Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#4 PPPoe and freeradius

v1.0_(example)
open
Liran Tal
None
1
2013-05-31
2013-05-28
Conde Kadiatou
No

Hi liran
I want to use my freeradius for the PPPOE authentication types (this works perfectly) but I am looking to cut IPadress automatically after an operating time
how can I do it?

Using freeradius 2.1.12
with daloradius 0.9-9 version
on Centos 6.2
Please I need help

Discussion

  • Liran Tal
    Liran Tal
    2013-05-28

    Do you mean to disconnect a specific user?
    You can either do it manually by sending the disconnect packet (either from command line or from dalo's UI) or you could assign to users one of the session time attributes like Session-Timeout or Max-All-Session etc.

     
  • Conde Kadiatou
    Conde Kadiatou
    2013-05-29

    yes i try but when I do it ​​the user fails to authenticate with the radius server (I get access-reject) when I try ​​the radius test
    I don't know why

     
  • Conde Kadiatou
    Conde Kadiatou
    2013-05-29

    the solution you propose me you spoke about to assign to users one of the session time attributes like Session-Timeout or Max-All-Session :
    yes I had try it but wen i assign an attribute to my user this user can connect to raduis
    I always get Access-reject with the radius test

     
  • Liran Tal
    Liran Tal
    2013-05-29

    Ok so please show us your freeradius log when you run it in debug mode so we can see the reason that FR sends a reject packet. If you set Max-All-Session then probably this attribute isn't recognized by FR. Did you try Session-Timeout too?

     
  • Conde Kadiatou
    Conde Kadiatou
    2013-05-29

    here is my log file when I run it in debug mod

    ress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL"
    postauth_query = "INSERT INTO radpostauth (username, pass, reply, authdate) VALU ES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S')"
    safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOP QRSTUVWXYZ0123456789.-: /"
    }
    rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked
    rlm_sql (sql): Attempting to connect to radius@localhost:/radius
    rlm_sql (sql): starting 0
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
    rlm_sql_mysql: Starting connect to MySQL server for #0
    rlm_sql (sql): Connected new DB handle, #0
    rlm_sql (sql): starting 1
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
    rlm_sql_mysql: Starting connect to MySQL server for #1
    rlm_sql (sql): Connected new DB handle, #1
    rlm_sql (sql): starting 2
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #2
    rlm_sql_mysql: Starting connect to MySQL server for #2
    rlm_sql (sql): Connected new DB handle, #2
    rlm_sql (sql): starting 3
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
    rlm_sql_mysql: Starting connect to MySQL server for #3
    rlm_sql (sql): Connected new DB handle, #3
    rlm_sql (sql): starting 4
    rlm_sql (sql): Attempting to connect rlm_sql_mysql #4
    rlm_sql_mysql: Starting connect to MySQL server for #4
    rlm_sql (sql): Connected new DB handle, #4
    rlm_sql (sql): Processing generate_sql_clients
    rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, sh ortname, type, secret, server FROM nas
    rlm_sql (sql): Reserving sql socket id: 4
    rlm_sql (sql): No short name found for row 1
    rlm_sql (sql): Read entry nasname=192.168.56.242,shortname=,secret=tes ting123
    rlm_sql (sql): Adding client 192.168.56.242 (, server=) to clien ts list
    rlm_sql (sql): No short name found for row 3
    rlm_sql (sql): Read entry nasname=192.168.56.1,shortname=,secret=testi ng123
    rlm_sql (sql): Adding client 192.168.56.1 (, server=
    ) to clients list
    rlm_sql (sql): Read entry nasname=41.77.185.10,shortname=PPPOE-SERVER, secret=testing123
    rlm_sql (sql): Adding client 41.77.185.10 (PPPOE-SERVER, server=
    ) to clients list
    rlm_sql (sql): Released sql socket id: 4
    Module: Checking preacct {...} for more modules to load
    Module: Linked to module rlm_acct_unique
    Module: Instantiating module "acct_unique" from file /etc/raddb/modul es/acct_unique
    acct_unique {
    key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-A ddress, NAS-Port"
    }
    Module: Checking accounting {...} for more modules to load
    Module: Linked to module rlm_detail
    Module: Instantiating module "detail" from file /etc/raddb/modules/de tail
    detail {
    detailfile = "/var/log/radius/radacct/%{%{Packet-Src-IP-Addres s}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"
    header = "%t"
    detailperm = 384
    dirperm = 493
    locking = no
    log_packet_header = no
    }
    Module: Linked to module rlm_radutmp
    Module: Instantiating module "radutmp" from file /etc/raddb/modules/r adutmp
    radutmp {
    filename = "/var/log/radius/radutmp"
    username = "%{User-Name}"
    case_sensitive = yes
    check_with_nas = yes
    perm = 384
    callerid = yes
    }
    Module: Linked to module rlm_sqlippool
    Module: Instantiating module "sqlippool" from file /etc/raddb/sqlippo ol.conf
    sqlippool {
    sql-instance-name = "sql"
    lease-duration = 86400
    pool-name = ""
    allocate-begin = "START TRANSACTION"
    allocate-clear = "UPDATE radippool SET nasipaddress = '', po ol_key = 0, callingstationid = '', username = '', expiry_time = NU LL WHERE expiry_time <= NOW() - INTERVAL 1 SECOND AND nasipaddress = '%{Nas-IP-Address}'"
    allocate-find = "SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND (expiry_time < NOW() OR expiry
    time IS NULL) ORDER BY (username <> '%{User-Name}'), (callingstation id <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR UPDATE"
    allocate-update = "UPDATE radippool SET nasipaddress = '%{NAS -IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Callin g-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTE RVAL 86400 SECOND WHERE framedipaddress = '%I' AND expiry_time IS NUL L"
    allocate-commit = "COMMIT"
    allocate-rollback = "ROLLBACK"
    pool-check = "SELECT id FROM radippool WHERE pool_name='%{con trol:Pool-Name}' LIMIT 1"
    start-begin = "START TRANSACTION"
    start-update = "UPDATE radippool SET expiry_time = NOW() + IN TERVAL 86400 SECOND WHERE nasipaddress = '%{NAS-IP-Address}' AND poo l_key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstati onid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Add ress}'"
    start-commit = "COMMIT"
    start-rollback = "ROLLBACK"
    alive-begin = "START TRANSACTION"
    alive-update = "UPDATE radippool SET expiry_time = NOW() + IN TERVAL 86400 SECOND WHERE nasipaddress = '%{Nas-IP-Address}' AND pool _key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstatio nid = '%{Calling-Station-Id}' AND framedipaddress = '%{Framed-IP-Addr ess}'"
    alive-commit = "COMMIT"
    alive-rollback = "ROLLBACK"
    stop-begin = "START TRANSACTION"
    stop-clear = "UPDATE radippool SET nasipaddress = '', pool_ke y = 0, callingstationid = '', username = '', expiry_time = NULL WHER E nasipaddress = '%{Nas-IP-Address}' AND pool_key = '%{NAS-Port}' AND username = '%{User-Name}' AND callingstationid = '%{Calling-Station- Id}' AND framedipaddress = '%{Framed-IP-Address}'"
    stop-commit = "COMMIT"
    stop-rollback = "ROLLBACK"
    on-begin = "START TRANSACTION"
    on-clear = "UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE nasipaddress = '%{Nas-IP-Address}'"
    on-commit = "COMMIT"
    on-rollback = "ROLLBACK"
    off-begin = "START TRANSACTION"
    off-clear = "UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE nasipaddress = '%{Nas-IP-Address}'"
    off-commit = "COMMIT"
    off-rollback = "ROLLBACK"
    sqlippool_log_exists = "Existing IP: %{reply:Framed-IP-Address } (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Por t} user %{User-Name})"
    sqlippool_log_success = "Allocated IP: %{reply:Framed-IP-Addre ss} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Callin g-Station-Id} port %{NAS-Port} user %{User-Name})"
    sqlippool_log_clear = "Released IP %{Framed-IP-Address} (did % {Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name})"
    sqlippool_log_failed = "IP Allocation FAILED from %{control:Po ol-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{ NAS-Port} user %{User-Name})"
    sqlippool_log_nopool = "No Pool-Name defined (did %{Called-S tation-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name })"
    defaultpool = "main_pool"
    }
    Module: Linked to module rlm_attr_filter
    Module: Instantiating module "attr_filter.accounting_response" from f ile /etc/raddb/modules/attr_filter
    attr_filter attr_filter.accounting_response {
    attrsfile = "/etc/raddb/attrs.accounting_response"
    key = "%{User-Name}"
    relaxed = no
    }
    Module: Checking session {...} for more modules to load
    Module: Checking post-proxy {...} for more modules to load
    Module: Checking post-auth {...} for more modules to load
    Module: Instantiating module "attr_filter.access_reject" from file /e tc/raddb/modules/attr_filter
    attr_filter attr_filter.access_reject {
    attrsfile = "/etc/raddb/attrs.access_reject"
    key = "%{User-Name}"
    relaxed = no
    }
    } # modules
    } # server
    server inner-tunnel { # from file /etc/raddb/sites-enabled/inner-tunne l
    modules {
    Module: Checking authenticate {...} for more modules to load
    Module: Checking authorize {...} for more modules to load
    Module: Checking session {...} for more modules to load
    Module: Checking post-proxy {...} for more modules to load
    Module: Checking post-auth {...} for more modules to load
    } # modules
    } # server
    radiusd: #### Opening IP addresses and Ports ####
    listen {
    type = "auth"
    ipaddr =
    port = 0
    }
    listen {
    type = "acct"
    ipaddr =

    port = 0
    }
    listen {
    type = "control"
    listen {
    socket = "/var/run/radiusd/radiusd.sock"
    }
    }
    listen {
    type = "auth"
    ipaddr = 127.0.0.1
    port = 18120
    }
    ... adding new socket proxy address * port 55193
    Listening on authentication address * port 1812
    Listening on accounting address * port 1813
    Listening on command file /var/run/radiusd/radiusd.sock
    Listening on authentication address 127.0.0.1 port 18120 as server inn er-tunnel
    Listening on proxy address * port 1814
    Ready to process requests.

     
  • Liran Tal
    Liran Tal
    2013-05-31

    How about you actually try to authenticate/connect with the problematic user so we can see what's the problem exactly?

     


Anonymous


Cancel   Add attachments