RE: sqlippool
OK, but with authentication or accounting you can use something like: redundant { # Try db 1 sql_MYSQL_1 #try db 2 sql_MYSQL_2 } It seems like this is not possible with sql ippool. Am I right? Johan van de Laar -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Ivan Kalik Verzonden: donderdag 3 juli 2008 18:33 Aan: FreeRadius users mailing list Onderwerp: Re: sqlippool Yes. You will need to use database management to replicate them and keep them in sync. Ivan Kalik Kalik Informatika ISP Dana 3/7/2008, Laar, Johan van de [EMAIL PROTECTED] piše: Is it possible to use two sql instances (sql-instance-name) for the same IP pool? (with version 2.0.5) To achieve some redundancy when one of the databases crashes. Thank you in advance. Johan van de Laar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius with multiple ldap servers
Problem still persists. What do you mean by the {crypt} header. From RFC2256: 5.36. userPassword ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) Passwords are stored using an Octet String syntax and are not encrypted. Since you are intent on violating RFC you need to add a password header to indicate what type of encryption is used. rlm_ldap: waiting for bind result ... rlm_ldap: Bind failed with invalid credentials ++[ldap1] returns reject auth: Failed to validate the user. Without the header userPassword is treated as clear text (not crypted value) and that does't match. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlippool
Yes. Redundancy (high availability) will have to be built on the database side. You can't configure redundancy of sql instances inside sqlippool module definition. Ivan Kalik Kalik Informatika Dana 4/7/2008, Laar, Johan van de [EMAIL PROTECTED] piše: OK, but with authentication or accounting you can use something like: redundant { # Try db 1 sql_MYSQL_1 #try db 2 sql_MYSQL_2 } It seems like this is not possible with sql ippool. Am I right? Johan van de Laar -Oorspronkelijk bericht- Van: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Namens Ivan Kalik Verzonden: donderdag 3 juli 2008 18:33 Aan: FreeRadius users mailing list Onderwerp: Re: sqlippool Yes. You will need to use database management to replicate them and keep them in sync. Ivan Kalik Kalik Informatika ISP Dana 3/7/2008, Laar, Johan van de [EMAIL PROTECTED] piše: Is it possible to use two sql instances (sql-instance-name) for the same IP pool? (with version 2.0.5) To achieve some redundancy when one of the databases crashes. Thank you in advance. Johan van de Laar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR 2.0.5 MPPE problem - worked in 2.0.4
Hello, We are running Freeradius on some VPN servers using MPPE and PPTP. I have upgraded one server this afternoon from FR 2.0.4 to 2.0.5. We are now seeing the old (?!) error messages of MPPE not being available: == Jul 4 17:40:01 betty pppd[23739]: rcvd [CHAP Response id=0x37 20f649170924934c aea705692a8495615000d7a07dae438cc630dfe93a6f147c9a031d758b8cf2d300, name = jhorne] Jul 4 17:40:01 betty pppd[23739]: sent [CHAP Success id=0x37 S=2A085F4D0A91C6832D347AF4305ED84C2ACF32E0] Jul 4 17:40:01 betty pppd[23739]: MPPE required, but keys are not available. Possible plugin problem? Jul 4 17:40:01 betty pppd[23739]: sent [LCP TermReq id=0x2 MPPE required but not available] Jul 4 17:40:01 betty pppd[23739]: rcvd [CCP ConfReq id=0x4 mppe +H +M +S +L -D +C] == None of the configuration files were changed. Our 'users' file contains a DEFAULT entry of: DEFAULT Service-Type == Framed-User MS-MPPE-Encryption-Policy = 0x0002, MS-MPPE-Encryption-Types = 0x0006 When running FR 2.0.4 using 'radiusd -X' we can see the MPPE reply items present (and FR then passes them on to the PPP daemon): == Login OK: [jhorne/via Auth-Type = mschap] (from client localhost port 0 cli 141.163.60.7) Sending Access-Accept of id 141 to 127.0.0.1 port 32769 MS-CHAP2-Success = 0x9c533d43393244394538333244413042433745324241443135463241354437354233443034394544313230 Reply-Message = Yes MS-MPPE-Recv-Key = 0x0e7596f28778d7d71a7553aadfa57e92 MS-MPPE-Send-Key = 0x41496804da30ffb8550fa9437ee6ae5e MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0006 Finished request 0. == However, with FR 2.0.5 the MPPE reply items are missing: == Login OK: [jhorne] (from client localhost port 0 cli 141.163.60.7) Sending Access-Accept of id 144 to 127.0.0.1 port 32769 MS-CHAP2-Success = 0x37533d32413038354634443041393143363833324433343741463433303545443834433241434633324530 Reply-Message = Yes MS-MPPE-Recv-Key = 0x00fbe23240bfd5a27fa70a2e32b581b3 MS-MPPE-Send-Key = 0xff5da890119101d1c08693d65bc3fc5b Finished request 0. == As said, none of the configuration files have changed at all. It seems that FR 2.0.5 is dropping the reply items from the 'users' file after proxying, rather than passing them on. Has anyone else noticed this? I cannot really see anything relevant in the Changelog that would explain this. I'm a little stumped as to how to proceed with this (other than going back to 2.0.4), and it's late on a Friday afternoon so I'm going home to think :-) Thanks, John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PopToP VPN + FreeRadius
Find out in documentation if PopTop supports Session-Timeout radius attribute. Or simply send it and see if the user gets disconnected after set time. If it does then counters/sqlcounters will work. pppd (it's radius plugin) supports Session-Timeout (and Session-Octets-Limit) so if PopTop uses pppd to establish and authorize the ppp session (and I see no reason not to) .. it will support that. -- damjan | дамјан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address, it's a Jabber ID --^ :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with account multiplication in radacct
Hi again, I solved the last trouble with ippool.db using the sqlippool instead. But I got a new shining problem. :) Now, almost everything seems to be working fine. Almost, cause I have some account multiplication in the radacct table. Only a few users are doing that. And the multiplication doesn't stop while the users remain logged on. Only a few appear in table, I'm using an unique index with acctstarttime and nasipaddress. And the numbers of radacctid jump a lot (from 1400 to 4000, for example). I'm using also the set rad_alive 40 in ppp.conf and in the radiusd.conf, cleanup_delay 8 and max_request_time 50. All that with chap authentication. Select on one of the users who get the problem: +---+--+--++---+---++--- +-+-+--+-+---+---+-- +-+--+-+--++-++- ++---+--+ | radacctid | acctsessionid| acctuniqueid | username | groupname | realm | nasipaddress | naspor tid | nasporttype | acctstarttime | acctstoptime | acctsessiontime | acctauthentic | connectinfo_start | connectinfo_stop | acctinputoctets | acctoutputoctets | calledstationid | callingstationid | acctterminatecause | servicetype | framedprotocol | framedipaddress | acctstartdelay | acctstopdelay | xascendsessionsvrkey | +---+--+--++---+---++--- +-+-+--+-+---+---+-- +-+--+-+--++-++- ++---+--+ | 14419 | 37142-user212151719 | | user2 | | | XXX.XXX.XXX.252 | 688 | Ethernet| 2008-07-04 08:46:31 | NULL | 0 | | | | 0 |0 | | X | | Framed-User | PPP| XXX.XXX.XXX.182 | 0 | 0 | | | 14421 | 37142-user212151719 | | user2 | | | XXX.XXX.XXX.252 | 688 | Ethernet| 2008-07-04 08:46:34 | NULL | 40 | | | NULL | 31795 | 102873 | | X | | Framed-User | PPP| XXX.XXX.XXX.182 | 0 | NULL | | | 14424 | 37142-user212151719 | | user2 | | | XXX.XXX.XXX.252 | 688 | Ethernet| 2008-07-04 08:46:37 | NULL | 80 | | | NULL | 59226 | 215383 | | X | | Framed-User | PPP| XXX.XXX.XXX.182 | 0 | NULL | | +---+--+--++---+---++--- +-+-+--+-+---+---+-- +-+--+-+--++-++- ++---+--+ Radius log exact when the problem starts: 74242 Fri Jul 4 03:40:25 2008 : Info: Ready to process requests. 74243 Fri Jul 4 03:41:02 2008 : Info: Allocated IP: XXX.XXX.XXX.121 from valid (did cli 0 port 678 user x) 74244 Fri Jul 4 03:41:10 2008 : Info: Allocated IP: XXX.XXX.XXX.179 from valid (did cli 0 port 679 user x) 74245 Fri Jul 4 04:40:00 2008 : Info: Allocated IP: XXX.XXX.XXX.186 from valid (did cli 0 port 680 user x) 74246 Fri Jul 4 06:37:33 2008 : Info: Allocated IP: XXX.XXX.XXX.67 from valid (did cli 0 port 681 user x) 74247 Fri Jul 4 06:57:05 2008 : Info: Released IP XXX.XXX.XXX.67 (did cli 0 user x) 74248 Fri Jul 4 07:01:50 2008 : Info: Allocated IP: XXX.XXX.XXX.153 from valid (did cli 0 port 682 user x) 74249 Fri Jul 4 07:07:34 2008 : Info: Allocated IP: XXX.XXX.XXX.105 from valid (did cli 0 port 683 user x) 74250 Fri Jul 4 07:29:44 2008 : Info: Released IP XXX.XXX.XXX.186 (did cli 0 user x) 74251 Fri Jul 4 07:33:22 2008 : Info: Allocated IP: XXX.XXX.XXX.141 from valid (did cli 0 port 684 user x) 74252 Fri Jul 4 08:06:53 2008 : Info: Allocated IP: XXX.XXX.XXX.133 from valid (did cli 0 port 685 user x) 74253 Fri Jul 4 08:07:54 2008 :