Re: your mail

[A . L . M . Buxey]

Hi,
i dont have any information in session section in radius.log just one
line:
# Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default

debug log.

radiusd -X


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[A . L . M . Buxey]

Hi,

session {
if ({%sql:select findout_cuncurrent_session_for_a_user_result

 ('%{User-Name}','%{NAS-IP-Address}','%{Called-Station-Id}','%{Calling-Station-Id}')}
== Deny) {
update control {
Pool-Name := Exceeded-Concurrent-Session
}
}
}
What is the problem? Do i write sql query  write ? (this query is work
fine in sql.conf )


what does the output in debug mode show? what got used/sent/queried? 


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Mehdi Ravanbakhsh]

i dont have any information in session section in radius.log just one line:


# Executing section session from file
/usr/local/etc/raddb/sites-enabled/default
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default


On Tue, Mar 26, 2013 at 3:47 AM, a.l.m.bu...@lboro.ac.uk wrote:

 Hi,

 session {
 if ({%sql:select findout_cuncurrent_session_for_a_user_result
 
  
 ('%{User-Name}','%{NAS-IP-Address}','%{Called-Station-Id}','%{Calling-Station-Id}')}
 == Deny) {
 update control {
 Pool-Name := Exceeded-Concurrent-Session
 }
 }
 }
 What is the problem? Do i write sql query  write ? (this query is work
 fine in sql.conf )


 what does the output in debug mode show? what got used/sent/queried?


 alan
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[A . L . M . Buxey]

Hi,
Hi all,
 
I want to configure the  free radius to return access-
reject based on the value of a particular column in database .
 
How do i do that ??? please help

probably with a bit of unlang like

if(%{sql:SELECT group FROM `table` where user = %{User-Name}} != 
group_I_want){
reject
}

man unlang and http://wiki.freeradius.org/modules/Rlm_sql

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[alan buxey]

Hi,

http://dpaste.com/833344/

please send error message to the list...ie the plain text, do not use
such web services if you want support (1 - this is email, text
is easy to read just posted, 2 - I receive an email with some random
link in it. do I trust that link? hell no I dont)


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[alan buxey]

Hi,

luckily I still use lynx ;-)

We use a sql base to get the info of the users.

well, thats the problem. you dont.

ensure you call 'sql' in the correct places in the inner-tunnel
virtual server (EAP requests get sent to the inner-tunnel - you probably
only have sql defined in your default virtual server)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Alan Buxey]

Return rlm_module_updated

alan
--
This smartphone uses free WiFi around the world with eduroam, now that's what I 
call smart.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Andrew Precht]

I am too much a newbie to understand what you are suggesting.
Should I replace: return RLM_MODULE_OK with: return RLM_MODULE_UPDATED
in the perl script?

On Tue, Oct 9, 2012 at 11:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
 Return rlm_module_updated

 alan
 --
 This smartphone uses free WiFi around the world with eduroam, now that's
 what I call smart.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Phil Mayers]

On 09/10/12 23:32, Andrew Precht wrote:


to: module = /etc/raddb/sjpl.pl

Also, in the perl file I have uncommented the line: func_authenticate
= authenticate

Next, in /etc/raddb/sites-enabled/default I added perl to the
authenticate {} section.


Your problem is that the script is just wrong.

You're running in the authorize section:


Access-Request packet from host 192.168.251.93 port 50827, id=0,
length=54
 User-Name = 21197904090320
 User-Password = 1533
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
rlm_perl: Added pair User-Name = 21197904090320
rlm_perl: Added pair User-Password = 1533
++[perl] returns ok


...but you're not arranging for yourself to be run in the authenticate 
section:



++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = 21197904090320, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:


...i.e. Auth-Type is unset, so authenticate never runs.

There are many ways to solve this. Here's one:

authorize {
  ...
  perl
  if (ok) {
update control {
  Auth-Type = perl
}
  }
  ...
}
authenticate {
  ...
  Auth-Type perl {
perl
  }
  ...
}

Alternatively you could make your perl script set the Auth-Type item 
in the control list. And so on.


The point is you need to set an Auth-Type, and make your perl script 
handle it.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Phil Mayers]

On 10/10/12 18:30, Andrew Precht wrote:


Found Auth-Type = perl
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group perl {...}
rlm_perl: perl_embed:: module = /etc/raddb/sjpl.pl , func =
authenticate exit status= Undefined subroutine main::get called at
/etc/raddb/sjpl.pl line 92.


Pretty clear - you've got a bug in the perl script. Fix it. You need a 
func_authenticate in your perl script, and it needs to *work*. Fix the 
code on line 92 of the script.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Andrew Precht]

OK. I think I've got the script fixed.
But, I'm now getting: Denied access by RADIUS
Here is my debug:

Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/default
main {
user = radiusd
group = radiusd
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
main {
name = radiusd
prefix = /usr
localstatedir = /var
sbindir = /usr/sbin
logdir = /var/log/radius
run_dir = /var/run/radiusd
libdir = /usr/lib64/freeradius
radacctdir = /var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
pidfile = /var/run/radiusd/radiusd.pid
checkrad = /usr/sbin/checkrad
debug_level = 0
proxy_requests = yes
 log {
stripped_names = no
auth = no
auth_badpass = no
auth_goodpass = no
 }
 security {
max_attributes = 200
reject_delay = 1
status_server = yes
 }
}
radiusd:  Loading Realms and Home Servers 
 proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
 }
 home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
require_message_authenticator = yes
zombie_period = 40
status_check = status-server
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
  coa {
irt = 2
mrt = 16

Re: your mail

[Jeff Smith]

Andrew,

It appears that the problem is in your perl script:

 ++[perl] returns reject
 Failed to authenticate the user.
 Using Post-Auth-Type Reject 

You need to fix your script.  You can run it by hand with perl -d  to
see how it behaves, or insert print statements in it, etc., until it
works the way it should.

Jeff

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Andrew Precht]

Well I'm back...

I have changed the module line in /etc/raddb/modules/perl, from:
module = ${confdir}/example.pl
to: module = /etc/raddb/sjpl.pl

Also, in the perl file I have uncommented the line: func_authenticate
= authenticate

Next, in /etc/raddb/sites-enabled/default I added perl to the
authenticate {} section.



The sjpl.pl file is from the original example.pl file with all code
removed from between the lines:
# Function to handle authenticate, and
# Function to handle detach
Then this code is put in its place:
sub authenticate {

my $logfile = /dev/null;
my $date = `/bin/date`;
chomp $date;
my $url = http://catalog.sjlibrary.org:4500/PATRONAPI/; .
$RAD_REQUEST{'User-Name'} . / . $RAD_REQUEST{'User-Password'} .
/pintest;
my  $output = get($url);



if ($output =~ /RETCOD=0/) {
`echo $date : SUCCESS $RAD_REQUEST{'User-Name'} -
$RAD_REQUEST{'User-Password'}  $logfile`;
$RAD_REPLY{'Reply-Message'} = Success;
return RLM_MODULE_OK;
} else {
`echo $date : FAIL $RAD_REQUEST{'User-Name'} -
$RAD_REQUEST{'User-Password'}  $logfile`;
$RAD_REPLY{'Reply-Message'} = Denied access by RADIUS;
return RLM_MODULE_REJECT;
}
}


However, when I try a test, I get rejected.

Here is my debug output:


[root@sjplradius mlkadmin]# radiusd -X
FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on
Oct  3 2012 at 01:22:51
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/rad_recv:
Access-Request packet from host 192.168.251.93 port 50827, id=0,
length=54
User-Name = 21197904090320
User-Password = 1533
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
rlm_perl: Added pair User-Name = 21197904090320
rlm_perl: Added pair User-Password = 1533
++[perl] returns ok

Re: your mail

[alan buxey]

Hi,

 I've setup a new virtual FR 2.1.12 server on centos6. I have got the
 new server setup per
 the docs at freeradius.org. Radtest locally and NtradPing remotely are 
 working.
 
 Now, I need FR to use a Perl script to authenticate against a proprietary DB.
 I have put in a bit of time researching how to use the Perl module.
 But, as a newbie to FR I can't seem to find any step-by-step
 documentation to use the Perl module.
 Could someone point me to such documentation?

edit the perl module  

$RADDB/modules/perl

ensure that your script is named in the 'module' line
and that its enabled in the required functions...in
this case in authenticate (so uncomment the authenticate line)

then add

'perl' to the authenticate {} section of the virtual server
you are usingthat would likely be sites-enabled/default
or sites-enabled/inner-tunnel  with a default untouched config.


alan, on a friday night with some vin rouge in hand
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Andrew Precht]

Thanks Alan,
I'm off for the weekend, I will give this a try on Tuesday.

On Fri, Oct 5, 2012 at 3:04 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote:
 Hi,

 I've setup a new virtual FR 2.1.12 server on centos6. I have got the
 new server setup per
 the docs at freeradius.org. Radtest locally and NtradPing remotely are 
 working.

 Now, I need FR to use a Perl script to authenticate against a proprietary DB.
 I have put in a bit of time researching how to use the Perl module.
 But, as a newbie to FR I can't seem to find any step-by-step
 documentation to use the Perl module.
 Could someone point me to such documentation?

 edit the perl module

 $RADDB/modules/perl

 ensure that your script is named in the 'module' line
 and that its enabled in the required functions...in
 this case in authenticate (so uncomment the authenticate line)

 then add

 'perl' to the authenticate {} section of the virtual server
 you are usingthat would likely be sites-enabled/default
 or sites-enabled/inner-tunnel  with a default untouched config.


 alan, on a friday night with some vin rouge in hand
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Alan Buxey]

Hi,
Keep getting this error message when running make in my /raddb/certs
directory I reinstalled openssl but to no avail.  Any thoughts?
 
/usr/bin/openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr 
-key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt
-extensions xpserver_ext -extfile xpextensions -config ./server.cnf
 
Using configuration from ./server.cnf
ERROR: loading the config file 'xpextensions'

does the 'xpextensions' file exist in your raddb/certs directory?  does it
have useful permissions?

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Alan Buxey]

hi,

not sure why you are shouting. and i believe you asked this already today. 
patience.

there are several ways to do this..and it depends on what your NAS
requires..and how you want to manage or implement it.

for example, you could just add the MAC address details to the 'users'
file - as per the documentation eg

00aabb3344aa Cleartext-Password := 00aabb3344aa

or you could add the paits username/password to an SQL database if
you want to use SQL - that would give you an easier way to manage
it with a web interface

more docs here:

http://wiki.freeradius.org/Mac-Auth#raddb.2Fauthorized_macs


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Alan Buxey]

Hi,

 After installing Radius. i try to do some exemple.I d'ont know if it is 
 correct because i'm new in it.
 
 I add on Users:
 sonia Auth-Type := Local, User-Password == salut
 Reply-Message = Hello, %u,
 Reply-Message = are you fine, %u

what version?  with anything recent this should work

sonia Cleartext-Password := salut
Reply-Message = Hello, %u,
Reply-Message += are you fine, %u

 p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123
 Sending Access-Request of id 11 to 127.0.0.1 port 1812
 User-Name = sonia
 User-Password = salut
 NAS-IP-Address = 127.0.1.1
 NAS-Port ! = 1812
 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20

..and this is just the client end - for real help, please post the output of 
radiusd -X


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

[dorra aa]

/radiusd.sock
 }
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on command file /usr/local/var/run/radiusd/radiusd.sock
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 58660, id=12, length=57
User-Name = sonia
User-Password = salut
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = sonia, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user.  Authentication may 
fail because of this.
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request: 
Rejecting the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - sonia
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 12 to 127.0.0.1 port 58660
Waking up in 4.9 seconds.
Cleaning up request 0 ID 12 with timestamp +51
Ready to process requests.



 Date: Tue, 4 May 2010 13:57:55 +0100
 From: a.l.m.bu...@lboro.ac.uk
 To: freeradius-users@lists.freeradius.org
 Subject: Re: your mail
 
 Hi,
 
  After installing Radius. i try to do some exemple.I d'ont know if it is 
  correct because i'm new in it.
  
  I add on Users:
  sonia Auth-Type := Local, User-Password == salut
  Reply-Message = Hello, %u,
  Reply-Message = are you fine, %u
 
 what version?  with anything recent this should work
 
 sonia Cleartext-Password := salut
 Reply-Message = Hello, %u,
 Reply-Message += are you fine, %u
 
  p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123
  Sending Access-Request of id 11 to 127.0.0.1 port 1812
  User-Name = sonia
  User-Password = salut
  NAS-IP-Address = 127.0.1.1
  NAS-Port ! = 1812
  rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, 
  length=20
 
 ..and this is just the client end - for real help, please post the output of 
 radiusd -X
 
 
 alan
 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  
_
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
https://signup.live.com/signup.aspx?id=60969-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[John Dennis]

On 05/04/2010 09:20 AM, dorra aa wrote:

sonia Auth-Type := Local, User-Password == salut


Don't set the Auth-Type, that's documented in many places, it's not in 
the example http://deployingradius.com/documents/configuration/pap.html


User-Password == salut

Is also incorrect, the documented attribute to use is Cleartext-Password 
and the documented operator is := not ==

--
John Dennis jden...@redhat.com

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Alan Buxey]

Hi,

as your free support channel I would suggest that you read the errors
that you are having 

 n Sep 28 05:01:23 2009 : Error: Dropping conflicting packet from client
 private-network-2:45456 - ID: 102 due to unfinished request 73062
 ^

a new packet repeating what a current packet is already asking/setting
has been received. the current packet is still being dealt with

 Mon Sep 28 05:01:24 2009 : Error: WARNING: Unresponsive child (id
 2811198352) for request 73046 (in component accounting module rlm_sql)

rlm_sql taking ages to reply/sort things out

 Mon Sep 28 05:01:25 2009 : Info: rlm_sql (sql): There are no DB handles to
 use! skipped 0, tried to connect 0

ta da. thats why SQL is having issues - either the DB is dead or the settings
are wrong...or there are no free handles!

how many handles have you set the MySQL to have?

what are you using the MySQL for and what is the query time or insert time
for the entries you are having problems with?

 Why I am having  this error messages?  Here is my radiusd.conf

busy RADIUS daemon. slow or useless database backend 
infrastructure/configuration.

FreeRADIUS can handle several hundred AAA per second without issues..but you 
put something
in its way that is slow - LDAP lookup, DB query or insert then it doesnt have 
the 
resources to handle incoming AAA requests and you see this error message

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Rakotomandimby Mihamina]

09/28/2009 03:09 PM, Alan Buxey:

FreeRADIUS can handle several hundred AAA per second without issues..but you 
put something
in its way that is slow - LDAP lookup,


kidding troll
LDAP lookup is always fast ;-)
Slowness is only for relational stuff
/


--
  Architecte Informatique chez Blueline/Gulfsat:
   Administration Systeme, Recherche  Developpement
   +261 34 29 155 34
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

[Kamil Semavi]

Hello
At my sql.conf : # number of sql connections to make to server
num_sql_socks = 20

my db is windows based, queries are pretty fast. 

Is there specific configuration that I can check?

Thanks

-Original Message-
From:
freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org
[mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.
org] On Behalf Of Alan Buxey
Sent: Monday, September 28, 2009 3:10 PM
To: FreeRadius users mailing list
Subject: Re: your mail

Hi,

as your free support channel I would suggest that you read the errors
that you are having 

 n Sep 28 05:01:23 2009 : Error: Dropping conflicting packet from client
 private-network-2:45456 - ID: 102 due to unfinished request 73062
 ^

a new packet repeating what a current packet is already asking/setting
has been received. the current packet is still being dealt with

 Mon Sep 28 05:01:24 2009 : Error: WARNING: Unresponsive child (id
 2811198352) for request 73046 (in component accounting module rlm_sql)

rlm_sql taking ages to reply/sort things out

 Mon Sep 28 05:01:25 2009 : Info: rlm_sql (sql): There are no DB handles to
 use! skipped 0, tried to connect 0

ta da. thats why SQL is having issues - either the DB is dead or the
settings
are wrong...or there are no free handles!

how many handles have you set the MySQL to have?

what are you using the MySQL for and what is the query time or insert time
for the entries you are having problems with?

 Why I am having  this error messages?  Here is my radiusd.conf

busy RADIUS daemon. slow or useless database backend
infrastructure/configuration.

FreeRADIUS can handle several hundred AAA per second without issues..but you
put something
in its way that is slow - LDAP lookup, DB query or insert then it doesnt
have the 
resources to handle incoming AAA requests and you see this error message

alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09
17:52:00

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Alan Buxey]

Hi,

 Hello
 At my sql.conf : # number of sql connections to make to server
   num_sql_socks = 20
 
 my db is windows based, queries are pretty fast. 
 
 Is there specific configuration that I can check?

I recall a long time back having a problem when mysql was given that many 
sockets
from FreeRADIUS - set that value to something lower eg 10

you can use several SQL tools to check what the concurrent socket count
usage etc is - but i would suggest this action

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

[Ivan Kalik]

 At my sql.conf : # number of sql connections to make to server
   num_sql_socks = 20

 my db is windows based, queries are pretty fast.

 Is there specific configuration that I can check?

Do a debug of server startup. Can you connect to the database at all? If
not, check connection settings in sql.conf. If they are OK:

- have you built MySQL so it can accept queries from non-local source
(Windows default is only accept localhost queries)?
- is there a firewall blocking packets?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

[Kamil Semavi]

Yes at startup all connections accepts and connects.

My radius is working .users can authenticate.


-Original Message-
From:
freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org
[mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.
org] On Behalf Of Ivan Kalik
Sent: Monday, September 28, 2009 3:44 PM
To: FreeRadius users mailing list
Subject: RE: your mail

 At my sql.conf : # number of sql connections to make to server
   num_sql_socks = 20

 my db is windows based, queries are pretty fast.

 Is there specific configuration that I can check?

Do a debug of server startup. Can you connect to the database at all? If
not, check connection settings in sql.conf. If they are OK:

- have you built MySQL so it can accept queries from non-local source
(Windows default is only accept localhost queries)?
- is there a firewall blocking packets?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09
17:52:00

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: your mail

[Kamil Semavi]

I tried 10 sql socks... ill let you know results


-Original Message-
From:
freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org
[mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.
org] On Behalf Of Ivan Kalik
Sent: Monday, September 28, 2009 3:44 PM
To: FreeRadius users mailing list
Subject: RE: your mail

 At my sql.conf : # number of sql connections to make to server
   num_sql_socks = 20

 my db is windows based, queries are pretty fast.

 Is there specific configuration that I can check?

Do a debug of server startup. Can you connect to the database at all? If
not, check connection settings in sql.conf. If they are OK:

- have you built MySQL so it can accept queries from non-local source
(Windows default is only accept localhost queries)?
- is there a firewall blocking packets?

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09
17:52:00

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Alan Buxey]

Hi,
 Hello,

 Could someone let me know if I can insert a new NAS in the following 
 format

 insert into nas values('','xx.xx.xx.112/29','shortname',)

you can use sucha  netmask to cover a rangebut they'll all
then use the same secret and be identified by the same shortname.

...jyst ensure your netmask etc are correct :-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Irina]

Hello Allan,

Thank you for your reply.


ensure your netmask etc are correct


:-))  I hope so.  I was giving it like this (IP address 
plus slash 29: 10.1.1.112/29)


My trouble was I did not know if I could use 10.1.1.112/29 
as nasname.


Thank you all.

Cheers
Irina
==

Hi,

Hello,

Could someone let me know if I can insert a new NAS in the following 
format


insert into nas values('','xx.xx.xx.112/29','shortname',)


you can use sucha  netmask to cover a rangebut they'll 
all then use the same secret and be identified by the same 
shortname.


...jyst ensure your netmask etc are correct :-)

alan
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html







-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[Alan Buxey]

Hi,

 I use radclient for disconnect users:
 
 Acct-Session-Id={ACTSESSION}\nUser-Name={MYUSERNAME}\nX-Ascend-Session-Svr-
 Key={SESSIONKEY}\nNAS-IP-Address=10.0.5.1 | radclient -x 10.0.5.1:3799
 disconnect 123;

you're telling the NAS about itself (NAS-IP-Address) - perhaps it doesnt like
that bit and the message you are getting is just its way of saying
that something wasnt quite right. ie try

Acct-Session-Id={ACTSESSION}\nUser-Name={MYUSERNAME}\nX-Ascend-Session-Svr-Key={SESSIONKEY}
 | radclient -x 10.0.5.1:3799
disconnect 123;

?


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[A . L . M . Buxey]

Hi,
 unsubscribe

please either re-read the vrey first email you recieved when joining
this list, or simply read the email headers of any email
that comes from this list - both will tell you how to unsubscribe.

any decent email client will understand the list headers and
will enable you to unsubscribe via a simply menu or right-mouse
click on any email to this list.

ohand then theres the helpful footer we've added to
every email JUST in case those 2 methods arent enough...

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: your mail

[A . L . M . Buxey]

Hi,

 I am trying to setup freeradius 1. I have chap authentication working with 
 mysql but pap authentication will not work with mysql. This is what I 
 receive from the nas when someone trys to connect.

radius.conf does not contain the full sql details - eg sql.conf, 
the required SQL backend and your tables entries are all required

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html