if it's possilbe.
Do you think it's possible instead to use a script (perl/bash anything
else) after the request arrive and put it in a DB?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/**
list/users.html http://www.freeradius.org/list/users.html
--
Regards,
Chris Knipe
?
I seem to be unable to find the answer on this -- so I m glad for any
pointers.
Aren't you looking for pre-proxy and post-proxy then ?
--
Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The radius server can only process on what the NAS sends it. Look at
the NAS and configure the NAS to send the correct/full
Calling-Station-Id.
--
Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
that the user logs Ok But freeradius don't send the vsa attribute:
So put the VSA attributes in the reply details for user tom? Radius
is returning precisely what you configured it to return.
--
Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
running freeradiusd -X instead of radiusd.
Yes - they changed the name of the binary... Peeves me off too.
--
Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
: ppogorzel...@gmail.com
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
://www.freeradius.org/list/users.html
--
Regards,
Chris Knipe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
You need to send it to your NAS, not FreeRadius. Radius does not disconnect
your clients, your NAS does... :)
Regards,
Chris.
- Original Message -
From: Sean [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Thursday, August 31, 2006 4:24 PM
Subject: Disconnect
It is ONLY tested on Postgresql 8.1.x (On 32bit and 64bit SUSE Linux)
although
I expect it should work fine on any 8.X version of postgresql and probably
earlier versions as well. If you want to run it on a different database,
the
driver itself should support it, but you will need to modify the
See below. It can more than likely do with more indexes though. I'm at
this stage obviously only experimenting... I'm still checking, but I'm
*baffled* as to why the rlm_sqlippool won't reconnect to the database
then!
As you said, it uses the SQL driver, whether it's PostGRE, mySQL, MSSQL,
Can someone perhaps please just take a moment to explain what
exactly is going on in those queries?? I'm not referring to the SQL
as such, but rather as to what is updated, and why. A table
structure accompanying those queries in sqlippool.conf may help
significantly as well, as I'm guessing
Hmm.
There seems to also be a bug in the code. If one of the mysql sockets to
the database goes down, rlm_sqlippool won't reconnect to the database
handles... Debug below for 2 auth requests...
mySQL Logs show that the connection attempt does not even come through.
Debug logs show that
Fine here...
Regards,
Chris.
- Original Message -
From: Jeff Green [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Friday, August 25, 2006 1:33 PM
Subject: Freeradius Domain name ( website) registration expired ?
Can anyone else
Why not just optimise the SQL query to check for simultaneous users in
sql.conf?
It's rather easy to just change the SQL query to suit your needs??
Regards,
Chris.
- Original Message -
From: Roberto Greiner [EMAIL PROTECTED]
To: FreeRadius users mailing list
Hi,
Just a quick question - especially valid in regards to VPN (L2TP / PPTP).
I know this will depend solely on the NAS, but considering a normal *nix
pppd process, and a windows based RAS client... Is it at all possible to get
PPP to assign static routes to the CLIENT during the
radiusd: FreeRADIUS Version 1.1.1, for host , built on May 18 2006 at
13:16:06
Copyright (C) 2000-2006 The FreeRADIUS server project.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU
Ok,
Either I'm very stupid, or something is not working :(
Debug output:
rlm_sql (sql): Released sql socket id: 8
rlm_sql (sql): No matching entry in the database for request from user
[EMAIL PROTECTED]
modcall[authorize]: module sql returns notfound for request 6
modcall: leaving group
Silly Tosser(tm) mistake. Please ignore.
Regards,
Chris.
- Original Message -
From: Chris Knipe [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Wednesday, August 23, 2006 2:06 PM
Subject: More SQL
Ok,
Either I'm very stupid, or something is not working
The mySQL variables %H:%i:%S is over written by FreeRadius' variables...
I have filed in BugZilla as well.
Any possibility to get this fixed???
This is not a bug. FreeRADIUS expands the variables in the query strings
as documented here:
http://freeradius.org/radiusd/doc/variables.txt
If you
states:
%S request timestamp
in SQL format
%T request timestamp
in database format
What is SQL format? What is 'database format' A database can hold times in
MANY different formats. Can someone just shed some clarity as to the format
for the
- Original Message -
From: Francois-Xavier GAILLARD [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Sent: Monday, August 07, 2006 9:19 PM
Subject: Re: sql.conf
Le Mon, Aug 07, 2006 at 09:10:56AM -0700, fvt3 ecrivait:
Ok, so how do you set
Hi Mark,
sql: postauth_table = radpostauth
sql: postauth_query =
sql: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
Bus error
I went through the same thing not to long ago.
Compile FreeRadius without thread support (--without-threads), and make sure
Chris Knipe [EMAIL PROTECTED] wrote:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 1 (LWP 100079)]
0x282f2677 in memset () from /lib/libc.so.5
(gdb) back
#0 0x282f2677 in memset () from /lib/libc.so.5
#1 0x09afc4c0 in ?? ()
#2 0x286e5cb5 in sql_init_socket
Hi,
This more than
likely goes back to using the correct OP values, so I'm hoping someone can shed
some light on this. I have a groupcheck requirement that requires a value
of a attribute to be either one, or the other.
NAS-Port-Type :=
ISDN, NAS-Port-Type := Virtual
Now, obviously I
I use rlm_perl and custom scripts running at a Accounting Update. If used
bytes is over a certain limit, I disconnect the user and disable the account
in a mysql database.
Regards,
Chris.
- Original Message -
From: Sean [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Hi,
Is there any way to get rlm_perl to work with binary code, instead of
source? I currently have a perl script executing via rlm_perl that does
some fancy stuff in authentication and accounting.
Due to popular demand, I now have 3rd parties interested in this code, but I
don't feel it is
Chris Knipe [EMAIL PROTECTED] wrote:
Is there any way to get rlm_perl to work with binary code, instead of
source?
Perl has binary code?
No, it doesn't, obviously. You do however get compilers for it that will
compile perl into a binary format... Guess that's more what I'm referring
Hi,
Uhm, any support for RFC3576, added or planned?
Regards,
Chris.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Try adding it to your users file instead...
--
Chris.
- Original Message -
From: Hassan Wahid [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Thursday, June 23, 2005 4:11 PM
Subject: Re: Wildcard Login
Hi Kevin
Thanks for such a quick reply. I added the line you
On Wed, Jun 01, 2005 at 07:07:02AM +0545, [EMAIL PROTECTED] wrote:
radius.But when i start radius in debugging mode then i find the following
errors.What can be the error.
rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL
PROTECTED]:radius
rlm_sql_mysql: Mysql error 'Access
On Mon, May 30, 2005 at 04:23:24PM -0700, Rupak wrote:
rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the
search path of your system's ld.
radiusd.conf[14]: sql: Module instantiation failed.
Compile
On Wed, May 11, 2005 at 04:31:49PM +0700, avudz wrote:
Hello Marcin,
Wednesday, May 11, 2005, 4:06:52 PM, you wrote:
MJ Hi.
MJ As far as I know the sqlcounter will disallow furhter
MJ authentrication only if the user has used her time limit quota.
MJ The Session-Timeout Attribute will
Lo all,
FreeBSD 5.4-STABLE... and uhm ja...
Accounting WHERE UserName=LOWER('%{SQL-User-Name}') AND AcctStopTime = 0
sql: postauth_table = radpostauth
sql: postauth_query =
sql: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /
rlm_sql (sql): Driver
Called-Station-Id ?
--
Chris.
I love deadlines. I especially love the whooshing sound they make as they
fly by... - Douglas Adams, 'Hitchhiker's Guide to the Galaxy'
- Original Message -
From: Jason Frisvold [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Tuesday,
: Authenticating and Blocking per client
On Tue, 29 Mar 2005 16:23:43 +0200, Chris Knipe [EMAIL PROTECTED]
wrote:
Called-Station-Id ?
Radius checks this and allows/denies appropriately? Do you have a
link to documentation on how to set something like this up?
Thanks!
--
Chris.
--
Jason 'XenoPhage' Frisvold
- Original Message -
From: Jason Frisvold [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, March 29, 2005 5:51 PM
Subject: Re: Authenticating and Blocking per client
On Tue, 29 Mar 2005 17:13:33 +0200, Chris Knipe [EMAIL PROTECTED]
wrote:
What the value
I don't have radutmp enabled. I noticed, however, in the radutmp
module definition, the check_with_nas option. It appears that this
causes the checkrad program to be called. If radutmp is not enabled,
checkrad isn't called.. I think.
To my knowledge, checkrad is never called if utmp isn't
It may actually be a good idea to get checkrad to be called if utmp *OR*
SQL
thinks a user is loged in twice But that will require some source
hacking I think.
I guess I don't understand the purpose of the simul checks in the
sql.conf file then.. If utmp is the only thing that checks for
If a utmp is in place, in the above occurance, checkrad would be called
which will verify that the user is NOT logged into the NAS, and thus will
allow the auth. You will however still sit with the stale accounting
records in SQL
No. See src/main/session.c. If the user is no longer logged in,
- Original Message -
From: Boian Jordanov [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Wednesday, March 23, 2005 9:56 AM
Subject: Re: rlm_perl hash issue
On Wed, Mar 23, 2005 at 05:13:14AM +0200, Chris Knipe wrote:
Lo all,
This has been to the perl mailing lists
Eeeek. There is definitely a bug somewhere :-(
Fixed in CVS. Please use recent cvs snapshot.
Before rlm_perl expects that scalar value of RAD_xxx hash is character
value, now it can be string or integer. There is only one limitation an
ip address should be returned as character value i.e.
Lo all,
Quick question. sqlcounter works on session-time and thus session time
limiting...
What would be the alternative to count InputOctets / OutputOctets (I am
guessing the answer would be sqlcounter as well), but the trick is, that I
need to send two special attributes back to my NAS
Chris Knipe [EMAIL PROTECTED] wrote:
My NAS then will automatically disconnect the user when the Interface
counters reach 300. My main problem thus is that I don't really know how
to
tell sqlcounter to return the specific attribute name...
You don't. sqlcounter just counts. You can use
Lo all,
This has been to the perl mailing lists as well, there is nothing wrong with
the code as far as every one knows... rlm_perl just doesn't like this for
some reason
Snipets of the script in question:
$RAD_REPLY{'Acct-Interim-Interval'} = 300;
Chris Knipe [EMAIL PROTECTED] wrote:
So basically:
$RAD_REPLY{'Recv-Limit'} = $BytesAvail - $BytesUsed;
$RAD_REPLY{'Xmit-Limit'} = $BytesAvail - $BytesUsed;
doesn't work
$RAD_REPLY{'Recv-Limit'} = 23423424;
$RAD_REPLY{'Xmit-Limit'} = 23234242;
works
Hmm
- Original Message -
From: Chris Knipe [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Wednesday, March 23, 2005 5:31 AM
Subject: Re: rlm_perl hash issue
Chris Knipe [EMAIL PROTECTED] wrote:
So basically:
$RAD_REPLY{'Recv-Limit'} = $BytesAvail - $BytesUsed
Another solution is to buy a public domain and to authenticate it in
clients.conf.
Can you perhaps ellaborate a little? I wasn't even aware that this would be
possible.
--
Chris.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Why not just use Calling-Station-Id as a check item???
--
Chris.
- Original Message -
From: Alexandre Coninx [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Friday, March 18, 2005 3:54 PM
Subject: Re: authentication by mac adress, username and password
On Thu, Mar 17,
- Original Message -
From: Alexandre Coninx [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Friday, March 18, 2005 5:11 PM
Subject: Re: authentication by mac adress, username and password
On Fri, Mar 18, 2005, Chris Knipe wrote:
Why not just use Calling-Station-Id
Lo everyone,
I'm not 100% sure on where the problem lies, so please bare with me.
The relavent parts of my configuration:
details {
detail details {
detailfile = ${radacctdir}/detail-%{Realm:-LOCAL}
detailperm = 0600
dirperm = 0755
locking = yes
}
radutmp {
filename =
Now, using radreport (I know, not a FR product), radreport
uses the details
the radreport I tried some months ago was broken, very broken.
sql-accounting and details files in FR are 100% accurate, at least here.
Allrighty. I suspected that.
My questions thus...
1) Is there a application available
It's really obvious...
- Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried
to connect 0.
^^ Increase your DB Handles to a higher value.
- Info: Using deprecated naslist file. Support for this will go away
soon.
^^ I'd suggest fixing and using
Just update the mysql accounting table and set
AcctStopTime = now()
--
Chris.
- Original Message -
From:
Hyperlink
Admin
To: freeradius-users@lists.freeradius.org
Sent: Friday, March 11, 2005 12:00
AM
Subject: Kill sessions
Hey
all,
I
got a
Lo all,
Something strange going on here (or I am forgetting something).
clients.conf:
client x.x.x.6 {
secret= mysecret
shortname = myshortname
nastype = mikrotik
}
Client is working, successfully authenticating and running accounting and no
problems with it what so ever.
.
- Original Message -
From: Chris Knipe [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, March 08, 2005 3:43 PM
Subject: checkrad.pl MT Routers
Lo all,
Something strange going on here (or I am forgetting something).
clients.conf:
client x.x.x.6 {
secret= mysecret
diff for checkrad.pl
--
Chris.
- Original Message -
From: Chris Knipe [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Tuesday, March 08, 2005 3:55 PM
Subject: Re: checkrad.pl MT Routers
I'll try and make a diff later on and send it through...
Newer MT's changed
Lo everyone,
Just a quick question... Whilst I know and use simultaneous use based on
username authentication, is there any way to only allow one login from one
CLI?
We use PPPoE on a Wireless scenario. Basically, I want to allow any MAC
address to connect, but I want to limit one login per
Hi,
I'm trying to figure out why my NAS is receiving a radius timeout, instead
of a auth-reject for users with invalid passwords / non existing users /
etc...
A quick test with radtest, gave me the following for a invalid login.
--- Walking the entire request list ---
Cleaning up request 5 ID
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/blah] (from client test port 23)
Delaying request 6 for 1 seconds
Ok, that was it. Solved it myself.
Thanks
--
Chris.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
Before anyone jump and say this is related to your NAS, please just let me
start by saying that while my nas (Mikrotik) does support Radius, it is
badly documented. MAC Authentication is not documented at all.
Is there anyone who managed to get MAC Authentication to work on Mikrotik,
that
Subject: Re: Wireless MAC Authentications
It is related to your NAS and it is 'goodly' documented.
To get MAC Auth onMikrotik you'll have to enable Auth MAC and Auth MAC
Password
in the HotSpot setup.
--- Chris Knipe [EMAIL PROTECTED] wrote:
Hi,
Before anyone jump and say this is related
/ version / etc) it is
loading? In my case, I think I had older versions of the modules laying
arround that FR loaded...
--
Chris.
- Original Message -
From: Chris Knipe [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 26, 2004 6:44 PM
Subject: What am I missing??
Lo all
Anyone?!?!?! :((
I tried using userfiles instead of SQL for the useracounts as well, same
thing happens
Snippet from the usersfile
4017-5589-8633-5320 Auth-Type := Local, Pool-Name := ippool-prepaid,
Max-All-Session := 3600, Simultaneous-Use := 1, User-Password == 149861
Lo everyone,
It's been long since I've sent a mail here... I guess that means (almost)
everything is well - :)
Just one or two issues I have with my brand new FR 1.0.1 installation
1) I get allot of these:
Mon Oct 25 08:25:43 2004 : Error: Discarding duplicate request from client
xxx:1397 -
Hi Kostas,
1) I get allot of these:
Mon Oct 25 08:25:43 2004 : Error: Discarding duplicate request from
client xxx:1397 - ID: 217 due to unfinished request 142
Mon Oct 25 08:25:43 2004 : Error: Dropping conflicting packet from client
xxx1397 - ID: 217 due to unfinished request 142
As I
http://www.mail-archive.com/[EMAIL PROTECTED]/msg09655.html
Thanks :)
--
Chris.
- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 25, 2004 2:35 PM
Subject: Re: 1 or 2 issues...
On Mon, 25 Oct 2004, Chris Knipe wrote:
Lo everyone
Well your radius server uses a centralised source for authentication... make
use of session-timeout and simply deactivate / disable the account at the
central source...
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 28, 2004 3:52 AM
Subject:
Anton Blajev [EMAIL PROTECTED] wrote:
I took a look at the ippool.c and there is a if statement that returns
noop if there is not NAS-Port.
I think this should be considered as a bug in freeradius ipool... what
would you say guys?
The module could possible just use a key to assign IP
70 matches
Mail list logo