Using freeradius with mysql backend.
Currently lets all nas devices authenticate user/pass.
Want to set it up so that specific users can authenticate only from specific
nas devices.
Like huntgroups but need to have it setup in mysql
Does anyone have a reccomended config for this?
-
List info
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Scott Lambert
Sent: Wednesday, August 06, 2008 10:58 PM
To: FreeRadius users mailing list
Subject: Re: Slow Starting..
On Wed, Aug 06, 2008 at 05:18:51PM -0400, Cris Boisvert wrote:
> Been using Freeradius for years..
>
Been using Freeradius for years..
Quad core Xeon server
New Server setup UBUNTU 8.04
Mysql 5.0.51
Running newest version of freeradius
Have dual mysql databases running .. One has all the user data and the other
gets all the accounting.
The server takes about 20-30 seconds to start.. Where on th
16, 2006 4:56 PM
To: FreeRadius users mailing list
Subject: Re: Spitting accounting and auth into 2 different databases?
"Cris Boisvert" <[EMAIL PROTECTED]> wrote:
> I would like to have 2 databases with the accounting in one and the
> auth in the other?
>
> Is this
Freeradius on FC3 with
Mysql
Currently I have one
slq.conf with the accounting and the auth data in the same
database.
I would like to have 2
databases with the accounting in one and the auth in the
other?
Is this
possible?
Thanx
Cris
-
List info/subscribe/unsubscribe? See http:
Freeradius running using redunant sql scenario.
If first sql is not available it falls to secondary..
When FR Start is links correctly to both databases.
When the primary stops.. It won't respond at all.
Below is the radiusd -X output.
Original request is with both primary and secondary sql serve
: FreeRadius users mailing list
Subject: Re: == error
"Cris Boisvert" <[EMAIL PROTECTED]> wrote:
> Radius is up and running and authenticates fine.. But everytimes
> someone authenticates I get the "Error: Invalid operator for item
> Suffix: reverting to '=='
This is the debug
[EMAIL PROTECTED] ~]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
Config: including fi
Radius is up and running and authenticates fine.. But everytimes someone
authenticates
I get the "Error: Invalid operator for item Suffix: reverting to '=='"
Message in the radius.log
This is the error log below.
Wed Mar 29 19:35:09 2006 : Info: rlm_sql_mysql: Starting connect to MySQL
server for
its says that your shared secret is incorrect... I would
start their.. it may be a simple type.. check the
clients.conf
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Atkins, Dwane PSent: Thursday, March 23, 2006 12:24
PMTo: freeradius-users@lists.freeradius.orgSubject
I have a couple macs running apache (Preconfigured via Apple)
The source is not supplied and the apple didn't apxs..
Has anyone installed mod_auth_radius on a Apple running osx?
Thanx
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Redhat already has the RPM Built in the fedore core
iso's
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Frank
ReissSent: Monday, December 12, 2005 12:19 PMTo:
freeradius-users@lists.freeradius.orgSubject: RedHat - Fedora -
mod_auth_radius and Apache
Hi,
I need some
NTRADPING
It's a windows tool that does exactly what your looking for.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Norbert
Wegener
Sent: Monday, November 21, 2005 11:59 AM
To: FreeRadius users mailing list
Subject: tool for testing machine authentica
I got it... Selinux was running .. Not letting the normal process connect to
the ldap server
Sorry ..
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I have Freeradius connecting to and LDAP Server..
If I run radiusd -X I can authenticate ok..
IF I start radius normally it gives me an error stating that it cannot bind
to the ldap server.
How can it work one way and not the other?
I thought radiusd -X was just debugin?
Help... After 2 days o
I can authenticate off correctly when I run radiuss -X
But when I start radius normally it can't connect to the ldap server?
Running Freeradius on fedora core 4
Ideas?
Why would it working in debug but not normally?
Here's the log info
Radius
log--
Running Freeradius on fedora core 4
When I use Radiusd -X I can authenticate via the ldap server I have
running..
But when I start radius normally "service radiusd start" it starts but the
error log says It can't talk to
The ldap server..
Ideas?
Why would it working in debug but not normally
Cris Boisvert wrote:
> I'm setting up freeradius to talk to a Ipswitch Imail server for
> authetication.
>
> Just needs to do the basic User Pass... Ok.
>
>
[..]
> A snippet of the config.
> ---
> ldap {
>
I'm setting up freeradius to talk to a Ipswitch Imail server for
authetication.
Just needs to do the basic User Pass... Ok.
LDAP Server is 192.168.77.6 (this is all private testing) (the imail
server)
Domain on the server is pork.com
A snippet of the config.
Freeradius fedora core 3
Mysql with dialup admin..
Is their a way to have the dialup admin show all the users that have logged
in to one
Nas Server in a one month period? But not list all the login and accounting
info?
I just need a list of the users not everytime each logged in.
Currently I do
I'm using a Microtik PPPOE Router solution
All my users are up and autheticated fine
But some of them are recieveing an incorrect Subnet
Currently the customers are all receiving public IP addresses when
authenticated, from a Pool. Of 64
I want them to received a 255.255.255.255 subnet...
Bu
That would be great.. I tried to work with mod_auth_radius and couldn't get
it to go a while back and really wanted have a site that was only available
to Authenticated users.
(just my 2 cents)
I was trying it out on macs running apache..(That could have been the
problem)
-Original Message
The radius.log file in /var/log/radius/ has all errors in
the one log..
ensure that the ip of the nas device is in the clients.conf
file.
Cris
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Rob
HoppeSent: Monday, March 28, 2005 11:07 AMTo:
freeradius-users@lists.freer
What does it say in the radius.log? It should have an error ..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Thursday, March 17, 2005 10:53 AM
To: freeradius-users@lists.freeradius.org
Subject: radtest
Hi all,
I'm trying to d
Anyone get mod_aut_Radius runing on Fedora Core 3 without recompliling
Apache.. Seeing as they don't send you the source compile info... Their the
apxs install won't work?
Thanx
Cris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is their a way to add additional lines in the dialup admin to be able to
modify ascend data filters for users.
Currently I have the freeradius reply the filters based on what group I put
the user in..
But some users don't get the default filters and need to be manually
changed.
Ideas?
Thanx
-
= 208.243.100.5, Password == test
Thanx
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Wednesday, February 02, 2005 6:57 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: Huntgroup "GROUP"?
"Cris Boisvert"
A page with one option to change password would be great.
Apache could authenticate off the radius server for access. Then pass the
user attribute to php and bring up the page for the correct user.
Letting them submit a new password.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[
If you find out let me know I'm doing the same thing... same problem..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sarkis
Gabriel
Sent: Thursday, February 03, 2005 10:08 AM
To: freeradius-users@lists.freeradius.org
Subject: Accounting Part is not worki
Doris
Sent: Wednesday, February 02, 2005 10:26 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: Huntgroup "GROUP"?
That line below means if the client is not 1.2.3.4, then reject.
On Tue, 1 Feb 2005, Cris Boisvert wrote:
> Does this mean... the client ip has to be 1.2.3.4 if
: Huntgroup "GROUP"?
"Cris Boisvert" <[EMAIL PROTECTED]> wrote:
> Is their a way to do that to keep users from authenticating from other
nas's
> Other than adding all the users to the appropriate huntgroup?
userClient-IP-Address != 1.2.3.4, Auth-Type := R
FYI
Fedora core 3 already has an rpm for freeradius it may be easier than the
config'ing yourself..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Sun Shung
Sent: Tuesday, February 01, 2005 4:33 AM
To: freeradius-users@lists.freeradius.org
Subject: Re:
adius-users@lists.freeradius.org
Subject: Re: Huntgroup "GROUP"?
"Cris Boisvert" <[EMAIL PROTECTED]> wrote:
> Does the place where is says "Group" refer to the same radgroupreply table
> In the database?
No. It refers to Unix groups.
Alan DeKok
IN the huntgroups File it has this example.
##
business NAS-IP-Address == 192.168.2.5, NAS-Port-Id == 0-7
User-Name = rogerl,
User-Name = henks,
Group = business,
Group = staff
##
Is their a way for me to add other
attributes through the Dialup admin that are not currently in the screens?
I need to be able to set multiple ascend
data filters for different users .
Is their a way to have an “Other1” , “Other2”,
“other3”…..etcc…etcc so I can add attributes and valu
Currently I have the huntgroup attribute reply's in the users file and the
actual users in a mysql database..
Based on the nas a user comes in from the huntgroup info is passed .
How would I get the huntgroup reply info into the database also.
I think their would need to be a Huntgroupreply table
What config file do you have to add the "Readcleints=yes" line into?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Manda
Costin
Sent: Wednesday, January 26, 2005 9:50 AM
To: freeradius-users@lists.freeradius.org;
[EMAIL PROTECTED]
Subject: Re: nas table
VICTORY!! The Fall through DID it!!
Thank you ever so much for the Help.. I've been fighting with this for over
a month...
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dustin
Doris
Sent: Friday, January 28, 2005 2:16 PM
To: freeradius-users@lists.f
Subject: Re: Huntgroups
Mensaje citado por Cris Boisvert <[EMAIL PROTECTED]>:
> I'm sorry to Bring this up again... somehow I'm not getting this to work.
> I have this in the huntgroup and users file.
> When I check off either of the 2 nas's I get an good authentic
I'm sorry to Bring this up again... somehow I'm not getting this to work.
I have this in the huntgroup and users file.
When I check off either of the 2 nas's I get an good authentication but no
Attributes back.???
This is all I have in each file Nothing else.
Huntgoup File
##
they are set to 0 would that then not return them back to the nas?
Joel
- Original Message -
From: "Cris Boisvert" <[EMAIL PROTECTED]>
To:
Sent: Wednesday, January 26, 2005 9:39 AM
Subject: RE: RE: mysql ?
>I think its for priority of the response..
> Some attri
I think its for priority of the response..
Some attributes need to be given back in sequence or they won't work
Ascend data filters are one of them..
So you can set the prio to be 0,1,2,3,4,5,6 etc
As you want the to be given back to the nas...
I may be wrong if so someone please correct me
What are you using for a PPPOE
Concentrator.?
Cisco, Redback?
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paulo Afonso Ribeiro Filho
Sent: Thursday, January 06, 2005
10:19 AM
To: freeradius-users@lists.freeradius.org
Subject: FREERADIUS + PPPOE
Someb
Can I define the attributes in the users file and leave the actual users in
the database.?
So the database will authenticate with the user/pass scenario and they read
the users file for the attributes to reply with?
Thanx
Cris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PR
I apologize about the plain text.
This is what I have in the huntgroup file.
Huntgroup1NAS-IP-ADDRESS == 1.2.3.4
Group = Dialup
Slipstream-Auth = "true",
X-Ascend-Data-Filter == "ip in forward tcp est",
X-Ascend-Data-Filter == "ip in forward dstip 1.2.5.
I’m trying to setup our database to have the nas
device receive different attributes based on which device, and group the user
is in…
User bob in group dialup gets the x-ascend filters when he
dials into huntgroup1
And
User joe in group Wireless gets the RB-Context attribute
when he co
/etc/sysconfig/selinux and disable it..
It now works fine..
Thanx
Cris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kostas
Kalevras
Sent: Monday, December 20, 2004 12:17 PM
To: [EMAIL PROTECTED]
Subject: Re: Dialupadmin
On Mon, 20 Dec 2004, Cris Boisvert
Dialup admin won’t connect to the mysql database on
the server I have.. its running freeradius on fedora core 3
The radius server will connect to the database although
dialup admin won’t .
I pulled the config from another machine that is setup the
same way..
I checked the user and pa
Cris Boisvert
Sent: 18 November 2004 21:36
To: [EMAIL PROTECTED]
Subject: RE: Multiple processing
heads...
I have it running with multiple servers
connecting to one mysql server ..so all the accounting goes to the same place..
Then I have all the servers synchronize
(locally) with it nightly and
I have it running with multiple servers
connecting to one mysql server ..so all the accounting goes to the same place..
Then I have all the servers synchronize (locally)
with it nightly and fail over to the local one if the primary stopped working?
I’m redoing it now because my server
I have a problem where the freeradius server that I’m
running is is slow responding and I have a bunch of these errors in the
radius.log
“discarding new request from client nas1.test.net due
to live request”
Does anyone know why?
Thanx
Cris
---
Outgoing mai
Nevermind... I found it... I should have looked harder... sorry..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of cris
boisvert
Sent: Tuesday, October 26, 2004 9:35 AM
To: [EMAIL PROTECTED]
Subject: framed route in dialup admin
I'm running Freeradi
I'm running Freeradius on Mysql using the dialup admin
There is no place in the dialup admin to add a framed route I can add it
directly to the radreply table .. but is their a way top add this option to
the dialup admin?
Thanx
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-viru
Title: Can I use radclient to simulate accouting?
I’m trying to setup Freeradius to reply
differently based on the nas that the request comes from.
In the huntgroup file I have this
group1 NAS-IP-Address ==
192.168.1.50
group2 NAS-IP-Address ==
192.168.1.20
I got 4 gigs of ram.. I hope its enough..
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Keith
Yoder
Sent: Monday, October 04, 2004 3:52 PM
To: [EMAIL PROTECTED]
Subject: Re: MYSQL Accounting Table Size?
cris boisvert escreveu:
>My Mysql database
My Mysql database is about 50 megs right now.. because of the accounting
table.
How large does most people let it get before rolling it?
I Guess other people will just roll it on a Time/Date basis in cron..
But what if I want to keep it for a year so I can pull stats out of it?
Can it get to a c
On Behalf Of Kostas
Kalevras
Sent: Wednesday, September 29, 2004 12:33 PM
To: [EMAIL PROTECTED]
Subject: RE: SQL db failover
On Wed, 29 Sep 2004, Cris Boisvert wrote:
> I have this in my radiusd.conf now. I get this error when I try to start
> radius
>
>
> Wed Sep 29 12:00:27
I have this in my radiusd.conf now. I get this error when I try to start
radius
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #0
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_mysql: Starting connect to MySQL
server for #1
Wed Sep 29 12:00:27 2004 : Info: rlm_sql_
Yup that’s what I'm getting also... now..
I'm glad I'm not alone
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Edgars
Sent: Wednesday, September 29, 2004 11:30 AM
To: [EMAIL PROTECTED]
Subject: Re: SQL db failover
i'm also trying to make this con
I have been trying to do the same thing I have the references in the
radius.conf as notated in the Doc's although I cannot get it to
Connect to the second sql server
I have this in the radius.conf
$INCLUDE ${confdir}/sql.conf
$INCLUDE ${confdir}/sql2.conf
modules {
sql sql {
}
sql
I 'm trying to setup Freeradius with 2 sql servers for a failover.
In the radiusd.conf
In the authorize section I have
redundant{
sql
sql2
}
Then I start it I get
Mon Sep 20 08:37:16 2004 : Info: rlm_sql (sql): Attempting to connect to
[EMAIL PROTECTED]:
There are a couple scripts in the bin directory that require to be running
via cron to compile the stats..
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tobias
Amon
Sent: Tuesday, September 07, 2004 11:33 AM
To: [EMAIL PROTECTED]
Subject: dialup_admin empty stat
Does it not connect to the database? Ensure the database permissions are set
correctly.
Inside admin.conf enable debugging.. it will display errors in the browser
that will help you find out why..
_
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tobias
Amon
Sent
Running Freeradius with Mysql fedora core 2
I'm trying to add a user in a one line command ..
I've been trying something like this... although I think I have the syntax
wrong and I have not found a instance of an example in my searching...
mysql radius -e INSERT into userinfo (UserName, Name, M
Running Freeradius with Mysql.
Just to Confirm by running this script monthly it cleans the accounting
table so that it doesn't get to big?
If not is their a way to clean the table after a certain amount of time so
that it won't become huge?
Thanx
Cris
---
Outgoing mail is certified Virus Fre
t: Re: Dialup Admin "Find"
On Mon, 23 Aug 2004 16:31:11 -0400, Cris Boisvert <[EMAIL PROTECTED]> wrote:
> Dialup Admin is working great... I noticed though when you try to search
you
> can only search by full name, dept , or radius attribute.
>
> Is their a way to add
Dialup Admin is working great... I noticed though when you try to search you
can only search by full name, dept , or radius attribute.
Is their a way to add "USERNAME" as a searchable option...
This is what is in the php currently
User Full Name
User Department
User Radius Attribute
EOM;
?>
I
Is their a way to add NAS Servers using the dialup admin?
The only options are "Change" "delete" and "Check"
Thanx
Cris
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.737 / Virus Database: 491 - Release Date: 8/11/2004
-
Li
I'm currently Running radius with a Mysql database..
Which has the default groups defined for each user.
If I put in the huntgroup options will they override the default group info
when authenticated from the different NAS..
Thanx
Cris
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[
Is their a way to have Freeradius reply differently based on what NAS Server
sent the request?
Example. [EMAIL PROTECTED] will connect throught our national dialup and
get
X-Ascend-Data-Filter == "ip in forward tcp est",
X-Ascend-Data-Filter == "ip in forward dstip 1.2.3.4/24",
X-Ascend-Data-Fi
I'm running Freeradius on Fedora core 2
I have it running with Mysql and the dialup admin .
All the data about users and passwords, groups etc..etc is in the database.
Working correctly.
It still uses the /etc/raddb/clients.conf for defining the nas servers.
Even though there is a nas table In t
Alan is right!.. This list isn't for paying customers that pay for a support
contract (NOTE THE NAME "FREE RADIUS") . I been following the whole thread
and you must not have read through the documentation.. and because you have
not taken the time to read the information that was written for thi
I just setup a Global pops account and I'm not sure how to get the
Slipstream attribute into freeradius.
This is the directions I got from globalpops
"This is a vendor specific attribute we numbered as 7000. The attribute is
Slipstream-Auth 1 string.
The value must be set as true. "
Has an
Title: Message
Is
their any intention of Stopping the spam from the list??
I get
more this list than anything else??
THanx
Title: Message
Is it
just me .. or is anyone else getting Spam From the list?
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Margery MorrisSent: Wednesday, January 07, 2004 9:53
PMTo: [EMAIL PROTECTED]Subject: Re:
SU, and here the
Clients would be Nas Devices .. Such as portmasters if you have dialup pool
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Kirti S.
Bajwa
Sent: Tuesday, January 06, 2004 11:28 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Settings
Hello List:
I am a newbi
Our customers get unlimited surfing?..
I noticed that dialup admin defaults to 4 hours daily 20hours per week..
I didn't see a place that sets the time for the user in the mysql database.
Will the default settings in dialup admin automatically turn off customers
that run over the 4 hours that it
I Agree... I run .. Bsd, linux , and OSX.. The FR Install on linux is Easy..
OS X is a Bear...
If someone has the Knowledge to make a FR Installer for OSX that takes care
of the library problems it would be great... Also..This thread would be
ended.I would be really greatfull too. Hehe
Can't E
I have freeradius running with dialup admin
When I add a user in dialup admin it encrypts the password in the mysql
database...
I don't want it to..
When I go to test with radping it gives an error because the password is not
sent encrypted..
Is their a switch?
Thanx
-
List info/subscribe/unsu
I have free radius running with the text base user file...
I'm trying to get it to recognise Mysql database for the users?
I have created the database and all the tables that freeradius requires and
put in the correct database config info in the sql.conf... Although it still
reads from the users
I've got dialup admin setup and it looks like I can add users without any
errors.. Although when I look at the actual sql databases its only adding
them to the userinfo table... And not adding any users to the radacct table.
Its probably something simple... I figured I'de ask...
Thanx.
Cris
-
Li
81 matches
Mail list logo
