bugs with rlm_sql and rlm_sql_oracle
Hello,
I have been having problems with freeradius 0.8 crashing for us
regularly.
First: we are using freeradius 0.8 with ldap authentication and sql
accounting to an oracle database. I can supply config files if
required.
At the moment the server crashes multiple times a day.
I *think* I have tracked down the problem.
If a user logs in with a username > 32 characters we have problems. The
column is VARCHAR2 32, and so the insert/update fails (fair enough).
First bug:
rlm_sql_oracle.c returns SQL_DOWN.
I believe it should return -1. SQL_DOWN should be for when the
connection fails.
This causes sql.c to try to reconnect.
Second bug:
In sql.c, the code (repeated multiple times but for eg in
rlm_sql_query):
ret = (inst->module->sql_query)(sqlsocket, inst->config, query);
if (ret == SQL_DOWN) {
if (connect_single_socket(sqlsocket, inst) < 0) {
radlog(L_ERR, "rlm_sql (%s): reconnect failed, database
down?", inst->config->xlat_name);
return -1;
}
ret = (inst->module->sql_query)(sqlsocket, inst->config, query);
Does not first disconnect the socket. For this reason the oracle login
etc does not get deleted - (inst->module->sql_close) is not called.
This is a leak and additional eventually uses up all our sql logins on
the server.
It would seem we cant just add sql_close_socket here because
sql_close_socket does other things (sem_destroy).
Does this make sense to people? I thought I would ask before trying to
fix it. Particularly for the first one I need to work out when to
return -1 and when SQL_DOWN.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Network User Authentication
Use PPTP for VPN. Make sure you have configured your NAS to support VPN and the user can dial to your NAS using IP address or host name. Chhai Frontier ISP Pty Ltd Internet access in any flavour Phone: +61 8 8241 5166 Fax: +61 8 8241 5123 Web: www.frontierisp.net.au -Original Message- From: jeevan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, 3 December 2002 5:09 PM To: [EMAIL PROTECTED] Subject: Network User Authentication Hi Can I use freeRadius for authenticating (non dialin) users who want to log into my network from internet .If so How to. With Regards jeevan
Network User Authentication
Hi Can I use freeRadius for authenticating (non dialin) users who want to log into my network from internet .If so How to. With Regards jeevan
Acct-Session-Id = negative
Dear all, Im not sure if this value is valid or not but I keep getting for acct-session-id a negative value. rad_recv: Accounting-Request packet from host 192.168.111.30:1604, id=38, length=41 User-Name = "test" Acct-Status-Type = Start Acct-Session-Id = "-640703" Also I get this error. I know Im meant to remove that attribute from previous postings but Im not sure how to? Do remove it from the c file then recompile sorry Im totally lost here. rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent Also with regrads to accounting I have tried to configure sql counter but am alittle confused. Can someone please provide a example table for radcheck. Because I want to set a maximum login session time but not sure where to set it in which table. I think its in radcheck but not 100% sure. Thanks in advance for the help Alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
porting freeradius on mips
Dear all, How do I configure if I want to porting freeradius into mips using mips toolchain. Or just use normal configure options and then modify the Makefile configure generated. -- Regard, Jeffery Huang iMining Technology Inc., 8F-4, No.432, Sec.1 Keelung Rd., Taipei,Taiwan Tel:886-2-27235122 ext 20 Fax:886-2-27232287 http://www.imining.com.tw email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Limiting number ports to groups of users
Was this ever answered? I too, need to limit the numbers of ports available to groups of users. I'm not using sql, and don't really want to. As I run different groups on different radius servers (all nas's talk to 1 radius proxy) can I limit using radutmp? There are no clear docs on this if it is true. Thanks, Graeme Message: 13 Date: Wed, 12 Jun 2002 18:22:49 +0200 (CEST) From: Daniel Marquez-Klaka <[EMAIL PROTECTED]> To: freeradius-users Mail-List <[EMAIL PROTECTED]> Subject: Re: port limitation Reply-To: [EMAIL PROTECTED] Hi again, but isn't Simultaneous-Use only taking care about same usernames ? What i want is to limit the usable ports per customer. To explain a bit better: I'm using mysql as backend for freeradius. There is ,of cause, the usergroup table: 1 user-1 group-1 2 user-2 group-1 3 user-3 group-1 4 user-4 group-2 5 user-5 group-2 ... what i wanna archieve is to limit the usable ports per group. i.e. group-1 can use up to 10 ports, group-2 up to 1000. or did i get something wrong, Daniel On Wed, 12 Jun 2002, Alan DeKok wrote: Daniel Marquez-Klaka <[EMAIL PROTECTED]> wrote: hmmm, but isn't it posible that radius keeps track about how many sessions are connected for a group or dialed number, and send back an access-reject if the limit is reached ? That's what Simultaneous-Use does. But it's not perfect. e.g. It relies on getting accounting packets from the NAS. If there's a problem, then the information on the RADIUS server disagrees with what's happening on the NAS. If you have one NAS, setting 'Port-Limit=1' is preferable to Simultaneous-Use. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(freeradius bug?) solved - now checkrad is working but freeradiusdont wait for its reply! (fwd)
changing the line in session.c
if ((child_pid <= 0) || (child_pid == pid)) {
to
if ((child_pid < 0) || (child_pid == pid)) {
solved the problem (since childpid was 0 always)
Was this a correct way to solve this problem???
Evren
-- Forwarded message --
Date: Tue, 3 Dec 2002 01:17:41 +0200 (WET)
From: Evren Yurtesen <[EMAIL PROTECTED]>
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: now checkrad is working but freeradius dont wait for its reply!
Now checkrad is working but freeradius doesnt wait for the result of
checkrad before authenticating! it passes it immediately almost in half a
second even though checkrad takes about 1 second to complete...
I am using freebsd, can that have something to do with it?
Evren
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
now checkrad is working but freeradius dont wait for its reply!
Now checkrad is working but freeradius doesnt wait for the result of checkrad before authenticating! it passes it immediately almost in half a second even though checkrad takes about 1 second to complete... I am using freebsd, can that have something to do with it? Evren - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need help with client.config !!
Hi all , I tried to get the freeradius to work with a CN3000 wireless router from Colubris Network , it has build in function to authenticate to a radius server . I got it to work in my entire LAN when I did an entry in the client.conf for the router`s static private IP address , but I don`t have any idea how to get the radius server to work to accept any IP address , private or public. I did a search in the list for hour`s and on the web and I must admit that I am a newbie to radius. Any help would be great and sorry for my bad english Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem Auth radius - cisco.
Hello. I'm new in the list, and in the use of radius. I'm trying that cisco's router logged in radius, but i have the following errors: rad_recv: Access-Request packet from host 192.168.0.3:1645, id=117, length=73 NAS-IP-Address = 192.168.0.3 NAS-Port = 3 NAS-Port-Type = Virtual User-Name = "jc" Calling-Station-Id = "192.168.0.34" User-Password = "\247\n\0245,\302|\304H\005\223\036\031\025\020" auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 133 to 216.72.7.3:1645 Waking up in 4 seconds... Somebody can say me, how to solved this problem. Thanks for you help. -- JC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
4-Octet VSAs
Hi, Does FreeRADIUS support 4-octet VSA? I need to support a Nortel 4-octet VSA CVX-PPP-VJEnabled (sub-attribute type = 2233533121). So, I added it to dictionary.aptis. When I ran FreeRADIUS as a proxy, it complained about this VSA with the error "Vendor specific attribute has invalid length". I checked radius.c and it seems like the code assumes a 1-byte Sub-Attribute Type or Vendor Type (except for USR) and consequently think the following byte is the Length byte. In this case the length is in the 5th octet, instead of the 2nd octet, after the Vendor ID. I commented out this part of logic to relax the checking, but I encountered some other problems. Does anyone have any idea how to make FreeRADIUS support 4-octet VSAs in proxy mode? Thanks. Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to turn off SNMP
User for Free Radius mail list <[EMAIL PROTECTED]> wrote: > SNMP is compiled into my binary but I do not wish to use it. In debug mode > I keep seeing messages like: > "Can't connect to SNMP agent with SMUX: Connection refused" > > Is there a way in the "radiusd.conf" file to turn off the SNMP agent? Grab the CVS snapshot from tomorrow, and give it a try. It should have snmp disabled by default, and you can enable it at run-time, if you care. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Realms configuration
Mike Varley <[EMAIL PROTECTED]> wrote: > Faster and more efficient aswell. How often is proxy information going > to change, really? And SIGHUPing FreeRADIUS is not a costly affair. If everything is going well, proxy information won't change that often. If you want to have multiple fail-over realms, then the proxy information changes on every proxied request. The server has to keep track of which realms are live, which aren't, and which was the last realm it used (for round-robin). > One solution we came up with was a compromise; changing proxy > information in the Database could trigger a re-write of the realms file, > and SIGHUP the FR server. The only problem here being that someone > *could* inadvertently change only the realms file, SIGHUP the process, > and be out of synch with the DB. That's not a serious issue, in my opinion. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Realms configuration
On Mon, 2002-12-02 at 14:58, Alan DeKok wrote: > Mike Varley <[EMAIL PROTECTED]> wrote: > > I would like to use a database (SQL?) to manage my realms, instead of > > the text files. The advantages are twofold: a unified repository for all > > my user data (ISP, IP Pools, local usernames) and the other benefit is I > > could add/remove realms w/o sending a SIGHUP to the radius proxy. > > That sounds reasonable. > > > Before I go and change the core components within the freeradius > > library, has anyone else implemented this type of system before, and > > have a better solution? Can I get this kind of behaviour through > > modules? (ie, do a DB lookup, and add the result to the local list if > > its not already in the list etc...) > > No, not really. > > The server needs a bunch of information for realms. Name, IP, port, > secret, alive/dead status, etc. > > It's just easier if the server manages those lists itself > internally, rather than doing DB calls all of the time. > Faster and more efficient aswell. How often is proxy information going to change, really? And SIGHUPing FreeRADIUS is not a costly affair. One solution we came up with was a compromise; changing proxy information in the Database could trigger a re-write of the realms file, and SIGHUP the FR server. The only problem here being that someone *could* inadvertently change only the realms file, SIGHUP the process, and be out of synch with the DB. Hmmm MV -- ~~~ Mike Varley -= SOMA Networks =- Tel: 416.977.1414 x1578 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius dont call checkrad
Hello, I went through the faq etc. but I dont know why freeradius dont call checkrad. I keep the session database on mysql (well if you got my previous message radutmp dont work somehow) What to check? =) It only denies the login attempts Evren - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy Realms configuration
Mike Varley <[EMAIL PROTECTED]> wrote: > I would like to use a database (SQL?) to manage my realms, instead of > the text files. The advantages are twofold: a unified repository for all > my user data (ISP, IP Pools, local usernames) and the other benefit is I > could add/remove realms w/o sending a SIGHUP to the radius proxy. That sounds reasonable. > Before I go and change the core components within the freeradius > library, has anyone else implemented this type of system before, and > have a better solution? Can I get this kind of behaviour through > modules? (ie, do a DB lookup, and add the result to the local list if > its not already in the list etc...) No, not really. The server needs a bunch of information for realms. Name, IP, port, secret, alive/dead status, etc. It's just easier if the server manages those lists itself internally, rather than doing DB calls all of the time. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy Realms configuration
Currently, FreeRADIUS uses text files to define realms for proxying requests. The files are parsed and put into a list at startup, and then the core libraries use this list during runtime to lookup realm information when proxying requests. I would like to use a database (SQL?) to manage my realms, instead of the text files. The advantages are twofold: a unified repository for all my user data (ISP, IP Pools, local usernames) and the other benefit is I could add/remove realms w/o sending a SIGHUP to the radius proxy. Before I go and change the core components within the freeradius library, has anyone else implemented this type of system before, and have a better solution? Can I get this kind of behaviour through modules? (ie, do a DB lookup, and add the result to the local list if its not already in the list etc...) Thoughts and opinions are welcome. Thank you! MV -- ~~~ Mike Varley -= SOMA Networks =- Tel: 416.977.1414 x1578 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
modcall[accounting]: module "radutmp" returns noop
I get this in debug output and freeradius dont update radutmp modcall[accounting]: module "radutmp" returns noop What might be the problem? Evren - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Defining local groups
Is it possible to setup user groups for users defined in users file. i.e. a seperate local groups file defining users against groups. I am using groups under mysql and system, but was wondering if this can be done for local users. I have had a look in the documentation and the O'Reilly book, but can not find any reference to this other than for /etc/groups, Mysql and LDAP. All the best and thanks, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/MD5 in Windows XP Problem..
hi tamer
read the EAP/MD5 FAQ.
the solution: get rid of the Reply-Message incuded by xlat in the
Challenge.
and by the way what's all this mess with the Framed-MTU?
greetings
artur
Tamer Demir wrote:
>
> After the radius server send the challenge, XP does not send respond and
> stays in the authentication state. Do you know any solution?
>
> I am doing both MAC address and user authantication, The Windows XP asks a
> user name and password when I wrote this, XP is stucks at authenticating
> state! (In the XP ptions I chosed MD5 challenge...)
>
> Config files:
>
> users:
> **
> #my user
> tamer Auth-Type := EAP, User-Password = "demir"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Routing = Broadcast-Listen,
> Framed-MTU = 1750,
> Framed-Compression = Van-Jacobsen-TCP-IP
>
> #Orinoco Card Cisca
> 00022d-034186 Auth-Type := Local, User-Password == "secret"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Routing = Broadcast-Listen,
> Framed-MTU = 1500,
> Framed-Compression = Van-Jacobsen-TCP-IP
> **
>
> radius.conf:
> **
> user = root
> group = root
> modules {
>unix {
> cache = yes
> cache_reload = 600
> passwd = /etc/passwd
> shadow = /etc/shadow
> group = /etc/group
> radwtmp = ${logdir}/radwtmp
> }
> eap {
> #default_eap_type = md5
> # Supported EAP-types
> md5 {
> }
> ..
> }
> authorize {
> eap
> preprocess
> files
> suffix
> }
> authenticate {
> eap
> unix
> }
> accounting {
> detail
> unix
> radutmp
>
> }
> session {
> radutmp
> }
> **
>
> Output:
>
> *
> Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Config: including file: /usr/local/etc/raddb/proxy.conf
> Config: including file: /usr/local/etc/raddb/clients.conf
> Config: including file: /usr/local/etc/raddb/snmp.conf
> Config: including file: /usr/local/etc/raddb/sql.conf
> main: prefix = "/usr/local"
> main: localstatedir = "/usr/local/var"
> main: logdir = "/usr/local/var/log/radius"
> main: libdir = "/usr/local/lib"
> main: radacctdir = "/usr/local/var/log/radius/radacct"
> main: hostname_lookups = no
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 0
> main: allow_core_dumps = no
> main: log_stripped_names = yes
> main: log_file = "/usr/local/var/log/radius/radius.log"
> main: log_auth = yes
> main: log_auth_badpass = yes
> main: log_auth_goodpass = yes
> main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
> main: user = "root"
> main: group = "root"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: checkrad = "/usr/local/sbin/checkrad"
> main: proxy_requests = yes
> proxy: retry_delay = 5
> proxy: retry_count = 3
> proxy: synchronous = no
> proxy: default_fallback = yes
> proxy: dead_time = 120
> proxy: servers_per_realm = 15
> security: max_attributes = 200
> security: reject_delay = 1
> security: status_server = no
> main: debug_level = 0
> read_config_files: reading dictionary
> read_config_files: reading naslist
> read_config_files: reading clients
> read_config_files: reading realms
> radiusd: entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded eap
> eap: default_eap_type = "md5"
> eap: timer_expire = 60
> rlm_eap: Loaded and initialized the type md5
> Module: Instantiated eap (eap)
> Module: Loaded preprocess
> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> preprocess: hints = "/usr/local/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded files
> files: usersfile = "/usr/local/etc/raddb/users"
> files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
> files: compat = "no"
> [/usr/local/etc/raddb/users]:90 WARNING! Changing 'User-Password =' to
> 'User-Password ==' ?for comparing RADIUS attribute in check item list for
> user tamer
> Module: Instantiated files (files)
> Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> Module: Instantiated realm (suf
EAP/MD5 in Windows XP Problem..
After the radius server send the challenge, XP does not send respond and
stays in the authentication state. Do you know any solution?
I am doing both MAC address and user authantication, The Windows XP asks a
user name and password when I wrote this, XP is stucks at authenticating
state! (In the XP ptions I chosed MD5 challenge...)
Config files:
users:
**
#my user
tamer Auth-Type := EAP, User-Password = "demir"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Routing = Broadcast-Listen,
Framed-MTU = 1750,
Framed-Compression = Van-Jacobsen-TCP-IP
#Orinoco Card Cisca
00022d-034186 Auth-Type := Local, User-Password == "secret"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Routing = Broadcast-Listen,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP
**
radius.conf:
**
user = root
group = root
modules {
unix {
cache = yes
cache_reload = 600
passwd = /etc/passwd
shadow = /etc/shadow
group = /etc/group
radwtmp = ${logdir}/radwtmp
}
eap {
#default_eap_type = md5
# Supported EAP-types
md5 {
}
..
}
authorize {
eap
preprocess
files
suffix
}
authenticate {
eap
unix
}
accounting {
detail
unix
radutmp
}
session {
radutmp
}
**
Output:
*
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = "/usr/local/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: servers_per_realm = 15
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded eap
eap: default_eap_type = "md5"
eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded files
files: usersfile = "/usr/local/etc/raddb/users"
files: acctusersfile = "/usr/local/etc/raddb/acct_users"
files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
files: compat = "no"
[/usr/local/etc/raddb/users]:90 WARNING! Changing 'User-Password =' to
'User-Password ==' ?for comparing RADIUS attribute in check item list for
user tamer
Module: Instantiated files (files)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded detail
detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = yes
unix: passwd = "/etc/passwd"
unix: shadow = "/etc/shadow"
unix: group = "/etc/group"
unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
HASH: Reinitializing hash structures and lists for caching...
HASH: user root found in hashtable bucket 11726
HASH: user bin found in hashtable bu
Re: One user with several Passwords / Configs
At 06:03 PM 12/2/2002 +0100, you wrote: Hi, i am plannung a radius setup for a cisco dialin router, where a dialin user can choose between different setups by using different passwords. Is a configuration like this valid for a freeradius server? - nutest Passwort = "pass1", NAS-IP-Adress = 192.168.0.2 Service-Type = "Framed-User" ... (configuration 1) nutest Passwort = "pass2", NAS-IP-Adress = 192.168.0.2 ... (configuration 2) --- Yes, the above config is correct. Simply change "Passwort" to "User-Password". As well, for the User-Password attribute, you need to change your operator to "==". Actually, on both check-items, change your operator to "==". Regards, Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
One user with several Passwords / Configs
Hi, i am plannung a radius setup for a cisco dialin router, where a dialin user can choose between different setups by using different passwords. Is a configuration like this valid for a freeradius server? - nutest Passwort = "pass1", NAS-IP-Adress = 192.168.0.2 Service-Type = "Framed-User" ... (configuration 1) nutest Passwort = "pass2", NAS-IP-Adress = 192.168.0.2 ... (configuration 2) --- I have no test setup yet to make a real life test yet. Thank you for your help, Matthias Lange -- Matthias Lange, Dipl.-Ing. (FH) NetUSE AG Dr.-Hell-Straße Fon: +49 431 38643500 http://www.netuse.de/ D-24107 Kiel, Germany Fax: +49 431 38643599 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Jason Lixfeld <[EMAIL PROTECTED]> wrote: > Sorry, I'm not quite sure what all this means so assuming the nas > doesn't roll over at 2GB, how much can FR support? 4GB? It should. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with Oracle backend
Tom Mulder <[EMAIL PROTECTED]> wrote: > I am getting some problems during compilation of freeradius with the > Oracle Backend. You can try deleting the problem line, or using the snapshot from tomorrow, I think I added a correct fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Sorry, I'm not quite sure what all this means so assuming the nas doesn't roll over at 2GB, how much can FR support? 4GB? On Mon, 2002-12-02 at 11:46, Alan DeKok wrote: > "Miquel van Smoorenburg" <[EMAIL PROTECTED]> wrote: > > RFC2866 > > > > integer 32 bit unsigned value, most significant octet first. > > Whoops, you're right. I should have checked the RFC's first. > > And the code for FreeRADIUS treats 'integer' type attributes as > unsigned ints, so I *doubly* should have clued in. > > Alan DeKok. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards, Jason A. LixfeldFastvibe Corporation Senior IP Network Engineer 220-156 Front St. W [EMAIL PROTECTED] Toronto, ON M5V-2L6 - tel://416.341.0099:223 fax://416.341.0088 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
"Miquel van Smoorenburg" <[EMAIL PROTECTED]> wrote: > RFC2866 > > integer 32 bit unsigned value, most significant octet first. Whoops, you're right. I should have checked the RFC's first. And the code for FreeRADIUS treats 'integer' type attributes as unsigned ints, so I *doubly* should have clued in. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
In article <[EMAIL PROTECTED]>, Alan DeKok <[EMAIL PROTECTED]> wrote: >Joost Hietbrink <[EMAIL PROTECTED]> wrote: >> Maybe your Cisco hardware supports RADIUS Extensions (RFC2869)? Then it >> would be possible to log the Acct-Input-Gigawords / Acct-Output-Gigawords >> attributes. > > Exactly. The 'Acct-Input-Octets' attributes is a 32-bit signed >integer, so it *can't* store numbers greater than 2G. RFC2866 integer 32 bit unsigned value, most significant octet first. ^^ 'lvalue' in include/libradius.h is also defined as uint32_t. So it should be able to store 4G-1 max in that. Mike. -- They all laughed when I said I wanted to build a joke-telling machine. Well, I showed them! Nobody's laughing *now*! -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Joost Hietbrink <[EMAIL PROTECTED]> wrote: > Maybe your Cisco hardware supports RADIUS Extensions (RFC2869)? Then it > would be possible to log the Acct-Input-Gigawords / Acct-Output-Gigawords > attributes. Exactly. The 'Acct-Input-Octets' attributes is a 32-bit signed integer, so it *can't* store numbers greater than 2G. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Missing some attributes from LDAP profile
Hi,
I set a freeradius (0.8) server which proxifies data to two others
freeradius servers. This servers use two LDAP servers to do
autorization and authentication.
I set a profile dn in the users attributes. And the strange thing is
that some attributes are not returned. For example I added several
attributes in the profile (radiusIdleTimeout, radiusCallbackId,
radiusFramedIPNetmask, radiusFramedIPAddress, radiusServiceType) and
there is only radiusIdleTimeout and radiusCallbackId that are returned.
All files are the default ones. I have all the mappings in the
ldap.attrmap file.
I don't understand why FR is not returning all the defined attributes;
or there is a place to define returned attributes and I missed it !
Thanks for any help.
The radiusd.conf contains:
ldap ldap1 {
server = "radclient1.umlnet"
basedn = "ou=users,ou=%{Realm},ou=clients,dc=umlnet"
filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
start_tls = no
tls_mode = no
profile_attribute = "radiusProfileDn"
dictionary_mapping = ${raddbdir}/ldap.attrmap
ldap_connections_number = 5
timeout = 5
timelimit = 5
net_timeout = 2
access_attr = "dialupAccess"
access_attr_used_for_allow = yes
}
ldap ldap2 {
-> the same on other radclient2.umlnet host
}
authorize {
suffix
autztype LDAP {
redundant {
ldap1
ldap2
notfound = return
}
}
files
}
authenticate {
authtype LDAP {
ldap1
ldap2
}
}
The users file only contains: DEFAULT Autz-Type := "LDAP"
Here is a part of the log:
modcall: entering group authorize
rlm_realm: Looking up realm raceme for User-Name = "u_0@raceme"
rlm_realm: Found realm raceme
rlm_realm: Adding Stripped-User-Name = "u_0"
rlm_realm: Proxying request from user u_0 to realm raceme
rlm_realm: Adding Realm = "raceme"
rlm_realm: Authentication realm is LOCAL.
rlm_realm: auth_port is not set. proxy cancelled
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 218
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
modcall: entering group autztype
modcall: entering group redundant
rlm_ldap: - authorize
rlm_ldap: performing user authorization for u_0
radius_xlat: '(uid=u_0)'
radius_xlat: 'ou=users,ou=raceme,ou=clients,dc=umlnet'
ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=users,ou=raceme,ou=clients,dc=umlnet,
with filter (uid=u_0)
rlm_ldap: checking if remote access for u_0 is allowed by dialupAccess
rlm_ldap: performing search in
cn=default,ou=profils,ou=raceme,ou=clients,dc=umlnet, with filter
(objectclass=radiusprofile)
rlm_ldap: Adding radiusIdleTimeout as Idle-Timeout, value 300 & op=11
rlm_ldap: Adding radiusCallbackId as Callback-Id, value 5 & op=11
rlm_ldap: Adding radiusFramedIPNetmask as Framed-IP-Netmask, value 7 &
op=11
rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 6 &
op=11
rlm_ldap: Adding radiusServiceType as Service-Type, value plop & op=11
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user u_0 authorized to use remote access
ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok
modcall: group redundant returns ok
modcall: group autztype returns ok
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
modcall: entering group authtype
rlm_ldap: - authenticate
rlm_ldap: login attempt by "u_0" with password "BigPass_0"
rlm_ldap: user DN: uid=u_0,ou=users,ou=raceme,ou=clients,dc=umlnet
rlm_ldap: (re)connect to radclient1.umlnet:389, authentication 1
rlm_ldap: bind as
uid=u_0,ou=users,ou=raceme,ou=clients,dc=umlnet/BigPass_0 to
radclient1.umlnet:389
rlm_ldap: waiting for bind result ...
rlm_ldap: user u_0 authenticated succesfully
modcall[authenticate]: module "ldap1" returns ok
modcall: group authtype returns ok
radius_xlat: '5'
Sending Access-Accept of id 2 to 192.168.45.20:1814
Idle-Timeout = 300
Callback-Id = "5"
Proxy-State = 0x31
Finished request 1
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Hi Steve, Maybe your Cisco hardware supports RADIUS Extensions (RFC2869)? Then it would be possible to log the Acct-Input-Gigawords / Acct-Output-Gigawords attributes. This should make it possible to account 2^32*2^32 bytes input and output traffic.?! For more info: http://www.freeradius.org/rfc/rfc2869.html Joost > Brian Johnson wrote: > > >If u were running freeradius in debug ;), u could see what was being > >received by the freeradius server and the insert query that was run to > >insert the data. > > > Yes, but if freeradius takes the packet and then truncates that packet > for the log to 2GB, then I'm still screwed. I'd need to analyze an > actual ethernet packet dump of the record coming in. > > What I'm now thinking of is the cisco "aaa accounting update periodic" > directive. Maybe that's a solver, although it's sure to build me some > BIG logs. Good thing I have a big DB server. > Has anyone used this command? Does data from one STOP record carry to > the next record, or is it cumulative? > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius with Oracle backend
Hi, I am getting some problems during compilation of freeradius with the Oracle Backend. Oracle and it's dev files are installed in /usr/local/oracle, /usr/lib, /usr/include The used version of freeradius is the latest snapshot, the oracle libs are version 8i, the system is running debian testing/unstable, with gcc version 2.95.4 20011002 (Debian prerelease). During compilation the following errors keep comming up: Making static in rlm_sql_oracle... make[11]: Entering directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql/drivers/rlm_sql_oracle' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../.. -I../../../../include -c sql_oracle.c -o sql_oracle.o In file included from /usr/include/ori.h:495, from /usr/include/oci.h:1656, from sql_oracle.c:15: /usr/include/ort.h:2647: warning: declaration of `version' shadows global declaration In file included from /usr/include/oci.h:1660, from sql_oracle.c:15: /usr/include/orl.h:3232: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3315: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3776: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3806: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3841: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3871: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3901: warning: declaration of `index' shadows global declaration /usr/include/orl.h:3936: warning: declaration of `index' shadows global declaration In file included from /usr/include/oci.h:1673, from sql_oracle.c:15: /usr/include/ociap.h:5561: warning: declaration of `index' shadows global declaration /usr/include/ociap.h:5565: warning: declaration of `index' shadows global declaration /usr/include/ociap.h:5913: warning: declaration of `version' shadows global declaration /usr/include/ociap.h:6307: warning: declaration of `index' shadows global declaration /usr/include/ociap.h:8855: warning: declaration of `timezone' shadows global declaration sql_oracle.c: In function `sql_select_query': sql_oracle.c:301: `SQLT_AFV' undeclared (first use in this function) sql_oracle.c:301: (Each undeclared identifier is reported only once sql_oracle.c:301: for each function it appears in.) make[11]: *** [sql_oracle.o] Error 1make[11]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql/drivers/rlm_sql_oracle' make[10]: *** [common] Error 1 make[10]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql/drivers' make[9]: *** [static] Error 2 make[9]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql/drivers' make[8]: *** [common] Error 1 make[8]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql' make[7]: *** [static] Error 2 make[7]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules/rlm_sql' make[6]: *** [common] Error 1 make[6]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules' make[5]: *** [all] Error 2 make[5]: Leaving directory `/root/freeradius-snapshot-20021202/src/modules' make[4]: *** [common] Error 1 make[4]: Leaving directory `/root/freeradius-snapshot-20021202/src' make[3]: *** [all] Error 2 make[3]: Leaving directory `/root/freeradius-snapshot-20021202/src' make[2]: *** [common] Error 1 make[2]: Leaving directory `/root/freeradius-snapshot-20021202' make[1]: *** [all] Error 2 make[1]: Leaving directory `/root/freeradius-snapshot-20021202' make: *** [build] Error 2 radius-harvester:~/freeradius-snapshot-20021202# With Regards, Tom Mulder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Brian Johnson wrote: If u were running freeradius in debug ;), u could see what was being received by the freeradius server and the insert query that was run to insert the data. Yes, but if freeradius takes the packet and then truncates that packet for the log to 2GB, then I'm still screwed. I'd need to analyze an actual ethernet packet dump of the record coming in. What I'm now thinking of is the cisco "aaa accounting update periodic" directive. Maybe that's a solver, although it's sure to build me some BIG logs. Good thing I have a big DB server. Has anyone used this command? Does data from one STOP record carry to the next record, or is it cumulative? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: broadband account
If u were running freeradius in debug ;), u could see what was being received by the freeradius server and the insert query that was run to insert the data. I know, that doesn't help. Brian J. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Steve Cole > Sent: Tuesday, December 03, 2002 9:31 AM > To: [EMAIL PROTECTED] > Subject: Re: broadband account > > > > > > > >Is the NAS sending correct values to radius, which radius is > dropping? > > > Without a packet analyzer, I don't know yet. > > The value of the integer under my current server is unsigned > long, but > it's registering 2GB max (unsigned long is 4GB if memory serves?) > > Thus, my confusion. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Is the NAS sending correct values to radius, which radius is dropping? Without a packet analyzer, I don't know yet. The value of the integer under my current server is unsigned long, but it's registering 2GB max (unsigned long is 4GB if memory serves?) Thus, my confusion. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
02-Dec-02 at 09:24, Brian Johnson ([EMAIL PROTECTED]) wrote : > If you are storing the data in a DB, you prolly need to modify the field > type to accept a larger number. Otherwise, I'm not sure. :( > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]] On Behalf Of > > Steve Cole > > Sent: Tuesday, December 03, 2002 9:14 AM > > To: [EMAIL PROTECTED] > > Subject: broadband account > > > > > > How are people doing broadband accounting using freeradius? Is there > > support for an AcctOutputOctets value of larger than 2GB? I'm having > > this problem with another radius product and am looking at > > freeradius as > > a replacement, but 3.5Mbps DSL lines easily eat up 2GB worth > > of data in > > no time flat, and radius is dropping everything after 2GB at present. This depends on the NAS. If it doesn't supply radius with the correct value, then the accounting will be wrong. I'm not sure this is a limitation of freeradius or the NAS/DHCP server that authenticates through radius. Is the NAS sending correct values to radius, which radius is dropping? I think freeradius uses an integer value, I don't know how many bytes that allows in standard C code... I am not a C programmer. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: broadband account
Brian Johnson wrote: If you are storing the data in a DB, you prolly need to modify the field type to accept a larger number. Otherwise, I'm not sure. :( I'm storing it in MySQL. There's no problem with assigning the field to BIGINT but the software itself will truncate the number to 2GB with my current radius. From looking at the freeradius SQL schema, the field is set to INT(12), identical to my current server. I'm hoping that others are having this trouble. I'm really not sure how to deal with it, or even if the Cisco 7204 I'm using is sending a number over 2GB. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: broadband account
If you are storing the data in a DB, you prolly need to modify the field type to accept a larger number. Otherwise, I'm not sure. :( Brian J. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Steve Cole > Sent: Tuesday, December 03, 2002 9:14 AM > To: [EMAIL PROTECTED] > Subject: broadband account > > > How are people doing broadband accounting using freeradius? Is there > support for an AcctOutputOctets value of larger than 2GB? I'm having > this problem with another radius product and am looking at > freeradius as > a replacement, but 3.5Mbps DSL lines easily eat up 2GB worth > of data in > no time flat, and radius is dropping everything after 2GB at present. > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
broadband account
How are people doing broadband accounting using freeradius? Is there support for an AcctOutputOctets value of larger than 2GB? I'm having this problem with another radius product and am looking at freeradius as a replacement, but 3.5Mbps DSL lines easily eat up 2GB worth of data in no time flat, and radius is dropping everything after 2GB at present. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Authentication
use PPTP instead , man pptpd, this is not a radius question On Mon, 2 Dec 2002, jeevan wrote: > Hi > > I would like to know if free-radius can be used for the following scenario > > I want to allow users after authentication to use my network resource after > authetication with freeradius(mysql).The freeradius just authenticates the user and >allows him access to my network .But the user has already a valid ip and wants to >connect my network from the internet.. > > User on the internet--->(My Network)|PIX Firewall-->FreeRadius Server-->My >Server(destination to reach) > (has a valid IP) | (Mysql) > | > > > With Regards > Jeevan Hegde > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User Authentication
Hi I would like to know if free-radius can be used for the following scenario I want to allow users after authentication to use my network resource after authetication with freeradius(mysql).The freeradius just authenticates the user and allows him access to my network .But the user has already a valid ip and wants to connect my network from the internet.. User on the internet--->(My Network)|PIX Firewall-->FreeRadius Server-->My Server(destination to reach) (has a valid IP) | (Mysql) | With Regards Jeevan Hegde
Re: wishlist (deadtimer)
At 02:52 PM 11/28/2002 +0200, you wrote: Angelos Karageorgiou wrote: Well here is my wish , when the proxy module decides to mark a server as dead , it should mark the pair (server:port) not the server as an entity . This way if a GRIC server is not reponding in time another radius server , authenticating local hosts will not be marked dead. Any ideas on where I could start looking into the code ? Another idea is to have some servers never marked as dead. BTW where is the load balancing configuration DOCs? The best place for the load balancing docs is /path/to/src/radiusd/raddb/proxy.conf. I ma proxying for a server that is authenticating both for NULL realm and another domain call it users.gr what is happening that this server sometimes loses packets so freeradius is marking it as dead. The server is still ok and keeps sending packets but they are not credited to the NULL realm which is by far the hugest! They are creditted to the USERS.GR domain which is activated upon receipt of a packet in the rad_recv functionThe solution was easy fix realm_findbyaddr to NOT stop at the first realm it finds , but to go through ALL the realms and activate those for which the originating server is active Net result : flip flopping of the primary and secondary radius dropped to zilch !! You may want to try increasing your retry_count to prevent the server from being marked dead too early (note: you may need to increase your current max_request_time setting after making such a change). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: simple radtest
Hello The problem is solved. Problem was in username in "users" file. when I used "mario" instead mario radtest connected succesfully. regards Mariusz Bozewicz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: simple radtest
Hi Mariusz:
Please configure access from localhost in the
clients.conf file. You can test to make sure RADIUS
is configured properly. Add:
client 127.0.0.1 {
secret = test
shortname = localhost
}
--- ww <[EMAIL PROTECTED]> wrote:
> Hello
> I have the problem with simple test. My
> configuration of freeradius:
> in "users" file:
>
> mario Auth-Type:=Local,
> User-Password="mario"
> Reply-Message= "Hello durna palo"
>
> in "clients" file:
> localhost testing123
>
> in "naslist" file:
> localhost local portslave
>
> radiusd -X -f displays:
>
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
> acct_unique: key = "User-Name, Acct-Session-Id,
> NAS-IP-Address,
> Client-IP-Address, NAS-Port-Id"
> Module: Instantiated acct_unique (acct_unique)
> Module: Loaded detail
> detail: detailfile =
>
"/home/plachnina/freerad/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
> detail: detailperm = 384
> detail: dirperm = 493
> detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
> radutmp: filename =
> "/home/plachnina/freerad/log/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Listening on IP address *, ports 1812/udp and
> 1813/udp, with proxy on
> 1814/udp.
> Ready to process requests.
>
> [plachnina@matrix raddb]$ ~/freerad/bin/radtest
> mario mario localhost:1812
> 1900 testing123
> Sending Access-Request of id 151 to 127.0.0.1:1812
> User-Name = "mario"
> User-Password =
> "\005\021A\245`\370r\343\002\240\201t\327M\327\005"
> NAS-IP-Address = matrix.pb.bialystok.pl
> NAS-Port = 1900
> rad_recv: Access-Reject packet from host
> 127.0.0.1:1812, id=151, length=20
>
>
> and radiusd displays:
> rad_recv: Access-Request packet from host
> 127.0.0.1:32770, id=151, length=57
> User-Name = "mario"
> User-Password = "mario"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 1900
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> rlm_chap: Could not find proper Chap-Password
> attribute in request
> modcall[authorize]: module "chap" returns noop
> modcall[authorize]: module "mschap" returns
> notfound
> rlm_realm: No '@' in User-Name = "mario",
> looking up realm NULL
> rlm_realm: No such realm NULL
> modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 213
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
> auth: No authenticate method (Auth-Type)
> configuration found for the
> request: Rejecting the user
> auth: Failed to validate the user.
> Delaying request 0 for 1 seconds
> Finished request 0
>
> I suppose radiusd has problem with
> Auth-Type:=local. What may be wrong?
>
> regards
> Mariusz Bozewicz
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
simple radtest
Hello
I have the problem with simple test. My configuration of freeradius:
in "users" file:
mario Auth-Type:=Local, User-Password="mario"
Reply-Message= "Hello durna palo"
in "clients" file:
localhost testing123
in "naslist" file:
localhost local portslave
radiusd -X -f displays:
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/home/plachnina/freerad/log/radacct/%{Client-IP-Address}/detail-%Y%m%d"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = "/home/plachnina/freerad/log/radutmp"
radutmp: username = "%{User-Name}"
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
[plachnina@matrix raddb]$ ~/freerad/bin/radtest mario mario localhost:1812
1900 testing123
Sending Access-Request of id 151 to 127.0.0.1:1812
User-Name = "mario"
User-Password = "\005\021A\245`\370r\343\002\240\201t\327M\327\005"
NAS-IP-Address = matrix.pb.bialystok.pl
NAS-Port = 1900
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=151, length=20
and radiusd displays:
rad_recv: Access-Request packet from host 127.0.0.1:32770, id=151, length=57
User-Name = "mario"
User-Password = "mario"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1900
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_chap: Could not find proper Chap-Password attribute in request
modcall[authorize]: module "chap" returns noop
modcall[authorize]: module "mschap" returns notfound
rlm_realm: No '@' in User-Name = "mario", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 213
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
I suppose radiusd has problem with Auth-Type:=local. What may be wrong?
regards
Mariusz Bozewicz
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
