RE: Dialup Admin
Hi Guys, Could I please get a response to this? From: freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org [mailto:freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org] On Behalf Of Shawky Skaff Sent: Tuesday, 29 January 2013 12:45 PM To: freeradius-users@lists.freeradius.org Subject: Dialup Admin In dialup admin if a select accounting and run an accounting query, I can see accounting data listed in the tables, uptime, downloads, uploads, etc, however if I edit the user, the connection status has no information and the open session shows no sessions. Doesn't the data for all locations come from the same place? Is there anything that I need to do? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup Admin
In dialup admin if a select accounting and run an accounting query, I can see accounting data listed in the tables, uptime, downloads, uploads, etc, however if I edit the user, the connection status has no information and the open session shows no sessions. Doesn't the data for all locations come from the same place? Is there anything that I need to do? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dialup Admin
Furthermore to do this. In dialup admin if a select accounting and run an accounting query, I can see accounting data listed in the tables, uptime, downloads, uploads, etc, however if I edit the user, the connection status has no information and the open session shows no sessions. Doesn't the data for all locations come from the same place? Is there anything that I need to do? -Original Message- From: freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org [mailto:freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, 27 June 2012 11:43 PM To: FreeRadius users mailing list Subject: Re: Dialup Admin Shawky Skaff wrote: - When I view a session of a user, it says user “bla” has 0 open session, which it weird because the user is connected. Where does radius get this info from? Is there anything that I need to change to fix it? It comes from the DB. The information in the DB comes from RADIUS accounting packets sent by the NAS. To fix it, make sure that the NAS sends accounting packets. - Is radkill still used? Is there anywhere I can obtain this from, the ftp link in the wiki times out after a while I guess it's gone. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Online Users
Hi, On the online users gui page of dialup admin, there are serveral columns, one of the columns states name, which is after the caller ID column. I would like to know where this comes from, I have set the name on the user info page, but it doesn't seem like that works. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup Admin
I was wondering if you can point me in the right direction for a couple of issues that I'm having - When I view a session of a user, it says user bla has 0 open session, which it weird because the user is connected. Where does radius get this info from? Is there anything that I need to change to fix it? - Is radkill still used? Is there anywhere I can obtain this from, the ftp link in the wiki times out after a while - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Online Users Question
Hi, On dialup admin online users page, I can see the online users, however if I delete this user and remove of my nas, the user still exists, so can off like a ghost online user. Where does this info come from, the radius itself or the NAS? Also any ideas of maybe something I've missed? Thanks, Shawky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple Realms
Hi, I have spent some time reading and trying to configure multiple realms to no avail. Basically I currently have one active realm and need to have another realm configured onto the same radius box. For example dsl.example.com.au is one and voice.example.com.au is the second. How can I configure the second? I know it's somewhat to do with proxy.conf file, but not sure how or where to do this. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Online Users
Hi, When viewing the online users and I wish to drop or clear the connection, nothing actually happens. Is there anything that I need to do to get this working? Maybe linking this to my NAS somehow, as if I clear the connection from my NAS, it seems to do the job Kind Regards, Shawky Skaf [Description: Description: cid:710305523@08062009-0910] iVox Communications www.ivox.com.auhttp://www.ivox.com.au/ P: +61 2 8252 0205 F: +61 2 8252 0202 The contents of this document may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. iVox Communications is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. inline: image001.gif- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realms
Hi, I'm stuck on realms. Basically when I test a user with the realm name, the radius debug throws an error telling me No such realm How would I go about configuring a realm? I believe it's got something to do with proxy.conf? Kind Regards, Shawky Skaf [Description: Description: cid:710305523@08062009-0910] iVox Communications www.ivox.com.auhttp://www.ivox.com.au/ P: +61 2 8252 0205 F: +61 2 8252 0202 The contents of this document may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. iVox Communications is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. inline: image001.gif- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Realms
Nevermind, I've figured it out From: Shawky Skaff Sent: Friday, 11 May 2012 1:04 PM To: freeradius-users@lists.freeradius.org Subject: Realms Hi, I'm stuck on realms. Basically when I test a user with the realm name, the radius debug throws an error telling me No such realm How would I go about configuring a realm? I believe it's got something to do with proxy.conf? Kind Regards, Shawky Skaf [Description: Description: cid:710305523@08062009-0910] iVox Communications www.ivox.com.auhttp://www.ivox.com.au/ P: +61 2 8252 0205 F: +61 2 8252 0202 The contents of this document may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. iVox Communications is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. inline: image001.gif- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attributes
Hi, In dialup admin, under the groups and users I have the option to add an attribute, however the option which I need is not in the list. The list provided is - Protocol - IP address - IP netmask - Framed-MTU - Compression Used - Service Type - Session Timeout - Idle Timeout - Port Limit - Lock Message The option which I need to add is Framed-Route, how can I do this? Kind Regards, Shawky Skaf [Description: Description: cid:710305523@08062009-0910] iVox Communications www.ivox.com.auhttp://www.ivox.com.au/ P: +61 2 8252 0205 F: +61 2 8252 0202 The contents of this document may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. iVox Communications is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. inline: image001.gif- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Attributes
Nevermind, found the answer From: Shawky Skaff Sent: Friday, 11 May 2012 2:51 PM To: freeradius-users@lists.freeradius.org Subject: Attributes Hi, In dialup admin, under the groups and users I have the option to add an attribute, however the option which I need is not in the list. The list provided is - Protocol - IP address - IP netmask - Framed-MTU - Compression Used - Service Type - Session Timeout - Idle Timeout - Port Limit - Lock Message The option which I need to add is Framed-Route, how can I do this? Kind Regards, Shawky Skaf [Description: Description: cid:710305523@08062009-0910] iVox Communications www.ivox.com.auhttp://www.ivox.com.au/ P: +61 2 8252 0205 F: +61 2 8252 0202 The contents of this document may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. iVox Communications is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. inline: image001.gif- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS Client
I've setup a NAS client that being a cisco7301 and have entered this into clients.conf. When I run radiusd -X and do the following radtest eftel-test test123 27.34.225.253 1812 testing123, it fails, I don't get anything appearing on my debug radiusd -X screen. If I change the clients.conf back to the localhost client and do radtest eftel-test test123 27.34.225.33 1812 testing123 I get the below. 27.34.225.33 is the IP of my radius box. I'm pretty sure I'm doing something wrong or missing something, but would appreciate your help in telling me what I need to do Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. Ignoring request to authentication address * port 1812 from unknown client 27.34.225.33 port 60242 Ready to process requests. Ignoring request to authentication address * port 1812 from unknown client 27.34.225.33 port 60242 Ready to process requests. Ignoring request to authentication address * port 1812 from unknown client 27.34.225.33 port 60242 Ready to process requests. The NAS table has the following entry mysql select * from nas; ++---+---+---+---+-+---+-+ | id | nasname | shortname | type | ports | secret | community | description | ++---+---+---+---+-+---+-+ | 2 | cisco7301 | C7301 | cisco | 1812 | ivox-radius | IVOX-RO | | ++---+---+---+---+-+---+-+ 1 row in set (0.00 sec) My iptables firewall is disabled. [root@radius raddb]# netstat -antup | grep rad tcp0 0 27.34.225.33:54306 27.34.225.33:3306 ESTABLISHED 4605/radiusd tcp0 0 27.34.225.33:54307 27.34.225.33:3306 ESTABLISHED 4605/radiusd tcp0 0 27.34.225.33:54310 27.34.225.33:3306 ESTABLISHED 4605/radiusd tcp0 0 27.34.225.33:54308 27.34.225.33:3306 ESTABLISHED 4605/radiusd tcp0 0 27.34.225.33:54309 27.34.225.33:3306 ESTABLISHED 4605/radiusd udp0 0 0.0.0.0:18120.0.0.0:* 4605/radiusd udp0 0 0.0.0.0:18130.0.0.0:* 4605/radiusd udp0 0 0.0.0.0:18140.0.0.0:* 4605/radiusd Kind Regards, Shawky Skaf [Description: Description: cid:710305523@08062009-0910] iVox Communications www.ivox.com.auhttp://www.ivox.com.au/ P: +61 2 8252 0205 F: +61 2 8252 0202 The contents of this document may be privileged and confidential, any unauthorised use of the contents is expressly prohibited. If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, is prohibited and may be unlawful. iVox Communications is not liable for the proper and complete transmission of the information contained in this communication, nor for any delay in its receipt. inline: image001.gif- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS Client
IP tables is disabled and I can ping the NAS server bring the Radius client - Cisco 7301 successfully Is there anything else that I can check? -Original Message- From: freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org [mailto:freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org] On Behalf Of Fajar A. Nugraha Sent: Monday, 7 May 2012 5:21 PM To: FreeRadius users mailing list Subject: Re: NAS Client On Mon, May 7, 2012 at 2:08 PM, Shawky Skaff shaw...@ivox.com.au wrote: I've setup a NAS client that being a cisco7301 and have entered this into clients.conf. When I run radiusd -X and do the following radtest eftel-test test123 27.34.225.253 1812 testing123, it fails, I don't get anything appearing on my debug radiusd -X screen. The usual suspect would be firewall (e.g. iptables). Try disabling it temporarily, and make sure basic connectivity (e.g. ping) works. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS Client
Thanks for that, debug is now reading the client as per below. rlm_sql (sql): Read entry nasname=27.34.225.253,shortname=cisco7301,secret=XX rlm_sql (sql): Adding client 27.34.225.253 (cisco7301, server=none) to clients list However still don't get any output when I run radtest from another window. radtest eftel-test test123 27.34.225.253 1812 testing123. What I do get is below [root@radius raddb]# radtest eftel-test test123 27.34.225.253 1812 testing123 Sending Access-Request of id 156 to 27.34.225.253 port 1812 User-Name = eftel-test User-Password = test123 NAS-IP-Address = 27.34.225.33 NAS-Port = 1812 Sending Access-Request of id 156 to 27.34.225.253 port 1812 User-Name = eftel-test User-Password = test123 NAS-IP-Address = 27.34.225.33 NAS-Port = 1812 Sending Access-Request of id 156 to 27.34.225.253 port 1812 User-Name = eftel-test User-Password = test123 NAS-IP-Address = 27.34.225.33 NAS-Port = 1812 radclient: no response from server for ID 156 socket 3 What I don't understand is it's saying the NAS-IP-Address = 27.34.225.33, shouldn't this be 27.34.225.253? If so, how do I fix it? -Original Message- From: freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org [mailto:freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org] On Behalf Of Jens Weibler Sent: Monday, 7 May 2012 5:45 PM To: freeradius-users@lists.freeradius.org Subject: Re: NAS Client Hi, On 07.05.2012 09:08, Shawky Skaff wrote: Ignoring request to authentication address * port 1812 from unknown client 27.34.225.33 port 60242 please correct your nas-entry (ip-addr should be in the field nasname) and read_clients set to yes.. -- Jens Weibler IT-Services Hochschule Darmstadt www.h-da.de University of Applied Sciences Fachbereich Informatik www.fbi.h-da.de Schöfferstr. 8b D-64295 Darmstadt Tel +49 6151 16-8425 Fax +49 6151 16-8935 jens.weib...@h-da.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS Client
My etc/hosts file contains the following # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost 27.34.225.33radius radius ::1 localhost6.localdomain6 localhost6 When I run radiusd -X and radtest on another screen, on the radiusd -X debug it doesn't print anything, the last lines say ready to process requests, that's it My iptables have been turned off, so don't think it's firewall -Original Message- From: freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org [mailto:freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org] On Behalf Of Fajar A. Nugraha Sent: Tuesday, 8 May 2012 10:45 AM To: FreeRadius users mailing list Subject: Re: NAS Client On Tue, May 8, 2012 at 6:50 AM, Shawky Skaff shaw...@ivox.com.au wrote: Thanks for that, debug is now reading the client as per below. rlm_sql (sql): Read entry nasname=27.34.225.253,shortname=cisco7301,secret=XX rlm_sql (sql): Adding client 27.34.225.253 (cisco7301, server=none) to clients list However still don't get any output when I run radtest from another window. radtest eftel-test test123 27.34.225.253 1812 testing123. What I do get is below [root@radius raddb]# radtest eftel-test test123 27.34.225.253 1812 testing123 Sending Access-Request of id 156 to 27.34.225.253 port 1812 User-Name = eftel-test User-Password = test123 NAS-IP-Address = 27.34.225.33 NAS-Port = 1812 Sending Access-Request of id 156 to 27.34.225.253 port 1812 User-Name = eftel-test User-Password = test123 NAS-IP-Address = 27.34.225.33 NAS-Port = 1812 Sending Access-Request of id 156 to 27.34.225.253 port 1812 User-Name = eftel-test User-Password = test123 NAS-IP-Address = 27.34.225.33 NAS-Port = 1812 radclient: no response from server for ID 156 socket 3 What I don't understand is it's saying the NAS-IP-Address = 27.34.225.33, shouldn't this be 27.34.225.253? If so, how do I fix it? NAS-IP-Address is whatever the client decides to send. With radclient/radtest, it's whatever the IP address that resolves to the client's hostname (usually in client's /etc/hosts). What does the debug log on the server says when the client sends those packets? Does it say unknown client, or it doesn't print anything (in other words, it might be blocked by firewall or something)? -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS Client
Ok I see, if I wanted to test a user on the radius client (cisco), am I not able to use radtest? Sorry if the questions seem silly, I'm new to this -Original Message- From: freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org [mailto:freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org] On Behalf Of Fajar A. Nugraha Sent: Tuesday, 8 May 2012 11:18 AM To: FreeRadius users mailing list Subject: Re: NAS Client On Tue, May 8, 2012 at 7:44 AM, Fajar A. Nugraha l...@fajar.net wrote: On Tue, May 8, 2012 at 6:50 AM, Shawky Skaff shaw...@ivox.com.au wrote: Thanks for that, debug is now reading the client as per below. rlm_sql (sql): Read entry nasname=27.34.225.253,shortname=cisco7301,secret=XX rlm_sql (sql): Adding client 27.34.225.253 (cisco7301, server=none) to clients list However still don't get any output when I run radtest from another window. radtest eftel-test test123 27.34.225.253 1812 testing123. What I do get is below Reading your mail again, I think you're confusing something. Are you running radtest on the RADIUS SERVER and sending access-request packets to the NAS (i.e. cisco)? It doesn't work that way. radtest and radclient is just another NAS. NAS sends access-request packets to radius server, not the other way around. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: NAS Client
Ok, no problem, I understand. Finally when I go to the 'check server' page on the dialup admin page, what am I meant to see? The only thing I see is below Tuesday, 8 May 2012, 11:28:20 EST Server: radius:1812 (test user test) -Original Message- From: freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org [mailto:freeradius-users-bounces+shawkys=ivox.com...@lists.freeradius.org] On Behalf Of Fajar A. Nugraha Sent: Tuesday, 8 May 2012 11:40 AM To: FreeRadius users mailing list Subject: Re: NAS Client On Tue, May 8, 2012 at 8:24 AM, Shawky Skaff shaw...@ivox.com.au wrote: Ok I see, if I wanted to test a user on the radius client (cisco), am I not able to use radtest? If by test user you mean you've created a user on db/users file, and want to test if the user is correctly setup (e.g.whether the password is correct), then you can use radtest to localhost. By default 127.0.0.1 is already setup as client NAS on clients.conf. Note that it doesn't really have anything to do with cisco: the same user will be usable on any NAS that authenticates to the radius server. If by test user you mean you want to check whether the cisco box is setup correctly, and whether you can login on that NAS, then you can't use radtest. You need to actually login on that NAS (e.g. using 802.1x wired/wireless, or whatever). -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius2 Mysql
thanks for that, it's done the job. Now my second problem is dialup admin. I can access it using http://(IP address)/dialup, however when I click on the left hand side menu options, for example accounting or statistic, I receive the following error DEBUG(SQL,MYSQL DRIVER): Connect: User=(root),Password=(mypassword) If i turn off sql debug, I receive a plain white page instead. The only options which I can select and view options are find user, show group, check server, help and about. Listed below are my config files. I am using php5 Admin.conf # # Main Configuration File # # it can be default or whatever language. Only greek are supported # from non latin alphabet languages # These attribute only apply for ldap not for sql # general_prefered_lang: en general_prefered_lang_name: English # # The charset which will be added as a meta tag in all pages # general_charset: iso-8859-1 # # Uncomment this if normal attributes (not the ;lang-xx ones) in ldap # are utf8 encoded. # #general_decode_normal_attributes: yes # # The directory where dialupadmin is installed # general_base_dir: /usr/local/dialup_admin # # The base directory of the freeradius radius installation # general_radiusd_base_dir: /usr/sbin general_domain: (company).net.au # # Set it to yes to use sessions and cache the various mappings # You can also set use_session = 1 in config.php3 to also cache # the admin.conf # # IMPORTANT -- IMPORTANT -- IMPORTANT #Remember to use the 'Clear Cache' page if you use sessions and do any changes #in any of the configuration files. # general_use_session: no # # This is used by the failed logins page. It states the default back time # in minutes. # general_most_recent_fl: 30 # # Realm setup # # Set general_strip_realms to yes in order to stip realms from usernames. # By default realms are not striped general_strip_realms: yes # # The delimiter used in realms. Default is @ # general_realm_delimiter: @ # # The format of the realms. Can be either suffix (realm is after the username) # or prefix (realm is before the username). Default is suffix # # general_realm_format: suffix # # # Determines if the administrator will be able to see and change the user password through # the user edit page general_show_user_password: yes general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap # Need to fix admin.conf file parser #general_clients_conf: %{general_raddb_dir}/clients.conf general_clients_conf: etc/raddb/clients.conf general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap general_username_mappings_file: %{general_base_dir}/conf/username.mappings # # it can be either ldap or sql # This affects the user base not accounting. Accounting is always in sql # general_lib_type: sql # # Define which attributes will be visible in the user edit page # general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs # # Used by the Accounting Report Generator # general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs # # Set default values for various attributes # general_default_file: %{general_base_dir}/conf/default.vals #general_ld_library_path: /usr/local/snmpd/lib # # can be 'snmp' (for snmpfinger) or empty to query the radacct table without first # querying the nas # This is used by the online users page # general_finger_type: snmp # # Defines the nas type. This is only used by snmpfinger # cisco, usrhiper and lucent are supported for now # general_nas_type: cisco general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger # # Used by the 'Disconnect User' button in the Clear Open Sessions page # Uses the Cisco AAA Session MIB or a telnet session # general_sessionclear_bin: %{general_base_dir}/bin/clearsession # # Can be one of telnet or snmp # general_sessionclear_method: snmp general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient # # this information is used from the server check page # general_test_account_login: test general_test_account_password: testpass # # These are used as default values for the user test page # general_radius_server: localhost general_radius_server_port: 1812 # # can be either pap or chap # general_radius_server_auth_proto: chap # # sorry, single valued for now. Should become something like # password[server-name]: x # general_radius_server_secret: XX general_auth_request_file: %{general_base_dir}/conf/auth.request # # can be one of crypt,md5,clear # general_encryption_method: clear # # can be either asc (older dates first) or desc (recent dates first) # This is used in the user accounting and badusers pages # general_accounting_info_order: desc # # Use the totacct table in the user statistics page instead of the radacct # table. That will make the page run quicker. totacct should have data for # this to work :-) # general_stats_use_totacct: no # # If