Re[6]: semulteneius-use with cisco nas
Hi Fajar, i made everything from: - enable sql in accounting section of sites-available/default - enable sql in session section of sites-available/default (and sites-available/inner-tunnel, if you use EAP) - uncomment simul_count_query in sql /*/ dialup.conf but it doesn't work(( 13 декабря 2011, 09:09 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5070360...@n5.nabble.com: 2011/12/12 Толик Шавловский [hidden email]: Dear all, can u help me with the problem?? (Hmmm ,,, I thought I wrote about this many times already?) There are two ways to have simultaneous limit working. First one, radutmp (+ checkrad). I've never used this. You might find more info in the docs and source code though. Did you read doc/Simultaneous-Use? Second one, use SQL: - enable sql in accounting section of sites-available/default - enable sql in session section of sites-available/default (and sites-available/inner-tunnel, if you use EAP) - uncomment simul_count_query in sql /*/ dialup.conf First method does NOT need sql for accounting. Likewise, second method does NOT need checkrad or any kind of access (snmp or whatever) to the NAS. Looks like you're mixing both. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/semulteneius-use-with-cisco-nas-tp5062116p5070360.html To unsubscribe from semulteneius-use with cisco nas, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/semulteneius-use-with-cisco-nas-tp5062116p5073878.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: semulteneius-use with cisco nas
Alan, sorry for wasting your time. I said that i am new in FR and I understand that problem is ME. I just asked to indicate what exact is wrong, I supposed that maillist was created for such purposes. Again sorry, for waisting your time. 14 декабря 2011, 13:05 от Alan DeKok-2 [via FreeRadius] ml-node+s1045715n507393...@n5.nabble.com: [hidden email] wrote: i made everything from: - enable sql in accounting section of sites-available/default - enable sql in session section of sites-available/default (and sites-available/inner-tunnel, if you use EAP) - uncomment simul_count_query in sql /*/ dialup.conf but it doesn't work(( The problem is you. I replied *twice* with a description of the requirements for Simultaneous-Use to work. I described what needs to happen. Both times you didn't reply. You MUST (1) understand the process, (2) follow the process, checking the packets data at each stage. You're not doing that. Instead, you're focussed on configuration. No amount of editing the configuration files will magically make it work. The configuration files are just one step out of many. You are fixated on the configuration files, and are ignoring ALL OF THE OTHER STEPS. I've been on this list for 10 years, and have seen problems like yours many, many, times. My best guess is that in your fanatical dedication to staring at the configuration files, you missed something critical. Until you understand that, everyone here is wasting their time by helping you. If you keep wasting peoples time, I will unsubscribe you. Sorry, but after 10 years of this kind of behavior, list etiquette has now become follow instructions or go away Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/semulteneius-use-with-cisco-nas-tp5062116p5073936.html To unsubscribe from semulteneius-use with cisco nas, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/semulteneius-use-with-cisco-nas-tp5062116p5073955.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: git timeout
Hi, i made git from your new link: $ git clone https://github.com/alandekok/freeradius-server.git then, cd freeradius-server $ git fetch origin v2.1.x:v2.1.x $ git checkout v2.1.x./configure but make fails(( freebsd# make Make.inc, line 84: Missing dependency operator Make.inc, line 87: Need an operator Make.inc, line 89: Missing dependency operator Make.inc, line 92: Need an operator Make.inc, line 94: Missing dependency operator Make.inc, line 95: Missing dependency operator Make.inc, line 96: Need an operator Make.inc, line 97: Need an operator Make.inc, line 99: Need an operator Make.inc, line 100: Need an operator Make.inc, line 106: Missing dependency operator Make.inc, line 109: Need an operator Makefile, line 70: Missing dependency operator Makefile, line 71: Missing dependency operator Makefile, line 88: Need an operator Makefile, line 89: Need an operator make: fatal errors encountered -- cannot continue thanks for help. 09 декабря 2011, 11:52 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5060960...@n5.nabble.com: 2011/12/9 Толик Шавловский [hidden email]: freebsd# ping git.freeradius.org PING git.freeradius.org (88.190.25.44): 56 data bytes 64 bytes from 88.190.25.44: icmp_seq=0 ttl=48 time=48.211 ms 64 bytes from 88.190.25.44: icmp_seq=1 ttl=48 time=48.253 ms 64 bytes from 88.190.25.44: icmp_seq=2 ttl=48 time=48.967 ms ^C --- git.freeradius.org ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 48.211/48.477/48.967/0.347 ms freebsd# git clone git://git.freeradius.org/freeradius-server.git Cloning into freeradius-server... git.freeradius.org[0: 88.190.25.44]: errno=Operation timed out fatal: unable to connect a socket (Operation timed out) i have conectivity You DO know that testing connectivity is MORE than just PING, right? git uses TCP port 9418 by default, so try a simple test like this: $ telnet git.freeradius.org 9418 If that port is blocked (by your ISP, perhaps), try https://github.com/alandekok/freeradius-server/tree/v2.1.x (should work, since even the most restrictive ISPs usually allow https). You can clone it using $ git clone https://github.com/alandekok/freeradius-server.git -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/git-timeout-tp5058438p5060960.html To unsubscribe from git timeout, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/git-timeout-tp5058438p5061003.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: git timeout
/usr/include/net/if_arp.h:88: error: field 'arp_pa' has incomplete type /usr/include/net/if_arp.h:89: error: field 'arp_ha' has incomplete type /usr/include/net/if_arp.h:115: error: expected specifier-qualifier-list before 'u_long' gmake[4]: *** [dhcp.lo] Error 1 gmake[4]: Leaving directory `/tmp/freeradius-server/src/lib' gmake[3]: *** [lib] Error 2 gmake[3]: Leaving directory `/tmp/freeradius-server/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/tmp/freeradius-server/src' gmake[1]: *** [src] Error 2 gmake[1]: Leaving directory `/tmp/freeradius-server' gmake: *** [all] Error 2i downloaded from $ git clone git://git.freeradius.org/freeradius-server.git $ cd freeradius-server $ git fetch origin v2.1.x:v2.1.x $ git checkout v2.1.x 09 декабря 2011, 12:23 от Alan DeKok-2 [via FreeRadius] ml-node+s1045715n5061040...@n5.nabble.com: [hidden email] wrote: but make fails(( freebsd# make Use Gnu make. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/git-timeout-tp5058438p5061040.html To unsubscribe from git timeout, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/git-timeout-tp5058438p5061287.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: git timeout
hi, i made gmake. 09 декабря 2011, 14:33 от Paul Thornton [via FreeRadius] ml-node+s1045715n5061320...@n5.nabble.com: On 09/12/2011 10:16, [hidden email] wrote: /usr/include/net/if_arp.h:88: error: field 'arp_pa' has incomplete type /usr/include/net/if_arp.h:89: error: field 'arp_ha' has incomplete type /usr/include/net/if_arp.h:115: error: expected specifier-qualifier-list before 'u_long' gmake[4]: *** [dhcp.lo] Error 1 gmake[4]: Leaving directory `/tmp/freeradius-server/src/lib' gmake[3]: *** [lib] Error 2 gmake[3]: Leaving directory `/tmp/freeradius-server/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/tmp/freeradius-server/src' gmake[1]: *** [src] Error 2 gmake[1]: Leaving directory `/tmp/freeradius-server' gmake: *** [all] Error 2 i downloaded from $ git clone git://git.freeradius.org/freeradius-server.git $ cd freeradius-server $ git fetch origin v2.1.x:v2.1.x $ git checkout v2.1.x Rather than using 'make' on FreeBSD, try 'gmake'. That will run Gnu Make as Alan suggested. Paul. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/git-timeout-tp5058438p5061320.html To unsubscribe from git timeout, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/git-timeout-tp5058438p5061405.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
semulteneius-use with cisco nas
hi, i continue configuring simulteneous-use with cisco NAS. My configs: mysql select * from radcheck; ++--+++--+ | id | username | attribute | op | value | ++--+++--+ | 11 | user | Cleartext-Password | := | user | | 3 | t...@wimax.com | Cleartext-Password | := | test | | 15 | KeepAliveUserNameAndPassword | Cleartext-Password | := | KeepAliveUserNameAndPassword | | 5 | te...@wimax.com | Cleartext-Password | := | test | | 10 | user | Simultaneous-Use | := | 1 | | 14 | te...@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data;| | 13 | t...@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data;| ++--+++--+ clients: client 10.169.33.11/24 { # require_message_authenticator = no secret = 12345 nastype = cisco login = snmp password= public } snmpget works: freebsd# snmpget -v2c -c public 10.169.33.11 sysUpTime.0 DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (147940948) 17 days, 2:56:49.48 debug: rad_recv: Access-Request packet from host 10.169.33.11 port 1645, id=104, length=159 User-Name = user Framed-MTU = 1400 Called-Station-Id = 0013.1a08.9340 Calling-Station-Id = 001b.7770.9159 Service-Type = Login-User Message-Authenticator = 0x2e82883f159c894bdd80b8ec62351994 EAP-Message = 0x020b001d19001703010012b37fc2616cb987f684d4f8af1145e855c165 NAS-Port-Type = Wireless-802.11 NAS-Port = 13431 State = 0x526a475d5a615e1a09ba39034fe381ca NAS-IP-Address = 10.169.33.11 NAS-Identifier = ap Thu Dec 8 17:26:25 2011 : Info: (36) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default Thu Dec 8 17:26:25 2011 : Info: (36) group authorize { Thu Dec 8 17:26:25 2011 : Info: (36) - entering group authorize {...} Thu Dec 8 17:26:25 2011 : Info: (36) [preprocess] = ok Thu Dec 8 17:26:25 2011 : Info: (36) [chap] = noop Thu Dec 8 17:26:25 2011 : Info: (36) [mschap] = noop Thu Dec 8 17:26:25 2011 : Info: (36) [digest] = noop Thu Dec 8 17:26:25 2011 : Info: (36) suffix : No '@' in User-Name = user, looking up realm NULL Thu Dec 8 17:26:25 2011 : Info: (36) suffix : No such realm NULL Thu Dec 8 17:26:25 2011 : Info: (36) [suffix] = noop Thu Dec 8 17:26:25 2011 : Info: (36) eap : EAP packet type response id 11 length 29 Thu Dec 8 17:26:25 2011 : Info: (36) eap : Continuing tunnel setup. Thu Dec 8 17:26:25 2011 : Info: (36) [eap] = ok Thu Dec 8 17:26:25 2011 : Info: (36) Found Auth-Type = ? Thu Dec 8 17:26:25 2011 : Info: (36) # Executing group from file /usr/local/etc/raddb/sites-enabled/default Thu Dec 8 17:26:25 2011 : Info: (36) group authenticate { Thu Dec 8 17:26:25 2011 : Info: (36) - entering group authenticate {...} Thu Dec 8 17:26:25 2011 : Info: (36) eap : Request found, released from the list Thu Dec 8 17:26:25 2011 : Info: (36) eap : EAP/peap Thu Dec 8 17:26:25 2011 : Info: (36) eap : processing type peap Thu Dec 8 17:26:25 2011 : Info: (36) peap : processing EAP-TLS Thu Dec 8 17:26:25 2011 : Info: (36) peap : eaptls_verify returned 7 Thu Dec 8 17:26:25 2011 : Info: (36) peap : Done initial handshake Thu Dec 8 17:26:25 2011 : Info: (36) peap : eaptls_process returned 7 Thu Dec 8 17:26:25 2011 : Info: (36) peap : FR_TLS_OK Thu Dec 8 17:26:25 2011 : Info: (36) peap : Session established. Decoding tunneled attributes. Thu Dec 8 17:26:25 2011 : Info: (36) peap : Peap state phase2 Thu Dec 8 17:26:25 2011 : Info: (36) peap : EAP type mschapv2 Thu Dec 8 17:26:25 2011 : Info: (36) peap : Got tunneled request EAP-Message = 0x020b00061a03 server { Thu Dec 8 17:26:25 2011 : Info: (36) peap : Setting User-Name to user Sending tunneled request EAP-Message = 0x020b00061a03 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = user State = 0xcb00ddfeca0bc7c30919b7db84ca14bd Framed-MTU = 1400 Called-Station-Id = 0013.1a08.9340 Calling-Station-Id = 001b.7770.9159 Service-Type = Login-User NAS-Port-Type = Wireless-802.11 NAS-Port = 13431 NAS-IP-Address = 10.169.33.11 NAS-Identifier = ap server inner-tunnel { Thu Dec 8 17:26:25 2011 : Info: (36) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/inner-tunnel Thu Dec 8 17:26:25 2011 : Info: (36) group authorize { Thu Dec 8 17:26:25 2011 : Info: (36) - entering group authorize {...} Thu Dec 8 17:26:25 2011 : Info:
Re[2]: semulteneius-use with cisco nas
Alan, i am really not experienced with freeradius and mysql. I made everything with your website. I kindly ask you for help. i made test in the following manner: 1. connect 1st laptop via Ap (NAS) with user/user 2. connect second laptop simult-use feature should block second one, as i understood. from your previuos emailing i understood that acounting is send if we use database, so I configured authentication from mysql. in the debug i see Accounting-Request packet and Accounting-Response. can you describe what is not met?? thanks for help. 09 декабря 2011, 19:50 от Alan DeKok-2 [via FreeRadius] ml-node+s1045715n5062175...@n5.nabble.com: [hidden email] wrote: what can be an issue? As I said a few days ago: Simultaneous-Use checks are done if the server receives accounting packets, AND a user session is still open, AND that user tries to log in a second time from a different location. The debug log makes it clear that those conditions are NOT met. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/semulteneius-use-with-cisco-nas-tp5062116p5062175.html To unsubscribe from semulteneius-use with cisco nas, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/semulteneius-use-with-cisco-nas-tp5062116p5062201.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: authentetication with mysql and NAS type= other
oh, sorry but that username could be authenticated) mysql select * from radcheck; ++-+++--+ | id | username | attribute | op | value | ++-+++--+ | 11 | user | Cleartext-Password | := | user | | 3 | t...@wimax.com | Cleartext-Password | := | test | | 5 | te...@wimax.com | Cleartext-Password | := | test | | 10 | user | Simultaneous-Use | := | 1 | | 8 | t...@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data | | 9 | te...@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data | ++-+++--+ 08 декабря 2011, 11:51 от Alan DeKok-2 [via FreeRadius] ml-node+s1045715n5057987...@n5.nabble.com: Толик Шавловский wrote: Hi, mysql use freeradius; Database changed mysql select * from radcheck; ++-+++--+ | id | username | attribute | op | value | ++-+++--+ | 1 | user | Password | == | user | Change that to Cleartext-Password and :=, like the other entries. all usernames are authenticated for WiFi. Wimax cannot. Post the debug output for WiMAX. Honestly, I don't see why *anyone* needs to be told this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5057987.html To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5058005.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
git timeout
Hi, i am making procedure for Alvarion IOT. freebsd# /usr/local/bin/git clone git://git.freeradius.org/freeradius-server.git Cloning into freeradius-server... git.freeradius.org[0: 88.190.25.44]: errno=Operation timed out fatal: unable to connect a socket (Operation timed out) are there other way? thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/git-timeout-tp5058438p5058438.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[8]: authentetication with mysql and NAS type= other
how can i see inner-tunnel portion? from debug? so, u didn't answer, how did u know it was extreme?) 08 декабря 2011, 16:20 от David Peterson-19 [via FreeRadius] ml-node+s1045715n5058598...@n5.nabble.com: Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified. The 4-Motion product is fully WiMax certified as you point out. WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel. If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Thursday, December 08, 2011 2:34 AM To: [hidden email] Subject: Re[6]: authentetication with mysql and NAS type= other David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email] So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от David Peterson-19 [via FreeRadius] [hidden email]: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = KeepAliveSessionId,User-Name = KeepAliveUserNameAndPassword' [acct_unique] Acct-Unique-Session-ID = d83a716ff7f93aa5. ++[acct_unique] returns ok [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t - Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = KeepAliveSessionId User-Password = KeepAliveUserNameAndPassword # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} - KeepAliveUserNameAndPassword [sql] sql_set_user escaped user -- 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) === login and password are correct! ow did you jnow that its extreme by NAS identifirer? 07 декабря 2011, 19:16 от David Peterson-19 [via FreeRadius] [hidden email]: The only requests
Re[6]: freeradius2 installation error
Dear All, i installed FR v 2.1.2 and mysql 5.1.55. user database is in mysql DB. 1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working. 2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file. what can be a problem? thanks. 06 декабря 2011, 20:12 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5052587...@n5.nabble.com: On Tue, Dec 6, 2011 at 10:51 PM, [hidden email] [hidden email] wrote: Dear Fajar, i failed to intergate FR + mysql, i was informed that my FR is without mysql module. then why didn't you ask that in the first place? It'd save lots of time. i am in process of building from the source. so, after: 1. i build mysql-server Not necessarily. Binary tar/package from http://dev.mysql.com/downloads/mysql should also work. Personally, I'd avoid having to build mysql from source. It takes a VERY long time. Also, you don't really need the server. FR only needs the client part (with corresponding headers/libs). Anyway, whatever method you use (build from ports, compile manually, installing binary package, whatever) you need to make sure that mysql headers and libraries are available. One way (though not the ONLY way) to verify this is by running mysql_config, then look at include and libs output, then see if the files are there. For example, on my Ubuntu box: #= $ mysql_config Usage: /usr/bin/mysql_config [OPTIONS] Options: --cflags [-I/usr/include/mysql -fno-omit-frame-pointer -g -pipe -Wno-uninitialized -DUNIV_LINUX] --include [-I/usr/include/mysql] --libs [-Wl,-Bsymbolic-functions -rdynamic -L/usr/lib/mysql -lmysqlclient -L/usr/lib/ -lssl -lcrypto] --libs_r [-Wl,-Bsymbolic-functions -rdynamic -L/usr/lib/mysql -lmysqlclient_r -L/usr/lib/ -lssl -lcrypto] --plugindir [/usr/lib/mysql/plugin] --socket [/var/run/mysqld/mysqld.sock] --port [0] --version [5.3.2-MariaDB-beta] --libmysqld-libs [-Wl,-Bsymbolic-functions -rdynamic -L/usr/lib/mysql -lmysqld -ldl -lwrap -lrt -L/usr/lib/ -lssl -lcrypto] $ ls /usr/include/mysql/ client_plugin.h my_alloc.h my_getopt.h mysqld_ername.h my_valgrind.h services.h typelib.h decimal.h my_attribute.h my_global.h mysqld_error.h my_xml.h service_thd_alloc.h errmsg.h my_compiler.h my_list.h mysql_embed.h plugin_auth_common.h sql_common.h keycache.h my_config.h my_net.h mysql.h plugin_auth.h sql_state.h ma_dyncol.h my_dbug.h my_no_pthread.h mysql_time.h plugin.h sslopt-case.h m_ctype.h my_decimal_limits.h my_pthread.h mysql_version.h service_my_snprintf.h sslopt-longopts.h m_string.h my_dir.h mysql_com.h my_sys.h service_progress_report.h sslopt-vars.h $ ls /usr/lib /*mysqlclient* /usr/lib/libmysqlclient.a /usr/lib/libmysqlclient_r.so /usr/lib/libmysqlclient_r.so.16.0.0 /usr/lib/libmysqlclient.so.16 /usr/lib/libmysqlclient.la /usr/lib/libmysqlclient_r.so.15 /usr/lib/libmysqlclient.so /usr/lib/libmysqlclient.so.16.0.0 /usr/lib/libmysqlclient_r.a /usr/lib/libmysqlclient_r.so.15.0.0 /usr/lib/libmysqlclient.so.15 /usr/lib/libmysqlclient_r.la /usr/lib/libmysqlclient_r.so.16 /usr/lib/libmysqlclient.so.15.0.0 #= 2. install mysql driver for Rf correct? Just build freeradius following the simple instruction in the wiki. IF mysql headers and drivers are there, AND you have a working mysql_config somewhere (/usr/bin/, /usr/local/bin, whatever) then mysql support should be built in by default. However, IF the headers/libs are NOT in the default places, you might have to specify some parameters to configure: --with-mysql-include-dir=DIR Directory where the mysql includes may be found --with-mysql-lib-dir=DIR Directory where the mysql libraries may be found --with-mysql-dir=DIR Base directory where mysql is installed In any case, make sure you READ the output from ./configure. Hint: it's easier to do so if you redirect the output to a file, something like ./configure | tee configure-output.txt The output should show whether the configure script was able to find mysql headers/libs or not. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/freeradius2-installation-error-tp5052326p5052587.html To unsubscribe from freeradius2 installation error, click here. NAML
authentetication with mysql and NAS type= other
Dear All, i installed FR v 2.1.2 and mysql 5.1.55. user database is in mysql DB. 1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working. 2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file. what can be a problem? thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055689.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: authentetication with mysql and NAS type= other
here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = KeepAliveSessionId # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = KeepAliveSessionId,User-Name = KeepAliveUserNameAndPassword' [acct_unique] Acct-Unique-Session-ID = d83a716ff7f93aa5. ++[acct_unique] returns ok [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t - Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = KeepAliveSessionId # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = KeepAliveSessionId,User-Name = KeepAliveUserNameAndPassword' [acct_unique] Acct-Unique-Session-ID = d83a716ff7f93aa5. ++[acct_unique] returns ok [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t - Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = KeepAliveSessionId # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = KeepAliveSessionId,User-Name = KeepAliveUserNameAndPassword' [acct_unique] Acct-Unique-Session-ID = d83a716ff7f93aa5. ++[acct_unique] returns ok [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t - Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = KeepAliveSessionId # Executing section preacct from file
Re[4]: authentetication with mysql and NAS type= other
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = KeepAliveSessionId,User-Name = KeepAliveUserNameAndPassword' [acct_unique] Acct-Unique-Session-ID = d83a716ff7f93aa5. ++[acct_unique] returns ok [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t - Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = KeepAliveSessionId User-Password = KeepAliveUserNameAndPassword # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} - KeepAliveUserNameAndPassword [sql] sql_set_user escaped user -- 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli )=== login and password are correct! ow did you jnow that its extreme by NAS identifirer? 07 декабря 2011, 19:16 от David Peterson-19 [via FreeRadius] ml-node+s1045715n5055966...@n5.nabble.com: The only requests I see are User-Name = KeepAliveUserNameAndPassword This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = KeepAliveSessionId # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = KeepAliveSessionId,User-Name = KeepAliveUserNameAndPassword' [acct_unique] Acct-Unique-Session-ID = d83a716ff7f93aa5. ++[acct_unique] returns ok [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d
Re[6]: authentetication with mysql and NAS type= other
David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like 97697...@wimax.com So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от David Peterson-19 [via FreeRadius] ml-node+s1045715n5056216...@n5.nabble.com: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = KeepAliveSessionId,User-Name = KeepAliveUserNameAndPassword' [acct_unique] Acct-Unique-Session-ID = d83a716ff7f93aa5. ++[acct_unique] returns ok [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t - Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = KeepAliveSessionId User-Password = KeepAliveUserNameAndPassword # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = KeepAliveUserNameAndPassword, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} - KeepAliveUserNameAndPassword [sql] sql_set_user escaped user -- 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id - SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) === login and password are correct! ow did you jnow that its extreme by NAS identifirer? 07 декабря 2011, 19:16 от David Peterson-19 [via FreeRadius] [hidden email]: The only requests I see are User-Name = KeepAliveUserNameAndPassword This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = KeepAliveUserNameAndPassword NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = \000\000\000\000\000 NAS-Identifier = 1137128000 WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop
problem with packet management on freebsd
Hi, i have the problem with packet management running on freebsd: FreeBSD# pkg_add -r freeradius-mysql-1.1.8_4.tbz Error: Unable to get ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/freeradius-mysql-1.1.8_4.tbz: File unavailable (e.g., file not found, no access) pkg_add: unable to fetch 'ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/freeradius-mysql-1.1.8_4.tbz' by URL but i can access by ftp ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-9-stable/Latest/ and download freeradius-mysql-1.1.8_4.tbz what can be a problem? thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/problem-with-packet-management-on-freebsd-tp5051348p5051348.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: problem with packet management on freebsd
I used version 2.1.12 and it didn't have mysql driver . thats from my previous version: FreeBSD# locate rlm_sql /usr/local/lib/freeradius-2.1.9/rlm_sql-2.1.9.la /usr/local/lib/freeradius-2.1.9/rlm_sql-2.1.9.so /usr/local/lib/freeradius-2.1.9/rlm_sql.a /usr/local/lib/freeradius-2.1.9/rlm_sql.la /usr/local/lib/freeradius-2.1.9/rlm_sql.so /usr/local/lib/freeradius-2.1.9/rlm_sql_log-2.1.9.la /usr/local/lib/freeradius-2.1.9/rlm_sql_log-2.1.9.so /usr/local/lib/freeradius-2.1.9/rlm_sql_log.a /usr/local/lib/freeradius-2.1.9/rlm_sql_log.la /usr/local/lib/freeradius-2.1.9/rlm_sql_log.so /usr/local/lib/freeradius-2.1.9/rlm_sqlcounter-2.1.9.la /usr/local/lib/freeradius-2.1.9/rlm_sqlcounter-2.1.9.so /usr/local/lib/freeradius-2.1.9/rlm_sqlcounter.a /usr/local/lib/freeradius-2.1.9/rlm_sqlcounter.la /usr/local/lib/freeradius-2.1.9/rlm_sqlcounter.so /usr/local/lib/freeradius-2.1.9/rlm_sqlippool-2.1.9.la /usr/local/lib/freeradius-2.1.9/rlm_sqlippool-2.1.9.so /usr/local/lib/freeradius-2.1.9/rlm_sqlippool.a /usr/local/lib/freeradius-2.1.9/rlm_sqlippool.la /usr/local/lib/freeradius-2.1.9/rlm_sqlippool.so /usr/local/man/man5/rlm_sql.5.gz /usr/local/man/man5/rlm_sql_log.5.gz /usr/local/share/doc/freeradius/rlm_sql /usr/local/share/doc/freeradius/rlm_sqlcounter /usr/local/share/doc/freeradius/rlm_sqlippool 06 декабря 2011, 12:45 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5051444...@n5.nabble.com: 2011/12/6 Толик Шавловский [hidden email]: Hi, thanks for your answer. but your link http://www.freebsd.org/cgi/ports.cgi?query=freeradiusamp;stype=allamp;sektion=net has th anly fr-mysql version: freeradius-mysql-1.1.8_4 i need freebsd FR version with mysql. (1) Try 2.1.12, or ask freebsd maintainers, just in case it already has mysql support, OR (2) build it yourself: http://wiki.freeradius.org/Build If you have mysql header and libraries on your system, the resulting binary should have mysql support. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/problem-with-packet-management-on-freebsd-tp5051348p5051444.html To unsubscribe from problem with packet management on freebsd, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/problem-with-packet-management-on-freebsd-tp5051348p5051456.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius2 installation error
freeradius-2.1.12 depends on executable: gmake - found === freeradius-2.1.12 depends on file: /usr/local/bin/perl5.12.4 - found === freeradius-2.1.12 depends on file: /usr/local/bin/autoconf-2.68 - found === freeradius-2.1.12 depends on package: libtool=2.4 - found === freeradius-2.1.12 depends on shared library: gdbm.4 - found === freeradius-2.1.12 depends on shared library: krb5.26 - not found ===Verifying install for krb5.26 in /usr/ports/security/heimdal === heimdal-1.4_1 depends on file: /usr/local/lib/libcrack.a - found === heimdal-1.4_1 depends on file: /usr/local/bin/autoconf-2.68 - found === heimdal-1.4_1 depends on package: libtool=2.4 - found === heimdal-1.4_1 depends on executable: pkg-config - found === heimdal-1.4_1 depends on shared library: ldap-2.4.8 - not found ===Verifying install for ldap-2.4.8 in /usr/ports/net/openldap24-client === Vulnerability check disabled, database not found === License OPENLDAP accepted by the user === Found saved configuration for openldap-client-2.4.26 === Extracting for openldap-sasl-client-2.4.26 = SHA256 Checksum OK for openldap-2.4.26.tgz. === Patching for openldap-sasl-client-2.4.26 === Applying FreeBSD patches for openldap-sasl-client-2.4.26 === openldap-sasl-client-2.4.26 depends on package: libtool=2.4 - found === openldap-sasl-client-2.4.26 depends on shared library: sasl2.2 - not found ===Verifying install for sasl2.2 in /usr/ports/security/cyrus-sasl2 === cyrus-sasl-2.1.25_1 is marked as broken: SQLITE and SQLITE3 are mutually exclusive.. *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2. *** Error code 1 Stop in /usr/ports/net/openldap24-client. *** Error code 1 Stop in /usr/ports/net/openldap24-client. *** Error code 1 Stop in /usr/ports/security/heimdal. *** Error code 1 Stop in /usr/ports/security/heimdal. *** Error code 1 Stop in /usr/ports/net/freeradius2. *** Error code 1 Stop in /usr/ports/net/freeradius2. == Hi, freeradius2 has error while installing under freebsd. I made (make clean), and againt make install clean ...always the same error. what can be the problem? thanks -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius2-installation-error-tp5052326p5052326.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: freeradius2 installation error
but i want to build from /usr/ports, beacause such freeradisu propose mysql module. freeradius-2.1.2 form source doesn't include mysql module. 06 декабря 2011, 19:16 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5052385...@n5.nabble.com: On Tue, Dec 6, 2011 at 9:59 PM, [hidden email] [hidden email] wrote: freeradius-2.1.12 depends on executable: gmake - found === freeradius-2.1.12 depends on file: /usr/local/bin/perl5.12.4 - found == Hi, freeradius2 has error while installing under freebsd. I made (make clean), and againt make install clean ...always the same error. what can be the problem? Did you folllow http://wiki.freeradius.org/Build#Building+from+Source ? If you did, it should work, and it shouldn't generate those messages. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/freeradius2-installation-error-tp5052326p5052385.html To unsubscribe from freeradius2 installation error, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius2-installation-error-tp5052326p5052422.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: freeradius2 installation error
Dear Fajar, i failed to intergate FR + mysql, i was informed that my FR is without mysql module. i am in process of building from the source. so, after: 1. i build mysql-server 2. install mysql driver for Rf correct? 06 декабря 2011, 19:40 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5052460...@n5.nabble.com: On Tue, Dec 6, 2011 at 10:31 PM, [hidden email] [hidden email] wrote: but i want to build from /usr/ports, Then ask ports maintaners. Really. beacause such freeradisu propose mysql module. freeradius-2.1.2 form source doesn't include mysql module. How did you reach that conclusion? Did you think the ports maintainer magically create a module that's not included in the source? Did you even TRY to build from the source when you actually HAVE mysql headers and libraries installed? -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/freeradius2-installation-error-tp5052326p5052460.html To unsubscribe from freeradius2 installation error, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/freeradius2-installation-error-tp5052326p5052502.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[6]: freeradius2 installation error
cd freeradius2 freebsd_v8# make === Vulnerability check disabled, database not found === License GPLv2 accepted by the user === Found saved configuration for freeradius-2.1.12 === Extracting for freeradius-2.1.12 = SHA256 Checksum OK for freeradius-server-2.1.12.tar.bz2. === freeradius-2.1.12 depends on file: /usr/local/bin/perl5.12.4 - found === Patching for freeradius-2.1.12 === freeradius-2.1.12 depends on file: /usr/local/bin/perl5.12.4 - found === Applying FreeBSD patches for freeradius-2.1.12 === freeradius-2.1.12 depends on executable: gmake - found === freeradius-2.1.12 depends on file: /usr/local/bin/perl5.12.4 - found === freeradius-2.1.12 depends on file: /usr/local/bin/autoconf-2.68 - found === freeradius-2.1.12 depends on package: libtool=2.4 - found === freeradius-2.1.12 depends on shared library: gdbm.4 - found === freeradius-2.1.12 depends on shared library: krb5.26 - not found === Verifying install for krb5.26 in /usr/ports/security/heimdal === heimdal-1.4_1 depends on file: /usr/local/lib/libcrack.a - found === heimdal-1.4_1 depends on file: /usr/local/bin/autoconf-2.68 - found === heimdal-1.4_1 depends on package: libtool=2.4 - found === heimdal-1.4_1 depends on executable: pkg-config - found === heimdal-1.4_1 depends on shared library: ldap-2.4.8 - not found === Verifying install for ldap-2.4.8 in /usr/ports/net/openldap24-client === openldap-sasl-client-2.4.26 depends on package: libtool=2.4 - found === openldap-sasl-client-2.4.26 depends on shared library: sasl2.2 - not found === Verifying install for sasl2.2 in /usr/ports/security/cyrus-sasl2 === cyrus-sasl-2.1.25_1 is marked as broken: SQLITE and SQLITE3 are mutually exclusive.. *** Error code 1 Stop in /usr/ports/security/cyrus-sasl2. *** Error code 1 Stop in /usr/ports/net/openldap24-client. *** Error code 1 Stop in /usr/ports/net/openldap24-client. *** Error code 1 Stop in /usr/ports/security/heimdal. *** Error code 1 Stop in /usr/ports/security/heimdal. *** Error code 1 Stop in /tmp/freeradius2. *** Error code 1 Stop in /tmp/freeradius2. the same while installing from source(( 06 декабря 2011, 20:12 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5052587...@n5.nabble.com: On Tue, Dec 6, 2011 at 10:51 PM, [hidden email] [hidden email] wrote: Dear Fajar, i failed to intergate FR + mysql, i was informed that my FR is without mysql module. then why didn't you ask that in the first place? It'd save lots of time. i am in process of building from the source. so, after: 1. i build mysql-server Not necessarily. Binary tar/package from http://dev.mysql.com/downloads/mysql should also work. Personally, I'd avoid having to build mysql from source. It takes a VERY long time. Also, you don't really need the server. FR only needs the client part (with corresponding headers/libs). Anyway, whatever method you use (build from ports, compile manually, installing binary package, whatever) you need to make sure that mysql headers and libraries are available. One way (though not the ONLY way) to verify this is by running mysql_config, then look at include and libs output, then see if the files are there. For example, on my Ubuntu box: #= $ mysql_config Usage: /usr/bin/mysql_config [OPTIONS] Options: --cflags [-I/usr/include/mysql -fno-omit-frame-pointer -g -pipe -Wno-uninitialized -DUNIV_LINUX] --include [-I/usr/include/mysql] --libs [-Wl,-Bsymbolic-functions -rdynamic -L/usr/lib/mysql -lmysqlclient -L/usr/lib/ -lssl -lcrypto] --libs_r [-Wl,-Bsymbolic-functions -rdynamic -L/usr/lib/mysql -lmysqlclient_r -L/usr/lib/ -lssl -lcrypto] --plugindir [/usr/lib/mysql/plugin] --socket [/var/run/mysqld/mysqld.sock] --port [0] --version [5.3.2-MariaDB-beta] --libmysqld-libs [-Wl,-Bsymbolic-functions -rdynamic -L/usr/lib/mysql -lmysqld -ldl -lwrap -lrt -L/usr/lib/ -lssl -lcrypto] $ ls /usr/include/mysql/ client_plugin.h my_alloc.h my_getopt.h mysqld_ername.h my_valgrind.h services.h typelib.h decimal.h my_attribute.h my_global.h mysqld_error.h my_xml.h service_thd_alloc.h errmsg.h my_compiler.h my_list.h mysql_embed.h plugin_auth_common.h sql_common.h keycache.h my_config.h my_net.h mysql.h plugin_auth.h sql_state.h ma_dyncol.h my_dbug.h my_no_pthread.h mysql_time.h plugin.h sslopt-case.h m_ctype.h my_decimal_limits.h my_pthread.h mysql_version.h service_my_snprintf.h sslopt-longopts.h m_string.h my_dir.h mysql_com.h my_sys.h service_progress_report.h sslopt-vars.h $ ls /usr/lib /*mysqlclient* /usr/lib/libmysqlclient.a /usr/lib/libmysqlclient_r.so /usr/lib/libmysqlclient_r.so.16.0.0
Re[2]: configuration freeradius for no simultaneous use
Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. 02 декабря 2011, 11:49 от Alan DeKok-2 [via FreeRadius] ml-node+s1045715n5040921...@n5.nabble.com: [hidden email] wrote: i need your help in configuration freeradius for no simultaneous use. doc/Simultaneous-Use See also the Wiki. Have you read that documentation and followed the instructions there? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5040921.html To unsubscribe from configuration freeradius for no simultaneous use, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041046.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[6]: configuration freeradius for no simultaneous use
Fajar, thanks. I understand how to search. 02 декабря 2011, 13:53 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5041277...@n5.nabble.com: 2011/12/2 Толик Шавловский [hidden email]: Dear Alan, I assume you want help from anyone, not just Alan, so I'll add some comments here. i am not good acquainted with freeradius. So, from doc/Simultaneous-use i understood that freeradius requres script, which will connect to NAS and check user session. Am i right? That's one way to do that (and possibly the most accurate way). But not the ONLY way. You can make it work without the script, if you store accounting data in sql. See (for example) raddb/sql/mysql/dialup.conf, look for simul_count_query and simul_verify_query. But again, you need to store accounting data for it to work. -- Fajar 02 декабря 2011, 12:43 от Fajar A. Nugraha [hidden email]: On Fri, Dec 2, 2011 at 3:37 PM, [hidden email] [hidden email] wrote: Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. Did you read the doc? Or the reply I sent earlier? It requires MORE than just that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041277.html To unsubscribe from configuration freeradius for no simultaneous use, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041322.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[6]: configuration freeradius for no simultaneous use
Hi, according to doc: === 3. IMPLEMENTATION The server keeps a list of logged-in users in the /var/log/radutmp file. This is also called the session database. When you execute radwho, all that radwho really does is list the entries in this file in a pretty format. Only when someone tries to login who _already_ has an active session according to the radutmp file, the server executes the perl script /usr/local/sbin/checkrad (or /usr/sbin/checkrad, it checks for the presence of both and in that order). This script queries the terminal server to see if the user indeed already has an active session. The script uses SNMP for Livingston Portmasters and Ciscos, finger for Portslave, Computone and Ascend, and Net::Telnet for USR/3Com TC. Since the script has been witten in perl, it's easy to adjust for any type of terminal server. There are implementations in the script for checks using SNMP, finger, and telnet, so it should be easy to add your own check routine if your terminal server is not supported yet. You can find the script in the file src/checkrad.pl. You need to set the correct type in the file /etc/raddb/naslist so that checkrad KNOWS how it should interrogate the terminal server. At this time you can define the following types: = my /usr/local/etc/raddb doesn't has naslist ans naspassword files. If i configure them manually, so freeradius will connect to NAS (we use cisco) via snmp and check user session? So, in such way i don't need script? thanks. 02 декабря 2011, 13:53 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5041277...@n5.nabble.com: 2011/12/2 Толик Шавловский [hidden email]: Dear Alan, I assume you want help from anyone, not just Alan, so I'll add some comments here. i am not good acquainted with freeradius. So, from doc/Simultaneous-use i understood that freeradius requres script, which will connect to NAS and check user session. Am i right? That's one way to do that (and possibly the most accurate way). But not the ONLY way. You can make it work without the script, if you store accounting data in sql. See (for example) raddb/sql/mysql/dialup.conf, look for simul_count_query and simul_verify_query. But again, you need to store accounting data for it to work. -- Fajar 02 декабря 2011, 12:43 от Fajar A. Nugraha [hidden email]: On Fri, Dec 2, 2011 at 3:37 PM, [hidden email] [hidden email] wrote: Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. Did you read the doc? Or the reply I sent earlier? It requires MORE than just that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041277.html To unsubscribe from configuration freeradius for no simultaneous use, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041384.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configuration freeradius for no simultaneous use
Hi, i need your help in configuration freeradius for no simultaneous use. So, i need one active user per login/password. I configured user as follow: te...@wimax.com Cleartext-Password := test Framed-Filter-Id = SP=data:MSF=data;, Simultaneous-Use = 1, but my WIMAX CPEs (also WiFi users) continue connecting with the same login/password. what can be the issue? thanks Anatolii -- View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5040887.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html