Freeradius2.1.3 + Fedora9 + PEAP + AD = problem

[Andrey . Trubnikov]

Hi
I configure Freeradius 2.1.3 how it describes in
http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO
but it doesn't work.

here is debug output:

FreeRADIUS Version 2.1.3, for host i386-redhat-linux-gnu, built on Dec  8
2008 at 16:00:08
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/ldap
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/default
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
group = radiusd
user = radiusd
including dictionary file /etc/raddb/dictionary
main {
prefix = /usr
localstatedir = /var
logdir = /var/log/radius
libdir = /usr/lib/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
 log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
 }
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
 client 10.6.0.0/16 {
require_message_authenticator = no
secret = secret
shortname = cisco
 }
 client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
nastype = other
 }
radiusd:  Loading Realms and Home Servers 
 proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
 }
 home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = status-server
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
 }
 home_server_pool 

Colubris-AVPairs

[Andrey]

Hi,
I have a problem with Freeradius returning Colubris-AVPairs. I have a CN3300
(Colubris AP) set up to authenticate from my radius server (FR), which in turn
passes it information such as login pages, access lists, etc. All these
attributes are defined in my radgroupreply table (3 in all), which look
something as follows:

 151 colubris_group Colubris-AVPair := access-list=loginserver, ACCEPT, tcp,
x.x.x.138, ALL
 152 colubris_group Colubris-AVPair := use-access-list=loginserver
 153 colubris_group Colubris-AVPair :=
login-url=http://x.x.x.138/colubris/login.html

When I attempt to authenticate the AP, the Access-Accept response has only the
first Colubris-AVPair, whichever it might be (i've tried different orders).
Is there any reason for this kind of behaviour? Do attributes have to have
unique names? (since all three are called Colubris-AVPair).

Thanks for any help.

-Andrey
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

AVPair question

[Andrey]

Hey List,

Quick question about AVPair. I have a Colubris Access Point which wants me to
use the Colubris-AVPair attribute. The attribute is defined in a dictionary
file, which is included in the main dictionary. This is what it looks like:

# Colubris dictionary - dictionary.colubris
#
#   Enable by putting the line $INCLUDE dictionary.colubris into
#   the main dictionary file.
#
#

VENDOR  Colubris8744

#
#   Vendor-specific attributes
#
ATTRIBUTE   Colubris-AVPair 0   string  Colubris
ATTRIBUTE   Colubris-Intercept  1   integer Colubris

When I try to authenticate, I get unknown-vendor 8744, size 30 = ''  for my
attributes dump. What am I missing? Is there a separate file for defining
vendors?

Any help appreciated.

- Andrey



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[Q] Access-Reject logging

[Andrey Panin]

Hello,

I have rlm_perl module which performs some checks of Access-Request
and if rlm_perl returns RLM_MODULE_REJECT freeradius sends Access-Reject,
but this Access-Reject doesn't appear in detail log.

is there any way to log Access-Reject's generated in authorize section ?

Best regards.

-- 
Andrey Panin| Linux and UNIX system administrator
[EMAIL PROTECTED]   | PGP key: wwwkeys.pgp.net


signature.asc
Description: Digital signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Q] Access-Reject logging

[Andrey Panin]

On 181, 06 30, 2005 at 11:47:31AM +0200, Nicolas Baradakis wrote:
 Andrey Panin wrote:
 
  I have rlm_perl module which performs some checks of Access-Request
  and if rlm_perl returns RLM_MODULE_REJECT freeradius sends Access-Reject,
  but this Access-Reject doesn't appear in detail log.
  
  is there any way to log Access-Reject's generated in authorize section ?
 
 See http://www.freeradius.org/radiusd/doc/Post-Auth-Type

Been here, done that. It doesn't help, looks like Access-Reject's generated
during authorize phase are never passed to post_auth phase.

-- 
Andrey Panin| Linux and UNIX system administrator
[EMAIL PROTECTED]   | PGP key: wwwkeys.pgp.net


signature.asc
Description: Digital signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Q] Access-Reject logging

[Andrey Panin]

On 181, 06 30, 2005 at 01:29:48PM +0200, Nicolas Baradakis wrote:
 Andrey Panin wrote:
 
I have rlm_perl module which performs some checks of Access-Request
and if rlm_perl returns RLM_MODULE_REJECT freeradius sends 
Access-Reject,
but this Access-Reject doesn't appear in detail log.

is there any way to log Access-Reject's generated in authorize section ?
   
   See http://www.freeradius.org/radiusd/doc/Post-Auth-Type
  
  Been here, done that. It doesn't help, looks like Access-Reject's generated
  during authorize phase are never passed to post_auth phase.
 
 Are you using the latest release of FreeRADIUS? It was a bug in
 version 1.0.2 and earlier.

CVS snapshot.

-- 
Andrey Panin| Linux and UNIX system administrator
[EMAIL PROTECTED]   | PGP key: wwwkeys.pgp.net


signature.asc
Description: Digital signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: [Q] Access-Reject logging

[Andrey Panin]

On 181, 06 30, 2005 at 10:30:47PM +1000, Mitchell, Michael J wrote:
   
Been here, done that. It doesn't help, looks like Access-Reject's 
generated during authorize phase are never passed to 
  post_auth phase.
   
   Are you using the latest release of FreeRADIUS? It was a bug in 
   version 1.0.2 and earlier.
  
  CVS snapshot.
  
 
 Why is authorization failing? I know in 1.0.1 post-auth is not processed
 if the authorization module returns RLM_USERLOCK (eg in LDAP the access
 attribute has denied access).

It fails in perl script used to glue freeradius server with existing
authentication database. Perl authorization function returns RLM_MODULE_REJECT.
 
-- 
Andrey Panin| Linux and UNIX system administrator
[EMAIL PROTECTED]   | PGP key: wwwkeys.pgp.net


signature.asc
Description: Digital signature
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How can I using postgres NAS table

[Andrey V. Elsukov]

 .  wrote:

How can I using postgres NAS table?
I not found info about this :(


rlm_sql/drivers/rlm_sql_postgresql/db_postgresql.sql:

/*
 * Table structure for table 'nas'
 * This is not currently used by FreeRADIUS but is usefull for reporting
 * anyway.
 */
CREATE TABLE nas (
...
--
WBR, Andrey V. Elsukov

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Running radiusd as an unprivileged user

[Andrey]

Hi Andrey.

Edit your radiusd.conf and uncomment:
#user = nobody
#group = nobody


done that.

You can manually add new users the radius will run as. Propaly the 
easiest way is to run vipw and copy line from some other service, 
change the uid, gid and the username, edit /etc/group and put there 
your group as well.


have that.


Something like this should do on FreeBSD:
radiusd:*:101:101::0:0:Radius Daemon:/var/log/radius:/usr/sbin/nologin

Or Linux
radiusd:x:101:101:Radius Daemon:/var/log/radius:/bin/false

and in /etc/group
radiusd:*:101:

chown -R radiusd:radiusd your log file and propaly the config files


chowned the log and config files.


Then it should look something like:

#ps auxww | grep rad
radiusd 81708  0.0  1.0  9316  4944  ??  Ss   11:26PM   0:00.01 
/usr/local/sbin/radiusd


Cheers,
Marcin



RESULT: It looks like it's working, but it doesn't authenticate anybody. It
doesn't necessarily give an Access-Reject, but it also doesn't let anyone stay
online. Lets users log in and then kicks them off 15 seconds later. Any ideas?

Thanks for the suggestions.



On Wed,  1 Jun 2005 16:49:37 -0400
Andrey [EMAIL PROTECTED] wrote:


Hi everyone,

Just a quick question about running radiusd as a user other than 
root. Do I need
to compile the server as that user? And do I need to do anything 
else other than

uncomment the lines in radius.conf?

Is there a help/doc file about this?

Thanks a bunch.


Andrey




-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Running radiusd as an unprivileged user

[Andrey]

Hi everyone,

Just a quick question about running radiusd as a user other than root. Do I need
to compile the server as that user? And do I need to do anything else other than
uncomment the lines in radius.conf?

Is there a help/doc file about this?

Thanks a bunch.


Andrey




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: autentificacion TLS

[Andrey]

Very true, most people here understand English a lot better :-)


Andrey


Quoting Ernesto Freyre Ramírez [EMAIL PROTECTED]:


Hola Juan Carlos , te recomiendo que a esta lista escribas en Ingles,
será muy raro que alguien te responda en castellano
Ernesto Freyre Ramírez
Jefe de Operaciones
Qnet
Soluciones Tecnológicas
Av. Paseo de la República 4675 - Lima 34
Telf.: (511) 241-4122 Anexo 2245
Fax: (511) 446-8135

Visítenos en: www.qnet.com.pe

- Original Message -
  From: Juan Carlos Arévalo
  To: freeradius-users@lists.freeradius.org
  Sent: Wednesday, May 25, 2005 2:55 PM
  Subject: autentificacion TLS


  muy buenos dias !!
  la intencion de este correo es la de solicitar informacion sobre el
  radius a ver si me puedes ayudar !!
  te comento tengo montado un serviodr radius en suse 9.2 el cual esta
  corriendo bien o eso parece cuando lo coloco a validar los usuarios
  por MAC Address por medio de un AP1100 de cisco esto lo hace de
  maravilla.

  La otra cuestion es que tengo un servidor LDAP donde esta la base de
  datos de toda
  la empresa cuando realizo pruebas con el NTRadping el servidor
  contesta perfecto.

  Pero cuando lo intento hacer por el AP1100 no lo hace como es devido
  le tengo configurado
  para que funcione con EAP/PEAP y me pide un certificado el cual ya se
  lo configure pero
  me da un error muy extraño que no entiendo les colocare el error a ver
  quien me puede ayudar

  Wed May 25 13:26:38 2005 : Debug:   rlm_eap_tls:  TLS 1.0 Alert
  [length 0002], fatal unknown_ca
  Wed May 25 13:26:38 2005 : Error: TLS Alert read:fatal:unknown CA
  Wed May 25 13:26:38 2005 : Error: TLS_accept:failed in SSLv3 read
  client certificate A
  16174:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown
  ca:s3_pkt.c:1052:SSL alert number 48
  16174:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake
  failure:s3_pkt.c:837:
  Wed May 25 13:26:38 2005 : Error: rlm_eap_tls: SSL_read failed in a
  system call (-1), TLS session fails.
  Wed May 25 13:26:38 2005 : Debug: In SSL Handshake Phase
  Wed May 25 13:26:38 2005 : Debug: In SSL Accept mode



  de verdad que si me pueden ayudar seria muy bueno !!


  --
  Juan Carlos Arevalo
  [EMAIL PROTECTED]
  [EMAIL PROTECTED]
  [EMAIL PROTECTED]
  [EMAIL PROTECTED]

  -
  List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Auth-Type = System and DSL Static IP

[Andrey]

Not to be mean or anything, but you don't seem to have read the whole email or
the full correspondence. The problem only occurs when the Auth-Type is set to
System. I have bunch of other accounts (Auth-Type: Local) that work absolutely
fine. And to answer your questions, I DID post debug info, and the override is
set to no.
Thanks for the suggestions though.
Andrey
Quoting Dustin Doris [EMAIL PROTECTED]:
On Tue, 10 May 2005, Andrey wrote:
Hi List,
I have a question about Auth-Type = System. I have several accounts that
need to be authenticated through System and it works great as long as
the IP is assigned dynamically. As soon as I switch an account to static
IP, it authenticates but does not assign the desired ip address. I'm
guessing it's to do with the order in which things are checked: 1) check
sql - auth-type: system; 2) system - authenticate; 3) assign dynamic
ip, since it's not going back to sql, but of course it might be
something else.
When you say dynamic are you referring to rlm_ip_pool?  If so, make sure
you have override = no in your config.  If you set it to override = yes,
then ippool will override the reply item you already have configured for
the user.
When you say switch the account to static IP what do you mean by that.
Does that mean that you are assigning the reply item of Framed-IP-Address?
If so, that should not be overwriten by ip_pool so long as you have
override = no.
Otherwise - post some debug output (radiusd -X)

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Auth-Type = System and DSL Static IP

[Andrey Furukin]

Dustin, I appreciate your help, but everything is working fine now, so you can
drop the issue, okay?
Thanks.
Andrey
Quoting Dustin Doris [EMAIL PROTECTED]:

On Thu, 12 May 2005, Andrey wrote:
Not to be mean or anything, but you don't seem to have read the 
whole email or
the full correspondence. The problem only occurs when the Auth-Type 
is set to
System. I have bunch of other accounts (Auth-Type: Local) that work 
absolutely
fine. And to answer your questions, I DID post debug info, and the 
override is
set to no.

Thanks for the suggestions though.
Andrey
Not to be mean to you, but I feel you have not read the full
correspondance.  You posted the debug output of an accounting packet.  As
Alan said in his reply to you, accounting requests don't set IP addresses.
Please post the debug log of an authentication request.  This is where
your problem lies.
You did not specify before whether or not override is set to no
previously.  Without seeing your debug output of an authentication
request, I have no way of telling what is going on and whether or not that
was set.


Quoting Dustin Doris [EMAIL PROTECTED]:
 On Tue, 10 May 2005, Andrey wrote:

 Hi List,

 I have a question about Auth-Type = System. I have several accounts that
 need to be authenticated through System and it works great as long as
 the IP is assigned dynamically. As soon as I switch an account to static
 IP, it authenticates but does not assign the desired ip address. I'm
 guessing it's to do with the order in which things are checked: 1) check
 sql - auth-type: system; 2) system - authenticate; 3) assign dynamic
 ip, since it's not going back to sql, but of course it might be
 something else.


 When you say dynamic are you referring to rlm_ip_pool?  If so, make sure
 you have override = no in your config.  If you set it to override = yes,
 then ippool will override the reply item you already have configured for
 the user.

 When you say switch the account to static IP what do you mean by that.
 Does that mean that you are assigning the reply item of Framed-IP-Address?
 If so, that should not be overwriten by ip_pool so long as you have
 override = no.

 Otherwise - post some debug output (radiusd -X)



 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Auth-Type = System and DSL Static IP

[Andrey]

Hi List,

I have a question about Auth-Type = System. I have several accounts that need to
be authenticated through System and it works great as long as the IP is assigned
dynamically. As soon as I switch an account to static IP, it authenticates but
does not assign the desired ip address. I'm guessing it's to do with the order
in which things are checked: 1) check sql - auth-type: system; 2) system -
authenticate; 3) assign dynamic ip, since it's not going back to sql, but of
course it might be something else.

Has anyone had this problem before?

I have other static ip accounts that authenticate from sql, and those work just
fine. Just the ones that are from System.

Any suggestions most appreciated.

Andrey




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius accounting question

[Andrey]

My guess would be that you need to set the Session-Timeout variable. 2 hours
would be 7200 and 1 hour would be 3600.
hope this helps.
Andrey
Quoting Software Development Group [EMAIL PROTECTED]:
Hello,
I have compiled and installed freeradius and it is working fine. My
question now is:
At this point a user logs in with a password, is authenticated and enters
the system but if I want to set user x to only have 2 hours connection time
only and user y to only have 1 hour of connection, how can I do this?
Thanks.
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Counting number of open sessions in RADIUS

[Andrey]

the easiest way off the top of my head would be to run:
   %radius_dir%/bin/radwho | grep  -c
that will pipe all your logged-in users to grep, which will tell you 
how many of
them there are.

Andrey
Quoting Sonali Karmarkar [EMAIL PROTECTED]:
Hi
I am using freeradius 0.9.3 with mysql on linux.
What is the correct way to count number of open sessions for freeradius
server ?
-SK
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Auth-Type = System and DSL Static IP

[Andrey Furukin]

The output doesn't really show anything unusual. As soon as the user connects,
radius assigns a Framed-IP-Address, which unfortunately is not the one in
radreply table.
The output is as follows:
The desired ip is supposed to be x.x.x.248, which instead is set to x.x.x.135
Finished request 206
Going to the next request
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host x.x.x.186:1646, id=158, 
length=182
NAS-IP-Address = x.x.x.186
NAS-Port = 30
NAS-Port-Type = ISDN
User-Name = [EMAIL PROTECTED]
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = 3E36
Framed-Protocol = PPP
Tunnel-Server-Endpoint:0 = x.x.x.5
Tunnel-Client-Endpoint:0 = x.x.x.6
Tunnel-Type:0 = L2F
Tunnel-Client-Auth-Id:0 = blah1
Tunnel-Server-Auth-Id:0 = blhablahblah
Acct-Tunnel-Connection = 123456789
Framed-IP-Address = x.x.x.135
Acct-Delay-Time = 0
  Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 207
  modcall[preacct]: module preprocess returns noop for request 207
rlm_acct_unique: Hashing 'NAS-Port = 30,Client-IP-Address =
x.x.x.186,NAS-IP-Address = x.x.x.186,Acct-Session-Id = blahblah,User-Name =
[EMAIL PROTECTED]'
rlm_acct_unique: Acct-Unique-Session-ID = 5284d1027702b79c.
  modcall[preacct]: module acct_unique returns ok for request 207
rlm_realm: Looking up realm ourdomain.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm ourdomain.com
rlm_realm: Adding Stripped-User-Name = testuser
rlm_realm: Proxying request from user testuser to realm ourdomain.com
rlm_realm: Adding Realm = ourdomain.com
rlm_realm: Accounting realm is LOCAL.
  modcall[preacct]: module suffix returns noop for request 207
  modcall[preacct]: module files returns noop for request 207
modcall: group preacct returns ok for request 207
  Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 207
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/x.x.x.186/detail-20050510'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/radius/var/log/radius/radacct/x.x.x.186/detail-20050510
  modcall[accounting]: module detail returns ok for request 207
  modcall[accounting]: module unix returns noop for request 207
radius_xlat:  '/usr/local/radius/var/log/radius/radutmp'
radius_xlat:  '[EMAIL PROTECTED]'
  modcall[accounting]: module radutmp returns ok for request 207
radius_xlat:  'testuser'
rlm_sql (sql): sql_set_user escaped user -- 'testuser'
radius_xlat:  'UPDATE radacct ? SET FramedIPAddress = 'x.x.x.135', ?
AcctSessionTime = '', ? AcctInputOctets = '', ? AcctOutputOctets = '' ? WHERE
AcctSessionId = '3E36' ? AND UserName = 'testuser' ? AND NASIPAddress=
'x.x.x.186''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
  modcall[accounting]: module sql returns ok for request 207
modcall: group accounting returns ok for request 207
Sending Accounting-Response of id 158 to x.x.x.186:1646
Finished request 207
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---

Thanks your suggestions and time on this.
Andrey
Quoting Alan DeKok [EMAIL PROTECTED]:
Andrey [EMAIL PROTECTED] wrote:
I have other static ip accounts that authenticate from sql, and 
those work just
fine. Just the ones that are from System.

Any suggestions most appreciated.
  Run the server in debugging mode and read the output.  There's
really no other way.
As soon as I switch an account to static IP, it authenticates but
does not assign the desired ip address. I'm guessing it's to do with
the order in which things are checked:
  No.  It's something else.
  Alan DeKok.
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

MySQL Accounting in Freeradius

[Andrey]

Hi,

I have a question about the uniqueness of the AcctUniqueId field. Everytime
the user connects, the id is always the same. AcctSessionId is always the
same as well. All that would be fine, except that the times get messed up by
being updated to the last AcctStopTime. The update query is as follows:

UPDATE radacct SET AcctStopTime = '2005-05-05 16:08:00', AcctSessionTime = '',
AcctInputOctets = '', AcctOutputOctets = '', AcctTerminateCause = '',
AcctStopDelay = '', ConnectInfo_stop = '' WHERE AcctSessionId =
'00-0f-3d-52-2b-13' AND UserName = 'dialup_username' AND NASIPAddress =
'x.x.x.x'

which consequently updates all the records from before that have the same
AcctSessionId (i.e. all the previous logins by that user).

Is this the way it was intended to work?
For some reason I doubt it, but thought I'd ask just to make sure. If that's a
bug, how would I go about fixing it?

Thanks for your time!

-Andrey





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

xlat

[Andrey Pavlenko]

Hi!

Freeradius modify char # to =23 in all attributes.
In the radacct/detail:
Called-Station-Id = 12378#7095507
In the postgresql.conf:
accounting_stop_query = INSERT INTO ${acct_table} \
(id, calledstationip, calledstationid) \
VALUES \
(DEFAULT, '%{h323-remote-address:-127.0.0.1}', '%{Called-Station-Id}')

But in sqltrace calledstationid = '12378=237095507'
I need write Called-Station-Id without modifying!

radiusd.conf:
preacct {
preprocess
}

accounting {
detail
sql
}

How i can configure Freeradius without rewriting # char
or without using xlat for some pairs?



-- 
Lance

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Fall-Through in acct_users

[Andrey Lakhno]

Hello,

Is it possible to use Fall-Through in acct_users like in users file ?

-- 
Andrey Lakhno,
land-ripe

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Fall-Through in acct_users

[Andrey Lakhno]

Hello,

On Tue, 13 Jul 2004, Alan DeKok wrote:

  Is it possible to use Fall-Through in acct_users like in users file ?
 
   Try it and see.

It does not work. May be I done something incorrectly ?

acct_users:

DEFAULT NAS-IP-Address == x.x.x.x, Acct-Status-Type == Stop
Exec-Program = /home/voip/aaa/acct_call_generic,
Fall-Through = Yes

DEFAULT NAS-IP-Address == x.x.x.x, Acct-Status-Type == Stop
Exec-Program = /home/voip/aaa/test



-- 
Andrey Lakhno,
land-ripe

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html