Re: Accounting and Acct-Delay-Time in MySQL
Hi, I'd re-visit the entire accounting table queries. Create a *new* table, so that people don't have surprises when they upgrade. Ideally, it should be robust in the face of duplicate packets, and packets forwarded via 2 different paths (think radrelay + delays) Okay, I'll see what I can do. One thing I noticed is that the default schema has a column xascendsessionsvrkey varchar(10) default NULL, A VSA, of a vendor that's long dead? This is one column that I would wipe out. If some people find they need it, they can always modify the tables to their (peculiar ;-) ) needs. No reason to push this column into every FreeRADIUS installation on the planet. Another thing I miss very much is in radpostauth: * some gear sends a different User-Name attribute in its reply than was in the request. It would be good to have these two names correlated easily, at least for forensics. Adding a column reply-username would do a lot of good here. * callingstationid would also be nice to have * and an indication which NAS the user used to log in (and/or which virtual server was used to handle the request) All of that is info one typically has to dig out of detail files; which is much more cumbersome than having it in SQL. Any thoughts here? Greetings, Stefan Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Segmentation Fault while proxing Request to home server]
Hello Thomas. I have the same problem After installing 2.1.6 version everything worked well . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help: 802.1x with freeRadius and mySql database
Hi, Then I start to use mySql database, instead of clients.conf and users. I followed the instructions from this link [1]http://wiki.freeradius.org/SQL_HOWTO. I use the radtest command to test the username/password. It works fine. Then I use the Cisco switch to test the username/password and NAS, it also works fine. But the 802.1x authentication does not work. Here is the output from freeradius -X I'm guessing that you havent enabled sql in the inner-tunnel configuration (which EAP packets get sent through) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Changing radgroup with a sqlcounter ?
Hello, I am working on a radius config for a hotspot. I already configured a script that kick the user when the quota exceed thanks to some very useful posts in the coova forum. I used this counter : sqlcounter noresetBytecounter { counter-name = Total-Max-Octets check-name = Max-Octets reply-name = ChilliSpot-Max-Total-Octets sqlmod-inst = sql key = User-Name reset = never query = SELECT (SUM(AcctInputOctets)+SUM(AcctOutputOctets)) FROM radacct WHERE UserName='%{%k}' } My goal is that a user belongs to a standard group with a 512kbps bandwith and a quota of 100mo. Then when he exceeds his quota, he is switched to a 128 kbps group. I know how to setup groups that limits bandwidth and volume. What I don't know is how to set up a counter that instead of kicking the user out of the network when he exceeds his quota switch him to another radgroup. Any clue how i can do it ? Thank you very much, -- View this message in context: http://freeradius.1045715.n5.nabble.com/Changing-radgroup-with-a-sqlcounter-tp3270524p3270524.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP auth success / User reject
hello * Szenario: freeradius auth via LDAP simple bind with user passwd / user name for a hot spot Used config works with two other setups of same environment Problem: simple bind returns ok then another module rejects the user Any hints where i should look ? Used Freeradius Version: FreeRADIUS Version 1.1.6 below debug output hu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module suffix returns noop for request 0 Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 0 Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: - authorize Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: performing user authorization for test1 Thu Nov 18 11:20:52 2010 : Debug: radius_xlat: '(uid=test1)' Thu Nov 18 11:20:52 2010 : Debug: radius_xlat: 'l=Stadt,dc=de,o=Organisationr' Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: attempting LDAP reconnection Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: (re)connect to 127.0.0.1:389, authentication 0 Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: bind as cn=LDAPADMIN,o=Customer/sharedsecret to 127.0.0.1:389 Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: waiting for bind result ... Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: Bind was successful Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: performing search in l=Stadt,dc=de,o=Organisation, with filter (uid=test1) Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: looking for check items in directory... Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: looking for reply items in directory... Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: Setting Auth-Type = ldap Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: user test1 authorized to use remote access Thu Nov 18 11:20:52 2010 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 0 Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module ldap returns ok for request 0 Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Thu Nov 18 11:20:52 2010 : Debug: rlm_eap: No EAP-Message, not doing EAP Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module eap returns noop for request 0 Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Thu Nov 18 11:20:52 2010 : Debug: users: Matched entry DEFAULT at line 3 Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module files returns ok for request 0 Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 0 Thu Nov 18 11:20:52 2010 : Debug: rlm_pap: Found existing Auth-Type, not changing it. Thu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 0 Thu Nov 18 11:20:52 2010 : Debug: modcall[authorize]: module pap returns noop for request 0 Thu Nov 18 11:20:52 2010 : Debug: modcall: leaving group authorize (returns ok) for request 0 Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Found Auth-Type Reject Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Auth-Type = Reject, rejecting user Thu Nov 18 11:20:52 2010 : Debug: auth: Failed to validate the user. Thu Nov 18 11:20:52 2010 : Auth: Login incorrect: [test1/testpasswd] (from client wlanhsp port 0 cli 00:1e:c2:a3:4d:b line from users DEFAULT Called-Station-Id =~ .*:LIBRARY , Ldap-group == cn=city,cn=Groups,l=Stadt,dc=de,o=Organisation thx for any hints :-) I have anonymized the ldap Attributes Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure output summary
On Wed, Nov 17, 2010 at 07:53:02AM +0100, Stefan Winter wrote: I think it would generally make sense to put a summary output of configure at the end of its run, so that one can easily see which modules will be disabled. In an acute case of bash script fiddling, I created the attached proof of concept test.sh script, which recursively goes through all config.log files and a) greps all lines with WARNING b) greps all lines with silently not building and puts these out in massaged human-readable form. Would something like this have any chances of getting included into the tarball? It could run as the very last thing in configure... I've actually been a bit confused by the notion of having separate autoconf installations/invocation in multiple subdirectories. The point of that would seem to be that if you just want to reconfigure and rebuild one particular part, you can do it. But who ever does that? It seems to me that everyone only ever wants a single autoconf instance for the whole tree, which can generate all the subdirectory makefiles. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure output summary
Josip Rodin wrote: I've actually been a bit confused by the notion of having separate autoconf installations/invocation in multiple subdirectories. The point of that would seem to be that if you just want to reconfigure and rebuild one particular part, you can do it. But who ever does that? Exactly. It seems to me that everyone only ever wants a single autoconf instance for the whole tree, which can generate all the subdirectory makefiles. Ugh. Even better, use a build system which includes header/library checking as part of the dependencies. Waf others seem to be a good start here. For 2.2.x, I've been looking at getting rid of libtool libltdl. All modern systems have dlopen(), so that makes things easier. Getting rid of autoconf would be a logical next step. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP auth success / User reject
Michael Arndt wrote: below debug output hu Nov 18 11:20:52 2010 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Use -X. You've added an additional -x, which makes the output harder to read. Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Found Auth-Type Reject Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Auth-Type = Reject, rejecting user Well... something is setting that. Go find out what, and fix it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure output summary
On 11/18/2010 08:21 AM, Josip Rodin wrote: I've actually been a bit confused by the notion of having separate autoconf installations/invocation in multiple subdirectories. The point of that would seem to be that if you just want to reconfigure and rebuild one particular part, you can do it. But who ever does that? It seems to me that everyone only ever wants a single autoconf instance for the whole tree, which can generate all the subdirectory makefiles. Yeah, I've never quite understood that either, but it works which at the end of the day is what matters most even if it seems odd. If someone ever does decide to work on the build tools I wonder if it might make sense to abandon autotools. I've used autotools for years and it's been a love/hate relationship. I love it when someone else has done the work, but hate it whenever I have to create new autotools functionality or it breaks (which sadly is often) and I have to debug it. It's baroque complexity is daunting and it often suffers from versioning issues. FWIW, a number of projects I have some involvement with are switching over to CMake. It's still to early for me to give a report card on CMake, but it's an interesting trend. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure output summary
On Thu, Nov 18, 2010 at 08:48:38AM -0500, John Dennis wrote: On 11/18/2010 08:21 AM, Josip Rodin wrote: I've actually been a bit confused by the notion of having separate autoconf installations/invocation in multiple subdirectories. The point of that would seem to be that if you just want to reconfigure and rebuild one particular part, you can do it. But who ever does that? It seems to me that everyone only ever wants a single autoconf instance for the whole tree, which can generate all the subdirectory makefiles. Yeah, I've never quite understood that either, but it works which at the end of the day is what matters most even if it seems odd. If someone ever does decide to work on the build tools I wonder if it might make sense to abandon autotools. I personally have no problem with autoconf per se, configure.ac syntax in general tends to be fairly clear to me. But having N copies where we only seem to need 1? That sounds like a problem. Also I think that this line of reasoning it's apparent that it's odd, few understand it, yet it works, so let's either keep it or attempt to replace it completely is problematic in and of itself. We must be able to fully understand our own code, and the requirements that led to it, in order to be able to both try to fix the problems in the existing solution *and* to be able to attempt a successful replacement. If we don't, it's likely that we're just going to end up repeating old problems and making things worse. So it would be good if we could first get an authoritative opinion on whether support for subdirectory reconfiguration is actually necessary, or if perhaps it's a remnant of some other unrelated idea. Alan? I've had some experience analyzing auto*-based build systems on other things I've packaged, which seemed to result in them becoming less obfuscated, so I could have a crack at this one if it's possible. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: LDAP auth success / User reject
Alan, Use -X. You've added an additional -x, which makes the output harder to read. ok, understood, attached below Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Found Auth-Type Reject Thu Nov 18 11:20:52 2010 : Debug: rad_check_password: Auth-Type = Reject, rejecting user Well... something is setting that. Go find out what, and fix it. any hints, how to proceed to debug from where the Reject for rad_check_passwd is caused ? I checked ldap atributes and verified correctness of user passwd for simple bind with ldapsearch So i at last have exluded trivial errors like testing with a dn or wrong user password But now i d not see how to trace why the radius request comes back with reject lm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in l=Stadt,dc=de,o=Organisation, with filter (uid=test1) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Setting Auth-Type = ldap rlm_ldap: user test11 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 4 modcall[authorize]: module files returns ok for request 0 rlm_pap: Found existing Auth-Type, not changing it. modcall[authorize]: module pap returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [test1/testpass] (from client wlanhsp port 0 cli 00:1e:c2:a3:4d:b3) TIA Micha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Crypt Passwords in SQL
On Wed, Nov 17, 2010 at 05:00:19PM -0500, William wrote: On Wednesday, November 17, 2010 04:24:32 pm Kenneth Marshall wrote: On Wed, Nov 17, 2010 at 04:15:47PM -0500, William wrote: Greetings, First, Thanks Alan DeKok. That was exactly what I needed for NAS_Showt_Name. Second, I just discovered a new issue. Not sure if this is a radius or a MySQL issue. When I crypt a password (MySQL CRYPT command) the password matches anything and everything that matches the first 8 characters of the password. Is this a limitation of Radius crypt or is it a Mysql crypt ? I need 16+ character password that match. Wm Crypt has an 8 character limit in its specification. Some screwy systems play tricks like using the first 7 chars + the last char of a string longer than 8 chars (MacOS) instead of just the first 8, but it is still eight chars. You will need to use another encoding system for more characters. What attribute would I use instead of Crypt-Password ? I tried MD5-Password and a couple of others, but I can find no documentation on anything other than User-Password, Crypt-Password, ClearText-Password, and CHAP-Password. Wm Crypt-Password just holds the encrypted password. It is up to you to properly encrypt the password and use it. You just cannot use the MySQL crypt() function since it has an 8-char password limit. Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Case-insensitive regexps in rlm_files
In rlm_files, I can't see how to make a case-insensitive regular expression. - DEFAULT User-Name =~ (?i:foo) # nope, not supported by POSIX ERE. Logs: # Invalid regular expression (?i:foo) DEFAULT User-Name =~ /foo/i # actually matches the character sequence /foo/i - Am I missing a trick here? If I make a patch for this, would you prefer the first or second to be implemented? The second is nicer to use, but is probably harder to implement. The first could be done as a frig by stripping off an outer (?i: ... ) and setting the REG_ICASE flag if seen. Regards, Brian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Case-insensitive regexps in rlm_files
Brian Candler wrote: In rlm_files, I can't see how to make a case-insensitive regular expression. You can't. - DEFAULT User-Name =~ (?i:foo) # nope, not supported by POSIX ERE. Logs: # Invalid regular expression (?i:foo) DEFAULT User-Name =~ /foo/i That isn't valid. See man users. Am I missing a trick here? $ man unlang The users file has a limited set of functionality. Extending it is... awkward. If I make a patch for this, would you prefer the first or second to be implemented? The second is nicer to use, but is probably harder to implement. I'd prefer to avoid the users file entirely. The capability already exists in the server, in unlang. I'd suggest using that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP auth success / User reject
Michael Arndt wrote: any hints, how to proceed to debug from where the Reject for rad_check_passwd is caused ? Find out what part of the configuration is setting Auth-Type := Reject. I checked ldap atributes and verified correctness of user passwd for simple bind with ldapsearch So i at last have exluded trivial errors like testing with a dn or wrong user password That won't cause Auth-Type := Reject. But now i d not see how to trace why the radius request comes back with reject Look in the files configuration, and in the data in LDAP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure output summary
Josip Rodin wrote: I personally have no problem with autoconf per se, configure.ac syntax in general tends to be fairly clear to me. But having N copies where we only seem to need 1? That sounds like a problem. Yes. The repetition is annoying. Also I think that this line of reasoning it's apparent that it's odd, few understand it, yet it works, so let's either keep it or attempt to replace it completely is problematic in and of itself. We must be able to fully understand our own code, and the requirements that led to it, in order to be able to both try to fix the problems in the existing solution *and* to be able to attempt a successful replacement. If we don't, it's likely that we're just going to end up repeating old problems and making things worse. The existing code works (mostly). That's why it's still using an old version of libtool libltld: I tried changing it, it was a PITA, and it had problems. So it would be good if we could first get an authoritative opinion on whether support for subdirectory reconfiguration is actually necessary, or if perhaps it's a remnant of some other unrelated idea. Alan? It's so that the modules are independent of the core. If you don't like a module rm -rf the directory. If you want a new one, drop files into a subdirectory, and the main configure/build process will find them. I've had some experience analyzing auto*-based build systems on other things I've packaged, which seemed to result in them becoming less obfuscated, so I could have a crack at this one if it's possible. If you can make it simpler, OK. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dynamic VLAN assignment on NAS
Hi the list I'm sure this is NAS question, not Freeradius' question. But perhaps somebody on the list had experienced this issue. Here is my problem. I setup : - A Freeradius configuration EAP/PEAP with user credentials stored in LDAP directory. - A NAS zcomax ag3621 wireless access point with VLAN 802.1q support. on this access point, i have one SSID associated by default with guest VLAN 30. meaning if a user failed authentication, he will still connected but on this VLAN with reduced privileges. However radius return the following Access-accept packet to my NAS, Sending Access-Accept of id 81 to 192.168.32.88 port 1032 Tunnel-Private-Group-Id:0 = 60 Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN User-Name = user1 The access point just put user1 on VLAN 30. My NAS ignore the VLAN ID 60 (Tunnel-Private-Group-Id:0 = 60) contained in the Access-Accept. I try with two different models of Access point (zcomax and cisco) My question: Is there a particular config to do to ask the NAS to consider the VLAN ID contained in the Access-Accept packet ? Thanks for your answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Case-insensitive regexps in rlm_files
Alan DeKok wrote: I'd prefer to avoid the users file entirely. The capability already exists in the server, in unlang. I'd suggest using that. The benefit to us in doing this in rlm_files/rlm_fastusers is that when these files are rsynced out, freeradius re-reads them without needing a restart. This is perceived (rightly or wrongly) as making the server more robust. rlm_fastusers can also be a lot faster than a linear search in unlang. Furthermore, it also helps that the syntax is limited and line-based, as it results in less scope for errors. It's just a bit too limited without //i. We currently use our own custom modules which have similar functionality to rlm_files and rlm_fastusers with case-insensitive regexp matching, but I'm keen to fold this back into mainline if possible. (*) Regards, Brian. (*) You don't want our current modules - they use ^^ at the start of a regexp to turn on case-insensitive matching - but I'm happy to reimplement them in a cleaner way. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Segmentation Fault while proxing Request to home server]
Hello, I've enable develloper mode, now I've got the following output : Finished request 13. Cleaning up request 13 ID 247 with timestamp +136 Going to the next request Waking up in 16.9 seconds. ASSERT FAILED event.c[1181]: We do not have threads, but the request is marked as queued or running in a child thread == NULL Abort Do I need to to something more with gdb (I don't have the feeling there's a core dump). Thomas Le 18/11/2010 06:15, Alan DeKok a écrit : Thomas Fagart wrote: ... WARNING: Internal sanity check failed in event handler for request 6: Discarding the request! Segmentation fault And then the proxy radius dies. That's not good. This happens each time at the fifth try while trying to send the request to a dead home server. I haven't been able to reproduce it, so it's difficult to track down I know I should give a gdb trace to help, but since this is production server, it might take some times to give the trace. Uhh... you can't run *another* test server using the same config? With eapol_test to generate test traffic? Do you have any idea to what it could be related ? It's a bug. Past that, it's impossible to say. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting data and NULL sessions
I have two questions if I may. One I think I've asked before but just getting around to trying to tackle it again. 1. I am using mysql for radacct data to keep track of sessions. The accounting data is going into flat files on each radius server. Is there a way to get the accounting data to go directly to into a mysql table? I don't want the accounting data in radacct. 2. I have multiple NULL sessions in my radacct file??? What causes these and how do folks deal with them? Thanks, N - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure output summary
On Thu, Nov 18, 2010 at 05:16:03PM +0100, Alan DeKok wrote: It's so that the modules are independent of the core. If you don't like a module rm -rf the directory. If you want a new one, drop files into a subdirectory, and the main configure/build process will find them. OK, that's actually a legitimate requirement. It should be possible to solve this problem with much less overhead. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [Segmentation Fault while proxing Request to home server]
Thomas Fagart wrote: I've enable develloper mode, now I've got the following output : ... ASSERT FAILED event.c[1181]: We do not have threads, but the request is marked as queued or running in a child thread == NULL Ah, that's easy. It's fixed in git commit 5849d7aa69. See the v2.1.x branch. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting data and NULL sessions
Natr Brazell wrote: 1. I am using mysql for radacct data to keep track of sessions. The accounting data is going into flat files on each radius server. Is there a way to get the accounting data to go directly to into a mysql table? I don't want the accounting data in radacct. That question makes no sense. radacct *is* a MySQL table. 2. I have multiple NULL sessions in my radacct file??? What causes these and how do folks deal with them? The NULL sessions are caused by real-life situations. The way to deal with them is to write SQL statements to clean them up. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic VLAN assignment on NAS
Attou eric wrote: The access point just put user1 on VLAN 30. My NAS ignore the VLAN ID 60 (Tunnel-Private-Group-Id:0 = 60) Then the NAS is broken. contained in the Access-Accept. I try with two different models of Access point (zcomax and cisco) My question: Is there a particular config to do to ask the NAS to consider the VLAN ID contained in the Access-Accept packet ? See the NAS documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure output summary
Hi, when running configure, lots of somewhat important messages scroll by, like silently disabling something you need :-) ./configure --with-whatever-options | grep WARN ;-) Yes, I can do that. I even dare say that I can spot WARNINGs while the scroll buffer runs by, and thus instantly see what's going wrong (at least on my slow-spec'd VMs). But newcomers aren't that trained yet. You shouldn't have to tell them every other Linux project does configure, but you have to configure | grep WARN - it's odd if you're not used to it. there are other packages that print out stuff at the end about what features are not enabled etc - but , being on those mailing lists too, noone reads that outputeven if you put a whacking great big dragon in it ;-) Exactly these projects were the role model I had in mind. Granted, some people will even overlook the necessary information if it is in blinkRED/blink. But a summary at the end at least raises chances of problems being flagged by the person running configure. Interesting discussion elsewhere in the thread... a proper solution to the problem would indeed be that the recursiveness of configure goes away. Much better than running a whacky script, of course! Greetings, Stefan -- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg Tel: +352 424409 1 Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure output summary
On 2010/11/19 08:55 AM, Stefan Winter wrote: away. Much better than running a whacky script, of course! I feel that adding the script cannot do any harm whatsoever. I agree that a lot of newbies will not read it, but if _one_ person reads it a month, it will mean less questions on the list! Cheers, -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html