Free Radius ISP and windows domain logins
Hi there,
We are using freeradius 1.1.4 on fbsd5.5 for auth as an ISP.
We occasionally have dialup users that auth with a windows domain login
(without the domain set)
It is connected to a mssql server.
As I understand it, the following options are supposed to remove the
windows domain bizo
In SQL.conf we have.
sql_user_name = %{Stripped-User-Name:-%{User-Name:-DEFAULT}}
in proxy.conf we have
realm LOCAL {
type= radius
authhost= LOCAL
accthost= LOCAL
}
realm DEFAULT {
type= radius
authhost= LOCAL
accthost= LOCAL
}
in radiusd.conf
proxy_requests = yes
$INCLUDE ${confdir}/proxy.conf
The client will have logged on successfully a couple of hours earlier,
but then we see this in the logs.
Wed Apr 2 14:32:54 2008 : Info: rlm_sql (sql): No matching entry in the
database for request from user [donb]
Wed Apr 2 14:32:54 2008 : Auth: Login incorrect: [donb/] (from client
patton1 port 19 cli 0882648219)
And they get knocked back.
Is there anything I may have missed or misinterpreted?
Thanks in Advance.
Cheers
cya
Andrew
--
Network Administrator / Manager
Webzone Internet
1st Floor (Oakley Street Entrance)
167 Grote Street
Adelaide SA, 5000
Phone 1300 303 932
Fax 08 8221 6204
Email [EMAIL PROTECTED]
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius stops authenticating users
The top login attempt doesn't work, and the bottom one does. Restarting
radius doesn't fix the problem, but rebooting the server it's running on
does. This is the 1.1.7 package for Debian Linux, the NAS is a Cisco
AS5300.
Below is the output from freeradius -X for a working and a failed login
session for the same user. Further debug logs avaialable upon request.
Thanks in advance for your help.
modcall: entering group preacct for request 14
modcall[preacct]: module preprocess returns noop for request 14
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
208.64.35.3,NAS-IP-Address = 208.64.35.3,Acct-Session-Id =
000E79BC,User-Name = [EMAIL PROTECTED]'
rlm_acct_unique: Acct-Unique-Session-ID = c27a6dc7ba7ef40a.
modcall[preacct]: module acct_unique returns ok for request 14
rlm_realm: Looking up realm k-inc.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm k-inc.com
modcall[preacct]: module suffix returns noop for request 14
modcall[preacct]: module files returns noop for request 14
modcall: leaving group preacct (returns ok) for request 14
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 14
radius_xlat: '/var/log/freeradius/radacct/208.64.35.3/detail-20080208'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/208.64.35.3/detail-20080208
modcall[accounting]: module detail returns ok for request 14
modcall[accounting]: module unix returns ok for request 14
radius_xlat: '/var/log/freeradius/radutmp'
radius_xlat: '[EMAIL PROTECTED]'
modcall[accounting]: module radutmp returns ok for request 14
rlm_ippool: Searching for an entry for nas/port: 208.64.35.3/1
rlm_ippool: Deallocated entry for ip/port: 208.64.35.241/1
rlm_ippool: num: 0
modcall[accounting]: module main_pool returns ok for request 14
modcall: leaving group accounting (returns ok) for request 14
Sending Accounting-Response of id 47 to 208.64.35.3 port 1646
Finished request 14
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 4
modcall[preacct]: module preprocess returns noop for request 4
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
208.64.35.3,NAS-IP-Address = 208.64.35.3,Acct-Session-Id =
000E79BC,User-Name = [EMAIL PROTECTED]'
rlm_acct_unique: Acct-Unique-Session-ID = c27a6dc7ba7ef40a.
modcall[preacct]: module acct_unique returns ok for request 4
rlm_realm: Looking up realm k-inc.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm k-inc.com
modcall[preacct]: module suffix returns noop for request 4
modcall[preacct]: module files returns noop for request 4
modcall: leaving group preacct (returns ok) for request 4
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 4
radius_xlat: '/var/log/freeradius/radacct/208.64.35.3/detail-20080208'
rlm_detail:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/freeradius/radacct/208.64.35.3/detail-20080208
modcall[accounting]: module detail returns ok for request 4
modcall[accounting]: module unix returns ok for request 4
radius_xlat: '/var/log/freeradius/radutmp'
radius_xlat: '[EMAIL PROTECTED]'
modcall[accounting]: module radutmp returns ok for request 4
rlm_ippool: This is not an Accounting-Stop. Return NOOP.
modcall[accounting]: module main_pool returns noop for request 4
modcall: leaving group accounting (returns ok) for request 4
Sending Accounting-Response of id 41 to 208.64.35.3 port 1646
Finished request 4
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP Pool defined, but radius does not hand out an IP address.
When I connect a client to freeradius the client authenticates, gets an
accept/accept, but does not get an IP address. I've tried it with the
Group and Pool-Name directives in each client's block, and I've tried it
with them in a DEFAULT by themselves. Neither has handed out an IP address.
System vitals:
radius:/etc/freeradius# uname -a
Linux radius 2.6.18-5-686 #1 SMP Mon Dec 24 16:41:07 UTC 2007 i686 GNU/Linux
radius:/etc/freeradius# cat /etc/debian_version
4.0
radius:/etc/freeradius# freeradius -v
freeradius: FreeRADIUS Version 1.1.3, for host i486-pc-linux-gnu, built
on Dec 16 2006 at 23:48:11
# radtest umcc xx localhost 0 xxx
Sending Access-Request of id 144 to 127.0.0.1 port 1812
User-Name = umcc
User-Password = bts10200
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=144, length=44
Service-Type = Framed-User
Framed-IP-Netmask = 255.255.255.255
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
radius.log:
Thu Jan 24 11:20:51 2008 : Info: rlm_exec: Wait=yes but no output
defined. Did you mean output=none?
Thu Jan 24 11:20:51 2008 : Info: Ready to process requests.
Thu Jan 24 11:32:33 2008 : Auth: Login OK: [umcc] (from client
localhost-testing port 0)
users:
umccUser-Password == xx
Service-Type = Framed-User,
Framed-IP-Netmask = 255.255.255.255,
Group == main_pool,
Pool-Name := main_pool,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobsen-TCP-IP
radiusd.conf (pertinent sections)
ippool main_pool {
range-start = 208.64.35.2
range-stop = 208.64.35.254
netmask = 255.255.255.255
cache-size = 253
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = yes
maximum-timeout = 0
}
accounting {
detail
unix
radutmp
main_pool
}
post-auth {
main_pool
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool defined, but radius does not hand out an IP address.
Alan DeKok wrote: Andrew D Kirch wrote: When I connect a client to freeradius the client authenticates, gets an accept/accept, but does not get an IP address. I've tried it with the Group and Pool-Name directives in each client's block, and I've tried it with them in a DEFAULT by themselves. Neither has handed out an IP address. ... radius:/etc/freeradius# freeradius -v freeradius: FreeRADIUS Version 1.1.3, for host i486-pc-linux-gnu, built on Dec 16 2006 at 23:48:11 You should upgrade to at least 1.1.6, maybe 2.0.1 And with all of the information you posted, you didn't include the most important, which is requested in the FAQ, README, INSTALL, man page, and daily on this list: radiusd -X. Is there some other place in the documentation where this should be suggested? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You might try putting it at the top of radiusd.conf, everyone's eventually going to see that. Because I use Debian the others are packaged and abstracted away. I used the Freeradius wiki quite a bit as well, and perhaps it could be more visible there too. In fact I think this might be an honorable use of the blink element as I was able to use the freeradius -X output to immediately debug my problem. Thank you for the help. Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disconnect users from radius
satish patel wrote: Dear all I have installed freeradius on RHEL with MSSQL server and it is working fine but now i have facing problem regarding disconnecting of users my NAS is cisco Router it is l2tp so what i do for this ??? problem ?? You have to do it at the NAS via SNMP or some other method. Radius is just for authentication and accounting. and i want to connect my dialupadmin with mssql ? so it is possible?/ Satish Patel Here’s a new way to find what you're looking for - Yahoo! Answers http://us.rd.yahoo.com/mail/in/yanswers/*http://in.answers.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sql and interim update packets
Hi there,
We're running freeradius 1.1.4 on freebsd 5.5, using unixodbc and
freetds to talk to mssql.
According to the default mssql file file the _alt queries are only
supposed to run if there is an error when doing the first sql query.
# accounting_update_query - query for Accounting update packets
# accounting_update_query_alt - query for Accounting update packets
# (alternate in case first query fails)
However this isn't the case.
User-Name = aliencroc
NAS-Port-Type = ADSL-DMT
Attr-103 = 0x45e50bfe
rad_lowerpair: User-Name now 'aliencroc'
rad_rmspace_pair: User-Name now 'aliencroc'
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 0
modcall[preacct]: module preprocess returns noop for request 0
rlm_acct_unique: Hashing 'NAS-Port = 1851,Client-IP-Address =
203.132.224.35,NAS-IP-Address = 203.220.236.246,Acct-Session-Id =
00152C4F,User-Name = aliencroc'
rlm_acct_unique: Acct-Unique-Session-ID = b577760b95764125.
modcall[preacct]: module acct_unique returns ok for request 0
rlm_realm: No '@' in User-Name = aliencroc, looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop for request 0
modcall[preacct]: module files returns noop for request 0
modcall: leaving group preacct (returns ok) for request 0
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 0
radius_xlat: '/var/log/radacct/203.132.224.35/detail-20070228'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radacct/203.132.224.35/detail-20070228
modcall[accounting]: module detail returns ok for request 0
radius_xlat: '/var/log/radutmp'
radius_xlat: 'aliencroc'
modcall[accounting]: module radutmp returns ok for request 0
radius_xlat: 'aliencroc'
rlm_sql (sql): sql_set_user escaped user -- 'aliencroc'
radius_xlat: 'UPDATE CallsOnline SET DataIn = '262653',DataOut =
'354385', LastHit = getdate() WHERE AcctSessionId = '00152C4F' AND
UserName = 'aliencroc' AND NASIdentifier= '203.220.236.246''
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'INSERT into accounting (LogTime, LogDate, UserName,
NasIPAddress, NasPortID, ServiceType, FramedProtocol, FramedAddress,
CallingStation
ID, NasIdentifier,AcctStatusType, NasPortType, ConnectInfo,
ConnectInfo2, AcctUniqueID, CalledStationID, Connection_ID) values
(getdate(),getdate(),'
aliencroc','203.220.236.246','1851','Framed-User', 'PPP',
'125.168.108.242','sfy211300202027','LNS02-WAYM-ADL.comindico.com.au','Start','ADSL-DMT','15
552','15552','b577760b95764125','','00152C4F') '
rlm_sql (sql): Released sql socket id: 4
modcall[accounting]: module sql returns ok for request 0
modcall: leaving group accounting (returns ok) for request 0
Sending Accounting-Response of id 67 to 203.132.224.35 port 35240
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
The first update query didn't fail.
Any ideas or would this be a bug?
Cheers
cya
Andrew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius sql /mssql
Alan DeKok wrote: Andrew D wrote: 1. If the user is found in the sql tables and has reply attributes etc, is it still possible to go through the 'users' file? if so how? I can't seem to get it to do it. Yes, it's possible. The modules are completely independent, so you just configure both. In fact, if you just uncomment the sql entries in the default radiusd.conf, the server will do that. Which it does, but doesn't work like I would expect it to, with the examples given in the docs. huntgroup file test NAS-IP-ADDRESS == some.ip testbad NAS-IP-ADDRESS == some.ip Group = suspend or test NAS-IP-ADDRESS == some.ip testbad NAS-IP-ADDRESS == some.ip, Group == suspend users file DEFAULT Group == suspend Framed-IP-Address := 172.16.32.0+, Session-Timeout := 600, Port-Limit := 1 DEFAULT Huntgroup-Name == testbad Framed-IP-Address := 172.16.32.0+, Session-Timeout := 600, Port-Limit := 1 DEFAULT Huntgroup-Name == test Port-Limit := 1, Fall-Through = 1 a quick snip from radiusd -X radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'awd' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 users: Matched entry DEFAULT at line 26 users: Matched entry DEFAULT at line 43 users: Matched entry DEFAULT at line 61 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 0 rlm_chap: login attempt by awd with CHAP password rlm_chap: Using clear text password start for user awd authentication. It skips the 2 default entries before Huntgroup-Name == test line, even though the user is in the suspend group. I've tried swapping them around with no difference(both huntgroups and users file). It seems to be disregarding the group. I also ran the sql query and it returns the suspend group. Basically, depending on the huntgroup I need to send different reply attributes (different NAS types) and if the DB returns the group suspend, different reply attributes are sent. Or, try reading the FAQ for what information is needed in situations where it doesn't work. 2. Is there an ability in any way to have a caching like feature or is DB failover and running 2 db servers with replication the only way to go? Cache... what? Cache details that it gets from the DB for some configurable time, ie VOPradius caches unames/password and other reply attributes to send to the NAS for 24 hours since the user last connected. 3. Is there anyway to log the actual reason for rejection in 'Post-Auth-Type REJECT'? ie simultaneous use, invalid password etc? Module-Failure-Message often contains the reason, but not always. That seems to do the trick :) Some info is better than none, and so far in testing its been perfect. May I suggest mentioning this in the variables file. Cheers cya Andrew Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius sql /mssql
Dennis Skinner wrote:
Andrew D wrote:
Basically, depending on the huntgroup I need to send different reply
attributes (different NAS types) and if the DB returns the group
suspend, different reply attributes are sent.
I don't fully understand what you are trying to do and you snipped a lot
We are a little ISP, we have a bunch of lines on the local network, and
outsource our dsl and national lines. We have a patton here and cisco
NASes at the outsourced mob.
If a user dials into the patton then they get a basic setup of
framed-user session-timeout etc. if they come in via the cisco then
they get same basic setup as the patton + a bunch of cisco-avpairs.
If however they are in the 'suspend' group and they dial into the patton
then they get a 172.16.* ip or if they dial into the ciscos, they get a
different set of cisco-avpairs.
of the debug log, but if the group is in sql, then the huntgroup file
full debug :)
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /var
main: logdir = /var/log
main: libdir = /usr/local/lib
main: radacctdir = /var/log/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius.log
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = nobody
main: group = nobody
main: usercollide = no
main: lower_user = after
main: lower_pass = after
main: nospace_user = after
main: nospace_pass = after
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 0
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
Using deprecated realms file. Support for this will go away soon.
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = rlm_sql_mysql
sql: server = localhost
sql: port =
sql: login = root
sql: password =
sql: radius_db = radius
sql: nas_table = nas
sql: sqltrace = no
sql: sqltracefile = /var/log/sqltrace.sql
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
sql: query_on_not_found = no
sql: authorize_check_query = SELECT id, UserName, Attribute, Value,
op FROM radcheck WHERE Username
Re: freeradius sql /mssql
well, SQL-Group in the users file works. Thanks dennis. -- Network Administrator / Manager Webzone Internet 1st Floor (Oakley Street Entrance) 167 Grote Street Adelaide SA, 5000 Phone 1300 303 932 Fax 08 8221 6204 Email [EMAIL PROTECTED] [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius sql /mssql
Hi there, We've got FreeRADIUS Version 1.1.4, for host i386-portbld-freebsd5.5 using unixodbc/freetds connecting to a mssql DB. I've got a number of questions that I hope someone can answer. 1. If the user is found in the sql tables and has reply attributes etc, is it still possible to go through the 'users' file? if so how? I can't seem to get it to do it. 2. Is there an ability in any way to have a caching like feature or is DB failover and running 2 db servers with replication the only way to go? 3. Is there anyway to log the actual reason for rejection in 'Post-Auth-Type REJECT'? ie simultaneous use, invalid password etc? Cheers in Advance for any help. cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.2 on bsd 4.11
Boian Jordanov said: For me it looks like you have been linked rlm_perl with wrong libperl.so Solution: Install perl from ports collection (lang/perl5.8) and then write 'use.perl port' and recompile freeradius. the first thing I did was install perl 5.6.2 after I 'cvsup'ed. did the 'use.perl port' as well. $ perl -V Summary of my perl5 (revision 5.0 version 6 subversion 2) configuration: Platform: osname=freebsd, osvers=4.11-release, archname=i386-freebsd Did you try with 5.6.x ? we are currently a 5.6.x shop and we arn't ready to update all of our boxen and scripts to 5.8.x Instead how would I go about getting rlm_perl to link to /usr/local/lib/perl5/5.6.2/mach/CORE/libperl.so rather than /usr/lib/libperl.so on bsd 4.11? I don't mind not using the ports collection to compile freeradius (I got the same thing when I compiled from scratch), just prefer it. Cheers cya Andrew Boian. On Wed, Feb 23, 2005 at 11:47:41AM +1030, Andrew D wrote: Hi there, Running freebsd 4.11 and compiled freeradius from the ports collection with support for rlm_perl. everything compiled alright, but everytime I start it (radiusd -X) I get the following. perl: func_xlat = xlat perl: perl_flags = (null) perl: func_start_accounting = (null) perl: func_stop_accounting = (null) DynaLoader object version 1.04 does not match $DynaLoader::VERSION 1.03 at /usr/libdata/perl/5.00503/DynaLoader.pm line 80. BEGIN failed--compilation aborted at /etc/raddb/rad_mod.pl line 28. rlm_perl: perl_parse failed: /etc/raddb/rad_mod.pl not found or has syntax errors. radiusd.conf[837]: pemod: Module instantiation failed. I have perl 5.6.2 installed (ports collection) and have the following in the perl script require 5.6.2; Doesn't matter what I do I keep getting the Dynaloader error. For whatever reason, radiusd wants to load perl 5.00503 instead of perl 5.6.2 perl, its modules and freeradius was compiled on the box rather than using the binary packages from the bsd ftp server. Just wondering if anyone else has come accross it and knows what the solution might be? Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.0.2 on bsd 4.11
Hi there, Running freebsd 4.11 and compiled freeradius from the ports collection with support for rlm_perl. everything compiled alright, but everytime I start it (radiusd -X) I get the following. perl: func_xlat = xlat perl: perl_flags = (null) perl: func_start_accounting = (null) perl: func_stop_accounting = (null) DynaLoader object version 1.04 does not match $DynaLoader::VERSION 1.03 at /usr/libdata/perl/5.00503/DynaLoader.pm line 80. BEGIN failed--compilation aborted at /etc/raddb/rad_mod.pl line 28. rlm_perl: perl_parse failed: /etc/raddb/rad_mod.pl not found or has syntax errors. radiusd.conf[837]: pemod: Module instantiation failed. I have perl 5.6.2 installed (ports collection) and have the following in the perl script require 5.6.2; Doesn't matter what I do I keep getting the Dynaloader error. For whatever reason, radiusd wants to load perl 5.00503 instead of perl 5.6.2 perl, its modules and freeradius was compiled on the box rather than using the binary packages from the bsd ftp server. Just wondering if anyone else has come accross it and knows what the solution might be? Cheers cya Andrew -- Network Administrator / Manager Webzone Internet 1st Floor (Oakley Street Entrance) 167 Grote Street Adelaide SA, 5000 Phone 1300 303 932 Fax 08 8221 6204 Email [EMAIL PROTECTED] [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth and session-timeout based on day of the week and time
Hi there, Using FR 1.0.1 on linux. I am using the Perl module and everything works fine(including chap), except I can't work out how to restrict based on day and time. Can freeradius restrict login based on day and time, and set the session-timeout so that it ends at the end of the allowed time period, or will I have to get perl to work that out. ie only allow dialin access mon-fri 9-5 Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth and session-timeout based on day of the week and time
Andrew D wrote: Hi there, Sorry, with all the reading I've been doing lately, I been skimming bits and pieces. I just found the bit where its all defined :) Sorry for wasting your time :| Using FR 1.0.1 on linux. I am using the Perl module and everything works fine(including chap), except I can't work out how to restrict based on day and time. Can freeradius restrict login based on day and time, and set the session-timeout so that it ends at the end of the allowed time period, or will I have to get perl to work that out. ie only allow dialin access mon-fri 9-5 Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: platypus
Hi Rick, Andrew, I have been using freeradius with Plat for a long time and it works well. Have you downloaded the *nix binary and scripts off of boardtown's website to interface with your windows server? What on earth for? Isn't freeRadius supposed to have inbuilt MS SQL support? All of our systems, whether it is win32 or *nix based, auth directly from plat. The binary runs as a daemon and uses the *nix user/password list for authentication. When you create a new account in Plat it sends the info to Which is useless in our case as we have 8 different radius profiles. the binary which runs a script on the *nix server and adds the user to the list where freeradius can authenticate it. So, FreeRadius is not able to natively interact with MS SQL server for both pulling radius auth data and pushing radius accounting details? We are currently running vopradius (win32) and were hoping to replace it completely (preferably plugging it straight in, with minimal changes to the DB and the rest of the system) with freeRadius. Cheers cya Andrew Rick Williams System Administrator AICON Internet Services, Inc. - Original Message - From: Andrew D [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 12, 2004 11:39 PM Subject: platypus Hi all, Just wondering if anyone has managed to get freeradius to work with platypus (ISP billing software) which is setup within a MS-SQL server? If you have managed to get it working, could you let us know what you did and possibly provide some config files. Thanks in Advance Cheers, cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
platypus
Hi all, Just wondering if anyone has managed to get freeradius to work with platypus (ISP billing software) which is setup within a MS-SQL server? If you have managed to get it working, could you let us know what you did and possibly provide some config files. Thanks in Advance Cheers, cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
