Re: Wimax AAA Session ID
Victor Tangendjaja wrote:
How do you generate this unique session id?
However you want.
In 2.1.6, you can do:
update reply {
WiMAX-AAA-Session-Id - %{md5:%{User-Name}...}
}
i.e. calculate the MD5 hash over information specific to the user
session.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius Mysql problem
Hi All, I'm using mysql server 5.1.30 for storing radius accounting details. The system works fine and accounting is done to log file and to mysql server installed in a separate machine. But the problem arises when the mysql server is not working. When the radius accounting server lost the connectivity to the mysql server it does not report any kind of error. The radius daemon is working fine in the radius accounting server. But it does not respond to any requests. Is there any way for me to recognize whether the mysql server is offline from the radius server? Thanks Asin New Email addresses available on Yahoo! Get the Email name you#39;ve always wanted on the new @ymail and @rocketmail. Hurry before someone else does! http://mail.promotions.yahoo.com/newdomains/aa/- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius Mysql problem
But the problem arises when the mysql server is not working. When the radius accounting server lost the connectivity to the mysql server it does not report any kind of error. The radius daemon is working fine in the radius accounting server. But it does not respond to any requests. So it isn't working fine. It's not responding because it hasn't (better said can't) complete processing of the request (sql is failing). Is there any way for me to recognize whether the mysql server is offline from the radius server? You can use buffered-sql virtual server to deal with this - when database goes down NAS will get the response and accounting data will keep on piling up in the detail file until database is back on line. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius is 3 time quicker when running in full debug mode ( -X option)
Dear Freeradius User list, I am surprised by the fact that freeRadius (Version 2.0.4) is 3 time quicker when running in full debug mode ( -X option). When running freeradius I full debug mode /usr/sbin/freeradius –X I have good response time from remote client were between 200 and 210 ms. But when I launched freeradius without debugging (with exact same configuration): /usr/sbin/freeradius Or /etc/init.d/freeradius start the response time increase to 600ms It is usually the opposite where turning off debugging should increase response speed . Does any body have an explanation? Or any clue to improve performance on non debug Mode ? Thanks in advance for your support. Vincent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius is 3 time quicker when running in full debug mode ( -X option)
Vincent Laborie wrote: I am surprised by the fact that freeRadius (Version 2.0.4) is 3 time quicker when running in full debug mode ( -X option). You are logging to syslog. Use a syslog server that doesn't kill performance, like rsyslog. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: intel Proset/wireless - OK // windows zero config wireless - KO
Jaulin Bernard wrote: After many weeks with no results, It’s time to find help ! If it doesn't work after a day or so, ask for help... Freeradius : 3.0.4 (with openssl) What is version 3.0.4? We use MSCHAP V2 with PEAP for Windows and Linux Client, the problem is so strange. On HP laptops with Intel Proset wireless or IBM Thinpad with Thinkvantage tools the connection was successful. The same laptop with Windows zero config wireless client or Linux (Fedora, Debian) impossible ! No error on log debug, just an authentication silently failed. Uh... that doesn't happen. Please post the debug log. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: intel Proset/wireless - OK // windows zero config wireless - KO
Hi Bernard, Based upon the provided information I would believe that this would be a driver problem, but without knowing what you have tried, your actual Intel Hardware and a proper wireless capture this is the best I can offer. To me if the Intel and Thinkpad wireless apps work with your current setup and is stable then the problem does not appear to be with Radius at all. If you are using XP with Service Pack 2 then you need the following two patches for WPA2 comms. WindowsXP-KB893357-v2-x86-ENU.exe WindowsXP-KB917021-v3-x86-ENU.exe These two provide extra code for the WPA2 Enterprise authentication methods you are using so that the Windows Zero config wireless can work properly. Service Pack 3 for XP is supposed to have these two patches but I would add them in anyway. For Linux, again this is a driver/module issue and you need to ensure that you have a couple of things running first before you attempt to connect to the AP, modules such as the wpa_supplicant and wpa_supplicant-gui (if you are using a desktop interface) are necessary, and the ieee80211 module if it is required. It also depends on your Intel Hardware and Firmware code that you have installed. I am assuming that you have Intel chipsets here and not Atheros chipsets, there is a big difference. This website will point you in the right direction even though the information maybe out of date by a couple of years, it may highlight a bug in your configuration files especially in linux. http://ipw2100.sourceforge.net/index.php You may already have tried the following suggestion work your way up from the lowest security wireless comms to the highest, (Ad-Hoc with no key, WEP, WPA-PSK, WPA-TKIP, WPA2-PSK, WPA2-TKIP, WPA2-EAP\TLS) to try an pin point the issue and confirm that the wireless works, at least for the less secure comms. The XP Sp2 without the patches will work up until WPA-PSK but due to the cryptography changes in WPA2 it wont work without the patches. The Intel Proset and Thinkvantage tools would already have this extra code written in. If you are running a FAT Cisco AP and not the LWAP version, you can configure multiple profiles on the same gear so you can try the above without messing up your working wireless comms. Else you have to do the profiles in the WLAN controller software. Cheers Norman _ From: freeradius-users-bounces+normangoh=exemail.com...@lists.freeradius.org [mailto:freeradius-users-bounces+normangoh=exemail.com...@lists.freeradius.o rg] On Behalf Of Jaulin Bernard Sent: Monday, 7 September 2009 1:48 AM To: freeradius-users@lists.freeradius.org Subject: intel Proset/wireless - OK // windows zero config wireless - KO Hi all, After many weeks with no results, Its time to find help ! Debian : 5.0 Freeradius : 3.0.4 (with openssl) Samba : 3.2.5 AD : Windows 2008 PEAP MSCHAPV2 CISCO AP Here is the problem. We use MSCHAP V2 with PEAP for Windows and Linux Client, the problem is so strange. On HP laptops with Intel Proset wireless or IBM Thinpad with Thinkvantage tools the connection was successful. The same laptop with Windows zero config wireless client or Linux (Fedora, Debian) impossible ! No error on log debug, just an authentication silently failed. Yes certificates have Windows OID client/server (xpestensions) Any ideas ? Thanks in advance for your answers Bernard. PS : No, I dont want to use MS Radius !! Bernard Jaulin - ilem S.A. Administration systèmes * +41 (0)79 593 22 46 Route de la Galaise, 32 1228 Plan-Les-Ouates http://www.ilem.ch/ http://www.ilem.ch/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
usename + password + MAC address
Hi all, On a Radius version 2.x, we would like to tie an user to a MAC address. The auth key would then be the username, password and MAC address (Calling Station ID). Where is the right place to do that? - On the freeRadius? (any hint, please?) - In the PGSQL behind? (using some FUNCTION, I have an idea of that) Thank you. -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche Developpement +261 34 29 155 34 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: usename + password + MAC address
On a Radius version 2.x, we would like to tie an user to a MAC address. The auth key would then be the username, password and MAC address (Calling Station ID). Where is the right place to do that? - On the freeRadius? (any hint, please?) - In the PGSQL behind? (using some FUNCTION, I have an idea of that) If you are using postgre to store user data - then radcheck table (one entry for password and one for Calling-Station-Id). Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius is 3 time quicker when running in full debug mode ( -X option)
Alan, Many thanks for your answer, I had a look to syslog and it seems that my server is already using rsyslog: ps -elf | grep syslog 5 S root 1963 1 0 80 0 - 7041 - Mar20 ? 00:01:56 /usr/sbin/rsyslogd -c3 I also try to print directly on stdout : destination = stdout Or in files And this doesn't realy change anything. I also tried to reduce logging as much as possible for example by commenting : #auth_log but it doesn't realy help too. Looking forward to any clue that will help me to reduce this response time, Thanks, Vincent On Mon, Sep 7, 2009 at 12:59 PM, Alan DeKokal...@deployingradius.com wrote: Vincent Laborie wrote: I am surprised by the fact that freeRadius (Version 2.0.4) is 3 time quicker when running in full debug mode ( -X option). You are logging to syslog. Use a syslog server that doesn't kill performance, like rsyslog. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using multiple certificates
I have been asked it it possible to run two SSIDs on our wireless, lets call them A and B that authorise against a FreeRADIUS server running as two virtual servers radiusA and radiusB. What we want is to have radiusA use a different server certificate from radiusB. However, as I see it, this looks impossible as the EAP configuration is global in eap.conf and not per server instance. Is this true or am I not being creative enough! Can you place the eap definition inside the site files in sites- availble and make it different per server instance is the question I guess. Any help would be appreciated. A quick google reveals a similar question in 2007 which got no answers :-( -- Barry Dean Networks Group University of Liverpool --- Nice boy, but about as sharp as a sack of wet mice. -- Foghorn Leghorn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC Address Validation for phones
Hello list,
I need some help on some unlang portion (if this is the right solution).
Here is context: I need to do 802.1x on Ethernet switch for dynamic VLAN
assignment for PCs .
The problem is I have some phones connected between the PC and the switch.
I don't want the users to login 802.1X with the phones so I have set
them up to do MAC address user name and password without annoying the
user over CHAP.
Using users files works perfectly for my phones, as the ldap back end is
for PC users.
However, I have 300 phones that can be replaced if they are broken and I
don't want to store all the info by hand in the users file.
I tried to put this in the users file:
if ( %{User-Name} =~ 00030BCA[0-9A-F]+ ) {
%{Cleartext-Password} == %{User-Name}
}
Put it doesn't work because CHAP cannot find the user and his clear text
password.
So I guess I have put it in the wrong section AND/OR have done something
wrong with my if but I can't find a way of checking as radius seems not
to bother about it.
I also tried to put it in the authentication section without success.
I have read this http://wiki.freeradius.org/Mac-Auth but it seems too
advanced for what I want to do as I don't need to rewrite anything. This
guided me to try and put the script somewhere else.
Thanks for your precious help.
Best Regards,
Matt
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_acct_unique Issue
Hi,
We're using FreeRADIUS 2.1.6, and have rlm_acct_unique configured as per
the below:
acct_unique {
key = User-Name, Framed-IP-Address, Acct-Session-Id
}
Over the past couple of days we've noticed that the unique session ID
calculated by the module during interim updates is changing mid session
for some users, although none of the attributes defined in the
configuration are changing between requests.
Here's an example for a session that had started on 2009-09-06 at 00:31:28:
Mon Sep 7 05:00:23 2009
Acct-Session-Id = 01BCBC45
Framed-Protocol = PPP
Framed-IP-Address = xxx.xxx.xxx.xxx
User-Name = u...@realm
Cisco-AVPair = connect-progress=LAN Ses Up
Cisco-AVPair = nas-tx-speed=7349000
Cisco-AVPair = nas-rx-speed=1000
Acct-Session-Time = 102534
Acct-Input-Octets = 5792373
Acct-Output-Octets = 8666851
Acct-Input-Packets = 79786
Acct-Output-Packets = 54731
Acct-Authentic = RADIUS
Acct-Status-Type = Interim-Update
NAS-Port-Type = Virtual
Cisco-NAS-Port = Uniq-Sess-ID40
NAS-Port = 40
Service-Type = Framed-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Acct-Delay-Time = 45
Acct-Unique-Session-Id = 3c17c916d8e9ff20
Timestamp = 1252296023
Request-Authenticator = Verified
Mon Sep 7 05:28:24 2009
Acct-Session-Id = 01BCBC45
Framed-Protocol = PPP
Framed-IP-Address = xxx.xxx.xxx.xxx
User-Name = u...@realm
Cisco-AVPair = connect-progress=LAN Ses Up
Cisco-AVPair = nas-tx-speed=7349000
Cisco-AVPair = nas-rx-speed=1000
Acct-Session-Time = 104260
Acct-Input-Octets = 5895021
Acct-Output-Octets = 8838223
Acct-Input-Packets = 81164
Acct-Output-Packets = 55643
Acct-Authentic = RADIUS
Acct-Status-Type = Interim-Update
NAS-Port-Type = Virtual
Cisco-NAS-Port = Uniq-Sess-ID40
NAS-Port = 40
Service-Type = Framed-User
NAS-IP-Address = xxx.xxx.xxx.xxx
Acct-Delay-Time = 0
Acct-Unique-Session-Id = fb0d91180bc7523e
Timestamp = 1252297704
Request-Authenticator = Verified
I've hidden the Framed-IP-Address and User-Name attributes, but they
were identical in both requests.
Prior to 05:28:2 today, the unique session ID was always returned as
3c17c916d8e9ff20, and since 05:28:24, it has been returned as
fb0d91180bc7523e.
The only common factor with the sessions where this has happened is the
Acct-Delay-Time attribute being set to 45 in the last logged request
before the ID had changed, but I can't see any evidence on the server of
a delay, or any issues that may have caused a delay, around this time.
Does anyone know what might be causing this?
Thanks,
Tim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_acct_unique Issue
Does anyone know what might be causing this?
The acct_unique configuration is being overridden by the defaults in
/etc/freeradius/modules/acct_unique...
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address,
NAS-Port
}
And the Client-IP-Address is changing mid session.
Now we have to update a few thousand running sessions, shortly after
removing the defaults and restarting freeradius.
Does anyone have any equivalent Perl/Python code to the add_unique_id
function in rlm_acct_unique.c?
Thanks,
Tim
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What problem does the FreeRADIUS wiki have?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 As per title. - -Arran - -- Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk, Systems Administrator (AAA), Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqlOikACgkQcaklux5oVKIRFQCdGqivLhNy//pWHpvssxSdrHUz X+IAniTNY3WhpKjAF8m+50IEWTqeZvJ5 =JNcr -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: What problem does the FreeRADIUS wiki have?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 07/09/2009 17:51, Arran Cudbard-Bell wrote: As per title. -Arran Whatever it was seems to have resolved itself. - -- Arran Cudbard-Bell a.cudbard-b...@sussex.ac.uk, Systems Administrator (AAA), Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqlO5MACgkQcaklux5oVKLZggCfWKOHbCfGgc+PDqzZo7r+uHbv OOkAnR9ggTOkZkD4PLYqFO8zDfPIwz1Z =AaUv -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using multiple certificates
I have been asked it it possible to run two SSIDs on our wireless, lets call them A and B that authorise against a FreeRADIUS server running as two virtual servers radiusA and radiusB. I have two EAP instances for the purpose of serving 2 different certificates; so, what you want to do is definitely possible. I server both from the same virtual server and use unlang to determine which certificate to serve based upon SSID. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Validation for phones
I tried to put this in the users file:
Unlang goes into virtual server configuration, not users file.
if ( %{User-Name} =~ 00030BCA[0-9A-F]+ ) {
update control {
Cleartext-Password == %{User-Name}
}
}
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_acct_unique Issue
Tim O'Donovan wrote: Does anyone know what might be causing this? The acct_unique configuration is being overridden by the defaults in /etc/freeradius/modules/acct_unique... What does that mean? If you edit that file, you are editing the configuration. Or, have you added *two* configurations for the module? Now we have to update a few thousand running sessions, shortly after removing the defaults and restarting freeradius. Does anyone have any equivalent Perl/Python code to the add_unique_id function in rlm_acct_unique.c? It's just an MD5 hash over the attributes. See the rlm_acct_unique.c source for details. It's not big. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius is 3 time quicker when running in full debug mode ( -X option)
Vincent Laborie wrote: Many thanks for your answer, I had a look to syslog and it seems that my server is already using rsyslog: shrug There isn't anything in the server that says run faster in debug mode. Usually it's the other way around, because of all the extrea output that debug mode has. I also try to print directly on stdout : destination = stdout Or in files And this doesn't realy change anything. Then the problem is elsewhere. I also tried to reduce logging as much as possible for example by commenting : #auth_log but it doesn't realy help too. Looking forward to any clue that will help me to reduce this response time, What have you changed from the default configuration? Start looking there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: intel Proset/wireless - OK // windows zero config - KO
Hi Norman, My Windows clients run XP SP3 ! And no problems with WEP/WPA + TKIP on this laptops. But, thanks for your help. Bernard. -- Message: 3 Date: Mon, 7 Sep 2009 22:59:49 +1000 From: Norman Goh norman...@exemail.com.au Subject: RE: intel Proset/wireless - OK // windows zero config wireless - KO To: 'FreeRadius users mailing list' freeradius-users@lists.freeradius.org Message-ID: 004601ca2fbb$154602a0$c801a...@novacula Content-Type: text/plain; charset=iso-8859-1 Hi Bernard, Based upon the provided information I would believe that this would be a driver problem, but without knowing what you have tried, your actual Intel Hardware and a proper wireless capture this is the best I can offer. To me if the Intel and Thinkpad wireless apps work with your current setup and is stable then the problem does not appear to be with Radius at all. If you are using XP with Service Pack 2 then you need the following two patches for WPA2 comms. WindowsXP-KB893357-v2-x86-ENU.exe WindowsXP-KB917021-v3-x86-ENU.exe These two provide extra code for the WPA2 Enterprise authentication methods you are using so that the Windows Zero config wireless can work properly. Service Pack 3 for XP is supposed to have these two patches but I would add them in anyway. For Linux, again this is a driver/module issue and you need to ensure that you have a couple of things running first before you attempt to connect to the AP, modules such as the wpa_supplicant and wpa_supplicant-gui (if you are using a desktop interface) are necessary, and the ieee80211 module if it is required. It also depends on your Intel Hardware and Firmware code that you have installed. I am assuming that you have Intel chipsets here and not Atheros chipsets, there is a big difference. This website will point you in the right direction even though the information maybe out of date by a couple of years, it may highlight a bug in your configuration files especially in linux. http://ipw2100.sourceforge.net/index.php You may already have tried the following suggestion ? work your way up from the lowest security wireless comms to the highest, (Ad-Hoc with no key, WEP, WPA-PSK, WPA-TKIP, WPA2-PSK, WPA2-TKIP, WPA2-EAP\TLS) to try an pin point the issue and confirm that the wireless works, at least for the less secure comms. The XP Sp2 without the patches will work up until WPA-PSK but due to the cryptography changes in WPA2 it won?t work without the patches. The Intel Proset and Thinkvantage tools would already have this extra code written in. If you are running a FAT Cisco AP and not the LWAP version, you can configure multiple profiles on the same gear so you can try the above without messing up your working wireless comms. Else you have to do the profiles in the WLAN controller software. Cheers Norman - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Deployment
tech.subscripti...@shepherdhill.biz wrote:
I am trying to move to the production server after due tests. I
installed version 2.1.6 on CentOS 5.2. Funnily I am getting Segmentation
fault error when my hints file is to be loaded. The debug message is:
...
Segmentation fault
My Hints file gives error when this is inserted:
DEFAULT User-Name =~ '^([...@]+)(@zmobile.com)?$', NAS-IP-Address ==
10.76.100.69
User-Name := %{1}
Alan DeKok wrote:
Please see doc/bugs
It's not a problem on any system I have access to.
I have done the gdb and valgrind dumps. They are on:
http://www.leadservers.com/gdb-radiusd.log
http://www.leadservers.com/valgrind-radiusd.log
Kindly assist.
Cheers,
Chris.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + MySQL At System Boot = Freeradius Failure
Marinko Do you use MySQL for NAS authentication? I have noticed that Freeradius can re-connect to the database for user authentication later in the process. However as NAS is only read during startup then if MySQL is not ready its understandable why Freeradius would bomb out. JD From: Marinko Tarlac mangi...@gmail.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Sunday, September 6, 2009 6:28:19 PM Subject: Re: Freeradius + MySQL At System Boot = Freeradius Failure same here... I never had similar problem when mysqld is started after radiusd You should check your mysql logs to see is there any problem which causes slow start... Alan Buxey wrote: Hi, I would have thought that a simple option in freeradius that allows it to wait for mysql to startup would be nice. Am I missing something obvious here? Is there a REAL solution or does freeradius not actually work with mysql properly due to the fact its too quick to abandon it during bootup?? chkconfig mysqld on chkconfig radiusd on thats all i've ever done and it works fine alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + MySQL At System Boot = Freeradius Failure
Well right now No but in this moment I don't have test server so I can't help you in this case... Also, NAS table usually is not so big and I don't see any reason for slow start. Is there anything in mysql logs ? James Duffy wrote: Marinko Do you use MySQL for NAS authentication? I have noticed that Freeradius can re-connect to the database for user authentication later in the process. However as NAS is only read during startup then if MySQL is not ready its understandable why Freeradius would bomb out. JD *From:* Marinko Tarlac mangi...@gmail.com *To:* FreeRadius users mailing list freeradius-users@lists.freeradius.org *Sent:* Sunday, September 6, 2009 6:28:19 PM *Subject:* Re: Freeradius + MySQL At System Boot = Freeradius Failure same here... I never had similar problem when mysqld is started after radiusd You should check your mysql logs to see is there any problem which causes slow start... Alan Buxey wrote: Hi, I would have thought that a simple option in freeradius that allows it to wait for mysql to startup would be nice. Am I missing something obvious here? Is there a REAL solution or does freeradius not actually work with mysql properly due to the fact its too quick to abandon it during bootup?? chkconfig mysqld on chkconfig radiusd on thats all i've ever done and it works fine alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + MySQL At System Boot = Freeradius Failure
Marinko This sounds like a race will take place between the two processes if there is no co-ordination. If (as you say) you are able to start mysqld after radiusd then I think if you look at tail of /var/log/radius/radius.log you will see something like: Starting connect to MySQL server for #0 Couldn't connect socket to MySQL server r...@127.0.0.1:radius Mysql error 'Can't connect to MySQL server on '127.0.0.1' (61)' Failed to connect DB handle #0 Ready to process requests. and then messages about radiusd managing to re-aquire the db handles later on - eg: Trying to (re)connect unconnected handle 3.. Starting connect to MySQL server for #3 got socket 3 after skipping 0 unconnected handles There needs to be a wait-on-mysql option for radiusd startup - surely?? What baffles me is that I'm a newbie here and surely all the veteran users have long since flushed this problem out into the open - or does nobody EVER use the NAS sql extensions?? JD From: Marinko Tarlac mangi...@gmail.com To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Monday, September 7, 2009 9:54:04 PM Subject: Re: Freeradius + MySQL At System Boot = Freeradius Failure Well right now No but in this moment I don't have test server so I can't help you in this case... Also, NAS table usually is not so big and I don't see any reason for slow start. Is there anything in mysql logs ? James Duffy wrote: Marinko Do you use MySQL for NAS authentication? I have noticed that Freeradius can re-connect to the database for user authentication later in the process. However as NAS is only read during startup then if MySQL is not ready its understandable why Freeradius would bomb out. JD *From:* Marinko Tarlac mangi...@gmail.com *To:* FreeRadius users mailing list freeradius-users@lists.freeradius.org *Sent:* Sunday, September 6, 2009 6:28:19 PM *Subject:* Re: Freeradius + MySQL At System Boot = Freeradius Failure same here... I never had similar problem when mysqld is started after radiusd You should check your mysql logs to see is there any problem which causes slow start... Alan Buxey wrote: Hi, I would have thought that a simple option in freeradius that allows it to wait for mysql to startup would be nice. Am I missing something obvious here? Is there a REAL solution or does freeradius not actually work with mysql properly due to the fact its too quick to abandon it during bootup?? chkconfig mysqld on chkconfig radiusd on thats all i've ever done and it works fine alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
