Re: How to start a session
You must use radtest command type radtest at the command prompt and this will give you hints about how to use it Ernesto Freyre RamírezJefe de OperacionesQnetSoluciones TecnológicasJr. Natalio Sánchez 220, Of. 401 - Lima 11Telf.: (511) 431-6565 Anexo 2245Fax: (511) 431-7113 Visítenos en: www.qnet.com.pe- Original Message - From: San To: FreeRadius users mailing list Sent: Friday, January 20, 2006 8:35 AM Subject: How to start a session Dear All,I have implemented freeradius-1.0.5 in Redhat box. AndIhave some questions about it. It have searched the webbut still can't find a clue or i just missed it :(.Also my questions are:1. How do we start the session? I have send therequest to the server and got access_accepted. And asI know the session is start after we send theaccounting_request and get response from the server.The problem is how to do that using command prompt? MyNas is Suse box (that should be fine right?).I use this command to send acct_requestecho "User-Name= Anna"| radclient 10.1.0.76 acct -xtesting123Is that right? or is there any place I can refer touse the radclient command?2. Do I need to write external script to run thecommand? Because I want to use the session time outbut seems still not working.(because I don't know howto start the session)3. Where should I put the acc_type. Is it in serverside or nas side?I really hope someone can help me (please...)Thanks a lot in advanceBest Regards,Santy__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 267.14.20/234 - Release Date: 18/01/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reject connections based on CallingStationId
Dear admins: Please how I could to configure free radius with mysql for rejecting users only based on CallingStationId value? Thank you for hints about this issue. Regards Ernesto Freyre RamírezJefe de OperacionesQnetSoluciones TecnológicasJr. Natalio Sánchez 220, Of. 401 - Lima 11Telf.: (511) 431-6565 Anexo 2245Fax: (511) 431-7113 Visítenos en: www.qnet.com.pe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysqld.sock path problem
When I had this problem , on any environment, not specifically freeradius, the more quick solution was make a link of the actual pathof the mysql sock to the path where this is expected ('/var/run/mysqld/mysqld.sock' ) Ernesto Freyre RamrezJefe de OperacionesQnetSoluciones TecnolgicasAv. Paseo de la Repblica 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245Fax: (511) 446-8135 Vistenos en: www.qnet.com.pe- Original Message - From: rashad To: freeradius-users@lists.freeradius.org Sent: Thursday, June 23, 2005 9:21 AM Subject: mysqld.sock path problem freeradius can't connect to mysqld due to incorrect mysqld.sock path.rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radiusrlm_sql_mysql: Mysql error 'Can't connect to local MySQL server throughsocket '/var/run/mysqld/mysqld.sock' (2)'rlm_sql (sql): Failed to connect DB handle #0Actual path is /tmp/mysqld.sock.Can I change path to mysqld.sock in freeradius?- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
controlling the auth by CallingStationId
Dear Sirs, please , I hope someone here could to help me, I wish to control the authentication process by including a check of the CallingStationId parameter, being some generic features of it, or also all the value of the same, please some hint aboout where I must to configure this task? Thank you Ernesto Freyre Ramírez - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: autentificacion TLS
Hola Juan Carlos , te recomiendo que a esta lista escribas en Ingles, será muy raro que alguien te responda en castellano Ernesto Freyre RamírezJefe de OperacionesQnetSoluciones TecnológicasAv. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe- Original Message - From: Juan Carlos Arévalo To: freeradius-users@lists.freeradius.org Sent: Wednesday, May 25, 2005 2:55 PM Subject: autentificacion TLS muy buenos dias !!la intencion de este correo es la de solicitar informacion sobre elradius a ver si me puedes ayudar !!te comento tengo montado un serviodr radius en suse 9.2 el cual estacorriendo bien o eso parece cuando lo coloco a validar los usuariospor MAC Address por medio de un AP1100 de cisco esto lo hace demaravilla.La otra cuestion es que tengo un servidor LDAP donde esta la base dedatos de todala empresa cuando realizo pruebas con el NTRadping el servidorcontesta perfecto.Pero cuando lo intento hacer por el AP1100 no lo hace como es devidole tengo configuradopara que funcione con EAP/PEAP y me pide un certificado el cual ya selo configure perome da un error muy extraño que no entiendo les colocare el error a verquien me puede ayudarWed May 25 13:26:38 2005 : Debug: rlm_eap_tls: TLS 1.0 Alert[length 0002], fatal unknown_caWed May 25 13:26:38 2005 : Error: TLS Alert read:fatal:unknown CA Wed May 25 13:26:38 2005 : Error: TLS_accept:failed in SSLv3 readclient certificate A16174:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknownca:s3_pkt.c:1052:SSL alert number 4816174:error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshakefailure:s3_pkt.c:837:Wed May 25 13:26:38 2005 : Error: rlm_eap_tls: SSL_read failed in asystem call (-1), TLS session fails.Wed May 25 13:26:38 2005 : Debug: In SSL Handshake Phase Wed May 25 13:26:38 2005 : Debug: In SSL Accept mode de verdad que si me pueden ayudar seria muy bueno !!-- Juan Carlos Arevalo[EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED][EMAIL PROTECTED]- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help installing.
Hi Adam, did you get help about this? Ernesto Freyre RamírezJefe de OperacionesQnetSoluciones TecnológicasAv. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe- Original Message - From: Adam Oakley To: freeradius-users@lists.freeradius.org Sent: Monday, May 16, 2005 12:25 PM Subject: Need help installing. Hello, My name is Adam Oakley and I am trying to set up freeradius on a Linux redhat 9 server. I have downloaded the package and tried installing and I can get a couple of steps into it and then it will not let me go any farther. So I was wondering if anyone could help me get this installed and up and working. So please email me at this email address. Thanks a lot. Adam D. OakleyNOC Engineer I ITPI Solutions115 Evergreen Heights DriveSuite 312Pittsburgh, PA 15229412.415.6312 - Office412.415.5301 - Fax[EMAIL PROTECTED]www.itpipgh.com
Re: help
Hi , I think your question is about the process of compiling and installing. This is like other linux software, with a previous configure stage with some parameters, If you want more help, I think you could to send me a email. If you wish to learn more about RADIUS itself, I think first must to look for the concept, and then go to lear how to work with an specific RADIUS suchas freeradius Ernesto Freyre RamírezJefe de OperacionesQnetSoluciones TecnológicasAv. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe- Original Message - From: Marcin Jessa To: freeradius-users@lists.freeradius.org Cc: [EMAIL PROTECTED] Sent: Wednesday, May 11, 2005 8:11 AM Subject: Re: help On Wed, 11 May 2005 13:39:01 +0200"zze-BEN SAID Mehdi RD-CORE-ISS" [EMAIL PROTECTED] wrote: Hi; I'm student and I'm new to freeRadius, actually I'm new to Radius!Hi. I used to be student and new to FreeRadius, then I started to read the docs and man pages.Then came google to make my life even easier. I just need some help for installing and running a Radius client. ThanksHere is some help I know it's not as generic as your question but with the information you provided that's the best I can do at the moment. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can I run two freeradius daemons on the same machine?
Title: Can I run two freeradius daemons on the same machine? I think this must be possible if you run each on differentports. Ernesto Freyre RamírezJefe de OperacionesQnetSoluciones TecnológicasAv. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe- Original Message - From: Brian Gao To: freeradius-users@lists.freeradius.org Sent: Friday, April 22, 2005 2:56 PM Subject: Can I run two freeradius daemons on the same machine? Hi all, Does anybody know that can I run two freeradius daemons on the same machine? Thanks Brian
redirecting to specific web page
Hi, Please I would want to know if here somebody could help me with this problem: I need my radius users to be redirected to a specific web page when connected, but my problem is that actually I only manage the RADIUS service, I have not access to manage the outgoing Internet network where my users navigates neither to the NAS equipments, So my unique option is to set some thing on RADIUS, or another artifice for get this goal. I accept ideas, thank you Ernesto Freyre Ramírez Área de Operaciones Red Privada Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL accounting strangeness
Normally this could depend on your NAS configuration. Check this is sending the attributes you need. Untitled DocumentErnesto Freyre Ramírez Área de Operaciones Red Privada Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - Original Message - From: Andre Fortin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 05, 2004 12:26 PM Subject: MySQL accounting strangeness Hello, Forgive me if this has been covered. I'm using FreeRADIUS 0.8.1 and am using MySQL for accounting (and LDAP for authorization, but that's probably not important). This works well for getting totals of time used for each user. However, I'm now trying to write a tool to search which username was logged on at X time, and noticed some missing information in the radacct table; It seems that when a session is started, its not entering the FramedIPAddress. Strangely, if the user was logged in when accounting wasn't happening, and the session ends, it records a start time of all zeros, and the AcctStopTime, with the IP address. If the system has both the AcctStartTime and StopTime, there is no IP address.. Here's a snippet of results from my database: ++-+-+-- ---+ | UserName | FramedIPAddress | AcctStartTime | AcctStopTime| ++-+-+-- ---+ | Xuser | 66.206.230.5| -00-00 00:00:00 | 2004-04-29 11:57:27 | | Xuser | | 2004-05-03 23:33:25 | 2004-05-03 23:44:09 | All accounts are exhibiting this behavior; very few actually have a recorded IP address, only the ones without a valid start time.. Any ideas? If you need any more information, let me know.. I haven't yet tried upgrading, as I'm not sure if it will fix it, and I don't want to accidently cause any other problems by changing the version. Thanks in advance, Andre - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: redirecting to specific web page
Thank you for your reply. Untitled DocumentErnesto Freyre Ramírez Área de Operaciones Red Privada Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - Original Message - From: Thor Spruyt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 05, 2004 10:59 AM Subject: Re: redirecting to specific web page - Original Message - From: Ernesto Freyre [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 05, 2004 8:04 PM Subject: redirecting to specific web page Hi, Please I would want to know if here somebody could help me with this problem: I need my radius users to be redirected to a specific web page when connected, but my problem is that actually I only manage the RADIUS service, I have not access to manage the outgoing Internet network where my users navigates neither to the NAS equipments, So my unique option is to set some thing on RADIUS, or another artifice for get this goal. The radiusserver cannot enforce anything. If you want to enforce something you have to configure your NAS equipment for that and have the radiusserver send the appropriate attributes in the accept to the NAS. I accept ideas, thank you Ernesto Freyre Ramírez Área de Operaciones Red Privada Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to enable freeradius for ISDN connections?
Dear admins: Please I´m dealing with the problem of setting my FreeRadius for allowing ISDN connections, what I must configure for this? Thank you for your replies. Ernesto Freyre Ramírez Área de Operaciones Red Privada Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
about the ISDN problem
Dear Sirs, please, the specific problem I have is the following: We have tested the NAS for authenticating locally the ISDN calls , so all works fine, but when we set the NAS for radius authentication, the user are rejected, however when I see the log on my radius, this records the session as accepted, as you can see in the attached logfile. So we don´t know where is the problem? in the NAS or in the RADIUS? Please somebody here could give me some hint about this issue? Is needed to set some attribute reply for ISDN users in the RADIUS server? We are using a CISCO 5300 NAS. and freeradius-0.9.3 Thank you in advance for your replies. Regards, Ernesto Freyre Ramírez. Waking up in 6 seconds... rad_recv: Access-Request packet from host 200.31.97.2:21671, id=81, length=100 Framed-Protocol = PPP User-Name = [EMAIL PROTECTED] User-Password = 01011938 NAS-Port = 20507 NAS-Port-Type = ISDN Calling-Station-Id = 12125222 Called-Station-Id = 719 Service-Type = Framed-User NAS-IP-Address = 200.31.97.2 modcall: entering group authorize for request 245 modcall[authorize]: module preprocess returns ok for request 245 modcall[authorize]: module chap returns noop for request 245 rlm_realm: Looking up realm myrealm for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm myrealm modcall[authorize]: module suffix returns noop for request 245 radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql): sql_set_user escaped user -- '[EMAIL PROTECTED]' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 245 modcall[authorize]: module mschap returns noop for request 245 modcall: group authorize returns ok for request 245 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [EMAIL PROTECTED] (from client NAS1 port 20507 cli 12125222) Sending Access-Accept of id 81 to 200.31.97.2:21671 Service-Type := Framed-User Framed-Protocol := PPP Framed-Compression := Van-Jacobson-TCP-IP Framed-MTU := 1500 Finished request 245 Going to the next request
Fw: about the ISDN problem
Sorry I forgot to attach the file ... Untitled DocumentErnesto Freyre Ramírez Área de Operaciones Red Privada Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - Original Message - From: Ernesto Freyre [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 28, 2004 2:38 PM Subject: Re: about the ISDN problem Hi Mr. DeKok the log file that lets my NAS is attached in this mail, Please could you help me to see if here appears some thing with information that helps to debug the problem?. I don´t have experience with NAS. thak you for your valuable time and help Regards. Ernesto. Untitled DocumentErnesto Freyre Ramírez Área de Operaciones Red Privada Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, June 28, 2004 9:50 AM Subject: Re: about the ISDN problem Ernesto Freyre [EMAIL PROTECTED] wrote: We have tested the NAS for authenticating locally the ISDN calls , so all works fine, but when we set the NAS for radius authentication, the user are rejected, however when I see the log on my radius, this records the session as accepted, as you can see in the attached logfile. I suggest looking at the debug logs on the NAS to see why it doesn't like the response from FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html as5300-li03#!test con cambio de authe en virtual template! as5300-li03# Jun 28 11:48:19: ISDN Se5:15 Q931: RX - SETUP pd = 8 callref = 0x05DC Sending Complete Bearer Capability i = 0x8890 Standard = CCITT Transer Capability = Unrestricted Digital Transfer Mode = Circuit Transfer Rate = 64 kbit/s Channel ID i = 0xA18392 Preferred, Channel 18 Calling Party Number i = 0x2181, '12125222' Plan:ISDN, Type:National Called Party Number i = 0xC1, '719' Plan:ISDN, Type:Subscriber(local) Jun 28 11:48:19: %LINK-3-UPDOWN: Interface Serial5:17, changed state to up Jun 28 11:48:19: ISDN Se5:15 Q931: TX - CALL_PROC pd = 8 callref = 0x85DC Channel ID i = 0xA98392 Exclusive, Channel 18 Jun 28 11:48:19: ISDN Se5:15 Q931: TX - CONNECT pd = 8 callref = 0x85DC Channel ID i = 0xA98392 Exclusive, Channel 18 Jun 28 11:48:19: Se5:17 PPP: Using dialer call direction Jun 28 11:48:19: Se5:17 PPP: Treating connection as a callin Jun 28 11:48:19: Se5:17 PPP: Phase is ESTABLISHING, Passive Open Jun 28 11:48:19: Se5:17 LCP: State is Listen Jun 28 11:48:19: ISDN Se5:15 Q931: RX - CONNECT_ACK pd = 8 callref = 0x05DC Jun 28 11:48:19: Se5:17 LCP: I CONFREQ [Listen] id 1 len 23 Jun 28 11:48:19: Se5:17 LCP:ACCM 0x000A (0x0206000A) Jun 28 11:48:19: Se5:17 LCP:MagicNumber 0x00A457E6 (0x050600A457E6) Jun 28 11:48:19: Se5:17 LCP:PFC (0x0702) Jun 28 11:48:19: Se5:17 LCP:ACFC (0x0802) Jun 28 11:48:19: Se5:17 LCP:Callback 6 (0x0D0306) Jun 28 11:48:19: Se5:17 PPP: Authorization required Jun 28 11:48:19: Se5:17 LCP: O CONFREQ [Listen] id 5 len 14 Jun 28 11:48:19: Se5:17 LCP:AuthProto PAP (0x0304C023) Jun 28 11:48:19: Se5:17 LCP:MagicNumber 0x6698E434 (0x05066698E434) Jun 28 11:48:19: Se5:17 LCP: O CONFREJ [Listen] id 1 len 7 Jun 28 11:48:19: Se5:17 LCP:Callback 6 (0x0D0306) Jun 28 11:48:19: Se5:17 LCP: I CONFACK [REQsent] id 5 len 14 Jun 28 11:48:19: Se5:17 LCP:AuthProto PAP (0x0304C023) Jun 28 11:48:19: Se5:17 LCP:MagicNumber 0x6698E434 (0x05066698E434) Jun 28 11:48:19: Se5:17 LCP: I CONFREQ [ACKrcvd] id 2 len 20 Jun 28 11:48:19: Se5:17 LCP:ACCM 0x000A (0x0206000A) Jun 28 11:48:19: Se5:17 LCP:MagicNumber 0x00A457E6 (0x050600A457E6) Jun 28 11:48:19: Se5:17 LCP:PFC (0x0702) Jun 28 11:48:19: Se5:17 LCP:ACFC (0x0802) Jun 28 11:48:19: Se5:17 LCP: O CONFACK [ACKrcvd] id 2 len 20 Jun 28 11:48:19: Se5:17 LCP:ACCM 0x000A (0x0206000A) Jun 28 11:48:19: Se5:17 LCP:MagicNumber 0x00A457E6 (0x050600A457E6) Jun 28 11:48:19: Se5:17 LCP:PFC (0x0702) Jun 28 11:48:19: Se5:17 LCP:ACFC (0x0802) Jun 28 11:48:19: Se5:17 LCP: State is Open Jun 28 11:48:19: Se5:17 PPP: Phase is AUTHENTICATING, by this end Jun 28 11:48:19: Se5:17 PAP: I AUTH-REQ id 1 len 25 from [EMAIL PROTECTED] Jun 28 11:48:19: Se5:17 PAP: Authenticating peer [EMAIL PROTECTED] Jun 28 11:48:19: Se5:17 PPP: Phase is FORWARDING, Attempting Forward Jun 28 11:48:19: Se5:17 PPP: Phase is AUTHENTICATING, Unauthenticated User Jun 28 11:48:19: Se5:17 PPP: Sent PAP LOGIN Request Jun 28 11:48:19: RADIUS: AAA Unsupported [150] 10 Jun 28 11:48:19: RADIUS: 53 65 72 69 61 6C 35 3A [Serial5:] Jun 28 11:48:19: RADIUS(5D95): Storing nasport 20517 in rad_db Jun 28 11:48:19: RADIUS(5D95): Config NAS IP: 0.0.0.0 Jun 28 11:48:19: RADIUS/ENCODE(5D95): acct_session_id: 39067 Jun 28 11
how to run radiusd with high debug info but in background
Hi admins! Please I would want to know how to run radiusd with high debug info but in background? Thank you for your reply. Ernesto Freyre Ramírez Área de Operaciones Red Privada Virtual S.A. Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245 Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Suspending Users
A very easy solution could be change the password for that users??? Ernesto Freyre RamírezÁrea de OperacionesRed Privada Virtual S.A.Av. Paseo de la República 4675 - Lima 34 Telf.: (511) 241-4122 Anexo 2245Fax: (511) 446-8135 Visítenos en: www.qnet.com.pe - Original Message - From: Linda Pagillo To: [EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 10:05 AM Subject: Re: Suspending Users Thank you! - Original Message - From: Milver S. Nisay To: [EMAIL PROTECTED] Sent: Wednesday, June 23, 2004 11:48 AM Subject: Re: Suspending Users Linda wrote: I have a quick questions. I was reading the FAQ and i saw the instructions for rejecting users from authenticating when their account is suspended etc.. but from what i see, the instructions in the FAQ are for people using the "users" file for authentication. I have set my freeradius to use mysqlinstead of the users file. Does anyone know what i need to do to reject users in this case? Thank you. there are a lots of way of preventing a user from being authenticated or authorized from freeradius+mysql implementation. you may add a column or you may not. one funny way that will work with freeradius+MySQL is you can make "User-Password" attribute under radcheck table to be "UserS-Password" attribute, which is unknown to freeradius, the user cannot in any way be authenticated regardless of groups or authentication type. you may try "Auth-Type" attribute to be "Auth-TypoError",and see how it works:) freeradius is fun specially when you get your feet wet with it! more to google and search the list, it has been reposted too! //milver
Re: MySQL problem
send the complete query please, here appears as a sintax error, would help seeing the query - Original Message - From: Szabó György [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 11:01 AM Subject: MySQL problem Hi. The radius.log contains the following lines: Info: rlm_sql (sql): received Acct On/Off packet Error: rlm_sql (sql): Couldn't update SQL accounting for Acct On/Off packet - You have an error in your SQL syntax near 'WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '192.168.1.4' AND A' at line 1 What is the problem ? I'm generate the database with db_mysql.sql -- technik :-) ICQ: 270532579 AIM: gyuriszabo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL problem
You have attached the log file, here appears the same you sent before. Start radius with radiusd -X and copy and paste the complete shown query that will appears. - Original Message - From: George [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 08, 2004 11:24 AM Subject: Re: MySQL problem send the complete query please, here appears as a sintax error, would help seeing the query Ok. I have attached. -- technik :-) ICQ: 270532579 AIM: gyuriszabo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radtest problem
Hi List, please I am facingthe following problem: when I attempt to use the radtest tool withe args.: radtest [EMAIL PROTECTED] wilma 172.16.10.5:1645 123 MYSECRET I have the message: radclient:failed to get value I am working withFreeBSD 4.9, freeradius 0.93 Please, could some one to have some hint about this issue? thank you in advance Ernesto Freyre.
ippool usage
Hi list, here I am here again, now I would want to ask you if it's possible to have many ippool entries in the radiusd.conf file , and how this must be invoked from the post-auth and accounting sections, such as says at the radiusd.conf : Should be added in post-auth and accounting sections Can I set some thing such as: ippool pool_estatico { range-start = 200.31.97.10 range-stop = 200.31.97.13 netmask = 255.255.255.0 cache-size = 14 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } ippool pool_dinamico { range-start = 200.31.97.14 range-stop = 200.31.99.240 netmask = 255.255.255.0 cache-size = 689 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } post-auth { pool_estatico pool_dinamico } accounting { acct_unique detail unix# wtmp file sql radutmp # Return an address to the IP Pool when we see a stop record. pool_dinamico pool_estatico } are there some bad thing? Thank you for your help!!! Ernesto Freyre Ramírez. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
very basic question about realms
... --- Walking the entire request list --- Sending Access-Reject of id 9 to 192.168.100.161:1090 MS-CHAP-Error = \001E=691 R=1 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 6 ID 9 with timestamp 40153a60 #END OF THE MESSAGE --# But when I test with the same configuration with the user prueba (without realm) all works fine, So I think I 'm not considering some further detail ??? Please could somebody give me some hint about this question? Thank you in advance. Regards, Ernesto Freyre. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html