IP Pools
Hi All, I need some assistance with assigning IP addresses from a pool to certain clients. The way I have it setup is doing AUTH through a mysql database, this all works briliantly. Now currently my NAS Server is actually giving out the IP addresses to the clients, I can overwrite it using Framed-IP-Address and then it gets a different IP. I want my radius server to get an IP out of a pool for each client, If the client is in a group called hardcapped it should give them a ip out of a different IP Pool. Otherwise it should pull A IP from the main_pool. Any suggestions? -- Kind Regards, Michael da Silva Pereira -- Office: 0861 74 73 72 Mobile: +27 84 245 2376 Fax:086 657 5004 Email: [EMAIL PROTECTED] Skype: michael_da_silva_pereira skype:michael_da_silva_pereira?add MSN:[EMAIL PROTECTED] msnim:[EMAIL PROTECTED] -- Tradepage.netBusiness on the Internet SA Business Directoryhttp://www.tradepage.co.za/ Internet Products Services http://www.tradepage.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP doest work with Cisco Catalyst 2950?
--On Wednesday, 26 July 2006 18:39 -0700 Thai Duong [EMAIL PROTECTED] wrote: --- Josh Howlett [EMAIL PROTECTED] wrote: Is there a RADIUS or EAP timer set on the switch? If it's set too low, the switch might be ignoring the Access- Challenge from the server. best regards, josh. Yup there're some timers on the switch but as far as I know they have no effect on the communication between the switch and the server. Is there anybody here had used Catalyst 2950 with freeradius before? Searching Google reveals that people seems only configure EAP/TLS to protect wireless LAN, not wired LAN. Where can I find a sucessful EAP/TLS setup with details about hardware/software components? Hi, We had similar problems. An example of what we put in the switch config to get it to work is here: http://www.bristol.ac.uk/is/computing/advice/networks/documentation/dot1x/cisco.html ... as Josh said - pay particular attention to the dot1x radius server timeout settings - we found the cisco defaults be be generally broken. Regards, James -- James J J Hooper, Information Services University of Bristol -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP and mySQL
I have came thru a number of references which states that LDAP are specialised database and optimized for read. Would that make it a good idea to authenticate thru LDAP *but* the accounting is handled thru mySQL ? Anybody have done this or am I talking nonsense here? (am 2 days old with RADIUS) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Mysql--just clarification
The alternative query is there because if it fails to update the record (lets say the start record never got logged) then it inserts a whole new record with both a start and a stop. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of ravi reddy Sent: 27 July 2006 09:02 To: freeradius-users@lists.freeradius.org Subject: Mysql--just clarification Hi Users I am using Freeradius-1.1.2 with mysql database: In sql.conf i found these following accounting_stop_query and accounting_stop_query_alt one have update querie and the later have the insert query this is became a lots confusion to me.. can any body please explain me why these two i think only one is enough just update any suggestions please:-) Communications on or through ioko's computer systems may be monitored or recorded to secure effective system operation and for other lawful purposes.Unless otherwise agreed expressly in writing, this communication is to be treated as confidential and the information in it may not be used or disclosed except for the purpose for which it has been sent. If you have reason to believe that you are not the intended recipient of this communication, please contact the sender immediately. No employee is authorised to conclude any binding agreement on behalf of ioko with another party by e-mail without prior express written confirmation.ioko365 Ltd. VAT reg 656 2443 31. Reg no 3048367. All rights reserved. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP and mySQL
Bubuk Gabrok wrote: I have came thru a number of references which states that LDAP are specialised database and optimized for read. You should setup the system you're the most familiar with. Unless you've *huge* RADIUS traffic on your site (more than 500 req/s) you won't notice the performance differences. Would that make it a good idea to authenticate thru LDAP *but* the accounting is handled thru mySQL ? Anybody have done this or am I talking nonsense here? This is common to use OpenLDAP for auth and MySQL for acct. http://freeradius.org/radiusd/doc/ldap_howto.txt -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Returning several values in the same attributes - bug or feature?
I've noticed very strange behavior of freeradius. After processing of 'digest' message I invoke 'authorize_reply_query' that returns list of values in SIP-AVP parameter In log it looks like this [cut] radius_xlat: 'SELECT * FROM test.authorize_reply('SIP','[EMAIL PROTECTED]', 'sip:[EMAIL PROTECTED]', 'INVITE' )' rlm_sql_postgresql: query: SELECT * FROM test.authorize_reply('SIP','[EMAIL PROTECTED]', 'sip:[EMAIL PROTECTED]', 'INVITE' ) rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = [cut] Sending Access-Accept of id 8 to 153.19.130.250 port 44072 SIP-AVP == #1:+48580001 SIP-AVP == #2:3 SIP-AVP == #3:4 Finished request 0 Going to the next request As you see radius returns 3 attributes and it is ok. But I also receive 'non-digest' message: rad_recv: Access-Request packet from host 153.19.130.250:44073, id=9, length=70 User-Name = [EMAIL PROTECTED] Service-Type = SIP-Callee-AVPs NAS-Port = 0 NAS-IP-Address = 153.19.130.250 I do not why for this message radius invoke: - authorize_check_query - authorize_group_check_query - authorize_group_reply but I do not know why radius DOES NOT invoke authorize_reply_query!! Do you know why ?? Because authorize_reply_query is not invoked I put my logic to authorize_group_reply but it appeared that sql statement in authorize_group_reply CAN only return only one row for the same attribute! I thing it is a bug, to be sure that it is not my bug I've put the same functionality in authorize_repy_query (for digest messages) and it has worked without any problem. I would like that authorize_group_reply returns something like this: SIP-AVP == #1:+48580001 SIP-AVP == #test1 SIP-AVP == #test2 But it only returns: SIP-AVP == #1:+48580001 Any ideas? I cannot return values in other attributes, and in worst case I return all values in one line of SIP-AVP but it is not best solution. Michal Szymanski http://blog.szymanskich.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: issues with peap + tlv part 1
On 7/27/06, Damon McDougald [EMAIL PROTECTED] wrote: I have gotten this to work with ntradping and radtest...just not windows ce client. It is an issue with mschapv2 and ntlmv2. As radtest doesn't know anything about peap (and a quick glance at Novell's left me with the impression that ntradping doesn't so neither) you checked for something different, when that worked. If you wish to enable EAP/PEAP you should follow the advice Alan gave you (and as is documented). Otherwise try duplicating the setup for your tests to your environment (_not_ using EAP/PEAP) for whatever purpose that fits. But please stop throwing allegations about issues whith mschapv2 and ntlmv2 (whatever that might be, at least it's not part of freeradius). regards K. Hoercher - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Returning several values in the same attributes - bug or feature?
Quoting [EMAIL PROTECTED]: I've noticed very strange behavior of freeradius. After processing of 'digest' message I invoke 'authorize_reply_query' that returns list of values in SIP-AVP parameter In log it looks like this Well, probably I've found reason of bug :) rlm_sql (sql): User [EMAIL PROTECTED] not found in radcheck simply user was not found in DB and freereadius does not invoke authorize_reply_query. I have to check my program once again but I think it is a reeason. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Returning several values in the same attributes - bug or feature?
[EMAIL PROTECTED] wrote: But still question remains, why authorize_reply_group cannot return several values in the same attribute. It can. You just have to set the operator correctly. See the rlm_sql documentation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to execute TWO OR MORE Sql statement?
Duane Cox [EMAIL PROTECTED] wrote: Wouldn't it be possible to have freeradius call different sql sections depending on other attributes. Yes. But I get this error... Failed to link to module 'rlm_sql1': rlm_sql1.so: cannot open shared object file: No such file or directory See the examples in doc/configurable_failover for naming schemes when using multiple copies of a module. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius FrontEmd
Hi,What the best FreeRadius with MYSQL databases FrontEnd for a Wireless ISP (Comercial, Freeware ou Open Source)?TksWagner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius FrontEmd
Try FreeSide www.sisd.com/freeside Jory Privett WCCS - Original Message - From: Wagner To: freeradius-users@lists.freeradius.org Sent: Thursday, July 27, 2006 12:35 PM Subject: Freeradius FrontEmd Hi,What the best FreeRadius with MYSQL databases FrontEnd for a Wireless ISP (Comercial, Freeware ou Open Source)?TksWagner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: Discarding duplicate request
Hello, My log is full of this kind of errors: Wed Jul 26 02:55:54 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 27 due to unfinished request 11$ Wed Jul 26 02:56:16 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 28 due to unfinished request 11$ Wed Jul 26 02:57:12 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 30 due to unfinished request 11$ Wed Jul 26 02:57:16 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 31 due to unfinished request 11$ Wed Jul 26 02:57:18 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 32 due to unfinished request 11$ Wed Jul 26 02:59:14 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 36 due to unfinished request 11$ Wed Jul 26 10:47:53 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 19 due to unfinished request 12$ Wed Jul 26 10:47:55 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 20 due to unfinished request 12$ Wed Jul 26 15:10:32 2006 : Error: Discarding duplicate request from client APTrkaliste:1026 - ID: 93 due to unfinished reques$ Wed Jul 26 19:35:58 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 203 due to unfinished request 1$ Wed Jul 26 20:31:30 2006 : Error: Discarding duplicate request from client APJankaVeselinovica:2051 - ID: 74 due to unfinishe$ Please for some help! Kind Regards, Aleksandar Stojilkovic - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Discarding duplicate request
Aleksandar Stojilkovic wrote: Hello, My log is full of this kind of errors: Owww, my eyes! Please don't post to mailing lists using HTML, and do everyone a favor, get rid off that yellow dot background from your email template. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Timezone settings?
Khoa Nguyen [EMAIL PROTECTED] wrote: The radius message from a client has Event-Timestamp displayed as local EDT time, but when Radiusd proccesses the message, the Event-Timestamp was converted to UTC time (as shown in the radacct detail log files). How can I disable this? I checked the timezone setting on the freeradius server machine, and it was set to EDT. Is there a config parameter that tells freeradius not to alter the Event-Timestamp? Times *are* in UTC. There isn't a configuration option to print times in local time zone, unfortunately. And if you're runnign 0.9.3, you should really upgrade... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Error: Discarding duplicate request
Ok, I'm new one to this... And O Yellow dots are matter of personal taste... And ow, do everyone a favor - keep your opinion for yourself... I am trying to get some help here -Original Message- From: [EMAIL PROTECTED] org [mailto:[EMAIL PROTECTED] eradius.org] On Behalf Of Mike Jakubik Sent: 27. jul 2006 21:11 To: FreeRadius users mailing list Subject: Re: Error: Discarding duplicate request Aleksandar Stojilkovic wrote: Hello, My log is full of this kind of errors: Owww, my eyes! Please don't post to mailing lists using HTML, and do everyone a favor, get rid off that yellow dot background from your email template. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1.1454 (20060321) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Discarding duplicate request
Aleksandar Stojilkovic wrote: Ok, I'm new one to this... And O Yellow dots are matter of personal taste... And ow, do everyone a favor - keep your opinion for yourself... I am trying to get some help here Follow the rules and you are more likely to get help: http://www.freeradius.org/list/users.html -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Discarding duplicate request
Le Thu, Jul 27, 2006 at 09:30:06PM +0200, Aleksandar Stojilkovic ecrivait: Ok, I'm new one to this... And O Yellow dots are matter of personal taste... And ow, do everyone a favor - keep your opinion for yourself... I am trying to get some help here And if you really want some help you'd better do what Mike asked. Regards, Fox. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to handle non digest messeg if Auth-Type is set to Digest?
Hi My Freeradius has to receive and process digest and non-digest message but when freeradius receives and process nondigest message (I have only one such message) I've got message: ERROR: You set 'Auth-Type = Digest' for a request that did not contain any digest attributes! modcall[authenticate]: module digest returns invalid for request 1 modcall: leaving group authenticate (returns invalid) for request 1 and I cannot return attributes in reply message. What should I do to process this message without ERROR ? Full log bellow: User-Name = [EMAIL PROTECTED] Service-Type = SIP-Callee-AVPs NAS-Port = 0 NAS-IP-Address = 153.19.130.250 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 modcall[authorize]: module digest returns noop for request 1 rlm_realm: Looking up realm server1.test.pl for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm server1.test.pl modcall[authorize]: module suffix returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1 users: Matched entry DEFAULT at line 45 modcall[authorize]: module files returns ok for request 1 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT * FROM test.authorize_check('SIP-Callee-AVPs','[EMAIL PROTECTED]' )' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_postgresql: query: SELECT * FROM test.authorize_check('SIP-Callee-AVPs','[EMAIL PROTECTED]' ) rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: '--authorize_group_check_query' rlm_sql_postgresql: query: --authorize_group_check_query rlm_sql_postgresql: Status: PGRES_EMPTY_QUERY rlm_sql_postgresql: affected rows = radius_xlat: 'SELECT * FROM test.authorize_reply('SIP-Callee-AVPs','[EMAIL PROTECTED]' , '', '' )' rlm_sql_postgresql: query: SELECT * FROM test.authorize_reply('SIP-Callee-AVPs','[EMAIL PROTECTED]' , '', '' ) SQL statement SELECT * FROM test.find_sip_account_info( $1 , $2 , $3 ) rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = radius_xlat: '--authorize_group_reply_query' rlm_sql_postgresql: query: --authorize_group_reply_query rlm_sql_postgresql: Status: PGRES_EMPTY_QUERY rlm_sql_postgresql: affected rows = rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module sql returns ok for request 1 modcall: leaving group authorize (returns ok) for request 1 rad_check_password: Found Auth-Type Digest auth: type digest Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 ERROR: You set 'Auth-Type = Digest' for a request that did not contain any digest attributes! modcall[authenticate]: module digest returns invalid for request 1 modcall: leaving group authenticate (returns invalid) for request 1 auth: Failed to validate the user. Login incorrect: [EMAIL PROTECTED]/no User-Password attribute] (from client server1 port 0) Sending Access-Reject of id 162 to 153.19.130.250 port 45429 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.4/401 - Release Date: 2006-07-26 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error: Discarding duplicate request
Hello, My log is full of this kind of errors: Wed Jul 26 02:55:54 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 27 due to unfinished request 11$ Wed Jul 26 02:56:16 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 28 due to unfinished request 11$ Wed Jul 26 02:57:12 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 30 due to unfinished request 11$ Wed Jul 26 02:57:16 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 31 due to unfinished request 11$ Wed Jul 26 02:57:18 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 32 due to unfinished request 11$ Wed Jul 26 02:59:14 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 36 due to unfinished request 11$ Wed Jul 26 10:47:53 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 19 due to unfinished request 12$ Wed Jul 26 10:47:55 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 20 due to unfinished request 12$ Wed Jul 26 15:10:32 2006 : Error: Discarding duplicate request from client APTrkaliste:1026 - ID: 93 due to unfinished reques$ Wed Jul 26 19:35:58 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 203 due to unfinished request 1$ Wed Jul 26 20:31:30 2006 : Error: Discarding duplicate request from client APJankaVeselinovica:2051 - ID: 74 due to unfinishe$ Please for some help! Kind Regards, Aleksandar Stojilkovic - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to handle non digest messeg if Auth-Type is set to Digest?
GlobeInPhotos wrote: Hi My Freeradius has to receive and process digest and non-digest message but when freeradius receives and process nondigest message (I have only one such message) I've got message: ERROR: You set 'Auth-Type = Digest' for a request that did not contain any digest attributes! modcall[authenticate]: module digest returns invalid for request 1 modcall: leaving group authenticate (returns invalid) for request 1 Don't set Auth-Type = digest. In fact, don't set Auth-Type at all, except in the rare cases of Reject or Accept. The digest and other modules will (should) set the Auth-Type for themselves in the authorize section, and only do it if it *is* a digest (or other) request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error: Discarding duplicate request
Aleksandar Stojilkovic wrote: Hello, My log is full of this kind of errors: Wed Jul 26 02:55:54 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 27 due to unfinished request 11$ Don't post to the list in HTML. Awful HTML at that... This is normally caused by a slowly-responding database (e.g. SQL, LDAP) or upstream proxy server. Make the thing respond quicker. Without more details as to your configuration, we can only guess, but maybe indices on key SQL tables and/or optimising the queries? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PATCH: rlm_dbm_parser and empty check-items
Hi, I'm trying to use rlm_dbm for authorization, and discovered that the rlm_dbm_parser program won't allow an entry to have an empty check-items list. You can't have, for instance: foo ; ; or foo ; You must have foo some_junk == here ; if foo is to be added to the resulting users.dbm database. To be more precise, you can't have empty check-items AND empty reply-items, which I think one should be allowed to have... :) The attached patch fixes that, and allows rlm_dbm_parser to process a source file with empty check- and reply-items. I created the patch against the latest cvs snapshot (jul. 27). Please apply, or let me know why you think it's a bad idea... :) Thanks, Gabriel diff -NarU5 freeradius.orig/src/modules/rlm_dbm/rlm_dbm_parser.c freeradius/src/modules/rlm_dbm/rlm_dbm_parser.c --- freeradius.orig/src/modules/rlm_dbm/rlm_dbm_parser.c2004-02-26 14:04:28.0 -0500 +++ freeradius/src/modules/rlm_dbm/rlm_dbm_parser.c 2006-07-27 15:49:27.0 -0400 @@ -153,11 +153,11 @@ static int storecontent (const char * username) { datum d,k; int res; - if ( pdb == NULL || concntr 3 ) return 1; + if ( pdb == NULL || concntr 2 ) return 1; DOUT2(store:\n%s\ncontent:\n%s,username,content); d.dptr = content; d.dsize = concntr + 1; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Error: Discarding duplicate request
Aleksandar Stojilkovic wrote: Hello, My log is full of this kind of errors: Wed Jul 26 02:55:54 2006 : Error: Discarding duplicate request from client APMajur:2048 - ID: 27 due to unfinished request 11$ Don't post to the list in HTML. Awful HTML at that... This is normally caused by a slowly-responding database (e.g. SQL, LDAP) or upstream proxy server. Make the thing respond quicker. Without more details as to your configuration, we can only guess, but maybe indices on key SQL tables and/or optimising the queries? - Thanks. I suspected so I increased the timeout between requests on my NASes from 200ms to 600ms. Everything worked fine for 3 days and then again the same... Which computer configuration is recommended for my needs: Freeradius with Mysql for about 1000 users that connects to network using wireless connections? Regards, Aleksandar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to handle non digest messeg if Auth-Type is set to Digest?
GlobeInPhotos [EMAIL PROTECTED] wrote: Sorry I wrote wrong. I do not set Auth-Type, simply in config I have set auth. Digest What does that mean? but beside digest message radius receives non digest message that I have to handle. I do not know why radius claims that it is digest message??? Maybe you know ? It's not claiming that. It's claiming that you set Auth-Type to Digest. The digest module only does that if there is, in fact, a digest request in the packet. So the conclusion is that you set Auth-Type = Digest somewhere. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to handle non digest messeg if Auth-Type is set to Digest?
So the conclusion is that you set Auth-Type = Digest somewhere. Probably OpenSer which is a sender set Auth-Type=Digest in request. By the way is it possible to make workaround for such situation to be honest I do not need authorize message but only I have to send some values to OpenSer - this non-digest (which seems to be a digest) message is our internal message. Or maybe it is a possibilities to accept this special message which is digest but has no digest attributes? Michal Szymanski -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.4/401 - Release Date: 2006-07-26 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to handle non digest messeg if Auth-Type is set to Digest?
GlobeInPhotos [EMAIL PROTECTED] wrote: So the conclusion is that you set Auth-Type = Digest somewhere. Probably OpenSer which is a sender set Auth-Type=Digest in request. No. It is IMPOSSIBLE for Auth-Type to be in a RADIUS packet. Go back and read the debug log. Check your configuration. YOU set Auth-Type in YOUR configuration. Stop arguing, and go check it. I do not need authorize message but only I have to send some values to OpenSer - this non-digest (which seems to be a digest) message is our internal message. Or maybe it is a possibilities to accept this special message which is digest but has no digest attributes? That makes no sense to me. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to handle non digest messeg if Auth-Type is set to Digest?
Go back and read the debug log. Check your configuration. YOU set Auth-Type in YOUR configuration. Are you talking about radius config? In my config I have something like this. authorize { cut Digest cut } I can send Stop arguing, and go check it. For sure I'm not arguing but I'm trying to find solution to my problem :) I do not need authorize message but only I have to send some values to OpenSer - this non-digest (which seems to be a digest) message is our internal message. Or maybe it is a possibilities to accept this special message which is digest but has no digest attributes? That makes no sense to me. Well, it makes sense :) After real digest message (INVITE request from OpenSer), our script in OpenSer sends special request for extra processing. This extra request is sent only in special situation. OpenSer can decide is this special situation happen when it receives data after INVITE request. We can sent all necessary data in reply for INVITE message but retrieving extra data is processor expensive and that is why we retrieve data only when it is really needed - using next nondigest request. I hope it is clear now. What we implement it is not typical Voip solution that is why we need special handling. Michal Szymanski -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.4/401 - Release Date: 2006-07-26 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to handle non digest messeg if Auth-Type is set to Digest?
I have also this in 'user' file DEFAULT Auth-Type := Digest Michal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Alan DeKok Sent: Friday, July 28, 2006 12:39 AM To: FreeRadius users mailing list Subject: Re: How to handle non digest messeg if Auth-Type is set to Digest? GlobeInPhotos [EMAIL PROTECTED] wrote: So the conclusion is that you set Auth-Type = Digest somewhere. Probably OpenSer which is a sender set Auth-Type=Digest in request. No. It is IMPOSSIBLE for Auth-Type to be in a RADIUS packet. Go back and read the debug log. Check your configuration. YOU set Auth-Type in YOUR configuration. Stop arguing, and go check it. I do not need authorize message but only I have to send some values to OpenSer - this non-digest (which seems to be a digest) message is our internal message. Or maybe it is a possibilities to accept this special message which is digest but has no digest attributes? That makes no sense to me. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.4/401 - Release Date: 2006-07-26 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.4/401 - Release Date: 2006-07-26 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP and mySQL
Quoting Nicolas Baradakis [EMAIL PROTECTED]: This is common to use OpenLDAP for auth and MySQL for acct. http://freeradius.org/radiusd/doc/ldap_howto.txt In that howto on the 2nd para of OVERVIEW: The radius servers will be accepting Radius auth packets and Radius acct packets. The accounting packets will be stored locally on each radius server and then forwarded to the Accounting radius server, using radrelay. The Accounting radius server will store all the radius information in some sort of database such as MySQL, Postgres, or Oracle. Question: My setup is rather simple. Just one server at the moment that houses the LDAP, RADIUS and mySQL server. Would it be possible to make mySQL accept the acct packets by default and thus making no use of radrelay altogether? -- Roger --- Sign Up for free Email at http://ureg.home.net.my/ --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP and mySQL
Roger Thomas [EMAIL PROTECTED] wrote: Question: My setup is rather simple. Just one server at the moment that houses the LDAP, RADIUS and mySQL server. Would it be possible to make mySQL accept the acct packets by default and thus making no use of radrelay altogether? Yes. radrelay is used only if you have two or more RADIUS servers. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html