Im am very new to freeradius and am needing some help.
After i replaced the freeradius dictionary file with the mikrotik i cannot get radiusd to start. What modifications are necessary to radiusd.conf (or any other files) to get the service to start?
Thank you
Freeradius config
Last edited by in4ni on Wed Nov 09, 2005 3:43 pm, edited 1 time in total.
When having issues with FreeRadius, always launch it with the -X option. You will get much more meaningfull messages that way.
I have found ewo things to be problematic with the MT dictionary and FreeRadius:
The MT dictionary is far from complete (it is complete as far as the attributes that MT uses, but not for other NAS types, some of which exist in the default examples). It's easier if you just append the MT-specific attributes to the default one, rather than replacing it wholesale.
Also, some versions of FR don't like the "Group" and "Realm" attributes from MTs dictionary. I just re-name them to "MT-Group" and "MT-Realm", which work fine. Just be sure that if you refer to those in the users file (or elsewhere), that you use the modified names.
--Eric
I have found ewo things to be problematic with the MT dictionary and FreeRadius:
The MT dictionary is far from complete (it is complete as far as the attributes that MT uses, but not for other NAS types, some of which exist in the default examples). It's easier if you just append the MT-specific attributes to the default one, rather than replacing it wholesale.
Also, some versions of FR don't like the "Group" and "Realm" attributes from MTs dictionary. I just re-name them to "MT-Group" and "MT-Realm", which work fine. Just be sure that if you refer to those in the users file (or elsewhere), that you use the modified names.
--Eric
You should not replace freeradius dictionary with Mikrotik's, you should add Mikrotik's dictionary, but I think that new versions of freeradius already include Mikrotik NAS type and it's dictionary. I have running configuration and I have no problems with it, except simultaneous use part which I had to fix because I didn't allow checkrad to telnet to my hotspots. I allow just one connection, so when I used simultaneous use limited to 1, this didn't work with NAS type Mikrotik, so I just fixed responsible function inside checkrad. I hope this will help you.
Yeah, correctif you don't know what RADIUS does, better don't touch it
@larmaid
Radius is used for external authentication.
Before touching anything, you need to learn a lot. Basic Radius configuration and its support (I think) does not belong here in this Forum.
Check out these addresses, they are good for start:
http://www.freeradius.org (freeradius home page)
http://www.frontios.com/freeradius.html (some FreeRadius and MySQL HowTo Notes. Hope you know what MySQL does
)here is the link:
ftp://ftp.freeradius.org/pub/radius/fre ... 0.5.tar.gz
This is the latest version, released 2005.09.09
http://www.freeradius.org opens fine from my machine. Maybe they had some temporary problem. A few days ago, I could open everything, except mikrotik.com ... strange things happens sometime.
ftp://ftp.freeradius.org/pub/radius/fre ... 0.5.tar.gz
This is the latest version, released 2005.09.09
http://www.freeradius.org opens fine from my machine. Maybe they had some temporary problem. A few days ago, I could open everything, except mikrotik.com ...
strange things happens sometime.Please Freeradius Checkrad script for RouterOS 2.9.10
acim,
Please can you share your checkrad script with me ?
And any advise about what i have to carefully pay attention to , to make Simultaneous-Use successfully work ?
I am using RouterOS 2.9.10.
Thanks you in advance
--Aimé
Please can you share your checkrad script with me ?
And any advise about what i have to carefully pay attention to , to make Simultaneous-Use successfully work ?
I am using RouterOS 2.9.10.
Thanks you in advance
--Aimé
Edit checkrad Perl script and find this line:
sub mikrotik_telnet {
Then just bellow this add:
return 1;
The rest of this function will be ignored.
Then in radcheck table (I use PostgreSQL database) you should have attribute:
Simultaneous-Use := 1
for each user. You can use dialupadmin to add this, of course. And if you need my radius.conf file, PM to me with your e-mail address.
sub mikrotik_telnet {
Then just bellow this add:
return 1;
The rest of this function will be ignored.
Then in radcheck table (I use PostgreSQL database) you should have attribute:
Simultaneous-Use := 1
for each user. You can use dialupadmin to add this, of course. And if you need my radius.conf file, PM to me with your e-mail address.
Thank u acim,
But if the function returns 1, does it mean there is automatically duplicates ?
If the stop accounting packet was lost (seesion still open) and checkrad just return 1 without really checking on the NAS (via telent , snmp...) ,
The user might not be able to log in again. Isn't it ?
On my system checkrad doesn't get fired . I say that because i enabled debugging in checkrad and chechrad.log is still empty.
What is needed in radiusd.conf to make this hapeen ?
I am using SQL authentication and accounting.
But if the function returns 1, does it mean there is automatically duplicates ?
If the stop accounting packet was lost (seesion still open) and checkrad just return 1 without really checking on the NAS (via telent , snmp...) ,
The user might not be able to log in again. Isn't it ?
On my system checkrad doesn't get fired . I say that because i enabled debugging in checkrad and chechrad.log is still empty.
What is needed in radiusd.conf to make this hapeen ?
I am using SQL authentication and accounting.
No, radius will kick checkrad script just when it suspects there is at least one connection. If the user is not connected, checkrad will not be started at all. When there is already one connection, checkrad will bi kicked and this function will return 1, meaning multiple login not allowed. This works fine until you want to have multiple connections to some users, let's say you want some of your users to have just 1 connection, some of them 2, 3 or so. Then this function will not work properly. If you don't have this case, then just fix it as I told you. Otherwise you have to configure Mikrotik box to allow telnet from radius server so it can check active sessions.But if the function returns 1, does it mean there is automatically duplicates?
Regarding radius.conf, I have no time to check it out, but if you want it, I can send it to your mail so you can study it. Just send me your mail by PM in that case.
acim,
Here is my e-mail aklougbo@hotmail .
I will be glad to have your config and compare with mine to see why checkrad is never kicked on my system.
One more question:
I am still confused a little bit about a detail.
Let suppose a user did login-in and logout but the STOP accounting packet sent by the NAS to the radius was lost (for any reason). The session is considered by radius as STILL active
Now the user tries to log in again. Radius will think the user is having a second session, as the previous one was not closed properly and kick "checkrad"
If checkrad returns 1 , without checking the NAS , I think the user will not be able to log in again. Am I right ?. i just want to make sure if i understand the process.
Thanks for the help.
Here is my e-mail aklougbo@hotmail .
I will be glad to have your config and compare with mine to see why checkrad is never kicked on my system.
One more question:
I am still confused a little bit about a detail.
Let suppose a user did login-in and logout but the STOP accounting packet sent by the NAS to the radius was lost (for any reason). The session is considered by radius as STILL active
Now the user tries to log in again. Radius will think the user is having a second session, as the previous one was not closed properly and kick "checkrad"
If checkrad returns 1 , without checking the NAS , I think the user will not be able to log in again. Am I right ?. i just want to make sure if i understand the process.
Thanks for the help.
MT reports in regular intervals to radius accounting about user logins and logouts. Everything I told you works in real life. I don't have dialup users, just LAN users, but they also disconnect improperly sometimes and they still can connect after that. It's very rare that someone can't connect sometimes because of this, maybe 2-3 times per year. Then sysadmin has to restart radius. I explained why in some other thread on this forum. I will send you my radius.conf right now.
Hi,MT reports in regular intervals to radius accounting about user logins and logouts. Everything I told you works in real life. I don't have dialup users, just LAN users, but they also disconnect improperly sometimes and they still can connect after that. It's very rare that someone can't connect sometimes because of this, maybe 2-3 times per year. Then sysadmin has to restart radius. I explained why in some other thread on this forum. I will send you my radius.conf right now.
I am having a issue with uptime, for users with prepaid time, for example 120 hours per month, or even better 4 hours per day - 120 hours per month.
If you have configured this in radius, please if you can send me config.file, or better explain us here in forum, as I see lot of people have this issue.
Thank You in advance
Who is online
Users browsing this forum: Bing [Bot], raiser and 83 guests