Re: Multiple IPs to a Dial-in user.
Hmm I think I found the answer, if someone could confirm for me userAuth-Type = Local, Password = blegh Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 192.168.5.78, Framed-Route = 192.168.5.64/28 0.0.0.0 1 On Friday 05 July 2002 9:43, Lee W wrote: Hi all, I'm in a pinch. I have a customer that needs a more then one IP routed to his ISDN connection so he can have server at his location. If I can't get one to him he will have no choice but to go someware else. Anyway, Is there a way to do this is freeradius? I have a static ip for him now. its assigns the static to one channel and pulls one out of the pool for the other channel. Thanks Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- ||| \ ~ ~ / | @ @ | --oOo---(_)---oOo Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up **DSL ** Web-hosting ** ** Co-location **T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Odd Problem with invalid passwords
Its in the radiusd.conf file # On systems with shadow passwords, you might have to set 'group = shadow' # for the server to be able to read the shadow password file. If you can # authenticate users while in debug mode, but not in normal use, it may be # because the debugged server is running as a user that can read the shadow # info, and the user listed below can not. user = nobody group = shadow ### On Wednesday 12 June 2002 7:24, William Ragsdale wrote: Greetings, Is this getting to the list? I have not received any answers, nor anyone telling me to RTFM (which I have). Can somone respond letting me know if they received this email? Even if you don't hanve an answer. On Fri, 7 Jun 2002 10:34:07 -0400 (Eastern Daylight Time) William Ragsdale [EMAIL PROTECTED] wrote: Problem details: I have recently installed freeradius, and while running in -X debug mode everything works great, but when in daemon mode I encounter some problems when a user enter an incorrect password. When in debug mode the radius responds with the proper reject code, but in daemon mode, it never responds so my users are seeing a PPP timeout. (error 718 on Windows) When running in Debug mode, it sends the reply correctly.If you want or needa copy of the radius.conf or any of the other conf files, please let me know. I will be happy to furnish them. This problem happens on both my test, and production servers. Any suggestions, or pointers would help. I am fairly new to radius, so please, if this has been asked before, point me there, and I will see what I can figure out. Production server: BSDi/OS 4.1 (fully patched and up to date) FreeRadius 0.5 snapshot 20020531 Works in debug mode, but not in daemon mode. Config options: --prefix=/usr/local/radius --without-snmp --with-mysql-lib=/usr/local/mysql/lib --with-threads=no --enable-ltdl-install=no Changes to Make.inc: Added -DHAVE_INET_ATON since the ./configure script doesn't see my bind 8 properly (has to do with BSDi's embedding bind in the kernel) Test Server: FreeBSD 4.5 STABLE FreeRadius 0.5 Works in debug mode, but not in daemon mode. Config Options: --prefix=/usr/local/radius --without-snmp --enable-ltdl-install -with-mysql-lib=/home/azander/wrk/mysql --enable-ltdl-install Problem details: I have recently installed freeradius, and while running in -X debug mode everything works great, but when in daemon mode I encounter some problems when a user enter an incorrect password. When in debug mode the radius responds with the proper reject code, but in daemon mode, it never responds so my users are seeing a PPP timeout. (error 718 on Windows) When running in Debug mode, it sends the reply correctly.If you want or needa copy of the radius.conf or any of the other conf files, please let me know. I will be happy to furnish them. -- ||| \ ~ ~ / | @ @ | --oOo---(_)---oOo Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up **DSL ** Web-hosting ** ** Co-location **T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: Odd Problem with invalid passwords
I'm sorry I thought you were having Auth probs out of debug mode :-) On Wednesday 12 June 2002 1:55, William Ragsdale wrote: On Wed, 12 Jun 2002 13:49:37 -0700 Lee W [EMAIL PROTECTED] wrote: # user/group: The name (or #number) of the user/group to run radiusd as. # user = root group = wheel They seem to have access to the shadow files. (and should!) Its in the radiusd.conf file # On systems with shadow passwords, you might have to set 'group = shadow' # for the server to be able to read the shadow password file. If you can # authenticate users while in debug mode, but not in normal use, it may be # because the debugged server is running as a user that can read the shadow ## info, and the user listed below can not. user = nobody group = shadow ### On Fri, 7 Jun 2002 10:34:07 -0400 (Eastern Daylight Time) William Ragsdale [EMAIL PROTECTED] wrote: Problem details: I have recently installed freeradius, and while running in -X debug mode everything works great, but when in daemon mode I encounter some problems when a user enter an incorrect password. When in debug mode the radius responds with the proper reject code, but in daemon mode, it never responds so my users are seeing a PPP timeout. (error 718 on Windows) When running in Debug mode, it sends the reply correctly.If you want or needa copy of the radius.conf or any of the other conf files, please let me know. I will be happy to furnish them. This problem happens on both my test, and production servers. Any suggestions, or pointers would help. I am fairly new to radius, so please, if this has been asked before, point me there, and I will see what I can figure out. -- ||| \ ~ ~ / | @ @ | --oOo---(_)---oOo Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up **DSL ** Web-hosting ** ** Co-location **T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho not showing ISDN users.
Hi, Just a quick question. I have checked all that I know but still seems that the only way I can see ISDN users that are lodged in is to do it from the modem bank it self. Is there a way to view them with radwho? Thanks Lee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question
Thanks again for the help. I did get it to work. Just didn't have my simlink in the right place it needed to be in (/usr/local/var/log/~radius) Lee On Wednesday 17 April 2002 8:12, you wrote: Andrew Tait [EMAIL PROTECTED] wrote: I have found and reported this bug before. radwho does not read /etc/raddb/radiusd.conf for the location of the radutmp/radwtmp files. He has the files in /var/radius instead of /var/log/. You can edit the source to radwho, to point it at the right directory. Hmm... it looks like radwho isn't using the right value for the name of the utmp file. I'll commit a fix for that, which will help a bit, at least. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho question
Hi, I have what I hope is a easy to answer question. When I run ( radwho ) is brings back nothing. I know I have users lodged in. However when I run it as (radwho -l ) I see the local shell users. Am I missing a comand line? Not sure can anyone help? Thanks for your time. -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question
Just checked and it looks good. also the radutmp is showing an increase in size. Thanks Lee On Tuesday 16 April 2002 12:44, you wrote: Do you have your NAS setup to send Accouting packets to your radius server port 1813? - Original Message - From: Lee W [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 16, 2002 1:56 PM Subject: radwho question Hi, I have what I hope is a easy to answer question. When I run ( radwho ) is brings back nothing. I know I have users lodged in. However when I run it as (radwho -l ) I see the local shell users. Am I missing a comand line? Not sure can anyone help? Thanks for your time. -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question
Hi, The radius is running as user nobody, but I'm logged in as root and I set the radutmp file to 777 just for testing. That log is under /var/radius and its set to 777 as well just for testing :-) I checked my config file all looks good. For the most part its default config. Also Alan said it could take some time to get the accounting request. I have been running for over a month so that should be ok. am I running out of options? Thanks Lee On Tuesday 16 April 2002 1:49, you wrote: Lee, Are you logged in as root, or a regular user? Check the permissions on your radutmp file. If you're using the default config from radiusd.conf, it's 0600, and thus not world-readable. Look at the section for sradutmp in radiusd.conf if you want a radwho command that is available to non-root users. From radiusd.conf: # Safe radutmp - does not contain caller ID, so it can be # world-readable, and radwho can work for normal users, without # exposing any information that isn't already exposed by who(1). # # This is another instance of the radutmp module, but it is given # then name sradutmp to identify it later in the accounting # section. It also has to be added to the accounting {} section. Franklin On Tue, 16 Apr 2002, Lee W wrote: Date: Tue, 16 Apr 2002 13:15:45 -0700 From: Lee W [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: radwho question Just checked and it looks good. also the radutmp is showing an increase in size. Thanks Lee On Tuesday 16 April 2002 12:44, you wrote: Do you have your NAS setup to send Accouting packets to your radius server port 1813? - Original Message - From: Lee W [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 16, 2002 1:56 PM Subject: radwho question Hi, I have what I hope is a easy to answer question. When I run ( radwho ) is brings back nothing. I know I have users lodged in. However when I run it as (radwho -l ) I see the local shell users. Am I missing a comand line? Not sure can anyone help? Thanks for your time. -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Franklin Trumpy, NFA, MNGS, GSc | The only people for me are the mad ones, UNIX Systems Administrator | the ones who are mad to live, mad to Lighthouse Communications | talk, mad to be saved, desirous of [EMAIL PROTECTED] | everything at the same time, the ones (515)244-1115 | who never yawn or say a commonplace (515)953-3278 | thing, but burn, burn, burn like http://www.lh.net | fabulous yellow Roman candles exploding | like spiders across the stars... | |-- Jack Kerouac | _On The Road_, 1957 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question
Hmm That would be a bummer. FYI on th (why i can't see radutmp file) mail. I my case the log files are all working good, its just that radwho is just giving me nothing back when I run it. Lee On Tuesday 16 April 2002 3:27, you wrote: Lee W [EMAIL PROTECTED] wrote: The radius is running as user nobody, but I'm logged in as root and I set the radutmp file to 777 just for testing. That log is under /var/radius and its set to 777 as well just for testing :-) I checked my config file all looks good. For the most part its default config. Hmm... there may be another problem here. It looks like there's a bug in the radutmp module. Also Alan said it could take some time to get the accounting request. I have been running for over a month so that should be ok. am I running out of options? Yeah, I meant that the accounting logs/whatever won't be written *immediately* when you start up the server. It has to receive accounting packets first, which may take seconds or minutes, depending on your NAS configuration and volume of traffic. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange problem
Hi all, Well this is one for the books. I'm not sure it is FR causing it but the time frame is right. As of today we have six customers that have reported that they can't get to some sites. The sites they report are the same, like (wellsfargo.com) (ibm.com) (cnn.com) (ebay.com). and some others. They report that some will load part of the site and stop. Others report that they can't get to the site at all. However, I can get to all of them from our network and from a test dial-up account on the same infrastructure. The customer says its been happening for two weeks thats about how long I have had FR in place. I can't see how the two are linked other then the time it started. However I can't work up a pattern. Has anyone had such a problem? Thanks -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Win ME Authentication problem
Don't know if this well help, but, If they are getting to the NAS you could see it as (Unauthenticated). Get the phone number they are calling from. You can then search the logs for that number. Lee On Wednesday 06 February 2002 09:59 am, you wrote: ME to connect. When they connect it -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Win ME Authentication problem
Don't know if this well help, but, If they are getting to the NAS you could see it as (Unauthenticated). Get the phone number they are calling from. You can then search the logs for that number. Lee On Wednesday 06 February 2002 09:59 am, you wrote: ME to connect. When they connect it -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ips assignments outside of pool range
Well that was it. I added the 255.255.255.254 and have had it running all day, no problems so far. Thanks again Alan. On Friday 01 February 2002 01:49 pm, you wrote: Lee W [EMAIL PROTECTED] wrote: Right now I have the 3com handling the pools not FreeRadius. I was told on this list that Freeradius can't handle a upper limit on address pools, that you can set a start limit with Framed-IP-Address, and it will assign up from said IP so I should use my hardware. Yes. The RFC said Framed-Pool should be a string of the assigned address pool, if supported by the NAS so I think thats what I'm doing. You should double-check your NAS documentation for what *it* wants. The Framed-IP-Address RFC said that a set a value of 0x indicates that the NAS should allow the user to select an address (e.g. Negotiated) and the value 0xFFFE indicates that the NAS should select an address for the user (e.g. Assigned from a pool of addresses kept by the NAS. Which in my case would be (pool1). So the only thing I can think I'm missing is the 0xFFFE setting for Framed-IP-Address. Am I close, or did I miss the boat all together? :-) You should probably do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ips assignments outside of pool range
Hi, I'm having a problem with ip assignments outside the pool range that is set in my 3com. I was told a while back that its best to use the pools set in my modem bank. Based on that I must have a configuration issue in Freeradius. Could someone help? Here is the config. ### users file DEFAULT Service-Type == Framed-User, Huntgroup-Name == users Framed-Pool = pool1, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Service-Type == Framed-User, Huntgroup-Name == users2 Framed-Pool = pool2, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes ### Huntgroups users NAS-IP-Address == 207.x.x.x users2 NAS-IP-Address == 207.x.x.x pool1 2 in the name set in my 3com. users is just q huntgroup I made up for dial in users. Could it be that I have the Fall-Through=yes on the first default so its trying to move to the next pool? Also I was also concerned that with my current PAM setup I can dial in as user (root) supply a the password and get a connection. Is that a normal thing when using PAM/accessing the system password file? Thanks to all out there who has helped me. If it was not for this List group I would still forced to use MS as my Radius. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ips assignments outside of pool range
Ok I found the RFC's (RFC 2138) (RFC2869) Right now I have the 3com handling the pools not FreeRadius. I was told on this list that Freeradius can't handle a upper limit on address pools, that you can set a start limit with Framed-IP-Address, and it will assign up from said IP so I should use my hardware. The RFC said Framed-Pool should be a string of the assigned address pool, if supported by the NAS so I think thats what I'm doing. The Framed-IP-Address RFC said that a set a value of 0x indicates that the NAS should allow the user to select an address (e.g. Negotiated) and the value 0xFFFE indicates that the NAS should select an address for the user (e.g. Assigned from a pool of addresses kept by the NAS. Which in my case would be (pool1). So the only thing I can think I'm missing is the 0xFFFE setting for Framed-IP-Address. Am I close, or did I miss the boat all together? :-) Lee On Thursday 31 January 2002 02:14 pm, you wrote: Lee W [EMAIL PROTECTED] wrote: Ah, so somthing like this shoudl work. This will pull from the users pool starating at 73.10 users NAS-IP-Address == 207.151.73.10 No. That defines a server-only hunt group, which is based on the NAS-IP-Address. You want pools for the users, which define a Framed-IP-Address. See the RFC's for the difference. If the allocation of user IP addresses is handled by the NAS, then the only thing you have to do on the server is to return the right Framed-Pool attribute for each user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug or not to debug
Ah, I got it. I see what I was missing. Running the demon as user nobody on RH will not work :-) Thanks Alan for pointing in the right direction. Lee On Wednesday 30 January 2002 08:14 am, you wrote: Lee W [EMAIL PROTECTED] wrote: Thats a good point about Auth vers. Accounting. Going with that I do have it setup to use PAM, so in this case its using /etc/passwd and /etc/shadow, but because it will Auth in debug mode and not is norm mode. That's got me puzzled. The only difference in the two modes is debug displays all the info, right? How could that change the way it accesses the password file? Download the latest CVS snapshot. Read 'raddb/radiusd.conf'. Look for the 'user' and 'group' configuration items. Read the comments describing what they do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
debug or not to debug
HI all, Well I think this is a strange problem. It seems that I have freeradius running in debug mode i.e.(radiusd -X ) but not if I start it with just (radiusd). If I start it with the -X it will auth with no problem, but if I start it using the script they give or just (radiusd) it will not auth. All I get in the log is this Tue Jan 29 09:45:36 2002 : Error: Accounting: logout: entry for NAS usrhiper port 7 has wrong ID Tue Jan 29 09:56:11 2002 : Info: Accounting: login: entry for NAS usrhiper port 11 duplicate Tue Jan 29 10:04:30 2002 : Error: Accounting: logout: entry for NAS usrhiper port 15 has wrong ID I don't get that error if I use the -X. The name (usrhiper) is in my naslist like this (my ip usrhiperusrhiper). I'm running it on Redhat 6.2 and 2.2.19 kernel. Can someone help ? Thanks Lee -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voiceHI all, Well I think this is a strange problem. It seems that I have freeradius running in debug mode i.e.(radiusd -X ) but not if I start it with just (radiusd). If I start it with the -X it will auth with no problem, but if I start it using the script they give or just (radiusd) it will not auth. All I get in the log is this Tue Jan 29 09:45:36 2002 : Error: Accounting: logout: entry for NAS usrhiper port 7 has wrong ID Tue Jan 29 09:56:11 2002 : Info: Accounting: login: entry for NAS usrhiper port 11 duplicate Tue Jan 29 10:04:30 2002 : Error: Accounting: logout: entry for NAS usrhiper port 15 has wrong ID I don't get that error if I use the -X. Can someone help ? Thanks 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug or not to debug
Hi, Well that didn't work. So I'm back to asking for help. Thanks for your help in advance everyone. Lee On Tuesday 29 January 2002 11:42 am, you wrote: Hey fond the problem. need to upgrade firmware :-) sorry. Thanks. Lee On Tuesday 29 January 2002 10:23 am, you wrote: HI all, Well I think this is a strange problem. It seems that I have freeradius running in debug mode i.e.(radiusd -X ) but not if I start it with just (radiusd). If I start it with the -X it will auth with no problem, but if I start it using the script they give or just (radiusd) it will not auth. All I get in the log is this Tue Jan 29 09:45:36 2002 : Error: Accounting: logout: entry for NAS usrhiper port 7 has wrong ID Tue Jan 29 09:56:11 2002 : Info: Accounting: login: entry for NAS usrhiper port 11 duplicate Tue Jan 29 10:04:30 2002 : Error: Accounting: logout: entry for NAS usrhiper port 15 has wrong ID I don't get that error if I use the -X. The name (usrhiper) is in my naslist like this (my ip usrhiperusrhiper). I'm running it on Redhat 6.2 and 2.2.19 kernel. Can someone help ? Thanks Lee -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: debug or not to debug
Thanks for the info, Thats a good point about Auth vers. Accounting. Going with that I do have it setup to use PAM, so in this case its using /etc/passwd and /etc/shadow, but because it will Auth in debug mode and not is norm mode. That's got me puzzled. The only difference in the two modes is debug displays all the info, right? How could that change the way it accesses the password file? Lee On Tuesday 29 January 2002 03:56 pm, you wrote: Lee W [EMAIL PROTECTED] wrote: Well that didn't work. So I'm back to asking for help. Thanks for your help in advance everyone. Hmm... Tue Jan 29 09:45:36 2002 : Error: Accounting: logout: entry for NAS usrhiper port 7 has wrong ID That's usually a sign of a bad NAS. A RADIUS server can only log information it gets in an accounting packet. If that information is wrong, there isn't much that the server can do. But you also say: Well I think this is a strange problem. It seems that I have freeradius running in debug mode i.e.(radiusd -X ) but not if I start it with just (radiusd). If I start it with the -X it will auth with no problem, but if I start it using the script they give or just (radiusd) it will not auth. All I get in the log is this The authentication is a different problem than accounting. The two functions are almost completely independent. For authentication, if you're using /etc/shadow, I'd say read the comments about 'user' and 'group' in 'radiusd.conf' from the latest CVS snapshot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
passwd
Hi all, Thanks for the timely responces. I'm 100% up and running now. However I would like to have a separate password file, be it PAM or System. Do both methoeds only use the system passwd with no other options? Lee -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html