Re: Freeradius-Users Digest, Vol 69, Issue 93

vijay s sheelavantar s_vijay65 at rediffmail.com
Fri Jan 28 05:55:20 CET 2011


Hello Alan,there was some problem with my firewall. I disabled it. and now it is working fine.
Thank you. :)

On Thu, 27 Jan 2011 16:41:20 , freeradius-users-request at lists.freeradius.org wrote
Send Freeradius-Users mailing list submissions to

   freeradius-users at lists.freeradius.org



To subscribe or unsubscribe via the World Wide Web, visit

   http://lists.freeradius.org/mailman/listinfo/freeradius-users

or, via email, send a message with subject or body 'help' to

   freeradius-users-request at lists.freeradius.org



You can reach the person managing the list at

   freeradius-users-owner at lists.freeradius.org



When replying, please edit your Subject line so it is more specific

than "Re: Contents of Freeradius-Users digest..."





Today's Topics:



   1. Re: Python module/program (Terry Simons)

   2. Radius authentication problem. (vijay s sheelavantar)

   3. reset sql counter every 30 minute (piston)

   4. Re: reset sql counter every 30 minute (Bishal Pun)

   5. Re: Radius authentication problem. (Alan Buxey)





----------------------------------------------------------------------



Message: 1

Date: Wed, 26 Jan 2011 15:06:58 -0800

From: Terry Simons <terry.simons at gmail.com>

Subject: Re: Python module/program

To: FreeRadius users mailing list

   <freeradius-users at lists.freeradius.org>

Message-ID:

   <AANLkTi=pjYQ7Uk2QxrHGy4X5z-NRZOrb0NB=uf=cVr9- at mail.gmail.com>

Content-Type: text/plain; charset="iso-8859-1"



Is the python module catching all exceptions?



You need to make sure you don't mask out the KeyboardInterrupt exception...

otherwise, you may prevent Control-C from being passed up the stack.



I'm not sure if that's your issue, but it sounds like it could be.  It's

considered a Python best practice to explicitly catch the exact exceptions

that you know how to handle, and let exceptions that you're not going to

handle directly trickle up.



That is to say that you should never do something like:



try:

    <some code>

except:

   <some code>



because you *will* end up masking things like KeyboardInterrupt.



You should always do something like:



try:

    <some code>

except TheExceptionClass:

    <some code>



HTH,



- Terry



On Wed, Jan 26, 2011 at 2:47 PM, McCann, Brian <bmccann at andmore.com> wrote:



> Hi all.  I've got freeradius working using a python library for auth, but

> something interesting happened when I did.  When I run "radius -X", and

> press  CRTL+C, it no longer exits.  It just returns "Ready to process

> requests.".  The PID doesn't change, so it's not like its exiting and

> restarting.

>

> I looked at http://wiki.freeradius.org/Rlm_perl (yes...I know...perl !=

> python, but as the python page doesn't say much, I'm going on the perl page

> for a starting point) and it doesn't look like the script has to do anything

> to handle exits.  Does anyone know what I'm missing?

>

> Thanks,

> --Brian

>

> -

> List info/subscribe/unsubscribe? See

> http://www.freeradius.org/list/users.html

>

-------------- next part --------------

An HTML attachment was scrubbed...

URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110126/70e696f4/attachment.html>



------------------------------



Message: 2

Date: 27 Jan 2011 02:34:05 -0000

From: "vijay s sheelavantar" <s_vijay65 at rediffmail.com>

Subject: Radius authentication problem.

To: "freeradius-users" <freeradius-users at lists.freeradius.org>

Message-ID: <20110127023405.36957.qmail at f4mail-235-233.rediffmail.com>

Content-Type: text/plain; charset="utf-8"



Hello Friends,I have intalled RADIUS server on one machine which has fedora 10. I have installed freeradius-server-2.1.10 on it(server machine IP 10.150.110.42).

I have one more machine with redhat linux on which i have installed pam_radius-1.3.17(client machine IP 10.150.113.4).

I have done the follwoing configuration at both sides

SERVER SIDE.

users file

"vijay" &nbsp; &nbsp;Auth-Type := Local, Cleartext-Password == "123qwe", NAS-IP-Address == "10.150.113.4"&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; Reply-Message = "Hello, %u"

clients.confclient 127.0.0.1 {secret &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;= testing123shortname &nbsp; &nbsp; &nbsp; = localhostnastype &nbsp; &nbsp; = other}client 10.150.113.4/24 {&nbsp;&nbsp; &nbsp; &nbsp; &nbsp;secret &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;= testing123&nbsp;&nbsp; &nbsp; &nbsp; &nbsp;shortname &nbsp; &nbsp; &nbsp; = private-network-1}&nbsp;client 10.150.110.42/24 {&nbsp;&nbsp; &nbsp; &nbsp; &nbsp;secret &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;= testing123&nbsp;&nbsp; &nbsp; &nbsp; &nbsp;shortname &nbsp; &nbsp; &nbsp; = private-network-1}

I have not changed anything in radiusd.conf.

CLIENT SIDE/etc/pam.d/sshdauth &nbsp; &nbsp; &nbsp; sufficient &nbsp; pam_radius_auth.so

/etc/raddb/server# server[:port] shared_secret &nbsp; &nbsp; &nbsp;timeout (s)127.0.0.1 &nbsp; &nbsp; &nbsp; testing123 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;110.150.110.42 &nbsp; testing123 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;3other-server &nbsp; &nbsp;other-secret &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;3

/etc/ssh/sshd_configUsePAM yes



Above mentioned is my configuration. when i try to connect client with SSH it is not sending a request for authenticating user to RADIUS server. kindly let me know what else configuration i have to do, or if there are any mistakes in my configuration plz help to correcr it.

Thank you.

Regards,

VIJAY S.

-------------- next part --------------

An HTML attachment was scrubbed...

URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110127/1b123166/attachment.html>



------------------------------



Message: 3

Date: Wed, 26 Jan 2011 23:49:38 -0800 (PST)

From: piston <pistonic at yahoo.com>

Subject: reset sql counter every 30 minute

To: Free Radiususersmailinglist

   <freeradius-users at lists.freeradius.org>

Message-ID: <407521.84265.qm at web36803.mail.mud.yahoo.com>

Content-Type: text/plain; charset="us-ascii"



Hi



Is that possible to reset the sql counter every 30 minute?



Basically, i need to get user free access of 20 minutes, after 20 minutes NAS will logout the user.



And the user is allow to login again after 30 minute.



Thanks





      

-------------- next part --------------

An HTML attachment was scrubbed...

URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110126/e3e4e76c/attachment.html>



------------------------------



Message: 4

Date: Thu, 27 Jan 2011 14:32:25 +0545

From: Bishal Pun <bishalpun at gmail.com>

Subject: Re: reset sql counter every 30 minute

To: piston <pistonic at yahoo.com>,   FreeRadius users mailing list

   <freeradius-users at lists.freeradius.org>

Message-ID:

   <AANLkTi=R+pzcHu0ukphxKp32hDQD_5WT_ty84i9hntZE at mail.gmail.com>

Content-Type: text/plain; charset="iso-8859-1"



You can use Session-Timeout attribute in your radreply sql table like:



+-----+-----------+-----------------+----+---------+-------+

| id  | UserName  | Attribute       | op | Value   |

+-----+-----------+-----------------+----+---------+-------+

|  | 257 | test  | Session-Timeout | := | 1800    |

+-----+-----------+-----------------+----+---------+-------+





Regards

Bishal



On Thu, Jan 27, 2011 at 1:34 PM, piston <pistonic at yahoo.com> wrote:



> Hi

>

> Is that possible to reset the sql counter every 30 minute?

>

> Basically, i need to get user free access of 20 minutes, after 20 minutes

> NAS will logout the user.

>

> And the user is allow to login again after 30 minute.

>

> Thanks

>

>

> -

> List info/subscribe/unsubscribe? See

> http://www.freeradius.org/list/users.html

>

-------------- next part --------------

An HTML attachment was scrubbed...

URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110127/b7d26281/attachment.html>



------------------------------



Message: 5

Date: Thu, 27 Jan 2011 09:48:19 +0000

From: Alan Buxey <A.L.M.Buxey at lboro.ac.uk>

Subject: Re: Radius authentication problem.

To: FreeRadius users mailing list

   <freeradius-users at lists.freeradius.org>

Message-ID: <20110127094819.GB17252 at lboro.ac.uk>

Content-Type: text/plain; charset=iso-8859-1



Hi,



>    "vijay" ? ?Auth-Type := Local, Cleartext-Password == "123qwe",

                ^^^^^^^^^^^^ 1           ^^^^^^^^^^^^^ 2





1 is wrong. you dont need it.



2 is wrong, operator should be :=  , not  ==



>    Above mentioned is my configuration. when i try to connect client with SSH

>    it is not sending a request for authenticating user to RADIUS server.



tcpdump, radiusd -X debug etc ?  is the server running?



alan





------------------------------



-

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





End of Freeradius-Users Digest, Vol 69, Issue 93

************************************************

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110128/676ed963/attachment.html>


More information about the Freeradius-Users mailing list