Missing Attributes
I have FreeRadius 1.1 installed on a Ubuntu 6.06 Server Edition. I have integrated it with MySQL and a PHP admin application called phpMyPrepaid It is serving requests for a ChilliSpot daemon at my hotspot. I've added the additional Chillispot dictionary that has attributes for data volume limiting - but it does not appear to be working. I did a test radius request from a little win app called RadiusTest and it appears that the custom attributes are not been sent in the rad-reply packet by the radius server... As this is my first experience with radius - i have no idea where to start looking for where the problem may be. regards Graham Beneke Apolix Internet Services E-Mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] WEB: www.apolix.co.za http://www.apolix.co.za/ Cell: 082-432-1873 skype:+27824321873?call Skype: grbeneke skype:grbeneke?call - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Question about RADIUS proxy
Hi I am new to freeRADIUS. I have a question about RADIUS proxies. Is it possible to configure a forwarding RADIUS server to broadcast a request to all remote RADIUS servers? (I mean, without paying attention to athentication realms) Best Regards Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR-1.1.2 dies with error
Laker Netman wrote: How large a DB is this? And what type of link is there between FR and the DB? It's about 36 million records since april 2005. Unless there are, literally, (tens of) thousands of records and/or a *slow* link (think dial-up) and/or ancient hardware there should be some reasonable ways to speed up the DB response. Archiving of records and indexing are two that come to mind first. More complicated, but effective, would be clustering or optimization, even review of the DB version (deprecated?). I was partially wrong with the environment description. The authentication DB is very small (less than 1 records in all the tables). It is local on Sun Netra 1120 (2x440MHz) and Oracle 9.2.0.6. It serves about 2 to 5 radius requests per second. And the accounting DB is located on remote server (HP DL380 3GHz, Red Hat Enterprise with Oracle 10.2.0.1), connected to AAA server via 100BaseT link (loaded by 1-5%). The accounting process takes up to 25 requests per second. I suppose this is what bites the radius process periodically. Alan is correct, you are fixing (hiding) a symptom, and I can say from personal experience it *will* bite you in the butt at some point :) The worst part of it, too, will be that the new issue may not be clearly linkable back to the FR problem you have currently and you may not remember this piece of the puzzle. You are definitely right. We'll consider archiving. Indexing is already done on all the columns taking part in where clauses. Commenting rad_assert is just a temporary solution. Just for me to spend weekend with my friends and some beer. And not to be awaken in the night by damned SMS from dead AAA process :-) Thanks, -- Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question about RADIUS proxy
Ali Majdzadeh [EMAIL PROTECTED] wrote: Is it possible to configure a forwarding RADIUS server to broadcast a request to all remote RADIUS servers? (I mean, without paying attention to athentication realms) No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Missing Attributes
Graham Beneke [EMAIL PROTECTED] wrote: Add it... where? The chillispot daemon is not locking the user out once their transfer limit has been reached... Huh? You said you added the dictionary, and I asked where. Your answer makes no sense, other than as a statement unrelated to my question. Did you tell the server to send the attributes in the reply? Ok so how do i go about doing that? See the users file. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More documentation on Auth-Type
I've read the docs about auth-type configuration. And agree that without setting auth-type and leave FR to auto detect it, the auth will work even up to EAP. But sometimes we have to specify auth-type in order to search for different tree in LDAP for each services. Even Autz-Type also need to be specified but some of the EAP won't work such as EAP-TTLS-PAP. normally EAP sequence works OK but when up to comparing password, it will failed. I've reported my problem a few times in mailing list. Any comments? --haizam - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Friday, August 04, 2006 2:47 AM Subject: More documentation on Auth-Type http://deployingradius.com/documents/configuration/auth_type.html Many web sites contain all sorts of recommendations about Auth-Type. This one is correct. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More documentation on Auth-Type
Rohaizam Abu Bakar [EMAIL PROTECTED] wrote: I've read the docs about auth-type configuration. And agree that without setting auth-type and leave FR to auto detect it, the auth will work even up to EAP. But sometimes we have to specify auth-type in order to search for different tree in LDAP ... which isn't authentication. You just described searching an LDAP tree for information. That's using LDAP for what it was designed to do best: database lookups. Once the information is found in LDAP, the RADIUS server can do CHAP, MS-CHAP, etc. for authentication. LDAP servers don't handle those authentication protocols, so you're stuck with using LDAP for DB lookups, and RADIUS for authentication. normally EAP sequence works OK but when up to comparing password, it will failed. I've reported my problem a few times in mailing list. I don't recall seeing that, sorry. What was the problem? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need radius.log as SQL
I need to completely replace the radius.log file with SQL. I need this because Im running multiple servers and I need the logs in a single location that can be watched by one helpdesk staffer. The current post auth logs only handle accept and reject I need the complete log. For instance, when a shared secret is wrong, I need to know! My C programming skills are very rusty so I hope someone has this already so dont have to do it myself. Im currently using Version 1.1.2. Greg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pam client -password change packet problem
pam_radius_auth.c
if (password) {
get_random_vector(request-vector);
if (old_password) {/* password change request */
add_password(request, PW_PASSWORD, password, old_password);
add_password(request, PW_OLD_PASSWORD, old_password, old_password);
} else {/* authentication request */
add_password(request, PW_PASSWORD, password, server-secret);
}
}
Why change secret key?
old password - secret key ??
☞ 실시간 메일 알림! 이제 U2에서~ 악성코드 무료 치료 기능, SMS 100건 무료 제공! ☜
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help on PHP and Radius
Hi Guys...I need to integrate php and raadius...Actually i want to create the own user interface on OPENSER.That on PHP 5 is having the radis integration .So i need it...Now , I'm using the Radius in openser for AAA purpose only...Now I need to develop web interface for my application with radius...plz help me on this.-- Thanks and Regards with cheers Sunkara Ravi Prakash (Voip Developer)Hyperion TechnologyKondapur, Hi-tech city,Hyderabad.www.hyperion-tech.com+91-9985077535 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
