Replicated account stop messages
Hi All, we have a problem with some Radius Client that, cause of malfunction, sometimes re-send a specific stop RADIUS messages several times, it just change the stop time but all the other attribute and data are the same (so it easy to find it). We use freeradius v.2 as proxy so all these messages pass through it, and we'd like that freeradius forwards to the Main RADIUS server just the first one. Is it possible and how? Following you can find an abstract of the log referring to this issue: Thu May 20 16:59:12 2010 User-Name = NAS-IP-Address = 172.24.196.190 NAS-Port = 0 Acct-Status-Type = Stop Acct-Session-Id = 1F000C38 Acct-Output-Octets = 115924 Acct-Input-Octets = 597749 Acct-Output-Packets = 1126 Acct-Input-Packets = 1060 Session-Timeout = 2705 Idle-Timeout = 600 Event-Timestamp = May 20 2010 07:15:32 CEST Called-Station-Id = 00-50-E8-01-F1-26 Calling-Station-Id = 00-1C-C4-1A-30-72 Acct-Session-Time = 365 Acct-Terminate-Cause = 23 NAS-Identifier = CC03010010 NAS-Port-Type = Async Framed-IP-Address = 10.0.0.22 Nomadix-Subnet = Nomadix-Attr-17 = 0x WISPr-Location-ID = isocc=IT,cc=39,ac=0522,network=Guglielmo Acct-Delay-Time = 11 Client-IP-Address = 65.199.220.1 Acct-Unique-Session-Id = 4b1d2e908270a790 Stripped-User-Name = XXX Realm = zf Freeradius-Proxied-To = 192.168.27.108 Timestamp = 1274367552 Thu May 20 16:59:17 2010 User-Name = XXX NAS-IP-Address = 172.24.196.190 NAS-Port = 0 Acct-Status-Type = Stop Acct-Session-Id = 1F000C38 Acct-Output-Octets = 115924 Acct-Input-Octets = 597749 Acct-Output-Packets = 1126 Acct-Input-Packets = 1060 Session-Timeout = 2705 Idle-Timeout = 600 Event-Timestamp = May 20 2010 07:15:37 CEST Called-Station-Id = 00-50-E8-01-F1-26 Calling-Station-Id = 00-1C-C4-1A-30-72 Acct-Session-Time = 365 Acct-Terminate-Cause = 23 NAS-Identifier = CC03010010 NAS-Port-Type = Async Framed-IP-Address = 10.0.0.22 Nomadix-Subnet = Nomadix-Attr-17 = 0x WISPr-Location-ID = isocc=IT,cc=39,ac=0522,network=Guglielmo Acct-Delay-Time = 16 Client-IP-Address = 65.199.220.1 Acct-Unique-Session-Id = 4b1d2e908270a790 Stripped-User-Name = XXX Realm = zf Freeradius-Proxied-To = 192.168.27.108 Timestamp = 1274367557 Best Regards Nicola - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reject realm-based vol.2
Hi all, thank you for answers...but I think my problem is a little different...we have to reject request with a specified realm, not without realm. I mean for example we have to reject immediately requests with realm = 'office01' and to proxy requests with realm = 'office02' Regards Hi all, we use Freeradius as proxy based on prefix realm. We have to send an immediate reject reply to requests with a specified realm At the moment our freeradius proxy sends these requests to an IP address assigned to nothing...Is there a better way to do this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Long authentication times
Egr.Sig Ferraro, mi permetto di scriverle in italiano, visto che non è mia intenzione aggiungere informazioni di carattere tecnico, lasciando tale compito agli sviluppatori di Freeradius certamente più competenti, tuttavia, a proposito del progetto che state sviluppando, desidero presentarle la ditta per cui lavoro che si occupa proprio di realizzare reti wireless e gestire gli accessi in modo centralizzato. La Guglielmo (questo è il nome della ditta in onore a Marconi) copre già con i suoi servizi biblioteche comunali e universitarie, hotel, strutture tuistiche e centri urbani. Il completo controllo del sistema di autenticazione centralizzato permette di adattare il servizio dal punto di vista grafico-promozionale alla realtà dove viene attivato, mantenendo la compatibilità tra tutte le location, in questo modo un utente può usare il proprio account in ognuno dei nostri punti. Il sistema centralizzato permette l'archiviazione dei deti relativi agli utenti e alle connessioni effettuete secondo le norme vigenti in modo automatico e l'inserimento di ogni nuova location in un circuito sempre più ampio, arricchito da accordi di roaming con altre compagnie straniere. Può avere altre informazioni consultando : www.guglielmo.biz Se desidera approfondire la conoscenza reciproca non esiti a contattarmi al : [EMAIL PROTECTED] Mi perdoni se mi sono permesso di scrivere senza conoscela e senza conoscere i dettagli del progetto a cui sta lavorando, ma la mia unica intenzione è quella di provare a mettere in contatto realtà per verificare eventuali possibilità di collaborazione. Cordiali Saluti ---Original Message--- From: [EMAIL PROTECTED]; FreeRadius users mailing list Date: 12/18/06 16:44:11 To: freeradius-users@lists.freeradius.org Subject: Long authentication times Good morning to all, I am coordinating a project for installing a wireless network at the Faculty of Statistics of University of Rome. We have been using freeradius with PEAP and EAP-TTLS enabled. All seems to work fine except for the very long authentication times (about one minutes) we are experiencing when using the default Windows XP supplicant. After doing some searches on the previous discussions, I found the following thread where it is said that such a problem may be due to the way the Windows supplicant handles the EAP negotiation: http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg30473 html I performed some further searches and discovered that this delay may be due to the four-way handshake protocol used by the client machine to establish a new connection with the AP. Do someone knows if there exists any tuning in the implementation of this protocol able to reduce the waiting time? Thanks in advance for any help! -- Umberto Ferraro Petrillo PhD Dipartimento di Statistica, Probabilita' e Statistiche Applicate Universita' di Roma -- La Sapienza P.le Aldo Moro, 5 00185 - Rome, Italy phone: +39 06 499 10513 e-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Insert charactrer in username
Hi all, we use Freeradius as proxy. Is it possible to insert a character inside the username every time in the same position (i.e. before last six characters) using preproxy_users configuration file ?. For example : original username = Johnnyfavourite username after preproxy section = [EMAIL PROTECTED] So the server can use ourite as proxy realm.. And if it is possible, which is the right syntax of the instruction in preproxy_users file? If it is not possible, is there another way to do it? Thank you - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proxy realm
Hi all, sorry...another question we use freeradius as proxy. We configured a suffix realm based proxy with delimiter character /. If there is a username like this : user/test/server1 (I mean with more than one /) which one of / does freeradius consider as suffix delimiter ? Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users connected blocked
Hi allsorry for HTML content but it's not my PC.. We are using freeradius 1.0.5 just as proxy to do a realm basedmessages redirection... we have the problem that sometimes the radiusclient doesn't send stop message and users remain connected.It is a bigproblem because if one user blocked tries to connect again, the mainserver rejects connection because in its database the user is alreadyconnected.Is it possible to use Acct-Interim-Attribute to solve this problem.. Imean: is it possible to do that when freeradius doesn't receive anymoreInterim-Update messages for one connection, it sends to main server a stopmessage for that connection ?Or is there another way to force connection ends message to main serverafter a fixed time or when freeradius doesn't receive anymoreInterim-Update message even if freeradius doesn't receive stop messagefrom client?(remember that all the database are on the main server only..)Thank you Ing. Nicola IottiNetwork Managermailto: [EMAIL PROTECTED] Guglielmo S.r.l. Sede legale: Via Martiri di Minozzo, 12 Sede operativa: Via Sante Vincenzi ,2 / D 42100 Reggio Emilia ITALIA Tel.: +39-0522 - 40 63 67 Fax: +39-0522 - 54 08 16 Cell: +39-320 61 90 072 internet website: http://www.guglielmo.biz mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS ID re-write
Hi all, I'm using freeradius 1.0.5 just as proxy to do a realm based messages redirection... How can I re-write NAS_ID ( attribute 32)with different ID for different redirection options... Thank you Ing. Nicola IottiNetwork Managermailto: [EMAIL PROTECTED] Guglielmo S.r.l. Sede legale: Via Martiri di Minozzo, 12 Sede operativa: Via Sante Vincenzi ,2 / D 42100 Reggio Emilia ITALIA Tel.: +39-0522 - 40 63 67 Fax: +39-0522 - 54 08 16 Cell: +39-320 61 90 072 internet website: http://www.guglielmo.biz mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Installation problem Radiusd does not exist
I'm installing freeradius 1.0.5on a Debian Linux system I've downloaded tarball, extracted it with #tar zxvf freeradius-1.0.5.tar.gzI did: ./configure make make install But installation stops with following message: install: radiusd does not exist make[4]: ***[install] Error 2 Does anyone know what happened ?? Ing. Nicola IottiNetwork Managermailto: [EMAIL PROTECTED] Guglielmo S.r.l. Sede legale: Via Martiri di Minozzo, 12 Sede operativa: Via Sante Vincenzi ,2 / D 42100 Reggio Emilia ITALIA Tel.: +39-0522 - 40 63 67 Fax: +39-0522 - 54 08 16 Cell: +39-320 61 90 072 internet website: http://www.guglielmo.biz mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius as Proxy
Hi, I'm using Freeradius 1.0.5 as Proxy , but does anyone knows if freeradius have just to send requests from NAS to Server or also server's replies to the nas ? I mean does the radius serves reply directly to NAS or it communicates always through the freeradius proxy? Regards Ing. Nicola IottiNetwork Managermailto: [EMAIL PROTECTED] Guglielmo S.r.l. Sede legale: Via Martiri di Minozzo, 12 Sede operativa: Via Sante Vincenzi ,2 / D 42100 Reggio Emilia ITALIA Tel.: +39-0522 - 40 63 67 Fax: +39-0522 - 54 08 16 Cell: +39-320 61 90 072 internet website: http://www.guglielmo.biz mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed to link to module 'rlm_eap'
Hi, I'm using Freeradius 1.0.5, I ran ./configure -disable-shared but when I start radiusd -s -X .. it stops with this message ... radiusd.conf[9]Failed to link to module 'rlm_eap': unknown error I see in past mail that other people had this problem but I can't find solution.. Ing. Nicola IottiNetwork Managermailto: [EMAIL PROTECTED] Guglielmo S.r.l. Sede legale: Via Martiri di Minozzo, 12 Sede operativa: Via Sante Vincenzi ,2 / D 42100 Reggio Emilia ITALIA Tel.: +39-0522 - 40 63 67 Fax: +39-0522 - 54 08 16 Cell: +39-320 61 90 072 internet website: http://www.guglielmo.biz mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
