Re: rlm_perl and returning 1 attribute with same name
On 2012/02/17 02:38 PM, Mike wrote:
Hello,
I am using rlm_perl and I have an application where I would like to return
possibly more than 1 Filter-Id in my response.
In perl, the relevent code would be this:
$RAD_REPLY{'Filter-Id'} = some_filter
Unfortunately, this also will only create 1 avpair by the name 'Filter-Id'.
How would I go about returning more than 1 or am I stuck because of perl?
I have an array with my Framed-Routes
I then do the following:
$RAD_REPLY{'Framed-Route'} = \@framedroutearray;
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
Before acting on this email or opening any attachments
you should read Cape PC Service's email disclaimer at:
http://www.pcservices.co.za/disclaimer.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and eduroam
You can refer also to the eduroam wiki, fro what are my knowledge, the configuration parameters indicated for eduroam could be applied to all the 2.x versions. https://confluence.terena.org/display/H2eduroam/%27How+to%27+%28deploy,+promote+and+support%29+eduroam, more in detail SP: https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus#Howtodeployeduroamon-siteoroncampus-SetupofeduroamSPRADIUSservers IDP: https://confluence.terena.org/display/H2eduroam/How+to+deploy+eduroam+on-site+or+on+campus#Howtodeployeduroamon-siteoroncampus-FreeRADIUS Cheers, Nunzio Il 18/02/2012 00:07, Mahmudul Hasan ha scritto: Hi, I am currently trying to setup freeradius to work with eduroam. Does anyone have a sample configuration files for 2.1.10 version of freeradius ? Even if there is a guideline (specially regarding the proxy.conf file and the tunnels), it will be a great help. I am currently considering PEAP-MSCHAPv2 for encrypting my radius packets. Thank you, Mahmudul Hasan University of Lethbridge, Alberta,Canada. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Nunzio Napolitano Centro di calcolo elettronico Università degli Studi di Napoli Parthenope tel. 081-5476683 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius stopped to work
Hi after more then year my freeradius 2.1.9 stopped to work in log I have a lot of the following info: Feb 20 13:11:55 radius radiusd[12006]: WARNING: Child is hung for request 35 in component accounting module radutmp. Feb 20 13:11:56 radius radiusd[12006]: WARNING: Child is hung for request 34 in component accounting module radutmp. Feb 20 13:11:56 radius radiusd[12006]: WARNING: Child is hung for request 51 in component accounting module radutmp. Feb 20 13:10:45 radius radiusd[12006]: WARNING: Unresponsive child for request 134, in module radutmp component accounting Feb 20 13:10:47 radius radiusd[12006]: WARNING: Unresponsive child for request 132, in module radutmp component accounting Feb 20 13:10:48 radius radiusd[12006]: WARNING: Unresponsive child for request 136, in module radutmp component accounting and so on When i restart the radius, it start to work, then after a few minutes goes down Any idieas ? thanks pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
radutmp file became to large... But to be sure, check you radius in debug mode... /usr/local/var/log/radius/radutmp On 20.2.2012 13:25, dorje2...@seznam.cz wrote: Hi after more then year my freeradius 2.1.9 stopped to work in log I have a lot of the following info: Feb 20 13:11:55 radius radiusd[12006]: WARNING: Child is hung for request 35 in component accounting module radutmp. Feb 20 13:11:56 radius radiusd[12006]: WARNING: Child is hung for request 34 in component accounting module radutmp. Feb 20 13:11:56 radius radiusd[12006]: WARNING: Child is hung for request 51 in component accounting module radutmp. Feb 20 13:10:45 radius radiusd[12006]: WARNING: Unresponsive child for request 134, in module radutmp component accounting Feb 20 13:10:47 radius radiusd[12006]: WARNING: Unresponsive child for request 132, in module radutmp component accounting Feb 20 13:10:48 radius radiusd[12006]: WARNING: Unresponsive child for request 136, in module radutmp component accounting and so on When i restart the radius, it start to work, then after a few minutes goes down Any idieas ? thanks pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
radutmp is not big, it has only 700kB However radwtmp has almost 700MB pet Původní zpráva Od: Marinko Tarlać mangi...@gmail.com Předmět: Re: Freeradius stopped to work Datum: 20.2.2012 13:37:16 radutmp file became to large... But to be sure, check you radius in debug mode... /usr/local/var/log/radius/radutmp On 20.2.2012 13:25, dorje2...@seznam.cz wrote: Hi after more then year my freeradius 2.1.9 stopped to work in log I have a lot of the following info: Feb 20 13:11:55 radius radiusd[12006]: WARNING: Child is hung for request 35 in component accounting module radutmp. Feb 20 13:11:56 radius radiusd[12006]: WARNING: Child is hung for request 34 in component accounting module radutmp. Feb 20 13:11:56 radius radiusd[12006]: WARNING: Child is hung for request 51 in component accounting module radutmp. Feb 20 13:10:45 radius radiusd[12006]: WARNING: Unresponsive child for request 134, in module radutmp component accounting Feb 20 13:10:47 radius radiusd[12006]: WARNING: Unresponsive child for request 132, in module radutmp component accounting Feb 20 13:10:48 radius radiusd[12006]: WARNING: Unresponsive child for request 136, in module radutmp component accounting and so on When i restart the radius, it start to work, then after a few minutes goes down Any idieas ? thanks pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
Hi, However radwtmp has almost 700MB are you using it - ie any of the features that require it? If not, then turn off the calls to it in accounting etc - alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
hi yes, i;m using accounting, but i don't know for what is the radwtmp file responsible thanks Původní zpráva Od: Alan Buxey a.l.m.bu...@lboro.ac.uk Předmět: Re: Freeradius stopped to work Datum: 20.2.2012 13:46:43 Hi, However radwtmp has almost 700MB are you using it - ie any of the features that require it? If not, then turn off the calls to it in accounting etc - alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
2012/2/20 dorje2...@seznam.cz: hi yes, i;m using accounting, but i don't know for what is the radwtmp file responsible thanks Are you using radwtmp for accounting? If you store accounting data in sql or detail file, or don't know what radwtmp is, chances are you don't need radwtmp. As Alan suggested, comment-out radutmp in your sites-available/default (or whatever other virtual server you might use) -- Fajar Původní zpráva Od: Alan Buxey a.l.m.bu...@lboro.ac.uk Předmět: Re: Freeradius stopped to work Datum: 20.2.2012 13:46:43 Hi, However radwtmp has almost 700MB are you using it - ie any of the features that require it? If not, then turn off the calls to it in accounting etc - alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
Původní zpráva Od: Fajar A. Nugraha l...@fajar.net Předmět: Re: Freeradius stopped to work Datum: 20.2.2012 14:05:19 2012/2/20 dorje2...@seznam.cz: hi yes, i;m using accounting, but i don't know for what is the radwtmp file responsible thanks Are you using radwtmp for accounting? If you store accounting data in sql or detail file, or don't know what radwtmp is, chances are you don't need radwtmp. As Alan suggested, comment-out radutmp in your sites-available/default (or whatever other virtual server you might use) -- Fajar Thank you I've commented-out the line unix in accounting section a removed the radwtmp file Will see what will happen : ) thanks pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
Původní zpráva Od: Fajar A. Nugraha l...@fajar.net Předmět: Re: Freeradius stopped to work Datum: 20.2.2012 14:05:19 2012/2/20 dorje2...@seznam.cz: hi yes, i;m using accounting, but i don't know for what is the radwtmp file responsible thanks Are you using radwtmp for accounting? If you store accounting data in sql or detail file, or don't know what radwtmp is, chances are you don't need radwtmp. As Alan suggested, comment-out radutmp in your sites-available/default (or whatever other virtual server you might use) -- Fajar Thank you I've commented-out the line unix in accounting section a removed the radwtmp file Will see what will happen : ) unfortunately , radius wend down again. The log is not very precise: Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 988 in component module . Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 990 in component module . Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 992 in component module . Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 994 in component module . Feb 20 14:22:45 radius radiusd[12700]: WARNING: Child is hung for request 1025 in component module . and so on i didn't comment out the radutmp line, because i need to have a n accounting thanks pet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
Hi, unfortunately , radius wend down again. The log is not very precise: Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 988 in component module . Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 990 in component module . Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 992 in component module . Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 994 in component module . Feb 20 14:22:45 radius radiusd[12700]: WARNING: Child is hung for request 1025 in component module . lots of records = live accounting has reached a block i didn't comment out the radutmp line, because i need to have a n accounting yes - but HOW do you DO accounting? you say you need to have radutmp - but how do you use that file - are you sure you use it and not eg SQL accounting? if you have got to a stage where the accounting requirements cannot be met in real time, then you need to look at migrating to using eg detail file 'just out of live time' accounting - or moving the accounting off the live auth server and using eg decoupled accounting, or proxy to home server buffered accounting.. or even move to a more efficient method such as buffered-sql . however, the issue may also be caused by some other local issue - such as network contention (if you proxy requests), resource starvation (host is doing more than just the radiusd and doesnt have enough resource - be that CPU or disk access - to do its job), or, if virtualised, the host may not have all it needs because some other virtual host is stealing the cycles now ..or you've finally encountered a bug. does this happen with latest release (2.1.12)? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
dorje2...@seznam.cz wrote: unfortunately , radius wend down again. The log is not very precise: Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 988 in component module . That means it's getting hung somewhere in the server core. That's usually because the system is receiving more requests than it can handle. You need to fix it so that it can handle high volumes of traffic. Upgrade the machine, add DB indexes, do less processing work per packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with freeradius
Hi i run freeradius version radiusd: FreeRADIUS Version 2.1.12, for host i386-portbld-freebsd9.0, built on Jan 19 2012 at 22:04:35 on my FreeBSD but i have problem with radclient and radzap i don`t can to disconnect the users... give me this error radclient: no response from server for ID 144 socket 3 i use radzap -u user 127.0.0.1 secret and have this answer for server [root@skynet /]# radzap -u office 127.0.0.1 pass radclient: no response from server for ID 122 socket 3 [root@skynet /]# Please help me -- View this message in context: http://freeradius.1045715.n5.nabble.com/Problem-with-freeradius-tp5499520p5499520.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with freeradius
Hi, [root@skynet /]# radzap -u office 127.0.0.1 pass radclient: no response from server for ID 122 socket 3 [root@skynet /]# Please help me what does FreeRADIUS daemon say when you do this - ie what is output of 'radiusd -X' when you run your radzap command? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
Feb 20 14:22:44 radius radiusd[12700]: WARNING: Child is hung for request 988 in component module . That means it's getting hung somewhere in the server core. That's usually because the system is receiving more requests than it can handle. You need to fix it so that it can handle high volumes of traffic. Upgrade the machine, add DB indexes, do less processing work per packet. Hi, how i can fix it ? The server is virtual , 2GB RAM, 1x 3.33 GHZ CPU The server is doing almost nothing, load averaga less then one: Here is the top command: top - 17:49:36 up 25 days, 6:24, 1 user, load average: 0.20, 0.15, 0.10 Tasks: 79 total, 2 running, 77 sleeping, 0 stopped, 0 zombie Cpu(s): 0.0%us, 0.0%sy, 0.0%ni, 88.0%id, 12.0%wa, 0.0%hi, 0.0%si, 0.0%st Mem: 2075492k total, 1261764k used, 813728k free, 153996k buffers Swap: 2096472k total, 60k used, 2096412k free, 996640k cached Also as i said, nothing happend more then one year, and suddenly today it has started to crash Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Possible bug in rlm_sqlcounter examples
Hi All.
I am using the following SQL in sqlcounter for a MySQL database in the
Grase Hotspot project, as part of daily/hourly/monthly counters.
query = SELECT SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) \
FROM radacct WHERE username = '%{%k}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime '%b'
This is taken directly out of the examples that come with Freeradius,
and is also in the Wiki.
http://wiki.freeradius.org/Rlm_sqlcounter#Example+Setup
Recently I was having problems where the first login for a day, wasn't
being limited to it's daily limit. However, subsequent logins for they
day were. So for example, if they had a 4 hour limit, and the first
login went over 4 hours, it could keep going as Session-Limit was being
returned by freeradius. However, all subsequent logins would return a
valid Session-Limit (timeout?) or an access denied if they had gone over
the daily limit.
Some poking around showed that if there was no logins for that day, the
above SQL will return NULL, which Freeradius complains about, something
along the lines of there not being an integer in the results (I can't
get the exact error message right now), and so the sqlcounter just
passes through as noop.
To solve the problem, I needed to use an IFNULL (or COALESCE) to return
a 0 instead of NULL and then Freeradius sqlcounter returns the correct
attributes.
query = SELECT COALESCE( SUM(acctsessiontime - \
GREATEST((%b - UNIX_TIMESTAMP(acctstarttime)), 0)) ) \
FROM radacct WHERE username = '%{%k}' AND \
UNIX_TIMESTAMP(acctstarttime) + acctsessiontime '%b'
This happens on the arm architecture, and so may be architecture
dependent. A quick test on x86 MySQL shows it also returns NULL, however
I've not had the chance to test how Freeradius interprets the NULL, as 0
or NULL. I will get out an x86 test machine shortly and test what
Freeradius is returning.
$ apt-cache policy freeradius
freeradius:
Installed: 2.1.10+dfsg-2
Debian 6.0.3 Linux Kernel 2.6.32 armv5tel
Has anyone else run into this problem?
Tim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius stopped to work
dorje2...@seznam.cz wrote: Hi, how i can fix it ? I don't know. It's your system. Something is blocking it. Also as i said, nothing happend more then one year, and suddenly today it has started to crash Well... find out what it's doing. Use your OS debugging tools. There could be many reasons. Without more information, we can't help you. And the server isn't crashing. It's just blocked. There's nothing really wrong with it, other than something *else* is preventing it from working. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2.1.12 segfault with ldap module
While setting up freeradius recently, we noticed that it would segfault on a restart after being used. The segfault line would be something like: kernel: radiusd[2608]: segfault at 7feb7471f480 ip 7feb7471f480 sp 7fff451ea168 error 14 in libfreeradius-eap-2.1.12.so[7feb74d2b000+9000] At first I thought this would be something in the eap module, but after building a debug build and running it in gdb I got this backtrace: Program received signal SIGSEGV, Segmentation fault. 0x73e0f480 in ?? () (gdb) bt #0 0x73e0f480 in ?? () #1 0x771d9dea in ?? () from /usr/lib64/libcrypto.so.1.0.0 #2 0x7755a12d in SSL_free () from /usr/lib64/libssl.so.1.0.0 #3 0x7548b1da in ?? () from /usr/lib64/libldap_r-2.4.so.2 #4 0x7524df59 in ber_sockbuf_remove_io () from /usr/lib64/liblber-2.4.so.2 #5 0x7524dfed in ber_int_sb_destroy () from /usr/lib64/liblber-2.4.so.2 #6 0x7524e06c in ber_sockbuf_free () from /usr/lib64/liblber-2.4.so.2 #7 0x7546fb2c in ldap_ld_free () from /usr/lib64/libldap_r-2.4.so.2 #8 0x756a50c0 in ldap_detach (instance=value optimized out) at rlm_ldap.c:2588 #9 0x004186ce in module_instance_free (data=value optimized out) at modules.c:380 #10 0x77bcee4d in FreeWalker (tree=0x796a50, X=0x799670) at rbtree.c:63 #11 0x77bcee8e in rbtree_free (tree=0x9b14c0) at rbtree.c:74 #12 0x00419450 in detach_modules () at modules.c:428 #13 0x0041d13c in main (argc=value optimized out, argv=value optimized out) at radiusd.c:456 After seeing that it looks like it's actually the ldap module causing problems, I commented out all of my bits that use the ldap module and it doesn't segfault on shutdown. I also tried it with ldap but without TLS enabled and it shut down clean still. Has anyone seen this before? Any solutions? For the time being, I guess I'll run the ldap module without TLS enabled. Segfaults, even benign ones, seem to get everyone antsy... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
