Dear all<br><br> Here I am shareing my Knowledge. for freeradius users. i have done freeradius-1.1.4 with mysql with cisco VPDN configuration as well as i have configuraed per user base bandwidth configuration and simultanious user login configuration i have sharing my configuration for my freeradius users<br><br>I have cisco router with this configuration<br><br>aaa new-model<br>!<br>!<br>aaa group server radius testing123<br> server-private <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://71.5.250.243/"> 71.5.250.243</a> auth-port 1812 acct-port 1813 key tulipconnect<br> ip radius source-interface FastEthernet0/1<br> deadtime 0<br>!<br>aaa authentication login default local group radius group testing123<br>aaa authentication ppp default group testing123 local <br>aaa authorization exec default local group radius group
testing123<br>aaa authorization network default group testing123 local<br>aaa accounting update periodic 1<br>aaa accounting exec default start-stop group testing123<br>aaa accounting network default start-stop group testing123<br>aaa accounting connection default start-stop group testing123<br>!<br><br>_________________________________________________________ <br><br>My all user databases in mysql and simultanius login also in mysql <br><br>mysql tables :-<br><br>mysql> select * from radcheck;<br>+----+----------+---------------+----+-------+<br>| id | UserName | Attribute | op | Value | <br>+----+----------+---------------+----+-------+<br>| 1 | satish | User-Password | := | tulip |<br>| 2 | priya | User-Password | := | tulip |<br>+----+----------+---------------+----+-------+<br>2 rows in set (0.00 sec)<br><br><br>mysql> select * from
radgroupcheck;;<br>+----+-----------+------------------+----+-------+<br>| id | GroupName | Attribute | op | Value |<br>+----+-----------+------------------+----+-------+<br>| 1 | 64KB | Simultaneous-Use | := | 1 |<br>| 4 | 128KB | Simultaneous-Use | := | 1 |<br>+----+-----------+------------------+----+-------+<br> 2 rows in set (0.00 sec)<br><br><br>mysql> select * from radgroupreply;;<br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+ <br>| id | GroupName | Attribute | op |
Value | prio |<br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+ <br>| 1 | 64KB | Framed-Protocol | = |
PPP | 0 |<br>| 2 | 64KB | Framed-MTU | = |
1400 | 0 |<br>| 3 | 64KB | Service-Type | = |
Framed-User | 0 |<br>| 4 | 128KB | Framed-Protocol | = |
PPP | 0 |<br>| 5 | 128KB | Framed-MTU | = |
1450 | 0 |<br>| 6 | 128KB | Service-Type | = |
Framed-User | 0 |<br>| 7 | 128KB | Cisco-Avpair | = | lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop | 0 | <br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+<br>7 rows in set (0.00
sec)<br><br><br>mysql> select * from usergroup;<br>+----+----------+-----------+<br>| id | UserName | GroupName |<br>+----+----------+-----------+<br>| 1 | satish | 64KB |<br>| 3 | priya | 128KB |<br> +----+----------+-----------+<br>2 rows in set (0.00 sec)<br><br>________________________________________________________<br><br>Simultanious Login configuration ( edit this file /etc/raddb/sql.conf )<br><br> ####################################################################### <br> # Simultaneous Use Checking Queries<br> #######################################################################<br> # simul_count_query - query for the number of current connections<br>
# - If this is not defined, no simultaneouls use checking<br> # - will be performed by this module instance<br> # simul_verify_query - query to return details of current connections for verification<br> # - Leave blank or commented out to disable verification step<br> # -
Note that the returned field order should not be changed.<br> #######################################################################<br><br> # Uncomment simul_count_query to enable simultaneous use checking <br> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"<br> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"<br><br>____________________________________________________________<br><br><br><br>My Sqlcounter.conf file for time limit for user and u cat read more about in freeradius tarball doc directory there is some more help regarding sqlcounter.conf<br><br>edit
file /etc/raddb/sqlcounter.conf<br><br>suse:/etc/raddb # cat sqlcounter.conf<br>sqlcounter noresetcounter {<br> counter-name = Max-All-Session-Time<br> check-name = Max-All-Session<br> sqlmod-inst = sql <br> key = User-Name<br> reset = never<br> query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"<br><br>}<br><br>sqlcounter dailycounter {<br> driver = "rlm_sqlcounter"<br> counter-name =
Daily-Session-Time<br> check-name = Max-Daily-Session<br> sqlmod-inst = sqlcca3<br> key = User-Name<br> reset = daily<br> query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"<br><br>}<br><br>sqlcounter monthlycounter {<br> counter-name = Monthly-Session-Time<br> check-name = Max-Monthly-Session<br> sqlmod-inst =
sqlcca3<br> key = User-Name<br> reset = monthly<br> query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"<br><br>}<br>___________________________________________________________<br><br>/etc/raddbd/client.conf<br><br><br>My client.conf u have to change NAS type when u use Simultanious use with Mysql databases so take care of this configuration <br><br>In my care i have useing other caz my cisco not support it so if u would use NAS type other it will work fine ....enjoy<br><br>client <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://127.0.0.1/"> 127.0.0.1</a> {<br>
secret = testing123<br> shortname = localhost<br>}<br>client <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://71.5.250.199/">71.5.250.199</a> {<br> secret = tulipconnect <br> shortname = test<br> nastype = other <---------- ( care full about it if u want to simultanous user tih mysql ) <br>}<br><br>_________________________________________________________<br><br>/etc/raddb/radius.conf<br><br>My main radius.conf file <br><br>prefix = /usr<br>exec_prefix = ${prefix}<br>sysconfdir = /etc<br>localstatedir = /var <br>sbindir =
${exec_prefix}/sbin<br>logdir = ${localstatedir}/log/radius<br>raddbdir = ${sysconfdir}/raddb<br>radacctdir = ${logdir}/radacct<br>confdir = ${raddbdir}<br>run_dir = ${localstatedir}/run/radiusd<br>log_file = ${logdir}/radius.log<br>libdir = /usr/lib/freeradius<br>pidfile = ${run_dir}/radiusd.pid<br>user = radiusd<br>group = radiusd<br>max_request_time = 30<br>delete_blocked_requests = no <br>cleanup_delay = 5<br>max_requests = 1024<br>bind_address = *<br>port = 0<br>hostname_lookups = no<br>allow_core_dumps = no<br>regular_expressions = yes<br>extended_expressions = yes<br>log_stripped_names = no<br> log_auth = yes<br>log_auth_badpass = yes<br>log_auth_goodpass = no<br>usercollide = no<br>lower_user = no<br>lower_pass = no<br>nospace_user = no<br>nospace_pass = no<br>checkrad = ${sbindir}/checkrad<br>security {<br> max_attributes = 200 <br>
reject_delay = 1<br> status_server = no<br>}<br>proxy_requests = yes<br>$INCLUDE ${confdir}/proxy.conf<br>$INCLUDE ${confdir}/clients.conf<br>snmp = no<br>$INCLUDE ${confdir}/snmp.conf<br>thread pool {<br> start_servers = 5<br> max_servers = 32<br> min_spare_servers = 3<br> max_spare_servers = 10<br> max_requests_per_server = 0 <br>}<br>modules {<br> $INCLUDE ${confdir}/sqlcounter.conf<br><br> pap {<br> encryption_scheme = crypt<br>
}<br> chap {<br> authtype = CHAP<br> }<br> pam {<br> pam_auth = radiusd<br> }<br> unix {<br> cache = no<br> cache_reload = 600<br> radwtmp = ${logdir}/radwtmp<br> }<br> $INCLUDE ${confdir}/eap.conf<br> mschap
{<br> authtype = MS-CHAP<br><br> }<br> ldap {<br> server = "ldap.your.domain"<br> basedn = "o=My Org,c=UA"<br> filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"<br> start_tls = no<br> access_attr = "dialupAccess"<br> dictionary_mapping =
${raddbdir}/ldap.attrmap<br> ldap_connections_number = 5<br> edir_account_policy_check=no<br> timeout = 4<br> timelimit = 3<br> net_timeout = 1<br> }<br> realm IPASS {<br> format = prefix<br> delimiter = "/"
<br> ignore_default = no<br> ignore_null = no<br> }<br> realm suffix {<br> format = suffix<br> delimiter = "@"<br> ignore_default = no<br> ignore_null = no<br> }<br> realm realmpercent {
<br> format = suffix<br> delimiter = "%"<br> ignore_default = no<br> ignore_null = no<br> }<br> realm ntdomain {<br> format = prefix<br> delimiter = "\\"<br> ignore_default = no<br>
ignore_null = no <br> }<br> checkval {<br> item-name = Calling-Station-Id<br> check-name = Calling-Station-Id<br> data-type = string<br> }<br><br> preprocess {<br> huntgroups = ${confdir}/huntgroups<br> hints = ${confdir}/hints <br> with_ascend_hack =
no<br> ascend_channels_per_line = 23<br> with_ntdomain_hack = no<br> with_specialix_jetstream_hack = no<br> with_cisco_vsa_hack = no<br> }<br> files {<br> usersfile = ${confdir}/users<br> acctusersfile = ${confdir}/acct_users <br> preproxy_usersfile =
${confdir}/preproxy_users<br> compat = no<br> }<br> detail {<br> detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d<br> detailperm = 0600<br> }<br> acct_unique {<br> key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br> }<br> $INCLUDE ${confdir}/sql.conf<br><br><br> radutmp
{<br> filename = ${logdir}/radutmp<br> username = %{User-Name}<br> case_sensitive = yes<br> check_with_nas = yes<br> perm = 0600<br> callerid = "yes"<br> }<br> radutmp sradutmp {<br> filename = ${logdir}/sradutmp
<br> perm = 0644<br> callerid = "no"<br> }<br> attr_filter {<br> attrsfile = ${confdir}/attrs<br> }<br> counter daily {<br> filename = ${raddbdir}/db.daily<br> key = User-Name<br> count-attribute = Acct-Session-Time
<br> reset = daily<br> counter-name = Daily-Session-Time<br> check-name = Max-Daily-Session<br> allowed-servicetype = Framed-User<br> cache-size = 5000<br> }<br> always fail {<br> rcode = fail <br> }<br> always reject
{<br> rcode = reject<br> }<br> always ok {<br> rcode = ok<br> simulcount = 0<br> mpp = no<br> }<br> expr {<br> }<br> digest {<br> }<br> exec {<br> wait = yes<br>
input_pairs = request<br> }<br> exec echo {<br> wait = yes<br> program = "/bin/echo %{User-Name}"<br> input_pairs = request<br> output_pairs = reply<br> }<br> ippool main_pool { <br> range-start = <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()"
href="http://192.168.1.1/">192.168.1.1</a><br> range-stop = <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://192.168.3.254/"> 192.168.3.254</a><br> netmask = <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://255.255.255.0/">255.255.255.0</a><br> cache-size = 800<br> session-db = ${raddbdir}/db.ippool<br> ip-index = ${raddbdir}/db.ipindex <br> override =
no<br> maximum-timeout = 0<br> }<br>}<br>instantiate {<br> exec<br> expr<br>}<br>authorize {<br> preprocess<br><br> chap<br> mschap<br> suffix<br> sql<br> noresetcounter<br> dailycounter<br> monthlycounter<br> daily<br>}<br>authenticate {<br> Auth-Type PAP
{<br> pap<br> }<br> Auth-Type CHAP {<br> chap<br> }<br> Auth-Type MS-CHAP {<br> mschap<br> }<br>}<br>preacct {<br> preprocess<br> acct_unique<br> suffix<br> files<br>}<br>accounting {<br> detail<br> daily<br>
unix<br> sql<br> radutmp <br>}<br>session {<br> sql<br>}<br>post-auth {<br>}<br>pre-proxy {<br>}<br>post-proxy {<br> eap<br>}<br><br><b><i>Dennis Skinner <dskinner@bluefrog.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Norman Zhang wrote:<br>> I'm learning how to use freeradius. Does anyone have a working conf that <br>> works for cisco devices?<br><br>Did you try the default one?<br><br>-- <br>Dennis Skinner<br>Systems Administrator<br>BlueFrog Internet<br>http://www.bluefrog.com<br>- <br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br></blockquote><br><BR><BR>$ cat ~/satish/url.txt<br><br>System administrator ( Data Center )<br><br>please visit this
site<br><br>http://linux.tulipit.com <p>
<hr size=1></hr>
Here’s a new way to find what you're looking for - <a href="http://us.rd.yahoo.com/mail/in/yanswers/*http://in.answers.yahoo.com/">Yahoo! Answers</a>