Freeradius-Users Digest, Vol 52, Issue 81
Martin Silvero
silvero.martin at gmail.com
Tue Aug 18 16:46:43 CEST 2009
Hello,
I want to know if it would be possible to debug freeradius while running to
a log file,
thanks.
2009/8/18 <freeradius-users-request at lists.freeradius.org>
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: Huntgroups and SQL not being enforced (mikoi)
> 2. Session-Timeout for unlimited? (Rakotomandimby Mihamina)
> 3. Re: Session-Timeout for unlimited? (Stefan Winter)
> 4. NAS IPs (Irina)
> 5. Re: FreeRADIUS Server Version 2.1.6 has been released
> (Alexandr Kovalenko)
> 6. accounting through detail module help (ramesh p)
> 7. Re: accounting through detail module help (Alan Buxey)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 18 Aug 2009 06:12:18 -0700 (PDT)
> From: mikoi <mika.koivisto at logica.com>
> Subject: Re: Huntgroups and SQL not being enforced
> To: freeradius-users at lists.freeradius.org
> Message-ID: <25024576.post at talk.nabble.com>
> Content-Type: text/plain; charset=UTF-8
>
>
> Hi.
> For info, i followed the information in the below link for my Huntgroups,
> but without Auth-Type since it is not recommended.
>
> http://wiki.freeradius.org/SQL_Huntgroup_HOWTO
>
> I still can?t get huntgroups to be enforced properly.
>
> If i add Huntgroup-Name == VPN-Service to the radcheck table, it works for
> my local users (the ones with a Cleartext-Password in Freeradius), but not
> for my proxied users.
>
> Any hints?
>
> /M
> --
> View this message in context:
> http://www.nabble.com/Huntgroups-and-SQL-not-being-enforced-tp25019815p25024576.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 18 Aug 2009 16:36:20 +0300
> From: Rakotomandimby Mihamina <mihamina at gulfsat.mg>
> Subject: Session-Timeout for unlimited?
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <4A8AAE54.3040803 at gulfsat.mg>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Hi,
> (Using freeRadius v2)
> We have prepaid users, where the freeradius server should answer with some
> non null integer Session-Timeout.
>
> We have also postpaid users, where the session should be unlimited.
>
> What is the Session-Timeout value corresponding to "unlimited"?
>
> Thank you.
>
> --
> Architecte Informatique chez Blueline/Gulfsat:
> Administration Systeme, Recherche & Developpement
> +261 34 29 155 34
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 18 Aug 2009 15:46:38 +0200
> From: Stefan Winter <stefan.winter at restena.lu>
> Subject: Re: Session-Timeout for unlimited?
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <4A8AB0BE.8060000 at restena.lu>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi,
>
> > We have prepaid users, where the freeradius server should answer with
> > some
> > non null integer Session-Timeout.
> >
> > We have also postpaid users, where the session should be unlimited.
> >
> > What is the Session-Timeout value corresponding to "unlimited"?
>
> If you don't send Session-Timeout at all, the session will not be timing
> out.
>
> Greetings,
>
> Stefan Winter
>
> --
> Stefan WINTER
> Ingenieur de Recherche
> Fondation RESTENA - R?seau T?l?informatique de l'Education Nationale et de
> la Recherche
> 6, rue Richard Coudenhove-Kalergi
> L-1359 Luxembourg
>
> Tel: +352 424409 1
> Fax: +352 422473
>
>
>
> ------------------------------
>
> Message: 4
> Date: Mon, 17 Aug 2009 10:54:15 -0400
> From: "Irina" <irina at nas.net>
> Subject: NAS IPs
> To: <freeradius-users at lists.freeradius.org>
> Message-ID: <3261AA0525664575BEADE48FB132EEA5 at netaccess1.local>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hello,
>
>
>
> I need to allow a block of 8 IP addresses in 'nasname' column in NAS table.
> Can I use
>
>
>
> xx.xx.xx.112/29
>
>
>
> Thank you for your help in advance
>
>
>
> Kindest Regards,
>
> Irina
>
> ===========================
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090817/1575fabf/attachment.html
> >
>
> ------------------------------
>
> Message: 5
> Date: Tue, 18 Aug 2009 17:08:21 +0300
> From: Alexandr Kovalenko <alexandr.kovalenko at gmail.com>
> Subject: Re: FreeRADIUS Server Version 2.1.6 has been released
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID:
> <1d2641260908180708x56724f6dr432786188595b48f at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Mon, May 18, 2009 at 2:59 PM, Alan DeKok<aland at deployingradius.com>
> wrote:
> > ?The following is the change log. ?Thanks to everyone for testing the
> > pre releases.
> >
> >
> > FreeRADIUS 2.1.6 Mon May 18 10:00:00 CEST 2009; ?, urgency=medium
> > ? ? ? ?Feature improvements
> > ? ? ? ?Bug fixes
> > ? ? ? ?* Make rlm_perl keep tags for tagged attributes in more
> > ? ? ? ? ?situations
>
> Does not work for situation:
>
> --------
> $ radiusd -v | head -1
> radiusd: FreeRADIUS Version 2.1.6, for host i386-portbld-freebsd7.2,
> built on Aug 18 2009 at 12:31:54
>
> $ perl -V
> Summary of my perl5 (revision 5 version 8 subversion 9) configuration:
> Platform:
> osname=freebsd, osvers=7.2-release-p2, archname=i386-freebsd-64int
> uname='freebsd mile.office.tsu 7.2-release-p2 freebsd
> 7.2-release-p2 #0: fri jun 26 10:01:50 eest 2009
> root at mile.office.tsu:usrobjusrsrcsysmile i386 '
> config_args='-sde -Dprefix=/usr/local
> -Darchlib=/usr/local/lib/perl5/5.8.9/mach
> -Dprivlib=/usr/local/lib/perl5/5.8.9
> -Dman3dir=/usr/local/lib/perl5/5.8.9/perl/man/man3
> -Dman1dir=/usr/local/man/man1
> -Dsitearch=/usr/local/lib/perl5/site_perl/5.8.9/mach
> -Dsitelib=/usr/local/lib/perl5/site_perl/5.8.9
> -Dscriptdir=/usr/local/bin
> -Dsiteman3dir=/usr/local/lib/perl5/5.8.9/man/man3
> -Dsiteman1dir=/usr/local/man/man1 -Ui_malloc -Ui_iconv
> -Uinstallusrbinperl -Dcc=cc -Duseshrplib -Dinc_version_list=none
> -Dccflags=-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.9/BSDPAN"
> -Doptimize=-O2 -fno-strict-aliasing -pipe -march=pentium4 -Ud_dosuid
> -Ui_gdbm -Dusethreads=n -Dusemymalloc=y -Duse64bitint'
> hint=recommended, useposix=true, d_sigaction=define
> usethreads=undef use5005threads=undef useithreads=undef
> usemultiplicity=undef
> useperlio=define d_sfio=undef uselargefiles=define usesocks=undef
> use64bitint=define use64bitall=undef uselongdouble=undef
> usemymalloc=y, bincompat5005=undef
> Compiler:
> cc='cc', ccflags
> ='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.9/BSDPAN" -DHAS_FPSETMASK
> -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe
> -I/usr/local/include',
> optimize='-O2 -fno-strict-aliasing -pipe -march=pentium4',
> cppflags='-DAPPLLIB_EXP="/usr/local/lib/perl5/5.8.9/BSDPAN"
> -DHAS_FPSETMASK -DHAS_FLOATINGPOINT_H -fno-strict-aliasing -pipe
> -I/usr/local/include'
> ccversion='', gccversion='4.2.1 20070719 [FreeBSD]', gccosandvers=''
> intsize=4, longsize=4, ptrsize=4, doublesize=8, byteorder=12345678
> d_longlong=define, longlongsize=8, d_longdbl=define, longdblsize=12
> ivtype='long long', ivsize=8, nvtype='double', nvsize=8,
> Off_t='off_t', lseeksize=8
> alignbytes=4, prototype=define
> Linker and Libraries:
> ld='cc', ldflags =' -Wl,-E -L/usr/local/lib'
> libpth=/usr/lib /usr/local/lib
> libs=-lgdbm -lm -lcrypt -lutil
> perllibs=-lm -lcrypt -lutil
> libc=, so=so, useshrplib=true, libperl=libperl.so
> gnulibc_version=''
> Dynamic Linking:
> dlsrc=dl_dlopen.xs, dlext=so, d_dlsymun=undef, ccdlflags='
> -Wl,-R/usr/local/lib/perl5/5.8.9/mach/CORE'
> cccdlflags='-DPIC -fPIC', lddlflags='-shared -L/usr/local/lib'
>
>
> Characteristics of this binary (from libperl):
> Compile-time options: MYMALLOC PERL_MALLOC_WRAP USE_64_BIT_INT
> USE_FAST_STDIO USE_LARGE_FILES USE_PERLIO
> Locally applied patches:
> defined-or
> Built under freebsd
> Compiled at Aug 18 2009 14:56:36
> @INC:
> /usr/local/lib/perl5/5.8.9/BSDPAN
> /usr/local/lib/perl5/site_perl/5.8.9/mach
> /usr/local/lib/perl5/site_perl/5.8.9
> /usr/local/lib/perl5/5.8.9/mach
> /usr/local/lib/perl5/5.8.9
> .
> --------
>
> Following code is used in sub authorize {} in perl module I'm trying to use
> --------
> if (($RAD_REQUEST{'User-Name'} eq 'admin') and
> ($RAD_REQUEST{'User-Password'} eq 'test')) {
> $RAD_REPLY{'ERX-Service-Activate:1'} = "telesys";
> $RAD_REPLY{'ERX-Service-Statistics:1'} = "time-volume";
> $RAD_REPLY{'ERX-Qos-Parameters'}[0] = "internet_tr_value 2097152";
> $RAD_REPLY{'ERX-Qos-Parameters'}[1] = "internet_tr_value_in 2097152";
> $RAD_REPLY{'ERX-Service-Activate:2'} = "deny";
> $RAD_REPLY{'ERX-Qos-Profile-Name'} = "SP_Tele_Internet";
> $RAD_REPLY{'Framed-IP-Address'} = '10.0.112.2';
> $RAD_REPLY{'Framed-IP-Netmask'}= "255.255.255.255";
> $RAD_REPLY{'ERX-Primary-DNS'} = "1.2.3.4";
> $RAD_REPLY{'ERX-Secondary-DNS'} = "1.2.3.5";
> return RLM_MODULE_OK;
> };
> --------
>
> This gives following results:
>
> # radtest admin test 10.3.1.252 12 huawei
> Sending Access-Request of id 70 to 10.3.1.252 port 1812
> User-Name = "admin"
> User-Password = "test"
> NAS-IP-Address = 10.1.2.13
> NAS-Port = 12
> rad_recv: Access-Accept packet from host 10.3.1.252 port 1812, id=70,
> length=188
> ERX-Qos-Parameters = "internet_tr_value 2097152"
> ERX-Qos-Parameters = "internet_tr_value_in 2097152"
> ERX-Service-Activate:0 = "deny"
> ERX-Service-Activate:0 = "telesys"
> ERX-Qos-Profile-Name = "SP_Tele_Internet"
> ERX-Service-Statistics:1 = time-volume
> ERX-Primary-Dns = 1.2.3.4
> ERX-Secondary-Dns = 1.2.3.5
> Framed-IP-Address = 10.0.112.2
> Framed-IP-Netmask = 255.255.255.255
>
>
> --------
> Output from radiusd -X:
>
> rad_recv: Access-Request packet from host 10.3.1.252 port 52845,
> id=70, length=57
> User-Name = "admin"
> User-Password = "test"
> NAS-IP-Address = 10.1.2.13
> NAS-Port = 12
> server radoss {
> +- entering group authorize {...}
> ++[preprocess] returns ok
> ++[control] returns ok
> rlm_perl: $VAR1 = {};
> rlm_perl: defined
> rlm_perl: Added pair User-Name = admin
> rlm_perl: Added pair User-Password = test
> rlm_perl: Added pair NAS-Port = 12
> rlm_perl: Added pair NAS-IP-Address = 10.1.2.13
> rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
> rlm_perl: Added pair ERX-Service-Activate:2 = deny
> rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
> rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value_in 2097152
> rlm_perl: Added pair ERX-Service-Statistics:1 = time-volume
> rlm_perl: Added pair ERX-Secondary-DNS = 1.2.3.5
> rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
> rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
> rlm_perl: Added pair ERX-Service-Activate:1 = telesys
> rlm_perl: Added pair ERX-Primary-DNS = 1.2.3.4
> rlm_perl: Added pair Auth-Type = Perl
> ++[perl] returns ok
> Found Auth-Type = Perl
> +- entering group Perl {...}
> rlm_perl: Added pair User-Name = admin
> rlm_perl: Added pair User-Password = test
> rlm_perl: Added pair NAS-IP-Address = 10.1.2.13
> rlm_perl: Added pair NAS-Port = 12
> rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value 2097152
> rlm_perl: Added pair ERX-Qos-Parameters = internet_tr_value_in 2097152
> rlm_perl: Added pair ERX-Service-Activate = deny
> rlm_perl: Added pair ERX-Service-Activate = telesys
> rlm_perl: Added pair ERX-Qos-Profile-Name = SP_Tele_Internet
> rlm_perl: Added pair ERX-Service-Statistics:1 = time-volume
> rlm_perl: Added pair ERX-Primary-Dns = 1.2.3.4
> rlm_perl: Added pair ERX-Secondary-Dns = 1.2.3.5
> rlm_perl: Added pair Framed-IP-Address = 10.0.112.2
> rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.255
> rlm_perl: Added pair Auth-Type = Perl
> ++[perl] returns ok
> +- entering group post-auth {...}
> ++[exec] returns noop
> } # server radoss
> Sending Access-Accept of id 70 to 10.3.1.252 port 52845
> ERX-Qos-Parameters += "internet_tr_value 2097152"
> ERX-Qos-Parameters += "internet_tr_value_in 2097152"
> ERX-Service-Activate:0 += "deny"
> ERX-Service-Activate:0 += "telesys"
> ERX-Qos-Profile-Name = "SP_Tele_Internet"
> ERX-Service-Statistics:1 = time-volume
> ERX-Primary-Dns = 1.2.3.4
> ERX-Secondary-Dns = 1.2.3.5
> Framed-IP-Address = 10.0.112.2
> Framed-IP-Netmask = 255.255.255.255
> Finished request 0.
> Going to the next request
> Waking up in 4.9 seconds.
> Cleaning up request 0 ID 70 with timestamp +4
> Ready to process requests.
>
> --
> Alexandr Kovalenko
> http://uafug.org.ua/
>
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 18 Aug 2009 19:41:24 +0530
> From: ramesh p <rock786143 at gmail.com>
> Subject: accounting through detail module help
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID:
> <6b6aa6710908180711v61b4c365ve48acd3d440033c4 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi,
>
> At present our radius servers getting traffic of more than 3 million users.
> We have only two radius servers and one mysql server active. The server
> crashing whenever more traffic comes. Due to mysql overload and slow I'm
> planning to use detail module for accounting and then take these details
> and
> parse then put in database using program/script. Does this helps? Is there
> any script already available in freeradius?
> Does palcing one more radius server and using mysql clustering helps?
>
> Please suggest.
>
> Thanks,
> Rams.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090818/bccf1a41/attachment.html
> >
>
> ------------------------------
>
> Message: 7
> Date: Tue, 18 Aug 2009 15:33:09 +0100
> From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>
> Subject: Re: accounting through detail module help
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <20090818143309.GA32113 at lboro.ac.uk>
> Content-Type: text/plain; charset=us-ascii
>
> Hi,
>
> > At present our radius servers getting traffic of more than 3 million
> users.
> > We have only two radius servers and one mysql server active. The server
> > crashing whenever more traffic comes. Due to mysql overload and slow I'm
> > planning to use detail module for accounting and then take these details
> and
> > parse then put in database using program/script. Does this helps? Is
> there
> > any script already available in freeradius?
> > Does palcing one more radius server and using mysql clustering helps?
>
> use the detail module and let FR deal with handling the detail module.
>
> you can speed up the MySQL using eg batter indexing and better storage
> engine
>
> alan
>
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 52, Issue 81
> ************************************************
>
--
--
Silvero Martin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090818/9d61ac9f/attachment.html>
More information about the Freeradius-Users
mailing list