Thanks!
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Tuesday, September 30, 2008 2:31 PM
To: freeradius-users@lists.freeradius.org
Subject: Freeradius-Users Digest, Vol 41, Issue 141
Send Freeradius-Users mailing list submissions to
freeradius-users@lists.freeradius.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: freeradius compiled version (lastest) against active
directory authentication (Alan DeKok)
2. Re: freeradius compiled version (lastest) against active
directoryauthentication ([EMAIL PROTECTED])
3. Missing field in accounting (Arrigo Savio)
4. R: R: Logging level (Arrigo Savio)
5. Re: R: R: Logging level (Alan DeKok)
6. Re: Missing field in accounting (Alan DeKok)
7. Re: problem with ip_pools (Marco C. Coelho)
8. Re: Where do I add the config stuff to route requests based
on attributes in a request? (Arran Cudbard-Bell)
----------------------------------------------------------------------
Message: 1
Date: Tue, 30 Sep 2008 17:31:51 +0200
From: Alan DeKok <[EMAIL PROTECTED]>
Subject: Re: freeradius compiled version (lastest) against active
directory authentication
To: [EMAIL PROTECTED], FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=UTF-8
luis a wrote:
> i all ready read it and he does not work
Nonsense.
If you follow the instructions, it works.
> check it out the output
You've edited the configuration files, and broken them. Don't do that.
Start off with the default configuration files. THEN follow the
instructions.
> that warning apered after i added the line to the user config file
> DEFAULT Auth-Type = Local, Password == "stealme"
The instructions on my web site DON'T say to do that. So you're not
following the instructions.
> and also when i remplace
> DEFAULT Auth-Type = System
Can you explain why you're making nearly random changes to the
configuration files rather than following the instructions on the web site?
Alan DeKok.
------------------------------
Message: 2
Date: Tue, 30 Sep 2008 16:47:30 +0100
From: <[EMAIL PROTECTED]>
Subject: Re: freeradius compiled version (lastest) against active
directoryauthentication
To: freeradius-users@lists.freeradius.org
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-2
> Have you tried my web site (deployingradius.com) ? It has a
>"howto"
>for configuring authentication against Active Directory.
>
>i all ready read it and he does not work
>
>
>check it out the output
>
>------------------------------------
>
>
>Listening on authentication address * port 1812 Listening on accounting
>address * port 1813 Listening on proxy address * port 1814 Ready to
>process requests.
>rad_recv: Access-Request packet from host 127.0.0.1 port 49964, id=37,
length=72
> User-Name = "luis"
> User-Password = "x"
> NAS-IP-Address = xx.xx.xx.x
> NAS-Port = 0
This is a pap request. ntlm_auth is configured in mschap. Send an mschap
request. Or configure ldap "bind as user" if you are going to have pap
requests.
>
>
>
>-------------------
>and also when i remplace
>DEFAULT Auth-Type = System
>
>i get this message .
>
..
>Found Auth-Type = System
>+- entering group authenticate {...}
>[unix] invalid password "luis"
>++[unix] returns reject
>Failed to authenticate the user.
That is OK. user "luis" was found but password was wrong. But it looks like
(I still can't figure out what is it that you want to do) you don't actually
want to authenticate against local users but AD.
So what do you want to do:
- authenticate against AD?
- or against users of the local system?
- or both?
What type of requests are you going to recieve:
- pap?
- mschap (PEAP)?
- both?
Ivan Kalik
Kalik Informatika ISP
Ivan Kalik
Kalik Informatika ISP
------------------------------
Message: 3
Date: Tue, 30 Sep 2008 18:04:42 +0200
From: "Arrigo Savio" <[EMAIL PROTECTED]>
Subject: Missing field in accounting
To: "'FreeRadius users mailing list'"
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Hi everybody. I'm trying to complete the setup of freeradius 2.1.1.
I have the following problem:
When the data flow passes from authentication to accounting, I miss the
stripping of the username/realm. I mean: in first authentication step, I
have correctly splitted the username (test) from the realm (realm.com) and
infact the "INSERT INTO radpostauth" is correctly populated.
The next query, that should write into accounting table, doesn't find
%{Stripped-User-Name} and %{Realm} values, so that it put empty fields in
the table. All other fields are correct. BTW, if I put in dialer.conf
accounting query the field %{SQL-User-Name}, I find the field populated with
the whole username ([EMAIL PROTECTED], in the example below).
Can you help me, please?
Arrigo
[sql] expand: %{Stripped-User-Name} -> test
[sql] sql_set_user escaped user --> 'test'
.
++[sql] returns ok
Login OK: [EMAIL PROTECTED]/realm] (from client C831 Test port 92)
+- entering group post-auth {...}
[reply_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d ->
/var/log/radius/radacct/10.0.1.224/reply-detail-20080930
[reply_log] /var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /var/log/radius/radacct/10.0.1.224/reply-detail-20080930
[reply_log] expand: %t -> Tue Sep 30 17:53:01 2008
++[reply_log] returns ok
[sql] expand: %{Stripped-User-Name} -> test
[sql] sql_set_user escaped user --> 'test'
[sql] expand: %{User-Password} -> realm
[sql] expand: INSERT INTO radpostauth (username,
realm, pass, reply, authdate) VALUES (
'%{Stripped-User-Name}', '%{Realm}', '%{%{User-
...
++[sql] returns ok
+- entering group preacct {...}
[acct_unique] Hashing 'NAS-Port = 92,Client-IP-Address =
10.0.1.224,NAS-IP-Address = 10.0.1.224,Acct-Session-Id =
"000000D8",User-Name = "[EMAIL PROTECTED]"'
[acct_unique] Acct-Unique-Session-ID = "1bdfdc3b2335277d".
++[acct_unique] returns ok
+- entering group accounting {...}
[detail] expand:
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/radius/radacct/10.0.1.224/detail-20080930
[detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radius/radacct/10.0.1.224/detail-20080930
[detail] expand: %t -> Tue Sep 30 17:53:01 2008
++[detail] returns ok
[sql] expand: %{Stripped-User-Name} ->
[sql] sql_set_user escaped user --> ''
[sql] expand: %{Acct-Delay-Time} -> 0
[sql] expand: INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm, nasipaddress,
nasportid, nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets, calledstationid,
callingstationid, acctterminatecause,
servicetype, framedprotocol, framedipaddress,
acctstartdelay, acctstopdelay, xascendsessionsvrkey) VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{Stripped-User-Name}', '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}', '%{NAS-Port-Type}', '%S', NULL,
'0', '%{Acct-Authentic}', '%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}', '%{Calling-Station-Id}', '', '%{Service-Type}',
'%{Framed-Protocol}', '%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket
id: 1
++[sql] returns ok
Arrigo
------------------------------
Message: 4
Date: Tue, 30 Sep 2008 18:07:32 +0200
From: "Arrigo Savio" <[EMAIL PROTECTED]>
Subject: R: R: Logging level
To: "'FreeRadius users mailing list'"
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
I read all comments, and tried to give some permission on the files, but I
still receive the error pasted...
I read in docs that:
# If not set, then ANYONE can connect to the control socket,
# and have complete control over the server. This is likely
# not what you want.
I tried to comment out the parameters, but it doesn't work anyway.
Arrigo.
-----Messaggio originale-----
Da: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Per
conto di Alan DeKok
Inviato: marted? 30 settembre 2008 8.43
A: FreeRadius users mailing list
Oggetto: Re: R: Logging level
Arrigo Savio wrote:
> radmin> set
> ERROR: You do not have write permission.
>
> Where can I specify this permission?
Read the example configuration file in
raddb/sites-available/control-socket.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
------------------------------
Message: 5
Date: Tue, 30 Sep 2008 18:15:39 +0200
From: Alan DeKok <[EMAIL PROTECTED]>
Subject: Re: R: R: Logging level
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Arrigo Savio wrote:
> I read all comments, and tried to give some permission on the files,
> but I still receive the error pasted...
> I read in docs that:
> # If not set, then ANYONE can connect to the control socket,
> # and have complete control over the server. This is likely
> # not what you want.
> I tried to comment out the parameters, but it doesn't work anyway.
Did you see the "access_mode" parameter? Are you sure you're using 2.1.1?
Are you sure you're looking at the configuration files that are included in
2.1.1?
Alan DeKok.
------------------------------
Message: 6
Date: Tue, 30 Sep 2008 18:18:12 +0200
From: Alan DeKok <[EMAIL PROTECTED]>
Subject: Re: Missing field in accounting
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Arrigo Savio wrote:
> Hi everybody. I'm trying to complete the setup of freeradius 2.1.1.
> I have the following problem:
> When the data flow passes from authentication to accounting, I miss
> the stripping of the username/realm.
You need to copy the *same* User-Name re-writing rules from the
"authorize" section into the "preacct" section.
I mean: in first authentication step, I
> have correctly splitted the username (test) from the realm (realm.com)
> and infact the "INSERT INTO radpostauth" is correctly populated.
> The next query,
There is no "next query". There is another packet, which is an
*accounting* packet, and not an *authentication* packet.
Alan DeKok.
------------------------------
Message: 7
Date: Tue, 30 Sep 2008 12:35:11 -0500
From: "Marco C. Coelho" <[EMAIL PROTECTED]>
Subject: Re: problem with ip_pools
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Please See Below:
Alan DeKok wrote:
> Marco C. Coelho wrote:
>
>> I ran out of IP space in my original IP_Pool, and since the next
>> available addresses were non contiguous, I added a second pool.
>> Here's the snippet of my radiusd.conf:
>>
>
> Did you add "main_pool2" to the "post-auth" && accounting sections
> where "main_pool" was referenced?
>
No. After I added it and corrected the operand to := it now issues the new
addresses. Thanks!
> Did you put "main_pool" and "main_pool" into a fail-over section, as
> documented in "man unlang" ?
>
No, and I must be blind, because I have read the section and cannot find
mention of it.
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<https://lists.freeradius.org/pipermail/freeradius-users/attachments/2008093
0/b452579b/attachment.html>
------------------------------
Message: 8
Date: Tue, 30 Sep 2008 19:30:26 +0100
From: Arran Cudbard-Bell <[EMAIL PROTECTED]>
Subject: Re: Where do I add the config stuff to route requests based
on attributes in a request?
To: FreeRadius users mailing list
<freeradius-users@lists.freeradius.org>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Alan DeKok wrote:
> Peter Eriksson wrote:
>> Now the question is - what do I write and in which config files to
>> use this?
>
> $ man unlang
>
>> The attribute typically looks like this:
>>
>> Called-Station-Id = "00-17-9A-D3-9A-BA:IFM"
>
> if (Called-Station-Id =~ /regex/) {
> update control {
> Proxy-To-Realm := "foo"
> }
> }
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
http://www.ja.net/documents/services/janet-roaming/sussex-freeradius-case-st
udy.pdf
JRS is the JANET implementation of Eduroam.
Thanks,
Arran
- --
Arran Cudbard-Bell ([EMAIL PROTECTED]), Authentication,
Authorisation and Accounting Officer, Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -----BEGIN PGP
SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkjicEIACgkQcaklux5oVKJVggCeIR2DQF7hZhCY3Fv+NEFebe+0
UOYAniJIG0wb66DzNlik1IDWIayeJro7
=98US
-----END PGP SIGNATURE-----
------------------------------
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 41, Issue 141
*************************************************
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
