<DIV>Christ,</DIV>
<DIV> </DIV>
<DIV>Thanks for your help.</DIV>
<DIV> </DIV>
<DIV>Can you please advise how to configurre a group reject access?</DIV>
<DIV> </DIV>
<DIV>Thanks!</DIV>
<DIV> </DIV>
<DIV>Tom</DIV>
<DIV><includetail>
<DIV> </DIV>
<DIV> </DIV>
<DIV style="COLOR: #000">
<DIV style="PADDING-BOTTOM: 2px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; FONT-FAMILY: Arial Narrow; FONT-SIZE: 12px; PADDING-TOP: 2px">------------------ Original ------------------</DIV>
<DIV style="PADDING-BOTTOM: 8px; PADDING-LEFT: 8px; PADDING-RIGHT: 8px; BACKGROUND: #efefef; FONT-SIZE: 12px; PADDING-TOP: 8px">
<DIV id=menu_sender><B>From: </B> "freeradius-users"<freeradius-users-request@lists.freeradius.org>;</DIV>
<DIV><B>Date: </B> Wed, Sep 14, 2011 02:01 AM</DIV>
<DIV><B>To: </B> "freeradius-users"<freeradius-users@lists.freeradius.org>; <WBR></DIV>
<DIV></DIV>
<DIV><B>Subject: </B> Freeradius-Users Digest, Vol 77, Issue 51</DIV></DIV>
<DIV> </DIV>Send Freeradius-Users mailing list submissions to<BR>freeradius-users@lists.freeradius.org<BR><BR>To subscribe or unsubscribe via the World Wide Web, visit<BR>http://lists.freeradius.org/mailman/listinfo/freeradius-users<BR>or, via email, send a message with subject or body 'help' to<BR>freeradius-users-request@lists.freeradius.org<BR><BR>You can reach the person managing the list at<BR>freeradius-users-owner@lists.freeradius.org<BR><BR>When replying, please edit your Subject line so it is more specific<BR>than "Re: Contents of Freeradius-Users digest..."<BR><BR><BR>Today's Topics:<BR><BR> 1. RE: Problem with rml_sqlcounter with GigaByte datavolume<BR> (Nicolas FOUREL)<BR> 2. Re: Problem with rml_sqlcounter with GigaByte datavolume<BR> (Suman Dash)<BR> 3. Re: Best Practices - maximum NAS entries in clients.conf<BR> (Christ Schlacta)<BR> 4. Re: Quick enable/disable user account. (Christ Schlacta)<BR> 5. Re: Best Practices - maximum NAS entries in clients.conf<BR> (Arran Cudbard-Bell)<BR><BR><BR>----------------------------------------------------------------------<BR><BR>Message: 1<BR>Date: Tue, 13 Sep 2011 18:30:55 +0200<BR>From: "Nicolas FOUREL" <nicolas.fourel@adipsys.com><BR>Subject: RE: Problem with rml_sqlcounter with GigaByte datavolume<BR>To: "'FreeRadius users mailing list'"<BR><freeradius-users@lists.freeradius.org><BR>Message-ID: <4e6f8544.8dc5e30a.148c.558f@mx.google.com><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>Hi Arran,<BR><BR>I have get version 3.0.0 with 64 bit counters support from Git and installed<BR>it. Unfortunatly, I still have the same problem with my sql counter which<BR>has always "check_item=0" when I put a value bigger than 2^32. On<BR>Access-Request in debug mode, I have the following lines : <BR><BR>Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is<BR>less than zero<BR>Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user foo@bar.com,<BR>check_item=0, counter=68882<BR><BR>Here is my counter definition :<BR>sqlcounter totalinputoctets {<BR> counter-name = Total-Max-Input-Octets<BR> check-name = Max-Input-Octets<BR> reply-name = ChilliSpot-Max-Input-Octets<BR> sqlmod-inst = sql<BR> key = User-Name<BR> reset = never<BR> query = "SELECT SUM(AcctInputOctets) FROM radacct WHERE<BR>UserName='%{%k}'"<BR>}<BR><BR>I have added "Max-Input-Octets" in the dictionary file like that :<BR>ATTRIBUTE Max-Input-Octets 3001 integer64<BR><BR>In radcheck table:<BR>foo@bar.com Max-Input-Octets :=<BR>107374182400<BR><BR><BR>Did I miss a thing ?<BR><BR>Many thanks<BR><BR>Nicolas<BR><BR>-----Message d'origine-----<BR>De?:<BR>freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius.org<BR>[mailto:freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius<BR>.org] De la part de Arran Cudbard-Bell<BR>Envoy??: lundi 12 septembre 2011 11:46<BR>??: FreeRadius users mailing list<BR>Objet?: Re: Problem with rml_sqlcounter with GigaByte datavolume<BR><BR><BR>On 12 Sep 2011, at 10:20, nfourel wrote:<BR><BR>> Thanks for your reply but I can't find any version 3.x.x of freeRADIUS.<BR>Where<BR>> can I find it ?<BR>> <BR><BR>http://git.freeradius.org/<BR><BR>3.x.x is currently in development on the master branch.<BR><BR>-Arran<BR><BR>Arran Cudbard-Bell<BR>a.cudbardb@freeradius.org<BR><BR>RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.<BR><BR><BR>-<BR>List info/subscribe/unsubscribe? See<BR>http://www.freeradius.org/list/users.html<BR><BR><BR><BR><BR>------------------------------<BR><BR>Message: 2<BR>Date: Tue, 13 Sep 2011 23:09:39 +0530<BR>From: Suman Dash <sumandash@gmail.com><BR>Subject: Re: Problem with rml_sqlcounter with GigaByte datavolume<BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Message-ID:<BR><CAOywgS8G==MvAZPs=s18pYsN36mA+xzGScb9e0KvcPELOHFsng@mail.gmail.com><BR>Content-Type: text/plain; charset="iso-8859-1"<BR><BR>SELECT SUM(AcctInputOctets) FROM radacct WHERE UserName='username'<BR><BR>Run the above query in mysql and post the result<BR><BR>then post the freeradius log specific to this section.<BR><BR>On Tue, Sep 13, 2011 at 10:00 PM, Nicolas FOUREL <nicolas.fourel@adipsys.com<BR>> wrote:<BR><BR>> Hi Arran,<BR>><BR>> I have get version 3.0.0 with 64 bit counters support from Git and<BR>> installed<BR>> it. Unfortunatly, I still have the same problem with my sql counter which<BR>> has always "check_item=0" when I put a value bigger than 2^32. On<BR>> Access-Request in debug mode, I have the following lines :<BR>><BR>> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: (Check item - counter) is<BR>> less than zero<BR>> Tue Sep 13 18:20:47 2011 : Debug: rlm_sqlcounter: Rejected user<BR>> foo@bar.com,<BR>> check_item=0, counter=68882<BR>><BR>> Here is my counter definition :<BR>> sqlcounter totalinputoctets {<BR>> counter-name = Total-Max-Input-Octets<BR>> check-name = Max-Input-Octets<BR>> reply-name = ChilliSpot-Max-Input-Octets<BR>> sqlmod-inst = sql<BR>> key = User-Name<BR>> reset = never<BR>> query = "SELECT SUM(AcctInputOctets) FROM radacct WHERE<BR>> UserName='%{%k}'"<BR>> }<BR>><BR>> I have added "Max-Input-Octets" in the dictionary file like that :<BR>> ATTRIBUTE Max-Input-Octets 3001 integer64<BR>><BR>> In radcheck table:<BR>> foo@bar.com Max-Input-Octets :=<BR>> 107374182400<BR>><BR>><BR>> Did I miss a thing ?<BR>><BR>> Many thanks<BR>><BR>> Nicolas<BR>><BR>> -----Message d'origine-----<BR>> De :<BR>> freeradius-users-bounces+nicolas.fourel=adipsys.com@lists.freeradius.org<BR>> [mailto:freeradius-users-bounces+nicolas.fourel<BR>> =adipsys.com@lists.freeradius<BR>> .org] De la part de Arran Cudbard-Bell<BR>> Envoy? : lundi 12 septembre 2011 11:46<BR>> ? : FreeRadius users mailing list<BR>> Objet : Re: Problem with rml_sqlcounter with GigaByte datavolume<BR>><BR>><BR>> On 12 Sep 2011, at 10:20, nfourel wrote:<BR>><BR>> > Thanks for your reply but I can't find any version 3.x.x of freeRADIUS.<BR>> Where<BR>> > can I find it ?<BR>> ><BR>><BR>> http://git.freeradius.org/<BR>><BR>> 3.x.x is currently in development on the master branch.<BR>><BR>> -Arran<BR>><BR>> Arran Cudbard-Bell<BR>> a.cudbardb@freeradius.org<BR>><BR>> RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.<BR>><BR>><BR>> -<BR>> List info/subscribe/unsubscribe? See<BR>> http://www.freeradius.org/list/users.html<BR>><BR>><BR>> -<BR>> List info/subscribe/unsubscribe? See<BR>> http://www.freeradius.org/list/users.html<BR>><BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/59e78c63/attachment.html><BR><BR>------------------------------<BR><BR>Message: 3<BR>Date: Tue, 13 Sep 2011 10:39:48 -0700<BR>From: Christ Schlacta <lists@aarcane.org><BR>Subject: Re: Best Practices - maximum NAS entries in clients.conf<BR>To: freeradius-users@lists.freeradius.org<BR>Message-ID: <4E6F9564.1070103@aarcane.org><BR>Content-Type: text/plain; charset=ISO-8859-1; format=flowed<BR><BR>On 9/13/2011 00:59, Fajar A. Nugraha wrote:<BR>> On Tue, Sep 13, 2011 at 2:43 PM, Phil Mayers<p.mayers@imperial.ac.uk> wrote:<BR>>> On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:<BR>>>> If I understand raddb/sites-available/dynamic-clients correctly, the<BR>>>> only way to store (well, to retrieve actualy) dynamic clients<BR>>>> definition in SQL is to use "%{sql:" expansion. Is there a way to make<BR>>>> it have some level of redundancy? Last time I check, "%{sql:" can't be<BR>>>> used on "virtual" modules (from instantiate or policy section) which<BR>>>> groups multiple sql instance together using "redundant".<BR>>>><BR>>> You could also use "exec", rlm_perl/python or whatever, all of which can<BR>>> themselves call SQL.<BR>> possible, though not ideal.<BR>><BR>>> Or, perform an SQL query that MUST return some output, parse the results and<BR>>> call the individual SQL modules directly - like so:<BR>>><BR>>> update control {<BR>>> Tmp-String-0 := "%{sql1:select name||','||secret ...}"<BR>>> }<BR>>> if (control:Tmp-String-0 == "") {<BR>>> update control {<BR>>> Tmp-String-0 := "%{sql2:...}"<BR>>> }<BR>>> }<BR>> That's what we currently do (for another purpose, not for dynamic<BR>> client). However:<BR>> - I lost load-balancing feature that comes with redundant-load-balance<BR>> - imagine having to create 8 if-elsif block to properly catch error<BR>> when working with 8 sql nodes, and write the same sql query 8 times in<BR>> the configuration file. Works, but kinda messy.<BR>><BR>> With current sql module (that only reads nas list from sql during<BR>> startup/HUP) I can use one sql/mysql/*.conf to specify the query, and<BR>> have each sql instance $INCLUDE it. If we can do similar thing with<BR>> "%{sql:" expansion (e.g. store the query in some temporary internal<BR>> variable/attribute) it'd be reduce the measiness greatly, but I<BR>> haven't found out how to do it yet.<BR>><BR>why not make an arbitrary program that takes the SQL statement as an <BR>argument, and returns from the first successful connection. it can take <BR>a random number between 0 and n-1 on the number of SQL servers you have, <BR>and start connecting from there. you get failover and round-robin load <BR>balancing with the convenience of only having to write your query and <BR>your series of if-else-if statements once.<BR><BR><BR>------------------------------<BR><BR>Message: 4<BR>Date: Tue, 13 Sep 2011 10:46:21 -0700<BR>From: Christ Schlacta <lists@aarcane.org><BR>Subject: Re: Quick enable/disable user account.<BR>To: freeradius-users@lists.freeradius.org<BR>Message-ID: <4E6F96ED.6080307@aarcane.org><BR>Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"<BR><BR>On 9/13/2011 08:32, 2394263740 wrote:<BR>><BR>> Hello,<BR>> I'm using free radius server 2.1.11 on Linux Enterprise Server 6.1.<BR>> OS: Linux Enterprise Server 6.1<BR>> Radius: free radius server 2.1.11<BR>> Database: Mysql<BR>><BR>> Sometime, I need disable a user account in mysql database. And then <BR>> enable it later on after some check complete.<BR>><BR>> Can you please advise how to toggle such status?<BR>><BR>> There're may be multiple solutions, please advise them all, so I can <BR>> choose a one most fit the needs.<BR>><BR>> Thanks!<BR>><BR>> Tom<BR>><BR>><BR>><BR>> -<BR>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR>read up on mysql groups, then use a group that's configured to reject <BR>access. add and delete members from that group as needed to disable and <BR>re-enable their account. that's what groups are there for.<BR>-------------- next part --------------<BR>An HTML attachment was scrubbed...<BR>URL: <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20110913/5fec63c0/attachment.html><BR><BR>------------------------------<BR><BR>Message: 5<BR>Date: Tue, 13 Sep 2011 20:01:14 +0200<BR>From: Arran Cudbard-Bell <a.cudbardb@freeradius.org><BR>Subject: Re: Best Practices - maximum NAS entries in clients.conf<BR>To: FreeRadius users mailing list<BR><freeradius-users@lists.freeradius.org><BR>Message-ID: <97DF6DE5-5FDB-416C-A528-FDC68A1D4274@freeradius.org><BR>Content-Type: text/plain; charset=us-ascii<BR><BR><BR>On 13 Sep 2011, at 19:39, Christ Schlacta wrote:<BR><BR>> On 9/13/2011 00:59, Fajar A. Nugraha wrote:<BR>>> On Tue, Sep 13, 2011 at 2:43 PM, Phil Mayers<p.mayers@imperial.ac.uk> wrote:<BR>>>> On 09/12/2011 10:42 PM, Fajar A. Nugraha wrote:<BR>>>>> If I understand raddb/sites-available/dynamic-clients correctly, the<BR>>>>> only way to store (well, to retrieve actualy) dynamic clients<BR>>>>> definition in SQL is to use "%{sql:" expansion. Is there a way to make<BR>>>>> it have some level of redundancy? Last time I check, "%{sql:" can't be<BR>>>>> used on "virtual" modules (from instantiate or policy section) which<BR>>>>> groups multiple sql instance together using "redundant".<BR>>>>> <BR>>>> You could also use "exec", rlm_perl/python or whatever, all of which can<BR>>>> themselves call SQL.<BR>>> possible, though not ideal.<BR>>> <BR>>>> Or, perform an SQL query that MUST return some output, parse the results and<BR>>>> call the individual SQL modules directly - like so:<BR>>>> <BR>>>> update control {<BR>>>> Tmp-String-0 := "%{sql1:select name||','||secret ...}"<BR>>>> }<BR>>>> if (control:Tmp-String-0 == "") {<BR>>>> update control {<BR>>>> Tmp-String-0 := "%{sql2:...}"<BR>>>> }<BR>>>> }<BR>>> That's what we currently do (for another purpose, not for dynamic<BR>>> client). However:<BR>>> - I lost load-balancing feature that comes with redundant-load-balance<BR>>> - imagine having to create 8 if-elsif block to properly catch error<BR>>> when working with 8 sql nodes, and write the same sql query 8 times in<BR>>> the configuration file. Works, but kinda messy.<BR>>> <BR>>> With current sql module (that only reads nas list from sql during<BR>>> startup/HUP) I can use one sql/mysql/*.conf to specify the query, and<BR>>> have each sql instance $INCLUDE it. If we can do similar thing with<BR>>> "%{sql:" expansion (e.g. store the query in some temporary internal<BR>>> variable/attribute) it'd be reduce the measiness greatly, but I<BR>>> haven't found out how to do it yet.<BR>>> <BR>> why not make an arbitrary program that takes the SQL statement as an argument, and returns from the first successful connection. it can take a random number between 0 and n-1 on the number of SQL servers you have, and start connecting from there. you get failover and round-robin load balancing with the convenience of only having to write your query and your series of if-else-if statements once.<BR><BR>Calling out to anything outside of FreeRADIUS comes with a big performance penalty.<BR><BR>I do sometimes wonder whether 'update config' would be useful as an interim hack for some of this stuff.<BR><BR>-Arran<BR><BR>Arran Cudbard-Bell<BR>a.cudbardb@freeradius.org<BR><BR>RADIUS - Waging war on ignorance and apathy one Access-Challenge at a time.<BR><BR><BR><BR><BR>------------------------------<BR><BR>-<BR>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<BR><BR><BR>End of Freeradius-Users Digest, Vol 77, Issue 51<BR>************************************************<BR></DIV></includetail></DIV>