Dear all<br><br>                  Here I am shareing my Knowledge. for freeradius users. i have done freeradius-1.1.4 with mysql with cisco VPDN configuration as well as i have configuraed per user base bandwidth configuration and simultanious user login configuration i have sharing my configuration for my freeradius users<br><br>I have cisco router with this configuration<br><br>aaa new-model<br>!<br>!<br>aaa group server radius testing123<br> server-private <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://71.5.250.243/"> 71.5.250.243</a> auth-port 1812 acct-port 1813 key tulipconnect<br> ip radius source-interface FastEthernet0/1<br> deadtime 0<br>!<br>aaa authentication login default local group radius group testing123<br>aaa authentication ppp default group testing123 local <br>aaa authorization exec default local group radius group
 testing123<br>aaa authorization network default group testing123 local<br>aaa accounting update periodic  1<br>aaa accounting exec default start-stop group testing123<br>aaa accounting network default start-stop group testing123<br>aaa accounting connection default start-stop group testing123<br>!<br><br>_________________________________________________________ <br><br>My all user databases in mysql and simultanius login also in mysql <br><br>mysql tables :-<br><br>mysql> select * from radcheck;<br>+----+----------+---------------+----+-------+<br>| id | UserName | Attribute     | op | Value | <br>+----+----------+---------------+----+-------+<br>|  1 | satish   | User-Password | := | tulip |<br>|  2 | priya    | User-Password | := | tulip |<br>+----+----------+---------------+----+-------+<br>2 rows in set (0.00  sec)<br><br><br>mysql> select * from
 radgroupcheck;;<br>+----+-----------+------------------+----+-------+<br>| id | GroupName | Attribute        | op | Value  |<br>+----+-----------+------------------+----+-------+<br>|  1 | 64KB      | Simultaneous-Use | := | 1     |<br>|  4 | 128KB     | Simultaneous-Use | := | 1     |<br>+----+-----------+------------------+----+-------+<br> 2 rows in set (0.00 sec)<br><br><br>mysql> select * from radgroupreply;;<br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+ <br>| id | GroupName | Attribute       | op |
 Value                                                                                                  | prio |<br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+ <br>|  1 | 64KB      | Framed-Protocol | =  |
 PPP                                                                                                    |    0 |<br>|  2 | 64KB      | Framed-MTU      | =  |
 1400                                                                                                   |    0 |<br>|  3 | 64KB      | Service-Type    | =  | 
 Framed-User                                                                                            |    0 |<br>|  4 | 128KB     | Framed-Protocol | =  |
 PPP                                                                                                    |    0 |<br>|  5 | 128KB     | Framed-MTU      | =  |
 1450                                                                                                   |    0 |<br>|  6 | 128KB     | Service-Type    | =  | 
 Framed-User                                                                                            |    0 |<br>|  7 | 128KB     | Cisco-Avpair    | =  | lcp:interface-config#1=rate-limit output 128000 10000 10000 conform-action continue exceed-action drop |    0 | <br>+----+-----------+-----------------+----+--------------------------------------------------------------------------------------------------------+------+<br>7 rows in set (0.00 
 sec)<br><br><br>mysql> select * from usergroup;<br>+----+----------+-----------+<br>| id | UserName | GroupName |<br>+----+----------+-----------+<br>|  1 | satish   | 64KB      |<br>|  3 | priya    | 128KB     |<br> +----+----------+-----------+<br>2 rows in set (0.00 sec)<br><br>________________________________________________________<br><br>Simultanious Login configuration ( edit this file /etc/raddb/sql.conf )<br><br> ####################################################################### <br>        # Simultaneous Use Checking Queries<br>        #######################################################################<br>        # simul_count_query     - query for the number of current connections<br>       
 #                       - If this is not defined, no simultaneouls use checking<br>        #                       - will be performed by this module instance<br>        # simul_verify_query    - query to return details of current connections for verification<br>        #                       - Leave blank or commented out to disable verification step<br>        #                       -
 Note that the returned field order should not be changed.<br>        #######################################################################<br><br>        # Uncomment simul_count_query to enable simultaneous use checking <br>         simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"<br>        simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"<br><br>____________________________________________________________<br><br><br><br>My Sqlcounter.conf file for time limit for user and u cat read more about in freeradius tarball doc directory there is some more help regarding sqlcounter.conf<br><br>edit 
 file   /etc/raddb/sqlcounter.conf<br><br>suse:/etc/raddb # cat sqlcounter.conf<br>sqlcounter noresetcounter {<br>            counter-name = Max-All-Session-Time<br>            check-name = Max-All-Session<br>            sqlmod-inst = sql <br>            key = User-Name<br>            reset = never<br>            query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}'"<br><br>}<br><br>sqlcounter dailycounter {<br>            driver = "rlm_sqlcounter"<br>            counter-name = 
 Daily-Session-Time<br>            check-name = Max-Daily-Session<br>            sqlmod-inst = sqlcca3<br>            key = User-Name<br>            reset = daily<br>            query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"<br><br>}<br><br>sqlcounter monthlycounter {<br>            counter-name = Monthly-Session-Time<br>            check-name = Max-Monthly-Session<br>             sqlmod-inst = 
 sqlcca3<br>            key = User-Name<br>            reset = monthly<br>            query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"<br><br>}<br>___________________________________________________________<br><br>/etc/raddbd/client.conf<br><br><br>My client.conf  u have to change NAS type when u use Simultanious use with Mysql databases so take care of this configuration <br><br>In my care i have useing other caz my cisco not support it so if u would use NAS type other it will work fine ....enjoy<br><br>client <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://127.0.0.1/"> 127.0.0.1</a> {<br>       
 secret          =  testing123<br>        shortname       = localhost<br>}<br>client <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://71.5.250.199/">71.5.250.199</a> {<br>        secret          = tulipconnect <br>        shortname       = test<br>        nastype         = other  <----------  ( care full about it if u want to simultanous user tih mysql ) <br>}<br><br>_________________________________________________________<br><br>/etc/raddb/radius.conf<br><br>My main radius.conf file <br><br>prefix = /usr<br>exec_prefix = ${prefix}<br>sysconfdir = /etc<br>localstatedir = /var <br>sbindir =
 ${exec_prefix}/sbin<br>logdir = ${localstatedir}/log/radius<br>raddbdir = ${sysconfdir}/raddb<br>radacctdir = ${logdir}/radacct<br>confdir = ${raddbdir}<br>run_dir =  ${localstatedir}/run/radiusd<br>log_file = ${logdir}/radius.log<br>libdir = /usr/lib/freeradius<br>pidfile = ${run_dir}/radiusd.pid<br>user = radiusd<br>group = radiusd<br>max_request_time = 30<br>delete_blocked_requests = no <br>cleanup_delay = 5<br>max_requests = 1024<br>bind_address = *<br>port = 0<br>hostname_lookups = no<br>allow_core_dumps = no<br>regular_expressions     = yes<br>extended_expressions    = yes<br>log_stripped_names = no<br> log_auth = yes<br>log_auth_badpass = yes<br>log_auth_goodpass = no<br>usercollide = no<br>lower_user = no<br>lower_pass = no<br>nospace_user = no<br>nospace_pass = no<br>checkrad = ${sbindir}/checkrad<br>security {<br>        max_attributes = 200 <br>       
 reject_delay = 1<br>        status_server = no<br>}<br>proxy_requests  = yes<br>$INCLUDE  ${confdir}/proxy.conf<br>$INCLUDE   ${confdir}/clients.conf<br>snmp    = no<br>$INCLUDE  ${confdir}/snmp.conf<br>thread pool {<br>        start_servers = 5<br>        max_servers = 32<br>        min_spare_servers = 3<br>        max_spare_servers = 10<br>        max_requests_per_server = 0 <br>}<br>modules {<br>        $INCLUDE ${confdir}/sqlcounter.conf<br><br>        pap {<br>                encryption_scheme = crypt<br>       
 }<br>        chap {<br>                authtype = CHAP<br>         }<br>        pam {<br>                pam_auth = radiusd<br>        }<br>        unix {<br>                cache = no<br>                cache_reload = 600<br>                radwtmp = ${logdir}/radwtmp<br>        }<br> $INCLUDE ${confdir}/eap.conf<br>        mschap
 {<br>                authtype = MS-CHAP<br><br>        }<br>        ldap  {<br>                server = "ldap.your.domain"<br>                basedn = "o=My Org,c=UA"<br>                filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"<br>                start_tls = no<br>                access_attr = "dialupAccess"<br>                dictionary_mapping =
 ${raddbdir}/ldap.attrmap<br>                ldap_connections_number = 5<br>                 edir_account_policy_check=no<br>                timeout = 4<br>                timelimit = 3<br>                net_timeout = 1<br>        }<br>        realm IPASS {<br>                format = prefix<br>                delimiter = "/"
 <br>                ignore_default = no<br>                ignore_null = no<br>         }<br>        realm suffix {<br>                format = suffix<br>                delimiter = "@"<br>                ignore_default = no<br>                ignore_null = no<br>        }<br>        realm realmpercent {
 <br>                format = suffix<br>                delimiter = "%"<br>                ignore_default =  no<br>                ignore_null = no<br>        }<br>        realm ntdomain {<br>                format = prefix<br>                delimiter = "\\"<br>                ignore_default = no<br>               
 ignore_null = no <br>        }<br>        checkval {<br>                item-name =  Calling-Station-Id<br>                check-name = Calling-Station-Id<br>                data-type = string<br>        }<br><br>        preprocess {<br>                huntgroups = ${confdir}/huntgroups<br>                hints = ${confdir}/hints <br>                with_ascend_hack =
 no<br>                ascend_channels_per_line = 23<br>                with_ntdomain_hack =  no<br>                with_specialix_jetstream_hack = no<br>                with_cisco_vsa_hack = no<br>        }<br>        files {<br>                usersfile = ${confdir}/users<br>                acctusersfile = ${confdir}/acct_users <br>                preproxy_usersfile =
 ${confdir}/preproxy_users<br>                compat = no<br>        }<br>        detail  {<br>                detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d<br>                detailperm = 0600<br>        }<br>        acct_unique {<br>                key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"<br>        }<br>        $INCLUDE  ${confdir}/sql.conf<br><br><br>        radutmp
 {<br>                filename = ${logdir}/radutmp<br>                username =  %{User-Name}<br>                case_sensitive = yes<br>                check_with_nas = yes<br>                perm = 0600<br>                callerid = "yes"<br>        }<br>        radutmp sradutmp {<br>                filename = ${logdir}/sradutmp
 <br>                perm = 0644<br>                callerid = "no"<br>         }<br>        attr_filter {<br>                attrsfile = ${confdir}/attrs<br>        }<br>        counter daily {<br>                filename = ${raddbdir}/db.daily<br>                key = User-Name<br>                count-attribute = Acct-Session-Time
 <br>                reset = daily<br>                counter-name =  Daily-Session-Time<br>                check-name = Max-Daily-Session<br>                allowed-servicetype = Framed-User<br>                cache-size = 5000<br>        }<br>        always fail {<br>                rcode = fail <br>        }<br>        always reject
 {<br>                rcode = reject<br>        }<br>        always ok  {<br>                rcode = ok<br>                simulcount = 0<br>                mpp = no<br>        }<br>        expr {<br>        }<br>        digest {<br>        }<br>        exec {<br>                wait = yes<br>
                 input_pairs = request<br>        }<br>        exec echo  {<br>                wait = yes<br>                program = "/bin/echo %{User-Name}"<br>                input_pairs = request<br>                output_pairs = reply<br>        }<br>        ippool main_pool { <br>                range-start = <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()"
 href="http://192.168.1.1/">192.168.1.1</a><br>                range-stop = <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://192.168.3.254/"> 192.168.3.254</a><br>                netmask =  <a rel="nofollow" target="_blank" onclick="return ShowLinkWarning()" href="http://255.255.255.0/">255.255.255.0</a><br>                cache-size = 800<br>                session-db = ${raddbdir}/db.ippool<br>                ip-index = ${raddbdir}/db.ipindex <br>                override =
 no<br>                maximum-timeout = 0<br>        }<br>}<br>instantiate {<br>        exec<br>        expr<br>}<br>authorize {<br>        preprocess<br><br>        chap<br>         mschap<br>        suffix<br>        sql<br>        noresetcounter<br>        dailycounter<br>        monthlycounter<br>        daily<br>}<br>authenticate {<br>        Auth-Type PAP
 {<br>                pap<br>        }<br>         Auth-Type CHAP {<br>                chap<br>        }<br>        Auth-Type MS-CHAP {<br>                 mschap<br>        }<br>}<br>preacct {<br>        preprocess<br>        acct_unique<br>        suffix<br>        files<br>}<br>accounting {<br>        detail<br>        daily<br>       
 unix<br>        sql<br>        radutmp <br>}<br>session {<br>        sql<br>}<br>post-auth {<br>}<br>pre-proxy {<br>}<br>post-proxy {<br>        eap<br>}<br><br><b><i>Dennis Skinner <dskinner@bluefrog.com></i></b> wrote:<blockquote class="replbq" style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Norman Zhang wrote:<br>> I'm learning how to use freeradius. Does anyone have a working conf that <br>> works for cisco devices?<br><br>Did you try the default one?<br><br>-- <br>Dennis Skinner<br>Systems Administrator<br>BlueFrog Internet<br>http://www.bluefrog.com<br>- <br>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br></blockquote><br><BR><BR>$ cat ~/satish/url.txt<br><br>System administrator ( Data Center )<br><br>please visit this
 site<br><br>http://linux.tulipit.com   <p>
        

        
                <hr size=1></hr> 
Here’s a new way to find what you're looking for - <a href="http://us.rd.yahoo.com/mail/in/yanswers/*http://in.answers.yahoo.com/">Yahoo! Answers</a>