checkrad problem solved & get solution
satish patel
linuxtrap at yahoo.co.in
Thu Mar 15 15:59:42 CET 2007
Dear guys
I have solve the problem of checkrad for simultenous login i have face many problem first time but finaly i got solution and i have modifiy my script for my nas
i have freeradius-1.1.0 with MSSQL2000 with cisco 3700 NAS
i want to share my solution with all freeradius guys those are faceing this problem
I am useing checkrad with SNMP and i have change some thing in my script. checkrad script take input from radius when user try for login like
suse:/ # checkrad
Usage: checkrad nas_type nas_ip nas_port login session_id
suse:/ #
checkrad get input nas_type from client.conf nas_type and nas_ip
then user name and port take from login time whn user try for login ...
but i dont user port and id_session caz my cisco nas MIB not support port and session thats why i am useing only login name first check manualy through this method
#checkrad -d cisco 71.5.250.199 43 satish 0004F09
return 0 ( Login OK )
this script just run snmpwalk command and fetch user all user name and gerp specific name which is store in login name veriable in per script ( checkrad ) and compare against of snmpwalk out put if user match then give u error code 1 ( dobule 1 Login ) this is the login of script
***** Just change in this line of perl script and test your login
Note :- i am useing cisco nas type so the perl excute cisco_snmp subrutine so please find this code in cisco_snmp subrutine
this is testing perpose after testing replave $login = satish; with this line
my $login = $ARGV[3];
________________my change in checkrad.pl________________
$login = satish;
if($login eq $ARGV[3]) {
return 1;
}else{
$out=snmpwalk($ARGV[1],$pass,"1.3.6.1.4.1.9.10.24.1.3.2.1.2.3.45");
if($out=~/\"$ARGV[3]\"/){
return 1;
}else{
return 0;
you can see the login here $login store satish veriable then this script check $ARGV[3] veriable this veriable we can get on login time whn will try to satish login then snmpwalk run this command with MIB now point is you have to find MIB for online users u can find mib through the software or something else i have also find MIB and put it there with snmpwalk command then second
if($out=~/\"$ARGV[3]\"/){ this will check user if it get in snmpwalk out put then u got doble login error if not match the u got single login means no one login this time with user name satish ......
and put Simultenouse-use := 1 attributes in user file
my entry is
satish Auth-Type := Local, User-Password == "testing", Simultaneous-Use := 1
Service-Type = Framed-user,
Framed-Protocal = PPP,
Fall-Through = Yes
Contact : -
me if you have any problem regarding Simultenouse login problem
.
$ cat ~/satish/url.txt
System administrator ( Data Center )
please visit this site
http://linux.tulipit.com
---------------------------------
Heres a new way to find what you're looking for - Yahoo! Answers
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070315/267029e2/attachment.html>
More information about the Freeradius-Users
mailing list