DEFAULT entry in rlm_sql
anybody know off hand how the set up for default entries in the sql module works? Right now I'm using the 0.3 release. I was just curious if anyone out there would be able to spout some info off the top of their head before I get home and can mess with this.. Thanks -jason - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication by MAC address
Does anyone know if this radius server can be configured to authenticate by MAC address instead of username and password? Kevin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anyone using LDAP backend?
If anyone is reading this that is running an LDAP backend, could you possibly let me see the relevant bits of your radiusd.conf and an example LDIF record? Working on the early phases of trying to unify all of our dialin database records onto LDAP (initially exporting oracle info to an openldap, but eventually planning for OID). As it is now I think I understand how I should organize my records, but no easy way of verifying things without setting up a full test environment and whacking up the debug all the way on both radius and ldap... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Files / SQL integration.
Hi radfriends ! straight to the point ... Can i use a dictionary file defined in /etc/raddb/dictinary in my radgroupcheck table or i have to import the dictionary to the database ? is there a script to do so ? Can i use in my usergrou a group defined in the users file ? Is there any king of "integration" between modules ? tnx in advance !
Handling of loss of mySQL connection
Hi, I'm testing V0.3 freeradius with BSDi4.2 and MySQL 3.23.36. I have authentication done by SQL, with one 'test' user also listed in the users file to handle situations where SQL is not running (e.g. an emergency backdoor!) This works fine if radiusd is started and SQL is not running ... I get an error: rlm_sql: Attempting to connect to sqluser@localhost:/radius rlm_sql: Couldn't connect socket to MySQL server sqluser@localhost:radius rlm_sql: Mysql error 'Can't connect to local MySQL server through socket '/tmp/mysql.sock' (61)' rlm_sql: Failed to connect DB handle #0 as expected, and if the 'test' user attempts login, the login gets handled by the 'users' file entry. However, if radiusd starts while SQL is running, and then SQL is killed, the 'test' user gets an 'Access-Reject' due to SQL being unavailable, rather than the request being handled by the 'users' file rad_recv: Access-Request packet from host w.x.y.z:2150, id=147, length=44 User-Name = "test" Password = "\327@\036d\214\000g\316O\244\t\030\202\n\016\245" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok rlm_sql: Reserving sql socket id: 4 radius_xlat: 'test' sql_escape in: 'test' sql_escape out: 'test' sql_set_user: escaped user --> 'test' radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'test' ORDER BY id' MYSQL Error: Cannot get result MYSQL Error: MySQL server has gone away rlm_sql_getvpdata: database query error rlm_sql: SQL query error; rejecting user rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns invalid modcall: group authorize returns invalid Sending Access-Reject of id 147 to w.x.y.z:2150 Is this a bug, or have I mis-configured something? My radiusd.conf looks like this: authorize { preprocess suffix sql # if SQL not running, then fallback on users file # files } Thanks in advance Mark _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
unsubscribe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Logging
/var/log/radius.log (or wherever your logdir is config'd to, see radiusd.conf) logs every connection attempt. =) in radiusd.conf you can config it to log passwords when valid or invalid as well. At 08:48 AM 11/21/2001 -0800, you wrote: >Hi radfriends ! >How can i write the username to the log file in every connection attempt ? >do i neec exec-program or is "radiusd -y?" or enough ? > -- Nathan Miller - [EMAIL PROTECTED] VISP Technologies - "Building Better ISPs" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unix Radius & NT groups
Hi all, I'm just wondering if there is a way to get all the NT groups that a user belongs to through the cistron radius? I know many radius servers allow you to query the PDC to get "Does user x belong to group y" but is there a way to get the complete list? Thx all George - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: limiting to async only
thanks, decided to go with DEFAULTSuffix="@visp" Cisco-AVPair = "ip:addr-pool=visp", NAS-Port-Type = Async, Port-Limit = 1, Fall-Through=1 On Wed, 21 Nov 2001, Kostas Kalevras wrote: > code : Access-Request > NAS-Port = 60 > NAS-Port-Type = Async > > > ISDN calls: > > code : Access-Request > NAS-Port = 20123 > NAS-Port-Type = ISDN-Sync > > > Why not try adding the following in the users file: > > DEFAULT Realm == "domain", NAS-Port-Type == "ISDN-Sync", Auth-Type := Reject > Reply-Message = "You are only allowed to connect through a modem" > > -- > kkalev > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -*- /cj chief janitor (Tree d'P) internet solutions - infrastructure http://www.is.co.za tel: +27-11-283-5000 v@x: +27-11-388-1092 #include - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pairs do not match
At 03:23 PM 11/21/2001 +1000, Mark Constable wrote: >Could anyone please explain what might be going on here >and which "Pairs do not match" ? > >"rlm_sql: Pairs do not match [[EMAIL PROTECTED]]" It looks like you are storing a plaintext password in a Crypt password container. Either store the encrypted password in the table, or change the attribute name to 'User-Password'. >And why might I be seeing doubled up reply pairs ? This has been going on for a while. It looks like series of debugging statements that should be commented out somewhere, as the server is iterating through a loop. Not that there is a definite pattern to this series, as if it's printing the a/v pair list each time through a loop: Pass 1: >Service-Type = Framed-User Pass 2: > Service-Type = Framed-User > Framed-Protocol = PPP Pass 3: > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-Netmask = 255.255.255.255 Pass 4: > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-Netmask = 255.255.255.255 > Framed-MTU = 1500 Pass 5: > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-Netmask = 255.255.255.255 > Framed-MTU = 1500 > Framed-Compression = Van-Jacobson-TCP-IP So it's a cosmetic bug, unless you are seeing the reply being sent with that many attributes out from the NAS. I'd look at the SQL module for this, if you want to clean it up. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: installation problem in solaris2.7
At 07:21 PM 11/20/2001 -0800, sunil kathait wrote: >Hi all, > > >i was getting problem in installation.but i reinstall >the solaris2.7 &GNUgcc.2.95.2. now installation is >done. but when i am starting the radius server > ># /usr/local/sbin/radiusd -x >ld.so.1: /usr/local/sbin/radiusd: fatal: libltdl.so.3: >open failed: No such file >Killed ># I can almost guarantee that your LD_LIBRARY_PATH variable does not contain /usr/local/lib, which is where the FreeRADIUS libs are installed. Try updating this to include /usr/local/lib, then start radiusd. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: limiting to async only
At 03:17 PM 11/21/2001 +0200, cj wrote: >hi > >i want to limit a certain domain to only async calls no ISDN ... what >Cisco-AV-Pair would you suggest i use (or redirection to any documentation >would be helpfull aswell) I would use a check item in the users file/sql table, etc. Realm is a valid internal attribute. DEFAULTAuth-Type := Reject, Realm == "noisdn", NAS-Port-Type == ISDN DEFAULTAuth-Type := System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254 -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: limiting to async only
On Wed, 21 Nov 2001, cj wrote: > > hi > > i want to limit a certain domain to only async calls no ISDN ... what > Cisco-AV-Pair would you suggest i use (or redirection to any documentation > would be helpfull aswell) > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Async calls: code : Access-Request NAS-Port = 60 NAS-Port-Type = Async ISDN calls: code : Access-Request NAS-Port = 20123 NAS-Port-Type = ISDN-Sync Why not try adding the following in the users file: DEFAULT Realm == "domain", NAS-Port-Type == "ISDN-Sync", Auth-Type := Reject Reply-Message = "You are only allowed to connect through a modem" -- kkalev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
limiting to async only
hi i want to limit a certain domain to only async calls no ISDN ... what Cisco-AV-Pair would you suggest i use (or redirection to any documentation would be helpfull aswell) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Logging
Hi radfriends ! How can i write the username to the log file in every connection attempt ? do i neec exec-program or is "radiusd -y?" or enough ?
URGENT HELP!
hi, i have downloaded freeradius and installed . i don't know how to start with and as a client clientradius can ne used? if so how to use? as such i want to know how the whole operation is working. Since there is no user's guide i find it difficult to proceed. hope you will help me in this regard. thanks and regards, Kavi. Mail to : [EMAIL PROTECTED]