Freeradius-Users Digest, Vol 46, Issue 102 Why is groupname field blank in radacct
ngwarai zed
makotore at gmail.com
Thu Feb 26 09:29:36 CET 2009
Hallo all,
First of all thanks Kalik for your responses. I checked the link you you
sent but I couldn't get the info I am looking for. Let me expand further on
the problem:-
I have MySQL 5.0.67 and PostgreSQL 8.3.6 and freeRADIUS 2.17 installed on
GNU/Linux Fedora 10 distribution. I have identical radius databases on both
MySQL and PostgreSQL. When I use the PostgreSQL, the groupname field in the
radacct table gets filled in but when I change the database to MySQL, the
groupname filled is blank. I checked the queries in mysql/diaup.conf and
postgresql/dialup.conf and found out that they are the same. Why is it
working with PostgreSQL and not working with MySQL? The groupnames are
defined in radusergroup table.
May you help me on a step by step basis on how to solve this problem.
THank you
2009/2/25 <freeradius-users-request at lists.freeradius.org>
> Send Freeradius-Users mailing list submissions to
> freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: Freeradius-Users Digest, Vol 46, Issue 98 : Why is
> groupnamefield blank in radacct (tnt at kalik.net)
> 2. Re: Error: WARNING: Unresponsive child for request in module
> sqlcomponent accounting (magicboiz)
> 3. Rlm_sqlcounter log problem (Devrim Seral)
> 4. Re: Error: WARNING: Unresponsive child for request in
> modulesqlcomponent accounting (tnt at kalik.net)
> 5. Re: Rlm_sqlcounter log problem (Juan Pablo Botero)
> 6. Re: Freeradius dies with Postgresql error (Alan DeKok)
> 7. Re: FR 2.1.3 and ASSERT FAILED event.c (Alan DeKok)
> 8. Re: Rlm_sqlcounter log problem (tnt at kalik.net)
> 9. Re: Wired 802.1x auth - Getting the IP address of the authed
> machine (Alexander Clouter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 25 Feb 2009 15:21:20 +0100
> From: <tnt at kalik.net>
> Subject: Re: Freeradius-Users Digest, Vol 46, Issue 98 : Why is
> groupnamefield blank in radacct
> To: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> Message-ID: <gS8vCrCQ.1235571680.7009450.tnt at kalik.net>
> Content-Type: text/plain; charset=ISO-8859-2
>
> >I tried editing the dialup.conf and added groupname with a value of
> >'%{SQL-Group}' but still it writes nothing for the groupname in the
> radacct
> >table. Can you help me as to how exactly I have to edit the dialup.conf ?
> >
>
> That is fine, only the attribute is wrong. ASFAIK Class is the only
> attribute that you can custom set during authentication that NAS will
> have to send back in accounting packet.
>
> http://freeradius.org/rfc/rfc2865.html#Class
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 25 Feb 2009 15:40:04 +0100
> From: magicboiz <magicboiz at gmail.com>
> Subject: Re: Error: WARNING: Unresponsive child for request in module
> sqlcomponent accounting
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <200902251540.04783.magicboiz at gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thx Ivan,
>
> and do you know if the accouting registers is lost? or another child
> retries
> the insert into the database?
>
> thx
> Regards
>
>
> On Mi?rcoles 25 Febrero 2009 14:09:44 tnt at kalik.net wrote:
> > >I facing this problem with my Freeradius 2.1.3, and I don't know how to
> > > solve it :(
> > >
> > >My NAS is sending only accounting registers to my freeradius server. My
> > >freeradius server, is configured to store these registers into a MySQL
> > > server. I have configured "max_request_time = 120", in the case of
> MySQL
> > > slow performance, but the problem perssits.
> >
> > No, you don't have a problem with radius server but with sql one.
> > Perhaps you should look into the server that does have a problem (sql)
> > and not the one that doesn't (radius). There is nothing radius server
> > can tell you about why are sql queries running slow.
> >
> > Ivan Kalik
> > Kalik Informatika ISP
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 25 Feb 2009 16:51:46 +0200
> From: Devrim Seral <dseral at gmail.com>
> Subject: Rlm_sqlcounter log problem
> To: freeradius-users at lists.freeradius.org
> Message-ID:
> <416697d80902250651s7ed9e1earb3cd4ca611c27748 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi all,
> I have a little problem with freeradius. And i can't find any solution for
> it..
> We have logged failed login attempt following statement: (Its taken
> from Freeradius Wiki)
> Post-Auth-Type REJECT {
> # Login failed: log to SQL database.
> sql
> }
>
> However when we use rlm_sqlcounter this modle can't handled with above
> statement.
>
> So how its possible to log users that Rejected by rlm_sqlcounter module?
> Regards..
> devrim
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 25 Feb 2009 15:53:36 +0100
> From: <tnt at kalik.net>
> Subject: Re: Error: WARNING: Unresponsive child for request in
> modulesqlcomponent accounting
> To: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> Message-ID: <WfvWLTm6.1235573616.3312510.tnt at kalik.net>
> Content-Type: text/plain; charset=ISO-8859-2
>
> >and do you know if the accouting registers is lost? or another child
> retries
> >the insert into the database?
> >
>
> They usually are - there are no handles to write to the database as the
> whole server gets blocked. I haven't seen tha case where single handle
> would dia and the rest of them would continue working. This is usually
> terminal state of radius-sql server connection problem.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 25 Feb 2009 09:54:35 -0500
> From: Juan Pablo Botero <juanpabloboterolopez at gmail.com>
> Subject: Re: Rlm_sqlcounter log problem
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID:
> <aaa6fffc0902250654t7355ae6bt315ff0cd3f706324 at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> In My case, that it's not necesary, you can comment out that lines; and
> probe with 'freeradius -X'
>
> On Wed, Feb 25, 2009 at 9:51 AM, Devrim Seral <dseral at gmail.com> wrote:
>
> > Hi all,
> > I have a little problem with freeradius. And i can't find any solution
> for
> > it..
> > We have logged failed login attempt following statement: (Its taken
> > from Freeradius Wiki)
> > Post-Auth-Type REJECT {
> > # Login failed: log to SQL database.
> > sql
> > }
> >
> > However when we use rlm_sqlcounter this modle can't handled with above
> > statement.
> >
> > So how its possible to log users that Rejected by rlm_sqlcounter module?
> > Regards..
> > devrim
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
> --
> Juan Pablo Botero
> Administrador de Sistemas inform?ticos
> http://jpill.wordpress.com
> eSSuX: http://slcolombia.org/eSSuX
> Linux Registered user #435293
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/ca3488d3/attachment.html
> >
>
> ------------------------------
>
> Message: 6
> Date: Wed, 25 Feb 2009 15:54:37 +0100
> From: Alan DeKok <aland at deployingradius.com>
> Subject: Re: Freeradius dies with Postgresql error
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <49A55BAD.7020707 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Vegard Svanberg wrote:
> > I'm using Freeradius with a Postgresql backend. Every two or three days,
> > Freeradius dies. These are the last lines from the log file:
> >
> > Tue Feb 24 21:15:31 2009 : Auth: Login OK: [XXXX] (from client YYYY port
> 3 cli ZZZZZZZZ)
> > Tue Feb 24 21:16:34 2009 : Auth: Login OK: [XXXX] (from client YYYY port
> 3 cli ZZZZZZZZ)
> > Tue Feb 24 21:16:48 2009 : Auth: Login OK: [XXXX] (from client YYYY port
> 4 cli ZZZZZZZZ)
> > Tue Feb 24 21:18:32 2009 : Error: rlm_sql_postgresql: PostgreSQL Query
> failed Error:
> > Tue Feb 24 21:18:32 2009 : Auth: Invalid user: [XXXX] (from client YYYY
> port 1509942 cli XX:XX:XX:XX:XX:XX)
> >
> > Then nothing (it's gone and has to be started up again).
>
> Ugh. That's not nice.
>
> > The problem is that this never happens if I run radiusd with -X, so I'm
> > having trouble catching more info.
>
> See doc/bugs in the latest "git" tree (stable) for instructions on
> leaving it running under "gdb". You will also likely need to build the
> server with debugging symbols, too.
>
> > Any clues? This is Freeradius 2.1.0 btw. I've just upgraded to 2.1.3 to
> > see if the problem goes away.
>
> I don't recall anything being changed in the postgres back-end.
>
> Alan DeKok.
>
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 25 Feb 2009 16:04:56 +0100
> From: Alan DeKok <aland at deployingradius.com>
> Subject: Re: FR 2.1.3 and ASSERT FAILED event.c
> To: FreeRadius users mailing list
> <freeradius-users at lists.freeradius.org>
> Message-ID: <49A55E18.1060202 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Chris Howley wrote:
> > I encountered the following problem when the server received an
> Access-Challenge packet
> > from a proxy server. Any help in fixing this problem would be
> appreciated.
>
> See doc/bugs for giving additional information, such as the rest of
> the back trace.
>
> Also, a lot more of the debug log might help.
>
> > Waking up in 0.9 seconds.
> > rad_recv: Access-Challenge packet from host 194.82.174.185 port 1812,
> id=76, length=81
> > Tunnel-Type:0 = VLAN
> > Tunnel-Medium-Type:0 = IEEE-802
> > EAP-Message = 0x010300061920
> > Message-Authenticator = 0x193c8361dc660dd940460f693d6ebf9c
> > State = 0xad8b0646ad881f6aaefeee6ec7165a25
> > Proxy-State = 0x313730
> > +- entering group post-proxy {...}
> > [post_proxy_log] expand:
> /usr/local/var/log/radius/radacct/%Y-%m-%d/post-proxy-detail-%H:00 ->
> /usr/local/var/log/radius/radacct/2009-02-24/post-proxy-detail-16:00
> > [post_proxy_log]
> /usr/local/var/log/radius/radacct/%Y-%m-%d/post-proxy-detail-%H:00 expands
> to /usr/local/var/log/radius/radacct/2009-02-24/post-proxy-detail-16:00
> > [post_proxy_log] expand: %{Packet-Src-IP-Address} - %t ->
> 10.12.80.101 - Tue Feb 24 16:02:50 2009
> > ++[post_proxy_log] returns ok
> > [attr_filter.post-proxy] expand: %{Realm} -> jrs
> > attr_filter: Matched entry DEFAULT at line 103
> > ++[attr_filter.post-proxy] returns updated
> > [eap] No pre-existing handler found
> > ++[eap] returns noop
> > ASSERT FAILED event.c[3593]: fun != NULL
> > Abort (core dumped)
>
> This is a catastrophic error indicating that the server has a request
> it doesn't know how to handle.
>
> The only way that this could happen is:
>
> a) buffer over-run somewhere
> b) source code modifications
>
> The code that receives a proxied response sets "fun", and doesn't do a
> whole lot else before it hits that assertion. If you're seeing this in
> debugging mode (i.e. no threads), then there *very* few things that can
> go wrong here.
>
> Alan DeKok.
>
>
> ------------------------------
>
> Message: 8
> Date: Wed, 25 Feb 2009 16:08:33 +0100
> From: <tnt at kalik.net>
> Subject: Re: Rlm_sqlcounter log problem
> To: "FreeRadius users mailing list"
> <freeradius-users at lists.freeradius.org>
> Message-ID: <gsiPBrW7.1235574513.8411570.tnt at kalik.net>
> Content-Type: text/plain; charset=ISO-8859-2
>
> >I have a little problem with freeradius. And i can't find any solution for
> it..
> >We have logged failed login attempt following statement: (Its taken
> >from Freeradius Wiki)
> > Post-Auth-Type REJECT {
> > # Login failed: log to SQL database.
> > sql
> > }
> >
> >However when we use rlm_sqlcounter this modle can't handled with above
> >statement.
> >
> >So how its possible to log users that Rejected by rlm_sqlcounter module?
>
> man unlang. Test for module return code and then run, for example, perl
> script that will log to the database. You can't do sql inserts and
> updates directly from unlang without source code changes.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> ------------------------------
>
> Message: 9
> Date: Wed, 25 Feb 2009 19:26:13 +0000
> From: Alexander Clouter <alex at digriz.org.uk>
> Subject: Re: Wired 802.1x auth - Getting the IP address of the authed
> machine
> To: freeradius-users at lists.freeradius.org
> Message-ID: <slrngqb6ql.n2j.alex at woodchuck.wormnet.eu>
>
> * Paul Dealy <pdealy at gmail.com> [Wed, 25 Feb 2009 21:42:37 +1100]:
> >
> > I have accounting turned on, but I don't see the authed machines IP on
> > that of the NAS.
> >
> Use DHCP Snooping[1] and then yank the DHCP servers logs. If you want
> them in the SQL table, you should add them afterwards. You need to bear
> in mind that in the medium-long term there will be nothing stopping (or
> invalid) about computers having multiple IP addresses[2]. Expecting a
> venduh (especially Cisco) to give you what you want/need is asking for
> trouble.
>
> We personally yank from our DHCP logs, because of DHCP snooping, we know
> they can be trusted.
>
> Cheers
>
> [1]
> http://www.cisco.com/web/DK/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf
> [2] IPv4 and IPv6 addresses, multiple of the later for workstations is
> an expectation not an edge case. Also there is technically
> nothing stopping a workstation in a single 'session' changing IP
> addresses
>
> --
> Alexander Clouter
> .sigmonster says: Go on, EMOTE! I was RAISED on thought balloons!!
>
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 46, Issue 102
> *************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090226/1e1e8565/attachment.html>
More information about the Freeradius-Users
mailing list