DEFAULT entry in rlm_sql

2001-11-21 Thread Jason Rohwedder 

anybody know off hand how the set up for default entries in the sql module works?  
Right now I'm using the 0.3 release.  I was just curious if anyone out there would be 
able to spout some info off the top of their head before I get home and can mess with 
this..  Thanks

-jason

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Authentication by MAC address

2001-11-21 Thread Kevin 

Does anyone know if this radius server can be configured to authenticate by
MAC address instead of username and password?

Kevin


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Anyone using LDAP backend?

2001-11-21 Thread David Van Cleef 

If anyone is reading this that is running an LDAP backend, could you
possibly let me see the relevant bits of your radiusd.conf and an
example LDIF record?  Working on the early phases of trying to unify all
of our dialin database records onto LDAP (initially exporting oracle
info to an openldap, but eventually planning for OID).  As it is now I
think I understand how I should organize my records, but no easy way of
verifying things without setting up a full test environment and whacking
up the debug all the way on both radius and ldap...





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Files / SQL integration.

2001-11-21 Thread Julio Faerman 



Hi radfriends !
straight to the point ...
Can i use a dictionary file defined in 
/etc/raddb/dictinary in my radgroupcheck table or i have to import the 
dictionary to the database ?
 is there a 
script to do so ?
Can i use in my usergrou a group defined in the 
users file ?
Is there any king of "integration" between modules 
?
 
tnx in 
advance !

Handling of loss of mySQL connection

2001-11-21 Thread Mark Fawcus 

Hi,
I'm testing V0.3 freeradius with BSDi4.2 and MySQL 3.23.36. I have 
authentication done by SQL, with one 'test' user also listed in the users 
file to handle situations where SQL is not running (e.g. an emergency 
backdoor!)

This works fine if radiusd is started and SQL is not running ... I get an 
error:

rlm_sql: Attempting to connect to sqluser@localhost:/radius
rlm_sql: Couldn't connect socket to MySQL server sqluser@localhost:radius
rlm_sql:  Mysql error 'Can't connect to local MySQL server through socket 
'/tmp/mysql.sock' (61)'
rlm_sql:  Failed to connect DB handle #0
as expected, and if the 'test' user attempts login, the login gets handled 
by the 'users' file entry.

However, if radiusd starts while SQL is running, and then SQL is killed, the 
'test' user  gets an 'Access-Reject' due to SQL being unavailable, rather 
than the request being handled by the 'users' file

rad_recv: Access-Request packet from host w.x.y.z:2150, id=147, length=44
User-Name = "test"
Password = "\327@\036d\214\000g\316O\244\t\030\202\n\016\245"
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "suffix" returns ok
rlm_sql: Reserving sql socket id: 4
radius_xlat:  'test'
sql_escape in:  'test'
sql_escape out:  'test'
sql_set_user:  escaped user --> 'test'
radius_xlat:  'SELECT id,UserName,Attribute,Value FROM radcheck WHERE 
Username = 'test' ORDER BY id'
MYSQL Error: Cannot get result
MYSQL Error: MySQL server has gone away
rlm_sql_getvpdata: database query error
rlm_sql:  SQL query error; rejecting user
rlm_sql: Released sql socket id: 4
  modcall[authorize]: module "sql" returns invalid
modcall: group authorize returns invalid
Sending Access-Reject of id 147 to w.x.y.z:2150

Is this a bug, or have I mis-configured something? My radiusd.conf looks 
like this:

authorize {
preprocess
suffix
sql
# if SQL not running, then fallback on users file #
files
}


Thanks in advance
Mark


_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

unsubscribe

2001-11-21 Thread Luke Connolly 

unsubscribe

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius Logging

2001-11-21 Thread Nathan Miller 

/var/log/radius.log  (or wherever your logdir is config'd to, see 
radiusd.conf) logs every connection attempt. =)

in radiusd.conf you can config it to log passwords when valid or invalid as 
well.

At 08:48 AM 11/21/2001 -0800, you wrote:
>Hi radfriends !
>How can i write the username to the log file in every connection attempt ? 
>do i neec exec-program or is "radiusd -y?" or  enough ?
>

--
Nathan Miller - [EMAIL PROTECTED]
VISP Technologies - "Building Better ISPs"


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Unix Radius & NT groups

2001-11-21 Thread George Genovezos 

Hi all,

I'm just wondering if there is a way to get all the NT groups that a user
belongs to through the cistron radius?
I know many radius servers allow you to query the PDC to get "Does user x
belong to group y" but is there a way to get the complete list?

Thx all

George

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: limiting to async only

2001-11-21 Thread cj 


thanks, decided to go with

DEFAULTSuffix="@visp"
   Cisco-AVPair = "ip:addr-pool=visp",
   NAS-Port-Type = Async,
   Port-Limit = 1,
   Fall-Through=1



On Wed, 21 Nov 2001, Kostas Kalevras wrote:

> code : Access-Request
> NAS-Port = 60
> NAS-Port-Type = Async
>
>
> ISDN calls:
>
> code : Access-Request
> NAS-Port = 20123
> NAS-Port-Type = ISDN-Sync
>
>
> Why not try adding the following in the users file:
>
> DEFAULT   Realm == "domain", NAS-Port-Type == "ISDN-Sync", Auth-Type := Reject
>   Reply-Message = "You are only allowed to connect through a modem"
>
> --
> kkalev
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>


-*-
/cj

chief janitor (Tree d'P)
internet solutions - infrastructure http://www.is.co.za
tel: +27-11-283-5000 v@x: +27-11-388-1092

#include 




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Pairs do not match

2001-11-21 Thread Chris Parker 

At 03:23 PM 11/21/2001 +1000, Mark Constable wrote:
>Could anyone please explain what might be going on here
>and which "Pairs do not match" ?
>
>"rlm_sql: Pairs do not match [[EMAIL PROTECTED]]"

It looks like you are storing a plaintext password in a Crypt
password container.  Either store the encrypted password in the
table, or change the attribute name to 'User-Password'.

>And why might I be seeing doubled up reply pairs ?

This has been going on for a while.  It looks like series of debugging
statements that should be commented out somewhere, as the server is
iterating through a loop.  Not that there is a definite pattern to this
series, as if it's printing the a/v pair list each time through a loop:

Pass 1:

>Service-Type = Framed-User

Pass 2:

> Service-Type = Framed-User
> Framed-Protocol = PPP

Pass 3:

> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-Netmask = 255.255.255.255

Pass 4:

> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-Netmask = 255.255.255.255
> Framed-MTU = 1500

Pass 5:

> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-Netmask = 255.255.255.255
> Framed-MTU = 1500
> Framed-Compression = Van-Jacobson-TCP-IP

So it's a cosmetic bug, unless you are seeing the reply being sent with
that many attributes out from the NAS.  I'd look at the SQL module for
this, if you want to clean it up.

-Chris
--
\\\|||///  \  Chris Parker-Manager, Development Engineering
\ ~   ~ /   \   WX *is* Wireless!\   [EMAIL PROTECTED]
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Without C we would have 'obol', 'basi', and 'pasal'


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: installation problem in solaris2.7

2001-11-21 Thread Chris Parker 

At 07:21 PM 11/20/2001 -0800, sunil kathait wrote:
>Hi all,
>
>
>i was getting problem in installation.but i reinstall
>the solaris2.7 &GNUgcc.2.95.2. now installation is
>done. but when i am starting the radius server
>
># /usr/local/sbin/radiusd -x
>ld.so.1: /usr/local/sbin/radiusd: fatal: libltdl.so.3:
>open failed: No such file
>Killed
>#

I can almost guarantee that your LD_LIBRARY_PATH variable does not
contain /usr/local/lib, which is where the FreeRADIUS libs are installed.

Try updating this to include /usr/local/lib, then start radiusd.

-Chris

--
\\\|||///  \  Chris Parker-Manager, Development Engineering
\ ~   ~ /   \   WX *is* Wireless!\   [EMAIL PROTECTED]
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Without C we would have 'obol', 'basi', and 'pasal'


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: limiting to async only

2001-11-21 Thread Chris Parker 

At 03:17 PM 11/21/2001 +0200, cj wrote:

>hi
>
>i want to limit a certain domain to only async calls no ISDN ... what
>Cisco-AV-Pair would you suggest i use (or redirection to any documentation
>would be helpfull aswell)

I would use a check item in the users file/sql table, etc.

Realm is a valid internal attribute.

DEFAULTAuth-Type := Reject, Realm == "noisdn", NAS-Port-Type == ISDN

DEFAULTAuth-Type := System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254

-Chris
--
\\\|||///  \  Chris Parker-Manager, Development Engineering
\ ~   ~ /   \   WX *is* Wireless!\   [EMAIL PROTECTED]
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Without C we would have 'obol', 'basi', and 'pasal'


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: limiting to async only

2001-11-21 Thread Kostas Kalevras 

On Wed, 21 Nov 2001, cj wrote:

> 
> hi
> 
> i want to limit a certain domain to only async calls no ISDN ... what
> Cisco-AV-Pair would you suggest i use (or redirection to any documentation
> would be helpfull aswell)
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

Async calls:

code : Access-Request
NAS-Port = 60
NAS-Port-Type = Async


ISDN calls:

code : Access-Request
NAS-Port = 20123
NAS-Port-Type = ISDN-Sync


Why not try adding the following in the users file:

DEFAULT Realm == "domain", NAS-Port-Type == "ISDN-Sync", Auth-Type := Reject
Reply-Message = "You are only allowed to connect through a modem"

--
kkalev



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

limiting to async only

2001-11-21 Thread cj 


hi

i want to limit a certain domain to only async calls no ISDN ... what
Cisco-AV-Pair would you suggest i use (or redirection to any documentation
would be helpfull aswell)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Radius Logging

2001-11-21 Thread Julio Faerman 



Hi radfriends !
How can i write the username to the log file in 
every connection attempt ? do i neec exec-program or is "radiusd -y?" or 
 enough ?
 

URGENT HELP!

2001-11-21 Thread bharani 



hi,
i have downloaded freeradius and installed . i 
don't know how to start with and as a client clientradius can ne used? if so how 
to use? as such i want to know how the whole operation is working. Since there 
is no user's guide i find it difficult to proceed. hope you will help me in this 
regard.
thanks and regards,
Kavi.
Mail to : [EMAIL PROTECTED]