RE: Freeradius-Users Digest, Vol 49, Issue 117
Hi Alan Thanks for your help. Marco -----Original Message----- From: freeradius-users-bounces+marco.de.magistris=ericsson.com@lists.freeradius.org [mailto:freeradius-users-bounces+marco.de.magistris=ericsson.com@lists.freeradius.org] On Behalf Of freeradius-users-request@lists.freeradius.org Sent: martedì 26 maggio 2009 17.58 To: freeradius-users@lists.freeradius.org Subject: Freeradius-Users Digest, Vol 49, Issue 117 Send Freeradius-Users mailing list submissions to freeradius-users@lists.freeradius.org To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to freeradius-users-request@lists.freeradius.org You can reach the person managing the list at freeradius-users-owner@lists.freeradius.org When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. Re: Statistic Counter (Alan DeKok) 2. problem with rlm_counter module when reset option is set to never (Ahmed Nifaz Faizabadi) 3. Re: problem with rlm_counter module when reset option is set to never (Ivan Kalik) 4. Re: problem with rlm_counter module when reset option is set to never (Ahmed Nifaz Faizabadi) 5. Re: problem with rlm_counter module when reset option is set to never (Alan DeKok) 6. Assigning IP address from RADIUS to Cisco PPTP users (up@3.am) 7. wired 802.1x for desktops (offtopic) (Mikael Kermorgant) 8. FW: freeradius2.1.4--Simultaneous (??) ---------------------------------------------------------------------- Message: 1 Date: Tue, 26 May 2009 13:29:51 +0200 From: Alan DeKok <aland@deployingradius.com> Subject: Re: Statistic Counter To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <4A1BD2AF.5050101@deployingradius.com> Content-Type: text/plain; charset=UTF-8 Marco De Magistris wrote:
Can I enable other counters for AuthRadiusClientAccessRetransmissions, AuthRadiusClientTimeouts, AuthRadiusClientCounterDiscontinuity)?
The server does not currently track those statistics. As always, patches are welcome.
Or I should use ?counter? module of FreeRadius?
No. It won't do what you want. Alan DeKok. ------------------------------ Message: 2 Date: Tue, 26 May 2009 18:13:59 +0530 From: Ahmed Nifaz Faizabadi <ahmednifaz@gmail.com> Subject: problem with rlm_counter module when reset option is set to never To: freeradius-users@lists.freeradius.org Message-ID: <d49df1900905260543k4228999ai4aeb7ff46b595237@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1 Hi all, Here is the issue I am facing with rlm_counter module. I am using freeradius-server-2.1.4 and configuring Max session time for each user. for example: user1 Max-Session-Time := 1800, Auth-Type := Reject Reply-Message = "Your time limit is used" user2 Max-Session-Time := 3600, Auth-Type := Reject Reply-Message = "Your time limit is used" and rlm_counter options are : counter daily { counter-name = Max-All-Session-Time check-name = Max-All-Session key = User-Name reset = never } I am observing that the user accounting record is not deleted from rlm_counter module once the user has used his allocated time. For example when user1 has used 1800 seconds allocated to him then I will be deleting the user from users config and then add the same user back. I am getting the "Your time limit is used" message :(. Does somebody has information about how to delete the records from rlm_counter module once they are expired with reset-option set to never. Regards Ahmed Nifaz ------------------------------ Message: 3 Date: Tue, 26 May 2009 14:15:35 +0100 (BST) From: "Ivan Kalik" <tnt@kalik.net> Subject: Re: problem with rlm_counter module when reset option is set to never To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> Message-ID: <30874.194.176.105.44.1243343735.squirrel@webmail.kalik.net> Content-Type: text/plain;charset=utf-8
Here is the issue I am facing with rlm_counter module. I am using freeradius-server-2.1.4 and configuring Max session time for each user.
for example: user1 Max-Session-Time := 1800, Auth-Type := Reject Reply-Message = "Your time limit is used"
user2 Max-Session-Time := 3600, Auth-Type := Reject Reply-Message = "Your time limit is used"
and rlm_counter options are :
counter daily { counter-name = Max-All-Session-Time check-name = Max-All-Session key = User-Name reset = never }
I am observing that the user accounting record is not deleted from rlm_counter module once the user has used his allocated time.
And what makes you think it would be.
For example when user1 has used 1800 seconds allocated to him then I will be deleting the user from users config and then add the same user back. I am getting the "Your time limit is used" message :(.
Does somebody has information about how to delete the records from rlm_counter module once they are expired with reset-option set to never.
Yes. Delete accounting records as well when you delete user details. Ivan Kalik Kalik Informatika ISP ------------------------------ Message: 4 Date: Tue, 26 May 2009 19:03:34 +0530 From: Ahmed Nifaz Faizabadi <ahmednifaz@gmail.com> Subject: Re: problem with rlm_counter module when reset option is set to never To: tnt@kalik.net, FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <d49df1900905260633k59bc4b28peeeeb6f6f36d9223@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1
Here is the issue I am facing with rlm_counter module. I am using freeradius-server-2.1.4 and configuring Max session time for each user.
for example: user1 ? ? ? ? ?Max-Session-Time := 1800, Auth-Type := Reject ? ? ? ? ? ? ? ? Reply-Message = "Your time limit is used"
user2 ? ? ? ? ?Max-Session-Time := 3600, Auth-Type := Reject ? ? ? ? ? ? ? ? Reply-Message = "Your time limit is used"
and rlm_counter options are :
counter daily { ? ? ? ?counter-name = Max-All-Session-Time ? ? ? ?check-name = Max-All-Session ? ? ? ?key = User-Name ? ? ? ?reset = never ? ?}
I am observing that the user accounting record is not deleted from rlm_counter module once the user has used his allocated time.
And what makes you think it would be.
This would increase the accounting file size indefenitely and cause some other problems as the user records are not at all being deleted.
For example when user1 has used 1800 seconds allocated to him then I will be deleting the user from users config and then add the same user back. I am getting the "Your time limit is used" message :(.
Does somebody has information about how to delete the records from rlm_counter module once they are expired with reset-option set to never.
Yes. Delete accounting records as well when you delete user details.
I tried that but that accounting file is in binary or some other encrypted format. Will you please let me know about how to delete that accounting record or how to convert that to simple text file ( which would make easy deleting expired records) . Ahmed Nifaz ------------------------------ Message: 5 Date: Tue, 26 May 2009 15:49:26 +0200 From: Alan DeKok <aland@deployingradius.com> Subject: Re: problem with rlm_counter module when reset option is set to never To: FreeRadius users mailing list <freeradius-users@lists.freeradius.org> Message-ID: <4A1BF366.5020409@deployingradius.com> Content-Type: text/plain; charset=ISO-8859-1 Ahmed Nifaz Faizabadi wrote: ....
counter daily { counter-name = Max-All-Session-Time check-name = Max-All-Session key = User-Name reset = never ... I am observing that the user accounting record is not deleted from rlm_counter module once the user has used his allocated time. ... This would increase the accounting file size indefenitely and cause some other problems as the user records are not at all being deleted.
See the configuration: "reset = never" means "never reset". Which means "don't reset".
I tried that but that accounting file is in binary or some other encrypted format. Will you please let me know about how to delete that accounting record or how to convert that to simple text file ( which would make easy deleting expired records) .
It's just a DBM file. See the "rad_counter.pl" file in the source tree. It shows how to edit the file. Alan DeKok. ------------------------------ Message: 6 Date: Tue, 26 May 2009 11:34:41 -0400 (EDT) From: up@3.am Subject: Assigning IP address from RADIUS to Cisco PPTP users To: freeradius-users@lists.freeradius.org Message-ID: <Pine.BSF.4.64.0905261122570.14312@richard2.pil.net> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Hi: I've used Livingston and Cistron radiusd's in the past with dialup ppp users and Cisco/Lucent NASes and have been able to do this with no problems. Users are currently authenticating fine and getting assigned IPs from the IP pool as defined in the Cisco NAS. However, I'd like to have a few, select users assigned static IPs from outside that pool, but the Cisco (2811) is simply ignoring the raddb/users file entry for that user and assigning an IP from the pool on the NAS. Here is my Cisco config:: -------------------- aaa new-model aaa authentication login default local group radius aaa authentication ppp default group radius local aaa authorization exec default local aaa authorization network default if-authenticated aaa session-id common vpdn-group 1 accept-dialin protocol pptp virtual-template 1 interface Loopback0 ip address 99.99.99.99 255.255.255.255 ip nat inside ip virtual-reassembly interface Virtual-Template1 ip unnumbered FastEthernet0/0 ip policy route-map VPN-Client peer match aaa-pools peer default ip address pool vpnpool no keepalive ppp encrypt mppe auto ppp authentication pap chap ms-chap ms-chap-v2 ! ip local pool vpnpool 172.16.30.2 172.16.30.254 --------- Here is the raddb/users file entry: --------- testuser Service-Type == Framed-User Framed-Protocol == PPP, Framed-IP-Address = 172.16.1.2, Framed-IP-Netmask = 255.255.255.255, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP -------------- The DEFAULT entry allows users in /etc/passwd to authenticate fine, but "testuser" still gets an IP from the NAS pool instead of the one above.. Any pointers appreciated! James Smallacombe PlantageNet, Inc. CEO and Janitor up@3.am http://3.am ========================================================================= ------------------------------ Message: 7 Date: Tue, 26 May 2009 17:49:03 +0200 From: Mikael Kermorgant <mikael.kermorgant@gmail.com> Subject: wired 802.1x for desktops (offtopic) To: freeradius-users@lists.freeradius.org Message-ID: <9711147e0905260849o189c2601w5c1e378769668760@mail.gmail.com> Content-Type: text/plain; charset="utf-8" Hello, Sorry for this off-topic message, I have a question about 802.1x deployment and don't know where to ask. As freeradius is one of the element I think of, maybe someone here can help me find the solution ? My Goals : 1) authenticate access to the network from Open Public Access Catalog (OPAC) desktop machines available to every user of a biblioteque. 2) have a guest account with limited LAN access (no access to internet, or just a very short whitelist) 3) Keep the machines reachable from some servers (ghost server, monitoring, etc). (this criteria eliminates the solution of a captive portal) I thought 802.1x with dynamic vlans would be a nice solution as it should permit to put the guest account in a specific vlan. But how would it be possible to reach the machine from the management servers before someone authenticates ? Is it possible to have a default vlan activated on startup of the machine ? Or do you know where I should ask this question ? Regards, -- Mikael Kermorgant
participants (1)
-
Marco De Magistris