RE: debug log [was Re: freeradius ippool issue] [SEC=UNCLASSIFIED]
UNCLASSIFIED -Original Message- From: [EMAIL PROTECTED] eradius.org [mailto:freeradius-users- [EMAIL PROTECTED] On Behalf Of Josip Rodin Sent: Friday, 18 July 2008 23:19 To: FreeRadius users mailing list Subject: Re: debug log [was Re: freeradius ippool issue] [snip] Oh. These seemingly random expansions have always surprised me. The other day I just happened to stumble upon that when writing: if ((Connect-Info != NONE) (Connect-Info %Y%m%d)) { It would be good if this was documented somewhere - I actually looked in the unlang manual page for a way to get a date string, but found nothing. So I tried running date(1) inside backticks for a start, but then I noticed that freeradius was expanding those expressions in the command line arguments. Then I tried to get the same in a normal quoted string, and it worked. Magic. :) The unlang(5) manual says: Double-quoted strings are expanded by inserting the value of any variables (see VARIABLES, below) before being evaluated. However, the VARIABLES section doesn't mention that those date-format strings are actually treated as variables whose names are single letters. It does mention the results of regular expression matches, where there are eight variables whose names are single numbers, so this looks like an omission. See variables.txt :- One-character variables --- The following one-character variables are also defined. However, they are duplicates of the previous general cases, and are only provided for backwards compatibility. They WILL BE removed in a future release. They also do NOT permit the use of conditional syntax (':-'), as described above. Variable Description Proper Equivalent --- %a Protocol (SLIP/PPP) %{Framed-Protocol} %c Callback-Number %{Callback-Number} %d request day (DD) [snip] %C clientname %D request date (MMDD) %H request hour %L radlog_dir %{config:logdir} %M MTU %{Framed-MTU} %R radius_dir %{config:raddbdir} %S request timestamp in SQL format %T request timestamp in database format %U Stripped User name %{Stripped-User-Name} %V Request-Authenticator (Verified/None) %Y request year () %Z All request attributes except password (must have a big buffer) This is from 1.1.x - I assume the file still exists in version 2.x Regards, Frank Ranner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
debug log [was Re: freeradius ippool issue]
On Thu, Jul 17, 2008 at 12:30:31PM +0200, Alan DeKok wrote: [EMAIL PROTECTED] wrote: :) yes that's what it was thank you for your help. I'm sorry you had a bad day my friend. You have tried very hard to make it a bad day. It's incredibly frustrating to help people who fight every attempt to help them. I have no idea why people do that, but it happens a lot. It looks to me that it would be a good idea to have a default /var/log/freeradius/debug.log where the daemon would write the output normally found with -X. Plus with timestamps. That way, all new users already have a ready instance of debugging information, and you can rely on that. And after they go past the initial troubles, they can turn it off with an option. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug log [was Re: freeradius ippool issue]
Josip Rodin wrote: It looks to me that it would be a good idea to have a default /var/log/freeradius/debug.log where the daemon would write the output normally found with -X. Plus with timestamps. That is very, very, expensive, and will slow the server down a lot. But yes, the idea is good. That way, all new users already have a ready instance of debugging information, and you can rely on that. And after they go past the initial troubles, they can turn it off with an option. The latest CVS (or git) has code that can configurably enable, or disable, debug logging on the fly. The debug logs can be directed to different locations. i.e. you can turn on debug logs ONLY for packets being sent to one home server, and put those logs into a special file. That *still* won't solve the problem of people not following instructions, though. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug log [was Re: freeradius ippool issue]
On Fri, Jul 18, 2008 at 12:16:08PM +0200, Alan DeKok wrote: Josip Rodin wrote: It looks to me that it would be a good idea to have a default /var/log/freeradius/debug.log where the daemon would write the output normally found with -X. Plus with timestamps. That is very, very, expensive, and will slow the server down a lot. But yes, the idea is good. That way, all new users already have a ready instance of debugging information, and you can rely on that. And after they go past the initial troubles, they can turn it off with an option. The latest CVS (or git) has code that can configurably enable, or disable, debug logging on the fly. The debug logs can be directed to different locations. i.e. you can turn on debug logs ONLY for packets being sent to one home server, and put those logs into a special file. That *still* won't solve the problem of people not following instructions, though. Yeah. At least you can try to streamline the debugging process, so that the instructions become very easy :) It's more straightforward to tell people send us your log file which is right over there than to tell them stop the server, start it manually with -X, copypaste some particular gobs of text, save it into a text file, send that. BTW, while we're on the topic - Navis RADIUS has the option of having log files be automatically switched based on timestamps. In other words, if you set a log file to be 'TimeFile', and set attributes 'FormatTimestamp=TRUE', 'Prefix=/var/log/foo/bar-', 'Mode=DAILY', and then it creates the log files named /var/log/foo/bar-20080718, and automatically moves on as necessary. That sounds like a reasonably useful facility for debugging logs - makes the rotation and lookups a bit smarter than the usual fodder created by logrotate. And it's also similar to how radacct/detail files are written. -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug log [was Re: freeradius ippool issue]
Josip Rodin wrote: Yeah. At least you can try to streamline the debugging process, so that the instructions become very easy :) It's more straightforward to tell people send us your log file which is right over there than to tell them stop the server, start it manually with -X, copypaste some particular gobs of text, save it into a text file, send that. The point of debug log is to enable testing of your configuration *before* you us it in production. Anyone that deploys policies without understanding them r testing them has major problems. The overwhelming majority of problems related to debugging are people who are new to the server, and who can't be bothered to follow the instructions. The people who do follow the instructions usually get their problems resolved in short order. BTW, while we're on the topic - Navis RADIUS has the option of having log files be automatically switched based on timestamps. In other words, if you set a log file to be 'TimeFile', and set attributes 'FormatTimestamp=TRUE', 'Prefix=/var/log/foo/bar-', 'Mode=DAILY', and then it creates the log files named /var/log/foo/bar-20080718, and automatically moves on as necessary. That sounds like a reasonably useful facility for debugging logs - makes the rotation and lookups a bit smarter than the usual fodder created by logrotate. And it's also similar to how radacct/detail files are written. This is supported. Just add a date string to the name of the debug log file, just like is done with the detail files. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug log [was Re: freeradius ippool issue]
On Fri, Jul 18, 2008 at 01:46:30PM +0200, Alan DeKok wrote: BTW, while we're on the topic - Navis RADIUS has the option of having log files be automatically switched based on timestamps. In other words, if you set a log file to be 'TimeFile', and set attributes 'FormatTimestamp=TRUE', 'Prefix=/var/log/foo/bar-', 'Mode=DAILY', and then it creates the log files named /var/log/foo/bar-20080718, and automatically moves on as necessary. That sounds like a reasonably useful facility for debugging logs - makes the rotation and lookups a bit smarter than the usual fodder created by logrotate. And it's also similar to how radacct/detail files are written. This is supported. Just add a date string to the name of the debug log file, just like is done with the detail files. Oh. These seemingly random expansions have always surprised me. The other day I just happened to stumble upon that when writing: if ((Connect-Info != NONE) (Connect-Info %Y%m%d)) { It would be good if this was documented somewhere - I actually looked in the unlang manual page for a way to get a date string, but found nothing. So I tried running date(1) inside backticks for a start, but then I noticed that freeradius was expanding those expressions in the command line arguments. Then I tried to get the same in a normal quoted string, and it worked. Magic. :) The unlang(5) manual says: Double-quoted strings are expanded by inserting the value of any variables (see VARIABLES, below) before being evaluated. However, the VARIABLES section doesn't mention that those date-format strings are actually treated as variables whose names are single letters. It does mention the results of regular expression matches, where there are eight variables whose names are single numbers, so this looks like an omission. I'd write a proper patch, but I haven't looked at the source yet, to see which exact set of date formats are supported...? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug log [was Re: freeradius ippool issue]
Josip Rodin wrote: Oh. These seemingly random expansions have always surprised me. The other day I just happened to stumble upon that when writing: if ((Connect-Info != NONE) (Connect-Info %Y%m%d)) { It would be good if this was documented somewhere - I actually looked in the unlang manual page for a way to get a date string, but found nothing. doc/variables.txt However, the VARIABLES section doesn't mention that those date-format strings are actually treated as variables whose names are single letters. It does mention the results of regular expression matches, where there are eight variables whose names are single numbers, so this looks like an omission. There are a bunch more single-character expansions that get done. I'd write a proper patch, but I haven't looked at the source yet, to see which exact set of date formats are supported...? See doc/variables.txt Adding more man pages would be a good idea. But the unlang page is already pretty big. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug log [was Re: freeradius ippool issue]
On Fri, Jul 18, 2008 at 03:25:50PM +0200, Alan DeKok wrote: It would be good if this was documented somewhere - I actually looked in the unlang manual page for a way to get a date string, but found nothing. doc/variables.txt However, the VARIABLES section doesn't mention that those date-format strings are actually treated as variables whose names are single letters. It does mention the results of regular expression matches, where there are eight variables whose names are single numbers, so this looks like an omission. There are a bunch more single-character expansions that get done. I'd write a proper patch, but I haven't looked at the source yet, to see which exact set of date formats are supported...? See doc/variables.txt Adding more man pages would be a good idea. But the unlang page is already pretty big. OK, yes, but this particular situation is a bit strange... the variables.txt file says: See man unlang for more complete documentation on the run-time variables. This file is here only for historical purposes. Also: The following one-character variables are also defined. However, they are duplicates of the previous general cases, and are only provided for backwards compatibility. They WILL BE removed in a future release. Which information is authoritative - should we use and depend on this, or not? If not, what would be the best general way to get things like %D? -- 2. That which causes joy or happiness. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug log [was Re: freeradius ippool issue]
Josip Rodin wrote: OK, yes, but this particular situation is a bit strange... the variables.txt file says: Yes... Which information is authoritative - should we use and depend on this, or not? The expansions documented in doc/variables.txt are historical, but still work. This is what the documentation says. If not, what would be the best general way to get things like %D? Until they're replaced with something else, %D, etc. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 in radius.conf i have status_server = yes and no other references to Access-Accept. I have no dhcp server started the ip address it's begin alocated it';s from 10.0.0.0 subnet. Ivan Kalik wrote: | What IP address is in the Access-Accept packet? Perhaps you have a dhcp | server running as well and that one is allocating IPs. | | Ivan Kalik | Kalik Informatika ISP | | | Dana 16/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: | | Hi, i'm new with freeradius, and i have a few issues with ip allocation |from a mysql database. The server it's functional, it's running with a | pppoe server, authentication goes ok, the user gets authenticated with | the values from mysql tables, but i noticed that ipaddress it's not from | the radippool table, and also i've checked the sqltrace logs and i | saw no mention of this table. I have configured the sqlippool.conf and | sql.conf files with the correct tables but i think i'm missing something. | | Regards Paul. | - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html | | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfv7PGPhC6XW20oARAiPCAJ0Wqd1CtVQusqNYreylryh6NUalWgCfYrxY dainIz/RS8YUQtJg0yZlmYA= =lGhY -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( ~ 'gogu', 'gogu123', ~ 'Access-Accept', '2008-07-17 11:45:31') . Sending Access-Accept of id 28 to 192.168.1.1 port 37704 Ivan Kalik wrote: | Run the server in debug mode (radiusd -X) and see what's in the | Access-Accept packet. | | Ivan Kalik | | | Dana 17/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: | | in radius.conf i have status_server = yes and no other references to | Access-Accept. I have no dhcp server started the ip address it's begin | alocated it';s from 10.0.0.0 subnet. | | | Ivan Kalik wrote: | | What IP address is in the Access-Accept packet? Perhaps you have a dhcp | | server running as well and that one is allocating IPs. | | | | Ivan Kalik | | Kalik Informatika ISP | | | | | | Dana 16/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piĂae: | | | | Hi, i'm new with freeradius, and i have a few issues with ip allocation | |from a mysql database. The server it's functional, it's running with a | | pppoe server, authentication goes ok, the user gets authenticated with | | the values from mysql tables, but i noticed that ipaddress it's not from | | the radippool table, and also i've checked the sqltrace logs and i | | saw no mention of this table. I have configured the sqlippool.conf and | | sql.conf files with the correct tables but i think i'm missing | something. | | | | Regards Paul. | | | - | List info/subscribe/unsubscribe? See | http://www.freeradius.org/list/users.html | | | | | | | - | | List info/subscribe/unsubscribe? See | http://www.freeradius.org/list/users.html - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html | | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfwcnGPhC6XW20oARApyvAJ4i7/4ta01ivU1GAZiPo7MjuDaPxgCff70Y EtqDm3w8z7xG0rl1551knzA= =2VML -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( ~ 'gogu', 'gogu123', ~ 'Access-Accept', '2008-07-17 11:45:31') . Sending Access-Accept of id 28 to 192.168.1.1 port 37704 You've deleted almost everything from the debug output. You are trying VERY hard to make it impossible for anyone to help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
Nice. So server did send an Access-Accept. What was in it? Let's try again: Run the server in debug mode (radiusd -X) and see what's in the Access-Accept packet. Also, have in mind that radius sends framed IP address which is not very likely to be used in wireless setup. If you have sent one, debug the NAS and see if it was ignored. Ivan Kalik Kalik Informatika ISP Dana 17/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 . INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( ~ 'gogu', 'gogu123', ~ 'Access-Accept', '2008-07-17 11:45:31') .. Sending Access-Accept of id 28 to 192.168.1.1 port 37704 Ivan Kalik wrote: | Run the server in debug mode (radiusd -X) and see what's in the | Access-Accept packet. | | Ivan Kalik | | | Dana 17/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: | | in radius.conf i have status_server = yes and no other references to | Access-Accept. I have no dhcp server started the ip address it's begin | alocated it';s from 10.0.0.0 subnet. | | | Ivan Kalik wrote: | | What IP address is in the Access-Accept packet? Perhaps you have a dhcp | | server running as well and that one is allocating IPs. | | | | Ivan Kalik | | Kalik Informatika ISP | | | | | | Dana 16/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piĂae: | | | | Hi, i'm new with freeradius, and i have a few issues with ip allocation | |from a mysql database. The server it's functional, it's running with a | | pppoe server, authentication goes ok, the user gets authenticated with | | the values from mysql tables, but i noticed that ipaddress it's not from | | the radippool table, and also i've checked the sqltrace logs and i | | saw no mention of this table. I have configured the sqlippool.conf and | | sql.conf files with the correct tables but i think i'm missing | something. | | | | Regards Paul. | | | - | List info/subscribe/unsubscribe? See | http://www.freeradius.org/list/users.html | | | | | | | - | | List info/subscribe/unsubscribe? See | http://www.freeradius.org/list/users.html - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html | | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfwcnGPhC6XW20oARApyvAJ4i7/4ta01ivU1GAZiPo7MjuDaPxgCff70Y EtqDm3w8z7xG0rl1551knzA= =2VML -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sry for the bad output, but this ware the lines with Access-Accept, this is the whole thing: - - the whole log it's at http://alexandrunet.ro/radius_log; radiusd -X | grep Access-Accept ~expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( ~ '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth ~ (username, pass, reply, authdate) VALUES ( 'gogu', 'gogu123', 'Access-Accept', '2008-07-17 11:45:31') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth ~ (username, pass, reply, authdate) ~ VALUES ( 'gogu', ~ 'gogu123', 'Access-Accept', '2008-07-17 11:45:31') rlm_sql_mysql: query: INSERT INTO radpostauth ~ (username, pass, reply, authdate) VALUES ( ~'gogu', 'gogu123', ~ 'Access-Accept', '2008-07-17 11:45:31') ~expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( ~ '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth ~ (username, pass, reply, authdate) VALUES ( 'gogu', 'gogu123', 'Access-Accept', '2008-07-17 11:45:31') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth ~ (username, pass, reply, authdate) ~ VALUES ( 'gogu', ~ 'gogu123', 'Access-Accept', '2008-07-17 11:45:31') rlm_sql_mysql: query: INSERT INTO radpostauth ~ (username, pass, reply, authdate) VALUES ( ~'gogu', 'gogu123', ~ 'Access-Accept', '2008-07-17 11:45:31') Sending Access-Accept of id 28 to 192.168.1.1 port 37704 Paul Alan DeKok wrote: | [EMAIL PROTECTED] wrote: | | INSERT INTO radpostauth (username, pass, | reply, authdate) VALUES ( | ~ 'gogu', 'gogu123', | ~ 'Access-Accept', '2008-07-17 11:45:31') | . | Sending Access-Accept of id 28 to 192.168.1.1 port 37704 | | You've deleted almost everything from the debug output. | | You are trying VERY hard to make it impossible for anyone to help you. | | Alan DeKok. | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfw9nGPhC6XW20oARAl70AJ9W5KuBYKF98wetQie1ZZ2rKDknCwCfXE4/ njD7JUTjquAkvVv2ecztosE= =w4M4 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
sry for the bad output, but this ware the lines with Access-Accept, this is the whole thing: - - the whole log it's at http://alexandrunet.ro/radius_log; No, it's not. That's just the debug of the startup. Post the log of the request being processed. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: sry for the bad output, but this ware the lines with Access-Accept, this is the whole thing: - the whole log it's at http://alexandrunet.ro/radius_log; Which has ZERO use. The server doesn't even receive any packets! Do you even understand what an Access-Accept is? radiusd -X | grep Access-Accept No. Do NOT do that. You are trying VERY hard to ignore all of the output of radiusd -X. If you're not going to follow the instructions on this list, then don't ask questions here. If you're not going to read the output of radiusd -X, then don't even other trying to run the server. You will NEVER get the problem fixes. And you ARE aware that RADIUS cannot assign IP's for wireless networks, right? You've been told this multiple times already. I have no idea why you insist on ignoring the output of radiusd -X. It is the ONLY thing which can help solve the problem. We have asked you for this REPEATEDLY, and every time you have gone out of your way to delete ALL useful information from the debug output. Again, you are trying very hard to make it impossible for us to help you. STOP IT. It's annoying. Follow the instructions, and stop trying to be smart about it. Every little edit you do to simplify the output of radiusd -X destroys the information we need to help you. Did I mention to run radiusd -X? And to post the full logs, without editing it? And INCLUDE in the logs the output from when the server receives a packet, processes it, and sends a response? That last bit shouldn't be rocket science. Honestly, I have no idea why you think it's useful to post the (un-edited) logs from when the server does nothing, and then the (edited) logs from when the server receives a packet. It's like you're *trying* to make it impossible for us to help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 sorry about that, you have a good point, i just restarted the server and i forgot i did not try to connect. Regarding to the wireless network, no, it's not a wireless netowork it's an UTP network, i'm using radius with a pppoe server. I've updated the file at http://alexandrunet.ro/radius_log; and it now has the full log from the time the user connects. Alan DeKok wrote: | [EMAIL PROTECTED] wrote: | sry for the bad output, but this ware the lines with Access-Accept, | this is the whole thing: | - the whole log it's at http://alexandrunet.ro/radius_log; | | Which has ZERO use. The server doesn't even receive any packets! | | Do you even understand what an Access-Accept is? | | radiusd -X | grep Access-Accept | | No. Do NOT do that. You are trying VERY hard to ignore all of the | output of radiusd -X. | | If you're not going to follow the instructions on this list, then | don't ask questions here. If you're not going to read the output of | radiusd -X, then don't even other trying to run the server. You will | NEVER get the problem fixes. | | And you ARE aware that RADIUS cannot assign IP's for wireless | networks, right? You've been told this multiple times already. | | I have no idea why you insist on ignoring the output of radiusd -X. |It is the ONLY thing which can help solve the problem. We have asked | you for this REPEATEDLY, and every time you have gone out of your way to | delete ALL useful information from the debug output. | | Again, you are trying very hard to make it impossible for us to help | you. STOP IT. It's annoying. Follow the instructions, and stop trying | to be smart about it. Every little edit you do to simplify the output | of radiusd -X destroys the information we need to help you. | | Did I mention to run radiusd -X? And to post the full logs, without | editing it? And INCLUDE in the logs the output from when the server | receives a packet, processes it, and sends a response? | | That last bit shouldn't be rocket science. Honestly, I have no idea | why you think it's useful to post the (un-edited) logs from when the | server does nothing, and then the (edited) logs from when the server | receives a packet. | | It's like you're *trying* to make it impossible for us to help you. | | Alan DeKok. | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfxdAGPhC6XW20oARAt49AJ93d3/xv0TmO6mjLPVR7gfHE1J1fQCfYazN iVpZcFq6sUGj6HtX270jJNg= =c3Pl -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: sorry about that, you have a good point, i just restarted the server and i forgot i did not try to connect. Regarding to the wireless network, no, it's not a wireless netowork it's an UTP network, i'm using radius with a pppoe server. I've updated the file at http://alexandrunet.ro/radius_log; and it now has the full log from the time the user connects. Right. Now YOU read it. It's not hard. Look for pool. Think about it. Then think about it again. Then fix the problem before asking more questions. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
You have not assigned the IP address via radius. It's assigned by the dhcp server: Sending Access-Accept of id 31 to 192.168.1.1 port 40086 Framed-Protocol := PPP Framed-IP-Netmask = 255.255.255.255 Framed-MTU := 1500 Framed-Compression := Van-Jacobson-TCP-IP Session-Timeout = 14400 Idle-Timeout = 600 Port-Limit = 1 Service-Type := Framed-User *** No IP address in Access-Accept; Pool-Name or Framed-IP-Address were not set for this user *** Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 192.168.1.1 port 34314, id=32, length=115 Acct-Session-Id = 487F15BE052000 User-Name = gogu Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 00:FF:74:D6:85:27 Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 10.67.15.34 == This came from dhcp NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Acct-Delay-Time = 0 Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 :) yes that's what it was thank you for your help. I'm sorry you had a bad day my friend. Paul. Alan DeKok wrote: | [EMAIL PROTECTED] wrote: | sorry about that, you have a good point, i just restarted the server and | i forgot i did not try to connect. Regarding to the wireless network, | no, it's not a wireless netowork it's an UTP network, i'm using radius | with a pppoe server. I've updated the file at | http://alexandrunet.ro/radius_log; and it now has the full log from the | time the user connects. | | Right. Now YOU read it. It's not hard. | | Look for pool. Think about it. Then think about it again. | | Then fix the problem before asking more questions. | | Alan DeKok. | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfxyAGPhC6XW20oARArfHAKCUegjh8GZ3Exl3XsO5ZJKHacAqygCgm8p0 MMWfcREYJWv0rMU24YGB/Yk= =ekCu -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 there is not dhcp running on that server, and there is no dhcprelay. I supposed it's the radius default, i don't know if that makes any sense to you:), anyways i will dig more. Thank you. [EMAIL PROTECTED]:/usr/local/etc/raddb# ps -aux | grep dhcp Warning: bad ps syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html root 1670 0.0 0.0 2000 632 pts/2R+ 13:18 0:00 grep dhcp [EMAIL PROTECTED]:/usr/local/etc/raddb# Ivan Kalik wrote: | You have not assigned the IP address via radius. It's assigned by the | dhcp server: | | Sending Access-Accept of id 31 to 192.168.1.1 port 40086 | Framed-Protocol := PPP | Framed-IP-Netmask = 255.255.255.255 | Framed-MTU := 1500 | Framed-Compression := Van-Jacobson-TCP-IP | Session-Timeout = 14400 | Idle-Timeout = 600 | Port-Limit = 1 | Service-Type := Framed-User | | *** No IP address in Access-Accept; Pool-Name or Framed-IP-Address were | not set for this user *** | | Finished request 0. | Going to the next request | Waking up in 4.9 seconds. | rad_recv: Accounting-Request packet from host 192.168.1.1 port 34314, | id=32, | length=115 | Acct-Session-Id = 487F15BE052000 | User-Name = gogu | Acct-Status-Type = Start | Service-Type = Framed-User | Framed-Protocol = PPP | Calling-Station-Id = 00:FF:74:D6:85:27 | Acct-Authentic = RADIUS | NAS-Port-Type = Async | Framed-IP-Address = 10.67.15.34 == This came from dhcp | NAS-IP-Address = 127.0.0.1 | NAS-Port = 0 | Acct-Delay-Time = 0 | | Ivan Kalik | Kalik Informatika ISP | | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfx3kGPhC6XW20oARAu+IAJ0exNuiVsW+FT/2FcUuPJ5dwZdPpgCglifv POa6JfxgjMf+3zWdWFlDcyo= =yUa2 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: :) yes that's what it was thank you for your help. I'm sorry you had a bad day my friend. You have tried very hard to make it a bad day. It's incredibly frustrating to help people who fight every attempt to help them. I have no idea why people do that, but it happens a lot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: there is not dhcp running on that server, and there is no dhcprelay. I supposed it's the radius default, No. If RADIUS doesn't assign an IP address, then something else you've configured in your network is assigning that IP. It's clear that you have no idea what's going on in your network. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 again ty for your help, you don't have to (help) if you don't fell like, and i suggest to keep your bad day to your self and not spread the feeling around. As i said in my original email i'm new at this and i-m learning as i go, i'm sure you have begin here also at one point. Again sry you had a bad day. Paul. Alan DeKok wrote: | [EMAIL PROTECTED] wrote: | there is not dhcp running on that server, and there is no dhcprelay. I | supposed it's the radius default, | | No. | | If RADIUS doesn't assign an IP address, then something else you've | configured in your network is assigning that IP. | | It's clear that you have no idea what's going on in your network. | | Alan DeKok. | - | List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfycAGPhC6XW20oARAhTtAJ9YPqnq7hO20+UnkgyEWQdXOOVRJACgkUSV S6sNnsvUxBWALQ9M1lwkBF4= =sMrY -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
[EMAIL PROTECTED] wrote: As i said in my original email i'm new at this and i-m learning as i go, Once again, you are missing the point. The point is that you were *not* learning. The ALL CAPS discussion was there because nothing else seemed to get through to you. And it did get through to you. You learned, didn't you? You should be having a great day right about now. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius ippool issue
What IP address is in the Access-Accept packet? Perhaps you have a dhcp server running as well and that one is allocating IPs. Ivan Kalik Kalik Informatika ISP Dana 16/7/2008, [EMAIL PROTECTED] [EMAIL PROTECTED] piše: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, i'm new with freeradius, and i have a few issues with ip allocation from a mysql database. The server it's functional, it's running with a pppoe server, authentication goes ok, the user gets authenticated with the values from mysql tables, but i noticed that ipaddress it's not from the radippool table, and also i've checked the sqltrace logs and i saw no mention of this table. I have configured the sqlippool.conf and sql.conf files with the correct tables but i think i'm missing something. Regards Paul. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFIfgzcGPhC6XW20oARAu0UAJ9Ky9BptkMVKStyD1wmpo9K9pOkCACghvVY aWic/fIAfv/vEr6k/X2pLHM= =+WPJ -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html