Re: radexample.c
Ibrar Ahmed wrote: Hi, Any body tells me how I can get working radexample with freeradius. I am getting this packat one server User-Name = test User-Password = [EMAIL PROTECTED] NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Read the debug output. It will tell you what's wrong. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: some doubts, im newbie, radius authentication and mysql.
alex wrote: Only the first query looks to have a valid result. SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = '00:09:5b:65:98:b0' ORDER BY id After that the other queries doesnt have a valid answer, so the user uis rejected. My question is, in the sql.conf, if i comment the queries that are searching in the empty tables, could fix the problem? or the problem is in the radius manager 2, when it add a user and is not adding to the other tables? It won't help. Read the debug log: rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. The server found a password, but it was wrong. Fix that, not the SQL queries. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radexample.c
Thanks DeKok,
I have read the debug output it says auth: Failed to validate the user. But
when I have tried
same user/pass combination with radclient it works fine
Here is my debug output.
[EMAIL PROTECTED]:freeradius-1.1.4$ src/main/radiusd -AXf
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/postgresql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = yes
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /usr/local/var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded SQL
sql: driver = rlm_sql_postgresql
sql: server = localhost
sql: port =
sql: login = ibrar
sql: password =
sql: radius_db = radius
sql: nas_table = nas
sql: sqltrace = yes
sql: sqltracefile = /usr/local/var/log/radius/sqltrace.sql
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
sql: query_on_not_found = no
sql: authorize_check_query = SELECT id, UserName, Attribute, Value, Op ??FROM
radcheck ??WHERE
Username = '%{SQL-User-Name}' ??ORDER BY id
sql: authorize_reply_query = SELECT id, UserName, Attribute, Value, Op ??FROM
radreply ??WHERE
Username = '%{SQL-User-Name}' ??ORDER BY id
sql: authorize_group_check_query = SELECT radgroupcheck.id,
radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM
radgroupcheck, usergroup
??WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName
??ORDER BY radgroupcheck.id
sql: authorize_group_reply_query = SELECT radgroupreply.id,
radgroupreply.GroupName,
radgroupreply.Attribute,
Re: freeradius-1.1.5 and FC4
Ronaldo Zhou wrote: I encountered the problem, too. On 3/21/07, *Goke Aruna* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: I installed freeradius-1.1.4 in FC4 and i got all the compilation without error. However, when i tried to run the radiusd in debug mode i got the error below Can someone pls point out my problem to me. Goksie [EMAIL PROTECTED] ~]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib *** glibc detected *** radiusd: double free or corruption (fasttop): 0x090fcde8 *** === Backtrace: = /lib/libc.so.6[0x1b7424] /lib/libc.so.6(__libc_free+0x77)[0x1b795f] /usr/local/lib/libltdl.so.3[0xd9da50] /usr/local/lib/libltdl.so.3(lt_dlopenext+0xc3)[0xd9e51f] radiusd(find_module_instance+0x1bd)[0xe98fb5] radiusd(setup_modules+0x1c0)[0xe997b0] radiusd(main+0x3b0)[0xe9c814] /lib/libc.so.6(__libc_start_main+0xc6)[0x168de6] radiusd[0xe91cb5] === Memory map: 00111000-0012b000 r-xp fd:00 9865492/lib/ld-2.3.5.so http://2.3.5.so 0012b000-0012c000 r-xp 00019000 fd:00 9865492/lib/ld- 2.3.5.so http://2.3.5.so 0012c000-0012d000 rwxp 0001a000 fd:00 9865492/lib/ld-2.3.5.so http://2.3.5.so 0012d000-0013b000 r-xp fd:00 9865497/lib/libpthread- 2.3.5.so http://2.3.5.so 0013b000-0013c000 r-xp d000 fd:00 9865497/lib/libpthread-2.3.5.so http://2.3.5.so 0013c000-0013d000 rwxp e000 fd:00 9865497/lib/libpthread-2.3.5.so http://2.3.5.so 0013d000-0013f000 rwxp 0013d000 00:00 0 0013f000-00152000 r-xp fd:00 12243222 /usr/local/lib/libradius-1.1.5.so http://1.1.5.so 00152000-00153000 rwxp 00013000 fd:00 12243222 /usr/local/lib/libradius- 1.1.5.so http://1.1.5.so 00153000-00154000 rwxp 00153000 00:00 0 00154000-00278000 r-xp fd:00 9865493/lib/libc-2.3.5.so http://2.3.5.so 00278000-0027a000 r-xp 00124000 fd:00 9865493/lib/libc- 2.3.5.so http://2.3.5.so 0027a000-0027c000 rwxp 00126000 fd:00 9865493/lib/libc-2.3.5.so http://2.3.5.so 0027c000-0027e000 rwxp 0027c000 00:00 0 0027e000-002ed000 r-xp fd:00 12243158 /usr/lib/libkrb5.so.3.2 002ed000-002f rwxp 0006e000 fd:00 12243158 /usr/lib/libkrb5.so.3.2 002f-002f2000 r-xp fd:00 9865501/lib/libcom_err.so.2.1 002f2000-002f3000 rwxp 1000 fd:00 9865501/lib/libcom_err.so.2.1 002f3000-002f5000 r-xp fd:00 12235980 /usr/lib/libkrb5support.so.0.0 002f5000-002f6000 rwxp 1000 fd:00 12235980 /usr/lib/libkrb5support.so.0.0 0030a000-00313000 r-xp fd:00 9863221/lib/libnss_files- 2.3.5.so http://2.3.5.so 00313000-00314000 r-xp 8000 fd:00 9863221/lib/libnss_files-2.3.5.so http://2.3.5.so 00314000-00315000 rwxp 9000 fd:00 9863221/lib/libnss_files-
Re: radexample.c
Thanks DeKok,
I have read the debug output it says auth: Failed to validate the user. But
when I have tried
same user/pass combination with radclient it works fine
Here is my debug output.
[EMAIL PROTECTED]:freeradius-1.1.4$ src/main/radiusd -AXf
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/eap.conf
Config: including file: /usr/local/etc/raddb/postgresql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir = /usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /usr/local/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = no
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = yes
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
pap: auto_header = yes
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /usr/local/var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
gtc: challenge = Password:
gtc: auth_type = PAP
rlm_eap: Loaded and initialized type gtc
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded SQL
sql: driver = rlm_sql_postgresql
sql: server = localhost
sql: port =
sql: login = ibrar
sql: password =
sql: radius_db = radius
sql: nas_table = nas
sql: sqltrace = yes
sql: sqltracefile = /usr/local/var/log/radius/sqltrace.sql
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
sql: query_on_not_found = no
sql: authorize_check_query = SELECT id, UserName, Attribute, Value, Op ??FROM
radcheck ??WHERE
Username = '%{SQL-User-Name}' ??ORDER BY id
sql: authorize_reply_query = SELECT id, UserName, Attribute, Value, Op ??FROM
radreply ??WHERE
Username = '%{SQL-User-Name}' ??ORDER BY id
sql: authorize_group_check_query = SELECT radgroupcheck.id,
radgroupcheck.GroupName,
??radgroupcheck.Attribute, radgroupcheck.Value,radgroupcheck.Op ??FROM
radgroupcheck, usergroup
??WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName
??ORDER BY radgroupcheck.id
sql: authorize_group_reply_query = SELECT radgroupreply.id,
radgroupreply.GroupName,
radgroupreply.Attribute,
Re: freeradius problem : need help
satish patel wrote: check radwatch is runing or not is runing then kill radwatch it is for watching radiusd deamon for monitoring radius process */elmalhi abdelghani [EMAIL PROTECTED]/* wrote: what means plaese this : There appears to be another RADIUS server running on the authentication port 1812 and if I typ for example the command:' ps a ' i don't found radiusd ? regards. Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses http://fr.rd.yahoo.com/evt=42054/*http://fr.answers.yahoo.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com Here’s a new way to find what you're looking for - Yahoo! Answers http://us.rd.yahoo.com/mail/in/yanswers/*http://in.answers.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html mvts is using the port 1812, you can check previous post by abdul_zu on similar subject. Goksie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radexample.c
Ibrar Ahmed wrote: Thanks DeKok, I have read the debug output it says auth: Failed to validate the user. But when I have tried same user/pass combination with radclient it works fine Here is my debug output. I know it's a lot of information, but reading it is the ONLY way you will solve the problem. auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! Perhaps following those instructions would be useful. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radexample.c
--- Alan DeKok [EMAIL PROTECTED] wrote: Ibrar Ahmed wrote: Thanks DeKok, I have read the debug output it says auth: Failed to validate the user. But when I have tried same user/pass combination with radclient it works fine Here is my debug output. I know it's a lot of information, but reading it is the ONLY way you will solve the problem. I have read all the information care fully and I have also added alot of debug messages in radiusd. auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! I was thinking this was a secret issue. But I have cross checked it on my client and server side both. Here is packet output from radclient application (Works) rad_recv: Access-Request packet from host 127.0.0.1:32844, id=223, length=49 User-Name = bob User-Password = bob Framed-Protocol = PPP Processing the authorize section of radiusd.conf and here is my radexample packet output (Do not works) rad_recv: Access-Request packet from host 127.0.0.1:32855, id=223, length=55 User-Name = bob User-Password = \265\\VJ\250\\p\3515\216\230\3343\263HW Service-Type = Authenticate-Only NAS-IP-Address = 127.0.0.1 Processing the authorize section of radiusd.conf Perhaps following those instructions would be useful. Yup Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html The fish are biting. Get more visitors on your site using Yahoo! Search Marketing. http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radexample.c
I have read the debug output it says auth: Failed to validate the user. But when I have tried same user/pass combination with radclient it works fine I know it's a lot of information, but reading it is the ONLY way you will solve the problem. I have read all the information care fully and I have also added alot of debug messages in radiusd. auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! I was thinking this was a secret issue. But I have cross checked it on my client and server side both. Here is packet output from radclient application (Works) rad_recv: Access-Request packet from host 127.0.0.1:32844, id=223, length=49 User-Name = bob User-Password = bob Framed-Protocol = PPP Processing the authorize section of radiusd.conf and here is my radexample packet output (Do not works) rad_recv: Access-Request packet from host 127.0.0.1:32855, id=223, length=55 User-Name = bob User-Password = \265\\VJ\250\\p\3515\216\230\3343\263HW Service-Type = Authenticate-Only NAS-IP-Address = 127.0.0.1 Processing the authorize section of radiusd.conf Perhaps following those instructions would be useful. Yup Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Don't get soaked. Take a quick peek at the forecast with the Yahoo! Search weather shortcut. http://tools.search.yahoo.com/shortcuts/#loc_weather - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius unistalling
or may be, when configuring the installation, use --prefix, to install the server in location other than default # ./configure --prefix=/opt/freeradius I will ease use to remove freeradius using command # rm -rf /opt/freeradius On 3/24/07, Thor Spruyt [EMAIL PROTECTED] wrote: There is no uninstall and make clean just cleans the source tree. Use rpmbuild to make an rpm. - Original Message - From: elmalhi abdelghani To: FreeRadius users mailing list Sent: Friday, March 23, 2007 3:48 PM Subject: Re : freeradius unistalling hi, but i found always my directory usr/local/etc/raddb regards! Abdelghani ELMALHI Devesestr. 1 45897 Gelsenkirchen Deutschland Tel. 00 49 176 65 84 38 50 Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards, Fadli M. Zain Leadership and Lifelong Learning - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radexample.c
Ibrar Ahmed wrote: ... I was thinking this was a secret issue. But I have cross checked it on my client and server side both. Then the RADIUS code in radiusclient is buggy. Can you say which version of radiusclient you are using? What CPU you are running this on? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bandwidth and volume limit
A) bandwidth limit You can use WISPr-Bandwidth-Max-Down and WISPr-Bandwidth-Max-Up attribute to limit the bandwidth. they should be inserted in radreply or groupradreply table. But you need to modify NAS firewall to force the attribute to user. I use chillispot. In the NAS I force all user Internet session to use tun0 device which is created by chillispot. This is my rule for forward chain : # iptables -P FORWARD DROP # iptables -F FORWARD # iptables -A FORWARD -o tun0-j ACCEPT # iptables -A FORWARD -i tun0 -j ACCEPT b) volume limit. I face the same problem too when dealing with freeradius 1.1.3. but after upgrade to freeradius 1.1.4, the problems solved itself, no more Session Time generated, but only AcctInputOctet. I suggest you to upgrade to Freeradius 1.1.4. but if you insist to stick on current version, you must create some perl script to help freeradius server to generate AcctInputOctet for accounting. On 3/22/07, Mathieu Lemaitre [EMAIL PROTECTED] wrote: HI all, I'm running freeradius 1.0.2 on a debian stable. For new clients, I need to implement 2 functions: * a bandwidth limit on a per-user basis. I mean, I need to be able to set, for a user, a value for his upstream and downstream bw, which is sent by the radius as a reply attribute. Are they predefined attributes to do this? * a volume limit: I'd like to be able to set a maximum amount of data monthly downloadable for each user. I tried with rlm_slqcounter, changing the sql request to check AcctInputOctet instead of SessionTime, but the problem is that radius always reply an attribute called MaxSessionTime (or sthg like that), containing the remaining data volume for the user... is there as way to change the name of the attribute answered by freeradius?? Many thaks, Mathieu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards, Fadli M. Zain Leadership and Lifelong Learning - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Questions about Freeradius counter
On 3/22/07, guest01 [EMAIL PROTECTED] wrote:
Hi guys!
I have two minor problems with the radius counter. I am using the radius
counter for counting the sessiontimeout, which works quite good.
counter sessiontimeout {
filename = ${logdir}/db.sessiontimeout
key = User-Name
count-attribute = Acct-Session-Time
reset = never
counter-name = Daily-Session-Time
check-name = Session-Timeout
cache-size = 5000
}
If the user reaches the saved allowed max session time, the connection
gets disconnected and the user is not allowed to connect again until the
time value has been reseted. Works great ...
I also want to achieve the same behavior for another counter, the
Acct-Input-Octets, but it doesn't really work. I can define a maximum
value for Input Octets and if the user exceeds this value, he cannot
connect again. Unfortunately, the connection doesn't get disconnected
after the user reached his limit, do I have to configure something
additional? It works for the Sessiontimeout, why doesn't it work for the
Input-Octets? Any ideas? Is it possible?
counter maxinput {
filename = ${logdir}/db.maxinput
key = User-Name
count-attribute = Acct-Input-Octets
reset = never
counter-name = Input-Octets
check-name = ChilliSpot-Max-Input-Octets
cache-size = 5000
}
I face the same problem on Freeradius 1.1.3, and to overcome the situation,
I wrote a perl script to set the correct ChilliSpot-Max-Input-Octets for
Freeradius. But I have upgraded to Freeradius 1.1.4, the no more problem
with it.
The second problem is, that I have Acct-Input-Octets AND
Acct-Output-Octets in my radius dialog and I want to use ONE counter,
which should contain the sum of Acct-Input-Octets+Acct-Output-Octets, I
already tried to use
count-attribute = (Acct-Input-Octets+Acct-Output-Octets),
but it didn't work ... Any suggestions for that problem? Any ideas?
U can specify the sql query for the counter:
counter maxinput {
filename = ${logdir}/db.maxinput
key = User-Name
count-attribute = Acct-Input-Octets
reset = never
counter-name = Input-Octets
check-name = ChilliSpot-Max-Input-Octets
query = SELECT SUM(Acct-Input-Octets+Acct-Output-Octets) FROM
radacct where UserName='%{%k}'
}
I appreciate every kind of help!
Thanks guys!
best regards
Peter Gastinger
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Best Regards,
Fadli M. Zain
Leadership and Lifelong Learning
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + postgresql + realms + different databases for each realm
I was wondering if anyone might be able to point me in the right direction with regard to setting up freeradius with postgres so that each realm is authenticated out of a separate database (on the same postgres server). I understand that this might not be the best way to handle things, but for historical and business reasons I find myself faced with the prospect implementing this configuration. I'm pretty much through the freeradius and postgres installation and configuration, but I find myself unable to get my head around breaking on each realm into a seperate database (yeah I can duplicate the schema across seperate renamed databases) and then convince freeradius to authenticate using those separate databases for each specific realm. I've STFW and archive(s) and found little documentation on how to accomplish this particular config. Thanks in advance for *any* tips, suggestions, links or outright tutorials you might be able to provide... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + postgresql + realms + different databases for each realm
trol anon wrote:
I was wondering if anyone might be able to point me in the right
direction with regard to setting up freeradius with postgres so that
each realm is authenticated out of a separate database (on the same
postgres server).
The SQL queries are configurable. Just replace the database name with
%{Realm}, or whatever else is needed.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
