virtual server. I was just wandering if there was a way for
me to proxy these packets to the correct virtual server based on the
attributes in them, namely NAS-IP-Address?
Perhaps to create another virtual server to handle those specific
radrelay hosts and then proxy them...
Kind Regards,
Etienne
accounting request. I do not want it to attempt to proxy the accounting
request to the IPASS server when it is radrelaying, as it should only
store the packet details into sql.
Can anyone perhaps give me an idea how to work around this issue.
Kind Regards,
Etienne Pretorius
rad_recv: Accounting
"IPASS"
There is no packet that leaves this server (tcpdump agrees), which is
correct since it is a radrelayed packet. The server that radrelayed the
request never receives a response from the server whose freeradius -X
dump is attached in the previous email.
Kind Regards,
Etienne Pret
...
Kind Regards,
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello Alan,
> Etienne Pretorius wrote:
> > When I change the REALM to the following:
> >
> > realm IPASS {
> > nostrip
> > #pool = IPASS
> > Proxy-To-Realm := LOCAL
> > }
>
> It won't work. You can't put "proxy
subscribe? See http://www.freeradius.org/list/users.html
man radclient
echo "Attribute0=Value0,Attribute1=Value1,.." | radclient -x 127.0.01
auth secret
Kind Regards
Etienne Pretorius
Network Administrator
<http://www.kingsley.co.za>
-
List info/subscribe/unsubscribe? See http:
Your NAS' need support for Radius Extensions... the Interm-Accounting
attributes.
Then, once this is working, you can always add a script to the
accouting section to process the limits you want to impose.
Kind
Regards
Etienne Pretorius
Network Administrator
Kingsley Technologies
Hello List,
I am redoing our radius setup into FreeRadius 2.0.4 and I need some advise.
Lets say I have 3 FreeRadius servers (A,B,C) and I would like to sync
the accounting packet between them.
On server A, I created copy-acct-to-home-server for B and C;
On server B, I created copy-acct-to-ho
Alan DeKok wrote:
What you need is a simple rule:
if NOT from (other two servers)
copy to other two servers
e.g.
if ((Packet-Src-IP-Address != A) && (Packet-Src-IP-Address != B)) {
copy-acct-to-home-server-A
copy-acct-to-home-
Alan,
Could you please tell me what attributes I should use in the Accounting
section to achieve the following:
if ((Packet-Src-IP-Address != A) && (Packet-Src-IP-Address != B)) {
copy-acct-to-home-server-A
copy-acct-to-home-server-B
}
I have tried Cl
Alan DeKok wrote:
Etienne Pretorius wrote:
Could you please tell me what attributes I should use in the Accounting
section to achieve the following:
if ((Packet-Src-IP-Address != A) && (Packet-Src-IP-Address != B)) {
copy-acct-to-home-server-A
copy-acct-to-home-
Alan DeKok wrote:
Etienne Pretorius wrote:
expand: %{control:Packet-Src-IP-Address} ->
?? Evaluating ("%{control:Packet-Src-IP-Address}" != "XXX.XXX.XXX.XXX")
That isn't what I suggested.
-> TRUE
OR when I took the condition verbatim from you
Alan DeKok wrote:
Etienne Pretorius wrote:
FreeRadius 2.0.4 Distro: Debian Stable (lenny)
Upgrade.
Alan, Thank you for your help. Will do... starting upgrade.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Etienne Pretorius wrote:
Alan DeKok wrote:
Etienne Pretorius wrote:
FreeRadius 2.0.4 Distro: Debian Stable (lenny)
Upgrade.
Alan, Thank you for your help. Will do... starting upgrade.
Upgraded to FreeRadius 2.1.8 Distro: Debian Testing (Sid)
Same error
Hello List,
I seen to have a small issue.
I have 2 running Freeradius 2.1.8 servers. I have set up proxying via
the detail file readers - but for some strange reason, when the packet
arrives at the remote server It says that it has received the
Accounting-Request but then does no processing.
Etienne Pretorius wrote:
Hello List,
I seen to have a small issue.
I have 2 running Freeradius 2.1.8 servers. I have set up proxying via
the detail file readers - but for some strange reason, when the packet
arrives at the remote server It says that it has received the
Accounting-Request
PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
For more information about these matters, see the file named COPYRIGHT.
;=====
Using Debian Linux.
Kind Regards,
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Never-mind,
I stumbled upon a documented bug with freeradius -X command and detail
listeners...
Kind Regards,
Etienne Pretorius
On Wed, 2011-03-09 at 13:22 +0200, Etienne Pretorius wrote:
> Hello All,
>
> Can anyone make sense of this for me?
>
> ASSERT FAILED event.c[1181]:
Hello List,
Should I be worried about the following line in the Debug Output?
WARNING: Unknown destination 127.0.0.1:1700 for CoA request.
Kind Regards,
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
roduction environment?
update disconnect {
User-Name = "%{request:User-Name}"
NAS-IP-Address = "%{request:NAS-IP-Address}"
Framed-IP-Address = "%{request:Framed-IP-Address}"
X-Ascend-Session-Svr-Key = "%{request:X-Ascend-Session-Svr-Key}"
equest:Framed-IP-Address}"
> X-Ascend-Session-Svr-Key = "%{request:X-Ascend-Session-Svr-Key}"
> Packet-Dst-Port = 1700
> }
>
> > Kind Regards,
> > Etienne Pretorius
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freer
ate the any help or comments
about the subject at hand.
Thank you.
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Etienne Pretorius wrote:
Hello List,
I would like to know if it is possible to setup FreeRAIUS not to log
accounting info from a specific server to the detail file and still
log the accounting info into the local mysql database.
Some background on the subject:
I have recently taken over the
Hello everyone.
I've been going a bit mad on this subject for a while. I am receiving
proxied requests from my upstream provider and I am also doing
authentication locally. The issue I've been experiencing has to do with
this error handed to me from my upstream provider :
Tue Jan 2 09:47:05
attempting to process group 'B'
sqlcounter.
Kind Regards
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Keith Dovale wrote:
Hi Etienne, are you also limiting your users based on traffic usage ?
Yes, I am.
Kind Regards
Etienne Pretorius
<http://www.kingsley.co.za>
Regards
Keith Dovale
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of E
#x27;'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): - sql_xlat finished
rlm_sql (sql): Released sql socket id: 3
radius_xlat: '1073741824'
rlm_sqlcounter: (Check item - counter) is less than zero
rlm_sqlcounter: Rejected user [EMAIL PROTECTED], check_item=-1,
count
Etienne Pretorius wrote:
Hello List,
I have managed to get sqlcounter working for tracking the octets in
the accounting database. Could someone give me a hint as how I would
say allow a user for group 'A' to use up their octets and if the user
also belongs to group 'B
I am an idiot,
The Autz-Type and the like are configuration items that are processed in
their own sections. The sql module changes reply and check items.
Sorry for the waisted bandwith.
Kind Regards
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
for request 0
modcall: entering group for request 0
rlm_sqlcounter: Entering module authorize code
/etc/freeradius# grep read_groups *
sql.conf: read_groups = yes
--
Kind Regards
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ng entry in the database for request from user
[EMAIL PROTECTED]@dsl]
modcall[authorize]: module "sql" returns notfound for request 1
Can someone please explain why the entry is not found. When I perform
each quey all the groups are shown but rlm_sql only ever finds the user
when as
Phil Mayers wrote:
Etienne Pretorius wrote:
Hello List,
I am on FreeRadius 1.1.6-1 on debian etch.
I have a user that belongs to both DSL and DIAL groups.
The groups are "merged"
http://marc.info/?l=freeradius-users&m=119010719300080&w=2
This works "properly"
Hello list,
Is there anyway that I could make radclient send a packet from a
diffrent src ipaddress on a multihomed host
--
Kind
Regards
Etienne Pretorius
Network Administrator
Kingsley Technologies
Email: [EMAIL PROTECTED]
Tel: 086 11 KTECH
Local Fax: 086 611 5001
International Fax: +27 21
triggers via 0 session length
radius packets).
--
Kind Regards
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok wrote:
Etienne Pretorius wrote:
I need to know why the radrelay application stops replacation when it
comes across a 0 session length packet.
Because the RADIUS server says that the accounting packet was not
processed, so radrelay tries to send it again. This is what a
a the NAS-PortId field is a varchar(15)
and I see it being used. The dictionary.rfc2138 just states it is an
integer so
what is the maximum range on the NAS-Port field?
If it has been changed, could someone point me to the correct RFC.
--
Kind Regards
Etienne Pretorius
-
List info/subs
Etienne Pretorius wrote:
Hello List,
Probably not the right place to ask but I would like to know if
someone could explain to me the following:
According to RFC2138, the maximum range for the NAS-Port is 16 bits,
so with the Type and Length fields to total length is 6 octets.
But with
("CCa*",87,2+strlen($port),$port).
//NAS-Port-Id
pack("CC",61,6,0,0,0,5);
//NAS-Port-Type (=Virtual)
--
Kind Regards
Etienne Pretorius
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I would rather keep it as it is, as it is a problem to be looked at and
can be identified by the logs.
Kind Regards
Etienne
Network Administrator
Luis Galán wrote:
Hello!
Yes it can authenticate trough mysql server number 2.
But it both mysql server are down, obviously it can't.
Luis
Alan
39 matches
Mail list logo