Why not put them into groups and assign IP address based on their group?
That's how we have ours setup and it worked well during our test run
last year.
Cheers,
Roy Kartadinata
From:
freeradius-users-bounces+rkartadinata=pocket@lists.freeradius.org
if possible.
Cheers,
Roy Kartadinata
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Roy Kartadinata wrote:
Do you need any other information from me to help you with finding
the leaks?
Ideally, run it under valgrind, with options where it shows and
tracks memory usage:
$ script leak.txt
$ valgrind --tool=memcheck --leak-check=full radiusd -f $ exit
then.
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
Cheers,
Roy Kartadinata
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Roy Kartadinata wrote:
An update on this issue, I was finally able to split the detail file
log into hourly by adding another entry to modules/detail.log file.
So far the memory usage is still increasing but in a much slower
rate.
That helps narrow it down a bit
server goes off because of this...
How did you fix your issue?
Alan DeKok wrote:
Roy Kartadinata wrote:
I didn't see any error on error log, it looks clean. But this is
what the log looks like when it started to run out of memory the
other night:
Wed Jul 22 22:03:42 2009 : Error
about your
system...
OS, CPU, HDD type ...
Server info is as follow:
OS - Linux (CentOS 5.3)
Freeradius - 2.1.6
CPU - single quad core Xeon
Memory - 4GB
HDD - FC drives on EMC
Best regards
Roy Kartadinata wrote:
An update on this issue, I was finally able to split the detail file
log
Alan DeKok wrote:
Roy Kartadinata wrote:
I didn't see any error on error log, it looks clean. But this is what
the log looks like when it started to run out of memory the other
night:
Wed Jul 22 22:03:42 2009 : Error: Rejecting request 16183416 due to
lack of any response from home server
Alan DeKok wrote:
Roy Kartadinata wrote:
Our radius server is currently having some memory issue where its
memory usage would increase by 1% every 30-45 minutes. Eventually the
server will crash and restart because of out of memory. We've been
using freeradius for a couple of years
upgraded our radius to the latest 2.1.6 from 2.1.5 but the problem still
there. Has anyone ever experiencing this issue before?
Cheers,
Roy Kartadinata
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Oh it's the radius from ps output and top. This server is a dedicated
radius server, no web server running in it and we use external database
servers.
Cheers,
Roy Kartadinata
-Original Message-
From:
freeradius-users-bounces+rkartadinata=pocket@lists.freeradius.org
Hi Pshem,
I tried your suggestion but still didn't work. Any other suggestion?
Cheers,
Roy Kartadinata
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
s.org] On Behalf Of Pshem Kowalczyk
Sent: Wednesday, July 09, 2008 4:25 PM
To: FreeRadius users mailing
We only missing Freeradius-Proxied-To attribute which is the most
important one.
Below is what we have for accounting setting:
Accounting {
detail
sql
}
Cheers,
Roy Kartadinata
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
s.org] On Behalf
to a
remote radius server and running in debug mode showed that the
accounting record was being sent to remote server but nothing in detail
record. Is this something I have to specify on a config file?
Cheers,
Roy Kartadinata
-
List info/subscribe/unsubscribe? See http
,
Roy Kartadinata
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Check and make sure library path is in your $PATH, you might need to add
it (export PATH).
Cheers,
Roy Kartadinata
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
s.org] On Behalf Of john zx
Sent: Monday, June 23, 2008 9:44 AM
To: freeradius
Thanks, that helps a lot. :-)
Cheers,
Roy Kartadinata
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Arran
Cudbard-Bell
Sent: Monday, June 23, 2008 4:15 PM
To: FreeRadius users mailing list
Subject: Re: Limiting Wifi Access
setup for accounting as well or it will work just for
authentication? Is there a page within the wiki or a document that
explain what each line within the group being used for?
Cheers,
Roy Kartadinata
Pocket Communications
Email: [EMAIL PROTECTED]
Phone: 210-858-2559
-
List info
in our log file like
radiusd queuing the requests some how. Has anyone seen this before?
Cheers,
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks, I guess my only option is to upgrade .. :)
Cheers,
Roy
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
s.org] On Behalf Of Alan DeKok
Sent: Tuesday, June 17, 2008 10:22 AM
To: FreeRadius users mailing list
Subject: Re: Proxy behavior
Roy Kartadinata
see why it would be an issue... if you have would you
mind sharing it?
PS Nice to see the column names were corrected in 2.0 (between MySql
and Postgresql schemas).
Thanks,
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
or not that works. If that's not it, I'm a bit
stuck - and short of time to work on FreeRADIUS related stuff at the
moment. Still, I'll do my best.
Worked like a charm.
Cheers!
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:
line 53 my $FLOCK_STRUCT = 'l2is2';
line 62 my $packed = pack($FLOCK_STRUCT, $start, $len, 0, F_WRLCK,
SEEK_SET);
Still returns:
error: Couldn't lock /home/radius/sql-relay.work: Invalid argument
BR,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Has anyone seen the reject_delay setting in radiusd.conf effect the
response time to subsequent access-accept responses? I haven't seen
anything on this in the mailing list, but I wanted to check before I
look into the code.
Thanks,
--Roy
a configurable cache option for the 5 read-heavy tables
involved in an auth request. You can of course as the config file
sales, just leave it at 0 to disable the caching.
Roy
Some warnings for those that are trying use SQLIPPool. Even after
optimizing the query, the performance still
never know.
Thoughts?
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Well if you understand server/client systems, no client request is INIFINATELY
faster than a server cached request. So when you get to the point where you
need to handle several hundred requests a second, you do the math.
Roy
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
for DOS reasons) but someone must be of the same
mind set as me or there would be no client support in the SQL module.
Roy
From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Sun 7/29/2007 3:42 PM
To: FreeRadius users mailing list
Subject: Re: SQL usage
FOR THE SAKE OF MY SANITY!!!
Please apply the patch from
http://readlist.com/lists/lists.freeradius.org/freeradius-users/2/10462.
html, which was posted 3 and a half months ago!
PLEASE, pretty please, with sugar on top!
Thanks,
Roy
-
List info/subscribe/unsubscribe? See http
To: FreeRadius users mailing list
Subject: Re: SQLIPPool performance issue
On Thu 26 Jul 2007, Kenneth Marshall wrote:
Roy,
It sounds like you may need to adjust the DB parameters. The defaults,
even in 8.2, are still fairly conservative. Would you post your
current
settings for things like
any ideas?
Thanks,
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
going to guess it is just the amount that is doing it.
If anyone has another idea I would LOVE to hear it!
Thanks,
Roy
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
s.org] On Behalf Of Peter Nixon
Sent: Wednesday, July 25, 2007 5:21 PM
To: FreeRadius users mailing
are and
if they can be optimized. Maybe you are missing an index or two,
although you may just have too little I/O capacity. Good luck.
Ken
On Wed, Jul 25, 2007 at 01:19:04PM -0500, Roy Walker wrote:
I am having a problem with the SQLIPPOOL performance. This is
migration
of an existing radius server using
of queries running per auth request and the subsequent IP allocation...
Peter: If you can share any query changes you have, I would be most
appreciative.
Roy
From: [EMAIL PROTECTED] on behalf of Peter Nixon
Sent: Wed 7/25/2007 6:30 PM
To: FreeRadius users mailing
Don't know if there is an official list of things needed to be done
before pre2? It's been a few months, maybe time for a pre2?
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
like this should be done in the preprocess section, however the
hints looks like it only works with a username and huntgroups doesn't
really do what I need...
Anyone got an idea?
Thanks,
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Added this to the hints file:
DEFAULT Suffix == , Strip-User-Name = No
Hint = GPRS,
NAS-Port = 0
Worked.
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
s.org] On Behalf Of Roy Walker
Sent: Friday, July 06, 2007 3:15 PM
To: FreeRadius users mailing list
Subject
://www.freeradius.org
#
# 7-05-07 - Author: Roy Walker [EMAIL PROTECTED]
# Enter the pool-name attribute
POOL_NAME=your_pool_name
# Set the first 2 octets of the IP network
NETWORK=1.1
# Set the starting point of the third octet
START_RANGE=1
# Set the ending point of the third octet
END_RANGE=254
Is SIGHUP working in CVS?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
@lists.freeradius.org/msg346
52.html
Thanks,
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
For those working with sqlippool, I made a quick script which will make
it easy for you to create the ip blocks in the radippool table. Might
be nice for new users if this was included in the scripts directory.
#!/bin/sh
# This script will output the necessary INSERT commands
# for the
or I include the source. I have done it in a standalone server.
But the question is, if freeradius is using threads. And if so what
should be done to take care of that.
Good Luck
-- Kamanashis Roy
--
Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
-
List info/subscribe
me which payload I could send to test the accounting port ?
Try radclient with its various options. You can generate a dummy payload
file then use the -f option to send the data.
HTH,
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
After spending a fair bit of time searching list archives and google results,
I've managed to make ntlm_auth work for both users and machine accounts.
This fix requires patching of Samba (thanks go to Mike McCauley of OSC/Radiator
for the howto on the fix and to Matthew Alexander for pointing it
Hi,
Anyone ever tried building current snapshot from cvs on freebsd 5.4-
release? Tried searching from the archive and seems like this wasn't
resolved yet.
Anyone?
BR,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
currently.
Thanks,
-Roy
--
//
/* Roy Hockett * Telephone: (734) 763-7325*/
/* Network Engineer, * FAX: (734) 615-1727*/
/* ITCom, *Internet: [EMAIL
-media-address3000string Cisco
ATTRIBUTE release-source 3001string Cisco
ATTRIBUTE gw-rxd-cgn 3002string Cisco
ATTRIBUTE gw-final-xlated-cgn 3003string Cisco
HTH,
Roy
-
List info/subscribe
I ahve looked on the web and haven't found anything afirming that
freeradius will support or not support preauth with kerberos v5.
Is anyone using preauth with kerberos v5 and freeradius? If there is
documentation on this please point me in the right direction.
Thanks,
-Roy
asking if anyone have freeradius with the kerberos module working
with a Kerberos KDC that requires preauthentication.
Thanks,
-Roy
//
/* Roy Hockett * Telephone: (734) 763-7325*/
/* Network Engineer
Hi Bart,
On Thu, 2005-03-03 at 15:36 +0100, Bart Van Daal wrote:
Hi Nicolas, hi Roy,
Nicolas I'm currently using your radsqlrelay.c with the 1.0.2 release and
I've patched the makefile. I'm very new to this whole patching and
code-hacking
thing. I'm getting the following error message
/products_programming_reference_guide09186a00800b5e17.html
hth,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
differences between v1.3 against your v1.1.2.4
(code wise). I'm no C coder myself so I can't tell from the diff output
what functionalities were changed. If there's a big advantage using the
1.1.2.4 I'd be happy to test it for you.
Thanks and best regards,
roy
-
List info/subscribe/unsubscribe? See
hi,
anyone got a patch for 1.0.2 Makefile to be able to compile
radsqlrelay?
thanks,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Mon, 2005-02-14 at 11:43 +0200, Kostas Kalevras wrote:
Please recheck your detail file. You 'll also find out there's a timestamp
attribute which signifies when the accounting record was received. Obviously,
if
you start radsqlrelay a few days after you 've received the records, the
On Mon, 2005-02-14 at 18:17 +0800, ROY wrote:
i've noticed it doesn't recognize some AVPairs even when i add them to a
custom dictionary such as the ff. Cisco AVP's:
release-source
gw-rxd-cgn
gw-final-xlated-cgn
remote-media-address
my dictionary.custom:
ATTRIBUTE remote-media
= eeb0a8026377621c19e5225fc4d9ab05
Acct-Delay-Time = 10
Acct-Unique-Session-Id = da16cd9bb0e83150aa23dd32f23982ca
Acct-Delay-Time = 10
Acct-Unique-Session-Id = d113a511bdb0bced02423ee0a2918d65
Anyone had the same experience? Has there been a patch released?
Thanks,
roy
-
List info/subscribe/unsubscribe? See
Hi again,
Is there a way that rlm_preprocess can be called inside radsqlrelay?
Thanks,
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi List,
Is there a way to tell/configure detail module to log just specific
attribute-value pairs into detail file?
Say I just need the ff. to be logged:
1. callingstationid
2. calledstationid
3. h323connecttime
4. h323disconnecttime
5. acctdelaytime
6. h323confid
TIA,
Roy
-
List info
Title: sql trace
hello list
i am having trouble enabling the sql trace feature in sql.conf.
setting sql trace = yes seems to have no affect.
isn't it supposed to be in the output if start radiusd -X?
THX
Title: FR help
ok, i give up.
i have been trying to configure FR for months now.
can someone on the list please recommend a consultant etc who can help me for a nominal fee.
i have FR 1.0.0, RH AS 3, mySQL 4.0.21. i have basics working just not the particulars.
i have several NAS
:[EMAIL PROTECTED] On
Behalf Of Alan DeKok
Sent: Tuesday, November 02, 2004 3:23 PM
To: [EMAIL PROTECTED]
Subject: Re: FR help
Roy G Davis [EMAIL PROTECTED] wrote:
i have several NAS boxes all PIX firewalls. i want to be able to
restrict access by NAS IP address, Calling Station Id. i
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Alan DeKok
Sent: Wednesday, October 27, 2004 8:35 AM
To: [EMAIL PROTECTED]
Subject: Re: multiple NASes using just one RADIUS server
Roy G Davis [EMAIL PROTECTED] wrote:
we are using
Title: multiple NASes using just one RADIUS server
hello
we are using freeradius for auth on a pix firewall. right now it is just one firewall going to one radius server. what would be the best way to add several firewalls (each of which would probably have a different set of users etc) to
hi,
how can Acct-Unique-Session-ID length be increased to 16 bytes?
i'm no C guru, but, from rlm_acct_unique, seems like there's just room
for 8 bytes.
thanks in advance,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
There's room for lots more. Just edit the module to print more
bytes to the buffer.
Alan DeKok.
done. once again, thanks alan for pointing it out.
used up 16 elements of md5_buf[0..15].
i hope nothing bad comes with the new mod.
-roy
-
List info/subscribe/unsubscribe? See http
.
But then again, many thanks.
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm just trying to make the chances of
having dups down to a minimum as I'm hitting ~30k-60k records/hr/server.
Thanks Alan!
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi,
maybe because accounting_stop_query is set to an 'UPDATE' statement and
not an 'INSERT' statement.
roy
On Wed, 2004-08-18 at 21:46, Simon Bryden wrote:
Does anyone know why the default sql.conf file with freeradius 1.0 doesn't
write the value of Client-IP-Address to the database
method reorder'
After the pre-configuration, everything is automatic.
HTH,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
have attached here the diff from the cvs version.
Is there another way of doing this? Have I overlooked something? The
tweak seems to run good overnight (500k+ stop records at the moment).
Thanks,
roy
--- rlm_sql.c 2004-08-18 15:36:25.0 +0800
+++ rlm_sql.cvs.c 2004-08-18 15:07
).
the current setup seems to work if the ff are true:
1. db server is down
2. no more sockets could be setup between radius and db
any comments?
tia,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attempting to compile freeradius-1.0.0-pre3 on AIX 5.1 using IBM compiler.
The following error occurs.
Making static dynamic in rlm_unix...
make[6]: Entering directory
`/work/work/radius/freeradius-1.0.0-pre3/src/modules/rlm_unix'
cc -O3 -I/usr/local/ssl/include -D_REENTRANT
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Roy,
Daniel
Sent: Tuesday, July 13, 2004 4:08 PM
To: [EMAIL PROTECTED]
Subject: Can't seem to use configurable failover for an expired account
Hi all,
This is a rather detailed question, since it relates to the source
Hi all,
This is a rather detailed question, since it relates to the source code of freeRADIUS,
but I'm trolling to see if anyone has come across this or what a freeRADIUS expert
might suggest as a solution.
Configurable failover in working for me in the authorize section. Also, I've built an
Hello,
When you make freeRadius and before you make install, scroll back in the make
output to see if there were any errors in the compile. It sounds like the MySQL
didn't compile, most likely it couldn't find the MySQL include files or the lib files
it needs. To help you find these
?
Thanks in advance,
Daniel
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Alan
DeKok
Sent: Sunday, June 27, 2004 11:22 AM
To: [EMAIL PROTECTED]
Subject: Re: Problems with configurable_failover
Roy, Daniel [EMAIL PROTECTED] wrote:
Yes, mschap is just above
PROTECTED]
Subject: Re: Problems with configurable_failover
Roy, Daniel [EMAIL PROTECTED] wrote:
Great stuff Alan. Thank you. I deleted my entry in radgroupcheck in
MySQL that had Auth-Type :=3D Local, and now:
1) Valid user-names and passwords result in Access-Accept (as desired)
2) Invalid
Alan DeKok [EMAIL PROTECTED] wrote:
Roy, Daniel [EMAIL PROTECTED] wrote:
1) valid userid and password should authorize and authenticate against
SQL and MSCHAP ok;
That should work without any additional configuration.
Agreed.
2) valid userid but wrong password should authorize ok against
Title: mysql then ldap auth?
freeradius-1.0.0-pre2/linux red hat AS 3
i was trying to filter authentication w/ something like either /etc/group membership or mysql db entries. specifically, once client user passes test for either group or mysql entry then i would like to pass them to LDAP
Hi all,
Well, I've gotten a little further (thanks Alan) and I'm understanding
configurable_failover a lot more now. Here's some background and the current problem
I'm having.
Problem description:
As per my use cases, I'd like to proxy any Access-Request packets that
Hi all,
Thanks first of all to all the developers and supporters of this product; I'm new to
it and I'm very impressed.
I'm having difficulties configuring proxy.conf to do what I want:
- if a user is not found in my local freeRADIUS database (I'm using MySQL), then I
want the request proxied
Can somebody point me to a document for billing/accounting pre-paid voip
using the h323-credit-amount attribute?
I'm having a hard time updating the radreply table after computing the
debit amount.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
{
...
...
new blah blah
...
...
}
}
and then call it from accounting routine
accounting {
sql
sql2
}
the idea is to perform two separate sql queries.
thanks,
roy
-
List info/subscribe/unsubscribe? See http
figured it out ;-)
postgres's transaction feature answered my prayer..
On Thu, 2004-02-19 at 16:47, ROY wrote:
hi list,
is it possible to have two 'accounting_stop_query' on postgressql.conf
or
i need to setup something like
modules {
sql
found it. timezone 'HKG' is not listed with postgresql. :(
On Tue, 2004-02-17 at 15:16, ROY wrote:
hi,
i'm using peter nixon's cisco h323 billing scripts with postgresql. i've
installed postgresql 7.4, but there seems to be a problem with data
types specially with timestamp with time zone
: Error: rlm_sql (sql): Couldn't update SQL
accounting STOP record - ERROR: invalid input syntax for type timestamp
with time zone: 14:47:58.522 HKG Tue Feb 17 2004
end_snip
ty,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unsubscribe
--
Your favorite stores, helpful shopping tools and great gift ideas.
Experience the convenience of buying online with [EMAIL PROTECTED]
http://shopnow.netscape.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Which source file must I edit to harvest AV pairs from an
Accounting-Request packet?
TIA,
roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Original Message
Subject:
Re: EAP/TLS sending bad certificate
Date:
Fri, 06 Feb 2004 18:49:42 +0530
From:
Arindam Roy [EMAIL PROTECTED]
To:
[EMAIL PROTECTED
Hello all,
I am running freeradius-snapshot-20040128, RH8, xsupplicant.
Whenever Radius sends a Sever Hello done during EAP/TLS, xsupplicant
complains of bad certificate, and send a TLS Alert.
Where am i going wrong?
Arindam Roy
--
Your favorite stores, helpful shopping tools and great gift
sends a bad packet fatal alert to Radius, and
authentication fails.
Where am I going wrong?
Please let me know if you need any other info.
Thanks and regards
Arindam Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. Is this possible when using a MySQL database for users? If so where can i
find a FAQ on setting up?
Thanks in advance
Roy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
93 matches
Mail list logo