date:20060831

Thanks James, I don't figure out to use primary key solves the problem of 
duplicate keys.
I had in radacct as primary key radacctid but now I am going to have 
acctuniqueid.


This proble cause a new thread: why radacctid is the primary key of radacct 
table instead od acctuniqueid?




From: James Wakefield [EMAIL PROTECTED]
Reply-To: FreeRadius users mailing list 
freeradius-users@lists.freeradius.org

To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Subject: Re: Duplicate requests in a session
Date: Wed, 30 Aug 2006 22:07:09 +1000

Santiago Balaguer García wrote:

Hi people,

1)
 In my activity I realize that when the conexion to Internet of a NAS is 
NOT good (there are some reday in the DSL), the NAS send several Start 
requests. My problen is my RADIUS server ask for all these requests and 
they are inserted in my DB. So, when the user or the NAS finalize the 
session and NAS sends Stop Request, the credit associates to the user 
account is decremented several times. It happens so because I put a trgger 
in my DB to decrement the user credit atomatically.


 Can I avoid the problem of inserting several times the start request?
 If it is so, how??

2) Is it supposed that the value of acctsessionid and acctuniqueid in 
radacct table  are UNIQUE and they can not be duplicated ?


Thanks,
   Santiago


Hi Santiago,

Does your DBMS enforce primary key constraints?  Do you have a primary key 
defined for your radacct table? If I recall correctly, MySQL by default 
doesn't, are you using MySQL?


Cheers,
--
James Wakefield,
Unix Administrator, Information Technology Services Division
Deakin University, Geelong, Victoria 3217 Australia.

Phone: 03 5227 8690 International: +61 3 5227 8690
Fax:   03 5227 8866 International: +61 3 5227 8866
E-mail:   [EMAIL PROTECTED]
Website:  http://www.deakin.edu.au
- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


_
Acepta el reto MSN Premium: Protección para tus hijos en internet. 
Descárgalo y pruébalo 2 meses gratis. 
http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_proteccioninfantil


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Building Freeradius RPM on Redhat ES 4.0

2006-08-31 Thread B Thompson

On Wed, Aug 30, 2006 at 06:48:41PM -0400, King, Michael wrote:
 I seem to be having the same problem.
 
 Editing Line 102 allowed the package to build.
 
 Where did you remove /usr/local/bin from your path?


It may be that you don't have to remove it at all, and just changing
the order so that /usr/bin appears before /usr/local/bin might do the
trick.

To view your path :

# echo $PATH
/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin

To change your path :

# export 
PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin:/usr/local/bin






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP-TLS multi clients


Hi,

Well, as I have already told you, you should look for information
regarding ssl (so, openssl.org is a most prominent starting point),
which isn't a freeradius issue and as such is off topic here.

In any event, even if it were, to keep pounding this list, because
nobody did serve immediately to your needs, is considered not very
nice.

hth
K. Hoercher
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE : Re: RE : Re: no Client-IP-Address in packet

2006-08-31 Thread Mitaine Yoann

Phil Mayers [EMAIL PROTECTED] a écrit: Mitaine Yoann wrote:  */Michael Mitchell <[EMAIL PROTECTED]>/* a écrit :  Client-IP-Address is an internal freeRADIUS attribute, and is not defined in the RFC's. Hence it is never proxied to another server.Yes, I am aware of that. I said that, in fact.  In fact, the "Client-IP-Address" for server B in the example above would be the address of server A, and not the NAS.  Exactly, but it would seem that never arrives. Could you tell me, how to make so that the Client-IP-Address have the   IP address value of server  A .Don't remove the preprocess module from authorize.- List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.htmlthe only problem is that "preprocess" is present in the authorize section in the radiusd.conf file of the radius server A :authorize { preprocess suffix eap files   Autz-Type LDAP { ldap }}so I don't understand when a proxying request arrives, why the server B didn't match the rule in the users file :DEFAULT Huntgroup-Name == "foo", Ldap-Group == "interne", Autz-Type := Ldapwhere foo Client-IP-Address == x.x.x.xthere is perhaps a bug in the version which I use?   
		 
Découvrez un nouveau moyen de poser toutes vos questions quelque soit le sujet ! 
Yahoo! Questions/Réponses pour partager vos connaissances, vos opinions et vos expériences. Cliquez ici. 
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Difference between Auth-type=System and Auth type=Local


On 8/31/06, ys.hsia [EMAIL PROTECTED] wrote:

Why ? any \one can help ?


Had you followed the advice in the FAQ,
http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21
you and perhaps even the readers would perhaps have been able to
answer the question.

Furthermore the contents of users file do contain information as to
those Auth-Types. And to forestall further problems, please keep in
mind:
http://deployingradius.com/documents/configuration/auth_type.html

regards
K. Hoercher
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

why radacctid is the primary key of radacct table instead of acctuniqueid ?

After solving the problem of duplicate registers in radacct, see   
https://list.xs4all.nl/pipermail/freeradius-users/2006-August/056246.html


I have this doubt:
 why radacctid is the primary key of radacct table instead of acctuniqueid 
?

This is a way to avoid this problem and the DBMS  equally works.

  Santiago

_
Acepta el reto MSN Premium: Protección para tus hijos en internet. 
Descárgalo y pruébalo 2 meses gratis. 
http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_proteccioninfantil


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: certificate issue


On 8/31/06, Kartthik [EMAIL PROTECTED] wrote:

I ran the CA.all script, before it issues the 2nd certificate i get this
error message. Surely i know someone should have faced this issue, could

[...]

Using configuration from /usr/local/openssl/ssl/openssl.cnf

[...]

failed to update database
TXT_DB error number 2


I suspect the index.txt for the generated CA being not writeable/not
present. On rechecking the CA.all script I find it a bit fragile with
respect to local environments. As ist would be nice (judging from
numerous reports about problems users encounter due to certificate
issues) to provide a known (almost always) working set of generation
tools, I'm contemplating a few improvements just now.

regards
K. Hoercher
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: why radacctid is the primary key of radacct table instead of acctuniqueid ?


On 8/31/06, Santiago Balaguer García [EMAIL PROTECTED] wrote:

  why radacctid is the primary key of radacct table instead of acctuniqueid
?


accuniqueid is a configurable item (as in might not be present).
Furthermore depending on the configuration (see radiusd.conf) it tries
to be unique but isn't guaranteed to be so (at least in default
setup).

regards
K. Hoercher

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: no Client-IP-Address in packet

2006-08-31 Thread Nicolas Baradakis

Mitaine Yoann wrote:

 the only problem is that preprocess is present in the authorize
 section in the radiusd.conf file of the radius server A

You should check also the config of the radius server B.
And please stop posting with HTML to the mailing list.

-- 
Nicolas Baradakis

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Generic info rqrd...

On Thu 31 Aug 2006 08:16, [EMAIL PROTECTED] wrote:
 Hi All,

 I need some general info on Free Radius.

 1)Does it support 64-bit compilers?

http://wiki.freeradius.org/index.php/Platforms

 2)Does it has support for both Solaris and HP-Unix.

http://wiki.freeradius.org/index.php/Platforms

 3)Is it Multi Threaded safe.

FreeRADIUS is multi-threaded.

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgpGcasmBkNkk.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Short Deployment Platform Questionaire

Hi Guys

In order to bring our documentation up to date, can everyone please take a few 
seconds to report to me (either privately or to the list) what deployment 
platform(s) you are running FreeRADIUS on. In particular I am looking for non 
Linux/x86 information.

The more information you can give me the better, but everything helps. I would 
like to know answers to the following questions (In order of importance)

* What Operating System and Version are you running FreeRADIUS on?

* What architecture are you running on (x86, x86_64, Sparc, IA64, PPC etc)?

* What version of FreeRADIUS do you have in production?

* Approximately how many AAA users do you have?

* Did you install a vendor package, downloaded package, selfbuilt package or 
source install?

* If you built FreeRADIUS yourself, please list any special 
installation/compilation steps you needed to take to make it work on your 
platform.


Thanks in Advance from the FreeRADIUS Development Team

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgpZP28RuS6Ok.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Duplicate requests in a session

Good question. Does anyone have anything against changing this?

-Peter

On Thu 31 Aug 2006 10:11, Santiago Balaguer García wrote:
 Thanks James, I don't figure out to use primary key solves the problem of
 duplicate keys.
 I had in radacct as primary key radacctid but now I am going to have
 acctuniqueid.

 This proble cause a new thread: why radacctid is the primary key of radacct
 table instead od acctuniqueid?

 From: James Wakefield [EMAIL PROTECTED]
 Reply-To: FreeRadius users mailing list
 freeradius-users@lists.freeradius.org
 To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
 Subject: Re: Duplicate requests in a session
 Date: Wed, 30 Aug 2006 22:07:09 +1000
 
 Santiago Balaguer García wrote:
 Hi people,
 
 1)
   In my activity I realize that when the conexion to Internet of a NAS is
 NOT good (there are some reday in the DSL), the NAS send several Start
 requests. My problen is my RADIUS server ask for all these requests and
 they are inserted in my DB. So, when the user or the NAS finalize the
 session and NAS sends Stop Request, the credit associates to the user
 account is decremented several times. It happens so because I put a
  trgger in my DB to decrement the user credit atomatically.
 
   Can I avoid the problem of inserting several times the start request?
   If it is so, how??
 
 2) Is it supposed that the value of acctsessionid and acctuniqueid in
 radacct table  are UNIQUE and they can not be duplicated ?
 
 Thanks,
 Santiago
 
 Hi Santiago,
 
 Does your DBMS enforce primary key constraints?  Do you have a primary key
 defined for your radacct table? If I recall correctly, MySQL by default
 doesn't, are you using MySQL?
 
 Cheers,
 --
 James Wakefield,
 Unix Administrator, Information Technology Services Division
 Deakin University, Geelong, Victoria 3217 Australia.
 
 Phone: 03 5227 8690 International: +61 3 5227 8690
 Fax:   03 5227 8866 International: +61 3 5227 8866
 E-mail:   [EMAIL PROTECTED]
 Website:  http://www.deakin.edu.au
 - List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

 _
 Acepta el reto MSN Premium: Protección para tus hijos en internet.
 Descárgalo y pruébalo 2 meses gratis.
 http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_proteccionin
fantil

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgpyzIw2sQxcd.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 2.0.0-pre0 from CVS: Invalid version in module

2006-08-31 Thread Christian Hahn

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1



Alan DeKok wrote:
 Christian Hahn [EMAIL PROTECTED] wrote:
 I've just compiled the CVS version from 20060830 with
 prefix=/root/bin/freeradius-cvs. When starting radiusd it complains
 that the compiled modules have the wrong version:

 - 8
 radiusd:  entering modules setup
 Module: Library search path is /root/bin/freeradius-cvs/lib
 radiusd.conf[1634] Invalid version in module 'rlm_exec'
 Errors setting up modules
 
   You've installed the CVS version on a box which already had 1.1.3,
 and it's picking up the old modules.  Those modules are incompatible,
 hence the error message.
You are right there is a v1.1.3 installed, but I configured the CVS
version with completely different prefix and the lib path points only
to /root/bin/freeradius-cvs/lib , so I thought this would be enough.

I've just got around this by commenting out the user=radiusd and
group=radiusd statements in the radiusd.conf. If I start the server
with root privileges it don't complains about the modules.

But I would not do this longer then for testing purposes.


 
 And all the modules in lib are freshly build and installed with the
 server. I have also checked the radiusd.conf for wrong lib paths.
 
   The only other thing is that maybe it's a 64 bit issue?  The CVS
 version works fine for me, but I don't run on a 64-bit platform.
 
   Alan DeKok.
 --
   http://deployingradius.com   - The web site of the book
   http://deployingradius.com/blog/ - The blog
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE9qyG6kMW7HW8620RAoqGAJ4vUimIvVmSGzsSwb5e3ub1/EtxKwCgzJON
AcIqjl5UHZ4Funp/fnzKFcw=
=lR4d
-END PGP SIGNATURE-
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

vendor attribute in radius-accept message

2006-08-31 Thread [EMAIL PROTECTED]

Hi.
How to configure freeradius to send vendor specif attribute in a radius-accept 
message based on eap-tls?



___
Mutui a tassi scontati da 30 banche. Richiedi online e risparmia. Servizio 
gratuito. 
http://click.libero.it/mutuionline



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Generic info rqrd...

2006-08-31 Thread Christian Hahn

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi, I can only answer to question 1)

[EMAIL PROTECTED] wrote:
 
 I need some general info on Free Radius.
 
 1)Does it support 64-bit compilers?
Yes it compiles on CentOS 4.3 x86_64. I just use the CVS version for
some tests and it works.

Christian

 2)Does it has support for both Solaris and HP-Unix.
 3)Is it Multi Threaded safe.
 
 Thanks in advance,
 
 Ram.
 
 
 
 
 Tech Mahindra, formerly Mahindra-British Telecom.
  
 Disclaimer:
 
 This message and the information contained herein is proprietary and 
 confidential and subject to the Tech Mahindra policy statement, you may 
 review at a 
 href=http://www.techmahindra.com/Disclaimer.html;http://www.techmahindra.com/Disclaimer.html/a
  externally and a 
 href=http://tim.techmahindra.com/Disclaimer.html;http://tim.techmahindra.com/Disclaimer.html/a
  internally within Tech Mahindra.
 
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE9q7r6kMW7HW8620RAkvsAJ4oaNRjD51cYE+NcGdxO8S0+HaFSQCfTUxx
Qd/jgIRQrKwEOgqH8PyiWeQ=
=DMlG
-END PGP SIGNATURE-
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Duplicate requests in a session

Peter Nixon [EMAIL PROTECTED] wrote:
 Good question. Does anyone have anything against changing this?

  They primary key should be a synthetic field, and not something
derived directly from the packet.  Calling it 'acctuniqueid' is
awkward, maybe renaming it to 'radiuskey'?

  It can then be used in the SQL queries as
%{Acct-Unique-ID:-%{Acct-Session-id}}, which should be safe for all
configuration.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Short Deployment Platform Questionaire

2006-08-31 Thread Markus Krause

Zitat von Peter Nixon [EMAIL PROTECTED]:

 Hi Guys

 In order to bring our documentation up to date, can everyone please take a
 few
 seconds to report to me (either privately or to the list) what deployment
 platform(s) you are running FreeRADIUS on. In particular I am looking for non
 Linux/x86 information.

 The more information you can give me the better, but everything helps. I
 would
 like to know answers to the following questions (In order of importance)

 * What Operating System and Version are you running FreeRADIUS on?
Debian Sarge 3.1 (in use)
SuSE Linux Enterprise Server 9 (updated by SLES 10, see below)
SuSE Linux Enterprise Server 10
OpenSuSE 10.0 (just for testing)
Mac OS X 10.4.7 (_not_ Server, for testing only)

 * What architecture are you running on (x86, x86_64, Sparc, IA64, PPC etc)?
x86 (in use, all Linux systems)
PPC (Mac OS X)

 * What version of FreeRADIUS do you have in production?
1.1.3 (all updated lately)

 * Approximately how many AAA users do you have?
~ 900 users (in  use, currently in LDAP)
~ 1200 devices (mac authentication, planned, still testing ...)

 * Did you install a vendor package, downloaded package, selfbuilt package or
 source install?
Debian: selfbuilt package
SuSE: selfbuilt package
Mac OS X 10.4.7 (not server!): source install

 * If you built FreeRADIUS yourself, please list any special
 installation/compilation steps you needed to take to make it work on your
 platform.
Debian and SuSE: worked out of the box

Mac OS X 10.4.7 (not server!):

 the ./configure script adds a line INSTALLSTRIP = -s in Make.inc which
 produces errors (as reported: Symbol not found: _debug_flag). Remove the
 -s option solves the problem, another solution is running
 ./configure --enable-developer. so the following works:

   # ./configure --enable-developer
   # make
   # sudo make install

 maybe important: i did not build any of the following modules due to missing
 libraries (did it just for testing and contriubution, its not a productive
 system; maybe next year ...): any sql-module, unixodbc, rlm_counter, rlm_ippool


 Thanks in Advance from the FreeRADIUS Development Team
thanks in return to all developers for their great work and assistance!

  markus

--
Markus Krause   email: [EMAIL PROTECTED]
Mogli-Soft: Support for Mac OS X, Webmail/Horde, LDAP, RADIUS
by order of the Computing Center of the Max-Planck-Institute of Biochemistry
Tel.: 089 - 89 40 85 99 Fax.: 089 - 89 40 85 98

-
 This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Simultaneous-Use implementation in rlm_python

2006-08-31 Thread Flamur Rogova


Hi,
I have noticed that more recent rlm_python versions have function 
bindings for implementing Simultaneous-Use checking in python module.


Something like this
...
python_init done
Module: Loaded python
 python: mod_instantiate = pppoe
 python: func_instantiate = instantiate
 python: mod_authorize = pppoe
 python: func_authorize = authorize
 python: mod_authenticate = pppoe
 python: func_authenticate = authenticate
 python: mod_preacct = pppoe
 python: func_preacct = preacct
 python: mod_accounting = pppoe
 python: func_accounting = accounting
 python: mod_checksimul = pppoe
 python: func_checksimul = checksimul
 python: mod_detach = pppoe
 python: func_detach = detach
Module: Instantiated python (PPPoE)
...

What should func_checksimul return to signify that user is already 
logged on / not loged on ?


Is it safe to use this feature in production ?

Regards,
Flamur Rogova

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Duplicate requests in a session


  They primary key should be a synthetic field, and not something
derived directly from the packet.  Calling it 'acctuniqueid' is
awkward, maybe renaming it to 'radiuskey'?

  It can then be used in the SQL queries as
%{Acct-Unique-ID:-%{Acct-Session-id}}, which should be safe for all
configuration.



NOP, the default definition of the acctuniqueid attribute is correct.

acct_unique {
   key = User-Name, Acct-Session-Id, NAS-IP-Address, 
Client-IP-Address, NAS-Port

   }

 It is more possible that a user connect and disconnect several times in a 
same session. I think it is task of the NAS to assign a unique session id to 
a user. With acct_unique specification freeradius builds acctuniqueid 
attribute.


This is my reason for the change. Do you agree???

_
Grandes éxitos, superhéroes, imitaciones, cine y TV... 
http://es.msn.kiwee.com/ Lo mejor para tu móvil.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

acctsessionid is void


Following with my questions, I propose the next question:
Is it acceptable that a NAS always  sends as a acctsession attribute a null 
or void value ?


Santiago

_
Moda para esta temporada. Ponte al día de todas las tendencias. 
http://www.msn.es/Mujer/moda/default.asp


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem using radiusMaxBandwidthDown attribute

2006-08-31 Thread luigi natalino


Hello
I need to use the radiusMaxBandwidthDown and  radiusMaxBandwidthUp in ldap 
but RADIUS-LDAPv3.schema doesn't contain those attribute.
Could someone tell me where I can take a complete RADIUS-LDAPv3.schema 
containing these attributes or could someone tell me the scheme about these 
two attributes so that I can add them in RADIUS-LDAPv3.schema?

What I must add in ldap.attrmap?

Many thanks to all
Best Regards, Luigi

_
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

URGENT! Dialupadmin Could not connect to SQL database

URGENT!Hi,I'm getting this error Could not connect to SQL database. in dialupadmin. (using OCI8 with ORACLE)
Radiusd connects to Oracle without any problems, dialupadmin don't.Please help.Thank you.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: sqlcounter

2006-08-31 Thread Graham Beneke


Guy Fraser wrote:

There is also some documentation in the config file.
  

Most of that is specifically related to sqlcounter for time based billing
I believe this has been discussed many times and there should 
be some information in the archives. Have you Googled for it?
  
I have indeed - and everything I have come up with has been questions... 
with no answers. From the mailing list archives as well.
Once you figure it out, maybe you wouldn't mind contributing 
some better documentation for rlm_sqlcounter to the project.

I am sure future implementers would appreciate it.
  
I figured last night that I should probably do this in the end - think 
I'm gonna have to sit with the source and figure out the solution myself.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: URGENT! Dialupadmin Could not connect to SQL database

On Thu 31 Aug 2006 16:17, Guilherme Franco wrote:
 URGENT!

 Hi,

 I'm getting this error *Could not connect to SQL database. *in dialupadmin.
 (using OCI8 with ORACLE)
 *
 *Radiusd connects to Oracle without any problems, dialupadmin don't.

Does your PHP module have Oracle support?

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgp3gJXSB7dTB.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WebDAV HTTP Auth to RADIUS, possible?

2006-08-31 Thread Michael Check


On 8/30/06, Alan DeKok [EMAIL PROTECTED] wrote:

Michael Check [EMAIL PROTECTED] wrote:
 Is it possible to set up an Apache 1.3 server with WebDAV to
 authenticate to a freeRADIUS?

  Unless I'm mistaken, webdav uses HTTP digest for authentication.
That makes it difficult.

  If it's using basic authentication, mod_auth_radius can help.

 We're using freeRadius 1.1.0 on OSX.4, successfully authenticatiing
 off an Active Directory master.

  If it's using HTTP digest authentication, then this is impossible.
HTTP digest requires the clear-text password, and AD doesn't supply it.



Thanks Alan and Samuel.  I d/l the mod-auth_radius and got it
installed.  I haven't successfully gotten it to work, but I haven't
spent enough time yet.  Task for today.

WebDAV will allow either Basic or Digest (it uses the same HTTP Auth
mechanism that Apache provides) so I think it will work.  Even with
DAV On, you can have AuthType Basic - so my assumption at this point
is that it will work.  I'll report back to the list.

Thanks!

Michael Check
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: issue with attribute 97 from rfc3162 in users file

2006-08-31 Thread Christian Hahn

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

here my summary for this issue:

- - I used FreeRADIUS Version 2.0.0-pre0 (20060830) from CVS
- - Attribute 97 is properly coded and delivered to the asking NAS
- - so if you need all the rfc3162 attributes use the CVS code

thanks for the help and of course for freeradius,
Christian

Christian Hahn wrote:
 /usr/local/etc/raddb/users[227]: Parse error (reply) for entry
 hextest: unknown attribute type 8
 Errors reading /usr/local/etc/raddb/users
 thsi works with the 2.0pre CVS code.. so theres something not quite 
 right 
 in the 1.1.3 code. and yes,  theres no IPV6PREFIX handler in valuepair.c
 or in the print debugger or full handling in radius.c
 Thanks for the hint, I will try the cvs version and probably check the
 code of the 1.1.3 version.
 Are there any information how mature the 2.0.0-pre0 code is? Is it
 just a development branch for new features or will this be eventually
 the next release train?
 
 best regards,
 Christian
 
 FreeRADIUS Version 2.0.0-pre0
 
 dict.c: { ipv6prefix, PW_TYPE_IPV6PREFIX },
 print.c:case PW_TYPE_IPV6PREFIX:
 radius.c:   case PW_TYPE_IPV6PREFIX:
 radius.c:   case PW_TYPE_IPV6PREFIX:
 radius.c:   case PW_TYPE_IPV6PREFIX:
 radius.c:   case PW_TYPE_IPV6PREFIX:
 valuepair.c:case PW_TYPE_IPV6PREFIX:
 valuepair.c:case PW_TYPE_IPV6PREFIX:
 valuepair.c:case PW_TYPE_IPV6PREFIX:
 
 
 FreeRADIUS Version 1.1.3
 
 dict.c: { ipv6prefix, PW_TYPE_IPV6PREFIX },
 radius.c:   case PW_TYPE_IPV6PREFIX:
 radius.c:   case PW_TYPE_IPV6PREFIX:
 
 
 so thats why it isnt working for you 
 
 alan
 - 
 List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html
- -
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFE9u4g6kMW7HW8620RAv4fAJ49kZiKXqMsKFpbtAlAmSHrghbM+QCgmsbU
+kZPowN1aWySzEdexIE7vc4=
=0YaX
-END PGP SIGNATURE-
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: URGENT! Dialupadmin Could not connect to SQL database

Hello,Yes, I configured it with the option --with-oci8, and phpinfo() shows oci8 support as enabled.This machine (dialupadmin server) is standalone (oracle in other server and radius in other).
I'm trying to use sqlplus from the dialupadmin server but it gives me either ORA-12546 TNS permission denied or ORA-12514 TNS listener does not currently know of service requested in connect descriptor.I've researched a lot about this problems but found nothing.
note: (I've read somewhere that oci does not work well with modules, just with static php links)Please help.Thank you very much.On 8/31/06, 
Peter Nixon [EMAIL PROTECTED] wrote:
On Thu 31 Aug 2006 16:17, Guilherme Franco wrote: URGENT! Hi, I'm getting this error *Could not connect to SQL database. *in dialupadmin. (using OCI8 with ORACLE) *
 *Radiusd connects to Oracle without any problems, dialupadmin don't.Does your PHP module have Oracle support?--Peter Nixonhttp://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Disconnect

2006-08-31 Thread Sean

Hi,

Does anyone know how to get disconnect to work with radclient? I can get
it to return status but when I try disconnect radiusd -X returns the
following:-

rad_recv: Disconnect-Request packet from host 127.0.0.1:57181, id=9,
length=29
Unknown packet code 40 from client swarm:57181 - ID 9 : IGNORED

Any help or hints would be much appreciated.

Thanks,

Sean

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: URGENT! Dialupadmin Could not connect to SQL database

Mr. Peter,I did a test right now with the command line php, for example php test.php and it works!test.php is a program I've created to retrieve some tables from the oracle server. (tcpdump in oracle server shows traffic correctly this way)
But when I try to open test.php from the apache web page, it states Parse error: syntax error, unexpected '' in
/www/htdocs/test.php on line 10 (then, tcpdump in oracle server shows nothing)
I think that the same problem is blocking dialupadmin from connecting with oracle.
What might it be?Thanks.On 8/31/06, Guilherme Franco
[EMAIL PROTECTED] wrote:
Hello,Yes, I configured it with the option --with-oci8, and phpinfo() shows oci8 support as enabled.This machine (dialupadmin server) is standalone (oracle in other server and radius in other).

I'm trying to use sqlplus from the dialupadmin server but it gives me either ORA-12546 TNS permission denied or ORA-12514 TNS listener does not currently know of service requested in connect descriptor.I've researched a lot about this problems but found nothing.
note: (I've read somewhere that oci does not work well with modules, just with static php links)Please help.Thank you very much.
On 8/31/06,
Peter Nixon [EMAIL PROTECTED] wrote:

On Thu 31 Aug 2006 16:17, Guilherme Franco wrote: URGENT! Hi, I'm getting this error *Could not connect to SQL database. *in dialupadmin. (using OCI8 with ORACLE) *

*Radiusd connects to Oracle without any problems, dialupadmin don't.Does your PHP module have Oracle support?--Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc-List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Duplicate requests in a session

[EMAIL PROTECTED] wrote:
 NOP, the default definition of the acctuniqueid attribute is correct.

  I don't think you're clear on what is being discussed.

   It is more possible that a user connect and disconnect several times in a 
 same session.

  No, it is not possible.

 I think it is task of the NAS to assign a unique session id to 
 a user.

  Yes, and many NASes don't do that.

  With acct_unique specification freeradius builds acctuniqueid 
 attribute.

  Yes, which is why I wrote the acct_unique module.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: URGENT! Dialupadmin Could not connect to SQL database

We made the changes to dialup_admin to make it work with oracle, however I am 
afraid you are going to have to solve the problems with your Oracle 
installation yourself.

The first thing you need to do is get sqlplus working, then PHP.

For your info, we have it working fine with Oracle 10g. If you are running an 
older version you are on your own :-)

Cheers

Peter

On Thu 31 Aug 2006 17:16, Guilherme Franco wrote:
 Hello,

 Yes, I configured it with the option --with-oci8, and phpinfo() shows
 oci8 support as enabled.

 This machine (dialupadmin server) is standalone (oracle in other server and
 radius in other).

 I'm trying to use sqlplus from the dialupadmin server but it gives me
 either ORA-12546 TNS permission denied or ORA-12514 TNS listener does not
 currently know of service requested in connect descriptor.

 I've researched a lot about this problems but found nothing.

 note: (I've read somewhere that oci does not work well with modules, just
 with static php links)

 Please help.

 Thank you very much.

 On 8/31/06, Peter Nixon [EMAIL PROTECTED] wrote:
  On Thu 31 Aug 2006 16:17, Guilherme Franco wrote:
   URGENT!
  
   Hi,
  
   I'm getting this error *Could not connect to SQL database. *in
 
  dialupadmin.
 
   (using OCI8 with ORACLE)
   *
   *Radiusd connects to Oracle without any problems, dialupadmin don't.
 
  Does your PHP module have Oracle support?
 
  --
 
  Peter Nixon
  http://www.peternixon.net/
  PGP Key: http://www.peternixon.net/public.asc
 
 
  -
  List info/subscribe/unsubscribe? See
  http://www.freeradius.org/list/users.html

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgpQELm4ALEsR.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Duplicate requests in a session

2006-08-31 Thread Guy Fraser

On Thu, 2006-08-31 at 12:31 +0300, Peter Nixon wrote:
 Good question. Does anyone have anything against changing this?
 
 -Peter
 
 On Thu 31 Aug 2006 10:11, Santiago Balaguer García wrote:
  Thanks James, I don't figure out to use primary key solves the problem of
  duplicate keys.
  I had in radacct as primary key radacctid but now I am going to have
  acctuniqueid.
 
  This proble cause a new thread: why radacctid is the primary key of radacct
  table instead od acctuniqueid?

I used a slightly different solution in my PostgreSQL implementation :

ALTER TABLE ONLY radacct
ADD CONSTRAINT radacct_unique_session UNIQUE (
username, nasipaddress, nasportid, acctsessionid
);

NOTE: When duplicate records come in you will see errors in the 
log file like these :

Fri Jul 7 13:06:47 2006 : Error: rlm_sql (sql): failed after re-connect 
Fri Jul 7 13:06:47 2006 : Error: rlm_sql (sql): Couldn't insert SQL 
accounting START record - ERROR: duplicate key violates unique 
constraint radacct_unique_session

These errors are mostly informational, because when the insert 
fails, rlm_sql will use the alternate update method and will 
succeed.

This is the same method I used on a customized Cistron 
server I used for over 5 years and had no problems.

For some reason acctuniqueid was not unique in the duplicate 
packets, so my initial attempts at using it were unsuccessful.

PostgreSQL can have a primary key that spans multiple 
columns, and would look like this {IIRC} :

ALTER TABLE ONLY radacct
ADD CONSTRAINT radacct_pkey_session PRIMARY KEY (
username, nasipaddress, nasportid, acctsessionid
);

I did not use this, because I did not want to significantly change 
the default configuration of most of the tables. Once I get a chance 
to clean up the admin interface I have been developing I will 
likely want to add some changes to the PostgreSQL default schema 
that will allow better management without affecting the default 
configuration, but since I am not finished I don't want to add 
the changes to CVS quite yet.


 
  From: James Wakefield [EMAIL PROTECTED]
  Reply-To: FreeRadius users mailing list
  freeradius-users@lists.freeradius.org
  To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
  Subject: Re: Duplicate requests in a session
  Date: Wed, 30 Aug 2006 22:07:09 +1000
  
  Santiago Balaguer García wrote:
  Hi people,
  
  1)
In my activity I realize that when the conexion to Internet of a NAS is
  NOT good (there are some reday in the DSL), the NAS send several Start
  requests. My problen is my RADIUS server ask for all these requests and
  they are inserted in my DB. So, when the user or the NAS finalize the
  session and NAS sends Stop Request, the credit associates to the user
  account is decremented several times. It happens so because I put a
   trgger in my DB to decrement the user credit atomatically.
  
Can I avoid the problem of inserting several times the start request?
If it is so, how??
  
  2) Is it supposed that the value of acctsessionid and acctuniqueid in
  radacct table  are UNIQUE and they can not be duplicated ?
  
  Thanks,
  Santiago
  
  Hi Santiago,
  
  Does your DBMS enforce primary key constraints?  Do you have a primary key
  defined for your radacct table? If I recall correctly, MySQL by default
  doesn't, are you using MySQL?
  
  Cheers,
  --
  James Wakefield,
  Unix Administrator, Information Technology Services Division
  Deakin University, Geelong, Victoria 3217 Australia.
  
  Phone: 03 5227 8690 International: +61 3 5227 8690
  Fax:   03 5227 8866 International: +61 3 5227 8866
  E-mail:   [EMAIL PROTECTED]
  Website:  http://www.deakin.edu.au
  - List info/subscribe/unsubscribe? See
  http://www.freeradius.org/list/users.html
 
  _
  Acepta el reto MSN Premium: Protección para tus hijos en internet.
  Descárgalo y pruébalo 2 meses gratis.
  http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_proteccionin
 fantil
 
  -
  List info/subscribe/unsubscribe? See
  http://www.freeradius.org/list/users.html
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
Guy Fraser
Network Administrator
The Internet Centre
1-888-450-6787
(780)450-6787


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Disconnect

On Thu 31 Aug 2006 17:24, Sean wrote:
 Hi,

 Does anyone know how to get disconnect to work with radclient? I can get
 it to return status but when I try disconnect radiusd -X returns the
 following:-

 rad_recv: Disconnect-Request packet from host 127.0.0.1:57181, id=9,
 length=29
 Unknown packet code 40 from client swarm:57181 - ID 9 : IGNORED

 Any help or hints would be much appreciated.

Who are you trying to send disconnect to? It appears you are trying to send it 
to the RADIUS server, not the NAS which will obviously not work :-)

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


pgpZBRGd2rXQJ.pgp
Description: PGP signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Disconnect

Sean [EMAIL PROTECTED] wrote:
 Does anyone know how to get disconnect to work with radclient? I can get
 it to return status but when I try disconnect radiusd -X returns the
 following:-

  The server doesn't support Disconnect-Request.  And if it did, it
would be on a separate port, not 1812.

  The main problem with Disconnect-Request is that all Access-Accept's
have to contain a State attribute.  That state has to be unique to the
server.  That state has to be maintained across server re-starts.  The
state has to be kept in conjunction with a bunch of other data.

  And that's not even getting into the reverse proxying nightmare.

  And that's not even getting into the fact that many NASes don't
support Disconnect-Request.

  For local use of Disconnect-Request, it's easiest to have the server
log information to an SQL table, and then query the SQL table for the
necessary data, and run radclient using it.  Sending the server a
Disconnect-Request is probably not that useful...

  Can I ask what you're trying to do with Disconnect-Request, and why
you're sending it to the server?

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: URGENT! Dialupadmin Could not connect to SQL database

Ok Peter,It's 10g.But why my test.php worked in cli mode, even without the sqlplus working?Another test, in oracle/functions.php3, I changed the $config[sql_username] for the real username. After doing that, I can see communications with the oracle server with tcpdump, but the pages appears blank...
So, it's not totally oracle's fault.Anyway, I'm desperate for fix this!HELP!On 8/31/06, Peter Nixon
[EMAIL PROTECTED] wrote:We made the changes to dialup_admin to make it work with oracle, however I am
afraid you are going to have to solve the problems with your Oracleinstallation yourself.The first thing you need to do is get sqlplus working, then PHP.For your info, we have it working fine with Oracle 10g. If you are running an
older version you are on your own :-)CheersPeterOn Thu 31 Aug 2006 17:16, Guilherme Franco wrote: Hello, Yes, I configured it with the option --with-oci8, and phpinfo() shows
oci8 support as enabled. This machine (dialupadmin server) is standalone (oracle in other server and radius in other). I'm trying to use sqlplus from the dialupadmin server but it gives me
either ORA-12546 TNS permission denied or ORA-12514 TNS listener does not currently know of service requested in connect descriptor. I've researched a lot about this problems but found nothing.
note: (I've read somewhere that oci does not work well with modules, just with static php links) Please help. Thank you very much. On 8/31/06, Peter Nixon
[EMAIL PROTECTED] wrote: On Thu 31 Aug 2006 16:17, Guilherme Franco wrote: URGENT! Hi,
I'm getting this error *Could not connect to SQL database. *in dialupadmin.(using OCI8 with ORACLE) * *Radiusd connects to Oracle without any problems, dialupadmin don't.
Does your PHP module have Oracle support? -- Peter Nixon http://www.peternixon.net/ PGP Key:
http://www.peternixon.net/public.asc- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html--Peter Nixonhttp://www.peternixon.net/PGP Key: http://www.peternixon.net/public.asc
-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Disconnect

2006-08-31 Thread Chris Knipe

You need to send it to your NAS, not FreeRadius.  Radius does not disconnect 
your clients, your NAS does... :)



Regards,
Chris.

- Original Message - 
From: Sean [EMAIL PROTECTED]

To: freeradius-users@lists.freeradius.org
Sent: Thursday, August 31, 2006 4:24 PM
Subject: Disconnect



Hi,

Does anyone know how to get disconnect to work with radclient? I can get
it to return status but when I try disconnect radiusd -X returns the
following:-

rad_recv: Disconnect-Request packet from host 127.0.0.1:57181, id=9,
length=29
Unknown packet code 40 from client swarm:57181 - ID 9 : IGNORED

Any help or hints would be much appreciated.

Thanks,

Sean

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ascend 16 Bit VSAs

2006-08-31 Thread Adam


Version: freeradius-1.1.3

I need to be able to send Ascend 16 bit VSAs to my NAS. The two that I 
need to be able to send are:  Ascend-LCP-Keepalive-Period and 
Ascend-LCP-Keepalive-Missed-Limit.


In my /etc/raddb/dictionary file I have place the following two lines:

ATTRIBUTE Ascend-LCP-Keepalive-Period   321 integer Ascend
ATTRIBUTE Ascend-LCP-Keepalive-Missed-Limit 322 integer Ascend

When I start Radius I get the following errors:
...
read_config_files:  reading dictionary
Errors reading dictionary: dict_init: /etc/raddb/dictionary[34]: 
dict_addattr: ATTRIBUTE has invalid number (larger than 255).


Is there support for 16 bit Ascend VSAs?  If so how do I enable and use 
them?


Thanks
Adam
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Ascend 16 Bit VSAs