<p>I am not interested in any argument, i wanted to check what may be the problem with my radius server as accounting is successful with free radius on other server.</p>
<div class="gmail_quote">On May 26, 2013 6:51 AM, <<a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Send Freeradius-Users mailing list submissions to<br>
<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users" target="_blank">http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br>
or, via email, send a message with subject or body 'help' to<br>
<a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:freeradius-users-owner@lists.freeradius.org">freeradius-users-owner@lists.freeradius.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Freeradius-Users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Issue with radius accounting (Alan DeKok)<br>
2. user from particular NAS-IP-Address (Pete Ashdown)<br>
3. Re: user from particular NAS-IP-Address (Alan DeKok)<br>
4. Error: rlm_sql_unixodbc: SQL down 08S01<br>
[unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server<br>
is unavailable or does not exist (Bill Grant)<br>
5. Re: Error: rlm_sql_unixodbc: SQL down 08S01<br>
[unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server<br>
is unavailable or does not exist (Alan DeKok)<br>
6. RE: Error: rlm_sql_unixodbc: SQL down 08S01<br>
[unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server<br>
is unavailable or does not exist (Bill Grant)<br>
7. Re: Auth-Type = Reject not being obeyed (Matthew Melbourne)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Sat, 25 May 2013 13:30:57 -0400<br>
From: Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Cc: "<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Re: Issue with radius accounting<br>
Message-ID: <<a href="mailto:B66BB339-4B2C-4608-BB8F-8C6E35F02481@deployingradius.com">B66BB339-4B2C-4608-BB8F-8C6E35F02481@deployingradius.com</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
On 2013-05-25, at 12:39 PM, Arvind Bahuguni <<a href="mailto:arvindnb1@gmail.com">arvindnb1@gmail.com</a>> wrote:<br>
<br>
> Hi Alan,<br>
> I am suspecting some radius setting on my server because free radius on other server is responding and authentication and accounting is successful<br>
><br>
For one, you need to edit your posts. It's ridiculous to reply to a digest message, and include hundreds of lines of irrelevant text.<br>
<br>
And if you know so much more than me about RADIUS, you shouldn't be asking questions on this list.<br>
<br>
If you're going to ask questions and then argue with the answers, you will be unsubscribed from the list and banned permanently.<br>
<br>
Alan DeKok.<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130525/dc49bb28/attachment-0001.html" target="_blank">http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130525/dc49bb28/attachment-0001.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Sat, 25 May 2013 14:31:12 -0600<br>
From: Pete Ashdown <<a href="mailto:pashdown@xmission.com">pashdown@xmission.com</a>><br>
To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Subject: user from particular NAS-IP-Address<br>
Message-ID: <<a href="mailto:20130525203112.GA20274@xmission.com">20130525203112.GA20274@xmission.com</a>><br>
Content-Type: text/plain; charset=us-ascii<br>
<br>
I'm trying to restrict a guest user from a single NAS-IP-Address via "users"<br>
and I can't get it to work.<br>
<br>
Doesn't work:<br>
<br>
test NAS-IP-Address == "127.0.0.1"<br>
Auth-Type := Accept<br>
<br>
test NAS-IP-Address == "127.0.1.1"<br>
Auth-Type := Accept<br>
<br>
Works, but it isn't restricted by NAS:<br>
<br>
test Auth-Type := Accept<br>
<br>
I've also tried "Calling-Station-ID == 127.0.1.1" to no avail.<br>
<br>
<br>
Also, how would I do this for a group of NAS IP addresses? Is it possible to<br>
assign them to a group in "clients.conf" that can be later checked against in<br>
"users"? Where is the documentation of what can be tested against in the<br>
"users" file?<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Sat, 25 May 2013 18:23:44 -0400<br>
From: Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Re: user from particular NAS-IP-Address<br>
Message-ID: <<a href="mailto:51A139F0.9070902@deployingradius.com">51A139F0.9070902@deployingradius.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Pete Ashdown wrote:<br>
> I'm trying to restrict a guest user from a single NAS-IP-Address via "users"<br>
> and I can't get it to work.<br>
><br>
> Doesn't work:<br>
><br>
> test NAS-IP-Address == "127.0.0.1"<br>
> Auth-Type := Accept<br>
<br>
That's wrong. Why? See the debug output. It *tells* you what's<br>
wrong, and how to fix it. See "man users". It *documents* the format<br>
of the "users" file. See the sample "raddb/users" file. Look for<br>
"Auth-Type". There are *examples* of how to do this.<br>
<br>
> Also, how would I do this for a group of NAS IP addresses? Is it possible to<br>
> assign them to a group in "clients.conf" that can be later checked against in<br>
> "users"?<br>
<br>
See raddb/huntgroups. You can group NASes, and check the group<br>
membership later.<br>
<br>
> Where is the documentation of what can be tested against in the<br>
> "users" file?<br>
<br>
What does that mean? "man users" describes how the "users" file<br>
works. After that, if you get something wrong, the debug output will<br>
tell you.<br>
<br>
You *did* run the server in debugging mode, as suggested in the FAQ,<br>
README, "man" page, and daily on this list?<br>
<br>
Alan DeKok.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Sat, 25 May 2013 23:28:13 +0000<br>
From: Bill Grant <wgrant@EBPL.org><br>
To: "<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Error: rlm_sql_unixodbc: SQL down 08S01<br>
[unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is<br>
unavailable or does not exist<br>
Message-ID: <<a href="mailto:4137E4310A92F941A14E91ACF8F9F5BF0D91CFF6@cairo.ebpl.net">4137E4310A92F941A14E91ACF8F9F5BF0D91CFF6@cairo.ebpl.net</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
I am having trouble starting freeradius at boot on CentOS 6.4. It starts, but it does not connect to my database; however, if run it manually from the command the it works fine. I think there is permission issue somewhere. See the log below:<br>
<br>
when I run following command as root it works<br>
<br>
# radiusd<br>
<br>
Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linked<br>
Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect to radius@EBHorizon:5000/Horizon<br>
Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #0<br>
Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Connected new DB handle, #0<br>
Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #1<br>
Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Connected new DB handle, #1<br>
Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #2<br>
Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #2<br>
Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #3<br>
Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #3<br>
Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #4<br>
Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #4<br>
Sat May 25 10:26:21 2013 : Info: Loaded virtual server <default><br>
Sat May 25 10:26:21 2013 : Info: Loaded virtual server inner-tunnel<br>
Sat May 25 10:26:21 2013 : Info: ... adding new socket proxy address * port 35688<br>
Sat May 25 10:26:21 2013 : Info: Ready to process requests.<br>
<br>
When I run the command below it does not connect.<br>
#service radiusd start<br>
<br>
<br>
Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and linked<br>
Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Attempting to connect to radius@EBHorizon:5000/Horizon<br>
Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #0<br>
Sat May 25 10:29:05 2013 : Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or does not exist<br>
Sat May 25 10:29:05 2013 : Error: rlm_sql_unixodbc: Connection failed<br>
Sat May 25 10:29:05 2013 : Error: rlm_sql (sql): Failed to connect DB handle #0<br>
Sat May 25 10:29:05 2013 : Info: Loaded virtual server <default><br>
Sat May 25 10:29:05 2013 : Info: Loaded virtual server inner-tunnel<br>
Sat May 25 10:29:05 2013 : Info: ... adding new socket proxy address * port 59524<br>
Sat May 25 10:29:05 2013 : Info: Ready to process requests.<br>
<br>
Any help would be greatly appreciated.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Sat, 25 May 2013 19:44:55 -0400<br>
From: Alan DeKok <<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01<br>
[unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is<br>
unavailable or does not exist<br>
Message-ID: <<a href="mailto:51A14CF7.1080502@deployingradius.com">51A14CF7.1080502@deployingradius.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Bill Grant wrote:<br>
> I am having trouble starting freeradius at boot on CentOS 6.4. It starts, but it does not connect to my database; however, if run it manually from the command the it works fine. I think there is permission issue somewhere. See the log below:<br>
><br>
> when I run following command as root it works<br>
<br>
It's probably some SELinux rule. The normal Linux APIs allow *any*<br>
process to make outbound connections.<br>
<br>
Alan DeKok.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Sun, 26 May 2013 00:29:28 +0000<br>
From: Bill Grant <wgrant@EBPL.org><br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: RE: Error: rlm_sql_unixodbc: SQL down 08S01<br>
[unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is<br>
unavailable or does not exist<br>
Message-ID: <<a href="mailto:4137E4310A92F941A14E91ACF8F9F5BF0D91D093@cairo.ebpl.net">4137E4310A92F941A14E91ACF8F9F5BF0D91D093@cairo.ebpl.net</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
You are right I temporarily disabled SE Linux with "echo 0 >/selinux/enforce" and it worked. Now I just need to figure out exactly what it is blocking. Thanks for the help!<br>
________________________________________<br>
From: Alan DeKok [<a href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>]<br>
Sent: Saturday, May 25, 2013 7:44 PM<br>
To: FreeRadius users mailing list<br>
Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01 [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is unavailable or does not exist<br>
<br>
Bill Grant wrote:<br>
> I am having trouble starting freeradius at boot on CentOS 6.4. It starts, but it does not connect to my database; however, if run it manually from the command the it works fine. I think there is permission issue somewhere. See the log below:<br>
><br>
> when I run following command as root it works<br>
<br>
It's probably some SELinux rule. The normal Linux APIs allow *any*<br>
process to make outbound connections.<br>
<br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 7<br>
Date: Sun, 26 May 2013 01:41:14 +0100<br>
From: "Matthew Melbourne" <<a href="mailto:matt@melbourne.org.uk">matt@melbourne.org.uk</a>><br>
To: <<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Subject: Re: Auth-Type = Reject not being obeyed<br>
Message-ID: <000b01ce59a9$baa28040$2fe780c0$@<a href="http://melbourne.org.uk" target="_blank">melbourne.org.uk</a>><br>
Content-Type: text/plain; charset="us-ascii"<br>
<br>
I think Phil's diagnosis is correct; 'Auth-Type := Reject' requires the ':='<br>
operator to reject a CHAP authentication.<br>
<br>
Unfortunately, it's not always easy to place a live production system in<br>
debug mode, hence the initial "is this something stupid" question :)<br>
<br>
(And apologies for the lack of a subject line in the original post).<br>
<br>
Cheers,<br>
Matt<br>
<br>
-----Original Message-----<br>
Date: Fri, 24 May 2013 17:31:29 +0100<br>
From: Phil Mayers <<a href="mailto:p.mayers@imperial.ac.uk">p.mayers@imperial.ac.uk</a>><br>
To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Subject: Re: Auth-Type = Reject not being obeyed<br>
Message-ID: <<a href="mailto:519F95E1.6010100@imperial.ac.uk">519F95E1.6010100@imperial.ac.uk</a>><br>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed<br>
<br>
On 24/05/13 17:19, Alan Buxey wrote:<br>
<br>
> The only difference I can see is that the first example uses a<br>
> plain-text password, and the RADIUS on the LNS is using CHAP?<br>
><br>
> The backend database has "=" in the 'op' field (and not ":="), so the<br>
> returned attribute is "Auth-Type = Reject" and not "Auth-Type :=<br>
> Reject", but it is correctly rejected using radtest/radclient, and I<br>
> believe the "=" operand to be correct.<br>
<br>
You might have this:<br>
<br>
authorize {<br>
...<br>
chap<br>
sql<br>
...<br>
}<br>
<br>
..and Auth-Type is already set by chap, hence "=" doesn't overwrite it.<br>
<br>
Anyway, you're not correct that "=" is the right operator; ":=" means<br>
"force" i.e. set this attribute to this value, always, and that's what you<br>
want to do here, right? "=" means "set if unset"<br>
<br>
As has also been pointed out - show "radiusd -X" for a problem auth (and set<br>
a subject line...)<br>
<br>
<br>
<br>
------------------------------<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
<br>
End of Freeradius-Users Digest, Vol 97, Issue 83<br>
************************************************<br>
</blockquote></div>