Re: radzap in FreeBSD
Maybe you are correct. But when we use radwho -r, we can use the port number we see. I copied the radutmp file to a linux/freeradius test server, and i can zap the user. The problem is in the real server, the server that runs FreeBSD. It seems that radzap does not find the radiusd server, but they are on the same machine. It is not that problem of port already in use, the release i am using is 0.9.1. thanks, Luiz Gustavo I don't know if this has anything to do with it but the UTMP on FreeBSD is slightly different than many other platforms. I came across these differences a number of years ago, when I was having problems. The main consequence I came across was that FreeBSD truncates the nas/port information. If radutmp on FreeBSD is using a standard structure on all platforms rather than the platform standard, this may be a mute point. On Tue, 2005-11-01 at 13:53 +0100, [EMAIL PROTECTED] wrote: Luiz Gustavo Anflor Pereira schrieb: There is some problem about radzap 0.9.1 in a FreeBSD system? Why it does not zap the users from radutmp? Because there's a bug in the source code which prevents it from working when you're trying to run it on the same server on which the server is running - no matter what OS that box is using? Didn't we have some detailled description of the problem in the past weeks? Regards, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Guy Fraser Network Administrator The Internet Centre 1-888-450-6787 (780)450-6787 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radzap in FreeBSD
Hello all There is some problem about radzap 0.9.1 in a FreeBSD system? Why it does not zap the users from radutmp? Do you know anything about freeradius-snapshot-20030514? thank you very much! Luiz Gustavo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
snapshot 20030514
Hello all Do you know anything about the freeradius-snapshot-20030514? I found it in my FreeBSD server. I am trying to compile it in Linux, but i find many errors. thanks for any information, Luiz Gustavo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radzap problem
Hello guys I would like to know if there is some difference in the source code of freeradiusd 0.9.1, or in compilation options, between linux and freeBSD, because when i run radzap, compiled by the same code, in linux it works, in FreeBSD does not. thanks very much, Luiz Gustavo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dependent libraries
I am trying to compile freeradius 0.9.1, I know tha this is not the last version, but i can't change it... I configured with ./configure --disable-shared and then make and make install. But when i call radiusd -X, i got the error: rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.a: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. what can I do? Any suggestions? Luiz Gustavo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dependent libraries
And how can i check if they are already installed? I think you need the MySQL development libraries installed if your compiling [EMAIL PROTECTED] 30/12/2004 13:45:12 I am trying to compile freeradius 0.9.1, I know tha this is not the last version, but i can't change it... I configured with ./configure --disable-shared and then make and make install. But when i call radiusd -X, i got the error: rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.a: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. what can I do? Any suggestions? Luiz Gustavo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radzap problem
Hello I had this problem too. I found that in the newer versions of freeradius, the read_mainconfig function (in the src/main/mainconfig.c) tests if the port of radiusd is free. If it is not, then exits the program. The problem is that radzap uses the same function. So, radiusd is running, you try to run radzap, then the function exits because the port is already in use. In older version there was no such test. I solved this issue copying the entire function to a new one, and the new function does not exit the program. Then the radzap calls the new function, say read_mainconfig_zap. Hope it will help you. bye, Luiz Gustavo Hi, we are using freeradius-1.0.0, but to kill user sessions on the radius server manually, I always used radzap from freeradius-0.7. No other radzap-version since then - including 1.0.0 - ever worked in my setups. But now I have a problem. We added some new querie statements in the radiusd.conf/sql.conf, which radzap (0.7) can't parse any longer, when it reads these confs at start-up. So I would like to get radzap (1.0.0) to run. Therefore I started the debug mode with radiusd -X. When I use the old radzap, I see the generated stop-packet coming in - that is the expected behaviour. But when I use radzap from release 1.0.0 (in the same way), there is NO incoming stop-packet in the debug log. - And the invoked command shows the following: test-radius:# radzap 211.34.61.119 268566633 Thu Dec 30 16:40:08 2004 : Info: Starting - reading configuration files ... test-radius:# It seems, the radzap command instantly quits while reading some configuration files. What is wrong with the newer radzap versions? I'm not a C-programmer - is the only solution for me, to build a workaround with radclient, which imitates radzap? Regards, Oliver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dependent libraries
Ok, the path is /usr/local/lib/rlm_sql_mysql.a What's next? What do i do? I tried to configured it again, with ./configure --disable-shared --with-mysql-lib-dir=/usr/local/lib but the result was not different... On Thu, 30 Dec 2004 12:22:01 -0200 (BRST), Luiz Gustavo Anflor Pereira [EMAIL PROTECTED] wrote: And how can i check if they are already installed? I think you can do: (may need to be root) updatedb locate rlm_sql_mysql.a or just locate mysql (you'll probably get a bunch of stuff) if it finds it, that should give you the path. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radzap 0.9.1 in FreeBSD
Hello all I have been exchanging emails with you about my problemas with radzap and the dependent libraries. I think I should explain my goals better. What do i need to do? :-) We have freeradius 0.9.1 running on FreeBSD. In this server we cannot zap the users, radzap does not work. I installed the release 1.0.1 in a linux machine to understand a radius server, because i am new in my office. I understood all the radzap and radiusd stuff, and after that i installed the release 0.9.1, copying the sources from the FreeBSD machine, finding then the dependent libraries problem. Then i realized that the drivers were not correct, so i kept the source that i have downloaded from the FreeBSD, but change the src/modules/rlm_sql/drivers directory to that one that i downloaded from freeradius.org. It works again, and the radzap is ok. Now my questions is: there is some problem about radzap 0.9.1 in a FreeBSD? Why it does not zap the users from radutmp? thanks a lot, again! Luiz Gustavo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with radutmp
Hello, Thank you very much. In radzap.c, the main routine calls the read_mainconfig, and this routine exits the program if the port 1812 is not free. I copied this routine to a new one, called read_mainconfig_zap, and it does not exit the program, so the radzap now zaps the user... But i have tried this in the release 0.9.1, and it seems to me that this old version did not have this bug... The radzap worked well... Luiz Gustavo Luiz Gustavo Anflor Pereira [EMAIL PROTECTED] wrote: Are radzap and the radiusd server on the same machine? I have this situation, and it looks like they are cconcurring for the same port (1812). Is that correct? It's a bug in radzap. radzap shouldn't read radiusd.conf, but should get passed the name of the radutmp file directly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with radutmp
Hi
I am using freeradius 1.0.1.
Let me try to understand. If a client loses its connection, we can use radzap to
comunicate with the NAS. Then it sends back a stop packet, and the login is
released. Is that correct?
But due to session_id is too long, it is not working. To fix it, we can use the
mysql function RIGHT(%{Acct-Session-Id}, 8). But in which query?
And if we use it, the checkrad is gonna work? When the checkrad is runned?
thanks again.
Luiz Gustavo
On Mon, Dec 20, 2004 at 02:19:11PM -0200, Luiz Gustavo Anflor Pereira wrote:
hello all
I have a problema concerning radutmp.
Here is the situation:
The command radwho | grep 7969 gives me the output:
rsf7969rsf7969 PPP 999 Fri 16:20 200.96.10
If i use the option -r, so radwho -r | grep 7969, the output is:
rsf7969,rsf7969,PPP,S-2145975988,Fri 16:20,200.96.100.254,
I vaugely remember there's some problem with radutmp and the large port
numbers you're getting... A signedness issue, which I thought I'd fixed
in CVS, but I ended up dropping rlm_unix due to other radutmp problems,
but I'm thinking about trying to reimplement it. ^_^
What version of FreeRADIUS are you using?
*Checks CVS logs* Whoops, guess I never comitted that. _
I'm gonna take a stab in the dark, and guess that the records are not
being deleted because the Accounting Session ID you're getting is too
long for the session_id field in radutmp... See FreeRADIUS bug 62 at
http://bugs.freeradius.org/show_bug.cgi?id=62
By some chance, are you receiving RADIUS packets from an ERX?
--
Paul TBBle Hampson, on an alternate email client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problems with radutmp
Ok. I dont want to ask too much, but i am new on freeradius :-)
Are radzap and the radiusd server on the same machine? I have this situation,
and
it looks like they are cconcurring for the same port (1812). Is that correct?
Thanks again. Merry Christmas!!
On Fri, Dec 24, 2004 at 09:39:58AM -0200, Luiz Gustavo Anflor Pereira wrote:
I am using freeradius 1.0.1.
Let me try to understand. If a client loses its connection, we can use
radzap to
comunicate with the NAS. Then it sends back a stop packet, and the login is
released. Is that correct?
No. When you use radzap, it reads the radutmp file and uses the data
in it to construct an Accounting STOP packet, which it sends to the
RADIUS server, so the RADIUS server can do all its processing as if
the NAS had sent the STOP packet. The NAS is totally unaware, as we
are assuming the NAS _does_ think the session is released already,
most likely due to a lost STOP packet from the NAS. (Otherwise, there
may be a different bug to fix eg. mismatching numbers somewhere.)
But due to session_id is too long, it is not working. To fix it, we can use
the
mysql function RIGHT(%{Acct-Session-Id}, 8). But in which query?
I ended up with accounting_stop_query changing
WHERE AcctSessionId = '%{Acct-Session-Id}'
to
WHERE AcctSessionId LIKE CONCAT('%%','%{Acct-Session-Id}')
for reasons that escape me, compared to RIGHT(%{Acct-Session-Id}, 8). I
think the difference was that using RIGHT assumed the length, while
what I actually did does a substring match against the end of the
stored AcctSessionId.
And if we use it, the checkrad is gonna work? When the checkrad is runned?
Yeah, this means that checkrad (which pulls the Acct-Session-Id from
radutmp)'s STOP packet will match both SQL and radutmp...
--
Paul TBBle Hampson, on an alternate email client.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problems with radutmp
hello all I have a problema concerning radutmp. Here is the situation: The command radwho | grep 7969 gives me the output: rsf7969rsf7969 PPP 999 Fri 16:20 200.96.10 If i use the option -r, so radwho -r | grep 7969, the output is: rsf7969,rsf7969,PPP,S-2145975988,Fri 16:20,200.96.100.254, I know that this user rsf7969 is not connected. Maybe he closed the connection, or lost it, it does not matter, the fact is that he cannot get a new connection. We think that there is some error in the radutmp file, beucase of some reasons: - the output of radwho. The last ip address does not exists, that of Location - the checkrad says the user is not logged in - but when the user tries a new connection, the server says he is already connected. What is wrong in this scenario? thanks for any help! Luiz Gustavo Some users get connected. They lost connection, or close the connection, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the client must send it
Hello all I want o verify if my client is sending some attributes. If it is not, the request must be rejected. I want the client always to send its NAS-Port-Type, I have tried with the checkval option in radiusd.conf, but it has not worked. So I am trying to change the code. I was looking in auth.c, maybe using the pairfind function. Does Anyone have some idea, or does anyone have this problem before? thanks, Luiz Gustavo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checking NAS-Port-Type on freeradius
I want to check which port the client is using to get conected to.
I am using freeradius, and testing with radclient.
My test is:
cat EOF | radclient -x localhost auth testing123
User-Name = gollum
User-Password = smeagol
NAS-IP-Address = localhost
NAS-Port-Type = 5
NAS-Port = 0
EOF
and I want the server to verify if the user gollum can access trhouh a virtual
NAS-Port (NAS-Port-Type=5), for example.
In radiusd.conf, I put these lines:
checkval {
# The attribute to look for in the request
item-name = NAS-Port-Type
# The attribute to look for in check items. Can be multi valued
check-name = NAS-Port-Type
# The data type. Can be
# string,integer,ipaddr,date,abinary,octets
#data-type = string
data-type = integer
# If set to yes and we dont find the item-name attribute in the
# request then we send back a reject
# DEFAULT is no
#notfound-reject = no
notfound-reject = yes
}
and in the radcheck table this line:
mysql select * from radcheck;
++--+---++--+
| id | UserName | Attribute | op | Value |
++--+---++--+
| 7 | gollum | NAS-Port-Type | == | PIAFS |
| 4 | gollum | User-Password | == | smeagol |
++--+---++--+
So, I mean if the gollum is trying to acces through a virtual port, it must be
denied. But it receives a accept response.
How to do it work?
thank you, very much, for any help !!
Luiz Gustavo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
