<html>
<head>
<style><!--
.hmmessage P
{
margin:0px;
padding:0px
}
body.hmmessage
{
font-size: 12pt;
font-family:Calibri
}
--></style></head>
<body class='hmmessage'><div dir='ltr'>Here is the sql module being loaded: It shows the group queries so not sure why it doesn't process them <div><br></div><div><div># Loaded module rlm_sql</div><div> # Instantiating module "sql" from file /etc/raddb/mods-enabled/sql</div><div> sql {</div><div> driver = "rlm_sql_mysql"</div><div> server = "localhost"</div><div> port = "3306"</div><div> login = "radius"</div><div> password = "123456"</div><div> radius_db = "radius"</div><div> read_groups = yes</div><div> read_clients = yes</div><div> delete_stale_sessions = yes</div><div> sql_user_name = "%{User-Name}"</div><div> default_user_profile = ""</div><div> client_query = "SELECT id, nasname, shortname, type, secret, server FROM nas"</div><div> authorize_check_query = "SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id"</div><div> authorize_reply_query = "SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id"</div><div> authorize_group_check_query = "SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id"</div><div> authorize_group_reply_query = "SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id"</div><div> group_membership_query = "SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority"</div><div> simul_count_query = ""</div><div> simul_verify_query = "SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"</div><div> safe_characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"</div><div> }</div><div> accounting {</div><div> reference = "%{tolower:type.%{Acct-Status-Type}.query}"</div><div> }</div><div> post-auth {</div><div> reference = ".query"</div><div> }</div><div> mysql {</div><div> tls {</div><div> }</div><div> }</div><div>rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked</div><div>rlm_sql (sql): Attempting to connect to database "radius"</div><div>rlm_sql (sql): Initialising connection pool</div><div> pool {</div><div> start = 5</div><div> min = 4</div><div> max = 10</div><div> spare = 3</div><div> uses = 0</div><div> lifetime = 0</div><div> cleanup_delay = 5</div><div> idle_timeout = 60</div><div> spread = no</div><div> }</div><div>rlm_sql (sql): Opening additional connection (0)</div><div>rlm_sql_mysql: Starting connect to MySQL server</div><div>rlm_sql (sql): Opening additional connection (1)</div><div>rlm_sql_mysql: Starting connect to MySQL server</div><div>rlm_sql (sql): Opening additional connection (2)</div><div>rlm_sql_mysql: Starting connect to MySQL server</div><div>rlm_sql (sql): Opening additional connection (3)</div><div>rlm_sql_mysql: Starting connect to MySQL server</div><div>rlm_sql (sql): Opening additional connection (4)</div><div>rlm_sql_mysql: Starting connect to MySQL server</div><div>rlm_sql (sql): Processing generate_sql_clients</div><div>rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret, server FROM nas</div><div>rlm_sql (sql): Reserved connection (4)</div><div>rlm_sql (sql): Executing query: 'SELECT id, nasname, shortname, type, secret, server FROM nas'</div><div>rlm_sql (sql): Released connection (4)</div><div> } # modules</div><div>radiusd: #### Loading Virtual Servers ####</div><div>server { # from file /etc/raddb/radiusd.conf</div><div>} # server</div><div>server default { # from file /etc/raddb/sites-enabled/default</div><div> # Creating Auth-Type = digest</div><div> # Loading authenticate {...}</div><div> # Loading authorize {...}</div><div> # Loading virtual module filter_username</div><div>WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst)</div><div> # Loading preacct {...}</div><div> # Loading virtual module acct_unique</div><div> # Loading accounting {...}</div><div> # Loading post-proxy {...}</div><div> # Loading post-auth {...}</div><div> # Loading virtual module remove_reply_message_if_eap</div><div> # Loading virtual module remove_reply_message_if_eap</div><div>} # server default</div><div>server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunnel</div><div> # Loading authenticate {...}</div><div> # Loading authorize {...}</div><div>WARNING: Ignoring "ldap" (see raddb/mods-available/README.rst)</div><div> # Loading session {...}</div><div> # Loading post-proxy {...}</div><div> # Loading post-auth {...}</div><div>} # server inner-tunnel</div><div>radiusd: #### Opening IP addresses and Ports ####</div><div>listen {</div><div> type = "auth"</div><div> ipaddr = *</div><div> port = 0</div><div> limit {</div><div> max_connections = 16</div><div> lifetime = 0</div><div> idle_timeout = 30</div><div> }</div><div>}</div><div>listen {</div><div> type = "acct"</div><div> ipaddr = *</div><div> port = 0</div><div> limit {</div><div> max_connections = 16</div><div> lifetime = 0</div><div> idle_timeout = 30</div><div> }</div><div>}</div><div>listen {</div><div> type = "auth"</div><div> ipaddr = 127.0.0.1</div><div> port = 18120</div><div>}</div><div>Listening on auth address * port 1812 as server default</div><div>Listening on acct address * port 1813 as server default</div><div>Listening on auth address 127.0.0.1 port 18120 as server inner-tunnel</div><div>Opening new proxy address * port 1814</div><div>Listening on proxy address * port 1814</div><div>Ready to process requests.</div><div><br></div><div><br></div><div><br><br><div>> From: freeradius-users-request@lists.freeradius.org<br>> Subject: Freeradius-Users Digest, Vol 113, Issue 129<br>> To: freeradius-users@lists.freeradius.org<br>> Date: Mon, 29 Sep 2014 09:29:30 +0200<br>> <br>> Send Freeradius-Users mailing list submissions to<br>> freeradius-users@lists.freeradius.org<br>> <br>> To subscribe or unsubscribe via the World Wide Web, visit<br>> http://lists.freeradius.org/mailman/listinfo/freeradius-users<br>> or, via email, send a message with subject or body 'help' to<br>> freeradius-users-request@lists.freeradius.org<br>> <br>> You can reach the person managing the list at<br>> freeradius-users-owner@lists.freeradius.org<br>> <br>> When replying, please edit your Subject line so it is more specific<br>> than "Re: Contents of Freeradius-Users digest..."<br>> <br>> <br>> Today's Topics:<br>> <br>> 1. RE: Beginner need help (unrecognized clients) (Frank Wei)<br>> 2. Re: freeradius sql groups not working (James w)<br>> <br>> <br>> ----------------------------------------------------------------------<br>> <br>> Message: 1<br>> Date: Mon, 29 Sep 2014 05:09:58 +0000<br>> From: Frank Wei <Frank.Wei@4rf.com><br>> To: FreeRadius users mailing list<br>> <freeradius-users@lists.freeradius.org><br>> Subject: RE: Beginner need help (unrecognized clients)<br>> Message-ID:<br>> <36A567FFA4FB734C89ABF498A70F83AE9615B3BA@4rf-nz-orion.local.4rf.com><br>> Content-Type: text/plain; charset="us-ascii"<br>> <br>> Dear friends,<br>> <br>> I have added clients<br>> <br>> client private-network-1 {<br>> ipaddr = 192.168.0.244<br>> netmask = 24<br>> secret = testing123-1<br>> shortname = private-network-1<br>> }<br>> <br>> To the clients.conf.<br>> <br>> And run command "radius -X". From the debug message I can see the added client loaded.<br>> <br>> Then from my NAS (with IP 192.168.0.244) I sent a "authentication only" request to the server. The server showed me a message:<br>> <br>> Ignored,.....Unrecognized client "192.168.0.244" port "1222".<br>> <br>> What is wrong with my config?<br>> <br>> Regards,<br>> Frank<br>> <br>> <br>> -----Original Message-----<br>> From: freeradius-users-bounces+frank.wei=4rf.com@lists.freeradius.org [mailto:freeradius-users-bounces+frank.wei=4rf.com@lists.freeradius.org] On Behalf Of A.L.M.Buxey@lboro.ac.uk<br>> Sent: Thursday, 25 September 2014 6:49 p.m.<br>> To: FreeRadius users mailing list<br>> Subject: Re: Beginner need help<br>> <br>> Hi,<br>> <br>> > My understanding is that source IP address of the Access-Request packets must be the NAS IP address which is "NAS-IP-Address". Apparently this is different to the Attribute description.<br>> ><br>> > Could anybody explain?<br>> <br>> sure.<br>> <br>> the NAS-IP-Address is set by the NAS - so it SHOULD be its IP address in a nice world. okay<br>> thats clear....however, the packet might be reaching your RADIUS server via some other<br>> route - lets say, eg a NAT gateway, a RADIUS server (it has been proxied) or from some<br>> central controller (thinking of some of the WiFi solutions out there) - in which case<br>> the NAS-IP-Address is NOT the source IP address of the packet.<br>> <br>> <br>> the NAS-IP-Address is also part of the RADIUS datagram - so you've already started to<br>> analyse the packet contents really before you can - eg how did you ensure the packet<br>> contents were correct, verify the message authenticator or ensured the content values<br>> by using the shared secret? you didnt.<br>> <br>> the RADIUS datagram comes in. you see the source address of the packet. look up the client,<br>> get its shared secret, work on the packet.<br>> <br>> alan<br>> -<br>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>> The information in this email communication (inclusive of attachments) is confidential to 4RF Limited and the intended recipient(s). If you are not the intended recipient(s), please note that any use, disclosure, distribution or copying of this information or any part thereof is strictly prohibited and that the author accepts no liability for the consequences of any action taken on the basis of the information provided. If you have received this email in error, please notify the sender immediately by return email and then delete all instances of this email from your system. 4RF Limited will not accept responsibility for any consequences associated with the use of this email (including, but not limited to, damages sustained as a result of any viruses and/or any action or lack of action taken in reliance on it).<br>> <br>> <br>> ------------------------------<br>> <br>> Message: 2<br>> Date: Mon, 29 Sep 2014 07:29:26 +0000<br>> From: James w <spyda46@hotmail.com><br>> To: "freeradius-users@lists.freeradius.org"<br>> <freeradius-users@lists.freeradius.org><br>> Subject: Re: freeradius sql groups not working<br>> Message-ID: <DUB123-W2A21F9FBF92014A289545B2BA0@phx.gbl><br>> Content-Type: text/plain; charset="iso-8859-1"<br>> <br>> Does anybody have any suggestions, could this be a bug ? Shall i try another version, its running on RHEL 7 Free radius version 3.0.1<br>> <br>> > From: freeradius-users-request@lists.freeradius.org<br>> > Subject: Freeradius-Users Digest, Vol 113, Issue 128<br>> > To: freeradius-users@lists.freeradius.org<br>> > Date: Mon, 29 Sep 2014 04:06:31 +0200<br>> > <br>> > Send Freeradius-Users mailing list submissions to<br>> > freeradius-users@lists.freeradius.org<br>> > <br>> > To subscribe or unsubscribe via the World Wide Web, visit<br>> > http://lists.freeradius.org/mailman/listinfo/freeradius-users<br>> > or, via email, send a message with subject or body 'help' to<br>> > freeradius-users-request@lists.freeradius.org<br>> > <br>> > You can reach the person managing the list at<br>> > freeradius-users-owner@lists.freeradius.org<br>> > <br>> > When replying, please edit your Subject line so it is more specific<br>> > than "Re: Contents of Freeradius-Users digest..."<br>> > <br>> > <br>> > Today's Topics:<br>> > <br>> > 1. Re: How to send disconnect message to the NAS? (Alan DeKok)<br>> > 2. Re: EAP and rlm_perl. Is it possible to build custom logic<br>> > for VPN peers? (Oleksandr Yermolenko)<br>> > 3. Re: EAP and rlm_perl. Is it possible to build custom logic<br>> > for VPN peers? (Oleksandr Yermolenko)<br>> > 4. version 2.2.5 repo (Rando Nakarmi)<br>> > 5. Re: version 2.2.5 repo (Alan DeKok)<br>> > 6. Re: EAP and rlm_perl. Is it possible to build custom logic<br>> > for VPN peers? (Alan DeKok)<br>> > 7. Re: Problem in Module Statistics in freeradius (Himanshu Pandey)<br>> > <br>> > <br>> > ----------------------------------------------------------------------<br>> > <br>> > Message: 1<br>> > Date: Sun, 28 Sep 2014 11:08:16 -0400<br>> > From: Alan DeKok <aland@deployingradius.com><br>> > To: FreeRadius users mailing list<br>> > <freeradius-users@lists.freeradius.org><br>> > Subject: Re: How to send disconnect message to the NAS?<br>> > Message-ID: <54282460.1090603@deployingradius.com><br>> > Content-Type: text/plain; charset=ISO-8859-1<br>> > <br>> > Xin wrote:<br>> > > Thanks a lot for your reply, I have understood I can use update control<br>> > > section to control send or not. And one more question, what is the virtual<br>> > > server in home_server_pool section. Just find the server<br>> > > originate-coa.example.com section?<br>> > <br>> > The behavior is documented in that file.<br>> > <br>> > > If this is right, can you tell me the<br>> > > usage of pre-proxy section? I have already understand the purpose of the<br>> > > post-proxy is to handle the COA/DM response.<br>> > <br>> > Read the file. This is documented.<br>> > <br>> > Alan DeKok.<br>> > <br>> > <br>> > ------------------------------<br>> > <br>> > Message: 2<br>> > Date: Sun, 28 Sep 2014 18:52:59 +0300<br>> > From: Oleksandr Yermolenko <aae@sumix.com><br>> > To: Alan DeKok <aland@deployingradius.com><br>> > Subject: Re: EAP and rlm_perl. Is it possible to build custom logic<br>> > for VPN peers?<br>> > Message-ID: <54282EDB.20904@sumix.com><br>> > Content-Type: text/plain; charset=utf-8; format=flowed<br>> > <br>> > <br>> > >> Is it possible to use any of EAP methods (I mean EAP-PEAP, EAP-TTLS or<br>> > >> EAP-TLS ...) with rlm_perl.<br>> > > What does that mean?<br>> > can I use authenticate, authorize, accounting hooks (or post_auth)?<br>> > I looked at example.pl.<br>> > <br>> > Just put "perl" in somewhere eap.conf file?<br>> > <br>> > ><br>> > > You can run the perl module when the server receives a packet. It<br>> > > doesn't matter whether the packet contains PAP, CHAP, MS-CHAP, or any<br>> > > EAP type.<br>> > ><br>> > > What do you want to *do* in rlm_perl? Knowing that probably more<br>> > > useful, and will get you a better answer.<br>> > authenticate a lot of VPN clients (currently I can choose EAP method),<br>> > keeping them in mysql or ldap. According their properties give a <br>> > personal access to<br>> > different local resources. Accounting: updating start/stop/alive <br>> > messages. POD if it's possible<br>> > for strongswan.<br>> > ><br>> > > Alan DeKok.<br>> > <br>> > <br>> > <br>> > ------------------------------<br>> > <br>> > Message: 3<br>> > Date: Sun, 28 Sep 2014 18:52:59 +0300<br>> > From: Oleksandr Yermolenko <aae@sumix.com><br>> > To: Alan DeKok <aland@deployingradius.com><br>> > Subject: Re: EAP and rlm_perl. Is it possible to build custom logic<br>> > for VPN peers?<br>> > Message-ID: <54282EDB.20904@sumix.com><br>> > Content-Type: text/plain; charset=utf-8; format=flowed<br>> > <br>> > <br>> > >> Is it possible to use any of EAP methods (I mean EAP-PEAP, EAP-TTLS or<br>> > >> EAP-TLS ...) with rlm_perl.<br>> > > What does that mean?<br>> > can I use authenticate, authorize, accounting hooks (or post_auth)?<br>> > I looked at example.pl.<br>> > <br>> > Just put "perl" in somewhere eap.conf file?<br>> > <br>> > ><br>> > > You can run the perl module when the server receives a packet. It<br>> > > doesn't matter whether the packet contains PAP, CHAP, MS-CHAP, or any<br>> > > EAP type.<br>> > ><br>> > > What do you want to *do* in rlm_perl? Knowing that probably more<br>> > > useful, and will get you a better answer.<br>> > authenticate a lot of VPN clients (currently I can choose EAP method),<br>> > keeping them in mysql or ldap. According their properties give a <br>> > personal access to<br>> > different local resources. Accounting: updating start/stop/alive <br>> > messages. POD if it's possible<br>> > for strongswan.<br>> > ><br>> > > Alan DeKok.<br>> > <br>> > <br>> > <br>> > ------------------------------<br>> > <br>> > Message: 4<br>> > Date: Sun, 28 Sep 2014 19:14:18 +0000<br>> > From: Rando Nakarmi <randonakarmi@gmail.com><br>> > To: FreeRadius users mailing list<br>> > <freeradius-users@lists.freeradius.org><br>> > Subject: version 2.2.5 repo<br>> > Message-ID:<br>> > <CAG+85v_XJ_v8cJGu-tMqi+eWNSsnME=7mZcv5yqAhB6d9K+_KA@mail.gmail.com><br>> > Content-Type: text/plain; charset="utf-8"<br>> > <br>> > HI,<br>> > <br>> > I see both in RHEL and epel , the freeradius version 2.1.12-4 is available<br>> > but not the 2.2.5 which is the newest version on 2.x.x series.<br>> > <br>> > I am used to do yum, where can I get version 2.2.5 in yum repo for RHEL<br>> > base linux.<br>> > <br>> > R<br>> > -------------- next part --------------<br>> > An HTML attachment was scrubbed...<br>> > URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140928/4120d983/attachment-0001.html><br>> > <br>> > ------------------------------<br>> > <br>> > Message: 5<br>> > Date: Sun, 28 Sep 2014 17:39:58 -0400<br>> > From: Alan DeKok <aland@deployingradius.com><br>> > To: FreeRadius users mailing list<br>> > <freeradius-users@lists.freeradius.org><br>> > Subject: Re: version 2.2.5 repo<br>> > Message-ID: <5428802E.8060003@deployingradius.com><br>> > Content-Type: text/plain; charset=UTF-8<br>> > <br>> > Rando Nakarmi wrote:<br>> > > I see both in RHEL and epel , the freeradius version 2.1.12-4 is<br>> > > available but not the 2.2.5 which is the newest version on 2.x.x series.<br>> > > <br>> > > I am used to do yum, where can I get version 2.2.5 in yum repo for RHEL<br>> > > base linux.<br>> > <br>> > Ask Redhat for a new version. We don't control the release of<br>> > packages on RHEL.<br>> > <br>> > Alan DeKok.<br>> > <br>> > <br>> > ------------------------------<br>> > <br>> > Message: 6<br>> > Date: Sun, 28 Sep 2014 17:42:28 -0400<br>> > From: Alan DeKok <aland@deployingradius.com><br>> > To: aae@sumix.com, FreeRadius users mailing list<br>> > <freeradius-users@lists.freeradius.org><br>> > Subject: Re: EAP and rlm_perl. Is it possible to build custom logic<br>> > for VPN peers?<br>> > Message-ID: <542880C4.5020603@deployingradius.com><br>> > Content-Type: text/plain; charset=ISO-8859-1<br>> > <br>> > Oleksandr Yermolenko wrote:<br>> > > can I use authenticate, authorize, accounting hooks (or post_auth)?<br>> > > I looked at example.pl.<br>> > <br>> > Then you would know that the perl module can be used in those<br>> > sections. The "example.pl" has comments saying this.<br>> > <br>> > > Just put "perl" in somewhere eap.conf file?<br>> > <br>> > No. You don't just put random text into random files. It helps to<br>> > understand how the server works.<br>> > <br>> > There is a "authorize" section. You can list modules there. This is<br>> > documented. See raddb/sites-available/default.<br>> > <br>> > > authenticate a lot of VPN clients (currently I can choose EAP method),<br>> > > keeping them in mysql or ldap.<br>> > <br>> > The server already has SQL and LDAP modules. You really don't want to<br>> > re-implement all of them in Perl.<br>> > <br>> > > According their properties give a<br>> > > personal access to<br>> > > different local resources. Accounting: updating start/stop/alive<br>> > > messages. POD if it's possible<br>> > > for strongswan.<br>> > <br>> > See raddb/sites-available/originate-coa for how to send disconnect<br>> > messages.<br>> > <br>> > Alan DeKok.<br>> > <br>> > <br>> > ------------------------------<br>> > <br>> > Message: 7<br>> > Date: 29 Sep 2014 02:06:21 -0000<br>> > From: "Himanshu Pandey" <pandey_himanshu80@rediffmail.com><br>> > To: "freeradius-users@lists.freeradius.org"<br>> > <freeradius-users@lists.freeradius.org><br>> > Subject: Re: Problem in Module Statistics in freeradius<br>> > Message-ID:<br>> > <1411912518.S.6312.16903.F.H.TkFsYW4gRGVLb2sAUmU6IFByb2JsZW0gaW4gTW9kdWxlIFN0YXRpc3RpY3MgaW4gZnJlZXJhZGl1cw__.RU.rfs310, <br>> > rfs310, 76,<br>> > 303.f4-235-76.old.replied.1411956381.30440@webmail.rediffmail.com><br>> > Content-Type: text/plain; charset="utf-8"<br>> > <br>> > DONE.<br>> > <br>> > From: Alan DeKok <aland@deployingradius.com><br>> > Sent: Sun, 28 Sep 2014 19:25:18 <br>> > To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org><br>> > Subject: Re: Problem in Module Statistics in freeradius<br>> > Himanshu Pandey wrote:<br>> > <br>> > > I added the following code in modcall.c under the function<br>> > <br>> > > modcall_recurse():<br>> > <br>> > <br>> > <br>> > This list is for *using* FreeRADIUS. It's not for learning how to<br>> > <br>> > program.<br>> > <br>> > <br>> > <br>> > You're making beginners errors in the code. Don't do that.<br>> > <br>> > <br>> > <br>> > Alan DeKok.<br>> > <br>> > -<br>> > <br>> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>> > <br>> > -------------- next part --------------<br>> > An HTML attachment was scrubbed...<br>> > URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140929/85e5ea96/attachment.html><br>> > <br>> > ------------------------------<br>> > <br>> > -<br>> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>> > <br>> > End of Freeradius-Users Digest, Vol 113, Issue 128<br>> > **************************************************<br>> <br>> -------------- next part --------------<br>> An HTML attachment was scrubbed...<br>> URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140929/d275ebd5/attachment.html><br>> <br>> ------------------------------<br>> <br>> -<br>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html<br>> <br>> End of Freeradius-Users Digest, Vol 113, Issue 129<br>> **************************************************<br></div></div></div> </div></body>
</html>