Re: dialup_admin user_finger.php3 can not display user ip addr
On Thu, 5 Jun 2003, alantu wrote: dialup_admin user_finger.php3 can not display user ip addr So, check that the nas is sending the user ip in the accounting start. A lot of times it will not (for instance in cisco access servers you either need to enable accounting updates or delayed accounting starts). alantu [EMAIL PROTECTED] 2003-06-05 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 0.8.1 -- Login-Time
Hello, freeradius-users. some strange things about Login-Time in 0.8.1. is it my fault or ...? 1. first attempt current time: 1720 Login-Time = Any1000-1800 failure (yes, it complaints about time) 2. second attempt current time: 1721 Login-Time = Any1000-1759 success -- Best regards, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 0.8.1 -- Login-Time
can u attach some debug messages? - Original Message - From: Alex Nazarov [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 05, 2003 10:57 AM Subject: freeradius 0.8.1 -- Login-Time Hello, freeradius-users. some strange things about Login-Time in 0.8.1. is it my fault or ...? 1. first attempt current time: 1720 Login-Time = Any1000-1800 failure (yes, it complaints about time) 2. second attempt current time: 1721 Login-Time = Any1000-1759 success -- Best regards, Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: freeradius 0.8.1 -- Login-Time
Hello, Mustafa. MNd can u attach some debug messages? i cannot replay the things like they was - this time login is allowed. configuration is not changed, but one message from log file tells (imho) about problem: Mon Jun 2 17:16:26 2003 : Auth: Outside allowed timespan (time allowed 1000-1800): [user1/pass1] (from client nas1 port 0 cli 192.168.0.1) some strange things about Login-Time in 0.8.1. is it my fault or ...? 1. first attempt current time: 1720 Login-Time = Any1000-1800 failure (yes, it complaints about time) 2. second attempt current time: 1721 Login-Time = Any1000-1759 success -- , Alex mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius ldap and chap authentication problems
Title: RE: freeradius ldap and chap authentication problems something is not ok yet: radiusd.conf: ldap { Auth-Type := LDAP server = ldap.gemnet.nl identity = cn=directory manager password = dirmgr12 basedn = c=NL filter = (uid=%{Stripped-User-Name:-%{User-Name}}) start_tls = no tls_mode = no profile_attribute = radiusProfileDn dictionary_mapping = ${raddbdir}/ldap.attrmap password_attribute = userPassword password_header = {clear} ldap_connections_number = 5 timeout = 4 timelimit = 3 net_timeout = 1 } skip authorize { preprocess ldap { notfound = return } chap sql } authenticate { authtype CHAP { chap } } Radius.log after dial-in: rad_recv: Access-Request packet from host 172.25.108.209:1814, id=21, length=133 NAS-IP-Address = 172.28.192.1 NAS-Port = 5 NAS-Port-Type = Virtual User-Name = [EMAIL PROTECTED] Called-Station-Id = 578750011 Calling-Station-Id = 555778822 CHAP-Password = 0x6da696ba2e24f6b98e7875851e1b02b55f Service-Type = Framed-User Framed-Protocol = PPP Proxy-State = 0x313435 CHAP-Challenge = \352\362\221\202\333O{' \341\270\345^33 modcall: entering group authorize hints: Matched DEFAULT at 63 modcall[authorize]: module preprocess returns ok rlm_ldap: - authorize rlm_ldap: performing user authorization for tjeerd radius_xlat: '(uid=tjeerd)' radius_xlat: 'c=NL' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.gemnet.nl:389, authentication 0 rlm_ldap: bind as cn=directory manager/dirmgr12 to ldap.gemnet.nl:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in c=NL, with filter (uid=tjeerd) rlm_ldap: Password header not found in password {SSHA}J+fitIGC+3np1EKD3PFs/y04OAT9KBNEES2ZQA== for user tjeerd rlm_ldap: looking for check items in directory... rlm_ldap: Adding userPassword as User-Password, value { op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user tjeerd authorized to use remote access ldap_release_conn: Release Id: 0 Tjeerd -Original Message- From: Kostas Kalevras [mailto:[EMAIL PROTECTED]] Sent: woensdag 4 juni 2003 22:35 To: [EMAIL PROTECTED] Subject: RE: freeradius ldap and chap authentication problems On Tue, 3 Jun 2003, Tjeerd Bos wrote: Tjeerd Bos [EMAIL PROTECTED] wrote: rlm_chap: login attempt by tjeerd with CHAP password bip=C2v!?=F1?e=E7?= 5??=FA=E4 rlm_chap: Using clear text password { for user tjeerd authentication. !!! ok, without looking at your rlm_ldap config i can bet that you have configured the password_header directive wrong. Fix it and it will work. rlm_chap: Pasword check failed Does that make ANY sense? Alan DeKok. When I use sql authentication with authentication protocol chap in stead of ldap authentication it's working fine. In ldap the passwords are stored in clear text. The problem is that the incoming request at the ggaaa server is a chap challenge. It is not possible to reconstruct the password in clear text from this challenge. The ldap authentication will fail. When I use the radtest command on the bbaaa server the password is in clear text. With this clear text password the authentication to ldap is ok. with regards, Tjeerd Bos PinkRoccade Infrastructure Services Trusted Services Apeldoorn -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: FreeRadius with Mysql under Solaris can't work
Hi Zasp, Do you get the rlm_sql_mysql.so? If not, please recompile your freeRadius project with configure --enable-static. By default, freeRadius use the shared library. Or, you can try to use the environment variable LD_PRELOAD=/path/your/rlm_sql_mysql. Jeson [EMAIL PROTECTED] 2003-06-06 Thanks again. I have check the Makefile in rlm_sql_mysql directory. It says: TARGET = rlm_sql_mysql SRCS = sql_mysql.c And rlm_sql_mysql.a rlm_sql_mysql.la are both generated. So I think it's not my fault to configure the project. Hi Zasp, Yes. When you do make, there are no error were report, but look= through the information, you will find make do nothing with= rlm_sql_mysql. And the TARGET entry in Makefile in the= correspond directory is empty. If your configure find the head= file and shared library, this entry will be filled with= rlm_sql_mysql. Please check it. =09 Jeson [EMAIL PROTECTED] =A1=A12003-06-05 If I remember correctly the development package for MySQL that= comes from sunfreeware puts the files in the wrong location for= freeradius to look for them. You can specify the location of= the files or you can download the source and install from that.= Solaris 8 and 9 fixed the location problem without having ro= specify. Gene Parks VIP Direct -Original Message- From: [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 8:49 AM To: [EMAIL PROTECTED] Subject: Re: FreeRadius with Mysql under Solaris can't work Thanks to Jeson. The MYSQL package is downloaded from sunfreeware and installed= directly by pkgadd command. I am sure there are development= header and lib included. Files in the lib directory are as= follows: =09=09libdbug.a libmygcc.a libmysqlclient.a libmysqlclient_r.a =09=09libmystrings.a libmysys.a By the way, I had ever compiled and installed mysql 3.23.52 from= source package. When I do install freeradius with configure, make and make= install, there is no error reported. So I don't think it's the= reason. Am I right? Best, =09Zasp Hi, Please make sure you have the MySQL development package,= FreeRADIUS compile the rlm_sql_mysql module need the include file from= MySQL development package. Enjoy it!=09 =1B$B!!=1B(J =1B$B!!=1B(JJeson Hi,all =09I want to use freeradius with mysql support under Solaris= sparc 2.7. I meet the same problem as many newbies when I start radiusd: =09rlm_sql (sql): Could not link driver rlm_sql_mysql: file not= found =09rlm_sql (sql): Make sure it (and all its dependent= libraries!) are in the search path of your system's ld. =09radiusd.conf[14]: sql: Module instantiation failed. =09All methods have been tried but failed. MySQL is working= well.=3D I try to compile freeradius under gcc 3.2.3 as FAQ says= configure --disable-shared, or set proper LD_LIBRARY_PATH variable, or= copy the dynamic lib files to /usr/lib. But the problem keeps= here. =09When I do use rlm_unix not rlm_sql_mysql for authentication,= it works well. I have been confused for several days. Maybe anyone can help= me? Thanks :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Where to specify Pool-Name for mixed fixed/dynamic IP profiles
On Tue, Jun 03, 2003 at 10:21:54AM +0200, Jonathan Ruano wrote: I'm migrating my old user database to FreeRadius SQL format. Added GroupName fields to some tables and modified queries, but that's another story. I've defined ippools for several realms, so that normal, IP-dynamic profiles are assigned IPs from those pools, like: radcheck: - userdyn Password == secretdyn - user01 Password == secret01 - user02 Password == secret02 radgroupcheck: - domain01 Auth-Type := Local - domain01 Pool-Name := domain01_pool radgroupreply: - domain01 Service-Type := Framed-User - domain01 Framed-Protocol := PPP - domain01 Framed-IP-Netmask := 255.255.255.255 Provided that I have several profiles within this domain which have fixed IP address: radreply: - user01 Framed-IP-Address := 1.2.3.4 - user02 Framed-IP-Address := 1.2.3.5 Will dynamic ip address be allocated (although not actually used)? Shall I define Pool-Name in radcheck for every dynamic-ip profile instead? radcheck: - userdyn Password == secretdyn - userdyn Pool-Name := domain01_pool Thanks for your comments, opinions, etc :) Jon If I understand correctly, you want the users in domain01 group to get Dynamic IPs except users user01 and user02? If you're using a recent CVS snapshot, rlm_ippool has gained an override option where you can tell it to either override a Framed-IP-Address or be overridden by a Framed-IP-Address. The default behaviour before that was to be overridden by a Framed-IP-Address, so I think it would work like you want either way. -- Paul TBBle Hampson on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with Mysql under Solaris can't work
Thanks to Jeson. The MYSQL package is downloaded from sunfreeware and installed directly by pkgadd command. I am sure there are development header and lib included. Files in the lib directory are as follows: libdbug.a libmygcc.a libmysqlclient.a libmysqlclient_r.a libmystrings.a libmysys.a By the way, I had ever compiled and installed mysql 3.23.52 from source package. When I do install freeradius with configure, make and make install, there is no error reported. So I don't think it's the reason. Am I right? Best, Zasp Hi, Please make sure you have the MySQL development package, FreeRADIUS compile the rlm_sql_mysql module need the include file from MySQL development package. Enjoy it! Jeson Hi,all I want to use freeradius with mysql support under Solaris sparc 2.7. I meet the same problem as many newbies when I start radiusd: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. All methods have been tried but failed. MySQL is working well.= I try to compile freeradius under gcc 3.2.3 as FAQ says configure --disable-shared, or set proper LD_LIBRARY_PATH variable, or copy the dynamic lib files to /usr/lib. But the problem keeps here. When I do use rlm_unix not rlm_sql_mysql for authentication, it works well. I have been confused for several days. Maybe anyone can help me? Thanks :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/MD5 and ldap
Hello, I want to use EAP/MD5 andLdap. EAP/MD5 config is ok, but ldap config is not Ok. Have you got example of radiusd.conf, users for EAP/MD5 and Ldap. Thanks,
RE: FreeRadius with Mysql under Solaris can't work
If I remember correctly the development package for MySQL that comes from sunfreeware (Bputs the files in the wrong location for freeradius to look for them. You can specify (Bthe location of the files or you can download the source and install from that. (BSolaris 8 and 9 fixed the location problem without having ro specify. (B (BGene Parks (BVIP Direct (B (B-Original Message- (BFrom: [mailto:[EMAIL PROTECTED] (BSent: Wednesday, June 04, 2003 8:49 AM (BTo: [EMAIL PROTECTED] (BSubject: Re: FreeRadius with Mysql under Solaris can't work (B (B (BThanks to Jeson. (B (BThe MYSQL package is downloaded from sunfreeware and installed directly by pkgadd (Bcommand. I am sure there are development header and lib included. Files in the lib (Bdirectory are as follows: (Blibdbug.a libmygcc.a libmysqlclient.a libmysqlclient_r.a (Blibmystrings.a libmysys.a (B (BBy the way, I had ever compiled and installed mysql 3.23.52 from source package. (B (BWhen I do install freeradius with configure, make and make install, there is no error (Breported. So I don't think it's the reason. (B (BAm I right? (B (BBest, (BZasp (B (BHi, (B (B Please make sure you have the MySQL development package, FreeRADIUS (B compile the rlm_sql_mysql module need the include file from MySQL (B development package. (B (B Enjoy it! (B (B $B!!(J $B!!(JJeson (B (B (BHi,all (B I want to use freeradius with mysql support under Solaris sparc 2.7. (BI meet the same (Bproblem as many newbies when I start radiusd: (B (B rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found (B rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the (B search path of your system's ld. (B radiusd.conf[14]: sql: Module instantiation failed. (B (B All methods have been tried but failed. MySQL is working well.= I (Btry to compile freeradius under gcc 3.2.3 as FAQ says "configure (B--disable-shared", or set proper LD_LIBRARY_PATH variable, or copy (Bthe dynamic lib files to /usr/lib. But the problem keeps here. (B (B When I do use rlm_unix not rlm_sql_mysql for authentication, it works (Bwell. (B I have been confused for several days. Maybe anyone can help me? Thanks :) (B (B (B (B (B- (BList info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html (B (B- (BList info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
archive search
Is there a way to search a particular argument in the freeradius archive list, as the only fields available are INDEX DATE ??? Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP Fall-Through?
Is there an LDAP equivelant of using the users file Fall-Through attribute? -Mike Network Engineer Pathway Internet Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
copy accounting to second server
What's the easiest way to copy accouting packets to a second server, without using radrelay? tia, josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attribute Password
Hi, Here is my problem : if an user in LDAP have many passwords (example : Jean Marie DUPOND passwordCISCO : toto passwordVPN : titi) can I indicate to Radius to take a specific password when Radius do a LDAP's request Example : if DUPOND want authenticate to a CISCO router, Radius must be use the attribute containing passwordCISCO if he want authenticate to a VPN, Radius must be use the the attribute containing passwordVPN I tried the directive in radiusd.conf : attribute_password in ldap module to specify another attribute instead of attribute userPassword Example : attribute_password = cn But if I want authenticate an user, I receive an ACCESS-REJECT An idea ?? Here is an answer that I have received : You can not do what you want to do. The password is the password. You can not have multiple passwords un the customer record it just doesn't work like that. If you are looking to have multiple passwords or be able to authenticate to a different device with a different password then you are going to need a new entry in LDAP under a different tree and an entirely different radius server to query it. It's wrong or right ? Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius - DLINK DWL-900+ - 802.1.X
What is your ap?, you set up the eap and wep key, in the cisco 1200 ap this is import. att. Mauricio - Original Message - From: Pascal PELONI [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 03, 2003 9:24 AM Subject: Re: FreeRadius - DLINK DWL-900+ - 802.1.X I forget to say that : 1. the authentication works well with radtest ! $ radtest tst1 pp 127.0.0.1 1 test Sending Access-Request of id 68 to 127.0.0.1:1812 User-Name = tst1 User-Password = \323\366\273\363\371Z\250]\231(w\265?\346G\253 NAS-IP-Address = localhost NAS-Port = 1 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=68, length=20 2. with my AP I have the following output in radius.log : Auth: Login incorrect: [pelo/no User-Password attribute] Thanks. At 16:58 03/06/2003 +0200, you wrote: I've already read the FAQ and the README's, but it still doesn't work. Here is part of my config : radiusd.conf modules { eap { default_eap_type = md5 md5 { } } } authorize { eap } authenticate { eap } client.conf --- client localhost { secret = test nastype = other shortname = test } huntgroups -- TESTNAS-IP-Address == 127.0.0.1, NAS-Port-Id == 0-3 users - DEFAULT Huntgroup-Name == TEST Framed-IP-Address = 192.168.1.11+ tst1User-Password == pp tst2Auth-Type := Local, User-Password == pp Could someone help ? Thanks, PP. At 09:31 30/05/2003 -0400, you wrote: Pascal PELONI [EMAIL PROTECTED] wrote: The problem is that when I try to authenticate with my AP W2K, it doesn't work : # less /var/log/radius.log Thu May 29 18:17:07 2003 : Auth: Login incorrect: [aa/no User-Password attribute] (from client ap-wlan port 0 cli 00-40-05-CB-AD-7C) Read the FAQ and the README's. Read the FAQ and the README's. Read the FAQ and the README's. Read the FAQ and the README's. Did I mention I *really* meant that you should read the FAQ and the README's? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hi, I am using freeradius-snapshot from March 11, 2003. I have EAP/TLS working. Question I have, is there a way to limit the number of attempts a user has to log in the server? Let's say, after three attempts, that user gets locked out for an hour. Keep up the great work! Thanks Sign up today for your Free E-mail at: http://www.canoe.ca/CanoeMail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/MD5 and ldap
please send me the configs files, users, radius.conf clients, thanks regards. Mauricio - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, May 04, 2003 7:23 AM Subject: EAP/MD5 and ldap Hello, I want to use EAP/MD5 andLdap. EAP/MD5 config is ok, but ldap config is not Ok. Have you got example of radiusd.conf, users for EAP/MD5 and Ldap. Thanks,
Re: archive search
On Wed, Jun 04, 2003 at 04:03:25PM +0200, Mauro wrote: Is there a way to search a particular argument in the freeradius archive list, as the only fields available are INDEX DATE ??? There were searchable FreeRADIUS archives at http://www.mail-archive.com/[EMAIL PROTECTED]/ but they're down currently due to 'technical problems'... -- Fduch M. Pravking - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple attributes
On Wed, 4 Jun 2003, Gene Parks wrote: I am using freeradius snapshot 20030603 and the server comes up fine and will authenticate. The problem I have is now the server will not return multiple values for one attribute. I have 3 other servers running 0.8.1 and they will return the attributes correctly. The log says this @40003edd845e18c408d4 ldap_get_conn: Got Id: 0 @40003edd845e18c41874 rlm_ldap: performing search in ou=premiernet.2dial.com, o=dcconnex.net, with filter (uid=dctichenor) @40003edd845e19cdd7b4 rlm_ldap: Added password in check items @40003edd845e19ce0a7c rlm_ldap: looking for check items in directory... @40003edd845e19ce21ec rlm_ldap: Adding chappassword as Chap-Password, value op=21 @40003edd845e19ce412c rlm_ldap: looking for reply items in directory... @40003edd845e19ce589c rlm_ldap: Adding X-Ascend-Idle-Limit as X-Ascend-Idle-Limit, value 600 op=11 @40003edd845e19ce7bc4 rlm_ldap: Adding X-Ascend-maximum-Time as X-Ascend-Maximum-Time, value 3600 op=11 @40003edd845e19cfbc14 rlm_ldap: Adding X-ascend-data-filter as X-Ascend-Data-Filter, value ip in forward tcp est op=11 @40003edd845e19cfe324 rlm_ldap: Adding X-ascend-data-filter as X-Ascend-Data-Filter, value ip in forward dstip 66.159.32.0/24 op=11 @40003edd845e19d01204 rlm_ldap: Adding X-ascend-data-filter as X-Ascend-Data-Filter, value ip in drop tcp dstport = 25 op=11 @40003edd845e19d03cfc rlm_ldap: Adding X-ascend-data-filter as X-Ascend-Data-Filter, value ip in forward op=11 Anyone have any ideas why it is not returning the values? The default operator used by rlm_ldap as shown above is 11 (=) You should use the += operator. This can be achieve this by using the following as a value for the corresponding attributes: attribute: += your value here Hope this helps Gene Parks VIP Direct -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup access support
On Thu, 29 May 2003, Don Click wrote: Guys - I know the web front end is now part of the distro, so Ill ask here. For the last few weeks, when I click on the Online Users link, I am shown only 1 user online, (for over 360 hours no less). I manually check the ras device (A USRobotics Total Control, with 72 lines) and see 12 ppl (on average) online. I have check the configs, and see nothing wrong. No changes have been made to this system in over 6 months, other than a major user purge.. Any suggestions on what to look at? Enable sql_debug in dialupadmin and check that the sql queries it is runing. Probably something is wrong with your accounting. Also - What exactly is the Check Server link supposed to show me? I click on it and all i get is (test user radius) It sends a test radius packet to the radius server. Check that dialupadmin can run radclient correctly (check the corresponding directives in admin.conf and the web server error logs). Thanks! Don Click IS Special Projects Manager Metrocall, Inc. Dallas, Texas 972-687-2074 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Always Password Attribute and Multiple Password
On Fri, 30 May 2003 [EMAIL PROTECTED] wrote: Always an Access-Reject when I use sn as userPassword Another Idea ? or a correction ? Philippe rad_recv: Access-Request packet from host 192.168.2.92:1570, id=4, length=48 User-Name = philippe User-Password = philippe rlm_ldap: checking if remote access for philippe is allowed by sn rlm_ldap: Added password philippe in check items ^ That's good rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... Invalid operator for item User-Password: reverting to '==' rlm_ldap: user philippe authorized to use remote access rad_check_password: Found Auth-Type USERS auth: type USERS modcall: entering group authtype rlm_ldap: - authenticate rlm_ldap: login attempt by philippe with password philippe rlm_ldap: user DN: uid=philippe,ou=Users,dc=e-qual,dc=fr rlm_ldap: (re)connect to 192.168.1.53:389, authentication 1 rlm_ldap: bind as uid=philippe,ou=Users,dc=e-qual,dc=fr/philippe to 192.168.1.53:389 rlm_ldap: waiting for bind result ... rlm_ldap: uid=philippe,ou=Users,dc=e-qual,dc=fr bind to 192.168.1.53:389 failed Insufficient access rlm_ldap: ldap_connect() failed modcall[authenticate]: module ldap1 returns fail modcall: group authtype returns fail auth: Failed to validate the user. Login incorrect: [philippe/philippe] (from client testing port 0) OK, so you configured your server to do ldap authentication (ldap bind operation). That way, your extracted user password will *never* be used. Configure it to do authentication using the pap module and it will work just fine. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius ldap and chap authentication problems
On Tue, 3 Jun 2003, Tjeerd Bos wrote: Tjeerd Bos [EMAIL PROTECTED] wrote: rlm_chap: login attempt by tjeerd with CHAP password bip=C2v!?=F1?e=E7?= 5??=FA=E4 rlm_chap: Using clear text password { for user tjeerd authentication. !!! ok, without looking at your rlm_ldap config i can bet that you have configured the password_header directive wrong. Fix it and it will work. rlm_chap: Pasword check failed Does that make ANY sense? Alan DeKok. When I use sql authentication with authentication protocol chap in stead of ldap authentication it's working fine. In ldap the passwords are stored in clear text. The problem is that the incoming request at the ggaaa server is a chap challenge. It is not possible to reconstruct the password in clear text from this challenge. The ldap authentication will fail. When I use the radtest command on the bbaaa server the password is in clear text. With this clear text password the authentication to ldap is ok. with regards, Tjeerd Bos PinkRoccade Infrastructure Services Trusted Services Apeldoorn -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP Fall-Through?
On Wed, 4 Jun 2003, Mike Sturdee wrote: Is there an LDAP equivelant of using the users file Fall-Through attribute? There's only one ldap entry for a user, so i would not think so. In any case you are not asking the right question. Which is: What is the problem you are trying to fix? In general you could use the users file for general checks and ldap for per user configuration. -Mike Network Engineer Pathway Internet Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attribute Password
On Wed, 4 Jun 2003 [EMAIL PROTECTED] wrote: Hi, Here is my problem : if an user in LDAP have many passwords (example : Jean Marie DUPOND passwordCISCO : toto passwordVPN : titi) can I indicate to Radius to take a specific password when Radius do a LDAP's request Example : if DUPOND want authenticate to a CISCO router, Radius must be use the attribute containing passwordCISCO if he want authenticate to a VPN, Radius must be use the the attribute containing passwordVPN I tried the directive in radiusd.conf : attribute_password in ldap module to specify another attribute instead of attribute userPassword Example : attribute_password = cn But if I want authenticate an user, I receive an ACCESS-REJECT An idea ?? Here is an answer that I have received : You can not do what you want to do. The password is the password. You can not have multiple passwords un the customer record it just doesn't work like that. If you are looking to have multiple passwords or be able to authenticate to a different device with a different password then you are going to need a new entry in LDAP under a different tree and an entirely different radius server to query it. The above is right if you are talking about *LDAP* authentication (LDAP BIND operation). It is not right if you are just talking about extracting the user password from ldap and using pap/chap for authentication. It's wrong or right ? Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Weaknesses of reviews?
Hi, what is the weaknesses of reviews(walkthrough or inspection)? __ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius with Mysql under Solaris can't work
Hi Zasp, Yes. When you do make, there are no error were report, but look through the information, you will find make do nothing with rlm_sql_mysql. And the TARGET entry in Makefile in the correspond directory is empty. If your configure find the head file and shared library, this entry will be filled with rlm_sql_mysql. Please check it. Jeson [EMAIL PROTECTED] 2003-06-05 If I remember correctly the development package for MySQL that comes from sunfreeware puts the files in the wrong location for freeradius to look for them. You can specify the location of the files or you can download the source and install from that. Solaris 8 and 9 fixed the location problem without having ro specify. Gene Parks VIP Direct -Original Message- From: [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 04, 2003 8:49 AM To: [EMAIL PROTECTED] Subject: Re: FreeRadius with Mysql under Solaris can't work Thanks to Jeson. The MYSQL package is downloaded from sunfreeware and installed directly by pkgadd command. I am sure there are development header and lib included. Files in the lib directory are as follows: libdbug.a libmygcc.a libmysqlclient.a libmysqlclient_r.a libmystrings.a libmysys.a By the way, I had ever compiled and installed mysql 3.23.52 from source package. When I do install freeradius with configure, make and make install, there is no error reported. So I don't think it's the reason. Am I right? Best, Zasp Hi, Please make sure you have the MySQL development package, FreeRADIUS compile the rlm_sql_mysql module need the include file from MySQL development package. Enjoy it! $B!!(J $B!!(JJeson Hi,all I want to use freeradius with mysql support under Solaris sparc 2.7. I meet the same problem as many newbies when I start radiusd: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. All methods have been tried but failed. MySQL is working well.= I try to compile freeradius under gcc 3.2.3 as FAQ says configure --disable-shared, or set proper LD_LIBRARY_PATH variable, or copy the dynamic lib files to /usr/lib. But the problem keeps here. When I do use rlm_unix not rlm_sql_mysql for authentication, it works well. I have been confused for several days. Maybe anyone can help me? Thanks :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin user_finger.php3 can not display user ip addr
dialup_admin user_finger.php3 can not display user ip addr alantu [EMAIL PROTECTED] 2003-06-05 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with Mysql under Solaris can't work
Yes. As you say, I have altered the MySQL include directory location under Solaris 7, otherwise it can't compile correctly. Now I can't go on the project with MySQL support. I have been discouraged by this unsolved problem. If I remember correctly the development package for MySQL that comes from sunfreeware puts the files in the wrong location for freeradius to look for them. You can specify the location of the files or you can download the source and install from that. Solaris 8 and 9 fixed the location problem without having ro specify. Gene Parks VIP Direct Thanks to Jeson. The MYSQL package is downloaded from sunfreeware and installed directly by pkgadd command. I am sure there are development header and lib included. Files in the lib directory are as follows: libdbug.a libmygcc.a libmysqlclient.a libmysqlclient_r.a libmystrings.a libmysys.a By the way, I had ever compiled and installed mysql 3.23.52 from source package. When I do install freeradius with configure, make and make install, there is no error reported. So I don't think it's the reason. Am I right? Hi, Please make sure you have the MySQL development package, FreeRADIUS compile the rlm_sql_mysql module need the include file from MySQL development package. Hi,all I want to use freeradius with mysql support under Solaris sparc 2.7. I meet the same problem as many newbies when I start radiusd: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. All methods have been tried but failed. MySQL is working well. I try to compile freeradius under gcc 3.2.3 as FAQ says configure --disable-shared, or set proper LD_LIBRARY_PATH variable, or copy the dynamic lib files to /usr/lib. But the problem keeps here. When I do use rlm_unix not rlm_sql_mysql for authentication, it works well. I have been confused for several days. Maybe anyone can help me? Thanks :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Squid with Freeradius
From what I know, squid will NOT be a transparent proxy AND an authenticating proxy at the same time. But your email almost sounded like you had one network you wanted to allow access transparently without authenticating, and another network which you wanted to allow access only when authenticated (which can't be transparent). I believe this could be done with the proper squid proxy restriction settings. But you'd have to try it out to find out for sure. - Dan On Wed, 2003-06-04 at 15:35, Wei Ming Long wrote: Hi Dan, Excellent! It is great to know that you are using Squid with Freeradius, that's exactly what I want to do too. I want Squid to authenticate the http requests using Freeradius and I also want Squid to perform transparent proxying so that users from another network do not have to change their network settings like proxy-server etc. [EMAIL PROTECTED] 06/04/03 11:48AM We're using squid with freeradius as the authentication engine. As far as I know, you can't have a transparent + authenticating proxy. If it's authenticating, then it has to be non-transparent. It's actually very easy. You just need to set up the Squid ACL's right (so that it requires auth). Then you set Squid's external authentication helper. We're using a simple (40 lines) PERL script which does the authentication. It uses a PERL radius module. I'm not even sure where I got the script. I think I got it off of Squid's site. If you can't find it, let me know, and I can e-mail it to you. The system works great for us. - Dan On Wed, 2003-06-04 at 11:32, Wei Ming Long wrote: Hi everyone, I would like to use the proxy server Squid to perform transparent proxying and to authenticate http requests with Freeradius and was wondering if anyone has done it and would appreciate it if you could provide details(configuration files) of how to setup Squid and Freeradius to do just that. Thanks. Best regards Matthew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Dan Perik Computer Services Department Lapilo Center New Tribes Mission - PNG - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Dan Perik Computer Services Department Lapilo Center New Tribes Mission - PNG - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html