Hello Everybody:
Thanks for opening this topic.
Right now,I have set up the FreeRadius+Mysql+Wifi system, I could get into
the internet via this system on my laptop.
But my problem is :
No matter how long i stay in the connection, the AcctInputOctets and
AcctOutPutOctets are always 0;
the debug
snan4love wrote:
But my problem is :
No matter how long i stay in the connection, the AcctInputOctets and
AcctOutPutOctets are always 0;
Blame the NAS.
the debug information from radiusd -X mode regarding this issue is :
Deleting the majority of the debug output is a bad idea. If you
Le 27/09/2011 09:52, snan4love a crit:
Hello Everybody:
Thanks for opening this topic.
Right now,I have set up the FreeRadius+Mysql+Wifi system, I could get into
the internet via this system on my laptop.
But my problem is :
No matter how long i stay in the
On 27 Sep 2011, at 09:52, snan4love wrote:
Hello Everybody:
Thanks for opening this topic.
We didn't open it you did. :)
Right now,I have set up the FreeRadius+Mysql+Wifi system, I could get into
the internet via this system on my laptop.
But my problem is :
No matter how long i stay in
Also... Whilst it is a very pretty signature Mr Chapellon I direct you to the
rules of the FreeRADIUS users list...
http://freeradius.org/list/users.html
The Second rule of the FreeRADIUS users list - 'No HTML on the list'
The Third rule of the FreeRADIUS users list - 'No vcards'
-Arran
Arran
/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
- /var/log/radius/radacct/192.168.0.143/detail-20110927
[detail]
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.0.143/detail-20110927
[detail
On 27 Sep 2011, at 10:47, snan4love wrote:
Yes,I checked the entire debug output, there is no attribute about the
Acct-Input-Octets in the accounting-Request packet.
And here is my stupid question again:
How to add it?
By configuring the NAS to send it... Or by getting a new NAS. The
On 27 Sep 2011, at 10:52, Arran Cudbard-Bell wrote:
On 27 Sep 2011, at 10:47, snan4love wrote:
Yes,I checked the entire debug output, there is no attribute about the
Acct-Input-Octets in the accounting-Request packet.
And here is my stupid question again:
How to add it?
By
snan4love wrote:
Yes,I checked the entire debug output, there is no attribute about the
Acct-Input-Octets in the accounting-Request packet.
And here is my stupid question again:
How to add it?
http://wiki.freeradius.org/FAQ#How+do+I+enable+FreeRADIUS+to+log+accounting+attribute+type+X%3F
Hello Arran:
Here is a stop request at the bottom of that debug information.
And something more confusing,
I used the user name snan4love log in my system for hundreds time, there
is only one time, I get the currect response with Acct-Input-Octets and
Acct-Output-Octets .
Here is the log
Hi,
In the samples schema.sql proposed for SQL backend, no foreign keys are
used. Any reason ?
With ON DELETE CASCADE or ON UPDATE CASCADE constraint it should be
easier to manage updates or deletetion of records ?
Am i missing something ?
--
*Fabien COMBERNOUS*
/unix system engineer/
Hello Everyone:
Thank you very much for opening this topic.
I have worked on FreeRadius for almost 2 monthes,my purpose is to set up a
Radius server which could be used for authentication , authority and
accounting for my WLAN.
Right now, I guess i have finished the Authentication Step. I
Fabien COMBERNOUS wrote:
In the samples schema.sql proposed for SQL backend, no foreign keys are
used. Any reason ?
The schema is designed to be simple. What foreign keys would you
propose it use?
With ON DELETE CASCADE or ON UPDATE CASCADE constraint it should be
easier to manage
On 27 Sep 2011, at 11:09, snan4love wrote:
Hello Arran:
Here is a stop request at the bottom of that debug information.
And something more confusing,
I used the user name snan4love log in my system for hundreds time, there
is only one time, I get the currect response with
On 27 Sep 2011, at 11:13, Fabien COMBERNOUS wrote:
Hi,
In the samples schema.sql proposed for SQL backend, no foreign keys are used.
Any reason ?
With ON DELETE CASCADE or ON UPDATE CASCADE constraint it should be easier
to manage updates or deletetion of records ?
Am i missing
On Tue, Sep 27, 2011 at 4:25 PM, snan4love snan4l...@hotmail.com wrote:
Here is a first little problem.Right now i could add and delete user in the
radcheck table of MySQL,but all the passwords were stored in cleartext?
Depending on which tutorial you follow, yes.
is
this the only way to
Am 25.09.2011 23:07, schrieb Alan DeKok:
Andreas Rudat wrote:
HI Alan,
yes that is what I want, but my ldap doesn't work atm ;-)
See the FAQ for it doesn't work
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sorry, you miss understood me,
snan4love wrote:
Thank you very much for opening this topic.
I have worked on FreeRadius for almost 2 monthes,my purpose is to set up a
Radius server which could be used for authentication , authority and
accounting for my WLAN.
That should be pretty straightforward.
Right now, I guess i
Hi,
I'm having the same problem on another Freeradius 1.1.6, tried to modify in
the same way but i dont know where to insert the eap action, there is non
policy.conf file and cannot find the same configurations in other files.
I can't upgrade this freeradius , also because has been heavily
andreapepa wrote:
I can't upgrade this freeradius , also because has been heavily modified by
other consultants, including default tables and query.
Yes, you can upgrade. It just takes time.
If you understand the system, upgrading isn't hard. If you don't
understand it, why are you
Le 27/09/2011 10:21, Arran Cudbard-Bell a écrit :
Also... Whilst it is a very pretty signature Mr Chapellon I direct you
to the rules of the FreeRADIUS users list...
http://freeradius.org/list/users.html
The Second rule of the FreeRADIUS users list - 'No HTML on the list'
The Third rule of
Hello,
could someone give me a hints about how to reach a configuration when
users with anonymous/guest account are able to access for limited time
only and then blocked for some period of time?
Example:
1. First user log in as guest/guest.
2. Access is granted for FIRST user and his device for
I know that Login-Time can be used with Users and Groups but is there
a way to use this with NAS'?
For example, If I want NAS-A to allow logins only from 1700-1800 and
NAS-B to allow logins only from 0900-1300. How would I be able to
ensure this?
I have tried this with Huntgroups, but only able
Hi,
If I use Cleartext-Password in user configuration
like Cleartext-Password := test
the be love configuration is not working as sql returns ok even if the
password is wrong.
Autz-Type PPPOE_SUBSCRIBER {
if (notfound) {
update control {
On Tue, Sep 27, 2011 at 7:08 PM, CyAndrew poh...@seznam.cz wrote:
Example:
1. First user log in as guest/guest.
2. Access is granted for FIRST user and his device for let say 15 minutes
only.
3. Second use log in as guest/guest.
4. Access is granted for SECOND user and his device for 15
++[sql_pppoe_subscriber] returns ok
++? if (notfound)
? Evaluating (notfound) - FALSE
++? if (notfound) - FALSE
This is because SQL is not used for Authentication. There's a hack to make
User-Password == 'password' work correctly with authentication modules, so it's
not
Le 27/09/2011 14:08, CyAndrew a écrit :
Hello,
could someone give me a hints about how to reach a configuration when
users with anonymous/guest account are able to access for limited time
only and then blocked for some period of time?
Example:
1. First user log in as guest/guest.
2. Access
Use Unlang or Similar Scripts :
If Nas = 1 then update Login Time =
If Nas = 2 then update Login Time =
Use this in PreAuth (I am not sure) Section and give it a try .
Regards
Suman
On Tue, Sep 27, 2011 at 5:42 PM, Shiv shivkumar.j...@gmail.com wrote:
I know that Login-Time can be
All,
For a long time, I have had a config with this:
sites-enabled/foo:
listen {
...
}
server {
authorize {
..
}
}
sites-enabled/oldfoo:
client xxx {
virtual_server = oldfoo
}
server oldfoo {
authorize {
..
}
}
That is, an un-named virtual server {} block with the config
Thanks Suman,
I put the following in the sites-enabled/default file under the authorize
section and it worked!
update request {
#Huntgroup-Name := %{sql:SELECT `groupname` FROM
`radhuntgroup` WHERE nasipaddress='%{NAS-IP-Address}'}
Huntgroup-Name := %{sql:SELECT
We've rolled out FreeRADIUS as the authentication and authorization
server for our University-wide WLAN with 30,000+ users. Our help desk
(general IT, not wireless-specific) support staff is made up of student
workers, with full-time second-level support and us sysadmins/wireless
engineers for
hi,
firstly, deployment tool - such as CloudPath xpressconnect or sux1 to ensure
that the user is doing the least amount possible to mess things up (also ensures
that all the right things such as validate server, RADIUS name etc are all
properly
defined).
secondly, capture the output of the
Thanks for the quick reply!
Alan Buxey wrote:
hi,
firstly, deployment tool - such as CloudPath xpressconnect or sux1 to ensure
that the user is doing the least amount possible to mess things up (also
ensures
that all the right things such as validate server, RADIUS name etc are all
Thank you very much for both answers. I'm prepared to use some extensions for
described logic. Perl might be a choice as well as simultaneous_check_query
approach.
There will be limited (hundreds) of users so it should not make such a big
performance
issue. But do you know if session time is
1) How do other people - specifically organizations with a help desk
large enough that they're distinctly separate from anyone with enough
privs to tail a log file - handle user support of authentication failures?
In a former life I worked at a largish UK university. Whilst I was there I
if(!control:NT-Password !control:Cleartext-Password){
update control {
Reject-Reason := 'AttributeMissing'
}
}
oops...
-
Arran Cudbard-Bell
a.cudba...@freeradius.org
Betelwiki, Betelwiki, Betelwiki http://wiki.freeradius.org/ !
-
List
Update - I've managed to get it working against a custom table in the mysql
radius database. The sites-enabled/default authorize section is as below:-
update request {
Huntgroup-Name := %{sql:SELECT `groupname` FROM
`radhuntgroup` WHERE rtrmac='%{Called-Station-Id}'}
Glad to be of some help !!
Cheers
On Tue, Sep 27, 2011 at 8:53 PM, shiv shivkumar.j...@gmail.com wrote:
Update - I've managed to get it working against a custom table in the mysql
radius database. The sites-enabled/default authorize section is as below:-
update request {
Hi everybody,
In my company we are thinking to implement a FreeRADIUS server with MySQL on
Linux. We need to duplicate FreeRADIUS service because we think that this is
a critical service for us but the authentication process only could be done
with the master server(FreeRADIUS and MySQL service,
Hi everybody,
In my company we are thinking to implement a FreeRADIUS server with MySQL on
Linux. We need to duplicate FreeRADIUS service because we think that this is
a critical service for us but the authentication process only could be done
with the master server(FreeRADIUS and MySQL service,
Master/slave, or replication and remote accounting, if you want one true source
let radius deal with the sql rather than trying anything with sql. Final advice
would be to use postgresql rather than mysql, our performance increase was a
magnitude better when we ditched mysql
alan
-
List
I would recommend two servers using MySQL Replication.
1. Master Server with FreeRADIUS and MySQL Master; write accounting
packets to MySQL
2. Replica Server with FreeRADIUS and MySQL Replica; forward
accounting packets to Master for writing to MySQL
As for performance, my
Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
Master/slave, or replication and remote accounting, if you want one
true source let radius deal with the sql rather than trying anything
with sql. Final advice would be to use postgresql rather than mysql,
our performance increase was a magnitude
I'm a complete newbie to RADIUS, looking to make use of the features of
my new smart switches and wireless access point to secure my home
network, so the title certainly sounds right.
Has anyone had a look at this book yet? If so, what are your thoughts?
Thanks!
--
Hi,
Has anyone had a look at this book yet? If so, what are your thoughts?
I have a copy of it but havent had time to sit back and read it yet - will
post a review here when I have done so, the synopsis seems fairly compelling
alan
-
List info/subscribe/unsubscribe? See
book ?
Can you give me the link please
On 9/27/2011 9:46 PM, Ian Pilcher wrote:
Has anyone had a look at this book yet?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sorry
I found it...
On 9/27/2011 10:19 PM, Marinko Tarlac wrote:
book ?
Can you give me the link please
On 9/27/2011 9:46 PM, Ian Pilcher wrote:
Has anyone had a look at this book yet?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List
Hi,
I found it...
its available direct from PACKT publishing or usual places (amazon)
have put some quick links here : http://goo.gl/DTdgN
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Tue, Sep 27, 2011 at 9:19 PM, CyAndrew poh...@seznam.cz wrote:
But do you know if session time is releated in SQL schema for each
device
using the same guest/guest account separately? Or is there only for record
with
session time-out for all devices under this account?
There should only
On Tue, Sep 27, 2011 at 11:32 PM, tonimanel
antoniofernan...@fabergames.com wrote:
Hi everybody,
In my company we are thinking to implement a FreeRADIUS server with MySQL on
Linux. We need to duplicate FreeRADIUS service because we think that this is
a critical service for us but the
Why not create a view in the database that joins the two tables? Then you can
get the login time in a single query.
On 28/09/2011, at 1:23 AM, shiv shivkumar.j...@gmail.com wrote:
Update - I've managed to get it working against a custom table in the mysql
radius database. The
@Frank: Yes indeed! just goes to show Im not much of a database guy :)
Anyways, Ill try that too since Id rather have a single query being fired
for each request than multiple ones; which obviously is not efficient.
--
View this message in context:
Hi All
I am setting up freeradius 2.1.11+mysql 5.5.16 on Fedora 13.
Executing command radiusd -X it says could not link driver rlm_sql_mysql(read
as below).
It not worked even I install freeradius-mysql library but I can find the
driver rlm_sql_mysql.so in /usr/lib/freeradius folder.
Anyone can
Hi,
*please*, I need advice in choosing the strategy for the distributed EAP
authentification scheme
so, here are details of what I have and want:
I run FreeRadius with EAP configured
all my WiFi AP are configured to communicate with the radiusd and
everything works fine
now I need to extend
On 28 Sep 2011, at 07:12, Zeus V Panchenko wrote:
Hi,
*please*, I need advice in choosing the strategy for the distributed EAP
authentification scheme
so, here are details of what I have and want:
I run FreeRadius with EAP configured
all my WiFi AP are configured to communicate
On 27 Sep 2011, at 22:44, Alan Buxey wrote:
Hi,
I found it...
its available direct from PACKT publishing or usual places (amazon)
have put some quick links here : http://goo.gl/DTdgN
I've flicked through it... I wouldn't bother buying a paper copy, maybe an
ebook if you wanted to
56 matches
Mail list logo