Re: dialup_admin user_finger.php3 can not display user ip addr

[Kostas Kalevras]

On Thu, 5 Jun 2003, alantu wrote:

 dialup_admin user_finger.php3 can not display user ip addr

So, check that the nas is sending the user ip in the accounting start. A lot of
times it will not (for instance in cisco access servers you either need to
enable accounting updates or delayed accounting starts).



 alantu
 [EMAIL PROTECTED]
 2003-06-05



 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius 0.8.1 -- Login-Time

[Alex Nazarov]

Hello, freeradius-users.

some strange things about Login-Time in 0.8.1. is it my fault or ...?

1. first attempt
current time: 1720
Login-Time = Any1000-1800

failure (yes, it complaints about time)

2. second attempt
current time: 1721

Login-Time = Any1000-1759

success

-- 
Best regards,
 Alex


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius 0.8.1 -- Login-Time

[Mustafa N. deeb]

can u attach some debug messages?


- Original Message -
From: Alex Nazarov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, June 05, 2003 10:57 AM
Subject: freeradius 0.8.1 -- Login-Time


 Hello, freeradius-users.

 some strange things about Login-Time in 0.8.1. is it my fault or ...?

 1. first attempt
 current time: 1720
 Login-Time = Any1000-1800

 failure (yes, it complaints about time)

 2. second attempt
 current time: 1721

 Login-Time = Any1000-1759

 success

 --
 Best regards,
  Alex


 -
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: freeradius 0.8.1 -- Login-Time

[Alex Nazarov]

Hello, Mustafa.

MNd can u attach some debug messages?

i cannot replay the things like they was - this time login is allowed.
configuration is not changed, but one message from log file tells
(imho) about problem:

Mon Jun  2 17:16:26 2003 : Auth: Outside allowed timespan (time
allowed 1000-1800): [user1/pass1] (from client nas1 port 0 cli 192.168.0.1)

 some strange things about Login-Time in 0.8.1. is it my fault or ...?

 1. first attempt
 current time: 1720
 Login-Time = Any1000-1800
 failure (yes, it complaints about time)

 2. second attempt
 current time: 1721

 Login-Time = Any1000-1759
 success

-- 
 ,
 Alex  mailto:[EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: freeradius ldap and chap authentication problems

[Tjeerd Bos]

Title: RE: freeradius ldap and chap authentication problems 






something is not ok yet:


radiusd.conf:

 ldap {

 Auth-Type := LDAP

 server = ldap.gemnet.nl

 identity = cn=directory manager

 password = dirmgr12

 basedn = c=NL

 filter = (uid=%{Stripped-User-Name:-%{User-Name}})

 start_tls = no

 tls_mode = no

 profile_attribute = radiusProfileDn

 dictionary_mapping = ${raddbdir}/ldap.attrmap

 password_attribute = userPassword

 password_header = {clear}

 ldap_connections_number = 5

 timeout = 4

 timelimit = 3

 net_timeout = 1

 }

skip

authorize {

 preprocess

 ldap {

 notfound = return

 }

 chap

 sql

}

authenticate {

 authtype CHAP {

 chap

 }

}



Radius.log after dial-in:

rad_recv: Access-Request packet from host 172.25.108.209:1814, id=21, length=133

 NAS-IP-Address = 172.28.192.1

 NAS-Port = 5

 NAS-Port-Type = Virtual

 User-Name = [EMAIL PROTECTED]

 Called-Station-Id = 578750011

 Calling-Station-Id = 555778822

 CHAP-Password = 0x6da696ba2e24f6b98e7875851e1b02b55f

 Service-Type = Framed-User

 Framed-Protocol = PPP

 Proxy-State = 0x313435

 CHAP-Challenge = \352\362\221\202\333O{' \341\270\345^33

modcall: entering group authorize

 hints: Matched DEFAULT at 63

 modcall[authorize]: module preprocess returns ok

rlm_ldap: - authorize

rlm_ldap: performing user authorization for tjeerd

radius_xlat: '(uid=tjeerd)'

radius_xlat: 'c=NL'

ldap_get_conn: Got Id: 0

rlm_ldap: attempting LDAP reconnection

rlm_ldap: (re)connect to ldap.gemnet.nl:389, authentication 0

rlm_ldap: bind as cn=directory manager/dirmgr12 to ldap.gemnet.nl:389

rlm_ldap: waiting for bind result ...

rlm_ldap: performing search in c=NL, with filter (uid=tjeerd)

rlm_ldap: Password header not found in password {SSHA}J+fitIGC+3np1EKD3PFs/y04OAT9KBNEES2ZQA== for user tjeerd

rlm_ldap: looking for check items in directory...

rlm_ldap: Adding userPassword as User-Password, value {  op=21

rlm_ldap: looking for reply items in directory...

rlm_ldap: user tjeerd authorized to use remote access

ldap_release_conn: Release Id: 0


Tjeerd


 -Original Message-

 From: Kostas Kalevras [mailto:[EMAIL PROTECTED]]

 Sent: woensdag 4 juni 2003 22:35

 To: [EMAIL PROTECTED]

 Subject: RE: freeradius ldap and chap authentication problems 

 

 

 On Tue, 3 Jun 2003, Tjeerd Bos wrote:

 

  Tjeerd Bos [EMAIL PROTECTED] wrote:

   rlm_chap: login attempt by tjeerd with CHAP password

  bip=C2v!?=F1?e=E7?= 5??=FA=E4

   rlm_chap: Using clear text password { for user tjeerd 

 authentication.

  

   !!!

 

 ok, without looking at your rlm_ldap config i can bet that 

 you have configured

 the password_header directive wrong. Fix it and it will work.

 

   rlm_chap: Pasword check failed

  Does that make ANY sense? Alan DeKok.

 

  When I use sql authentication with authentication protocol 

 chap in stead of

  ldap authentication it's working fine.

  In ldap the passwords are stored in clear text.

  The problem is that the incoming request at the ggaaa 

 server is a chap

  challenge. It is not possible to reconstruct the password 

 in clear text from

  this challenge. The ldap authentication will fail.

  When I use the radtest command on the bbaaa server the 

 password is in clear

  text. With this clear text password the authentication to 

 ldap is ok.

 

 

  with regards,

 

  Tjeerd Bos

 

 

  PinkRoccade Infrastructure Services

  Trusted Services

  Apeldoorn

 

 

 --

 Kostas Kalevras  Network Operations Center

 [EMAIL PROTECTED] National Technical University of Athens, Greece

 Work Phone:  +30 210 7721861

 'Go back to the shadow' Gandalf

 

 - 

 List info/subscribe/unsubscribe? See 

 http://www.freeradius.org/list/users.html

 

Re: Re: FreeRadius with Mysql under Solaris can't work

Hi Zasp,

   Do you get the rlm_sql_mysql.so? If not, please recompile your freeRadius project 
with configure --enable-static. By default, freeRadius use the shared library. Or, 
you can try to use the environment variable LD_PRELOAD=/path/your/rlm_sql_mysql.


Jeson
[EMAIL PROTECTED]
2003-06-06


Thanks again.
I have check the Makefile in rlm_sql_mysql directory. It says:
   TARGET = rlm_sql_mysql
   SRCS   = sql_mysql.c
And rlm_sql_mysql.a  rlm_sql_mysql.la are both generated.

So I think it's not my fault to configure the project.

Hi Zasp,

 Yes. When you do make, there are no error were report, but look=
 through the information, you will find make do nothing with=
 rlm_sql_mysql. And the TARGET entry in Makefile in the=
 correspond directory is empty. If your configure find the head=
 file and shared library, this entry will be filled with=
 rlm_sql_mysql.

 Please check it.
=09

   Jeson
[EMAIL PROTECTED]
=A1=A12003-06-05

If I remember correctly the development package for MySQL that=
 comes from sunfreeware puts the files in the wrong location for=
 freeradius to look for them.  You can specify the location of=
 the files or you can download the source and install from that.=
 Solaris 8 and 9 fixed the location problem without having ro=
 specify.

Gene Parks
VIP Direct

-Original Message-
From: [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 8:49 AM
To: [EMAIL PROTECTED]
Subject: Re: FreeRadius with Mysql under Solaris can't work


Thanks to Jeson.

The MYSQL package is downloaded from sunfreeware and installed=
 directly by pkgadd command. I am sure there are development=
 header and lib included. Files in the lib directory are as=
 follows:
=09=09libdbug.a  libmygcc.a  libmysqlclient.a  libmysqlclient_r.a
=09=09libmystrings.a libmysys.a

By the way, I had ever compiled and installed mysql 3.23.52 from=
 source package.

When I do install freeradius with configure, make and make=
 install, there is no error reported. So I don't think it's the=
 reason.

Am I right?

Best,
=09Zasp

Hi,

  Please make sure you have the MySQL development package,=
 FreeRADIUS
 compile the rlm_sql_mysql module need the include file from=
 MySQL
 development package.

  Enjoy it!=09

  =1B$B!!=1B(J  =1B$B!!=1B(JJeson


Hi,all
=09I want to use freeradius with mysql support under Solaris=
 sparc 2.7.
I meet the same
problem as many newbies when I start radiusd:

=09rlm_sql (sql): Could not link driver rlm_sql_mysql: file not=
 found
=09rlm_sql (sql): Make sure it (and all its dependent=
 libraries!) are in the search path of your system's ld.
=09radiusd.conf[14]: sql: Module instantiation failed.

=09All methods have been tried but failed. MySQL is working=
 well.=3D  I
try to compile freeradius under gcc 3.2.3 as FAQ says=
 configure
--disable-shared,  or set proper LD_LIBRARY_PATH variable, or=
 copy
the dynamic lib files to /usr/lib. But the problem keeps=
 here.

=09When I do use rlm_unix not rlm_sql_mysql for authentication,=
 it works
well.
  I have been confused for several days. Maybe anyone can help=
 me?  Thanks :)




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html







-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Where to specify Pool-Name for mixed fixed/dynamic IP profiles

[Paul Hampson]

On Tue, Jun 03, 2003 at 10:21:54AM +0200, Jonathan Ruano wrote:
 I'm migrating my old user database to FreeRadius SQL format. Added
 GroupName fields to some tables and modified queries, but that's 
 another story.
 
 I've defined ippools for several realms, so that normal, IP-dynamic
 profiles are assigned IPs from those pools, like:
 
 radcheck:
 - userdyn Password == secretdyn
 - user01 Password == secret01
 - user02 Password == secret02
 
 radgroupcheck:
 - domain01 Auth-Type := Local
 - domain01 Pool-Name := domain01_pool
 
 radgroupreply:
 - domain01 Service-Type := Framed-User
 - domain01 Framed-Protocol := PPP
 - domain01 Framed-IP-Netmask := 255.255.255.255
 
 Provided that I have several profiles within this domain 
 which have fixed IP address:
 
 radreply:
 - user01 Framed-IP-Address := 1.2.3.4
 - user02 Framed-IP-Address := 1.2.3.5
 
 Will dynamic ip address be allocated (although not 
 actually used)? 
 
 Shall I define Pool-Name in radcheck for every dynamic-ip 
 profile instead?
 
 radcheck:
 - userdyn Password == secretdyn
 - userdyn Pool-Name := domain01_pool
 
 Thanks for your comments, opinions, etc :)
 Jon

If I understand correctly, you want the users in domain01 group
to get Dynamic IPs except users user01 and user02?

If you're using a recent CVS snapshot, rlm_ippool has gained
an override option where you can tell it to either override a
Framed-IP-Address or be overridden by a Framed-IP-Address. The
default behaviour before that was to be overridden by a
Framed-IP-Address, so I think it would work like you want either way.

--
Paul TBBle Hampson on an alternate email client.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius with Mysql under Solaris can't work

Thanks to Jeson.

The MYSQL package is downloaded from sunfreeware and installed directly by pkgadd 
command.
I am sure there are development header and lib included. Files in the lib directory 
are as follows:
libdbug.a  libmygcc.a  libmysqlclient.a  libmysqlclient_r.a
libmystrings.a libmysys.a

By the way, I had ever compiled and installed mysql 3.23.52 from source package. 

When I do install freeradius with configure, make and make install,
there is no error reported. So I don't think it's the reason. 

Am I right?

Best,
Zasp

Hi,

  Please make sure you have the MySQL development package, FreeRADIUS compile the 
 rlm_sql_mysql module need the include file from MySQL development package.

  Enjoy it!

Jeson


Hi,all
  I want to use freeradius with mysql support under Solaris sparc 2.7. I meet 
 the same 
problem as many newbies when I start radiusd:

  rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
  rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the 
 search path of your system's ld.
  radiusd.conf[14]: sql: Module instantiation failed. 

  All methods have been tried but failed. MySQL is working well.=
 I try to compile freeradius under gcc 3.2.3 as FAQ says configure 
 --disable-shared, 
 or set proper LD_LIBRARY_PATH variable, or copy the dynamic lib files to /usr/lib. 
 But the problem keeps here. 

  When I do use rlm_unix not rlm_sql_mysql for authentication, it works well. 
  I have been confused for several days. Maybe anyone can help me?  Thanks :)




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP/MD5 and ldap

[pahartmann]

Hello,

I want to use EAP/MD5 andLdap. EAP/MD5 config 
is ok, but ldap config is not Ok.
Have you got example of radiusd.conf, users for 
EAP/MD5 and Ldap.

Thanks,

RE: FreeRadius with Mysql under Solaris can't work

[Gene Parks]

If I remember correctly the development package for MySQL that comes from sunfreeware 
(Bputs the files in the wrong location for freeradius to look for them.  You can specify 
(Bthe location of the files or you can download the source and install from that. 
(BSolaris 8 and 9 fixed the location problem without having ro specify.
(B
(BGene Parks
(BVIP Direct
(B
(B-Original Message-
(BFrom: [mailto:[EMAIL PROTECTED] 
(BSent: Wednesday, June 04, 2003 8:49 AM
(BTo: [EMAIL PROTECTED]
(BSubject: Re: FreeRadius with Mysql under Solaris can't work
(B
(B
(BThanks to Jeson.
(B
(BThe MYSQL package is downloaded from sunfreeware and installed directly by pkgadd 
(Bcommand. I am sure there are development header and lib included. Files in the lib 
(Bdirectory are as follows:
(Blibdbug.a  libmygcc.a  libmysqlclient.a  libmysqlclient_r.a
(Blibmystrings.a libmysys.a
(B
(BBy the way, I had ever compiled and installed mysql 3.23.52 from source package. 
(B
(BWhen I do install freeradius with configure, make and make install, there is no error 
(Breported. So I don't think it's the reason. 
(B
(BAm I right?
(B
(BBest,
(BZasp
(B
(BHi,
(B
(B  Please make sure you have the MySQL development package, FreeRADIUS 
(B compile the rlm_sql_mysql module need the include file from MySQL 
(B development package.
(B
(B  Enjoy it!
(B
(B  $B!!(J  $B!!(JJeson
(B
(B
(BHi,all
(B  I want to use freeradius with mysql support under Solaris sparc 2.7. 
(BI meet the same
(Bproblem as many newbies when I start radiusd:
(B
(B  rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
(B  rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the 
(B search path of your system's ld.
(B  radiusd.conf[14]: sql: Module instantiation failed.
(B
(B  All methods have been tried but failed. MySQL is working well.=  I 
(Btry to compile freeradius under gcc 3.2.3 as FAQ says "configure 
(B--disable-shared",  or set proper LD_LIBRARY_PATH variable, or copy 
(Bthe dynamic lib files to /usr/lib. But the problem keeps here.
(B
(B  When I do use rlm_unix not rlm_sql_mysql for authentication, it works 
(Bwell.
(B  I have been confused for several days. Maybe anyone can help me?  Thanks :)
(B
(B
(B
(B
(B- 
(BList info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(B
(B- 
(BList info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

archive search

[Mauro]

Is there a way to search a particular argument in the freeradius archive
list, as the only fields available are INDEX  DATE ???
Cheers


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

LDAP Fall-Through?

[Mike Sturdee]

Is there an LDAP equivelant of using the users file Fall-Through
attribute?


-Mike
Network Engineer
Pathway Internet Services

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

copy accounting to second server

[Josh Howlett]

What's the easiest way to copy accouting packets to a second server,
without using radrelay?

tia, josh.

-- 
---
Josh Howlett, Networking  Digital Communications,
Information Systems  Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]

---


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Attribute Password

[philippe.broussard]

Hi,


Here is my problem :

if an user in LDAP have many passwords 
(example : Jean Marie DUPOND 
passwordCISCO : toto
passwordVPN : titi)
can I indicate to Radius to take a specific password when Radius do
a LDAP's request

Example :   if DUPOND want authenticate to a CISCO router, Radius
must be use the attribute containing passwordCISCO

  if he want authenticate to a VPN, Radius must be
use the the attribute containing passwordVPN


I tried the directive in radiusd.conf : attribute_password  in ldap
module to specify another attribute instead of attribute userPassword

Example : attribute_password = cn

But if I want authenticate an user, I receive an ACCESS-REJECT


An idea ??  


Here is an answer that I have received :

You can not do what you want to do.  The password is the password.  You
can not have multiple  passwords un the customer record it just doesn't
work like that.  If you are looking to have multiple passwords or be
able to authenticate to a different device with a different password
then you are going to need a new entry in LDAP under a different tree
and an entirely different radius server to query it.


It's wrong or right ?



Philippe


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius - DLINK DWL-900+ - 802.1.X

[Mauricio Rocael García Ocaña]

What is your ap?, you set up the eap and wep key, in the cisco 1200 ap this
is import.

att.
Mauricio
- Original Message -
From: Pascal PELONI [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, June 03, 2003 9:24 AM
Subject: Re: FreeRadius - DLINK DWL-900+ - 802.1.X


 I forget to say that :

 1. the authentication works well with radtest !

  $ radtest tst1 pp 127.0.0.1 1 test
  Sending Access-Request of id 68 to 127.0.0.1:1812
  User-Name = tst1
  User-Password =
 \323\366\273\363\371Z\250]\231(w\265?\346G\253
  NAS-IP-Address = localhost
  NAS-Port = 1
 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=68, length=20

 2. with my AP I have the following output in radius.log :

  Auth: Login incorrect: [pelo/no User-Password
attribute]

 Thanks.

 At 16:58 03/06/2003 +0200, you wrote:
 I've already read the FAQ and the README's, but it still doesn't work.
 
 Here is part of my config :
 
 radiusd.conf
 
 modules {
  eap {
  default_eap_type = md5
  md5 {
  }
  }
 }
 
 authorize {
  eap
 }
 
 authenticate {
  eap
 }
 
 client.conf
 ---
 client localhost {
  secret  = test
  nastype = other
  shortname   = test
 }
 
 huntgroups
 --
 TESTNAS-IP-Address == 127.0.0.1, NAS-Port-Id == 0-3
 
 users
 -
 DEFAULT Huntgroup-Name == TEST
  Framed-IP-Address = 192.168.1.11+
 
 tst1User-Password == pp
 
 tst2Auth-Type := Local, User-Password == pp
 
 Could someone help ?
 
 Thanks, PP.
 
 
 
 At 09:31 30/05/2003 -0400, you wrote:
 Pascal PELONI [EMAIL PROTECTED] wrote:
   The problem is that when I try to authenticate with my AP  W2K, it
  doesn't
   work :
  
   # less /var/log/radius.log
   Thu May 29 18:17:07 2003 : Auth: Login incorrect: [aa/no
User-Password
   attribute] (from client ap-wlan port 0 cli 00-40-05-CB-AD-7C)
 
Read the FAQ and the README's.
 
Read the FAQ and the README's.
 
Read the FAQ and the README's.
 
Read the FAQ and the README's.
 
 
Did I mention I *really* meant that you should read the FAQ and the
 README's?
 
Alan DeKok.
 
 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)

[pcsd]

Hi,

I am using freeradius-snapshot from March 11, 2003.
I have EAP/TLS working.
Question I have, is there a way to limit the number of attempts a user
has to log in the server?  Let's say, after three attempts, that user
gets locked out for an hour.

Keep up the great work!

Thanks

Sign up today for your Free E-mail at: http://www.canoe.ca/CanoeMail 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP/MD5 and ldap

[Mauricio Rocael García Ocaña]

please send me the configs files, users, 
radius.conf clients, 
thanks
regards.

Mauricio

  - Original Message - 
  From: 
  [EMAIL PROTECTED] 
  To: [EMAIL PROTECTED] 
  
  Sent: Sunday, May 04, 2003 7:23 AM
  Subject: EAP/MD5 and ldap
  
  Hello,
  
  I want to use EAP/MD5 andLdap. EAP/MD5 
  config is ok, but ldap config is not Ok.
  Have you got example of radiusd.conf, users for 
  EAP/MD5 and Ldap.
  
  Thanks,

Re: archive search

[Alexander M. Pravking]

On Wed, Jun 04, 2003 at 04:03:25PM +0200, Mauro wrote:
 Is there a way to search a particular argument in the freeradius archive
 list, as the only fields available are INDEX  DATE ???

There were searchable FreeRADIUS archives at
http://www.mail-archive.com/[EMAIL PROTECTED]/
but they're down currently due to 'technical problems'...

-- 
Fduch M. Pravking

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Multiple attributes

[Kostas Kalevras]

On Wed, 4 Jun 2003, Gene Parks wrote:

 I am using freeradius snapshot 20030603 and the server comes up fine and will 
 authenticate.  The problem I have is now the server will not return multiple values 
 for one attribute.  I have 3 other servers running 0.8.1 and they will return the 
 attributes correctly.

 The log says this

 @40003edd845e18c408d4 ldap_get_conn: Got Id: 0
 @40003edd845e18c41874 rlm_ldap: performing search in ou=premiernet.2dial.com, 
 o=dcconnex.net, with filter (uid=dctichenor)
 @40003edd845e19cdd7b4 rlm_ldap: Added password  in check items
 @40003edd845e19ce0a7c rlm_ldap: looking for check items in directory...
 @40003edd845e19ce21ec rlm_ldap: Adding chappassword as Chap-Password, value   
 op=21
 @40003edd845e19ce412c rlm_ldap: looking for reply items in directory...
 @40003edd845e19ce589c rlm_ldap: Adding X-Ascend-Idle-Limit as
 X-Ascend-Idle-Limit, value 600  op=11
 @40003edd845e19ce7bc4 rlm_ldap: Adding X-Ascend-maximum-Time as
 X-Ascend-Maximum-Time, value 3600  op=11
 @40003edd845e19cfbc14 rlm_ldap: Adding X-ascend-data-filter as
 X-Ascend-Data-Filter, value ip in forward tcp est  op=11
 @40003edd845e19cfe324 rlm_ldap: Adding X-ascend-data-filter as
 X-Ascend-Data-Filter, value ip in forward dstip 66.159.32.0/24  op=11
 @40003edd845e19d01204 rlm_ldap: Adding X-ascend-data-filter as
 X-Ascend-Data-Filter, value ip in drop tcp dstport = 25  op=11
 @40003edd845e19d03cfc rlm_ldap: Adding X-ascend-data-filter as
 X-Ascend-Data-Filter, value ip in forward  op=11

 Anyone have any ideas why it is not returning the values?

The default operator used by rlm_ldap as shown above is 11 (=)
You should use the += operator.
This can be achieve this by using the following as a value for the corresponding
attributes:
attribute: += your value here

Hope this helps


 Gene Parks
 VIP Direct


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: dialup access support

[Kostas Kalevras]

On Thu, 29 May 2003, Don Click wrote:

 Guys -

 I know the web front end is now part of the distro, so Ill ask here.

 For the last few weeks, when I click on the Online Users link, I am shown
 only 1 user online, (for over 360 hours no less). I manually check the ras
 device (A USRobotics Total Control, with 72 lines) and see 12 ppl (on average)
 online.

 I have check the configs, and see nothing wrong. No changes have been made to
 this system in over 6 months, other than a major user purge..

 Any suggestions on what to look at?

Enable sql_debug in dialupadmin and check that the sql queries it is runing.
Probably something is wrong with your accounting.


 Also - What exactly is the Check Server link supposed to show me? I click
 on it and all i get is (test user radius)

It sends a test radius packet to the radius server. Check that dialupadmin can
run radclient correctly (check the corresponding directives in admin.conf and
the web server error logs).


 Thanks!


 Don Click
 IS Special Projects Manager
 Metrocall, Inc.
 Dallas, Texas
 972-687-2074


 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Always Password Attribute and Multiple Password

[Kostas Kalevras]

On Fri, 30 May 2003 [EMAIL PROTECTED] wrote:

 Always an Access-Reject when I use sn as userPassword

 Another Idea ? or a correction ?

 Philippe

 rad_recv: Access-Request packet from host 192.168.2.92:1570, id=4,
 length=48
 User-Name = philippe
 User-Password = philippe
 rlm_ldap: checking if remote access for philippe is allowed by sn
 rlm_ldap: Added password philippe in check items

^

That's good

 rlm_ldap: looking for check items in directory...
 rlm_ldap: looking for reply items in directory...
 Invalid operator for item User-Password: reverting to '=='
 rlm_ldap: user philippe authorized to use remote access
   rad_check_password:  Found Auth-Type USERS
 auth: type USERS
 modcall: entering group authtype
 rlm_ldap: - authenticate
 rlm_ldap: login attempt by philippe with password philippe
 rlm_ldap: user DN: uid=philippe,ou=Users,dc=e-qual,dc=fr
 rlm_ldap: (re)connect to 192.168.1.53:389, authentication 1
 rlm_ldap: bind as uid=philippe,ou=Users,dc=e-qual,dc=fr/philippe to
 192.168.1.53:389
 rlm_ldap: waiting for bind result ...
 rlm_ldap: uid=philippe,ou=Users,dc=e-qual,dc=fr bind to 192.168.1.53:389
 failed Insufficient access
 rlm_ldap: ldap_connect() failed
   modcall[authenticate]: module ldap1 returns fail
 modcall: group authtype returns fail
 auth: Failed to validate the user.
 Login incorrect: [philippe/philippe] (from client testing port 0)

OK, so you configured your server to do ldap authentication (ldap bind
operation). That way, your extracted user password will *never* be used.
Configure it to do authentication using the pap module and it will work just
fine.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: freeradius ldap and chap authentication problems

[Kostas Kalevras]

On Tue, 3 Jun 2003, Tjeerd Bos wrote:

 Tjeerd Bos [EMAIL PROTECTED] wrote:
  rlm_chap: login attempt by tjeerd with CHAP password
 bip=C2v!?=F1?e=E7?= 5??=FA=E4
  rlm_chap: Using clear text password { for user tjeerd authentication.

 !!!

ok, without looking at your rlm_ldap config i can bet that you have configured
the password_header directive wrong. Fix it and it will work.

  rlm_chap: Pasword check failed
 Does that make ANY sense? Alan DeKok.

 When I use sql authentication with authentication protocol chap in stead of
 ldap authentication it's working fine.
 In ldap the passwords are stored in clear text.
 The problem is that the incoming request at the ggaaa server is a chap
 challenge. It is not possible to reconstruct the password in clear text from
 this challenge. The ldap authentication will fail.
 When I use the radtest command on the bbaaa server the password is in clear
 text. With this clear text password the authentication to ldap is ok.


 with regards,

 Tjeerd Bos


 PinkRoccade Infrastructure Services
 Trusted Services
 Apeldoorn


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP Fall-Through?

[Kostas Kalevras]

On Wed, 4 Jun 2003, Mike Sturdee wrote:

 Is there an LDAP equivelant of using the users file Fall-Through
 attribute?

There's only one ldap entry for a user, so i would not think so.
In any case you are not asking the right question.
Which is: What is the problem you are trying to fix?
In general you could use the users file for general checks and ldap for per user
configuration.



 -Mike
 Network Engineer
 Pathway Internet Services

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Attribute Password

[Kostas Kalevras]

On Wed, 4 Jun 2003 [EMAIL PROTECTED] wrote:


 Hi,


 Here is my problem :

 if an user in LDAP have many passwords
 (example : Jean Marie DUPOND
   passwordCISCO : toto
   passwordVPN : titi)
 can I indicate to Radius to take a specific password when Radius do
 a LDAP's request

 Example : if DUPOND want authenticate to a CISCO router, Radius
 must be use the attribute containing passwordCISCO

 if he want authenticate to a VPN, Radius must be
 use the the attribute containing passwordVPN


 I tried the directive in radiusd.conf : attribute_password  in ldap
 module to specify another attribute instead of attribute userPassword

   Example : attribute_password = cn

   But if I want authenticate an user, I receive an ACCESS-REJECT


 An idea ??


 Here is an answer that I have received :

 You can not do what you want to do.  The password is the password.  You
 can not have multiple  passwords un the customer record it just doesn't
 work like that.  If you are looking to have multiple passwords or be
 able to authenticate to a different device with a different password
 then you are going to need a new entry in LDAP under a different tree
 and an entirely different radius server to query it.

The above is right if you are talking about *LDAP* authentication (LDAP BIND
operation). It is not right if you are just talking about extracting the user
password from ldap and using pap/chap for authentication.


 It's wrong or right ?



 Philippe


 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Weaknesses of reviews?

[amin abedi]

Hi,
what is the weaknesses of reviews(walkthrough or inspection)?

__
Do you Yahoo!?
Yahoo! Calendar - Free online calendar with sync to Outlook(TM).
http://calendar.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: FreeRadius with Mysql under Solaris can't work

Hi Zasp,

 Yes. When you do make, there are no error were report, but look through the 
information, you will find make do nothing with rlm_sql_mysql. And the TARGET entry in 
Makefile in the correspond directory is empty. If your configure find the head file 
and shared library, this entry will be filled with rlm_sql_mysql.

 Please check it.


   Jeson
[EMAIL PROTECTED]
2003-06-05

If I remember correctly the development package for MySQL that comes from sunfreeware 
puts the files in the wrong location for freeradius to look for them.  You can 
specify the location of the files or you can download the source and install from 
that. Solaris 8 and 9 fixed the location problem without having ro specify.

Gene Parks
VIP Direct

-Original Message-
From: [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 04, 2003 8:49 AM
To: [EMAIL PROTECTED]
Subject: Re: FreeRadius with Mysql under Solaris can't work


Thanks to Jeson.

The MYSQL package is downloaded from sunfreeware and installed directly by pkgadd 
command. I am sure there are development header and lib included. Files in the lib 
directory are as follows:
   libdbug.a  libmygcc.a  libmysqlclient.a  libmysqlclient_r.a
   libmystrings.a libmysys.a

By the way, I had ever compiled and installed mysql 3.23.52 from source package.

When I do install freeradius with configure, make and make install, there is no error 
reported. So I don't think it's the reason.

Am I right?

Best,
   Zasp

Hi,

  Please make sure you have the MySQL development package, FreeRADIUS
 compile the rlm_sql_mysql module need the include file from MySQL
 development package.

  Enjoy it!   

  $B!!(J  $B!!(JJeson


Hi,all
 I want to use freeradius with mysql support under Solaris sparc 2.7.
I meet the same
problem as many newbies when I start radiusd:

 rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
 rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the 
 search path of your system's ld.
 radiusd.conf[14]: sql: Module instantiation failed.

 All methods have been tried but failed. MySQL is working well.=  I
try to compile freeradius under gcc 3.2.3 as FAQ says configure
--disable-shared,  or set proper LD_LIBRARY_PATH variable, or copy
the dynamic lib files to /usr/lib. But the problem keeps here.

 When I do use rlm_unix not rlm_sql_mysql for authentication, it works
well.
  I have been confused for several days. Maybe anyone can help me?  Thanks :)




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html







-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

dialup_admin user_finger.php3 can not display user ip addr

[alantu]

dialup_admin user_finger.php3 can not display user ip addr


alantu
[EMAIL PROTECTED]
2003-06-05



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius with Mysql under Solaris can't work

Yes. 
As you say, I have altered the MySQL include directory location under Solaris 7, 
otherwise it can't compile
correctly.

Now I can't go on the project with MySQL support. I have been discouraged by this 
unsolved problem.

If I remember correctly the development package for MySQL that comes from sunfreeware 
puts the files in the
 wrong location for freeradius to look for them.  You can specify the location of the 
 files
 or you can download the source and install from that. Solaris 8 and 9 fixed the
 location problem without having ro specify.

Gene Parks
VIP Direct



Thanks to Jeson.

The MYSQL package is downloaded from sunfreeware and installed directly by pkgadd 
command. I am sure there are
 development header and lib included. Files in the lib directory are as follows:
  libdbug.a  libmygcc.a  libmysqlclient.a  libmysqlclient_r.a
  libmystrings.a libmysys.a

By the way, I had ever compiled and installed mysql 3.23.52 from source package. 

When I do install freeradius with configure, make and make install, there is no 
error reported. So I don't think
 it's the reason. 

Am I right?


Hi,

  Please make sure you have the MySQL development package, FreeRADIUS 
 compile the rlm_sql_mysql module need the include file from MySQL 
 development package.


Hi,all
I want to use freeradius with mysql support under Solaris sparc 2.7. 
 I meet the same problem as many newbies when I start radiusd:

rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the 
 search
path of your system's ld.
radiusd.conf[14]: sql: Module instantiation failed.

All methods have been tried but failed. MySQL is working well.  I 
 try to compile freeradius under gcc 3.2.3 as FAQ says configure 
 --disable-shared,  or set proper LD_LIBRARY_PATH variable, or copy 
 the dynamic lib files to /usr/lib. But the problem keeps here.

When I do use rlm_unix not rlm_sql_mysql for authentication, it works well.
  I have been confused for several days. Maybe anyone can help me?  Thanks :)




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Squid with Freeradius

[Dan Perik]

From what I know, squid will NOT be a transparent proxy AND an
authenticating proxy at the same time.  But your email almost sounded
like you had one network you wanted to allow access transparently 
without authenticating, and another network which you wanted to allow
access only when authenticated (which can't be transparent).  I believe
this could be done with the proper squid proxy restriction settings. 
But you'd have to try it out to find out for sure.

- Dan

On Wed, 2003-06-04 at 15:35, Wei Ming Long wrote:
Hi Dan,
Excellent! It is great to know that you are using Squid with Freeradius,
that's exactly what I want to do too. I want Squid to authenticate the http
requests using Freeradius and I also want Squid to perform transparent
proxying so that users from another network do not have to change their
network settings like proxy-server etc.


 [EMAIL PROTECTED] 06/04/03 11:48AM 

We're using squid with freeradius as the authentication engine.  As
far as I know, you can't have a transparent + authenticating proxy.  If
it's authenticating, then it has to be non-transparent.  

It's actually very easy.  You just need to set up the Squid ACL's right
(so that it requires auth).  Then you set Squid's external
authentication helper.  We're using a simple (40 lines) PERL script
which does the authentication. It uses a PERL radius module.  I'm not
even sure where I got the script.  I think I got it off of Squid's
site.  If you can't find it, let me know, and I can e-mail it to you.

The system works great for us.

- Dan

On Wed, 2003-06-04 at 11:32, Wei Ming Long wrote:
Hi everyone,
I would like to use the proxy server Squid to perform transparent
proxying
and to authenticate http requests with Freeradius and was wondering if
anyone
has done it and would appreciate it if you could provide
details(configuration
files) of how to setup Squid and Freeradius to do just that.
Thanks.

Best regards
Matthew

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html 
-- 
- Dan Perik
Computer Services Department
Lapilo Center
New Tribes Mission - PNG



- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
- Dan Perik
Computer Services Department
Lapilo Center
New Tribes Mission - PNG



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html