loading files to oracle
Eyas Sarabi
eyas.sarabi at atheer.net.sa
Thu Nov 10 10:23:08 CET 2005
Hi Alan;
I have dialup connection detail file having the information for each
connected session,a hard disk was corrupted so when the radius tried to
write directly to Oracle database it could because of the HD failure.
Now I have file per each day including all information about the session was
connected each day and want to load it to DB. Is there any tools that can be
Used to write the contents of files to database directly the same way it is
Automated through freeradius.
> -----Original Message-----
> From: freeradius-users-bounces at lists.freeradius.org [mailto:freeradius-> >
> users-bounces at lists.freeradius.org] On Behalf Of freeradius-users-> > > >
> request at lists.freeradius.org
> Sent: Thursday, November 10, 2005 8:40 AM
> To: freeradius-users at lists.freeradius.org
> Subject: Freeradius-Users Digest, Vol 7, Issue 31
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
> Today's Topics:
> 1. Re: FreeBSD anyone? (Alan DeKok)
> 2. Re: Failed attempts log (Alan DeKok)
> 3. Re: Failed attempts log (Nicolas Baradakis)
> 4. Re: JRadius (Raoul Demour)
> 5. Re: Proxy not sending out packets (was Re: Proxying a PEAP
> request to an IAS server) (Dan Newcombe)
> 6. Re: Problem with loading files from free radius (Alan DeKok)
> 7. Re: simultaneous use, checkrad, and MPP attempts (Alan DeKok)
> 8. Re: simultaneous use, checkrad, and MPP attempts (Kevin Bonner)
> 9. authenticate against bytes in and out with sqlcounter
> (Martin Potgieter)
> 10. Problem with loading files from free radius (Eyas Sarabi)
----------------------------------------------------------------------
Message: 1
Date: Wed, 09 Nov 2005 13:00:27 -0500
From: "Alan DeKok" <aland at ox.org>
Subject: Re: FreeBSD anyone?
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20051109180027.7F7FC16CC1 at mail.nitros9.org>
christian meutes <christian.meutes at de.clara.net> wrote:
> Can you point me to the explanation, i cant find it?
http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/man/man5/rlm_sql_log.5?
rev=1.2&content-type=text/x-cvsweb-markup
Alan DeKok.
------------------------------
Message: 2
Date: Wed, 09 Nov 2005 13:01:48 -0500
From: "Alan DeKok" <aland at ox.org>
Subject: Re: Failed attempts log
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20051109180148.A5EE817122 at mail.nitros9.org>
"Thierry Hoferlin" <thierry.hoferlin at staff.cybernet.be> wrote:
> Is there a way to log failed authentification records to SQL ?
Not really, no.
Alan DeKok.
------------------------------
Message: 3
Date: Wed, 9 Nov 2005 19:08:55 +0100
From: Nicolas Baradakis <nbk at sitadelle.com>
Subject: Re: Failed attempts log
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20051109180855.GA18225 at asuka.tech.sitadelle.com>
Content-Type: text/plain; charset=us-ascii
Thierry Hoferlin wrote:
> I've configured a freeradius 1.0.5 with MSSQL authentification.
> It works fine.
>
> Is there a way to log failed authentification records to SQL ?
Please don't post HTML on the list.
Search the archives for detailed instructions, but the general
idea is to use the module "sql" in section "post-auth".
http://freeradius.org/radiusd/doc/Post-Auth-Type
--
Nicolas Baradakis
------------------------------
Message: 4
Date: Wed, 9 Nov 2005 10:12:06 -0800 (PST)
From: Raoul Demour <kongo_007 at yahoo.com>
Subject: Re: JRadius
To: freeradius-users at lists.freeradius.org
Message-ID: <20051109181206.34792.qmail at web53211.mail.yahoo.com>
Content-Type: text/plain; charset=iso-8859-1
Hello
thanks for all the answers!
> Regarding EAP-SIM, JRadius has no specific support
> for it. What is it
> you are trying to do?
What I have understood:
FreeRADIUS is able to authenticate using EAP-SIM. But
you need to set the attributes:
EAP-SIM-Rand1
EAP-SIM-SRES1
EAP-SIM-KC1
EAP-SIM-Rand2
EAP-SIM-SRES2
EAP-SIM-KC2
EAP-SIM-Rand3
EAP-SIM-SRES3
EAP-SIM-KC3
(do you really need to set all the 9 attributes? or
just one rand, one SRES and one Kc is enough?)
I dont have access to GSM network and I dont know Ki
(share secret). But to check if the system is
correctly set up, I would like to give manually the
attributes (on the serveur). (In a way I cheat...). Or
to reproduce the generation of Rand, SRES and Kc
(using my own algorithm) and on the supplicant I
simulate SIM card...
With JRadius it is possible to create object like
Attr_UserPassword (according to the given example of
JRadius). After what, it is used to set the attribut
UserPassord for FreeRADIUS.
So I think it would not be too complicate to create
new attribute like:
Attr_EAP_SIM_Rand, Attr_EAP-SIM-SRES, Attr_EAP-SIM-KC.
In a way, I would like to use JRadius to avoid writing
a module which will set the nine above attributes.
My explanation may be not realy clear because I still
learning how the thing work (for exemple, I suppose
that the algorith to generate Rand, SRES and Kc is
mobil operator specific, but I'm not complitly sure of
the fact)
Raoul
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
------------------------------
Message: 5
Date: Wed, 09 Nov 2005 13:16:12 -0500
From: Dan Newcombe <DanNewcombe at mail.clayton.edu>
Subject: Re: Proxy not sending out packets (was Re: Proxying a PEAP
request to an IAS server)
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <43723CEC.90203 at mail.clayton.edu>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Alan DeKok wrote:
>Dan Newcombe <DanNewcombe at mail.clayton.edu> wrote:
>
>
>>One thing I've noticed is on the non-PEAP packets, the src address of
>>the packet going to the IAS box is 172.28.240.73, whereas on the PEAP
>>packets, it is 127.0.0.1,
>>
>>
>
> That's bad. That's the source of the problem, then.
>
> I have *no* idea why that would be happening. What's so magic about
>PEAP packets?
>
> I'll take a look at the source and see if anything pops out/.
>You're using 1.0.5, right?
>
>
Yes...I'm on 1.0.5. Glad to know I'm not crazy - wonder if my wife
will believe me though :)
Thanks,
-Dan
------------------------------
Message: 6
Date: Wed, 09 Nov 2005 16:04:30 -0500
From: "Alan DeKok" <aland at ox.org>
Subject: Re: Problem with loading files from free radius
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20051109210430.D390B16CC1 at mail.nitros9.org>
Eyas Sarabi <eyas.sarabi at atheer.net.sa> wrote:
> I faced a major problem, My Hard disk was corrupted and the free radius
> wasn't being able to write to database, I still have the files generated
by
> free radius and I want to load them to the database .Is there any tool
that
> can load the generated files to oracle database ?
What files?
Alan DeKok.
------------------------------
Message: 7
Date: Wed, 09 Nov 2005 16:06:06 -0500
From: "Alan DeKok" <aland at ox.org>
Subject: Re: simultaneous use, checkrad, and MPP attempts
To: FreeRadius users mailing list
<freeradius-users at lists.freeradius.org>
Message-ID: <20051109210606.A121B16CC1 at mail.nitros9.org>
Christopher Carver <ccarver at pennswoods.net> wrote:
> The proxy'ing radius servers and NAS's of the other company from whom we
> lease equipment are unavailable to checkrad. By default shouldn't it be
> allowing these people on?
It depends what you want. The current behavior is to disallow
logins, as you found out. It should really be configurable.
> Any idea why this isn't behaving how I expect? Is there a more
> appropriate way I can ensure that users connecting via NAS's and
> proxy'ing radius servers we lease will never be rejected because of
> multiple logins?
No, juest edit the code.
Alan DeKok.
------------------------------
Message: 8
Date: Wed, 9 Nov 2005 16:20:38 -0500
From: Kevin Bonner <keb at pa.net>
Subject: Re: simultaneous use, checkrad, and MPP attempts
To: freeradius-users at lists.freeradius.org
Message-ID: <200511091620.41060.keb at pa.net>
Content-Type: text/plain; charset="iso-8859-1"
On Wednesday 09 November 2005 00:35, Christopher Carver wrote:
> The proxy'ing radius servers and NAS's of the other company from whom we
> lease equipment are unavailable to checkrad. By default shouldn't it be
> allowing these people on? I looked at the code and it seemed as though
> it should. I set the nastype to other in clients.conf for these entries
> and I still see MPP attempts. Finally, I looked at the source of
> checkrad. I modified the line for "other" nastypes to always return 0,
> which should be interpreted as no multiple login. The numbers you see
> to the left are line numbers
Chris,
Look at the code again. In session.c, the rad_check_ts function is what
calls
checkrad. If the nastype is empty or "other", checkrad is _never_ called,
and the function returns 1 (meaning the user is logged in).
We did this simult use bypass by using a nastype called visp, which returns
0
in checkrad. See freeradius bug#166 for a checkrad patch we've been using
here which cleans up the code a bit and makes it easier to add new types.
Any comments/problems can be posted to the bug.
-Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
https://list.xs4all.nl/pipermail/freeradius-users/attachments/20051109/ad52b
4b3/attachment-0001.bin
------------------------------
Message: 9
Date: Thu, 10 Nov 2005 00:28:20 +0200
From: Martin Potgieter <martin at systemadmin.co.za>
Subject: authenticate against bytes in and out with sqlcounter
To: freeradius-users at lists.freeradius.org
Message-ID: <43727804.2000505 at systemadmin.co.za>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
hello,
I am using freeradius 1.0.5 and trying to get to a point where I can
deny access to a user when he has "used" more than a specific amount of
bandwidth in a month (from the 1st to the last day of the month).
rlm_sqlcounter seems to be what I need. I have configured it as I think
it should be but when I go into debug mode the values seem to get
changed at a point.
Here is my sqlcounter.conf file:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
sqlcounter monthlycounter {
counter-name = Max-Bytes
check-name = Max-Bytes
sqlmod-inst = sql
key = User-Name
reset = monthly
Reply-Message = "You have reached your bandwidth cap for
this Month"
query = "SELECT sum(AcctOutputOctets) +
sum(AcctInputOctets) FROM radacct where UserName = '%{%k}'"
}
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
In my radiusd.conf my authorize section is as follows:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
authorize {
preprocess
chap
mschap
suffix
sql
monthlycounter
}
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
When I am in debug mode I get the following:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Thu Nov 10 00:17:41 2005 : Debug: rlm_sql (sql): Reserving sql socket id: 4
Thu Nov 10 00:17:41 2005 : Debug: rlm_sql_mysql: query: SELECT
sum(AcctOutputOctets) + sum(AcctInputOctets) FROM radacct where UserName
= 'surfing at home'
Thu Nov 10 00:17:41 2005 : Debug: rlm_sql (sql): - sql_xlat finished
Thu Nov 10 00:17:41 2005 : Debug: rlm_sql (sql): Released sql socket id: 4
Thu Nov 10 00:17:41 2005 : Debug: radius_xlat: '9628587663'
Thu Nov 10 00:17:41 2005 : Debug: rlm_sqlcounter: (Check item - counter)
is greater than zero
Thu Nov 10 00:17:41 2005 : Debug: rlm_sqlcounter: Authorized user
surfing at home, check_item=-1073741824, counter=2147483647
Thu Nov 10 00:17:41 2005 : Debug: rlm_sqlcounter: Sent Reply-Item for
user surfing at home, Type=Session-Timeout, value=1
Thu Nov 10 00:17:41 2005 : Debug: modsingle[authorize]: returned from
monthlycounter (rlm_sqlcounter) for request 2
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
Why the altered negative number in the check_item? Is the radius_xlat
doing something? Do I need to put in Max-Bytes in one of the dictionary
files? The example in experimental.conf did not mention anything about
adding attributes so I assumed not.
Also the "counter=2147483647" is not the value I have in the database
for that user...
I am missing something here :-)
Thanks for any help
Martin
------------------------------
Message: 10
Date: Thu, 10 Nov 2005 08:24:16 +0300
From: Eyas Sarabi <eyas.sarabi at atheer.net.sa>
Subject: Problem with loading files from free radius
To: freeradius-users at lists.freeradius.org
Message-ID: <0IPQ000CR454EN at dolphin.atheer.net.sa>
Content-Type: text/plain; charset="us-ascii"
Hi All;
I faced a major problem, My Hard disk was corrupted and the free radius
wasn't being able to write to database, I still have the files generated by
free radius and I want to load them to the database .Is there any tool that
can load the generated files to oracle database ?
Regards,
Eyas
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
https://list.xs4all.nl/pipermail/freeradius-users/attachments/20051110/cbc29
384/attachment.html
------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 7, Issue 31
***********************************************
More information about the Freeradius-Users
mailing list