[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Freeradius-Users Digest, Vol 46, Issue 102 Why is groupname field
From: ngwarai zed <makotore () gmail ! com>
Date: 2009-02-26 8:29:36
Message-ID: 28713a570902260029s70e9f278ycc2e04ec69c9ffe7 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Hallo all,
First of all thanks Kalik for your responses. I checked the link you you
sent but I couldn't get the info I am looking for. Let me expand further on
the problem:-
I have MySQL 5.0.67 and PostgreSQL 8.3.6 and freeRADIUS 2.17 installed on
GNU/Linux Fedora 10 distribution. I have identical radius databases on both
MySQL and PostgreSQL. When I use the PostgreSQL, the groupname field in the
radacct table gets filled in but when I change the database to MySQL, the
groupname filled is blank. I checked the queries in mysql/diaup.conf and
postgresql/dialup.conf and found out that they are the same. Why is it
working with PostgreSQL and not working with MySQL? The groupnames are
defined in radusergroup table.
May you help me on a step by step basis on how to solve this problem.
THank you
2009/2/25 <freeradius-users-request@lists.freeradius.org>
> Send Freeradius-Users mailing list submissions to
> freeradius-users@lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request@lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner@lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: Freeradius-Users Digest, Vol 46, Issue 98 : Why is
> groupnamefield blank in radacct (tnt@kalik.net)
> 2. Re: Error: WARNING: Unresponsive child for request in module
> sqlcomponent accounting (magicboiz)
> 3. Rlm_sqlcounter log problem (Devrim Seral)
> 4. Re: Error: WARNING: Unresponsive child for request in
> modulesqlcomponent accounting (tnt@kalik.net)
> 5. Re: Rlm_sqlcounter log problem (Juan Pablo Botero)
> 6. Re: Freeradius dies with Postgresql error (Alan DeKok)
> 7. Re: FR 2.1.3 and ASSERT FAILED event.c (Alan DeKok)
> 8. Re: Rlm_sqlcounter log problem (tnt@kalik.net)
> 9. Re: Wired 802.1x auth - Getting the IP address of the authed
> machine (Alexander Clouter)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 25 Feb 2009 15:21:20 +0100
> From: <tnt@kalik.net>
> Subject: Re: Freeradius-Users Digest, Vol 46, Issue 98 : Why is
> groupnamefield blank in radacct
> To: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
> Message-ID: <gS8vCrCQ.1235571680.7009450.tnt@kalik.net>
> Content-Type: text/plain; charset=ISO-8859-2
>
> >I tried editing the dialup.conf and added groupname with a value of
> >'%{SQL-Group}' but still it writes nothing for the groupname in the
> radacct
> >table. Can you help me as to how exactly I have to edit the dialup.conf ?
> >
>
> That is fine, only the attribute is wrong. ASFAIK Class is the only
> attribute that you can custom set during authentication that NAS will
> have to send back in accounting packet.
>
> http://freeradius.org/rfc/rfc2865.html#Class
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 25 Feb 2009 15:40:04 +0100
> From: magicboiz <magicboiz@gmail.com>
> Subject: Re: Error: WARNING: Unresponsive child for request in module
> sqlcomponent accounting
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Message-ID: <200902251540.04783.magicboiz@gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thx Ivan,
>
> and do you know if the accouting registers is lost? or another child
> retries
> the insert into the database?
>
> thx
> Regards
>
>
> On Mi?rcoles 25 Febrero 2009 14:09:44 tnt@kalik.net wrote:
> > >I facing this problem with my Freeradius 2.1.3, and I don't know how to
> > > solve it :(
> > >
> > >My NAS is sending only accounting registers to my freeradius server. My
> > >freeradius server, is configured to store these registers into a MySQL
> > > server. I have configured "max_request_time = 120", in the case of
> MySQL
> > > slow performance, but the problem perssits.
> >
> > No, you don't have a problem with radius server but with sql one.
> > Perhaps you should look into the server that does have a problem (sql)
> > and not the one that doesn't (radius). There is nothing radius server
> > can tell you about why are sql queries running slow.
> >
> > Ivan Kalik
> > Kalik Informatika ISP
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 25 Feb 2009 16:51:46 +0200
> From: Devrim Seral <dseral@gmail.com>
> Subject: Rlm_sqlcounter log problem
> To: freeradius-users@lists.freeradius.org
> Message-ID:
> <416697d80902250651s7ed9e1earb3cd4ca611c27748@mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Hi all,
> I have a little problem with freeradius. And i can't find any solution for
> it..
> We have logged failed login attempt following statement: (Its taken
> from Freeradius Wiki)
> Post-Auth-Type REJECT {
> # Login failed: log to SQL database.
> sql
> }
>
> However when we use rlm_sqlcounter this modle can't handled with above
> statement.
>
> So how its possible to log users that Rejected by rlm_sqlcounter module?
> Regards..
> devrim
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 25 Feb 2009 15:53:36 +0100
> From: <tnt@kalik.net>
> Subject: Re: Error: WARNING: Unresponsive child for request in
> modulesqlcomponent accounting
> To: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
> Message-ID: <WfvWLTm6.1235573616.3312510.tnt@kalik.net>
> Content-Type: text/plain; charset=ISO-8859-2
>
> >and do you know if the accouting registers is lost? or another child
> retries
> >the insert into the database?
> >
>
> They usually are - there are no handles to write to the database as the
> whole server gets blocked. I haven't seen tha case where single handle
> would dia and the rest of them would continue working. This is usually
> terminal state of radius-sql server connection problem.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 25 Feb 2009 09:54:35 -0500
> From: Juan Pablo Botero <juanpabloboterolopez@gmail.com>
> Subject: Re: Rlm_sqlcounter log problem
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Message-ID:
> <aaa6fffc0902250654t7355ae6bt315ff0cd3f706324@mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> In My case, that it's not necesary, you can comment out that lines; and
> probe with 'freeradius -X'
>
> On Wed, Feb 25, 2009 at 9:51 AM, Devrim Seral <dseral@gmail.com> wrote:
>
> > Hi all,
> > I have a little problem with freeradius. And i can't find any solution
> for
> > it..
> > We have logged failed login attempt following statement: (Its taken
> > from Freeradius Wiki)
> > Post-Auth-Type REJECT {
> > # Login failed: log to SQL database.
> > sql
> > }
> >
> > However when we use rlm_sqlcounter this modle can't handled with above
> > statement.
> >
> > So how its possible to log users that Rejected by rlm_sqlcounter module?
> > Regards..
> > devrim
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
>
> --
> Juan Pablo Botero
> Administrador de Sistemas inform?ticos
> http://jpill.wordpress.com
> eSSuX: http://slcolombia.org/eSSuX
> Linux Registered user #435293
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/ca3488d3/attachment.html
> >
>
> ------------------------------
>
> Message: 6
> Date: Wed, 25 Feb 2009 15:54:37 +0100
> From: Alan DeKok <aland@deployingradius.com>
> Subject: Re: Freeradius dies with Postgresql error
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Message-ID: <49A55BAD.7020707@deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Vegard Svanberg wrote:
> > I'm using Freeradius with a Postgresql backend. Every two or three days,
> > Freeradius dies. These are the last lines from the log file:
> >
> > Tue Feb 24 21:15:31 2009 : Auth: Login OK: [XXXX] (from client YYYY port
> 3 cli ZZZZZZZZ)
> > Tue Feb 24 21:16:34 2009 : Auth: Login OK: [XXXX] (from client YYYY port
> 3 cli ZZZZZZZZ)
> > Tue Feb 24 21:16:48 2009 : Auth: Login OK: [XXXX] (from client YYYY port
> 4 cli ZZZZZZZZ)
> > Tue Feb 24 21:18:32 2009 : Error: rlm_sql_postgresql: PostgreSQL Query
> failed Error:
> > Tue Feb 24 21:18:32 2009 : Auth: Invalid user: [XXXX] (from client YYYY
> port 1509942 cli XX:XX:XX:XX:XX:XX)
> >
> > Then nothing (it's gone and has to be started up again).
>
> Ugh. That's not nice.
>
> > The problem is that this never happens if I run radiusd with -X, so I'm
> > having trouble catching more info.
>
> See doc/bugs in the latest "git" tree (stable) for instructions on
> leaving it running under "gdb". You will also likely need to build the
> server with debugging symbols, too.
>
> > Any clues? This is Freeradius 2.1.0 btw. I've just upgraded to 2.1.3 to
> > see if the problem goes away.
>
> I don't recall anything being changed in the postgres back-end.
>
> Alan DeKok.
>
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 25 Feb 2009 16:04:56 +0100
> From: Alan DeKok <aland@deployingradius.com>
> Subject: Re: FR 2.1.3 and ASSERT FAILED event.c
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Message-ID: <49A55E18.1060202@deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Chris Howley wrote:
> > I encountered the following problem when the server received an
> Access-Challenge packet
> > from a proxy server. Any help in fixing this problem would be
> appreciated.
>
> See doc/bugs for giving additional information, such as the rest of
> the back trace.
>
> Also, a lot more of the debug log might help.
>
> > Waking up in 0.9 seconds.
> > rad_recv: Access-Challenge packet from host 194.82.174.185 port 1812,
> id=76, length=81
> > Tunnel-Type:0 = VLAN
> > Tunnel-Medium-Type:0 = IEEE-802
> > EAP-Message = 0x010300061920
> > Message-Authenticator = 0x193c8361dc660dd940460f693d6ebf9c
> > State = 0xad8b0646ad881f6aaefeee6ec7165a25
> > Proxy-State = 0x313730
> > +- entering group post-proxy {...}
> > [post_proxy_log] expand:
> /usr/local/var/log/radius/radacct/%Y-%m-%d/post-proxy-detail-%H:00 ->
> /usr/local/var/log/radius/radacct/2009-02-24/post-proxy-detail-16:00
> > [post_proxy_log]
> /usr/local/var/log/radius/radacct/%Y-%m-%d/post-proxy-detail-%H:00 expands
> to /usr/local/var/log/radius/radacct/2009-02-24/post-proxy-detail-16:00
> > [post_proxy_log] expand: %{Packet-Src-IP-Address} - %t ->
> 10.12.80.101 - Tue Feb 24 16:02:50 2009
> > ++[post_proxy_log] returns ok
> > [attr_filter.post-proxy] expand: %{Realm} -> jrs
> > attr_filter: Matched entry DEFAULT at line 103
> > ++[attr_filter.post-proxy] returns updated
> > [eap] No pre-existing handler found
> > ++[eap] returns noop
> > ASSERT FAILED event.c[3593]: fun != NULL
> > Abort (core dumped)
>
> This is a catastrophic error indicating that the server has a request
> it doesn't know how to handle.
>
> The only way that this could happen is:
>
> a) buffer over-run somewhere
> b) source code modifications
>
> The code that receives a proxied response sets "fun", and doesn't do a
> whole lot else before it hits that assertion. If you're seeing this in
> debugging mode (i.e. no threads), then there *very* few things that can
> go wrong here.
>
> Alan DeKok.
>
>
> ------------------------------
>
> Message: 8
> Date: Wed, 25 Feb 2009 16:08:33 +0100
> From: <tnt@kalik.net>
> Subject: Re: Rlm_sqlcounter log problem
> To: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
> Message-ID: <gsiPBrW7.1235574513.8411570.tnt@kalik.net>
> Content-Type: text/plain; charset=ISO-8859-2
>
> >I have a little problem with freeradius. And i can't find any solution for
> it..
> >We have logged failed login attempt following statement: (Its taken
> >from Freeradius Wiki)
> > Post-Auth-Type REJECT {
> > # Login failed: log to SQL database.
> > sql
> > }
> >
> >However when we use rlm_sqlcounter this modle can't handled with above
> >statement.
> >
> >So how its possible to log users that Rejected by rlm_sqlcounter module?
>
> man unlang. Test for module return code and then run, for example, perl
> script that will log to the database. You can't do sql inserts and
> updates directly from unlang without source code changes.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
>
> ------------------------------
>
> Message: 9
> Date: Wed, 25 Feb 2009 19:26:13 +0000
> From: Alexander Clouter <alex@digriz.org.uk>
> Subject: Re: Wired 802.1x auth - Getting the IP address of the authed
> machine
> To: freeradius-users@lists.freeradius.org
> Message-ID: <slrngqb6ql.n2j.alex@woodchuck.wormnet.eu>
>
> * Paul Dealy <pdealy@gmail.com> [Wed, 25 Feb 2009 21:42:37 +1100]:
> >
> > I have accounting turned on, but I don't see the authed machines IP on
> > that of the NAS.
> >
> Use DHCP Snooping[1] and then yank the DHCP servers logs. If you want
> them in the SQL table, you should add them afterwards. You need to bear
> in mind that in the medium-long term there will be nothing stopping (or
> invalid) about computers having multiple IP addresses[2]. Expecting a
> venduh (especially Cisco) to give you what you want/need is asking for
> trouble.
>
> We personally yank from our DHCP logs, because of DHCP snooping, we know
> they can be trusted.
>
> Cheers
>
> [1]
> http://www.cisco.com/web/DK/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf
> [2] IPv4 and IPv6 addresses, multiple of the later for workstations is
> an expectation not an edge case. Also there is technically
> nothing stopping a workstation in a single 'session' changing IP
> addresses
>
> --
> Alexander Clouter
> .sigmonster says: Go on, EMOTE! I was RAISED on thought balloons!!
>
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 46, Issue 102
> *************************************************
>
[Attachment #5 (text/html)]
Hallo all,<br><br>First of all thanks Kalik for your responses. I checked the link \
you you sent but I couldn't get the info I am looking for. Let me expand further \
on the problem:-<br><br>I have MySQL 5.0.67 and PostgreSQL 8.3.6 and freeRADIUS 2.17 \
installed on GNU/Linux Fedora 10 distribution. I have identical radius databases on \
both MySQL and PostgreSQL. When I use the PostgreSQL, the groupname field in the \
radacct table gets filled in but when I change the database to MySQL, the groupname \
filled is blank. I checked the queries in mysql/diaup.conf and postgresql/dialup.conf \
and found out that they are the same. Why is it working with PostgreSQL and not \
working with MySQL? The groupnames are defined in radusergroup table.<br> <br>May you \
help me on a step by step basis on how to solve this problem.<br><br>THank \
you<br><br><div class="gmail_quote">2009/2/25 <span dir="ltr"><<a \
href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a>></span><br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); \
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Send Freeradius-Users mailing list \
submissions to<br>
<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
<br>
To subscribe or unsubscribe via the World Wide Web, visit<br>
<a href="http://lists.freeradius.org/mailman/listinfo/freeradius-users" \
target="_blank">http://lists.freeradius.org/mailman/listinfo/freeradius-users</a><br> \
or, via email, send a message with subject or body 'help' \
to<br>
<a href="mailto:freeradius-users-request@lists.freeradius.org">freeradius-users-request@lists.freeradius.org</a><br>
<br>
You can reach the person managing the list at<br>
<a href="mailto:freeradius-users-owner@lists.freeradius.org">freeradius-users-owner@lists.freeradius.org</a><br>
<br>
When replying, please edit your Subject line so it is more specific<br>
than "Re: Contents of Freeradius-Users digest..."<br>
<br>
<br>
Today's Topics:<br>
<br>
1. Re: Freeradius-Users Digest, Vol 46, Issue 98 : Why is<br>
groupnamefield blank in radacct (<a \
href="mailto:tnt@kalik.net">tnt@kalik.net</a>)<br> 2. Re: Error: WARNING: \
Unresponsive child for request in module<br> sqlcomponent accounting (magicboiz)<br>
3. Rlm_sqlcounter log problem (Devrim Seral)<br>
4. Re: Error: WARNING: Unresponsive child for request in<br>
modulesqlcomponent accounting (<a \
href="mailto:tnt@kalik.net">tnt@kalik.net</a>)<br> 5. Re: Rlm_sqlcounter log problem \
(Juan Pablo Botero)<br> 6. Re: Freeradius dies with Postgresql error (Alan \
DeKok)<br> 7. Re: FR 2.1.3 and ASSERT FAILED event.c (Alan DeKok)<br>
8. Re: Rlm_sqlcounter log problem (<a \
href="mailto:tnt@kalik.net">tnt@kalik.net</a>)<br> 9. Re: Wired 802.1x auth - \
Getting the IP address of the authed<br> machine (Alexander Clouter)<br>
<br>
<br>
----------------------------------------------------------------------<br>
<br>
Message: 1<br>
Date: Wed, 25 Feb 2009 15:21:20 +0100<br>
From: <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>><br>
Subject: Re: Freeradius-Users Digest, Vol 46, Issue 98 : Why is<br>
groupnamefield blank in radacct<br>
To: "FreeRadius users mailing list"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:gS8vCrCQ.1235571680.7009450.tnt@kalik.net">gS8vCrCQ.1235571680.7009450.tnt@kalik.net</a>><br>
Content-Type: text/plain; charset=ISO-8859-2<br>
<br>
>I tried editing the dialup.conf and added groupname with a value of<br>
>'%{SQL-Group}' but still it writes nothing for the groupname in the \
radacct<br> >table. Can you help me as to how exactly I have to edit the \
dialup.conf ?<br> ><br>
<br>
That is fine, only the attribute is wrong. ASFAIK Class is the only<br>
attribute that you can custom set during authentication that NAS will<br>
have to send back in accounting packet.<br>
<br>
<a href="http://freeradius.org/rfc/rfc2865.html#Class" \
target="_blank">http://freeradius.org/rfc/rfc2865.html#Class</a><br> <br>
Ivan Kalik<br>
Kalik Informatika ISP<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 2<br>
Date: Wed, 25 Feb 2009 15:40:04 +0100<br>
From: magicboiz <<a \
href="mailto:magicboiz@gmail.com">magicboiz@gmail.com</a>><br>
Subject: Re: Error: WARNING: Unresponsive child for request in module<br>
sqlcomponent accounting<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:200902251540.04783.magicboiz@gmail.com">200902251540.04783.magicboiz@gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
Thx Ivan,<br>
<br>
and do you know if the accouting registers is lost? or another child retries<br>
the insert into the database?<br>
<br>
thx<br>
Regards<br>
<br>
<br>
On Mi?rcoles 25 Febrero 2009 14:09:44 <a \
href="mailto:tnt@kalik.net">tnt@kalik.net</a> wrote:<br> > >I facing this \
problem with my Freeradius 2.1.3, and I don't know how to<br> > > solve it \
:(<br> > ><br>
> >My NAS is sending only accounting registers to my freeradius server. My<br>
> >freeradius server, is configured to store these registers into a MySQL<br>
> > server. I have configured "max_request_time = 120", in the case \
of MySQL<br> > > slow performance, but the problem perssits.<br>
><br>
> No, you don't have a problem with radius server but with sql one.<br>
> Perhaps you should look into the server that does have a problem (sql)<br>
> and not the one that doesn't (radius). There is nothing radius server<br>
> can tell you about why are sql queries running slow.<br>
><br>
> Ivan Kalik<br>
> Kalik Informatika ISP<br>
><br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" \
target="_blank">http://www.freeradius.org/list/users.html</a><br> <br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 3<br>
Date: Wed, 25 Feb 2009 16:51:46 +0200<br>
From: Devrim Seral <<a href="mailto:dseral@gmail.com">dseral@gmail.com</a>><br>
Subject: Rlm_sqlcounter log problem<br>
To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Message-ID:<br>
<<a href="mailto:416697d80902250651s7ed9e1earb3cd4ca611c27748@mail.gmail.com">416697d80902250651s7ed9e1earb3cd4ca611c27748@mail.gmail.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Hi all,<br>
I have a little problem with freeradius. And i can't find any solution for \
it..<br> We have logged failed login attempt following statement: (Its taken<br>
from Freeradius Wiki)<br>
Post-Auth-Type REJECT {<br>
# Login failed: log to SQL database.<br>
sql<br>
}<br>
<br>
However when we use rlm_sqlcounter this modle can't handled with above<br>
statement.<br>
<br>
So how its possible to log users that Rejected by rlm_sqlcounter module?<br>
Regards..<br>
devrim<br>
<br>
<br>
------------------------------<br>
<br>
Message: 4<br>
Date: Wed, 25 Feb 2009 15:53:36 +0100<br>
From: <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>><br>
Subject: Re: Error: WARNING: Unresponsive child for request in<br>
modulesqlcomponent accounting<br>
To: "FreeRadius users mailing list"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:WfvWLTm6.1235573616.3312510.tnt@kalik.net">WfvWLTm6.1235573616.3312510.tnt@kalik.net</a>><br>
Content-Type: text/plain; charset=ISO-8859-2<br>
<br>
>and do you know if the accouting registers is lost? or another child retries<br>
>the insert into the database?<br>
><br>
<br>
They usually are - there are no handles to write to the database as the<br>
whole server gets blocked. I haven't seen tha case where single handle<br>
would dia and the rest of them would continue working. This is usually<br>
terminal state of radius-sql server connection problem.<br>
<br>
Ivan Kalik<br>
Kalik Informatika ISP<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 5<br>
Date: Wed, 25 Feb 2009 09:54:35 -0500<br>
From: Juan Pablo Botero <<a \
href="mailto:juanpabloboterolopez@gmail.com">juanpabloboterolopez@gmail.com</a>><br>
Subject: Re: Rlm_sqlcounter log problem<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID:<br>
<<a href="mailto:aaa6fffc0902250654t7355ae6bt315ff0cd3f706324@mail.gmail.com">aaa6fffc0902250654t7355ae6bt315ff0cd3f706324@mail.gmail.com</a>><br>
Content-Type: text/plain; charset="iso-8859-1"<br>
<br>
In My case, that it's not necesary, you can comment out that lines; and<br>
probe with 'freeradius -X'<br>
<br>
On Wed, Feb 25, 2009 at 9:51 AM, Devrim Seral <<a \
href="mailto:dseral@gmail.com">dseral@gmail.com</a>> wrote:<br> <br>
> Hi all,<br>
> I have a little problem with freeradius. And i can't find any solution \
for<br> > it..<br>
> We have logged failed login attempt following statement: (Its taken<br>
> from Freeradius Wiki)<br>
> Post-Auth-Type REJECT {<br>
> # Login failed: log to SQL database.<br>
> sql<br>
> }<br>
><br>
> However when we use rlm_sqlcounter this modle can't handled with above<br>
> statement.<br>
><br>
> So how its possible to log users that Rejected by rlm_sqlcounter module?<br>
> Regards..<br>
> devrim<br>
> -<br>
> List info/subscribe/unsubscribe? See<br>
> <a href="http://www.freeradius.org/list/users.html" \
target="_blank">http://www.freeradius.org/list/users.html</a><br> ><br>
<br>
<br>
<br>
--<br>
Juan Pablo Botero<br>
Administrador de Sistemas inform?ticos<br>
<a href="http://jpill.wordpress.com" \
target="_blank">http://jpill.wordpress.com</a><br>
eSSuX: <a href="http://slcolombia.org/eSSuX" \
target="_blank">http://slcolombia.org/eSSuX</a><br> Linux Registered user #435293<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/ca3488d3/attachment.html" \
target="_blank">https://lists.freeradius.org/pipermail/freeradius-users/attachments/20090225/ca3488d3/attachment.html</a>><br>
<br>
------------------------------<br>
<br>
Message: 6<br>
Date: Wed, 25 Feb 2009 15:54:37 +0100<br>
From: Alan DeKok <<a \
href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>
Subject: Re: Freeradius dies with Postgresql error<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:49A55BAD.7020707@deployingradius.com">49A55BAD.7020707@deployingradius.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Vegard Svanberg wrote:<br>
> I'm using Freeradius with a Postgresql backend. Every two or three days,<br>
> Freeradius dies. These are the last lines from the log file:<br>
><br>
> Tue Feb 24 21:15:31 2009 : Auth: Login OK: [XXXX] (from client YYYY port 3 cli \
ZZZZZZZZ)<br> > Tue Feb 24 21:16:34 2009 : Auth: Login OK: [XXXX] (from client \
YYYY port 3 cli ZZZZZZZZ)<br> > Tue Feb 24 21:16:48 2009 : Auth: Login OK: [XXXX] \
(from client YYYY port 4 cli ZZZZZZZZ)<br> > Tue Feb 24 21:18:32 2009 : Error: \
rlm_sql_postgresql: PostgreSQL Query failed Error:<br> > Tue Feb 24 21:18:32 2009 \
: Auth: Invalid user: [XXXX] (from client YYYY port 1509942 cli \
XX:XX:XX:XX:XX:XX)<br> ><br>
> Then nothing (it's gone and has to be started up again).<br>
<br>
Ugh. That's not nice.<br>
<br>
> The problem is that this never happens if I run radiusd with -X, so I'm<br>
> having trouble catching more info.<br>
<br>
See doc/bugs in the latest "git" tree (stable) for instructions on<br>
leaving it running under "gdb". You will also likely need to build the<br>
server with debugging symbols, too.<br>
<br>
> Any clues? This is Freeradius 2.1.0 btw. I've just upgraded to 2.1.3 to<br>
> see if the problem goes away.<br>
<br>
I don't recall anything being changed in the postgres back-end.<br>
<br>
Alan DeKok.<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 7<br>
Date: Wed, 25 Feb 2009 16:04:56 +0100<br>
From: Alan DeKok <<a \
href="mailto:aland@deployingradius.com">aland@deployingradius.com</a>><br>
Subject: Re: FR 2.1.3 and ASSERT FAILED event.c<br>
To: FreeRadius users mailing list<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:49A55E18.1060202@deployingradius.com">49A55E18.1060202@deployingradius.com</a>><br>
Content-Type: text/plain; charset=ISO-8859-1<br>
<br>
Chris Howley wrote:<br>
> I encountered the following problem when the server received an Access-Challenge \
packet<br> > from a proxy server. Any help in fixing this problem would be \
appreciated.<br> <br>
See doc/bugs for giving additional information, such as the rest of<br>
the back trace.<br>
<br>
Also, a lot more of the debug log might help.<br>
<br>
> Waking up in 0.9 seconds.<br>
> rad_recv: Access-Challenge packet from host 194.82.174.185 port 1812, id=76, \
length=81<br> > Tunnel-Type:0 = VLAN<br>
> Tunnel-Medium-Type:0 = IEEE-802<br>
> EAP-Message = 0x010300061920<br>
> Message-Authenticator = 0x193c8361dc660dd940460f693d6ebf9c<br>
> State = 0xad8b0646ad881f6aaefeee6ec7165a25<br>
> Proxy-State = 0x313730<br>
> +- entering group post-proxy {...}<br>
> [post_proxy_log] expand: \
/usr/local/var/log/radius/radacct/%Y-%m-%d/post-proxy-detail-%H:00 -> \
/usr/local/var/log/radius/radacct/2009-02-24/post-proxy-detail-16:00<br> > \
[post_proxy_log] /usr/local/var/log/radius/radacct/%Y-%m-%d/post-proxy-detail-%H:00 \
expands to /usr/local/var/log/radius/radacct/2009-02-24/post-proxy-detail-16:00<br> \
> [post_proxy_log] expand: %{Packet-Src-IP-Address} - %t -> 10.12.80.101 \
- Tue Feb 24 16:02:50 2009<br> > ++[post_proxy_log] returns ok<br>
> [attr_filter.post-proxy] expand: %{Realm} -> jrs<br>
> attr_filter: Matched entry DEFAULT at line 103<br>
> ++[attr_filter.post-proxy] returns updated<br>
> [eap] No pre-existing handler found<br>
> ++[eap] returns noop<br>
> ASSERT FAILED event.c[3593]: fun != NULL<br>
> Abort (core dumped)<br>
<br>
This is a catastrophic error indicating that the server has a request<br>
it doesn't know how to handle.<br>
<br>
The only way that this could happen is:<br>
<br>
a) buffer over-run somewhere<br>
b) source code modifications<br>
<br>
The code that receives a proxied response sets "fun", and doesn't do \
a<br> whole lot else before it hits that assertion. If you're seeing this in<br>
debugging mode (i.e. no threads), then there *very* few things that can<br>
go wrong here.<br>
<br>
Alan DeKok.<br>
<br>
<br>
------------------------------<br>
<br>
Message: 8<br>
Date: Wed, 25 Feb 2009 16:08:33 +0100<br>
From: <<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>><br>
Subject: Re: Rlm_sqlcounter log problem<br>
To: "FreeRadius users mailing list"<br>
<<a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a>><br>
Message-ID: <<a href="mailto:gsiPBrW7.1235574513.8411570.tnt@kalik.net">gsiPBrW7.1235574513.8411570.tnt@kalik.net</a>><br>
Content-Type: text/plain; charset=ISO-8859-2<br>
<br>
>I have a little problem with freeradius. And i can't find any solution for \
it..<br> >We have logged failed login attempt following statement: (Its taken<br>
>from Freeradius Wiki)<br>
> Post-Auth-Type REJECT {<br>
> # Login failed: log to SQL database.<br>
> sql<br>
> }<br>
><br>
>However when we use rlm_sqlcounter this modle can't handled with above<br>
>statement.<br>
><br>
>So how its possible to log users that Rejected by rlm_sqlcounter module?<br>
<br>
man unlang. Test for module return code and then run, for example, perl<br>
script that will log to the database. You can't do sql inserts and<br>
updates directly from unlang without source code changes.<br>
<br>
Ivan Kalik<br>
Kalik Informatika ISP<br>
<br>
<br>
<br>
------------------------------<br>
<br>
Message: 9<br>
Date: Wed, 25 Feb 2009 19:26:13 +0000<br>
From: Alexander Clouter <<a \
href="mailto:alex@digriz.org.uk">alex@digriz.org.uk</a>><br>
Subject: Re: Wired 802.1x auth - Getting the IP address of the authed<br>
machine<br>
To: <a href="mailto:freeradius-users@lists.freeradius.org">freeradius-users@lists.freeradius.org</a><br>
Message-ID: <slrngqb6ql.n2j.alex@woodchuck.wormnet.eu><br>
<br>
* Paul Dealy <<a href="mailto:pdealy@gmail.com">pdealy@gmail.com</a>> [Wed, 25 \
Feb 2009 21:42:37 +1100]:<br> ><br>
> I have accounting turned on, but I don't see the authed machines IP on<br>
> that of the NAS.<br>
><br>
Use DHCP Snooping[1] and then yank the DHCP servers logs. If you want<br>
them in the SQL table, you should add them afterwards. You need to bear<br>
in mind that in the medium-long term there will be nothing stopping (or<br>
invalid) about computers having multiple IP addresses[2]. Expecting a<br>
venduh (especially Cisco) to give you what you want/need is asking for<br>
trouble.<br>
<br>
We personally yank from our DHCP logs, because of DHCP snooping, we know<br>
they can be trusted.<br>
<br>
Cheers<br>
<br>
[1] <a href="http://www.cisco.com/web/DK/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf" \
target="_blank">http://www.cisco.com/web/DK/assets/docs/security2006/Security2006_Eric_Vyncke_2.pdf</a><br>
[2] IPv4 and IPv6 addresses, multiple of the later for workstations is<br>
an expectation not an edge case. Also there is technically<br>
nothing stopping a workstation in a single 'session' changing IP<br>
addresses<br>
<br>
--<br>
Alexander Clouter<br>
.sigmonster says: Go on, EMOTE! I was RAISED on thought balloons!!<br>
<br>
<br>
<br>
------------------------------<br>
<br>
-<br>
List info/subscribe/unsubscribe? See <a \
href="http://www.freeradius.org/list/users.html" \
target="_blank">http://www.freeradius.org/list/users.html</a><br> <br>
<br>
End of Freeradius-Users Digest, Vol 46, Issue 102<br>
*************************************************<br>
</blockquote></div><br>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic