How can I un-subscribe -- I couldn;t see anything on the web site ? Many Thanks
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 25 June 2004 22:49 To: [EMAIL PROTECTED] Subject: Freeradius-Users digest, Vol 1 #3419 - 9 msgs Send Freeradius-Users mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Freeradius-Users digest..." Today's Topics: 1. RE: Post-Auth for Access-Accept not called with LEAP (Htin Hlaing) 2. RE: FreeRADIUS-1.0.0pre3 crash at SIGHUP (Brent Hetherwick) 3. RE: FreeRADIUS-1.0.0pre3 crash at SIGHUP (Htin Hlaing) 4. Accounting details logging problem (Simeon Penev) 5. Re: how to save binary values in MySQL radreply table (Dave Mason) 6. RE: Problems with configurable_failover (Roy, Daniel) 7. Is there some kind of trick to make Cisco LEAP work??? (James D. Munroe) 8. radclient problem, apparent limit of resend count to 256 (David Stanaway) 9. Re: how to save binary values in MySQL radreply table (Gary McKinney) --__--__-- Message: 1 Subject: RE: Post-Auth for Access-Accept not called with LEAP Date: Fri, 25 Jun 2004 10:35:02 -0700 From: "Htin Hlaing" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] This is a multi-part message in MIME format. ------_=_NextPart_001_01C45ADA.BEB6D02B Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi, The attached patch allows me to get the post-auth called in Access-Accept when LEAP is used. In the rad_authenticate routine from auth.c returns without going further to call rad_postauth if the called to rad_check_password returns with RLM_MODULE_HANDLED. In the eap_compose routine, the special handling for LEAP returns RLM_MODULE_HANDLED and therefore, rad_postauth does not get called. I changed to RLM_MODULE_OK and tested out and seems to work alright and post-auth in Access-Accept is getting called in all the EAP types that I am using including LEAP. Can someone please check this and make sure that the fix makes sense? Thanks, Htin > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] On Behalf Of Htin Hlaing > Sent: Friday, June 25, 2004 8:49 AM > To: [EMAIL PROTECTED] > Subject: Post-Auth for Access-Accept not called with LEAP >=20 > Hi, >=20 >=20 > I have the following set up in my radiusd to get auth results. With > other EAP types like peap, ttls, etc. I get Access-Accepts also logged > in the reply_log. For LEAP, I am not getting it. From debug run, I > don't see post-auth getting called at all. How can I fix to get the > post-auth called for LEAP successful logons. I am using 1.0 pre3 release >=20 > post-auth { > # > # If you want to have a log of authentication replies, > # un-comment the following line, and the 'detail reply_log' >=20 > # section, above. > reply_log >=20 > # > # Access-Reject packets are sent through the REJECT sub-section > # of the post-auth section. > # > Post-Auth-Type REJECT { > reply_log > } >=20 > } >=20 >=20 > From the debug run: > Fri Jun 25 08:01:31 2004 : Debug: modsingle[authenticate]: calling eap > (rlm_eap) for request 818 > Fri Jun 25 08:01:31 2004 : Debug: rlm_eap: Request found, released > from the list > Fri Jun 25 08:01:31 2004 : Debug: rlm_eap: EAP/leap > Fri Jun 25 08:01:31 2004 : Debug: rlm_eap: processing type leap > Fri Jun 25 08:01:31 2004 : Debug: rlm_eap_leap: Stage 6 > Fri Jun 25 08:01:31 2004 : Debug: rlm_eap: Freeing handler > Fri Jun 25 08:01:31 2004 : Debug: modsingle[authenticate]: returned > from eap (rlm_eap) for request 818 > Fri Jun 25 08:01:31 2004 : Debug: modcall[authenticate]: module "eap" > returns handled for request 818 > Fri Jun 25 08:01:31 2004 : Debug: modcall: group authenticate returns > handled for request 818 > Sending Access-Accept of id 24 to 192.168.10.118:1815 > Reply-Message =3D "Bourne Supremacy" > Cisco-AVPair +=3D > "leap:session-key=3D\323\277\274\004K\220\216g\312`\342R\370(\231\200nS\2= 0 > 2\376]\335\000\257|^\367=3Dy\350\241e\356b" > EAP-Message =3D > 0x02050024110100188646b59d02ce73d88f8f37d098ccd25d303f17a18e7425a8646f75 > 67 > Message-Authenticator =3D 0x00000000000000000000000000000000 > User-Name =3D "doug" > Proxy-State =3D 0x313439 > Fri Jun 25 08:01:31 2004 : Debug: Finished request 818 > Fri Jun 25 08:01:31 2004 : Debug: Going to the next request > Fri Jun 25 08:01:31 2004 : Debug: Waking up in 6 seconds... > Fri Jun 25 08:01:37 2004 : Debug: --- Walking the entire request list > --- >=20 > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html >=20 > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/devel.html ------_=_NextPart_001_01C45ADA.BEB6D02B Content-Type: text/plain; name="diff_6_25_leap.txt" Content-Transfer-Encoding: base64 Content-Description: diff_6_25_leap.txt Content-Disposition: attachment; filename="diff_6_25_leap.txt" SW5kZXg6IGVhcC5jCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT0KUkNTIGZpbGU6IC9ob21lL2N2cy9hbWJpdDIvRnJlZVJh ZGl1cy9yYWRpdXNkL3NyYy9tb2R1bGVzL3JsbV9lYXAvZWFwLmMsdgpyZXRyaWV2aW5nIHJldmlz aW9uIDEuMwpkaWZmIC11IC1yMS4zIGVhcC5jCi0tLSBlYXAuYwkyMiBKdW4gMjAwNCAxNzoxMDo1 NSAtMDAwMAkxLjMKKysrIGVhcC5jCTI1IEp1biAyMDA0IDE3OjI0OjU3IC0wMDAwCkBAIC01NTEs NyArNTUxLDcgQEAKIAlpZiAoIXJlcXVlc3QtPnJlcGx5LT5jb2RlKSBzd2l0Y2gocmVwbHktPmNv ZGUpIHsKIAljYXNlIFBXX0VBUF9SRVNQT05TRToKIAkJcmVxdWVzdC0+cmVwbHktPmNvZGUgPSBQ V19BVVRIRU5USUNBVElPTl9BQ0s7Ci0JCXJjb2RlID0gUkxNX01PRFVMRV9IQU5ETEVEOyAvKiBs ZWFwIHdlaXJkbmVzcyAqLworCQlyY29kZSA9IFJMTV9NT0RVTEVfT0s7IC8qIGxlYXAgd2VpcmRu ZXNzICovCiAJCWJyZWFrOwogCWNhc2UgUFdfRUFQX1NVQ0NFU1M6CiAJCXJlcXVlc3QtPnJlcGx5 LT5jb2RlID0gUFdfQVVUSEVOVElDQVRJT05fQUNLOwo= ------_=_NextPart_001_01C45ADA.BEB6D02B-- --__--__-- Message: 2 From: Brent Hetherwick <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> Subject: RE: FreeRADIUS-1.0.0pre3 crash at SIGHUP Date: Fri, 25 Jun 2004 10:45:57 -0700 Reply-To: [EMAIL PROTECTED] Alan DeKok wrote: > Ok... where does it die, and why? According to the logs, it appears to die as FreeRADIUS is restarting. Why, I have no idea. > If you have a little more information, like a core dump && > backtrace, that would help significantly. I had thought about that issue when I built FreeRADIUS, but I didn't see an obvious option to enable core dumps, and I haven't found any when it dies. I believe I have the environment set to allow full corings, but I may have missed an option in FreeRADIUS to dump core when it dies. Is there anything I need turn on? I'll see if I can get a core and put it up somewhere semi-public. Brent --__--__-- Message: 3 Subject: RE: FreeRADIUS-1.0.0pre3 crash at SIGHUP Date: Fri, 25 Jun 2004 10:50:04 -0700 From: "Htin Hlaing" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] > I had thought about that issue when I built FreeRADIUS, but I didn't > see an obvious option to enable core dumps, and I haven't found any > when it dies. I believe I have the environment set to allow full corings, > but I may have missed an option in FreeRADIUS to dump core when it dies. > Is there anything I need turn on? I'll see if I can get a core and put > it up somewhere semi-public. >=20 [Htin Hlaing] Yes. It's allow_core_dumps =3D yes in radiusd.conf file --__--__-- Message: 4 Date: Fri, 25 Jun 2004 20:31:18 +0200 From: Simeon Penev <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Accounting details logging problem Reply-To: [EMAIL PROTECTED] Hi, i have the following configuration in radiusd.conf: -------------------------------------------------------- detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d:%H detailperm = 0600 } -------------------------------------------------------- but when i receive accounting request, the logging is: -------------------------------------------------------- modcall: entering group accounting for request 5 rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute Client-IP-Address was not found in request, unique ID MAY be inconsistent rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',,NAS-IP-Address = 192.168.0.253,Acct-Session-Id = "00000080",' rlm_acct_unique: Acct-Unique-Session-ID = "2a923e8df47cc921". modcall[accounting]: module "acct_unique" returns ok for request 5 radius_xlat: '/var/log/radius/radacct//detail-20040625:20' rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d:%H expands to /var/log/radius/radacct//detail-20040625:20 modcall[accounting]: module "detail" returns ok for request 5 -------------------------------------------------------- Any help is greatly appreciated! Thank you! Regards, Simeon Penev --__--__-- Message: 5 Date: Fri, 25 Jun 2004 13:30:34 -0500 From: Dave Mason <[EMAIL PROTECTED]> To: freeradius mailing list <[EMAIL PROTECTED]> Subject: Re: how to save binary values in MySQL radreply table Reply-To: [EMAIL PROTECTED] True - I need to figure out how to reverse the process. That is, I need to send something like "0xed5e" as my attribute value. For now I'll just use VSA as the attribute because it's not encrypted. If I set the value in radreply to "ed5e", the server returns "65643565" to the client, as you would expect. I need to get binary values into the table somehow. Maybe the API is smart enough to handle binary data even if the mysql command line client isn't? I tried prefixing each character with "\0x" but that didnt work. Dave Alan DeKok wrote: >Dave Mason <[EMAIL PROTECTED]> wrote: > > >>> My apologies if this has been answered before but I didn't see >>> anything. This is basically a MySQL question. I need to save MS-MPPE >>> attributes in the radreply table. Those have a binary value. >> >> > > Which is why they're of type "octets" in the dictionary. When the >server prints them out, it prints them as a series of hex characters, >which is in turn a normal ASCII string. > > Alan DeKok. > > > > > --__--__-- Message: 6 Subject: RE: Problems with configurable_failover Date: Fri, 25 Jun 2004 15:08:51 -0400 From: "Roy, Daniel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] "Alan DeKok" <[EMAIL PROTECTED]> wrote: >"Roy, Daniel" <[EMAIL PROTECTED]> wrote: >> 1) valid userid and password should authorize and authenticate = against=20 >> SQL and MSCHAP ok; > > That should work without any additional configuration. Agreed. > >> 2) valid userid but wrong password should authorize ok against SQL = but >> fail authentication against MSCHAP; I want to configure freeRADIUS to >> proxy this failed Access-Request to another RADIUS server/service; > > A fail-over section should work. Agreed. > >> 3) invalid userid (regardless of password) should return "notfound" = when >> authorizing against SQL; again I want to configure freeRADIUS to = proxy >> this failed Access-Request to another RADIUS server/service. > > A fail-over section should work here, too. Agreed. > >> This one correctly proxies for wrong userids, but it unexpectedly >> replies with Access-Reject for correct userids and passwords even = though >> sql returned "ok". I figured out freeRADIUS does this because my = client >> is using mschap and radius doesn't find a User-Password or = CHAP-Password >> attribute in the request. > > Did you list the "mschap" module in the "authorize" section? It >will take care of setting Auth-Type :=3D MSCHAP if it finds MSCHAP >attributes. > Yes, mschap is just above the group and it is not commented out. If I = comment out the group and restart the radius server and send an = access-request, it does indeed do an mschap authorization and then an = mschap authentication (as per the output when running in debug mode), = proving that mschap is indeed there and active. But somehow, when I = insert a group without a mschap section within the group (as indicated = in my previous email), mschap does not occur correctly. Here's a sample of the debug output without an mschap section in my = group under the authorize section: rad_recv: Access-Request packet from host 207.181.118.125:1026, = id=3D161, length=3D230 Acct-Session-Id =3D "7f102a4f" NAS-Port =3D 1 NAS-Port-Type =3D Wireless-802.11 User-Name =3D "roger" Calling-Station-Id =3D "00-04-75-CC-41-1F" Called-Station-Id =3D "00-03-52-00-12-CC" Framed-IP-Address =3D 192.168.1.21 MS-CHAP2-Response =3D = 0xa100fe1a5134ba040abee1dd028fd45586b90000000000000000a520d9cd7d31c406216= 9b45aca482a530ef80bd2ed8cf065 MS-CHAP-Challenge =3D 0x2863c07d7c0988321e1e7ec4b652899d NAS-Identifier =3D "L004-00149" NAS-IP-Address =3D 207.181.118.125 Framed-MTU =3D 1496 Connect-Info =3D "HTTPS" Service-Type =3D Framed-User Message-Authenticator =3D 0x3ae483380745632a3152603d0f969388 Fri Jun 25 14:53:42 2004 : Debug: auth.c::rad_authenticate entered Fri Jun 25 14:53:42 2004 : Debug: modcall: entering group authorize for = request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling = preprocess (rlm_preprocess) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: returned from = preprocess (rlm_preprocess) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall[authorize]: module = "preprocess" returns ok for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling = auth_log (rlm_detail) for request 7 Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: = '/usr/local/var/log/radius/radacct/207.181.118.125/auth-detail-20040625' Fri Jun 25 14:53:42 2004 : Debug: rlm_detail: = /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d= expands to = /usr/local/var/log/radius/radacct/207.181.118.125/auth-detail-20040625 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: returned from = auth_log (rlm_detail) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall[authorize]: module = "auth_log" returns ok for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling chap = (rlm_chap) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: returned from = chap (rlm_chap) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall[authorize]: module "chap" = returns noop for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling eap = (rlm_eap) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: returned from = eap (rlm_eap) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall[authorize]: module "eap" = returns noop for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling suffix = (rlm_realm) for request 7 Fri Jun 25 14:53:42 2004 : Debug: rlm_realm: No '@' in User-Name =3D = "roger", looking up realm NULL Fri Jun 25 14:53:42 2004 : Debug: rlm_realm: No such realm "NULL" Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: returned from = suffix (rlm_realm) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall[authorize]: module "suffix" = returns noop for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling sql = (rlm_sql) for request 7 Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'roger' Fri Jun 25 14:53:42 2004 : Debug: rlm_sql (sql): sql_set_user escaped = user --> 'roger' Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'SELECT = id,UserName,Attribute,Value,op FROM radcheck WHERE Username =3D 'roger' = ORDER BY id' Fri Jun 25 14:53:42 2004 : Debug: rlm_sql (sql): Reserving sql socket = id: 0 Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'SELECT = radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroup= check.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE = usergroup.Username =3D 'roger' AND usergroup.GroupName =3D = radgroupcheck.GroupName ORDER BY radgroupcheck.id' Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'SELECT = id,UserName,Attribute,Value,op FROM radreply WHERE Username =3D 'roger' = ORDER BY id' Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'SELECT = radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroup= reply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE = usergroup.Username =3D 'roger' AND usergroup.GroupName =3D = radgroupreply.GroupName ORDER BY radgroupreply.id' Fri Jun 25 14:53:42 2004 : Debug: rlm_sql (sql): Released sql socket id: = 0 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: returned from = sql (rlm_sql) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall[authorize]: module "sql" = returns ok for request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling mschap = (rlm_mschap) for request 7 Fri Jun 25 14:53:42 2004 : Debug: rlm_mschap: Found MS-CHAP = attributes. Setting 'Auth-Type :=3D MS-CHAP' Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: returned from = mschap (rlm_mschap) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall[authorize]: module "mschap" = returns ok for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall: entering group group for = request 7 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: calling sql = (rlm_sql) for request 7 Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'roger' Fri Jun 25 14:53:42 2004 : Debug: rlm_sql (sql): sql_set_user escaped = user --> 'roger' Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'SELECT = id,UserName,Attribute,Value,op FROM radcheck WHERE Username =3D 'roger' = ORDER BY id' Fri Jun 25 14:53:42 2004 : Debug: rlm_sql (sql): Reserving sql socket = id: 4 Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'SELECT = radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroup= check.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE = usergroup.Username =3D 'roger' AND usergroup.GroupName =3D = radgroupcheck.GroupName ORDER BY radgroupcheck.id' Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'SELECT = id,UserName,Attribute,Value,op FROM radreply WHERE Username =3D 'roger' = ORDER BY id' Fri Jun 25 14:53:42 2004 : Debug: radius_xlat: 'SELECT = radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroup= reply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE = usergroup.Username =3D 'roger' AND usergroup.GroupName =3D = radgroupreply.GroupName ORDER BY radgroupreply.id' Fri Jun 25 14:53:42 2004 : Debug: rlm_sql (sql): Released sql socket id: = 4 Fri Jun 25 14:53:42 2004 : Debug: modsingle[authorize]: returned from = sql (rlm_sql) for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall[authorize]: module "sql" = returns ok for request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall: group group returns ok for = request 7 Fri Jun 25 14:53:42 2004 : Debug: modcall: group authorize returns ok = for request 7 Fri Jun 25 14:53:42 2004 : Debug: auth.c::check_expiration entered Fri Jun 25 14:53:42 2004 : Debug: auth.c::check_expiration exited - = result=3D0 Fri Jun 25 14:53:42 2004 : Debug: rad_check_password: Found Auth-Type = Local Fri Jun 25 14:53:42 2004 : Debug: auth: type Local Fri Jun 25 14:53:42 2004 : Debug: auth: No User-Password or = CHAP-Password attribute in the request Fri Jun 25 14:53:42 2004 : Debug: auth: Failed to validate the user. Fri Jun 25 14:53:42 2004 : Auth: Login incorrect: [roger/<no = User-Password attribute>] (from client bhcn3000 port 1 cli = 00-04-75-CC-41-1F) Fri Jun 25 14:53:42 2004 : Debug: auth.c::rad_authenticate exited - = location 6 Fri Jun 25 14:53:42 2004 : Debug: proxy_send: return RLM_MODULE_NOOP = because neither a proxy nor replicate pair found Fri Jun 25 14:53:42 2004 : Debug: Delaying request 7 for 1 seconds Fri Jun 25 14:53:42 2004 : Debug: Finished request 7 Fri Jun 25 14:53:42 2004 : Debug: Going to the next request Fri Jun 25 14:53:42 2004 : Debug: --- Walking the entire request list = --- Fri Jun 25 14:53:42 2004 : Debug: Waking up in 1 seconds... Fri Jun 25 14:53:43 2004 : Debug: --- Walking the entire request list = --- Fri Jun 25 14:53:43 2004 : Debug: Waking up in 1 seconds... Fri Jun 25 14:53:44 2004 : Debug: --- Walking the entire request list = --- Sending Access-Reject of id 161 to 207.181.118.125:1026 > From the above description, it looks like the server has no >Auth-Type set, or an Auth-Type of Local, in which case all it can do >is PAP & CHAP. > >> So I changed "ok =3D return" to "ok =3D 1" and added an mschap = section >> to authorize: > > The first change shouldn't have happened. The second is OK. > Understood, thanks. > Try using "ok =3D return", and listing "mschap" in "authorize", = before >the group{} thing. That should work. > What you state is in fact the case in my radiusd.conf, but it doesn't = seem to be working the way you (or I) expect it to work. --__--__-- Message: 7 Date: Fri, 25 Jun 2004 17:32:22 -0300 (ADT) Subject: Is there some kind of trick to make Cisco LEAP work??? From: "James D. Munroe" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] <p>Hello,</p><p>Has anyone tried or successfully been able to get Cisco=A0Leap to work using FreeRadius?</p><p>Components:</p><p>- Cisco AIR-AP1230B-A-K9 Access Points running IOS 12.2.15</p><p>- Freeradius 0.9.3 installed from the Redhat ES 3.0 RPM, running on a Redhat ES 3.0 Server</p><p>If so, would it be possible to get sanitized copies of your Freeradius configuration files (radiusd.conf, users, clients.conf, etc...)?=A0 Authenication to the AP itself using radius works prefect, ha= ve even setup EAP-TLS and it works prefect!!=A0 But leap is a no good...</p><p>It's not a configuration issue on the Access Points themselves.=A0 Leap works fine when used against Cisco ACS (v3.2.3).=A0 However, for security reasons and cost of course we would like to use Freeradius for outside hosts rather than expose our internal ACS server.</p><p>Also, I have been unable to get the WDS service working between the AP's and Cisco's WLSE.=A0 I'm not surprised since it uses Lea= p.=A0 It does work though with CiscoACS...but Freeradius is a no go. :-(</p><p /><p>Any help would be greatly appreciated!!</p><p>Thanks,</p><p>Jim</p> --__--__-- Message: 8 Subject: radclient problem, apparent limit of resend count to 256 From: David Stanaway <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Date: Fri, 25 Jun 2004 16:32:04 -0500 Reply-To: [EMAIL PROTECTED] Hi, I am having some problems with using radclient to test some modifications to the radiusd. radclient -f testpacket -c 1000 10.13.77.78 -q acct s3cr3t This only logs 256 accounting packets. I think it is to do with the requestid looping. This also does not work: n=1000;i=0; time while [ $i -lt $n ]; do d=$[n-i]; [ $d -lt 256 ]||d=256; radclient -f testpacket -c $d 10.13.77.78 -q acct s3cr3t; echo $d $i $n; i=$[i+d]; done In this case, only 256 packets are logged also (That is in the detail file and in the sql accounting). Does anyone have a quick hack to benchmark the radius server? -- David Stanaway <[EMAIL PROTECTED]> --__--__-- Message: 9 From: "Gary McKinney" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Re: how to save binary values in MySQL radreply table Date: Fri, 25 Jun 2004 17:48:58 -0400 Reply-To: [EMAIL PROTECTED] Dave, You may want to check out MySQL 4.x - there is a hex() function to return a hexidecimal representation.. gm... ----- Original Message ----- From: "Dave Mason" <[EMAIL PROTECTED]> To: "freeradius mailing list" <[EMAIL PROTECTED]> Sent: Friday, June 25, 2004 2:30 PM Subject: Re: how to save binary values in MySQL radreply table > True - I need to figure out how to reverse the process. That is, I need > to send something like "0xed5e" as my attribute value. For now I'll > just use VSA as the attribute because it's not encrypted. If I set the > value in radreply to "ed5e", the server returns "65643565" to the > client, as you would expect. I need to get binary values into the table > somehow. Maybe the API is smart enough to handle binary data even if > the mysql command line client isn't? I tried prefixing each character > with "\0x" but that didnt work. > > Dave > > Alan DeKok wrote: > > >Dave Mason <[EMAIL PROTECTED]> wrote: > > > > > >>> My apologies if this has been answered before but I didn't see > >>> anything. This is basically a MySQL question. I need to save MS-MPPE > >>> attributes in the radreply table. Those have a binary value. > >> > >> > > > > Which is why they're of type "octets" in the dictionary. When the > >server prints them out, it prints them as a series of hex characters, > >which is in turn a normal ASCII string. > > > > Alan DeKok. > > > > > > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] --__--__-- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html