Free Radius ISP and windows domain logins
Hi there, We are using freeradius 1.1.4 on fbsd5.5 for auth as an ISP. We occasionally have dialup users that auth with a windows domain login (without the domain set) It is connected to a mssql server. As I understand it, the following options are supposed to remove the windows domain bizo In SQL.conf we have. sql_user_name = %{Stripped-User-Name:-%{User-Name:-DEFAULT}} in proxy.conf we have realm LOCAL { type= radius authhost= LOCAL accthost= LOCAL } realm DEFAULT { type= radius authhost= LOCAL accthost= LOCAL } in radiusd.conf proxy_requests = yes $INCLUDE ${confdir}/proxy.conf The client will have logged on successfully a couple of hours earlier, but then we see this in the logs. Wed Apr 2 14:32:54 2008 : Info: rlm_sql (sql): No matching entry in the database for request from user [donb] Wed Apr 2 14:32:54 2008 : Auth: Login incorrect: [donb/] (from client patton1 port 19 cli 0882648219) And they get knocked back. Is there anything I may have missed or misinterpreted? Thanks in Advance. Cheers cya Andrew -- Network Administrator / Manager Webzone Internet 1st Floor (Oakley Street Entrance) 167 Grote Street Adelaide SA, 5000 Phone 1300 303 932 Fax 08 8221 6204 Email [EMAIL PROTECTED] [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius stops authenticating users
The top login attempt doesn't work, and the bottom one does. Restarting radius doesn't fix the problem, but rebooting the server it's running on does. This is the 1.1.7 package for Debian Linux, the NAS is a Cisco AS5300. Below is the output from freeradius -X for a working and a failed login session for the same user. Further debug logs avaialable upon request. Thanks in advance for your help. modcall: entering group preacct for request 14 modcall[preacct]: module preprocess returns noop for request 14 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 208.64.35.3,NAS-IP-Address = 208.64.35.3,Acct-Session-Id = 000E79BC,User-Name = [EMAIL PROTECTED]' rlm_acct_unique: Acct-Unique-Session-ID = c27a6dc7ba7ef40a. modcall[preacct]: module acct_unique returns ok for request 14 rlm_realm: Looking up realm k-inc.com for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm k-inc.com modcall[preacct]: module suffix returns noop for request 14 modcall[preacct]: module files returns noop for request 14 modcall: leaving group preacct (returns ok) for request 14 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 14 radius_xlat: '/var/log/freeradius/radacct/208.64.35.3/detail-20080208' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/208.64.35.3/detail-20080208 modcall[accounting]: module detail returns ok for request 14 modcall[accounting]: module unix returns ok for request 14 radius_xlat: '/var/log/freeradius/radutmp' radius_xlat: '[EMAIL PROTECTED]' modcall[accounting]: module radutmp returns ok for request 14 rlm_ippool: Searching for an entry for nas/port: 208.64.35.3/1 rlm_ippool: Deallocated entry for ip/port: 208.64.35.241/1 rlm_ippool: num: 0 modcall[accounting]: module main_pool returns ok for request 14 modcall: leaving group accounting (returns ok) for request 14 Sending Accounting-Response of id 47 to 208.64.35.3 port 1646 Finished request 14 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 4 modcall[preacct]: module preprocess returns noop for request 4 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 208.64.35.3,NAS-IP-Address = 208.64.35.3,Acct-Session-Id = 000E79BC,User-Name = [EMAIL PROTECTED]' rlm_acct_unique: Acct-Unique-Session-ID = c27a6dc7ba7ef40a. modcall[preacct]: module acct_unique returns ok for request 4 rlm_realm: Looking up realm k-inc.com for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm k-inc.com modcall[preacct]: module suffix returns noop for request 4 modcall[preacct]: module files returns noop for request 4 modcall: leaving group preacct (returns ok) for request 4 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 4 radius_xlat: '/var/log/freeradius/radacct/208.64.35.3/detail-20080208' rlm_detail: /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/freeradius/radacct/208.64.35.3/detail-20080208 modcall[accounting]: module detail returns ok for request 4 modcall[accounting]: module unix returns ok for request 4 radius_xlat: '/var/log/freeradius/radutmp' radius_xlat: '[EMAIL PROTECTED]' modcall[accounting]: module radutmp returns ok for request 4 rlm_ippool: This is not an Accounting-Stop. Return NOOP. modcall[accounting]: module main_pool returns noop for request 4 modcall: leaving group accounting (returns ok) for request 4 Sending Accounting-Response of id 41 to 208.64.35.3 port 1646 Finished request 4 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP Pool defined, but radius does not hand out an IP address.
When I connect a client to freeradius the client authenticates, gets an accept/accept, but does not get an IP address. I've tried it with the Group and Pool-Name directives in each client's block, and I've tried it with them in a DEFAULT by themselves. Neither has handed out an IP address. System vitals: radius:/etc/freeradius# uname -a Linux radius 2.6.18-5-686 #1 SMP Mon Dec 24 16:41:07 UTC 2007 i686 GNU/Linux radius:/etc/freeradius# cat /etc/debian_version 4.0 radius:/etc/freeradius# freeradius -v freeradius: FreeRADIUS Version 1.1.3, for host i486-pc-linux-gnu, built on Dec 16 2006 at 23:48:11 # radtest umcc xx localhost 0 xxx Sending Access-Request of id 144 to 127.0.0.1 port 1812 User-Name = umcc User-Password = bts10200 NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=144, length=44 Service-Type = Framed-User Framed-IP-Netmask = 255.255.255.255 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP radius.log: Thu Jan 24 11:20:51 2008 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Thu Jan 24 11:20:51 2008 : Info: Ready to process requests. Thu Jan 24 11:32:33 2008 : Auth: Login OK: [umcc] (from client localhost-testing port 0) users: umccUser-Password == xx Service-Type = Framed-User, Framed-IP-Netmask = 255.255.255.255, Group == main_pool, Pool-Name := main_pool, Framed-Protocol = PPP, Framed-Compression = Van-Jacobsen-TCP-IP radiusd.conf (pertinent sections) ippool main_pool { range-start = 208.64.35.2 range-stop = 208.64.35.254 netmask = 255.255.255.255 cache-size = 253 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes maximum-timeout = 0 } accounting { detail unix radutmp main_pool } post-auth { main_pool } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool defined, but radius does not hand out an IP address.
Alan DeKok wrote: Andrew D Kirch wrote: When I connect a client to freeradius the client authenticates, gets an accept/accept, but does not get an IP address. I've tried it with the Group and Pool-Name directives in each client's block, and I've tried it with them in a DEFAULT by themselves. Neither has handed out an IP address. ... radius:/etc/freeradius# freeradius -v freeradius: FreeRADIUS Version 1.1.3, for host i486-pc-linux-gnu, built on Dec 16 2006 at 23:48:11 You should upgrade to at least 1.1.6, maybe 2.0.1 And with all of the information you posted, you didn't include the most important, which is requested in the FAQ, README, INSTALL, man page, and daily on this list: radiusd -X. Is there some other place in the documentation where this should be suggested? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html You might try putting it at the top of radiusd.conf, everyone's eventually going to see that. Because I use Debian the others are packaged and abstracted away. I used the Freeradius wiki quite a bit as well, and perhaps it could be more visible there too. In fact I think this might be an honorable use of the blink element as I was able to use the freeradius -X output to immediately debug my problem. Thank you for the help. Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disconnect users from radius
satish patel wrote: Dear all I have installed freeradius on RHEL with MSSQL server and it is working fine but now i have facing problem regarding disconnecting of users my NAS is cisco Router it is l2tp so what i do for this ??? problem ?? You have to do it at the NAS via SNMP or some other method. Radius is just for authentication and accounting. and i want to connect my dialupadmin with mssql ? so it is possible?/ Satish Patel Here’s a new way to find what you're looking for - Yahoo! Answers http://us.rd.yahoo.com/mail/in/yanswers/*http://in.answers.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sql and interim update packets
Hi there, We're running freeradius 1.1.4 on freebsd 5.5, using unixodbc and freetds to talk to mssql. According to the default mssql file file the _alt queries are only supposed to run if there is an error when doing the first sql query. # accounting_update_query - query for Accounting update packets # accounting_update_query_alt - query for Accounting update packets # (alternate in case first query fails) However this isn't the case. User-Name = aliencroc NAS-Port-Type = ADSL-DMT Attr-103 = 0x45e50bfe rad_lowerpair: User-Name now 'aliencroc' rad_rmspace_pair: User-Name now 'aliencroc' Processing the preacct section of radiusd.conf modcall: entering group preacct for request 0 modcall[preacct]: module preprocess returns noop for request 0 rlm_acct_unique: Hashing 'NAS-Port = 1851,Client-IP-Address = 203.132.224.35,NAS-IP-Address = 203.220.236.246,Acct-Session-Id = 00152C4F,User-Name = aliencroc' rlm_acct_unique: Acct-Unique-Session-ID = b577760b95764125. modcall[preacct]: module acct_unique returns ok for request 0 rlm_realm: No '@' in User-Name = aliencroc, looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop for request 0 modcall[preacct]: module files returns noop for request 0 modcall: leaving group preacct (returns ok) for request 0 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 0 radius_xlat: '/var/log/radacct/203.132.224.35/detail-20070228' rlm_detail: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/203.132.224.35/detail-20070228 modcall[accounting]: module detail returns ok for request 0 radius_xlat: '/var/log/radutmp' radius_xlat: 'aliencroc' modcall[accounting]: module radutmp returns ok for request 0 radius_xlat: 'aliencroc' rlm_sql (sql): sql_set_user escaped user -- 'aliencroc' radius_xlat: 'UPDATE CallsOnline SET DataIn = '262653',DataOut = '354385', LastHit = getdate() WHERE AcctSessionId = '00152C4F' AND UserName = 'aliencroc' AND NASIdentifier= '203.220.236.246'' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'INSERT into accounting (LogTime, LogDate, UserName, NasIPAddress, NasPortID, ServiceType, FramedProtocol, FramedAddress, CallingStation ID, NasIdentifier,AcctStatusType, NasPortType, ConnectInfo, ConnectInfo2, AcctUniqueID, CalledStationID, Connection_ID) values (getdate(),getdate(),' aliencroc','203.220.236.246','1851','Framed-User', 'PPP', '125.168.108.242','sfy211300202027','LNS02-WAYM-ADL.comindico.com.au','Start','ADSL-DMT','15 552','15552','b577760b95764125','','00152C4F') ' rlm_sql (sql): Released sql socket id: 4 modcall[accounting]: module sql returns ok for request 0 modcall: leaving group accounting (returns ok) for request 0 Sending Accounting-Response of id 67 to 203.132.224.35 port 35240 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... The first update query didn't fail. Any ideas or would this be a bug? Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius sql /mssql
Alan DeKok wrote: Andrew D wrote: 1. If the user is found in the sql tables and has reply attributes etc, is it still possible to go through the 'users' file? if so how? I can't seem to get it to do it. Yes, it's possible. The modules are completely independent, so you just configure both. In fact, if you just uncomment the sql entries in the default radiusd.conf, the server will do that. Which it does, but doesn't work like I would expect it to, with the examples given in the docs. huntgroup file test NAS-IP-ADDRESS == some.ip testbad NAS-IP-ADDRESS == some.ip Group = suspend or test NAS-IP-ADDRESS == some.ip testbad NAS-IP-ADDRESS == some.ip, Group == suspend users file DEFAULT Group == suspend Framed-IP-Address := 172.16.32.0+, Session-Timeout := 600, Port-Limit := 1 DEFAULT Huntgroup-Name == testbad Framed-IP-Address := 172.16.32.0+, Session-Timeout := 600, Port-Limit := 1 DEFAULT Huntgroup-Name == test Port-Limit := 1, Fall-Through = 1 a quick snip from radiusd -X radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'awd' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 users: Matched entry DEFAULT at line 26 users: Matched entry DEFAULT at line 43 users: Matched entry DEFAULT at line 61 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 0 rlm_chap: login attempt by awd with CHAP password rlm_chap: Using clear text password start for user awd authentication. It skips the 2 default entries before Huntgroup-Name == test line, even though the user is in the suspend group. I've tried swapping them around with no difference(both huntgroups and users file). It seems to be disregarding the group. I also ran the sql query and it returns the suspend group. Basically, depending on the huntgroup I need to send different reply attributes (different NAS types) and if the DB returns the group suspend, different reply attributes are sent. Or, try reading the FAQ for what information is needed in situations where it doesn't work. 2. Is there an ability in any way to have a caching like feature or is DB failover and running 2 db servers with replication the only way to go? Cache... what? Cache details that it gets from the DB for some configurable time, ie VOPradius caches unames/password and other reply attributes to send to the NAS for 24 hours since the user last connected. 3. Is there anyway to log the actual reason for rejection in 'Post-Auth-Type REJECT'? ie simultaneous use, invalid password etc? Module-Failure-Message often contains the reason, but not always. That seems to do the trick :) Some info is better than none, and so far in testing its been perfect. May I suggest mentioning this in the variables file. Cheers cya Andrew Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius sql /mssql
Dennis Skinner wrote: Andrew D wrote: Basically, depending on the huntgroup I need to send different reply attributes (different NAS types) and if the DB returns the group suspend, different reply attributes are sent. I don't fully understand what you are trying to do and you snipped a lot We are a little ISP, we have a bunch of lines on the local network, and outsource our dsl and national lines. We have a patton here and cisco NASes at the outsourced mob. If a user dials into the patton then they get a basic setup of framed-user session-timeout etc. if they come in via the cisco then they get same basic setup as the patton + a bunch of cisco-avpairs. If however they are in the 'suspend' group and they dial into the patton then they get a 172.16.* ip or if they dial into the ciscos, they get a different set of cisco-avpairs. of the debug log, but if the group is in sql, then the huntgroup file full debug :) Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /var main: logdir = /var/log main: libdir = /usr/local/lib main: radacctdir = /var/log/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = nobody main: group = nobody main: usercollide = no main: lower_user = after main: lower_pass = after main: nospace_user = after main: nospace_pass = after main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = no proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 0 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = rlm_sql_mysql sql: server = localhost sql: port = sql: login = root sql: password = sql: radius_db = radius sql: nas_table = nas sql: sqltrace = no sql: sqltracefile = /var/log/sqltrace.sql sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = %{User-Name} sql: default_user_profile = sql: query_on_not_found = no sql: authorize_check_query = SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username
Re: freeradius sql /mssql
well, SQL-Group in the users file works. Thanks dennis. -- Network Administrator / Manager Webzone Internet 1st Floor (Oakley Street Entrance) 167 Grote Street Adelaide SA, 5000 Phone 1300 303 932 Fax 08 8221 6204 Email [EMAIL PROTECTED] [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius sql /mssql
Hi there, We've got FreeRADIUS Version 1.1.4, for host i386-portbld-freebsd5.5 using unixodbc/freetds connecting to a mssql DB. I've got a number of questions that I hope someone can answer. 1. If the user is found in the sql tables and has reply attributes etc, is it still possible to go through the 'users' file? if so how? I can't seem to get it to do it. 2. Is there an ability in any way to have a caching like feature or is DB failover and running 2 db servers with replication the only way to go? 3. Is there anyway to log the actual reason for rejection in 'Post-Auth-Type REJECT'? ie simultaneous use, invalid password etc? Cheers in Advance for any help. cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.0.2 on bsd 4.11
Boian Jordanov said: For me it looks like you have been linked rlm_perl with wrong libperl.so Solution: Install perl from ports collection (lang/perl5.8) and then write 'use.perl port' and recompile freeradius. the first thing I did was install perl 5.6.2 after I 'cvsup'ed. did the 'use.perl port' as well. $ perl -V Summary of my perl5 (revision 5.0 version 6 subversion 2) configuration: Platform: osname=freebsd, osvers=4.11-release, archname=i386-freebsd Did you try with 5.6.x ? we are currently a 5.6.x shop and we arn't ready to update all of our boxen and scripts to 5.8.x Instead how would I go about getting rlm_perl to link to /usr/local/lib/perl5/5.6.2/mach/CORE/libperl.so rather than /usr/lib/libperl.so on bsd 4.11? I don't mind not using the ports collection to compile freeradius (I got the same thing when I compiled from scratch), just prefer it. Cheers cya Andrew Boian. On Wed, Feb 23, 2005 at 11:47:41AM +1030, Andrew D wrote: Hi there, Running freebsd 4.11 and compiled freeradius from the ports collection with support for rlm_perl. everything compiled alright, but everytime I start it (radiusd -X) I get the following. perl: func_xlat = xlat perl: perl_flags = (null) perl: func_start_accounting = (null) perl: func_stop_accounting = (null) DynaLoader object version 1.04 does not match $DynaLoader::VERSION 1.03 at /usr/libdata/perl/5.00503/DynaLoader.pm line 80. BEGIN failed--compilation aborted at /etc/raddb/rad_mod.pl line 28. rlm_perl: perl_parse failed: /etc/raddb/rad_mod.pl not found or has syntax errors. radiusd.conf[837]: pemod: Module instantiation failed. I have perl 5.6.2 installed (ports collection) and have the following in the perl script require 5.6.2; Doesn't matter what I do I keep getting the Dynaloader error. For whatever reason, radiusd wants to load perl 5.00503 instead of perl 5.6.2 perl, its modules and freeradius was compiled on the box rather than using the binary packages from the bsd ftp server. Just wondering if anyone else has come accross it and knows what the solution might be? Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.0.2 on bsd 4.11
Hi there, Running freebsd 4.11 and compiled freeradius from the ports collection with support for rlm_perl. everything compiled alright, but everytime I start it (radiusd -X) I get the following. perl: func_xlat = xlat perl: perl_flags = (null) perl: func_start_accounting = (null) perl: func_stop_accounting = (null) DynaLoader object version 1.04 does not match $DynaLoader::VERSION 1.03 at /usr/libdata/perl/5.00503/DynaLoader.pm line 80. BEGIN failed--compilation aborted at /etc/raddb/rad_mod.pl line 28. rlm_perl: perl_parse failed: /etc/raddb/rad_mod.pl not found or has syntax errors. radiusd.conf[837]: pemod: Module instantiation failed. I have perl 5.6.2 installed (ports collection) and have the following in the perl script require 5.6.2; Doesn't matter what I do I keep getting the Dynaloader error. For whatever reason, radiusd wants to load perl 5.00503 instead of perl 5.6.2 perl, its modules and freeradius was compiled on the box rather than using the binary packages from the bsd ftp server. Just wondering if anyone else has come accross it and knows what the solution might be? Cheers cya Andrew -- Network Administrator / Manager Webzone Internet 1st Floor (Oakley Street Entrance) 167 Grote Street Adelaide SA, 5000 Phone 1300 303 932 Fax 08 8221 6204 Email [EMAIL PROTECTED] [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth and session-timeout based on day of the week and time
Hi there, Using FR 1.0.1 on linux. I am using the Perl module and everything works fine(including chap), except I can't work out how to restrict based on day and time. Can freeradius restrict login based on day and time, and set the session-timeout so that it ends at the end of the allowed time period, or will I have to get perl to work that out. ie only allow dialin access mon-fri 9-5 Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth and session-timeout based on day of the week and time
Andrew D wrote: Hi there, Sorry, with all the reading I've been doing lately, I been skimming bits and pieces. I just found the bit where its all defined :) Sorry for wasting your time :| Using FR 1.0.1 on linux. I am using the Perl module and everything works fine(including chap), except I can't work out how to restrict based on day and time. Can freeradius restrict login based on day and time, and set the session-timeout so that it ends at the end of the allowed time period, or will I have to get perl to work that out. ie only allow dialin access mon-fri 9-5 Cheers cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: platypus
Hi Rick, Andrew, I have been using freeradius with Plat for a long time and it works well. Have you downloaded the *nix binary and scripts off of boardtown's website to interface with your windows server? What on earth for? Isn't freeRadius supposed to have inbuilt MS SQL support? All of our systems, whether it is win32 or *nix based, auth directly from plat. The binary runs as a daemon and uses the *nix user/password list for authentication. When you create a new account in Plat it sends the info to Which is useless in our case as we have 8 different radius profiles. the binary which runs a script on the *nix server and adds the user to the list where freeradius can authenticate it. So, FreeRadius is not able to natively interact with MS SQL server for both pulling radius auth data and pushing radius accounting details? We are currently running vopradius (win32) and were hoping to replace it completely (preferably plugging it straight in, with minimal changes to the DB and the rest of the system) with freeRadius. Cheers cya Andrew Rick Williams System Administrator AICON Internet Services, Inc. - Original Message - From: Andrew D [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 12, 2004 11:39 PM Subject: platypus Hi all, Just wondering if anyone has managed to get freeradius to work with platypus (ISP billing software) which is setup within a MS-SQL server? If you have managed to get it working, could you let us know what you did and possibly provide some config files. Thanks in Advance Cheers, cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
platypus
Hi all, Just wondering if anyone has managed to get freeradius to work with platypus (ISP billing software) which is setup within a MS-SQL server? If you have managed to get it working, could you let us know what you did and possibly provide some config files. Thanks in Advance Cheers, cya Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html