Using SQL instead of radutmp - WAS Re: Problems with radutmp

Craig Campbell craig at ccraft.ca
Mon Oct 12 16:33:36 CEST 2009


Ok,
    here is what I did (more or less) to use the sql option of freeradius 2.1.6 instead of the radutmp functionality.
This is a 'work in progress', so it is possible I have errors not yet discovered...

I used mysql, since it was already available on my Redhat Linux platform.

If you compiled freeradius, then make certain you had the mysql-devel rpms installed.  If they were not, you will need to install them, then rebuild freeradius from scratch (save your config files).  The 'configure' script looks for these, and if they are missing, critical modules will not be available for sql access. (configure ; make clean ; make ; make install)

1) You need to create the initial radius database as per instructions found here http://wiki.freeradius.org/SQL_HOWTO

2) Files to modify...
  a.. -/usr/local/etc/raddb/radius.config
  Uncomment the line,

   $INCLUDE sql.conf

  b.. -/usr/local/etc/raddb/sql.conf
  Modify the login and password lines to match your database's values (from SQL setup)
   

  c.. - /usr/local/etc/raddb/sites-available/default
  Uncomment sql in the accounting section to store accounting records in the database
  Uncomment sql in the session section to have sql check for Simultaneous-Use


  d.. - /usr/local/etc/raddb/sites-available/inner-tunnel
  Comment out radutmp in session section
  Uncomment sql in session section


  e.. /usr/local/etc/raddb/sql/mysql/admin.sql
  Modify userid and password for radius database to match local parameters.

  f.. /usr/local/etc/raddb/sql/mysql/dialup.conf
  Uncomment the line beginning with "simul_count_query ="


3)  Since I was ONLY interested in current logins, and NOT the accounting records, I added a cron job to DELETE completed sessions from the database.  This should prevent (I hope) database growth.

>From root's crontab,


  */5 * * * *  /usr/bin/mysql -u radius -pSecretPassword  radius -e "delete from radacct where acctstoptime is not NULL ;"



4) A simple command to 'mimic' the radwho functionality ( I used an alias)
  alias radwho='/usr/bin/mysql -u radius -pSecretPassword  radius -e "select username, acctsessionid, nasportid, nasporttype, acctstarttime from radacct where acctstoptime is NULL ;"'

I hope I haven't overlooked anything.....

Good Luck! 
-craig

----- Original Message ----- 
From: "Gerardo Contreras" <gcontreras at netx.com.mx>
To: "Craig Campbell" <craig at ccraft.ca>
Sent: Friday, October 09, 2009 6:21 PM
Subject: Re: Problems with radutmp


> 
> Hi.
> 
> I think I have a very similar scenario to yours.
> 
> I have this NAS server which sends the same NAS port to the radius 
> server every time, so the radutmp always have the last connected user 
> only. I've tried to hack the radutmp module without any success. Main 
> thing I want to do is to use the simultaneous-use feature.
> 
> It'll be great if you can share that hacks with me.
> 
> Cheers
> 
> Craig Campbell wrote:
>> Hi, I actually needed to REMOVE most of the hacks.  It works fairly 
>> well (so far - still testing).
>>
>> Did you just want the radutmp functionality?  If so, I can try to send 
>> you what I did to make it work.. I'm in the Eastern time zone (Toronto 
>> Canada) and just got home.
>>
>> How urgent is your need?
>>
>> Cheers,
>> -craig
>>
>> ----- Original Message ----- From: "Gerardo Contreras" 
>> <gcontreras at netx.com.mx>
>> To: <craig at ccraft.ca>
>> Sent: Friday, October 09, 2009 4:28 PM
>> Subject: Re: Problems with radutmp
>>
>>
>>>
>>> Hi, Craig.
>>>
>>> Found your post where you were asking about this same thing.
>>>
>>> Do you solve it using SQL? If so, did you have to hack still the 
>>> freeradius code, or was more on the SQL side?
>>>
>>> Do you have available the hacks you did to make radutmp working with 
>>> this setup?
>>>
>>> Greetings,
>>>
>>>
>>> Craig Campbell wrote:
>>>> What is the NAS-Port value?  I don't THINK radutmp can handle 
>>>> multiple sessions sharing a port.
>>>>
>>>> -craig
>>>> ----- Original Message ----- From: "Gerardo Contreras" 
>>>> <gcontreras at netx.com.mx>
>>>> To: <freeradius-users at lists.freeradius.org>
>>>> Sent: Friday, October 09, 2009 1:00 PM
>>>> Subject: Problems with radutmp
>>>>
>>>>
>>>>> Hi.
>>>>>
>>>>> I'm having some problems with radutmp.
>>>>>
>>>>> I'm using an Aruba Mobility Controller which has radauth and 
>>>>> radacct configured to this freeradius server. In fact, I've tried 
>>>>> with freeradius both on centOS and ubuntu with same results.
>>>>>
>>>>> When a user logs in, a corresponding entry is added to radutmp, and 
>>>>> indeed, nobody can log in with this user account (if I activate 
>>>>> Simultaneous-use). But if another users logs in, the entry for the 
>>>>> previous user gets deleted from radutmp, and a new one is added for 
>>>>> this new user. Then, a user with the account from the first user 
>>>>> can log in indeed. In other words, only the last logged in user 
>>>>> gets to the radutmp file.
>>>>>
>>>>> On both boxes, using freeradius 2.1.0.
>>>>>
>>>>> Any idea?
>>>>>
>>>>> -- 
>>>>> Gerardo Contreras
>>>>> NetX
>>>>> http://netx.com.mx/
>>>>> T: +52 (614) 2010101 x 121
>>>>> M: +52 (614) 2479727
>>>>> Sin costo: 01800 GO2NETX
>>>>>
>>>>> -
>>>>> List info/subscribe/unsubscribe? See 
>>>>> http://www.freeradius.org/list/users.html
>>>>>
>>>>> __________ Information from ESET Smart Security, version of virus 
>>>>> signature database 4493 (20091009) __________
>>>>>
>>>>> The message was checked by ESET Smart Security.
>>>>>
>>>>> http://www.eset.com
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> __________ Information from ESET Smart Security, version of virus 
>>>> signature database 4493 (20091009) __________
>>>>
>>>> The message was checked by ESET Smart Security.
>>>>
>>>> http://www.eset.com
>>>>
>>>>
>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See 
>>>> http://www.freeradius.org/list/users.html
>>>
>>>
>>> -- 
>>> Gerardo Contreras
>>> NetX
>>> http://netx.com.mx/
>>> T: +52 (614) 2010101 x 121
>>> M: +52 (614) 2479727
>>> Sin costo: 01800 GO2NETX
>>>
>>>
>>> __________ Information from ESET Smart Security, version of virus 
>>> signature database 4494 (20091009) __________
>>>
>>> The message was checked by ESET Smart Security.
>>>
>>> http://www.eset.com
>>>
>>>
>>>
>>
>>
>> __________ Information from ESET Smart Security, version of virus 
>> signature database 4494 (20091009) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
> 
> 
> 
> __________ Information from ESET Smart Security, version of virus signature database 4494 (20091009) __________
> 
> The message was checked by ESET Smart Security.
> 
> http://www.eset.com
> 
> 
>


__________ Information from ESET Smart Security, version of virus signature database 4500 (20091012) __________

The message was checked by ESET Smart Security.

http://www.eset.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20091012/c6e9075d/attachment.html>


More information about the Freeradius-Users mailing list