momothefox
commented
1 year ago use := op instead of =
Closed faogundele closed 1 year ago
momothefox
commented
1 year ago use := op instead of =
faogundele
commented
1 year ago I actually used := Group attributes do not apply on users. I have decided to painstakingly add and assign all the attributes to over five hundred users manually if and only if the simultaneous-use attribute works perfectly. Please, it is very urgent, and it needs to be move to production soonest.
momothefox
commented
1 year ago @faogundele i confirm that daloRADIUS 1.3 works in production if you are using 2.0 it is beta and cannot go to production now. please provide more information about your setup try to provide some screen shots of profiles
did you put Simultaneous-Use attribute in check or reply ? it should be as check attribute
faogundele
commented
1 year ago 
I put Simultaneous-Use attribute in check. I installed daloRADIUs v2.0 beta, but some files were missing. I reverted back to daloRADIUS 1.3
momothefox
commented
1 year ago disable freeradius service and stop it
run it in debugging mode start it with freeradius -X command
and investigate more
it is nothing related to daloradius
it is a freeradius configuration
and if @lirantal & @filippolauria would not mind i can help you here if you could not find the defect from freeradius debugging output.
faogundele
commented
1 year ago faogundele
commented
1 year ago the radius client has private ip address and public ip address for remote monitoring which are redacted in this output.
momothefox
commented
1 year ago @faogundele this is only output of reading files try to connect and test radius to see what is actually happening with this command freeradius is running and ready to serve requests so let it work and see output to debug
faogundele
commented
1 year ago @faogundele this is only output of reading files try to connect and test radius to see what is actually happening with this command freeradius is running and ready to serve requests so let it work and see output to debug
faogundele
commented
1 year ago @faogundele this is only output of reading files try to connect and test radius to see what is actually happening with this command freeradius is running and ready to serve requests so let it work and see output to debug
I dont understand what you want me to do. Can you give me sample of the command. Thanks for your time. I am really in need of getting this fix as soon as possible
Garfsfield
commented
1 year ago Perhaps you should take this to the FreeRadius list -
http://www.freeradius.org/list/users.html
However you will need to upgrade to the latest version 3.2.2 before they will consider assisting you since the version you have is no longer supported.
On 2023/03/10 11:50, faogundele wrote:
@faogundele <https://github.com/faogundele> this is only output of reading files try to connect and test radius to see what is actually happening with this command freeradius is running and ready to serve requests so let it work and see output to debugI dont understand what you want me to do. Can you give me sample of the command. Thanks for your time. I am really in need of getting this fix as soon as possible
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1463545938, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJFQLRACI4FVGC7H7DTW3L2PHANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>
filippolauria
commented
1 year ago Hello @faogundele
and if @lirantal & @filippolauria would not mind i can help you here if you could not find the defect from freeradius debugging output.
@momothefox sure. Any help on RADIUS related topics you can give other users is appreciated, even if reported issues are not strictly related to daloRADIUS interface.
Perhaps you should take this to the FreeRadius list - http://www.freeradius.org/list/users.html
Of course, as @Garfsfield suggests, there are places that are better than others, when asking for some help :)
momothefox
commented
1 year ago disable freeradius service
systemctl disable freeradius.service
stop freeradius service
systemctl stop freeradius.service
start freeradius in debug mode
freeradius -X
after you see this msg Ready to process requests
connect to your NAS and try to log in to the server freeradius will show you how it is taking decisions so you know where the defect is.
freeradius is not easy to configure you have to read ton of pages.
faogundele
commented
1 year ago Perhaps you should take this to the FreeRadius list - http://www.freeradius.org/list/users.html However you will need to upgrade to the latest version 3.2.2 before they will consider assisting you since the version you have is no longer supported. … On 2023/03/10 11:50, faogundele wrote: @faogundele https://github.com/faogundele this is only output of reading files try to connect and test radius to see what is actually happening with this command freeradius is running and ready to serve requests so let it work and see output to debug I dont understand what you want me to do. Can you give me sample of the command. Thanks for your time. I am really in need of getting this fix as soon as possible — Reply to this email directly, view it on GitHub <#418 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJFQLRACI4FVGC7H7DTW3L2PHANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you are subscribed to this thread.Message ID: @.***>
The response shows I have installed newest version of freeradius.
Garfsfield
commented
1 year ago The distribution provided version is not actually the latest version.
Pre-built packages are onhttp://packages.networkradius.com
The latest release and the source files can be found here ^
On 2023/03/10 13:58, faogundele wrote:
Perhaps you should take this to the FreeRadius list - http://www.freeradius.org/list/users.html However you will need to upgrade to the latest version 3.2.2 before they will consider assisting you since the version you have is no longer supported. … <#> On 2023/03/10 11:50, faogundele wrote: @faogundele <https://github.com/faogundele> https://github.com/faogundele this is only output of reading files try to connect and test radius to see what is actually happening with this command freeradius is running and ready to serve requests so let it work and see output to debug I dont understand what you want me to do. Can you give me sample of the command. Thanks for your time. I am really in need of getting this fix as soon as possible — Reply to this email directly, view it on GitHub <#418 (comment) <https://github.com/lirantal/daloradius/issues/418#issuecomment-1463545938>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJFQLRACI4FVGC7H7DTW3L2PHANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you are subscribed to this thread.Message ID: /*@*/.***>freeradius upgrade output https://user-images.githubusercontent.com/127197211/224310126-1a6337ee-369a-4dc3-8ecd-cd2b50bdbd48.png
The response shows i have installed newest version of freeradius.
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1463700381, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJDF6ZQNZCBW3DBG74DW3MJM5ANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
faogundele
commented
1 year ago @Garfsfield, thanks a lot I have done that successfully, do I need to I need to edit all configuration files as I did earlier or such configurations are active and effective?
faogundele
commented
1 year ago @Garfsfield, thanks a lot I have done that successfully, do I need to I need to edit all configuration files as I did earlier or such configurations are active and effective?
I got errors reading and parsing /etc/freeradius/radiusd.conf : No such file or directory found.
faogundele
commented
1 year ago Hi, I have to reinstall all packages a fresh from beginning. I was also able to install the following freeradius 3.2.2, daloRadius 1.4, ubuntu 22.04. All steps went successfully , however during testing i ran into the below problems. Kindly, help to figure where I got it wrong.
faogundele
commented
1 year ago Hi, I have to reinstall all packages a fresh from beginning. I was also able to install the following freeradius 3.2.2, daloRadius 1.4, ubuntu 22.04. All steps went successfully , however during testing i ran into the below problems. Kindly, help to figure where I got it wrong.
I got access-accept response using the daloRADIUS test connectivity. when I log in as a user via radius client (AP) Igot access-reject
faogundele
commented
1 year ago Freeradius -XC shows Configuration appears to be OK
Garfsfield
commented
1 year ago Run service gregarious stop; freeradius -X | tee ~/rad-debug.log
Then do your authentication as you normally would.
Once that is done, go examine the ~/rad-debug.log file. Follow the logic of what is happening and what you are expecting to see.
Hope this helps.
On Sat, 11 Mar 2023, 14:00 faogundele @.***> wrote:
Freeradius -XC shows Configuration appears to be OK
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1464895924, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJECUXO7YHS4OU5LYU3W3RSMJANCNFSM6AAAAAAVVIPLFQ . You are receiving this because you were mentioned.Message ID: @.***>
faogundele
commented
1 year ago freeradius -X | tee ~/rad-debug.log
Hi, I am still getting the same result access-reject via logging in through radius client (AP). Find below the output. freeradius debugging output1.txt
Garfsfield
commented
1 year ago You need to analyse the debug output step by step to see what is causing the reject and that will give you a clue on how and where to fix it, so that it works for your specific situation.
As the development team of Freeradius have quoted here below....
While the debug output has a lot of information, you can generally ignore most of it, and look for the pieces you're interested in:
is the SQL module being run?
is the radgroupreply being used?
does the Access-Accept contain the correct Class attribute?
That's what's supposed to happen.
Then, the NAS is supposed to echo that Class into an Accounting-Request packet for that user. So...
when FreeRADIUS receives an Accounting-Request packet for that user, does it contain the same Class as was sent in the Access-Accept?
So you don't need to read the entire debug output. Thehttps://wiki.freeradius.org/guide/radiusd-X page also describes this.
Instead, load the debug output into a text editor, and search for keywords. Look for "Access-Accept", and then look in the attributes listed there for "Class". It's that easy,
On 2023/03/13 15:08, faogundele wrote:
freeradius -X | tee ~/rad-debug.logHi, I am still getting the same result access-reject via logging in through radius client (AP). Find below the output. freeradius debugging output1.txt https://github.com/lirantal/daloradius/files/10957659/freeradius.debugging.output1.txt
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1466115199, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJGYFP3R5R3A2RNF6J3W34L6BANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
faogundele
commented
1 year ago You need to analyse the debug output step by step to see what is causing the reject and that will give you a clue on how and where to fix it, so that it works for your specific situation. As the development team of Freeradius have quoted here below.... While the debug output has a lot of information, you can generally ignore most of it, and look for the pieces you're interested in: is the SQL module being run? is the radgroupreply being used? does the Access-Accept contain the correct Class attribute? That's what's supposed to happen. Then, the NAS is supposed to echo that Class into an Accounting-Request packet for that user. So... when FreeRADIUS receives an Accounting-Request packet for that user, does it contain the same Class as was sent in the Access-Accept? So you don't need to read the entire debug output. Thehttps://wiki.freeradius.org/guide/radiusd-X page also describes this. Instead, load the debug output into a text editor, and search for keywords. Look for "Access-Accept", and then look in the attributes listed there for "Class". It's that easy, … On 2023/03/13 15:08, faogundele wrote: freeradius -X | tee ~/rad-debug.log Hi, I am still getting the same result access-reject via logging in through radius client (AP). Find below the output. freeradius debugging output1.txt https://github.com/lirantal/daloradius/files/10957659/freeradius.debugging.output1.txt — Reply to this email directly, view it on GitHub <#418 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJGYFP3R5R3A2RNF6J3W34L6BANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
Please find below what I could point as error as the User-Password = paul but having different value here. ......... ............ Service-Type = Framed-User (0) Framed-Protocol = PPP (0) User-Name = "paul" (0) User-Password = "\204t\3441\347\365\321\014\237\247XI\323\n0\242" ........... ......... ......... pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: ERROR: Cleartext password does not match "known good" password (0) pap: Passwords don't match (0) [pap] = reject (0) } # Auth-Type PAP = reject (0) Failed to authenticate the user (0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (0) Using Post-Auth-Type Reject
faogundele
commented
1 year ago You need to analyse the debug output step by step to see what is causing the reject and that will give you a clue on how and where to fix it, so that it works for your specific situation. As the development team of Freeradius have quoted here below.... While the debug output has a lot of information, you can generally ignore most of it, and look for the pieces you're interested in: is the SQL module being run? is the radgroupreply being used? does the Access-Accept contain the correct Class attribute? That's what's supposed to happen. Then, the NAS is supposed to echo that Class into an Accounting-Request packet for that user. So... when FreeRADIUS receives an Accounting-Request packet for that user, does it contain the same Class as was sent in the Access-Accept? So you don't need to read the entire debug output. Thehttps://wiki.freeradius.org/guide/radiusd-X page also describes this. Instead, load the debug output into a text editor, and search for keywords. Look for "Access-Accept", and then look in the attributes listed there for "Class". It's that easy, … On 2023/03/13 15:08, faogundele wrote: freeradius -X | tee ~/rad-debug.log Hi, I am still getting the same result access-reject via logging in through radius client (AP). Find below the output. freeradius debugging output1.txt https://github.com/lirantal/daloradius/files/10957659/freeradius.debugging.output1.txt — Reply to this email directly, view it on GitHub <#418 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJGYFP3R5R3A2RNF6J3W34L6BANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
Please find below what I could point as error as the User-Password = paul but having different value here. ......... ............ Service-Type = Framed-User (0) Framed-Protocol = PPP (0) User-Name = "paul" (0) User-Password = "\204t\3441\347\365\321\014\237\247XI\323\n0\242" ........... ......... ......... pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: ERROR: Cleartext password does not match "known good" password (0) pap: Passwords don't match (0) [pap] = reject (0) } # Auth-Type PAP = reject (0) Failed to authenticate the user (0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (0) Using Post-Auth-Type Reject
It was mistake I made using mismatched shared secret between NAS and radius client.
Garfsfield
commented
1 year ago The message provided by Freeradius is that you do not have password to compare against for the user.
The default is Clear Text password which would be stored in the radcheck table which it can then compare the password being sent with. However that is not secure, and there are other ways of dealing with that, which means that you would place an encrypted password in the radcheck table for that user, which Freeradius would then use to compare the encrypted sent password with in order to verify if the sent password is correct.
How you choose to do this is up to you and what the authentication NAS/Router/Firewall are able to support.
These would be defined in the /etc/freeradius/sites-available/default file.
You will most likely have to read all the relevant Freeradius documents on the Freeradius wiki site. Your problem is NOT a Daloradius problem, it is a Freeradius configuration issue which is dependant on what you actually need it to do.
On 2023/03/15 23:35, faogundele wrote:
You need to analyse the debug output step by step to see what is causing the reject and that will give you a clue on how and where to fix it, so that it works for your specific situation. As the development team of Freeradius have quoted here below.... While the debug output has a lot of information, you can generally ignore most of it, and look for the pieces you're interested in: * is the SQL module being run? * is the radgroupreply being used? * does the Access-Accept contain the correct Class attribute? That's what's supposed to happen. Then, the NAS is supposed to echo that Class into an Accounting-Request packet for that user. So... * when FreeRADIUS receives an Accounting-Request packet for that user, does it contain the same Class as was sent in the Access-Accept? So you don't need to read the entire debug output. Thehttps://wiki.freeradius.org/guide/radiusd-X page also describes this. Instead, load the debug output into a text editor, and search for keywords. Look for "Access-Accept", and then look in the attributes listed there for "Class". It's that easy, … <#> On 2023/03/13 15:08, faogundele wrote: freeradius -X | tee ~/rad-debug.log Hi, I am still getting the same result access-reject via logging in through radius client (AP). Find below the output. freeradius debugging output1.txt https://github.com/lirantal/daloradius/files/10957659/freeradius.debugging.output1.txt — Reply to this email directly, view it on GitHub <#418 (comment) <https://github.com/lirantal/daloradius/issues/418#issuecomment-1466115199>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJGYFP3R5R3A2RNF6J3W34L6BANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: /*@*/.***> Please find below what I could point as error as the User-Password = *paul* but having different value here. ......... ............ Service-Type = Framed-User (0) Framed-Protocol = PPP (0) User-Name = "paul" (0) User-Password = "\204t\3441\347\365\321\014\237\247XI\323\n0\242" ........... ......... ......... pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: ERROR: Cleartext password does not match "known good" password (0) pap: Passwords don't match (0) [pap] = reject (0) } # Auth-Type PAP = reject (0) Failed to authenticate the user (0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (0) Using Post-Auth-Type RejectIt was mistake I made using mismatched shared secret between NAS and radius client.
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1470877057, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJAH4BIUTNBQMBWZGGTW4IY2ZANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
faogundele
commented
1 year ago You need to analyse the debug output step by step to see what is causing the reject and that will give you a clue on how and where to fix it, so that it works for your specific situation. As the development team of Freeradius have quoted here below.... While the debug output has a lot of information, you can generally ignore most of it, and look for the pieces you're interested in: is the SQL module being run? is the radgroupreply being used? does the Access-Accept contain the correct Class attribute? That's what's supposed to happen. Then, the NAS is supposed to echo that Class into an Accounting-Request packet for that user. So... when FreeRADIUS receives an Accounting-Request packet for that user, does it contain the same Class as was sent in the Access-Accept? So you don't need to read the entire debug output. Thehttps://wiki.freeradius.org/guide/radiusd-X page also describes this. Instead, load the debug output into a text editor, and search for keywords. Look for "Access-Accept", and then look in the attributes listed there for "Class". It's that easy, … On 2023/03/13 15:08, faogundele wrote: freeradius -X | tee ~/rad-debug.log Hi, I am still getting the same result access-reject via logging in through radius client (AP). Find below the output. freeradius debugging output1.txt https://github.com/lirantal/daloradius/files/10957659/freeradius.debugging.output1.txt — Reply to this email directly, view it on GitHub <#418 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJGYFP3R5R3A2RNF6J3W34L6BANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
Please find below what I could point as error as the User-Password = paul but having different value here. ......... ............ Service-Type = Framed-User (0) Framed-Protocol = PPP (0) User-Name = "paul" (0) User-Password = "\204t\3441\347\365\321\014\237\247XI\323\n0\242" ........... ......... ......... pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: ERROR: Cleartext password does not match "known good" password (0) pap: Passwords don't match (0) [pap] = reject (0) } # Auth-Type PAP = reject (0) Failed to authenticate the user (0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (0) Using Post-Auth-Type Reject
It was mistake I made using mismatched shared secret between NAS and radius client.
Hi @Garfsfield, I have been able to install ubuntu server 22.04, mysql, freeradius v3.2.2, daloRadius v1.3. I even tested the user connectivity successfully. However, the Simultaneous-Use attribute is still not working. Please, kindly help me out.
Garfsfield
commented
1 year ago The Simultaneous-Use attribute must be in the radcheck section, and you also need to have the sradutmp in the /etc/freeradius/sites-available/default file uncommented.
There will also be a sql entry which should be used if your are using sql database.
Once that is done, then "Simulatenous-Use := 1" on the radcheck (converted to a control attribute by Freeradius) should only ensure that that account can only authenticate once.
On 2023/03/20 11:51, faogundele wrote:
You need to analyse the debug output step by step to see what is causing the reject and that will give you a clue on how and where to fix it, so that it works for your specific situation. As the development team of Freeradius have quoted here below.... While the debug output has a lot of information, you can generally ignore most of it, and look for the pieces you're interested in: * is the SQL module being run? * is the radgroupreply being used? * does the Access-Accept contain the correct Class attribute? That's what's supposed to happen. Then, the NAS is supposed to echo that Class into an Accounting-Request packet for that user. So... * when FreeRADIUS receives an Accounting-Request packet for that user, does it contain the same Class as was sent in the Access-Accept? So you don't need to read the entire debug output. Thehttps://wiki.freeradius.org/guide/radiusd-X page also describes this. Instead, load the debug output into a text editor, and search for keywords. Look for "Access-Accept", and then look in the attributes listed there for "Class". It's that easy, … <#> On 2023/03/13 15:08, faogundele wrote: freeradius -X | tee ~/rad-debug.log Hi, I am still getting the same result access-reject via logging in through radius client (AP). Find below the output. freeradius debugging output1.txt https://github.com/lirantal/daloradius/files/10957659/freeradius.debugging.output1.txt — Reply to this email directly, view it on GitHub <#418 (comment) <https://github.com/lirantal/daloradius/issues/418#issuecomment-1466115199>>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJGYFP3R5R3A2RNF6J3W34L6BANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: /*@*/.***> Please find below what I could point as error as the User-Password = *paul* but having different value here. ......... ............ Service-Type = Framed-User (0) Framed-Protocol = PPP (0) User-Name = "paul" (0) User-Password = "\204t\3441\347\365\321\014\237\247XI\323\n0\242" ........... ......... ......... pap: Login attempt with password (0) pap: Comparing with "known good" Cleartext-Password (0) pap: ERROR: Cleartext password does not match "known good" password (0) pap: Passwords don't match (0) [pap] = reject (0) } # Auth-Type PAP = reject (0) Failed to authenticate the user (0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! (0) Using Post-Auth-Type Reject It was mistake I made using mismatched shared secret between NAS and radius client.Hi @Garfsfield https://github.com/Garfsfield, I have been able to install ubuntu server 22.04, mysql, freeradius v3.2.2, daloRadius v1.3. I even tested the user connectivity successfully. However, the Simultaneous-Use attribute is still not working. Please, kindly help me out.
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1475919123, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJEW76USZ2HZ4EDCMV3W5ASCJANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
faogundele
commented
1 year ago Hi @Garfsfield, I have uncommented sradutmp. what of radtump? where do I put sql entry since I am using mysql database?
Garfsfield
commented
1 year ago Hi, sradutmp is faster, do not use radutmp.
Go through the file and search for "Simultaneous" and READ the comments in the file.
On 2023/03/20 12:38, faogundele wrote:
Hi @Garfsfield https://github.com/Garfsfield, I have uncommented sradutmp. what of radtump? where do I put sql entry since I am using mysql database?
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1475989570, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJBTVQ6AE24PCDQTM5TW5AXUBANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
faogundele
commented
1 year ago tee
Hi @Garfsfield, I have tried your suggestion in the default file as attached, yet the Simultaneous-Use attribute is not working. freeradiut default file.txt
Garfsfield
commented
1 year ago /etc/freeradius/sites-available/default
# # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There is little we can do about it.
sradutmp
session {
# # See "Simultaneous Use Checking Queries" in mods-available/sql sql }
See "Simultaneous Use Checking Queries" in mods-available/sql
/etc/freeradius/mods-available/sql INCLUDES
/etc/freeradius/mods-config/sql/main/postgresql/queries.conf OR /etc/freeradius/mods-config/sql/main/mysql/queries.conf
Make sure each query shown here below (mine uses postgresql) are not commented out.
#######################################################################
#######################################################################
checking
for verification
verification step
be changed. #######################################################################
simul_count_query = "\ SELECT COUNT(RadAcctId) \ FROM ${acct_table1} a \ LEFT OUTER JOIN nasreload n USING (NASIPAddress) \ WHERE UserName='%{SQL-User-Name}' \ AND AcctStopTime IS NULL \ AND CalledStationId = '${apn}' \ AND (a.AcctStartTime > n.ReloadTime OR n.ReloadTime IS NULL)"
simul_verify_query = "\ SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, \ FramedProtocol \ FROM ${acct_table1} a \ LEFT OUTER JOIN nasreload n USING (nasipaddress) \ WHERE UserName='%{SQL-User-Name}' \ AND AcctStopTime IS NULL \ AND CalledStationId = '${apn}' \ AND (a.AcctStartTime > n.reloadtime OR n.reloadtime IS NULL)"
On 2023/03/20 15:47, faogundele wrote:
teeHi @Garfsfield https://github.com/Garfsfield, I have tried your suggestion in the default file as attached, yet the Simultaneous-Use attribute is not working. freeradiut default file.txt https://github.com/lirantal/daloradius/files/11018888/freeradiut.default.file.txt Screenshot1 https://user-images.githubusercontent.com/127197211/226359110-9737451e-0e45-4fd0-aaf8-2fca35ecadcf.png Screenshot 2 https://user-images.githubusercontent.com/127197211/226359143-c2ceb735-da15-4482-a96d-660d9d862612.png
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1476267513, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJBXBQW4AV5HX4WKDCDW5BNYPANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
faogundele
commented
1 year ago Hi @Garfsfield, I have gone through the files, some lines are not exactly thesame
1. The last line in ....mods-available/sql reads as follows
$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
where dialect = "mysql"
Do I comment the above last line in mods-available/sql and type in this /etc/freeradius/mods-config/sql/main/mysql/queries.conf
2 SELECT COUNT(RadAcctId) \
AND CalledStationId = '${apn}' \
the above two lines from your suggestion are missing in the file below under #####Simultaneous Use Checking Queries#### as shown in mine. Should I include them or not?
simul_count_query = "\ SELECT COUNT(*) \ FROM ${acct_table1} a \ LEFT OUTER JOIN nasreload n USING (nasipaddress) \ WHERE username = '%{SQL-User-Name}' \ AND acctstoptime IS NULL \ AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)"
simul_verify_query = "\ SELECT \ radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, \ callingstationid, framedprotocol \ FROM ${acct_table1} a \ LEFT OUTER JOIN nasreload n USING (nasipaddress) \ WHERE username = '%{SQL-User-Name}' \ AND acctstoptime IS NULL \ AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)"
Garfsfield
commented
1 year ago Hi
No, DO NOT change the include line, it is set to use the specific sql engine you selected in the sql mod file.
I do not use MYSQL, so was presenting an example from the PostgreSQL query.conf file. The purpose was to get you to actiully read the comments in the relevant files.
If you want me to do the work for you, I charge $400.00 per hour.
Thanks
On 2023/03/21 14:34, faogundele wrote:
Hi @Garfsfield https://github.com/Garfsfield, I have gone through the files, some lines are not exactly thesame
1.
The last line in ....mods-available/sql reads as follows
Read database-specific queries
$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
where dialect = "mysql"
Do I comment the above last line in mods-available/sql and type in this /etc/freeradius/mods-config/sql/main/mysql/queries.conf
2 SELECT COUNT(RadAcctId) \
AND CalledStationId = '${apn}' \
the above two lines from your suggestion are missing in the file below under #####Simultaneous Use Checking Queries#### as shown in mine. Should I include them or not?
simul_count_query = " SELECT COUNT(*) FROM ${acct_table1} a LEFT OUTER JOIN nasreload n USING (nasipaddress) WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)"
simul_verify_query = " SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM ${acct_table1} a LEFT OUTER JOIN nasreload n USING (nasipaddress) WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)"
— Reply to this email directly, view it on GitHub https://github.com/lirantal/daloradius/issues/418#issuecomment-1477761950, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJD4P3RM5TZ63KRZUCTW5GN5RANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
faogundele
commented
1 year ago Hi No, DO NOT change the include line, it is set to use the specific sql engine you selected in the sql mod file. I do not use MYSQL, so was presenting an example from the PostgreSQL query.conf file. The purpose was to get you to actiully read the comments in the relevant files. If you want me to do the work for you, I charge $400.00 per hour. Thanks … On 2023/03/21 14:34, faogundele wrote: Hi @Garfsfield https://github.com/Garfsfield, I have gone through the files, some lines are not exactly thesame 1. The last line in ....mods-available/sql reads as follows Read database-specific queries $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf where dialect = "mysql" Do I comment the above last line in mods-available/sql and type in this /etc/freeradius/mods-config/sql/main/mysql/queries.conf 2 SELECT COUNT(RadAcctId) \ AND CalledStationId = '${apn}' \ the above two lines from your suggestion are missing in the file below under #####Simultaneous Use Checking Queries#### as shown in mine. Should I include them or not? simul_count_query = " SELECT COUNT(*) FROM ${acct_table1} a LEFT OUTER JOIN nasreload n USING (nasipaddress) WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)" simul_verify_query = " SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM ${acct_table1} a LEFT OUTER JOIN nasreload n USING (nasipaddress) WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)" — Reply to this email directly, view it on GitHub <#418 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJD4P3RM5TZ63KRZUCTW5GN5RANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
alright noted
faogundele
commented
1 year ago 
Hi No, DO NOT change the include line, it is set to use the specific sql engine you selected in the sql mod file. I do not use MYSQL, so was presenting an example from the PostgreSQL query.conf file. The purpose was to get you to actiully read the comments in the relevant files. If you want me to do the work for you, I charge $400.00 per hour. Thanks … On 2023/03/21 14:34, faogundele wrote: Hi @Garfsfield https://github.com/Garfsfield, I have gone through the files, some lines are not exactly thesame 1. The last line in ....mods-available/sql reads as follows Read database-specific queries $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf where dialect = "mysql" Do I comment the above last line in mods-available/sql and type in this /etc/freeradius/mods-config/sql/main/mysql/queries.conf 2 SELECT COUNT(RadAcctId) \ AND CalledStationId = '${apn}' \ the above two lines from your suggestion are missing in the file below under #####Simultaneous Use Checking Queries#### as shown in mine. Should I include them or not? simul_count_query = " SELECT COUNT(*) FROM ${acct_table1} a LEFT OUTER JOIN nasreload n USING (nasipaddress) WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)" simul_verify_query = " SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM ${acct_table1} a LEFT OUTER JOIN nasreload n USING (nasipaddress) WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL AND (a.acctstarttime > n.reloadtime OR n.reloadtime IS NULL)" — Reply to this email directly, view it on GitHub <#418 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ALR2OJD4P3RM5TZ63KRZUCTW5GN5RANCNFSM6AAAAAAVVIPLFQ. You are receiving this because you were mentioned.Message ID: @.***>
Hi @Garfsfield, please do help me to fix the freeradius configuration, I have been on this for weeks and unable to figure it out. Do I change listening type = auth to auth+acct as screenshot1 Do I uncomment sql_session_start as in screenshot2 Thanks
faogundele
commented
1 year ago Hi, @Garfsfield, I have checked through rad-debug.log, I couldn't find the errors. Is it possible that my NAS (radius client) could be responsible for kicking off previous logged in user which is making simultaneous-use attribute =3 not working? rad-debug.log
faogundele
commented
1 year ago Hi, @Garfsfield, I have checked through rad-debug.log, I couldn't find the errors. Is it possible that my NAS (radius client) could be responsible for kicking off previous logged in user which is making simultaneous-use attribute =3 not working? rad-debug.log
Hi @Garfsfield and others, many thanks to you guys. I have discovered that NAS (radius client) is by factory default setting disallowing simultaneous-use attribute. Testing with a different type of NAS (radius client), the Simultaneous-Use attribute works perfectly. I will need to change the default setting to allow Simultaneous-Use attribute on my radius client. Once again thank you @Garfsfield for your kind effort and immeasurable time. God bless.
I am new to Daloradius. I have followed step by step guide available for configuration. The user can not sign in multiple devices assigned. For example: simultaneous-use := 3 for a user, once signed in a device will kick out the previous logged in user. Please, I need urgent help.