SQL statement, but I would
appreciate any comments on the idea and any experience others have had
with this.
Many thanks,
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi again all :)
Patric wrote:
Alan DeKok wrote:
Patric wrote:
Is there any way for me to get my FreeRADIUS-Acct-Session-Start-Time
attribute value into that date format?
http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_from-unixtime
So now I have the following
Alan DeKok wrote:
On 09-12-09 11:37 AM, Patric wrote:
The problem with the above is that some of those formatting options ('%M
%d %Y %H:%i:%s') are also defined as one-character variables, so instead
of formatting the date with those options, its replacing each with the
variable value
into that date format?
Any advice would be very much appreciated.
Many thanks,
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Patric wrote:
Is there any way for me to get my FreeRADIUS-Acct-Session-Start-Time
attribute value into that date format?
http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html#function_from-unixtime
You sir are a genius :) It didnt even occur to me to do
# be done live while the server is running.
#
readclients = yes
# Table to keep radius client info
nas_table = nas
sql/${database}/dialup.conf:
nas_query = SELECT id, nasname, shortname, type, secret FROM
${nas_table}
HTH
Patric
, so basically if the record already exists then leave
that as the start time? But as I type it now I realise this will break
the delay time calculation so there will be no way to calculate the real
start time...
Any advise or experiences would be much appreciated!
Many thanks
Patric
to ip_address_of_server_A port 1813
You can see from the line above that it is sending this request to
server A as well. This is where Im getting stuck :(
Any pointers, suggestions, examples appreciated as always.
Thanks again,
Patric
Craig Campbell wrote:
Re: Do I need a second site
understand
how, clearly Im missing or not understanding something *bangs head on wall*
Thanks for your patience and time!
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
they both process that packet?
Hope that clarifies a bit.
Thanks
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
as
always,
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
using the default realm so I dont know how to setup a second
home_server_pool either...
Any help is much appreciated, Im going in circles :)
Many thanks
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
home_server = copy-acct-to-server-C
}
realm DEFAULT {
acct_pool = my_acct_failover
nostrip
}
Im not too sure where to go here, any help would be much appreciated as
always!
Many thanks,
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Robert White wrote:
Hey,
Or can I make rlm_acct_unique look for Quintum-NAS-Port instead of
just NAS-Port?
Yup, just update modules/acct_unique
HTH
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it...
Any pointers to sections/docs would be great as always,
Thanks a mill!
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-server
check_interval = 10
num_answers_to_alive = 1
no_response_fail = yes
}
Thanks again!
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy-State = 0x323138
[2009-10-15 10:00:00] Finished request 701.
[2009-10-15 10:00:01] Cleaning up request 701 ID 0 with timestamp +1286
[2009-10-15 10:00:01] Going to the next request
[2009-10-15 10:00:02] Waking up in 0.3 seconds.
Just a thought :)
Thanks for everything!
Patric
-
List info
Alan Buxey wrote:
add a small 'x' ie radiusd -Xx
(this was mentioned on this list a couple of days back)
Arg, Im a dumbass... Sorry I must have missed it :)
Thanks!
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Patric wrote:
And 30 seconds later the request is retried and succeeds :)
Is there any way for me to decrease the retry delay?
See the retry_interval configuration in the detail listener.
Hi Alan,
Would I be correct in my understanding that I add that here
/dictionary.myvendor[1]: dict_init: /etc/
Thats it - even in debug mode no other message is printed.
Any pointers would as always be very much appreciated :)
Many thanks and have a great Friday,
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:)
I have narrowed the problem down to the number field. The actual number
I have been given to use is 32768, and the problem seems to be the fact
that the number is 5 digits long. If I make the number 4 digits long my
server starts up without complaint.
Any suggestions?
Many thanks,
Patric
Alan DeKok wrote:
Patric wrote:
I have narrowed the problem down to the number field. The actual number
I have been given to use is 32768,
Install 2.1.7.
See doc/ChangeLog
Aaah,
2.1.7 Changelog:
* Allowed vendor IDs to be be higher than 32767.
Fantastic, upgrading now
Alan DeKok wrote:
Patric wrote:
I see I see, so I would only add a listen section if I were listening on
a different interface or port?
Yes.
I think I get the proxying now :) proxy_requests = yes just makes the
server process the detail-combined log right
appreciate any pointers :)
Many thanks
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to load clients from SQL.
To resolve this should I now remove the primary server from my nas table
as I am defining it in the clients.conf ? Or is there a way to leave it
in the nas table and assign a virtual_server directive to it?
Thanks for the time and patience
Patric
-
List info/subscribe
Alan DeKok wrote:
Patric wrote:
server requests_from_primary {
listen {
ipaddr = *
port = 0
type = acct
}
Delete that listen section. It conflicts with the global one.
The global one will accept packets on the accounting port, IP *, and
will look
file, runs the sql update and returns a
response - 100% what I was trying to achieve!
Have a great weekend!
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
relevant info but please advise if anything
further is required.
Many many thanks as always
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Great thanks Alan, Ill give that a bash.
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.' disconnect '.$RadiusPassword.' 21';
$CommandResult = shell_exec($Command);
$CommandResult will hold the entire result.
HTH
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a.l.m.bu...@lboro.ac.uk wrote:
I have finally been able to upgrade my secondary freeradius server to
2.1.3 and I must commend everyone on their hard work, the changes are
great :)
any reason why not 2.1.4 ? :-)
2.1.3 was what was available when I downloaded... :) But now that Im
might be able
to update it in the pre-proxy section, but then it occurred to me that I
need to preserve the NAS-IP-Address as this is one of the values I need
to send in a disconnect request :(
Anything else you might be able to suggest?
Many thanks
Patric
-
List info/subscribe/unsubscribe? See
Alan DeKok wrote:
Use Client-IP-Address, not NAS-IP-Address. The Client-IP-Address is
the source address of the RADIUS packet. NAS-IP-Address is an attribute
inside of the RADIUS packet. It can have nearly any value, including
127.0.0.1, or 0.0.0.0.
Thanks Alan, I will see if I can figure
-Address != other_freeradius_server_ip) {
update control {
Proxy-To-Realm := PROXYME
}
}
Many thanks
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with a duplication error?
Many thanks
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fantastic Ivan, thats exactly what I was heading towards :)
Let me try this and see if my root problem is resolved!
Thanks
Configure server 2 *not* to proxy requests coming from server 1 back to
it. And server 1 not to proxy requests coming from server 2 back to it.
There is no reason to send
.
Thanks in advance!
--
Best Regards,
SC
Be careful with this, do you REALLY want to tell a possible attacker
what they are doing wrong? Also many clients will completely ignore the
reply message anyway...
HTH
Patric
--
Q: I want to be a sysadmin. What should I do?
A: Seek professional
Alan DeKok wrote:
Yes, the debug output helped. It looks like it's an issue with
src/main/exec.c. The code calling module_authorize() should treat FAIL
the same as REJECT.
Is that src/main/exec.c or src/main/auth.c?
If I look at src/main/auth.c I see the following :
int
Alan DeKok wrote:
Is this even considered a bug? Can we expect this to be changed in the
future?
Yes.
Not sure if you looked at the changes I originally made to rlm_exec.c
but if you did, I was curious as to whether those changes contradicted
the FreeRadius RFC's at all? I dont *think*
Alan DeKok wrote:
There is no need to change the code.
If your script exits with a non-zero exit code, then the
authentication fails. If this isn't happening, then something else is
going on, or you're not doing what you're saying you're doing.
Rather than discuss what you think you're
manIP wrote:
Hi everyone!
Thank your for your answers...
Alan, Patric has totally right. I've set the reject_delay to 0 and the
result was the same.
I really don't want to touch to the source code and I am sure we can
find another way
1) if there is a server timeout, is it assumed
Alan DeKok wrote:
Patric wrote:
Something just occurred to me that I dont think I tried before.
What happens if instead of doing an
exit(2);
you do a
return(2);
This way your script will still exit clean, so freeradius wont pick it
up as a script failure, but hopefully will still get
manIP wrote:
hereunder is the output debug:
rad_recv: Access-Request packet from host x.x.x.x:2658, id=49, length=58
User-Name = xxx
User-Password = xxx
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module
failed
and does not respond to the access-request...
HTH
Patric
--
Q: I want to be a sysadmin. What should I do?
A: Seek professional help.
--
Find out how you can get spam free email.
http://www.bluebottle.com/tag/3
-
List
Alan DeKok wrote:
Patric wrote:
But when you exit(2) in PHP, freeradius thinks that the script failed
and does not respond to the access-request...
It delays the Access-Reject. See the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
manIP wrote:
Hi,
I have put exit(2) but as Patric said, freeradius thinks that the script
failed and does not respond to the access-request. In the client side,
there is a server time out...I don't know if that server time out is
assumed as an Access-Reject?
No it does not assume an access
missingok
}
/var/log/radius/radwtmp {
monthly
rotate 4
create
compress
missingok
}
/var/log/radius/sqltrace.sql {
monthly
rotate 4
create
compress
missingok
}
HTH
Patric
--
Q: I want to be a sysadmin. What should I do
mode?
Many thanks!
Patric
--
Q: I want to be a sysadmin. What should I do?
A: Seek professional help.
--
Find out how you can get spam free email.
http://www.bluebottle.com/tag/3
-
List info/subscribe/unsubscribe? See http
Patric wrote:
Hi Guys,
Just a quick question, as the per the subject line :
If my freeradius server receives a connection attempt from a NAS not
listed in the NAS table (as specified in sql.conf : nas_table = nas),
will that attempt appear in the radius.log, or would such information
only
Florian Reinholz wrote:
UNSUBSCRIBE
No! ;]
--
Q: I want to be a sysadmin. What should I do?
A: Seek professional help.
--
Free pop3 email with a spam filter.
http://www.bluebottle.com
-
List info/subscribe/unsubscribe?
[EMAIL PROTECTED] wrote:
Hi,
I have created a vendor specific dictionary file for freeradius.
This file includes two attributes for our mini switches.
Is it possible to include this file within the next freeradius release?
AFAIK you can just include it via the {sysconfig
Hi all,
As per the subject, I have found the following interesting behaviour
with freeradius 1.1.6
When running the server in normal mode or in debug level 1 mode :
radiusd -y
or
radiusd -y -x (lowercase x)
When sending an access request, the server pauses for a few seconds
somewhere in
Hey guys,
Thought it might interest some of you as to how I worked around the
problem where freeradius does not return an Access-Reject if my php
script does not exit successfully (in my case because a user should be
rejected).
The original code that checks the exit status of the script is
Alan DeKok wrote:
Patric wrote:
I just want to clarify, if I set the reject_delay to 0, and in my
external script the only thing I do is exit(1);, then freeradius will
return a reject response to the NAS?
It will send a reject to the NAS.
Thanks Alan, you're an absolute gem!
Patrick
Alan DeKok wrote:
Patric wrote:
I just want to clarify, if I set the reject_delay to 0, and in my
external script the only thing I do is exit(1);, then freeradius will
return a reject response to the NAS?
It will send a reject to the NAS.
Sorry if Im flogging a dead horse here...
I
[EMAIL PROTECTED] wrote:
you have various other attributes in your real production system - perhaps
you have matching DEFAULT values (eg in users file) which are aiding the
access accept?
If that were the case, then wouldnt this eliminate the problem:
My radiusd.conf authorize section
Patric wrote:
[EMAIL PROTECTED] wrote:
you have various other attributes in your real production system - perhaps
you have matching DEFAULT values (eg in users file) which are aiding the
access accept?
If that were the case, then wouldnt this eliminate the problem:
My radiusd.conf
Alan DeKok wrote:
It's a bug in 1.1.x. It's fixed in 2.0.0
Ah great, at least that explains it! I see the latest public release is
1.1.6, is 2.0.0 available perhaps in the cvs? Would you say it is stable
enough to run in production yet? If not any ETA?
Otherwise can you suggest any
Alan DeKok wrote:
See the main web page? It's all there...
Read, and understood :] Out of curiosity I did compile the latest
snapshot, and I see that it is fixed, and even returns the correct
status based on what your external script returns (1 - rejected, 4 -
handled, 5 - invalid,
Alan DeKok wrote:
[EMAIL PROTECTED] wrote:
It seems to be in the news section on all the pages *except* the main one.
Your browser has cached the main page.
Alan you're gonna give us all an inferiority complex if you continue to
be right all the time! ;]
Cheers
Hi all,
I am currently using exec to authenticate users through an external script.
When all criteria match I return the correct access-accept pairs and the
users authenticate successfully.
When the criteria are NOT met, I exit(1) my php script to hand control
back to the freeradius server.
Hi Alan,
Thanks for ur response.
Alan DeKok wrote:
Set reject_delay = 0 in radiusd.conf.
I just want to clarify, if I set the reject_delay to 0, and in my
external script the only thing I do is exit(1);, then freeradius will
return a reject response to the NAS? Or will it simply not
Hi again,
Thanks a stack for your responses, I have a much better understanding of
how it works now! Yes I do have the acct_unique_id setup as below, and
have managed to weed out a lot of the duplication now.
Dennis Skinner wrote:
No. Look in the radius.conf for a section that looks like
Hi guys,
The NAS maintainer was nice enough to get back to me, and problem has
been sorted out. This is what was happening:
Their proxy servers are behind a load sharing device, which is why the
retransmission of one of the records had a different client_ip_address,
but both entries came from
Hi guys,
Hope someone can help, as this has me banging my head on the wall :]
I am getting duplicate updates from my NAS, and Im trying to figure out
how to prevent them from being written to my accounting logs table.
I unfortunately have absolutely no control over the NAS, so thats not
even
My apologies, a piece of my explanation is not right... please see
below. Sorry, bit of a complex explanation... :]
Hi guys,
Hope someone can help, as this has me banging my head on the wall :]
I am getting duplicate updates from my NAS, and Im trying to figure out
how to prevent them from
Alan DeKok wrote:
Your NAS is broken. Knowing that doesn't help much, but your NAS is
definitely broken.
I suspected as much. Unfortunately it is a huge company whose NAS it is,
and it is doubtful that the would notice my little squeek from down
here... :]
2 of these records have the
found for the
request: Rejecting the user
auth: Failed to validate the user.
Can anyone point me in the right direction with this problem?
radiusd: FreeRADIUS Version 1.1.3, for host i686-redhat-linux-gnu, built
on Sep 20 2006 at 14:13:13
Thanks in advance
Patric
not sure how to accomplish this.
Can anyone point me in the right direction with this problem?
radiusd: FreeRADIUS Version 1.1.3, for host i686-redhat-linux-gnu, built
on Sep 20 2006 at 14:13:13
Thanks in advance
Patric
--
Looking
the script via exec during authentication. I do
something similar to log failed/unsuccessful login attempts.
HTH
Patric
--
Earn Your Teaching Degree Online
Become a teacher with our elite online program. Get free info today!
http
at what Windoze does with Reply-Messages - nothing! It
dumps them.
HTH
Patric
--
Online Criminal Justice Programs
Criminal Justice careers are booming. Education-Advancement offers...
http://tagline.bidsystem.com/fc
statement to make -i
HTH
Patric
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Michael Messner wrote:
Patric sagte:
Have you tried compiling the source?
that works!
if I add the -i in the spec file there is no change ... same error!
thanks mIke
So it compiles from source? Ok, what is your rpmbuild command?
Patric
-
List info/subscribe/unsubscribe? See http
Alan DeKok wrote:
Patric [EMAIL PROTECTED] wrote:
Is it possible to specify multiple input pairs?
No.
If you want that functionality, use rlm_perl.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
Hi guys,
Im busy trying to figure out how to implement rlm_exec, and am really
battling to find documentation to this end.
Can anybody point me in the right direction, I dont mind doing the
legwork myself, but Im getting nowhere fast...
I am using freeradius 1.1.3
Thanks a stack!
Patric
Patric wrote:
Hi guys,
Im busy trying to figure out how to implement rlm_exec, and am really
battling to find documentation to this end.
Can anybody point me in the right direction, I dont mind doing the
legwork myself, but Im getting nowhere fast...
I am using freeradius 1.1.3
Thanks
Hi,
Is it possible to specify multiple input pairs?
EG:
exec {
wait = yes
input_pairs = request,config
shell_escape = yes
output = none
}
If it is possible would the above syntax be correct?
TIA
Patric
-
List info
77 matches
Mail list logo
