freeradius cisco-avpair problem
Hello I have y problem with the cisco-avpairs and a 525 cisco pix. After the pix has gotten the avpairs and created the access-list (e.g. AAA-user-test), the logging-table says that he needs an authorization. But radius and authorization? No really! Here is the line from the logging-table: Authorization denied (acl= AAA-user-test) for user 'test' from 10.10.10.23/1369 to xx.xx.xx.xx/53 on interface inside. My avpair looks like: ip:inacl#1=permit tcp host 10.10.10.23 any . Where is my mistake? Either on the pix or at my kind of avpairs? Muchas gracias, Matthias Wolf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: freeradius--with mysql database???
Hey Joel, had the same problem on freebsd. The rlm_sql_mysql will be compiled automatically if all libs are installed. If not, go to your source directory in the folder: freeradius-snapshot-xx\src\modules\rlm_sql\drivers\rlm_sql_mysql and compile the rlm by hand to see what's missing. The libs which you requires: expat-1.95.7, gdbm-1.8.3_1, gettext-0.13.1_1, gmake-3.80_2, libiconv-1.9.1_3, libltdl-1.5.2, libtool-1.3.5_2, mysqlclient! M. Wolf -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Joel n.solanki Gesendet: Mittwoch, 14. Juli 2004 10:44 An: freeradius-users Betreff: freeradius--with mysql database??? Dear freeradius gurus, I am very new to radius.Just know what is radius nothing more :) I have downloaded freeradius-0.9.2.tar.gz and installed it. My system is Redhat 9.0 Problem:- I want my pppoe users to authenticate with freeradius and the (Usernames / Passwords) should be in mysql database and lot of other things. So how could i enable mysql database configuration in freeradius files? I want mysql support in freeradius ..need to enable it? Can someone throw light on my small question. Thanking in advance. Joel n.solanki - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: AW: Cisco-AVPair store in MySQL4/freeradius1.0.0
OK, I downloaded the latest Version. But during the make process there was an error: /usr/apps/freeradius-snapshot-20040712/libtool --mode=link gcc rlm_dbm_parser.o ../../lib/libradius.la -lcrypto -o rlm_dbm_parser gcc rlm_dbm_parser.o -o .libs/rlm_dbm_parser ../../lib/.libs/libradius.so -lcrypt -lcipher -lcrypto -Wl,--rpath -Wl,/usr/local/freeradius/lib ../../lib/.libs/libradius.so: undefined reference to `pthread_mutex_unlock' ../../lib/.libs/libradius.so: undefined reference to `pthread_mutex_lock' ../../lib/.libs/libradius.so: undefined reference to `pthread_mutex_init' gmake[5]: *** [rlm_dbm_parser] Error 1 gmake[5]: Leaving directory `/usr/apps/freeradius-snapshot-20040712/src/modules/rlm_dbm' gmake[4]: *** [common] Error 1 gmake[4]: Leaving directory `/usr/apps/freeradius-snapshot-20040712/src/modules' gmake[3]: *** [all] Error 2 gmake[3]: Leaving directory `/usr/apps/freeradius-snapshot-20040712/src/modules' gmake[2]: *** [common] Error 1 gmake[2]: Leaving directory `/usr/apps/freeradius-snapshot-20040712/src' gmake[1]: *** [all] Error 2 gmake[1]: Leaving directory `/usr/apps/freeradius-snapshot-20040712/src' gmake: *** [common] Error 1 *** Error code 2 Stop in /usr/apps/freeradius-snapshot-20040712. Why? Regards, M. Wolf -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Alan DeKok Gesendet: Montag, 12. Juli 2004 20:34 An: [EMAIL PROTECTED] Betreff: Re: AW: Cisco-AVPair store in MySQL4/freeradius1.0.0 And where can I find the latest CVS snapshots? On the FTP site. ftp://ftp.freeradius.org/pub/radius/ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Cisco-AVPair store in MySQL4/freeradius1.0.0
++--+--++---+ | id | UserName | Attribute| op | Value | ++--+--++---+ | 1 | cis | cisco-avpair | += | ip:source-ip=3D | | 2 | cis | cisco-avpair | += | ip:source-port=3D | ++--+--++---+ Ok, so far everything right. But how to modifying my sql-string? like that, perhaps: ... , '%{cisco-avpair}') ...? Regard, M. Wolf -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Mikhail Stepanov Gesendet: Dienstag, 13. Juli 2004 08:26 An: [EMAIL PROTECTED] Betreff: RE: Cisco-AVPair store in MySQL4/freeradius1.0.0 Look at that: | 5 | cit-10| cisco-avpair| += | ip:addr-pool=pool-10 | 6 | cit-10| cisco-avpair| += | ip:dns-servers*10.48.4.5 10.48.4.3 man 5 users Attribute += Value Always matches as a check item, and adds the current attribute with value to the list of configuration items. As a reply item, it has an identical meaning, but the attribute is added to the reply items. It means that if you want to return more than one attribute of the same type, you have to use += instead of = in the Op field. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthias Wolf Sent: Monday, July 12, 2004 9:39 PM To: [EMAIL PROTECTED] Subject: AW: Cisco-AVPair store in MySQL4/freeradius1.0.0 Where and why: += instead of =.? Thanks, M. Wolf -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Mikhail Stepanov Gesendet: Montag, 12. Juli 2004 16:23 An: [EMAIL PROTECTED] Betreff: RE: Cisco-AVPair store in MySQL4/freeradius1.0.0 Cisco-AVPair = ip:source-ip=192.168.0.127 Cisco-AVPair = ip:source-port=4051 Cisco-AVPair = ip:destination-ip=10.10.10.1 Cisco-AVPair = ip:destination-port=23 ... But FreeRadius;sql.conf .'%{Cisco-AVPair}', . still returns only the first instance of Cisco-AVPair. (ip:source-ip=192.168.0.127) Usually I write += instead of =. Works fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, July 12, 2004 6:07 PM To: [EMAIL PROTECTED] Subject: Re: Cisco-AVPair store in MySQL4/freeradius1.0.0 Matthias Wolf [EMAIL PROTECTED] wrote: had spent many time reading the FAQ but I'm still searching the solve for Cisco-AVPair (PIX 525-Accounting) insert into Mysql database. ... Cisco-AVPair = ip:source-ip=192.168.0.127 Cisco-AVPair = ip:source-port=4051 Cisco-AVPair = ip:destination-ip=10.10.10.1 Cisco-AVPair = ip:destination-port=23 ... But FreeRadius;sql.conf .'%{Cisco-AVPair}', . still returns only the first instance of Cisco-AVPair. (ip:source-ip=192.168.0.127) That's the intended behavior. In the latest CVS snapshots, you can use: %{Cisco-AVPair[0]} is the same as %{Cisco-AVPair} %{Cisco-AVPair[1]) is the next one %{Cisco-AVPair[2]) is the next one, etc. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Cisco-AVPair store in MySQL4/freeradius1.0.0
Escuche. I want to write the Cisco-AVPair into the radacct.MySQL.Table. Every time my sql-string , '%{cisco-avpair}') in the sql.conf, returns only the ip address and not the other stuff like ports and so on. Here my modified SQL-String: accounting_update_query_alt = INSERT into ${acct_table1} \ (AcctSessionId,AcctUniqueId,UserName, \ Realm, NASIPAddress, NASPortId, NASPortType, \ AcctStartTime, AcctSessionTime, AcctAuthentic, \ ConnectInfo_start, AcctInputOctets, AcctOutputOctets, \ CalledStationId, CallingStationId, ServiceType, FramedProtocol, \ FramedIPAddress, AcctStartDelay, CISCO, CISCO2) \ values('%{Acct-Session-Id}', \ %{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', \ '%{NAS-Port}', '%{NAS-Port-Type}', \ DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), \ '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', \ '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', \ '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', \ '%{Cisco-AVPair}', '%{Cisco-AVPair}') # Cisco-AVPair always returns ip:source-ip=3D10.10.10.23 Thanks, M. Wolf -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Mikhail Stepanov Gesendet: Dienstag, 13. Juli 2004 10:59 An: [EMAIL PROTECTED] Betreff: RE: Cisco-AVPair store in MySQL4/freeradius1.0.0 Ok, so far everything right. But how to modifying my sql-string? Like that, perhaps: ... , '%{cisco-avpair}') ...? I can't understand what do you want to do. You needn't to modify any sql-queries in freeradius. It returns all AV-pairs automatically. Mikhail Stepanov. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco-AVPair store in MySQL4/freeradius1.0.0
Hello everbody, had spent many time reading the FAQ but Im still searching the solve for Cisco-AVPair (PIX 525-Accounting) insert into Mysql database. Problem: (raddact) Cisco-AVPair = ip:source-ip=192.168.0.127Cisco-AVPair = ip:source-port=4051Cisco-AVPair = ip:destination-ip=10.10.10.1Cisco-AVPair = ip:destination-port=23 Done till now: 1.# If you're not running a Cisco NAS, you don't need # this hack. with_cisco_vsa_hack = yes 2. # dictionary.cisco But FreeRadius;sql.conf '%{Cisco-AVPair}', still returns only the first instance of Cisco-AVPair. (ip:source-ip=192.168.0.127)If I use sql.conf: %{ ip:source-ip'}', there returns nothing.Thanks a lot for any idea!Atentamente, Matthias Wolf
AW: Cisco-AVPair store in MySQL4/freeradius1.0.0
Where and why: += instead of =.? Thanks, M. Wolf -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Mikhail Stepanov Gesendet: Montag, 12. Juli 2004 16:23 An: [EMAIL PROTECTED] Betreff: RE: Cisco-AVPair store in MySQL4/freeradius1.0.0 Cisco-AVPair = ip:source-ip=192.168.0.127 Cisco-AVPair = ip:source-port=4051 Cisco-AVPair = ip:destination-ip=10.10.10.1 Cisco-AVPair = ip:destination-port=23 ... But FreeRadius;sql.conf .'%{Cisco-AVPair}', . still returns only the first instance of Cisco-AVPair. (ip:source-ip=192.168.0.127) Usually I write += instead of =. Works fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, July 12, 2004 6:07 PM To: [EMAIL PROTECTED] Subject: Re: Cisco-AVPair store in MySQL4/freeradius1.0.0 Matthias Wolf [EMAIL PROTECTED] wrote: had spent many time reading the FAQ but I'm still searching the solve for Cisco-AVPair (PIX 525-Accounting) insert into Mysql database. ... Cisco-AVPair = ip:source-ip=192.168.0.127 Cisco-AVPair = ip:source-port=4051 Cisco-AVPair = ip:destination-ip=10.10.10.1 Cisco-AVPair = ip:destination-port=23 ... But FreeRadius;sql.conf .'%{Cisco-AVPair}', . still returns only the first instance of Cisco-AVPair. (ip:source-ip=192.168.0.127) That's the intended behavior. In the latest CVS snapshots, you can use: %{Cisco-AVPair[0]} is the same as %{Cisco-AVPair} %{Cisco-AVPair[1]) is the next one %{Cisco-AVPair[2]) is the next one, etc. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html