RE: Help with FreeBSD4.6

2002-09-18 Thread Mathias . Kenfack-Tabakem 

I am running FreeRadius 0.7.1 on FreeBSD 4.6 below is a sample of my user
file

 Auth-Type += System, Service-Type == Login

(I hope this helps)

This tells radius to use /etc/master.passwd for authentication and it works
on my. I do have a problem though. After login, I don't have any privilege
commands (I can't even read the running config on Extreme switches - but I
can on Cisco and Foundry) So my problem is only with Extreme.

I used  the Service-Type = Administrative (as specified in rfc2865) but
freeradius complains 

Can anyone please tells me if FreeRadius support rfc2865 attributes.

Thanks in advance,
Many thanks for your help with accounting issue I'll have another go at it
next week. Victor says it works on his system so it is possible.

Mathias,


-Original Message-
From: Monah Baki [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2002 21:16
To: [EMAIL PROTECTED]
Subject: Re: Help with FreeBSD4.6 


Any comments are most welcome, I'm still learning :)

I have Freeradius running on FreeBSD 4.6.2, and Openbsd as a client 
(Still in a test environment)

vi /usr/local/radius/etc/raddb/users
add the following:

   Auth-Type := Local, User-Password == ""

vi /usr/local/radius/etc/raddb/clients.conf
client  { <<< My OpenBSD IP address
 secret  =   <<< must match the  
in /etc/raddb/servers
 shortname   = 
}


On the Openbsd server:
vi /etc/login.conf
add the following:
:\
 :requirehome@:\
 :auth=radius:\
 :radius-server=:\
 :radius-timeout=1:\
 :radius-retries=5:

add the following as root
useradd -m -d /home/ -c "test radius user" -s /bin/ksh -u 
1 -L  

mkdir -m 755 /etc/raddb
echo " " > /etc/raddb/servers
chmod 400 /etc/raddb/servers

On Wednesday, September 18, 2002, at 03:47  AM, Gian-Carlo Baldarelli 
wrote:

> I need only system authentication and as I red in the conf
>
> - I comment out in radius.conf
>
> #  for some systems, like FreeBSD.
> #
> #passwd = /etc/passwd
> #   shadow = /etc/shadow
> group = /etc/group
>
> - Radius is running under nobody:nobody
>
> output:
> ...
>  rad_check_password:  Found Auth-Type System
> auth: type "System"
> modcall: entering group authenticate
> rlm_unix: [remadmin]: invalid password
>   modcall[authenticate]: module "unix" returns reject
> modcall: group authenticate returns reject
> auth: Failed to validate the user.
>
> ..
>
> Where is the problem ?
> The password is correct, the user can log on locally
> Has this user to be part of a particular group ?
> Where I do configure the group that has the authorizations ???
>
>
> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Per conto di Artur
> Hecker
> Inviato: martedì 17 settembre 2002 15.55
> A: [EMAIL PROTECTED]
> Oggetto: Re: R: R: radius.conf
>
>
> hi
>
>> Here is my user in /etc/passwd
>>
>> demo:*:1906:100:demo:/home/ftp/./:/etc/notelnet
>>
>> until know the user config file, is the user.sample with no change
>
> can you login locally with the password you used? does radius read both
> /etc/passwd AND /etc/shadow? i can't see it in the log since you
> truncated it.
>
>
>> rlm_unix: [demo]: invalid password
>>   modcall[authenticate]: module "unix" returns reject
>> modcall: group authenticate returns reject
>> auth: Failed to validate the user.
>
>
> ciao
> artur
>
>
> --
> Artur Hecker   Groupe Accès et Mobilité
> hecker[at]enst[dot]fr   Département Informatique et Réseaux
> +33 1 45 81 7507  46, rue Barrault 75634 Paris cedex 13
> http://www.infres.enst.frENST Paris
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


DISCLAIMER
This e-mail is intended only for the use of the addressees named above and
may be confidential. If you are not an addressee you must not read it and
must not use any information contained in nor copy it nor inform any person
other than TeleCity Limited or the addressees of its existence or contents.
If you have received this email and are not a named addressee, please delete
it and notify the TeleCity IT department on 0161 226 7643 or by email at
[EMAIL PROTECTED]



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Cisco accounting

2002-09-17 Thread Mathias . Kenfack-Tabakem 

If someone logs in to a router and issue a command, this is recorded in a
file. I currently use IOS 12.2 The following commands are configured on the
Cisco router. 


 this
mailto:[EMAIL PROTECTED]]
Sent: 18 September 2002 05:09
To: [EMAIL PROTECTED]
Subject: Re: Cisco accounting


On Wed, Sep 18, 2002 at 04:05:58AM +0100,
[EMAIL PROTECTED] wrote:
> I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is
> working just fine. But accounting only works on Foundry and not Cisco. I'm
> not sure if anyone has experienced this in the pass. Any help is
> appreciated.

Exactly what kind of accounting are you talking about here?  Cisco IOS
(up to 12.1 at least) does not support command accounting via RADIUS.
Other accounting should be supported but I have no further info on it.

/fc

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


DISCLAIMER
This e-mail is intended only for the use of the addressees named above and
may be confidential. If you are not an addressee you must not read it and
must not use any information contained in nor copy it nor inform any person
other than TeleCity Limited or the addressees of its existence or contents.
If you have received this email and are not a named addressee, please delete
it and notify the TeleCity IT department on 0161 226 7643 or by email at
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Cisco accounting

2002-09-17 Thread Mathias . Kenfack-Tabakem 

I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is
working just fine. But accounting only works on Foundry and not Cisco. I'm
not sure if anyone has experienced this in the pass. Any help is
appreciated.

Regards
Mathias,


DISCLAIMER
This e-mail is intended only for the use of the addressees named above and
may be confidential. If you are not an addressee you must not read it and
must not use any information contained in nor copy it nor inform any person
other than TeleCity Limited or the addressees of its existence or contents.
If you have received this email and are not a named addressee, please delete
it and notify the TeleCity IT department on 0161 226 7643 or by email at
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html