Issue with radius accounting

Arvind Bahuguni arvindnb1 at gmail.com
Sun May 26 06:04:43 CEST 2013


I am not interested in any argument, i wanted to check what may be the
problem with my radius server as accounting is successful with free radius
on other server.
On May 26, 2013 6:51 AM, <freeradius-users-request at lists.freeradius.org>
wrote:

> Send Freeradius-Users mailing list submissions to
>         freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>         http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
>         freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
>         freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>    1. Re: Issue with radius accounting (Alan DeKok)
>    2. user from particular NAS-IP-Address (Pete Ashdown)
>    3. Re: user from particular NAS-IP-Address (Alan DeKok)
>    4. Error: rlm_sql_unixodbc: SQL down 08S01
>       [unixODBC][FreeTDS][SQL   Server]Unable to connect: Adaptive Server
>       is unavailable or does not        exist (Bill Grant)
>    5. Re: Error: rlm_sql_unixodbc: SQL down 08S01
>       [unixODBC][FreeTDS][SQL   Server]Unable to connect: Adaptive Server
>       is unavailable or does    not     exist (Alan DeKok)
>    6. RE: Error: rlm_sql_unixodbc: SQL down 08S01
>       [unixODBC][FreeTDS][SQL   Server]Unable to connect: Adaptive Server
>       is unavailable or does    not     exist (Bill Grant)
>    7. Re: Auth-Type = Reject not being obeyed (Matthew Melbourne)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 25 May 2013 13:30:57 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Cc: "freeradius-users at lists.freeradius.org"
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: Issue with radius accounting
> Message-ID: <B66BB339-4B2C-4608-BB8F-8C6E35F02481 at deployingradius.com>
> Content-Type: text/plain; charset="us-ascii"
>
> On 2013-05-25, at 12:39 PM, Arvind Bahuguni <arvindnb1 at gmail.com> wrote:
>
> > Hi Alan,
> > I am suspecting some radius setting on my server because free radius on
> other server is responding and authentication and accounting is successful
> >
>   For one, you need to edit your posts. It's ridiculous to reply to a
> digest message, and include hundreds of lines of irrelevant text.
>
>   And if you know so much more than me about RADIUS, you shouldn't be
> asking questions on this list.
>
>   If you're going to ask questions and then argue with the answers, you
> will be unsubscribed from the list and banned permanently.
>
>   Alan DeKok.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130525/dc49bb28/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Sat, 25 May 2013 14:31:12 -0600
> From: Pete Ashdown <pashdown at xmission.com>
> To: freeradius-users at lists.freeradius.org
> Subject: user from particular NAS-IP-Address
> Message-ID: <20130525203112.GA20274 at xmission.com>
> Content-Type: text/plain; charset=us-ascii
>
> I'm trying to restrict a guest user from a single NAS-IP-Address via
> "users"
> and I can't get it to work.
>
> Doesn't work:
>
> test    NAS-IP-Address == "127.0.0.1"
>         Auth-Type := Accept
>
> test    NAS-IP-Address == "127.0.1.1"
>         Auth-Type := Accept
>
> Works, but it isn't restricted by NAS:
>
> test   Auth-Type := Accept
>
> I've also tried "Calling-Station-ID == 127.0.1.1" to no avail.
>
>
> Also, how would I do this for a group of NAS IP addresses?  Is it possible
> to
> assign them to a group in "clients.conf" that can be later checked against
> in
> "users"?  Where is the documentation of what can be tested against in the
> "users" file?
>
>
> ------------------------------
>
> Message: 3
> Date: Sat, 25 May 2013 18:23:44 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: user from particular NAS-IP-Address
> Message-ID: <51A139F0.9070902 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Pete Ashdown wrote:
> > I'm trying to restrict a guest user from a single NAS-IP-Address via
> "users"
> > and I can't get it to work.
> >
> > Doesn't work:
> >
> > test  NAS-IP-Address == "127.0.0.1"
> >       Auth-Type := Accept
>
>   That's wrong.  Why?  See the debug output.  It *tells* you what's
> wrong, and how to fix it.  See "man users".  It *documents* the format
> of the "users" file.  See the sample "raddb/users" file.  Look for
> "Auth-Type".  There are *examples* of how to do this.
>
> > Also, how would I do this for a group of NAS IP addresses?  Is it
> possible to
> > assign them to a group in "clients.conf" that can be later checked
> against in
> > "users"?
>
>   See raddb/huntgroups.  You can group NASes, and check the group
> membership later.
>
> >  Where is the documentation of what can be tested against in the
> > "users" file?
>
>   What does that mean?  "man users" describes how the "users" file
> works.  After that, if you get something wrong, the debug output will
> tell you.
>
>   You *did* run the server in debugging mode, as suggested in the FAQ,
> README, "man" page, and daily on this list?
>
>   Alan DeKok.
>
>
> ------------------------------
>
> Message: 4
> Date: Sat, 25 May 2013 23:28:13 +0000
> From: Bill Grant <wgrant at EBPL.org>
> To: "freeradius-users at lists.freeradius.org"
>         <freeradius-users at lists.freeradius.org>
> Subject: Error: rlm_sql_unixodbc: SQL down 08S01
>         [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server
> is
>         unavailable or does not exist
> Message-ID: <4137E4310A92F941A14E91ACF8F9F5BF0D91CFF6 at cairo.ebpl.net>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I am having trouble starting freeradius at boot on CentOS 6.4. It starts,
> but it does not connect to my database; however, if run it manually from
> the command the it works fine. I think there is permission issue somewhere.
> See the log below:
>
> when I run following command as root it works
>
> # radiusd
>
> Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Driver rlm_sql_unixodbc
> (module rlm_sql_unixodbc) loaded and linked
> Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect to
> radius at EBHorizon:5000/Horizon
> Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect
> rlm_sql_unixodbc #0
> Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Connected new DB handle, #0
> Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect
> rlm_sql_unixodbc #1
> Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Connected new DB handle, #1
> Sat May 25 10:26:20 2013 : Info: rlm_sql (sql): Attempting to connect
> rlm_sql_unixodbc #2
> Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #2
> Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Attempting to connect
> rlm_sql_unixodbc #3
> Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #3
> Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Attempting to connect
> rlm_sql_unixodbc #4
> Sat May 25 10:26:21 2013 : Info: rlm_sql (sql): Connected new DB handle, #4
> Sat May 25 10:26:21 2013 : Info: Loaded virtual server <default>
> Sat May 25 10:26:21 2013 : Info: Loaded virtual server inner-tunnel
> Sat May 25 10:26:21 2013 : Info:  ... adding new socket proxy address *
> port 35688
> Sat May 25 10:26:21 2013 : Info: Ready to process requests.
>
> When I run the command below it does not connect.
> #service radiusd start
>
>
> Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Driver rlm_sql_unixodbc
> (module rlm_sql_unixodbc) loaded and linked
> Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Attempting to connect to
> radius at EBHorizon:5000/Horizon
> Sat May 25 10:29:05 2013 : Info: rlm_sql (sql): Attempting to connect
> rlm_sql_unixodbc #0
> Sat May 25 10:29:05 2013 : Error: rlm_sql_unixodbc: SQL down 08S01
> [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server is
> unavailable or does not exist
> Sat May 25 10:29:05 2013 : Error: rlm_sql_unixodbc: Connection failed
> Sat May 25 10:29:05 2013 : Error: rlm_sql (sql): Failed to connect DB
> handle #0
> Sat May 25 10:29:05 2013 : Info: Loaded virtual server <default>
> Sat May 25 10:29:05 2013 : Info: Loaded virtual server inner-tunnel
> Sat May 25 10:29:05 2013 : Info:  ... adding new socket proxy address *
> port 59524
> Sat May 25 10:29:05 2013 : Info: Ready to process requests.
>
> Any help would be greatly appreciated.
>
>
> ------------------------------
>
> Message: 5
> Date: Sat, 25 May 2013 19:44:55 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01
>         [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server
> is
>         unavailable or does     not     exist
> Message-ID: <51A14CF7.1080502 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Bill Grant wrote:
> > I am having trouble starting freeradius at boot on CentOS 6.4. It
> starts, but it does not connect to my database; however, if run it manually
> from the command the it works fine. I think there is permission issue
> somewhere. See the log below:
> >
> > when I run following command as root it works
>
>   It's probably some SELinux rule.  The normal Linux APIs allow *any*
> process to make outbound connections.
>
>   Alan DeKok.
>
>
> ------------------------------
>
> Message: 6
> Date: Sun, 26 May 2013 00:29:28 +0000
> From: Bill Grant <wgrant at EBPL.org>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: RE: Error: rlm_sql_unixodbc: SQL down 08S01
>         [unixODBC][FreeTDS][SQL Server]Unable to connect: Adaptive Server
> is
>         unavailable or  does    not     exist
> Message-ID: <4137E4310A92F941A14E91ACF8F9F5BF0D91D093 at cairo.ebpl.net>
> Content-Type: text/plain; charset="us-ascii"
>
> You are right I  temporarily disabled SE Linux with "echo 0
> >/selinux/enforce" and it worked. Now I just need to figure out exactly
> what it is blocking. Thanks for the help!
> ________________________________________
> From: Alan DeKok [aland at deployingradius.com]
> Sent: Saturday, May 25, 2013 7:44 PM
> To: FreeRadius users mailing list
> Subject: Re: Error: rlm_sql_unixodbc: SQL down 08S01
> [unixODBC][FreeTDS][SQL    Server]Unable to connect: Adaptive Server is
> unavailable or does        not     exist
>
> Bill Grant wrote:
> > I am having trouble starting freeradius at boot on CentOS 6.4. It
> starts, but it does not connect to my database; however, if run it manually
> from the command the it works fine. I think there is permission issue
> somewhere. See the log below:
> >
> > when I run following command as root it works
>
>   It's probably some SELinux rule.  The normal Linux APIs allow *any*
> process to make outbound connections.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>
> ------------------------------
>
> Message: 7
> Date: Sun, 26 May 2013 01:41:14 +0100
> From: "Matthew Melbourne" <matt at melbourne.org.uk>
> To: <freeradius-users at lists.freeradius.org>
> Subject: Re: Auth-Type = Reject not being obeyed
> Message-ID: <000b01ce59a9$baa28040$2fe780c0$@melbourne.org.uk>
> Content-Type: text/plain;       charset="us-ascii"
>
> I think Phil's diagnosis is correct; 'Auth-Type := Reject' requires the
> ':='
> operator to reject a CHAP authentication.
>
> Unfortunately, it's not always easy to place a live production system in
> debug mode, hence the initial "is this something stupid" question :)
>
> (And apologies for the lack of a subject line in the original post).
>
> Cheers,
> Matt
>
> -----Original Message-----
> Date: Fri, 24 May 2013 17:31:29 +0100
> From: Phil Mayers <p.mayers at imperial.ac.uk>
> To: freeradius-users at lists.freeradius.org
> Subject: Re: Auth-Type = Reject not being obeyed
> Message-ID: <519F95E1.6010100 at imperial.ac.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 24/05/13 17:19, Alan Buxey wrote:
>
> > The only difference I can see is that the first example uses a
> > plain-text password, and the RADIUS on the LNS is using CHAP?
> >
> > The backend database has "=" in the 'op' field (and not ":="), so the
> > returned attribute is "Auth-Type = Reject" and not "Auth-Type :=
> > Reject", but it is correctly rejected using radtest/radclient, and I
> > believe the "=" operand to be correct.
>
> You might have this:
>
> authorize {
>    ...
>    chap
>    sql
>    ...
> }
>
> ..and Auth-Type is already set by chap, hence "=" doesn't overwrite it.
>
> Anyway, you're not correct that "=" is the right operator; ":=" means
> "force" i.e. set this attribute to this value, always, and that's what you
> want to do here, right? "=" means "set if unset"
>
> As has also been pointed out - show "radiusd -X" for a problem auth (and
> set
> a subject line...)
>
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> End of Freeradius-Users Digest, Vol 97, Issue 83
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130526/1740489d/attachment-0001.html>


More information about the Freeradius-Users mailing list