IPv6 ready?
Ciao. Just wondering if FR supports IPv6 addresses since I'm unable to start the server when using IPv6. I've changed (or uncommented) a couple of lines in radiusd.conf under 'listen' section: ipv6addr = :: and then I tried to start the server but no way. It works ok when using IPv4. FR spits out: Failed binding to authentication address 0:0: port 1812: Bad file descriptor. FR server has been built with IPv6 support. Another question is: are you aware of any (client) tool for testing FR when using IPv6 addresses? eapol_test doesn't seem to know anything about :: or ::1 Do the below lines from radiusd.conf require any change when IPv6? ... ... detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d.log } ... ... Sorry about asking many questions at the same time but they're all related. Sergio. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
On Mon, Oct 31, 2011 at 3:11 PM, Sergio NNX sfhac...@hotmail.com wrote: Ciao. Just wondering if FR supports IPv6 addresses Sure it does. If you want it to listen on both ipv4 and ipv6, just add extra listen blocks listen { ipv6addr = :: port = 0 type = auth } listen { ipv6addr = :: port = 0 type = acct } ... which would result in something like this on debug log Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on authentication address :: port 1812 Listening on accounting address :: port 1813 since I'm unable to start the server when using IPv6. You should be. Just to be safe, use latest version (I'm using 2.1.12) I've changed (or uncommented) a couple of lines in radiusd.conf under 'listen' section: ipv6addr = :: and then I tried to start the server but no way. It works ok when using IPv4. You might want to add listen blocks instead of editing them. FR spits out: Failed binding to authentication address 0:0: port 1812: Bad file descriptor. FR server has been built with IPv6 support. Another question is: are you aware of any (client) tool for testing FR when using IPv6 addresses? eapol_test doesn't seem to know anything about :: or ::1 Ask wpa_supplicant developers :) FR's radtest/radclient has both ipv4 and v6 support. So you can do something like $ radtest -4 testuser testpass localhost 0 testing123 $ radtest -6 testuser testpass localhost 0 testing123 ... which would test ipv4 and ipv6 address of localhost (assuming your /etc/hosts is set correctly) Do the below lines from radiusd.conf require any change when IPv6? ... ... detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d.log } Probably. FreeRADIUS-Client-IPv6-Address? I use sql, and hardcode detailfile path when necessary (e.g. when using buffered-sql) -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
Hi, Just wondering if FR supports IPv6 addresses since I'm unable to start the server when using IPv6. yes. we use it fine with IPv6 - both receiving and sending RADIUS packets. Another question is: are you aware of any (client) tool for testing FR when using IPv6 addresses? eapol_test doesn't seem to know anything about :: or ::1 eapol_test - use hostnames (eg in /etc/hosts ?) ? Do the below lines from radiusd.conf require any change when IPv6? ... ... detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d.log yes, Client-IP-Address doesnt exist in IPv6 world - you can use one of the source address attributes instead - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IPv6 ready?
Thank you all for your help. I added two more listen blocks in radiusd.conf and I updated detail { ... with the following: %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but . (there's always a but). if we use an IPv6 address, then Packet-Src-APv6-Address value will be, for instance, 0:0:0:0:0:0:0:0, and the path becomes : ${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log but FR crashes since it cannot create a folder with that name. Is there any way of overcoming this issue? replace : with . or so??? Thanks again for your help. Sergio. Date: Mon, 31 Oct 2011 08:52:46 + From: a.l.m.bu...@lboro.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: IPv6 ready? Hi, Just wondering if FR supports IPv6 addresses since I'm unable to start the server when using IPv6. yes. we use it fine with IPv6 - both receiving and sending RADIUS packets. Another question is: are you aware of any (client) tool for testing FR when using IPv6 addresses? eapol_test doesn't seem to know anything about :: or ::1 eapol_test - use hostnames (eg in /etc/hosts ?) ? Do the below lines from radiusd.conf require any change when IPv6? ... ... detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d.log yes, Client-IP-Address doesnt exist in IPv6 world - you can use one of the source address attributes instead - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
On 31/10/11 15:32, Sergio NNX wrote: Thank you all for your help. I added two more listen blocks in radiusd.conf and I updated detail { ... with the following: %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but . (there's always a but). if we use an IPv6 address, then Packet-Src-APv6-Address value will be, for instance, 0:0:0:0:0:0:0:0, and the path becomes : ${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log but FR crashes since it cannot create a folder with that name. Is there any way of overcoming this issue? replace : with . or so??? Really? Which OS? There's no built-in xlat that allows you to do a substitute; you'll have to use rlm_perl or rlm_python, or an exec script, to translate the name. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IPv6 ready?
Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and let mw know if it works? Date: Mon, 31 Oct 2011 15:46:47 + From: p.may...@imperial.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: IPv6 ready? On 31/10/11 15:32, Sergio NNX wrote: Thank you all for your help. I added two more listen blocks in radiusd.conf and I updated detail { ... with the following: %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but . (there's always a but). if we use an IPv6 address, then Packet-Src-APv6-Address value will be, for instance, 0:0:0:0:0:0:0:0, and the path becomes : ${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log but FR crashes since it cannot create a folder with that name. Is there any way of overcoming this issue? replace : with . or so??? Really? Which OS? There's no built-in xlat that allows you to do a substitute; you'll have to use rlm_perl or rlm_python, or an exec script, to translate the name. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
On 31/10/11 15:58, Sergio NNX wrote: Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and let mw know if it works? I can tell you for absolute certain it won't without even having to try. It's a Windows limitation. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
On 2011/10/31 05:58 PM, Sergio NNX wrote: Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and let mw know if it works? C:\junkmkdir 0:0:0:0:0:0:0:0 The system cannot find the drive specified. C:\junkmkdir '0:0:0:0:0:0:0:0' The filename, directory name, or volume label syntax is incorrect. C:\junkmkdir 0:0:0:0:0:0:0:0 The system cannot find the drive specified. C:\junkmkdir 0\:0\:0\:0\:0\:0\:0\:0 The filename, directory name, or volume label syntax is incorrect. Why not simply remove the Ip address from the log path? Do they HAVE to be in directories with the IP address as part of the name? Cheers, -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 Before acting on this email or opening any attachments you should read Cape PC Service's email disclaimer at: http://www.pcservices.co.za/disclaimer.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IPv6 ready?
Cool, what can i do about it? I'm new to FR so I don't know how to implement a rule or something like that. Can you provide an example or an url where I can find more info? Cheers. Date: Mon, 31 Oct 2011 16:08:21 + From: p.may...@imperial.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: IPv6 ready? On 31/10/11 15:58, Sergio NNX wrote: Thanks Phil. Can you try 'mkdir 0:0:0:0:0:0:0:0' on a Windows box and let mw know if it works? I can tell you for absolute certain it won't without even having to try. It's a Windows limitation. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
Johan Meiring wrote: Why not simply remove the Ip address from the log path? Do they HAVE to be in directories with the IP address as part of the name? No. That's why the config files are editable. Edit them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
Sergio NNX wrote: Thank you all for your help. I added two more listen blocks in radiusd.conf and I updated detail { ... with the following: %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but . (there's always a but). if we use an IPv6 address, then Packet-Src-APv6-Address value will be, for instance, 0:0:0:0:0:0:0:0, and the path becomes : ${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log but FR crashes since it cannot create a folder with that name. Is there any way of overcoming this issue? replace : with . or so??? If it crashes, see doc/BUGS If it doesn't crash, report the *real* error. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
On Mon, Oct 31, 2011 at 11:19 PM, Sergio NNX sfhac...@hotmail.com wrote: Cool, what can i do about it? I'm new to FR so I don't know how to implement a rule or something like that. Can you provide an example or an url where I can find more info? Just edit them. You could put everyting on one file per day: detailfile = ${radacctdir}/detail-%Y%m%d.log ... or better yet, don't use detail if you don't really need it. Use sql instead (which is useful for other things like simultaneous use check, counters, etc) -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
On 31/10/11 16:19, Sergio NNX wrote: Cool, what can i do about it? I'm new to FR so I don't know how to Personally I'd advise running it on a Unix system at the moment. implement a rule or something like that. Can you provide an example or an url where I can find more info? wiki.freeradius.org? The docs that come with the server? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IPv6 ready?
Thanks for all your ideas and suggestions. I'm trying to 'patch' (sorry for this) rlm_detail and replace all ':' with '.' (obviously, when on Windows). I'll try sql as well. Let's keep in touch. Date: Mon, 31 Oct 2011 17:02:36 + From: p.may...@imperial.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: IPv6 ready? On 31/10/11 16:19, Sergio NNX wrote: Cool, what can i do about it? I'm new to FR so I don't know how to Personally I'd advise running it on a Unix system at the moment. implement a rule or something like that. Can you provide an example or an url where I can find more info? wiki.freeradius.org? The docs that come with the server? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPv6 ready?
Hi, Thank you all for your help. I added two more listen blocks in radiusd.conf and I updated detail { ... with the following: %{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}} and it works but . (there's always a but). if we use an IPv6 address, then Packet-Src-APv6-Address value will be, for instance, 0:0:0:0:0:0:0:0, and the path becomes : ${radacctdir}/0:0:0:0:0:0:0:0/detail-%Y%m%d.log but FR crashes since it cannot create a folder with that name. Is there any way of overcoming this issue? replace : with . or so??? well, you asked how it could be done..you didnt say you were trying this on Windows! whats the next surprise? I would do something like use PERL to make %{Packet-Src-IPv6-Address} become sanitized. eg assign %{Tmp-String-0} and use SED to swap : with - this means no single source code line change and easily adaptable to whatever else you might come across then use simly use %{Tmp-String-0} in your detail module config alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html