Re: Freeradius users
Hi Adrian,Have you looked in the 'users' file in the raddb/ directory? There's some examples in there (user 'steve'). You can usually trim some stuff out of that account and use it as the base for your other users. I prefer to use MySQL to hold all the user and accounting information.Service-Type = Framed-User and Framed-Protocol = PPP are the important AV pairs for PPP users (along with Framed-IP-Address and Framed-IP-Netmask).Hope this helps you, if not, check the docs/ directory in the source, and also search for the .sql file which is the MySQL database structure I use for users and accounting. Regards,Nick LarsenOn 9/29/06, Adrian Acuna <[EMAIL PROTECTED]> wrote: Hello Everybody: In my new job they want to implement Radius for PPP connection. I have installed Freeradius-1.1.3. The instalation messages show that everything is OK. But I really don't know how create new users and test it. I need something like directions to create accounts and raise the connection. I have reviewed a lot of web pages but I found only PPP dial server information. I will appreciate your help and support! Adrian Acuna View this message in context: Freeradius users Sent from the FreeRadius - User mailing list archive at Nabble.com. -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards,Nick LarsenWellingtonNEW ZEALAND - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool problem: Failed to open file - Permission denied
Hello, It's been far too long a day, and I think I'm overlooking something ridiculously simple. I get this error when starting freeradius: rlm_ippool: Failed to open file /etc/raddb/ippool.512k_high: Permission denied radiusd.conf[142]: 512k_high: Module instantiation failed. I've tried making a file called ippool.512k_high, same error. Tried chmod 777'ing it, different error: rlm_ippool: Failed to open file /etc/raddb/ippool.512k_high: Success radiusd.conf[142]: 512k_high: Module instantiation failed. Also tried chmod radiusd ippool.512k_high and chgrp. If someone could give me a helpful tip as to how to get this thing working again, I'd appreciate it a lot. Thanks all, Jan Mulders - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SQL // Default user
Hello, I am trying to make freeradius behave so that it checks the database for the user, if the user doesnt exist it draws uses the username of something else, such as default in the sql table. How can I do this? Thank you, Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius users
Hello Everybody: In my new job they want to implement Radius for PPP connection. I have installed Freeradius-1.1.3. The instalation messages show that everything is OK. But I really don't know how create new users and test it. I need something like directions to create accounts and raise the connection. I have reviewed a lot of web pages but I found only PPP dial server information. I will appreciate your help and support! Adrian Acuna View this message in context: Freeradius users Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Deny user based on MAC-address
you can also use lines like: #at&t DEFAULT User-Name =~ "80-00-10([-:]([ 0-9a-fA-F][0-9a-fA-F])){3}", Auth-Type := Reject #ibm DEFAULT User-Name =~ "10-00([-:]([ 0-9a-fA-F][0-9a-fA-F])){4}", Auth-Type := Accept #misc DEFAULT User-Name =~ "^02-|^04-[eE0][aA0]|^[aA][aA]-", Auth-Type := Reject DEFAULT User-Name =~ "(0[0-9a-fA-F])([-:]?([ 0-9a-fA-F][0-9a-fA-F])){5}", Auth-Type := Accept Torkel Mathisen wrote: > > Hi, > > > > How can I deny a user from freeradius based on the MAC-address on the PC? > > > > I use users file only. > > > > Do I need MAC Authentication for that ? > > > > > > Regards, > > Torkel > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help with undocumented attributes
Hi, > Are there any specific files in the running install I can look at > which will provide clues what options need to be compiled in to the > upgrade. if you have the old source directory lying around you can easily view, eg config.log which will, in the 7th or so line, show you the options passed in the previous ./configure session. ie the options compiled in. squid has an option to view the options configured into it using its verbose version command..i dont *think* freeradius has that option. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: help with undocumented attributes
As I have inherited the system and am very new to radius, I have no idea which modules are currently installed. How can I determine? In reading over the configure/install docs, I so far see nothing about modules. Where can I get info on modules? -- Regards, Andrew Long > On Mon 02 Oct 2006 17:33, Andrew Long wrote: >> Hello Alan, >> >> OK, I'm starting out the upgrade by running through a compile on a >> test server with mysql 5.0.18-2.1. >> >> Are there any specific files in the running install I can look at >> which will provide clues what options need to be compiled in to the >> upgrade. > Depends entirely on which modules you are using. >> And, is a pure upgrade possible, without re-compiling? > What does this mean? pure upgrade?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem With Make
Hi List... I still have problem at the time to Make: this is the last's line: server:~/freeradius-1.1.3# make. -rpath /usr/local/lib rlm_perl.lo rlm_perl.c /root/freeradius-1.1.3/src/lib/libradius.la \`perl -MExtUtils::Embed -e ldopts` -lnsl -lresolv -lpthread *** Warning: Linking the shared library rlm_perl.la against the loadable module*** libradius.so is not portable! *** Warning: Linking the shared library rlm_perl.la against the*** static library /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a is not portable!gcc -shared .libs/rlm_perl.o -Wl,--rpath -Wl,/root/freeradius-1.1.3/src/lib/.libs -Wl,--rpath -Wl,/usr/local/lib /root/freeradius-1.1.3/src/lib/.libs/libradius.so -L/usr/local/lib /usr/lib/perl/5.8/auto/DynaLoader/DynaLoader.a -L/usr/lib/perl/5.8/CORE -lperl -ldl -lm -lc -lcrypt -lnsl -lresolv -lpthread -Wl,-E -Wl,-soname -Wl,rlm_perl-1.1.3.so -o .libs/rlm_perl-1.1.3.so/usr/bin/ld: cannot find -lperlcollect2: ld returned 1 exit statusmake[6]: *** [rlm_perl.la] Error 1make[6]: Leaving directory `/root/freeradius-1.1.3/src/modules/rlm_perl'make[5]: *** [common] Error 2make[5]: Leaving directory `/root/freeradius-1.1.3/src/modules'make[4]: *** [all] Error 2make[4]: Leaving directory `/root/freeradius-1.1.3/src/modules'make[3]: *** [common] Error 2make[3]: Leaving directory `/root/freeradius-1.1.3/src'make[2]: *** [all] Error 2make[2]: Leaving directory `/root/freeradius-1.1.3/src'make[1]: *** [common] Error 2make[1]: Leaving directory `/root/freeradius-1.1.3'make: *** [all] Error 2 What is the problem exacttly? Any idea? Thanx, Abel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: help with undocumented attributes
On Mon 02 Oct 2006 17:33, Andrew Long wrote: > Hello Alan, > > OK, I'm starting out the upgrade by running through a compile on a > test server with mysql 5.0.18-2.1. > > Are there any specific files in the running install I can look at > which will provide clues what options need to be compiled in to the > upgrade. Depends entirely on which modules you are using. > And, is a pure upgrade possible, without re-compiling? What does this mean? pure upgrade?? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgposjW5kzmwm.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: help with undocumented attributes
Hello Alan, OK, I'm starting out the upgrade by running through a compile on a test server with mysql 5.0.18-2.1. Are there any specific files in the running install I can look at which will provide clues what options need to be compiled in to the upgrade. And, is a pure upgrade possible, without re-compiling? -- Regards, Andrew Long Network Support Specialist EscapeWire Solutions, LLC 617 Dingens Street Buffalo, NY 14206 Office: (716) 893-4984 Mobile: (716) 830-5169 Fax: (716) 891-4288 Web: http://www.escapewire.com E-mail: [EMAIL PROTECTED] Friday, September 29, 2006, 4:58:38 PM, you wrote: > Andrew Long <[EMAIL PROTECTED]> wrote: >> I am working with an inherited system (freeradius 0.9.0 on RH). The >> system is running but as a new user/admin I am having trouble getting >> info on the actual setup. I do 'rpm -qv freeradius' and it returns >> freeradius is not installed, yet it IS. > Someone built it from source. > You *really* should upgrade. >> /usr/local/etc/raddb is populated, as is /usr/local/share/freeradius. >> How can I get info on the running version? > "man radiusd" says "radiusd -v" >> Also, I am having trouble finding info on attributes that do not seem >> to be documented which limit some of our user's sessions. Examples are >> 'Max-Acct-Age', 'Max-Daily-Session', and 'Check-Login-Day'. I need to >> get a better understanding of how this session management is done. > They're local to your configuration, which is why they aren't > documented. >> Good documentation on the web seems hard to come by. Any help most >> appreciated. > Try the wiki. > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: prevent roaming configuration question
isidoros wrote: James: I'm allmost there (now I'm thinking like this) 1) authorize_group_check_query: to check of the user is in a group 2) authorize_group_check_query: retrieve the check-items for this group (which is my solution) 3) authorize on the check-items. if the expression is like this "whether or not to authorize a request, such as User-Password == "mypassword", or Calling-Station-Id != "5554796". will all users in the same group authorize by the same password? I guess my question is: Is the group check additional to the user check. Yes, it is additional. Typically you wouldn't check User-Password in the group checks. radcheck is for user-specific checks (like User-Password). Cheers, -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: prevent roaming configuration question
James Wakefield wrote: James Wakefield wrote: isidoros wrote: Thanks James for your answer, I'm fairly new to freeradius I know the package only 14 days. (or radius in general for that matter) The group configuration is a mystery to me. It is unclear for me how this separates the users. This is how I think 1) G1 with users A,B,C 2) G2 with users X,Y,Z 3) At a request the configuration determines which group the user belongs to 4) And makes a query for the users A until Z to the same database 5) the auth_query only talks about the user. 6) This is the point where a fail to understand that the group config helps me. The query is made to the same database on behalf of the any user. Please spell it out to me where my thinking goes wrong. I would like the understand this group config thing better (if at all at this point in time). Actually, http://wiki.freeradius.org/Rlm_sql explains it much better than I just did. James, Don't do yourself short, your explaination is just what I needed. Everything is working OK. with the group config you suggested. many thanks for your support regards, Isidoros - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: My FreeRadius don't log anything
If you run in debug mode (-X) the server logs to the screen instead of the disk. Hi Peter, thank you for your answer. OK, I started radiusd in normal mode. It's a little better now, a .pid and a .log files appeared but the requests are not logged in a detail file even after several request either successful or unsuccessful : # find var -name "*" -print var var/run var/run/radiusd var/run/radiusd/radiusd.pid var/log var/log/radius var/log/radius/radacct var/log/radius/radius.log [EMAIL PROTECTED] ppp]# cat var/run/radiusd/radiusd.pid 9047 [EMAIL PROTECTED] ppp]# cat var/log/radius/radius.log Mon Oct 2 15:04:37 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Do you have an idea of what's wrong ? -- Didier Benza[EMAIL PROTECTED] Tel : +33 492 38 7167 / Fax : +33 492 38 7602 INRIA 2004, Route des Lucioles, BP 93, 06902 Sophia Antipolis Cedex AC INRIA : http://igc.national.inria.fr/Doc/General/CertAC.html#certif smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: prevent roaming configuration question
James Wakefield wrote: isidoros wrote: Thanks James for your answer, I'm fairly new to freeradius I know the package only 14 days. (or radius in general for that matter) The group configuration is a mystery to me. It is unclear for me how this separates the users. This is how I think 1) G1 with users A,B,C 2) G2 with users X,Y,Z 3) At a request the configuration determines which group the user belongs to 4) And makes a query for the users A until Z to the same database 5) the auth_query only talks about the user. 6) This is the point where a fail to understand that the group config helps me. The query is made to the same database on behalf of the any user. Please spell it out to me where my thinking goes wrong. I would like the understand this group config thing better (if at all at this point in time). Hi Isidoros, In sql.conf, authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "usergroup" groupcheck_table and usergroup_table are referred to here: authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id" This retrieves all the check items that apply to the group the user belongs to. The usergroup table maps users to groups, and radgroupcheck maps groups to check items. A check item, which will be a new term to you if you're a newbie, is an expression which is evaluated when deciding whether or not to authorize a request, such as User-Password == "mypassword", or Calling-Station-Id != "5554796". When rlm_sql is invoked to authorize a request, the user's check items in radcheck are evaluated. When the user is in a group, this might only be to check User-Password. Then, authorize_group_check_query is used to retrieve check items for the user's group, which are then evaluated. If all the applicable check items, from both radcheck and radgroupcheck, match, then the reply items - Attribute=Value pairs sent from freeradius to the NAS when it sends the Access-Accept message for an authorized request - are retrieved by querying radreply, for reply items specific to the user, and radgroupreply, for reply items specific to the user's group. Make any more sense? In the meanwhile: I have solved the problem with the below changes: in sql.conf replace this rule with: authorize_check_query = "SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' AND \ Location = (SELECT Location FROM nas WHERE nasname = '%{NAS-Identifier}') \ ORDER BY id" in mysql fill the nas table with your info: INSERT INTO nas (nasname, nasshortname, type, secret, Location) VALUES ('yournasname in chillspot', 'anyname' , 'other', 'shared secret', 'Location-number '. ); It works, but I have no idea if this is "best practice" or I'm seriously damaging the config. Best practice is to not change any code if you don't have to. By using groups, you don't have to change any code. I wouldn't say you've "seriously damaged" the config, but you may find that it doesn't behave in the future. I would recommend spending the time getting groups and group checks to work, then reverting any SQL queries you've altered back to their defaults. It'll be much less painful in the long run. Cheers, James: I'm allmost there (now I'm thinking like this) 1) authorize_group_check_query: to check of the user is in a group 2) authorize_group_check_query: retrieve the check-items for this group (which is my solution) 3) authorize on the check-items. if the expression is like this "whether or not to authorize a request, such as User-Password == "mypassword", or Calling-Station-Id != "5554796". will all users in the same group authorize by the same password? I guess my question is: Is the group check additional to the user check. regards, isidoros - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_perl behaviour
> This is fixed in CVS HEAD. Great. By the way, thanks for sharing rlm_perl with the community. It is fantastic and it has helped me immensely. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Daily accounting
Hi everyone, I have seen a lot of people who are trying to get traffic accounting collected at regular intervals to generate graphs and view per day/month etc... I have made a few modifications in order to achieve this. You can see it at http://www.netexpertise.eu/en/FreeRadius/DailyAcct.html It works on Mysql setup but can be adapted to any db. I'd be grateful to get some feedback on this. A lot of ISPs are running into this problem. Hope this helps Regards, David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: prevent roaming configuration question
James Wakefield wrote: isidoros wrote: Thanks James for your answer, I'm fairly new to freeradius I know the package only 14 days. (or radius in general for that matter) The group configuration is a mystery to me. It is unclear for me how this separates the users. This is how I think 1) G1 with users A,B,C 2) G2 with users X,Y,Z 3) At a request the configuration determines which group the user belongs to 4) And makes a query for the users A until Z to the same database 5) the auth_query only talks about the user. 6) This is the point where a fail to understand that the group config helps me. The query is made to the same database on behalf of the any user. Please spell it out to me where my thinking goes wrong. I would like the understand this group config thing better (if at all at this point in time). Actually, http://wiki.freeradius.org/Rlm_sql explains it much better than I just did. -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl behaviour
On Friday 29 September 2006 17:29, Garber, Neal wrote: > When I call a perl module via rlm_perl and don't undef %RAD_CHECK and > %RAD_REPLY before exiting, rlm_perl duplicates some attributes contained > within the hashes. For instance: > This is fixed in CVS HEAD. > > Also, the wiki for rlm_perl states that it passes configuration pairs in > %RAD_CONFIG. I don't believe this is true (the hash is empty and I > checked the source for 1.1.2, 1.1.3 and the latest snapshot and it > doesn't create that hash). Is this a feature that is "in the works" or > is the wiki incorrect? > It should be in to do list. -- Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql and nt password..
is there a good howto on using nt-passwords with freeradius and mysql as password backend ?? thx Collen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: prevent roaming configuration question
isidoros wrote: Thanks James for your answer, I'm fairly new to freeradius I know the package only 14 days. (or radius in general for that matter) The group configuration is a mystery to me. It is unclear for me how this separates the users. This is how I think 1) G1 with users A,B,C 2) G2 with users X,Y,Z 3) At a request the configuration determines which group the user belongs to 4) And makes a query for the users A until Z to the same database 5) the auth_query only talks about the user. 6) This is the point where a fail to understand that the group config helps me. The query is made to the same database on behalf of the any user. Please spell it out to me where my thinking goes wrong. I would like the understand this group config thing better (if at all at this point in time). Hi Isidoros, In sql.conf, authcheck_table = "radcheck" authreply_table = "radreply" groupcheck_table = "radgroupcheck" groupreply_table = "radgroupreply" usergroup_table = "usergroup" groupcheck_table and usergroup_table are referred to here: authorize_group_check_query = "SELECT ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username = '%{SQL-User-Name}' AND ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id" This retrieves all the check items that apply to the group the user belongs to. The usergroup table maps users to groups, and radgroupcheck maps groups to check items. A check item, which will be a new term to you if you're a newbie, is an expression which is evaluated when deciding whether or not to authorize a request, such as User-Password == "mypassword", or Calling-Station-Id != "5554796". When rlm_sql is invoked to authorize a request, the user's check items in radcheck are evaluated. When the user is in a group, this might only be to check User-Password. Then, authorize_group_check_query is used to retrieve check items for the user's group, which are then evaluated. If all the applicable check items, from both radcheck and radgroupcheck, match, then the reply items - Attribute=Value pairs sent from freeradius to the NAS when it sends the Access-Accept message for an authorized request - are retrieved by querying radreply, for reply items specific to the user, and radgroupreply, for reply items specific to the user's group. Make any more sense? In the meanwhile: I have solved the problem with the below changes: in sql.conf replace this rule with: authorize_check_query = "SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' AND \ Location = (SELECT Location FROM nas WHERE nasname = '%{NAS-Identifier}') \ ORDER BY id" in mysql fill the nas table with your info: INSERT INTO nas (nasname, nasshortname, type, secret, Location) VALUES ('yournasname in chillspot', 'anyname' , 'other', 'shared secret', 'Location-number '. ); It works, but I have no idea if this is "best practice" or I'm seriously damaging the config. Best practice is to not change any code if you don't have to. By using groups, you don't have to change any code. I wouldn't say you've "seriously damaged" the config, but you may find that it doesn't behave in the future. I would recommend spending the time getting groups and group checks to work, then reverting any SQL queries you've altered back to their defaults. It'll be much less painful in the long run. Cheers, -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: prevent roaming configuration question
James Wakefield wrote: isidoros wrote: Goal: users X,Y,Z should only be authenticated on NAS1 and not on NAS2 or any other nas users A,B,C should only be authenticated on NAS2 and not on NAS1 or any other nas etc G'day, You'll probably want users X,Y,Z mapped to one group (let's say, G1), and A,B,C mapped to another (let's say, G2) in your usergroup table. You can then use NAS-IP-Address as a check item in radgroupcheck to authorize only G1 from NAS1's IP address, and authorize only G2 from NAS2's IP address. You shouldn't have to touch any of the SQL queries in sql.conf. http://wiki.freeradius.org/Rlm_sql should provide the info you need to do the above. Cheers, Thanks James for your answer, I'm fairly new to freeradius I know the package only 14 days. (or radius in general for that matter) The group configuration is a mystery to me. It is unclear for me how this separates the users. This is how I think 1) G1 with users A,B,C 2) G2 with users X,Y,Z 3) At a request the configuration determines which group the user belongs to 4) And makes a query for the users A until Z to the same database 5) the auth_query only talks about the user. 6) This is the point where a fail to understand that the group config helps me. The query is made to the same database on behalf of the any user. Please spell it out to me where my thinking goes wrong. I would like the understand this group config thing better (if at all at this point in time). In the meanwhile: I have solved the problem with the below changes: in sql.conf replace this rule with: authorize_check_query = "SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' AND \ Location = (SELECT Location FROM nas WHERE nasname = '%{NAS-Identifier}') \ ORDER BY id" in mysql fill the nas table with your info: INSERT INTO nas (nasname, nasshortname, type, secret, Location) VALUES ('yournasname in chillspot', 'anyname' , 'other', 'shared secret', 'Location-number '. ); It works, but I have no idea if this is "best practice" or I'm seriously damaging the config. regards, isidoros - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html