Hola:<BR><BR><B><I>freeradius-users-request@lists.freeradius.org</I></B> wrote: <BLOCKQUOTE class=replbq style="PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #1010ff 2px solid">Send Freeradius-Users mailing list submissions to<BR>freeradius-users@lists.freeradius.org<BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR>http://lists.freeradius.org/mailman/listinfo/freeradius-users<BR>or, via email, send a message with subject or body 'help' to<BR>freeradius-users-request@lists.freeradius.org<BR><BR>You can reach the person managing the list at<BR>freeradius-users-owner@lists.freeradius.org<BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of Freeradius-Users digest..."<BR><BR><BR>Today's Topics:<BR><BR>1. Re: web based admin (Peter Nixon)<BR>2. RE: web based admin (Hawkins, Michael)<BR>3. Class attribute in accounting record. (Mark J Elkins)<BR>4. Re: Class attribute in accounting record.<BR>(Michael da Silva
Pereira)<BR>5. Re: Class attribute in accounting record. (tnt@kalik.co.yu)<BR>6. Re: Class attribute in accounting record. (Mark Elkins)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Mon, 29 Oct 2007 15:58:13 +0200<BR>From: Peter Nixon <LISTUSER@PETERNIXON.NET><BR>Subject: Re: web based admin<BR>To: freeradius-users@lists.freeradius.org<BR>Cc: "Hawkins, Michael" <MHAWKINS@TULLETTPREBON.COM><BR>Message-ID: <200710291558.13895.listuser@peternixon.net><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>On Mon 29 Oct 2007, Hawkins, Michael wrote:<BR>> Hi all,<BR>><BR>> I am very familiar with Cisco Secure ACS for AAA of Cisco devices. I am<BR>> considering using FreeRadius at another customer site instead of Cisco<BR>> Secure ACS.<BR>><BR>> Will I still be able to control command execution (authorization) etc<BR>> via FreeRadius? Or would I be restricted to authentication
only?<BR><BR>By using the word "still" it implies that SecureACS can do this also, but as <BR>far as I know, unless something has changed recently, cisco equipment only <BR>supports this feature with TACACS+ and not RADIUS.. Comparing a SecureACS <BR>TACACS+ server with FreeRADIUS is comparing apples and oranges...<BR><BR>FreeRADIUS is generally MUCH more powerfull than SecureACS in its RADIUS <BR>functionality.. FreeRADIUS, doe not however support TACACS+ at present..<BR><BR><BR>-- <BR><BR>Peter Nixon<BR>http://peternixon.net/<BR><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Mon, 29 Oct 2007 10:21:32 -0400<BR>From: "Hawkins, Michael" <MHAWKINS@TULLETTPREBON.COM><BR>Subject: RE: web based admin<BR>To: <FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID:<BR><89FC1CD18AC0884B80C7B5E80A10DC0209FCDEB4@NYEXCHG1.na.ad.tullib.com><BR>Content-Type: text/plain; charset="us-ascii"<BR><BR>Peter,<BR><BR>Yes, I was comparing TACACS+ to RADIUS - my
mistake.<BR><BR>Any recommendations on the most appropriate web front end for FreeRadius<BR>when managing a Cisco network that is pointing at a FreeRadius AAA<BR>server?<BR><BR>Mike Hawkins<BR><BR>Office: 212-208-3888<BR><BR>Mobile: 917-887-3614<BR><BR><BR>-----Original Message-----<BR>From: Peter Nixon [mailto:listuser@peternixon.net] <BR>Sent: Monday, October 29, 2007 9:58 AM<BR>To: freeradius-users@lists.freeradius.org<BR>Cc: Hawkins, Michael<BR>Subject: Re: web based admin<BR><BR>On Mon 29 Oct 2007, Hawkins, Michael wrote:<BR>> Hi all,<BR>><BR>> I am very familiar with Cisco Secure ACS for AAA of Cisco devices. I<BR>am<BR>> considering using FreeRadius at another customer site instead of Cisco<BR>> Secure ACS.<BR>><BR>> Will I still be able to control command execution (authorization) etc<BR>> via FreeRadius? Or would I be restricted to authentication only?<BR><BR>By using the word "still" it implies that SecureACS can do this also,<BR>but as
<BR>far as I know, unless something has changed recently, cisco equipment<BR>only <BR>supports this feature with TACACS+ and not RADIUS.. Comparing a<BR>SecureACS <BR>TACACS+ server with FreeRADIUS is comparing apples and oranges...<BR><BR>FreeRADIUS is generally MUCH more powerfull than SecureACS in its RADIUS<BR><BR>functionality.. FreeRADIUS, doe not however support TACACS+ at present..<BR><BR><BR>-- <BR><BR>Peter Nixon<BR>http://peternixon.net/<BR>---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<BR>The information contained in this email is confidential and may also contain privileged information. Sender does not waive confidentiality or legal privilege. If you are not the intended recipient please notify the sender immediately; you should not retain this message or disclose its content to anyone.<BR>Internet communications are not secure or
error free and the sender does not accept any liability for the content of the email. Although emails are routinely screened for viruses, the sender does not accept responsibility for any damage caused. Replies to this email may be monitored.<BR>---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------<BR><BR>______________________________________________________________________<BR>This email has been scanned by the MessageLabs Email Security System.<BR>For more information please visit http://www.messagelabs.com/email <BR>______________________________________________________________________<BR><BR><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Mon, 29 Oct 2007 16:45:14 +0200<BR>From: Mark J Elkins <MJE@POSIX.CO.ZA><BR>Subject: Class attribute in accounting record.<BR>To: freeradius-users@lists.freeradius.org<BR>Message-ID:
<4725F1FA.6010800@posix.co.za><BR>Content-Type: text/plain; charset=ISO-8859-1<BR><BR>My access provider is setting and sending me the "Class" attribute in an<BR>accounting record...<BR><BR>I use MySQL to store such info in... and I'm using freeradius 1.1.6<BR><BR>in order to Capture the value - I modified all accounting "Insert"<BR>statements to.... (as an example)<BR><BR>accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId,<BR>AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,<BR>AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,<BR>ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,<BR>CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,<BR>FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, Class)<BR>values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',<BR>'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',<BR>'%{NAS-Port-Type}', '%S', '0', '0',
'%{Acct-Authentic}',<BR>'%{Telkom-Access-Type:-!SAIX} %{Connect-Info}', '', '0', '0',<BR>'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',<BR>'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0',<BR>'%{Class}')"<BR><BR>This captures the info fine.... (yes - also changed the MySQL table)<BR><BR>| RadAcctId | AcctSessionId | AcctUniqueId |<BR>UserName | Realm | NASIPAddress |<BR>NASPortId | NASPortType | AcctStartTime | AcctStopTime |<BR>AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop |<BR>AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId<BR>| AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |<BR>AcctStartDelay | AcctStopDelay | Class
|<BR>+-----------+----------------------+------------------+---------------------------------+--------------+--------------+------------+-------------+---------------------+---------------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------+<BR>| 21488415 | 7/0/0/2.157_13B0EB0F | 32161edf2c7a5dec |<BR>xxxxxxxxxxxxxxx@xxxxxxxxxxx | realmname | 1.2.3.4 | 1879179421 |<BR>Virtual | 2007-10-29 16:15:07 | 0000-00-00 00:00:00 | <BR>0 | RADIUS | DSL AutoShapedVC | | <BR>0 | 0 | | <BR>| | Framed-User | PPP | 1.2.4.99 <BR>| 0 | 0 | 0x4e5331 |<BR><BR><BR>... However - I get a Hex String ... 0x4e5331 - where I was expecting "NS1"<BR><BR>Reading the RFC's (with FreeRadius documentation) - this should be a<BR>Char Octets kindof field...<BR><BR>Should the access provider sent
the string in ASCII rather?<BR>Did something in FreeRadius convert the ASCII to Hex?<BR>What can I do to convert this on the fly into ASCII - save a bit of<BR>space in my Database - etc.<BR><BR>Reading the mailing-lists archives - I see that it can contain binary<BR>data - thus the Hex.<BR>Which is "better" - to change the dictionary definition from octet to<BR>string or some sort of mysql function call?<BR>(better ==> less things to remember/patch between updates)<BR>The access provider states that the info provided will always be ascii<BR>(or translate to ascii - if decoded).<BR><BR>-- <BR>. . ___. .__ Posix Systems - Sth Africa<BR>/| /| / /__ mje@posix.co.za - Mark J Elkins, SCO ACE, Cisco CCIE<BR>/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496<BR><BR><BR><BR>------------------------------<BR><BR>Message: 4<BR>Date: Mon, 29 Oct 2007 16:52:41 +0200<BR>From: Michael da Silva Pereira <MICHAEL@TRADEPAGE.CO.ZA><BR>Subject: Re: Class attribute in
accounting record.<BR>To: FreeRadius users mailing list<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: 1ImVyq-00038W-15<BR>Content-Type: text/plain<BR><BR>Hi Mark,<BR><BR>The provider is obviously SAIX (ZA based ISP),<BR><BR>Looks like SAIX are sending it through as ASCII text, on my side?<BR><BR>Tue Sep 18 14:25:53 2007<BR>Acct-Session-Id = "7/0/2/20.557_30429449"<BR>Framed-Protocol = PPP<BR>Framed-IP-Address = 41.242.121.175<BR>User-Name = "XXXXXXX@dsl512.tradepage.co.za"<BR>X-Ascend-Connect-Progress = 60<BR>Acct-Authentic = RADIUS<BR>Acct-Status-Type = Start<BR>NAS-Port-Type = Virtual<BR>NAS-Port = 1913913901<BR>NAS-Port-Id = "7/0/2/20.557"<BR>Connect-Info = "AutoShapedVC"<BR>Class = "NS1"<BR>Service-Type = Framed-User<BR>NAS-IP-Address = 196.43.27.23<BR><BR>Check you /share/freeradius/dictionary file and check what you have for<BR>the Class Attribute.<BR><BR>I have the following:<BR>dictionary:ATTRIBUTE Class 25 string<BR><BR>Kind Regards,<BR>Michael da
Silva Pereira<BR>Tradepage ;)<BR><BR><BR>-----Original Message-----<BR>From: Mark J Elkins <MJE@POSIX.CO.ZA><BR>Reply-To: FreeRadius users mailing list<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>To: freeradius-users@lists.freeradius.org<BR>Subject: Class attribute in accounting record.<BR>Date: Mon, 29 Oct 2007 16:45:14 +0200<BR><BR>My access provider is setting and sending me the "Class" attribute in an<BR>accounting record...<BR><BR>I use MySQL to store such info in... and I'm using freeradius 1.1.6<BR><BR>in order to Capture the value - I modified all accounting "Insert"<BR>statements to.... (as an example)<BR><BR>accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId,<BR>AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,<BR>AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,<BR>ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,<BR>CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType,<BR>FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, Class)<BR>values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',<BR>'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',<BR>'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}',<BR>'%{Telkom-Access-Type:-!SAIX} %{Connect-Info}', '', '0', '0',<BR>'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',<BR>'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0',<BR>'%{Class}')"<BR><BR>This captures the info fine.... (yes - also changed the MySQL table)<BR><BR>| RadAcctId | AcctSessionId | AcctUniqueId |<BR>UserName | Realm | NASIPAddress |<BR>NASPortId | NASPortType | AcctStartTime | AcctStopTime |<BR>AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop |<BR>AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId<BR>| AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |<BR>AcctStartDelay |
AcctStopDelay | Class |<BR>+-----------+----------------------+------------------+---------------------------------+--------------+--------------+------------+-------------+---------------------+---------------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------+<BR>| 21488415 | 7/0/0/2.157_13B0EB0F | 32161edf2c7a5dec |<BR>xxxxxxxxxxxxxxx@xxxxxxxxxxx | realmname | 1.2.3.4 | 1879179421 |<BR>Virtual | 2007-10-29 16:15:07 | 0000-00-00 00:00:00 | <BR>0 | RADIUS | DSL AutoShapedVC | | <BR>0 | 0 | | <BR>| | Framed-User | PPP | 1.2.4.99 <BR>| 0 | 0 | 0x4e5331 |<BR><BR><BR>... However - I get a Hex String ... 0x4e5331 - where I was expecting "NS1"<BR><BR>Reading the RFC's (with FreeRadius documentation) - this should be a<BR>Char Octets kindof field...<BR><BR>Should the
access provider sent the string in ASCII rather?<BR>Did something in FreeRadius convert the ASCII to Hex?<BR>What can I do to convert this on the fly into ASCII - save a bit of<BR>space in my Database - etc.<BR><BR>Reading the mailing-lists archives - I see that it can contain binary<BR>data - thus the Hex.<BR>Which is "better" - to change the dictionary definition from octet to<BR>string or some sort of mysql function call?<BR>(better ==> less things to remember/patch between updates)<BR>The access provider states that the info provided will always be ascii<BR>(or translate to ascii - if decoded).<BR><BR><BR>This email and all its contents are subject to the following disclaimer:<BR><BR>"http://www.tradepage.net/disclaimer.aspx"<BR><BR><BR>------------------------------<BR><BR>Message: 5<BR>Date: Mon, 29 Oct 2007 16:20:15 +0100<BR>From: <TNT@KALIK.CO.YU><BR>Subject: Re: Class attribute in accounting record.<BR>To: "FreeRadius users mailing
list"<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: <LM6GWAAJ.1193671215.0623950.TNT@KALIK.CO.YU><BR>Content-Type: text/plain; charset=ISO-8859-2<BR><BR>You can use CHAR() in the sql statement if you recieving Class attribute<BR>ASCII encoded.<BR><BR>Ivan Kalik<BR>Kalik Informatika ISP<BR><BR><BR>Dana 29/10/2007, "Mark J Elkins" <MJE@POSIX.CO.ZA>pi?e:<BR><BR>>My access provider is setting and sending me the "Class" attribute in an<BR>>accounting record...<BR>><BR>>I use MySQL to store such info in... and I'm using freeradius 1.1.6<BR>><BR>>in order to Capture the value - I modified all accounting "Insert"<BR>>statements to.... (as an example)<BR>><BR>>accounting_start_query = "INSERT into ${acct_table1} (AcctSessionId,<BR>>AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,<BR>>AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,<BR>>ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets,<BR>>CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,<BR>>FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay, Class)<BR>>values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',<BR>>'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',<BR>>'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}',<BR>>'%{Telkom-Access-Type:-!SAIX} %{Connect-Info}', '', '0', '0',<BR>>'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',<BR>>'%{Framed-Protocol}', '%{Framed-IP-Address}', '%{Acct-Delay-Time}', '0',<BR>>'%{Class}')"<BR>><BR>>This captures the info fine.... (yes - also changed the MySQL table)<BR>><BR>>| RadAcctId | AcctSessionId | AcctUniqueId |<BR>>UserName | Realm | NASIPAddress |<BR>>NASPortId | NASPortType | AcctStartTime | AcctStopTime |<BR>>AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop |<BR>>AcctInputOctets |
AcctOutputOctets | CalledStationId | CallingStationId<BR>>| AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |<BR>>AcctStartDelay | AcctStopDelay | Class |<BR>>+-----------+----------------------+------------------+---------------------------------+--------------+--------------+------------+-------------+---------------------+---------------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------+<BR>>| 21488415 | 7/0/0/2.157_13B0EB0F | 32161edf2c7a5dec |<BR>>xxxxxxxxxxxxxxx@xxxxxxxxxxx | realmname | 1.2.3.4 | 1879179421 |<BR>>Virtual | 2007-10-29 16:15:07 | 0000-00-00 00:00:00 |<BR>>0 | RADIUS | DSL AutoShapedVC | |<BR>>0 | 0 | |<BR>>| | Framed-User | PPP | 1.2.4.99<BR>>| 0 | 0 | 0x4e5331
|<BR>><BR>><BR>>.... However - I get a Hex String ... 0x4e5331 - where I was expecting "NS1"<BR>><BR>>Reading the RFC's (with FreeRadius documentation) - this should be a<BR>>Char Octets kindof field...<BR>><BR>>Should the access provider sent the string in ASCII rather?<BR>>Did something in FreeRadius convert the ASCII to Hex?<BR>>What can I do to convert this on the fly into ASCII - save a bit of<BR>>space in my Database - etc.<BR>><BR>>Reading the mailing-lists archives - I see that it can contain binary<BR>>data - thus the Hex.<BR>>Which is "better" - to change the dictionary definition from octet to<BR>>string or some sort of mysql function call?<BR>>(better ==> less things to remember/patch between updates)<BR>>The access provider states that the info provided will always be ascii<BR>>(or translate to ascii - if decoded).<BR>><BR>>--<BR>> . . ___. .__ Posix Systems - Sth Africa<BR>> /| /| / /__
mje@posix.co.za - Mark J Elkins, SCO ACE, Cisco CCIE<BR>>/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496<BR>><BR>>-<BR>>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR>><BR>><BR><BR><BR><BR>------------------------------<BR><BR>Message: 6<BR>Date: Mon, 29 Oct 2007 18:22:04 +0200<BR>From: Mark Elkins <MJE@POSIX.CO.ZA><BR>Subject: Re: Class attribute in accounting record.<BR>To: FreeRadius users mailing list<BR><FREERADIUS-USERS@LISTS.FREERADIUS.ORG><BR>Message-ID: <1193674924.11780.8.camel@localhost><BR>Content-Type: text/plain<BR><BR><BR>On Mon, 2007-10-29 at 16:45 +0200, Mark J Elkins wrote:<BR>> My access provider is setting and sending me the "Class" attribute in an<BR>> accounting record...<BR>> <BR>> I use MySQL to store such info in... and I'm using freeradius 1.1.6<BR><BR>Wisdom prevails.. (touching the dictionaries is probably a bad* thing to do...)<BR><BR>I'm using
...<BR><BR>accounting_stop_query_alt = "INSERT.... , UNHEX(SUBSTR('%{Class}',3)))"<BR><BR>.. which keeps personal changes to one place (sql.conf and files<BR>in /etc/raddb) and saves me from upsetting Alan DeKok's karma* - a bad<BR>thing to do.<BR>-- <BR>. . ___. .__ Posix Systems - Sth Africa<BR>/| /| / /__ mje@posix.co.za - Mark J Elkins, Cisco CCIE<BR>/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496<BR><BR><BR>------------------------------<BR><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR><BR><BR>End of Freeradius-Users Digest, Vol 30, Issue 105<BR>*************************************************<BR></BLOCKQUOTE><BR><BR><BR><DIV><STRONG><EM><FONT face="times new roman"> CON CARIÑO</FONT></EM></STRONG></DIV>
<DIV><FONT face="times new roman"><EM><STRONG><U>MARIBEL HERNÁNDEZ LÓPEZ</U></STRONG></EM></FONT></DIV>
<DIV><FONT face="Times New Roman"><STRONG><EM> <IMG src="http://us.i1.yimg.com/us.yimg.com/i/mesg/tsmileys2/40.gif"></EM></STRONG></FONT></DIV><p> __________________________________________________<br>Do You Yahoo!?<br>Tired of spam? Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com