Hallo all,<br><br>First of all thanks Kalik for your responses. I checked the link you you sent but I couldn't get the info I am looking for. Let me expand further on the problem:-<br><br>I have MySQL 5.0.67 and PostgreSQL 8.3.6 and freeRADIUS 2.17 installed on GNU/Linux Fedora 10 distribution. I have identical radius databases on both MySQL and PostgreSQL. When I use the PostgreSQL, the groupname field in the radacct table gets filled in but when I change the database to MySQL, the groupname filled is blank. I checked the queries in mysql/diaup.conf and postgresql/dialup.conf and found out that they are the same. Why is it working with PostgreSQL and not working with MySQL? The groupnames are defined in radusergroup table.<br>
<br>May you help me on a step by step basis on how to solve this problem.<br><br>THank you<br><br><div class="gmail_quote">2009/2/25 <span dir="ltr"><<a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send Freeradius-Users mailing list submissions to<br>
<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users" target="_blank">http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:freeradius-users-owner@lists.freeradius.org">freeradius-users-owner@lists.freeradius.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Freeradius-Users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Freeradius-Users Digest, Vol 46, Issue 98 : Why is<br>
groupnamefield blank in radacct (<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>)<br>
2. Re: Error: WARNING: Unresponsive child for request in module<br>
sqlcomponent accounting (magicboiz)<br>
3. Rlm_sqlcounter log problem (Devrim Seral)<br>
4. Re: Error: WARNING: Unresponsive child for request in<br>
modulesqlcomponent accounting (<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>)<br>
5. Re: Rlm_sqlcounter log problem (Juan Pablo Botero)<br>
6. Re: Freeradius dies with Postgresql error (Alan DeKok)<br>
7. Re: FR 2.1.3 and ASSERT FAILED event.c (Alan DeKok)<br>
8. Re: Rlm_sqlcounter log problem (<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>)<br>
9. Re: Wired 802.1x auth - Getting the IP address of the authed<br>
machine (Alexander Clouter)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 25 Feb 2009 15:21:20 +0100<br>
From: <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>><br>
Subject: Re: Freeradius-Users Digest, Vol 46, Issue 98 : Why is<br>
groupnamefield blank in radacct<br>
To: "FreeRadius users mailing list"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:gS8vCrCQ.1235571680.7009450.tnt@kalik.net">gS8vCrCQ.1235571680.7009450.tnt@kalik.net</a>><br>
Content-Type: text/plain; charset=ISO-8859-2<br>
<br>
>I tried editing the dialup.conf and added groupname with a value of<br>
>'%{SQL-Group}' but still it writes nothing for the groupname in the radacct<br>
>table. Can you help me as to how exactly I have to edit the dialup.conf ?<br>
><br>
<br>
That is fine, only the attribute is wrong. ASFAIK Class is the only<br>
attribute that you can custom set during authentication that NAS will<br>
have to send back in accounting packet.<br>
<br>
<a href="http://freeradius.org/rfc/rfc2865.html#Class" target="_blank">http://freeradius.org/rfc/rfc2865.html#Class</a><br>
<br>
Ivan Kalik<br>
Kalik Informatika ISP<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Wed, 25 Feb 2009 15:40:04 +0100<br>
From: magicboiz <<a href="mailto:magicboiz@gmail.com">magicboiz@gmail.com</a>><br>
Subject: Re: Error: WARNING: Unresponsive child for request in module<br>
sqlcomponent accounting<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:200902251540.04783.magicboiz@gmail.com">200902251540.04783.magicboiz@gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Thx Ivan,<br>
<br>
and do you know if the accouting registers is lost? or another child retries<br>
the insert into the database?<br>
<br>
thx<br>
Regards<br>
<br>
<br>
On Mi?rcoles 25 Febrero 2009 14:09:44 <a href="mailto:tnt@kalik.net">tnt@kalik.net</a> wrote:<br>
> >I facing this problem with my Freeradius 2.1.3, and I don't know how to<br>
> > solve it :(<br>
> ><br>
> >My NAS is sending only accounting registers to my freeradius server. My<br>
> >freeradius server, is configured to store these registers into a MySQL<br>
> > server. I have configured "max_request_time = 120", in the case of MySQL<br>
> > slow performance, but the problem perssits.<br>
><br>
> No, you don't have a problem with radius server but with sql one.<br>
> Perhaps you should look into the server that does have a problem (sql)<br>
> and not the one that doesn't (radius). There is nothing radius server<br>
> can tell you about why are sql queries running slow.<br>
><br>
> Ivan Kalik<br>
> Kalik Informatika ISP<br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Wed, 25 Feb 2009 16:51:46 +0200<br>
From: Devrim Seral <<a href="mailto:dseral@gmail.com">dseral@gmail.com</a>><br>
Subject: Rlm_sqlcounter log problem<br>
To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Message-ID:<br>
<<a href="mailto:416697d80902250651s7ed9e1earb3cd4ca611c27748@mail.gmail.com">416697d80902250651s7ed9e1earb3cd4ca611c27748@mail.gmail.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Hi all,<br>
I have a little problem with freeradius. And i can't find any solution for it..<br>
We have logged failed login attempt following statement: (Its taken<br>
from Freeradius Wiki)<br>
Post-Auth-Type REJECT {<br>
# Login failed: log to SQL database.<br>
sql<br>
}<br>
<br>
However when we use rlm_sqlcounter this modle can't handled with above<br>
statement.<br>
<br>
So how its possible to log users that Rejected by rlm_sqlcounter module?<br>
Regards..<br>
devrim<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Wed, 25 Feb 2009 15:53:36 +0100<br>
From: <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>><br>
Subject: Re: Error: WARNING: Unresponsive child for request in<br>
modulesqlcomponent accounting<br>
To: "FreeRadius users mailing list"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:WfvWLTm6.1235573616.3312510.tnt@kalik.net">WfvWLTm6.1235573616.3312510.tnt@kalik.net</a>><br>
Content-Type: text/plain; charset=ISO-8859-2<br>
<br>
>and do you know if the accouting registers is lost? or another child retries<br>
>the insert into the database?<br>
><br>
<br>
They usually are - there are no handles to write to the database as the<br>
whole server gets blocked. I haven't seen tha case where single handle<br>
would dia and the rest of them would continue working. This is usually<br>
terminal state of radius-sql server connection problem.<br>
<br>
Ivan Kalik<br>
Kalik Informatika ISP<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Wed, 25 Feb 2009 09:54:35 -0500<br>
From: Juan Pablo Botero <<a href="mailto:juanpabloboterolopez@gmail.com">juanpabloboterolopez@gmail.com</a>><br>
Subject: Re: Rlm_sqlcounter log problem<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID:<br>
<<a href="mailto:aaa6fffc0902250654t7355ae6bt315ff0cd3f706324@mail.gmail.com">aaa6fffc0902250654t7355ae6bt315ff0cd3f706324@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
In My case, that it's not necesary, you can comment out that lines; and<br>
probe with 'freeradius -X'<br>
<br>
On Wed, Feb 25, 2009 at 9:51 AM, Devrim Seral <<a href="mailto:dseral@gmail.com">dseral@gmail.com</a>> wrote:<br>
<br>
> Hi all,<br>
> I have a little problem with freeradius. And i can't find any solution for<br>
> it..<br>
> We have logged failed login attempt following statement: (Its taken<br>
> from Freeradius Wiki)<br>
> Post-Auth-Type REJECT {<br>
> # Login failed: log to SQL database.<br>
> sql<br>
> }<br>
><br>
> However when we use rlm_sqlcounter this modle can't handled with above<br>
> statement.<br>
><br>
> So how its possible to log users that Rejected by rlm_sqlcounter module?<br>
> Regards..<br>
> devrim<br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
><br>
<br>
<br>
<br>
--<br>
Juan Pablo Botero<br>
Administrador de Sistemas inform?ticos<br>
<a href="http://jpill.wordpress.com" target="_blank">http://jpill.wordpress.com</a><br>
eSSuX: <a href="http://slcolombia.org/eSSuX" target="_blank">http://slcolombia.org/eSSuX</a><br>
Linux Registered user #435293<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/ca3488d3/attachment.html" target="_blank">https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/ca3488d3/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Wed, 25 Feb 2009 15:54:37 +0100<br>
From: Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>
Subject: Re: Freeradius dies with Postgresql error<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:49A55BAD.7020707@deployingradius.com">49A55BAD.7020707@deployingradius.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Vegard Svanberg wrote:<br>
> I'm using Freeradius with a Postgresql backend. Every two or three days,<br>
> Freeradius dies. These are the last lines from the log file:<br>
><br>
> Tue Feb 24 21:15:31 2009 : Auth: Login OK: [XXXX] (from client YYYY port 3 cli ZZZZZZZZ)<br>
> Tue Feb 24 21:16:34 2009 : Auth: Login OK: [XXXX] (from client YYYY port 3 cli ZZZZZZZZ)<br>
> Tue Feb 24 21:16:48 2009 : Auth: Login OK: [XXXX] (from client YYYY port 4 cli ZZZZZZZZ)<br>
> Tue Feb 24 21:18:32 2009 : Error: rlm_sql_postgresql: PostgreSQL Query failed Error:<br>
> Tue Feb 24 21:18:32 2009 : Auth: Invalid user: [XXXX] (from client YYYY port 1509942 cli XX:XX:XX:XX:XX:XX)<br>
><br>
> Then nothing (it's gone and has to be started up again).<br>
<br>
Ugh. That's not nice.<br>
<br>
> The problem is that this never happens if I run radiusd with -X, so I'm<br>
> having trouble catching more info.<br>
<br>
See doc/bugs in the latest "git" tree (stable) for instructions on<br>
leaving it running under "gdb". You will also likely need to build the<br>
server with debugging symbols, too.<br>
<br>
> Any clues? This is Freeradius 2.1.0 btw. I've just upgraded to 2.1.3 to<br>
> see if the problem goes away.<br>
<br>
I don't recall anything being changed in the postgres back-end.<br>
<br>
Alan DeKok.<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 7<br>
Date: Wed, 25 Feb 2009 16:04:56 +0100<br>
From: Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>
Subject: Re: FR 2.1.3 and ASSERT FAILED event.c<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:49A55E18.1060202@deployingradius.com">49A55E18.1060202@deployingradius.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Chris Howley wrote:<br>
> I encountered the following problem when the server received an Access-Challenge packet<br>
> from a proxy server. Any help in fixing this problem would be appreciated.<br>
<br>
See doc/bugs for giving additional information, such as the rest of<br>
the back trace.<br>
<br>
Also, a lot more of the debug log might help.<br>
<br>
> Waking up in 0.9 seconds.<br>
> rad_recv: Access-Challenge packet from host 194.82.174.185 port 1812, id=76, length=81<br>
> Tunnel-Type:0 = VLAN<br>
> Tunnel-Medium-Type:0 = IEEE-802<br>
> EAP-Message = 0x010300061920<br>
> Message-Authenticator = 0x193c8361dc660dd940460f693d6ebf9c<br>
> State = 0xad8b0646ad881f6aaefeee6ec7165a25<br>
> Proxy-State = 0x313730<br>
> +- entering group post-proxy {...}<br>
> [post_proxy_log] expand: /usr/local/var/log/radius/radacct/%Y-%m-%d/post-proxy-detail-%H:00 -> /usr/local/var/log/radius/radacct/2009-02-24/post-proxy-detail-16:00<br>
> [post_proxy_log] /usr/local/var/log/radius/radacct/%Y-%m-%d/post-proxy-detail-%H:00 expands to /usr/local/var/log/radius/radacct/2009-02-24/post-proxy-detail-16:00<br>
> [post_proxy_log] expand: %{Packet-Src-IP-Address} - %t -> 10.12.80.101 - Tue Feb 24 16:02:50 2009<br>
> ++[post_proxy_log] returns ok<br>
> [attr_filter.post-proxy] expand: %{Realm} -> jrs<br>
> attr_filter: Matched entry DEFAULT at line 103<br>
> ++[attr_filter.post-proxy] returns updated<br>
> [eap] No pre-existing handler found<br>
> ++[eap] returns noop<br>
> ASSERT FAILED event.c[3593]: fun != NULL<br>
> Abort (core dumped)<br>
<br>
This is a catastrophic error indicating that the server has a request<br>
it doesn't know how to handle.<br>
<br>
The only way that this could happen is:<br>
<br>
a) buffer over-run somewhere<br>
b) source code modifications<br>
<br>
The code that receives a proxied response sets "fun", and doesn't do a<br>
whole lot else before it hits that assertion. If you're seeing this in<br>
debugging mode (i.e. no threads), then there *very* few things that can<br>
go wrong here.<br>
<br>
Alan DeKok.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 8<br>
Date: Wed, 25 Feb 2009 16:08:33 +0100<br>
From: <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>><br>
Subject: Re: Rlm_sqlcounter log problem<br>
To: "FreeRadius users mailing list"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:gsiPBrW7.1235574513.8411570.tnt@kalik.net">gsiPBrW7.1235574513.8411570.tnt@kalik.net</a>><br>
Content-Type: text/plain; charset=ISO-8859-2<br>
<br>
>I have a little problem with freeradius. And i can't find any solution for it..<br>
>We have logged failed login attempt following statement: (Its taken<br>
>from Freeradius Wiki)<br>
> Post-Auth-Type REJECT {<br>
> # Login failed: log to SQL database.<br>
> sql<br>
> }<br>
><br>
>However when we use rlm_sqlcounter this modle can't handled with above<br>
>statement.<br>
><br>
>So how its possible to log users that Rejected by rlm_sqlcounter module?<br>
<br>
man unlang. Test for module return code and then run, for example, perl<br>
script that will log to the database. You can't do sql inserts and<br>
updates directly from unlang without source code changes.<br>
<br>
Ivan Kalik<br>
Kalik Informatika ISP<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 9<br>
Date: Wed, 25 Feb 2009 19:26:13 +0000<br>
From: Alexander Clouter <<a href="mailto:alex@digriz.org.uk">alex@digriz.org.uk</a>><br>
Subject: Re: Wired 802.1x auth - Getting the IP address of the authed<br>
machine<br>
To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Message-ID: <slrngqb6ql.n2j.alex@woodchuck.wormnet.eu><br>
<br>
* Paul Dealy <<a href="mailto:pdealy@gmail.com">pdealy@gmail.com</a>> [Wed, 25 Feb 2009 21:42:37 +1100]:<br>
><br>
> I have accounting turned on, but I don't see the authed machines IP on<br>
> that of the NAS.<br>
><br>
Use DHCP Snooping[1] and then yank the DHCP servers logs. If you want<br>
them in the SQL table, you should add them afterwards. You need to bear<br>
in mind that in the medium-long term there will be nothing stopping (or<br>
invalid) about computers having multiple IP addresses[2]. Expecting a<br>
venduh (especially Cisco) to give you what you want/need is asking for<br>
trouble.<br>
<br>
We personally yank from our DHCP logs, because of DHCP snooping, we know<br>
they can be trusted.<br>
<br>
Cheers<br>
<br>
[1] <a href="http://www.cisco.com/web/DK/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf" target="_blank">http://www.cisco.com/web/DK/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf</a><br>
[2] IPv4 and IPv6 addresses, multiple of the later for workstations is<br>
an expectation not an edge case. Also there is technically<br>
nothing stopping a workstation in a single 'session' changing IP<br>
addresses<br>
<br>
--<br>
Alexander Clouter<br>
.sigmonster says: Go on, EMOTE! I was RAISED on thought balloons!!<br>
<br>
<br>
<br>
------------------------------<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
End of Freeradius-Users Digest, Vol 46, Issue 102<br>
*************************************************<br>
</blockquote></div><br>