IQ, The detail file is immediately updated whenever accounting requests come in. And I'm pretty sure that it never deletes itself, that would be up to you to setup a rotation script.
Frank ----- Original Message ----- From: "freeradlist@GoldenIT" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, April 07, 2002 7:40 PM Subject: how does detail file works. > Hi Every One, > I am new to free radius. It is working fine for me. I > was just wondering how does "detail file > (/usr/local/var/log/radius/radaact/ip/detail)" works in free radius. I mean > does it gives us stats on daily basis or weekly basis, is it written over > daily or weekly or does it keeps the record since the radius is installed? I > have software that imports detail file once a month and make stats out of > it. I was wondering if detail file is getting written over every day if yes > then how will we make monthly stats. I also have downloaded the "radacct" > script from the "related software" which is working pretty well for me, but > this script is also providing me the stats since the day I have installed > the script nothing before that. > Kindly guide me about he working of " detail" file. And yes I installed > demon tools they worked fine for two weeks and then died so I am not using > them anymore but the "Killscript.sh" is working pretty well for me. > regards, > > IQ > > > ----- Original Message ----- > From: <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, April 05, 2002 11:42 PM > Subject: Freeradius-Users digest, Vol 1 #624 - 8 msgs > > > > Send Freeradius-Users mailing list submissions to > > [EMAIL PROTECTED] > > > > To subscribe or unsubscribe via the World Wide Web, visit > > http://lists.cistron.nl/mailman/listinfo/freeradius-users > > or, via email, send a message with subject or body 'help' to > > [EMAIL PROTECTED] > > > > You can reach the person managing the list at > > [EMAIL PROTECTED] > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of Freeradius-Users digest..." > > > > > > Today's Topics: > > > > 1. how to validate (Takemura Kiyoaki) > > 2. Re: freeradius and mysql (Nicolas) > > 3. Using Radius for Mac Auth. with Wireless Internet. (Stephan Viljoen) > > 4. Authenticate with Windows NT domain (Joga Singh) > > 5. error when using freeradius with mysl authentication (Dirk > Tanneberger) > > 6. Fw: Using Radius for Mac Auth. with Wireless Internet. (Stephan > Viljoen) > > 7. rlm_sql_postgresql problem in FR 0.5+ (Timophey) > > 8. FreeRADIUS and PAM (McNutt, Justin M.) > > > > --__--__-- > > > > Message: 1 > > Date: Fri, 05 Apr 2002 16:03:15 +0900 > > From: Takemura Kiyoaki <[EMAIL PROTECTED]> > > Organization: Kochi University > > To: [EMAIL PROTECTED] > > Subject: how to validate > > Reply-To: [EMAIL PROTECTED] > > > > > > Hi,all. > > > > We are in trouble with seeting up freeradius0.5 on solaris8. > > Every connection became rejected as "invalid password" > > (radius log below) > > > > Fri Apr 5 14:48:30 2002 : Info: Listening on IP address > > 133.97.XXX.XXX ports 1645/udp and 1646/udp. > > Fri Apr 5 14:48:30 2002 : Info: Ready to process requests. > > Fri Apr 5 14:54:53 2002 : Auth: rlm_unix: [takemura]: invalid password > > Fri Apr 5 14:54:58 2002 : Info: Sending duplicate authentication reply > > to client ppp1-gw1:1645 - ID: 124 > > Fri Apr 5 14:54:58 2002 : Auth: rlm_unix: [takemura]: invalid password > > Fri Apr 5 14:55:51 2002 : Auth: rlm_unix: [takemura]: invalid password > > Fri Apr 5 14:55:56 2002 : Info: Sending duplicate authentication reply > > to client ppp1-gw1:1645 - ID: 126 > > > > > > We use NIS password(no shadow file type). > > This is an output between site radiusd.conf and the original one. > > > > < bind_address = 133.97.XXX.XXX > > --- > > > bind_address = * > > 186c185 > > < port = 1645 > > --- > > > port = 0 > > 334,335c333,334 > > < proxy_requests = no > > < # $INCLUDE ${confdir}/proxy.conf > > --- > > > proxy_requests = yes > > > $INCLUDE ${confdir}/proxy.conf > > 437c436 > > < cache = no > > --- > > > cache = yes > > 440c439 > > < # cache_reload = 600 > > --- > > > cache_reload = 600 > > 454,456c453,455 > > < passwd = /var/nis/passwd > > < # shadow = /etc/shadow > > < group = /var/nis/group > > --- > > > passwd = /etc/passwd > > > # shadow = /etc/shadow > > > group = /etc/group > > > > > > > > Debug mode output is > > /usr/local/sbin/radiusd -xxyz -l stdout > > Starting - reading configuration files ... > > reread_config: reading radiusd.conf > > Config: including file: /usr/local/etc/raddb/clients.conf > > Config: including file: /usr/local/etc/raddb/snmp.conf > > Config: including file: /usr/local/etc/raddb/sql.conf > > main: prefix = "/usr/local" > > main: localstatedir = "/usr/local/var" > > main: logdir = "/usr/local/var/log/radius" > > main: libdir = "/usr/local/lib" > > main: radacctdir = "/usr/local/var/log/radius/radacct" > > main: hostname_lookups = no > > read_config_files: reading dictionary > > read_config_files: reading clients > > read_config_files: reading realms > > read_config_files: reading naslist > > main: max_request_time = 30 > > main: cleanup_delay = 5 > > main: max_requests = 1024 > > main: delete_blocked_requests = 0 > > main: port = 1645 > > main: allow_core_dumps = no > > main: log_stripped_names = no > > main: log_auth = no > > main: log_auth_badpass = no > > main: log_auth_goodpass = no > > main: pidfile = "/usr/local/var/run/radiusd.pid" > > main: bind_address = 133.97.XXX.XXX IP address [133.97.XXX.XXX] > > main: user = "root" > > main: group = "root" > > main: usercollide = no > > main: lower_user = "no" > > main: lower_pass = "no" > > main: nospace_user = "no" > > main: nospace_pass = "no" > > main: proxy_requests = no > > security: max_attributes = 200 > > security: reject_delay = 1 > > main: debug_level = 0 > > read_config_files: entering modules setup > > Module: Library search path is /usr/local/lib > > Module: Loaded System > > unix: cache = no > > unix: passwd = "/var/nis/passwd" > > unix: shadow = "(null)" > > unix: group = "/var/nis/group" > > unix: radwtmp = "/usr/local/var/log/radius/radwtmp" > > unix: usegroup = no > > unix: cache_reload = 600 > > Module: Instantiated unix (unix) > > Module: Loaded preprocess > > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > > preprocess: hints = "/usr/local/etc/raddb/hints" > > preprocess: with_ascend_hack = no > > preprocess: ascend_channels_per_line = 23 > > preprocess: with_ntdomain_hack = no > > preprocess: with_specialix_jetstream_hack = no > > preprocess: with_cisco_vsa_hack = no > > Module: Instantiated preprocess (preprocess) > > Module: Loaded realm > > realm: format = "suffix" > > realm: delimiter = "@" > > Module: Instantiated realm (suffix) > > Module: Loaded files > > files: usersfile = "/usr/local/etc/raddb/users" > > files: acctusersfile = "/usr/local/etc/raddb/acct_users" > > files: compat = "no" > > Module: Instantiated files (files) > > Module: Loaded detail > > detail: detailfile = > > "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de > > tail" > > detail: detailperm = 384 > > detail: dirperm = 493 > > Module: Instantiated detail (detail) > > Module: Loaded radutmp > > radutmp: filename = "/usr/local/var/log/radius/radutmp" > > radutmp: username = "%{User-Name}" > > radutmp: perm = 384 > > radutmp: callerid = yes > > Module: Instantiated radutmp (radutmp) > > Initializing the thread pool... > > thread: start_servers = 5 > > thread: max_servers = 32 > > thread: min_spare_servers = 3 > > thread: max_spare_servers = 10 > > thread: max_requests_per_server = 0 > > thread: cleanup_delay = 5 > > Thread spawned new child 1. Total threads in pool: 1 > > Thread spawned new child 2. Total threads in pool: 2 > > Thread 1 waiting to be assigned a request > > Thread spawned new child 3. Total threads in pool: 3 > > Thread spawned new child 4. Total threads in pool: 4 > > Thread spawned new child 5. Total threads in pool: 5 > > Listening on IP address 133.97.XXX.XXX, ports 1645/udp and 1646/udp. > > Ready to process requests. > > Thread 2 waiting to be assigned a request > > Thread 3 waiting to be assigned a request > > Thread 4 waiting to be assigned a request > > Thread 5 waiting to be assigned a request > > rad_recv: Access-Request packet from host 133.97.YYY.YYY:1645, id=132, > > length=75 > > Thread 1 assigned request 0 > > --- Walking the entire request list --- > > Threads: total/active/spare threads = 5/1/4 > > Nothing to do. Sleeping until we see a request. > > Thread 1 handling request 0, (1 handled so far) > > NAS-IP-Address = 133.97.YYY.YYY > > NAS-Port = 48 > > NAS-Port-Type = Async > > User-Name = "xxxxxx" > > User-Password = "\XXXXXXXXXXXXXXXX" > > Service-Type = Framed-User > > Framed-Protocol = PPP > > modcall: entering group authorize > > modcall[authorize]: module "preprocess" returns ok > > modcall[authorize]: module "suffix" returns ok > > users: Matched DEFAULT at 152 > > users: Matched DEFAULT at 171 > > users: Matched DEFAULT at 183 > > modcall[authorize]: module "files" returns ok > > modcall: group authorize returns ok > > rad_check_password: Found Auth-Type System > > auth: type "System" > > modcall: entering group authenticate > > rlm_unix: [xxxxxx]: invalid password > > modcall[authenticate]: module "unix" returns reject > > modcall: group authenticate returns reject > > auth: Failed to validate the user. > > WARNING: Unprintable characters in the password. ? Double-check the > > shared secret on the server and the NAS! > > Delaying request 0 for 1 seconds > > Finished request 0 > > Going to the next request > > > > > > > > Of course this password is a correct password! > > If you have any idea, please teach us, thanks. > > > > > > ----- > > Kiyoaki Takemura > > Kochi University > > > > > > > > --__--__-- > > > > Message: 2 > > From: "Nicolas" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Re: freeradius and mysql > > Date: Fri, 5 Apr 2002 11:03:17 +0400 > > charset="iso-8859-1" > > Reply-To: [EMAIL PROTECTED] > > > > I have the same problem concerning clients.conf, you should use "clients" > > also, for me it works ! > > > > concerning your accounting pb, it's probably the same reason: unknown NAS, > > are you Full-Debugging ? > > > > Nicolas > > ----- Original Message ----- > > From: "tywe" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Friday, April 05, 2002 12:21 AM > > Subject: Re: freeradius and mysql > > > > > > > Ya, I don't know much about that file either. I just made an entry that > > > looked about like the default one, and added it below the default one: > > > > > > client 1.2.3.4 { > > > secret = testing123 > > > shortname = anyname > > > } > > > > > > And it seemed to work. It's kind of weird though, because the logs show > > the > > > correct shortname sometimes, but then other times, it says UNKNOWN-NAS, > > but > > > still processes the request anyways. Haven't quite nailed down what is > > > causing this yet. > > > > > > And I think my accounting problem (no accounting records) might be due > to > > me > > > using radtest right now. I think I might have to use radclient to > actually > > > see the accounting kick in. Not sure though, but I'll let you know how > it > > > goes. > > > > > > Frank > > > > > > ----- Original Message ----- > > > From: "Juan Hernandez" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, April 04, 2002 2:27 PM > > > Subject: Re: freeradius and mysql > > > > > > > > > > the only problem I am having is I dont understand the clients.conf, is > > > there > > > > a site that explains it, and etc. > > > > ----- Original Message ----- > > > > From: "tywe" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Thursday, April 04, 2002 9:41 AM > > > > Subject: Re: freeradius and mysql > > > > > > > > > > > > > I guess so, but we can also do it on the list too so that others may > > > > benefit > > > > > in the future? > > > > > > > > > > Anyhow, I mainly just followed the instructions at: > > > > > http://www.frontios.com/freeradius.html > > > > > > > > > > I had to install the MySQL-devel rpm before I did anything. The only > > > thing > > > > I > > > > > had to do different than what it says is that I had to remove "sql" > > from > > > > the > > > > > authenticate section and put it back into the authorize section, > even > > > > though > > > > > the above website said to do the opposite. > > > > > > > > > > The only thing I'm a little stuck on right now is the accounting > > stuff. > > > I > > > > > added sql to the accounting section, but I don't see anything > showing > > up > > > > in > > > > > the mySQL tables, or even anything in the /var/log/radius/radacct > > > folder? > > > > I > > > > > do have all the logging turned on right now, and that is working, > > > because > > > > I > > > > > see a /var/log/radius/radius.log file, but I have no idea why > > accounting > > > > > isn't working. Anyone have any ideas? Let me know what info I should > > > post > > > > to > > > > > help figure this out? > > > > > > > > > > Anyhow, let me know what you are stuck on, and I'll try to help. I'm > > > > > definitely a newbie right now though, so don't be surprised if you > > > already > > > > > know more than me. :) > > > > > > > > > > Frank > > > > > > > > > > ----- Original Message ----- > > > > > From: "Juan Hernandez" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > Sent: Thursday, April 04, 2002 12:10 PM > > > > > Subject: Re: freeradius and mysql > > > > > > > > > > > > > > > > hey could you and I discouse off list what you did with free > radius > > > and > > > > > > mysql? > > > > > > ----- Original Message ----- > > > > > > From: "tywe" <[EMAIL PROTECTED]> > > > > > > To: <[EMAIL PROTECTED]> > > > > > > Sent: Thursday, April 04, 2002 12:55 AM > > > > > > Subject: Re: freeradius and mysql > > > > > > > > > > > > > > > > > > > Hi, > > > > > > > > > > > > > > Thanks to all for the help, I now have freeradius and mysql > > working > > > > > > together > > > > > > > quite nicely :) > > > > > > > > > > > > > > My only question: Is it normal to see "Info: Sending duplicate > > > > > > > authentication reply to client" whenever the request is > rejected? > > > > > > Everything > > > > > > > seems to work great, I was just wondering if that duplicate > > message > > > > was > > > > > > > anything to worry about or not. > > > > > > > > > > > > > > Thanks again! > > > > > > > > > > > > > > Frank > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > From: "Nicolas" <[EMAIL PROTECTED]> > > > > > > > To: <[EMAIL PROTECTED]> > > > > > > > Sent: Thursday, April 04, 2002 1:50 AM > > > > > > > Subject: Re: freeradius and mysql > > > > > > > > > > > > > > > > > > > > > > To use Mysql, you'd better have to set the good directories > > during > > > > > > > Building > > > > > > > > process (./configure --with-mysql-lib=/usr/lib ....) then > > compile > > > > and > > > > > > > > install binaries. > > > > > > > > > > > > > > > > After that , take care to validate ld.so.conf with these > > > directories > > > > > in > > > > > > it > > > > > > > > and run ldconfig. > > > > > > > > > > > > > > > > Build your database in mysql (with the sql dump file, grant > > > > privileges > > > > > > to > > > > > > > > your user and fill in sql.conf) fill also clients.conf and > > clients > > > > and > > > > > > > > create a user in users in order to validate radiusd itself, > > after > > > > that > > > > > > > > create entries in radcheck table and test again with mysql. > You > > > > should > > > > > > > tune > > > > > > > > your radiusd.conf to validate the use of sql in auth and acct > > > > chapters > > > > > > > > > > > > > > > > Do some tests (radiusd -X)and come back > > > > > > > > > > > > > > > > Nicolas > > > > > > > > ----- Original Message ----- > > > > > > > > From: "tywe" <[EMAIL PROTECTED]> > > > > > > > > To: <[EMAIL PROTECTED]> > > > > > > > > Sent: Thursday, April 04, 2002 5:20 AM > > > > > > > > Subject: Re: freeradius and mysql > > > > > > > > > > > > > > > > > > > > > > > > http://www.frontios.com/freeradius.html > > > > > > > > > > > > > > > > That's the only one I've came across so far. If anyone knows > of > > > > > others, > > > > > > > > please let us know. I'm trying to get this working right now > > too. > > > > > > > > > > > > > > > > Hope that helps! > > > > > > > > > > > > > > > > Frank > > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > From: Juan Hernandez > > > > > > > > To: [EMAIL PROTECTED] > > > > > > > > Sent: Wednesday, April 03, 2002 7:37 PM > > > > > > > > Subject: freeradius and mysql > > > > > > > > > > > > > > > > > > > > > > > > I know freeradius has the ability to work with mysql, to > read > > > from > > > > a > > > > > > > mysql > > > > > > > > db, how do I configure it to do this? > > > > > > > > you dont have to tell me, I just need to get to a website > > that > > > > > > explains > > > > > > > > it. thanks for any help > > > > > > > > > > > > > > > > Juan > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - > > > > > > > > List info/subscribe/unsubscribe? See > > > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > > > > > > > > > > > > - > > > > > > > List info/subscribe/unsubscribe? See > > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > > > > > > > > > - > > > > > > List info/subscribe/unsubscribe? See > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > > > > - > > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > > --__--__-- > > > > Message: 3 > > From: "Stephan Viljoen" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Using Radius for Mac Auth. with Wireless Internet. > > Date: Fri, 5 Apr 2002 09:58:01 +0200 > > boundary="----=_NextPart_000_000D_01C1DC88.5F3E5CB0" > > Reply-To: [EMAIL PROTECTED] > > > > This is a multi-part message in MIME format. > > > > ------=_NextPart_000_000D_01C1DC88.5F3E5CB0 > > Content-Type: text/plain; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > Hi , I need to setup radius to authenticate an incomming connection VIA = > > Wireless > > on the incomming PC's Mac Adress. Is there a HOWTO or some documentation = > > laying > > around somewhere? I know how to auth. the incomming NAS but don't have = > > any idea what > > the User details should look like in radius it self. > > > > I'm using freeradius 0.3 with Mysql Authentication. > > > > Kind Regards > > Stephan > > > > > > ------=_NextPart_000_000D_01C1DC88.5F3E5CB0 > > Content-Type: text/html; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > <HTML><HEAD> > > <META http-equiv=3DContent-Type content=3D"text/html; = > > charset=3Diso-8859-1"> > > <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> > > <STYLE></STYLE> > > </HEAD> > > <BODY bgColor=3D#ffffff> > > <DIV><FONT face=3DArial size=3D2>Hi , I need to setup radius to = > > authenticate an=20 > > incomming connection VIA Wireless</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>on the incomming PC's Mac Adress. Is = > > there a HOWTO=20 > > or some documentation laying</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>around somewhere? I know how to = > > auth. the=20 > > incomming NAS but don't have any idea what</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>the User details should look like in = > > radius it=20 > > self.</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > > <DIV><FONT face=3DArial size=3D2>I'm using freeradius 0.3 with Mysql=20 > > Authentication.</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > > <DIV><FONT face=3DArial size=3D2>Kind Regards</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2> Stephan</FONT></DIV> > > <DIV> </DIV></BODY></HTML> > > > > ------=_NextPart_000_000D_01C1DC88.5F3E5CB0-- > > > > > > > > --__--__-- > > > > Message: 4 > > From: "Joga Singh" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Authenticate with Windows NT domain > > Date: Fri, 5 Apr 2002 16:02:58 +0530 > > boundary="----=_NextPart_000_002A_01C1DCBB.5B23EA40" > > Reply-To: [EMAIL PROTECTED] > > > > This is a multi-part message in MIME format. > > > > ------=_NextPart_000_002A_01C1DCBB.5B23EA40 > > Content-Type: text/plain; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > Hi, > > I am a newbie and trying to useFreeRadius 0.5 > > =20 > > How can I configure it to authenticate users with Windows NT domain ? I = > > =3D > > can't find any examples. > > =20 > > One way I figured would be to use PAM. > > =20 > > JS > > > > > > ------=_NextPart_000_002A_01C1DCBB.5B23EA40 > > Content-Type: text/html; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > <HTML><HEAD> > > <META content=3D"text/html; charset=3Diso-8859-1" = > > http-equiv=3DContent-Type> > > <META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR> > > <STYLE></STYLE> > > </HEAD> > > <BODY bgColor=3D#ffffff> > > <DIV><FONT face=3DArial size=3D2> Hi,<BR> I am a newbie and = > > trying to=20 > > useFreeRadius 0.5<BR> <BR> How can I configure it to authenticate = > > users=20 > > with Windows NT domain ? I =3D<BR> can't find any = > > examples.<BR> <BR> One=20 > > way I figured would be to use PAM.<BR> <BR>=20 > > JS<BR></FONT></DIV></BODY></HTML> > > > > ------=_NextPart_000_002A_01C1DCBB.5B23EA40-- > > > > > > > > --__--__-- > > > > Message: 5 > > From: "Dirk Tanneberger" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: error when using freeradius with mysl authentication > > Date: Fri, 5 Apr 2002 12:50:27 +0200 > > charset="iso-8859-1" > > Reply-To: [EMAIL PROTECTED] > > > > Hello all, > > > > I have installed freeradius on suse-linux 7.3 . > > I will use freeradius with mysql. > > The configuration is like http://www.frontios.com/freeradius.html . > > When I start the radiusdaemon, then the following error message is in > > radius.log: > > **************** > > Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Driver rlm_sql_mysql loaded and > linked > > Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Attempting to connect to > root@localhost:/radius > > Fri Apr 5 10:47:05 2002 : Error: radiusd.conf: "SQL" modules aren't > allowed in 'authenticate' sections -- they have no such method. > > **************** > > > > Here is a part of my radiusd.conf: > > **************** > > authorize { > > preprocess > > # counter > > # attr_filter > > # eap > > suffix > > sql > > # files > > # mschap > > } > > > > authenticate { > > sql > > # pam > > # unix > > # ldap > > # mschap > > # eap > > } > > > > preacct { > > suffix > > # files > > preprocess > > } > > > > accounting { > > # acct_unique > > detail > > # counter > > unix > > sql > > radutmp > > # sradutmp > > } > > > > > > What is the problem? Can anybody help me? > > > > Thanks for answer. > > > > Dirk Tanneberger > > > > > > > > --__--__-- > > > > Message: 6 > > From: "Stephan Viljoen" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: Fw: Using Radius for Mac Auth. with Wireless Internet. > > Date: Fri, 5 Apr 2002 15:00:26 +0200 > > boundary="----=_NextPart_000_001A_01C1DCB2.9EB2EC60" > > Reply-To: [EMAIL PROTECTED] > > > > This is a multi-part message in MIME format. > > > > ------=_NextPart_000_001A_01C1DCB2.9EB2EC60 > > Content-Type: text/plain; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > I'm not sure if this message reached the list , if it did then I'm truly = > > sorry. > > > > Hi , I need to setup radius to authenticate an incomming connection VIA = > > Wireless > > on the incomming PC's Mac Adress. Is there a HOWTO or some documentation = > > laying > > around somewhere? I know how to auth. the incomming NAS but don't have = > > any idea what > > the User details should look like in radius it self. > > > > I'm using freeradius 0.3 with Mysql Authentication. > > > > Kind Regards > > Stephan > > > > > > ------=_NextPart_000_001A_01C1DCB2.9EB2EC60 > > Content-Type: text/html; > > charset="iso-8859-1" > > Content-Transfer-Encoding: quoted-printable > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > <HTML><HEAD> > > <META http-equiv=3DContent-Type content=3D"text/html; = > > charset=3Diso-8859-1"> > > <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> > > <STYLE></STYLE> > > </HEAD> > > <BODY bgColor=3D#ffffff> > > <DIV><FONT face=3DArial size=3D2>I'm not sure if this message reached = > > the list , if=20 > > it did then I'm truly sorry.</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > > <DIV><FONT face=3DArial size=3D2>Hi , I need to setup radius to = > > authenticate an=20 > > incomming connection VIA Wireless</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>on the incomming PC's Mac Adress. Is = > > there a HOWTO=20 > > or some documentation laying</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>around somewhere? I know how to = > > auth. the=20 > > incomming NAS but don't have any idea what</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2>the User details should look like in = > > radius it=20 > > self.</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > > <DIV><FONT face=3DArial size=3D2>I'm using freeradius 0.3 with Mysql=20 > > Authentication.</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > > <DIV><FONT face=3DArial size=3D2>Kind Regards</FONT></DIV> > > <DIV><FONT face=3DArial size=3D2> Stephan</FONT></DIV> > > <DIV> </DIV></BODY></HTML> > > > > ------=_NextPart_000_001A_01C1DCB2.9EB2EC60-- > > > > > > > > --__--__-- > > > > Message: 7 > > From: "Timophey" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Subject: rlm_sql_postgresql problem in FR 0.5+ > > Date: Fri, 5 Apr 2002 19:16:42 +0600 > > charset="koi8-r" > > Reply-To: [EMAIL PROTECTED] > > > > Hi all. > > > > I faced with a problem on FR 0.5: > > > > when using FR 0.4 I have my a single record for both Start and STOP > > accounting requests. > > Since I have changed to FR 0.5 my accounting records double with stop of > the > > session. > > I use PostgreSQL 7.1 as a DB engine. > > My sql.conf file has two SQL-entries for STOP packet: > accounting_stop_query > > and accounting_stop_query_alt. ( as asked in "manual") > > The description of sql.conf says that accounting_stop_query_alt is called > > when no rows affected during execution of accounting_stop_query. > > But logs say that both queries are run. > > > > here are SQL-queries from sql.conf > > > > accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S', > > AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = > > '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', > > AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = > > '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE > > AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND > > NASIPAddress = '%{NAS-IP-Address}'" > > > > accounting_stop_query_alt = "INSERT into radacct (AcctSessionId, > > AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, > > AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, > > ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, > > CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, > > FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) > > values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', > > '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', CASE WHEN > > '%{NAS-Port-Id}'='' then 0 else '%{NAS-Port-Id}' end, '%{NAS-Port-Type}', > > '2000-01-01 00:00:00', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}', > > '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}', > > '%{Called-Station-Id}', '%{Calling-Station-Id}', > '%{Acct-Terminate-Cause}', > > '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0', > > '%{Acct-Delay-Time}')" > > > > and here are some logs: > > > > sql_set_user: escaped user --> 'kern' > > radius_xlat: 'UPDATE radacct SET AcctStopTime = '2002-04-05 17:43:29', > > AcctSessionTime = '4969', AcctInputOctets = '5398', AcctOutputOctets = > > '5400', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', > > ConnectInfo_stop = '' WHERE AcctSessionId = '00000037' AND UserName = > 'kern' > > AND NASIPAddress = '10.0.0.1'' > > rlm_sql: Reserving sql socket id: 4 > > query: UPDATE radacct SET AcctStopTime = '2002-04-05 17:43:29', > > AcctSessionTime = '4969', AcctInputOctets = '5398', AcctOutputOctets = > > '5400', AcctTerminateCause = 'User-Request', AcctStopDelay = '0', > > ConnectInfo_stop = '' WHERE AcctSessionId = '00000037' AND UserName = > 'kern' > > AND NASIPAddress = '10.0.0.1' > > rlm_postgresql Status: PGRES_COMMAND_OK > > sql_postgresql: affected rows = 1 > > radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, > > Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, > > AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, > > AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, > > AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, > > AcctStartDelay, AcctStopDelay) values('00000037', '438e097a903ed8eb', > > 'kern', '', '10.0.0.1', CASE WHEN '0'='' then 0 else '0' end, 'Virtual', > > '2000-01-01 00:00:00', '2002-04-05 17:43:29', '4969', 'RADIUS', '', '', > > '5398', '5400', '', '', 'User-Request', 'Framed-User', 'PPP', > > '192.168.10.4', '0', '0')' > > query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, > > NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, > > AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, > > AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, > > AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, > > AcctStartDelay, AcctStopDelay) values('00000037', '438e097a903ed8eb', > > 'kern', '', '10.0.0.1', CASE WHEN '0'='' then 0 else '0' end, 'Virtual', > > '2000-01-01 00:00:00', '2002-04-05 17:43:29', '4969', 'RADIUS', '', '', > > '5398', '5400', '', '', 'User-Request', 'Framed-User', 'PPP', > > '192.168.10.4', '0', '0') > > rlm_postgresql Status: PGRES_COMMAND_OK > > sql_postgresql: affected rows = 1 > > > > As shown, the first query is accounting_stop_query. The amount of affected > > rows is 1, but FR continues with accounting_stop_query_alt. > > > > I have compiled and installed rlm_postgresql module from FR 0.4 and the > > problem disappears. Therefore I decided that the problem is in > > rlm_sql_postgresql. > > > > I have tried several CVSs, but the *probable* bug is still alive. > > > > Thanx, > > Timophey. > > > > > > > > > > > > --__--__-- > > > > Message: 8 > > charset="iso-8859-1" > > Subject: FreeRADIUS and PAM > > Date: Fri, 5 Apr 2002 07:40:01 -0600 > > From: "McNutt, Justin M." <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > > > Okay, got a new coupla quandaries with FreeRADIUS 0.5 and Linux-PAM = > > 0.75: > > > > 1) FreeRADIUS refuses to authenticate any user who does not have an = > > account on the local workstation. This user, for instance, cannot = > > authenticate: > > > > guestm Auth-Type :=3D Pam > > Service-Type =3D Administrative-User, > > Fall-Through =3D No > > > > Here is /etc/pam.d/radiusd (for reference): > > > > #%PAM-1.0 > > auth sufficient /usr/pam/lib/security/pam_krb5.so > > auth required /usr/pam/lib/security/pam_unix.so > > > > Testing with other services (httpd, sshd) shows that Kerberos and = > > pam_krb5.so are working properly. Cistron RADIUS 1.6.4 did not have = > > this problem. > > > > 2) There is some difference between the way FreeRADIUS 0.5 and Cistron = > > RADIUS 1.6.4 respond when there is no user in the raddb/users file to = > > match an authentication request (and there is no default). A BayStack = > > 450 switch will allow you to enable "RADIUS Password Fallback", which = > > means that if RADIUS fails, it will check to see if the user entered the = > > locally-configured password. > > > > With Cistron RADIUS, this works. No matter what user name is used, if I = > > enter the locally-configured password for the switch I can gain access. = > > However with FreeRADIUS 0.5, the BayStack says "Querying RADIUS = > > server..." and waits forever. > > > > I'm going to try to get some packet captures of this to see what's going = > > on in more detail, but I wondered if anyone had any experiences with the = > > BayStacks or had any other ideas that occurred to them immediately that = > > might be useful. > > > > Thanks! > > > > Justin McNutt > > Network Systems Analyst - Expert > > DNPS, Mizzou Telecom > > (573) 882-5183 > > > > One IP to rule them all, one IP to find them, > > One IP to bring them all, and in the darkness BIND them, > > In the land of Ether, where the packets fly. > > > > > > > > > > > > --__--__-- > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > > End of Freeradius-Users Digest- > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
