Automatic redirection
Is there a way to redirect a authenticated user to a specific web address depending on there login information? Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Automatic redirection
- Original Message - From: Sebastian Wild [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, May 09, 2006 10:29 AM Subject: Re: [radius] Re: Automatic redirection I can't imagine that it is that specific. Well at least I dunno...we just used it with our hotspots and it worked fine... cheers Sebastian Yeah I have used it with hotspot software also and it did work well, but WISPR is specific to wireless ISP's. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] RE: Automatic redirection
Nick Marino - IT Solutions - Original Message - From: Bogdan Dumitriu - Technical Support Team [EMAIL PROTECTED] To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Sent: Tuesday, May 09, 2006 12:21 PM Subject: [radius] RE: Automatic redirection I've just tried it but it doesn't work. :-( Is WISPr-Redirection-URL specific to a certain type of NAS? I've tried it with an adsl username: Radcheck: +-+---+++---+ | id | UserName | Attribute | op | Value | +-+---+++---+ | 580 | testagain | Crypt-Password | == | | +-+---+++---+ +-+---+-+ | id | UserName | GroupName | +-+---+-+ | 580 | testagain | deactivated | +-+---+-+ | 27 | deactivated | WISPr-Redirection-URL | := | http://microsoft.com | Like I said it specific to Wireless, generally hotspot software that is expecting that attribute to be returned. If the NAS requesting the authentication has no provision for that attribute it will be discarded. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth question
Can anyone tell me why I am getting trashed passwords when attempting to authenticate? Login incorrect: [nickm/d\313f`\247+4\203\360/\367] Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Auth question
Nick Marino - IT Solutions - Original Message - From: Lewis Bergman [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, February 07, 2006 5:56 AM Subject: [radius] Re: Auth question Can anyone tell me why I am getting trashed passwords when attempting to authenticate? Login incorrect: [nickm/d\313f`\247+4\203\360/\367] Looks like your secrets in clients.conf don't match what your NAS has. No the secret in my clients.conf is the same as whats in my NAS, I even reset the password on the nas to be sure. Wierd thing is if I do a test on the user account using Dialup Admin it works perfectly and the password is handled properly. Only when NAS send the request to FR does it generate that garbled password. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Auth question
Nick Marino - IT Solutions - Original Message - From: futhwo [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, February 07, 2006 9:57 AM Subject: Re: [radius] Re: Auth question Maybe you are not loading the right dictionary for your NAS? On Feb 7, 2006, at 4:36 PM, Nick Marino wrote: that could be possible, the only one that is being included is the compat and freeradius and other than whats in the main dictionary file itself. When I try to include the ascend dictionary it throws errors about duplicate values. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Auth question
Nick Marino - IT Solutions - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, February 07, 2006 11:49 AM Subject: Re: [radius] Re: Auth question Nick Marino [EMAIL PROTECTED] wrote: that could be possible, the only one that is being included is the compat and freeradius and other than whats in the main dictionary file itself. The dictionaries have nothing to do with the passwords or shared secrets. When I try to include the ascend dictionary it throws errors about duplicate values. The ascend dictionary should be included by default, but not all of it. Because there *are* duplicate values. Alan DeKok. Yes thank you. I already corrected that problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Auth question
Nick Marino - IT Solutions - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, February 07, 2006 11:50 AM Subject: Re: [radius] Re: Auth question Nick Marino [EMAIL PROTECTED] wrote: Only when NAS send the request to FR does it generate that garbled password. Then the shared secret is wrong. Or, there's a bug in the server that mangles the password only for that NAS. Which is more likely? Alan DeKok. - Its more likely that the password is wrong but, I am sure that they are the same. Like I said I even reset the password in the nas to make sure. I will check again but I dont think that is the problem. Shared secret has been the same in the nas for 3 years now and it has always worked. This just started after upgrading to the newest version of FR 1.1.0. Is there a place that I am missing that should have the shared secret in it that I havent changed. I hate to ask but exactly what all files need the shared password in it. clients.conf and where else? This just started after upgrading to the newest version of FR. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Auth question
Yes I dont think its a NAS problem at all. The garbled password you are seeing that I sent is the users actual password. When that request comes from the nas and rlm_pap tries you auth it, the password is showing up like that. if you look at what I posted you will see it is a username/password pair and the password is getting garbled. Login incorrect: [nickm/d\313f`\247+4\203\360/\367] Also I stated if I test it from Dialup admin using the same shared secret for nas it works fine and the password is not garbled. Only when it comes from the nas to FR. The packets are being accepted from the nas, that is not the issue. To prove to myself, I set in the users file DEFAULT = Authtype := Accept so it will let everyting thing go through and it does. The packets come from the NAS and althought they still have garbled passwords when FR process it in rlm_pap it allows them to connect due to the DEFUALT I have set in the users file. At that point the user logs in and they show up in Dialup admin as they should. Even the accounting packets work from that point on. Nick Marino - IT Solutions - Original Message - From: Andrew Browning [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, February 07, 2006 1:56 PM Subject: Re: [radius] Re: Auth question The only files I know of that use the secret password are clients.conf and proxy.conf. Make sure your clients.conf has an entry for your NAS with the correct IP address and the correct secret. I don't think you'll need to touch the proxy.conf file; its used for proxying RADIUS requests that successfully reach you to another RADIUS server, and you apparently aren't receving requests successfully. On 2/7/06, Nick Marino [EMAIL PROTECTED] wrote: Nick Marino - IT Solutions - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, February 07, 2006 11:50 AM Subject: Re: [radius] Re: Auth question Nick Marino [EMAIL PROTECTED] wrote: Only when NAS send the request to FR does it generate that garbled password. Then the shared secret is wrong. Or, there's a bug in the server that mangles the password only for that NAS. Which is more likely? Alan DeKok. - Its more likely that the password is wrong but, I am sure that they are the same. Like I said I even reset the password in the nas to make sure. I will check again but I dont think that is the problem. Shared secret has been the same in the nas for 3 years now and it has always worked. This just started after upgrading to the newest version of FR 1.1.0. Is there a place that I am missing that should have the shared secret in it that I havent changed. I hate to ask but exactly what all files need the shared password in it. clients.conf and where else? This just started after upgrading to the newest version of FR. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.2/252 - Release Date: 2/6/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] client configuration with max6000
- Original Message - From: Danny Zenzano [EMAIL PROTECTED] To: Freeradius-Users (E-mail) freeradius-users@lists.freeradius.org Sent: Wednesday, November 16, 2005 7:47 AM Subject: [radius] client configuration with max6000 i m working with the max6000-lucent and the freeradius 1.0.0-5 but in the client file i can see a list of NAS: # The nastype tells 'checkrad.pl' which NAS-specific method to # use to query the NAS for simultaneous use. # # Permitted NAS types are: # # cisco # computone # livingston # max40xx # multitech # netserver # pathras # patton # portslave # tc # usrhiper # other # for all other types which of the options I must choose? i configure something like this: client 192.1.1.1 { # secret and password are mapped through the secrets file. secret = secret shortname = Ras # the following three fields are optional, but may be used by # checkrad.pl for simultaneous usage checks nastype = other #login = RasViva #password= vivaMMS } Use other. I have used max40XX before and it worked fine but I am now using other. I have two max6000's that have been running with FR for 3 years using MySql backend. Documentation is pretty clear on how to use the database, if you get stuck on something I would be glad to help, but I am not going to build it all for you. Dont have the time. First thing to do is setup your clients file, then goto radius.conf and configure it there for using the database for auth. import the database tables that you want to use, there are sql files in the distro for it. If you get in there and get stuck on something email me and I will help you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Login incorrect- RAS autentication
You using a Database backend or user file? Nick Marino - IT Solutions - Original Message - From: Dave Weis [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Tuesday, November 15, 2005 8:42 PM Subject: [radius] Re: Login incorrect- RAS autentication Why did you send this three times? It's normal for the TNT line to try and download configuration settings via radius unless you have turned it off. I don't remember the name of the setting but it's listed in the documentation and google can find it. On Tue, 15 Nov 2005, Danny Zenzano wrote: hi, I am trying to make work an RAS(lucent-max6000) with the freeRADIUS,I configure the MAX6000, and the radius obtains an authentication order from the RAS, but as result I obtain a login error message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Freeradius/MySql problem
In the config file you can set it to force all lower case. I had this problem and solved it by changing it in the config. Nick Marino - IT Solutions - Original Message - From: Radius [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Saturday, July 02, 2005 12:10 PM Subject: [radius] Freeradius/MySql problem I currently run ver.0.9.3 I have MySql database that is used with FreeRadius. What were are having a problem with is that if the user logs in with UPPER-NAME or lower-name either one works. I have tried lower_user lower_pass before/after/no and the radius system still authenticates all UPPER-CASE. With this we are getting double billed by our wholesale provider because they run unix based also and it sees both as valid log ins because we authenticated them. When we built our MySql we use with the setup in FreeRadius. Has anyone else had this and how did you fix this to keep everyone lower case. Thanks Bob Ross - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Freeradius/MySql problem
Let me look at my files and find the exact entry. Nick Marino - IT Solutions - Original Message - From: Radius [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Saturday, July 02, 2005 12:36 PM Subject: Re: [radius] Freeradius/MySql problem In the radius.conf under lower_user lower_pass I tried all three. before/after/no and they will still authenticate all UPPER CASE. What other config file are you talking about? Thanks Nick Marino wrote: In the config file you can set it to force all lower case. I had this problem and solved it by changing it in the config. Nick Marino - IT Solutions - Original Message - From: Radius [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Saturday, July 02, 2005 12:10 PM Subject: [radius] Freeradius/MySql problem I currently run ver.0.9.3 I have MySql database that is used with FreeRadius. What were are having a problem with is that if the user logs in with UPPER-NAME or lower-name either one works. I have tried lower_user lower_pass before/after/no and the radius system still authenticates all UPPER-CASE. With this we are getting double billed by our wholesale provider because they run unix based also and it sees both as valid log ins because we authenticated them. When we built our MySql we use with the setup in FreeRadius. Has anyone else had this and how did you fix this to keep everyone lower case. Thanks Bob Ross - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Freeradius/MySql problem
This is what I have and it works. Also there are some options in the sql.conf that relate to this make sure you have the right lines uncommented in there. Open sql.conf and search for lower. Are you sure their is not something in your realms section overriding this? # This is as close as we can get to case insensitivity. It is # the admin's job to ensure that the username on the auth # db side is *also* lowercase to make this work # # Default is 'no' (don't lowercase values) # Valid values = before / after / no # lower_user = before lower_pass = before Nick Marino - IT Solutions - Original Message - From: Radius [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Saturday, July 02, 2005 12:42 PM Subject: Re: [radius] Freeradius/MySql problem OK, let me try this way, when our wholesale provider receives a realm, they know where to send the request. If the user sends [EMAIL PROTECTED] or [EMAIL PROTECTED] our radius regardless if I have lower_user before/after/no They will be authenticated either way. If we force it lower on our end, does not force lower on their end. It's a mess. They said only this month they were going to issue credits and that I needed to get my end to deny UPPER case logins. I set the lower_user lower and lower_pass to no and a user will all [EMAIL PROTECTED] will be authenticated. I guess mysql doesn't care if it's upper or lower. Nick Marino wrote: In the config file you can set it to force all lower case. I had this problem and solved it by changing it in the config. Nick Marino - IT Solutions - Original Message - From: Radius [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Saturday, July 02, 2005 12:10 PM Subject: [radius] Freeradius/MySql problem I currently run ver.0.9.3 I have MySql database that is used with FreeRadius. What were are having a problem with is that if the user logs in with UPPER-NAME or lower-name either one works. I have tried lower_user lower_pass before/after/no and the radius system still authenticates all UPPER-CASE. With this we are getting double billed by our wholesale provider because they run unix based also and it sees both as valid log ins because we authenticated them. When we built our MySql we use with the setup in FreeRadius. Has anyone else had this and how did you fix this to keep everyone lower case. Thanks Bob Ross - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Freeradius/MySql problem
First you need to have a standard for your accounts you need to decide if they should all be uppercase or lower case then restrict the oppisite. I am not understanding if you are saying you have accounts that some are uppercase and some are lower case? What is your standard? Nick Marino - IT Solutions - Original Message - From: Radius [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Saturday, July 02, 2005 1:23 PM Subject: Re: [radius] Freeradius/MySql problem Yes, I found what you mention below in the radius.conf I will look through the sql. file also. I understand this. but if I force lower to [EMAIL PROTECTED] our upstream sees this as an authentication. If the user logs in with [EMAIL PROTECTED] our upstream sees this also as an authentication. I get double billed. If I put lower_user lower_pass to no they still get authenticated. I need to deny UPPER case. Nick Marino wrote: This is what I have and it works. Also there are some options in the sql.conf that relate to this make sure you have the right lines uncommented in there. Open sql.conf and search for lower. Are you sure their is not something in your realms section overriding this? # This is as close as we can get to case insensitivity. It is # the admin's job to ensure that the username on the auth # db side is *also* lowercase to make this work # # Default is 'no' (don't lowercase values) # Valid values = before / after / no # lower_user = before lower_pass = before Nick Marino - IT Solutions - Original Message - From: Radius [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Saturday, July 02, 2005 12:42 PM Subject: Re: [radius] Freeradius/MySql problem OK, let me try this way, when our wholesale provider receives a realm, they know where to send the request. If the user sends [EMAIL PROTECTED] or [EMAIL PROTECTED] our radius regardless if I have lower_user before/after/no They will be authenticated either way. If we force it lower on our end, does not force lower on their end. It's a mess. They said only this month they were going to issue credits and that I needed to get my end to deny UPPER case logins. I set the lower_user lower and lower_pass to no and a user will all [EMAIL PROTECTED] will be authenticated. I guess mysql doesn't care if it's upper or lower. Nick Marino wrote: In the config file you can set it to force all lower case. I had this problem and solved it by changing it in the config. Nick Marino - IT Solutions - Original Message - From: Radius [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Saturday, July 02, 2005 12:10 PM Subject: [radius] Freeradius/MySql problem I currently run ver.0.9.3 I have MySql database that is used with FreeRadius. What were are having a problem with is that if the user logs in with UPPER-NAME or lower-name either one works. I have tried lower_user lower_pass before/after/no and the radius system still authenticates all UPPER-CASE. With this we are getting double billed by our wholesale provider because they run unix based also and it sees both as valid log ins because we authenticated them. When we built our MySql we use with the setup in FreeRadius. Has anyone else had this and how did you fix this to keep everyone lower case. Thanks Bob Ross - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/37 - Release Date: 7/1/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] RE: Dialup Admin ?
- Original Message - From: Joel Eddy [EMAIL PROTECTED] To: Free Radius Org freeradius-users@lists.freeradius.org Sent: Friday, February 25, 2005 1:50 PM Subject: [radius] RE: Dialup Admin ? I had asked a question about Dialup Admin and didn't see any replies back. So I was wondering is this maybe not the list to ask about Dialup Admin. If not is there a list for Dialup Admin and could someone send the link to it. Thanks, Joel Generaly yes this is the place but there is so much info in the achives most here expect you to look it up through the archives. They really dont like to repeat things here in this list. Nick Marino - IT Solutions -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] RE: Dialup Admin ?
- Original Message - From: Joel Eddy [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Friday, February 25, 2005 2:33 PM Subject: Re: [radius] RE: Dialup Admin ? Okay. I'll dig through and see if I can find what I'm looking for. Thanks. If you want to email me directly maybe I can help -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: WISPr Attributes and freeradius
- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Thursday, January 06, 2005 10:58 AM Subject: [radius] Re: WISPr Attributes and freeradius Nick Marino [EMAIL PROTECTED] wrote: When using the WISPr-Session-Terminate-Time in the radreply table should FR send a rejection based on the time set in that attribute if the time is in the past or is that supposed to be handled by the NAS and is just sent to it in the access-accept packet? That would depend on the definition of the attribute. Unfortunately, I don't recall seeing any definition for it. Alan DeKok. Here is the definition for the attribute, do you have anymore info on it and FR. WISPr-Session-Terminate-Time 14122, 9 StringAuth-Reply The time when the user should be disconnected in ISO 8601 format (-MM-DDThh:mm:ssTZD). If TZD is not specified local time is assumed. For example a disconnect on 18 December 2001 at 7:00 PM UTC would be specified as 2001-12-18T19:00:00+00:00. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: WISPr Attributes and freeradius
- Original Message - From: Thor Spruyt [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Friday, January 07, 2005 2:16 PM Subject: Re: [radius] Re: WISPr Attributes and freeradius Alan DeKok wrote: Nick Marino [EMAIL PROTECTED] wrote: Here is the definition for the attribute, do you have anymore info on it and FR. As I said, I don't know anything about the attribute. FreeRADIUS has no code to interpret that attribute. Alan DeKok. Nick, It's a recommendation, not an RFC! The Wispr dictionary has been included in the freeradius distribution, but that's it and probably nothing more will ever be done. -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 Ok guys thanks for the information. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
WISPr Attributes and freeradius
When using the WISPr-Session-Terminate-Time in the radreply table should FR send a rejection based on the time set in that attribute if the time is in the past or is that supposed to be handled by the NAS and is just sent to it in the access-accept packet? Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: WISPr Attributes and freeradius
- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Thursday, January 06, 2005 10:58 AM Subject: [radius] Re: WISPr Attributes and freeradius Nick Marino [EMAIL PROTECTED] wrote: When using the WISPr-Session-Terminate-Time in the radreply table should FR send a rejection based on the time set in that attribute if the time is in the past or is that supposed to be handled by the NAS and is just sent to it in the access-accept packet? That would depend on the definition of the attribute. Unfortunately, I don't recall seeing any definition for it. WISPr-Session-Terminate-Time 14122, 9 String X The time when the user should be disconnected in ISO 8601 format (-MM-DDThh:mm:ssTZD). If TZD is not specified local time is assumed. For example a disconnect on 18 December 2001 at 7:00 PM UTC would be specified as 2001-12-18T19:00:00+00:00. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: WISPr Attributes and freeradius
Nick Marino - IT Solutions - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Thursday, January 06, 2005 10:58 AM Subject: [radius] Re: WISPr Attributes and freeradius Nick Marino [EMAIL PROTECTED] wrote: When using the WISPr-Session-Terminate-Time in the radreply table should FR send a rejection based on the time set in that attribute if the time is in the past or is that supposed to be handled by the NAS and is just sent to it in the access-accept packet? That would depend on the definition of the attribute. Unfortunately, I don't recall seeing any definition for it. Here is where that info came from. The WISPr vendor attributes are specified in Wi-Fi Alliance - Wireless ISP Roaming - Best Current Practices v1, Feb 2003. The MS vendor attributes are specified in RFC 2548. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: WISPr Attributes and freeradius
- Original Message - From: Thor Spruyt [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Thursday, January 06, 2005 12:07 PM Subject: Re: [radius] Re: WISPr Attributes and freeradius Nick Marino wrote: WISPr-Session-Terminate-Time 14122, 9 String X The time when the user should be disconnected in ISO 8601 format (-MM-DDThh:mm:ssTZD). If TZD is not specified local time is assumed. For example a disconnect on 18 December 2001 at 7:00 PM UTC would be specified as 2001-12-18T19:00:00+00:00. So it's not specified how it should be implemented. Suppose you send an Access-Accept with this attribute containing a timestamp in the past, then the NAS may decide one of the following things: - the user is accepted, so start his session and whenever this timestamp comes (which is never) I will disconnect him - the user is accepted, so start his session and disconnect his session immediately since the timestamp is in the past - the user is accepted, but should be disconnected at a timestamp in the past, so i'm not going to start the session at all Now at the radiusserver side, you can think like this: - I don't look at the value and just send it with the Access-Accept packet (so leave the decision up to the NAS) - I look at the value and send an Access-Reject packet if the timestamp is in the past (so the NAS doesn't have to bother), if it's in the future, I send an Access-Accept and the NAS has to take care to logout the user at the specified timestamp I have implemented my radiusserver in such a way that this attribute will only be used with timestamps in the future. If it's in the past, my server sends an Access-Reject, so I'm sure that the user is not able to login anymore no matter what the NAS would have decided. Ok then how did you implement your server to work like that? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: WISPr Attributes and freeradius
- Original Message - From: Thor Spruyt [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Thursday, January 06, 2005 1:23 PM Subject: Re: [radius] Re: WISPr Attributes and freeradius Nick Marino wrote: From: Thor Spruyt [EMAIL PROTECTED] So it's not specified how it should be implemented. Well the X in the description above was supposed to mean Auth reply , What's your point? You said So it's not specified how it should be implemented. And I replied that it is supposed to be an Auth-Reply thats my point - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Dialup admin FAQ and question for Kostas
- Original Message - From: Stuart Harris [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Sunday, January 02, 2005 10:07 AM Subject: RE: [radius] Re: Dialup admin FAQ and question for Kostas -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: 02 January 2005 15:03 To: freeradius-users@lists.freeradius.org Subject: Re: [radius] Re: Dialup admin FAQ and question for Kostas - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Sunday, January 02, 2005 6:50 AM Subject: [radius] Re: Dialup admin FAQ and question for Kostas On Sun, 2 Jan 2005, Nick Marino wrote: Where is the lastest version of the dialup admin faq located? cvs:dialup_admin/doc And what would cause the Find User function to only return 10 in the list no matter what you set MAX RESULTS for in the form? You 're probably using spaces in the max results number. If the number is not numeric, it will be set automatically to 10. It works just fine here. Nope no spaces in the max result, Appearntly it is failing this test in find.php3 in the lib folder: $link = @da_sql_pconnect($config); if ($link){ $search = da_sql_escape_string($search); if (!is_int($max_results)) $max_results = 10; What makes $link true? This is a guess, but when da_sql_pconnect is being called because of the @ it's not throwing out it's error, thus causing da_sql_pconnect to return false, making $link false :) it's probably no the best idea to use is_int on a numeric response to a hidden call either.. Yeah Kostas posted that I was using an old version and the newest version used is_numeric, if thats the case then an old version is being distributed with FR 1.0.1 because that is all I have downloaded and thats what I got. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup admin Question
What does the Online Users function use to generate the list of online users? I know it calls user_finger.php but what utility like radwho or what does it use, or is it a call to the database or the NAS unit? Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radreply
How do you get an attribute that you have added to the user_edit.attrs file to be put in the radreply table instead of the radcheck. I have added an attribute to the list and everytime I put a value in and set it to = it puts the entry in the radcheck table. Is there some documentation that discusses this or explains it? Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth-Type error
When trying to authenticate a wireless user I keep getting and error: Unknown value specified for Auth-Type. Cannot perform requested operation. Using FR 1.0.1 And Mysql Anyone know where I can start looking.. I've gone over all the configuration but I am missing something somewhere. Any help would be greatly appreciated. Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Auth-Type error
- Original Message - From: Nick Marino [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Monday, December 27, 2004 3:29 AM Subject: [radius] Auth-Type error When trying to authenticate a wireless user I keep getting and error: Unknown value specified for Auth-Type. Cannot perform requested operation. Using FR 1.0.1 And Mysql Anyone know where I can start looking.. I've gone over all the configuration but I am missing something somewhere. Any help would be greatly appreciated. Never mind found the problem myself. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Auth-Type error
Nick Marino - IT Solutions - Original Message - From: Mathias Röhl [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Monday, December 27, 2004 6:41 AM Subject: Re: [radius] Auth-Type error Am Mo, den 27.12.2004 schrieb Nick Marino um 11:15: Hi Never mind found the problem myself. and ? what was the reason ? Well for some reason the Auth-Type PAP was not in the radreply by default as it is on my other systems had to go back to each account in Using Dialup Admin and add the attribute the each account. Then it worked ok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR ignoring case and Simultaneous Use
I have a situation with users being able to login using various case letters in there logins and bypassing Simultaneous Use even though Simultaneous Use is in effect. For example I have a user account named dean. dean can login with his account info and everything is great. I can attempt to login in with deans same info and I get rejected be cause Simultaneous Use is set to one. And that works as it should. Now if I dial in with Dean (with a capital D) it lets me connect with deans account and doesnt reject like it should be cause his Simultaneous Use is set to one. When I look in dialup admin it shows two deans online, one dean and one Dean. It assigns two different ip's to each account, but If I click on either name in the online list it leads me to the one single account dean info. but shows two different times in the time online counter. Anyone have an idea how this could be happing? Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: FR ignoring case and Simultaneous Use
- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 05, 2004 9:02 PM Subject: [radius] Re: FR ignoring case and Simultaneous Use Nick Marino [EMAIL PROTECTED] wrote: I have a situation with users being able to login using various case letters in there logins and bypassing Simultaneous Use even though Simultaneous Use is in effect. Yeah... I've been discussing some changes to radutmp with Kostas that will also fix that problem. The issue is that the NAS is case-sensitive, so the server has to remember what case the user logged in with, otherwise radutmp won't work. But the server is case in-sensitive, because you don't care if it's 'dean or Dean. The only solution in the current server is to forcibly change all usernames to one case. checkrad won't work sometimes then, as it will ask the NAS for dean when DEAN is the name used to log in. Alan DeKok. Ok what about setting the option in the sql.conf to force all users names to lower case when someone logs in, would that then force Dean to dean and Simultaneous Use would then work as it should? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Segmentation Fault - gdb output
- Original Message - From: Mearl Danner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 01, 2004 10:19 AM Subject: Re: [radius] Re: Segmentation Fault - gdb output Did you do make clean before you ran configure and recompiled? I had to when I recompiled with disable-shared. Mearl Yes as a matter of fact I did. I acutally did make distclean, then make clean then make install clean although the latter two just came up and said basicly they had nothing to do. Is there anything else I can try and is that what alan meant when he said to build it staticly is to use the --disable-shared switch? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Segmentation Fault - gdb output
- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 01, 2004 12:03 PM Subject: Re: [radius] Re: Segmentation Fault - gdb output Nick Marino [EMAIL PROTECTED] wrote: Is there anything else I can try and is that what alan meant when he said to build it staticly is to use the --disable-shared switch? See the FAQ. $ configure --disable-shared $ make $ make install Alan DeKok. Yeah I tried that once already and got the same segfault, but I am running make clean and recompiling again. Thanks again for the help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Segmentation Fault - gdb output
- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 01, 2004 12:03 PM Subject: Re: [radius] Re: Segmentation Fault - gdb output Nick Marino [EMAIL PROTECTED] wrote: Is there anything else I can try and is that what alan meant when he said to build it staticly is to use the --disable-shared switch? See the FAQ. $ configure --disable-shared $ make $ make install Alan DeKok. Well ok I have done a clean and recompiled twice now and still get the same segfault as before. Is there anything else you can think of? Is there any other Debug info I can post that would help to locate the problem? Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Segmentation Fault - gdb output
- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 01, 2004 12:33 PM Subject: Re: [radius] Re: Segmentation Fault - gdb output Nick Marino [EMAIL PROTECTED] wrote: Ok I deleted everything and ran make clean and recompiled now I get this error when building. In file included from rlm_eap.c:26: rlm_eap.h:26:18: ltdl.h: No such file or directory Yes... you probably didn't run configure after deleting the previous install. PLEASE use the following steps: 1) delete all previous binaries and modules, configuration files 2) delete whatever source directory you're using 3) un-tar the distribution files 4) ./configure --disable-shared 5) make 6) make install It WILL WORK. You're running into problems because you continually have a partial build/install/whatever. Use a completely CLEAN system. Alan DeKok. Ok I will try those steps exactly. Although I did delete completely what I thought was everything related to FR and I did run configure then make then make install. Although I did use the orignal source each time. I will delete that and untar the source again and try it again per your steps. Thanks again for your patience. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Segmentation Fault - gdb output
- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, December 01, 2004 12:33 PM Subject: Re: [radius] Re: Segmentation Fault - gdb output Nick Marino [EMAIL PROTECTED] wrote: Ok I deleted everything and ran make clean and recompiled now I get this error when building. In file included from rlm_eap.c:26: rlm_eap.h:26:18: ltdl.h: No such file or directory Yes... you probably didn't run configure after deleting the previous install. PLEASE use the following steps: 1) delete all previous binaries and modules, configuration files 2) delete whatever source directory you're using 3) un-tar the distribution files 4) ./configure --disable-shared 5) make 6) make install It WILL WORK. You're running into problems because you continually have a partial build/install/whatever. Use a completely CLEAN system. Alan DeKok. Ok your the man! Thanks a million that worked and I now have FR running, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation Fault - gdb output
Can anyone help me track down this segmentation fault when running radius -X? I have gone through all the config files and cannot find any cause. Must be overlooking something somewhere. Below is the output from gdb. (gdb) bt #0 0x4006d112 in lt_dlsym (handle=0x81522d0, symbol=0x8150890 rlm_sql_mysql) at ltdl.c:3330 #1 0x40328adf in rlm_sql_instantiate (conf=Variable conf is not available. ) at rlm_sql.c:682 #2 0x08055182 in find_module_instance (instname=0x80aa5d0 sql) at modules.c:358 #3 0x080564a8 in do_compile_modsingle (component=1, ci=0x80aa5b0, filename=0x8061825 radiusd.conf, grouptype=0, modname=0xbfffe6e8) at modcall.c:814 #4 0x0805660f in compile_modsingle (component=1, ci=0x80aa5b0, filename=0x8061825 radiusd.conf, modname=0xbfffe6e8) at modcall.c:829 #5 0x080556a2 in load_component_section (cs=0x80aa500, comp=1, filename=0x8061825 radiusd.conf) at modules.c:584 #6 0x0805590c in setup_modules () at modules.c:874 #7 0x0804cca3 in main (argc=2, argv=0xb914) at radiusd.c:965 Thanks in advance. Nick Marino - IT Solutions - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Segmentation Fault - gdb output
Nick Marino - IT Solutions - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 30, 2004 4:48 PM Subject: [radius] Re: Segmentation Fault - gdb output Nick Marino [EMAIL PROTECTED] wrote: Can anyone help me track down this segmentation fault when running radius -X? It's the libltdl code. Have I mentioned I hate it? The short solution is to build the server statically. Alan DeKo. Cool thanks. Also I am assuming that info is in the docs somewhere. If so I will find it, if not I will be back to ask. Thanks again for a quick response. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [radius] Re: Segmentation Fault - gdb output
AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S' sql: accounting_update_query = UPDATE radacct ? SET FramedIPAddress = '%{Framed-IP-Address}', ? AcctSessionTime = '%{Acct-Session-Time}', ? AcctInputOctets = '%{Acct-Input-Octets}', ? AcctOutputOctets = '%{Acct-Output-Octets}' ? WHERE AcctSessionId = '%{Acct-Session-Id}' ? AND UserName = '%{SQL-User-Name}' ? AND NASIPAddress= '%{NAS-IP-Address}' sql: accounting_update_query_alt = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0') sql: accounting_start_query = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0') sql: accounting_start_query_alt = UPDATE radacct SET AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}', ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' sql: accounting_stop_query = UPDATE radacct SET AcctStopTime = '%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' sql: accounting_stop_query_alt = INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}', DATE_SUB('%S', INTERVAL (%{Acct-Session-Time:-0} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}') sql: group_membership_query = SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}' sql: connect_failure_retry_delay = 60 sql: simul_count_query = sql: simul_verify_query = SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0 sql: postauth_table = radpostauth sql: postauth_query = INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW()) sql: safe-characters = @abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: / Segmentation fault (core dumped) Nick Marino - IT Solutions - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, November 30, 2004 4:48 PM Subject: [radius] Re: Segmentation Fault - gdb output Nick Marino [EMAIL PROTECTED] wrote: Can anyone help me track down this segmentation fault when running radius -X? It's the libltdl code. Have I mentioned I hate it? The short solution is to build the server statically. Alan DeKo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Signup
Does anyone know of a web based signup package that will work with freeradius and mysql? Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Salt
Does dialup admin use salt by defualt when encytpting passwords? If so where is it getting the salt from? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Salt
- Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:26 PM Subject: Re: Salt On Tue, 27 Jul 2004, Nick Marino wrote: Does dialup admin use salt by defualt when encytpting passwords? If so where is it getting the salt from? I assume you mean using a salt when creating a new user or changing a user's password, not when just verifying a user's password. In any case, dialupadmin supports crypt(),md5() encryption. When using crypt() it will call the corrsponding php function which autogenerates a random salt to be used in password encryption. Hope this answers your question. For more information: www.php.net/crypt www.php.net/md5 Thank you very much, yes that answers my question. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
MD5 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:05 AM Subject: RE: dialup admin replacement what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
I am using md5 which is the default in radius.conf - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:12 PM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
How ever it is done using dialup admin. Not sure will have to look through the code and config files of dialupadmin and see. Not sure where to look. - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 5:47 PM Subject: RE: dialup admin replacement Ok, when save the password at the database what interface you use, do send the password to the encrypt function do you send a salt with the password? If yes what is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Monday, July 26, 2004 5:39 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement MD5 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:05 AM Subject: RE: dialup admin replacement what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: web based account administration (freeradius+MySQL)
Yes I am interested in your app. What are the details? Is it complete, is it commercial or free? Are you looking for testers? Original Message From: Milver S. Nisay [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 28, 2004 10:28 AM Subject: web based account administration (freeradius+MySQL) sorry for off-topic postings..a thought of a commercial break perhaps check this out... http://212.165.141.4/sell/test.htm interested? pls. let me know your thoughts. thank you. :) //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Documentation Question
- Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 21, 2004 9:33 AM Subject: Re: Documentation Question Nick Marino [EMAIL PROTECTED] wrote: Ok I found that but that applies if FR is managing the ip pools, but in my configuration my RAS boxes are actually assigning the ip via pools setup in them. Is there a way for FR to request which pool for the ras box to select from for specific users when they connect? $ grep -i pool share/dictionary This should be less work than asking questions on the list. Alan DeKok. Then whats the point have this list in the first place. Just a place for you to insult people that don't know as much about FR as you do. Don't worry I won't post here anymore. I have had just about enough of your rudeness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Documentation Question
Where in the documentation would there be info on ip-pools or assigning specific users to use specific ip pools configured on my ras boxes. I looked through all the files in the doc folder but can not locate any info relating to this subject. Thanks in advance.
Re: Documentation Question
Original Message From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 20, 2004 2:18 PM Subject: Re: Documentation Question Nick Marino [EMAIL PROTECTED] wrote: Where in the documentation would there be info on ip-pools or assigning specific users to use specific ip pools configured on my ras boxes. In 'radiusd.conf. You set a Pool-Name attribute to the name of the pool you want to get an IP address from. Alan DeKok. Ok I found that but that applies if FR is managing the ip pools, but in my configuration my RAS boxes are actually assigning the ip via pools setup in them. Is there a way for FR to request which pool for the ras box to select from for specific users when they connect? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Looking for Possiblities
Have any more detailed info on how to assing a special dns via radius and how to setup a wild card? - Original Message - From: Julien freeradius [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, May 13, 2004 10:31 PM Subject: Re: Looking for Possiblities Hello, You should effectively assign him an local IP address and a special dns with wildcard that point to your server. So any http request will open your server webpage... Maybe that there is better solutions for that, it's just a suggestion. Nick Marino wrote: What I am looking for is a way to redirect a user to a specific web page on my web server if there account access has been restricted instead of setting for reject and locking them out totally. We are an ISP and need to block users access and redirect them to a specific web page if they have not payed thier bill and the account is on hold till it is resolved. Is there any way to do this using freeradius? I know I can assign them a specific IP address like maybe a private address to restrict them from surfing or accessing the internet but is there a way to display them a message so they will know why they have been put on restricted access. Any Ideas would be greatly appreciated. I am running Freeradius with mysql on Linux and have apache web server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1.679 (20040318) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Looking for Possiblities
Well all customers connect via dialup to a Max 6000 unit. - Original Message - From: Graeme Hinchliffe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 3:12 AM Subject: Re: Looking for Possiblities On Thu, 13 May 2004 21:53:41 -0500 Nick Marino [EMAIL PROTECTED] wrote: What I am looking for is a way to redirect a user to a specific web page on my web server if there account access has been restricted instead of setting for reject and locking them out totally. We are an ISP and need to block users access and redirect them to a specific web page if they have not payed thier bill and the account is on hold till it is resolved. Is there any way to do this using freeradius? I think the assigning them a none standard IP is the best route. On your NASes configure that IP Range to an interface that is connected to a webredirection box and no external access. Perhaps run it through a box with squid so any requests for any page are redirected to the webserver on that box. If you are using something more advanced like Redback SMS's or customers arrive via a tunnel, you could add the necisary attributes to direct them down a different route. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1.679 (20040318) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Looking for Possiblities
- Original Message - From: Anson Rinesmith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 8:41 AM Subject: RE: Looking for Possiblities It isn't really that hard, the work isn't in the MAX or the FR server. All you have to do is have a group for nopay users. Assign them out of a different IP pool, possibly even a private subnet. Then in the Next hop router, you would have to reroute all web traffic from that subnet to your webpage and block all other traffic. You can do the same, if you want to implement family safe web browsing, users who pay the extra get a different subnet, and get routed differently. Ahh ok I understand that. Although ip's are assigned to clients right now by the MAX units them selves and not by free radius. I dont know how you would tell the client to use another gateway via when radius would assign the ip which I know how to do via dialup admin but I dont see in there where I can assing a gateway. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log problems
No.. you told it to log to stderr. That's what -lstderr means. If you don't say -lstderr, logging goes to wherever it says in radiusd.conf, usually radius.log somewhere. Unless... if you mean that the radius.log is one created by daemontools... Logging had been working fine for almost 2 years then it stops.. Something must have changed but where? I'm not sure what you're doing, so I can't say for sure. Alan DeKok. No lstderr tells svc (daemontools) to send its errors to stderr not freeradius and we are not talking about standard errors we are talking about authentication entries being added to radius.log when someone logs in auth entries are to be written via either command line options -yz or the entries in radiusd.conf. Guess I dont have to tell you that though. Anyway I solved the problem of the it not logging. The problem was that radiusd is set to run as user radius and in the config file it was set to user=radius group=radius I removed the existing radius.log file so that a new one would be created but for some reason the new log was created but as root/radius (owner root - group radius) and after radiusd got past the initial startup it starts trying to do things as user radius so when it went to write to the radius.log file that had just been created ( by root) it didnt have permission. I changed the permissions on the radius.log file to radius/radius and all is well now and it is putting in the authentication info like it is supposed to now. Maybe this will help someone in the future. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log problems
Original Message From: Navid Sheik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, April 26, 2004 10:42 PM Subject: Re: Log problems What arguments are you passing to radiusd? Are you using daemontools to supervise the process? I've seen some funny behaviour of logging especially after sending a HUP signal under this circumstance. Yes I am using daemon tools and I am passing -fyz -lstderr. wierd thing is, this has been working fine for almost 2 years. I have rebooted the server that is running the radius software many times and it doesn't help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log problems
Original Message From: Frédéric EVRARD [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 3:55 AM Subject: Re: Log problems Anyone have any idea why authentication info would not be going into the radius.log file? put ../raddb/radiusd.conf parameters log_auth=yes, log_auth_badpass=yes, log_auth_goodpass=yes if you need them. This three parameters are no by default. This logs are in ../var/log/radius/radact/auth-detail-[date].log Yes I have all those entries and always have along with -fyz -lstderr for the command line of radiusd. It has been working for almost 2 years now it just stopped logging auth info, not detail info. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log problems
Original Message From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 9:52 AM Subject: Re: Log problems Nick Marino [EMAIL PROTECTED] wrote: Yes I have all those entries and always have along with -fyz -lstderr for the command line of radiusd. Don't pass command-line options to the server. The interaction of command-line options with configuration file options is awkward. Almost all command-line options will be removed in a future release. As to why it stopped logging, I'm not sure. Try running it without command-line options seeing what happens then. Alan DeKok. Ok thanks I will try that and see what the results are. Although I got that info from the FAQ on the freeradius website on setting up daemontools. You may want to update that portion of the faq also. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log problems
Original Message From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 27, 2004 9:52 AM Subject: Re: Log problems Nick Marino [EMAIL PROTECTED] wrote: Yes I have all those entries and always have along with -fyz -lstderr for the command line of radiusd. Don't pass command-line options to the server. The interaction of command-line options with configuration file options is awkward. Almost all command-line options will be removed in a future release. As to why it stopped logging, I'm not sure. Try running it without command-line options seeing what happens then. Alan DeKok. Ok I removed everything from the command line for radiusd except -f and lstderr that is supposed to be required for daemontools to work correctly. Still same result there are no authentication log entries in the radius.log. Here is a section of what is showing up when radiusd is started or restarted. Logging had been working fine for almost 2 years then it stops.. Something must have changed but where? File: radius.logCol 0 4109 bytes 100% Mon Apr 26 19:18:16 2004 : Info: rlm_sql: Starting connect to MySQL server for #3 Mon Apr 26 19:18:16 2004 : Info: rlm_sql: Starting connect to MySQL server for #4 Mon Apr 26 19:30:13 2004 : Info: rlm_sql: Driver rlm_sql_mysql loaded and linked Mon Apr 26 19:30:13 2004 : Info: rlm_sql: Attempting to connect to [EMAIL PROTECTED]:3306/defuniak Mon Apr 26 19:30:13 2004 : Info: rlm_sql: Starting connect to MySQL server for #0 Mon Apr 26 19:30:13 2004 : Info: rlm_sql: Starting connect to MySQL server for #1 Mon Apr 26 19:30:13 2004 : Info: rlm_sql: Starting connect to MySQL server for #2 Mon Apr 26 19:30:13 2004 : Info: rlm_sql: Starting connect to MySQL server for #3 Mon Apr 26 19:30:13 2004 : Info: rlm_sql: Starting connect to MySQL server for #4 Mon Apr 26 20:09:21 2004 : Info: rlm_sql: Driver rlm_sql_mysql loaded and linked Mon Apr 26 20:09:21 2004 : Info: rlm_sql: Attempting to connect to [EMAIL PROTECTED]:3306/defuniak Mon Apr 26 20:09:21 2004 : Info: rlm_sql: Starting connect to MySQL server for #0 Mon Apr 26 20:09:21 2004 : Info: rlm_sql: Starting connect to MySQL server for #1 Mon Apr 26 20:09:21 2004 : Info: rlm_sql: Starting connect to MySQL server for #2 Mon Apr 26 20:09:21 2004 : Info: rlm_sql: Starting connect to MySQL server for #3 Mon Apr 26 20:09:21 2004 : Info: rlm_sql: Starting connect to MySQL server for #4 Mon Apr 26 20:11:43 2004 : Info: rlm_sql: Driver rlm_sql_mysql loaded and linked Mon Apr 26 20:11:43 2004 : Info: rlm_sql: Attempting to connect to [EMAIL PROTECTED]:3306/defuniak Mon Apr 26 20:11:43 2004 : Info: rlm_sql: Starting connect to MySQL server for #0 Mon Apr 26 20:11:43 2004 : Info: rlm_sql: Starting connect to MySQL server for #1 Mon Apr 26 20:11:43 2004 : Info: rlm_sql: Starting connect to MySQL server for #2 Mon Apr 26 20:11:43 2004 : Info: rlm_sql: Starting connect to MySQL server for #3 Mon Apr 26 20:11:43 2004 : Info: rlm_sql: Starting connect to MySQL server for #4 Mon Apr 26 21:40:00 2004 : Info: rlm_sql: Driver rlm_sql_mysql loaded and linked Mon Apr 26 21:40:00 2004 : Info: rlm_sql: Attempting to connect to - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Log problems
Anyone have any idea why authentication info would not be going into the radius.log file? Each time the server starts it logs each server starting but after that no authentication info gets logged and it was working prior to a restart of the system now it does not. I have double checked the logs to make sure it was set to write authentication info to the radius log file and even restored a valid backup of the radius.conf file that was working. I have run check-radius-config to check the radius.conf file stops saying there is another server running on port 3726... but there is no other server running that i can find using ps. Any other ways of checking whats running on a specific port? This is a linux system. Would be glad to post any other info needed. Thanks. P.S. I am not asking anyone to do any of the work for me just point me in a direction that I have not already checked. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error:Discarding requests from new client
I have to Max 6000 units authenticating against a freeraduis server eventually I strart getting the errors below and every time someone calls in and gets the second max they get rejected and these errors continue till the server is rebooted. Then it runs fine for a few days until it starts flooding with the errors below again and then anyone connecting to the second max cant get authenticated again till a reboot. Wierd things is though if a line on the first box becomes free they can get authed on it and get connected but not the second max unit when the first is full. Fri Apr 16 07:37:40 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 54 due to live request 10268 Fri Apr 16 07:37:41 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 55 due to live request 10272 Fri Apr 16 07:37:42 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 55 due to live request 10272 Fri Apr 16 07:37:43 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 56 due to live request 10274 Fri Apr 16 07:37:43 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 55 due to live request 10272 Fri Apr 16 07:37:44 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 56 due to live request 10274 Fri Apr 16 07:37:45 2004 : Error: Discarding new request from client ifcras2:1025 - ID: 56 due to live request 10274 Any help would be greatly appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Other errors also
Also I am getting errors like this since the server was rebooted, Fri Apr 16 08:11:03 2004 : Error: Accounting: logout: entry for NAS ifcras2 port 20210 has wrong ID - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dialup_Admin Question
Ok thanks I will check that. - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 02, 2004 9:45 AM Subject: Re: Dialup_Admin Question On Sun, 29 Feb 2004, Nick Marino wrote: Anyone have any Ideas or simular problems with Dialup_admin not working against the radius server I have running on the same box? When I run server check from dialup admin this is all that I get. Sunday, 29 February 2004, 22:14:38 CST Server: localhost:1812 (test user test) Check the apache logs (error and access log). Usually it is a permission problem of the dictionary folder, which usually is only readable by root. So when you run radclient by hand all works fine, but when it is run through apache (usually running as user nobody) it fails to read the dictionary files. The radius server is running fine as I can use radtest and NTRadping against it and it works as it should. I have gone through all the config files numerous times and can see nothing wrong.. could it be an apache problem? I am running apache 2.0... Nothing else... I have another server running 0.81 and it works fine.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1.578 (20031212) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Choosing Free Radius (beta?)
I have been using freeradius in a production enviroment for a year and a half with out a flaw. Success rate has been about 95% the other 5% were due to configuration changes that needed tuning. If you would like more details you can email me directly. [EMAIL PROTECTED] Original Message From: Matt Bailey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 01, 2004 10:05 PM Subject: Choosing Free Radius (beta?) I am currently trying to choose a radius server to evaluate for use. It appears that free radius is going to replace cistron since cistron development has slowed to maintenance. Is the current Free Radius server a viable solution? When will a 'non-beta' version be available? Is any one using Free Radius in production environment succesfully? Thanks for any information, I am having a dificult time finding good comparisons of GPL radius servers. Matt This message was sent using IMP, the Internet Messaging Program. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup_Admin Question
Anyone have any Ideas or simular problems with Dialup_admin not working against the radius server I have running on the same box? When I run server check from dialup admin this is all that I get. Sunday, 29 February 2004, 22:14:38 CST Server: localhost:1812 (test user test) The radius server is running fine as I can use radtest and NTRadping against it and it works as it should. I have gone through all the config files numerous times and can see nothing wrong.. could it be an apache problem? I am running apache 2.0... Nothing else... I have another server running 0.81 and it works fine.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql libraries
Ok I know this has been asked many times before and I have gone through the faq and tried all suggestions there. I have also dug through thousands of post from the list here about the same problem but am unable to resolve the issue after trying many recommendations posted here on the list. Has anyone ever found a stable resolution to this problem? rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compression
How do you know how much effort I put into something. For all you know I could have worked on this for days and wasn't able to understand.. of course that is not the case.. but I always see alot of comments like this when people ask questions on these lists. What I dont understand is why people post negative remarks to people when they ask any question. Is that not the purspose of these types of list... for the more advanced users to help the less technicaly inclined ones to get a better understanding of the software or what ever the topic is. If you feel that someone is not putting out the effort ( although you have absolutely no way of knowing how much time someone put in to something) then just dont post. Making smart or snide remarks or insulting someone is not accomplishing anything. What good is that . Original Message From: Jeremy Davis [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 19, 2004 2:40 PM Subject: RE: Compression Now how would I go about using this? I am authenticating against a sql database. Depends on your configuration. It is possible to have the server read both users file and the SQL backend. It's not so much that you ask questions, but the questions imply you haven't put any effort into the problem. If you put the attribute in the radreply on radgroup reply table for SQL, the radius server will reply with those attributes to the NAS or whatever you are using. Jeremy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compression
Great answer. Original Message From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 11:41 AM Subject: Re: Compression Nick Marino [EMAIL PROTECTED] wrote: Other question now is what would the exact attribute be to assigned. You said to use a reply but exactly what reply? See dictionary.microsoft. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compression
No I never asked you to do anything for me. But if you are going to answer at all you could at least give information that would be informative. microsoft.dictionaries doesnt tell me anthing. What does that mean search google or something for microsoft.dictionaries is that part of a url or what? When you post please be at least a little descriptive then lazy people wont seem lazy when they ask you what you are talking about.. How come on these list if you as a question people start calling you Lazy just because you dont understand something they have posted. I dont want you to strain anything in your hand typing me a url or something to at least get me in the right direction. Original Message From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 12:57 PM Subject: Re: Compression pNick Marino [EMAIL PROTECTED] wrote: Great answer. You know, I don't *have* to answer questions on the list. I figure if you're too lazy to go read the dictionaries for an attribute you want, then I'm too lazy to do it, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compression
Ok that makes more sense. I found this in the ascend dictionary. VALUEAscend-Link-CompressionLink-Comp-MS-Stac Now how would I go about using this? I am authenticating against a sql database. Question: if I am using sql would anyting in the users file still be applied to dialup connection? Original Message From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, February 18, 2004 1:33 PM Subject: Re: Compression Nick Marino [EMAIL PROTECTED] wrote: What does that mean search google or something for microsoft.dictionaries is that part of a url or what? When you post please be at least a little descriptive then lazy people wont seem lazy when they ask you what you are talking about.. The server includes many vendor dictionaries. If you want to know what attribute to send to a NAS, the *best* way to figure out what to do is to read the vendor dictionaries. How come on these list if you as a question people start calling you Lazy just because you dont understand something they have posted. I was operating under the impression that because you were asking questions on the FreeRADIUS list, that my responses would be taken as being within the context of FreeRADIUS. I guess I was expecting too much. I dont want you to strain anything in your hand typing me a url or something to at least get me in the right direction. I pointed you to a file which comes with FreeRADIUS. If I had wanted you to look on google, I would have *said* look on google. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html