Re: Strange problem, HiperARC & FreeRADIUS & MacRADIUS
It's always the simple things that get me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem, HiperARC & FreeRADIUS & MacRADIUS
14-Nov-02 at 11:46, Alan DeKok ([EMAIL PROTECTED]) wrote : Adam Moffett <[EMAIL PROTECTED]> wrote: > At first everything seemed to be working, but then we discovered this > very strange thing. Authentication requests from our 3Com Total > Control unit (HiperARC V4.2.32) in which the username started with a > Capitol "S" would get the "S" stripped out when they were sent to > MacRADIUS. raddb/hints Hints looks for capital S or P by default to denote a specific type of user profile (Slip, PPP)... you'll have to take them out of the file. Hey thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem, HiperARC & FreeRADIUS & MacRADIUS
14-Nov-02 at 11:46, Alan DeKok ([EMAIL PROTECTED]) wrote : > Adam Moffett <[EMAIL PROTECTED]> wrote: > > At first everything seemed to be working, but then we discovered this > > very strange thing. Authentication requests from our 3Com Total > > Control unit (HiperARC V4.2.32) in which the username started with a > > Capitol "S" would get the "S" stripped out when they were sent to > > MacRADIUS. > > raddb/hints Hints looks for capital S or P by default to denote a specific type of user profile (Slip, PPP)... you'll have to take them out of the file. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem, HiperARC & FreeRADIUS & MacRADIUS
Adam Moffett <[EMAIL PROTECTED]> wrote: > At first everything seemed to be working, but then we discovered this > very strange thing. Authentication requests from our 3Com Total > Control unit (HiperARC V4.2.32) in which the username started with a > Capitol "S" would get the "S" stripped out when they were sent to > MacRADIUS. raddb/hints Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth (SOLVED)
On Thu, Aug 01, 2002 at 06:47:10PM +0600, Dr. Muhammad Masroor Ali wrote: > My problem has been solved by the kind suggestion of Mojahedul Hoque Abul Hasanat > <[EMAIL PROTECTED]>. Direct quote from his mail. > > > > This is a bit wild guess, but might help. Put an "account" line squids > pam config file with pam_permit.so as the module. The line will be > similar to: > > account requiredpam_permit.so > > I have seen some applications that don't seem to need an "account" > section at first glance. But they open a pam session requiring an > account entry. They do it to impose login time restrictions. > > > > > > Greetings, > > I have tried both the kind suggestions of Alan DeKok and Frank Cusack > > without any avail. First of all, the latest version from CVS, did > > improve the situation. And second, putting daemon.debug in syslog.conf > > is not generating anything. The relevant lines I used, > > > > # Daemon debug messages > > daemon.debug/usr/local/var/log/deamondebuglog > > > > Yes, this file exists (created by touch) and I remembered to restart > > syslogd. > > > > I am really frustrated. Any help will be appreciated. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > -- > Nobody's gonna believe that computers are intelligent until they start > coming in late and lying about it. > > Dr. Muhammad Masroor Ali > Associate Professor and Associate Director > Institute of Information and Communication Technology > Bangladesh University of Engineering and Technology > Dhaka-1000, Bangladesh > > Phone: 880 2 966 5650 ext 7245, 7756 (work) > ext 7748 or 880 2 966 5700 (residence) > FAX: 880 2 861 3046, 880 2 861 3026 > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
Greetings, I have tried both the kind suggestions of Alan DeKok and Frank Cusack without any avail. First of all, the latest version from CVS, did improve the situation. And second, putting daemon.debug in syslog.conf is not generating anything. The relevant lines I used, # Daemon debug messages daemon.debug/usr/local/var/log/deamondebuglog Yes, this file exists (created by touch) and I remembered to restart syslogd. I am really frustrated. Any help will be appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
On Tue, Jul 30, 2002 at 06:41:56PM +0600, Dr. Muhammad Masroor Ali wrote: > My squid file in pam.d (as was suggested in INSTALL) > > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_radius_auth.so debug > auth required /lib/security/pam_unix_auth.so Do you have the accounts in /etc/passwd? If not, why is pam_unix_auth there? For this example, it shouldn't matter, as you show that radiusd does send back an access-accept, but let's clean up the config anyway. > There is no indication of a mishap in var/log/messages, (the last lines > are shown here), Did you set daemon.debug to go to /var/log/messages? /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
"Dr. Muhammad Masroor Ali" <[EMAIL PROTECTED]> wrote: > I am trying to use pam_radius_auth with squid. The authentication > program I am using (pam_auth) for squid works perfectly when I use > system authentication. But when I switch to pam_radius_auth, messages > from radius says the user is being authenticated perfectly, while squid > thinks otherwise. And the messages about what PAM is doing are non-existent, right? PAM has no helpful debugging information, so of course, it's the one denying the user authentication, and there's no way for you to find out why. Grab the latest pam_radius_auth module from CVS: http://www.freeradius.org/development.html It has a patch submitted recently which may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
FYI It looks like the MTU could be it. I made the chang and 3 of the 6 customers have reported "its working now". I'm waiting on the others to report. Thanks for the help. Lee On Wednesday 20 February 2002 04:31 am, you wrote: > Seems like a MTU-problem to me. I have had similar problems when the MTU is > set too low or too high. > > Regards, > > Mattias E. > > > -Original Message- > > From: Lee W [mailto:[EMAIL PROTECTED]] > > Sent: den 19 februari 2002 23:55 > > To: [EMAIL PROTECTED] > > Subject: Strange problem > > > > > > Hi all, > > > > Well this is one for the books. I'm not sure it is FR causing > > it but the time > > frame is right. As of today we have six customers that have > > reported that > > they can't get to some sites. The sites they report are the > > same, like > > (wellsfargo.com) (ibm.com) (cnn.com) (ebay.com). and some > > others. They report > > that some will load part of the site and stop. Others report > > that they can't > > get to the site at all. However, I can get to all of them > > from our network > > and from a test dial-up account on the same infrastructure. > > The customer says > > its been happening for two weeks thats about how long I have > > had FR in place. > > I can't see how the two are linked other then the time it > > started. However I > > can't work up a pattern. Has anyone had such a problem? > > > > > > Thanks > > > > -- > > Lee Wolf > > EMR Data Services > > [EMAIL PROTECTED] > > 623-764-0870 cell > > 623-581-0842 voice > > 623-582-9499 fax > > > > EMR Internet > > A Serious Internet Experience > > > > ** 56K Dial-up ** DSL ** Web-hosting ** > > ** Co-location ** T1s ** ISDN ** > > ** High-Speed Fiber Backbone ** Linux powered ** > > ** Custom Web Design ** Site Development ** > > ** Search Engine Placement & Web Consultation ** > > Visit us at http://www.emr.net! > > > > Ask about our reseller programs! > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
That will work, thanks. One more question, please. Whats the problem when I run radwho and just get back a prompt? Is that a path to the logs issue? On Wednesday 20 February 2002 10:13 am, you wrote: > Lee W <[EMAIL PROTECTED]> wrote: > > Can someone point me to documentation on how to stop a user from logging > > in more then one or two times? Its amazing how many users will give out > > an account to friends. > > doc/Simultaneous-Use > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
Lee W <[EMAIL PROTECTED]> wrote: > Can someone point me to documentation on how to stop a user from logging in > more then one or two times? Its amazing how many users will give out an > account to friends. doc/Simultaneous-Use Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
Ok, Well thats a start. I will look in to duplicate IPs and MTU. Can someone point me to documentation on how to stop a user from logging in more then one or two times? Its amazing how many users will give out an account to friends. Thanks again Lee On Wednesday 20 February 2002 08:31 am, you wrote: > Lee W <[EMAIL PROTECTED]> wrote: > > Well this is one for the books. I'm not sure it is FR causing it but > > the time frame is right. As of today we have six customers that have > > reported that they can't get to some sites. The sites they report > > are the same, like (wellsfargo.com) (ibm.com) (cnn.com) > > (ebay.com). and some others. They report that some will load part of > > the site and stop. > > RADIUS does authentication (username/password) and authorization (IP > address, etc.) Once the user is connected, any subsequent problems > cannot be RADIUS related. > > The *only* network problems that RADIUS can create is if you > misconfigure the RADIUS responses you send to the NAS. e.g. Give two > different people the same IP. Or, you configure a filter that lets > the user get to some sites, and not to others. > > If you haven't misconfigured the RADIUS responses, then I don't see > any way that the RADIUS server can be responsible for network problems > *after* the user has authenticated. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
Lee W <[EMAIL PROTECTED]> wrote: > Well this is one for the books. I'm not sure it is FR causing it but > the time frame is right. As of today we have six customers that have > reported that they can't get to some sites. The sites they report > are the same, like (wellsfargo.com) (ibm.com) (cnn.com) > (ebay.com). and some others. They report that some will load part of > the site and stop. RADIUS does authentication (username/password) and authorization (IP address, etc.) Once the user is connected, any subsequent problems cannot be RADIUS related. The *only* network problems that RADIUS can create is if you misconfigure the RADIUS responses you send to the NAS. e.g. Give two different people the same IP. Or, you configure a filter that lets the user get to some sites, and not to others. If you haven't misconfigured the RADIUS responses, then I don't see any way that the RADIUS server can be responsible for network problems *after* the user has authenticated. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Strange problem
Seems like a MTU-problem to me. I have had similar problems when the MTU is set too low or too high. Regards, Mattias E. > -Original Message- > From: Lee W [mailto:[EMAIL PROTECTED]] > Sent: den 19 februari 2002 23:55 > To: [EMAIL PROTECTED] > Subject: Strange problem > > > Hi all, > > Well this is one for the books. I'm not sure it is FR causing > it but the time > frame is right. As of today we have six customers that have > reported that > they can't get to some sites. The sites they report are the > same, like > (wellsfargo.com) (ibm.com) (cnn.com) (ebay.com). and some > others. They report > that some will load part of the site and stop. Others report > that they can't > get to the site at all. However, I can get to all of them > from our network > and from a test dial-up account on the same infrastructure. > The customer says > its been happening for two weeks thats about how long I have > had FR in place. > I can't see how the two are linked other then the time it > started. However I > can't work up a pattern. Has anyone had such a problem? > > > Thanks > > -- > Lee Wolf > EMR Data Services > [EMAIL PROTECTED] > 623-764-0870 cell > 623-581-0842 voice > 623-582-9499 fax > > EMR Internet > A Serious Internet Experience > > ** 56K Dial-up ** DSL ** Web-hosting ** > ** Co-location ** T1s ** ISDN ** > ** High-Speed Fiber Backbone ** Linux powered ** > ** Custom Web Design ** Site Development ** > ** Search Engine Placement & Web Consultation ** > Visit us at http://www.emr.net! > > Ask about our reseller programs! > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html