freeradius + ldap + cisco sslvpn
Dear all I have requirement of sslvpn authentication with freeradius + ldap server is there anyone have worked on freeradius + ldap or authenticate with goruping and other features... $ cat ~/satish/url.txt http://www.linuxbug.org _ - Why delete messages? Unlimited storage is just a click away.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: web based admin
Dear i need also this kind of setup i want to replace AAA ACS with freeradius but i dont know how accouning work in this case and authorization of cisco LEVEL base can u provide me doucment of URL for this setup Hawkins, Michael [EMAIL PROTECTED] wrote: Hi all, I am very familiar with Cisco Secure ACS for AAA of Cisco devices. I am considering using FreeRadius at another customer site instead of Cisco Secure ACS. Will I still be able to control command execution (authorization) etc via FreeRadius? Or would I be restricted to authentication only? What do people recommend I use as a web front end for FreeRadius when managing AAA on a Cisco network via FreeRadius? I've seen daloradius but that is geared to wireless hotspots. I've taken a quick look at phpRADmin and also ASN but I'm not sure which one is more mature and would like to know other peoples thoughts. Or is dailupadmin itself good enough? Any advice given is very much appreciated. Mike Hawkins - The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient please notify the sender immediately; you should not retain this message or disclose its content to anyone. Internet communications are not secure or error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored. - __ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email __ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt http://www.linuxbug.org _ - Unlimited freedom, unlimited storage. Get it now- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco sslvpn authentication with freeradius
Dear all I have cisco SSLVPN gateway and i want to authenticate user freeradius authentication server but i need more input from community what type of control i can done with it ?? Is it possible to control some user session or number of time to control is there anybody have done it ??/ $ cat ~/satish/url.txt http://www.linuxbug.org _ - 5, 50, 500, 5000 - Store N number of mails in your inbox. Click here.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS certificate Security question
Dear all I have installed EAP/TLS base authentication in my wirless network i have some question about security issue i have installed certificate on every laptop of wirless client machine now thing is that is some one will installed that certificate on unknow client then how can i privent them if one if my company user give his/her certificate so some one or hacker then ??? is it possible i create certificate per user i genrate ceruficate per username thats why no bodya can give his/her certificate to untrusted party or anyother guys .give me suggestion for this question how to more secure my wirless NETWORK.. $ cat ~/satish/url.txt http://www.linuxbug.org _ - Unlimited freedom, unlimited storage. Get it now- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CAR cisco radius replace freeradius
Dear all I have CAR cisco radius server with MPLS attribites but there is no Accouting option for users so is it possible to replace CAS radius with freeradius server ?? $ cat ~/satish/url.txt http://www.linuxbug.org _ - Did you know? You can CHAT without downloading messenger. Click here- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius error genrate CA.all certificate
Dear all I have installed openssl in /usr/local/openssl and installed radius with openssl support now what i going to genrate CA.all i got this error Certificate is to be certified until Oct 5 05:47:00 2008 GMT (365 days) Sign the certificate? [y/n]:y failed to update database TXT_DB error number 2 + openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever No certificate matches private key + openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever 5829:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:140: + openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der unable to load certificate 5830:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:642:Expecting: TRUSTED CERTIFICATE + echo -e '\n\t\t##\n' $ cat ~/satish/url.txt http://www.linuxbug.org _ - Get the freedom to save as many mails as you wish. Click here to know how.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup-admin - no clear_opensessions.php3
Currenty i am working on new freeradius Admin interface i will soon launch this package in mailling list David Antognini [EMAIL PROTECTED] wrote: Hi Guys, I have an older version of dialupadmin and I upgraded to the latest on sourceforge and now I don't see the clear_opensessions.php3 file and there is no way to do it in the gui.. Any thoughts? Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt http://www.linuxbug.org _ - Unlimited freedom, unlimited storage. Get it now- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: lan users data accounting
Yes like microtik but this functionality in single linux box. Hugh Messenger [EMAIL PROTECTED] wrote: satish patel said: i have no wireless accesspoint or anything i want to create it on my linux box gateway and it working like NAS i hope u got my question Sounds like you need something like Mikrotik's RouterOS with Hotspot. See www.mikrotik.com. The Mikrotik box can then talk to FreeRadius for authentication and accounting. Rgds satish patel -- hugh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt http://www.linuxbug.org _ - Get the freedom to save as many mails as you wish. Click here to know how.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lan users data accounting
dear i want linux server which one first authenticate to user and then start accouting like most ISP use i dont have NAS i want linux base NAS with support freeradius attributes Peter Nixon [EMAIL PROTECTED] wrote: On Fri 10 Aug 2007, satish patel wrote: dear all is there any radius or freeradius feature with accouting my lan users data means user authentication by lan and freeradius accouting that data FreeRADIUS accounts whatever it is sent. If your switch can send that data, then FreeRADIUS will happily receive it. -- Peter Nixon http://peternixon.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt http://www.linuxbug.org _ - Unlimited freedom, unlimited storage. Get it now- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
lan users data accounting
dear all is there any radius or freeradius feature with accouting my lan users data means user authentication by lan and freeradius accouting that data $ cat ~/satish/url.txt http://www.linuxbug.org _ - Get the freedom to save as many mails as you wish. Click here to know how.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: lan users data accounting
thnx for reply i need a LAN box + authentication gateway like i am small ISP and i have 200 users or client now thing is that when user goes to surffing on web then request come on my gateway and my gateway send popup for authentication something like that or manual authenication dialer now my gateway check authorization for users and if user is valid it will allow users to surffing net and also accouting of users data like download and upload like freeradius accouitng i have no wireless accesspoint or anything i want to create it on my linux box gateway and it working like NAS i hope u got my question Rgds satish patel Arran Cudbard-Bell [EMAIL PROTECTED] wrote: satish patel wrote: dear all is there any radius or freeradius feature with accouting my lan users data means user authentication by lan and freeradius accouting that data If you mean, can you have something other than FreeRADIUS as an authenticator and still record the users accounting data . That is entirely dependent on your NAS... Certainly the protocol supports it, and theres even an accounting record attribute specifying what authenticated the user, the accounting record is in regards to. We have a static WEP bssid set up on our access points, and the access points still generate accounting packets for the client associated. If however your talking about some magical feature in FreeRADIUS, where it sits on your lan at some key point , and generates accounting data ... then no. It would be perfectly possible to write a client that did this with passive packet inspection, which could then forward on the results to the FreeRADIUS server, however FreeRADIUS won't do this itself. $ cat ~/satish/url.txt http://www.linuxbug.org _ Get the freedom to save as many mails as you wish. Click here to know how. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt http://www.linuxbug.org _ - Did you know? You can CHAT without downloading messenger. Click here- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius authentication LAN users
Dear all I am on ISP and i want to configure billing gateway means user authentuicate that gateway and surffing net so is these type of any opensource package is available and radius for billing Rgds satish patel $ cat ~/satish/url.txt http://www.linuxbug.org _ - 5, 50, 500, 5000. Store N number of mails in your inbox. Click here.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialupadmin not displaying menu
This is php3 error go in to /etc/httpd/conf.d/php.conf and add this line AddType application/x-httpd-php .php3 and restart httpd Carl aniams [EMAIL PROTECTED] wrote: hi, I am installing a wireless hotspot with freeradius.the installation went fine, but when trying to display the dialupadmin html page http://localhost /dialupadmin the pae displays fine but the menu on the left is not displayed as it should be. instead i observed that it is the content of a php3 script in the conf file that are written need a help please -- -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_ ANIAMBOSSOU Carl NIAMS TECHNOLOGIES tel: +229 90 04 08 58 +229 97 48 01 33 COTONOU REPUBLIC OF BENIN WEST AFRICA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt http://www.linuxbug.org _ - Did you know? You can CHAT without downloading messenger. Know how!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
log_badlogins problem
Dear all I have some problem with dailup admin i got this error when i run log_badlogin script suse:/usr/local/dialup_admin/bin # perl -w log_badlogins /var/log/radius/radius.log /usr/local/dialup_admin/conf/admin.conf Name main::force used only once: possible typo at log_badlogins line 105. Use of uninitialized value in string eq at log_badlogins line 43, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 44, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 45, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 46, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 47, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 48, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 49, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 50, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 51, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 52, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 53, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 54, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 55, CONF line 43. Use of uninitialized value in string eq at log_badlogins line 43, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 44, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 45, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 46, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 47, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 48, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 49, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 50, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 51, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 52, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 53, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 54, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 55, CONF line 60. Use of uninitialized value in string eq at log_badlogins line 43, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 44, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 45, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 46, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 47, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 48, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 49, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 50, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 51, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 52, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 53, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 54, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 55, CONF line 65. Use of uninitialized value in string eq at log_badlogins line 43, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 44, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 45, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 46, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 47, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 48, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 49, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 50, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 51, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 52, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 53, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 54, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 55, CONF line 145. Use of uninitialized value in string eq at log_badlogins line 43, CONF line 147. Use of uninitialized value in string eq at log_badlogins line 44, CONF line 147. Use of uninitialized value in string eq at log_badlogins line 45, CONF line 147. Use of uninitialized value in string eq at log_badlogins line 46, CONF line 147. Use of uninitialized value in string eq at log_badlogins line 47, CONF line 147. Use of uninitialized value in string eq at
mysql database limit
Dear ALL I have single machine with model name : Intel(R) Pentium(R) D CPU 2.80GHz + RAM 512 - configuration i am plaing to use freeradius-1.0.0 with mysql with 500 users so what about the performance issue so it will working fine in this configuration or not What is the limit of radacct table in mysql is there any limit of data how much it will go up to data in mysql or any performance issuse with more data ??? $ cat ~/satish/url.txt http://www.linuxbug.org _ - Download prohibited? No problem! CHAT from any browser, without download.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users graph from freeradius counter
Dear All I have useing freeradius and it is working fine but now i want to create per user download and upload graph so it is possible but any package ??? $ cat ~/satish/url.txt http://www.linuxbug.org _ - Office firewalls, cyber cafes, college labs, don't allow you to download CHAT? Here's a solution! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP billing with freeradius
thnks for reply dear But my requiremnt is a bit different means i explain u in depth i have datacenter in data center many customers and we are giving ip pool to our customer and terminate that pool on 6500 cisco core switch so i want bandwidth counter on that port wheather all customer server connected so that i can billing of that perticuler port means how much upload and how much download traffic of that port then i can genrate bill of that port it is not possible i can genrate traffic uage of verey servers so that i want to genrate traffic counter of that single cisco switch port you got it my point it is possibel through mrtg but i want counter values so it is possible with freeradius [EMAIL PROTECTED] wrote: If you are using sql accounting then make a sqlcounter that counts octets and send Auth-Type Reject if counter is over 10GB. Ivan Kalik Kalik Informatika ISP Dana 7/5/2007, satish patel pi¹e: Dear Sir I am working in data center so i need ip base billing means which ip address useing how much bandwidth means i give 10 GB data transfer to my one customer and 10GB data transfer reached then i got mesge or i can block the port of server what ever this is example so it is possible can i accouting of data transfer through my core switch ?? Reghards Satish Patel $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Office firewalls, cyber cafes, college labs, don't allow you to download CHAT? Here's a solution! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Office firewalls, cyber cafes, college labs, don't allow you to download CHAT? Here's a solution! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter monthly counter impementation problem
delimiter = %
ignore_default = no
ignore_null = no
}
realm ntdomain {
format = prefix
delimiter = \\
ignore_default = no
ignore_null = no
}
checkval {
item-name = Calling-Station-Id
check-name = Calling-Station-Id
data-type = string
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
preproxy_usersfile = ${confdir}/preproxy_users
compat = no
}
detail {
detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
}
$INCLUDE ${confdir}/sql.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = yes
perm = 0600
callerid = yes
}
radutmp sradutmp {
filename = ${logdir}/sradutmp
perm = 0644
callerid = no
}
attr_filter {
attrsfile = ${confdir}/attrs
}
counter daily {
filename = ${raddbdir}/db.daily
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
allowed-servicetype = Framed-User
cache-size = 5000
}
always fail {
rcode = fail
}
always reject {
rcode = reject
}
always ok {
rcode = ok
simulcount = 0
mpp = no
}
expr {
}
digest {
}
exec {
wait = yes
input_pairs = request
}
exec echo {
wait = yes
program = /bin/echo %{User-Name}
input_pairs = request
output_pairs = reply
}
ippool main_pool {
range-start = 192.168.1.1
range-stop = 192.168.3.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
}
instantiate {
exec
expr
}
authorize {
preprocess
chap
mschap
suffix
sql
noresetcounter
dailycounter
monthlycounter
daily
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
}
preacct {
preprocess
acct_unique
suffix
files
}
accounting {
detail
daily
unix
sql
radutmp
}
session {
sql
}
post-auth {
}
pre-proxy {
}
post-proxy {
eap
}
_
I will charge for this document and help
Kidding...;
contect me if u get more help regarding freeradius
Name :- Satish Patel
Company:- Tulip It Services ( Data Center ) ( Delhi )
Email :- [EMAIL PROTECTED]
Mobile : - +91-9818875535
Cory Robson [EMAIL PROTECTED] wrote:
I have the following configuration in my radius.conf file. The counter does
function as such and if the user has utilized the allotted time it will not
allow them to connect.
However I'm looking to see how to also apply it to the session limit.
(IE adjust the session time. If user has a max session defined as 4 hrs but
only has 2 hrs left of the monthly limit then adjust this to have them
dropped automatically once this has been reached)
sqlcounter monthlycounter {
counter-name = Monthly-Session-Time
check-name = Max-Monthly-Session
sqlmod-inst = sql
key = User-Name
reset = monthly
# This query properly handles calls that span from the
# previous reset period into the current period but
# involves more work for the SQL server than those
# below
# The same notes above about the differences between mysql
# versus postgres queries apply here
IP billing with freeradius
Dear Sir I am working in data center so i need ip base billing means which ip address useing how much bandwidth means i give 10 GB data transfer to my one customer and 10GB data transfer reached then i got mesge or i can block the port of server what ever this is example so it is possible can i accouting of data transfer through my core switch ?? Reghards Satish Patel $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Office firewalls, cyber cafes, college labs, don't allow you to download CHAT? Here's a solution! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mssql to mysql migration
it is not opening http://www.navicat.com/ [EMAIL PROTECTED] wrote: http://www.navicat.com/ Ivan Kalik Kalik Informatika ISP Dana 26/4/2007, satish patel pi¹e: Dear I have running freeradius + mssql but now i wann put all databases in mysql so i am gonn use mysql with freeradius so is there any tool which convert MSSQL databases in MYSQL database so i just pull data from mssql and put it in mysql so it is possible ??? or which tool is there which help me $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - SHOUT IT OUT! Tell everyone, from anywhere, that you're online on Yahoo! Messenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - SHOUT IT OUT! Tell everyone, from anywhere, that you're online on Yahoo! Messenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : FreeRadius + Freetds + unixodbc
Freeradius + mssql more help project :- http://linux.tulipit.com RPM installation [EMAIL PROTECTED] ha.d]# rpm -qa | grep freetds freetds-0.62.1-1 freetds-devel-0.62.1-1 freetds-unixodbc-0.62.1-1 [EMAIL PROTECTED] ha.d]# rpm -qa | grep unixODBC freeradius-unixODBC-1.0.1-2.RHEL4 unixODBC-kde-2.2.9-1 unixODBC-devel-2.2.9-1 unixODBC-2.2.9-1 Software: Using FreeRADIUS with MSSQL requires three components: * FreeRADIUS - the radius server software * FreeTDS - this is a set of libraries that know how to talk to a MSSQL server. * unixODBC - this is a conduit between FreeRADIUS and FreeTDS. At one time, I think FreeRADIUS supported FreeTDS directly, but for some reason the FreeRADIUS folks removed that capability in recent versions. So we have to use unixODBC now. No biggie really. It's still pretty simple. I used the following versions on my box: * FreeRADIUS 1.1.0 * FreeTDS 0.63 * unixODBC 2.2.11 If your distro has these as RPMs, debs, etc, you might be able to get it going with what the distro provides. If so, you can skip the install instructions and focus on the configuration (but do be careful as your files won't likely be in the same place that my files are). However, since I may want to use eDirectory later, and since there is a special configure switch for FreeRADIUS to turn on eDirectory support, I'm starting from scratch with all of them. Compiling and installing: untar freeradius-1.1.4.tar.gz and compilation option is ./configure --localstatedir=/var --sysconfdir=/etc make make install The general order to compile these three components is: 1. unixODBC 2. FreeTDS 3. FreeRADIUS Part I - compiling/installing unixODBC and FreeTDS unixODBC: pretty straightforward. Just do a standard ./configure make make install However, if your Linux box doesn't have X Windows (mine doesn't), do a ./configure --enable-gui=no so that it won't try to compile any GUI components. The only components of unixODBC that you have to deal with are the configuration file odbc.ini and the isql testing program. The install routine puts odbc.ini in /usr/local/etc, and puts isql in /usr/local/bin/ . You can't really tweak the ini file until after you've installed FreeTDS, so we'll skip that part for now. What you need from unixODBC: you need the odbc.ini file in /usr/local/etc and the isql program in /usr/local/bin. FreeTDS: again, pretty straightforward. ./configure make make install I didn't need any options for ./configure. I think at one time you had to tell it where unixODBC was, but versions since ~0.62 can find it by themselves (which is why you have to compile/install unixODBC first... ) what you need from FreeTDS: the freetds.conf file in /usr/local/etc, the libtdsodbc.so file in /usr/local/lib, and the tsql testing program in /usr/local/bin After you've got unixODBC and freeTDS installed, you almost ready to start configuring files and testing your database connectivity. Initial Test of FreeTDS: Before you jump into the configuring part, do a quick test to make sure your box can actually connect to your SQL server and that FreeTDS compiled and installed cleanly. (Note that at this point, we aren't really using the unixODBC stuff yet). Use the tsql program to do this. My SQL server name is blackboard, and I'll use a SQL username of tester and a password of letmein to get in. tsql -H blackboard -p 1433 -U tester -P letmein If it works, you should see this: locale is en_US locale charset is ISO-8859-1 1 If you see that, you know that you can at least talk to your SQL server. That is a Good Thing (tm). If the test fails, try using the IP instead of the hostname (or edit your resolv.conf/update your DNS records/etc). If it still fails, make sure you've, umm, you know, really GOT a SQL user on your database server named tester. If it still still fails, you've got mondo problems that I won't get into here... BTW - type quit to end the connection to the sql server. Configuration file example:- ___/etc/odbc.ini [EMAIL PROTECTED] etc]# cat odbc.ini [ODBC Data Sources] FILEMANAGER = Radius on Blackboard [FILEMANAGER] Driver = /usr/lib/libtdsodbc.so Description = Radius on Blackboard Trace = No Servername = FILEMANAGER Database = radius [Default] Driver = /usr/lib/libtdsodbc.so ___/etc/freetds.conf [EMAIL PROTECTED] etc]# cat freetds.conf [global] tds version = 8.0 initial block size = 512 text size = 64512 [FILEMANAGER] host = filemanager port = 1433 tds version = 8.0 dump file = /tmp/freetds.log dump file append = yes __/etc/odbcinst.ini___ [EMAIL PROTECTED] etc]# cat odbcinst.ini [ODBC] Trace = Yes TraceFile = /tmp/sql.log ForceTrace = Yes Pooling = No
mssql to mysql migration
Dear I have running freeradius + mssql but now i wann put all databases in mysql so i am gonn use mysql with freeradius so is there any tool which convert MSSQL databases in MYSQL database so i just pull data from mssql and put it in mysql so it is possible ??? or which tool is there which help me $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - SHOUT IT OUT! Tell everyone, from anywhere, that you're online on Yahoo! Messenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User never get disconnected (was Re: Simultaneous-Use problem)
I have faceing same problem when some time NAS send ACCT-STOP packet and packet would be lost then user session would be open and next time whne user try to login he/she got error multilogin so that i have implement checkrad.pl script and check simultaneouse users through SNMP and it is working fine but i dont know why acct-stop packet lost I have one more query regarding idle-time out if i set idle-time out 5 min then user automaicaly disconnect if connection was idle but suppose NAS send acct-stop packet and packet will be lost then idle-time out work in this case PD [EMAIL PROTECTED] wrote: On 4/12/2007, [EMAIL PROTECTED] wrote: + what cause of this problem ? Either NAS thinks that users are still connected or your RADIUS server is not receiving Stop packages. If NAS (NAS not radacct table) shows users as connected you can add Idle-Timeout of about 5 minutes in user (or group) configuration. If RADIUS packets are not being received have a look at your network. NAS needs reliable connection to RADIUS server - you shouldn't have firewalls and such in the way. Well... the problem only persist sometime.. let say once or two timeseveryday. The communication between Radius box and NAS using STP cable. Currently we are still on development stage of hotspot system. Before implement them on big area, we found some problem, like explain above. When I log in and log out or shut the notebook down without logout, I can see both start and stop the record on radacct table, I could not find the problem sources.. perhaps someone else has face the same problem ? + how to delete this entry daily (perhaps with crontab) Don't do that. Fix your server communication and then delete stale entries once. Well.. with simultaneous-use:=1, the same user will not be able login anymore because radius see that he / she still online. TIA PD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Check out what you're missing if you're not on Yahoo! Messenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User never get disconnected (was Re: Simultaneous-Use problem)
checkrad work only for simultaneous detection not fix my stop time entry in sql it is possible to modify checkrad to fix sql stop time in radacct table ? [EMAIL PROTECTED] wrote: If you are happy with reliability then fix checkrad and it will clean these random drops. That is the utility that radiusd calls to check stale entries and in sql.conf you can enable deletion of such entries. Just make sure that such users are not listed as active by the hotspot. If NAS thinks they are still loged on, RADIUS can't do anything about it. Ivan Kalik Kalik Informatika ISP Dana 12/4/2007, PD pi¹e: On 4/12/2007, [EMAIL PROTECTED] wrote: + what cause of this problem ? Either NAS thinks that users are still connected or your RADIUS server is not receiving Stop packages. If NAS (NAS not radacct table) shows users as connected you can add Idle-Timeout of about 5 minutes in user (or group) configuration. If RADIUS packets are not being received have a look at your network. NAS needs reliable connection to RADIUS server - you shouldn't have firewalls and such in the way. Well... the problem only persist sometime.. let say once or two timeseveryday. The communication between Radius box and NAS using STP cable. Currently we are still on development stage of hotspot system. Before implement them on big area, we found some problem, like explain above. When I log in and log out or shut the notebook down without logout, I can see both start and stop the record on radacct table, I could not find the problem sources.. perhaps someone else has face the same problem ? + how to delete this entry daily (perhaps with crontab) Don't do that. Fix your server communication and then delete stale entries once. Well.. with simultaneous-use:=1, the same user will not be able login anymore because radius see that he / she still online. TIA PD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Check out what you're missing if you're not on Yahoo! Messenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius mssql problem
Dear I have many time posted question about freeradius mssql but i didnt get any satisfied ans i am again going to explain my problem i have freeradius version 1.1.0 with runing mssql windows and problem is acct-stop packet i have cisco NAS vpdn configuration users login and start recored is updated but some time when everything runing and my radius goes down due to power failure but my sql on UPS now when i restart my radius and i run radutmp there is list of users but in cisco router there is no one users now user try to login they got error max 1 login i got it this is the error of radutmp now i delete this file and users again able to login but some users stop account not updated so i got this error Mon Mar 12 14:55:43 2007 : Error: rlm_sql (sql): Couldn't insert SQL accounting STOP record - 0 Mon Mar 12 14:55:48 2007 : Error: rlm_sql_unixodbc: '22007 [unixODBC][FreeTDS][SQL Server]Syntax error converting datetime from character string.i?' Mon Mar 12 14:55:48 2007 : Error: rlm_sql (sql): Couldn't insert SQL accounting STOP record - 0 Mon Mar 12 14:55:53 2007 : Error: rlm_sql_unixodbc: '22007 [unixODBC][FreeTDS][SQL Server]Syntax error converting datetime from character string.' Mon Mar 12 14:55:53 2007 : Error: rlm_sql (sql): Couldn't insert SQL accounting STOP record - 0 is there any solution about this type of error $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Check out what you're missing if you're not on Yahoo! Messenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco Configuration
Dear all
Here I am shareing my Knowledge. for freeradius users. i have
done freeradius-1.1.4 with mysql with cisco VPDN configuration as well as i
have configuraed per user base bandwidth configuration and simultanious user
login configuration i have sharing my configuration for my freeradius users
I have cisco router with this configuration
aaa new-model
!
!
aaa group server radius testing123
server-private 71.5.250.243 auth-port 1812 acct-port 1813 key tulipconnect
ip radius source-interface FastEthernet0/1
deadtime 0
!
aaa authentication login default local group radius group testing123
aaa authentication ppp default group testing123 local
aaa authorization exec default local group radius group testing123
aaa authorization network default group testing123 local
aaa accounting update periodic 1
aaa accounting exec default start-stop group testing123
aaa accounting network default start-stop group testing123
aaa accounting connection default start-stop group testing123
!
_
My all user databases in mysql and simultanius login also in mysql
mysql tables :-
mysql select * from radcheck;
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | satish | User-Password | := | tulip |
| 2 | priya| User-Password | := | tulip |
++--+---++---+
2 rows in set (0.00 sec)
mysql select * from radgroupcheck;;
++---+--++---+
| id | GroupName | Attribute| op | Value |
++---+--++---+
| 1 | 64KB | Simultaneous-Use | := | 1 |
| 4 | 128KB | Simultaneous-Use | := | 1 |
++---+--++---+
2 rows in set (0.00 sec)
mysql select * from radgroupreply;;
++---+-+++--+
| id | GroupName | Attribute | op | Value
| prio |
++---+-+++--+
| 1 | 64KB | Framed-Protocol | = | PPP
|0 |
| 2 | 64KB | Framed-MTU | = | 1400
|0 |
| 3 | 64KB | Service-Type| = | Framed-User
|0 |
| 4 | 128KB | Framed-Protocol | = | PPP
|0 |
| 5 | 128KB | Framed-MTU | = | 1450
|0 |
| 6 | 128KB | Service-Type| = | Framed-User
|0 |
| 7 | 128KB | Cisco-Avpair| = | lcp:interface-config#1=rate-limit
output 128000 1 1 conform-action continue exceed-action drop |0 |
++---+-+++--+
7 rows in set (0.00 sec)
mysql select * from usergroup;
++--+---+
| id | UserName | GroupName |
++--+---+
| 1 | satish | 64KB |
| 3 | priya| 128KB |
++--+---+
2 rows in set (0.00 sec)
Simultanious Login configuration ( edit this file /etc/raddb/sql.conf )
###
# Simultaneous Use Checking Queries
###
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use
checking
# - will be performed by this module instance
# simul_verify_query- query to return details of current
connections for verification
# - Leave blank or commented out to disable
verification step
# - Note that the returned field order should not
be changed.
###
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE
Re: Problem with freeradius and mysql
Dear all
Here I am shareing my Knowledge. for freeradius users. i have
done freeradius-1.1.4 with mysql with cisco VPDN configuration as well as i
have configuraed per user base bandwidth configuration and simultanious user
login configuration i have sharing my configuration for my freeradius users
I have cisco router with this configuration
aaa new-model
!
!
aaa group server radius testing123
server-private 71.5.250.243 auth-port 1812 acct-port 1813 key tulipconnect
ip radius source-interface FastEthernet0/1
deadtime 0
!
aaa authentication login default local group radius group testing123
aaa authentication ppp default group testing123 local
aaa authorization exec default local group radius group testing123
aaa authorization network default group testing123 local
aaa accounting update periodic 1
aaa accounting exec default start-stop group testing123
aaa accounting network default start-stop group testing123
aaa accounting connection default start-stop group testing123
!
_
My all user databases in mysql and simultanius login also in mysql
mysql tables :-
mysql select * from radcheck;
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | satish | User-Password | := | tulip |
| 2 | priya| User-Password | := | tulip |
++--+---++---+
2 rows in set (0.00 sec)
mysql select * from radgroupcheck;;
++---+--++---+
| id | GroupName | Attribute| op | Value |
++---+--++---+
| 1 | 64KB | Simultaneous-Use | := | 1 |
| 4 | 128KB | Simultaneous-Use | := | 1 |
++---+--++---+
2 rows in set (0.00 sec)
mysql select * from radgroupreply;;
++---+-+++--+
| id | GroupName | Attribute | op | Value
| prio |
++---+-+++--+
| 1 | 64KB | Framed-Protocol | = | PPP
|0 |
| 2 | 64KB | Framed-MTU | = | 1400
|0 |
| 3 | 64KB | Service-Type| = | Framed-User
|0 |
| 4 | 128KB | Framed-Protocol | = | PPP
|0 |
| 5 | 128KB | Framed-MTU | = | 1450
|0 |
| 6 | 128KB | Service-Type| = | Framed-User
|0 |
| 7 | 128KB | Cisco-Avpair| = | lcp:interface-config#1=rate-limit
output 128000 1 1 conform-action continue exceed-action drop |0 |
++---+-+++--+
7 rows in set (0.00 sec)
mysql select * from usergroup;
++--+---+
| id | UserName | GroupName |
++--+---+
| 1 | satish | 64KB |
| 3 | priya| 128KB |
++--+---+
2 rows in set (0.00 sec)
Simultanious Login configuration ( edit this file /etc/raddb/sql.conf )
###
# Simultaneous Use Checking Queries
###
# simul_count_query - query for the number of current connections
# - If this is not defined, no simultaneouls use
checking
# - will be performed by this module instance
# simul_verify_query- query to return details of current
connections for verification
# - Leave blank or commented out to disable
verification step
# - Note that the returned field order should not
be changed.
###
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE
Re: Getting required information from freeradius accounting log
in radius source some useful script which is genrate some report for users so u
can modify thoes script and use it
Diot, Sylvain [EMAIL PROTECTED] wrote:
st1\:*{behavior:url(#default#ieooui) } Hi all,
Is there any kind of tool like a log viewer that would allow me to extract
the information I want from the /var/log/radius/acct-radius.log?
Id like to be able to obtain a report that would look like this:
+-+
| Session Start Date/Time |
+-+
| Session Stop Date/Time |
+-+
| Session Duration|
+-+
| Client Username |
+-+
| Client MAC Address (Calling ID Station) |
+-+
| User IP Address |
+-+
| NP Policy Name |
+-+
| Tunnel Private Group ID |
+-+
I have to mention I dont have any experience in scripting.
Cheers,
Sylvain
Sylvain Diot
Network Support Officer
Infrastructure Services
Directorate of Information Technology
University of Aberdeen
[EMAIL PROTECTED]
Tel: 01224 272083
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP support for radius problem
I am confusing between to community key one which is store in cat /etc/raddb/snmp.cong smux_password = verysecret and second which is located in /etc/snmp/snmpd.conf smuxpeer .1.3.6.1.4.1.3317.1.3.1 verysecret rocommunity public so which one i use to query to freeradius ?? verysecret ??? public can any one explain me which one i use with snmpwalk command public or verysecret ??? when i use public i it give me system information not radius and when i use verysecret it give me nothing timeout ??? Kevin Bonner [EMAIL PROTECTED] wrote: On Wednesday 28 March 2007 08:17:00 satish patel wrote: main: smux_password = verysecret main: snmp_write_access = no SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: verysecret SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. SMUX read start SMUX read len: 12 SMUX message received type: 67 rest len: 4 SMUX_RRSP SMUX_RRSP value: 0 errstat: 0 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. This looks good. It successfully registered with the local SNMP daemon, which means FreeRADIUS is built with SNMP support and is properly configured. Now i have run snmpwalk but i didnt get any output from radius $snmpwalk -v 1 -c public localhost .1.3.6.1.2.1.67.1.1.1.1 End of MIB This looks correct as well. Make sure the public community has permission to view that OID tree. I did test my local SNMP config and receive the same results when I restrict the public community from accessing that OID. Kevin Bonner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP support for radius problem
Thanks for help i got it and now my freeradius working with snmpd and it is working fine now can u tell me what i monitor through snmpd means can i check how much users login currently and how much failed and what stat i can check throgh this feature $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
avaya with freeradius accounting
Dear is there possiblem avaya VOIP accounting with freeradius is there any support for avaya ??? $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SNMP support for radius problem
Dear I have useing freeradius since long time and it is working fine for me but i have some issue thats why i want support for SNMP. means i want to monitor my remote freeradius server through SNMP but it is not work i have read many document FAQ but i didn't get satisfectory ans... My configuration I have compile freeradius with snmp support ( --with-snmp ) $ cat /etc/raddb/snmp.conf smux_password = verysecret snmp_write_access = no $ cat /etc/snmpd/snmpd.conf ---add this line smuxpeer .1.3.6.1.4.1.3317.1.3.1 verysecret restart snmpd daemon $radiusd -X --- debug mode main: smux_password = verysecret main: snmp_write_access = no SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: verysecret SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. SMUX read start SMUX read len: 12 SMUX message received type: 67 rest len: 4 SMUX_RRSP SMUX_RRSP value: 0 errstat: 0 --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. Now i have run snmpwalk but i didnt get any output from radius $snmpwalk -v 1 -c public localhost .1.3.6.1.2.1.67.1.1.1.1 End of MIB also i have try many veriasion with MIB but i didntget ans and i m confusing about snmp community when i try with this community verysecret i got Time out so what is the difference between verysecret and public ??? which comunity i use to qurey with my freeradius and how can i check my radius comiple successfuly with SNMP support ??? $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
POD not work with radclient
Dear guys I am comming with new problem now i have enable POD packet of disconnet on cisco router and now i m trying to disconnect user with radclient command but i got this output [EMAIL PROTECTED] ~]# cat packet.txt Acct-Session-Id=C476 User-Name=mlpm607 X-Ascend-Session-Svr-Key=396830D9 NAS-IP-Address=192.168.1.1 [EMAIL PROTECTED] ~]# cat packet.txt | radclient -x 192.168.1.1:1700 disconnect tulip786 Sending Disconnect-Request of id 115 to 192.168.1.1 port 1700 Acct-Session-Id = C476 User-Name = mlpm607 X-Ascend-Session-Svr-Key = 396830D9 NAS-IP-Address = 192.168.1.1 rad_recv: Disconnect-NAK packet from host 192.168.1.1:1700, id=115, length=41 Reply-Message = No Matching Session why user not disconnect from NAS but user still login on NAS ? $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP + CHAP problem
Dear
I have implement freeradius with LDAP + cisco VPDN my problem is my
authentication working with PAP but when i try for authentication from CHAP it
is not working error is password not clear text so i have read many document
about it and ppl talking about store passwd in clear text but also i have ass
passwd in clear text still it is not working
$cat users.ldif
dn: uid=example,ou=users,ou=radius,dc=tulipit,dc=com
objectClass: person
objectClass: inetOrgPerson
cn: example
sn: example
uid: example
userPassword: test
but this is not work with my CHAP authentication so what is the problem can
anyone explain me in detail i want to know resone about this problem
also i have change password_header ={clear} in radius.conf file but still
not working
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius with ldap
Dear all I am going to installed freeradius with ldap but my problem is i m confused about ldap and chap i want impement VPDN and users authenticate through ldap so CHAP will work or not how can i configure ldif file for users where i will define attributes is there any site regarding ldap with freeradius $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius problem : need help
check radwatch is runing or not is runing then kill radwatch it is for watching radiusd deamon for monitoring radius process elmalhi abdelghani [EMAIL PROTECTED] wrote: what means plaese this : There appears to be another RADIUS server running on the authentication port 1812 and if I typ for example the command:' ps a ' i don't found radiusd ? regards. - Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bandwidth and volume limit
u can limit bandwith per users basis i am using cisco AV-pair attributes for limiting bandwidth for users upload and download u can see my document on last posted ans Alan DeKok [EMAIL PROTECTED] wrote: Mathieu Lemaitre wrote: HI all, I'm running freeradius 1.0.2 on a debian stable. For new clients, I need to implement 2 functions: * a bandwidth limit on a per-user basis. I mean, I need to be able to set, for a user, a value for his upstream and downstream bw, which is sent by the radius as a reply attribute. Are they predefined attributes to do this? No. See the NAS documentation. It may do this, but likely not. * a volume limit: I'd like to be able to set a maximum amount of data monthly downloadable for each user. There is no standard way to do that. See the NAS documentation. It may do this, but likely not. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius cisco command accounting
Dear's is there any feature in freeradius provide cisco command accouning means users run command on cisco router and radius provide me command log ?? per users i want to replace my tacace with freeradius $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius radwho output 999
Dear 's I have useing freeradius-1.1.0 with mssql when i run radwho i have seen this optout #radwho mlpm482mlpm482 PPP 999 Thu 10:11 192.168.1 10.100.13.205 mlpm636mlpm636 PPP 999 Thu 11:31 192.168.1 10.100.14.178 so what is 999 this is error or somting else can anybody explain me what is this ?? $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad problem solved get solution
Dear guys
I have solve the problem of checkrad for simultenous login i have
face many problem first time but finaly i got solution and i have modifiy my
script for my nas
i have freeradius-1.1.0 with MSSQL2000 with cisco 3700 NAS
i want to share my solution with all freeradius guys those are faceing this
problem
I am useing checkrad with SNMP and i have change some thing in my script.
checkrad script take input from radius when user try for login like
suse:/ # checkrad
Usage: checkrad nas_type nas_ip nas_port login session_id
suse:/ #
checkrad get input nas_type from client.conf nas_type and nas_ip
then user name and port take from login time whn user try for login ...
but i dont user port and id_session caz my cisco nas MIB not support port and
session thats why i am useing only login name first check manualy through this
method
#checkrad -d cisco 71.5.250.199 43 satish 0004F09
return 0 ( Login OK )
this script just run snmpwalk command and fetch user all user name and gerp
specific name which is store in login name veriable in per script ( checkrad )
and compare against of snmpwalk out put if user match then give u error code 1
( dobule 1 Login ) this is the login of script
* Just change in this line of perl script and test your login
Note :- i am useing cisco nas type so the perl excute cisco_snmp subrutine so
please find this code in cisco_snmp subrutine
this is testing perpose after testing replave $login = satish; with this line
my $login = $ARGV[3];
my change in checkrad.pl
$login = satish;
if($login eq $ARGV[3]) {
return 1;
}else{
$out=snmpwalk($ARGV[1],$pass,1.3.6.1.4.1.9.10.24.1.3.2.1.2.3.45);
if($out=~/\$ARGV[3]\/){
return 1;
}else{
return 0;
you can see the login here $login store satish veriable then this script check
$ARGV[3] veriable this veriable we can get on login time whn will try to
satish login then snmpwalk run this command with MIB now point is you have
to find MIB for online users u can find mib through the software or something
else i have also find MIB and put it there with snmpwalk command then second
if($out=~/\$ARGV[3]\/){ this will check user if it get in snmpwalk out
put then u got doble login error if not match the u got single login means no
one login this time with user name satish ..
and put Simultenouse-use := 1 attributes in user file
my entry is
satish Auth-Type := Local, User-Password == testing, Simultaneous-Use := 1
Service-Type = Framed-user,
Framed-Protocal = PPP,
Fall-Through = Yes
Contact : -
me if you have any problem regarding Simultenouse login problem
.
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad or sql base simultaneous-use
Note: forwarded message attached.
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers ---BeginMessage---
Tanks dear
But dear my problem is i am useing simultaneous-use with sql and it
is working fine but my problem is users connect with NAS ( cisco vpdn ) but
some user stuck in mssql database radacct tables means user connection error or
any other error users got disconnect and then they try for login i got some log
user already login because in radacct table use AcctStopTime = 1/1/1900 thats
why those user not able to login how can i automaticaly close this session is
there any attribute which is automaticaly clear idle session one more thing i
have set idle-timeout attributes but it's also not work ??? what is the
problem of users stuck in database thats why i want to change my
simultaneouse-use with checkrad script is it solve by checkrad
script.???
[EMAIL PROTECTED] wrote: radwho lists online users according to radutmp
checkrad doesn't use radwho. It asks NAS if user so and so is on
port so and so with session ID so and so.
In session you choose if looking for online users will be done in
database or radutmp. checkrad will be called when online user is
detecded if you put cisco as nastype. If you put other it won't.
Ivan Kalik
Kalik Informatika ISP
Dana 12/3/2007, satish patel
pi¹e:
anyone help me please
I have many problem for simultaneous login user problem i have
freeradius-1.1.0 with MSSQL with cisco VPDN configuration i dont know why
simultaneous not working with checkrad script
can u explain me i have confusen in radwho and checkrad command so checkrad
command use radwho output and what is sql base simultenoues detection if
i enable sql in /etc/radb/radius.conf in session part
like :-
Session {
# radtump
sql
}
what is the radutmp and sql if i use radutmp then checkrad call by radius or
not i have confuseion in checkrad andsql base simultenous use can u
explain me
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html---End Message---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Syntax error converting datetime from character string
Thank 4 your ans
Can u tell me mssql support unix date time
but one morething i got this problem sometime not every time i got this problem
after 2 and 3 days and my radiusd goes down so is there problem regarding unix
datetime
Cory Robson [EMAIL PROTECTED] wrote:v\:*
{behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:*
{behavior:url(#default#VML);} .shape {behavior:url(#default#VML);}
st1\:*{behavior:url(#default#ieooui) } You will need to configure
your sql server to store dates in unix format, not having worked with mssql2000
for a while I couldnt tell you how to do it but Im betting thats where your
problem is.
-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of satish patel
Sent: Tuesday, 13 March 2007 3:11 PM
To: freeradius-users
Subject: Syntax error converting datetime from character string
Dear all
I have setup freeradius-1.1.0 with Cisco VPDN with MSSQL2000 but
i got this error and my radius goes down
Tue Mar 13 10:57:44 2007 : Error: rlm_sql_unixodbc: '22007
[unixODBC][FreeTDS][SQL Server]Syntax error converting datetime from character
string.'
Tue Mar 13 10:57:44 2007 : Error: rlm_sql (sql): Couldn't insert SQL
accounting STOP record - 0
what is this ??? is this any bug or radiusd or mssql200
can anybody explain me for this problem
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius with mssql performance
Dear guys anybody idea of freeradius with MSSQL compatibliy or performance issue ..which is best of method with radius MySql or MSSQL which one is best for radius performance $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad not work with cisco VPDN
Dear sir i have useing freeradius + cisco vpdn router but i have this problem when i run checkrad manually [EMAIL PROTECTED] ~]# checkrad cisco 192.168.1.1 800 mlpm034 C555 SNMP Error: Received SNMP response with error code error status: noSuchName index 1 (OID: 1.3.6.1.4.1.9.2.9.2.1.18.800) SNMPv1_Session (remote host: 192.168.1.1 [192.168.1.1].161) community: public request ID: -91963655 PDU bufsize: 8000 bytes timeout: 2s retries: 5 backoff: 1) at /usr/local/sbin/checkrad line 221 checkrad: No SNMP answer from cisco. what is this and when i check checkrad.log file i shown.. snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 192.168.1.1 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) Mon Mar 12 12:35:12 2007 checkrad cisco 192.168.1.1 800 mlpm034 C555 No SNMP answer from cisco. user at port S800: snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 192.168.1.1 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) Mon Mar 12 12:35:33 2007 checkrad cisco 192.168.1.1 800 mlpm034 C555 No SNMP answer from cisco. user at port S800: snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 192.168.1.1 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) what is this ??? why this thing happending is there any problem in my configuration One more thing i want to say i dont know last time when i add simultaneouse-use attributes in sql database not in /etc/raddb/users file so is it any issue is checkrad only read /etc/raddb/users file only or sql database i am bit confusing in two thing SQL and users file what read by checkrad script $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad or sql base simultaneous-use
anyone help me please
I have many problem for simultaneous login user problem i have freeradius-1.1.0
with MSSQL with cisco VPDN configuration i dont know why simultaneous not
working with checkrad script
can u explain me i have confusen in radwho and checkrad command so checkrad
command use radwho output and what is sql base simultenoues detection if
i enable sql in /etc/radb/radius.conf in session part
like :-
Session {
# radtump
sql
}
what is the radutmp and sql if i use radutmp then checkrad call by radius or
not i have confuseion in checkrad andsql base simultenous use can u
explain me
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad snmp + cisco VPDN problem
Dear alll I have problem last 2 month nobady give me solution of this error when i run checkrad manually i got this error [EMAIL PROTECTED] satishp]# checkrad cisco 192.168.1.1 1034 mlpm542 999 SNMP Error: Received SNMP response with error code error status: noSuchName index 1 (OID: 1.3.6.1.4.1.9.2.9.2.1.18.1034) SNMPv1_Session (remote host: 192.168.1.1 [192.168.1.1].161) community: public request ID: 2076414691 PDU bufsize: 8000 bytes timeout: 2s retries: 5 backoff: 1) at /usr/local/sbin/checkrad line 221 checkrad: No SNMP answer from cisco. what is this ??? Is this related to OID or somthing else and how do i check wheather checkrad call by radius everytime and is there nessesary to put passwd in naspass i have only define nastype = cisco and empty naspassord file and some entry in naslist nasspasswd #203.172.90.118 !root TufFseCrET #203.172.42.152 !root ToTaLCnTl #192.168.1.1SNMPpublic naslist # NAS Name Short Name Type # -- #portmaster1.isp.compm1.NY livingston #portmaster2.isp.compm1.LA livingston #localhost local portslave 192.168.1.1vpdncisco this is my configuration i want to use checkrad then how do i check my checkrad working or now $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad replace by other script
can i replace checkrad with another script $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad or sql base simultaneous-use
Tanks dear
But dear my problem is i am useing simultaneous-use with sql and it
is working fine but my problem is users connect with NAS ( cisco vpdn ) but
some user stuck in mssql database radacct tables means user connection error or
any other error users got disconnect and then they try for login i got some log
user already login because in radacct table use AcctStopTime = 1/1/1900 thats
why those user not able to login how can i automaticaly close this session is
there any attribute which is automaticaly clear idle session one more thing i
have set idle-timeout attributes but it's also not work ??? what is the
problem of users stuck in database thats why i want to change my
simultaneouse-use with checkrad script is it solve by checkrad
script.???
[EMAIL PROTECTED] wrote: radwho lists online users according to radutmp
checkrad doesn't use radwho. It asks NAS if user so and so is on
port so and so with session ID so and so.
In session you choose if looking for online users will be done in
database or radutmp. checkrad will be called when online user is
detecded if you put cisco as nastype. If you put other it won't.
Ivan Kalik
Kalik Informatika ISP
Dana 12/3/2007, satish patel
pi¹e:
anyone help me please
I have many problem for simultaneous login user problem i have
freeradius-1.1.0 with MSSQL with cisco VPDN configuration i dont know why
simultaneous not working with checkrad script
can u explain me i have confusen in radwho and checkrad command so checkrad
command use radwho output and what is sql base simultenoues detection if
i enable sql in /etc/radb/radius.conf in session part
like :-
Session {
# radtump
sql
}
what is the radutmp and sql if i use radutmp then checkrad call by radius or
not i have confuseion in checkrad andsql base simultenous use can u
explain me
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Syntax error converting datetime from character string
Dear all I have setup freeradius-1.1.0 with Cisco VPDN with MSSQL2000 but i got this error and my radius goes down Tue Mar 13 10:57:44 2007 : Error: rlm_sql_unixodbc: '22007 [unixODBC][FreeTDS][SQL Server]Syntax error converting datetime from character string.' Tue Mar 13 10:57:44 2007 : Error: rlm_sql (sql): Couldn't insert SQL accounting STOP record - 0 what is this ??? is this any bug or radiusd or mssql200 can anybody explain me for this problem $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
checkrad snmp error
I have getting this error when i run manualy checkrad [EMAIL PROTECTED] mibs]# checkrad cisco 192.168.1.1 766 mlpm264 BC3F SNMP Error: Received SNMP response with error code error status: noSuchName index 1 (OID: 1.3.6.1.4.1.9.2.9.2.1.18.766) SNMPv1_Session (remote host: 192.168.1.1 [192.168.1.1].161) community: public request ID: -422345818 PDU bufsize: 8000 bytes timeout: 2s retries: 5 backoff: 1) at /usr/local/sbin/checkrad line 221 checkrad: No SNMP answer from cisco. [EMAIL PROTECTED] mibs]# and i got this error when i check log No SNMP answer from cisco. user at port S766: snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 192.168.1.1 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) Sun Mar 11 15:35:15 2007 checkrad cisco 192.168.1.1 766 mlpm264 BC3F No SNMP answer from cisco. user at port S766: snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'public' 192.168.1.1 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) [EMAIL PROTECTED] mibs]# what is this how can i checkrad use with snmp i have enable SNMP on cisco router $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius simultenoues-use error
Thnaks for suggestion i have create one script with is login in to cisco router through telnet and run desired command not i am getting your point u told me i kick off user from cisco nas thruogh the script but okie i will create it but i dont know wheather i put this script so that this script check login user info and i think this script repace checkrad right ??? plz u give me your suggestion wheather i put this script to check login user on NAS Dennis Skinner [EMAIL PROTECTED] wrote: satish patel wrote: I am not getting u how do i query from shell script to NAS ?? See your NAS docs. SNMP may be an option if the NAS supports it (and FR may be able to handle the query itself as another poster suggested), but there may be other ways For instance, we have a couple scripts we use when we want to boot a particular user. They are simple bash scripts that use expect to handle logging into our cisco modems and look for the tty that the user is on and then clear that tty. It has limitations as the cisco show users command only shows so many characters of the username, but it is used rarely and only by me. This option may work for you depending on your situation. and what is FR packet?? I said that FR (FreeRADIUS) may not hear the stop packet (the stop accounting record) from the NAS. if u have any script example script can u send me i am in problem :( Have a look at bash scripting and expect. It is fairly simple and you may be able to get away with it. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius simultenoues-use error
I am not getting u how do i query from shell script to NAS ?? and what is FR packet?? if u have any script example script can u send me i am in problem :( Dennis Skinner [EMAIL PROTECTED] wrote: satish patel wrote: User AcctStartTimeAcctStopTime abc 08/03/2007:01:30 1/1/1900 Now user can access internet and anything everything going fine but after when i stop radiusd proccess and start it my user disconnected and he/she try for login in to cisco VPDN he/she got error access deny and i got some log multiple user login Thu Mar 8 20:12:05 2007 : Auth: Multiple logins (max 1) : Looks like the problem isn't FreeRADIUS. The problem is that your NAS is not sending (or FR is not hearing) the stop packets for various reasons. You may need to write a cronjob that runs every minute that looks at your DB to find open connections and then polls your NAS to verify that info and update the DB with stop times if the session is gone. FreeRADIUS is doing exactly what you told it to do. Now go make the rest of your system behave or fudge it as I have described. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius simultenoues-use error
i have checkrad.pl but this is not working my setup is
freeradius-1.1.4 with MSSQL ( windows 2000 SQL ) and i have useing
simulteneous-use with /etc/raddb/mssql.conf file and in raddb/radiusd.conf i
have enable
{
session
sql
}
when i run radwho i didnt get any online users how can i check checkrad perl
script is there any option i have set NAS type other when i set it cisco my
simuletenouse not working
and this day my radiusd server automaticaly die i dont know why i am useing
radwatch but it is still die and die
which radius version is best for RHEL 4.0 redhat linux
[EMAIL PROTECTED] wrote: You already have a pearl script that does such
ckecking. It's called
checkrad.pl and it comes with freeradius.
Ivan Kalik
Kalik Informatika ISP
Dana 9/3/2007, satish patel
pi¹e:
I am not getting u how do i query from shell script to NAS ?? and what is FR
packet?? if u have any script example script can u send me i am in problem
:(
Dennis Skinner wrote: satish patel wrote:
User AcctStartTimeAcctStopTime
abc 08/03/2007:01:30 1/1/1900
Now user can access internet and anything everything going fine but
after when i stop radiusd proccess and start it my user disconnected
and he/she try for login in to cisco VPDN he/she got error access deny
and i got some log multiple user login
Thu Mar 8 20:12:05 2007 : Auth: Multiple logins (max 1) :
Looks like the problem isn't FreeRADIUS. The problem is that your NAS
is not sending (or FR is not hearing) the stop packets for various reasons.
You may need to write a cronjob that runs every minute that looks at
your DB to find open connections and then polls your NAS to verify
that info and update the DB with stop times if the session is gone.
FreeRADIUS is doing exactly what you told it to do. Now go make the
rest of your system behave or fudge it as I have described.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius simultenoues-use error
Thank dear
tell me one thing
1) in freeradius two type of method to check simultenous login checking one is
sql base query and second is checkrad perl script now i am useing
simultenous-use attributes through SQL i have done some change in
raddb/mssql.conf file simu_count and simu_very users this is working fine but
know i want to check this thing not from sql i want to use checkrad perl script
so what is the configuration for this
I have read document on net but it is bit confusing me some author
told put entry in naslist naspasswd and client.conf so i dont know where i put
right entry ro start this thing and i have read one more thing checkrad script
support cisco NAS and i have cisco router also i have enable snmp but i dont
know how to check this checkrad script is it working or not can u explain me
this thing caz i m suffer this thing.
One more problem my radiusd server die again and again and i got this erro
1 *** glibc detected *** malloc()
what is thus how can i resolve this one
[EMAIL PROTECTED] wrote: # SNMP CONFIGURATION
#
# Snmp configuration is only valid if SNMP support was enabled
# at compile time.
#
# To enable SNMP querying of the server, set the value of the
# 'snmp' attribute to 'yes'
#
snmp= no
$INCLUDE ${confdir}/snmp.conf
This is in radius.conf. Change snmp = yes and checkrad should work with
nastype set to cisco.
If you want to get rid of all stale sessions delete them with SQL
oneliner like:
delete from radacct where AcctStopTime=0 AcctStartTime '2007-3-8'
(this is MySQL - MSSQL syntax might be slightly different)
This will delete all open sessions up to today.
Ivan Kalik
Kalik Informatika ISP
Dana 8/3/2007, satish patel
pi¹e:
Dear all
i fedup from this problem i dont know how to resolve it no one
help me out from this problem i have freradius-1.1.4 + MSSQL setup user
databases and accouting done by mssql and my NAS is cisco router with VPDN
configuration but i have faceing some problem since last week suposse one
user login in to cisco router and he/she accouting start on MSSQL server
i am useting simultenouse-use feature in SQL
example
radacct tables
User AcctStartTimeAcctStopTime
abc 08/03/2007:01:30 1/1/1900
Now user can access internet and anything everything going fine but after when
i stop radiusd proccess and start it my user disconnected and he/she try for
login in to cisco VPDN he/she got error access deny and i got some log
multiple user login
Thu Mar 8 20:12:05 2007 : Auth: Multiple logins (max 1) : [mlpm484/] (from
client cisco port 974)
Thu Mar 8 20:12:08 2007 : Auth: Multiple logins (max 1) : [mlpm629/] (from
client cisco port )
Thu Mar 8 20:12:10 2007 : Auth: Multiple logins (max 1) : [mlpm484/] (from
client cisco port 460)
Thu Mar 8 20:12:14 2007 : Auth: Multiple logins (max 1) :
SomeThing like this it means in MSSQL AcctStopTime there is i still user login
means that entry is not still clear thats why i got error 'Multiple logins
(max 1)'
in my client.conf file NAStype is other caz when i user cisco nastype my
Simulteneous-use not working ?? so i thing this detail enough for help plz
tell me right suggesstion if i am wrong
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Here#65533;s a new way to find what you're looking for - Yahoo! Answers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
*** glibc detected *** malloc()
I have freeradius version 1.1.4 latest and i am useing it with cisco VPDN with MSSQL database and i got this error .. and this is my production server many users accounting runing on this server .what the hell it is my radius die again and again i also started radwatch but it;s still die $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd -x show me unwanted thing
Dear all
I have useing freeradius + vpdn + mssql but when no one use login 2
cisco vpdn it show me accounting of users how me some user accouning i don't
know why ???
some thing like this
Service-Type = Framed-User
NAS-IP-Address = 192.168.1.1
Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 4
query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPort, NASPortType, AcctStartTime, AcctSessionTime,
AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
values('AECD', 'a36f3c2d52d02639', 'mlpm677', '', '192.168.1.1', '',
'Virtual', '2007-03-09 19:43:11', '0', 'RADIUS', '', '', '0', '0', '', '', '',
'Framed-User', 'PPP', '', '0', '0')
rlm_sql (sql): Released sql socket id: 4
Sending Accounting-Response of id 69 to 192.168.1.1 port 1646
rad_recv: Accounting-Request packet from host 192.168.1.1:1646, id=70,
length=213
Acct-Session-Id = ADCC
Tunnel-Server-Endpoint:0 = 192.168.1.1
Tunnel-Client-Endpoint:0 = 10.0.54.18
Tunnel-Assignment-Id:0 = tulip
Framed-Protocol = PPP
Framed-IP-Address = 10.100.18.11
User-Name = mlpm607
Cisco-AVPair = connect-progress=LAN Ses Up
Acct-Session-Time = 1797
Acct-Input-Octets = 466393
Acct-Output-Octets = 2625282
Acct-Input-Packets = 3259
Acct-Output-Packets = 3335
Acct-Authentic = RADIUS
Acct-Status-Type = Interim-Update
NAS-Port-Type = Virtual
Cisco-NAS-Port = Uniq-Sess-ID337
NAS-Port = 337
Service-Type = Framed-User
NAS-IP-Address = 192.168.1.1
Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 3
query: UPDATE radacct SET FramedIPAddress = '10.100.18.11',
AcctSessionTime = '1797', AcctInputOctets = '466393',
AcctOutputOctets = '2625282' WHERE AcctSessionId = 'ADCC'
AND UserName = 'mlpm607' AND NASIPAddress= '192.168.1.1'
rlm_sql (sql): Released sql socket id: 3
Sending Accounting-Response of id 70 to 192.168.1.1 port 1646
But user still not login then what is this
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius User session is open but user not login
Thanks for ans
means u say simultaneous-use not useing from SQL and use radcheck in session
module but when i user radcheck my simultaneous-use not working users can login
multiple can u exaplain me where i chenge in configuration file
i am useing freeradius + mssql
# Session database, used for checking Simultaneous-Use. Either the radutmp
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
#radutmp
#
# See Simultaneous Use Checking Querie in sql.conf
sql
}
my NAS type is other not cisco caz when i set it cisco use can login multiple
time...
can u give me brife idea
[EMAIL PROTECTED] wrote: If you don't need those stale entries just delete
them. If you have them
because users logged off while your servers were down then you can
close them seting values in AcctStopTime (and AcctSessionTime if you
want to do accounting with them).
Once you clean this up it shouldn't happen any more. You should ste
nastype to cisco and checkrad will delete all stale entries if it finds
them when checking Simultaneous-Use.
Ivan Kalik
Kalik Informatika ISP
Dana 7/3/2007, satish patel
pi¹e:
Dear
I have faceing this problem since log time i have cisco VPDN and
user login on cisco and authenticate from freeradius-1.1.4 i have configure
simultenous-use attribute for multilogin privention but some time when user
session open in radius databases ( i am useing MSSQL ) then user try for
login and he / she got error regarding already login and authentication deny
also i have set Idle-Timeout = 600 but still face same problem how to
crear opened session in mssql database ???
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Here#65533;s a new way to find what you're looking for - Yahoo! Answers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius simultenoues-use error
Dear all i fedup from this problem i dont know how to resolve it no one help me out from this problem i have freradius-1.1.4 + MSSQL setup user databases and accouting done by mssql and my NAS is cisco router with VPDN configuration but i have faceing some problem since last week suposse one user login in to cisco router and he/she accouting start on MSSQL server i am useting simultenouse-use feature in SQL example radacct tables User AcctStartTimeAcctStopTime abc 08/03/2007:01:30 1/1/1900 Now user can access internet and anything everything going fine but after when i stop radiusd proccess and start it my user disconnected and he/she try for login in to cisco VPDN he/she got error access deny and i got some log multiple user login Thu Mar 8 20:12:05 2007 : Auth: Multiple logins (max 1) : [mlpm484/CHAP-Password] (from client cisco port 974) Thu Mar 8 20:12:08 2007 : Auth: Multiple logins (max 1) : [mlpm629/CHAP-Password] (from client cisco port ) Thu Mar 8 20:12:10 2007 : Auth: Multiple logins (max 1) : [mlpm484/CHAP-Password] (from client cisco port 460) Thu Mar 8 20:12:14 2007 : Auth: Multiple logins (max 1) : SomeThing like this it means in MSSQL AcctStopTime there is i still user login means that entry is not still clear thats why i got error 'Multiple logins (max 1)' in my client.conf file NAStype is other caz when i user cisco nastype my Simulteneous-use not working ?? so i thing this detail enough for help plz tell me right suggesstion if i am wrong $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd can't close user open session in sql
dear all i have some problem i have configured simulteneous-use attributes in sql but some time network disconnect or any problem user got disconnect but his session still open in sql databases so that next time when he try he got error your are still login means simulteneous-use attribute not allow to that user this is my problem caz i am wireless ISP and i have many time network problem so user disconnect accidently so is there any feature which is clear last session in SQL database ??? $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius doesn't start up correct
check process ID #ps aux | grep radiusd ??? #radiusd without option [EMAIL PROTECTED] wrote: Hi, I'm so sorry to bother you again but this time I really can't figure out what's happening. when I try to start freeradius manually, it just stops in the middle of reading the config files: /usr/local/etc/raddb# radiusd -f Tue Mar 6 19:31:28 2007 : Info: Starting - reading configuration files ... ...and nothing happens any more, it just hangs. If I try -x or -xx, I end up with a segfault, so this is no help: radiusd -X not radiusd -x ! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius User session is open but user not login
Dear I have faceing this problem since log time i have cisco VPDN and user login on cisco and authenticate from freeradius-1.1.4 i have configure simultenous-use attribute for multilogin privention but some time when user session open in radius databases ( i am useing MSSQL ) then user try for login and he / she got error regarding already login and authentication deny also i have set Idle-Timeout = 600 but still face same problem how to crear opened session in mssql database ??? $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
*** glibc detected *** malloc(): memory corruption
Dear freeradius guys
I have freeradius with mssql and it was working fine but since
last 2 day i got this error when i restart radiusd daemon i got this error ..???
Acct-Delay-Time = 10
rlm_sql (sql): Reserving sql socket id: 4
query: UPDATE radacct SET FramedIPAddress = '10.100.10.10',
AcctSessionTime = '12239', AcctInputOctets = '11599000',
AcctOutputOctets = '116305782' WHERE AcctSessionId = '526C'
AND UserName = 'mlpm404' AND NASIPAddress= '192.168.1.1'
query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPort, NASPortType, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay)
values('526C', '76f8b30b6826941c', 'mlpm404', '', '192.168.1.1', '',
'Virtual', '12239', 'RADIUS', '', '11599000', '116305782', '', '',
'Framed-User', 'PPP', '10.100.10.10', '0')
rlm_sql_unixodbc: '22007 [unixODBC][FreeTDS][SQL Server]Syntax error
converting datetime from character string.'
*** glibc detected *** malloc(): memory corruption: 0x08c7fad0 ***
Aborted
Satish Patel
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + mssql Multiple logins (max 1)
what is the errror i have useing freeradius + MSSQL Tue Mar 6 17:22:34 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 761) Tue Mar 6 17:22:35 2007 : Auth: Multiple logins (max 1) : [mlpm173/CHAP-Password] (from client cisco port 528) Tue Mar 6 17:22:36 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/CHAP-Password] (from client cisco port 290) Tue Mar 6 17:22:37 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 242) Tue Mar 6 17:22:38 2007 : Auth: Multiple logins (max 1) : [mlpm173/CHAP-Password] (from client cisco port 1004) Tue Mar 6 17:22:38 2007 : Auth: Multiple logins (max 1) : [mlpm268/CHAP-Password] (from client cisco port 1101) Tue Mar 6 17:22:39 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 851) Tue Mar 6 17:22:39 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/CHAP-Password] (from client cisco port 1012) Tue Mar 6 17:22:41 2007 : Auth: Multiple logins (max 1) : [mlpm173/CHAP-Password] (from client cisco port 780) Tue Mar 6 17:22:41 2007 : Auth: Multiple logins (max 1) : [mlpm268/CHAP-Password] (from client cisco port 670) Tue Mar 6 17:22:42 2007 : Auth: Multiple logins (max 1) : [mlpm629/CHAP-Password] (from client cisco port 303) Tue Mar 6 17:22:43 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 826) Tue Mar 6 17:22:43 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/CHAP-Password] (from client cisco port 964) Tue Mar 6 17:22:44 2007 : Auth: Multiple logins (max 1) : [mlpm268/CHAP-Password] (from client cisco port 690) Tue Mar 6 17:22:44 2007 : Auth: Multiple logins (max 1) : [mlpm173/CHAP-Password] (from client cisco port 147) Tue Mar 6 17:22:46 2007 : Auth: Multiple logins (max 1) : [mlpm138/CHAP-Password] (from client cisco port 150) Tue Mar 6 17:22:49 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 83) Tue Mar 6 17:22:50 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/CHAP-Password] (from client cisco port 1091) Tue Mar 6 17:22:51 2007 : Auth: Multiple logins (max 1) : [mlpm268/CHAP-Password] (from client cisco port 1002) Tue Mar 6 17:22:52 2007 : Auth: Multiple logins (max 1) : [mlpm629/CHAP-Password] (from client cisco port 1023) Tue Mar 6 17:22:52 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 687) Tue Mar 6 17:22:54 2007 : Auth: Multiple logins (max 1) : [mlpm532/CHAP-Password] (from client cisco port 693) Tue Mar 6 17:22:55 2007 : Auth: Multiple logins (max 1) : [mlpm143/akshaya] (from client cisco port 94) Tue Mar 6 17:22:59 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/CHAP-Password] (from client cisco port 713) Tue Mar 6 17:23:00 2007 : Auth: Multiple logins (max 1) : [mlpm173/CHAP-Password] (from client cisco port 647) Tue Mar 6 17:23:05 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mlpm138/CHAP-Password] (from client cisco port 646) Tue Mar 6 17:23:05 2007 : Auth: Multiple logins (max 1) : [mlpm143/akshaya] (from client cisco port 958) Tue Mar 6 17:23:07 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/CHAP-Password] (from client cisco port 98) Tue Mar 6 17:23:09 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mlpm138/CHAP-Password] (from client cisco port 600) Tue Mar 6 17:23:11 2007 : Auth: Multiple logins (max 1) : [mlpm085/CHAP-Password] (from client cisco port 894) Tue Mar 6 17:23:11 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/CHAP-Password] (from client cisco port 7 $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho not disply online users
dear all I have installed freeradius with mssql but after few error i have run this command on my shell # echo/var/log/radius/radutmp after runing this command now i run this command [EMAIL PROTECTED] ~]# radwho Login Name What TTY When From Location [EMAIL PROTECTED] ~]# no data display since one week what is the problem in radwho is there any option to recover this command $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mssql Multiple logins (max 1)
. # post_proxy_log # attr_rewrite # Uncomment the following line if you want to filter replies from # remote proxies based on the rules defined in the 'attrs' file. # attr_filter # # If you are proxying LEAP, you MUST configure the EAP # module, and you MUST list it here, in the post-proxy # stage. # # You MUST also use the 'nostrip' option in the 'realm' # configuration. Otherwise, the User-Name attribute # in the proxied request will not match the user name # hidden inside of the EAP packet, and the end server will # reject the EAP request. # eap } [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] wrote: Something to do with Simultaneous-Use. But without config etc. ... Ivan Kalik Kalik Informatika ISP Dana 6/3/2007, satish patel pi¹e: what is the errror i have useing freeradius + MSSQL Tue Mar 6 17:22:34 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 761) Tue Mar 6 17:22:35 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from client cisco port 528) Tue Mar 6 17:22:36 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/] (from client cisco port 290) Tue Mar 6 17:22:37 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 242) Tue Mar 6 17:22:38 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from client cisco port 1004) Tue Mar 6 17:22:38 2007 : Auth: Multiple logins (max 1) : [mlpm268/] (from client cisco port 1101) Tue Mar 6 17:22:39 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 851) Tue Mar 6 17:22:39 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/] (from client cisco port 1012) Tue Mar 6 17:22:41 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from client cisco port 780) Tue Mar 6 17:22:41 2007 : Auth: Multiple logins (max 1) : [mlpm268/] (from client cisco port 670) Tue Mar 6 17:22:42 2007 : Auth: Multiple logins (max 1) : [mlpm629/] (from client cisco port 303) Tue Mar 6 17:22:43 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 826) Tue Mar 6 17:22:43 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/] (from client cisco port 964) Tue Mar 6 17:22:44 2007 : Auth: Multiple logins (max 1) : [mlpm268/] (from client cisco port 690) Tue Mar 6 17:22:44 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from client cisco port 147) Tue Mar 6 17:22:46 2007 : Auth: Multiple logins (max 1) : [mlpm138/] (from client cisco port 150) Tue Mar 6 17:22:49 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 83) Tue Mar 6 17:22:50 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/] (from client cisco port 1091) Tue Mar 6 17:22:51 2007 : Auth: Multiple logins (max 1) : [mlpm268/] (from client cisco port 1002) Tue Mar 6 17:22:52 2007 : Auth: Multiple logins (max 1) : [mlpm629/] (from client cisco port 1023) Tue Mar 6 17:22:52 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 687) Tue Mar 6 17:22:54 2007 : Auth: Multiple logins (max 1) : [mlpm532/] (from client cisco port 693) Tue Mar 6 17:22:55 2007 : Auth: Multiple logins (max 1) : [mlpm143/akshaya] (from client cisco port 94) Tue Mar 6 17:22:59 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/] (from client cisco port 713) Tue Mar 6 17:23:00 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from client cisco port 647) Tue Mar 6 17:23:05 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mlpm138/] (from client cisco port 646) Tue Mar 6 17:23:05 2007 : Auth: Multiple logins (max 1) : [mlpm143/akshaya] (from client cisco port 958) Tue Mar 6 17:23:07 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/] (from client cisco port 98) Tue Mar 6 17:23:09 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mlpm138/] (from client cisco port 600) Tue Mar 6 17:23:11 2007 : Auth: Multiple logins (max 1) : [mlpm085/] (from client cisco port 894) Tue Mar 6 17:23:11 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/] (from client cisco port 7 $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 'bout rlm_sqlcounter
what is your rlm_counter configuration plz copy paste your config PD [EMAIL PROTECTED] wrote: Very interesting knowing about rlm_counter and the scripts made; such as noresetcounter, dailycounter, monthlycounter, etc. My question, if we do update the values of the above attributes (let say Max-All-Session attribute) while the user still online (on the session), will the update take effect directly or only effect untill the next login / session ? TIA PD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho not disply online users
Dear 100 user login on my cisco router VPDN tunnel i can see those user into in cisco router but not display on radwho output [EMAIL PROTECTED] wrote: radwho displays online users. If nobody is online now ... Ivan Kalik Kalik Informatika ISP Dana 6/3/2007, satish patel pi¹e: dear all I have installed freeradius with mssql but after few error i have run this command on my shell # echo/var/log/radius/radutmp after runing this command now i run this command [EMAIL PROTECTED] ~]# radwho Login Name What TTY When From Location [EMAIL PROTECTED] ~]# no data display since one week what is the problem in radwho is there any option to recover this command $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + mssql error
Dear I have useing freeradius with mssql and it was working fine but last day when i restrat radius server i got error like this '22018 [unixODBC][FreeTDS][SQL Server]Syntax error converting the datetime value '1900-01-01' to a column of data type int.' what is this ?? Satish Patel $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius users session stuck
Dear all I have useing freeradius + RHEL + cisco VPDN i have faceing some problem regarding session stuck in radius database tables means when user login in to radius its working fine but some time users session stuck in database and it show me it is currently login and user not able to login again i got this error Auth: Multiple logins (max 1) : [mlpm629/CHAP-Password] (from client cisco port 473) so how can i clear those session in my tables ?? is it any method for this ??? * Notes :- i am useing mssql database and simultanieous-uses features #Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not allowed user for few days
Dear all I have freeradius+mssql and i want to not allowed perticuler users so what solution for this Auth-Type:- Reject ??? is it best for anything else ? Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disconnect users from radius
Dear all I have installed freeradius on RHEL with MSSQL server and it is working fine but now i have facing problem regarding disconnecting of users my NAS is cisco Router it is l2tp so what i do for this ??? problem ?? and i want to connect my dialupadmin with mssql ? so it is possible?/ Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disconnect users from radius
Dear I got ans what to do with cisco router if u want to start PoD packet of disconnect basicaly it is IOS security feature so defult stop of disable so u have to start it with #aaa pod server command more document on this site : http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/ft_pod1.htm Satish Patel [EMAIL PROTECTED] wrote: To kick a user of the Cisco router use: clear intreface virtual-access number You can see which number with: show users As far as I know Dialup Admin doesn't work with MSSQL, only MySQL and PostgreSQL. Ivan Kalik Kalik Informatika ISP http://www.kalik.co.yu Dana 28/2/2007, satish patel pi¹e: Dear all I have installed freeradius on RHEL with MSSQL server and it is working fine but now i have facing problem regarding disconnecting of users my NAS is cisco Router it is l2tp so what i do for this ??? problem ?? and i want to connect my dialupadmin with mssql ? so it is possible?/ Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius process die
Dear guys I have faceing some problem when i installed latest version of freeradius on RHEL and i start radiusd process after few min my radiusd process die and killed so why this happend and what is the best option to start radiusd ??? #radiusd --help -- how to start radiusd daemon Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd servies automaticly die
Dear ALL i have some problem of regradig radius service when i start radiusd daemon and after few min its process down or radius service stoped so what is the problem ??? Satish patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
online users checking
Dear all I have freeradius with mssql setup but dialup_admin not support MSSQL so how do i check online users on radius server is it any solution regarding this isse please inform me Satish patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disconnect user in radius
Thx for help dear Michael Lecuyer [EMAIL PROTECTED] wrote: You can send a Disconnect-Message from the RADIUS server to the client to disconnect them if the NAS supports DM/COA. The DM will cause the NAS to drop the connection effectively disconnecting them from any services they were using. Dennis Skinner wrote: satish patel wrote: I have useing freeradius with microsoft mssql now my question is how do i disconnect user from freeradius means example:- user xyz is online and i want to disconnect user from radius so what is the option for this task ?? is there any script or any option to integrate with webpage of dialupadmin ??? You need to change your thinking. The user is not connected to RADIUS. Never was. That isn't what RADIUS does. The user is connected to your NAS. Check the NAS docs for disconnecting a user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Disconnect user in radius
Dear ALL I have useing freeradius with microsoft mssql now my question is how do i disconnect user from freeradius means example:- user xyz is online and i want to disconnect user from radius so what is the option for this task ?? is there any script or any option to integrate with webpage of dialupadmin ??? Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Why Freeradius and Mysql dont work?
this is problem of mysql configuration check /etc/my.cnf file for socket path and check your mysql working ??? or some mysql put mysql.sock file in /tmp/mysql.sock so plz check where your sock file in your env ? install mysql again and try it Edvin Seferovic [EMAIL PROTECTED] wrote: rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)' rlm_sql (sql): Failed to connect DB handle #0 rlm_sql (sql): Failed to connect to any SQL server. your socket file is not in the place.. maybe you should use an IP in your sql.conf instead of the localhost ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why Freeradius and Mysql dont work?
Install mysql again yao guoxian [EMAIL PROTECTED] wrote: Thanks again. The file /var/lib/mysql/mysql.sock does not exist.When I use an IP in sql.conf instead of the localhost, I get the following result: rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius rlm_sql_mysql: Mysql error 'Host '202.117.7.243' is not allowed to connect to this MySQL server' rlm_sql (sql): Failed to connect DB handle #0 rlm_sql (sql): starting 1 rlm_sql (sql): starting 2 rlm_sql (sql): starting 3 rlm_sql (sql): starting 4 rlm_sql (sql): Failed to connect to any SQL server. Module: Instantiated sql (sql) 2007/1/29, Edvin Seferovic [EMAIL PROTECTED]:rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)' rlm_sql (sql): Failed to connect DB handle #0 rlm_sql (sql): Failed to connect to any SQL server. your socket file is not in the place.. maybe you should use an IP in your sql.conf instead of the localhost ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Heres a new way to find what you're looking for - Yahoo! Answers - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Accounting in MySQL
Dear
What NAS device are u using ? when user authenticate from radius
thn nas send acct-start packet to radius if your NAS not sending start
accounting packet to freeradius then radius not start accounting
I have cisco Router for NAS
aaa accounting start-stop radius --- commnad i m useing plz see my document
there is some more help regrading NAS
Satish Patel
DESEtech - German P. Santillan [EMAIL PROTECTED] wrote: v\:*
{behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:*
{behavior:url(#default#VML);} .shape {behavior:url(#default#VML);}
No, I don´t have connection problems, I have actually my FreeRADIUS
users in the radcheck and radreply tables, and working fine, but accounting
do not.
Germán P. Santillán
Administrador de Redes
Jefe del Dpto. Técnico
DESETech Argentina S.A.
San Martín 133 - CP: B8000FIC
Bahía Blanca - Argentina
Tel/Fax: +54 (291) 456-5642
[EMAIL PROTECTED]
http://www.desetech.com.ar
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of satish
patel
Sent: Tuesday, January 23, 2007 4:56 AM
To: FreeRadius users mailing list
Subject: Re: Accounting in MySQL
Dear
First check your radiusd -X debug log and find mysql connectivity
debug if there any problem regarding connection ??? then check radius.conf
file there is accounting option and put sql key word in it and u can also find
some document on my website
http://geocities.com/satish_patel_2000_2000/
Satish Patel
DESEtech - German P. Santillan [EMAIL PROTECTED] wrote:
I actually have my Users DB in MySQL Server and my FreeRADIUS use the
radcheck and radreply tables to read (SELECT) records, in my
radiusd.conf I have...
authorize {
sql
}
accounting {
sql
}
But I don´t hace records in radacct Table. What is the problem?
Thanks in advance and sorry for my English
Germán P. Santillán
Administrador de Redes
Jefe del Dpto. Técnico
DESETech Argentina S.A.
San Martín 133 - CP: B8000FIC
Bahía Blanca - Argentina
Tel/Fax: +54 (291) 456-5642
[EMAIL PROTECTED]
http://www.desetech.com.ar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
Heres a new way to find what you're looking for - Yahoo! Answers
-
Heres a new way to find what you're looking for - Yahoo! Answers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
Heres a new way to find what you're looking for - Yahoo! Answers
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting in MySQL
Dear Find freeradius + Mysql document on my website http://geocities.com/satish_patel_2000_2000/ Satish Patel Alan DeKok [EMAIL PROTECTED] wrote: DESEtech - German P. Santillan wrote: But I don´t hace records in radacct Table. What is the problem? See the FAQ. Is the server receiving accounting packets? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Heres a new way to find what you're looking for - Yahoo! Answers - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting in MySQL
Dear
First check your radiusd -X debug log and find mysql connectivity
debug if there any problem regarding connection ??? then check radius.conf
file there is accounting option and put sql key word in it and u can also find
some document on my website
http://geocities.com/satish_patel_2000_2000/
Satish Patel
DESEtech - German P. Santillan [EMAIL PROTECTED] wrote: I actually have my
Users DB in MySQL Server and my FreeRADIUS use the
radcheck and radreply tables to read (SELECT) records, in my
radiusd.conf I have...
authorize {
sql
}
accounting {
sql
}
But I don´t hace records in radacct Table. What is the problem?
Thanks in advance and sorry for my English
Germán P. Santillán
Administrador de Redes
Jefe del Dpto. Técnico
DESETech Argentina S.A.
San Martín 133 - CP: B8000FIC
Bahía Blanca - Argentina
Tel/Fax: +54 (291) 456-5642
[EMAIL PROTECTED]
http://www.desetech.com.ar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
Heres a new way to find what you're looking for - Yahoo! Answers
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: libtool: install: error: cannot install
Dear U have to specifiy lib directory or lib directory path in install option ./configure --help Satish patel tzieleniewski [EMAIL PROTECTED] wrote: Hi! I trying to set up freeradius not in the stadnard directory I would like to have it installed in the directory specifiedby hand for instance /home/radius/freeradius so I run configure in such a way: ./configure --prefix=/home/radius/freeradius --with-logdir=/home/radius/freeradius/log --with-radacctdir=/home/radius/freeradius/radacc --with-raddbdir=/home/radius/freeradius/raddb then I run make and make install and during make install receive the following error: make[6]: WejÅcie do katalogu `/home/radius/src/radiusd/src/modules/rlm_acct_unique' if [ xrlm_acct_unique != x ]; then \ /home/radius/src/radiusd/libtool --mode=install /home/radius/src/radiusd/install-sh -c -c \ rlm_acct_unique.la /home/radius/freeradius/lib/rlm_acct_unique.la || exit $?; \ rm -f /home/radius/freeradius/lib/rlm_acct_unique-2.0.0-pre0.la; \ ln -s rlm_acct_unique.la /home/radius/freeradius/lib/rlm_acct_unique-2.0.0-pre0.la || exit $?; \ fi libtool: install: error: cannot install `rlm_acct_unique.la' to a directory not ending in /usr/local/lib make[6]: *** [install] BÅÄ d 1 make[6]: Opuszczenie katalogu `/home/radius/src/radiusd/src/modules/rlm_acct_unique' make[5]: *** [common] BÅÄ d 2 make[5]: Opuszczenie katalogu `/home/radius/src/radiusd/src/modules' make[4]: *** [install] BÅÄ d 2 make[4]: Opuszczenie katalogu `/home/radius/src/radiusd/src/modules' make[3]: *** [common] BÅÄ d 2 make[3]: Opuszczenie katalogu `/home/radius/src/radiusd/src' make[2]: *** [install] BÅÄ d 2 make[2]: Opuszczenie katalogu `/home/radius/src/radiusd/src' make[1]: *** [common] BÅÄ d 2 make[1]: Opuszczenie katalogu `/home/radius/src/radiusd' make: *** [install] BÅÄ d 2 Please help me with this one. BEsts Tomasz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + mysql + Cisco-AVpair
Dear all I have freeradius setup with cisco vpdn with mysql. i am useing cisco-avpair attributes for rate-limit to my user traffic it is working fine with /etc/raddb/user file but when i put this attribites in mysql databases it is not working so now i need help to implement this attributes in mysql so what is op code or what is special configuration for this task Otherwise it is possible to put Group attributes in user file and user information in mysql u get it my query user group create on /etc/raddb/user and users in mysql then my porpse will be solve but it is possible or not and how do it possibel ??? Satish Patel Tulip IT Services Delhi - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVpair rate-limit attributes
Thx dear ... Satish Patel Alexander Serkin [EMAIL PROTECTED] wrote: satish patel wrote: Thanks dear now my cisco-AVPair working with users file but tell me is it work with mysql tables ? but i have notice when i set why not? 64000 then my bandwidth meter give me 500 kbps u r passing is it any issue regarding rate-limit ??? I'm not aware about any rate-limit issues. It may depend on platform and IOS version. You should accurately check which attributes you're giving by the radius running it in debug mode (radiusd -X) or say debug radius on cisco box to check the request/accept attributes. If your cisco is in production don't forget to set debug condition on username tested in order to limit debug output to the session being tested. -- Sincerely Yours, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rate-limit entry in mysql
dear all I have tested rate-limit with user file but whn i was try it with mysql but i didnt get respond it is not working with mysql is any op code for it or any special configuartion for this URGENT my mysql entry is mysql select * from radgroupcheck; ++---+--+++ | id | GroupName | Attribute| op | Value | ++---+--+++ | 1 | 64KB | Simultaneous-Use | = | 1 | | 2 | 64KB | Cisco-Avpair | := | \lcp:interface-config#1=rate-limit output 128000 1 1 conform-action continue exceed-action drop\ | ++---+--+++ i have test it with diff , diff op code = := == += but it is not working :( Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVpair rate-limit attributes
Thanks dear now my cisco-AVPair working with users file but tell me is it work with mysql tables ? but i have notice when i set 64000 then my bandwidth meter give me 500 kbps u r passing is it any issue regarding rate-limit ??? Satish Patel Alexander Serkin [EMAIL PROTECTED] wrote: satish patel wrote: Dear all i have cisco VPDN with freeradius ( 1.1.4 ) on Suse 10.2 my users connect throgh the xp client useig vpn connection and useing Internet Services but now thing is that i wann restrict user base bandwidth means i want to set bandwidth 64kbps for user1 and 128 kbps for user2 so is it possible through the Cisco-Avpair attributes. i have find lots of document regarding cisco-AVpair attributes then i test it on my network but i dont know it will working or not You have to identify the Virtual-Access interface of this user when he is online and look at this command output: sh interface Virtual-Access X rate-limit -- Sincerely Yours, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter problem
Dear ALL
I have configure freeradius-1.1.4 version with mysql and my NSA
is cisco with VPDN configuration now i have create user aaa in mysql with
this attributes
Max-Daily-Session | := | 1800
my sql counter configuration is
sqlcounter dailycounter {
driver = rlm_sqlcounter
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sqlcca3
key = User-Name
reset = daily
query = SELECT SUM(AcctSessionTime - GREATEST((%b -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND
UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime '%b'
now problem is when i login throgh AAA user my user disconnect after 3 min but
when i login again through this user it was login again and disconnnect after 3
min why ??? i want to allow user to access only 3 min per day measn after 3
min completed use not allowd to login again what is the configuration for that
???
Urgent
Satish Patel
System administrator
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disconnect user and clear session
Dear ALL I have usering freeradius version 1.1.4 with mysql it is working fine but i dont know how to kick off user during login time means i want to disconnect user from radius then how to do it and i also have one more problem of session i have disconnected user but whn i use radwho command i give me u r login why ??? how do i clear old session in radwho caz whn i try to reconnect it give me error your are already connected - access denied??? Satish Pate system administrator - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sqlcounter problem
thx for help i got it what u want to say.
I have one more question how do i disconnect user in
freeradius online user ??? and is it possible to bind per users bandwidth with
Cisco-AVpair attributes i have cisco vpdn NAS and i want to limit user
bandwidth restriction thruogh the radius .. is it possible and how do i
configure it
Satish Patel
Alan DeKok [EMAIL PROTECTED] wrote: satish patel wrote:
Dear ALL
I have configure freeradius-1.1.4 version with mysql and my
NSA is cisco with VPDN configuration now i have create user aaa in
mysql with this attributes
...
sqlcounter dailycounter {
driver = rlm_sqlcounter
Where does that line come from? Why is it there?
counter-name = Daily-Session-Time
check-name = Max-Daily-Session
sqlmod-inst = sqlcca3
Where does that line come from? Why is it there?
The default radiusd.conf shipped with 1.1.4 has a sample sqlcounter
entry. Please use it as the template.
now problem is when i login throgh AAA user my user disconnect after 3
min but when i login again through this user it was login again and
disconnnect after 3 min why ??? i want to allow user to access only 3
min per day measn after 3 min completed use not allowd to login again
what is the configuration for that ???
Did you list dailycounter in the authorize section of
radiusd.conf? Did you list sql in the accounting section of
radiusd.conf?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
Heres a new way to find what you're looking for - Yahoo! Answers -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco-AVpair rate-limit attributes
Dear all i have cisco VPDN with freeradius ( 1.1.4 ) on Suse 10.2 my users connect throgh the xp client useig vpn connection and useing Internet Services but now thing is that i wann restrict user base bandwidth means i want to set bandwidth 64kbps for user1 and 128 kbps for user2 so is it possible through the Cisco-Avpair attributes. i have find lots of document regarding cisco-AVpair attributes then i test it on my network but i dont know it will working or not my test exmple #cat /etc/raddb/users DEFAULT Service-Type := Framed-User Framed-Protocol = PPP, Cisco-Avpair = lcp:interface-config#1=rate-limit output 512000 1 1 conform-action continue exceed-action drop This rate-limt use for output what about input what rate-limit direction i use for it and how to verifying is it ok or not Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
