State of 2.x?
Hi, We're running 1.1.8 on FreeBSD 5.3 and have been delaying the move to 2.x until absolutely necessary. Given the recent libtool22 issues, I'm thinking it's time to move. Just wondering if people would recommend moving now to 2.1.9 or waiting a while longer for a stable 2.2? Thanks -- Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: State of 2.x?
Thanks Alan Alan, that's what I wanted to know. -- Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strategy for grouping users for authentication
Hi, We are using Freeradius 1.1.7 to authenticate a large group of users for one service, with a pgsql backend. I would now like to start using our radius servers to also authenticate other groups of users for specific services, e.g. admin users who can access an apache frontend etc using PAM. My question is, what's the best way to classify and group the users to ensure that group X can access one service but group Y can access another, etc? My first thought is to use an attribute like the NAS-Id to identify the service and require certain user groups for each Nas id in the clients file. However, this does not allow any more granularity than the machine making the request -- for example, login, POP and httpd may all be on the same server but have different groups that should be able to access them. Can anyone point me in the right direction? Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strategy for grouping users for authentication
2009/1/2 Alex French a...@evilal.com: My first thought is to use an attribute like the NAS-Id to identify the service and require certain user groups for each Nas id in the clients file. Sorry, I meant users file. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How do I tell if accounting module fails?
Hi, Just for the record, I found another way to do this in 1.1.7, using rlm_perl. Posting here for the archives. I rewrote my exec script as an rlm_perl module. Then, when perl is invoked after sql in the accounting config section, the perl module only gets fired if the sql module succeeds. So that solves my problem for free (also, it got me to move my code into a perl module, which I suspect is much more efficient). Thanks, Alex 2008/10/8 Alex French [EMAIL PROTECTED]: Hi all, I'm using an Exec-Program to do some user-specific stuff when a user logs out of our network (i.e. it is invoked with DEFAULT Acct-Status-Type == Stop). I'm trying to find a way for it to detect whether the database accounting module has succeedded in updating the user's accounting record or not (it will fail if the STOP packet is a duplicate). I can't find an attribute that I can test to check the status of the request at that stage. Any suggestions? Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regex remove realm from username
2008/10/10 Eric Martell [EMAIL PROTECTED]: Hi.. I searched thru the forums but not getting the right username after using regex. The request I am getting is : [EMAIL PROTECTED] and I need to strip everything after @ and pass the username as test. Is there some reason you don't just create a local realm in proxy.conf and use the 'strip' keyword? realm google.com { type= radius authhost= LOCAL accthost= LOCAL strip } Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Primary key in radacct table
I use an index on acctuniqueid along with acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id } It works fine for me. Thanks, Alex 2008/10/7 Marinko Tarlac [EMAIL PROTECTED]: acctuniqueid is not unique in default configuration. according to my experience, problem with duplicated session is very strange. My NAS (Mtik 2.9.x and Mtik 3.x) sends duplicated session ids but almost in the same time. For example one session is started now and the second one is transfered 1 second later. On Tue, Oct 7, 2008 at 8:54 AM, Santiago Balaguer García [EMAIL PROTECTED] wrote: I have a script to delete duplicate entries and stale session. But the duplicate accounting records were created in real time, I have to create a trigger in the database to detect these entries or activate a exec in accounting module. Is the 'acctuniqueid' attribute unique in all database in a default freeradius configuration? Date: Mon, 6 Oct 2008 17:53:32 +0200 From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: Primary key in radacct table You can do it and it will solve your problem but it can create small overhead because radius tries to write into database and it will be rejected. you will see this in your log files. Another idea is to change NAS or you can create cron script to delete duplicated entries. MT On Mon, Oct 6, 2008 at 5:35 PM, Santiago Balaguer García [EMAIL PROTECTED] wrote: Hi, I am using a freeradius 1.1.7 + postgres since 3 years ago. The AAA service works fine, however my radacct table has sonetimes duplicate registers. I realize that it happens when a NAS does not have a realiable Internet conection, so NAS send the accounting packets several times. My radacct table has 'radacctid' as primary key. I realize that two (or more) duplicate registers share 'acctsessionid' and 'acctuniqueid' fields amog others. I know 'acctsessionid' field can be the same in diferent NASes. Would be a good idea change the primery key by 'acctuniqueid' ? Santiago La cartera, las gafas. ¿te falta algo? Ahora llévate Messenger en tu móvil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ahora llévate lo mejor de MSN y Windows Live, en tu móvil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How do I tell if accounting module fails?
2008/10/8 [EMAIL PROTECTED]: Your program should return this. See raddb/modules/echo for instructions. Ivan, Sorry, I was not sufficiently clear in my explanation. My program wants to know if the sql module that ran *before* it failed or succeded. (And I'm running 1.1.7 not 2.x but the theory is the same I presume). Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How do I tell if accounting module fails?
Thanks all for the responses. I will use a DB table for now, and look at other alternatives once we migrate to 2.x Alex 2008/10/8 Alan DeKok [EMAIL PROTECTED]: Alex French wrote: Sorry, I was not sufficiently clear in my explanation. My program wants to know if the sql module that ran *before* it failed or succeded. (And I'm running 1.1.7 not 2.x but the theory is the same I presume). Each module returns a code: noop/ok/fail/etc. It's a little difficult to access this from another module in 1.1.7. In 2.x, see man unlang for how to access the return codes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How do I tell if accounting module fails?
2008/10/8 Marinko Tarlac [EMAIL PROTECTED]: create log file on disk and check does it exist or add one column to your table and write something inside ? Yes, my fallback solution is to add a column to my radacct table (or possibly to another, more transient table) that I can do a SELECT FOR UPDATE on. However, I hoped there was a more elegant solution that did not involve an additional database connection. Perhaps not... Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do I tell if accounting module fails?
Hi all, I'm using an Exec-Program to do some user-specific stuff when a user logs out of our network (i.e. it is invoked with DEFAULT Acct-Status-Type == Stop). I'm trying to find a way for it to detect whether the database accounting module has succeedded in updating the user's accounting record or not (it will fail if the STOP packet is a duplicate). I can't find an attribute that I can test to check the status of the request at that stage. Any suggestions? Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OT: java radius client libraries?
Hi guys, Sorry if this is slightly OT but I'm hoping someone can advise on an open-source radius client library in Java for integration with another project that will be talking to a freeradius server. I have found two, jradius and tinyradius, but jradius does not seem to be in active development. Has anyone used either of these or something else, preferably with a freeradius server? Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: OT: java radius client libraries?
2008/5/12 Alan DeKok [EMAIL PROTECTED]: http://coova.org/wiki/index.php/JRadius/ClientAPI ? It's actively supported. Unless there's another jradius out there... Aha, I was looking at http://jradius-client.sourceforge.net/ which is different. Thanks for the pointers. Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups
Hi, Not sure if you got this sorted out, but I had the same problem; it seems that when I upgraded to 1.1.7 the raddb directory itself got chmod-ed to 700 as well as the config files being chmod 600. Since I run radiusd as user nobody, hilarity ensued. A few chmods sorted it out. Thanks, Alex On 04/06/07, David E. Meier [EMAIL PROTECTED] wrote: Hi Folks, I'am trying to get FreeRadius running on FreeBSD 6.2. I followed the tutorial from chillispot.org (http://www.chillispot.org/forum/viewtopic.php?t=1431). When I try to start FreeRadius I receive this error: # /usr/local/sbin/radiusd -X : Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups radiusd.conf[1018]: preprocess: Module instantiation failed. radiusd.conf[1798] Unknown module preprocess. radiusd.conf[1788] Failed to parse authorize section. # ls -al /usr/local/etc/raddb drw-r--r-- 3 root wheel 1024 Jun 4 15:14 . drwxr-xr-x 10 root wheel512 Jun 4 12:02 .. : -rw-r--r-- 1 root wheel 1603 Jun 4 15:14 huntgroups So I think the file should be readable by anyone. The file contains comments only anyway. Searching Google does not point out helpful information - I also tried with an empty file with no luck. I also noticed when commenting out the huntgroups file in radiusd.conf has no effect and radiusd exits with the same error. Any thoughts on this? Thanks. David - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Realm question
Hmmm this might be overly complicated but you could configure realm1 to proxy back to yourself, stripping the realm, then configure each of the other two as local realms? I imagine there must be a nicer way... Alex On 20/08/07, Jeff Crowe [EMAIL PROTECTED] wrote: Hi all, Sorry if this question has been answered (I did search the archives and google to no avail): I have subscribers that connect with 2 realms as the prefix. How do I strip both and just authenticate locally? IE: username: realm1/realm2/username or realm1/realm3/username. Realm1 will always be present followed by either realm2 or realm3 (no others). Thanks, Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to logout user
On 19/08/07, Arran Cudbard-Bell [EMAIL PROTECTED] wrote: Alex French wrote: This has nothing to do the the radius server. The AP logs out the user, not the radius server. Not entirely true. Yes it is. See http://wiki.freeradius.org/Disconnect_Messages. Which says FreeRADIUS server (radiusd) does not currently have internal Disconnect-Request support. Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to logout user
On 19/08/07, Arran Cudbard-Bell [EMAIL PROTECTED] wrote: No it's not. In terms of the RFCs the RADIUS server can have a lot to do with disassociating someone from an access point. It can, but it doesn't. Not freeradius. Look, we can go back and forth on this, but the poor guy wants to know how to log people off his APs. The short answer is, 1) The Freeradius server will not do this for you 2) It is unlikely that your AP will allow you to do this through radius *at all*. The majority of access points allow you to log people off only using proprietary methods, or maybe through SNMP if you're lucky. So this list is not going to provide the answer, unfortunately. Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to logout user
This has nothing to do the the radius server. The AP logs out the user, not the radius server. Alex On 09/08/07, wow lala [EMAIL PROTECTED] wrote: hi , any one can tell me , how to logout user??? i use freeradius to my radius server ,i`m testing 802.1x and user login success with username pw from wireless ap but after user reboot laptop , then the laptop will login again automatic , so , i hope someone to tell me how to logout user after login - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate requests in a session
Hi guys, As far as I can see from 1.1.7, this was never rolled into the code. Can I suggest simply adding an index like this by default: ALTER TABLE radacct ADD constraint radacct_unique_session UNIQUE ( acctuniqueid); Then the composition of acctuniqueid can still be set in the unique id module as appropriate for the site in question? Alex On 31/08/06, Peter Nixon [EMAIL PROTECTED] wrote: Good question. Does anyone have anything against changing this? -Peter On Thu 31 Aug 2006 10:11, Santiago Balaguer García wrote: Thanks James, I don't figure out to use primary key solves the problem of duplicate keys. I had in radacct as primary key radacctid but now I am going to have acctuniqueid. This proble cause a new thread: why radacctid is the primary key of radacct table instead od acctuniqueid? From: James Wakefield [EMAIL PROTECTED] Reply-To: FreeRadius users mailing list freeradius-users@lists.freeradius.org To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Duplicate requests in a session Date: Wed, 30 Aug 2006 22:07:09 +1000 Santiago Balaguer García wrote: Hi people, 1) In my activity I realize that when the conexion to Internet of a NAS is NOT good (there are some reday in the DSL), the NAS send several Start requests. My problen is my RADIUS server ask for all these requests and they are inserted in my DB. So, when the user or the NAS finalize the session and NAS sends Stop Request, the credit associates to the user account is decremented several times. It happens so because I put a trgger in my DB to decrement the user credit atomatically. Can I avoid the problem of inserting several times the start request? If it is so, how?? 2) Is it supposed that the value of acctsessionid and acctuniqueid in radacct table are UNIQUE and they can not be duplicated ? Thanks, Santiago Hi Santiago, Does your DBMS enforce primary key constraints? Do you have a primary key defined for your radacct table? If I recall correctly, MySQL by default doesn't, are you using MySQL? Cheers, -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Acepta el reto MSN Premium: Protección para tus hijos en internet. Descárgalo y pruébalo 2 meses gratis. http://join.msn.com?XAPID=1697DI=1055HL=Footer_mailsenviados_proteccionin fantil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting-Response with invalid signature
On 23/05/07, Rio Yang [EMAIL PROTECTED] wrote: NAS (Aptilo) --- FreeRADIUS --- JuniperSBR (Funk) (FreeRadius proxy to JuniperSBR) The error message occurred between FreeRADIUS and JuniperSBR. But then you need to set the same shared secret on the FreeRadius server and the JuniperSBR, nothing to do with the NAS. Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to add a prefix to User-Name before proxying to another RADIUS server?
On 14/05/07, Clark J. Wang [EMAIL PROTECTED] wrote: I have two RADIUS servers rad_1 and rad_2. For some users rad_1 needs to forward the requests to rad_2 and I want to add some prefix like `QA/' to User-Name before forwarding to rad_2. Does FreeRADIUS support that? And how to configure? You can do that in the preproxy_users file, based on things like the realm, e.g. DEFAULT realm == somerealm User-Name := `QA/%{User-Name}` Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CVS web interface b0rked?
Hi, I'm not sure who maintains the web interface to the CVS tree, but it's giving a 500 Internal Server Error at the moment. Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and accounting
On 22/08/06, Alan DeKok [EMAIL PROTECTED] wrote: i.e. put the attributes into perl hashes, and then make those perlhashes definitive for the new values of the attributes.This wouldinvolve throwing away the previous attributes entirely.So you wouldhave to be *very* careful about modifying the hashes, but you would have complete flexibility.Comments?I don't think this will go into 1.1.3, though...Yes, that sounds like a great idea, and is certainly more intuitive. Of course, you can look forward to lots more people munging their hashes and posting for support ;-) Thanks,Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and accounting
Yes, this is due to the way rlm_perl works by default (new pairs can be added but existing ones not changed). Look back a week or so in the mailing list archives to the problem I was having. There is a patch on the list that will allegedly make it into HEAD. The patch works nicely for me. AlexOn 22/08/06, Justin Church [EMAIL PROTECTED] wrote: I'm running freeradius v. 1.1.0 and am trying to use rlm_perl to rewriteaccounting attributes before they are written to log with detail andthen replicated with radrelay.Here is the version of example.pl that I'm using (I've only added a single statement to the preacct function): - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Change RAD_REPLY item in rlm_perl, not add a new pair
Boina,That works fine for me (patching against a clean 1.1.2 tree) I've only tested == and := operators but they seem fine.Only one point to note; if you do not include an element in the hash with the same name as the attribute ( e.g. due to a typo or just a misconfiguration), the server hangs completely the first time something gets passed through the perl module and needs a kill -9 to stop it. I know you can't protect people against their own configuration errors, but perhaps it would be nicer to log an error (or just ignore the attribute). Anyway, thanks very much for the patch!Thanks,On 15/08/06, Boian Jordanov [EMAIL PROTECTED] wrote:On Monday 14 August 2006 21:27, Alex French wrote: Boian, Thanks, if you have a patch that actually implements the hash for the operator etc, that would be great (in fact, why not just submit it as a feature). If it's just to change the operator hardcoded in rlm_perl.c, that's fine, I have that recompiled and installed at the moment,Yep, i have the patch that implements the operator with hash ref.Test it and if you like it i will submit it in CVS HEAD.For example to change Operator for Framed-MTU $hash{'Framed-MTU'} = 100;$hash{'Operator'} = ==;$RAD_REPLY{'Framed-MTU'} = \%hash;--Best Regards,Boian JordanovSNEOrbitel - Next Generation Telecomtel. +359 2 4004 723 tel. +359 2 4004 002-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authenticating based on Nas-Port-Id
On 02/08/06, Colm Ennis [EMAIL PROTECTED] wrote: hiya,does anyone know if users/sql authentication based on the NAS-Port-Idfield possible? and if so how?Colm,What are you going to authenticate? If they can use any username/password, then are you just checking whether a port is active or inactive? You're probably talking about defining a new authentication module (which can then do anything you want). A quick way would be to use rlm_perl to embed a perl module that does the authentication (see http://wiki.freeradius.org/index.php/Rlm_perl). It can access a DB etc if required.Thanks,Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Change RAD_REPLY item in rlm_perl, not add a new pair
On 13/08/06, Boian Jordanov [EMAIL PROTECTED] wrote: On Friday 11 August 2006 20:18, Alex French wrote: Hi, Does anyone know if anything was done on the issue below? I'm looking for this functionality too, and I'd prefer not to have to recompile the module if the feature is available in HEAD or similar (although I can't see that...).No sorry,but i can give you a patch if you want off course.Boian,Thanks, if you have a patch that actually implements the hash for the operator etc, that would be great (in fact, why not just submit it as a feature). If it's just to change the operator hardcoded in rlm_perl.c, that's fine, I have that recompiled and installed at the moment, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Change RAD_REPLY item in rlm_perl, not add a new pair
Hi,Does anyone know if anything was done on the issue below? I'm looking for this functionality too, and I'd prefer not to have to recompile the module if the feature is available in HEAD or similar (although I can't see that...). Thanks,AlexOn 22/06/06, Kenneth Marshall [EMAIL PROTECTED] wrote: On Thu, Jun 22, 2006 at 09:58:54AM +0300, Boian Jordanov wrote: Maybe passing a HASH ref for hash which contains the Operator key and the vp item too will be a good idea. For example $hash{'Tunnel-Id'} = visitor; $hash{'Operator'} = :=; $RAD_REPLY{'Tunnel-Id'} = \%hash; This way we will not change existing behavior.I like this. One key feature missing in rlm_perl was the ability to substitute values in attribute pairs, not just add a new one.Ken-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Update to checkrad
All, I updated my own checkrad script to access a simple www interface on an access point (using a nastype of www). Other people might want to do something similar, and may find my patch a useful basis for hacking their own. Patch (diff -c) against checkrad v 1.33 attached. Thanks, Alex checkrad.patch Description: Binary data
deletestalesessions in rlm_sql?
Hi, I may be missing something, but is the deletestalesessions directive unimplemented in rlm_sql? My scenario is that I'm implementing Simultaneous-Use but I don't want session_zap() to be invoked at all (I have my own external script to tidy things up, preserve counters etc). I belive that this is what deletestalesessions = no should give me. However, looking through the source, the variable seems completely unused. Is this correct? I'd be happy to submit a (trivial) patch but I want to be use I'm not missing something. Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Removing VSAs from proxied requests
Hi all, I've seen this question asked before on the list, but can't figure out the answer despite much searching of the list and reading the source. I would like to remove some vendor-specific attributes from accounting requests that I proxy outbound (remove them completely, not just set the values to empty). I understand that I can use rlm_attr_filter to modify the requests, and that in theory I could give a white list of allowed attributes using the =* operator for those attributes that I want to allow. But is there any way to say Don't allow the following VSAs. Allow everything else? Or even, Don't allow any VSAs. Allow everything else? Any thoughts appreciated. Thanks, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using both slash and suffix relams?
All, I'm having a problem getting slashrealm (/) and atsuffix (@) realms to co-exist. If I configure them both, only the first one seems to work. For example, here I'm trying to use a realm wibble. With the configuration below, it will work as wibble/alex but not [EMAIL PROTECTED] If I reverse the order of the entries on the authorize section, the reverse is true. Can't find anything on google or mailing list archives... how can I get two realm types to coexist? Thanks, Alex From radius.conf realm realmslash { format = prefix delimiter = / } # '[EMAIL PROTECTED]' # realm atsuffix { format = suffix delimiter = @ } authorize { preprocess realmslash atsuffix files } --- From proxy.conf: --- realm wibble { type = LOCAL authhost = LOCAL accthost = LOCAL strip } --- From -X debug: --- --- Walking the entire request list --- Cleaning up request 2 ID 65 with timestamp 4062e77a Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 212.17.45.21:64183, id=70, length=64 User-Name = [EMAIL PROTECTED] User-Password = mypassword NAS-IP-Address = 255.255.255.255 NAS-Port = 666 modcall: entering group authorize for request 3 modcall[authorize]: module preprocess returns ok for request 3 modcall[authorize]: module chap returns noop for request 3 rlm_realm: No '/' in User-Name = [EMAIL PROTECTED], looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = [EMAIL PROTECTED] rlm_realm: Proxying request from user [EMAIL PROTECTED] to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module realmslash returns noop for request 3 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module atsuffix returns noop for request 3 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' ... etc... --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius.log rotate?
Guy, That would be a really neat feature for us, too. If you're considering implementing it, I have a feature request: it would be great if there was also the option to have a complete logfile containing all realms, in addition to the broken-out files. This would allow for easier debugging (i.e. if you suspect a user is mistyping their realm and don't want to have to tail 5 files to check). Thanks, Alex At 5:47 PM -0700 13/02/2004, Guy Fraser wrote: The reason I am considering this feature, is that some people have asked for it and I work for an ISP that administrates other smaller ISP's. I have been asked in the past to give access to people in affialiated ISP's, but they only want to see traffic for their realm. A log file named like : %L/%{Realm}/%Y%m%d.log That translates to: /path/to/logdir/SomeISP.com/20040213.log Would make it possible to do, and files would be renamed on the fly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html