OReilly FreeRADIUS book, free online documents and help guides I am away that this book is available, and we are trying to purchase it, but it will need to be delivered. > make sure you have the mysql RPMs and the freeradius-mysql RPMs installed I did exactly what the instructions told me to do. I downloaded and extracted the tarball. Configured, make and make install. Was there more I need to do to configure it with mysql? > make sure the right calls are in it. Not sure what this means!!! > How do I enter my users in mysql? Hi, > Is there a free radius for Dummies book out there? I know that most of > the instruction probably make sense to everyone, but me. OReilly FreeRADIUS book, free online documents and help guides > I am trying to configure Freeradius 1.1 on a mysql database using fedora > 4. make sure you have the mysql RPMs and the freeradius-mysql RPMs installed > Is there something I need to do with the sql.conf file to tie all of > this together? > make sure the right calls are in it. I am not sure what you meant by this. > use mysql or use one of the myriad of front-ends to use MySQL via a web interface - mysqladmin etc. PERL scripts using the DBD system too. Where do I find these myriads of front-ends? > Users? the users should be looking at FreeRADIUS. it authenticates them and accounts them via the NAS. or do you mean system admin users? For sys admin users. > yes. in MySQL tables - then use rlm_accounting calls to make sure the dates etc are within those ranges. Where do I find these. I have been to the archives and back. I have searched countless hours for some better examples of installing this process using MySql on Fedora. Thanks Dwane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: Freeradius-Users Digest, Vol 11, Issue 57
outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- next part -- An HTML attachment was scrubbed... URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060315/a 786b09d/attachment-0001.html -- Message: 2 Date: Wed, 15 Mar 2006 13:42:26 -0500 From: "Guido" <[EMAIL PROTECTED]> Subject: problem with secret To: Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Hi list, I'm using Freeradius 1.0.2 and receiving request from Squire SVI Softswitch as NAS. The problem is that Squire softswitch is not sending to freeradius the shared secret in request accounting. So, I need accept accounting request from a NAS that does not send secret. I know that secret is mandatory in clients.conf, but I need solve this... Who can help me ? Thanks in advance, Guido -- Message: 3 Date: Wed, 15 Mar 2006 14:15:34 -0500 From: "321Admin" <[EMAIL PROTECTED]> Subject: Re: Problems configuring Free Radius To: "FreeRadius users mailing list" Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" freeradius book at oriely or safari... the big question is are you linked and loaded with sql or you still set to fall tru ? look at the output of -X and -xx - Original Message - From: Atkins, Dwane P To: freeradius-users@lists.freeradius.org Sent: Wednesday, March 15, 2006 11:39 AM Subject: Problems configuring Free Radius Is there a free radius for Dummies book out there? I know that most of the instruction probably make sense to everyone, but me. I am trying to configure Freeradius 1.1 on a mysql database using fedora 4. I can get to a point where I do the radiusd -X and it starts the radius server. Is there something I need to do with the sql.conf file to tie all of this together? How do I enter my users in mysql? Is there a web interface for the users? Can I put in a start date for a user and a stop date for a user? Is there a web site that I can go to for answers to these questions? I have been to the archives. Thank you and if this all cannot be done, please let me know so I can scrap this project and move onto something different. Dwane Dwane Atkins T&N 210-567-0158 -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006 -- next part -- An HTML attachment was scrubbed... URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060315/d 41877e0/attachment.html -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 11, Issue 57 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems configuring Free Radius
Hi, > Is there a free radius for Dummies book out there? I know that most of > the instruction probably make sense to everyone, but me. OReilly FreeRADIUS book, free online documents and help guides > I am trying to configure Freeradius 1.1 on a mysql database using fedora > 4. make sure you have the mysql RPMs and the freeradius-mysql RPMs installed > Is there something I need to do with the sql.conf file to tie all of > this together? make sure the right calls are in it. > How do I enter my users in mysql? use mysql or use one of the myriad of front-ends to use MySQL via a web interface - mysqladmin etc. PERL scripts using the DBD system too. > Is there a web interface for the users? Users? the users should be looking at FreeRADIUS. it authenticates them and accounts them via the NAS. or do you mean system admin users? > Can I put in a start date for a user and a stop date for a user? yes. in MySQL tables - then use rlm_accounting calls to make sure the dates etc are within those ranges. > Is there a web site that I can go to for answers to these questions? I > have been to the archives. this is all covered in the archives - at least I've seen it here discussed countless times. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: perl scripts
On Wednesday 15 March 2006 20:38, debik wrote: > Hello again. I have stuckon writing that perl script to autheticate users > from onother database. How can i grep the User-Name and Password from > RAD_REQUEST to my perl script as a variable. I have tried to do something > like this: > my $username = $RAD_REQUEST{'User-Name'} This will work only if you use rlm_perl > > Is it anyway possibble what im trying to do ? -- Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: perl scripts
Add this in your script and then run radiusd in debugging mode: for (keys %RAD_REQUEST) { &radiusd::radlog(1, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}"); } --Groeten, Regards, Salutations, Thor SpruytM: +32 (0)475 67 22 65E: [EMAIL PROTECTED]W: www.thor-spruyt.com www.salesguide.bewww.telenethotspot.be - Original Message - From: debik To: FreeRadius users mailing list Sent: Wednesday, March 15, 2006 7:38 PM Subject: Re: perl scripts Hello again. I have stuckon writing that perl script to autheticate users from onother database. How can i grep the User-Name and Password from RAD_REQUEST to my perl script as a variable. I have tried to do something like this: my $username = $RAD_REQUEST{'User-Name'} Is it anyway possibble what im trying to do ? - Original Message - From: debik To: FreeRadius users mailing list Sent: Sunday, March 12, 2006 12:28 PM Subject: Re: perl scripts I tried to add new sql1.conf. But when i trie starting te radius server he told me that the database is nit in the Attribute Value. I that onother dsatabase i have got users of my network, and i wont, that teh radius server use that logins which are in that database. Sorry for that HTML, and for my english. - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Sunday, March 12, 2006 10:55 AM Subject: RE: perl scripts what do you want to achieve with this perl script, freeradius can do the authentication. is this script for management of database? if it is, you can use server side php scripts as well. if its not, does the perl script manipulates user database differently? sorry i think i did not get you well. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debikSent: Saturday, March 11, 2006 2:43 PMTo: FreeRadius users mailing listSubject: Re: perl scripts Yes. But that onother database is not in radius format like: op, value, etc. So I have to write a perl script. - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Saturday, March 11, 2006 11:27 AM Subject: RE: perl scripts From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debikSent: Friday, March 10, 2006 8:41 PMTo: FreeRadius users mailing listSubject: Re: perl scripts > I have got onother mysql base and i wont to write perl script to tel the radius server to use the data in that database. do you mean use MySQL for freeradius authentication? - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Friday, March 10, 2006 11:26 AM Subject: RE: perl scripts > Could somebody share with some scripts that authorize users in radius. > Im trying to write my own script, but i don't find any docs. > Could somebody help me. authorize users in radius? freeradius can authorize users by default. --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.fre
Re: Problems configuring Free Radius
freeradius book at oriely or safari... the big question is are you linked and loaded with sql or you still set to fall tru ? look at the output of -X and -xx - Original Message - From: Atkins, Dwane P To: freeradius-users@lists.freeradius.org Sent: Wednesday, March 15, 2006 11:39 AM Subject: Problems configuring Free Radius Is there a free radius for Dummies book out there? I know that most of the instruction probably make sense to everyone, but me. I am trying to configure Freeradius 1.1 on a mysql database using fedora 4. I can get to a point where I do the radiusd X and it starts the radius server. Is there something I need to do with the sql.conf file to tie all of this together? How do I enter my users in mysql? Is there a web interface for the users? Can I put in a start date for a user and a stop date for a user? Is there a web site that I can go to for answers to these questions? I have been to the archives. Thank you and if this all cannot be done, please let me know so I can scrap this project and move onto something different. Dwane Dwane Atkins T&N 210-567-0158 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.385 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with secret
Hi list, I'm using Freeradius 1.0.2 and receiving request from Squire SVI Softswitch as NAS. The problem is that Squire softswitch is not sending to freeradius the shared secret in request accounting. So, I need accept accounting request from a NAS that does not send secret. I know that secret is mandatory in clients.conf, but I need solve this... Who can help me ? Thanks in advance, Guido - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: perl scripts
Hello again. I have stuckon writing that perl script to autheticate users from onother database. How can i grep the User-Name and Password from RAD_REQUEST to my perl script as a variable. I have tried to do something like this: my $username = $RAD_REQUEST{'User-Name'} Is it anyway possibble what im trying to do ? - Original Message - From: debik To: FreeRadius users mailing list Sent: Sunday, March 12, 2006 12:28 PM Subject: Re: perl scripts I tried to add new sql1.conf. But when i trie starting te radius server he told me that the database is nit in the Attribute Value. I that onother dsatabase i have got users of my network, and i wont, that teh radius server use that logins which are in that database. Sorry for that HTML, and for my english. - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Sunday, March 12, 2006 10:55 AM Subject: RE: perl scripts what do you want to achieve with this perl script, freeradius can do the authentication. is this script for management of database? if it is, you can use server side php scripts as well. if its not, does the perl script manipulates user database differently? sorry i think i did not get you well. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debikSent: Saturday, March 11, 2006 2:43 PMTo: FreeRadius users mailing listSubject: Re: perl scripts Yes. But that onother database is not in radius format like: op, value, etc. So I have to write a perl script. - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Saturday, March 11, 2006 11:27 AM Subject: RE: perl scripts From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debikSent: Friday, March 10, 2006 8:41 PMTo: FreeRadius users mailing listSubject: Re: perl scripts > I have got onother mysql base and i wont to write perl script to tel the radius server to use the data in that database. do you mean use MySQL for freeradius authentication? - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Friday, March 10, 2006 11:26 AM Subject: RE: perl scripts > Could somebody share with some scripts that authorize users in radius. > Im trying to write my own script, but i don't find any docs. > Could somebody help me. authorize users in radius? freeradius can authorize users by default. --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problems configuring Free Radius
Your MySQL config is in your sql.conf file, in the beginning you enter all info about username, DB etc… also you have to authorize SQL use in radiusd.conf From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Atkins, Dwane P Sent: Wednesday, March 15, 2006 11:39 AM To: freeradius-users@lists.freeradius.org Subject: Problems configuring Free Radius Is there a free radius for Dummies book out there? I know that most of the instruction probably make sense to everyone, but me. I am trying to configure Freeradius 1.1 on a mysql database using fedora 4. I can get to a point where I do the radiusd –X and it starts the radius server. Is there something I need to do with the sql.conf file to tie all of this together? How do I enter my users in mysql? Is there a web interface for the users? Can I put in a start date for a user and a stop date for a user? Is there a web site that I can go to for answers to these questions? I have been to the archives. Thank you and if this all cannot be done, please let me know so I can scrap this project and move onto something different. Dwane Dwane Atkins T&N 210-567-0158 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Pool-Name attribute missing
Hello all, After solving the permission issue for rlm_ippool the radius was not assigning the IP from the pool that I defined in the conf file. After doing search in the list archives I realized that I need to assign the poolname to the user or group of user but was not sure where . After doing some more search I found that I need to set the Pool-Name attribute in the radcheck table (Yes I am using Mysql Database) but in the php dialup admin tool does not has the attribute pool-name neither the sql or sql schema mentioned anything about it. I downloaded the dialup admin from the current release version but it also does seem to have the attribute listed. So I was wondering is the poolname deliberately not provided in the dialup admin tool? Do I have to hand edit it to add it? Also does freeradius supports the pool management via sql instead of conf file? Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Authentication problem if CHAP is not used
Ok, I here is full debug info... I first sent the CHAP request and it's OK, then I deselected CHAP Check Box and request was rejected... I don't see any errors; maybe you would see something why it doesn't authenticate without chap? [EMAIL PROTECTED] root]# radiusd -x Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded files Module: Instantiated files (files) Module: Loaded SQL rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 rlm_sql (sql): - generate_sql_clients rlm_sql (sql): Query: SELECT * FROM nas rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT * FROM nas rlm_sql (sql): Read entry nasname=192.168.0.100,shortname=nas2,secret=testing123 rlm_sql (sql): Adding client 192.168.0.100 (nas2) to clients list rlm_sql (sql): Read entry nasname=10.0.1.102,shortname=bntest,secret=testing123 rlm_sql (sql): Adding client 10.0.1.102 (bntest) to clients list rlm_sql (sql): Read entry nasname=192.168.0.104,shortname=homesegment_local,secret=testing123 rlm_sql (sql): Adding client 192.168.0.104 (homesegment_local) to clients list rlm_sql (sql): Read entry nasname=192.168.0.100,shortname=PFSense,secret=testing123 rlm_sql (sql): Adding client 192.168.0.100 (PFSense) to clients list rlm_sql (sql): Read entry nasname=192.168.0.107,shortname=laptop,secret=testing123 rlm_sql (sql): Adding client 192.168.0.107 (laptop) to clients list rlm_sql (sql): Released sql socket id: 4 Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail Module: Instantiated detail (detail) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.107:2848, id=0, length=47 User-Name = "homepc" CHAP-Password = 0x1b13f913ed86b3207ad5be3007add7f5bc rlm_chap: Setting 'Auth-Type := CHAP' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'homepc' ORDER BY id rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'homepc' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id rlm_sql_mysql: query: SELECT id, UserName, Attribute, Value, op FROM radreply WHERE Username = 'homepc' ORDER BY id rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'homepc' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 3 rlm_chap: login attempt by "homepc" with CHAP password rlm_chap: Using clear text password homepc for user homepc authentication. rlm_chap: chap user homepc authenticated succesfully Sending Access-Accept of id 0 to 192.168.0.107 port 2848 rad_recv: Access-Request packet from host 192.168.0.107:2849, id=1, length=
Problems configuring Free Radius
Is there a free radius for Dummies book out there? I know that most of the instruction probably make sense to everyone, but me. I am trying to configure Freeradius 1.1 on a mysql database using fedora 4. I can get to a point where I do the radiusd –X and it starts the radius server. Is there something I need to do with the sql.conf file to tie all of this together? How do I enter my users in mysql? Is there a web interface for the users? Can I put in a start date for a user and a stop date for a user? Is there a web site that I can go to for answers to these questions? I have been to the archives. Thank you and if this all cannot be done, please let me know so I can scrap this project and move onto something different. Dwane Dwane Atkins T&N 210-567-0158 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: There are no DB handles to use!
Hi Folks, I have freebsd 4.10-RELEASE with mysql 4.1.1-alpha and freeradius 1.1.0 Radius give me this error: There are no DB handles to use! what this error means ? radiusd -X ql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'" sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" sql: postauth_table = "radpostauth" sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linkedrlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radiusrlm_sql (sql): starting 0rlm_sql (sql): Attempting to connect rlm_sql_mysql #0rlm_sql_mysql: Starting connect to MySQL server for #0rlm_sql (sql): Connected new DB handle, #0rlm_sql (sql): starting 1rlm_sql (sql): Attempting to connect rlm_sql_mysql #1rlm_sql_mysql: Starting connect to MySQL server for #1rlm_sql (sql): Connected new DB handle, #1rlm_sql (sql): starting 2rlm_sql (sql): Attempting to connect rlm_sql_mysql #2rlm_sql_mysql: Starting connect to MySQL server for #2rlm_sql (sql): Connected new DB handle, #2rlm_sql (sql): starting 3rlm_sql (sql): Attempting to connect rlm_sql_mysql #3rlm_sql_mysql: Starting connect to MySQL server for #3rlm_sql (sql): Connected new DB handle, #3rlm_sql (sql): starting 4rlm_sql (sql): Attempting to connect rlm_sql_mysql #4rlm_sql_mysql: Starting connect to MySQL server for #4rlm_sql (sql): Connected new DB handle, #4Module: Instantiated sql (sql) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"Module: Instantiated acct_unique (acct_unique) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yesModule: Instantiated radutmp (radutmp) Listening on authentication *:1845Listening on accounting *:1846Listening on proxy *:1847Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.11:2919, id=83, length=57 User-Name = "teste" User-Password = "teste" NAS-IP-Address = 192.168.1.11 NAS-Port = 0 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_realm: No '@' in User-Name = "teste", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Proxying request from user teste to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0radius_xlat: 'teste'rlm_sql (sql): sql_set_user escaped user --> 'teste'radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'teste' ORDER BY id'rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 modcall[authorize]: module "sql" returns fail for request 0modcall: leaving group authorize (returns fail) for request 0Finished request 0 My mysql.log show only connections but querys no. What is the min System Requerements to freeradius work, mem and processor ? Try to install a old version of radius? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool module permission denied
> > rlm_ippool: Failed to open file /etc/raddb/db.ippool: Permission denied > Eeeks I made a stupid mistake again and it was indeed a permission related issue. Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ippool module permission denied
try to go out of /etc/raddb , and check who owns raddb folder then. just chown it with radiusd including subfolders -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of S. K Rahman Sent: Wednesday, March 15, 2006 4:35 PM To: FreeRadius users mailing list Subject: ippool module permission denied Hello all, I am prototyping a wifi net access system using prebuilt version of freeradius that came with opensuse. The version is 1.0.4-4 Inorder to have control over the IP assigned when a user authenticates itself I have uncommented the mail_pool from the post auth and accounting section and kept the ippool main_pool section as it is the config. Unfortunately it does not work. When I run the raddius -X it throws me an error rlm_ippool: Failed to open file /etc/raddb/db.ippool: Permission denied The entire rml_pool error is listed below I thought the issue would be related to write access so I checked for the permission. The /etc/raddb directory owner is radiusd I am not sure what I am doing wrong Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Module: Loaded IPPOOL ippool: session-db = "/etc/raddb/db.ippool" ippool: ip-index = "/etc/raddb/db.ipindex" ippool: range-start = 192.168.1.1 IP address [192.168.1.1] ippool: range-stop = 192.168.3.254 IP address [192.168.3.254] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 800 ippool: override = no ippool: maximum-timeout = 0 rlm_ippool: Failed to open file /etc/raddb/db.ippool: Permission denied radiusd.conf[1483]: main_pool: Module instantiation failed. Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.3/281 - Release Date: 3/14/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ippool module permission denied
Hello all, I am prototyping a wifi net access system using prebuilt version of freeradius that came with opensuse. The version is 1.0.4-4 Inorder to have control over the IP assigned when a user authenticates itself I have uncommented the mail_pool from the post auth and accounting section and kept the ippool main_pool section as it is the config. Unfortunately it does not work. When I run the raddius -X it throws me an error rlm_ippool: Failed to open file /etc/raddb/db.ippool: Permission denied The entire rml_pool error is listed below I thought the issue would be related to write access so I checked for the permission. The /etc/raddb directory owner is radiusd I am not sure what I am doing wrong Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Module: Loaded IPPOOL ippool: session-db = "/etc/raddb/db.ippool" ippool: ip-index = "/etc/raddb/db.ipindex" ippool: range-start = 192.168.1.1 IP address [192.168.1.1] ippool: range-stop = 192.168.3.254 IP address [192.168.3.254] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 800 ippool: override = no ippool: maximum-timeout = 0 rlm_ippool: Failed to open file /etc/raddb/db.ippool: Permission denied radiusd.conf[1483]: main_pool: Module instantiation failed. Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: incorrect radacct AcctSessionTime
On Tue, 2006-14-03 at 15:16 -0500, Alan DeKok wrote: > "Gunther" <[EMAIL PROTECTED]> wrote: > > From time to time I see entries in the radacct AcctSessionTime column with > > over 1 billion seconds, > > despite that the StopTime minus StartTime is less than 5 seconds. > > With FR 1.0.5 it was a few times 2147483647: > > 2147483647 is 2^31-1. It looks like a signed/unsigned problem to > me. I used to see Acct-Session-Time responses from USR Hyper Cards like that every so often, the NAS was at fault and required a reboot. We would then calculate the time : Example, Acct-Session-Time = (Acct-Stop-Time - Acct-Stop-Delay) - (Acct-Start-Time + Acct-Start-Delay) We did it that way to give the customer the benefit of any error possibly incurred by delays. How you do this in real life will depend on what kind of DB you use to store the accounting data. > > > Now with 1.1.0 it is around 1142280970: > > Which is a weird number. > > > I presume that the NAS (wrt54g with Chillispot) is sending the incorrect > > information ... > > Is this correct? > > Maybe. See the SQL queries. If the NAS is sending > Acct-Session-Time, that goes into the column. If it doesn't send > Acct-Session-Time, then the session time is calculated based on the > local system time, and other info. > > It looks to me like the clocks on your NAS and the RADIUS server may > be quite a ways off from each other. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Accounting Cisco VSA attributes
Hi I have now upgraded to 1.1.0, and yes, it now converts Cisco AV pairs to new attributes. Many thanks. I thought it was worth mentioning that I had a few problems building Freeradius, which I should have brought up before, because I have dim memories of getting the same ones with 0.9.3. It's making rlm_sql_mysql hat gave me problems, and they were of two sorts. First, "configure" reckoned that MySQL was not usable on my system and didn't create the module in the first place. Then, when I fixed that, the run-time linker failed when the module was first loaded. I was able to fix both these problems, but I thought it might be worth letting you know, because I compiled it on two systems and got the same problems. One is an ancient Sun Ultra 1 running Solaris 5.9, while the other is a SunFire V240s running 5.8, so other Solaris users may see them as well. The "configure" problem I fixed by modifying "src/modules/rlm_sql/drivers/rlm_sql_mysql/configure. This is the output from "diff": 978c978 < LIBS="-L$try -lmysqlclient_r $old_LIBS" --- > LIBS="-L$try -lmysqlclient_r $old_LIBS -lsocket -lm -lz -lnsl" Without that compiling and linking of "conftest.c" in "configure" fails, and it assumes that that's because your MySQL is absent or wrongly set up. The other problem is in "Makefile.in". Here's the "diff" output: 6c6 < RLM_SQL_LIBS = @sql_mysql_ldflags@ --- > RLM_SQL_LIBS = @sql_mysql_ldflags@ -lm -lz The need for "libz" is the result of using MySQL 5.0, which has a new "archive" storage type that uses compression routines from a separate library, so I guess you have this issue on any architecture. "libm" is required because somewhere in the MySQL library there's a call to "floor", and that's probably only an issue with Suns. I realise that this may all be down to something odd about our Solaris systems, and if so please ignore this, but I thought it might be useful. Max Caines > -Original Message- > From: > [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > eeradius.o > rg]On Behalf Of Alan DeKok > Sent: 09 March 2006 19:37 > To: FreeRadius users mailing list > Subject: Re: Accounting Cisco VSA attributes > > > "Caines, Max" <[EMAIL PROTECTED]> wrote: > > I'm using FreeRadius (0.9.3) > > Oh dear, you *really* should upgrade. See > http://www.freeradius.org/security.html. > > As for the rest of your message, I recall issues with cisco_vsa_hack > in older versions of the server. Maybe a newer version works better. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
detail log
Hello, in the logs of the module auth_log you can suppress the log of the passord? Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Replying attribute value regarding a check-item or Hunt-group...
Hi, how can I achieve, that the radius-server is replying IP-address A, if comming from NAS A, and IP-address B, if comming from NAS B? Altough: IP A is stored in LDAP as IP-A and IP B is stored in LDAP as IP-B But unfortunately I do only have one Framed-IP-Address-attribute which should be mapped to either of above, depending of the NAS-IP. Any Ideas or further reading? Thank you! Regards Florian -- Dipl. Inf. Florian Prester Network Administration Regionales RechenZentrum Erlangen Universitaet Erlangen-Nuernberg Martensstr. 1 91052 Erlangen Germany Tel.: +499131 8527813 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html