Error in Radius.log
I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from database Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting user I'm a newbie to all this and am stumbling along :) -- LeRoy & Dorothy Location: http://map.datastormusers.com/user2.cfm?user=1591 My Web Page: http://www.rvfulltimer.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error in radius.log
Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u dp and 1813/udp, with proxy on 1814/udp. Fri Feb 18 06:26:50 2005 : Info: Ready to process requests. What is cause of this problem ?, and how to fix it ? - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>:
> I'm getting the following error in the radius log and don't know how to
> handle
> it. I assume it's handled somewhere within the radius.conf file but I can't
> find anything about it.
>
> Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown
> attribute "Max-All-Session"
add a line to your dictionary file (on suse: /etc/raddb/dictionary):
ATTRIBUTE Max-All-Session 3000 integer
> Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from
> database
are you sure you set the correct variables in sql.conf, e.g. user who is allowd
to connect to sql db and password?
an example:
sql {
server = "localhost"
login = "radiusd"
password "donttellanyone"
}
> Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting
> user
>
> I'm a newbie to all this and am stumbling along :)
>
> --
> LeRoy & Dorothy
> Location: http://map.datastormusers.com/user2.cfm?user=1591
> My Web Page: http://www.rvfulltimer.com
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
regards
markus
--
Markus Krause email: [EMAIL PROTECTED]
Computing CenterTel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98
-
This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
LeRoy DeVries wrote: I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from database Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting user I'm a newbie to all this and am stumbling along :) You need to check that the dictionary that contains the attribute mentioned is included in /etc/raddb/dictionary or wherever your radius.conf lists it. Follow the syntax in that file to include it. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 06:15, Markus Krause wrote: > Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > > I'm getting the following error in the radius log and don't know how to > > handle > > it. I assume it's handled somewhere within the radius.conf file but I > > can't find anything about it. > > > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: > > Unknown attribute "Max-All-Session" > > add a line to your dictionary file (on suse: /etc/raddb/dictionary): > ATTRIBUTE Max-All-Session 3000 integer > Thanks Markus... Now I'm getting the following Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections -- they have no such method. If I remove the sql from that section it doesn't complain. How does sql handle this. Also as a side note, I tried logging on using a wireless client and the loggin in "failed" both on the sql ( database is populated) and USERS (uncommented "steve") but I can't find any logs on why. FWIW I am using Chillispot for a captive portal which uses a SSL web interface for the radius server which I config to use sql database and the USERS file. The database was made from phpMyPrepaid. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
LeRoy DeVries <[EMAIL PROTECTED]> wrote: > Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed > in 'authenticate' sections -- they have no such method. Why did you put it there? > If I remove the sql from that section it doesn't complain. How does > sql handle this. Also as a side note, I tried logging on using a > wireless client and the loggin in "failed" both on the sql ( > database is populated) and USERS (uncommented "steve") but I can't > find any logs on why. Try running the server in debugging mode, as suggested in the FAQ, README, INSTALL, and daily on this list. Honestly, I just don't understand why it's so hard to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 09:38, Alan DeKok wrote: > Try running the server in debugging mode, as suggested in the FAQ, > README, INSTALL, and daily on this list. > > Honestly, I just don't understand why it's so hard to do that. > > Alan DeKok. Sorry I just could not find any info on that. After doing a google search I finnaly found it and how to place in debug mode. Now I why it is failing... rlm_sqlcounter: Entering module authorize code Segmentation fault Now to find out how to fix it. :) LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 10:12, LeRoy DeVries wrote: > On Monday 26 December 2005 09:38, Alan DeKok wrote: > > Try running the server in debugging mode, as suggested in the FAQ, > > README, INSTALL, and daily on this list. > > > > Honestly, I just don't understand why it's so hard to do that. > > > > Alan DeKok. > > Sorry I just could not find any info on that. After doing a google search I > finnaly found it and how to place in debug mode. > > Now I why it is failing... > > rlm_sqlcounter: Entering module authorize code > Segmentation fault > > Now to find out how to fix it. :) I found the error and corrected it. I forgot to add the query. LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > On Monday 26 December 2005 06:15, Markus Krause wrote: > > Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > > > I'm getting the following error in the radius log and don't know how to > > > handle > > > it. I assume it's handled somewhere within the radius.conf file but I > > > can't find anything about it. > > > > > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: > > > Unknown attribute "Max-All-Session" > > > > add a line to your dictionary file (on suse: /etc/raddb/dictionary): > > ATTRIBUTE Max-All-Session 3000 integer > > > > Thanks Markus... Now I'm getting the following > > Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed > in 'authenticate' sections -- they have no such method. yes, it is not intended to be used in this section ;-) i hope i did not use this in the example config file i sent you! > If I remove the sql from that section it doesn't complain. How does sql > handle > this. Also as a side note, I tried logging on using a wireless client and the > loggin in "failed" both on the sql ( database is populated) and USERS > (uncommented "steve") but I can't find any logs on why. what says freeradius if started in debug mode (freeradius -XA) ? and what says radtest? regards markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 12:41, Markus Krause wrote: > what says freeradius if started in debug mode (freeradius -XA) ? > and what says radtest? I'm finally making progress. Now I'm getting the following: modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. even though the password that I entered in the login is correct. Now I'm really stuck. sigh! LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > On Monday 26 December 2005 12:41, Markus Krause wrote: > I'm finally making progress. Now I'm getting the following: > > modcall: group authorize returns ok for request 0 > auth: type Local > auth: user supplied User-Password does NOT match local User-Password > auth: Failed to validate the user. > > even though the password that I entered in the login is correct. i am not an expert but it seems that you (or some module) sets auth-type to local. what does your authorize and authenticate sections in radiusd.conf look like? regards, markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 16:02, Markus Krause wrote:
> i am not an expert but it seems that you (or some module) sets auth-type to
> local. what does your authorize and authenticate sections in radiusd.conf
> look like?
Here is that portion
authorize {
preprocess
chap
mschap
suffix
sql
noresetcounter
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
}
the interface between the user and radius is done by a .cgi script
--
LeRoy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 16:17, LeRoy DeVries wrote:
> On Monday 26 December 2005 16:02, Markus Krause wrote:
> > i am not an expert but it seems that you (or some module) sets auth-type
> > to local. what does your authorize and authenticate sections in
> > radiusd.conf look like?
>
> Here is that portion
>
> authorize {
> preprocess
> chap
> mschap
> suffix
> sql
> noresetcounter
> }
>
> authenticate {
> Auth-Type PAP {
> pap
> }
>
> Auth-Type CHAP {
> chap
> }
>
> Auth-Type MS-CHAP {
> mschap
> }
>
> }
>
> the interface between the user and radius is done by a .cgi script
I found the problem. It was a password error between the Web Server and
ChilliSpot captive portal. All is working as designed. Thanks for EVERYONES
help here. I have learned alot and I appreciate it very much.
Happy New Year
--
LeRoy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in radius.log
On Fri, 18 Feb 2005 07:22:42 + "nake116 nake116" <[EMAIL PROTECTED]> wrote: > Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file. Support > for this will go away soon. > Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file. Support > for this will go away soon. > Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file. Support > for this will go away soon. > Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored > Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u > dp and 1813/udp, with proxy on 1814/udp. > Fri Feb 18 06:26:50 2005 : Info: Ready to process requests. > > > What is cause of this problem ?, and how to fix it ? - delete the naslist,clients and realms files from the configuration directory. Freeradius now uses SQL or other files for the same purpose. -- Siderite <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to record certificates error in radius.log?
hi, all!
Now I want to record the user access history in the radius.log file. I use fr
2.19 and ttls-mschapv2.
I notice that it now only records the user/password log in the radius.log
file.
for example,
when I use a correct password for user "test",
Tue Jul 13 12:03:49 2010 : Auth: Login OK: [test/] (from
client localhost port 0 via TLS tunnel)
Tue Jul 13 12:03:49 2010 : Auth: Login OK: [anonymous_identity/] (from client localhost port 0 cli 02-00-00-00-00-01)
when I use a wrong password for user "test",
Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [test/]
(from client localhost port 0 via TLS tunnel)
Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [anonymous_identity/] (from client localhost port 0 cli 02-00-00-00-00-01)
But no log is recorded if the certificates is wrong (which is possible in real
scenarios).
I have noticed that if the certificates is wrong, the "radiusd -X" will
output things like that:
Fri Jul 16 17:23:30 2010 : Info: [eap] EAP NAK
Fri Jul 16 17:23:30 2010 : Info: [eap] EAP-NAK asked for EAP-Type/ttls
Fri Jul 16 17:23:30 2010 : Info: [eap] processing type askedtls
If this notifys the wrong certificate? Then maybe I can put a "radlog" in the
following part of eap.c?:
case PW_EAP_NAK:
/*
*The NAK data is the preferred EAP type(s) of
*the client.
*
*RFC 3748 says to list one or more proposed
*alternative types, one per octet, or to use
*0 for no alternative.
*/
RDEBUG2("EAP NAK");
thanks a lot!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to record certificates error in radius.log?
WWF wrote: > But no log is recorded if the certificates is wrong (which is possible > in real scenarios). It should log that authentication has failed. > I have noticed that if the certificates is wrong, the "radiusd -X" > will output things like that: > > Fri Jul 16 17:23:30 2010 : Info: [eap] EAP NAK > Fri Jul 16 17:23:30 2010 : Info: [eap] EAP-NAK asked for EAP-Type/ttls > Fri Jul 16 17:23:30 2010 : Info: [eap] processing type askedtls That message has nothing to do with a wrong certificate. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
