Error in Radius.log
I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from database Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting user I'm a newbie to all this and am stumbling along :) -- LeRoy & Dorothy Location: http://map.datastormusers.com/user2.cfm?user=1591 My Web Page: http://www.rvfulltimer.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error in radius.log
Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u dp and 1813/udp, with proxy on 1814/udp. Fri Feb 18 06:26:50 2005 : Info: Ready to process requests. What is cause of this problem ?, and how to fix it ? - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > I'm getting the following error in the radius log and don't know how to > handle > it. I assume it's handled somewhere within the radius.conf file but I can't > find anything about it. > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown > attribute "Max-All-Session" add a line to your dictionary file (on suse: /etc/raddb/dictionary): ATTRIBUTE Max-All-Session 3000 integer > Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from > database are you sure you set the correct variables in sql.conf, e.g. user who is allowd to connect to sql db and password? an example: sql { server = "localhost" login = "radiusd" password "donttellanyone" } > Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting > user > > I'm a newbie to all this and am stumbling along :) > > -- > LeRoy & Dorothy > Location: http://map.datastormusers.com/user2.cfm?user=1591 > My Web Page: http://www.rvfulltimer.com > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > regards markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
LeRoy DeVries wrote: I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from database Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting user I'm a newbie to all this and am stumbling along :) You need to check that the dictionary that contains the attribute mentioned is included in /etc/raddb/dictionary or wherever your radius.conf lists it. Follow the syntax in that file to include it. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 06:15, Markus Krause wrote: > Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > > I'm getting the following error in the radius log and don't know how to > > handle > > it. I assume it's handled somewhere within the radius.conf file but I > > can't find anything about it. > > > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: > > Unknown attribute "Max-All-Session" > > add a line to your dictionary file (on suse: /etc/raddb/dictionary): > ATTRIBUTE Max-All-Session 3000 integer > Thanks Markus... Now I'm getting the following Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections -- they have no such method. If I remove the sql from that section it doesn't complain. How does sql handle this. Also as a side note, I tried logging on using a wireless client and the loggin in "failed" both on the sql ( database is populated) and USERS (uncommented "steve") but I can't find any logs on why. FWIW I am using Chillispot for a captive portal which uses a SSL web interface for the radius server which I config to use sql database and the USERS file. The database was made from phpMyPrepaid. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
LeRoy DeVries <[EMAIL PROTECTED]> wrote: > Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed > in 'authenticate' sections -- they have no such method. Why did you put it there? > If I remove the sql from that section it doesn't complain. How does > sql handle this. Also as a side note, I tried logging on using a > wireless client and the loggin in "failed" both on the sql ( > database is populated) and USERS (uncommented "steve") but I can't > find any logs on why. Try running the server in debugging mode, as suggested in the FAQ, README, INSTALL, and daily on this list. Honestly, I just don't understand why it's so hard to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 09:38, Alan DeKok wrote: > Try running the server in debugging mode, as suggested in the FAQ, > README, INSTALL, and daily on this list. > > Honestly, I just don't understand why it's so hard to do that. > > Alan DeKok. Sorry I just could not find any info on that. After doing a google search I finnaly found it and how to place in debug mode. Now I why it is failing... rlm_sqlcounter: Entering module authorize code Segmentation fault Now to find out how to fix it. :) LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 10:12, LeRoy DeVries wrote: > On Monday 26 December 2005 09:38, Alan DeKok wrote: > > Try running the server in debugging mode, as suggested in the FAQ, > > README, INSTALL, and daily on this list. > > > > Honestly, I just don't understand why it's so hard to do that. > > > > Alan DeKok. > > Sorry I just could not find any info on that. After doing a google search I > finnaly found it and how to place in debug mode. > > Now I why it is failing... > > rlm_sqlcounter: Entering module authorize code > Segmentation fault > > Now to find out how to fix it. :) I found the error and corrected it. I forgot to add the query. LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > On Monday 26 December 2005 06:15, Markus Krause wrote: > > Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > > > I'm getting the following error in the radius log and don't know how to > > > handle > > > it. I assume it's handled somewhere within the radius.conf file but I > > > can't find anything about it. > > > > > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: > > > Unknown attribute "Max-All-Session" > > > > add a line to your dictionary file (on suse: /etc/raddb/dictionary): > > ATTRIBUTE Max-All-Session 3000 integer > > > > Thanks Markus... Now I'm getting the following > > Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed > in 'authenticate' sections -- they have no such method. yes, it is not intended to be used in this section ;-) i hope i did not use this in the example config file i sent you! > If I remove the sql from that section it doesn't complain. How does sql > handle > this. Also as a side note, I tried logging on using a wireless client and the > loggin in "failed" both on the sql ( database is populated) and USERS > (uncommented "steve") but I can't find any logs on why. what says freeradius if started in debug mode (freeradius -XA) ? and what says radtest? regards markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 12:41, Markus Krause wrote: > what says freeradius if started in debug mode (freeradius -XA) ? > and what says radtest? I'm finally making progress. Now I'm getting the following: modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. even though the password that I entered in the login is correct. Now I'm really stuck. sigh! LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > On Monday 26 December 2005 12:41, Markus Krause wrote: > I'm finally making progress. Now I'm getting the following: > > modcall: group authorize returns ok for request 0 > auth: type Local > auth: user supplied User-Password does NOT match local User-Password > auth: Failed to validate the user. > > even though the password that I entered in the login is correct. i am not an expert but it seems that you (or some module) sets auth-type to local. what does your authorize and authenticate sections in radiusd.conf look like? regards, markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 16:02, Markus Krause wrote: > i am not an expert but it seems that you (or some module) sets auth-type to > local. what does your authorize and authenticate sections in radiusd.conf > look like? Here is that portion authorize { preprocess chap mschap suffix sql noresetcounter } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } } the interface between the user and radius is done by a .cgi script -- LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 16:17, LeRoy DeVries wrote: > On Monday 26 December 2005 16:02, Markus Krause wrote: > > i am not an expert but it seems that you (or some module) sets auth-type > > to local. what does your authorize and authenticate sections in > > radiusd.conf look like? > > Here is that portion > > authorize { > preprocess > chap > mschap > suffix > sql > noresetcounter > } > > authenticate { > Auth-Type PAP { > pap > } > > Auth-Type CHAP { > chap > } > > Auth-Type MS-CHAP { > mschap > } > > } > > the interface between the user and radius is done by a .cgi script I found the problem. It was a password error between the Web Server and ChilliSpot captive portal. All is working as designed. Thanks for EVERYONES help here. I have learned alot and I appreciate it very much. Happy New Year -- LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in radius.log
On Fri, 18 Feb 2005 07:22:42 + "nake116 nake116" <[EMAIL PROTECTED]> wrote: > Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file. Support > for this will go away soon. > Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file. Support > for this will go away soon. > Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file. Support > for this will go away soon. > Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored > Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u > dp and 1813/udp, with proxy on 1814/udp. > Fri Feb 18 06:26:50 2005 : Info: Ready to process requests. > > > What is cause of this problem ?, and how to fix it ? - delete the naslist,clients and realms files from the configuration directory. Freeradius now uses SQL or other files for the same purpose. -- Siderite <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to record certificates error in radius.log?
hi, all! Now I want to record the user access history in the radius.log file. I use fr 2.19 and ttls-mschapv2. I notice that it now only records the user/password log in the radius.log file. for example, when I use a correct password for user "test", Tue Jul 13 12:03:49 2010 : Auth: Login OK: [test/] (from client localhost port 0 via TLS tunnel) Tue Jul 13 12:03:49 2010 : Auth: Login OK: [anonymous_identity/] (from client localhost port 0 cli 02-00-00-00-00-01) when I use a wrong password for user "test", Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [test/] (from client localhost port 0 via TLS tunnel) Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [anonymous_identity/] (from client localhost port 0 cli 02-00-00-00-00-01) But no log is recorded if the certificates is wrong (which is possible in real scenarios). I have noticed that if the certificates is wrong, the "radiusd -X" will output things like that: Fri Jul 16 17:23:30 2010 : Info: [eap] EAP NAK Fri Jul 16 17:23:30 2010 : Info: [eap] EAP-NAK asked for EAP-Type/ttls Fri Jul 16 17:23:30 2010 : Info: [eap] processing type askedtls If this notifys the wrong certificate? Then maybe I can put a "radlog" in the following part of eap.c?: case PW_EAP_NAK: /* *The NAK data is the preferred EAP type(s) of *the client. * *RFC 3748 says to list one or more proposed *alternative types, one per octet, or to use *0 for no alternative. */ RDEBUG2("EAP NAK"); thanks a lot! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to record certificates error in radius.log?
WWF wrote: > But no log is recorded if the certificates is wrong (which is possible > in real scenarios). It should log that authentication has failed. > I have noticed that if the certificates is wrong, the "radiusd -X" > will output things like that: > > Fri Jul 16 17:23:30 2010 : Info: [eap] EAP NAK > Fri Jul 16 17:23:30 2010 : Info: [eap] EAP-NAK asked for EAP-Type/ttls > Fri Jul 16 17:23:30 2010 : Info: [eap] processing type askedtls That message has nothing to do with a wrong certificate. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html