Re: Ericsson Tigris and FreeRadius
Yes, its a bug in the tigris. Put this in your users file. ACC_DEFAULT Password = "radiussecret" Framed-Protocol = PPP, Service-Type = Framed-User, Framed-IP-Address = 255.255.255.254, Framed-Compression = Van-Jacobson-TCP-IP Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 23, 2002 12:10 AM Subject: Re: Ericsson Tigris and FreeRadius > At 06:36 PM 4/22/2002 +0800, Patrick Chan wrote: > > >Dear all, > > > >I am using Ericsson Tigris and FreeRadius 0.5 > > > >I have set the clients, users and proxy.conf > >proxy.conf is as follows: > >realm domain1 { > > type= radius > > authhost= LOCAL > > accthost= LOCAL > >} > > > >I don't know why the username is always "ACC_DEFAULT" > >when debug mode is enabled. And authentication is never successful. > > Because that is how the NAS is sending it. It's a problem with the NAS, > not with the server. > > -Chris > > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: delete_blocked_requests and Unresponsive child
Marco Steinacher <[EMAIL PROTECTED]> wrote: > >From time to time I get the following error in the radiusd logfile: > > Mon Apr 22 20:17:50 2002 : Error: WARNING: Unresponsive child (id 2051) for > request 338 > > After that warning there is a radiusd process that uses up to 99% of the cpu. > Only restarting the radiusd service cleans that. As always, my response is "find out why the child threads are blocked." > The system is a production system and should not crash. The max_request_time > limit is set to 60 seconds. Two NAS use this radius server; a cisco and a > portmaster that are connected via fast ethernet. There are not many requests > so that I don't think that it could be a performance problem. The problem isn't the NAS. It's probably the back-end databases that the RADIUS server is talking to. Think about it for a second. It's taking SIXTY SECONDS to authenticate a user? What the heck is going on in your system? > BTW: We're talking about radiusd-0.5 Try removing modules that you don't use from 'radiusd.conf'. One report was that rlm_counter caused slowdowns. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + Ldap
hi all i installing a freradius with Ldap suport. the radius.conf file i put the directives that my ldap server and etc ... how can i test the ldap autentication tanks Alexandre - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
"Zohar Ram" <[EMAIL PROTECTED]> wrote: > > %C clientname Did you make a name in the 'clients' file? > Actualy, I did try this one.. > no result At this point, I agree that there is probably no way for you to do exactly what you want, in the existing server. Happily, you have source code access. Patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
hmmm. > *snip* > > > %C clientname > > *snip* Actualy, I did try this one.. no result Zohar - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 8:49 PM Subject: Re: naslist > At 09:34 PM 4/22/2002 +0200, Zohar Ram wrote: > >I've done all that already, > >I have downloaded the new version and I do have 'doc/variables.txt' . > >Yet, looking at it did not give me a clue of what should be replacing the > >"Client-IP-Address" in order to get the 'shortname' parameter from the > >naslist file. > > > >from the man of naslist : > > shortname > > This field is optional, and declares a short alias for > >the NAS. It is used in the /var/log/radwtmp > > accounting file, and to build the directory name for the > >accounting detail file. > > Hmmm, that documentation is a bit out of date. > > >I did not see any variable that has to do with that parameter on the > >radius.conf file nor the variables file... > > > >I did try : %{Attribute-Name} > > Uhh, I hope you are kidding... You have to put an actual radius > attribute inplace of 'Attribute-Name'. Its a fill in the blank. > > >but I guess I do miss something here... > > (could be that the variables.txt file is not a complete one?) > > Nope. It's complete. > > >this is from the variables.txt file : > > *snip* > > > %C clientname > > *snip* > > -Chris > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
delete_blocked_requests and Unresponsive child
Hi all >From time to time I get the following error in the radiusd logfile: Mon Apr 22 20:17:50 2002 : Error: WARNING: Unresponsive child (id 2051) for request 338 After that warning there is a radiusd process that uses up to 99% of the cpu. Only restarting the radiusd service cleans that. I had a look at the radiusd.c sourcecode and if I am right this warning will be printed if the max_request_time is reached and delete_blocked_requests ist set to no. Now I'm asking myself if I should set delete_blocked_requests to 'yes' to avoid this problem. But I'm not shure because of the warning "Setting it to 'yes' when using a threaded server MAY cause the server to crash!" in the configuration file. The server runs with a thread pool. The system is a production system and should not crash. The max_request_time limit is set to 60 seconds. Two NAS use this radius server; a cisco and a portmaster that are connected via fast ethernet. There are not many requests so that I don't think that it could be a performance problem. Any ideas? What would you do? How could I debug that? What could make this child processes crashing/using too much time? BTW: We're talking about radiusd-0.5 Thanks for listening Marco -- WebSource Internet Services - www.websource.ch Kontakt/PGP-Keys: www.websource.ch/kontakt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
At 09:34 PM 4/22/2002 +0200, Zohar Ram wrote: >I've done all that already, >I have downloaded the new version and I do have 'doc/variables.txt' . >Yet, looking at it did not give me a clue of what should be replacing the >"Client-IP-Address" in order to get the 'shortname' parameter from the >naslist file. > >from the man of naslist : > shortname > This field is optional, and declares a short alias for >the NAS. It is used in the /var/log/radwtmp > accounting file, and to build the directory name for the >accounting detail file. Hmmm, that documentation is a bit out of date. >I did not see any variable that has to do with that parameter on the >radius.conf file nor the variables file... > >I did try : %{Attribute-Name} Uhh, I hope you are kidding... You have to put an actual radius attribute inplace of 'Attribute-Name'. Its a fill in the blank. >but I guess I do miss something here... > (could be that the variables.txt file is not a complete one?) Nope. It's complete. >this is from the variables.txt file : *snip* > %C clientname *snip* -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
I've done all that already, I have downloaded the new version and I do have 'doc/variables.txt' . Yet, looking at it did not give me a clue of what should be replacing the "Client-IP-Address" in order to get the 'shortname' parameter from the naslist file. from the man of naslist : shortname This field is optional, and declares a short alias for the NAS. It is used in the /var/log/radwtmp accounting file, and to build the directory name for the accounting detail file. I did not see any variable that has to do with that parameter on the radius.conf file nor the variables file... I did try : %{Attribute-Name} but I guess I do miss something here... (could be that the variables.txt file is not a complete one?) this is from the variables.txt file : --- The variables defined by the server are: %{Attribute-Name} Corresponding value for Attribute-Name in request %{request:Attribute-Name} Corresponding value for Attribute-Name in request %{reply:Attribute-Name} Corresponding value for Attribute-Name in reply %{proxy-reply:Attribute-Name} Corresponding value for Attribute-Name in the proxy reply (if it exists) The following one-character variables are also defined. However, they are duplicates of the previous general cases, and are only provided for backwards compatibility. They may be removed in a future release. (note: "They may be removed in a future release." !!!) (Zohar) %a Protocol (SLIP/PPP) %c Callback-Number %d request day (DD) %f Framed IP address %i Calling Station ID %l request timestamp %m request month (MM) %n NAS IP address %p Port number %s Speed (PW_CONNECT_INFO) %t request in ctime format %u User name %A radacct_dir %C clientname %D request date (MMDD) %L radlog_dir %M MTU %R radius_dir %S request timestamp in SQL format %T request timestamp in database format %U Stripped User name %V Request-Authenticator (Verified/None) %Y request year () %Z All request attributes except password (must have big buffer) --- regards Zohar Ram Development & Networking Knet -- Tel: 03-6233640/658 Mobile: 972-52-755-641 Email: [EMAIL PROTECTED] -- - Original Message - From: "Chris Parker" <[EMAIL PROTECTED]> To: "Zohar Ram" <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 8:05 PM Subject: Re: naslist > At 09:07 PM 4/22/2002 +0200, Zohar Ram wrote: > >I understood that, > > but I can't seem to find the string which goes in there > > > >I must be blind or something... > > detailfile = ${radacctdir}/%{Client-IP-Address}/detail > > Which part of "Client-IP-Address" is hard to figure out? Also, follow > alan's instructions to download a semi-recent version, which contains > the 'doc/variables.txt' file. That lists all of your options for putting > in the line. > > Nobody is going to tell you what the answer is. You've been given pointers > to where you can find the answer. Finding the answer will require you to > do some homework and possibly some testing. > > -Chris > > -- > \\\|||/// \ StarNet Inc. \Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
At 08:14 PM 4/22/2002 +0200, Zohar Ram wrote: >well, > >When using Cistron radius , the directories are created by the radius for >accounting under /var/log/radacct >were named by the IP of the NAS or it's backresolve ptr. once I configured >the naslist file, the directories >names were to be created as the description of the NAS on that file. READ YOUR 'radiusd.conf' FILE There is a module called 'detail'. You can configure how/where it logs the detail files: detailfile = ${radacctdir}/%{Client-IP-Address}/detail If you want it stored in a different naming scheme, you will need to modify that file. Nothing else will accomplish it. You need to make these changes. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
well, When using Cistron radius , the directories are created by the radius for accounting under /var/log/radacct were named by the IP of the NAS or it's backresolve ptr. once I configured the naslist file, the directories names were to be created as the description of the NAS on that file. Since I collect all logs once a day into a single file which then uploaded into database, all directories are deleted , and the radius recreates them when login accurse. (that is the reason a link is not a good solution for me, also the naslist IS generated from a database which could be changed too). In order to debug on the particular day (before logs are moved) it would be easier to get the NAS name instead of it's IP (since I have over 150 NASs). (let me know if you need more information ...) thanks :) regards Zohar Ram Development & Networking Knet -- Tel: 03-6233640/658 Mobile: 972-52-755-641 Email: [EMAIL PROTECTED] -- - Original Message - From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 5:52 PM Subject: Re: naslist > I just created the directories in /var/log/radacct > to be the nas name I wanted then created links for the IP's of the NAS to > point to the right directory. I also might be misunderstanding what your > point was, so ignore me if this is the case ;-). > > -- > Jay DeSotel > Systems Administrator > InterLink L.C. > <[EMAIL PROTECTED]> > Voice-(319)524-2895 > Fax-(319)524-3175 > > On Mon, 22 Apr 2002, Zohar Ram wrote: > > > um, > > > > I don't have that file (variables.txt) under doc nor I can find it on the > > website.. > > > > > > regards > > Zohar Ram > > Development & Networking > > Knet > > -- > > Tel: 03-6233640/658 > > Mobile: 972-52-755-641 > > Email: [EMAIL PROTECTED] > > -- > > > > - Original Message - > > From: "Alan DeKok" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, April 22, 2002 5:30 PM > > Subject: Re: naslist > > > > > > "Zohar Ram" <[EMAIL PROTECTED]> wrote: > > > I've configured all my /etc/raddb/naslist to hold all NAS ip's description > > > and type, yet on my logs (/var/log/radacct ) > > > I get the IP as the directory and not the description. > > > > You can configure the directory names that get created in > > radiusd.conf. The default is to use IP's. > > > > See 'doc/variables.txt' for more information. > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
"Zohar Ram" <[EMAIL PROTECTED]> wrote: > In order to debug on the particular day (before logs are moved) it > would be easier to get the NAS name instead of it's IP (since I have > over 150 NASs). You can configure the server to do that. *read* the configuration files. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
"Zohar Ram" <[EMAIL PROTECTED]> wrote: > I don't have that file (variables.txt) under doc nor I can find it on the > website.. Upgrade to a version of the server which *does* have that file. 0.5 has it, and the latest CVS snapshot has it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
I just created the directories in /var/log/radacct to be the nas name I wanted then created links for the IP's of the NAS to point to the right directory. I also might be misunderstanding what your point was, so ignore me if this is the case ;-). -- Jay DeSotel Systems Administrator InterLink L.C. <[EMAIL PROTECTED]> Voice-(319)524-2895 Fax-(319)524-3175 On Mon, 22 Apr 2002, Zohar Ram wrote: > um, > > I don't have that file (variables.txt) under doc nor I can find it on the > website.. > > > regards > Zohar Ram > Development & Networking > Knet > -- > Tel: 03-6233640/658 > Mobile: 972-52-755-641 > Email: [EMAIL PROTECTED] > -- > > - Original Message - > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, April 22, 2002 5:30 PM > Subject: Re: naslist > > > "Zohar Ram" <[EMAIL PROTECTED]> wrote: > > I've configured all my /etc/raddb/naslist to hold all NAS ip's description > > and type, yet on my logs (/var/log/radacct ) > > I get the IP as the directory and not the description. > > You can configure the directory names that get created in > radiusd.conf. The default is to use IP's. > > See 'doc/variables.txt' for more information. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: naslist
um, I don't have that file (variables.txt) under doc nor I can find it on the website.. regards Zohar Ram Development & Networking Knet -- Tel: 03-6233640/658 Mobile: 972-52-755-641 Email: [EMAIL PROTECTED] -- - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, April 22, 2002 5:30 PM Subject: Re: naslist "Zohar Ram" <[EMAIL PROTECTED]> wrote: > I've configured all my /etc/raddb/naslist to hold all NAS ip's description > and type, yet on my logs (/var/log/radacct ) > I get the IP as the directory and not the description. You can configure the directory names that get created in radiusd.conf. The default is to use IP's. See 'doc/variables.txt' for more information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: FreeRADIUS on a Solaris platform
Sinnwell Wolfgang EXT <[EMAIL PROTECTED]> wrote: > please see below for detailed data. OK. I've found a logic bug in src/lib/radius.c. It was incrementing the length of the tunnel attribute, even when it wasn't putting a tag in the attribute. Grab the CVS snapshot from tonight, or from anonymous CVS now, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
naslist
Hello, I've configured all my /etc/raddb/naslist to hold all NAS ip's description and type, yet on my logs (/var/log/radacct ) I get the IP as the directory and not the description. any idea? TIA. regards Zohar Ram Development & Networking Knet -- Tel: 03-6233640/658 Mobile: 972-52-755-641 Email: [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with Oracle = crash
At 03:51 PM 4/21/2002 +0300, Michael Vasilenko wrote: >Hello > >I'm trying to setup FreeRadius working with remote Oracle Database >from the command line - sqlplus - all fine, I can do select, insert, etc > >RH Linux 7.2, Local Oracle is 8.1.7, Remote is 8.0.5 > >FreeRadius dump a core with following output Are you running the latest CVS version? A bug was recently fixed with this driver/module. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: mysql + ms-chap2 - help me
At 10:06 AM 4/22/2002 +0400, rust wrote: >Hello Chris, > >Friday, April 19, 2002, 6:14:12 PM, you wrote: > >CP> At 12:17 PM 4/19/2002 +0400, rust wrote: > >>Hello freeradius-users, > >> > >> > >>I build pppd with radius.so plugin and it work with freeradius and PAP > >>auth with > >>encrypted passwords in mysql base. > >>Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2 > >> > >>I add user "rust" with pass "qwerty" in table radcheck in database radius > >> > >> > > >> > >> id UserName AttributeValue > >> 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE > >CP> You should add an Auth-Type := MS-CHAP ( don't forget about the operator >CP> column ). > > >What must be in op. column?? The operator. See 'man users'. It can ==, !=, :=, etc. And, you made two conflicting changes. Try putting back the original LM-Password. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ericsson Tigris and FreeRadius
At 06:36 PM 4/22/2002 +0800, Patrick Chan wrote: >Dear all, > >I am using Ericsson Tigris and FreeRadius 0.5 > >I have set the clients, users and proxy.conf >proxy.conf is as follows: >realm domain1 { > type= radius > authhost= LOCAL > accthost= LOCAL >} > >I don't know why the username is always "ACC_DEFAULT" >when debug mode is enabled. And authentication is never successful. Because that is how the NAS is sending it. It's a problem with the NAS, not with the server. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: FreeRADIUS on a Solaris platform
Hello Alan, please see below for detailed data. Regards Wolfgang "users" data: [EMAIL PROTECTED] Auth-Type := Local, User-Password == "l2tp" Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-Routing = None, Filter-Id = "std.ppp", Framed-MTU = 1500, Framed-Compression = None, Tunnel-Type:0 = 3, Tunnel-Medium-Type:0 = 1, Tunnel-Client-Endpoint:0 = 153.92.29.2, Tunnel-Server-Endpoint:0 = 153.92.28.17, Tunnel-Client-Auth-Id:0 = olli, Tunnel-Server-Auth-Id:0 = raclet.l2tp.com, Tunnel-Assignment-Id:0 = 200 freeradius server trace: --- Walking the entire request list --- Cleaning up request 3 ID 3 with timestamp 3cc3f7ef Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 153.92.29.2:1812, id=4, length=111 User-Password = "\323\246$\331(y\rSOhi\370\362?B" User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User Framed-Protocol = PPP NAS-Port = 2 NAS-Port-Type = Virtual NAS-Identifier = "MAC address" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm l2tp.com for User-Name = "[EMAIL PROTECTED]" rlm_realm: No such realm l2tp.com modcall[authorize]: module "suffix" returns noop users: Matched [EMAIL PROTECTED] at 93 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 4 to 153.92.29.2:1812 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-Routing = None Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = None Tunnel-Type:0 = L2TP Tunnel-Medium-Type:0 = IP Tunnel-Client-Endpoint:0 = "153.92.29.2" Tunnel-Server-Endpoint:0 = "153.92.28.17" Tunnel-Client-Auth-Id:0 = "olli" Tunnel-Server-Auth-Id:0 = "raclet.l2tp.com" Tunnel-Assignment-Id:0 = "200" Finished request 4 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 4 with timestamp 3cc3f7fa Nothing to do. Sleeping until we see a request. ethereal packet dump: User Datagram Protocol, Src Port: radius (1812), Dst Port: radius (1812) Source port: radius (1812) Destination port: radius (1812) Length: 145 Checksum: 0xba2d (correct) Radius Protocol Code: Access Accept (2) Packet identifier: 0x1 (1) Length: 137 Authenticator Attribute value pairs t:Service Type(6) l:6, Value:Framed t:Framed Protocol(7) l:6, Value:PPP t:Framed IP Address(8) l:6, Value:255.255.255.254 t:Framed Routing(10) l:6, Value:None t:Filter Id(11) l:9, Value:"std.ppp" t:Framed MTU(12) l:6, Value:1500 t:Framed Compression(13) l:6, Value:None t:Tunnel Type(64) l:6, Value:L2TP t:Tunnel Medium Type(65) l:6, Value:IPv4 t:Tunnel Client Endpoint(66) l:14, Value:"153.92.29.2C" t:Login Service(15) l:49, Value:Undefined (892546617) 08 00 3e ff ff 85 08 00 20 f0 b1 77 08 00 45 00 ..>. ..w..E. 0010 00 a5 e2 71 40 00 ff 11 2d 18 99 5c 1c 03 99 5c ...q@...-..\...\ 0020 1d 02 07 14 07 14 00 91 ba 2d 02 01 00 89 fb 35 .-.5 0030 38 8b 0b 17 8a 7a 66 43 d8 ea cb 4e e0 20 06 06 8zfC...N. .. 0040 00 00 00 02 07 06 00 00 00 01 08 06 ff ff ff fe 0050 0a 06 00 00 00 00 0b 09 73 74 64 2e 70 70 70 0c std.ppp. 0060 06 00 00 05 dc 0d 06 00 00 00 00 40 06 00 00 00 ...@ 0070 03 41 06 00 00 00 01 42 0e 31 35 33 2e 39 32 2e .A.B.153.92. < 42 0e 32 35 ... --> 0e is wrong 0080 32 39 2e 32 43 0f 31 35 33 2e 39 32 2e 32 38 2e 29.2C.153.92.28. < 43 0f 32 35 ... --> 0f is wrong 0090 31 37 5a 07 6f 6c 6c 69 5b 12 72 61 63 6c 65 74 17Z.olli[.raclet 00a0 2e 6c 32 74 70 2e 63 6f 6d 52 06 32 30 30 ff 1b .l2tp.comR.200.. 00b0 9a 30 7f .0. > -Ursprüngliche Nachricht- > Von: Alan DeKok [SMTP:[EMAIL PROTECTED]] > Gesendet am: Freitag, 19. April 2002 19:40 > An: [EMAIL PROTECTED] > Betreff: Re: FreeRADIUS on a Solaris platform > > Sinnwell Wolfgang EXT <[EMAIL PROTECTED]> wrote: > > I have a similar problem with malformed Access-Accept on Solaris when > > using specific tunnel attributes like Tunnel-Client-Endpoint. > > The attribute length is wrong. > > Do you have sample packets/config to reproduce this
Ericsson Tigris and FreeRadius
Title: Ericsson Tigris and FreeRadius Dear all, I am using Ericsson Tigris and FreeRadius 0.5 I have set the clients, users and proxy.conf proxy.conf is as follows: realm domain1 { type = radius authhost = LOCAL accthost = LOCAL } I don't know why the username is always "ACC_DEFAULT" when debug mode is enabled. And authentication is never successful. rad_recv: Access-Request packet from host 192.168.99.1:8009, id=3, length=93 User-Name = "ACC_DEFAULT" User-Password = "\333`9\375\001\353"z8\217e\261\310d6" NAS-Port = 65536 NAS-Port-Type = Async Acc-Request-Type = 37 Service-Type = Framed-User Framed-Protocol = PPP NAS-IP-Address = 192.168.99.1 rad_recv: Access-Request packet from host 192.168.99.1:8009, id=3, length=93 Sending duplicate authentication reply to client 192.168.99.1:8009 - ID: 3 Sending Access-Reject of id 3 to 192.168.99.1:8009 Sending Access-Reject of id 3 to 192.168.99.1 Thanks. Patrick Chan
Re[3]: mysql + ms-chap2 - help me
Dear rust, --Monday, April 22, 2002, 10:06:59 AM, you wrote to [EMAIL PROTECTED]: r> I change from r> authorize { r> preprocess r> suffix r> mschap r> sql r> } r> to r> authorize { r> preprocess r> suffix r> sql r> mschap r> } r> Table radcheck in database radius r> r> id UserName Attribute Value op r> 1 rust Password 598DDCE2660D3193AAD3B435B51404EE Now MS-CHAP is called for authentication but it fails due to invalid password. It looks like you've missed Password and NT-Password or LM-Password. Password is cleartext password. If you want to use LM, NT or both you should use 2 attributes LM-Password and NT-Password instead of Password. r> and i have now: r> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. r> Ready to process requests. r> rad_recv: Access-Request packet from host 192.168.200.1:4539, id=57, length=132 r> Service-Type = Framed-User r> Framed-Protocol = PPP r> User-Name = "rust" r> MS-CHAP-Challenge = 0x57f059a9234695cc18e4d76872562e67 r> MS-CHAP2-Response = 0x01001a4875d0fee41ae7e7d3f73ac484e78f292ed1a9b338633ff19c2f260e8a83e20bfa83de3f8624bb r> NAS-IP-Address = 127.0.0.1 r> NAS-Port = 1 r> modcall: entering group authorize r> modcall[authorize]: module "preprocess" returns ok r> modcall[authorize]: module "suffix" returns ok r> radius_xlat: 'rust' r> sql_escape in: 'rust' r> sql_escape out: 'rust' r> sql_set_user: escaped user --> 'rust' r> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'rust' ORDER BY id' r> rlm_sql: Reserving sql socket id: 4 r> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'rust' ORDER BY id r> radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND r> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' r> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND usergroup.GroupName r> = radgroupcheck.GroupName ORDER BY radgroupcheck.id r> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'rust' ORDER BY id' r> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'rust' ORDER BY id r> radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND r> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' r> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND usergroup.GroupName r> = radgroupreply.GroupName ORDER BY radgroupreply.id r> radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' r> SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC r> rlm_sql: Released sql socket id: 4 r> modcall[authorize]: module "sql" returns ok r> modcall[authorize]: module "mschap" returns ok r> modcall: group authorize returns ok r> rad_check_password: Found Auth-Type MS-CHAP r> auth: type "MS-CHAP" r> modcall: entering group authenticate r> modcall[authenticate]: module "mschap" returns reject r> modcall: group authenticate returns reject r> auth: Failed to validate the user. r> Delaying request 0 for 1 seconds r> Finished request 0 r> Going to the next request r> What wrong?? -- ~/ZARAZA Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html