Is there any way i can get a copy of your "patch" unfortunatly i am not familiar enough with *nix or free radius to write my own. But i will say that i think the patch being part of the freeradius would be useful.
thanks Drew Decker Network Administrator -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Friday, September 12, 2003 10:21 AM To: [EMAIL PROTECTED] Subject: Freeradius-Users digest, Vol 1 #2297 - 18 msgs Send Freeradius-Users mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.cistron.nl/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. EAP/TTLS logging (Fastbyte) 2. Radius auth based on Mac addresses (Martin Jessa) 3. dialup_admin installation using PHP and HTTPD (Bernie Liwanag) 4. RE: Radius auth based on Mac addresses (Redi Tela) 5. newbee question (Axel Haenssen) 6. dialup-admin patch (Ulrich Walcher) 7. dialup-admin patch2 (Ulrich Walcher) 8. Re: Configuration questions for FreeRadius with EAP/TTLS and LDAP (Alan DeKok) 9. Re: EAP/TTLS logging (Alan DeKok) 10. Logging Failed Attempts to MySql database (Drew Decker) 11. Re: newbee question (Alan DeKok) 12. Re: EAP/TTLS logging (Fastbyte) 13. Re: patch for EAP-MD5 client (Alan DeKok) 14. Re: EAP/TTLS logging (Alan DeKok) 15. Re: Logging Failed Attempts to MySql database (Nicolas Baradakis) 16. Re: Logging Failed Attempts to MySql database (Alan DeKok) 17. Re: Logging Failed Attempts to MySql database (Thor Spruyt) 18. RE: Radius auth based on Mac addresses (Jeremy Davis) --__--__-- Message: 1 Date: Fri, 12 Sep 2003 11:44:54 +0200 From: Fastbyte <[EMAIL PROTECTED]> To: Freeradius-Users <[EMAIL PROTECTED]> Subject: EAP/TTLS logging Reply-To: [EMAIL PROTECTED] Hi, is there any logging done in TTLS? ------- Sergio --__--__-- Message: 2 Date: Fri, 12 Sep 2003 12:06:51 +0200 From: Martin Jessa <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Radius auth based on Mac addresses Organization: WRS ASA Reply-To: [EMAIL PROTECTED] Hi Guys. I have Wireless Acess Points which are able to talk to Raius servers. I was wondering if it was possible to somehow combine Mac-address authentication with SQL stored user data, i.e [EMAIL PROTECTED] with some pass will get his MAC-address stored in a database when he authenticates and then he gets an IP handed out by the Radius server. Is there any tool that can do that ? Thanks in advance, YazzY --__--__-- Message: 3 From: "Bernie Liwanag" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: dialup_admin installation using PHP and HTTPD Date: Fri, 12 Sep 2003 11:52:42 +0100 Reply-To: [EMAIL PROTECTED] Hi to All; I still have a problem running my dialup_admin web tool in my server.I have http-2.0, php-4.2 in Red Hat 9.I ran a php test script - phpinfo() and it works!my system support the php. I have also added the following config in http.conf files: DirectoryIndex index.html index.html.var index.php index.php4 index.php3 AddType application/x-httpd-php .php .php3 .phtml AddType application/x-httpd-php-source .phps After this, i have restarted my httpd and try to access dialup_admin main index files. Now it works. I can see now the left portion of the main page. But when I executed some of the function buttons like "New User";"New Group","Accounting" it gives me only a white blank page output looks like nothing's happened. I tried also to click the "Check Server" option and it was successful, i was able to test the authentication from my radius and mysql server. Any suggestions from my problem? Thanks a lot in advance! Bernie --__--__-- Message: 4 From: "Redi Tela" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: RE: Radius auth based on Mac addresses Date: Fri, 12 Sep 2003 12:53:28 +0200 Reply-To: [EMAIL PROTECTED] Have a look at www.mikrotik.com , section Hotspot. Redi Tela Systems Administrator Mail [EMAIL PROTECTED] Phone: +355-4-256-001 Fax: +355-4-256-002 Mob: +355-69-20-80-710 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jessa Sent: Friday, September 12, 2003 12:07 PM To: [EMAIL PROTECTED] Subject: Radius auth based on Mac addresses Hi Guys. I have Wireless Acess Points which are able to talk to Raius servers. I was wondering if it was possible to somehow combine Mac-address authentication with SQL stored user data, i.e [EMAIL PROTECTED] with some pass will get his MAC-address stored in a database when he authenticates and then he gets an IP handed out by the Radius server. Is there any tool that can do that ? Thanks in advance, YazzY - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --__--__-- Message: 5 Subject: newbee question From: Axel Haenssen <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Organization: Princeton University Date: 12 Sep 2003 09:52:51 -0400 Reply-To: [EMAIL PROTECTED] Hi Guys, I am trying to set up a freeradius server for my Cisco Aironet 350's. All I want is simple MAC address authentication for accessing our wireless network. Although I read the man pages I am still having trouble understanding which files "need" to be adjusted (client.conf, radiusd.conf, user or any other?) and what exactly needs to be put in for a minimal setup. If somebody could point me at the right direction I would highly appreciated. cheers Axel -- Axel Haenssen System Administrator Deparmtent of Ecology and Evolutionary Biology Princeton University Princeton, NJ 08544-1003 phone: (609)258-6999 http://www.eeb.princeton.edu/~axel --__--__-- Message: 6 Subject: dialup-admin patch From: Ulrich Walcher <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Organization: Date: 12 Sep 2003 15:52:39 +0200 Reply-To: [EMAIL PROTECTED] Hi, a little patch that solves the problem of groups with no members assigned not being displayed. (At least it works for Postgres). OoLee --- /usr/local/cvs/radiusd/dialup_admin/htdocs/show_groups.php3 2003-05-11 16:03:37.000000000 +0200 +++ /usr/local/dialup_admin/htdocs/show_groups.php3 2003-09-12 15:45:18.000000000 +0200 @@ -58,13 +58,23 @@ $link = @da_sql_pconnect($config); if ($link){ $search = @da_sql_query($link,$config, - "SELECT COUNT(*),GroupName FROM $config[sql_usergroup_table] GROUP BY GroupName;"); + "SELECT DISTINCT c.groupname FROM $config[sql_groupcheck_table] c CROSS JOIN $config[sql_groupreply_table] r;"); if ($search){ if (@da_sql_num_rows($search,$config)){ while( $row = @da_sql_fetch_array($search,$config) ){ $num++; - $group = $row[GroupName]; - $num_members = $row['COUNT(*)']; + $group = $row[groupname]; + $search2 = @da_sql_query($link,$config, + "SELECT COUNT(*) FROM $config[sql_usergroup_table] WHERE groupname = '$group';"); + if ($search2) { + if (@da_sql_num_rows($search,$config)){ + while( $row2 = @da_sql_fetch_array($search2,$config) ){ + $num_members = $row2['count']; + } + } + } + else + echo "<b>Database query failed: " . da_sql_error($link,$config) . "</b><br>\n"; echo <<<EOM <tr align=center> <td>$num</td> --__--__-- Message: 7 Subject: dialup-admin patch2 From: Ulrich Walcher <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Organization: Date: 12 Sep 2003 16:08:34 +0200 Reply-To: [EMAIL PROTECTED] Oops, forgot to add this one... OoLee --- /usr/local/cvs/radiusd/dialup_admin/lib/sql/defaults.php3 2003-01-28 15:14:53.000000000 +0100 +++ /usr/local/dialup_admin/lib/sql/defaults.php3 2003-09-12 16:04:15.000000000 +0200 @@ -121,10 +121,10 @@ $link = @da_sql_pconnect($config); if ($link){ $res = @da_sql_query($link,$config, - "SELECT DISTINCT GroupName FROM $config[sql_usergroup_table];"); + "SELECT DISTINCT c.groupname FROM $config[sql_groupcheck_table] c CROSS JOIN $config[sql_groupreply_table] r;"); if ($res){ while(($row = @da_sql_fetch_array($res,$config))) - $member_groups[] = $row[GroupName]; + $member_groups[] = $row[groupname]; } else echo "<b>Database query failed: " . da_sql_error($link,$config) . "</b><br>\n"; --__--__-- Message: 8 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Configuration questions for FreeRadius with EAP/TTLS and LDAP Date: Fri, 12 Sep 2003 10:30:06 -0400 Reply-To: [EMAIL PROTECTED] Nic Bernstein <[EMAIL PROTECTED]> wrote: > I can see from the comments in the radiusd.conf file how to tell the > radius server where to find which certificate(s) to use for EAP/TLS > operation, but how does one specify what certificate to use for (the > initial TLS phase of) the EAP/TTLS operation? It uses the TLS certificates, as configured in the TLS module. > When using LDAP for authentication, passwords are not necessarily in > clear text. Am I to understand the above to mean that I must store my > passwords in LDAP in clear text for EAP to work? For EAP-MD5, and EAP-TTLS with tunneled CHAP, MS-CHAP, and EAP-MD5. > If anyone is successfully using EAP/TTLS, especially in concert with > LDAP, I would certainly appreciate some configuration examples. You shouldn't have to do anything special to get TTLS working with LDAP. Get LDAP working, uncomment the TTLS module, and the tunneled authentication request will use the pre-existing LDAP configuration. Alan DeKok. --__--__-- Message: 9 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: EAP/TTLS logging Date: Fri, 12 Sep 2003 10:34:21 -0400 Reply-To: [EMAIL PROTECTED] Fastbyte <[EMAIL PROTECTED]> wrote: > is there any logging done in TTLS? What kind of logging are you looking for? Alan DeKok. --__--__-- Message: 10 From: "Drew Decker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Logging Failed Attempts to MySql database Date: Fri, 12 Sep 2003 09:32:36 -0500 Reply-To: [EMAIL PROTECTED] Is it possible to log the failed attempts to a mysql database? I would like to develop a web interface for the technical support staff to let them view the Failed attempts with out having to teach them how to use SSH etc. If this is possible to do could you point me to a how-to or at least give me a little information on where to get started? Thanks for you help in advance Drew Decker Network Administrator --__--__-- Message: 11 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: newbee question Date: Fri, 12 Sep 2003 10:34:51 -0400 Reply-To: [EMAIL PROTECTED] Axel Haenssen <[EMAIL PROTECTED]> wrote: > Although I read the man pages I am still having trouble understanding > which files "need" to be adjusted (client.conf, radiusd.conf, user or > any other?) and what exactly needs to be put in for a minimal setup. http://www.freeradius.org/doc/ See the EAP how-to's. Alan DeKok. --__--__-- Message: 12 Date: Fri, 12 Sep 2003 16:41:18 +0200 From: Fastbyte <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: EAP/TTLS logging Reply-To: [EMAIL PROTECTED] Just the normal auth log of the ttls challenge; i see the tls log in the detail auth_log, but nothing of the inner authentication protocoll. I need username and logintime. Alan DeKok wrote: > Fastbyte <[EMAIL PROTECTED]> wrote: > >>is there any logging done in TTLS? > > > What kind of logging are you looking for? > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- ------- Sergio --__--__-- Message: 13 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: patch for EAP-MD5 client Date: Fri, 12 Sep 2003 10:44:02 -0400 Reply-To: [EMAIL PROTECTED] Michael Richardson <[EMAIL PROTECTED]> wrote: > I have created a new client program, "radeapclient". This is a > work-in-progress. I have refactored bits of rlm_eap/eap.c into > src/lib/eapcommon.c and call it from radeapclient. > > radeapclient is mostly radclient, which changes - it will answer the > MD5 challenge, do the calculation and reply. > > The patch is at: > http://www.sandelman.ca/tmp/radeapclient.patch diff -N ? There's no 'eapcommon.c' in the patch. > radeapclient could be made a superset of radclient, and right now it looks > like it would make sense, but I intend for the program to evolve in a > different direction than I think that radclient should go. I agree. radclient is meant to be simple and stupid. Anything more complicated should be a separate program. Alan DeKok. --__--__-- Message: 14 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: EAP/TTLS logging Date: Fri, 12 Sep 2003 10:49:08 -0400 Reply-To: [EMAIL PROTECTED] Fastbyte <[EMAIL PROTECTED]> wrote: > Just the normal auth log of the ttls challenge; i see the tls log in the > detail auth_log, but nothing of the inner authentication protocoll. I > need username and logintime. That should be logged when the tunneled authentication request is processed. That request looks like just another request from a client, so all logging should be done. Alan DeKok. --__--__-- Message: 15 Date: Fri, 12 Sep 2003 16:48:43 +0200 From: Nicolas Baradakis <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Logging Failed Attempts to MySql database Reply-To: [EMAIL PROTECTED] Drew Decker wrote: > Is it possible to log the failed attempts to a mysql database? I would like > to develop a web interface for the technical support staff to let them view > the Failed attempts with out having to teach them how to use SSH etc. If > this is possible to do could you point me to a how-to or at least give me a > little information on where to get started? Thanks for you help in advance I needed this too and I already made a patch. I posted the patch in the freeradius-devel mailing but nobody with CVS write access put it in FreeRadius. -- Nicolas Baradakis --__--__-- Message: 16 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Logging Failed Attempts to MySql database Date: Fri, 12 Sep 2003 10:55:30 -0400 Reply-To: [EMAIL PROTECTED] Nicolas Baradakis <[EMAIL PROTECTED]> wrote: > I posted the patch in the freeradius-devel mailing but nobody with CVS > write access put it in FreeRadius. Not every patch makes it into the server. Some are untested, some are unnecessary, and some are plain wrong. If enough people say a patch is useful, we'll take a serious look at adding it in. Alan DeKok. --__--__-- Message: 17 From: "Thor Spruyt" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Re: Logging Failed Attempts to MySql database Date: Fri, 12 Sep 2003 17:19:38 +0200 Reply-To: [EMAIL PROTECTED] > Drew Decker wrote: > > > Is it possible to log the failed attempts to a mysql database? I would like > > to develop a web interface for the technical support staff to let them view > > the Failed attempts with out having to teach them how to use SSH etc. If > > this is possible to do could you point me to a how-to or at least give me a > > little information on where to get started? Thanks for you help in advance Install msyslog. That's a syslog server to replace the standard syslog server. Msyslog can put all syslog messages in a MySql database after which you can extract the necessary info from the database. Regards, Thor. --__--__-- Message: 18 From: "Jeremy Davis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: RE: Radius auth based on Mac addresses Date: Fri, 12 Sep 2003 11:20:09 -0400 Reply-To: [EMAIL PROTECTED] StarOS can also do this. Jeremy -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Redi Tela Sent: Friday, September 12, 2003 6:53 AM To: [EMAIL PROTECTED] Subject: RE: Radius auth based on Mac addresses Have a look at www.mikrotik.com , section Hotspot. Redi Tela Systems Administrator Mail [EMAIL PROTECTED] Phone: +355-4-256-001 Fax: +355-4-256-002 Mob: +355-69-20-80-710 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Martin Jessa Sent: Friday, September 12, 2003 12:07 PM To: [EMAIL PROTECTED] Subject: Radius auth based on Mac addresses Hi Guys. I have Wireless Acess Points which are able to talk to Raius servers. I was wondering if it was possible to somehow combine Mac-address authentication with SQL stored user data, i.e [EMAIL PROTECTED] with some pass will get his MAC-address stored in a database when he authenticates and then he gets an IP handed out by the Radius server. Is there any tool that can do that ? Thanks in advance, YazzY - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --__--__-- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html