kevin wrote:
I want to make an option not to proxy accounting but log locally.
What option can I take? Should I make a preproxy code for this function?
Remove any instance of the module realm (it's named suffix in the
default config file) from the section preacct.
--
Nicolas Baradakis
Chuck wrote:
Is there a way to have only 2 particular realms get entered into our
local accounting database?
See http://freeradius.org/radiusd/doc/Acct-Type
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Thanks for your responses: I was a little lost with all this accounting
proxy stuff.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
X
RLM_MODULE_NOTFOUND X
RLM_MODULE_NOOP X
RLM_MODULE_UPDATEDX
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(pairs modified).
However if a module returns REJECT or USERLOCK, it just means the
module is seriously broken. It's unclear whether the packet should be
proxied in this case. If something that shouldn't happen actually
happens, I would vote to drop the packet.
--
Nicolas Baradakis
-
List info
-Proxy-Type.
Then you can run different modules to modify the proxy reply in
section post-proxy.
post-proxy {
Post-Proxy-Type post-proxy-1 {
attr_rewrite_1
}
Post-Proxy-Type post-proxy-2 {
attr_rewrite_2
}
}
--
Nicolas Baradakis
, SuSE ... I was actually more looking from the
user point of view and not the developers. (sorry for that ;-)
I was talking about the user point of view: the users are assured
that FreeRADIUS is regulary tested under Debian, and the Debian
package is up-to-date.
--
Nicolas Baradakis
-
List
Debian. Moreover the Debian
package is directly maintained by one the developpers who regularly
adds the major bugfixes into the Debian package between two releases
of FreeRADIUS.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: '='
That last line doesn't look right.
Yes, it looks like bug #242. (and #245)
http://bugs.freeradius.org/show_bug.cgi?id=242
http://bugs.freeradius.org/show_bug.cgi?id=245
The problem should be fixed in 1.0.5.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
code, e.g. positional parameters for the SQL nas table.
You're right, the documentation isn't up-to-date. As you said, this is
free software, and any patch against the documentation will be greatly
appreciated.
Volunteers can submit their patches here:
http://bugs.freeradius.org/
--
Nicolas
-To-Realm := realm2
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=185
Upgrade to the newest version of FreeRADIUS and it should be fine.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
== 10.0.0.2, Acct-Type := acct.nas2
And in radiusd.conf:
accounting {
Acct-Type acct.nas1 {
module1
}
Acct-Type acct.nas2 {
module2
}
}
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
install version 1.0.5 and
try again. If it still segfaults, send us the backtrace from gdb, as
explained here: http://freeradius.org/radiusd/doc/bugs
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duane Cox wrote:
Why we're at it, why not change the example mssql.conf file to
remove all references to FreeTDS... That should resolve _a lot_
of confusion...
As always, patches are welcome.
Nicolas Baradakis
--
A: Yes.
Q: Are you sure?
A: Because it reverses the logical flow
://bugs.freeradius.org/
Please make the diffs against latest version of mssql.conf.
http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/raddb/mssql.conf
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
})
in rlm_ldap.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
status and last reply time may
never be updated for an accounting home server.
Thanks for spotting this. This is a problem indeed. Can you please
fill a bug report on the bugzilla, so your patch doesn't get lost?
http://bugs.freeradius.org/enter_bug.cgi
--
Nicolas Baradakis
-
List info/subscribe
gdb. The following link explains how
to do that.
http://www.freeradius.org/radiusd/doc/bugs
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dumped)
A similar error was reported by a user who had a broken installation
of MySQL on his system: the version of the hearders mismatch the
binary librairies.
Please check if this is your case, too.
http://lists.freeradius.org/pipermail/freeradius-users/2005-September/046882.html
--
Nicolas
?
You may look at new radrelay mechanism in CVS. Get a nightly CVS
snapshot and look at the radrelay.conf(5) manpage.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
way to assign values is to use the function pairparsevalue() in
src/lib/valuepair.c
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-buildpackage -b -uc
Install the new package, and enable core dumps:
$ ulimit -c unlimited
When freeradius core dumps, do:
$ gdb /path/to/executable /path/to/core/file
And then in 'gdb', do:
(gdb) bt
Copy the output, and mail it to the list.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe
make again after that,
it should be fine.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Konstantin Kubatkin wrote:
With the given correction works normally
Thanks for the patch, it has been added to the CVS.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
)
rlm_ldap: ldap_search() failed: Bad search filter: (uid)
What is your filter in section ldap of radiusd.conf ?
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Drew Weaver wrote:
/usr/local/etc/raddb/acct_users[1]: line too long
This is the line:
abdacd Auth-Type = Unix
any clue?
- Add a carriage return at the end of the line.
- Don't post HTLM to the mailing list.
Nicolas Baradakis
--
A: Yes.
Q: Are you sure?
A: Because it reverses
.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
En réponse à Jean-Francois Gobin :
For now, I got a problem : radiusd strips everything after the first =,
leaving me with a username of uid ...
Where does the string come from? Is it truncated in the RADIUS packet
or in the LDAP entry?
--
Nicolas Baradakis
-
List info/subscribe
| Cisco-AVPair[3] | = | ip:outacl#2=permit ip any any
none of the Cisco-AVPairs are passed to the Cisco NAS ( I can see that
in the /var/log/radacct/{NAS-IP}/reply-detail file ).
This syntax is not supported in a SQL database. Please let us know if
the documentation is inaccurate.
--
Nicolas
with this command line?
$ DEB_BUILD_OPTIONS=noopt nostrip fakeroot dpkg-buildpackage -b -uc
And then run FreeRADIUS with valgrind. (a memory debugger)
# valgrind freeradius -f
Please post the output of valgrind to the bugzilla. (bug #271)
Nicolas Baradakis
--
A: Yes.
Q: Are you sure?
A: Because
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
as bug #271.
http://bugs.freeradius.org/show_bug.cgi?id=271
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jonathan De Graeve wrote:
Is it possible to specify multiple huntgroup names in sql? Lets say
sqlgroup IT can connect to devices in the huntgroup vpn and ras
(something like Huntgroup-Name == vpn,ras in sql??)
Huntgroup-Name =~ ^(vpn|ras)$
--
Nicolas Baradakis
-
List info/subscribe
use a post-auth query to log failed login in a SQL
database. (it has already been explained many times on the mailing list)
--
Nicolas Baradakis
PS: HTML is forbidden on the mailing list, please follow the house-rules
http://www.freeradius.org/list/users.html
-
List info/subscribe
asking
something stupid.
2. If it's, how? Any sample source code can be provided?
You can run a client program each time FreeRADIUS receives a request
with the module rlm_exec. Look for examples in radiusd.conf.
You may also be interested in modules rlm_perl or rlm_python.
Nicolas Baradakis
Callis wrote:
I see a lot of radius timeout on my cisco router while the
ping times is 10ms and my radius timeout is set to 50.
Is there any error message in file radius.log ?
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. In the section ldap{} of raddb/radiusd.conf, modify the filter
like that:
filter = ((uid=%{User-Name})(radiusHuntgroupName=%{Huntgroup-Name}))
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the
documentation from Debian http://www.debian.org/doc/ and ask
questions on http://lists.debian.org/debian-user/
Nicolas Baradakis
--
A: Yes.
Q: Are you sure?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting annoying in email?
-
List info/subscribe/unsubscribe? See
authenticated and I would like to know if it is possible to change this
behavoir so that users must specify the realm suffix.
Perhaps you could uncomment the realm NULL in proxy.conf and add in
the users file:
DEFAULT Realm == NULL, Auth-Type := Reject
--
Nicolas Baradakis
-
List info
-Output-Octets}', '%{Called-Station-Id}',
'%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{Tunnel-Type:0}')
^^
Did you try %{Tunnel-Type} ? (without the digit for the tag)
--
Nicolas Baradakis
://www.freeradius.org/radiusd/doc/rlm_sql
http://www.frontios.com/freeradius.html
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
using the same port as FreeRADIUS.
PS: HTML is forbidden on the list. Please follow the rules here:
http://www.freeradius.org/list/users.html
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
connections with bad passwords/certificates etc?
You can run a SQL query for a failed connection by adding the module
sql in the stanza Post-Auth-Type REJECT.
See http://freeradius.org/radiusd/doc/Post-Auth-Type
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
address.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to proxy requests to
one of these servers. It this fail, then it should ask to the other one.
If this posible with freeradius? How do I do it?
Look at the examples in raddb/proxy.conf.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
value of
a malloc three lines above.
Perhaps something messed up the memory so badly that malloc returns
garbage. It's not easy to find out where the problem is : on my system
(Debian), I can run radiusd in valgrind with num_sql_socks = 20 and I
get no errors from valgrind.
--
Nicolas Baradakis
CFLAGS=-DHAVE_STRUCT_SOCKADDR_STORAGE
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ fakeroot dpkg-buildpackage -b
$ sudo dpkg -i ../freeradius_1.0.4-0_i386.deb
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
autoconf 2.13, lastest CVS uses autoconf 2.59.
Did you try to regenerate configure with the autotools from the
FreeBSD port ?
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
these queries manually: the
'authorize_check_query' returns the three rows listed above. All
other queries return the empty set.
'Framed-IP-Address' is a reply item and should be in the authreply_table
table. (and not authcheck_table)
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http
to distinguish the NASes, and edit the SQL schema
and the SQL queries to use the Huntgroup-Name. Then you could get
different reply attributes for A and for B from SQL with no
overhead.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thor Spruyt wrote:
I've reported bug 266 with a patch for postgresql
http://bugs.freeradius.org/show_bug.cgi?id=266
You don't know the maximum length of the username and password of your
roaming partners, but you need to store those as well into the database.
Added, thanks.
--
Nicolas
might try with the
option '-f' too, like in bug #100.
http://bugs.freeradius.org/show_bug.cgi?id=100
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
at:
http://www.freeradius.org/radiusd/doc/bugs
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
items should be on the first line.
--8--
DEFAULT User-Name =~ ^([0-9a-fA-F]){6}-([0-9a-fA-F]{6})$, Auth-Type := Accept
Reply-Message = Hallo Regulaerer Ausdruck `%{User-Name}`
--8--
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, I see that the only
substantial difference is the X-Ascend-Data-Filter Attributes.
It could be the bug #242.
http://bugs.freeradius.org/show_bug.cgi?id=242
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checking, etc). I've been stuck on trying to get sqlcounter to work for
over a week now, and more debug is never bad.
At this point, I'd suggest to look directly at the source code.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
gennaro amelio wrote:
can i send IPv6 packets to FreeRadius(i use 1.0.2)?
No, but you could try the CVS snapshot. (it can have IPv6 clients)
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
http://www.freeradius.org/radiusd/doc/configurable_failover
There is an example which looks like what you want to do for accounting.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Rashad Rustamoff wrote:
What method will be correct to reject user when Session-Timeout are
exhausted.
Just set Auth-Type := Reject.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/~checkout~/radiusd/src/main/acct.c?rev=1.30.2.2
Then rebuild the server and try your setup again.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.x version
or radrelay.conf(5) manpage in CVS version.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(with
make clean) and reinstalled. That didn't help. Do you have any other ideas?
Please post the gdb output. Follow the instructions at:
http://www.freeradius.org/radiusd/doc/bugs
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
= LT_STRLEN (symbol) + LT_STRLEN (handle-loader-sym_prefix)
It's bug #98. Please look at:
http://bugs.freeradius.org/show_bug.cgi?id=98
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
If I ever must use the Hint attr I will remake a better solution.
You could add an additional attribute at the end of /etc/raddb/dictionnary
for that purpose.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Valeriy V. Peshkoff wrote:
Using attr_rewrite i can add reply-message to any packet.
But i want add Reply-Message only to the Access-Reject packet or use
different Reply-Message to Accept and Reject. How can i do it?
See http://www.freeradius.org/radiusd/doc/Post-Auth-Type
--
Nicolas
searchin = proxy_reply
^^^
I think it should be reply the module is called from post-auth.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-User-Name
new_attribute = no
searchin = packet
searchfor = @.*$
replacewith =
max_matches = 1
}
...
}
authorize {
copy.user-name
strip.user-name
...
}
--
Nicolas Baradakis
-
List
-Type REJECT {
Reply-Message
}
}
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
head. Please read rlm_sql_log(5)
and radsqlrelay(8).
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
I´m using freeradius with mysql. I´m want to permit that certain
users connect without the server add registers on the radact
table. How can I do accounting only for some user?
See http://freeradius.org/radiusd/doc/Acct-Type
--
Nicolas Baradakis
-
List info
about the extraneous space you have
mistakenly added when provisioning the database.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Didier Wintgens wrote:
How update the MySQL client version of freeradius to 4.1 protocol ?
Don't use the RPM package and rebuild FreeRADIUS from source against
MySQL 4.1 client library.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
/freeradius when you install FreeRADIUS
from the Debian package.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
DEFAULT Huntgroup-Name == wired, Proxy-To-Realm := realm1.net
DEFAULT Huntgroup-Name == wireless, Proxy-To-Realm := realm2.com
The hungroups have to be defined in /etc/raddb/huntgroups and the
realm servers in /etc/raddb/proxy.conf.
Nicolas Baradakis
--
A: Yes.
Q: Are you sure?
A: Because
do you make your tests?
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Huntgroup-Name == wireless, Proxy-To-Realm := other.com
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Then rebuild the server and try your setup again: cancelling proxy of
accounting with Proxy-To-Realm := LOCAL should work now.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DEFAULT Calling-Station-Id == 0506070809, Proxy-To-Realm := realm2.com
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Check the file raddb/hints.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
See http://www.freeradius.org/radiusd/doc/Post-Auth-Type
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
}
my_detail
}
}
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
' packets in parallel or 'n' packets per second.
It's very convenient to run stress tests on the server.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:
# Proxy this one
DEFAULT User-Name =~ foo\.net$, Acct-Type := acct.foo, Proxy-To-Realm :=
foo.net
# Handle this one locally
DEFAULT User-Name =~ bar\.com$, Acct-Type := acct.bar
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-20050614
-rw---1 radiusd radiusd 6018 Jun 15 15:06 detail-20050615
-rw---1 radiusd radiusd 3477 Jun 16 15:38 detail-20050616
Is there a parameter in one of the config files to change this
protection ?
Look for detailperm in rlm_detail(5) manpage.
--
Nicolas Baradakis
in 1.0.4 the clients.conf(5) manpage
added recently in CVS head ?
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:[EMAIL PROTECTED]:/source login
CVS password: anoncvs
$ cvs -d :pserver:[EMAIL PROTECTED]:/source checkout -r release_1_0 radiusd
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
thing in debian/control. In Debian
stable the default version of MySQL is now 4.0.24-10, therefore I
think we could ask for libmysqlclient12-dev instead of
libmysqlclient10-dev.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
installing Freeradius)
It's not an issue of the Debian packet. It's just that script/Makefile
doesn't install CA.all.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Lucas Aimaretto wrote:
Is there any way of logging the MSSQL queries ( with values ) to the
radius.log file ?
Read rlm_sql(5) manpage and search for the sqltrace option.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in parallel or 'n' packets per second.
It's very convenient to run stress tests on the server.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the src/main/Makefile.in file with this file:
http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radiusd/src/main/Makefile.in?rev=1.27.2.5
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
snapshot)
Nicolas Baradakis
--
A: Yes.
Q: Are you sure?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting annoying in email?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsatisfied; aborting
Read more carefully the output of dpkg-buildpackage: it tells you
which packages are missing on your system.
PS: Please send messages to the list and not to my personal address.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Maxo Benalal wrote:
The unmet dependencies are:
libltld3-dev, libsasl2-dev, libsnmp4.2-dev, libiodbc2-dev, libtool1.4, snmp
autotools-dev
That means you have to install these packages (with apt-get) before
you can build FreeRADIUS on your system.
--
Nicolas Baradakis
-
List info/subscribe
the
postauth_query in raddb/sql.conf.
Is somebody think or do something about it ?
There is a general purpose example provided in FreeRADIUS. If you want
something specific to your site, I don't think anybody is going to do
it in your place.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See
201 - 300 of 331 matches
Mail list logo