Understanding the IP Pool module
Hello Everyone I am hoping to use rlm_ippool and I would like to understand a bit about how it works. Firstly I want to understand the format of the database. I can see from the output of rlm_ippool_tool that there are five columns :- Key | IP Address | Active | CLI | Num It is obvious what the first two are, and I am not sure about the last three, but I guess that active means that this address is in use. Could anyone explain to me what the columns cli and num are used for? I noticed that this module is called from the post-auth and accounting sections, and in the accounting section of sites-available/default there is the following comment :- # Return an address to the IP Pool when we see a stop record. Does this mean that the ippool module sets active to 0 when it sees an accounting Stop from the same Key? Also, I noticed that this module can be used for DHCP which obviously does not have an accounting section. Does this mean that IP addresses can never be deallocated from the pool? Thanks in advance for any help. Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Understanding the IP Pool module
Thanks Alan 2013/2/12 Alan DeKok al...@deployingradius.com: Бен Томпсон wrote: I am hoping to use rlm_ippool and I would like to understand a bit about how it works. Firstly I want to understand the format of the database. The best approach is to look at the documentation, followed by the code. I have had a look at the code and have been able to work out a few things. I will write my findings here, both for my own reference and for others who might ask the same questions in the future. Regarding the active flag: as I understand it so far, this is basically supposed to indicate whether a session (e.g. PPP,) is currently up and using this address. The theory being that the flag is set to 1 when the IP is dished out during RADIUS post-auth, and it is set to 0 when the accounting stop is recieved. I also figured out that cli flag is the Calling-Station-Id and this is used as an identifier in Multilink PPP sessions. It would appear that in the old days of bundling together conections with dial up modems (to get more bandwidth) it was necessary to issue the same address in mutliple authentication requests. One thing I still don't understand though is how best to use ippool for DHCP. I don't understand where and how I should call the module during a DHCP transaction. For example I can call it during DHCP-Discover, but it seems that if I call it again during DHCP-Request I might get different address even when the key is the same. I will continue to to study the code to see why this happens and if I figure it out I will report back with my findings. If anyone else knows the answers, I would be grateful hear from them. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Trucation of octet attribute handled by rlm_perl
Hello everyone I am having a slight problem with rlm_perl and I would really appreciate any advice/help. I have a perl script which rlm_perl adds a value to the DHCP-Classless-Static-Route attribute something like this :- perl script snippets ... my $route = pack('C7', split(/\,/, 16,172,16,10,0,0,2)); ... radiusd::radlog(RADLOG_DEBUG, packed data: . unpack('H*', $route)); ... $RAD_REPLY{'DHCP-Classless-Static-Route'} = $route; ... ### ..but from the debug output I see that the attribute data is truncated at the first octet with value 00 :- ### freeradius -Xx snippets ... Thu Feb 28 10:35:23 2013 : rlm_perl: packed data: 10ac100a02 Thu Feb 28 10:35:23 2013 : Debug: rlm_perl: Added pair DHCP-Classless-Static-Route = ??? ... DHCP-Classless-Static-Route = 0x10ac100a ## Am I doing somthething daft, or is this a possible bug in rlm_perl? I am using freeradius 2.2.0. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Packet-Original-Timestamp
Hello Everyone I have a NAS which is not sending Event-Timestamp in accounting messages. I wondered if I could create it in unlang by subtracting Acct-Delay-Time from Packet-Original-Timestamp. However, when I put a reference to Packet-Original-Timestamp in the acconting setion I get the following error :- Reference ${Packet-Original-Timestamp} not found Am I doing something wrong? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet-Original-Timestamp
2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 00:43, Бен Томпсон b.thomp...@latera.ru wrote: Hello Everyone I have a NAS which is not sending Event-Timestamp in accounting messages. I wondered if I could create it in unlang by subtracting Acct-Delay-Time from Packet-Original-Timestamp. However, when I put a reference to Packet-Original-Timestamp in the acconting setion I get the following error :- Reference ${Packet-Original-Timestamp} not found Am I doing something wrong? Yeah you're using a $ instead of a %. Many thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Trucation of octet attribute handled by rlm_perl
Many thanks for you help. 2013/3/1 Iliya Peregoudov iperegu...@cboss.ru: All attributes in rlm_perl scripts should be text. rlm_perl convert them to text before function call and convert them from text after function return. So you should use $RAD_REPLY{'DHCP-Classless-Static-Route'} = '0x'.unpack('H*', $route); On 28.02.2013 11:05, Бен Томпсон wrote: Hello everyone I am having a slight problem with rlm_perl and I would really appreciate any advice/help. I have a perl script which rlm_perl adds a value to the DHCP-Classless-Static-Route attribute something like this :- perl script snippets ... my $route = pack('C7', split(/\,/, 16,172,16,10,0,0,2)); ... radiusd::radlog(RADLOG_DEBUG, packed data: . unpack('H*', $route)); ... $RAD_REPLY{'DHCP-Classless-Static-Route'} = $route; ... ### - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet-Original-Timestamp
2013/3/1 Бен Томпсон b.thomp...@latera.ru: 2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 00:43, Бен Томпсон b.thomp...@latera.ru wrote: Hello Everyone I have a NAS which is not sending Event-Timestamp in accounting messages. I wondered if I could create it in unlang by subtracting Acct-Delay-Time from Packet-Original-Timestamp. However, when I put a reference to Packet-Original-Timestamp in the acconting setion I get the following error :- Reference ${Packet-Original-Timestamp} not found Am I doing something wrong? Yeah you're using a $ instead of a %. Many thanks. Another quick question :- ## snip ## ++? if (!Event-Timestamp) ? Evaluating !(Event-Timestamp) - TRUE ++? if (!Event-Timestamp) - TRUE ++- entering if (!Event-Timestamp) {...} expand: %{Packet-Original-Timestamp} - +++[request] returns updated ++- if (!Event-Timestamp) returns updated It seems that Packet-Original-Timestamp does not contain anything. I was under the impression that it is generated automatically by FreeRADIUS. Is this not the case? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet-Original-Timestamp
2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 01:45, Бен Томпсон b.thomp...@latera.ru wrote: 2013/3/1 Бен Томпсон b.thomp...@latera.ru: 2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 00:43, Бен Томпсон b.thomp...@latera.ru wrote: Hello Everyone I have a NAS which is not sending Event-Timestamp in accounting messages. I wondered if I could create it in unlang by subtracting Acct-Delay-Time from Packet-Original-Timestamp. However, when I put a reference to Packet-Original-Timestamp in the acconting setion I get the following error :- Reference ${Packet-Original-Timestamp} not found Am I doing something wrong? Yeah you're using a $ instead of a %. Many thanks. Another quick question :- ## snip ## ++? if (!Event-Timestamp) ? Evaluating !(Event-Timestamp) - TRUE ++? if (!Event-Timestamp) - TRUE ++- entering if (!Event-Timestamp) {...} expand: %{Packet-Original-Timestamp} - +++[request] returns updated ++- if (!Event-Timestamp) returns updated It seems that Packet-Original-Timestamp does not contain anything. I was under the impression that it is generated automatically by FreeRADIUS. Is this not the case Packet-Original-Timestamp is only set by the detail file reader. Event-Timestamp should be set in accounting if you call preprocess in preacct*. -Arran * At least in 3.0 OK, thanks again, I will give it a try. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet-Original-Timestamp
2013/3/1 Бен Томпсон b.thomp...@latera.ru: 2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 01:45, Бен Томпсон b.thomp...@latera.ru wrote: 2013/3/1 Бен Томпсон b.thomp...@latera.ru: 2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 00:43, Бен Томпсон b.thomp...@latera.ru wrote: Hello Everyone I have a NAS which is not sending Event-Timestamp in accounting messages. I wondered if I could create it in unlang by subtracting Acct-Delay-Time from Packet-Original-Timestamp. However, when I put a reference to Packet-Original-Timestamp in the acconting setion I get the following error :- Reference ${Packet-Original-Timestamp} not found Am I doing something wrong? Yeah you're using a $ instead of a %. Many thanks. Another quick question :- ## snip ## ++? if (!Event-Timestamp) ? Evaluating !(Event-Timestamp) - TRUE ++? if (!Event-Timestamp) - TRUE ++- entering if (!Event-Timestamp) {...} expand: %{Packet-Original-Timestamp} - +++[request] returns updated ++- if (!Event-Timestamp) returns updated It seems that Packet-Original-Timestamp does not contain anything. I was under the impression that it is generated automatically by FreeRADIUS. Is this not the case Packet-Original-Timestamp is only set by the detail file reader. Event-Timestamp should be set in accounting if you call preprocess in preacct*. -Arran * At least in 3.0 OK, thanks again, I will give it a try. Arran I tried checking out the git master code, but it just hangs when calling rlm_perl. This is the last line I see when running in debug mode :- Fri Mar 1 12:46:49 2013 : Debug: (0) modsingle[authorize]: calling perl (rlm_perl) for request 0 I need rlm_perl as part of my setup... Is Packet-Original-Timestamp definitely not usable in v2.x? Thanks Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet-Original-Timestamp
2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 03:56, Бен Томпсон b.thomp...@latera.ru wrote: 2013/3/1 Бен Томпсон b.thomp...@latera.ru: 2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 01:45, Бен Томпсон b.thomp...@latera.ru wrote: 2013/3/1 Бен Томпсон b.thomp...@latera.ru: 2013/3/1 Arran Cudbard-Bell a.cudba...@freeradius.org: On 1 Mar 2013, at 00:43, Бен Томпсон b.thomp...@latera.ru wrote: Hello Everyone I have a NAS which is not sending Event-Timestamp in accounting messages. I wondered if I could create it in unlang by subtracting Acct-Delay-Time from Packet-Original-Timestamp. However, when I put a reference to Packet-Original-Timestamp in the acconting setion I get the following error :- Reference ${Packet-Original-Timestamp} not found Am I doing something wrong? Yeah you're using a $ instead of a %. Many thanks. Another quick question :- ## snip ## ++? if (!Event-Timestamp) ? Evaluating !(Event-Timestamp) - TRUE ++? if (!Event-Timestamp) - TRUE ++- entering if (!Event-Timestamp) {...} expand: %{Packet-Original-Timestamp} - +++[request] returns updated ++- if (!Event-Timestamp) returns updated It seems that Packet-Original-Timestamp does not contain anything. I was under the impression that it is generated automatically by FreeRADIUS. Is this not the case Packet-Original-Timestamp is only set by the detail file reader. Event-Timestamp should be set in accounting if you call preprocess in preacct*. -Arran * At least in 3.0 OK, thanks again, I will give it a try. Arran I tried checking out the git master code, but it just hangs when calling rlm_perl. This is the last line I see when running in debug mode :- Fri Mar 1 12:46:49 2013 : Debug: (0) modsingle[authorize]: calling perl (rlm_perl) for request 0 I need rlm_perl as part of my setup... Is Packet-Original-Timestamp definitely not usable in v2.x? Packet-Original-Timestamp as I explained before is *only* created by the detail reader, when it reads a packet back into the server. Event-Timestamp was not automatically created by the preprocess module in 2.2.x but is in 3.0.0. If you provide a backtrace more debug we can probably fix the issue with rlm_perl. Hi Arran Many thanks again for the info. Sorry, I misunderstood your first email. I understand now that as I am not using the detail reader, I am barking up the wrong tree with Packet-Original-Timestamp. I deleted the v3 version of FreeRADIUS, but I can recreate it and take a backtrace if it will be useful. Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet-Original-Timestamp
2013/3/1 Alan DeKok al...@deployingradius.com: Бен Томпсон wrote: I tried checking out the git master code, but it just hangs when calling rlm_perl. This is the last line I see when running in debug mode :- Fri Mar 1 12:46:49 2013 : Debug: (0) modsingle[authorize]: calling perl (rlm_perl) for request 0 I need rlm_perl as part of my setup... Is Packet-Original-Timestamp definitely not usable in v2.x? Don't ask leading questions like that. It's rude. It is usable. Arran said it was usable. You were told this. Hi Alan I am sorry, it was not intended to be rude. I misread Arran's email, and misunderstood what he told me. If you want to add Event-Timestamp, when it isn't already there, do: if (!Event-Timestamp) { update request { Event-Timestamp := %l } } Many thanks, I will try this. Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Packet-Original-Timestamp
If you could provide a backtrace of the rlm_perl module at the point it gets stuck it'd be helpful. Then we can fix it before someone else runs into the same issue. Hello Arran I am not very familiar debugging C programs, but maybe this is will help :- root@somecomp:~# gdb /usr/local/sbin/radiusd GNU gdb (GDB) 7.0.1-debian Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type show copying and show warranty for details. This GDB was configured as x86_64-linux-gnu. For bug reporting instructions, please see: http://www.gnu.org/software/gdb/bugs/... Reading symbols from /usr/local/sbin/radiusd...done. (gdb) run -Xx Starting program: /usr/local/sbin/radiusd -Xx [Thread debugging using libthread_db enabled] Fri Mar 8 12:00:17 2013 : Info: radiusd: FreeRADIUS Version 3.0.0 (git #478fa70), for host , built on Mar 8 2013 at 11:47:09 Fri Mar 8 12:00:17 2013 : Debug: Server was built with: Fri Mar 8 12:00:17 2013 : Debug: accounting Fri Mar 8 12:00:17 2013 : Debug: authentication Fri Mar 8 12:00:17 2013 : Debug: ascend binary attributes Fri Mar 8 12:00:17 2013 : Debug: coa Fri Mar 8 12:00:17 2013 : Debug: control-socket Fri Mar 8 12:00:17 2013 : Debug: detail Fri Mar 8 12:00:17 2013 : Debug: dhcp Fri Mar 8 12:00:17 2013 : Debug: dynamic clients Fri Mar 8 12:00:17 2013 : Debug: proxy Fri Mar 8 12:00:17 2013 : Debug: regex-posix Fri Mar 8 12:00:17 2013 : Debug: session-management Fri Mar 8 12:00:17 2013 : Debug: stats Fri Mar 8 12:00:17 2013 : Debug: tcp Fri Mar 8 12:00:17 2013 : Debug: threads Fri Mar 8 12:00:17 2013 : Debug: tls Fri Mar 8 12:00:17 2013 : Debug: unlang Fri Mar 8 12:00:17 2013 : Debug: vmps Fri Mar 8 12:00:17 2013 : Debug: Server core libs: Fri Mar 8 12:00:17 2013 : Debug: talloc : 2.0.* Fri Mar 8 12:00:17 2013 : Debug: ssl: OpenSSL 0.9.8o 01 Jun 2010 Fri Mar 8 12:00:17 2013 : Info: Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. Fri Mar 8 12:00:17 2013 : Info: There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A Fri Mar 8 12:00:17 2013 : Info: PARTICULAR PURPOSE. Fri Mar 8 12:00:17 2013 : Info: You may redistribute copies of FreeRADIUS under the terms of the Fri Mar 8 12:00:17 2013 : Info: GNU General Public License. Fri Mar 8 12:00:17 2013 : Info: For more information about these matters, see the file named COPYRIGHT. Fri Mar 8 12:00:17 2013 : Info: Starting - reading configuration files ... Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/radiusd.conf Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/proxy.conf Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/clients.conf Fri Mar 8 12:00:17 2013 : Debug: including files in directory /usr/local/etc/raddb/mods-enabled/ Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/detail Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/always Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/unix Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/dhcp Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/counter Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/preprocess Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/cui Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/../sql/cui/mysql/queries.conf Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/detail.log Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/utf8 Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/radutmp Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/eap Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/wimax Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/echo Fri Mar 8 12:00:17 2013 : Debug: including configuration file /usr/local/etc/raddb/mods-enabled/passwd Fri Mar 8 12:00:17 2013 : Debug: including
ippool-dhcp and Oracle
Hello Everyone Could anyone advise me what would be required to us dhcp-ippool with Oracle? I had a quick look through the files in git and it seems to me that the only thing missing is queries.conf? If that is all that is required I am happy to do the work of porting the sql queries from the mysql version, but I just wanted the check that I am not missing something. Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool-dhcp and Oracle
2013/3/23 Arran Cudbard-Bell a.cudba...@freeradius.org: On 23 Mar 2013, at 12:22, Бен Томпсон b.thomp...@latera.ru wrote: Hello Everyone Could anyone advise me what would be required to us dhcp-ippool with Oracle? I had a quick look through the files in git and it seems to me that the only thing missing is queries.conf? If that is all that is required I am happy to do the work of porting the sql queries from the mysql version, but I just wanted the check that I am not missing something. Nope you're not. Please contribute a queries.conf file for Oracle and submit a pull request for master branch. Were actively trying to promote the use of the DHCP side, so such patches are very helpful. -Arran Hi Arran Thanks for the quick reply, I will try and do it in the next few days. Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool-dhcp and Oracle
2013/3/23 Бен Томпсон b.thomp...@latera.ru: 2013/3/23 Arran Cudbard-Bell a.cudba...@freeradius.org: On 23 Mar 2013, at 12:22, Бен Томпсон b.thomp...@latera.ru wrote: Hello Everyone Could anyone advise me what would be required to us dhcp-ippool with Oracle? I had a quick look through the files in git and it seems to me that the only thing missing is queries.conf? If that is all that is required I am happy to do the work of porting the sql queries from the mysql version, but I just wanted the check that I am not missing something. Nope you're not. Please contribute a queries.conf file for Oracle and submit a pull request for master branch. Were actively trying to promote the use of the DHCP side, so such patches are very helpful. -Arran Hi Arran Thanks for the quick reply, I will try and do it in the next few days. Ben Hello Arran and everyone on the list I began work on testing with Oracle but I have come across a couple of issues. Firstly one of my SQL statements is throwing up an error, and secondly the server is sending a unicast reply when I need a broadcast. I should be able to fix the dodgy SQL but I wondered if anyone could help me fix the broadcast/unicast problem. Here is the full degug :- # /usr/local/sbin/radiusd -X radiusd: FreeRADIUS Version 3.0.0 (git #d3b1f0a), for host x86_64-unknown-linux-gnu, built on Mar 23 2013 at 21:22:40 Copyright (C) 1999-2013 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License. For more information about these matters, see the file named COPYRIGHT. Starting - reading configuration files ... including configuration file /usr/local/etc/raddb/radiusd.conf including configuration file /usr/local/etc/raddb/clients.conf including files in directory /usr/local/etc/raddb/mods-enabled/ including configuration file /usr/local/etc/raddb/mods-enabled/passwd including configuration file /usr/local/etc/raddb/mods-enabled/soh including configuration file /usr/local/etc/raddb/mods-enabled/digest including configuration file /usr/local/etc/raddb/mods-enabled/detail including configuration file /usr/local/etc/raddb/mods-enabled/echo including configuration file /usr/local/etc/raddb/mods-enabled/files including configuration file /usr/local/etc/raddb/mods-enabled/linelog including configuration file /usr/local/etc/raddb/mods-enabled/utf8 including configuration file /usr/local/etc/raddb/mods-enabled/chap including configuration file /usr/local/etc/raddb/mods-enabled/attr_filter including configuration file /usr/local/etc/raddb/mods-enabled/dynamic_clients including configuration file /usr/local/etc/raddb/mods-enabled/unix including configuration file /usr/local/etc/raddb/mods-enabled/eap including configuration file /usr/local/etc/raddb/mods-enabled/sql including configuration file /usr/local/etc/raddb/mods-enabled/../sql/main/oracle/queries.conf including configuration file /usr/local/etc/raddb/mods-enabled/expiration including configuration file /usr/local/etc/raddb/mods-enabled/attr_rewrite including configuration file /usr/local/etc/raddb/mods-enabled/dhcp including configuration file /usr/local/etc/raddb/mods-enabled/ntlm_auth including configuration file /usr/local/etc/raddb/mods-enabled/checkval including configuration file /usr/local/etc/raddb/mods-enabled/dhcp_sqlippool including configuration file /usr/local/etc/raddb/sql/ippool-dhcp/oracle/queries.conf including configuration file /usr/local/etc/raddb/mods-enabled/cache_eap including configuration file /usr/local/etc/raddb/mods-enabled/preprocess including configuration file /usr/local/etc/raddb/mods-enabled/mschap including configuration file /usr/local/etc/raddb/mods-enabled/radutmp including configuration file /usr/local/etc/raddb/mods-enabled/detail.log including configuration file /usr/local/etc/raddb/mods-enabled/realm including configuration file /usr/local/etc/raddb/mods-enabled/pap including configuration file /usr/local/etc/raddb/mods-enabled/exec including configuration file /usr/local/etc/raddb/mods-enabled/logintime including configuration file /usr/local/etc/raddb/mods-enabled/replicate including configuration file /usr/local/etc/raddb/mods-enabled/sradutmp including configuration file /usr/local/etc/raddb/mods-enabled/always including configuration file /usr/local/etc/raddb/mods-enabled/expr including files in directory /usr/local/etc/raddb/policy.d/ including configuration file /usr/local/etc/raddb/policy.d/control including configuration file /usr/local/etc/raddb/policy.d/cui including configuration file /usr/local/etc/raddb/policy.d/canonicalization including configuration file /usr/local/etc/raddb/policy.d/eap including configuration file /usr/local/etc/raddb/policy.d/operator-name including configuration file /usr/local/etc/raddb/policy.d/dhcp including configuration file /usr/local/etc/raddb
Re: ippool-dhcp and Oracle
2013/3/24 Alan DeKok al...@deployingradius.com: Бен Томпсон wrote: I began work on testing with Oracle but I have come across a couple of issues. Firstly one of my SQL statements is throwing up an error, and secondly the server is sending a unicast reply when I need a broadcast. I should be able to fix the dodgy SQL but I wondered if anyone could help me fix the broadcast/unicast problem. Here is the full degug :- The debug log Received DHCP-Discover of id 64b2e216 from 0.0.0.0:68 to 0.0.0.0:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1689444886 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 The broadcast flag isn't set. So the client is asking for a unicast response. (0) dhcp_sqlippool : expand: 'START TRANSACTION' - 'START TRANSACTION' rlm_sql (sql): Executing query: 'START TRANSACTION' rlm_sql_oracle: execute query failed in sql_query: ORA-00900: invalid SQL statement That needs to be fixed. I don't know much about Oracle, and I don't have an Oracle system running to test it. (0) DHCP: Reply will be sent unicast to your-ip-address Sending DHCP-Offer of id 64b2e216 to 10.99.0.11:68 You should be able to fix this by doing: update reply { DHCP-Flags = Broadcast } Which will force the server to send a broadcast reply. Alan DeKok. Hi Alan Many thanks for the quick reply. The SQL statement START TRANSACTION looks to be hard coded into rlm_sqlippool.c but I don't know enough about Oracle etiher to say why it is flagged as an error. However from looking at the code I assume that it is supposed to signify the begining of a batch of SQL statements which after execution will be be either committed or rolled back. My guess would be that it is a redundant command as according this page: http://stackoverflow.com/questions/1366851/how-do-i-find-out-if-an-oracle-database-is-set-to-autocommit - commit/rollback, is a purely client side thing. So if a client says to Oracle here are some statements which I will not commit straight away I guess the server reply's with why are you telling me?. If I am right then, I guess we can just remove the START TRANSACTION statement for Oracle, but unfoturnately I don't know enough myself to be sure. I do have access to and Oracle database though, so I am happy to do any testing, if someone else with more Oracle knowledge can advise what we should do. The broadcast flag did the trick thanks. Here is the DHCP discover section I am using :- dhcp DHCP-Discover { update control { Pool-Name := test_ip_pool } dhcp_sqlippool update reply { DHCP-Subnet-Mask = 255.255.255.0 DHCP-Domain-Name-Server = 192.168.12.1 DHCP-Router-Address = 10.99.0.1 DHCP-IP-Address-Lease-Time = 300 DHCP-DHCP-Server-Identifier = 10.99.0.100 } if (DHCP-Gateway-IP-Address == 0.0.0.0) { update reply { DHCP-Flags = Broadcast } } } However, it seems that none of the options are added to the reply, and for some reason an empty packet is sent to the client :- Received DHCP-Discover of id 3f1a9769 from 0.0.0.0:68 to 0.0.0.0:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 1058707305 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:0c:29:a6:a0:e7 DHCP-Message-Type += DHCP-Discover DHCP-Parameter-Request-List += DHCP-Subnet-Mask DHCP-Parameter-Request-List += DHCP-Broadcast-Address DHCP-Parameter-Request-List += DHCP-Time-Offset DHCP-Parameter-Request-List += DHCP-Router-Address DHCP-Parameter-Request-List += DHCP-Domain-Name DHCP-Parameter-Request-List += DHCP-Domain-Name-Server DHCP-Parameter-Request-List += DHCP-Domain-Search DHCP-Parameter-Request-List += DHCP-Hostname DHCP-Parameter-Request-List += DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List += DHCP-NETBIOS DHCP-Parameter-Request-List += DHCP-Interface-MTU-Size DHCP-Parameter-Request-List += DHCP-Classless-Static-Route DHCP-Parameter-Request-List += DHCP-NTP-Servers Trying sub-section dhcp DHCP-Discover {...} (0) group DHCP-Discover { (0) - entering group DHCP-Discover {...} (0) update control { (0) } # update control = noop (0) policy dhcp_sqlippool.post-auth { (0) - entering policy dhcp_sqlippool.post-auth {...} (0) update request { (0) expand: 'DHCP-%{DHCP-Client
Re: ippool-dhcp and Oracle
2013/3/25 Alan DeKok al...@deployingradius.com: Бен Томпсон wrote: The SQL statement START TRANSACTION looks to be hard coded into rlm_sqlippool.c but I don't know enough about Oracle etiher to say why it is flagged as an error. It's a configuration item. You can change it by editing the queries, and adding: allocate-begin = ... allocate-commit = ... allocate-rollback = ... Thanks again for the info. I have figured it out now, and after looking at the queries.conf for for the standard sqlippool module added this to my queries.conf : # Commit anything outstanding before beginning a new batch of transactions allocate-begin = COMMIT start-begin = COMMIT alive-begin = COMMIT stop-begin = COMMIT on-begin = COMMIT off-begin = COMMIT I also tried pulled the latest git commit this morning and now I have a new couple of new errors :- (0) dhcp_sqlippool :expand: 'SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time CURRENT_TIMESTAMP AND ROWNUM = 1 ORDER BY CASE WHEN username = '%{User-Name}' THEN 0 ELSE 1 END, CASE WHEN callingstationid = '%{Calling-Station-Id}' THEN 0 ELSE 1 END, expiry_time FOR UPDATE' - 'SELECT framedipaddress FROM radippool WHERE pool_name = 'test_ip_pool' AND expiry_time CURRENT_TIMESTAMP AND ROWNUM = 1 ORDER BY CASE WHEN username = 'DHCP-00:0c:29:a6:a0:e7' THEN 0 ELSE 1 END, CASE WHEN callingstationid = '00:0c:29:a6:a0:e7' THEN 0 ELSE 1 END, expiry_time FOR UPDATE' rlm_sql (sql): Executing query: 'SELECT framedipaddress FROM radippool WHERE pool_name = 'test_ip_pool' AND expiry_time CURRENT_TIMESTAMP AND ROWNUM = 1 ORDER BY CASE WHEN username = 'DHCP-00:0c:29:a6:a0:e7' THEN 0 ELSE 1 END, CASE WHEN callingstationid = '00:0c:29:a6:a0:e7' THEN 0 ELSE 1 END, expiry_time FOR UPDATE' rlm_sql_oracle: OCIDefineByPos() failed in sql_select_query: ORA-24424: Invalid attempt to define at position 0 rlm_sql (sql): Database query error 'ORA-24424: Invalid attempt to define at position 0 ' sqlippool_query1: database query error (0) dhcp_sqlippool :expand: 'COMMIT' - 'COMMIT' rlm_sql (sql): Executing query: 'COMMIT' (0) dhcp_sqlippool :escape: 'test_ip_pool' - 'test_ip_pool' (0) dhcp_sqlippool :expand: 'SELECT id FROM (SELECT id FROM radippool WHERE pool_name = '%{control:Pool-Name}') WHERE ROWNUM = 1' - 'SELECT id FROM (SELECT id FROM radippool WHERE pool_name = 'test_ip_pool') WHERE ROWNUM = 1' rlm_sql (sql): Executing query: 'SELECT id FROM (SELECT id FROM radippool WHERE pool_name = 'test_ip_pool') WHERE ROWNUM = 1' rlm_sql_oracle: OCIDefineByPos() failed in sql_select_query: ORA-24424: Invalid attempt to define at position 0 rlm_sql (sql): Database query error 'ORA-24424: Invalid attempt to define at position 0 ' sqlippool_query1: database query error I am not sure what is happening here so I will have to do some reading. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Wrong destination port in reply to DHCP relay
Hello Everyone I have an issue with an installation of FreeRADIUS 2.2.0 configured for DHCP, and I am seeing a problem where FreeRADIUS is replying to the wrong port on the DHCP relay. The request comes in like this :- Received DHCP-Discover of id de6dc6f2 from 10.77.1.254:68 to 10.0.0.1:67 But the the server replys like this :- Sending DHCP-Offer of id de6dc6f2 to 10.77.1.254:68 The problem is that the relay is expecting the reply on port 67, so I am getting an ICMP port unreachable message back and the DHCP offer is lost. I found a similar thread from 2008 which says that this was fixed: http://lists.freeradius.org/pipermail/freeradius-users/2008-June/029146.html However, this is quite a while ago and I guess that lots of things have changed, so I would be grateful if someone could verify the current v2.2.0 code for me to check that the fix is in there. Thanks Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool-dhcp and Oracle
2013/3/25 Arran Cudbard-Bell a.cudba...@freeradius.org: On 25 Mar 2013, at 02:57, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: I am not sure what is happening here so I will have to do some reading. Fixed. Git pull. Or would have been if git push hadn't hung... Sorry GitHub has been really flakey lately. Many thanks. I will give it a try. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wrong destination port in reply to DHCP relay
2013/3/26 Alan DeKok al...@deployingradius.com: Бен Томпсон wrote: I have an issue with an installation of FreeRADIUS 2.2.0 configured for DHCP, and I am seeing a problem where FreeRADIUS is replying to the wrong port on the DHCP relay. The request comes in like this :- Received DHCP-Discover of id de6dc6f2 from 10.77.1.254:68 to 10.0.0.1:67 But the the server replys like this :- Sending DHCP-Offer of id de6dc6f2 to 10.77.1.254:68 Most UDP protocols swap the src/dst ports when replying to a packet. DHCP is... different. The problem is that the relay is expecting the reply on port 67, so I am getting an ICMP port unreachable message back and the DHCP offer is lost. I found a similar thread from 2008 which says that this was fixed: http://lists.freeradius.org/pipermail/freeradius-users/2008-June/029146.html That's a long time ago. However, this is quite a while ago and I guess that lots of things have changed, so I would be grateful if someone could verify the current v2.2.0 code for me to check that the fix is in there. I'm not sure. Most relays *should* use port 67 as the source and destination port for sending packets. That way the code will Just Work. In your case, the relay is using port 68 as the source port. I've pushed a fix to the v2.x.x. branch. If you set: Packet-Dst-Port = 67, The reply will be sent there. That's a temporary work-around until an automatic fix can be created. Many Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool-dhcp and Oracle
Many thanks. I will give it a try. I am still working on this but, I have some further issues which I need to resolve. Firstly the ippool table for the oracle ippool schema contains various columns which are defined as NOT NULL: CREATE TABLE radippool ( id INT PRIMARY KEY, pool_name VARCHAR(30) NOT NULL, framedipaddress VARCHAR(30) NOT NULL, nasipaddress VARCHAR(30) NOT NULL, pool_key INT NOT NULL, CalledStationId VARCHAR(64), CallingStationId VARCHAR(64) NOT NULL, expiry_time timestamp(0) NOT NULL, username VARCHAR(100) ); The problem is that we also have insert and update staements which try to insert empty strings e.g. (taken from the standard ippol queries.conf): allocate-clear = UPDATE ${ippool_table} \ SET nasipaddress = '', pool_key = 0, callingstationid = '', \ expiry_time = current_timestamp - INTERVAL '1' second(1) \ WHERE pool_key = '${pool-key}' As I understand it, and empty string and NULL are the same thing in Oracle so this update statement will not work as is. I suppose we need to change the schema and this is what i have done for testing, but I want to understand why it is like this. I don't understand how the standard ippool queries.conf ever worked as it is trying to insert empty strings into NOT NULL columns. I can create a new schema and send a patch, but I just wanted to double check that this is the right thing to do. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Updating the n'th occurance of an attribute
Hello everyone I have a quick queston. I noticed in the man page of unlang that we can reference attributes using the syntax: %{Attribute-Name[index]} This is a very useful feature :-) However, I just wanted to check whether we can update attributes in the same way? I mean something like this: update reply { Attribute-Name[index] := new_value } Thanks Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
talloc.h not found but libtalloc-dev is installed
Hello everyone I am trying to build the latest code from git master but ./configure fails with this error: checking for talloc.h in /usr/include... no checking for talloc.h... no checking for talloc.h in /usr/local/include... no checking for talloc.h in /opt/include... no configure: WARNING: talloc headers not found. Use --with-talloc-include-dir=path. configure: error: FreeRADIUS requires libtalloc This is on debian squeeze and I have libtalloc-dev installed. I also tried adding --with-talloc-include-dir=/usr/include but this did not help. Any advice would be appreciated. Thanks Ben * * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
I have tried the packages from squeeze (2.0.1) and wheezy (2.0.7+git20120207). 2013/5/31 a.l.m.bu...@lboro.ac.uk Hi, This is on debian squeeze and I have libtalloc-dev installed. I also tried adding --with-talloc-include-dir=/usr/include but this did not help. what version of talloc does debian ship? I've no problems with talloc on CentOS or SUSE alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
Thanks Phil, and Alan Here is a snippet from config.log :- configure:7744: checking for talloc.h configure:7758: gcc -c -g3 -Wall -D_GNU_SOURCE -Qunused-arguments -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wdocumentation -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissi ng-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -Wformat-y2k -Wno-format-extra-args -Wno-format-zero-length -Wno-cast-align -Wformat-nonliteral -Wformat-security -Wformat=2 -DWITH_ VERIFY_PTR=1 conftest.c 5 gcc: unrecognized option '-Qunused-arguments' cc1: error: unrecognized command line option -Wdocumentation 2013/5/31 Phil Mayers p.may...@imperial.ac.uk On 31/05/13 11:38, Бен Томпсон wrote: I have tried the packages from squeeze (2.0.1) and wheezy (2.0.7+git20120207). Maybe have a look in config.log and related, see what the gcc command line(s) that fail are and try to run them manually. - List info/subscribe/unsubscribe? See http://www.freeradius.org/** list/users.html http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: talloc.h not found but libtalloc-dev is installed
I did a git pull this morning and now configure is working. Many thanks to eveyone. 2013/5/31 Arran Cudbard-Bell a.cudba...@freeradius.org On 31 May 2013, at 10:05, Arran Cudbard-Bell a.cudba...@freeradius.org wrote: On 31 May 2013, at 09:03, Alan DeKok al...@deployingradius.com wrote: Phil Mayers wrote: Looks like it's trying to use a clang argument with gcc. Probably related to commit 4cbe9552c Yeah. Clang shows up as GCC on configure's tests. Arran didn't check to see if that really was clang. Because you shouldn't need to, it was intentional. With -Werror GCC should warn (and therefore fail) if the argument isn't supported. Ok pushed a better fix. The issue is -Q has a different meaning in GCC. -Q Makes the compiler print out each function name as it is compiled, and print somestatistics about each pass when it finishes. Note that Q does not take additional parameters, yet GCC does not complain (in some versions) when we pass: -Qunused-arguments The fix is: -Werror -Qunused-arguments -foobar If -Qunused-arguments has the desired effect, -foobar won't generate a warning. Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool-dhcp and Oracle
Many thanks. 2013/6/9 Alan DeKok al...@deployingradius.com Бен Томпсон wrote: I am still testing ippool-dhcp and after updating to the latest git HEAD I have come across a new issue. For some reason I am seeing the error Unknown attribute regarding the variable %{pool-key}. That's because the Pool-Key attribute doesn't exist. The example dhcp_sqlippool module doesn't have %{pool-key}. It uses ${pool-key}. See the difference? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool-dhcp and Oracle
Hello everyone After fixing my mistake with the $ versus % symbols I tried ippool-dhcp again. My select statement worked and allocated an IP from the pool, but it seems that all the other sql statements (update and commit) generated the error (0) ERROR: dhcp_sqlippool : database query error in: Here is the relevant part from the debug log: rlm_sql (sql): Executing query: 'UPDATE radippool SET nasipaddress = '', pool_key = '0', callingstationid = '', username = '0', expiry_time = current_timestamp - INTERVAL '1' SECOND(1) WHERE expiry_time = current_timestamp - INTERVAL '1' SECOND(1)' (0) ERROR: dhcp_sqlippool : database query error in: 'UPDATE radippool SET nasipaddress = '', pool_key = '0', callingstationid = '', username = '0', expiry_time = current_timestamp - INTERVAL '1' SECOND(1) WHERE expiry_time = current_timestamp - INTERVAL '1' SECOND(1)' (0) dhcp_sqlippool : expand: 'SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND (pool_key = '%{DHCP-Client-Hardware-Address}' OR expiry_time current_timestamp) AND rownum = 1 ORDER BY CASE WHEN pool_key = '%{DHCP-Client-Hardware-Address}' THEN 0 ELSE 1 END, expiry_time FOR UPDATE' - 'SELECT framedipaddress FROM radippool WHERE pool_name = 'test_ip_pool' AND (pool_key = 'c0:ff:ee:c0:ff:ee' OR expiry_time current_timestamp) AND rownum = 1 ORDER BY CASE WHEN pool_key = 'c0:ff:ee:c0:ff:ee' THEN 0 ELSE 1 END, expiry_time FOR UPDATE' rlm_sql (sql): Executing query: 'SELECT framedipaddress FROM radippool WHERE pool_name = 'test_ip_pool' AND (pool_key = 'c0:ff:ee:c0:ff:ee' OR expiry_time current_timestamp) AND rownum = 1 ORDER BY CASE WHEN pool_key = 'c0:ff:ee:c0:ff:ee' THEN 0 ELSE 1 END, expiry_time FOR UPDATE' (0) dhcp_sqlippool : expand: 'UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{DHCP-Client-Hardware-Address}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = current_timestamp + INTERVAL '7200' SECOND(1) WHERE framedipaddress = '10.99.0.11' AND pool_name = '%{control:Pool-Name}'' - 'UPDATE radippool SET nasipaddress = '0.0.0.0', pool_key = 'c0:ff:ee:c0:ff:ee', callingstationid = 'c0:ff:ee:c0:ff:ee', username = 'DHCP-c0:ff:ee:c0:ff:ee', expiry_time = current_timestamp + INTERVAL '7200' SECOND(1) WHERE framedipaddress = '10.99.0.11' AND pool_name = 'test_ip_pool'' rlm_sql (sql): Executing query: 'UPDATE radippool SET nasipaddress = '0.0.0.0', pool_key = 'c0:ff:ee:c0:ff:ee', callingstationid = 'c0:ff:ee:c0:ff:ee', username = 'DHCP-c0:ff:ee:c0:ff:ee', expiry_time = current_timestamp + INTERVAL '7200' SECOND(1) WHERE framedipaddress = '10.99.0.11' AND pool_name = 'test_ip_pool'' (0) ERROR: dhcp_sqlippool : database query error in: 'UPDATE radippool SET nasipaddress = '0.0.0.0', pool_key = 'c0:ff:ee:c0:ff:ee', callingstationid = 'c0:ff:ee:c0:ff:ee', username = 'DHCP-c0:ff:ee:c0:ff:ee', expiry_time = current_timestamp + INTERVAL '7200' SECOND(1) WHERE framedipaddress = '10.99.0.11' AND pool_name = 'test_ip_pool'' (0) dhcp_sqlippool : Allocated IP 10.99.0.11 [0b00630a] (0) dhcp_sqlippool : expand: 'COMMIT' - 'COMMIT' rlm_sql (sql): Executing query: 'COMMIT' (0) ERROR: dhcp_sqlippool : database query error in: 'COMMIT' rlm_sql (sql): Released connection (1) I verified that my sql statement for allocate-clear works correcly by executing it via SQL Developer (GUI SQL client for Oracle): UPDATE radippool SET nasipaddress = '', pool_key = '0', callingstationid = '', username = '0', expiry_time = current_timestamp - INTERVAL '1' SECOND(1) WHERE expiry_time = current_timestamp - INTERVAL '1' SECOND(1) I would be grateful if anyone could help to find out why error database query error is recieved. I also wondered if I really need the allocate-clear statement at all, as it does not seem to do anything useful. It clears the some fields in the table but I as far as I can see the other sql statements will work fine even if the fields are not cleared. So I tried the setting allocate-clear as an empty string but I recieved the following error: /usr/local/etc/raddb/sql/ippool-dhcp/oracle/queries.conf[33]: Configuration item'allocate-clear' must not be empty 2013/6/9 Бен Томпсон b.thomp...@latera.ru Many thanks. 2013/6/9 Alan DeKok al...@deployingradius.com Бен Томпсон wrote: I am still testing ippool-dhcp and after updating to the latest git HEAD I have come across a new issue. For some reason I am seeing the error Unknown attribute regarding the variable %{pool-key}. That's because the Pool-Key attribute doesn't exist. The example dhcp_sqlippool module doesn't have %{pool-key}. It uses ${pool-key}. See the difference? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html