Re: rlm
Hey, LIBLDAP is part of openldap, install the openldap libraries and headers then you will be able to compile rlm_ldap. If you already have it you'll have to post some more information so people help, but I am confident that is what you are missing. -Leigh Martell On Mon, Sep 28, 2009 at 12:32 AM, José Johnny RANDRIAMAMPIONONA vasian...@gmail.com wrote: Dear all, I posted this problem a week ago after searching in posted and solved emails like here ( http://www.mail-archive.com/search?q=rlm_ldapl=freeradius-us...@lists.cistron.nlstart=40 ). I have already asked but the answers were not effective... Anyway, I d like to express my gratitude to those who have tried to read and respond to my problems ! So I m asking myself if : Using LDAP with freeradius is it something new or something? My problem is about the ldap library for freeradius (libldap which is needed by rlm_ldap) ... What should I do to install and configure it 'cause it's not in the freeradius-server package(I rebuilt it 5 times and I paid attention to the output? If I ll receive the same answers I received before then maybe the problem is in my operating system(CentOsV5.3) Thanks to all ... Best regards ... NB: I am fed up of this bug! Neeed help! -- JJohnny RANDRIAMAMPIONONA Phone: +212663682554, +212533158575 National School of Applied Sciences ZIP 1818 TANGIER 9 -Morocco --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using realms without proxying
Just proxy the realm locally..
realm managers {
auth = LOCAL
acct = LOCAL
nostrip
}
You may want to make sure you acct query is not using the stripped user name
though.
-Leigh
On Thu, Sep 3, 2009 at 4:27 PM, James Wu ja...@connection.ca wrote:
Hi everyone,
I'm using freeradius-2.1.4 with MySQL and would like to set up realms
without proxying. The reason is that I'd like to keep all the requests
to a single Radius server, however would like to separate the users'
radreplies based on their username/groups. I know that I can use
groupnames to have group based policies but I would like to have the
groupname as part of the login name, hence the realms.
The main reason for wanting to set up realms is so that I can have a
username with usern...@groupname format and use the variables %{Realm}
and %{Stripped-User-Name}. When I do set up realms, it seems that I have
to proxy. Is there another way of accomplishing this?
James
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error binding port to ipv6 address
No problem :) Maybe a shot in the dark but is selinux enabled? check your logs to see if any policies are blocking it or type 'echo 0 /selinux/enforce' then try to start it again. -- Leigh On Tue, Feb 10, 2009 at 3:19 AM, D'AVELLA STEFANO stefano.dave...@alcatel-lucent.com wrote: Thanks for the suggestion but of course I tried different ways to try to grep the process :) I just mentioned one of the command I used to make people understand that I checked the process list :) Still no clue about the problem anyway... Try just 'ps -e|grep radius' that will catch freeradius aswell as radiusd which it is called on some. -- Leigh On Mon, Feb 9, 2009 at 12:02 PM, D'AVELLA STEFANO stefano.dave...@alcatel-lucent.com wrote: *Be sure that no other freeradius is running and also that you have enough rights to open such a port.* * * *Look in your inet.d or similar to avoid that another service is run instead of the planned freeradius.* Thanks for the quick answer. I have thought the same because also some old mailing list post seemed to be related to this problem. I checked this possible problem before posting, but as far as I can see there is no other instance of freeradius running (ps -e | grep freeradius returns empty), and nothing is listening on that port (according to netstat). I also tried to change port several times but it's not working In /etc/services the port 1812 both tcp and udp are correctly assigned to radius (in fact in the error message it correctly use the port 1812). Regards, -- Stefano D'Avella - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pls help: missing Stop accounting packets
Well, there are many reasons why this could happen most of them caused between your NAS and Radius server; since you have already checked the detail file you should check your AP logs for reboots and radius timeouts(although it is UDP based there is an accounting ack sent). I am not familiar with the aruba gear, but if they do not support accounting persistence then once they are rebooted they loose records of all the active sessions; this is most likely the cause. Here is a list of question you should ask your self: - Does this happen accross the board? - Are there any accounting errors in radius log? - Is there a trend between AP, radius logs and missing stop packets? - Are these duplicate starts that were not closed? I any setup you will most likely always encounter missing start/update/stop packets, one way to ensure you do not loose the entire session is to enable Interim accounting updates; then you will at least have partial session statistic. In my setup I have a nightly script that closes all the stale sessions and completes then based on the last interim update and sets the terminate cause to 'Admin-Reset' as our AP will never use that terminate cause; this allows me to track what I have closed and still have some what complete accounting data. That being said every setup is different and you will have to determine the best way for you to handle it. Hope this helps a bit. -- Leigh On Fri, Jan 23, 2009 at 10:17 AM, ST Wong (ITSC) s...@itsc.cuhk.edu.hkwrote: Hi all, I'm using FreeRadius 2.1.3 on 2 Linux machines with accounting data stored in both radacct file and MySQL database. Recently we found that some 'aged' records have AcctStopTime = NULL.Seems Stop accounting packet for these records are not received. The problem is consistent in both cases - such Stop packets didn't recorded in radacct file and MySQL database. I've no idea whether the stop packet sent to radius server was not recorded, or if stop packet was not sent from AP. As we're using Aruba AP, I wonder if Stop packet will be missed under particular situation, e.g. session timeout, disconnect without proper logout, etc., or if I configured our radius servers incorrectly so that some stop packets are not received or recorded. Meanwhile, I'd also like to know if there is any solution to clean up such orphan records if they can't be avoided. Would anyone please help? Sorry for the newbie question. Thanks a lot. Best Regards, /ST Wong - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + MySQL problem
Post the entire debug from start to finish and as well as some tests. The
first whack of debug tells you how freeradius is parsing your config.
Once you have that done we should be able to figure where the issue lie.
Take Care,
Leigh
On Fri, Jan 16, 2009 at 8:49 AM, obaid ghaznawi ona...@gmail.com wrote:
hi, first of all, i thank all people who are giving thier time to help.
before i subscribe here and post my email, i am searching around in
internet since a week
and trying my best to solve it, i have learned many things,but there is one
problem i cannot get it solved.
i am trying to make hotspot for some building, i choosed:
Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as backend
server
and CoovaAP on WRT54GL sending user credentials to backend server for
authentication
my configs (default settings not showed, lines i changed showed)
freeradius radiusd.conf
.
. all default
.
log {
.
.
#at the end of log{
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
modules {
.
.
.
$INCLUDE sql.conf #already there
$INCLUDE sql/mysql/counter.conf #already there
.
.
.
}
authorize{
preprocess
chap
mschap
suffix
eap
sql #if i comment out sql and use file, it works, i recive
Packet-Accept, with SQL see the pap warning in debug text
pap
}
accounting{
detail
sql
}
session{
sql
}
==
clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = clientradsec36365
require_message_authenticator = no
nastype = other
}
==
sql.conf
sql {
database = mysql
driver = rlm_sql_${database}
server = localhost
login = radius
password = frsqldblogin36365
radius_db = radius
.
.
.
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
.
.
}
@@@
/etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
mysql radius database, rad...@localhost user granted all on radius.*
dummy data in tables:
mysql SELECT * FROM radcheck;
++--+++---+
| id | username | attribute | op | value |
++--+++---+
| 1 | obaid| Cleartext-Password | := | 36365 |
++--+++---+
1 row in set (0.00 sec)
mysql SELECT * FROM radusergroup;
+--+---+--+
| username | groupname | priority |
+--+---+--+
| obaid| hotspot |0 |
+--+---+--+
1 row in set (0.01 sec)
mysql SELECT * FROM radgroupcheck;
++---+---++---+
| id | groupname | attribute | op | value |
++---+---++---+
| 2 | hotspot | Auth-Type | := | Local |
++---+---++---+
1 row in set (0.00 sec)
mysql SELECT * FROM radreply;
++--+---++---+
| id | username | attribute | op | value |
++--+---++---+
| 1 | obaid| Reply-Message | := | Hello |
++--+---++---+
1 row in set (0.00 sec)
mysql SELECT * FROM radgroupreply;
++---+-++-+
| id | groupname | attribute | op | value |
++---+-++-+
| 1 | hotspot | Framed-Protocol | := | PPP |
| 2 | hotspot | Service-Type| := | Framed-User |
++---+-++-+
2 rows in set (0.00 sec)
@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#$
now when running /usr/sbin/freeradius -X and send auth request with radtest
i get
radtest obaid 36365 localhost 1812 clientradsec36365
Sending Access-Request of id 96 to 127.0.0.1 port 1812
User-Name = obaid
User-Password = 36365
NAS-IP-Address = 192.168.1.100
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
length=20
freeradius -X:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
length=57
User-Name = obaid
User-Password = 36365
NAS-IP-Address = 192.168.1.100
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = obaid, looking up realm NULL
Re: Freeradius + MySQL problem
I would assume that it is, otherwise it would not start with the INCLUDE
uncommented and sql set in authorize.
On Fri, Jan 16, 2009 at 9:18 AM, Luciano Afranllie listas.luaf...@gmail.com
wrote:
Just a stupid question.
Is your freeradius compiled with mysql support?
Do you have rlm_sql_mysql in your module dir?
Regards
Luciano
On Fri, Jan 16, 2009 at 11:49 AM, obaid ghaznawi ona...@gmail.com wrote:
hi, first of all, i thank all people who are giving thier time to help.
before i subscribe here and post my email, i am searching around in
internet since a week
and trying my best to solve it, i have learned many things,but there is
one
problem i cannot get it solved.
i am trying to make hotspot for some building, i choosed:
Freeradius + Mysql = running on 1 computer (ubuntu server 8.10) as
backend
server
and CoovaAP on WRT54GL sending user credentials to backend server for
authentication
my configs (default settings not showed, lines i changed showed)
freeradius radiusd.conf
.
. all default
.
log {
.
.
#at the end of log{
auth = yes
auth_badpass = yes
auth_goodpass = yes
}
modules {
.
.
.
$INCLUDE sql.conf #already there
$INCLUDE sql/mysql/counter.conf #already there
.
.
.
}
authorize{
preprocess
chap
mschap
suffix
eap
sql #if i comment out sql and use file, it works, i recive
Packet-Accept, with SQL see the pap warning in debug text
pap
}
accounting{
detail
sql
}
session{
sql
}
==
clients.conf
client localhost {
ipaddr = 127.0.0.1
secret = clientradsec36365
require_message_authenticator = no
nastype = other
}
==
sql.conf
sql {
database = mysql
driver = rlm_sql_${database}
server = localhost
login = radius
password = frsqldblogin36365
radius_db = radius
.
.
.
sqltrace = yes
sqltracefile = ${logdir}/sqltrace.sql
.
.
}
@@@
/etc/freeradius/sql/mysql/schema.sql and nas.sql has been imported into
mysql radius database, rad...@localhost user granted all on radius.*
dummy data in tables:
mysql SELECT * FROM radcheck;
++--+++---+
| id | username | attribute | op | value |
++--+++---+
| 1 | obaid| Cleartext-Password | := | 36365 |
++--+++---+
1 row in set (0.00 sec)
mysql SELECT * FROM radusergroup;
+--+---+--+
| username | groupname | priority |
+--+---+--+
| obaid| hotspot |0 |
+--+---+--+
1 row in set (0.01 sec)
mysql SELECT * FROM radgroupcheck;
++---+---++---+
| id | groupname | attribute | op | value |
++---+---++---+
| 2 | hotspot | Auth-Type | := | Local |
++---+---++---+
1 row in set (0.00 sec)
mysql SELECT * FROM radreply;
++--+---++---+
| id | username | attribute | op | value |
++--+---++---+
| 1 | obaid| Reply-Message | := | Hello |
++--+---++---+
1 row in set (0.00 sec)
mysql SELECT * FROM radgroupreply;
++---+-++-+
| id | groupname | attribute | op | value |
++---+-++-+
| 1 | hotspot | Framed-Protocol | := | PPP |
| 2 | hotspot | Service-Type| := | Framed-User |
++---+-++-+
2 rows in set (0.00 sec)
@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#...@#$@#$
now when running /usr/sbin/freeradius -X and send auth request with
radtest
i get
radtest obaid 36365 localhost 1812 clientradsec36365
Sending Access-Request of id 96 to 127.0.0.1 port 1812
User-Name = obaid
User-Password = 36365
NAS-IP-Address = 192.168.1.100
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=96,
length=20
freeradius -X:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 40386, id=96,
length=57
User-Name = obaid
Re: WISPr-Bandwidth question
Hello Kevin, I can't answer definitively, but I would assume that it would be done on your NAS(depending on your hardware these rules could be propagated to the child devices). It would defy all logic for it to be done on the client, Just as you would in an unauthenticated wired/wireless network it is always best to control traffic at the distribution point. Hope that helps. Take Care, Leigh Martell On Wed, Dec 17, 2008 at 12:14 PM, kevin r...@yia.ca wrote: While an out of the box solution is where I'll probably end up, I'm battling with myself over the idea of how to best manage bandwidth on a network including multiple remote locations, with both wired and wireless connections. I'm moving to using freeradius to authenticate (which ultimately will be done by MAC for initial ease of setup) but I'm trying to figure out where the Bandwidth attributes actually are used. IOW, when using WISPr-Bandwidth, does that modify the client connection at the client computer or does that occur at a proxy or firewall device? What I'm getting at is, is a captive portal necessary or can a person simply have client authentication via freeradius and the client network card handle managing its own bandwidth? And if so, is there any possibility that the client computer could be modified by someone with a bit of skill to bypass those controls? Hope that made sense. Cheers, Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Auth (new problem)
Well thats not entirely true; you can create an association table(if thats the right term) which has id,username, mac and then edit your query with some joins and additional magic...I would not suggest this but it is possible just very messy. I would highly recommend doing this the traditional way...at least if you value your sanity ;-). -- Leigh On Mon, Dec 15, 2008 at 4:22 PM, t...@kalik.net wrote: In my case I can't look for MAC in Username field and I have to look for that mac in Value field. Hope that have a way to make this happens. You don't seem to get the problem. You have set up your AP to do mac authentication. When you do that, mac address is sent in the username filed. If you don't want that, don't set your AP to do mac auth. Set it to do user authentication. When you are doung user auth, mac address should appear as Calling-Station-Id (should). There is *nothing* you can do in freeradius that will make your AP do this. You have to configure the AP to do that. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Auth (new problem)
Maybe I don't completely understand the issue, can you give us some background to why you can't? or a little more detail on your setup. I originally assumed you had to look in the value you field because of other authentications you do with that user name...but as I think about it more I just get confused. On Mon, Dec 15, 2008 at 4:36 PM, Alan DeKok al...@deployingradius.comwrote: Nataniel Klug wrote: In my case I can't look for MAC in Username field and I have to look for that mac in Value field. Hope that have a way to make this happens. t...@kalik.net escreveu: I am not wanting to do MAC filtering from the ap.. That is why it is not in the username FIELD Ahem: rad_recv: Access-Request packet from host 172.30.0.165 port 6001, id=3, length=69 User-Name = 00:19:79:0F:98:3D User-Password = cnett1298 NAS-IP-Address = 172.30.0.165 NAS-Port = 0 So what is in the username field then? You might not want to - but your NAS does. You are doing MAC authentication (or filtering if you like that term better). When you do that, mac address is sent as username. Perhaps you should read your NAS manual and learn how to use the equipment. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Att, NATANIEL KLUG n...@cnett.com.br LEIA O DIA-A-DIA DO NATA http://nataklug.blogspot.com/ Cyber Nett - Internet Banda Larga www.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 ... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis. Visconde de Taunay - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Auth (new problem)
I completely agree with you! I am still curious to why adding a user is not an option though. Hopefully we will be enlightened as to why it is not an option. 2008/12/15 t...@kalik.net To be fair, there probably is a way to create an unlang hack (are we going to advocate unlang auth now) that can tie up mac address from the user entry with the one in the mac auth request (regexp check if username is mac address; if it is see if there is such mac address in the database and force Auth-Type Accept; there was some mention of the password, but that can be sorted as well) without breaking everything else on the server. But why? If you can create user entry and add mac address as an attribute value it requires minimal effort on user admin side to create an entry with mac address as username value at the same time. A simple additional insert. Even if it is a closed code solution that you can't change, you can always make two entries - one for the user as username and one with mac address as username. Be honest, if your user admin application can't do what you want, should you: - hack your radius server? - hack your user admin application? It is credit to the quality and flexibility of Freeradius that messing with the radius server comes up as an option at all. Ivan Kalik Kalik Informatika ISP Dana 15/12/2008, Leigh Martell leigh.mart...@gmail.com piše: Well thats not entirely true; you can create an association table(if thats the right term) which has id,username, mac and then edit your query with some joins and additional magic...I would not suggest this but it is possible just very messy. I would highly recommend doing this the traditional way...at least if you value your sanity ;-). -- Leigh On Mon, Dec 15, 2008 at 4:22 PM, t...@kalik.net wrote: In my case I can't look for MAC in Username field and I have to look for that mac in Value field. Hope that have a way to make this happens. You don't seem to get the problem. You have set up your AP to do mac authentication. When you do that, mac address is sent in the username filed. If you don't want that, don't set your AP to do mac auth. Set it to do user authentication. When you are doung user auth, mac address should appear as Calling-Station-Id (should). There is *nothing* you can do in freeradius that will make your AP do this. You have to configure the AP to do that. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Auth (new problem)
Does your WISP run off this same instance of FreeRadius or just using a common database? To elaborate on the dilemma; if you configure your freeradius to check the attribute column for the MAC address how would you find the users password since that is associated with the real username not the users attribute...see the issue? By no means am I saying this is impossible but I am saying it would be messy/complex to do such a thing, as you would have to set the authenticate query to grab the mac address to return a real user name to retrieve the remainder of the user attributes. My suggestion is to not hack a way for it to work but figure out a clean way to associate MAC addresses with a useraccount. You may be able to do this by modifying the DB schema and using ID's as pointers(not fun or efficient) but this is obviously not an option for you, so that would than bring you back to using unlang(can't really help you here) or a rlm_perl script(both of these methods should work but with more overhead than I would feel comfortable with) Listen to Ivan...he is alot smarter than me just not always as polite :-p but always makes very good points. The last thing I have to say is that the immediately cheapier way is not always the best way; invest in doing things right and find an appropriate middle ground. Anyways I hope we have helped point you in somewhat of the right direction...you have alot of late nights ahead of you so take care. -- Leigh 2008/12/15 Nataniel Klug n...@cnett.com.br Leigh and Ivan, I have a system that works on my WISP and this program is not hackable (economic reasons -- this would cost too much to alter). As I already have all my clients MAC address into radcheck table (as a value for Calling-Station-Id) why can't I use this MAC to authenticate it in my NAS/AP? This is my question. Why can't I look for the MAC in another colum besides Username colum? There should be some way cheaper to me... Leigh Martell escreveu: I completely agree with you! I am still curious to why adding a user is not an option though. Hopefully we will be enlightened as to why it is not an option. 2008/12/15 t...@kalik.net - hack your radius server? - hack your user admin application? It is credit to the quality and flexibility of Freeradius that messing with the radius server comes up as an option at all. Ivan Kalik Kalik Informatika ISP -- Att, NATANIEL klugn...@cnett.com.br LEIA O DIA-A-DIA DO NATAhttp://nataklug.blogspot.com/ Cyber Nett - Internet Banda Largawww.cnett.com.br (42) 3635-2957 Rua Diogo Pinto, 1046, Centro Laranjeiras do Sul - PR Brasil - 85301-290 ... também os sábios possuem coração tangível e podem, por vezes, usar da ciência como meio de demonstrar impressões sentimentais de que muitos não os julgam suscetíveis. Visconde de Taunay - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-SIM
Hey, This may be a stupid question, but if I don't have access to a carriers HLR. Can I still do EAP-SIM if I have a sim reader. Sorry for this question I am just having trouble finding a definitive answer. Thanks, Leigh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New entry for Interim packet
},
{ Name = 'Acct-Session-Id', Value = $sessid},
{ Name = 'Acct-Authentic', Value = $authtype},
{ Name = 'Framed-IP-Address', Value = $framedip},
{ Name = 'Realm', Value = $realm, Type = 'string' }
);
$r-send_packet(ACCOUNTING_REQUEST);
$rcv = $r-recv_packet(ACCOUNTING_RESPONSE);
my $error=$r-strerror();
if ( $error eq none ) {
print New Status: Session Closed\n;
} else {
print Error: Session not Closed\nOUTPUT: $error\n;
}
}
I am not the best programmer in the world but it works, I hope this helps
spark some creative to solve your issue.
--
Leigh Martell
On Thu, Nov 20, 2008 at 2:15 PM, Tony Spencer [EMAIL PROTECTED]wrote:
I'd rather not disconnect 4,000 users in one go.
-Original Message-
From: freeradius-users-bounces+tony=tonyspencer.co.uk@
lists.freeradius.org
[mailto:freeradius-users-
[EMAIL PROTECTED] On Behalf Of
Marinko
Tarlac
Sent: 20 November 2008 19:02
To: FreeRadius users mailing list
Subject: Re: New entry for Interim packet
Create CRON script which starts 5-10 min after midnight (first day in
the month) and disconnect all active users. Then you will have
AcctStopTime information in your database and you can sum traffic from
previous month...
Tony Spencer wrote:
Hello
Our setup is as follows:
Centos 5.2
FreeRADIUS Version 2.0.2
MySQL Version: 4.1.20
We are using FreeRadius for our ADSL users and its working fine.
Except when it comes to working out the usage stats for each user at
the end of each month.
Its easy to do with all sessions that started in the previous month
and have a Stop status.
But it's difficult when a session rolled over to the next month
because the status is Alive.
We're trying to find a why to make FreeRadius:
Enter a new entry into the Radacct table for a session for an Interim
update
Mark the previous session with a stop Status and update the OctetsIn
and OctetsOut for that session with the current value.
Set the new session OctetsIn and OctetsOut at zero until the next
update and then it starts from the beginning again.
However we can't find a way of making FreeRadius:
Run 2 sql statements in the same update.
Set the new session counter to zero and not roll over the next updates
Octets.
We have found the following site:
http://www.netexpertise.eu/en/freeradius/daily-accounting.html with a
way of doing this within MySQL with procedures, but apparently this
only works with MySQL 5.
Having installed MySQL 5 on a test server and importing our Radius
database we tried running the first procedure but get an error:
ERROR 1064 (42000): You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right
syntax to use near 'DECLARE COUNTER_LIMIT BIGINT(12)' at line 1
mysql SET COUNTER_LIMIT = POW(2,32);
ERROR 1193 (HY000): Unknown system variable 'COUNTER_LIMIT
Has anyone any ideas on how to do what we require or has anyone had
any luck with the instructions on the URL?
Thanks in advance.
Tony
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS + Cisco Aironet WAP
I can try, I need a little more detail; Model?(1100,1200) and what method of authentication were you thinking? -- Leigh On Thu, Nov 20, 2008 at 3:02 PM, Tim Gustafson [EMAIL PROTECTED] wrote: Hey, I know this is a bit off-topic, but I was wondering if anyone on the list might be able to help with configuring a Cisco Aironet WAP to authenticate wireless users against a FreeRADIUS server? Thanks in advance! Tim Gustafson SOE Webmaster UC Santa Cruz [EMAIL PROTECTED] 831-459-5354 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
