Re: coa
thanks tiffany I have followed your instruction, but same issue,, here is the log [root@aaaisb1 terminus]# cat dic.txt | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' Sending Disconnect-Request of id 179 to 2.2.2.2 port 3799 Acct-Session-Id = 1B1E97C3 User-Name = 002682615F4E@test_cpe.com NAS-IP-Address = 2.2.2.2 rad_recv: Disconnect-NAK packet from host 2.2.2.2 port 3799, id=179, length=26 Error-Cause = Missing-Attribute tell me one thing,,,i need some configuration for enabling COA in freeradius??? thanks On Tue, Jul 23, 2013 at 10:39 AM, Tiffany Pasisir tiffany.pasi...@countrytell.com.au wrote: Hi Muhammad ** ** Try put in a file ** ** Acct-Session-Id=1B1E97C3 User-Name=002682615F4E@test_cpe.com NAS-IP-Address=2.2.2.2 ** ** cat file | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' ** ** See how it goes ** ** Send all the output here so we can help ** ** Tiffany ** ** *From:* freeradius-users-bounces+tiffany.pasisir= countrytell.com...@lists.freeradius.org [mailto: freeradius-users-bounces+tiffany.pasisir= countrytell.com...@lists.freeradius.org] *On Behalf Of *Muhammad Nadeem *Sent:* Tuesday, 23 July 2013 2:50 PM *To:* FreeRadius users mailing list *Subject:* coa ** ** hi everybody,, I wanna implement COA (Change Of Authorization) in freeradius. I have a live session of a device, I wanna disconnect this device forcefully. ** ** I isssued following command ** ** echo Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address=2.2.2.2 | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' ** ** but it give the error of missing attribute. Can anybody tell me what is the issue. Thanks ** ** -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: coa
No You need to read the manual from your nas / device you are trying to send a coa or disconnect to about what it expects in the message as I said before. It's nothing to do with freeradius and everything about how you talk to your nas. Error-Cause = Missing-Attribute Says everything in my view. On 23/07/2013 6:21 PM, Muhammad Nadeem mnadeem8...@gmail.com wrote: thanks tiffany I have followed your instruction, but same issue,, here is the log [root@aaaisb1 terminus]# cat dic.txt | radclient -x 2.2.2.2:3799disconnect 'huaweiaaa' Sending Disconnect-Request of id 179 to 2.2.2.2 port 3799 Acct-Session-Id = 1B1E97C3 User-Name = 002682615F4E@test_cpe.com NAS-IP-Address = 2.2.2.2 rad_recv: Disconnect-NAK packet from host 2.2.2.2 port 3799, id=179, length=26 Error-Cause = Missing-Attribute tell me one thing,,,i need some configuration for enabling COA in freeradius??? thanks On Tue, Jul 23, 2013 at 10:39 AM, Tiffany Pasisir tiffany.pasi...@countrytell.com.au wrote: Hi Muhammad ** ** Try put in a file ** ** Acct-Session-Id=1B1E97C3 User-Name=002682615F4E@test_cpe.com NAS-IP-Address=2.2.2.2 ** ** cat file | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' ** ** See how it goes ** ** Send all the output here so we can help ** ** Tiffany ** ** *From:* freeradius-users-bounces+tiffany.pasisir= countrytell.com...@lists.freeradius.org [mailto: freeradius-users-bounces+tiffany.pasisir= countrytell.com...@lists.freeradius.org] *On Behalf Of *Muhammad Nadeem *Sent:* Tuesday, 23 July 2013 2:50 PM *To:* FreeRadius users mailing list *Subject:* coa ** ** hi everybody,, I wanna implement COA (Change Of Authorization) in freeradius. I have a live session of a device, I wanna disconnect this device forcefully. ** ** I isssued following command ** ** echo Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address=2.2.2.2 | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' ** ** but it give the error of missing attribute. Can anybody tell me what is the issue. Thanks ** ** -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: coa
I think you should read documentation about CoA offered by your NAS. Then see what can likely be about *Missing Attribute* at least. You better know about all of Error-Cause it may occur. In my experience, it might be lack of key on identifying unique host. In other words, could it be your Acct-Session-Id or User-Name cannot be primary key to identify one host on the NAS? Okis. From: Muhammad Nadeem [mailto:mnadeem8...@gmail.com] Sent: Tuesday, July 23, 2013 2:00 PM To: okischu...@outlook.com Subject: Re: coa thanks all,,, i am using huawei NAS. here is the complete log echo Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address =2.2.2.2 | radclient -x 2.2.2.2:3799 disconnect huaweiaaa Sending Disconnect-Request of id 0 to 2.2.2.2 port 3799 Acct-Session-Id = 1B1E97C3 User-Name = 002682615F4E@test_cpe.com NAS-IP-Address = 2.2.2.2 rad_recv: Disconnect-NAK packet from host 2.2.2.2 port 3799, id=0, length=26 Error-Cause = Missing-Attribute whats wrong??? On Tue, Jul 23, 2013 at 10:58 AM, okischu...@outlook.com wrote: quote author='Nadeem' hi everybody,, I wanna implement COA (Change Of Authorization) in freeradius. I have a live session of a device, I wanna disconnect this device forcefully. I isssued following command echo Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address =2.2.2.2 | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' but it give the error of missing attribute. Can anybody tell me what is the issue. Thanks -- What kind of CoA server you are using? In my experiences, coa highly depends on the type of NAS. In my case that I has a WiFi GW as CoA server, it usually gets Missing Attributes if I missed some *keys* of identifying unique user. Such as NAS-IP-Address + NAS-Port-Id or Some-VSA-Can-Be-A-Key or Acct-Session-Id and usually with priority. Besides, maybe you can post some more detailed output of your testing so that we can do more help. Okis. _ Sent from http://freeradius.1045715.n5.nabble.com -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: coa
Go back and read the manual from your nas provider as they should tell you what attributes they need in the coa payload. On 23/07/2013 4:50 PM, Muhammad Nadeem mnadeem8...@gmail.com wrote: hi everybody,, I wanna implement COA (Change Of Authorization) in freeradius. I have a live session of a device, I wanna disconnect this device forcefully. I isssued following command echo Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address=2.2.2.2 | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' but it give the error of missing attribute. Can anybody tell me what is the issue. Thanks -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: coa
Hi Muhammad Try put in a file Acct-Session-Id=1B1E97C3 User-Name=002682615F4E@test_cpe.com NAS-IP-Address=2.2.2.2 cat file | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' See how it goes Send all the output here so we can help Tiffany From: freeradius-users-bounces+tiffany.pasisir=countrytell.com.au@lists.freeradius .org [mailto:freeradius-users-bounces+tiffany.pasisir=countrytell.com...@lists.fr eeradius.org] On Behalf Of Muhammad Nadeem Sent: Tuesday, 23 July 2013 2:50 PM To: FreeRadius users mailing list Subject: coa hi everybody,, I wanna implement COA (Change Of Authorization) in freeradius. I have a live session of a device, I wanna disconnect this device forcefully. I isssued following command echo Acct-Session-Id=1B1E97C3,User-Name=002682615F4E@test_cpe.com,NAS-IP-Address =2.2.2.2 | radclient -x 2.2.2.2:3799 disconnect 'huaweiaaa' but it give the error of missing attribute. Can anybody tell me what is the issue. Thanks -- Best Regards Muhammad Nadeem Muhammad Ali Jinnah University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA proxy error
Mehdi Ravanbakhsh wrote: Hi All : i have get this error in log after setup COA-originate in site-enable : WARNING: No previous template for proxy socket. Source IP address may be chosen by the OS Don't edit the configuration files and break the server. If you do edit them, ensure you know what you're doing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA proxy error
i fond that : in radius.conf : proxy_requests = yes it is work now for update disconnect but for update coa it is not work , i do not know if i use it correctly : *default config :* preacct { update coa { User-Name = %{User-Name} Acct-Session-Id = %{Acct-Session-Id} NAS-IP-Address = %{NAS-IP-Address} Session-Timeout := 5 } } On Wed, Apr 3, 2013 at 12:23 AM, Mehdi Ravanbakhsh baba...@gmail.comwrote: Hi All : i have get this error in log after setup COA-originate in site-enable : WARNING: No previous template for proxy socket. Source IP address may be chosen by the OS ... adding new socket proxy address * port 16288 ERROR: Failed to insert CoA request into proxy list. * clent.conf : * client lar { ipaddr = 5.190.103.4 secret = testing123 require_message_authenticator = no nastype = other coa_server = lar } *coa-originate :* home_server lar { type = coa ipaddr = 5.190.103.4 port = 1700 secret = testing123 coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } home_server_pool main { type = fail-over home_server = lar } *default config :* preacct { update disconnect { User-Name = %{User-Name} Acct-Session-Id = %{Acct-Session-Id} NAS-IP-Address = %{NAS-IP-Address} } } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
On 8 Nov 2012, at 07:38, Mixmasterontour PureDJ mixmasteront...@hotmail.com wrote: Well, that's a typo. I've pushed another fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Perfect, it's working now! Thanks one other small thing: in freeradius-server/raddb/sql/mysql/dialup.conf there is an error Fixed. Thanks. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
Fixed. Thanks. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks, but you fixed the accounting start, actually it contains 23 values now, should be 22 the error was in accounting interim-update - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
On 8 Nov 2012, at 08:23, Mixmasterontour PureDJ mixmasteront...@hotmail.com wrote: Fixed. Thanks. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks, but you fixed the accounting start, actually it contains 23 values now, should be 22 the error was in accounting interim-update You didn't specify which query it was, but I noticed after editing the file that you meant the alternate update query so swapped out the commit. https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/sql/mysql/dialup.conf Contains the right fix... -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
On 8 Nov 2012, at 09:05, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 8 Nov 2012, at 08:23, Mixmasterontour PureDJ mixmasteront...@hotmail.com wrote: Fixed. Thanks. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks, but you fixed the accounting start, actually it contains 23 values now, should be 22 the error was in accounting interim-update You didn't specify which query it was, but I noticed after editing the file that you meant the alternate update query so swapped out the commit. Actually you did, but it's pre-coffee, sorry. https://github.com/FreeRADIUS/freeradius-server/blob/master/raddb/sql/mysql/dialup.conf Contains the right fix... And I swapped out the commits within a couple of minutes of making the change, so I guess you were just looking at the commit feed instead of actually checking the files? -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
On 7 Nov 2012, at 11:25, Mixmasterontour PureDJ mixmasteront...@hotmail.com wrote: Hello, I have a problem with originate-coa I want to send coa to mikrotik to change bandwith But if I do that I get the folowing error: (0)update coa { ASSERT FAILED evaluate.c[1154]: output_vps Aborted (core dumped) Can haz backtrace plz? Or that core dump file if you know where it went... -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
The core dump was off, now when I enable the coredumps radiusd won't dump anymore. Every other program dumps with SEGV signal, but radiusd won't So I don't know how te get a dump. now it aborts with: (0)update coa { ASSERT FAILED evaluate.c[1154]: output_vps Aborted Thanks in advance From: mixmasteront...@hotmail.com To: freeradius-users@lists.freeradius.org Subject: Coa problem Date: Wed, 7 Nov 2012 12:25:48 +0100 Hello, I have a problem with originate-coa I want to send coa to mikrotik to change bandwith But if I do that I get the folowing error: (0)update coa { ASSERT FAILED evaluate.c[1154]: output_vps Aborted (core dumped) I'm using freeradius version 3.0 (I have tried it with radius version 2.1.10, error was slightly different go a segmentation fault) here is the code within sites-enables/default update coa { User-Name = %{User-Name} Acct-Session-Id = %{Acct-Session-Id} NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Mikrotik-Rate-Limit = 256K/256K } This is send from accounting { I put originate-coa in the sites-enabled and I have made the folowing config: home_server mikrotik-test-coa { type = coa # # Note that a home server of type coa MUST be a real NAS, # with an ipaddr or ipv6addr. It CANNOT point to a virtual # server. # ipaddr = 192.168.8.97 port = 3799 # This secret SHOULD NOT be the same as the shared # secret in a client section. secret = same as in clients.conf, because in the NAS it is the same # CoA specific parameters. See raddb/proxy.conf for details. coa { irt = 2 mrt = 16 mrc = 5 mrd = 30 } } server originate-coa.mikrotik { pre-proxy { #update proxy-request { #NAS-IP-Address = 127.0.0.1 #} ok } # # Handle the responses here. # post-proxy { switch %{proxy-reply:Packet-Type} { case CoA-ACK { ok } case CoA-NAK { # the NAS didn't like the CoA request ok } case Disconnect-ACK { ok } case Disconnect-NAK { # the NAS didn't like the Disconnect request ok } # Invalid packet type. This shouldn't happen. case { fail } } # # These methods are run when there is NO response # to the request. # Post-Proxy-Type Fail-CoA { ok } Post-Proxy-Type Fail-Disconnect { ok } } } I have tried many many different settings in originate-coa when I use radclient I can send a coa with succes. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
Mixmasterontour PureDJ wrote: The core dump was off, now when I enable the coredumps radiusd won't dump anymore. Every other program dumps with SEGV signal, but radiusd won't So I don't know how te get a dump. now it aborts with: (0)update coa { ASSERT FAILED evaluate.c[1154]: output_vps Aborted I've pushed a fix. It should not have been an assert. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
Small update. I have run radiusd -X in gdb And get this as result: (0)update coa { ASSERT FAILED evaluate.c[1154]: output_vps Program received signal SIGABRT, Aborted. 0x76b97425 in raise () from /lib/x86_64-linux-gnu/libc.so.6 Hope this give some ideas? Subject: Re: Coa problem From: a.cudba...@freeradius.org Date: Wed, 7 Nov 2012 12:00:14 + To: freeradius-users@lists.freeradius.org On 7 Nov 2012, at 11:25, Mixmasterontour PureDJ mixmasteront...@hotmail.com wrote: Hello, I have a problem with originate-coa I want to send coa to mikrotik to change bandwith But if I do that I get the folowing error: (0)update coa { ASSERT FAILED evaluate.c[1154]: output_vps Aborted (core dumped) Can haz backtrace plz? Or that core dump file if you know where it went... -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
Thanks, This is much better, it won't crash anymore. It doesn't work yet, but now I have something to search for. I get this error, maybe someone knows where to look for (1) update coa { (1) WARNING: List 'coa' doesn't exist for this packet (1) } # update coa = invalid As what I can make of it, it's not allowed to use coa here, but I could use a coa update in accounting { .. } can I? Date: Wed, 7 Nov 2012 09:14:59 -0500 From: al...@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Coa problem Mixmasterontour PureDJ wrote: The core dump was off, now when I enable the coredumps radiusd won't dump anymore. Every other program dumps with SEGV signal, but radiusd won't So I don't know how te get a dump. now it aborts with: (0)update coa { ASSERT FAILED evaluate.c[1154]: output_vps Aborted I've pushed a fix. It should not have been an assert. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
I have been searching, but to be honest, I have no clue what I'm doing wrong here. Tried some different sections (authenticate, preact etc.) but all give the same warning. what do I do wrong? From: mixmasteront...@hotmail.com To: freeradius-users@lists.freeradius.org Subject: RE: Coa problem Date: Wed, 7 Nov 2012 15:35:44 +0100 Thanks, This is much better, it won't crash anymore. It doesn't work yet, but now I have something to search for. I get this error, maybe someone knows where to look for (1) update coa { (1) WARNING: List 'coa' doesn't exist for this packet (1) } # update coa = invalid As what I can make of it, it's not allowed to use coa here, but I could use a coa update in accounting { .. } can I? Date: Wed, 7 Nov 2012 09:14:59 -0500 From: al...@deployingradius.com To: freeradius-users@lists.freeradius.org Subject: Re: Coa problem Mixmasterontour PureDJ wrote: The core dump was off, now when I enable the coredumps radiusd won't dump anymore. Every other program dumps with SEGV signal, but radiusd won't So I don't know how te get a dump. now it aborts with: (0)update coa { ASSERT FAILED evaluate.c[1154]: output_vps Aborted I've pushed a fix. It should not have been an assert. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
Mixmasterontour PureDJ wrote: I have been searching, but to be honest, I have no clue what I'm doing wrong here. Tried some different sections (authenticate, preact etc.) but all give the same warning. what do I do wrong? Nothing. I'll see if I can push a fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
Nothing. I'll see if I can push a fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks! If I could assist with something, let me know.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
Mixmasterontour PureDJ wrote: I have been searching, but to be honest, I have no clue what I'm doing wrong here. Tried some different sections (authenticate, preact etc.) but all give the same warning. I've pushed a fix. Please test it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
I've pushed a fix. Please test it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks Alan, I've run the test.. It passes the the output_vps test, however I get a segmentation fault (0) expand: %{User-Name} - Groen (0) expand: %{Acct-Session-Id} - 80e1 (0) expand: %{NAS-IP-Address} - 192.168.8.97 (0) expand: %{Framed-IP-Address} - 10.0.1.199 Segmentation fault Strange thing is that in my update coa I have those variables but also Mikrotik-Rate-Limit = 256K/256K you won't see in the output. But when I comment out the line Mikrotik-Rate-Limit = 256K/256K I get the same output and result (segmentation fault) This is the update coa code: update coa { User-Name = %{User-Name} Acct-Session-Id = %{Acct-Session-Id} NAS-IP-Address = %{NAS-IP-Address} Framed-IP-Address = %{Framed-IP-Address} Mikrotik-Rate-Limit = 256K/256K } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
I've pushed a fix. Please test it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Some extra info from gdb, I don't know if this is usefull: (gdb) exec-file /usr/local/sbin/radiusd -X (gdb) r Starting program: /usr/local/sbin/radiusd -f [Thread debugging using libthread_db enabled] Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1. [New Thread 0x7307e700 (LWP 10291)] [Thread 0x7307e700 (LWP 10291) exited] [New Thread 0x7307e700 (LWP 10292)] [New Thread 0x7173e700 (LWP 10293)] [New Thread 0x70f3d700 (LWP 10294)] [New Thread 0x7fffebfff700 (LWP 10295)] [New Thread 0x7fffeb7fe700 (LWP 10296)] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fffebfff700 (LWP 10295)] 0x0044d747 in ?? () (gdb) info threads Id Target Id Frame 7Thread 0x7fffeb7fe700 (LWP 10296) radiusd 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 * 6Thread 0x7fffebfff700 (LWP 10295) radiusd 0x0044d747 in ?? () 5Thread 0x70f3d700 (LWP 10294) radiusd 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 4Thread 0x7173e700 (LWP 10293) radiusd 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 3Thread 0x7307e700 (LWP 10292) radiusd 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 1Thread 0x77fef700 (LWP 10288) radiusd 0x76c4e023 in select () from /lib/x86_64-linux-gnu/libc.so.6 (gdb) bt #0 0x0044d747 in ?? () #1 0x7fffebffdc90 in ?? () #2 0x0087d300 in ?? () #3 0x in ?? () (gdb) thread apply all bt full Thread 7 (Thread 0x7fffeb7fe700 (LWP 10296)): #0 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 No symbol table info available. #1 0x0043599a in ?? () No symbol table info available. #2 0x in ?? () No symbol table info available. Thread 6 (Thread 0x7fffebfff700 (LWP 10295)): #0 0x0044d747 in ?? () No symbol table info available. #1 0x7fffebffdc90 in ?? () No symbol table info available. #2 0x0087d300 in ?? () No symbol table info available. #3 0x in ?? () No symbol table info available. Thread 5 (Thread 0x70f3d700 (LWP 10294)): #0 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 No symbol table info available. #1 0x0043599a in ?? () No symbol table info available. #2 0x in ?? () No symbol table info available. Thread 4 (Thread 0x7173e700 (LWP 10293)): #0 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 No symbol table info available. #1 0x0043599a in ?? () No symbol table info available. #2 0x in ?? () No symbol table info available. Thread 3 (Thread 0x7307e700 (LWP 10292)): #0 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0 No symbol table info available. #1 0x0043599a in ?? () No symbol table info available. #2 0x0004 in ?? () No symbol table info available. #3 0x0089bcc0 in ?? () No symbol table info available. #4 0x7287e000 in ?? () No symbol table info available. #5 0x0089bcc0 in ?? () No symbol table info available. #6 0x in ?? () No symbol table info available. ---Type return to continue, or q return to quit--- Thread 1 (Thread 0x77fef700 (LWP 10288)): #0 0x76c4e023 in select () from /lib/x86_64-linux-gnu/libc.so.6 No symbol table info available. #1 0x77bc4c3d in fr_event_loop (el=0x882aa0) at event.c:391 i = 5 rcode = 1 maxfd = 17 when = {tv_sec = 0, tv_usec = 328971} wake = 0x7fffe4d0 read_fds = {fds_bits = {253952, 0 repeats 15 times}} master_fds = {fds_bits = {253952, 0 repeats 15 times}} #2 0x0044654f in ?? () No symbol table info available. #3 0x7fffe610 in ?? () No symbol table info available. #4 0x0042f3c7 in ?? () No symbol table info available. #5 0x7fffe6f8 in ?? () No symbol table info available. #6 0x00022800 in ?? () No symbol table info available. #7 0x0042f6ae in ?? () No symbol table info available. #8 0x in ?? () No symbol table info available. Hope this helps a bit - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
Mixmasterontour PureDJ wrote: I've run the test.. It passes the the output_vps test, however I get a segmentation fault (0) expand: %{User-Name} - Groen (0) expand: %{Acct-Session-Id} - 80e1 (0) expand: %{NAS-IP-Address} - 192.168.8.97 (0) expand: %{Framed-IP-Address} - 10.0.1.199 Segmentation fault Well, that's a typo. I've pushed another fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
Well, that's a typo. I've pushed another fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Perfect, it's working now! Thanks one other small thing: in freeradius-server/raddb/sql/mysql/dialup.conf there is an error in accounting { interim-update { the insert sql is not correct (value count is incorrect) was: query = \ INSERT INTO ${acct_table1} \ (${...column_list}) \ VALUES \ ('%{Acct-Session-Id}', \ '%{Acct-Unique-Session-Id}', \ '%{SQL-User-Name}', \ '%{Realm}', \ '%{NAS-IP-Address}', \ '%{NAS-Port}', \ '%{NAS-Port-Type}', \ FROM_UNIXTIME(%{integer:Event-Timestamp} - \ %{%{Acct-Session-Time}:-0}), \ FROM_UNIXTIME(%{integer:Event-Timestamp}), \ '%{Acct-Session-Time}', \ '%{Acct-Authentic}', '', \ '%{%{Acct-Input-Gigawords}:-0}' 32 | \ '%{%{Acct-Input-Octets}:-0}', \ '%{%{Acct-Output-Gigawords}:-0}' 32 | \ '%{%{Acct-Output-Octets}:-0}', \ '%{Called-Station-Id}', \ '%{Calling-Station-Id}', \ '%{Service-Type}', \ '%{Framed-Protocol}', \ '%{Framed-IP-Address}') } should be: query = \ INSERT INTO ${acct_table1} \ (${...column_list}) \ VALUES \ ('%{Acct-Session-Id}', \ '%{Acct-Unique-Session-Id}', \ '%{SQL-User-Name}', \ '%{Realm}', \ '%{NAS-IP-Address}', \ '%{NAS-Port}', \ '%{NAS-Port-Type}', \ FROM_UNIXTIME(%{integer:Event-Timestamp} - \ %{%{Acct-Session-Time}:-0}), \ FROM_UNIXTIME(%{integer:Event-Timestamp}), \ NULL, \ '%{Acct-Session-Time}', \ '%{Acct-Authentic}', '', '', \ '%{%{Acct-Input-Gigawords}:-0}' 32 | \ '%{%{Acct-Input-Octets}:-0}', \ '%{%{Acct-Output-Gigawords}:-0}' 32 | \ '%{%{Acct-Output-Octets}:-0}', \ '%{Called-Station-Id}', \ '%{Calling-Station-Id}', \ '', \ '%{Service-Type}', \ '%{Framed-Protocol}', \ '%{Framed-IP-Address}') } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA proxying again
Johan Meiring wrote: This would essentially automatically add a coa home server for the client?? If it was configured, yes. This would also be a GREAT feature for me. How far is 3.0 off? I keep saying a month or two... 2.12 (or 2.13) maybe? Ideally, no. New features are hard to do for 2.1.x. Alan DeKok - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA proxying again
Bjørn Mork wrote: I am trying to setup CoA proxying to a number of Juniper MXes. These are a bit clumsy to configure as CoA servers: The CoA clients cannot be configured explicitly. Instead they reuse the auth/acct configuration, including secret, for CoA clients. Hmmm... no. Clients are global across *all* listen sockets. If you want clients tied to a particular socket (auth/acct/coa), see the clients entry in the listen section. This is documented in radiusd.conf. So I have a few hundred CoA servers (NASes), and 3 radius servers authorized as CoA clients. Using FreeRADIUS to proxy CoA requests from ther real CoA clients looks like a perfect solution. My problem is that the configuration seems a bit clumsy, given that I cannot really change neither IP address nor secret from what's already there in the FreeRADIUS client definition. It would have been ideal to just add a flag or whatever, saying that this client is also a CoA server, and allowing direct proxy to it using some virtual attribute. Hmm.. so that would re-use the normal client IP shared secret for CoA servers? My current working configuration requires a separate static home_server and home_server_pool definition pointing to it for *each* NAS, as the only way I've found to redirect the CoA packets is by setting Home-Server-Pool. Yeah... that's a bit awkward. The documentation talks about Proxy-To-Realm as well, but I've been unable to find any parameter allowing me to configure a realm for CoA. realms only have auth{_pool,host} and acct{_pool,host} AFAICT. Yeah, you can't proxy to a CoA realm. The per client CoA configuration doesn't look like anything I can use at all. If I understand it correctly, that's only for the *CoA clients*. Yes. Is this a correct view of the current (2.1.x) state of CoA proxying, or did I miss something? It's pretty much correct. I believe I saw a request for dynamic home servers recently. Looks like that might be something for me as well. Maybe. Or, having less work to say this client can also receive CoA requests. That might be easy to add for 3.0. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA proxying again
Alan DeKok al...@deployingradius.com writes: Bjørn Mork wrote: My problem is that the configuration seems a bit clumsy, given that I cannot really change neither IP address nor secret from what's already there in the FreeRADIUS client definition. It would have been ideal to just add a flag or whatever, saying that this client is also a CoA server, and allowing direct proxy to it using some virtual attribute. Hmm.. so that would re-use the normal client IP shared secret for CoA servers? Yes, that would Just Work. Is this a correct view of the current (2.1.x) state of CoA proxying, or did I miss something? It's pretty much correct. I believe I saw a request for dynamic home servers recently. Looks like that might be something for me as well. Maybe. Or, having less work to say this client can also receive CoA requests. That might be easy to add for 3.0. Thanks for the encouraging answer. Such a feature would probably be useful for other types of NASes with CoA servers as well. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA proxying again
On 2011/09/06 06:50 PM, Alan DeKok wrote: I believe I saw a request for dynamic home servers recently. Looks like that might be something for me as well. Maybe. Or, having less work to say this client can also receive CoA requests. This would essentially automatically add a coa home server for the client?? That might be easy to add for 3.0. +1 This would also be a GREAT feature for me. How far is 3.0 off? 2.12 (or 2.13) maybe? -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 Before acting on this email or opening any attachments you should read Cape PC Service's email disclaimer at: http://www.pcservices.co.za/disclaimer.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA msg support in freeRadius
can I use freeradius to authenticate windows wired connections by 802.1x EAP-MSCHAPv2 using the samba users? Alan DeKok escreveu: Henrique Camolezi Pacheco wrote: Sorry! If I send my config files can you help me? No. The existing documentation is clear. It works. If you have *specific* questions, ask them, and we can answer. Saying I tried things but it didn't work. Is a *bad* way to get help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA msg support in freeRadius
Henrique Camolezi Pacheco wrote: can I use freeradius to authenticate windows wired connections by 802.1x EAP-MSCHAPv2 using the samba users? Yes. This is documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA msg support in freeRadius
I found this on a website: The problem most likely is that the AP isn't seeing the response, or it isn't liking the response. Check the IP addresses that the packet javascript:void(0); use, via tcpdump. There is something to do in this case? Alan DeKok escreveu: Henrique Camolezi Pacheco wrote: can I use freeradius to authenticate windows wired connections by 802.1x EAP-MSCHAPv2 using the samba users? Yes. This is documented. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA msg support in freeRadius
Rajkumar R wrote: 1. Is there any configurations that would help in triggering the CoA msg upon the Acct Start msg processed results Or other helpful documents/links shared earlier with the forum would be helpful on this, as I could n’t get the information from freeRadius search page. raddb/sites-available/originate-coa Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA msg support in freeRadius
I read this posts, but I don't solve the problem. Alan DeKok escreveu: Rajkumar R wrote: 1. Is there any configurations that would help in triggering the CoA msg upon the Acct Start msg processed results Or other helpful documents/links shared earlier with the forum would be helpful on this, as I could n’t get the information from freeRadius search page. raddb/sites-available/originate-coa Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA msg support in freeRadius
Henrique Camolezi Pacheco wrote: I read this posts, but I don't solve the problem. Well... then I can't help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA msg support in freeRadius
Sorry! If I send my config files can you help me? Alan DeKok escreveu: Henrique Camolezi Pacheco wrote: I read this posts, but I don't solve the problem. Well... then I can't help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA msg support in freeRadius
Henrique Camolezi Pacheco wrote: Sorry! If I send my config files can you help me? No. The existing documentation is clear. It works. If you have *specific* questions, ask them, and we can answer. Saying I tried things but it didn't work. Is a *bad* way to get help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: coa proxy'ing with a NAC device
Kevin Ehlers wrote: I'm having a really hard time with proxying or just dealing with CoA's. The documentation just isn't working for me. Well... it's as clear as we know how. I can configure the coa server. I can get the originate-coa server up too. I can send CoA's to the server, but I can't get it to proxy them or re-send them as if it was originating the CoA. I see that they're being processed when looking at debug mode. But I just don't know how to do anything with them. See raddb/sites-available/coa. It says you can set Proxy-To-Realm in order to proxy the packets. This is *exactly* like setting Proxy-To-Realm for any other packet. recv-coa { ... update control { Proxy-To-Realm := foo } ... } I want to be able to send a CoA request from PacketFence (or another management server) to freeradius, and have it relay that CoA to a specific switch. E.g. I have determined that a user needs to be quarantined, so I run a script on the backend, and part of that requires having that user re-authenticate and get assigned a quarantine vlan. PF determines which switch they're on, sends a CoA to FreeRadius, FreeRadius then sends the CoA to the correct switch. That should work. It's been tested... Is there a way to do this without configuring a client entry for every edge device? No. RADIUS requires a shared secret for every edge device. FreeRADIUS can do networks (192.168/16), but that's about it. Should I be using the proxy.conf in some way? I'm not really clear about how to use the virtual servers in regard to proxying. You don't. They're independent. You configure virtual servers. You configure home servers. You tie them together with Proxy-To-Realm. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: COA have I understood it correctly?
Simon Earthrowl (Eseye) wrote: Hi all, Having gone though many of the postings concerning COA, I (hope) I have a better understanding - so please be patient with me. What I wanted: to send a Packet of Disconnect (PoD) to my Radius server, which in turn would send (proxy) a PoD to the appropriate NAS. This works, but the relevant examples aren't in 2.1.8. See 2.1.9, which should be out this week. What I think I understand: FreeRadius 2.1.8 doesn't do the proxy - is that correct? See 2.1.9. It should be able to proxy CoA packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: COA default configuration...Need help to test radclient
On 2010/05/15 08:28 AM, Alan DeKok wrote: ... Do I have to do anything more than any default configuration? In 2.1.8, there's an example CoA server in raddb/sites-available/coa The coa example was missing from 2.1.8. Please have a look here. http://github.com/alandekok/freeradius-server/blob/master/raddb/sites-available/coa -- Johan Meiring Cape PC Services CC Tel: (021) 883-8271 Fax: (021) 886-7782 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: COA default configuration...Need help to test radclient
Eric Martell wrote: I followed the direction of how to setup COA in the freeradius. Uncommented from client.conf coa_server = localhost-coa When I ran the sample radclient, I am not seeing any response back. ... Do I have to do anything more than any default configuration? In 2.1.8, there's an example CoA server in raddb/sites-available/coa Fri May 14 19:59:04 2010 : Debug: Listening on authentication address * port 1812 Fri May 14 19:59:04 2010 : Debug: Listening on accounting address * port 1813 Fri May 14 19:59:04 2010 : Debug: Listening on command file /home/test/freeradius-2.1.8/var/run/radiusd/radiusd.sock Fri May 14 19:59:04 2010 : Debug: Listening on proxy address * port 1814 The server isn't listening on the CoA port. Ensure that it's listening on the CoA port *before* sending it packets via radclient. Again, the whole purpose of debugging mode is to *read it*. If you *read* the rest of the debug output and look for coa, it becomes clear that you configured the server to *originate* CoA packets. Yet you're trying to *send* it CoA packets. This won't work. Please *read* the documentation at the top of raddb/sites-available/originate-coa. You configured the server to use it, so you *must* know it exists. The documentation explains what that file does, and how you can test it. This *is* documented. Please read it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: COA default configuration...Need help to test radclient
Hi Alan, Thanks for the reply. Pardon my ignorance but as you mentioned I did not find raddb/sites-available/coa. In 2.1.8, there's an example CoA server in raddb/sites-available/coa I only see, # ls -lart sites-available/ total 124 -rw-r- 1 root root 2538 May 14 15:37 vmps -rw-r- 1 root root 849 May 14 15:37 virtual.example.com -rw-r- 1 root root 4042 May 14 15:37 status -rw-r- 1 root root 5057 May 14 15:37 robust-proxy-accounting -rw-r- 1 root root 8543 May 14 15:37 README -rw-r- 1 root root 982 May 14 15:37 proxy-inner-tunnel -rw-r- 1 root root 11757 May 14 15:37 inner-tunnel -rw-r- 1 root root 3340 May 14 15:37 example -rw-r- 1 root root 4544 May 14 15:37 dynamic-clients -rw-r- 1 root root 4506 May 14 15:37 dhcp -rw-r- 1 root root 16544 May 14 15:37 default -rw-r- 1 root root 3508 May 14 15:37 decoupled-accounting -rw-r- 1 root root 5342 May 14 15:37 copy-acct-to-home-server -rw-r- 1 root root 4095 May 14 15:37 buffered-sql -rw-r- 1 root root 2040 May 14 15:37 control-socket -rw-r- 1 root root 5266 May 14 15:56 originate-coa drwxr-x--- 2 root root 4096 May 15 12:42 . drwxr-xr-x 7 root root 4096 May 15 12:58 .. # Thanks and Regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: COA default configuration...Need help to test radclient
Eric Martell wrote: Hi Alan, Thanks for the reply. Pardon my ignorance but as you mentioned I did not find raddb/sites-available/coa. In 2.1.8, there's an example CoA server in raddb/sites-available/coa Ah... it's in 2.1.9, then. See http://git.freeradius.org/pre/ for a pre-release of 2.1.9. Use that instead of 2.1.8. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: COA default configuration...Need help to test radclient
Awesome. Thanks Alan. That did the trick. I will ask more implementation questions if any issues. Sun May 16 01:43:19 2010 : Debug: Listening on authentication address * port 1812 Sun May 16 01:43:19 2010 : Debug: Listening on accounting address * port 1813 Sun May 16 01:43:19 2010 : Debug: Listening on coa address * port 3799 as server coa Sun May 16 01:43:19 2010 : Debug: Listening on command file /home/test/freeradius-2.1.9/var/run/radiusd/radiusd.sock Sun May 16 01:43:19 2010 : Debug: Listening on proxy address * port 1814 Sun May 16 01:43:19 2010 : Info: Ready to process requests. rad_recv: CoA-Request packet from host 127.0.0.1 port 33844, id=90, length=106 User-Name = cisco User-Password = ,\247\262\374\222\\\345\321\36543\201:\001 Cisco-AVPair = subscriber:command=account-logon Cisco-Account-Info = S172.16.xx.xx Sun May 16 01:43:22 2010 : Info: server coa { Sun May 16 01:43:22 2010 : Info: +- entering group recv-coa {...} Sun May 16 01:43:22 2010 : Info: ++[ok] returns ok Sun May 16 01:43:22 2010 : Info: +- entering group send-coa {...} Sun May 16 01:43:22 2010 : Info: ++[ok] returns ok Sun May 16 01:43:22 2010 : Info: } # server coa Sending CoA-ACK of id 90 to 127.0.0.1 port 33844 Sun May 16 01:43:22 2010 : Info: Finished request 0. Sun May 16 01:43:22 2010 : Debug: Going to the next request Sun May 16 01:43:22 2010 : Info: Cleaning up request 0 ID 90 with timestamp +3 Sun May 16 01:43:22 2010 : Info: Ready to process requests. Thanks. --- On Sat, 5/15/10, Alan DeKok al...@deployingradius.com wrote: From: Alan DeKok al...@deployingradius.com Subject: Re: COA default configuration...Need help to test radclient To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Saturday, May 15, 2010, 9:43 AM Eric Martell wrote: Hi Alan, Thanks for the reply. Pardon my ignorance but as you mentioned I did not find raddb/sites-available/coa. In 2.1.8, there's an example CoA server in raddb/sites-available/coa Ah... it's in 2.1.9, then. See http://git.freeradius.org/pre/ for a pre-release of 2.1.9. Use that instead of 2.1.8. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa server warning
On 02/11/2010 01:48 PM, Alan DeKok wrote: Andrew Rikhlivsky wrote: I tried to configure COA service on my test server. When i send coa packet: ... server localhost-coa { WARNING: Empty section. Using default return values. WARNING: Empty section. Using default return values. } # server localhost-coa Sending CoA-ACK of id 231 to 127.0.0.1 port 20722 What am I missing? Oops. It would be good if that had *some* documentation. See: http://github.com/alandekok/freeradius-server/blob/4545d8ecd41cd798efc2fd75d86826c4f0e3fd40/raddb/sites-available/coa Put the file into raddb/sites-available/coa, and link it into raddb/sites-enabled/coa Then, edit it to suit your local config. My configuration on FreeBSD 8.0, FreeRADIUS 2.1.8, MPD (as a NAS) in radius.conf listen { There's a sample listen section in the file. Use that. in clients.conf client localhost { ipaddr = 127.0.0.1 secret = test1 nastype = other coa_server = coaon Don't define a coa_server here. It's not needed. in sites-enabled/originate-coa That is for SENDING a CoA packet, not for receiving one. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks for help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa server warning
Andrew Rikhlivsky wrote: I tried to configure COA service on my test server. When i send coa packet: ... server localhost-coa { WARNING: Empty section. Using default return values. WARNING: Empty section. Using default return values. } # server localhost-coa Sending CoA-ACK of id 231 to 127.0.0.1 port 20722 What am I missing? Oops. It would be good if that had *some* documentation. See: http://github.com/alandekok/freeradius-server/blob/4545d8ecd41cd798efc2fd75d86826c4f0e3fd40/raddb/sites-available/coa Put the file into raddb/sites-available/coa, and link it into raddb/sites-enabled/coa Then, edit it to suit your local config. My configuration on FreeBSD 8.0, FreeRADIUS 2.1.8, MPD (as a NAS) in radius.conf listen { There's a sample listen section in the file. Use that. in clients.conf client localhost { ipaddr = 127.0.0.1 secret = test1 nastype = other coa_server = coaon Don't define a coa_server here. It's not needed. in sites-enabled/originate-coa That is for SENDING a CoA packet, not for receiving one. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: COA Examples
Andrew Paternoster wrote: Does anyone have any COA policy examples? I want to use them on a cisco router to change the traffic shaping policy at different times of the day. You will need to use radclient to generate CoA packets at different times of the day. The server can only generate CoA packets when it receives an accounting or authentication packet. As for policies... you will need to write them yourself. It's programming, and dependent on your local business rules. No one else can give you examples of these. The files included with the server document how to write policies (man unlang), and give some simple CoA policies (raddb/sites-available/) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: COA Examples
Thanks I will look in to it -- Andrew Paternoster GPK Computers Pty Ltd T 1300 854 223 F 1300 854 228 --- The information contained in or accompanying this e-mail is intended only for the use of the stated recipient and may contain information that is confidential and/or privileged. If the reader is not the intended recipient or the agent thereof, you are hereby notified that any dissemination, distribution or copying of this e-mail is strictly prohibited and may constitute a breach of confidence and/or privilege. If you have received this e-mail in error, please notify us immediately. Any views or opinions presented are those solely of the author and do not necessarily represent those of GPK Computers Pty Ltd.. Warning: Although the company has taken reasonable precautions to ensure no viruses are present in this e-mail, the company cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments --- Did you know that you can now log faults just by sending an email to supp...@gpk.net.ausenior System Engineer-Original Message- From: freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org [mailto:freeradius-users-bounces+andrew=gpk.net...@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, 17 November 2009 10:17 PM To: FreeRadius users mailing list Subject: Re: COA Examples Andrew Paternoster wrote: Does anyone have any COA policy examples? I want to use them on a cisco router to change the traffic shaping policy at different times of the day. You will need to use radclient to generate CoA packets at different times of the day. The server can only generate CoA packets when it receives an accounting or authentication packet. As for policies... you will need to write them yourself. It's programming, and dependent on your local business rules. No one else can give you examples of these. The files included with the server document how to write policies (man unlang), and give some simple CoA policies (raddb/sites-available/) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA-Ack and radclient/radiusd
Alan DeKok ?: Anton G. wrote: get today git/stable and tried - same result.. ( Are you sure you're using *that* version, and that you don't have multiple versions of the software installed? Yes, checked it twice.. Alan, can you please provide me some tips to do further debug of this? It involves looking through the hashes in src/lib/packet.c. It's not pretty... well, i have no choice, i should dig it out Not mentioning radiusd CoA, i`m pretty puzzled why radclient doesn`t want to handle CoA-ACK from nas.. I don't know... others have got this to work. i understand, radclient have coa support for a long time.. What's the OS / CPU? FreeBSD 7.1-RELEASE-p3 jail Could it be OS specific? or NAS specific ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA-Ack and radclient/radiusd
Alan DeKok ?: Anton G. wrote: I have a strange problem with CoA-Ack receive Which version of the software are you using? git/stable from Aug 13 10:07 GMT It works for me with the latest git stable tree... get today git/stable and tried - same result.. ( Alan, can you please provide me some tips to do further debug of this? Not mentioning radiusd CoA, i`m pretty puzzled why radclient doesn`t want to handle CoA-ACK from nas.. some# /usr/local/bin/radclient -t20 -r 1 -c 1 -f ./coa.rad -x 10.200.27.3:1700 coa su29 Sending CoA-Request of id 223 to 10.200.27.3 port 1700 User-Name = 10.200.27.42.vrf_nat1.vlan.5.0.0.951 ERX-Virtual-Router-Name = default:vrf_nat1 Framed-IP-Address = 10.200.27.42 ERX-Service-Activate:2 = setmv(10.200.27.42,00:0e:0c:b9:31:41,vrf_nat1) ERX-Service-Timeout:2 = 20 rad_recv: CoA-ACK packet from host 10.200.27.3 port 1700, id=223, length=20 radclient: received response to request we did not send. (id=223 socket 3) radclient: no response from server for ID 223 socket 3 some# tcpdump and radsniff didn`t show anything strange some# radsniff -x -I /home/ak/coa.dump -f udp PCAP filter: [udp] RADIUS secret: [testing123] CoA-Request Id 223 10.200.3.4:56318 - 10.200.27.3:1700(1 packets) +0.000 User-Name = 10.200.27.42.vrf_nat1.vlan.5.0.0.951 ERX-Virtual-Router-Name = default:vrf_nat1 Framed-IP-Address = 10.200.27.42 ERX-Service-Activate:2 = setmv(10.200.27.42,00:0e:0c:b9:31:41,vrf_nat1) ERX-Service-Timeout:2 = 20 CoA-ACK Id 223 10.200.27.3:1700 - 10.200.3.4:56318(2 packets) +7.069 Done sniffing some# - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA-Ack and radclient/radiusd
Anton G. wrote: get today git/stable and tried - same result.. ( Are you sure you're using *that* version, and that you don't have multiple versions of the software installed? Alan, can you please provide me some tips to do further debug of this? It involves looking through the hashes in src/lib/packet.c. It's not pretty... Not mentioning radiusd CoA, i`m pretty puzzled why radclient doesn`t want to handle CoA-ACK from nas.. I don't know... others have got this to work. What's the OS / CPU? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CoA-Ack and radclient/radiusd
Anton G. wrote: I have a strange problem with CoA-Ack receive Which version of the software are you using? It works for me with the latest git stable tree... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: coa functionality in server question
Alan DeKok ?: Anton G. wrote: It seems that i didn`t understand sites-available/originate-coa right and miss something in my conf Could You please clarify it for me? You need to link it into sites-enabled/originate-coa. The server reads only sites-enabled, not sites-available. Alan DeKok. Thanks, Alan. I have originate-coa link in sites-enabled, just misstyped in starting letter. Also tried default config including default originate-coa example and get /usr/local/etc/raddb/sites-enabled/originate-coa[154]: home_server localhost-coa does not exist It seems that server does not see home_servers type of CoA in my case So maybe i`m missing anything else in my conf? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: coa functionality in server question
Anton G. wrote: It seems that i didn`t understand sites-available/originate-coa right and miss something in my conf Could You please clarify it for me? You need to link it into sites-enabled/originate-coa. The server reads only sites-enabled, not sites-available. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa and Disconnect Message
gennaro amelio [EMAIL PROTECTED] wrote: To use sqlcounter disconnect is probably more flexible because a prepaid user can buy more time and so the session 's length can dinamically change. What do you think? Sure, but that's not using disconnect. That's Change of Authorization. And if the user buys more time, all you really need is a RADIUS client to send a CoA packet to the NAS. The RADIUS server doesn't really have to be involved. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa and Disconnect Message
gennaro amelio [EMAIL PROTECTED] wrote: Can i use Freeradius to do a prepaid-billing system?? Yes. Freeradius supports CoA and Disconnect Mesage? radclient can send those packets, but FreeRADIUS doesn't listen for them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html