Re: DHCP howto
On 02/21/2013 07:56 PM, Alan DeKok wrote: 2. Is freeradius ready to work as dhcp server for IPv6? Would it be enough to insert some new words into dictionary and change configuration appropriately? It doesn't do DHCPv6. It's possible, but a lot of work. Any plans to implement ipv6 support any time soon? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: compile error
On 03/28/2013 10:57 AM, Olivier Beytrison wrote: Btw, are you aware that your are compiling freeradius without ssl support ? this mean no eap, no tls, ect ? You should first install the openssl development files before compiling freeradius Olivier Yes, i know. This freeradius will only serve dhcp requests. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
compile error
I am not able to compile from git. It ends with error: version.c:71: warning: no previous prototype for 'ssl_version_check' version.c: In function 'ssl_version': version.c:78: error: expected ';' before '}' token gmake[4]: *** [version.lo] Error 1 gmake[4]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src/main' gmake[3]: *** [main] Error 2 gmake[3]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server/src' gmake[1]: *** [src] Error 2 gmake[1]: Leaving directory `/usr/src/freeradius-git-2.x.x/freeradius-server' make: *** [all] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP relay IP and gateway IP, possible bad logic?
On 03/04/2013 11:03 PM, Phil Mayers wrote: There are a bunch of subtleties in this whole area - some devices offer knobs to control giaddr in the case of multinettings, and some devices offer knobs to control srcip - but, in my experience, you are asking for trouble if giaddr is not valid for accepting relayed replies. We've had significant problems with setups where this is difficult or impossible to achieve as a result. Multinetting a private and public range onto the same interface falls into exactly that category. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Yes, i aggree. But, CM's are in private network. CPE's are behind CM's, in public network. CPE's are connected to CMTS through CM's. Because of that you have public and private network on one interface. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP relay IP and gateway IP, possible bad logic?
On 03/04/2013 04:54 PM, Alan DeKok wrote: The point of asking for debug output is to see what the server is doing. I'm not sure what the rest of your message means. The server defaults to copying the giaddr from the request to the reply. This is so that the reply can use the giaddr as the destination IP. If you use Perl to update the giaddr to something else... then the reply will be sent there. I have to do that, this is cable IP network that i am talking about. Real life example. I am using Cisco CMTS and his primary interface IP as cable-helper/relay IP. This is by desing. I am sorry for my bad english but i will try to explain, please bare with me... This is CM/CPE bundle interface: interface Bundle1.150 vrf forwarding vrf_name ip address public_ip 255.255.255.240 secondary ip address private_ip 255.255.192.0 no ip unreachables no cable arp cable source-verify dhcp cable helper-address radius_ip end As you can see CMTS will relay all requests from CM's and CPE's over primary interface address (private_ip/255.255.192.0) radius will get all requests from that IP. all offers need to go back to that same ip, no matter what giaddr is sent to client. *i have it already working that way with another dhcp server, in production.** **also, couple of commercial products that i was testing had exactly the same logic implemented, all offers were sent to relay ip, no matter what was set as giaddr.* Let us say that i have two pools for CPE devices, imaginary: 200.200.200.0/28 200.200.100.0/28 In that case i will have two lines in bundle interface setup: ip address 200.200.200.1 255.255.255.240 secondary ip address 200.200.100.1 255.255.255.240 secondary and this is relay_ip (primary ip address of bundle interface) ip address 10.10.10.1 255.255.192.0 If dhcp finds free address from first pool (200.200.200.10/28) offer will be somethink like this: giaddr: 200.200.200.1 yiadd: 200.200.200.10 OPTION: 1 ( 4) Subnet mask 255.255.255.240 ... *but offer still needs to be sent to 10.10.10.1*, where requests came from in the first place. I didn't break anything, i have to do it that way. As far as dhcp server goes, it would be logical for him to return the offer to relay ip. relay will forward it to a client and client will get correct data. If offer goes to any other address Cisco ASA will drop that packet because it doesn't have it in initiated/established chains... Next time CPE tries to renew/release address request will come from 10.10.10.1 again... That is why i said that relay_ip shouldn't be replaced with giaddr. FR i am using is 2.2.0, latest stable version. i will try to send debug info tomorrow AM CET... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP relay IP and gateway IP, possible bad logic?
On 03/01/2013 04:12 PM, Alan DeKok wrote:
Can you supply the debug output?
When set that freeradius sends IP, NETMASK, DNS... *WITHOUT DEFAULT
GATEWAY*:
*This packet is sent to RELAY_IP*
*$RAD_REPLY{'DHCP-Gateway-IP-Address'} NOT SENT*
---
TIME: 09:46:24.886544
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 1
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: CPE_PUBLIC_IP
SIADDR: RADIUS_IP
*GIADDR: PRIVATE_RELAY_IP*
CHADDR: **:**:**:**:**:**:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 2 (DHCPOFFER)
OPTION: 1 ( 4) Subnet mask 255.255.255.240
OPTION: 2 ( 4) Time offset 7200 (2h)
OPTION: 3 ( 4) Routers RELAY_PRIVATE_IP
OPTION: 6 ( 4) DNS serverDNS_IP
OPTION: 12 ( 17) Host name HOST_MAC_ADDRESS
OPTION: 15 ( 8) DomainnameDOMAIN
OPTION: 51 ( 4) IP address leasetime 7200 (2h)
OPTION: 54 ( 4) Server identifier RADIUS_IP
OPTION: 57 ( 2) Maximum DHCP message size 1500
When set that freeradius sends IP, NETMASK, DNS... *WITH DEFAULT GATEWAY*:
*This packet is sent to GIADDR**, whis is wrong**!!!*
*$RAD_REPLY{'DHCP-Gateway-IP-Address'} SENT*
---
TIME: 09:46:24.886544
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 1
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: CPE_PUBLIC_IP
SIADDR: RADIUS_IP
*GIADDR: **$RAD_REPLY{'DHCP-Gateway-IP-Address'}*
CHADDR: **:**:**:**:**:**:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 2 (DHCPOFFER)
OPTION: 1 ( 4) Subnet mask 255.255.255.240
OPTION: 2 ( 4) Time offset 7200 (2h)
OPTION: 3 ( 4) Routers RELAY_PRIVATE_IP
OPTION: 6 ( 4) DNS serverDNS_IP
OPTION: 12 ( 17) Host name HOST_MAC_ADDRESS
OPTION: 15 ( 8) DomainnameDOMAIN
OPTION: 51 ( 4) IP address leasetime 7200 (2h)
OPTION: 54 ( 4) Server identifier RADIUS_IP
OPTION: 57 ( 2) Maximum DHCP message size 1500
So, when freeradius sees *DHCP-Gateway-IP-Address *inside reply offer he
uses it as destination where to send reply which is wrong. He should use
RELAY IP instead no matter what's inside BOOTREPLY.*
*
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DHCP relay IP and gateway IP, possible bad logic?
In case when freeradius is talking to a DHCP relay it should *always* send answears to a initiating relay IP. But, it doesn't. Cisco CMTS is using 10.10.10.1 as his giaddr for all requests made by CM's, MTA's and CPE's. All replies should go to 10.10.10.1. But, currently, if CPE gets public IP 200.200.200.2 with gateway 200.200.200.1, freeradius tries to send reply to 200.200.200.1 instead of 10.10.10.1. This is my opinion, maybe i am wrong... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DHCP sqlippool reply values
I've added two new fields into radippool table that i am using for DHCP
dynamic pools.
`gateway` varchar(15) NOT NULL DEFAULT '',
`netmask` varchar(15) NOT NULL DEFAULT '',
in ippool-dhcp.conf i've added new fields:
allocate-find = "SELECT framedipaddress,gateway,netmask FROM
${ippool_table}
I am not able to figure out how to address new fields inside
policy.conf. Is it even possible?
I need to have two new fields, currently i have:
update reply {
DHCP-Your-IP-Address = "%{reply:Framed-IP-Address}"
}
I am trying to get two new fields:
DHCP-Subnet-Mask
DHCP-Gateway-IP-Address
I can use perl module to add those two fields but that means that i need
two more database queries.
Any other way?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
1. In sqlippool.conf is stated: # # WARNING: MySQL has certain limitations that means it can # hand out the same IP address to 2 different users. # # We suggest using an SQL DB with proper transaction # support, such as PostgreSQL, or using MySQL # with InnoDB. # Does this mean that only thing needed is to create innodb tables? Module will use transactions automaticaly? 2. Is freeradius ready to work as dhcp server for IPv6? Would it be enough to insert some new words into dictionary and change configuration appropriately? Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: strange DHCP behavior
On 02/21/2013 10:23 AM, Igor Smitran wrote: Received DHCP-Discover of id 08f11b15 from 10.21.192.1:67 to 0.0.0.0:67 Parse error Parse error or name in attributein attributein ode" Dropping packet without response. Going to the next request Waking up in 0.9 seconds. My bad, sorry everyone, i forgot to include dictionary.dhcp :( Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
strange DHCP behavior
Server: up2date Centos 6.3 x64 Software: freeradius 2.2.0 configured by ./configure, generated by GNU Autoconf 2.61, with options \"'--prefix=/usr/local/freeradius' '--with-dhcp' '--with-rlm_mysql=no' '--with-rlm_perl=no' --enable-ltdl-install\" radiusd -X starts OK, and then, after first DHCP discover is received: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/freeradius/var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on dhcp interface eth1 address * port 67 as server dhcp Listening on proxy address * port 1814 Ready to process requests. Received DHCP-Discover of id 08f11b15 from 10.21.192.1:67 to 0.0.0.0:67 Parse error Parse error or name in attributein attributein ode" Dropping packet without response. Going to the next request Waking up in 0.9 seconds. -- It is happening with default dhcp config. Only what is changed is: port = 67 ipaddr = * (ommited) interface = eth0 This is entirely new server, installed only for dhcp testing. Mysql and perl will be added later. Any idea? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
On 02/19/2013 03:41 PM, Alan DeKok wrote: Use +=, not = Alan DeKok. Request from client is this: DHCP-Parameter-Request-List = DHCP-Subnet-Mask DHCP-Parameter-Request-List = DHCP-Router-Address DHCP-Parameter-Request-List = DHCP-NTP-Servers Freeradius puts everything into ENV. Because of the same key only last value is used, other ones are overwritten. So, ENV in this example will have only this: DHCP-Parameter-Request-List = DHCP-NTP-Servers PHP script will be able to read that client asked only for DHCP-NTP-Servers value. This is PHP error or Freeradius error? Or am i missing something? Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
During debug session (radiusd -X) beside other things i can see this: DHCP-Parameter-Request-List = DHCP-Subnet-Mask DHCP-Parameter-Request-List = DHCP-Router-Address DHCP-Parameter-Request-List = DHCP-NTP-Servers DHCP-Parameter-Request-List = DHCP-Domain-Name-Server DHCP-Parameter-Request-List = DHCP-Log-Server DHCP-Parameter-Request-List = DHCP-Domain-Name DHCP-Parameter-Request-List = DHCP-Renewal-Time DHCP-Parameter-Request-List = DHCP-Rebinding-Time DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name But, when i call exec script (phh for example) this array only contains last key: DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name It is logical that those values will be overwritten but... Is there a way to work around this problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DHCP howto
What would need to be done in dhcp setup in order to have radusergroup/radcheck/radreply/radacct-alike behavior? I am trying to make it work with cable equipment (CM,MTA,CPE) but i am not sure how to start. CM and MTA would have static IP addresses (sql prefered because of additional replies: boot-file,dns,gateway etc.) and CPE's would have dynamic IP address assigned. I am willing to do some serious tests and get back with results because if everything works ok i would switch to freeradius from standard ISC dhcpd. Thank you - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Juniper ERX and checkrad
It is my first time to setup Juniper ERX-1440 with freeradius. All my other NAS's are cisco. I was trying to setup checkrad to check for simultaneous connections and realized that juniper is not listed in nas type list. Can someone help me with getting chekrad to work with Juniper ERX? Thank you - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ISG DHCP relay
Nice. Alexander Clouter wrote: Igor Smitran wrote: I really don't understand why noone wants to help. After all, i am using freeradius together with cisco. Hey there, I'm trying to ping 217.23.192.1 from my laptop at work, but it seems I need 802.1X configured to connect to my local network. As I'm trying to send traffic to your network, after all it involves a device on blic.net's network, can you help with my connectivity problems? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ISG DHCP relay
Yes, it is definitley my bad english. I am not using freeradius as DHCP, i am using freeradius as mac address checker. That part is working ok. I am using freeradius for long time and it is a great product. But, cisco ISG is new to me. I have setup cisco ISG as a DHCP server. when cisco receives DHCP request it takes MAC address and asks freeradius if that mac address has access to internet. Based on freeradius Access-Accept/Reject i am using diferent policies applied to user. And it works. At least for CPE devices. But, CM and MTA devices need tftp server name and tftp file name. My problem is, and i have searched for more than 15 days, how or even if possible, to use freeradius to send BOOTP parameters to cisco. Since i wasn't able to find anything about that on cisco site i was just asking if anyone has ever done something similar to help me. I wasn't asking how would i do that in freeradius or am i able to do that in freeradius. I know freeradius is capable of that. I just don't know where to look. I was searching for "cisco isg bootp freeradius avpairs" and lot more different searches on google but nothing usable came up. I am sorry for misunderstanding, i wasn't being rude, just out of options. Since, in my project i will use freeradius i thought that someone else did the same thing before me and because of that i have asked a question here. Thank you and sorry again Alan Buxey wrote: Hi, I really don't understand why noone wants to help. After all, i am using freeradius together with cisco. I just asked if anyone has any experience in ISG+FreeRadius because i am trying to find a solution for my problem for more than 15 days. Does it really matter what kind of NAS i am using? you said you couldnt find any answers about the tech on cisco site. as a big cisoc user myself of many of their product lines...i find that somewhat wierd as they pretty much document everything...maybe its badly linked and doesnt spell out exactly how you do A+B with product C (they'll just tell you how A + B work - you figure the rest out). but its there. perhaps its because your original question was badly worded or incorrectly phrased? you're trying to use the DHCP function of FreeRADIUS...yes? in the world of DHCP (relay or not) TFTP options are just extra attributes returned in the reply eg ISC DHCP gives you option tftp-server-name "servername" and filename "filename" and even next-server 123.123.123.123 (where 123.123.123.123 is quaddot notation for TFTP server) you may need to adjust the AAA attribute list to deal with these. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ISG DHCP relay
Ok, I really don't understand why noone wants to help. After all, i am using freeradius together with cisco. I just asked if anyone has any experience in ISG+FreeRadius because i am trying to find a solution for my problem for more than 15 days. Does it really matter what kind of NAS i am using? Thank you, Igor Alan Buxey wrote: Hi, I am sking here because i wasn't able to find any answears on cisco site. Maybe someone here has enough experience to point me to right direction. I'm not sure what lists you are on...but you seem to be confused - this is the FreeRADIUS mialing list, not the Cisco support mailing list. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ISG DHCP relay
Alan DeKok wrote: What does the ISG documentation say? Ask the vendor how their product works... I am sking here because i wasn't able to find any answears on cisco site. Maybe someone here has enough experience to point me to right direction. Thank you all - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ISG DHCP relay
I am sorry for contacting list for my problem, but i have searched for more than 15 days trying to find the solution with no success: 1. i have a cisco ISG with DHCP relay that points to freeradius 2. freeradius will send access accept or access reject based on mac address, nas ip etc. this scenario works ok for CPE devices, but not for CM devices because CM devices need TFTP server name and TFTP file name. I am unable to find right reply message format. So, my problem is BOOTP part. Is there any way to send those data to ISG so that ISG can combine those data and send it to CM device? Again, i am sorry for asking this question here but it is partially tied to freeradius functionality. I hope there is someone on this list that has more experience with ISG and freeradius to point me to right direction. Thank you... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dictionary help
Alan DeKok wrote:
> Yes. Delete the line containing PW_TYPE_STRING, and change the
> previous line to:
>
>if ((dattr = dict_attrbyname(newattr)) != NULL) {
>
> Then re-compile && install.
>
>
Just what i thought bu wasn't sure.
Can we expect this to be changed permanently in future releases?
Thank you for your help.
Igor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dictionary help
Alan DeKok wrote: > Hmm... the code in rlm_preprocess checks if the attribute is "string" > type. I don't see why this is necessary. See line 155 (or so) in > src/modules/rlm_preprocess/rlm_preprocess.c. > > I've saw the source and now i understand, but, i don't know much of C and don't know if problem is solvable? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dictionary help
Hello, I am trying to rewrite some custom AVPairs that cisco sends me. In order to do that i've created cusatom dictionary: ATTRIBUTE disc-cause-ext 507 integer VALUE disc-cause-ext Unknown 1002 VALUE disc-cause-ext CLID-Auth-Fail 1004 VALUE disc-cause-ext No-Carrier 1010 VALUE disc-cause-ext AAA-VAL-DISC-LOST-CARR 1011 etc When radius is started with this dictionary i don't get any value for disc-cause-ext attribute. It doesn't exist. In my log files i've enabled request attributes loging, and i get this: Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = disc-cause-ext=1045 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-bytes-in=217 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-bytes-out=139 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-paks-in=8 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-paks-out=7 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-session-time=35 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = connect-progress=60 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = nas-rx-speed=31200 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = nas-tx-speed=4 If i change my dictionary to look like this: ATTRIBUTE disc-cause-ext 507 string then in my log i see this: Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = disc-cause-ext=1045 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-bytes-in=217 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-bytes-out=139 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-paks-in=8 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-paks-out=7 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = pre-session-time=35 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = connect-progress=60 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = nas-rx-speed=31200 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: Cisco-AVPair = nas-tx-speed=4 Tue Feb 23 17:41:42 2010 : rlm_perl: RAD_REQUEST: disc-cause-ext=1045 All i want to do is map number to string, so that my tech support can see human readable disconnect cause extension, because it gives me slightly more data about the disconnect reason. Am i on the right track or...? Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disc-cause-ext number to string
I am having problems with one NAS, Cisco 3620. It keeps sending me AVPairs that contain only number values, not string. Example: Cisco-AVPair = disc-cause-ext=1045 According to this: http://www.cisco.com/en/US/docs/ios/internetwrk_solutions_guides/splob/guides/dial/aaasub/C262C5.html 1045 = Received Terminate On that same radius i have few other Cisco NAS-es that send AVPairs with string value. Is there a way to translate this number to string value in a dictionary? I am sorry if this subject was mentioned before. I've spent one hour searching but no success, maybe my search keywords were wrong. Any guidance would be appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Bandwidth & Hardware Requirement Question
Bandwidth is needed on your router. Between your router and your radius server you will only have authentication and accounting packets which are small and do not consume much of a bandwidth. Radius server will not do any rate limiting, radius server will only send rate limit data to router, during authentication, if you tell him to. You can use desktop computer (P4 for example) for radius server. You can have sql server on separate lan/computer. or not, it's up to you. You can authenticate thousands of users on one pentium 4, with basic setup. Deepak wrote: > Hi all, > > I have done basic setup of freeradius and tested in my old PC (PIII). > Now I want to do the real thing but I need some estimation regarding > this. Can somebody share their knowledge on this? > > What is the bandwidth requirement for dedicated radius service based > on numbers of user or hotspots. Yes I know more the better and more > users mean more bandwidth but is there a rough formula for this? > > X users = Y bandwidth (roughly) > > Besides what kind of hardware (can I use desktop computers for this > purpose), minimum memory? > Can I use the radius and mysql in same server or run separate in same > LAN? (recommendation) > > Also I need a rough estimate on how many users can be handled by one > server with certain hardware+memory ideally. > > Some expert advice is greatly appreciated > > Thanks > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to combine
Look at the radcheck table. Attribute name "Calling-Station-Id". Magui wrote: > Hello, i want to know how combine user,password and telephone number > for to authenticate an user in order to give acces to my network. > Please I only need an superficial orientation ,not to detail > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reject group
I was wrong. In your radgroupreply put: +++---++--+ | id | GroupName | Attribute | op | Value| +++---++--+ | 8 | locked | Reply-Message | := | Account is locked | In your radgroupcheck put: +++---++---+ | id | GroupName | Attribute | op | Value | +++---++---+ | 1 | locked | Auth-Type | == | Reject| Didn't have morning coffee at the time of my first post:) Igor Smitran wrote: > Define group in your database. In radgroupreply put Auth-Type := Reject > > hashim zayed wrote: > >> Hi all: >> >> I am using freeradius with mysql I want to want to create a group >> that with default reject response . so when I put a user in this >> group he gets access-reject from freeradius. >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> >> > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reject group
Define group in your database. In radgroupreply put Auth-Type := Reject hashim zayed wrote: > Hi all: > > I am using freeradius with mysql I want to want to create a group > that with default reject response . so when I put a user in this > group he gets access-reject from freeradius. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl problems]
Garber, Neal wrote: > Igor: I hope you weren't offended by my assumption - I wasn't sure, based > upon your comment, and I was just trying to help. If I offended you, I > apologize. By the way, out of curiosity, did the patch work for you on 2.1.7 > also? > Don't worry, i wasn't offended at all. No need to apologize. I am often misunderstood because english is not my native language. I will try to patch 2.1.7 during weekend on my test server. 2.1.6 that i have problems with is on my production server. Recently i wanted to put some extra scripts into it and that's when i ran into rlm_perl problems. Beside rlm_problem server was working just fine. When it crashed because of rlm_perl i made a workaround by using one perl instance and defining different functions. Anyway, i will let you know about my 2.1.7 installation on saturday or sunday. Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl problems]
Garber, Neal wrote: > The error is in rlm_perl and appears related to thread data management, not > the O/S and not perl (I run FreeBSD and you run CentOS; we even have > different versions of perl). Boian can explain the change far better than I > can; but, my interpretation of the change is that the thread specific data > key is now created upon perl module instantiation and stored with the > instance data (so there's now a separate key for each perl instance we > defined in FreeRadius). (Perhaps someone will correct me if I interpreted it > incorrectly.) > > When you say you're not good in C, if you are mean you are unsure how to > apply the patch, try this: > > 1. Put the .diff file in the directory with rlm_perl.c (src/modules/rlm_perl > is the directory). > 2. Then use the patch command to update rlm_perl.c (it creates > rlm_perl.c.orig as a backup and updates rlm_perl.c): > patch rlm_perl.c rlm_perl.diff > 3. Rebuild/install FreeRadius from source > 4. Test > 5. Say thank you to Boian (and Ivan as he helped also).. > I know how to patch. I was just trying to find out what was the error. That's the part i was thinking of when i said "not good in C" :) You are right, i forgot to say thank you to all. :) Thank you Ivan, thank you Boian. Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl problems]
Ivan Kalik wrote: > Why? Alan is not the only developer. Read the copyright for rlm_perl code. I know that Boian is responsible for making our life easier :) I was asking if this patch is going to be included in next release. That is the comment i was expecting. Sorry for misunderstanding. Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl problems]
Boian Jordanov wrote: > > On Jul 26, 2009, at 12:59 AM, wrote: > >> Igor wrote: >> >>> I have tried 2.1.7 and got same error. I will try to compile it with >>> --enable-developer and see if i can find out anything from gdb output. >>> I realy don't know why would this happen because exactly the same >>> setup worked on >>> older releases. All i did was to compile the new version (2.1.6) and >>> then copy >>> old raddb dir. >> >> I am not sure why i got so many "no debugging symbols found" but i >> did per >> doc/bugs instructions. >> This is gdb output: > > Try attached patch. I didn't try it yet and i am not very good in C. Error that I and Neal had is something regarding OS or...? I don't see anyone else having this problem except me and Neal. Also, i didn't see any comment from Alan. If this is something that was already been discussed here i am sorry for bringing it up again, but i would realy like to hear Alan about this. Boian, would you like to explain what was the cause of this error? Thank you, Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Salu2...
Igor Smitran wrote: > As far as i can see, you removed pap from authorize section, which means > that you tried to change default setup... > My bad, pap does exist in authorize, but freeradius doesn't know where is the password... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Salu2...
Frank Ernesto Morales Quiroga wrote:
> install in freebsd freeradius friends and when my clients try to
> connect this poster draws me, it can be:
>
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[chap] returns noop
> ++[mschap] returns noop
> [suffix] Looking up realm "cdr.cu " for User-Name =
> "t...@cdr.cu "
> [suffix] No such realm "cdr.cu "
> ++[suffix] returns noop
> [eap] No EAP-Message, not doing EAP
> ++[eap] returns noop
> ++[unix] returns notfound
> [files] users: Matched entry DEFAULT at line 85
> ++[files] returns ok
> ++[expiration] returns noop
> ++[logintime] returns noop
> [pap] WARNING! No "known good" password found for the user.
> Authentication may fail because of this.
> ++[pap] returns noop
> Found Auth-Type = System
> +- entering group authenticate {...}
> ++[unix] returns notfound
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject] expand: %{User-Name} -> t...@cdr.cu
>
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> Delaying reject of request 2 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 2
> Sending Access-Reject of id 158 to 192.168.25.50 port 17963
> Waking up in 4.9 seconds.
> Cleaning up request 2 ID 158 with timestamp +158
> Ready to process requests.
What is your users real username? t...@cdr.cu or just test?
Where did you put your users? in database? shadow file?
What kind of password authentication do you use? PAP, CHAP, MSCHAP?
Default freeradius setup is almost always able to work out of the box
for many scenarios, but it still lacks the ability to read minds as we
all do here :)
As far as i can see, you removed pap from authorize section, which means
that you tried to change default setup...
Igor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl problems]
Garber, Neal wrote:
> Igor,
>
> What version of perl and what O/S are you using? I'm using FreeBSD 7.2 with
> perl 5.8.9. The reason I hadn't submitted this sooner is I wanted to rule
> out an issue with perl (our Productions servers are running an older version
> of FreeBSD and perl).
perl, v5.8.8 built for x86_64-linux-thread-multi, installed with yum
OS: CentOS X64, kernel 2.6.18-128.1.10.el5
freeradius installed from rpm,
rpm made with freeradius.spec file:
%define _prefix /usr/local/freeradius
%configure --prefix=%{_prefix} \
--with-system-libtool \
--disable-ltdl-install \
--with-ltdl-lib=/usr/lib \
--with-ltdl-include=/usr/include \
--with-large-files --with-udpfromto --with-edir \
--with-rlm-krb5-include-dir=/usr/kerberos/include \
--with-rlm-krb5-lib-dir=/usr/kerberos/lib \
--with-logdir=/var/log/radius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl problems]
Ivan Kalik wrote: >> It ends with freeradius crashing. If i disable all other perl calls and >> leave only dummy.pl works with no problems. Same goes for other way >> around. Basicaly, any combination that involves only one perl script >> works without any problems. If i use two perl scripts in any combination >> freeradius crashes. >> > > Let me see if I understand well: you can run multiple perl module > instances as long as they execute same script; if different instances run > different scripts - freeradius crashes! > > I will try to emulate this tonight. I haven't tried this scenario. But I > can run perl + radcheck (also perl script, but not called through perl > module) without problems. Yes, i can define multiple perl instances as long as they call same perl script. It looks like two different perl scripts cannot coexist in memory at the same time. Workaround for now is to have one perl script active and through func_* definitions have different functions called and do tasks needed, like i stated in one of my examples earlier in this thread. P.S. chekrad works for me too, i use it for simultaneous-use. I was trying to use unlang as much as possible, but there are two tasks left that i need perl for. Thank you, Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl problems]
Ivan Kalik wrote:
>> perl perl_script_1 {
>> module = ${confdir}/config_dialup/perl_script_1.pl
>> func_authorize = authorize_check_username
>> func_accounting = accounting_check_username
>> }
>>
>> perl perl_script_2 {
>>
>> module = ${confdir}/config_dialup/perl_script_2.pl
>> }
>>
>
> Is that a no? Neither of these instances you have posted has
> func_post_auth defined.
>
> Ivan Kalik
> Kalik Informatika ISP
Yes, that is a no. I only defined functions for which i changed names.
Didn't define functions that are left with default name. I did it that
way because in original perl all func_* are commented out.
Here is an example. i was using authorize section for this:
Just tested it. It doesn't work in both cases, with func_authorize
defined and without it.
In authorize section i have put dummy:
authorize {
*
dummy
*
}
in modules/perl:
perl dummy {
module = ${confdir}/scripts/dummy.pl
func_authorize = authorize
}
in dummy.pl:
use strict;
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK);
use Data::Dumper;
#my %RAD_REQUEST;
#my %RAD_REPLY;
#my %RAD_CHECK;
use constantRLM_MODULE_REJECT=>0;# /* immediately
reject the request */
use constantRLM_MODULE_FAIL=> 1;# /* module failed,
don't reply */
use constantRLM_MODULE_OK=>2;# /* the module is OK,
continue */
use constantRLM_MODULE_HANDLED=> 3;# /* the module
handled the request, so stop. */
use constantRLM_MODULE_INVALID=> 4;# /* the module
considers the request invalid. */
use constantRLM_MODULE_USERLOCK=> 5;# /* reject the
request (user is locked out) */
use constantRLM_MODULE_NOTFOUND=> 6;# /* user not found */
use constantRLM_MODULE_NOOP=> 7;# /* module succeeded
without doing anything */
use constantRLM_MODULE_UPDATED=> 8;# /* OK (pairs
modified) */
use constantRLM_MODULE_NUMCODES=> 9;# /* How many return
codes there are */
sub authorize {
&radiusd::radlog(0, "DUMMY");
return RLM_MODULE_OK;
}
It ends with freeradius crashing. If i disable all other perl calls and
leave only dummy.pl works with no problems. Same goes for other way
around. Basicaly, any combination that involves only one perl script
works without any problems. If i use two perl scripts in any combination
freeradius crashes.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl problems]
Ivan Kalik wrote:
> Have you defined func_post_auth?
>
> Ivan Kalik
> Kalik Informatika ISP
>
Left everything by default. Made script by using example.pl as template.
Both scripts are looking exactly the same, except that i don't use
default function names for perl_script_1.
perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}
perl perl_script_2 {
module = ${confdir}/config_dialup/perl_script_2.pl
}
This means that perl will use default function names for perl_script_2 and
different function names for perl_script_1, right? or am i missing something?
Igor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl problems]
I am using Freeradius 2.1.6.
I have a working setup of freeradius with perl scripts inside authorize
and accounting sections.
Everything works great when i am using only one script.
But. if i add another script to do some other stuff for example in
post-auth section i get errors in log and freeradius dies.
Error i get is:
Error: rlm_perl: perl_embed:: module =
/etc/raddb/config_dialup/perl_script_2.pl , func = post_auth exit
status= Undefined subroutine &main::post_auth called.
My perl setup is like this:
perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}
perl perl_script_2 {
module = ${confdir}/config_dialup/perl_script_2.pl
}
If i put everything into one script, like this:
perl perl_script_1 {
module = ${confdir}/config_dialup/perl_script_1.pl
func_authorize = authorize_check_username
func_accounting = accounting_check_username
}
perl perl_script_2 {
module = ${confdir}/config_dialup/perl_script_1.pl
}
then everything is ok. Did any of you had these problems?
Thank you
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
simultaneous ISDN and async
Can i use simultaneous use to limit particular users to use just one channel ISDN? And at the same time, to forbid async users multiple logins? For ISDN users i want to limit only some users, not all. I know that cisco questions should not be posted here and i am sorry for that but... I am not sure what can i do on NAS side to prevent double channel ISDN logins. Cisco is AS 3620, IOS is 12.0(7)T. If i can send some vendor specific packet to NAS that would be great. Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Cisco AV Pairs per realm
Look at the acct_users file, you can define what to do when receiving START, STOP and ALIVE packets. You can call external script if you like. All you need to do is echo correctly formated string and access server will receive it. If you want to put something additional to database, you can do that too. Also, another way is to use post_auth hook and run external script from there. If you are going to run external scripts, all needed data is inside ENV variable, including realm, username etc. All this is also stated in documentation. Igor - Original Message - From: "Dan Goscomb" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: 18 September, 2007 11:22 Subject: Re: Sending Cisco AV Pairs per realm Here is a short example that should work for you using the hints file: #hints DEFAULT User-Name =~ "@dsl.realm" Hint = "DSL" #/hints #users DEFAULT Hint == "DSL" Cisco-AVPair += "..." #/users Thanks Kevin This looks great, however the caveat is that we're using MySQL and not the users file; I can't for the life of me work out how to get that data in to the tables! Any hints would be appreciated. Cheers Dan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 2540 (20070919) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Yes Peter, you are right. My fault. I only tried netflow tools, i never used those in production envrionment. I just checked and saw that i need to pull data from collector, while collector is receiving data from routers. That said it is not possible to have accurate data at disconnect. Sorry for this, i was hotheaded, but i can't help it, it defines me :) Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Peter Nixon <[EMAIL PROTECTED]> wrote: Aside from tinkering with FreeRADIUS code (and running a large number of production servers) I also tinker with and run pmacct which I highly recommend as a netflow/sflow solution. We have a number of deployments of both on the same Postgresql backend and as long as your DB server is specced correctly you shouldn't have any trouble. That looks like a fantastic tool, which should be mentioned in the FAQ, as "how to get protocol-specific accounting information". I we were suckers for punishment, we could write a radius plugin for pmacct, so that the RADIUS server could see that traffic, too. But it's probably better to integrate things at the DB layer, rather than the protocol layer. Alan DeKok. It would be good to have all data imidiately accessible, that way one can use exec-wait and do accounting imidiately upon disconnect? Or am i missing the point? :) i am just trying to share some ideas and do some brain storming. My idea was something like this: 1. user tries to authenticate 2. radius authenticates user and starts accounting 3. radius pulls netflow data for particular IP in some time intervals and inserts those into some database table I am not very familiar with freeradius. I've seted it up to do what i want but don't have time to learn more :( so if i am missing the point please let me know :) Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
"Igor Smitran" <[EMAIL PROTECTED]> wrote: I have Mikrotik. It can export netflow data but i am not sure what freeradius can do with that? Nothing. You will need a netflow server. Is it possible to have all netflow for that client inserted into database somehow? Please provide some URL because i am not sure what to search for. "netflow server" ? Alan DeKok. Yes, i know about cflowd and similar netflow tools. I was thinking that maybe there is some solution that can help me to insert flow data for particular user into database together with total octets in, octets out upon disconnect. Thank you, Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: netflow per connection
Is there a way to have netflow data per session, instead of just total "octets in" and total "octets out"? I am trying to find a relatively easy way to charge users per netflow data, for example: local data is 50% discount, mail is 30% discount etc. Consult the NAS documentation. If it doesn't say it can send that information, then that information won't be available to FreeRADIUS. Alan DeKok. I have Mikrotik. It can export netflow data but i am not sure what freeradius can do with that? Is it possible to have all netflow for that client inserted into database somehow? Please provide some URL because i am not sure what to search for. Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: assign a value to an attribute via a script
- Original Message -
From: "Philippe Bacquaert" <[EMAIL PROTECTED]>
To: "freeradius-users"
Sent: Wednesday, April 26, 2006 10:46 AM
Subject: assign a value to an attribute via a script
Hello,
I'm searching how to use a script to modify the value of an
attribute.
When I try the example of radiusd.conf : Attribute-Name =
`%{echo:/path/to/program args}`
In my test I try to use a script to assign an IP address to
the Attribute Framed-IP-Address :
Framed-IP-Address = `%{dhcp:/etc/raddb/test %{User-Name}
%{NAS-IP-Address}}`
I've added this in the accounting module with the same result
as I want to fic this value in the attribute Framed-IP-Address
during the time of an active accounting session.
I've created an exec module :
exec dhcp {
wait = yes
input_pairs = request
output_pairs = reply
packet_type = Access-Accept
}
I get an error message when I try to start :
ERROR: Cannot find a configuration entry for module
"Framed-IP-Address".
The rest of the radiusd.conf configuration is pointing to a
MySQL database and works well.
I've tested successfully the script itself alone in the echo
module configuration : program = "/var/log/radius/test
%{User-Name} %{NAS-IP-Address}"
What am I doing wrong ?
Is something missing ?
Sincerely,
Philippe BACQUAERT
If you want to assign fixed ip address to a user add FramedIPAddress field
into radreply table for that user?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Managing connection on Freeradius
Hello all, I am quite new to freeradius and I am with a doubt. I have a PPPoE-Server that authenticate the users into my FreeRadius server. The problem is that if a client, by some reason, get lost of connection the freeradius mantain the log about that connection and, if the client try to connect again, it say that siomultaneos use is not allowed. So I have to delete radutmp and radwtmp, restart radius, and lost the track of connections. There is any tool to make it easier? Or some configuration that if there is no package coming from the cliente for 60 seconds it will disconect the client? Read radzap help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mikrotik router Tx/Rx attribute and freeradius
Is it possible to limit the data transfer rate with freeradius and mikrotik. If possbile then where should I specify what attribute. For example I want to authenticate the users with freeradius + mysql and mikrotik router and limit the Tx/Rx rate to 64Kbps/32Kbps. How can I do that? http://www.mikrotik.com/Documentation/manual_2.7/Basic/AAA.html#ht37996460 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
From: c k To: freeradius-users@lists.freeradius.org Sent: Tuesday, August 08, 2006 6:33 AM Subject: (no subject) I m using EAP-TLS as an authentication protocol.I want to authorize the clients in my network to access only certain protocol traffics.For some users i want to allow only http,while for others http and ftp.How can i create such kind of profiles and perform access control on routers.Sorry friends i m new to radius...plz help me out. You need router that supports that kind of thing. Something like named access lists. Then you use freeradius to send access list name to router. Try to find what attributes your router can receive from radius. Try googling something like "your router name radius attributes". If not, you can use diferent pools for users that have ftp access and user that don't have ftp access. For those pools you setup diferent access lists. After that you just use freeradius to give diferent IP adresses to users that have ftp access and users that don't have ftp access. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
netflow per connection
Is there a way to have netflow data per session, instead of just total "octets in" and total "octets out"? I am trying to find a relatively easy way to charge users per netflow data, for example: local data is 50% discount, mail is 30% discount etc. Thank you, Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mikrotik MSCHAPv2 MPPE pppoe
From: "Alan DeKok" <[EMAIL PROTECTED]> Please post the debug log, as suggested in the FAQ, README, and INSTALL. I got it up and running. I don't know if anyone before had this problem. Problem was in nonstandard fields that Mikrotik sent to freeradius. Preprocess directive inside authentication section solved the problem. Igor S. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mikrotik MSCHAPv2 MPPE pppoe
I am trying to make mikrotik and freeradius work together. However, i can't make it work with pppoe MSCHAPv2 and MPPE. I only succeeded to make it work with PAP. I also tried to set freeradius in every combination that crossed my mind (use mppe, mppe strong, mschapv2, eap-peap). Mikrotik sends access requests to freeradius but freeradius returns " from client...". Maybe this isn't realy a question for freeradius list but can anybody help me? Thank you P.S. If admins feel that this doesn't belong to freeradius list they can delete this message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: default gateway per user basis
Alan Dekok wrote: > Look at the packets coming from the two gateways, and see how > they're different. Use those differences to write rules that match > those differences, and return the different configurations. Ok, let us say that we have two users: Alan and Igor 1. when Igor logs in he needs to get IP address 192.168.1.10/24 and gateway 192.168.1.100 2. when Alan logs in he needs to get IP address 192.168.2.10/24 and gateway 192.168.2.100 different IP ranges, different C classes and different gateways accordingly. I am not sure what do i have to listen from those gateways. Computer with pppoe server and freeradius has connection to both C classes. I just want to route users differently. One user to more expensive link, one user to less expensive link. Help please? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: default gateway per user basis
> "Igor Smitran" <[EMAIL PROTECTED]> wrote: > > I have a pppoe server on freebsd. I want to setup freeradius to give > > different ip address block and gateway to users. > > I need two pools, and i have a two gateways. One gateway is more expensive > > than the otherone. So, users that pay less will use chiper gateway and vice > > versa. Is this possible? > > Yes. > > Alan DeKok. Can you tell me how? :lol: Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
default gateway per user basis
Hello. I am new to this list and also to freeradius server. Can someone please help me? I have a pppoe server on freebsd. I want to setup freeradius to give different ip address block and gateway to users. I need two pools, and i have a two gateways. One gateway is more expensive than the otherone. So, users that pay less will use chiper gateway and vice versa. Is this possible? 10x in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
