Re: radwho is empty
> > On 4/17/05, Alex <[EMAIL PROTECTED]> wrote: > > > Hi all > > > > > > finally i have everything working , freeradius + radiusclient with mysql > > > the only one thing is missing : > > > > > > I will add Simultaneous-Use := 1 in my radgroupcheck table in order to > > > give permissions only for 1 user to connect. > > > > > > the other problem is what i am using radwho and it's empty, > > > because the file /usr/local/var/log/radius/radutmp is empty. > > > > > > how i can fix that in order to run radwho. > > > > > > thanks for help. > On 4/17/05, Scott Edwards <[EMAIL PROTECTED]> wrote: > > > > Someone has to be logged in to show up. You weren't thinking radlast > > were you? Either that, or your config needs work. > > > > Thank you, > > > > Scott Edwards On 4/17/05, Alex <[EMAIL PROTECTED]> wrote: > radlast not working too, i have mine user logged in , and it's pass > the authentication, but it's not exist in the files, i just see the > logs of the radius. > when i run radius -A -X > > i see radutmp: filename = "/usr/local/var/log/radius/radutmp" > but the file is empty (btw it's ser users which authenticates through radius). There's also a snippet that says "this is not a log file." so it's not unusual to be 0 bytes. If it's working correctly, chances are it'll wipe out the unused blocks and rewrite the file. It's not unusual to think the file would be more the 0 bytes if users had logged in, but nothing is reported. (trivial database semantics) > > maybe my configurations is wrong. but like i understand each user who > pass the authentication should be in radutmp file: Stuff to look at: radiusd.conf modules -> unix -> radwtmp modules -> radutmp accounting -> unix accounting -> radutmp (or sradutmp) session -> radutmp (consider sql instead) > > should i use "radutmp" in authenticate or authorize blocks ?? Based on the context of your present issue, this question is confusing. > > Thanks for the help. No problem. As a retorical statement, I hope you spent as much time studying your config as I wrote this email. I'm personally neutral about it today, but you may find yourself on hardtimes if you can't demonstrate what you have done to resolve it before hand. (and no, my intent is not to be condesending in any way. If it's still upsetting to say this, sleep on it atleast a day before you reply to me.) Enjoy, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho is empty
On 4/17/05, Alex <[EMAIL PROTECTED]> wrote: > Hi all > > finally i have everything working , freeradius + radiusclient with mysql > the only one thing is missing : > > I will add Simultaneous-Use := 1 in my radgroupcheck table in order to > give permissions only for 1 user to connect. > > the other problem is what i am using radwho and it's empty, > because the file /usr/local/var/log/radius/radutmp is empty. > > how i can fix that in order to run radwho. > > thanks for help. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Someone has to be logged in to show up. You weren't thinking radlast were you? Either that, or your config needs work. Thank you, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The usual: "Could not find clear text password for user ..... "
On 4/15/05, [EMAIL PROTECTED] wrote:
> Hello All,
>
> Just a bit of a preamble...
>
> We have a Cisco NAS device sending CHAP auth requests from DSL devices
> to our radius server. We currently auth fine using Steel-Belted Radius
> but wish to migrate to FreeRadius.
Any idea if/how CHAP differs between these two? There's only so many
ways to do chap, right? Can the dsl devices to PAP? Maybe you'll get
to see the plain text password submitted on the wire.
[snip]
> clients.conf
> =
> client 62.6.36.111 {
> secret =
> shortname = BT-1
> nastype = cisco
> }
> =
I assume the password masked above is in plain text, right?
[snip]
> modcall: group authorize returns ok for request 3
> rad_check_password: Found Auth-Type CHAP
> auth: type "CHAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group Auth-Type for request 3
> rlm_chap: login attempt by "[EMAIL PROTECTED]" with CHAP
> password
> rlm_chap: Could not find clear text password for user
> [EMAIL PROTECTED]
> modcall[authenticate]: module "chap" returns invalid for request 3
> modcall: group Auth-Type returns invalid for request 3
> auth: Failed to validate the user.
[snip]
validate or authenticate?
Those are the best hints I can offer at present.
Thanks,
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS version 1.0.2
On 4/10/05, Jamal Taweel <[EMAIL PROTECTED]> wrote: SE> Are you looking for a change log? > Yes. We have the two previous versions, they goes down from time to time > without any touchable reasons. > http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/doc/ChangeLog#diff Start at This form allows you to request diff's between any two revisions of a file. You may select a... Select the two versions you want diffs from, and have at it. I didn't initally know where this is either. I eventualy decided to see if anything was in the online CVS, and found the changelog under the docs. If this still doesn't answer your question, and there's no bug reportting info on it (maybe the developers are unaware of your supposed issue altogether), tell us what you do know. Thanks, Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS version 1.0.2
Are you looking for a change log? Anyway to not send that footer? (IMO it's just whitenoise) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table - more output from debuging mode
On Apr 2, 2005 4:27 PM, Blake <[EMAIL PROTECTED]> wrote:
> Here is the last few lines from radiusd -X output:
>
> AcctStopTime = 0"
> sql: postauth_table = "radpostauth"
> sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply,
> date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
> '%{reply:Packet-Type}', NOW())"
> sql: safe-characters =
> "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /"
> rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and
> linked
> rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
> rlm_sql (sql): starting 0
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
> rlm_sql_mysql: Starting connect to MySQL server for #0
> rlm_sql (sql): Connected new DB handle, #0
> rlm_sql (sql): starting 1
> rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
> rlm_sql_mysql: Starting connect to MySQL server for #1
> Segmentation fault
>
> If that helps
>
> -Blake-
Happens every time? What release of freeradius? (upgrade if you're
not on the latest, start over, and continue if it's still doing this)
Recompile with gdb debugging support+symbols (if not present), and try
running under gdb. Provide the output from the full backtrace when
you encounter the segfault.
(gdb) bt full
I'd suggest filing a bug report with this information. (I don't think
it'll do much good to post it here).
Thank you,
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:50 AM, Blake <[EMAIL PROTECTED]> wrote:
[snip]
> I don't see the option in sql.conf. Here is what I do have
>
> sql {
>
> driver = "rlm_sql_mysql"
> server = "localhost"
> login = "sqladmin"
> password = "***"
> radius_db = "radius"
[snip]
Here's your connection settings. server = "localhost" is what I was
referencing. You're using "localhost", which is not to be confused
with 127.0.0.1. localhost only uses the unix socket, otherwise a
decimal dotted IP (or a hostname that will resolve to an IP) will be
used via TCP.
Just to fiddle, try switching to 127.0.0.1 and start freeradius. I
don't expect it to work any different, but if it does, you've narrowed
it down. If I were stuck in this situation, I would consider using
strace on "radius -X" and maybe even mysql (to different log files).
You'll have to use a few terms for this (and read those fine man
pages). I'm not sure what else to try at this point, save to revert
the configs, and carefully reconfigure from defaults.
Best of luck!
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:33 AM, Blake <[EMAIL PROTECTED]> wrote: > Scott Edwards wrote: > > > >>and just sits there trying to start I look at the mysql process > >>table and it shows that the user has logged in and is "reading from net" > >> > > > >TCP or Unix socket, it's still a network connection. humm... maybe try > >switching to TCP? > Scott, > > I think that it is using tcp. I have tried connecting to another mysql > server from the same machine with the same results. > > How do I know if it's tcp? TCP for remote (and sometimes local) connections, and unix sockets (most always) localy. > Where is the settings? sql.conf Thanks, Scott Edwards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Got a problem - mysql and radius table
On Apr 2, 2005 11:05 AM, Blake <[EMAIL PROTECTED]> wrote: > I am new to this list so perhaps this has been brought up already but: > > Using freeradius 1.0.1 with mysql. I insert the tables from db_mysql.sql > into the radius database and i get an error on id default for the nas > table. I simply delete the default entry for that row and everything > goes well. But later when I start radius it hangs. The log looks like this > > Sat Apr 2 16:25:43 2005 : Info: Using deprecated naslist file. Support > for this will go away soon. > Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Driver rlm_sql_mysql > (module rlm_sql_mysql) loaded and linked > Sat Apr 2 16:25:43 2005 : Info: rlm_sql (sql): Attempting to connect to > [EMAIL PROTECTED]:/radius > Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to > MySQL server for #0 > Sat Apr 2 16:25:43 2005 : Info: rlm_sql_mysql: Starting connect to > MySQL server for #1 I assume this output is from the -X debugging switch? > > and just sits there trying to start I look at the mysql process > table and it shows that the user has logged in and is "reading from net" TCP or Unix socket, it's still a network connection. humm... maybe try switching to TCP? > > hm? Radiusd never gets started. It's not a mysql user problem > because the user I am useing is allowed ALL PRIVELAGES on database radius. > > Anyone out there having this issue? > > -Blake- > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Good luck! Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: string definitions not global? config: No such entry confdir for string ${confdir}/clients.conf
On Sun, 20 Mar 2005 23:48:35 -0500, Alan DeKok wrote:
> Scott Edwards <[EMAIL PROTECTED]> wrote:
> > Config: including file: /etc/freeradius/includes/radiusdconf/clients.conf
> > config: No such entry confdir for string ${confdir}/clients.conf
> > Errors reading radiusd.conf
>
> Hmm... that's defined in the normal configuration files, and it
> works there.
>
Well, I diched that series, and recopied them from backups (of a
machine that's getting replaced). After some fine tuning, it's all
good to go.
I'll poke at the multilevel include mystery some other day...
Thanks!
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
string definitions not global? config: No such entry confdir for string ${confdir}/clients.conf
freeraidus -X
[snip]
Config: including file: /etc/freeradius/includes/radiusdconf/clients.conf
config: No such entry confdir for string ${confdir}/clients.conf
Errors reading radiusd.conf
I'm using Freeradius 1.0.1-2 from debian sarge.
The huge radiusd.conf drives me a little batty when trying to
configure it, so I spent the matter of some time to split up each
section (including modules) into separate configs. This way I can
comment, say ldap out in a single line, and know it's not being used.
Anyway, I'm now presented with the problem of string definitions not
being available in included files. Having used Apache's XSSI module
for some time, I assumed freeradius would propagate the namespace into
whatever you're including. (AFAIK, mod_macro does the same). I
realise freeradius isn't Apache, but these behaivors IMO should be the
same.
Are there any workarounds for this? Is there someway to define a
string definition to be global?
TIA,
Scott Edwards
--
Daxal Communications - http://www.daxal.com
Surf the USA - http://www.surfthe.us
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with mssql support
On Thu, 10 Mar 2005 12:10:40 +0100, Achim Schmidt <[EMAIL PROTECTED]> wrote: > Hi all, > > I just started with freeradius, due I saw it should be possible to use mssql > as database backend. > > A look into the files talks about drivers in > > src/modules/rlm_sql/drivers/rlm_sql_freetds/db_mssql.sql > > but in the src distri I got there is no file ... > > can anyone help me in installing freeradius with mssql support, or is there > any howto or doc I dont saw now ? > > btw: freeradius is already installed on that server. > > additional question: is it possible to run the dialup_admin with mssql > instead of mysql ? > > thx 4 yr help, > > Achim Professor Google shows me this: http://lists.cistron.nl/pipermail/freeradius-users/2002-October/012938.html Searched using: freeradius dialup admin mssql As for your missing files, you are either running something old, or incomplete. In any case, a fresh download of the current version should put you in order. Don't be afraid to crack that tarball open and read the README's and the stuff on the freeradius site. I'm no radius expert, but I followed the docs, and had it up and running in a hour or two. (and just last time I set it up, it only took 20 mins) Enjoy your homework. You can let us know if you get stuck, but try to solve it anyway, you never know when you may have to fix it all by yourself. =) Thank you, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ppp radius-plugin
On Tue, 08 Mar 2005 08:23:44 +0100, guest01 <[EMAIL PROTECTED]> wrote: > Hi > > I want to use radius authentication for pptp. Therefor I need the > radius.so-plugin, which isn't included > in the Debian default installation of ppp 2.4.2b3. So I compiled it > manually (thank god there was > a makefile) and copied it to the right path. (/usr/lib/pppd/2.4.2b3/). > Everything worked fine. > Then I added "plugin radius.so" to pptp-options, startet the pptp-server > and tried to connect but > I get the following error: > > /usr/sbin/pppd: /usr/lib/pppd/2.4.2b3/radius.so: undefined symbol: > chap_auth_hook > /usr/sbin/pppd: Couldn't load plugin radius.so > > I installed pppd as a binary packet and compiled the right version of > the radius-plugin. > Has anyone an idea or solution? > > thxs > best regards > peda > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > I think a better question, would be how to build a debian package of your own that supports this. I took a stab at it, but I'm stuck shortly after: apt-get source ppp As a dry run, I did dpkg-buildpackage -d -uc -us -nc, but it fails on missing deps (not the least bit surprised on this box). but I did find plenty of references for radius by: grep -ril radius ./ from that deb-src directory... I'll keep an eye on this thread, hopefully we'll both learn something. BTW, I've had good luck with most packages before by apt-get source, and tweaking the rules and control files to trim the fat, or add features I need. There's still room for improvement myself, but I hope that helps. Thank you, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to verify user by "Calling-Station-Id" (formaly MAC addres)
On Thu, 03 Mar 2005 12:07:53 +0100, kolargol <[EMAIL PROTECTED]> wrote: > [heavy pre and post snippage] > How to verify user by "Calling-Station-Id" (beside MS-CHAPv2/PEAP auth). I'm trying to do the same for new accounts. If the username is in the 'verifyCallerIdOnce' table (my simple custom table), verify atleast one record matches the caller id connecting. Upon a match, proceed to normal authentication. Upon authentication, delete all rows matching that user (to remove caller id restrictions for that user). I assume/hope someone has used, or uses some form of call verification like this. My intention is to validate online sign ups for dial up accounts, and require one of the phone numbers on record connects to the account. (after that, it's unrestricted). Thank you, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with FreeRadius starting up
That warm fuzzy status indicator as thus: [ OK ] is just that. It can be fooled. If I recall right, there's an init script and a .spec file for building rpms in the tarball. Enjoy, Scott Edwards -- Daxal Communications - http://www.daxal.com Surf the USA - http://www.surfthe.us On Wed, 2 Mar 2005 12:58:20 -0600, Linda Pagillo <[EMAIL PROTECTED]> wrote: > Hello All: > > I'm running FreeRadius 0.9.3 on a server which uses Linux Redhat 9. Here is > the problem. When i first installed FreeRadius about 8 months ago, i added > the rc.radiusd script to my Linux startup. Lately, when I reboot my server, > my Linux startup screen shows that FreeRadius has started up with no errors > as it always has, but when i do a ps -aux from the Linux command line, it > shows that it is not in the list of things running. I have to actually cd to > /usr/local/sbin and start radiusd from there before FreeRadius will work > correctly again. The weird thing is, this has not always been an on-going > problem. It just started about 2 months ago. I thought for a while that it > was my Linux server, but everything else on the server starts normally when > i reboot. The only thing that does not start is FreeRadius. Again, Linux is > showing that it is starting, but in reality, it's not. Any help would be > appreciated. Thank you. > > Linda Pagillo > Director of Technical Services > N2 The Net > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
