Daloradius server config

#yum -y update
#reboot
#yum -y install wget vim ntp man
#ntpdate pool.ntp.org
#yum -y install httpd mysql mysql-devel mysql-server php php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc \
#yum -y install freeradius freeradius-mysql freeradius-utils

#setenforce 0
chkconfig httpd on
chkconfig mysqld on
/etc/init.d/httpd start
/etc/init.d/mysqld start
#mysql_secure_installation  mysqlpwd
#####Disallow root login remotely? [Y/n]n#####press 'n'
# iptables -F
# vi /var/www/html/test.php
<?php
phpinfo();
?>

PHPmyadmin
cd /var/www/html/
wget your-phpMyadmin.tar.gz
tar -zxvf your-phpMyadmin.tar.gz
mv your-phpMyadmin phpmyadmin
cd phpmyadmin
cp config.sample.inc.php config.inc.php
vi config.inc.php
$cfg['Servers'][$i]['auth_type'] = ¡®http¡®;
#/etc/init.d/httpd restart


#vi /etc/raddb/users
testuser Cleartext-Password := "testpassword"

#radiusd -X
#radtest testuser testpassword localhost 1812 testing123

####FR with MySQL
cp /etc/raddb/clients.conf /etc/raddb/clients.conf.bak
grep -v \# /etc/raddb/clients.conf.bak > /etc/raddb/clients.conf
vi /etc/raddb/clients.conf
 client 192.168.1.0/24 {
            secret          = radiussecret
            shortname       = testfreeradius
     }
   
vim /etc/raddb/users
#testuser Cleartext-Password := "testpassword"
####commment out this line

cp /etc/raddb/sql/mysql/admin.sql /etc/raddb/sql/mysql/admin.sql.bak
grep -v \# /etc/raddb/sql/mysql/admin.sql.bak > /etc/raddb/sql/mysql/admin.sql
vim /etc/raddb/sql/mysql/admin.sql
CREATE USER 'radius'@'localhost';
SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('radpass');
GRANT SELECT ON radius.* TO 'radius'@'localhost';
GRANT ALL on radius.radacct TO 'radius'@'localhost';
GRANT ALL on radius.radpostauth TO 'radius'@'localhost';

vim /etc/raddb/sql.conf
change the password 'radpass' to 'radpass'

mysql -u root -p
mysql>create database radius;
mysql>exit
mysql -u root -p radius < /etc/raddb/sql/mysql/admin.sql
mysql -u root -p radius < /etc/raddb/sql/mysql/schema.sql
mysql -u root -p radius < /etc/raddb/sql/mysql/nas.sql
mysql -u root -p radius < /etc/raddb/sql/mysql/ippool.sql

vi /etc/raddb/radiusd.conf
$INCLUDE sql.conf 

vi /etc/raddb/sql.conf
  server = "localhost"
        port = 3306
        login = "radius"
        password = "radpass"
        radius_db = "radius"
readclients = yes

vi /etc/raddb/sites-enabled/default
authorize {
          preprocess
          chap
          mschap
          suffix
          eap
          sql
          pap
}



accounting {
          detail
          sql
}

session {
radutmp
sql
}

mysql -u root -p

mysql> use radius;

INSERT INTO radcheck (UserName, Attribute, Value) VALUES ('user1', 'Password','password1');

mysql> exit

radiusd -X
radtest user1 password1 localhost 1812 testing123

wget http://download.pear.php.net/package/DB-1.7.14RC2.tgz
pear install DB-1.7.14RC2.tgz

###Notes daloradius 0.9-9 also works
wget http://nchc.dl.sourceforge.net/project/daloradius/daloradius/daloradius-0.9-8/daloradius-0.9-8.tar.gz
tar -zxvf daloradius-0.9-8.tar.gz
mv daloradius-0.9-8 daloradius
cp -rf daloradius /var/www/html/
chown apache:apache /var/www/html/daloradius/ -R
chmod 644 /var/www/html/daloradius/library/daloradius.conf.php
cd /var/www/html/daloradius/contrib/db/
  mysql -u root -p radius < mysql-daloradius.sql
 vi /var/www/html/daloradius/library/daloradius.conf.php

###########

$configValues['DALORADIUS_VERSION'] = '0.9-8';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysql';
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'radpass';
$configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_DB_TBL_RADCHECK'] = 'radcheck';
$configValues['CONFIG_DB_TBL_RADREPLY'] = 'radreply';
$configValues['CONFIG_DB_TBL_RADGROUPREPLY'] = 'radgroupreply';
$configValues['CONFIG_DB_TBL_RADGROUPCHECK'] = 'radgroupcheck';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';
$configValues['CONFIG_DB_TBL_RADNAS'] = 'nas';
$configValues['CONFIG_DB_TBL_RADPOSTAUTH'] = 'radpostauth';
$configValues['CONFIG_DB_TBL_RADACCT'] = 'radacct';
...........
#############

Optionals:
touch /tmp/daloradius.log
chown apache.apache /tmp/daloradius.log
http://ip/daloradius
username: administrator
password: radius
   
   
GRANT ALL PRIVILEGES ON *.* TO 'radius'@'192.168.1.115' IDENTIFIED BY 'radpass' WITH GRANT OPTION;   
FLUSH PRIVILEGES;






****************************************************************************##############


############################################################################
Hi
Thanks for last advices with freeradius installations + peap on debian lenny
Now i have no problem with enabling peap :)

this time I'm asking for help with some other problem:
I'm trying to enable WPA2 enterprice authentication on my accesspoints.
When trying to auth my wireless client I'm getting sth like this in log :

Wed May  5 15:09:25 2010 : Auth: Login incorrect: [karol/<no User-Password attribute>] (from client AP1 port 0 cli 0022431380c4)
where :
0022431380c4 is my wireless mac adress (laptop)
client AP1 is my Access Point client from clients.conf
karol - is my user from users.conf

it looks like freeradius don't want to look inside the password field and can't recognize a laptop ip (getting mac)

Please give me some advices - what's next ?

Here is my debug.


Kill-9:/home/kornel# freeradius -X
FreeRADIUS Version 2.1.8, for host i486-pc-linux-gnu, built on Jan  3 2010 at 15:51:52
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/freeradius/radiusd.conf
including configuration file /etc/freeradius/proxy.conf
including configuration file /etc/freeradius/clients.conf
including configuration file /etc/freeradius/snmp.conf
including configuration file /etc/freeradius/eap.conf
including configuration file /etc/freeradius/policy.conf
including files in directory /etc/freeradius/sites-enabled/
main {
    user = "freerad"
    group = "freerad"
    allow_core_dumps = no
}
including dictionary file /etc/freeradius/dictionary
main {
    prefix = "/usr"
    localstatedir = "/var"
    logdir = "/var/log/freeradius"
    libdir = "/usr/lib/freeradius"
    radacctdir = "/var/log/freeradius/radacct"
    hostname_lookups = no
    max_request_time = 30
    cleanup_delay = 5
    max_requests = 1024
    pidfile = "/var/run/freeradius/freeradius.pid"
    checkrad = "/usr/sbin/checkrad"
    debug_level = 0
    proxy_requests = yes
 log {
    stripped_names = yes
    auth = yes
    auth_badpass = yes
    auth_goodpass = yes
 }
 security {
    max_attributes = 200
    reject_delay = 1
    status_server = yes
 }
}
radiusd: #### Loading Realms and Home Servers ####
 proxy server {
    retry_delay = 5
    retry_count = 3
    default_fallback = yes
    dead_time = 120
    wake_all_if_all_dead = no
 }
radiusd: #### Loading Clients ####
 client localhost {
    ipaddr = 127.0.0.1
    require_message_authenticator = no
    secret = "testing123"
    nastype = "other"
 }
 client 172.16.0.16 {                ----------------------Client ip adress
    require_message_authenticator = no
    secret = "tajne1234"
    shortname = "eee"
 }
 client 192.168.10.50 {            ----------------------AP ip adress
    require_message_authenticator = no
    secret = "tajne1234"
    shortname = "AP1"
 }
radiusd: #### Instantiating modules ####
 instantiate {
 Module: Linked to module rlm_exec
 Module: Instantiating exec
  exec {
    wait = yes
    input_pairs = "request"
    shell_escape = yes
  }
 Module: Linked to module rlm_expr
 Module: Instantiating expr
 Module: Linked to module rlm_expiration
 Module: Instantiating expiration
  expiration {
    reply-message = "Password Has Expired  "
  }
 Module: Linked to module rlm_logintime
 Module: Instantiating logintime
  logintime {
    reply-message = "You are calling outside your allowed timespan  "
    minimum-timeout = 60
  }
 }
radiusd: #### Loading Virtual Servers ####
server {
 modules {
 } # modules
} # server
radiusd: #### Opening IP addresses and Ports ####
listen {
    type = "auth"
    ipaddr = *
    port = 1812
}
listen {
    type = "acct"
    ipaddr = *
    port = 0
}
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.

AND here is an authenticate attempt debug

rad_recv: Access-Request packet from host 192.168.10.50 port 2054, id=148, length=169
    User-Name = "karol"
    NAS-IP-Address = 192.168.10.50             ----------------------AP ip adress
    NAS-Port = 0
    Called-Station-Id = "00265abab28d"        ----------------------AP mac adress
    Calling-Station-Id = "0022431380c4"       ----------------------Client mac adress
    NAS-Identifier = "Realtek Access Point. 8186"
    Framed-MTU = 1400
    NAS-Port-Type = Wireless-802.11
    Service-Type = Framed-User
    Connect-Info = "CONNECT 11Mbps 802.11b"
    EAP-Message = 0x0200000b016d617263696e
    Message-Authenticator = 0x2ea50a302a451ed3b32b748a23fe00e3
  WARNING: Empty section.  Using default return values.
No authenticate method (Auth-Type) configuration found for the request: Rejecting the user
Failed to authenticate the user.
Login incorrect: [karol/<no User-Password attribute>] (from client AP1 port 0 cli 0022431380c4)
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 148 to 192.168.10.50 port 2054
Waking up in 4.9 seconds.


Client's system is eeebuntu and i'm sure that's on client and on AP everything is ok because when i'm connecting to another freeradius server - it's working fine (unfortunatelly i don't have an acces to those confs) in addition - temporarily I accepted all connections from those two ip's on my firewall to have 100% sure that's not a connection issue.

Thank you for your time and knowledge share.

--
LAN Administrator of DS14
Kornel Kornatka
room 529

***************************************************************************
<?php
/*
 *********************************************************************************************************
 * daloRADIUS - RADIUS Web Platform
 * Copyright (C) 2007 - Liran Tal <liran@enginx.com> All Rights Reserved.
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 *********************************************************************************************************
 * Description:
 *              daloRADIUS Configuration File
 *
 * Modification Date:
 *              Tue Sep 13 11:56:08 EAT 2011
 *********************************************************************************************************
 */


$configValues['DALORADIUS_VERSION'] = '0.9-9';
$configValues['FREERADIUS_VERSION'] = '2';
$configValues['CONFIG_DB_ENGINE'] = 'mysql;
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'radpass';
$configValues['CONFIG_DB_NAME'] = 'radius';
$configValues['CONFIG_DB_TBL_RADCHECK'] = 'radcheck';
$configValues['CONFIG_DB_TBL_RADREPLY'] = 'radreply';
$configValues['CONFIG_DB_TBL_RADGROUPREPLY'] = 'radgroupreply';
$configValues['CONFIG_DB_TBL_RADGROUPCHECK'] = 'radgroupcheck';
$configValues['CONFIG_DB_TBL_RADUSERGROUP'] = 'radusergroup';
$configValues['CONFIG_DB_TBL_RADNAS'] = 'nas';
$configValues['CONFIG_DB_TBL_RADHG'] = 'radhuntgroup';
$configValues['CONFIG_DB_TBL_RADPOSTAUTH'] = 'radpostauth';
$configValues['CONFIG_DB_TBL_RADACCT'] = 'radacct';
$configValues['CONFIG_DB_TBL_RADIPPOOL'] = 'radippool';
$configValues['CONFIG_DB_TBL_DALOOPERATORS'] = 'operators';
$configValues['CONFIG_DB_TBL_DALOOPERATORS_ACL'] = 'operators_acl';
$configValues['CONFIG_DB_TBL_DALOOPERATORS_ACL_FILES'] = 'operators_acl_files';
$configValues['CONFIG_DB_TBL_DALORATES'] = 'rates';
$configValues['CONFIG_DB_TBL_DALOHOTSPOTS'] = 'hotspots';
$configValues['CONFIG_DB_TBL_DALOUSERINFO'] = 'userinfo';
$configValues['CONFIG_DB_TBL_DALOUSERBILLINFO'] = 'userbillinfo';
$configValues['CONFIG_DB_TBL_DALODICTIONARY'] = 'dictionary';
$configValues['CONFIG_DB_TBL_DALOREALMS'] = 'realms';
$configValues['CONFIG_DB_TBL_DALOPROXYS'] = 'proxys';
$configValues['CONFIG_DB_TBL_DALOBILLINGPAYPAL'] = 'billing_paypal';
$configValues['CONFIG_DB_TBL_DALOBILLINGMERCHANT'] = 'billing_merchant';
$configValues['CONFIG_DB_TBL_DALOBILLINGPLANS'] = 'billing_plans';
$configValues['CONFIG_DB_TBL_DALOBILLINGRATES'] = 'billing_rates';
$configValues['CONFIG_DB_TBL_DALOBILLINGHISTORY'] = 'billing_history';
$configValues['CONFIG_DB_TBL_DALOBATCHHISTORY'] = 'batch_history';
$configValues['CONFIG_DB_TBL_DALOBILLINGPLANSPROFILES'] = 'billing_plans_profiles';
$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICE'] = 'invoice';
$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICEITEMS'] = 'invoice_items';
$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICESTATUS'] = 'invoice_status';
$configValues['CONFIG_DB_TBL_DALOBILLINGINVOICETYPE'] = 'invoice_type';
$configValues['CONFIG_DB_TBL_DALOPAYMENTS'] = 'payment';
$configValues['CONFIG_DB_TBL_DALOPAYMENTTYPES'] = 'payment_type';
$configValues['CONFIG_DB_TBL_DALONODE'] = 'node';
$configValues['CONFIG_FILE_RADIUS_PROXY'] = '/etc/freeradius/proxy.conf';
$configValues['CONFIG_PATH_RADIUS_DICT'] = '';
$configValues['CONFIG_PATH_DALO_VARIABLE_DATA'] = '/var/www/daloradius/var';
$configValues['CONFIG_DB_PASSWORD_ENCRYPTION'] = 'cleartext';
$configValues['CONFIG_LANG'] = 'en';
$configValues['CONFIG_LOG_PAGES'] = 'yes';
$configValues['CONFIG_LOG_ACTIONS'] = 'yes';
$configValues['CONFIG_LOG_QUERIES'] = 'yes';
$configValues['CONFIG_DEBUG_SQL'] = 'yes';
$configValues['CONFIG_DEBUG_SQL_ONPAGE'] = 'yes';
$configValues['CONFIG_LOG_FILE'] = '/tmp/daloradius.log';
$configValues['CONFIG_IFACE_PASSWORD_HIDDEN'] = 'no';
$configValues['CONFIG_IFACE_TABLES_LISTING'] = '25';
$configValues['CONFIG_IFACE_TABLES_LISTING_NUM'] = 'yes';
$configValues['CONFIG_IFACE_AUTO_COMPLETE'] = 'yes';
$configValues['CONFIG_MAINT_TEST_USER_RADIUSSERVER'] = '127.0.0.1';
$configValues['CONFIG_MAINT_TEST_USER_RADIUSPORT'] = '1812';
$configValues['CONFIG_MAINT_TEST_USER_NASPORT'] = '0';
$configValues['CONFIG_MAINT_TEST_USER_RADIUSSECRET'] = 'testing123';
$configValues['CONFIG_USER_ALLOWEDRANDOMCHARS'] = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKMNPQRSTUVWXYZ23456789';
$configValues['CONFIG_MAIL_SMTPADDR'] = '127.0.0.1';
$configValues['CONFIG_MAIL_SMTPPORT'] = '25';
$configValues['CONFIG_MAIL_SMTPAUTH'] = '';
$configValues['CONFIG_MAIL_SMTPFROM'] = 'root@daloradius.xdsl.by';
$configValues['CONFIG_DASHBOARD_DALO_SECRETKEY'] = 'sillykey';
$configValues['CONFIG_DASHBOARD_DALO_DEBUG'] = '1';
$configValues['CONFIG_DASHBOARD_DALO_DELAYSOFT'] = '5';
$configValues['CONFIG_DASHBOARD_DALO_DELAYHARD'] = '15';


?>
*******************************************************************************
CREATE USER 'radius'@'localhost';

SET PASSWORD FOR 'radius'@'localhost' = PASSWORD('radpass');

GRANT SELECT ON radius.* TO 'radius'@'localhost';

GRANT ALL on radius.radacct TO 'radius'@'localhost';

GRANT ALL on radius.radpostauth TO 'radius'@'localhost';
*****************************************************************************
# -*- text -*-
##
## radiusd.conf    -- FreeRADIUS server configuration file.
##
##    http://www.freeradius.org/
##    $Id$
##

######################################################################
#
#    Read "man radiusd" before editing this file.  See the section
#    titled DEBUGGING.  It outlines a method where you can quickly
#    obtain the configuration you want, without running into
#    trouble.
#
#    Run the server in debugging mode, and READ the output.
#
#        $ radiusd -X
#
#    We cannot emphasize this point strongly enough.  The vast
#    majority of problems can be solved by carefully reading the
#    debugging output, which includes warnings about common issues,
#    and suggestions for how they may be fixed.
#
#    There may be a lot of output, but look carefully for words like:
#    "warning", "error", "reject", or "failure".  The messages there
#    will usually be enough to guide you to a solution.
#
#    If you are going to ask a question on the mailing list, then
#    explain what you are trying to do, and include the output from
#    debugging mode (radiusd -X).  Failure to do so means that all
#    of the responses to your question will be people telling you
#    to "post the output of radiusd -X".

######################################################################
#
#      The location of other config files and logfiles are declared
#      in this file.
#
#      Also general configuration for modules can be done in this
#      file, it is exported through the API to modules that ask for
#      it.
#
#    See "man radiusd.conf" for documentation on the format of this
#    file.  Note that the individual configuration items are NOT
#    documented in that "man" page.  They are only documented here,
#    in the comments.
#
#    As of 2.0.0, FreeRADIUS supports a simple processing language
#    in the "authorize", "authenticate", "accounting", etc. sections.
#    See "man unlang" for details.
#

prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct

#
#  name of the running server.  See also the "-n" command-line option.
name = radiusd

#  Location of config and logfiles.
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/${name}

# Should likely be ${localstatedir}/lib/radiusd
db_dir = ${raddbdir}

#
# libdir: Where to find the rlm_* modules.
#
#   This should be automatically set at configuration time.
#
#   If the server builds and installs, but fails at execution time
#   with an 'undefined symbol' error, then you can use the libdir
#   directive to work around the problem.
#
#   The cause is usually that a library has been installed on your
#   system in a place where the dynamic linker CANNOT find it.  When
#   executing as root (or another user), your personal environment MAY
#   be set up to allow the dynamic linker to find the library.  When
#   executing as a daemon, FreeRADIUS MAY NOT have the same
#   personalized configuration.
#
#   To work around the problem, find out which library contains that symbol,
#   and add the directory containing that library to the end of 'libdir',
#   with a colon separating the directory names.  NO spaces are allowed.
#
#   e.g. libdir = /usr/local/lib:/opt/package/lib
#
#   You can also try setting the LD_LIBRARY_PATH environment variable
#   in a script which starts the server.
#
#   If that does not work, then you can re-configure and re-build the
#   server to NOT use shared libraries, via:
#
#    ./configure --disable-shared
#    make
#    make install
#
libdir = /usr/lib/freeradius

#  pidfile: Where to place the PID of the RADIUS server.
#
#  The server may be signalled while it's running by using this
#  file.
#
#  This file is written when ONLY running in daemon mode.
#
#  e.g.:  kill -HUP `cat /var/run/radiusd/radiusd.pid`
#
pidfile = ${run_dir}/${name}.pid

#  chroot: directory where the server does "chroot".
#
#  The chroot is done very early in the process of starting the server.
#  After the chroot has been performed it switches to the "user" listed
#  below (which MUST be specified).  If "group" is specified, it switchs
#  to that group, too.  Any other groups listed for the specified "user"
#  in "/etc/group" are also added as part of this process.
#
#  The current working directory (chdir / cd) is left *outside* of the
#  chroot until all of the modules have been initialized.  This allows
#  the "raddb" directory to be left outside of the chroot.  Once the
#  modules have been initialized, it does a "chdir" to ${logdir}.  This
#  means that it should be impossible to break out of the chroot.
#
#  If you are worried about security issues related to this use of chdir,
#  then simply ensure that the "raddb" directory is inside of the chroot,
#  end be sure to do "cd raddb" BEFORE starting the server.
#
#  If the server is statically linked, then the only files that have
#  to exist in the chroot are ${run_dir} and ${logdir}.  If you do the
#  "cd raddb" as discussed above, then the "raddb" directory has to be
#  inside of the chroot directory, too.
#
#chroot = /path/to/chroot/directory

# user/group: The name (or #number) of the user/group to run radiusd as.
#
#   If these are commented out, the server will run as the user/group
#   that started it.  In order to change to a different user/group, you
#   MUST be root ( or have root privleges ) to start the server.
#
#   We STRONGLY recommend that you run the server with as few permissions
#   as possible.  That is, if you're not using shadow passwords, the
#   user and group items below should be set to radius'.
#
#  NOTE that some kernels refuse to setgid(group) when the value of
#  (unsigned)group is above 60000; don't use group nobody on these systems!
#
#  On systems with shadow passwords, you might have to set 'group = shadow'
#  for the server to be able to read the shadow password file.  If you can
#  authenticate users while in debug mode, but not in daemon mode, it may be
#  that the debugging mode server is running as a user that can read the
#  shadow info, and the user listed below can not.
#
#  The server will also try to use "initgroups" to read /etc/groups.
#  It will join all groups where "user" is a member.  This can allow
#  for some finer-grained access controls.
#
user = radiusd
group = radiusd

#  max_request_time: The maximum time (in seconds) to handle a request.
#
#  Requests which take more time than this to process may be killed, and
#  a REJECT message is returned.
#
#  WARNING: If you notice that requests take a long time to be handled,
#  then this MAY INDICATE a bug in the server, in one of the modules
#  used to handle a request, OR in your local configuration.
#
#  This problem is most often seen when using an SQL database.  If it takes
#  more than a second or two to receive an answer from the SQL database,
#  then it probably means that you haven't indexed the database.  See your
#  SQL server documentation for more information.
#
#  Useful range of values: 5 to 120
#
max_request_time = 30

#  cleanup_delay: The time to wait (in seconds) before cleaning up
#  a reply which was sent to the NAS.
#
#  The RADIUS request is normally cached internally for a short period
#  of time, after the reply is sent to the NAS.  The reply packet may be
#  lost in the network, and the NAS will not see it.  The NAS will then
#  re-send the request, and the server will respond quickly with the
#  cached reply.
#
#  If this value is set too low, then duplicate requests from the NAS
#  MAY NOT be detected, and will instead be handled as seperate requests.
#
#  If this value is set too high, then the server will cache too many
#  requests, and some new requests may get blocked.  (See 'max_requests'.)
#
#  Useful range of values: 2 to 10
#
cleanup_delay = 5

#  max_requests: The maximum number of requests which the server keeps
#  track of.  This should be 256 multiplied by the number of clients.
#  e.g. With 4 clients, this number should be 1024.
#
#  If this number is too low, then when the server becomes busy,
#  it will not respond to any new requests, until the 'cleanup_delay'
#  time has passed, and it has removed the old requests.
#
#  If this number is set too high, then the server will use a bit more
#  memory for no real benefit.
#
#  If you aren't sure what it should be set to, it's better to set it
#  too high than too low.  Setting it to 1000 per client is probably
#  the highest it should be.
#
#  Useful range of values: 256 to infinity
#
max_requests = 1024

#  listen: Make the server listen on a particular IP address, and send
#  replies out from that address. This directive is most useful for
#  hosts with multiple IP addresses on one interface.
#
#  If you want the server to listen on additional addresses, or on
#  additionnal ports, you can use multiple "listen" sections.
#
#  Each section make the server listen for only one type of packet,
#  therefore authentication and accounting have to be configured in
#  different sections.
#
#  The server ignore all "listen" section if you are using '-i' and '-p'
#  on the command line.
#
listen {
    #  Type of packets to listen for.
    #  Allowed values are:
    #    auth    listen for authentication packets
    #    acct    listen for accounting packets
    #    proxy   IP to use for sending proxied packets
    #    detail  Read from the detail file.  For examples, see
    #               raddb/sites-available/copy-acct-to-home-server
    #    status  listen for Status-Server packets.  For examples,
    #        see raddb/sites-available/status
    #    coa     listen for CoA-Request and Disconnect-Request
    #        packets.  For examples, see the file
    #        raddb/sites-available/coa-server
    #
    type = auth

    #  Note: "type = proxy" lets you control the source IP used for
    #        proxying packets, with some limitations:
    #
    #    * A proxy listener CANNOT be used in a virtual server section.
    #    * You should probably set "port = 0".
    #    * Any "clients" configuration will be ignored.
    #
    #  See also proxy.conf, and the "src_ipaddr" configuration entry
    #  in the sample "home_server" section.  When you specify the
    #  source IP address for packets sent to a home server, the
    #  proxy listeners are automatically created.

    #  IP address on which to listen.
    #  Allowed values are:
    #    dotted quad (1.2.3.4)
    #       hostname    (radius.example.com)
    #       wildcard    (*)
    ipaddr = *

    #  OR, you can use an IPv6 address, but not both
    #  at the same time.
#    ipv6addr = ::    # any.  ::1 == localhost

    #  Port on which to listen.
    #  Allowed values are:
    #    integer port number (1812)
    #    0 means "use /etc/services for the proper port"
    port = 0

    #  Some systems support binding to an interface, in addition
    #  to the IP address.  This feature isn't strictly necessary,
    #  but for sites with many IP addresses on one interface,
    #  it's useful to say "listen on all addresses for eth0".
    #
    #  If your system does not support this feature, you will
    #  get an error if you try to use it.
    #
#    interface = eth0

    #  Per-socket lists of clients.  This is a very useful feature.
    #
    #  The name here is a reference to a section elsewhere in
    #  radiusd.conf, or clients.conf.  Having the name as
    #  a reference allows multiple sockets to use the same
    #  set of clients.
    #
    #  If this configuration is used, then the global list of clients
    #  is IGNORED for this "listen" section.  Take care configuring
    #  this feature, to ensure you don't accidentally disable a
    #  client you need.
    #
    #  See clients.conf for the configuration of "per_socket_clients".
    #
#    clients = per_socket_clients
}

#  This second "listen" section is for listening on the accounting
#  port, too.
#
listen {
    ipaddr = *
#    ipv6addr = ::
    port = 0
    type = acct
#    interface = eth0
#    clients = per_socket_clients
}

#  hostname_lookups: Log the names of clients or just their IP addresses
#  e.g., www.freeradius.org (on) or 206.47.27.232 (off).
#
#  The default is 'off' because it would be overall better for the net
#  if people had to knowingly turn this feature on, since enabling it
#  means that each client request will result in AT LEAST one lookup
#  request to the nameserver.   Enabling hostname_lookups will also
#  mean that your server may stop randomly for 30 seconds from time
#  to time, if the DNS requests take too long.
#
#  Turning hostname lookups off also means that the server won't block
#  for 30 seconds, if it sees an IP address which has no name associated
#  with it.
#
#  allowed values: {no, yes}
#
hostname_lookups = no

#  Core dumps are a bad thing.  This should only be set to 'yes'
#  if you're debugging a problem with the server.
#
#  allowed values: {no, yes}
#
allow_core_dumps = no

#  Regular expressions
#
#  These items are set at configure time.  If they're set to "yes",
#  then setting them to "no" turns off regular expression support.
#
#  If they're set to "no" at configure time, then setting them to "yes"
#  WILL NOT WORK.  It will give you an error.
#
regular_expressions    = yes
extended_expressions    = yes

#

Comments

Post a Comment

Popular posts from this blog

PHPMixBill V5 mikrotik Billing Solutions

Image
New Features: =================================================== – New Coding (ORM & Smarty) – New Design (responsive) – NEW API Mikrotik (PEAR2_Net_RouterOS) – Multi Router Mikrotik – Hotspot & PPPOE – Easy Installation – Multi Language and many more… STEPS: Installation =================================================== Auto Installer: 1. Unzip the contents of the zip file to a folder on your computer. 2. Upload the Entire phpmixbill_v5.0 folder to your website / server 3. Next you can rename the folder to whatever you like (billing, finance, manage etc..) 4. Now visit the uploaded location using your web browser to run the installer process. 5. Follow the instructions on screen to install PHPMixBill v5.0. 6. For security, Delete the install directory inside system folder. 7. If you see blank page after installation, it might be your compiled folder permissoon is not writable. Please make permission 755 compiled directory inside ui folder to s
Read more

How to install Asterisk and A2billing on Ubuntu Server 12.04LTS

This installation was carried out on Ubuntu 12.04 LTS on 64bit We need to upgrade apt-get #apt-get upgrade #apt-get update Configure your timezone: #dpkg-reconfigure tzdata Install some pre-requisites: #apt-get install libapache2-mod-php5 php5 php5-common #apt-get install php5-cli php5-mysql mysql-server apache2 php5-gd (note the password for mysql, we will need it later) #apt-get install php5-mcrypt #apt-get install build-essential wget libssl-dev libncurses5-dev libnewt-dev  libxml2-dev linux-headers-$(uname -r) libsqlite3-dev uuid-dev Add jansson and install Asterisk 12.1.1 #apt-get install python-software-properties -y #apt-key adv --keyserver pgp.mit.edu --recv-keys 175E41DF #http://www.digip.org/jansson/releases/jansson-2.4.tar.gz #tar -zxf jansson-2.4.tar.gz #cd jansson-2.4/ #./configure --prefix=/usr/ && make clean && make && make install asterisk-1.8.27.0-rc1.tar.gz #add-apt-repository "deb http://packages.asterisk.o
Read more

odbcinst: SQLGetPrivateProfileString failed with

Image
odbcinst: SQLGetPrivateProfileString failed with . This is an error that I received while setting up Asterisk with MySQL. The error occurs when I type in the command: sudo odbcinst -q -d The reason for the error is 1 of 2 things. * To find your local path for odbcinst run the following from terminal: sudo odbcinst -j 1. You are missing environment profiles Run the following in terminal to check your environment profiles for ODBC: env | grep 'ODBC' You should see the following returned: LD_LIBRARY_PATH=/usr/local/unixODBC/lib:/usr/local/lib: ODBCSYSINI=/usr/local/etc ODBCINI=/usr/local/etc/odbc.ini If not then this is your first problem. You are missing the environment variables to unixODBC. To add the environment variables run the following in terminal (no sudo): export LD_LIBRARY_PATH=/usr/local/unixODBC/lib:/usr/local/lib: export ODBCSYSINI=/usr/local/etc export ODBCINI=/usr/local/etc/odbc.ini * Please note that the paths are where your odbc files sit. So ple
Read more