How to configure free radius to support the radius attributes that would contain the information for Client IP Address, Session-ID, Tunnel-ID : Tunnel-Client-Endpoint, Acct-Tunnel-Connection, Tunnel-Assignment-Id. Do i need to change sql.conf file? Please help me in this! Thanks, Ramesh. On 7/24/08, freeradius-devel-request@lists.freeradius.org < freeradius-devel-request@lists.freeradius.org> wrote:
Send Freeradius-Devel mailing list submissions to freeradius-devel@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-devel or, via email, send a message with subject or body 'help' to freeradius-devel-request@lists.freeradius.org
You can reach the person managing the list at freeradius-devel-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Devel digest..."
Today's Topics:
1. attr_filter and accounting packets (Stefan Winter) 2. Re: attr_filter and accounting packets (Alan DeKok) 3. does anyone have a "fast reauth(session resumption)" patch??? (Cristian Novac) 4. Does anyone have a "fast reauth(session resumption)" patch for freeradius server??? (Cristian Novac) 5. Re: Freeradius-Devel Digest, Vol 39, Issue 18 (ramesh p)
----------------------------------------------------------------------
Message: 1 Date: Wed, 23 Jul 2008 14:01:58 +0200 From: Stefan Winter <stefan.winter@restena.lu> Subject: attr_filter and accounting packets To: freeradius-devel@lists.freeradius.org Message-ID: <48871DB6.4080000@restena.lu> Content-Type: text/plain; charset=ISO-8859-15; format=flowed
Hello,
apparently, the behaviour of rlm_attr_filter changed from 1.1.7 to 2.0.5. In 1.1.7, the pre_proxy function of attr_filter only filtered authentication requests, the relevant lines in rlm_attr_filter.c being
if (request->packet->code != PW_AUTHENTICATION_REQUEST) { return (RLM_MODULE_NOOP); }
That way, it could safely be used in the pre-proxy section to white-list attributes in authentication requests, but give away the accounting info unconditionally to a home server.
In 2.0.5, the preproxy function only executes the "common" filtering functions:
static int attr_filter_preproxy(void *instance, REQUEST *request) { return attr_filter_common(instance, request, &request->proxy->vps); }
which in turn works on auth and acct packets.
Was this intentional? Then the default attrs.pre-proxy should contain at least the basic accounting-specific attribute like Acct-Status-Type - otherwise, the module will by default cripple every accounting request to uselessness. But actually, my preferred way of resolving this would be to let accounting packets untouched...
Greetings,
Stefan Winter
-- Stefan WINTER Ingenieur de Recherche Fondation RESTENA - R?seau T?l?informatique de l'Education Nationale et de la Recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg
Tel: +352 424409 1 Fax: +352 422473
------------------------------
Message: 2 Date: Wed, 23 Jul 2008 15:02:26 +0200 From: Alan DeKok <aland@deployingradius.com> Subject: Re: attr_filter and accounting packets To: FreeRadius developers mailing list <freeradius-devel@lists.freeradius.org> Message-ID: <48872BE2.3090202@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-15
Stefan Winter wrote:
That way, it could safely be used in the pre-proxy section to white-list attributes in authentication requests, but give away the accounting info unconditionally to a home server.
This can still be done:
pre-proxy { ... if (Packet-Type != Accounting-Request) { attr_filter_preproxy } ... }
Was this intentional?
Yes. The previous behavior made it *impossible* to do filtering on accounting packets in preproxy.
Then the default attrs.pre-proxy should contain at least the basic accounting-specific attribute like Acct-Status-Type - otherwise, the module will by default cripple every accounting request to uselessness.
That's probably true, too...
But actually, my preferred way of resolving this would be to let accounting packets untouched...
Welcome to the power of "unlang". :)
Alan DeKok.
------------------------------
Message: 3 Date: Wed, 23 Jul 2008 15:59:51 +0300 From: Cristian Novac <Cristian.Novac@alcatel-lucent.ro> Subject: does anyone have a "fast reauth(session resumption)" patch??? To: freeradius-devel@lists.freeradius.org, freeradius-users@lists.freeradius.org Message-ID: <48872B47.5010106@alcatel-lucent.ro> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Thank you ! Cristian NOVAC
------------------------------
Message: 4 Date: Wed, 23 Jul 2008 16:45:42 +0300 From: Cristian Novac <Cristian.Novac@alcatel-lucent.ro> Subject: Does anyone have a "fast reauth(session resumption)" patch for freeradius server??? To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org>, FreeRadius developers mailing list <freeradius-devel@lists.freeradius.org> Message-ID: <48873606.3040705@alcatel-lucent.ro> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Thank you!!! Cristian Novac.
------------------------------
Message: 5 Date: Thu, 24 Jul 2008 13:53:17 +0530 From: "ramesh p" <rock786143@gmail.com> Subject: Re: Freeradius-Devel Digest, Vol 39, Issue 18 To: freeradius-devel@lists.freeradius.org Message-ID: <6b6aa6710807240123gca3dffau3a2993ac572506f6@mail.gmail.com> Content-Type: text/plain; charset="iso-8859-1"
<freeradius-devel@lists.freeradius.org>Hi,
How to configure free radius to support the radius attributes that would contain the information for Client IP Address, Session-ID, Tunnel-ID :
Tunnel-Client-Endpoint, Acct-Tunnel-Connection, Tunnel-Assignment-Id.
Do i need to change sql.conf file?
Please help me in this!
Thanks, Ramesh.
On Wed, Jul 23, 2008 at 3:30 PM, < freeradius-devel-request@lists.freeradius.org> wrote:
Send Freeradius-Devel mailing list submissions to freeradius-devel@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-devel or, via email, send a message with subject or body 'help' to freeradius-devel-request@lists.freeradius.org
You can reach the person managing the list at freeradius-devel-owner@lists.freeradius.org
When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Devel digest..."
Today's Topics:
1. GIT Log for 2008-07-22 23:33 GMT (aland) 2. Critical bug in rlm_eap/mem.c (???) 3. bug in rlm_eap/mem.c (???) 4. Re: bug in rlm_eap/mem.c (Alan DeKok) 5. help (ramesh p)
----------------------------------------------------------------------
Message: 1 Date: Wed, 23 Jul 2008 01:33:02 +0200 (CEST) From: aland@deployingradius.com (aland) Subject: GIT Log for 2008-07-22 23:33 GMT To: <freeradius-devel@lists.freeradius.org> Message-ID: <20080722233302.296E31234235@liberty.deployingradius.com>
commit df40e592710c1553bfb5873d06f0455b93e6db56 Author: Alan T. DeKok <aland@freeradius.org> Date: Tue Jul 22 21:54:11 2008 +0200
Fixed typos raddb/sql/mysql/schema.sql | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
------------------------------
Message: 2 Date: Wed, 23 Jul 2008 10:57:00 +0900 From: ??? <syyang@unet.kr> Subject: Critical bug in rlm_eap/mem.c To: <freeradius-devel@lists.freeradius.org> Message-ID: <003d01c8ec67$656abde0$304039a0$@kr> Content-Type: text/plain; charset="ks_c_5601-1987"
The following is a patch for bug in mem.c
In some condition bug in mem.c leads to a memory leak and crash
*** mem.c 2008-02-10 04:18:10.000000000 -0500
--- mem.c.patch 2008-07-19 20:04:35.000000000 -0400
***************
*** 390,395 ****
--- 390,396 ----
handler->next->prev = NULL;
} else {
inst->session_head = NULL;
+ inst->session_tail = NULL;
}
eap_handler_free(handler);
}