Hello all, I am using freeradius in a wimax environment(a small network for testing purposes). I made a dictionary(attached below) and used it in tests. But writting my VSAs in the reply lists of my users(in users file) is not very pleasant(as you may see in the users file attached below). So, I want to add some code in freeradius so that I may write my VSAs in the users file using subattributes . Here is what I want : -for user ERTVR, instead of writting : ERTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x000103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380 -I want to be able to write: .... Service-Flow-Descriptor = 0x00{PacketDataFlowID=1112}{...}{...}..., #where PacketDataFlow is another defined attribute; every content between{} is a TLV .... I haven't written before any piece of code for freeradius,so it's my first time and I thought you may give me advices about how to deal with this problem; maybe what/where changes in the project would be needed to achieve that. Thank you in advance ! Cristian NOVAC. #1232420100000015 Auth-Type := EAP, Autz-Type:=EAP, EAP-Type := SIM # EAP-Sim-Rand1 = 0x30000000000000000000000000000000, # EAP-Sim-SRES1 = 0x30112233, # EAP-Sim-KC1 = 0x445566778899AABB, # EAP-Sim-Rand2 = 0x31000000000000000000000000000000, # EAP-Sim-SRES2 = 0x31112233, # EAP-Sim-KC2 = 0x445566778899AABB, # EAP-Sim-Rand3 = 0x32000000000000000000000000000000, # EAP-Sim-SRES3 = 0x32112233, # EAP-Sim-KC3 = 0x445566778899AABB, #2244070100000001@japsim.foo Auth-Type := EAP, Autz-Type:= EAP, EAP-Type := SIM # EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f, # EAP-Sim-SRES1 = 0xd1d2d3d4, # EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f, # EAP-Sim-SRES2 = 0xe1e2e3e4, # EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d3e3f, # EAP-Sim-SRES3 = 0xf1f2f3f4, # EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7, # EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7, # EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7, # # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # If you use the database support to turn this file into a .db or .dbm # file, the DEFAULT entries _have_ to be at the end of this file and # you can't have multiple entries for one username. # # You don't need to specify a password if you set Auth-Type += System # on the list of authentication requirements. The RADIUS server # will then check the system password file. # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # @asb.com User-Password == "mypass@wd" Framed-MTU = 3795, 3GPP2-Service-Option-Profile = 0x000000100104a501, Fall-Through = Yes myuser User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, 3GPP2-Service-Option-Profile = 0x000000100104a501, Service-Flow-Descriptor = 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x8001038304030206060001f4000c0302, QoS-Descriptor += 0x000103840403020606000fa0000c0302, Fall-Through = Yes #VSA SF #myuser Auth-Type := Local, User-Password == "mypass@wd" # Session-Timeout = 3600, # Termination-Action = 1, # Class = 0x1234567890, # User-Name = "accounting", # Service-Flow-Descriptor += 0x800104111102041112040303050304060301070311080312, # Service-Flow-Descriptor += 0x000104002302040003040303050301060301070304, # QoS-Descriptor += 0x8001031104030206060007d0000c0302, # QoS-Descriptor += 0x800103120403020606001f40000c0302, # QoS-Descriptor += 0x0001030404030606060001d4c0070600015f900906000000140a06000000190c03010d040014 BE2048 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x000103840403020606001F40000c0302 UGS1024 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041111040303050304060301070311, QoS-Descriptor += 0x000103110403060706000fa0000906000000140a06000000140c03010d040014 UGS3073 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041111040303050304060301070312, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 BE_UGS User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x800104008302040083040303050304060301070383080384, Service-Flow-Descriptor += 0x0001041111040303050304060301070312, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x800103840403020606001F40000c0302, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 ERTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x000103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380 ERTVR_BE User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x800103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x000103840403020606001F40000c0302 ERTVR_UGS User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070312, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x800103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 UGS_ERTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041111040303050304060301070312, Service-Flow-Descriptor += 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x800103120403060706000fa0000906000000140a06000000140c03010d040014, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x000103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380 ERTVR_UGS2 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070312, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x800103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 ERTVR_UGS1 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070311, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x800103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380, QoS-Descriptor += 0x000103110403060706000fa0000906000000140a06000000140c03010d040014 NRTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x8001031304030305030107060003e8000c0382, QoS-Descriptor += 0x0001031404030305030107060007d0000c0382 NRTVR1 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x8001031304030305030106060007d00007060007d0000c0382, QoS-Descriptor += 0x000103140403030503010606000fa0000706000fa0000c0382 NRTVR_UGS User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070312, QoS-Descriptor += 0x8001031304030305030106060007d00007060007d0000c0382, QoS-Descriptor += 0x800103140403030503010606000fa0000706000fa0000c0382, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 NRTVR_BE User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x8001031304030305030106060007d00007060007d0000c0382, QoS-Descriptor += 0x800103140403030503010606000fa0000706000fa0000c0382, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x000103840403020606001F40000c0302 NRTVR_UGS1 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070311, QoS-Descriptor += 0x8001031304030305030106060007d00007060007d0000c0382, QoS-Descriptor += 0x800103140403030503010606000fa0000706000fa0000c0382, QoS-Descriptor += 0x000103110403060706000fa0000906000000140a06000000140c03010d040014 RTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x800103130403040503020606000FA00007060007d0000a06000000640c03810f040032, QoS-Descriptor += 0x000103140403040503020606001f40000706000fa0000a06000000640c0381 RTVR_BE User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x800103130403040503020606000FA00007060007d0000a06000000640c03810f040032, QoS-Descriptor += 0x800103140403040503020606001f40000706000fa0000a06000000640c0381, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x000103840403020606001F40000c0302 RTVR_UGS1 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070311, QoS-Descriptor += 0x800103130403040503020606000FA00007060007d0000a06000000640c03810f040032, QoS-Descriptor += 0x800103140403040503020606001f40000706000fa0000a06000000640c0381, QoS-Descriptor += 0x800103140403030503010606000fa0000706000fa0000c0382, QoS-Descriptor += 0x000103110403060706000fa0000906000000140a06000000140c03010d040014 # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Auth-Type := Local, User-Password == "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Auth-Type := Local, User-Password == "hello" # Reply-Message = "Hello, %u" # # Dial user back and telnet to the default host for that port # #Deg Auth-Type := Local, User-Password == "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Auth-Type := Local, User-Password == "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # DEFAULT Auth-Type = Local # 3GPP2-Service-Option-Profile = 0x000000020104800101048101, # 3GPP2-Service-Option-Profile = 0x000000100104800101048801010490010104A0010104A8010104B0010104C0010104800101048801010490010104A0010104A8010104B0010104C0010104800101048801, # Session-Timeout = 3600, # Termination-Action = 1 # Fall-Through = 1 # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes # # Defaults for all framed connections. # #DEFAULT Service-Type == Framed-User # Framed-IP-Address = 255.255.255.254, # Framed-MTU = 576, # Service-Type = Framed-User, # Fall-Through = Yes # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # #DEFAULT Framed-Protocol == PPP # Framed-Protocol = PPP, # Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # #DEFAULT Hint == "CSLIP" # Framed-Protocol = SLIP, # Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # #DEFAULT Hint == "SLIP" # Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User # On no match, the user is denied access. VENDOR WIMAX 24757 BEGIN-VENDOR WIMAX ATTRIBUTE Service-Flow-Descriptor 28 octets ATTRIBUTE QoS-Descriptor 29 octets END-VENDOR WIMAX
Cristian Novac wrote:
I am using freeradius in a wimax environment(a small network for testing purposes).
FreeRADIUS doesn't support WiMAX, but it could: http://freeradius.org/business/roadmap.html
-I want to be able to write: .... Service-Flow-Descriptor = 0x00{PacketDataFlowID=1112}{...}{...}..., #where PacketDataFlow is another defined attribute; every content between{} is a TLV
Er, no. There's no need for that complex a format. Just write "Packet-Flow-Id = 1112", and have the code figure it out.
I haven't written before any piece of code for freeradius,so it's my first time and I thought you may give me advices about how to deal with this problem; maybe what/where changes in the project would be needed to achieve that.
src/lib/radius.c for packing && unpacking RADIUS attributes into VSA's. If you don't want to spend the time to figure it out, the code *is* only about 1000 lines. And no, this isn't a guess. Alan DeKok.
Is there a limitation with the SQLCounter routine above 2,148,000,000 in the checkfield ? As if I set this value to anything below this figure the routine works as planned however if I go above this value it rejects the user as no available time. I am trying to use the sqlcounter to check to see if the user has available bandwidth and if so give them access, but this now limits me to this value. I am using the freeradius port for cygwin, can anyone help me out with this as I need to set this figure to above 30Mb value Regards Keith Dovale
Please ask help questions on the freeradius-users list, and start a new subject, rather than replying to another topic. Also, there's no need for your mailer to mark the subject with "spam"... Keith Dovale wrote:
Is there a limitation with the SQLCounter routine above 2,148,000,000 in the checkfield ? As if I set this value to anything below this figure the routine works as planned however if I go above this value it rejects the user as no available time.
I am trying to use the sqlcounter to check to see if the user has available bandwidth and if so give them access, but this now limits me to this value. I am using the freeradius port for cygwin, can anyone help me out with this as I need to set this figure to above 30Mb value
Regards
Keith Dovale
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
participants (3)
-
Alan DeKok -
Cristian Novac -
Keith Dovale