Re: your mail
Hi, i dont have any information in session section in radius.log just one line: # Executing section session from file /usr/local/etc/raddb/sites-enabled/default # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default debug log. radiusd -X alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, session { if ({%sql:select findout_cuncurrent_session_for_a_user_result ('%{User-Name}','%{NAS-IP-Address}','%{Called-Station-Id}','%{Calling-Station-Id}')} == Deny) { update control { Pool-Name := Exceeded-Concurrent-Session } } } What is the problem? Do i write sql query write ? (this query is work fine in sql.conf ) what does the output in debug mode show? what got used/sent/queried? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
i dont have any information in session section in radius.log just one line: # Executing section session from file /usr/local/etc/raddb/sites-enabled/default # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default On Tue, Mar 26, 2013 at 3:47 AM, a.l.m.bu...@lboro.ac.uk wrote: Hi, session { if ({%sql:select findout_cuncurrent_session_for_a_user_result ('%{User-Name}','%{NAS-IP-Address}','%{Called-Station-Id}','%{Calling-Station-Id}')} == Deny) { update control { Pool-Name := Exceeded-Concurrent-Session } } } What is the problem? Do i write sql query write ? (this query is work fine in sql.conf ) what does the output in debug mode show? what got used/sent/queried? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, Hi all, I want to configure the free radius to return access- reject based on the value of a particular column in database . How do i do that ??? please help probably with a bit of unlang like if(%{sql:SELECT group FROM `table` where user = %{User-Name}} != group_I_want){ reject } man unlang and http://wiki.freeradius.org/modules/Rlm_sql alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, http://dpaste.com/833344/ please send error message to the list...ie the plain text, do not use such web services if you want support (1 - this is email, text is easy to read just posted, 2 - I receive an email with some random link in it. do I trust that link? hell no I dont) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, luckily I still use lynx ;-) We use a sql base to get the info of the users. well, thats the problem. you dont. ensure you call 'sql' in the correct places in the inner-tunnel virtual server (EAP requests get sent to the inner-tunnel - you probably only have sql defined in your default virtual server) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Return rlm_module_updated alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
I am too much a newbie to understand what you are suggesting. Should I replace: return RLM_MODULE_OK with: return RLM_MODULE_UPDATED in the perl script? On Tue, Oct 9, 2012 at 11:33 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote: Return rlm_module_updated alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
On 09/10/12 23:32, Andrew Precht wrote: to: module = /etc/raddb/sjpl.pl Also, in the perl file I have uncommented the line: func_authenticate = authenticate Next, in /etc/raddb/sites-enabled/default I added perl to the authenticate {} section. Your problem is that the script is just wrong. You're running in the authorize section: Access-Request packet from host 192.168.251.93 port 50827, id=0, length=54 User-Name = 21197904090320 User-Password = 1533 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} rlm_perl: Added pair User-Name = 21197904090320 rlm_perl: Added pair User-Password = 1533 ++[perl] returns ok ...but you're not arranging for yourself to be run in the authenticate section: ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = 21197904090320, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: ...i.e. Auth-Type is unset, so authenticate never runs. There are many ways to solve this. Here's one: authorize { ... perl if (ok) { update control { Auth-Type = perl } } ... } authenticate { ... Auth-Type perl { perl } ... } Alternatively you could make your perl script set the Auth-Type item in the control list. And so on. The point is you need to set an Auth-Type, and make your perl script handle it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
On 10/10/12 18:30, Andrew Precht wrote: Found Auth-Type = perl # Executing group from file /etc/raddb/sites-enabled/default +- entering group perl {...} rlm_perl: perl_embed:: module = /etc/raddb/sjpl.pl , func = authenticate exit status= Undefined subroutine main::get called at /etc/raddb/sjpl.pl line 92. Pretty clear - you've got a bug in the perl script. Fix it. You need a func_authenticate in your perl script, and it needs to *work*. Fix the code on line 92 of the script. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
OK. I think I've got the script fixed. But, I'm now getting: Denied access by RADIUS Here is my debug: Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/control-socket including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/default main { user = radiusd group = radiusd allow_core_dumps = no } including dictionary file /etc/raddb/dictionary main { name = radiusd prefix = /usr localstatedir = /var sbindir = /usr/sbin logdir = /var/log/radius run_dir = /var/run/radiusd libdir = /usr/lib64/freeradius radacctdir = /var/log/radius/radacct hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = /var/run/radiusd/radiusd.pid checkrad = /usr/sbin/checkrad debug_level = 0 proxy_requests = yes log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: Loading Realms and Home Servers proxy server { retry_delay = 5 retry_count = 3 default_fallback = no dead_time = 120 wake_all_if_all_dead = no } home_server localhost { ipaddr = 127.0.0.1 port = 1812 type = auth secret = testing123 response_window = 20 max_outstanding = 65536 require_message_authenticator = yes zombie_period = 40 status_check = status-server ping_interval = 30 check_interval = 30 num_answers_to_alive = 3 num_pings_to_alive = 3 revive_interval = 120 status_check_timeout = 4 coa { irt = 2 mrt = 16
Re: your mail
Andrew, It appears that the problem is in your perl script: ++[perl] returns reject Failed to authenticate the user. Using Post-Auth-Type Reject You need to fix your script. You can run it by hand with perl -d to see how it behaves, or insert print statements in it, etc., until it works the way it should. Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Well I'm back... I have changed the module line in /etc/raddb/modules/perl, from: module = ${confdir}/example.pl to: module = /etc/raddb/sjpl.pl Also, in the perl file I have uncommented the line: func_authenticate = authenticate Next, in /etc/raddb/sites-enabled/default I added perl to the authenticate {} section. The sjpl.pl file is from the original example.pl file with all code removed from between the lines: # Function to handle authenticate, and # Function to handle detach Then this code is put in its place: sub authenticate { my $logfile = /dev/null; my $date = `/bin/date`; chomp $date; my $url = http://catalog.sjlibrary.org:4500/PATRONAPI/; . $RAD_REQUEST{'User-Name'} . / . $RAD_REQUEST{'User-Password'} . /pintest; my $output = get($url); if ($output =~ /RETCOD=0/) { `echo $date : SUCCESS $RAD_REQUEST{'User-Name'} - $RAD_REQUEST{'User-Password'} $logfile`; $RAD_REPLY{'Reply-Message'} = Success; return RLM_MODULE_OK; } else { `echo $date : FAIL $RAD_REQUEST{'User-Name'} - $RAD_REQUEST{'User-Password'} $logfile`; $RAD_REPLY{'Reply-Message'} = Denied access by RADIUS; return RLM_MODULE_REJECT; } } However, when I try a test, I get rejected. Here is my debug output: [root@sjplradius mlkadmin]# radiusd -X FreeRADIUS Version 2.1.12, for host x86_64-redhat-linux-gnu, built on Oct 3 2012 at 01:22:51 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/rediswho including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/opendirectory including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/redis including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/soh including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/ntlm_auth including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/dynamic_clients including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/replicate including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/rad_recv: Access-Request packet from host 192.168.251.93 port 50827, id=0, length=54 User-Name = 21197904090320 User-Password = 1533 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} rlm_perl: Added pair User-Name = 21197904090320 rlm_perl: Added pair User-Password = 1533 ++[perl] returns ok
Re: your mail
Hi, I've setup a new virtual FR 2.1.12 server on centos6. I have got the new server setup per the docs at freeradius.org. Radtest locally and NtradPing remotely are working. Now, I need FR to use a Perl script to authenticate against a proprietary DB. I have put in a bit of time researching how to use the Perl module. But, as a newbie to FR I can't seem to find any step-by-step documentation to use the Perl module. Could someone point me to such documentation? edit the perl module $RADDB/modules/perl ensure that your script is named in the 'module' line and that its enabled in the required functions...in this case in authenticate (so uncomment the authenticate line) then add 'perl' to the authenticate {} section of the virtual server you are usingthat would likely be sites-enabled/default or sites-enabled/inner-tunnel with a default untouched config. alan, on a friday night with some vin rouge in hand - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Thanks Alan, I'm off for the weekend, I will give this a try on Tuesday. On Fri, Oct 5, 2012 at 3:04 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, I've setup a new virtual FR 2.1.12 server on centos6. I have got the new server setup per the docs at freeradius.org. Radtest locally and NtradPing remotely are working. Now, I need FR to use a Perl script to authenticate against a proprietary DB. I have put in a bit of time researching how to use the Perl module. But, as a newbie to FR I can't seem to find any step-by-step documentation to use the Perl module. Could someone point me to such documentation? edit the perl module $RADDB/modules/perl ensure that your script is named in the 'module' line and that its enabled in the required functions...in this case in authenticate (so uncomment the authenticate line) then add 'perl' to the authenticate {} section of the virtual server you are usingthat would likely be sites-enabled/default or sites-enabled/inner-tunnel with a default untouched config. alan, on a friday night with some vin rouge in hand - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, Keep getting this error message when running make in my /raddb/certs directory I reinstalled openssl but to no avail. Any thoughts? /usr/bin/openssl ca -batch -keyfile ca.key -cert ca.pem -in server.csr -key `grep output_password ca.cnf | sed 's/.*=//;s/^ *//'` -out server.crt -extensions xpserver_ext -extfile xpextensions -config ./server.cnf Using configuration from ./server.cnf ERROR: loading the config file 'xpextensions' does the 'xpextensions' file exist in your raddb/certs directory? does it have useful permissions? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
hi, not sure why you are shouting. and i believe you asked this already today. patience. there are several ways to do this..and it depends on what your NAS requires..and how you want to manage or implement it. for example, you could just add the MAC address details to the 'users' file - as per the documentation eg 00aabb3344aa Cleartext-Password := 00aabb3344aa or you could add the paits username/password to an SQL database if you want to use SQL - that would give you an easier way to manage it with a web interface more docs here: http://wiki.freeradius.org/Mac-Auth#raddb.2Fauthorized_macs alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, After installing Radius. i try to do some exemple.I d'ont know if it is correct because i'm new in it. I add on Users: sonia Auth-Type := Local, User-Password == salut Reply-Message = Hello, %u, Reply-Message = are you fine, %u what version? with anything recent this should work sonia Cleartext-Password := salut Reply-Message = Hello, %u, Reply-Message += are you fine, %u p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123 Sending Access-Request of id 11 to 127.0.0.1 port 1812 User-Name = sonia User-Password = salut NAS-IP-Address = 127.0.1.1 NAS-Port ! = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20 ..and this is just the client end - for real help, please post the output of radiusd -X alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: your mail
/radiusd.sock } } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Listening on command file /usr/local/var/run/radiusd/radiusd.sock Listening on proxy address * port 1814 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 58660, id=12, length=57 User-Name = sonia User-Password = salut NAS-IP-Address = 127.0.1.1 NAS-Port = 1812 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = sonia, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No known good password found for the user. Authentication may fail because of this. ++[pap] returns noop No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - sonia attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 12 to 127.0.0.1 port 58660 Waking up in 4.9 seconds. Cleaning up request 0 ID 12 with timestamp +51 Ready to process requests. Date: Tue, 4 May 2010 13:57:55 +0100 From: a.l.m.bu...@lboro.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: your mail Hi, After installing Radius. i try to do some exemple.I d'ont know if it is correct because i'm new in it. I add on Users: sonia Auth-Type := Local, User-Password == salut Reply-Message = Hello, %u, Reply-Message = are you fine, %u what version? with anything recent this should work sonia Cleartext-Password := salut Reply-Message = Hello, %u, Reply-Message += are you fine, %u p...@pfe-laptop:~$ sudo radtest sonia salut 127.0.0.1:1812 1812 testing123 Sending Access-Request of id 11 to 127.0.0.1 port 1812 User-Name = sonia User-Password = salut NAS-IP-Address = 127.0.1.1 NAS-Port ! = 1812 rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20 ..and this is just the client end - for real help, please post the output of radiusd -X alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. https://signup.live.com/signup.aspx?id=60969- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
On 05/04/2010 09:20 AM, dorra aa wrote: sonia Auth-Type := Local, User-Password == salut Don't set the Auth-Type, that's documented in many places, it's not in the example http://deployingradius.com/documents/configuration/pap.html User-Password == salut Is also incorrect, the documented attribute to use is Cleartext-Password and the documented operator is := not == -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, as your free support channel I would suggest that you read the errors that you are having n Sep 28 05:01:23 2009 : Error: Dropping conflicting packet from client private-network-2:45456 - ID: 102 due to unfinished request 73062 ^ a new packet repeating what a current packet is already asking/setting has been received. the current packet is still being dealt with Mon Sep 28 05:01:24 2009 : Error: WARNING: Unresponsive child (id 2811198352) for request 73046 (in component accounting module rlm_sql) rlm_sql taking ages to reply/sort things out Mon Sep 28 05:01:25 2009 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 ta da. thats why SQL is having issues - either the DB is dead or the settings are wrong...or there are no free handles! how many handles have you set the MySQL to have? what are you using the MySQL for and what is the query time or insert time for the entries you are having problems with? Why I am having this error messages? Here is my radiusd.conf busy RADIUS daemon. slow or useless database backend infrastructure/configuration. FreeRADIUS can handle several hundred AAA per second without issues..but you put something in its way that is slow - LDAP lookup, DB query or insert then it doesnt have the resources to handle incoming AAA requests and you see this error message alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
09/28/2009 03:09 PM, Alan Buxey: FreeRADIUS can handle several hundred AAA per second without issues..but you put something in its way that is slow - LDAP lookup, kidding troll LDAP lookup is always fast ;-) Slowness is only for relational stuff / -- Architecte Informatique chez Blueline/Gulfsat: Administration Systeme, Recherche Developpement +261 34 29 155 34 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: your mail
Hello At my sql.conf : # number of sql connections to make to server num_sql_socks = 20 my db is windows based, queries are pretty fast. Is there specific configuration that I can check? Thanks -Original Message- From: freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org [mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius. org] On Behalf Of Alan Buxey Sent: Monday, September 28, 2009 3:10 PM To: FreeRadius users mailing list Subject: Re: your mail Hi, as your free support channel I would suggest that you read the errors that you are having n Sep 28 05:01:23 2009 : Error: Dropping conflicting packet from client private-network-2:45456 - ID: 102 due to unfinished request 73062 ^ a new packet repeating what a current packet is already asking/setting has been received. the current packet is still being dealt with Mon Sep 28 05:01:24 2009 : Error: WARNING: Unresponsive child (id 2811198352) for request 73046 (in component accounting module rlm_sql) rlm_sql taking ages to reply/sort things out Mon Sep 28 05:01:25 2009 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 ta da. thats why SQL is having issues - either the DB is dead or the settings are wrong...or there are no free handles! how many handles have you set the MySQL to have? what are you using the MySQL for and what is the query time or insert time for the entries you are having problems with? Why I am having this error messages? Here is my radiusd.conf busy RADIUS daemon. slow or useless database backend infrastructure/configuration. FreeRADIUS can handle several hundred AAA per second without issues..but you put something in its way that is slow - LDAP lookup, DB query or insert then it doesnt have the resources to handle incoming AAA requests and you see this error message alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09 17:52:00 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, Hello At my sql.conf : # number of sql connections to make to server num_sql_socks = 20 my db is windows based, queries are pretty fast. Is there specific configuration that I can check? I recall a long time back having a problem when mysql was given that many sockets from FreeRADIUS - set that value to something lower eg 10 you can use several SQL tools to check what the concurrent socket count usage etc is - but i would suggest this action alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: your mail
At my sql.conf : # number of sql connections to make to server num_sql_socks = 20 my db is windows based, queries are pretty fast. Is there specific configuration that I can check? Do a debug of server startup. Can you connect to the database at all? If not, check connection settings in sql.conf. If they are OK: - have you built MySQL so it can accept queries from non-local source (Windows default is only accept localhost queries)? - is there a firewall blocking packets? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: your mail
Yes at startup all connections accepts and connects. My radius is working .users can authenticate. -Original Message- From: freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org [mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius. org] On Behalf Of Ivan Kalik Sent: Monday, September 28, 2009 3:44 PM To: FreeRadius users mailing list Subject: RE: your mail At my sql.conf : # number of sql connections to make to server num_sql_socks = 20 my db is windows based, queries are pretty fast. Is there specific configuration that I can check? Do a debug of server startup. Can you connect to the database at all? If not, check connection settings in sql.conf. If they are OK: - have you built MySQL so it can accept queries from non-local source (Windows default is only accept localhost queries)? - is there a firewall blocking packets? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09 17:52:00 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: your mail
I tried 10 sql socks... ill let you know results -Original Message- From: freeradius-users-bounces+kamil=extendbroadband@lists.freeradius.org [mailto:freeradius-users-bounces+kamil=extendbroadband@lists.freeradius. org] On Behalf Of Ivan Kalik Sent: Monday, September 28, 2009 3:44 PM To: FreeRadius users mailing list Subject: RE: your mail At my sql.conf : # number of sql connections to make to server num_sql_socks = 20 my db is windows based, queries are pretty fast. Is there specific configuration that I can check? Do a debug of server startup. Can you connect to the database at all? If not, check connection settings in sql.conf. If they are OK: - have you built MySQL so it can accept queries from non-local source (Windows default is only accept localhost queries)? - is there a firewall blocking packets? Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.409 / Virus Database: 270.13.113/2399 - Release Date: 09/27/09 17:52:00 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, Hello, Could someone let me know if I can insert a new NAS in the following format insert into nas values('','xx.xx.xx.112/29','shortname',) you can use sucha netmask to cover a rangebut they'll all then use the same secret and be identified by the same shortname. ...jyst ensure your netmask etc are correct :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hello Allan, Thank you for your reply. ensure your netmask etc are correct :-)) I hope so. I was giving it like this (IP address plus slash 29: 10.1.1.112/29) My trouble was I did not know if I could use 10.1.1.112/29 as nasname. Thank you all. Cheers Irina == Hi, Hello, Could someone let me know if I can insert a new NAS in the following format insert into nas values('','xx.xx.xx.112/29','shortname',) you can use sucha netmask to cover a rangebut they'll all then use the same secret and be identified by the same shortname. ...jyst ensure your netmask etc are correct :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, I use radclient for disconnect users: Acct-Session-Id={ACTSESSION}\nUser-Name={MYUSERNAME}\nX-Ascend-Session-Svr- Key={SESSIONKEY}\nNAS-IP-Address=10.0.5.1 | radclient -x 10.0.5.1:3799 disconnect 123; you're telling the NAS about itself (NAS-IP-Address) - perhaps it doesnt like that bit and the message you are getting is just its way of saying that something wasnt quite right. ie try Acct-Session-Id={ACTSESSION}\nUser-Name={MYUSERNAME}\nX-Ascend-Session-Svr-Key={SESSIONKEY} | radclient -x 10.0.5.1:3799 disconnect 123; ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, unsubscribe please either re-read the vrey first email you recieved when joining this list, or simply read the email headers of any email that comes from this list - both will tell you how to unsubscribe. any decent email client will understand the list headers and will enable you to unsubscribe via a simply menu or right-mouse click on any email to this list. ohand then theres the helpful footer we've added to every email JUST in case those 2 methods arent enough... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: your mail
Hi, I am trying to setup freeradius 1. I have chap authentication working with mysql but pap authentication will not work with mysql. This is what I receive from the nas when someone trys to connect. radius.conf does not contain the full sql details - eg sql.conf, the required SQL backend and your tables entries are all required alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html