Insert billiplan code in radacct table during authenticaiton
Hi all, I am using freeradius for AAA of my cable users. Now what I want to do is, insert billiplan code 001 into radacct table during authentication so that I can view online users according to billingplan code. There will be Billingplan field in radcheck table and when users tries to login the script will check the radcheck table and update that billingplan code into radacct table. Is it possible with rlm_perl module? Thank you Bishal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hey Ivan
2008/10/24 <[EMAIL PROTECTED]>
> It (daily sqlcounter) does the same in 2.0.5:
>
> rlm_sqlcounter: Authorized user jagoda, check_item=1000, counter=2635
> rlm_sqlcounter: Sent Reply-Item for user jagoda, Type=Session-Timeout,
> value=10027850
>
> Returns value that is greater than the limit. I am using noreset
> sqlcounter and that one works fine.
Thanks for confirming this on a more up to date version.
Alan, this smells like a bug (unless we missed something along the way),
should I open up a bug ticket?
And what would be the chances it can be backported to 1.1.7?
Thanks,
Liran.
>
>
>
> Dana 24/10/2008, "liran tal" <[EMAIL PROTECTED]> piše:
>
> >Hey,
> >
> >2008/10/24 <[EMAIL PROTECTED]>
> >
> >> No, he wants a data not time counter.
> >
> >
> >That's right Evan. Moreover, there is no sense in changing the attribute
> to
> >be Session-Timeout when Chilli expects something else.
> >Any thoughts on this issue?
> >
> >
> >Thanks,
> >
> >
> >
> >Dana 24/10/2008, "mulianto" <[EMAIL PROTECTED]> piše:
> >
> >>
> >> >hi..i think you should fix this one :
> >> >
> >> >reply-name = ChilliSpot-Max-Total-Octets to :
> >> >reply-name = Session-Timeout
> >> >
> >> >try it..
> >> >rgds,
> >> >Mulianto
> >> >
> >> >http://www.indohotspot.net
> >> >Your Hotspot solution
> >> > -Original Message-
> >> > From: freeradius-users-bounces+mulianto=cni.co.id@
> lists.freeradius.org
> >>
> >[mailto:freeradius-users-bounces+mulianto
>
> >> [EMAIL PROTECTED]
> >> >Behalf Of liran tal
> >> > Sent: Friday, October 24, 2008 1:07 AM
> >> > To: FreeRadius users mailing list
> >> > Subject: sqlcounter returning wrong value?
> >> >
> >> >
> >> >
> >> > Hey,
> >> >
> >> > I'm experimenting with some sqlcounter directives in radiusd.conf and
> >> >chilli as the NAS.
> >> > I've defined the following sqlcounter stanza for a daily traffic
> limit:
> >> >
> >> > sqlcounter defined in radiusd.conf:
> >> > (the query was corrected as suggested by tnt on a previous thread on
> the
> >> >list, correct me if I got it wrong please)
> >> >
> >> > sqlcounter counterChilliSpotMaxDailyOctets {
> >> > counter-name = ChilliSpot-Max-Daily-Octets
> >> > check-name = ChilliSpot-Max-Daily-Octets
> >> > reply-name = ChilliSpot-Max-Total-Octets
> >> > sqlmod-inst = sql
> >> > key = User-Name
> >> > reset = daily
> >> > error-msg = "Sorry, your maximum traffic usage
> (download
> >> >and upload) has exceed the provided limit"
> >> > query = "SELECT (SUM(AcctInputOctets +
> >> AcctOutputOctets))
> >> >FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
> >> >AcctSessionTime > '%b'"
> >> > }
> >> >
> >> >
> >> >
> >> > In the authorization phase, I'm seeing the following in debug log:
> >> >rlm_sqlcounter: Entering module authorize code
> >> >sqlcounter_expand: 'SELECT
> >> (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
> >> >FROM radacct WHERE UserName='%{User-Name}''
> >> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
> >> FROM
> >> >radacct WHERE UserName='tester1''
> >> >sqlcounter_expand: '%{sql:SELECT
> >> >(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
> >> >UserName='tester1'}'
> >> >radius_xlat: Running registered xlat function of module sql for
> string
> >> >'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
> >> >UserName='tester1''
> >> >rlm_sql (sql): - sql_xlat
> >> >radius_xlat: 'tester1'
> >> >rlm_sql (sql): sql_set_user escaped user --> 'tester1'
> >> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
> >> FROM
> >> >radacct WHERE UserName='tester1''
> >> >rlm_sql (sql): Reserving sql socket id: 2
> >> >rlm_sql (sql): - sql_xlat finished
> >> >rlm_sql (sql): Released sql socket id: 2
> >> >radius_xlat: '24004370'
> >> >rlm_sqlcounter: (Check item - counter) is greater than zero
> >> >rlm_sqlcounter: Authorized user tester1, check_item=26214400,
> >> >counter=24004370
> >> >rlm_sqlcounter: Sent Reply-Item for user tester1,
> >> >Type=ChilliSpot-Max-Total-Octets, value=26239950
> >> > modcall[authorize]: module "counterChilliSpotMaxDailyOctets"
> returns
> >> >ok for request 0
> >> > The entry in radcheck is as follows:
> >> >
> >> >| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
> >> > What happens is that it seems the counter doesn't work as expected.
> When
> >> a
> >> >user logs in, performs some traffic usage, logs out and logs in again,
> >> > the replied back attribute for chilli doesn't contain a value which
> is
> >> the
> >> >remainder of the traffic usage, but something else.
> >> >
> >> > According to the radius debug above, if check_item=26214400 and
> >> >counter=24004370, how come value=26239950?
> >> > So I'm guessing I
RE: 1.Troubleshooting MySQL Connections , 2. troubleshooting possiblememory leak
Hi all, @Alan: yes, I do have indexes. I still have the following issue: Fri Oct 24 18:21:33 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:34 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:35 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:36 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:37 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:39 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:42 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:57 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:58 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:21:59 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:00 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:01 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:02 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:03 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:04 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:05 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tried to connect 0 Fri Oct 24 18:22:07 2008 : Info: rlm_sql (sql_accounting): There are no DB handles to use! skipped 0, tri While my server seems to be OK. last pid: 18091; load avg: 0.22, 0.21, 0.23; up 44+02:44:36 18:22:33 82 processes: 81 sleeping, 1 on cpu CPU states: 96.2% idle, 2.4% user, 1.4% kernel, 0.0% iowait, 0.0% swap Memory: 8192M phys mem, 5979M free mem, 518M total swap, 518M free swap PID USERNAME LWP PRI NICE SIZE RES STATETIMECPU COMMAND 26627 mysql 59 590 585M 572M sleep 499.5H 2.29% mysqld 12576 root 1 540 15M 12M sleep 437:52 0.57% perl 11522 root 26 590 33M 29M sleep0:27 0.32% radiusd 12574 root 1 590 14M 11M sleep 530:58 0.04% perl It handles about 100 Interim updates per second, but my client detects something about 1000 losses per day. Where exactly does the logfile message poit to? To me it says: I did not try and therefore I did not skip anything While the server is workung like this, I'm able to do randamly update about 600 additional sets/s, using the statemants from dialup.conf in a perl script I'm afraid to check more, because it is live traffic. So I'm not sure, if it must be the database. Can set up a more detailed debug on this section? '-X' literally stops my service... Even that the log entry is marked as 'info', I'd like to understand, what's going on. Thank You. Stefan > -Original Message- > From: > [EMAIL PROTECTED] > us.org > [mailto:[EMAIL PROTECTED] > freeradius.org] On Behalf Of Alan DeKok > Sent: Wednesday, September 24, 2008 11:47 AM > To: FreeRadius users mailing list > Subject: Re: 1.Troubleshooting MySQL Connections , 2. > troubleshooting possiblememory leak > > > Stefan A. wrote: > > in my radiusd.log, I can see lots of these errors: > > Wed Sep 24 09:40:54 2008 : Info: rlm_sql (sql_accounting): > There are no DB > > handles to use! skipped 0, tried to connect 0 > > Your database is probably slow. Do you have indexes? > > > FR is eating Memory and I do not know how to troubleshoot this. > > It takes about 1 MB/ Minute which was about 3.5 GB over > some Days, before we > > rcognized this. > > There were issues with older versions of the server, but > 2.1.0 should > be fine. > > > I configured the option to die a server after 500 packets, > but this does not > > help for me. > > Because it stops the *thread*, not the *server*. And all > threads use > the same shared memory file. > > > May I unconfigure radutmp? I think I do not need this. > > Delete all references to it from the configuration file. > > > Do I really need the sqltrace-file? How my I unconfigure > it? Just deleting > > the config line > > Yes. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tr : error when using radtest
Please i need your help for this error message i get when i want to use radtest
utility.
#radtest jerry cool 127.0.0.1:1812 0 testing123
Here are results i get:
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = "jery"
User-Password = "cool"
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = "jery"
User-Password = "cool"
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = "jery"
User-Password = "cool"
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = "jery"
User-Password = "cool"
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
radclient: no response from server for ID 197 socket 3
Here is the result of the command radiusd -X:
Starting - reading configuration files ...
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: Loading Realms and Home Servers
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "tls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "EsCuJePaII"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/usr/l
SMD5 format, for hash and salt?
I'm using FreeRADIUS v 2.1.1 on CentOS 5.2.
I have everything working well, where I'm reading the user file for
Cleartext and MD5 hashes.
Here are two examples from my user file:
bob Cleartext-Password := "testing123"
carol MD5-Password := "f30aa7a662c728b7407c54ae6bfd27d1"
(where carol's password is just hello123)
However, it appears the data I have access to is actually stored as
salted MD5 hashes.
An example of an SMD5 hash that doesn't work in my user file:
abe SMD5-Password := "37d0aa2d0d2b1f282eb2b393c9413998:rqZAS049NrEgN9bD"
(where the above is :=salted MD5 hash:salt)
I see the rlm_pap man page lists SMD5-Password as an attribute, but
I'm at a loss as to the correct format for the MD5 hash and its
associated salt. I've tried not just the colon above, but a semicolon,
dash, period, a space, or tacked the salt to the beginning or to the
end. I tried looking through the src, but couldn't figure it out.
The output from radiusd -X and radtest for user abe is:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 55280, id=91, length=55
User-Name = "abe"
User-Password = "hellojulie"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "abe", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry abe at line 3
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "hellojulie"
[pap] Using SMD5 encryption.
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> abe
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 91 to 127.0.0.1 port 55280
Waking up in 4.9 seconds.
And if anyone is curious, I was told this is how these particular SMD5
entries I was given were generated:
function mosMakePassword($length=8) {
$salt =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$makepass = '';
mt_srand(1000*(double)microtime());
for ($i = 0; $i < $length; $i++)
$makepass .= $salt[mt_rand(0,61)];
return $makepass;
}
list($hash, $salt) = explode(':', $row->password);
$cryptpass = md5($passwd.$salt);
if ($hash != $cryptpass) {
if ( $bypost ) {
mosErrorAlert(_LOGIN_INCORRECT);
} else {
$this->logout();
mosRedirect('index.php');
}
exit();
}
If anyone has any ideas or point out what I've completely
misunderstood, please let me know.
thanks,
Julie
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
undefined symbol: eaptls_session_idx
I built my own version of freeradius from the ubuntu package for 8.10.
The ubuntu version stamp on it is 2.1.0+dfsg-0ubuntu2 so I expect it is
freeradius 2.1.0 (and the source confirms this).
I modified the package scripts so that I can link the program to openssl
and get the eap modules. The program built without a hitch so I was a
bit shocked to find that I get a linking error when I start the server.
What can I do to fix this? Ubuntu 8.04, x86
My guess is recompile, but without knowing what I did wrong I will just
get a bad build again and again and again.
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "md5"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 2048
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
rlm_eap: Failed to link
EAP-Type/tls: /usr/lib/freeradius/rlm_eap_tls.so: undefined symbol:
eaptls_session_idx
/etc/freeradius/eap.conf[17]: Instantiation failed for module "eap"
/etc/freeradius/sites-enabled/inner-tunnel-ldap[223]: Failed to find
module "eap".
/etc/freeradius/sites-enabled/inner-tunnel-ldap[176]: Errors parsing
authenticate section.
}
}
Errors initializing modules
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: error when using radtest
>#radtest jerry cool 127.0.0.1:1812 0 testing123 > >Here are results i get: > > >Sending Access-Request of id 197 to 192.168.1.30 port 1812 >User-Name = "jery" >User-Password = "cool" >NAS-IP-Address = 127.0.1.1 >NAS-Port = 43459 Your system is broken. It's not resolving localhost to 127.0.0.1 but to 192.168.1.30. Fix it. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: error when using radtest
Hi, > Please i need your help for this error message i get when i want to use > radtest utility. > #radtest jerry cool 127.0.0.1:1812 0 testing123 which is mapped in /etc/hosts to some other addresses. you need to add 192.168.1.30 to your clients.conf - as 192.168.1.30 is the address you are appearing to the server as. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
It (daily sqlcounter) does the same in 2.0.5:
rlm_sqlcounter: Authorized user jagoda, check_item=1000, counter=2635
rlm_sqlcounter: Sent Reply-Item for user jagoda, Type=Session-Timeout,
value=10027850
Returns value that is greater than the limit. I am using noreset
sqlcounter and that one works fine.
Ivan Kalik
Kalik Informatika ISP
Dana 24/10/2008, "liran tal" <[EMAIL PROTECTED]> piše:
>Hey,
>
>2008/10/24 <[EMAIL PROTECTED]>
>
>> No, he wants a data not time counter.
>
>
>That's right Evan. Moreover, there is no sense in changing the attribute to
>be Session-Timeout when Chilli expects something else.
>Any thoughts on this issue?
>
>
>Thanks,
>
>
>
>Dana 24/10/2008, "mulianto" <[EMAIL PROTECTED]> piše:
>
>>
>> >hi..i think you should fix this one :
>> >
>> >reply-name = ChilliSpot-Max-Total-Octets to :
>> >reply-name = Session-Timeout
>> >
>> >try it..
>> >rgds,
>> >Mulianto
>> >
>> >http://www.indohotspot.net
>> >Your Hotspot solution
>> > -Original Message-
>> > From: [EMAIL PROTECTED]
>> >[mailto:freeradius-users-bounces+mulianto
>> [EMAIL PROTECTED]
>> >Behalf Of liran tal
>> > Sent: Friday, October 24, 2008 1:07 AM
>> > To: FreeRadius users mailing list
>> > Subject: sqlcounter returning wrong value?
>> >
>> >
>> >
>> > Hey,
>> >
>> > I'm experimenting with some sqlcounter directives in radiusd.conf and
>> >chilli as the NAS.
>> > I've defined the following sqlcounter stanza for a daily traffic limit:
>> >
>> > sqlcounter defined in radiusd.conf:
>> > (the query was corrected as suggested by tnt on a previous thread on the
>> >list, correct me if I got it wrong please)
>> >
>> > sqlcounter counterChilliSpotMaxDailyOctets {
>> > counter-name = ChilliSpot-Max-Daily-Octets
>> > check-name = ChilliSpot-Max-Daily-Octets
>> > reply-name = ChilliSpot-Max-Total-Octets
>> > sqlmod-inst = sql
>> > key = User-Name
>> > reset = daily
>> > error-msg = "Sorry, your maximum traffic usage (download
>> >and upload) has exceed the provided limit"
>> > query = "SELECT (SUM(AcctInputOctets +
>> AcctOutputOctets))
>> >FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
>> >AcctSessionTime > '%b'"
>> > }
>> >
>> >
>> >
>> > In the authorization phase, I'm seeing the following in debug log:
>> >rlm_sqlcounter: Entering module authorize code
>> >sqlcounter_expand: 'SELECT
>> (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
>> >FROM radacct WHERE UserName='%{User-Name}''
>> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
>> FROM
>> >radacct WHERE UserName='tester1''
>> >sqlcounter_expand: '%{sql:SELECT
>> >(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
>> >UserName='tester1'}'
>> >radius_xlat: Running registered xlat function of module sql for string
>> >'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
>> >UserName='tester1''
>> >rlm_sql (sql): - sql_xlat
>> >radius_xlat: 'tester1'
>> >rlm_sql (sql): sql_set_user escaped user --> 'tester1'
>> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
>> FROM
>> >radacct WHERE UserName='tester1''
>> >rlm_sql (sql): Reserving sql socket id: 2
>> >rlm_sql (sql): - sql_xlat finished
>> >rlm_sql (sql): Released sql socket id: 2
>> >radius_xlat: '24004370'
>> >rlm_sqlcounter: (Check item - counter) is greater than zero
>> >rlm_sqlcounter: Authorized user tester1, check_item=26214400,
>> >counter=24004370
>> >rlm_sqlcounter: Sent Reply-Item for user tester1,
>> >Type=ChilliSpot-Max-Total-Octets, value=26239950
>> > modcall[authorize]: module "counterChilliSpotMaxDailyOctets" returns
>> >ok for request 0
>> > The entry in radcheck is as follows:
>> >
>> >| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
>> > What happens is that it seems the counter doesn't work as expected. When
>> a
>> >user logs in, performs some traffic usage, logs out and logs in again,
>> > the replied back attribute for chilli doesn't contain a value which is
>> the
>> >remainder of the traffic usage, but something else.
>> >
>> > According to the radius debug above, if check_item=26214400 and
>> >counter=24004370, how come value=26239950?
>> > So I'm guessing I'm missing something but I'm too obsessed with the
>> >sqlcounter to notice it. (is the subtractation not a normal decimal
>> action?)
>> >
>> > The FreeRADIUS version used is 1.1.7
>>
>>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
error when using radtest
Please i need your help for this error message i get when i want to use radtest
utility.
#radtest jerry cool 127.0.0.1:1812 0 testing123
Here are results i get:
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = "jery"
User-Password = "cool"
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = "jery"
User-Password = "cool"
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = "jery"
User-Password = "cool"
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
Sending Access-Request of id 197 to 192.168.1.30 port 1812
User-Name = "jery"
User-Password = "cool"
NAS-IP-Address = 127.0.1.1
NAS-Port = 43459
radclient: no response from server for ID 197 socket 3
Here is the result of the command radiusd -X:
Starting - reading configuration files ...
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = "testing123"
nastype = "other"
}
radiusd: Loading Realms and Home Servers
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = "auth"
secret = "testing123"
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = "status-server"
ping_check = "none"
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = no
input_pairs = "request"
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = "Password Has Expired "
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = "You are calling outside your allowed timespan "
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server inner-tunnel {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = "auto"
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = "/usr/local/var/log/radius/radwtmp"
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = "tls"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
dh_key_exchange = yes
rsa_key_length = 512
dh_key_length = 512
verify_depth = 0
pem_file_type = yes
private_key_file = "/usr/local/etc/raddb/certs/server.pem"
certificate_file = "/usr/local/etc/raddb/certs/server.pem"
CA_file = "/usr/local/etc/raddb/certs/ca.pem"
private_key_password = "EsCuJePaII"
dh_file = "/usr/local/etc/raddb/certs/dh"
random_file = "/usr/local/etc/raddb/certs/random"
fragment_size = 1024
include_length = yes
check_crl = no
cipher_list = "DEFAULT"
}
Module: Linked to sub-module rlm_eap_ttls
Module: Instantiating eap-ttls
ttls {
default_eap_type = "md5"
copy_request_to_tunnel = no
use_tunneled_reply = no
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_peap
Module: Instantiating eap-peap
peap {
default_eap_type = "mschapv2"
copy_request_to_tunnel = no
use_tunneled_reply = no
proxy_tunneled_request_as_eap = yes
virtual_server = "inner-tunnel"
}
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_files
Module: Instantiating files
files {
usersfile = "/usr/lo
Re: Need some help with Access-Reject messages in upgrade from FreeRadius1.1.0 to FreeRadius 2.0.5
Adam Bultman wrote:
> I decided it would be easier (in the long run) to simply start with a
> default freeRadius 2.0.5 config file, and then adjust it to match our
> setup. This has so far been going well, except now I've run into a
> problem where variables in my users file are not being expanded.
I suggest using 2.1.1, or the "stable" tree. See git.freeradius.org.
> Example from the user's file:
> DEFAULT Huntgroup-Name == dsl, serveriron-Ldap-Group == dsl10m,
> User-Profile := "uid=dsl10m,ou
> =profiles,ou=radius,dc=mtaonline,dc=net", Ldap-UserDN :=
> `uid=%{User-Name},ou=dsl,dc=domain
> ,dc=com`
> Fall-Through = no
This won't work because the "users" file doesn't dynamically expand
everything. I suggest using "unlang":
if ((Huntgroup-Nmae == "dsl") && (serveridon... == ...)) {
update control {
User-Profile := "uid=..."
LDAP-UserDN := "uid=%{User-Name},ou=..."
}
}
That will cause the %{User-Name} to be expanded properly.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter returning wrong value?
Hey,
2008/10/24 <[EMAIL PROTECTED]>
> No, he wants a data not time counter.
That's right Evan. Moreover, there is no sense in changing the attribute to
be Session-Timeout when Chilli expects something else.
Any thoughts on this issue?
Thanks,
Dana 24/10/2008, "mulianto" <[EMAIL PROTECTED]> piše:
>
> >hi..i think you should fix this one :
> >
> >reply-name = ChilliSpot-Max-Total-Octets to :
> >reply-name = Session-Timeout
> >
> >try it..
> >rgds,
> >Mulianto
> >
> >http://www.indohotspot.net
> >Your Hotspot solution
> > -Original Message-
> > From: [EMAIL PROTECTED]
> >[mailto:freeradius-users-bounces+mulianto
> [EMAIL PROTECTED]
> >Behalf Of liran tal
> > Sent: Friday, October 24, 2008 1:07 AM
> > To: FreeRadius users mailing list
> > Subject: sqlcounter returning wrong value?
> >
> >
> >
> > Hey,
> >
> > I'm experimenting with some sqlcounter directives in radiusd.conf and
> >chilli as the NAS.
> > I've defined the following sqlcounter stanza for a daily traffic limit:
> >
> > sqlcounter defined in radiusd.conf:
> > (the query was corrected as suggested by tnt on a previous thread on the
> >list, correct me if I got it wrong please)
> >
> > sqlcounter counterChilliSpotMaxDailyOctets {
> > counter-name = ChilliSpot-Max-Daily-Octets
> > check-name = ChilliSpot-Max-Daily-Octets
> > reply-name = ChilliSpot-Max-Total-Octets
> > sqlmod-inst = sql
> > key = User-Name
> > reset = daily
> > error-msg = "Sorry, your maximum traffic usage (download
> >and upload) has exceed the provided limit"
> > query = "SELECT (SUM(AcctInputOctets +
> AcctOutputOctets))
> >FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
> >AcctSessionTime > '%b'"
> > }
> >
> >
> >
> > In the authorization phase, I'm seeing the following in debug log:
> >rlm_sqlcounter: Entering module authorize code
> >sqlcounter_expand: 'SELECT
> (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
> >FROM radacct WHERE UserName='%{User-Name}''
> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
> FROM
> >radacct WHERE UserName='tester1''
> >sqlcounter_expand: '%{sql:SELECT
> >(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
> >UserName='tester1'}'
> >radius_xlat: Running registered xlat function of module sql for string
> >'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
> >UserName='tester1''
> >rlm_sql (sql): - sql_xlat
> >radius_xlat: 'tester1'
> >rlm_sql (sql): sql_set_user escaped user --> 'tester1'
> >radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
> FROM
> >radacct WHERE UserName='tester1''
> >rlm_sql (sql): Reserving sql socket id: 2
> >rlm_sql (sql): - sql_xlat finished
> >rlm_sql (sql): Released sql socket id: 2
> >radius_xlat: '24004370'
> >rlm_sqlcounter: (Check item - counter) is greater than zero
> >rlm_sqlcounter: Authorized user tester1, check_item=26214400,
> >counter=24004370
> >rlm_sqlcounter: Sent Reply-Item for user tester1,
> >Type=ChilliSpot-Max-Total-Octets, value=26239950
> > modcall[authorize]: module "counterChilliSpotMaxDailyOctets" returns
> >ok for request 0
> > The entry in radcheck is as follows:
> >
> >| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
> > What happens is that it seems the counter doesn't work as expected. When
> a
> >user logs in, performs some traffic usage, logs out and logs in again,
> > the replied back attribute for chilli doesn't contain a value which is
> the
> >remainder of the traffic usage, but something else.
> >
> > According to the radius debug above, if check_item=26214400 and
> >counter=24004370, how come value=26239950?
> > So I'm guessing I'm missing something but I'm too obsessed with the
> >sqlcounter to notice it. (is the subtractation not a normal decimal
> action?)
> >
> > The FreeRADIUS version used is 1.1.7
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: any other suggestions?
Martin Silvero wrote: > - I created all the certificates as they said in README, I tried and > nothing. *Something* happens. The error messages you posted indicate that there were problems with the certificates. My suggestion is to configure PEAP on the client first. If you can get that working, the adding a client certificate shouldn't be difficult. If PEAP doesn't work, then something is terribly wrong. Follow the instructions on my web page for configuring EAP: http://deployingradius.com. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounter returning wrong value?
No, he wants a data not time counter.
Ivan Kalik
Kalik Informatika ISP
Dana 24/10/2008, "mulianto" <[EMAIL PROTECTED]> piše:
>hi..i think you should fix this one :
>
>reply-name = ChilliSpot-Max-Total-Octets to :
>reply-name = Session-Timeout
>
>try it..
>rgds,
>Mulianto
>
>http://www.indohotspot.net
>Your Hotspot solution
> -Original Message-
> From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]
>Behalf Of liran tal
> Sent: Friday, October 24, 2008 1:07 AM
> To: FreeRadius users mailing list
> Subject: sqlcounter returning wrong value?
>
>
>
> Hey,
>
> I'm experimenting with some sqlcounter directives in radiusd.conf and
>chilli as the NAS.
> I've defined the following sqlcounter stanza for a daily traffic limit:
>
> sqlcounter defined in radiusd.conf:
> (the query was corrected as suggested by tnt on a previous thread on the
>list, correct me if I got it wrong please)
>
> sqlcounter counterChilliSpotMaxDailyOctets {
> counter-name = ChilliSpot-Max-Daily-Octets
> check-name = ChilliSpot-Max-Daily-Octets
> reply-name = ChilliSpot-Max-Total-Octets
> sqlmod-inst = sql
> key = User-Name
> reset = daily
> error-msg = "Sorry, your maximum traffic usage (download
>and upload) has exceed the provided limit"
> query = "SELECT (SUM(AcctInputOctets + AcctOutputOctets))
>FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
>AcctSessionTime > '%b'"
> }
>
>
>
> In the authorization phase, I'm seeing the following in debug log:
>rlm_sqlcounter: Entering module authorize code
>sqlcounter_expand: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
>FROM radacct WHERE UserName='%{User-Name}''
>radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
>radacct WHERE UserName='tester1''
>sqlcounter_expand: '%{sql:SELECT
>(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
>UserName='tester1'}'
>radius_xlat: Running registered xlat function of module sql for string
>'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
>UserName='tester1''
>rlm_sql (sql): - sql_xlat
>radius_xlat: 'tester1'
>rlm_sql (sql): sql_set_user escaped user --> 'tester1'
>radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
>radacct WHERE UserName='tester1''
>rlm_sql (sql): Reserving sql socket id: 2
>rlm_sql (sql): - sql_xlat finished
>rlm_sql (sql): Released sql socket id: 2
>radius_xlat: '24004370'
>rlm_sqlcounter: (Check item - counter) is greater than zero
>rlm_sqlcounter: Authorized user tester1, check_item=26214400,
>counter=24004370
>rlm_sqlcounter: Sent Reply-Item for user tester1,
>Type=ChilliSpot-Max-Total-Octets, value=26239950
> modcall[authorize]: module "counterChilliSpotMaxDailyOctets" returns
>ok for request 0
> The entry in radcheck is as follows:
>
>| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
> What happens is that it seems the counter doesn't work as expected. When a
>user logs in, performs some traffic usage, logs out and logs in again,
> the replied back attribute for chilli doesn't contain a value which is the
>remainder of the traffic usage, but something else.
>
> According to the radius debug above, if check_item=26214400 and
>counter=24004370, how come value=26239950?
> So I'm guessing I'm missing something but I'm too obsessed with the
>sqlcounter to notice it. (is the subtractation not a normal decimal action?)
>
> The FreeRADIUS version used is 1.1.7
>
>
>
> Regards,
> Liran.
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: sqlcounter returning wrong value?
hi..i think you should fix this one :
reply-name = ChilliSpot-Max-Total-Octets to :
reply-name = Session-Timeout
try it..
rgds,
Mulianto
http://www.indohotspot.net
Your Hotspot solution
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Behalf Of liran tal
Sent: Friday, October 24, 2008 1:07 AM
To: FreeRadius users mailing list
Subject: sqlcounter returning wrong value?
Hey,
I'm experimenting with some sqlcounter directives in radiusd.conf and
chilli as the NAS.
I've defined the following sqlcounter stanza for a daily traffic limit:
sqlcounter defined in radiusd.conf:
(the query was corrected as suggested by tnt on a previous thread on the
list, correct me if I got it wrong please)
sqlcounter counterChilliSpotMaxDailyOctets {
counter-name = ChilliSpot-Max-Daily-Octets
check-name = ChilliSpot-Max-Daily-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
error-msg = "Sorry, your maximum traffic usage (download
and upload) has exceed the provided limit"
query = "SELECT (SUM(AcctInputOctets + AcctOutputOctets))
FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '%b'"
}
In the authorization phase, I'm seeing the following in debug log:
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets))
FROM radacct WHERE UserName='%{User-Name}''
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='tester1''
sqlcounter_expand: '%{sql:SELECT
(SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1'}'
radius_xlat: Running registered xlat function of module sql for string
'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE
UserName='tester1''
rlm_sql (sql): - sql_xlat
radius_xlat: 'tester1'
rlm_sql (sql): sql_set_user escaped user --> 'tester1'
radius_xlat: 'SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM
radacct WHERE UserName='tester1''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 2
radius_xlat: '24004370'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user tester1, check_item=26214400,
counter=24004370
rlm_sqlcounter: Sent Reply-Item for user tester1,
Type=ChilliSpot-Max-Total-Octets, value=26239950
modcall[authorize]: module "counterChilliSpotMaxDailyOctets" returns
ok for request 0
The entry in radcheck is as follows:
| 346 | tester1 | ChilliSpot-Max-Daily-Octets | := | 26214400 |
What happens is that it seems the counter doesn't work as expected. When a
user logs in, performs some traffic usage, logs out and logs in again,
the replied back attribute for chilli doesn't contain a value which is the
remainder of the traffic usage, but something else.
According to the radius debug above, if check_item=26214400 and
counter=24004370, how come value=26239950?
So I'm guessing I'm missing something but I'm too obsessed with the
sqlcounter to notice it. (is the subtractation not a normal decimal action?)
The FreeRADIUS version used is 1.1.7
Regards,
Liran.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
