Help. Realms not being stripped.

[Steven J. Sobol]

My NNTP provider and dialup provider proxy requests for [EMAIL PROTECTED] 
to my FreeRadius server, which is not stripping the realm. For some very 
strange reason, for those people who are in /etc/passwd, they can 
authenticate anyhow. But I'm migrating over to LDAP, and looking for
[EMAIL PROTECTED],ou=Users,dc=jtnllc,dc=com won't work - the DN of a 
dialup user is uid=user,ou=Users,dc=jtnllc,dc=com (without the suffix).

I need to have the suffix stripped. 

I listed justthe.net as a LOCAL realm in /usr/local/etc/raddb/realms,
but what else do I have to do to get this to work?

Thanks in advance.

-- 
JustThe.net LLC - Steve "Web Dude" Sobol, CTO  ICQ: 56972932/WebDude216
website: http://JustThe.net  email: [EMAIL PROTECTED]  phone: 216.619.2NET 
postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752  DalNet: ZX-2



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Getting username/Hint from Radius accounting detail

[aland]

Tyler Hardison <[EMAIL PROTECTED]> wrote:
> There is also a script that I use regularly. So much so that I made a 
> CGI frontend for it. Its called radiusreport and it does very good on 
> Freeradius' detail files.
> 
> 
>http://www.pgregg.com/projects/radiusreport/index.php?cookiesarenotok=1&q=00101017002673CK5HPJankX84gUi9epKxQch9yd4tmcxYWDFLmQ9HNhL3b3dqsY

  Nice... I've added it to the (short) list of related things in:

http://www.freeradius.org/related/

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Getting username/Hint from Radius accounting detail

[Tyler Hardison]

[EMAIL PROTECTED] wrote:

>Joe Maimon <[EMAIL PROTECTED]> wrote:
>
>>I was wondering if there is any way to access the username/hint located
>>in the accounting detail keyed by IP address.
>>
>
>  The 'detail' file is just a file on the disk, so at the minimum, you
>can write a script to root through it.
>


There is also a script that I use regularly. So much so that I made a 
CGI frontend for it. Its called radiusreport and it does very good on 
Freeradius' detail files.

http://www.pgregg.com/projects/radiusreport/index.php?cookiesarenotok=1&q=00101017002673CK5HPJankX84gUi9epKxQch9yd4tmcxYWDFLmQ9HNhL3b3dqsY

enjoy.

Tyler.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Getting username/Hint from Radius accounting detail

[aland]

Joe Maimon <[EMAIL PROTECTED]> wrote:
> I was wondering if there is any way to access the username/hint located
> in the accounting detail keyed by IP address.

  The 'detail' file is just a file on the disk, so at the minimum, you
can write a script to root through it.

> I have an application in mind in which a Proxy Server matches a client's
> IP address with a radius username/Hint in order to grant access or apply
> a filter/criteria list for that IP address. They are not neccessarily
> the same machine. I would prefer a pull mechanism from the proxy server.
> 
> Is there anyway to request this from the radius server?

  No.  RADIUS doesn't do requests. 

> Can I trigger a script on accounting packets to feed the information to
> a hash database or something?

  Yes.  See raddb/acct_users, and scripts/exec-program-wait

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Getting username/Hint from Radius accounting detail

[Joe Maimon]

Hi,

I was wondering if there is any way to access the username/hint located
in the accounting detail keyed by IP address.

I have an application in mind in which a Proxy Server matches a client's
IP address with a radius username/Hint in order to grant access or apply
a filter/criteria list for that IP address. They are not neccessarily
the same machine. I would prefer a pull mechanism from the proxy server.

Is there anyway to request this from the radius server?
Can I trigger a script on accounting packets to feed the information to
a hash database or something?

I apologize for my ignorance.

Joe


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Passwords and case-sensivity (radclient)

[aland]

> I think there is a problem with the case-sensivity of password
> (freeradius-0.3) in radclient:

  The passwords usually are case sensitive, unless you've played with
the 'lower_pass' configuration item in radiusd.conf.

> Results:
> - User "a" is accepted with its lower case password "x". (This is OK)
> - User "A" is NOT accepted with its upper case password "X". (This is not
> OK)
> - User "A" is accepted with the lower case password "x". (This is not OK)

  I don't see that in my local server.  It's pretty much a stock
config from the distribution, with the 'a' and 'A' users added.  Are
you sure you haven't made some other change to your local config?

> The "funny" part ist, that radiusd is working OK. But I needed 4 hours to
> find that out. If my NAS is communicating with the RADIUS, everything is OK.
> Only oif I use radclient, the problem occurs. So I am pretty sure, radclient
> is messing with the case of the password. Can someone with radclient
> knowledge take a look at this?

  Radclient does NOT change the case of the passwords.  It doesn't do
*anything* with the passwords, other than encrypt them, and send them
to the server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeRadius how to support Simultaneous-Use ???

[aland]

Rubby <[EMAIL PROTECTED]> wrote TWICE:
> I want to know freeRadius 0.3 how to support Simultaneous-Use?
> Does it maintain a internal online-users table?
> If I use SQL to authorize and authenticate, I must add a temporary online-users 
>table?
> And how to configure?

  Can you PLEASE only post ONE message to the list?  And DO NOT post
the SAME message to both the users and devel lists.  Pick one list,
and post one message.

  As for your question, have you done an 'ls' of the 'doc' directory?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeRadius how to support Simultaneous-Use ???

[Chris Parker]

At 12:10 PM 1/4/2002 +0800, Rubby wrote:
>Hi,all,happy new year!
>
>I want to know freeRadius 0.3 how to support Simultaneous-Use?

0.4 is the latest release.  And the current CVS builds have many more
bugfixes beyond 0.4.

>Does it maintain a internal online-users table?

It is described, in lots of detail, in 'doc/Simultaneous-Use'.  Read that.

>If I use SQL to authorize and authenticate, I must add a temporary 
>online-users table?
>And how to configure?

Read the documentation, it tells you.

-Chris
--
\\\|||///  \  Chris Parker-Manager, Development Engineering
\ ~   ~ /   \   WX *is* Wireless!\   [EMAIL PROTECTED]
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Without C we would have 'obol', 'basi', and 'pasal'


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Passwords and case-sensivity (radclient)

[Esken, Christian, VP-TS, CE]

Hello,

I think there is a problem with the case-sensivity of password
(freeradius-0.3) in radclient:

Lets sess the follwoing excerpt of my configuation:


a Auth-Type := Local, Password == "x"
Framed-Protocol = PPP

A Auth-Type := Local, Password == "X"
Framed-Protocol = PPP


Now I run 3 requests with radclient for the two users a (Password: a lower
case x) and A (Password: an upper case X):


bash-2.03$ bin/radclient -x -s  -d radius1 hybris:12345 auth foo
User-Name = a , Password = x

Sending Access-Request of id 98 to 145.230.107.11:21645
User-Name = "a"
Password = "\257\327 sm\033\334\000)\231zR\264^hw"
rad_recv: Access-Accept packet from host 145.230.107.11:21645, id=98,
length=32
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = A , Password = X

Sending Access-Request of id 99 to 145.230.107.11:21645
User-Name = "A"
Password = "Cn\303\365\363\314N\016\030\375nY\204\346\353\033"
rad_recv: Access-Reject packet from host 145.230.107.11:21645, id=99,
length=20
User-Name = A , Password = x

Sending Access-Request of id 100 to 145.230.107.11:21645
User-Name = "A"
Password = "\356n\231\236\tj3Y\220{\007\037(yD\256"
rad_recv: Access-Accept packet from host 145.230.107.11:21645, id=100,
length=32
Service-Type = Framed-User
Framed-Protocol = PPP


Results:
- User "a" is accepted with its lower case password "x". (This is OK)
- User "A" is NOT accepted with its upper case password "X". (This is not
OK)
- User "A" is accepted with the lower case password "x". (This is not OK)

I would have expected, user "A" would be accepted with its upper case
password "X" but it is not.

I do not use the case conversion feature, as you see from the radius start
messages:

 main: lower_user = "no"
 main: lower_pass = "no"

The "funny" part ist, that radiusd is working OK. But I needed 4 hours to
find that out. If my NAS is communicating with the RADIUS, everything is OK.
Only oif I use radclient, the problem occurs. So I am pretty sure, radclient
is messing with the case of the password. Can someone with radclient
knowledge take a look at this?



>   Christian
> 
> -- 
> Vodafone Passo GmbH
> Christian Esken
> DTD - Development Telematics Distributed Architecture
> Niederkasseler Lohweg 20
> D - 40547 Düsseldorf
> Fon: +49 (0) 211 53 68 - 358
> Fax: +49 (0) 211 53 68 - 440 
> mailto:[EMAIL PROTECTED]
> http://www.passo.de
> 
> 


-
This Mail has been checked for Viruses
Attention: Encrypted mails can NOT be checked!

**

Diese Mail wurde auf Viren geprueft
Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden!
-


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html