Re: How to upgrade Freeradius?
Hi, [EMAIL PROTECTED] wrote: I don't have experience installing and uninstalling applications as freeradius from source code. I=B4d like to upgrade my freeradius version from 1.1.1 to 1.1.2, however I don=B4t know what steps have I to do. $ ./configure ... $ make $ make install could I just add that you SHOULD have your old 1.1.1 source directory to hand - or at least a backup of it, the reason? you can view your config.status file from that directory which will tell you EXACTLY how the last version was ./configure'd - make sure the ./configure command is exactly the same. the 'make install' will not touch config files which are in place. HOWEVER this does mean that new options are not commented within the configs etc and you must view the new config files to see new options and how to call them. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Zero Session-Timeout
Dear all, Using FB 6.0, FR 1.0.5 (will upgrade soon) I've problem with timeout... I've set in users file as below in order to load timeout value depending on type of connection (ISDN/PSTN) DEFAULT NAS-Port-Type == Sync, Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}` DEFAULT NAS-Port-Type == Async, Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value The problem is when Session-Timeout =0, normally happen when script cannot load value... it will NOT timeout... user till can get connect until manually disconnect... Below is the debug log... Login OK: [integ36] (from client INFRANETTEST port 300 cli ) Sending Access-Accept of id 111 to 10.1.1.1:1645 Session-Timeout = 0 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Framed-Protocol = PPP Service-Type = Framed-User Finished request 89 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97, length=131 Acct-Session-Id = 00AE Framed-Protocol = PPP User-Name = integ36 Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = Called-Station-Id = 2426 NAS-Port-Type = Async Connect-Info = 50667/24000 V90/V44/LAPM NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 . . . . rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98, length=173 Acct-Session-Id = 00AE Framed-Protocol = PPP Framed-IP-Address = 10.1.1.3 User-Name = integ36 Acct-Authentic = RADIUS Acct-Session-Time = 26 Acct-Input-Octets = 8110 Acct-Output-Octets = 4998 Acct-Input-Packets = 92 Acct-Output-Packets = 37 Acct-Terminate-Cause = User-Request Acct-Status-Type = Stop Calling-Station-Id = Called-Station-Id = 2426 NAS-Port-Type = Async Connect-Info = 50667/24000 V90/V44/LAPM NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.1.0 with rp-pppoe 3.8 pppoe-server
Below is the output from the /var/run/radattr.ppp0 :- Idle-Timeout 300 Below is the output from radiusd -X :- Sending Access-Accept of id 74 to 127.0.0.1 port 32797 Idle-Timeout = 300 RP-Upstream-Speed-Limit = 64 RP-Downstream-Speed-Limit = 128 Finished request 8 I don't see any RP-Upstream-Speed-Limit or RP-Downstream-Speed-Limit...why? --- Damjan [EMAIL PROTECTED] wrote: I have a Red Hat 9.0 system with the following software: - ppp 2.4.4b1 rp-pppoe 3.8 freeradius 1.1.0 I saw the following in /usr/local/share/freeradius/dictionary.roaringpenguin RP-Upstream-Speed-Limit RP-Downstream-Speed-Limit I did perform a download speed test and the download speed is not correct. I can't get 128kbits but I get the full speed of 1Mbps, why? rp-pppoe + pppd don't support those Radius attributes. to limit the user you'll need to create an /etc/ppp/ip-up script that will parse /var/run/radattr.ppp0 for those attributes, and then you can apply tc rules to limit the traffic. -- damjan | дамÑан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address, it's a Jabber ID --^ :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.1.0 with rp-pppoe 3.8 pppoe-server
Below is the output from the /var/run/radattr.ppp0 :- Idle-Timeout 300 Below is the output from radiusd -X :- Sending Access-Accept of id 74 to 127.0.0.1 port 32797 Idle-Timeout = 300 RP-Upstream-Speed-Limit = 64 RP-Downstream-Speed-Limit = 128 Finished request 8 I don't see any RP-Upstream-Speed-Limit or RP-Downstream-Speed-Limit...why? You need to have the dictionary with RP-Upstream-Speed-Limit and RP-Downstream-Speed-Limit installed in /etc/radiusclient/ and /etc/radiusclient/radiusclient.conf . -- damjan | дамјан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address, it's a Jabber ID --^ :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Zero Session-Timeout
On Tue, 30 May 2006, Rohaizam Abu Bakar wrote: Dear all, Using FB 6.0, FR 1.0.5 (will upgrade soon) I've problem with timeout... I've set in users file as below in order to load timeout value depending on type of connection (ISDN/PSTN) DEFAULT NAS-Port-Type == Sync, Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U ISDN}` DEFAULT NAS-Port-Type == Async, Autz-Type := DIALUP, Auth-Type := DIALUP Session-Timeout = `%{exec:/usr/local/etc/raddb/timeout.pl %U PSTN}`value The problem is when Session-Timeout =0, normally happen when script cannot load value... it will NOT timeout... user till can get connect until manually disconnect... I think that some access servers cannot handle session-timeout values which are very low or zero. In any case if session-timeout is zero you re better off sending an access-reject anyway. I would suggest moving the script to rlm_perl and just return REJECT in case you cannot find a correct value. And also try not sending a session-timeout value which is lower than 60 secs. Below is the debug log... Login OK: [integ36] (from client INFRANETTEST port 300 cli ) Sending Access-Accept of id 111 to 10.1.1.1:1645 Session-Timeout = 0 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Framed-Protocol = PPP Service-Type = Framed-User Finished request 89 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=97, length=131 Acct-Session-Id = 00AE Framed-Protocol = PPP User-Name = integ36 Acct-Authentic = RADIUS Acct-Status-Type = Start Calling-Station-Id = Called-Station-Id = 2426 NAS-Port-Type = Async Connect-Info = 50667/24000 V90/V44/LAPM NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 . . . . rad_recv: Accounting-Request packet from host 10.1.1.1:1646, id=98, length=173 Acct-Session-Id = 00AE Framed-Protocol = PPP Framed-IP-Address = 10.1.1.3 User-Name = integ36 Acct-Authentic = RADIUS Acct-Session-Time = 26 Acct-Input-Octets = 8110 Acct-Output-Octets = 4998 Acct-Input-Packets = 92 Acct-Output-Packets = 37 Acct-Terminate-Cause = User-Request Acct-Status-Type = Stop Calling-Station-Id = Called-Station-Id = 2426 NAS-Port-Type = Async Connect-Info = 50667/24000 V90/V44/LAPM NAS-Port = 300 Service-Type = Framed-User NAS-IP-Address = 10.1.1.1 Acct-Delay-Time = 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco avpair
Hi everybody i search an exhaustiv list of cisco avpair parameters that the radius server could return to a cisco router... i hope somebody will be able to help me with an URL or a list. thanks in advance begin:vcard fn:Pierre LEONARD n:LEONARD;Pierre org:Debian Etch - Testing ;Linux user email;internet:[EMAIL PROTECTED] title:Student - Network Telecoms version:2.1 end:vcard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco avpair
Pierre LEONARD wrote: Hi everybody i search an exhaustiv list of cisco avpair parameters that the radius server could return to a cisco router... i hope somebody will be able to help me with an URL or a list. thanks in advance This isnt the right place to ask. Try cisco-nsp or open a tac case. Here is where I asked the question. http://puck.nether.net/pipermail/cisco-nsp/2005-November/025998.html That being said, the general rule of thumb is that any tacacs value/pair can be sent as a cisco-avpair. Try searching cco for the strings cisco-avpair radius aaa For some non exhaustive lists see http://www.cisco.com/en/US/customer/products/ps6441/products_feature_guide09186a008048cfc7.html#wp1047577 http://www.cisco.com/en/US/customer/tech/tk713/tk507/technologies_tech_note09186a0080094862.shtml http://www.cisco.com/en/US/customer/products/ps6350/products_configuration_guide_chapter09186a0080444c05.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt6/sctacatb.htm https://puck.nether.net/pipermail/cisco-nsp/2004-December/015120.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ft_puq.htm http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dee9.html http://www.cisco.com/en/US/customer/products/ps6350/products_configuration_guide_chapter09186a0080455a5e.html http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5013/products_feature_guide09186a0080087e64.html http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5413/products_feature_guide09186a0080335ed5.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftvrfaaa.htm#1056126 Good luck! Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco avpair
Joe Maimon a écrit : Pierre LEONARD wrote: Hi everybody i search an exhaustiv list of cisco avpair parameters that the radius server could return to a cisco router... i hope somebody will be able to help me with an URL or a list. thanks in advance This isnt the right place to ask. Try cisco-nsp or open a tac case. Here is where I asked the question. http://puck.nether.net/pipermail/cisco-nsp/2005-November/025998.html That being said, the general rule of thumb is that any tacacs value/pair can be sent as a cisco-avpair. Try searching cco for the strings cisco-avpair radius aaa For some non exhaustive lists see http://www.cisco.com/en/US/customer/products/ps6441/products_feature_guide09186a008048cfc7.html#wp1047577 http://www.cisco.com/en/US/customer/tech/tk713/tk507/technologies_tech_note09186a0080094862.shtml http://www.cisco.com/en/US/customer/products/ps6350/products_configuration_guide_chapter09186a0080444c05.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt6/sctacatb.htm https://puck.nether.net/pipermail/cisco-nsp/2004-December/015120.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t15/ft_puq.htm http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008007dee9.html http://www.cisco.com/en/US/customer/products/ps6350/products_configuration_guide_chapter09186a0080455a5e.html http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5013/products_feature_guide09186a0080087e64.html http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps5413/products_feature_guide09186a0080335ed5.html http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t13/ftvrfaaa.htm#1056126 Good luck! Joe thanks Joe but I'm a french student and i havent any acces to the cisco site (with cco login) begin:vcard fn:Pierre LEONARD n:LEONARD;Pierre org:Debian Etch - Testing ;Linux user email;internet:[EMAIL PROTECTED] title:Student - Network Telecoms version:2.1 end:vcard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco avpair
Pierre LEONARD wrote: Joe Maimon a écrit : Good luck! Joe thanks Joe but I'm a french student and i havent any acces to the cisco site (with cco login) remove the customer/ and it should work as normal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth-Type attribute and authorize section
Hi all, I'm developping some FreeRADIUS modules. In the authorize section, my module set the Auth-Type to a specific value to pick my own module in the authorize section. The last one in this section is the FreeRADIUS files module. I use it to perform some tasks if the request is not processed by other modules. Even the Auth-Type has already been set by a precedent module, the request goes through the files modules and match the DEFAULT entry. Is there any possibility not to go through following modules in the authorize section if the Auth-Type has already been set. I mean go directly to the authentication section once the configuration attribute Auth-Type has been set (I would like not to modify the files module code). Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to Work on Accounting in Openser + radius
Hi Everybody, I need help from you users, That How can we perform the accouting in Openser and Radius, That I want database should in radius + mysql with openser . In openser if I add save(acc) its give error as reinstall ser_mysql.sh how can we do that... And I follow this http://openser.org/docs/openser-radius-1.0.x.html for integrating openser + radius But I wnat really how cam we integrate the opensaer + radius + mysql with hints or sample file -- Thanks and Regards with cheersSunkara Ravi Prakash (Voip Developer)Hyperion Technologywww.hyperion-tech.comb - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session-Octets-Limits
HelloHow can i add some attributes to freeradius sql tables , like i want to add Session-Octets-Limits what should i do? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
regular expressions parsing changed in 1.1.2 ?
Hi, I recently built 1.1.2 and it claims about regular expression in huntgroups: /opt/fr/etc/raddb/huntgroups[87]: Parse error (check) for entry UNKNOWN: Illegal regular expression in attribute: Calling-Station-Id: ?, *, +, or { } not preceded by valid regular expression The string contains: Calling-Station-Id =~ * Do i need something like that now: Calling-Station-Id =~ /*/ ??? -- Sincerely Yours, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type attribute and authorize section
Nicolas Castel [EMAIL PROTECTED] wrote: Is there any possibility not to go through following modules in the authorize section if the Auth-Type has already been set. Yes. See doc/configurable_failover. You should have your module return different codes, based on whether Auth-Type was set or not. You can then have a return code block saying updated = return, which will stop processing the authorize section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type attribute and authorize section
Thanks a lot Alan, that's exactly what i needed 2006/5/30, Alan DeKok [EMAIL PROTECTED]: Nicolas Castel [EMAIL PROTECTED] wrote: Is there any possibility not to go through following modules in the authorize section if the Auth-Type has already been set. Yes. See doc/configurable_failover. You should have your module return different codes, based on whether Auth-Type was set or not. You can then have a return code block saying updated = return, which will stop processing the authorize section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OSX rlm_sql_mysql problem
Well, :( I still run into the same problems with the new version. I don't see why I can't link to mysql What I'm stupid about is that configure says that everything is OK with mysql... 2006/5/30, Benedikt Baer [EMAIL PROTECTED]: I am testing it right now Stand by. 2006/5/30, [EMAIL PROTECTED] [EMAIL PROTECTED]: Hi, Will 1.1.2 work on Mac OS X? 1.1.1 didn't, so had to go back to 1.0.5 which works fine. how will we know with noone testing or reporting it? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius 1.1.0 with rp-pppoe 3.8 pppoe-server
Yes, the radius.so is loaded first and then radattr.so in the /etc/ppp/options require-pap login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns 192.168.1.1 ms-dns 192.168.1.2 plugin radius.so plugin radattr.so Is this the radius client dictionary - /etc/radiusclient/dictionary? Is this the radius server dictionary - /usr/local/share/freeradius/dictionary.roaringpenguin? --- Seferovic Edvin [EMAIL PROTECTED] wrote: Again ! As far as FreeRADIUS returns the attributes and values which are expected to be returned. The mistake in system is out of FreeRADIUS range. And this list is not a support hotline for misconfiguration on the rest of the system ;) Your PPPoE server should load radius.so and then radattr.so ! Ive just tested the radattr.so module on my Poptop server ( without any special config - just added the module ) and it is working as it should. Have you entered the attributes in both dictionaries? Server client dictionary ?? Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of root linux Sent: Mittwoch, 31. Mai 2006 04:22 To: FreeRadius users mailing list Subject: Re: freeradius 1.1.0 with rp-pppoe 3.8 pppoe-server I included the below into /etc/radiusclient/dictionary: - ATTRIBUTE RP-Upstream-Speed-Limit 81 integer ATTRIBUTE RP-Downstream-Speed-Limit 82 integer But it doesn't help... the output from the /var/run/radattr.ppp0 still shows the below: - Idle-Timeout 300 Below is the output from radtest command: - [EMAIL PROTECTED] run]# radtest testuser testpass 127.0.0.1 10 glsbb2005 Sending Access-Request of id 194 to 127.0.0.1 port 1812 User-Name = testuser User-Password = testpass NAS-IP-Address = 255.255.255.255 NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=194, length=50 Idle-Timeout = 300 RP-Upstream-Speed-Limit = 64 RP-Downstream-Speed-Limit = 128 --- Damjan [EMAIL PROTECTED] wrote: Below is the output from the /var/run/radattr.ppp0 :- Idle-Timeout 300 Below is the output from radiusd -X :- Sending Access-Accept of id 74 to 127.0.0.1 port 32797 Idle-Timeout = 300 RP-Upstream-Speed-Limit = 64 RP-Downstream-Speed-Limit = 128 Finished request 8 I don't see any RP-Upstream-Speed-Limit or RP-Downstream-Speed-Limit...why? You need to have the dictionary with RP-Upstream-Speed-Limit and RP-Downstream-Speed-Limit installed in /etc/radiusclient/ and /etc/radiusclient/radiusclient.conf . -- damjan | дамÑан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address, it's a Jabber ID --^ :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Testing jradius+freeradius+oracle
I get the reply message in java application from freeradius, but the reply message have only usergroup reply message and no user reply message. Why? Thanks! 周勇军 TD-TECH OMC 021-50992135 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html