RE: Assign IP based on CallingStationID.
I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7254733 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assign IP based on CallingStationID.
Hi Banga We have a large system in production that does almost exactly what you state. It can all be done with a few modifications of the sql queries. (Infact we have a rather complex postgresql stored procedure, but one simpler query is possible depending on what you need). If you wish to assign dynamic ips, but bound to callingstationid, not username this is also possible with sqlippool.. Read the comments in the config file in cvs. Cheers Peter On Thu 09 Nov 2006 11:10, banga wrote: I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html #a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpInTxeufq3c.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
Title: RE: Assign IP based on CallingStationID.
Here is the query that I put into sql.conf
Maybe use it and build on it for your
specific example ??
authorize_check_query = select id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE UserName in
(select UserName from ${authcheck_table} WHERE Value = '%{Calling-Station-ID}')
ORDER BY id
John
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of banga
Sent: 08 November 2006 15:14
To: freeradius-users@lists.freeradius.org
Subject: Assign IP based on CallingStationID.
I use dafault table-layout.
How I understand you just change username authentication to callingstationid
authentication inside sql.conf. Thx, it’s really good idea. I think that I
could do the same by myself, but it will take a time.
Therefore any examples will be very useful. Can you post it here?
If It’s too big you can send it to me - “nebula-at-inbox-lv”.
From other side, I need username/password authentication also (for other
users) therefore it will be difficult to implement this ( may be I’ll
install another freeradius specially for that).
In my situation radius for some users check username/password, for other
users it should do the next:
check username/password/callingstationid (in fact username and password
always the same)
if callingstationid has specific value (can be dosen specifc
callingstationid_s) then replay accept and some specific IP for each
specific callingstationid or just assign ip from radius pool.
if callingstationid is not in the list of “specific callingstationid” then
just replay accept and NAS will assign ip from equipment’s IP pool
Main Idea: For now most users has the same username and password and it is
not possible to change anything in that. Some callingstationid is not
friendly for my network (they should have only http traffic). That’s why I
want to assign them IP from specific pool – I going to setup firewall rules
for a such IPs.
Any idea ?
John Longland wrote:
Yes, I have just done it.
You need to change the sql-statement in /etc/raddb/sql.conf
That is the
autorize_check_query.Depending on how you use your tables, the query
that I am using may or may not work. If you want I can give you the
one that works for me if you supply your table-layout.
JOhn
P.S The statement I use does NOT check username/password !!!
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of banga
Sent: 08 November 2006 11:37
To: freeradius-users@lists.freeradius.org
Subject: Assign IP based on CallingStationID.
Hello all.
I use freeradius ver. 1.1.1 + mysql.
I use same login/password for couple of users but they has different
callingstationid.
Is it possible to check callingstationid and asiighn IP based on it?
Do I need to create some additional tables in mysql for that?
Thx.
--
View this message in context:
http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7
235317
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7238235
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: howto get/send the fullname of an user
Ariel VIVES wrote: Hello the list, I'm starting with freeradius. Authentication works fine ! But the informations I get is only the username (le login name in /etc/passwd). How do I get the Fullname ? Or others informations (like mail, home directory, ...) Is it possible ? is it a configuration of the server or a request from the client ? thanks for your help Hi Ariel, Can you give us a bit more information about how you're using freeradius? From your description, it looks vaguely like you're using pam_radius to authenticate logins against a freeradius server - is that it? -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: howto get/send the fullname of an user
James Wakefield wrote: Ariel VIVES wrote: Hello the list, I'm starting with freeradius. Authentication works fine ! But the informations I get is only the username (le login name in /etc/passwd). How do I get the Fullname ? Or others informations (like mail, home directory, ...) Is it possible ? is it a configuration of the server or a request from the client ? thanks for your help Hi Ariel, Can you give us a bit more information about how you're using freeradius? From your description, it looks vaguely like you're using pam_radius to authenticate logins against a freeradius server - is that it? Hi, in fact, the authentication is done with the file /etc/shadow (NIS users but doesn't matter I think) my requests are done with a web interface (php = php-radius) to authenticate users (and this works well). Hope it's enough ... -- Ariel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
John , I see the way now.
Thx, for help. I’m going to install test radius in nearest future.
I’ll try to check this query there.
John Longland wrote:
Here is the query that I put into sql.conf
Maybe use it and build on it for your
specific example ??
authorize_check_query = select id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE UserName in
(select UserName from ${authcheck_table} WHERE Value =
'%{Calling-Station-ID}')
ORDER BY id
John
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org]On Behalf Of banga
Sent: 08 November 2006 15:14
To: freeradius-users@lists.freeradius.org
Subject: Assign IP based on CallingStationID.
I use dafault table-layout.
How I understand you just change username authentication to
callingstationid
authentication inside sql.conf. Thx, it’s really good idea. I think that I
could do the same by myself, but it will take a time.
Therefore any examples will be very useful. Can you post it here?
If It’s too big you can send it to me - “nebula-at-inbox-lv”.
From other side, I need username/password authentication also (for other
users) therefore it will be difficult to implement this ( may be I’ll
install another freeradius specially for that).
In my situation radius for some users check username/password, for other
users it should do the next:
check username/password/callingstationid (in fact username and password
always the same)
if callingstationid has specific value (can be dosen specifc
callingstationid_s) then replay accept and some specific IP for each
specific callingstationid or just assign ip from radius pool.
if callingstationid is not in the list of “specific callingstationid”
then
just replay accept and NAS will assign ip from equipment’s IP pool
Main Idea: For now most users has the same username and password and it is
not possible to change anything in that. Some callingstationid is not
friendly for my network (they should have only http traffic). That’s why I
want to assign them IP from specific pool – I going to setup firewall
rules
for a such IPs.
Any idea ?
John Longland wrote:
Yes, I have just done it.
You need to change the sql-statement in /etc/raddb/sql.conf
That is the
autorize_check_query.Depending on how you use your tables, the query
that I am using may or may not work. If you want I can give you the
one that works for me if you supply your table-layout.
JOhn
P.S The statement I use does NOT check username/password !!!
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
org]On Behalf Of banga
Sent: 08 November 2006 11:37
To: freeradius-users@lists.freeradius.org
Subject: Assign IP based on CallingStationID.
Hello all.
I use freeradius ver. 1.1.1 + mysql.
I use same login/password for couple of users but they has different
callingstationid.
Is it possible to check callingstationid and asiighn IP based on it?
Do I need to create some additional tables in mysql for that?
Thx.
--
View this message in context:
http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7
235317
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7
238235
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
View this message in context:
http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7257034
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assign IP based on CallingStationID.
Thx Peter, I will try to install 1.1.3 to check sqlippool functions. Peter Nixonn wrote: Hi Banga We have a large system in production that does almost exactly what you state. It can all be done with a few modifications of the sql queries. (Infact we have a rather complex postgresql stored procedure, but one simpler query is possible depending on what you need). If you wish to assign dynamic ips, but bound to callingstationid, not username this is also possible with sqlippool.. Read the comments in the config file in cvs. Cheers Peter On Thu 09 Nov 2006 11:10, banga wrote: I use dafault table-layout. How I understand you just change username authentication to callingstationid authentication inside sql.conf. Thx, it’s really good idea. I think that I could do the same by myself, but it will take a time. Therefore any examples will be very useful. Can you post it here? If It’s too big you can send it to me - “nebula-at-inbox-lv”. From other side, I need username/password authentication also (for other users) therefore it will be difficult to implement this ( may be I’ll install another freeradius specially for that). In my situation radius for some users check username/password, for other users it should do the next: check username/password/callingstationid (in fact username and password always the same) if callingstationid has specific value (can be dosen specifc callingstationid_s) then replay accept and some specific IP for each specific callingstationid or just assign ip from radius pool. if callingstationid is not in the list of “specific callingstationid” then just replay accept and NAS will assign ip from equipment’s IP pool Main Idea: For now most users has the same username and password and it is not possible to change anything in that. Some callingstationid is not friendly for my network (they should have only http traffic). That’s why I want to assign them IP from specific pool – I going to setup firewall rules for a such IPs. Any idea ? John Longland wrote: Yes, I have just done it. You need to change the sql-statement in /etc/raddb/sql.conf That is the autorize_check_query.Depending on how you use your tables, the query that I am using may or may not work. If you want I can give you the one that works for me if you supply your table-layout. JOhn P.S The statement I use does NOT check username/password !!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] org]On Behalf Of banga Sent: 08 November 2006 11:37 To: freeradius-users@lists.freeradius.org Subject: Assign IP based on CallingStationID. Hello all. I use freeradius ver. 1.1.1 + mysql. I use same login/password for couple of users but they has different callingstationid. Is it possible to check callingstationid and asiighn IP based on it? Do I need to create some additional tables in mysql for that? Thx. -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html #a7 235317 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- View this message in context: http://www.nabble.com/Assign-IP-based-on-CallingStationID.-tf2594146.html#a7257093 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: howto get/send the fullname of an user
Ariel VIVES wrote: James Wakefield wrote: Ariel VIVES wrote: Hello the list, I'm starting with freeradius. Authentication works fine ! But the informations I get is only the username (le login name in /etc/passwd). How do I get the Fullname ? Or others informations (like mail, home directory, ...) Is it possible ? is it a configuration of the server or a request from the client ? thanks for your help Hi Ariel, Can you give us a bit more information about how you're using freeradius? From your description, it looks vaguely like you're using pam_radius to authenticate logins against a freeradius server - is that it? Hi, in fact, the authentication is done with the file /etc/shadow (NIS users but doesn't matter I think) my requests are done with a web interface (php = php-radius) to authenticate users (and this works well). Hope it's enough ... You're trying to use radius for something it's not really intended for. You'd be better off querying that information from a real directory service, like LDAP, or NIS, if you want it quicker and nastier. -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: howto get/send the fullname of an user
James Wakefield wrote: Ariel VIVES wrote: James Wakefield wrote: Ariel VIVES wrote: Hello the list, I'm starting with freeradius. Authentication works fine ! But the informations I get is only the username (le login name in /etc/passwd). How do I get the Fullname ? Or others informations (like mail, home directory, ...) Is it possible ? is it a configuration of the server or a request from the client ? thanks for your help Hi Ariel, Can you give us a bit more information about how you're using freeradius? From your description, it looks vaguely like you're using pam_radius to authenticate logins against a freeradius server - is that it? Hi, in fact, the authentication is done with the file /etc/shadow (NIS users but doesn't matter I think) my requests are done with a web interface (php = php-radius) to authenticate users (and this works well). Hope it's enough ... You're trying to use radius for something it's not really intended for. You'd be better off querying that information from a real directory service, like LDAP, or NIS, if you want it quicker and nastier. Yes, and my accounts are under NIS. But i want to authenticate my users using freeradius. and it works... so it isn't possible to get additional informations with freeradius by using a shell script or with adding specific attribute ? -- Ariel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assign IP based on CallingStationID.
Hmm i tried this, but it ain't working.. ?!
i have:
id - 1
username - blah
attribute- Calling-Stattion-Id
op- ==
value - [mac adress]
still get username ask ?!
no connection.
dunno, what's the idea behinf this query ?
mac = username ?
no username, auth is done true mac ?
Cheers
Collen
John Longland wrote:
authorize_check_query = select id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE UserName in
(select UserName from ${authcheck_table} WHERE Value =
'%{Calling-Station-ID}')
ORDER BY id
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[5]: limiting sessions
Andrew Long [EMAIL PROTECTED] wrote: I tried Session-Timeout but it doesn't seem to do the job. So... is it being sent back to the NAS? If it is, then the NAS is ignoring it. Go ask your NAS manufacturer for a refund, or for a firmware upgrade that implements RADIUS. Alan DeKok. How would you suggest I verify the session-timeout is actually being sent/received? Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[5]: limiting sessions
radiusd -X in the debug mode you can see attributes that are being send back to you NAS. If you want to see what comes to NAS - please consult the documentation of your NAS ! Regards, E:S -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Andrew Long Sent: Donnerstag, 09. November 2006 14:51 To: Alan DeKok; FreeRadius users mailing list Subject: Re[5]: limiting sessions Andrew Long [EMAIL PROTECTED] wrote: I tried Session-Timeout but it doesn't seem to do the job. So... is it being sent back to the NAS? If it is, then the NAS is ignoring it. Go ask your NAS manufacturer for a refund, or for a firmware upgrade that implements RADIUS. Alan DeKok. How would you suggest I verify the session-timeout is actually being sent/received? Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Assign IP based on CallingStationID.
Title: RE: Assign IP based on CallingStationID.
The idea is to do IP-assignment based on the
Calling-Station-ID and disregarding the
username,password that is passed to radius.
JOhn
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of Collen Blijenberg
Sent: 09 November 2006 15:40
To: FreeRadius users mailing list
Subject: Re: Assign IP based on CallingStationID.
Hmm i tried this, but it ain't working.. ?!
i have:
id - 1
username - blah
attribute - Calling-Stattion-Id
op - ==
value - [mac adress]
still get username ask ?!
no connection.
dunno, what's the idea behinf this query ?
mac = username ?
no username, auth is done true mac ?
Cheers
Collen
John Longland wrote:
authorize_check_query = select id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE UserName in
(select UserName from ${authcheck_table} WHERE Value =
'%{Calling-Station-ID}')
ORDER BY id
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[5]: limiting sessions
Andrew Long [EMAIL PROTECTED] wrote: How would you suggest I verify the session-timeout is actually being sent/received? tcpdump / wireshark? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: howto get/send the fullname of an user
Ariel VIVES [EMAIL PROTECTED] wrote: Yes, and my accounts are under NIS. But i want to authenticate my users using freeradius. and it works... so it isn't possible to get additional informations with freeradius by using a shell script or with adding specific attribute ? Does the NIS documentation say you can do that with RADIUS? No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: howto get/send the fullname of an user
Alan DeKok wrote: Ariel VIVES [EMAIL PROTECTED] wrote: Yes, and my accounts are under NIS. But i want to authenticate my users using freeradius. and it works... so it isn't possible to get additional informations with freeradius by using a shell script or with adding specific attribute ? Does the NIS documentation say you can do that with RADIUS? No. Does the NIS documentation say I can't do that with RADIUS ? No. Well, with NIS I can get informations like login but also full username or home directory. My question isn't about NIS but about freeradius. So I can't tell the freeradius server to get login but alos full username ? -- Ariel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[7]: limiting sessions
Andrew Long [EMAIL PROTECTED] wrote: I tried Session-Timeout but it doesn't seem to do the job. So... is it being sent back to the NAS? If it is, then the NAS is ignoring it. Go ask your NAS manufacturer for a refund, or for a firmware upgrade that implements RADIUS. Alan DeKok. How would you suggest I verify the session-timeout is actually being sent/received? Andrew radiusd -X in the debug mode you can see attributes that are being send back to you NAS. If you want to see what comes to NAS - please consult the documentation of your NAS ! Regards, E:S Here is the output from radiusd -X regarding the answer to an auth-request from one of the properties where I changed session-timeout to 1800. It does not look to me like the session-timeout attribute is being sent... any suggestions? = sample 1 (main street) == rad_recv: Access-Request packet from host 141.149.128.xx:1024, id=88, length=191 Acct-Session-Id = 54a4b76f NAS-Port = 3 NAS-Port-Type = Wireless-802.11 User-Name = 4aroma70370 Calling-Station-Id = 00-14-A5-71-1A-61 Called-Station-Id = 00-03-52-02-8C-F9 Framed-IP-Address = 192.168.110.101 CHAP-Password = [removed] CHAP-Challenge = [removed] NAS-Identifier = R035-00371 NAS-IP-Address = 141.149.128.58 Framed-MTU = 1496 Connect-Info = HTTPS Service-Type = Framed-User Message-Authenticator = 0xacd61ed325c0d7c91980dbf8bcf6ccdd modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 1 modcall[authorize]: module eap returns noop for request 1 rlm_realm: No '@' in User-Name = 4aroma70370, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 1 users: Matched DEFAULT at 177 modcall[authorize]: module files returns ok for request 1 modcall[authorize]: module mschap returns noop for request 1 radius_xlat: '4aroma70370' rlm_sql (sql): sql_set_user escaped user -- '4aroma70370' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '4aroma70370' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '4aroma70370' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '4aroma70370' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '4aroma70370' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns ok for request 1 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop for request 1 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module dailycounter returns noop for request 1 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module monthlycounter returns noop for request 1 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module daypasscounter returns noop for request 1 modcall: group authorize returns ok for request 1 rad_check_password: Found Auth-Type CHAP auth: type CHAP modcall: entering group Auth-Type for request 1 rlm_chap: login attempt by 4aroma70370 with CHAP password rlm_chap: Using clear text password [removed] for user 4aroma70370 authentication. rlm_chap: chap user 4aroma70370 authenticated succesfully modcall[authenticate]: module chap returns ok for request 1 modcall: group Auth-Type returns ok for request 1 Sending Access-Accept of id 88 to 141.149.128.xx:1024 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Finished request 1 Going to the next request = end === Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: limiting sessions
On Thursday 09 November 2006 11:00, Andrew Long wrote: Here is the output from radiusd -X regarding the answer to an auth-request from one of the properties where I changed session-timeout to 1800. It does not look to me like the session-timeout attribute is being sent... any suggestions? Where are you setting Session-Timeout? If it is being added by an sql entry, run the queries shown in your debug output to verify the rows returned from the database are correct. What are the check and reply items for the section that contains the Session-Timeout attribute? Are they matching attributes in the Access-Request packet you sent? Kevin Bonner pgp2Wjcu4U6Qm.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: limiting sessions
On Thursday 09 November 2006 11:00, Andrew Long wrote: Here is the output from radiusd -X regarding the answer to an auth-request from one of the properties where I changed session-timeout to 1800. It does not look to me like the session-timeout attribute is being sent... any suggestions? Where are you setting Session-Timeout? If it is being added by an sql entry, run the queries shown in your debug output to verify the rows returned from the database are correct. What are the check and reply items for the section that contains the Session-Timeout attribute? Are they matching attributes in the Access-Request packet you sent? Kevin Bonner I grabbed the response from radius to an auth-request from aroma and it does not appear to include the session timeout attr-value pair, but it did authorize. So, I ran the query that the module ran (grabbed from the -x output) SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '4aroma70370' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id and found that it came up with a null set for that user when run against radgroupreply,usergroup (session-timout is in radgroupreply). Next, I looked in usergroup with SELECT `usergroup`.`UserName`, `usergroup`.`creationdate`, `usergroup`.`GroupName` from usergroup where username like '%aroma%' order by creationdate desc limit 1000; and found no pairs for recent aroma usernames and no entry for '4aroma70370'. also ran SELECT `usergroup`.`UserName`, `usergroup`.`creationdate`, `usergroup`.`GroupName` from usergroup where username = '4aroma70370'; and that also comes up null... Does it make sense that radius is not recognizing the usernames as belonging to the group 'aroma', thus not assigning the group-reply? This is my current thought on this, but I'm not sure why it would still authorize the request, unless it's not necessary that users be part of group. I am thinking that some usernames were created and added to the radcheck table but were overlooked in usergroup... -- Regards, Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Queries apear in Dialup_admin page
Hi, i have a strange problem in my freeradius with dialup_admin interface. When i choose the fields,statistics, user statistics, online users, radius clients .etc, the queries apear in Dialup_Admin page... very strange. Can anyone tell me what i´m i doing wrong. Sorry for my english. Thanks. Nuno Castanheira REFERTELECOM E-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Queries apear in Dialup_admin page
Nuno, check you admin.conf under dialup_admin install dir; i guess you have an sql_debug : true entry. regards Hernan Antolini [EMAIL PROTECTED] wrote on 11/09/2006 02:09:06 PM: Hi, i have a strange problem in my freeradius with dialup_admin interface. When i choose the fields, statistics, user statistics, online users, radius clients .etc, the queries apear in Dialup_Admin page... very strange. Can anyone tell me what i´m i doing wrong. Sorry for my english. Thanks. Nuno Castanheira REFERTELECOM E-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: howto get/send the fullname of an user
Ariel VIVES wrote: You're trying to use radius for something it's not really intended for. You'd be better off querying that information from a real directory service, like LDAP, or NIS, if you want it quicker and nastier. Yes, and my accounts are under NIS. But i want to authenticate my users using freeradius. and it works... so it isn't possible to get additional informations with freeradius by using a shell script or with adding specific attribute ? You can specify any attribute you like in the reply, and provided your client (the PHP app?) can access it, do whatever you want with it. If you have an IANA enterprise number you can do this: cat /usr/share/freeradius/dictionary.MyOrg EOF VENDOR MyOrg MyOrgNumber ATTRIBUTE MyOrgFullName 1 string MyOrg ATTRIBUTE MyOrgHomeDir2 string MyOrg EOF ...then in /etc/raddb/users: joe User-Password := joespass MyOrgFullName = Joe Bloggs, MyOrgHomeDir = /home/joe If you don't have an IANA number, you will need to search the dictionaries for existing attributes you can use - see for example dictionary.ntua Does this answer your question? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Queries apear in Dialup_admin page
Take a look at your conf/admin.conf file in the dialup_admin directory, and disable sql or ldap debug ( depends on what you are using ): ldap_debug: false sql_debug: false regards On Thu, 9 Nov 2006, CASTANHEIRA, Nuno Osvaldo wrote: Hi, i have a strange problem in my freeradius with dialup_admin interface. When i choose the fields, statistics, user statistics, online users, radius clients .etc, the queries apear in Dialup_Admin page... very strange. Can anyone tell me what i´m i doing wrong. Sorry for my english. Thanks. Nuno Castanheira REFERTELECOM E-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Queries apear in Dialup_admin page
Thank you very much .. it resolve the problem. De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Hernan AntoliniEnviada: quinta-feira, 9 de Novembro de 2006 17:31Para: FreeRadius users mailing listAssunto: Re: Queries apear in Dialup_admin page Nuno, check you admin.conf under dialup_admin install dir; i guess you have an "sql_debug : true" entry. regards Hernan Antolini[EMAIL PROTECTED] wrote on 11/09/2006 02:09:06 PM: Hi, i have a strange problem in my freeradius with dialup_admin interface. When i choose the fields, statistics, user statistics, online users, radius clients .etc, the queries apear in Dialup_Admin page... very strange. Can anyone tell me what i´m i doing wrong. Sorry for my english. Thanks. Nuno Castanheira REFERTELECOM E-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple LDAP (Not failover) lookup...
Thanks Alan.
I figured it out. It should be
ldap2 {
notfound = reject
}
as ldap2 is returning notfound status.
Thanks so much again.
--- Alan DeKok [EMAIL PROTECTED] wrote:
Eric Martell [EMAIL PROTECTED] wrote:
Thanks so much Neal. You got it 95% right. The
problem
is FreeRadius always authorize first (no matter
what
the order in radiusd.conf) and then authenticate.
Yes, that's how the server works.
(This authorize should break the sequence and
return FAIL. I tried ldap2 { fail = return } but
no
help...still returns notfound )
See doc/configurable_failover. You may want:
...
ldap2 {
fail = reject
}
...
Technically it should authenticate and then
authorize
and send the group response (AND) of both.
Then... configure it to do that. The default
behavior is that a
notfound error is NOT fatal, because another
module or database may
find the user.
Alan DeKok.
--
http://deployingradius.com - The web site of
the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Cheap talk?
Check out Yahoo! Messenger's low PC-to-Phone call rates.
http://voice.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: limiting sessions
* Try to respond just to the list and not me personally. I don't enjoy wading through duplicate messages. Thanks! On Thursday 09 November 2006 11:34, Andrew Long wrote: also ran SELECT `usergroup`.`UserName`, `usergroup`.`creationdate`, `usergroup`.`GroupName` from usergroup where username = '4aroma70370'; and that also comes up null... Does it make sense that radius is not recognizing the usernames as belonging to the group 'aroma', thus not assigning the group-reply? Yes, because the radius server does what you configure it to do. You should have control over the usergroup table, so it shouldn't be difficult to add the missing records. If you're still stuck, try sending relevant output from all of your sql tables. The actual row data should be good enough, unless you've mangled the table structure to suit local needs. This is my current thought on this, but I'm not sure why it would still authorize the request, unless it's not necessary that users be part of group. It isn't necessary. The cleartext password needed for CHAP was provided by a module (users, sql, ??), so the access request was accepted. Kevin Bonner pgp5lBMh78e4T.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: howto get/send the fullname of an user
Ariel VIVES wrote: Alan DeKok wrote: Ariel VIVES [EMAIL PROTECTED] wrote: Yes, and my accounts are under NIS. But i want to authenticate my users using freeradius. and it works... so it isn't possible to get additional informations with freeradius by using a shell script or with adding specific attribute ? Does the NIS documentation say you can do that with RADIUS? No. Does the NIS documentation say I can't do that with RADIUS ? No. Well, with NIS I can get informations like login but also full username or home directory. My question isn't about NIS but about freeradius. So I can't tell the freeradius server to get login but alos full username ? Short of writing your own module to retrieve the data to send with Access-Accept, and adding attributes to the dictionary, no. RADIUS is a AAA protocol. Being a directory service is beyond its scope. PHP's NIS/YP functions are pretty easy to use, you'd be better off using those. -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server logs say users authenticate, but they don't (Now with more details!)
Here's the output from `freeradius -X` for one attempted user login: rad_recv: Access-Request packet from host AS5300:1645, id=32, length=88 NAS-IP-Address = AS5300 NAS-Port = 47 NAS-Port-Type = Async User-Name = Pheilmann Called-Station-Id = 6811527 User-Password = XXX Service-Type = Framed-User Framed-Protocol = PPP Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 radius_xlat: 'Pheilmann' rlm_sql (sql): sql_set_user escaped user -- 'Pheilmann' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'Pheilmann' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'Pheilmann' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Pheilmann' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' rlm_sql_mysql: query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'Pheilmann' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'Pheilmann' ORDER BY id' rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'Pheilmann' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Pheilmann' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql_mysql: query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'Pheilmann' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [Pheilmann/XXX] (from client dialup port 47) Sending Access-Accept of id 32 to AS5300:1645 Finished request 0 Going to the next request It looks to me that it's only sending Access-Accept back to the AS5300. I would expect that's what it's supposed to do. G'day Ernie, What value are you sending for Service-Type? Best way to check is radiusd -X, and watch for the Access-Accept that freeradius sends, in case your authorization config isn't quite right. Cheers, James. Ernie Dunbar wrote: Okay, after doing these tests, we can see that the Cisco is now accepting the packets. However, the AS5300 is now telling us no appropriate authorization type for user. Here's the logs from the AS5300 (XX.XX.XX.X is the new server, XX.XX.XX.Y is the backup that was offline for the duration of the test): *Jan 3 16:30:43: RADIUS: Trying next server (XX.XX.XX.X) for id 20 *Jan 3 16:30:43: RADIUS: Retransmit id 20 *Jan 3 16:30:43: RADIUS: Received from id 20 XX.XX.XX.X:1812, Access-Accept, len 20 *Jan 3 16:30:43: RADIUS: saved authorization data for user 616D09DC at 614184A4 *Jan 3 16:30:43: RADIUS: no appropriate authorization type for user. *Jan 3 16:30:43: RADIUS: ustruct sharecount=1 *Jan 3 16:30:43: RADIUS: Initial Transmit Async56 id 21 XX.XX.XX.Y:1645, Access-Request, len 88 *Jan 3 16:30:43: Attribute 4 6 CCF4E9FE *Jan 3 16:30:43: Attribute 5 6 0038 *Jan 3 16:30:43: Attribute 61 6 *Jan 3 16:30:43: Attribute 1 11 72737461 *Jan 3 16:30:43: Attribute 30 9 36383131 *Jan 3 16:30:43: Attribute 2 18 A3B5B2A0 *Jan 3 16:30:43: Attribute 6 6 0002 *Jan 3 16:30:43: Attribute 7 6 0001 *Jan 3 16:30:44: %ISDN-6-DISCONNECT: Interface Serial2:5 disconnected from unknown , call lasted 53 seconds *Jan 3 16:30:44: isdn_Call_disconnect() Hi Ernie, * Run radiusd -X and check that Access-Accept is being sent, and how long after the Access-Request this is. * Verify with tcpdump that the packet is actually getting onto the wire. * Check for iptables rules/access-lists that might be dropping/rejecting the packets. * Make sure your AS5300 and freeradius are configured to use the same port numbers. freeradius shouldn't be seeing the Access-Request if not, but it might be worth a look. Ernie Dunbar wrote: G'day Ernie, Can you sniff on the AS5300 and ensure the Access-Accept packets are arriving before the 3 second (default) timeout? Yes, we tried that. The
Re: howto get/send the fullname of an user
Ariel VIVES [EMAIL PROTECTED] wrote: Does the NIS documentation say I can't do that with RADIUS ? No. Now you're being ridiculous. The NIS documentation doesn't say you can't use NIS to make wine, either. That doesn't mean it *does* make wine. If the NIS documentation doesn't tell you *how* to do this with RADIUS, it likely means you *can't* do it with RADIUS. Don't get mad at me... that's how computers work. My question isn't about NIS but about freeradius. I understand. I'm telling you your questions are based on false assumptions. So I can't tell the freeradius server to get login but alos full username ? You can tell FreeRADIUS to do almost anything you want. But if the RADIUS client doesn't support the functionality you need, it doesn't matter that FreeRADIUS is sending things like full username. The NAS won't know what to do with it, and will ignore it. Don't get mad at me, this is how RADIUS works. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: limiting sessions
On Thursday 09 November 2006 11:34, Andrew Long wrote:
also ran
SELECT
`usergroup`.`UserName`,
`usergroup`.`creationdate`,
`usergroup`.`GroupName`
from usergroup
where username = '4aroma70370';
and that also comes up null...
Does it make sense that radius is not recognizing the usernames as
belonging to the group 'aroma', thus not assigning the group-reply?
Yes, because the radius server does what you configure it to do. You should
have control over the usergroup table, so it shouldn't be difficult to add
the missing records.
If you're still stuck, try sending relevant output from all of your sql
tables. The actual row data should be good enough, unless you've mangled the
table structure to suit local needs.
This is my current thought on this, but I'm not sure why it would
still authorize the request, unless it's not necessary that users be
part of group.
It isn't necessary. The cleartext password needed for CHAP was provided by a
module (users, sql, ??), so the access request was accepted.
Kevin Bonner
I have verified that there are indeed username-password pairs in
radreply where those unsernames do not exist in 'usergroups'. Here is
what I propose and I'd like confirmation that my thinking is accurate
before I do it...
First, I grabbed all the usernames from radcheck for the given
property. Then I write a script to insert them into usergroup (with
other appropriate values), which I run after clearing the usergroup
table of all records where the group is the one I am interested in.
DELETE FROM radius.usergroup WHERE GroupName = 'aroma'
THEN...
INSERT INTO radius.usergroup (UserName, CreationDate, GroupName)
VALUES ('username0001', (CURRENT_DATE), 'aroma');
repeated for all 500 usernames...
I think this should work, as all the usernames in use are stored in
radcheck and I'm not touching that table at all. Worst case scenario,
users continue to authenticate without a session limit and I go back
to work...
DOES THIS SOUND RIGHT?
Andrew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Discarding new rquests and CPU eats 99.9%
Hi all, Were using 0.9.3 version on RedHat. I start radius in normal mode then it start to eat 99.9% of CPU and produce error messages : . Thu Nov 9 14:52:16 2006 : Error: Discarding new request from client turkcell:4166 - ID: 14 due to live request 26387 Thu Nov 9 14:52:16 2006 : Error: Discarding new request from client turkcell:4166 - ID: 55 due to live request 26386 . But, when i start in debug mode with X parameter, it doesnt eat 99.9% of CPU and runs normally. Any comment? Thanks in advance. Cihan. Omsan'in sundugu hizmetleri nasil degerlendiriyorsunuz? Görüsleriniz bizim için degerli. Aldiginiz hizmetin beklentilerinizi ve ihtiyaçlarinizi ne ölçüde karsiladigi konusunda benimle irtibata geçebilir veya [EMAIL PROTECTED], [EMAIL PROTECTED] veya [EMAIL PROTECTED] adreslerine e-mail gönderebilirsiniz. How do you evaluate the services of Omsan? Your opinions are valuable for us. You can contact me or send an e-mail to, [EMAIL PROTECTED], [EMAIL PROTECTED] or [EMAIL PROTECTED] to inform us about the extent to which the services provided fulfill your expectations and needs. Bu e-posta mesaji kisiye özel olup, gizli bilgiler içeriyor olabilir. Eger bu e-posta mesaji size yanlislikla ulasmissa, içerigini hiç bir sekilde kullanmayiniz ve ekli dosyalari açmayiniz. Bu durumda lütfen e-posta mesajini kullaniciya hemen geri gönderiniz ve tüm kopyalarini mesaj kutunuzdan siliniz. Bu e-posta mesaji, hiç bir sekilde, herhangi bir amaç için çogaltilamaz, yayinlanamaz ve para karsiligi satilamaz. Bu e-posta mesaji virüslere karsi anti-virüs sistemleri tarafindan taranmistir. Ancak yollayici, bu e-posta mesajinin - virüs koruma sistemleri ile kontrol ediliyor olsa bile - virüs içermedigini garanti etmez ve meydana gelebilecek zararlardan dogacak hiçbir sorumlulugu kabul etmez. This message is intended solely for the use of the individual or entity to whom it is addressed, and may contain confidential information. If you are not the intended recipient of this message or you receive this mail in error, you should refrain from making any use of the contents and from opening any attachment. In that case, please notify the sender immediately and return the message to the sender, then, delete and destroy all copies. This e-mail message, can not be copied, published or sold for any reason. This e-mail message has been swept by anti-virus systems for the presence of computer viruses. In doing so, however, sender cannot warrant that virus or other forms of data corruption may not be present and do not take any responsibility in any occurrence. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
