Dear all<br><br> Here I am shareing my Knowledge. for freeradius users. i have done freeradius-1.1.4 with mysql with cisco VPDN configuration as well as i have configuraed per user base bandwidth configuration and simultanious user login configuration i have sharing my configuration for my freeradius users<br><br>I have cisco router with this configuration<br><br>aaa new-model<br>!<br>!<br>aaa group server radius testing123<br> server-private 71.5.250.243 auth-port 1812 acct-port 1813 key tulipconnect<br> ip radius source-interface FastEthernet0/1<br> deadtime 0<br>!<br>aaa authentication login default local group radius group testing123<br>aaa authentication ppp default group testing123 local<br>aaa authorization exec default local group radius group testing123<br>aaa authorization network default group testing123 local<br>aaa accounting update periodic
1<br>aaa accounting exec default start-stop group testing123<br>aaa accounting network default start-stop group testing123<br>aaa accounting connection default start-stop group testing123<br>!<br><br>_________________________________________________________<br><br>My all user databases in mysql and simultanius login also in mysql <br><br>mysql tables :-<br><br>mysql> select * from radcheck;<br>+----+----------+---------------+----+-------+<br>| id | UserName | Attribute | op | Value |<br>+----+----------+---------------+----+-------+<br>| 1 | satish | User-Password | := | tulip |<br>| 2 | priya | User-Password | := | tulip |<br>+----+----------+---------------+----+-------+<br>2 rows in set (0.00 sec)<br><br><br>mysql> select * from radgroupcheck;;<br>+----+-----------+------------------+----+-------+<br>| id | GroupName | Attribute | op | Value
|<br>+----+-----------+------------------+----+-------+<br>| 1 | 64KB | Simultaneous-Use | := | 1 |<br>| 4 | 128KB | Simultaneous-Use | := | 1 |<br>+----+-----------+------------------+----+-------+<br>2 rows in set (0.00 sec)<br><br><br>mysql> select * from radgroupreply;;<br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+<br>| id | GroupName | Attribute | op |
Value | prio |<br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+<br>| 1 | 64KB | Framed-Protocol | = |
PPP | 0 |<br>| 2 | 64KB | Framed-MTU | = |
1400 | 0 |<br>| 3 | 64KB | Service-Type | = |
Framed-User | 0 |<br>| 4 | 128KB | Framed-Protocol | = |
PPP | 0 |<br>| 5 | 128KB | Framed-MTU | = |
1450 | 0 |<br>| 6 | 128KB | Service-Type | = |
Framed-User | 0 |<br>| 7 | 128KB | Cisco-Avpair | = | lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop | 0 |<br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+<br>7 rows in set (0.00
sec)<br><br><br>mysql> select * from usergroup;<br>+----+----------+-----------+<br>| id | UserName | GroupName |<br>+----+----------+-----------+<br>| 1 | satish | 64KB |<br>| 3 | priya | 128KB |<br>+----+----------+-----------+<br>2 rows in set (0.00 sec)<br><br>________________________________________________________<br><br>Simultanious Login configuration ( edit this file /etc/raddb/sql.conf )<br><br> #######################################################################<br> # Simultaneous Use Checking Queries<br> #######################################################################<br> # simul_count_query - query for the number of current connections<br>
# - If this is not defined, no simultaneouls use checking<br> # - will be performed by this module instance<br> # simul_verify_query - query to return details of current connections for verification<br> # - Leave blank or commented out to disable verification step<br> # -
Note that the returned field order should not be changed.<br> #######################################################################<br><br> # Uncomment simul_count_query to enable simultaneous use checking<br> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"<br> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"<br><br>____________________________________________________________<br><br><br><br>My Sqlcounter.conf file for time limit for user and u cat read more about in freeradius tarball doc directory there is some more help regarding sqlcounter.conf<br><br>edit
file /etc/raddb/sqlcounter.conf<br><br>suse:/etc/raddb # cat sqlcounter.conf<br>sqlcounter noresetcounter {<br> counter-name = Max-All-Session-Time<br> check-name = Max-All-Session<br> sqlmod-inst = sql<br> key = User-Name<br> reset = never<br> query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"<br><br>}<br><br>sqlcounter dailycounter {<br> driver = "rlm_sqlcounter"<br> counter-name =
Daily-Session-Time<br> check-name = Max-Daily-Session<br> sqlmod-inst = sqlcca3<br> key = User-Name<br> reset = daily<br> query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"<br><br>}<br><br>sqlcounter monthlycounter {<br> counter-name = Monthly-Session-Time<br> check-name = Max-Monthly-Session<br> sqlmod-inst =
sqlcca3<br> key = User-Name<br> reset = monthly<br> query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"<br><br>}<br>___________________________________________________________<br><br>/etc/raddbd/client.conf<br><br><br>My client.conf u have to change NAS type when u use Simultanious use with Mysql databases so take care of this configuration <br><br>In my care i have useing other caz my cisco not support it so if u would use NAS type other it will work fine ....enjoy<br><br>client 127.0.0.1 {<br> secret =
testing123<br> shortname = localhost<br>}<br>client 71.5.250.199 {<br> secret = tulipconnect<br> shortname = test<br> nastype = other <---------- ( care full about it if u want to simultanous user tih mysql ) <br>}<br><br>_________________________________________________________<br><br>/etc/raddb/radius.conf<br><br>My main radius.conf file <br><br>prefix = /usr<br>exec_prefix = ${prefix}<br>sysconfdir = /etc<br>localstatedir = /var<br>sbindir = ${exec_prefix}/sbin<br>logdir = ${localstatedir}/log/radius<br>raddbdir = ${sysconfdir}/raddb<br>radacctdir = ${logdir}/radacct<br>confdir = ${raddbdir}<br>run_dir =
${localstatedir}/run/radiusd<br>log_file = ${logdir}/radius.log<br>libdir = /usr/lib/freeradius<br>pidfile = ${run_dir}/radiusd.pid<br>user = radiusd<br>group = radiusd<br>max_request_time = 30<br>delete_blocked_requests = no<br>cleanup_delay = 5<br>max_requests = 1024<br>bind_address = *<br>port = 0<br>hostname_lookups = no<br>allow_core_dumps = no<br>regular_expressions = yes<br>extended_expressions = yes<br>log_stripped_names = no<br>log_auth = yes<br>log_auth_badpass = yes<br>log_auth_goodpass = no<br>usercollide = no<br>lower_user = no<br>lower_pass = no<br>nospace_user = no<br>nospace_pass = no<br>checkrad = ${sbindir}/checkrad<br>security {<br> max_attributes = 200<br> reject_delay = 1<br> status_server = no<br>}<br>proxy_requests = yes<br>$INCLUDE ${confdir}/proxy.conf<br>$INCLUDE
${confdir}/clients.conf<br>snmp = no<br>$INCLUDE ${confdir}/snmp.conf<br>thread pool {<br> start_servers = 5<br> max_servers = 32<br> min_spare_servers = 3<br> max_spare_servers = 10<br> max_requests_per_server = 0<br>}<br>modules {<br> $INCLUDE ${confdir}/sqlcounter.conf<br><br> pap {<br> encryption_scheme = crypt<br> }<br> chap {<br> authtype = CHAP<br>
}<br> pam {<br> pam_auth = radiusd<br> }<br> unix {<br> cache = no<br> cache_reload = 600<br> radwtmp = ${logdir}/radwtmp<br> }<br>$INCLUDE ${confdir}/eap.conf<br> mschap {<br> authtype = MS-CHAP<br><br> }<br> ldap
{<br> server = "ldap.your.domain"<br> basedn = "o=My Org,c=UA"<br> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"<br> start_tls = no<br> access_attr = "dialupAccess"<br> dictionary_mapping = ${raddbdir}/ldap.attrmap<br> ldap_connections_number = 5<br>
edir_account_policy_check=no<br> timeout = 4<br> timelimit = 3<br> net_timeout = 1<br> }<br> realm IPASS {<br> format = prefix<br> delimiter = "/"<br> ignore_default = no<br> ignore_null = no<br>
}<br> realm suffix {<br> format = suffix<br> delimiter = "@"<br> ignore_default = no<br> ignore_null = no<br> }<br> realm realmpercent {<br> format = suffix<br> delimiter = "%"<br> ignore_default =
no<br> ignore_null = no<br> }<br> realm ntdomain {<br> format = prefix<br> delimiter = "\\"<br> ignore_default = no<br> ignore_null = no<br> }<br> checkval {<br> item-name =
Calling-Station-Id<br> check-name = Calling-Station-Id<br> data-type = string<br> }<br><br> preprocess {<br> huntgroups = ${confdir}/huntgroups<br> hints = ${confdir}/hints<br> with_ascend_hack = no<br> ascend_channels_per_line = 23<br> with_ntdomain_hack =
no<br> with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br> }<br> files {<br> usersfile = ${confdir}/users<br> acctusersfile = ${confdir}/acct_users<br> preproxy_usersfile = ${confdir}/preproxy_users<br> compat = no<br> }<br> detail
{<br> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d<br> detailperm = 0600<br> }<br> acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br> $INCLUDE ${confdir}/sql.conf<br><br><br> radutmp {<br> filename = ${logdir}/radutmp<br> username =
%{User-Name}<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 0600<br> callerid = "yes"<br> }<br> radutmp sradutmp {<br> filename = ${logdir}/sradutmp<br> perm = 0644<br> callerid = "no"<br>
}<br> attr_filter {<br> attrsfile = ${confdir}/attrs<br> }<br> counter daily {<br> filename = ${raddbdir}/db.daily<br> key = User-Name<br> count-attribute = Acct-Session-Time<br> reset = daily<br> counter-name =
Daily-Session-Time<br> check-name = Max-Daily-Session<br> allowed-servicetype = Framed-User<br> cache-size = 5000<br> }<br> always fail {<br> rcode = fail<br> }<br> always reject {<br> rcode = reject<br> }<br> always ok
{<br> rcode = ok<br> simulcount = 0<br> mpp = no<br> }<br> expr {<br> }<br> digest {<br> }<br> exec {<br> wait = yes<br> input_pairs = request<br> }<br> exec echo
{<br> wait = yes<br> program = "/bin/echo %{User-Name}"<br> input_pairs = request<br> output_pairs = reply<br> }<br> ippool main_pool {<br> range-start = 192.168.1.1<br> range-stop = 192.168.3.254<br> netmask =
255.255.255.0<br> cache-size = 800<br> session-db = ${raddbdir}/db.ippool<br> ip-index = ${raddbdir}/db.ipindex<br> override = no<br> maximum-timeout = 0<br> }<br>}<br>instantiate {<br> exec<br> expr<br>}<br>authorize {<br> preprocess<br><br> chap<br>
mschap<br> suffix<br> sql<br> noresetcounter<br> dailycounter<br> monthlycounter<br> daily<br>}<br>authenticate {<br> Auth-Type PAP {<br> pap<br> }<br> Auth-Type CHAP {<br> chap<br> }<br> Auth-Type MS-CHAP {<br>
mschap<br> }<br>}<br>preacct {<br> preprocess<br> acct_unique<br> suffix<br> files<br>}<br>accounting {<br> detail<br> daily<br> unix<br> sql<br> radutmp<br>}<br>session {<br> sql<br>}<br>post-auth {<br>}<br>pre-proxy {<br>}<br>post-proxy {<br> eap<br>}<br><br><br>_________________________________________________________<br><br><br><br>I will charge for this document and help ....................Kidding...........><))));><br><br><br>contect me if u get more help
regarding freeradius <br><br>Name :- Satish Patel<br>Company:- Tulip It Services ( Data Center ) ( Delhi )<br>Email :- linuxtrap@yahoo.co.in<br>Mobile : - +91-9818875535<br><br><br><br><br><br><br><br><br><br><br><br><br><br><b><i>satish patel <linuxtrap@yahoo.co.in></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Thx dear ...<br> <br> <br> Satish Patel<br><br><b><i>Alexander Serkin <als@cell.ru></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> satish patel wrote:<br>> Thanks dear<br>> <br>> now my cisco-AVPair working with users file but <br>> tell me is it work with mysql tables ? but i have notice when i set <br><br>why not?<br><br>> 64000 then my bandwidth meter give me 500 kbps u r passing is it any
<br>> issue regarding rate-limit ???<br><br>I'm not aware about any rate-limit issues. It may depend on platform and <br>IOS version.<br>You should accurately check which attributes you're giving by the radius <br>running it in debug mode (radiusd -X) or say "debug radius" on cisco box <br>to check the request/accept attributes. If your cisco is in production <br>don't forget to set debug condition on username tested in order to limit <br>debug output to the session being tested.<br><br>-- <br>Sincerely Yours,<br>Alexander<br>- <br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br></blockquote><br><div> </div><hr size="1"> Here’s a new way to find what you're looking for - <a href="http://us.rd.yahoo.com/mail/in/yanswers/*http://in.answers.yahoo.com/">Yahoo! Answers</a> - <br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html</blockquote><br><p>
<hr size=1></hr>
Here’s a new way to find what you're looking for - <a href="http://us.rd.yahoo.com/mail/in/yanswers/*http://in.answers.yahoo.com/">Yahoo! Answers</a>