my radius.conf file is
# the check-name attribute before any module which sets # it # daily } # Authorization. First preprocess (hints and huntgroups files), # then realms, and finally look in the "users" file. # # The order of the realm modules will determine the order that # we try to find a matching realm. # # Make *sure* that 'preprocess' comes before any realm if you # need to setup hints for the remote radius server authorize { # # The preprocess module takes care of sanitizing some bizarre # attributes in the request, and turning them into attributes # which are more standard. # # It takes care of processing the 'raddb/hints' and the # 'raddb/huntgroups' files. # # It also adds the %{Client-IP-Address} attribute to the request. preprocess # # If you want to have a log of authentication requests, # un-comment the following line, and the 'detail auth_log' # section, above. # auth_log # attr_filter # # The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set chap # # If the users are logging in with an MS-CHAP-Challenge # attribute for authentication, the mschap module will find # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' # to the request, which will cause the server to then use # the mschap module for authentication. mschap # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authenticate' section. # digest # # Look for IPASS style 'realm/', and if not found, look for # '@realm', and decide whether or not to proxy, based on # that. # IPASS # # If you are using multiple kinds of realms, you probably # want to set "ignore_null = yes" for all of them. # Otherwise, when the first style of realm doesn't match, # the other styles won't be checked. # suffix # ntdomain # # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP # authentication. # # It also sets the EAP-Type attribute in the request # attribute list to the EAP type from the packet. eap # # Read the 'users' file files # # Look in an SQL database. The schema of the database # is meant to mirror the "users" file. # # See "Authorization Queries" in sql.conf sql noresetcounter dailycounter monthlycounter # # If you are using /etc/smbpasswd, and are also doing # mschap authentication, the un-comment this line, and # configure the 'etc_smbpasswd' module, above. # etc_smbpasswd # # The ldap module will set Auth-Type to LDAP if it has not # already been set # ldap # # Enforce daily limits on time spent logged in. # daily # # Use the checkval module # checkval # # As of 1.1.4, you should list "pap" last in this section. # See "man rlm_pap" for more information. pap } # Authentication. # # # This section lists which modules are available for authentication. # Note that it does NOT mean 'try each module in order'. It means # that a module from the 'authorize' section adds a configuration # attribute 'Auth-Type := FOO'. That authentication type is then # used to pick the apropriate module from the list below. # # In general, you SHOULD NOT set the Auth-Type attribute. The server # will figure it out on its own, and will do the right thing. The # most common side effect of erroneously setting the Auth-Type # attribute is that one authentication method will work, but the # others will not. # # The common reasons to set the Auth-Type attribute by hand # is to either forcibly reject the user, or forcibly accept him. # authenticate { # # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. Auth-Type PAP { pap } # # Most people want CHAP authentication # A back-end database listed in the 'authorize' section # MUST supply a CLEAR TEXT password. Encrypted passwords # won't work. Auth-Type CHAP { chap } # # MSCHAP authentication. Auth-Type MS-CHAP { mschap } # # If you have a Cisco SIP server authenticating against # FreeRADIUS, uncomment the following line, and the 'digest' # line in the 'authorize' section. # digest # # Pluggable Authentication Modules. # pam # # See 'man getpwent' for information on how the 'unix' # module checks the users password. Note that packets # containing CHAP-Password attributes CANNOT be authenticated # against /etc/passwd! See the FAQ for details. # unix # Uncomment it if you want to use ldap for authentication # # Note that this means "check plain-text password against # the ldap database", which means that EAP won't work, # as it does not supply a plain-text password. # Auth-Type LDAP { # ldap # } # # Allow EAP authentication. eap } # # Pre-accounting. Decide which accounting type to use. # preacct { preprocess # # Ensure that we have a semi-unique identifier for every # request, and many NAS boxes are broken. acct_unique # # Look for IPASS-style 'realm/', and if not found, look for # '@realm', and decide whether or not to proxy, based on # that. # # Accounting requests are generally proxied to the same # home server as authentication requests. # IPASS suffix # ntdomain # # Read the 'acct_users' file files } # # Accounting. Log the accounting data. # accounting { # # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. detail # daily # Update the wtmp file # # If you don't use "radlast", you can delete this line. unix # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There is little we can do about it. radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. # main_pool # # Log traffic to an SQL database. # # See "Accounting queries" in sql.conf sql # # Instead of sending the query to the SQL server, # write it into a log file. # # sql_log # Cisco VoIP specific bulk accounting # pgsql-voip } # Session database, used for checking Simultaneous-Use. Either the radutmp # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { #radutmp # # See "Simultaneous Use Checking Querie" in sql.conf sql } # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth { # Get an address from the IP Pool. # main_pool # # If you want to have a log of authentication replies, # un-comment the following line, and the 'detail reply_log' # section, above. # reply_log # # After authenticating the user, do another SQL query. # # See "Authentication Logging Queries" in sql.conf sql # # Instead of sending the query to the SQL server, # write it into a log file. # # sql_log # # Un-comment the following if you have set # 'edir_account_policy_check = yes' in the ldap module sub-section of # the 'modules' section. # # ldap # # Access-Reject packets are sent through the REJECT sub-section of the # post-auth section. # Uncomment the following and set the module name to the ldap instance # name if you have set 'edir_account_policy_check = yes' in the ldap # module sub-section of the 'modules' section. # # Post-Auth-Type REJECT { # insert-module-name-here # } } # # When the server decides to proxy a request to a home server, # the proxied request is first passed through the pre-proxy # stage. This stage can re-write the request, or decide to # cancel the proxy. # # Only a few modules currently have this method. # pre-proxy { # attr_rewrite # Uncomment the following line if you want to change attributes # as defined in the preproxy_users file. # files # If you want to have a log of packets proxied to a home # server, un-comment the following line, and the # 'detail pre_proxy_log' section, above. # pre_proxy_log } # # When the server receives a reply to a request it proxied # to a home server, the request may be massaged here, in the # post-proxy stage. # post-proxy { # If you want to have a log of replies from a home server, # un-comment the following line, and the 'detail post_proxy_log' # section, above. # post_proxy_log # attr_rewrite # Uncomment the following line if you want to filter replies from # remote proxies based on the rules defined in the 'attrs' file. # attr_filter # # If you are proxying LEAP, you MUST configure the EAP # module, and you MUST list it here, in the post-proxy # stage. # # You MUST also use the 'nostrip' option in the 'realm' # configuration. Otherwise, the User-Name attribute # in the proxied request will not match the user name # hidden inside of the EAP packet, and the end server will # reject the EAP request. # eap } [EMAIL PROTECTED] ~]# [EMAIL PROTECTED] wrote: Something to do with Simultaneous-Use. But without config etc. ... Ivan Kalik Kalik Informatika ISP Dana 6/3/2007, "satish patel" pi¹e: >what is the errror i have useing freeradius + MSSQL > > >Tue Mar 6 17:22:34 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] >(from client cisco port 761) >Tue Mar 6 17:22:35 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from >client cisco port 528) >Tue Mar 6 17:22:36 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mesmedical/] (from client cisco port 290) >Tue Mar 6 17:22:37 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] >(from client cisco port 242) >Tue Mar 6 17:22:38 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from >client cisco port 1004) >Tue Mar 6 17:22:38 2007 : Auth: Multiple logins (max 1) : [mlpm268/] (from >client cisco port 1101) >Tue Mar 6 17:22:39 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] >(from client cisco port 851) >Tue Mar 6 17:22:39 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mesmedical/] (from client cisco port 1012) >Tue Mar 6 17:22:41 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from >client cisco port 780) >Tue Mar 6 17:22:41 2007 : Auth: Multiple logins (max 1) : [mlpm268/] (from >client cisco port 670) >Tue Mar 6 17:22:42 2007 : Auth: Multiple logins (max 1) : [mlpm629/] (from >client cisco port 303) >Tue Mar 6 17:22:43 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] >(from client cisco port 826) >Tue Mar 6 17:22:43 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mesmedical/] (from client cisco port 964) >Tue Mar 6 17:22:44 2007 : Auth: Multiple logins (max 1) : [mlpm268/] (from >client cisco port 690) >Tue Mar 6 17:22:44 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from >client cisco port 147) >Tue Mar 6 17:22:46 2007 : Auth: Multiple logins (max 1) : [mlpm138/] (from >client cisco port 150) >Tue Mar 6 17:22:49 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] >(from client cisco port 83) >Tue Mar 6 17:22:50 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mesmedical/] (from client cisco port 1091) >Tue Mar 6 17:22:51 2007 : Auth: Multiple logins (max 1) : [mlpm268/] (from >client cisco port 1002) >Tue Mar 6 17:22:52 2007 : Auth: Multiple logins (max 1) : [mlpm629/] (from >client cisco port 1023) >Tue Mar 6 17:22:52 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] >(from client cisco port 687) >Tue Mar 6 17:22:54 2007 : Auth: Multiple logins (max 1) : [mlpm532/] (from >client cisco port 693) >Tue Mar 6 17:22:55 2007 : Auth: Multiple logins (max 1) : [mlpm143/akshaya] >(from client cisco port 94) >Tue Mar 6 17:22:59 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mesmedical/] (from client cisco port 713) >Tue Mar 6 17:23:00 2007 : Auth: Multiple logins (max 1) : [mlpm173/] (from >client cisco port 647) >Tue Mar 6 17:23:05 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mlpm138/] (from client cisco port 646) >Tue Mar 6 17:23:05 2007 : Auth: Multiple logins (max 1) : [mlpm143/akshaya] >(from client cisco port 958) >Tue Mar 6 17:23:07 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mesmedical/] (from client cisco port 98) >Tue Mar 6 17:23:09 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mlpm138/] (from client cisco port 600) >Tue Mar 6 17:23:11 2007 : Auth: Multiple logins (max 1) : [mlpm085/] (from >client cisco port 894) >Tue Mar 6 17:23:11 2007 : Auth: Login incorrect (rlm_chap: Wrong user >password): [mesmedical/] (from client cisco port 7 > > >$ cat ~/satish/url.txt > >System administrator ( Data Center ) > >please visit this site > >http://linux.tulipit.com > >--------------------------------- > Heres a new way to find what you're looking for - Yahoo! Answers > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com --------------------------------- Heres a new way to find what you're looking for - Yahoo! Answers
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html