WWW.FREERADIUS.ORG
Hi I visited WWW.FREERADIUS.ORG, and noticed that you're not listed on some search engines! I think we can offer you a service which can help you increase traffic and the number of visitors to your website. I would like to introduce you to TrafficMagnet.net. We offer a unique technology that will submit your website to over 300,000 search engines and directories every month. You'll be surprised by the low cost, and by how effective this website promotion method can be. To find out more about TrafficMagnet and the cost for submitting your website to over 300,000 search engines and directories, visit www.TrafficMagnet.net. I would love to hear from you. Best Regards, Christine Hall Sales and Marketing E-mail: [EMAIL PROTECTED] http://www.TrafficMagnet.net
RE: freeradius + mysql
I recently changed my radius server from cistron to freeradius-mysql deb packages using http://www.frontios.com/freeradius.html as a guide. I found I had to run radiusd -xx to finetune the install. Next time maybe think about setting up a development server for testing and configuration :) Cheers, Kim Alias Internet www.alias.net.au >Hi, i'm desperately in need of help getting this working. I was running >IC-Radius before and it works perfect with mysql. Though freeradius has so >many more features i decided to giv eit a try. Now all my dialup customers >are up in arms because it didn't go the way i planned. I did a fresh install >of FreeRadius 0.4 with all the --with-mysql additions linking to the right >dir and a --disable-snmp to kill snmp. Whenever i configured radiusd.conf to >the best of my knowledge on how it's supposed to be (i commented out all the >authentication types and put authtype sql { sql } in there and started up >radiusd and it said it failed to initialize sql module. Any idea's i'm >hoping i can get this fixed tonight. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fall-Through ?
Freeradius 0.4 with MySQL backend I need to authenticate an ANONYMOUS user with a Called-Station-Id = 9002 OR a Called-Station-Id = 0002 with a user file, i've got this : ANONYMOUS Auth-Type:=Accept, Called-Station-Id = 9002 Framed-IP-Address == 255.255.255.254 ANONYMOUS Auth-Type:=Accept, Called-Station-Id = 0002 Framed-IP-Address == 255.255.255.254 How to do this with Mysql ? -- Gilles HAUTZ MANA S.A., APNIC MemberIAP/ISP of Tahiti and her Islands Box 14 174 Arue - 98701 TAHITI - FRENCH POLYNESIA Phone : (689) 50 88 88 - Fax : (689) 50 88 89 E-mail : [EMAIL PROTECTED] http://www.mana.pf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can freeradius read NAS infomation from database???
On Thu, Jan 10, 2002 at 10:13:24PM +0100, Milan P. Stanic wrote: > On Wed, Jan 09, 2002 at 11:10:09AM -0500, [EMAIL PROTECTED] > wrote: > > > Rubby <[EMAIL PROTECTED]> wrote: > > > > > I know that when radiusd starts,it read 'raddb/clients' to > > > memory, but I want radiusd to read NAS infomation from Oracle > > > database,such as the table nas, does freeradius support this? And > > > how to configure? > > > > No, the server doesn't support this. > > IC-RADIUS support this. How will be hard to port this feature from > IC-RADIUS to Freeradius. Or someone did that already? You can wrapper this with a simple shell script. { if [ database has newer info ] create new clients.conf based on database table reload radiusd fi } /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Forcing a Disconnect after initial access-accept
Does anyone know of a message that can be sent from a authentication server to force a disconnect of a RADIUS session following an access-accept message? Nokia's Access Controller speaks of a negative acknowledgement message that may perform this function ... has anyone worked with this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql
"William Kelley" <[EMAIL PROTECTED]> wrote: > Hi, i'm desperately in need of help getting this working. I was running > IC-Radius before and it works perfect with mysql. Though freeradius has so > many more features i decided to giv eit a try. Now all my dialup customers > are up in arms because it didn't go the way i planned. Uh... you switch to a new system before you verified that the new system worked? Why? > I did a fresh install of FreeRadius 0.4 with all the --with-mysql > additions linking to the right dir and a --disable-snmp to kill > snmp. Whenever i configured radiusd.conf to the best of my knowledge > on how it's supposed to be (i commented out all the authentication > types and put authtype sql { sql } in there and started up radiusd > and it said it failed to initialize sql module. Any idea's i'm > hoping i can get this fixed tonight. As the FAQ && the README say, run the server in debugging mode. It will tell you what went wrong, and why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql
At 03:35 PM 1/10/2002 -0600, you wrote: >Hi, i'm desperately in need of help getting this working. I was running >IC-Radius before and it works perfect with mysql. Though freeradius has so >many more features i decided to giv eit a try. Now all my dialup customers >are up in arms because it didn't go the way i planned. I did a fresh install >of FreeRadius 0.4 with all the --with-mysql additions linking to the right >dir and a --disable-snmp to kill snmp. Whenever i configured radiusd.conf to >the best of my knowledge on how it's supposed to be (i commented out all the >authentication types and put authtype sql { sql } in there and started up >radiusd and it said it failed to initialize sql module. Any idea's i'm >hoping i can get this fixed tonight. Well, after downloading the latest snapshot from CVS, I finally got *my* FreeRadius/MySQL problem worked out. I am now authenticating my users based solely on info in the database. What problems are you seeing? Did you do a radiusd -xx? Can you show us your configuration (without any passwords that might be in the file)? -- JustThe.net LLC - Steve "Web Dude" Sobol, CTO ICQ: 56972932/WebDude216 website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + mysql
Hi, i'm desperately in need of help getting this working. I was running IC-Radius before and it works perfect with mysql. Though freeradius has so many more features i decided to giv eit a try. Now all my dialup customers are up in arms because it didn't go the way i planned. I did a fresh install of FreeRadius 0.4 with all the --with-mysql additions linking to the right dir and a --disable-snmp to kill snmp. Whenever i configured radiusd.conf to the best of my knowledge on how it's supposed to be (i commented out all the authentication types and put authtype sql { sql } in there and started up radiusd and it said it failed to initialize sql module. Any idea's i'm hoping i can get this fixed tonight. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Urgent question about realms
On Thu, 10 Jan 2002, Jeff Thompson wrote: > I need to know if any radius servers can do realm conversion, such as taking > an auth request coming into it from [EMAIL PROTECTED] and translating that over > to [EMAIL PROTECTED] and then authenticating it against whatever chosen method, > in this case, a mysql database. if freeradius or icradius or none others > can do this, does anybody know any way it can be done? I'm searching > franticly for info on doing this but no luck yet, I'm on a tight deadline to > make something work somehow.. I really appreciate any help anyone can > provide. > > Thanks in advance. > > Jeff Thompson > Systems Administrator > [EMAIL PROTECTED] Use the attr_rewrite module. That way you can rewrite the User-Name and then allow the realms module to deal with the request (forward it to another server, handle it localy etc). See the comments in the radiusd.conf for the attr_rewrite module to see how it works. -- kkalev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can freeradius read NAS infomation from database???
On Wed, Jan 09, 2002 at 11:10:09AM -0500, [EMAIL PROTECTED] wrote: > Rubby <[EMAIL PROTECTED]> wrote: > > > I know that when radiusd starts,it read 'raddb/clients' to > > memory, but I want radiusd to read NAS infomation from Oracle > > database,such as the table nas, does freeradius support this? And > > how to configure? > > No, the server doesn't support this. IC-RADIUS support this. How will be hard to port this feature from IC-RADIUS to Freeradius. Or someone did that already? Milan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Urgent question about realms
"Jeff Thompson" <[EMAIL PROTECTED]> wrote: > I need to know if any radius servers can do realm conversion, such as taking > an auth request coming into it from [EMAIL PROTECTED] and translating that over > to [EMAIL PROTECTED] and then authenticating it against whatever chosen method, > in this case, a mysql database. Not right now. Attributes cann't be re-written in place in the current code. > if freeradius or icradius or none others can do this, does anybody > know any way it can be done? I'm searching franticly for info on > doing this but no luck yet, I'm on a tight deadline to make > something work somehow.. I really appreciate any help anyone can > provide. Try looking at OpenRADIUS, it allows this sort of thing. Also, you might try writing source code patches to FreeRADIUS. After all, you do have the source. :) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP and CHAP and multiple userPassword entries.
On Thu, Jan 10, 2002 at 06:09:37PM +0200, Kostas Kalevras <[EMAIL PROTECTED]> is thought to have said: > Well, you are right on that. Do a cvs update and it should be ok. I would > suggest that you use different attributes for the clear text and the entrypted > password though. Something like: > > userPassword: {crypt} > chapPassword: {clear}mypass Great. I did a cvs update and it works now. Thanks! Out of curiousity why do you recommend that they be different attributes? I haven't made changes to the live servers yet. It just seemed to make sense that I have all of my users' passwords in {clear} and {crypt} and whatever else I might need later under userPassword, but I'm not married to the idea. I'll gladly defer to an LDAP expert since I'm certainly not. :) Tabor -- Tabor J. Wells [EMAIL PROTECTED] Fsck It! Just another victim of the ambient morality - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Urgent question about realms
I need to know if any radius servers can do realm conversion, such as taking an auth request coming into it from [EMAIL PROTECTED] and translating that over to [EMAIL PROTECTED] and then authenticating it against whatever chosen method, in this case, a mysql database. if freeradius or icradius or none others can do this, does anybody know any way it can be done? I'm searching franticly for info on doing this but no luck yet, I'm on a tight deadline to make something work somehow.. I really appreciate any help anyone can provide. Thanks in advance. Jeff Thompson Systems Administrator [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reject if no caller ID
"Enterprise.net" <[EMAIL PROTECTED]> wrote: > I would like it to apply to every user. So use 'DEFAULT' instead of 'user' in the example I posted. > So im guessing I would place > something under :- > DEFAULT Auth-Type := local > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-Routing = None, > Ascend-Assign-IP-Pool = 1, > X-Ascend-Idle-Limit = 1800, > ***SOMETHING HERE =Calling-Station-Id = "X" then reject*** No. That won't work. Please read 'man users' to understand the structure of the 'users' file entries. The example I posted previously will work for DEFAULT. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Reject if no caller ID
In answer:- I would like it to apply to every user. So im guessing I would place something under :- DEFAULT Auth-Type := local Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Routing = None, Ascend-Assign-IP-Pool = 1, X-Ascend-Idle-Limit = 1800, ***SOMETHING HERE =Calling-Station-Id = "X" then reject*** Fall-Through = 1 Regards, Gareth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: 10 January 2002 15:36 To: [EMAIL PROTECTED] Subject: Re: (no subject) "Enterprise.net" <[EMAIL PROTECTED]> wrote: > I would like to add a third parameter to check on authentication. > So when a user logs in radius takes the username and password checks them. > if correct radius checks one further item "Caller-Id". Where would you like to add this third parameter? In the 'users' file? > The check only has to be a simple test to see if caller id is there. If it's > not present deny the login. Else accept connection as normal. You can use the poorly documented (and ugly): user No-Such-Attribute == "Calling-Station-Id", Auth-Type := Reject Reply-Message += "Sorry, you need to supply a caller ID" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_counter again
Hi all, I still have a problem with rlm_counter. I don't undestand how does freeradius decide the order of modules initialization. I put my former mail that explain my problem at the end of this one. To sum it up, it seems that the modules are initialized according the order defined in the authenticate section. As my authenticate section only includes "files", the files module get initialized before the counter module. So freeradius is unable to start... I'm quite sure this is a very stupid problem, but i'm unable to sort it out... Can someone give me a hint on what can be done ??? Thomas Favier. > -Message d'origine- > De : kkalev [mailto:[EMAIL PROTECTED]] > Objet : Re: using rlm_counter and sql > > Well, you will have to do the following very stupid thing: > > radiusd.conf: > > authorize{ > [...] > counter > files > counter > } I did that but the files modules is still initialized before the counter modules. After a few tries I think that it is in fact due to the authenticate section. If I write radiusd.conf that way : --- radiusd.conf authenticate { counter files } authorize { counter files counter } --- I have the following : --- output Module: Library search path is /usr/local/lib Module: Loaded Counter counter: filename = "/usr/local/etc/raddb/db.counter" counter: key = "User-Name" counter: reset = "monthly" counter: count-attribute = "Acct-Session-Time" counter: counter-name = "Monthly-Session-Time" counter: check-name = "Max-Monthly-Session" counter: allowed-servicetype = "Framed-User" counter: cache-size = 5000 rlm_counter: Counter attribute Monthly-Session-Time is number 1056 rlm_counter: Next reset 1012518000 Module: Instantiated counter (counter) radiusd.conf: "Counter" modules aren't allowed in 'authenticate' sections -- they have no such method. --- Which is totally normal, as the counter module does not have authentication functions. But as soon as I write : --- radiusd.conf authenticate { files } authorize { counter files counter } --- I get : --- output Module: Library search path is /usr/local/lib Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: compat = "no" /usr/local/etc/raddb/users[5]: Parse error (check) for entry DEFAULT: Unknown attribute Monthly-Session-Time Errors reading /usr/local/etc/raddb/users radiusd.conf[95]: files: Module instantiation failed. --- I also tried to switch the authenticate an authorize sections without success. What am I doing wrong ?? I have attached my full radiusd.conf, just in case... Thomas FAVIER Accelance Tel: +33 (0)4 37 43 12 22 Fax: +33 (0)4 37 43 12 20 www.accelance.fr radiusd.conf Description: Binary data
Re: Emulating a CHAP request with radtest/radclient?
On Wed, 9 Jan 2002, Tabor J. Wells wrote: > On Wed, Jan 09, 2002 at 09:01:50PM -0500, > [EMAIL PROTECTED] <[EMAIL PROTECTED]> is thought to have said: > > > "Tabor J. Wells" <[EMAIL PROTECTED]> wrote: > > > Ah. Ok. Then I guess I'm confused about something else in my config because > > > authenticating against my LDAP server is failing when I use feed it > > > 'User-Name = "test", CHAP-Password = "blah"' but it works when I use > > > 'Password = "blah"'. The -X output shows: > > > > This was discussed on the list in the past week or so. Use google > > to do a search on 'freeradius ldap chap passwrod', and you should get > > the results. > > I read those before I posted, and AFAICT I have my server configured > the way it's supposed to be according to that thread. Two things: 1. In your users file you set Auth-Type := Local. That way you always set your Auth-Type to Local. You should use the = operator instead. 2. In your authorize section in radiusd.conf you don't have chap included. chap should be inlcuded so that it can find out that we have a chap request and set Auth-Type to CHAP. So you will have to change the authorize section to read: authorize{ chap ldap } chap must be before ldap because the ldap module will set Auth-Type to LDAP by default if it has not already been set. > > The only thing that I can see that may be different is that have multiple > userPassword entries in a given user's LDAP record. One for {crypt} and > one for {clear}. > > I noticed the following line in the debug output: > > rlm_ldap: Password header not found in password {crypt}[cryptstring] for > user test > > Is it possible that rlm_ldap is only taking the first userPassword > result returned and using that rather than the entry that matches the > password_header set in the ldap module? Well, you are right on that. Do a cvs update and it should be ok. I would suggest that you use different attributes for the clear text and the entrypted password though. Something like: userPassword: {crypt} chapPassword: {clear}mypass -- kkalev > > Tabor > > -- > > Tabor J. Wells [EMAIL PROTECTED] > Fsck It! Just another victim of the ambient morality > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
"Enterprise.net" <[EMAIL PROTECTED]> wrote: > I would like to add a third parameter to check on authentication. > So when a user logs in radius takes the username and password checks them. > if correct radius checks one further item "Caller-Id". Where would you like to add this third parameter? In the 'users' file? > The check only has to be a simple test to see if caller id is there. If it's > not present deny the login. Else accept connection as normal. You can use the poorly documented (and ugly): user No-Such-Attribute == "Calling-Station-Id", Auth-Type := Reject Reply-Message += "Sorry, you need to supply a caller ID" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: gouping modules in radius.conf
Aleksandr Kuzminsky <[EMAIL PROTECTED]> wrote: > My question is how can I do the same in accounting section? Yes. But you just list the sql and sql2 modules. Logging will be done to BOTH. If you want fail-over to sql2 if sql is down, see: doc/configurable_failover > Or may be I don't need to do it, if authenticate modules are > groupped in authenticate section? No, accounting is completely different from authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Emulating a CHAP request with radtest/radclient?
"Tabor J. Wells" <[EMAIL PROTECTED]> wrote: > I read those before I posted, and AFAICT I have my server configured > the way it's supposed to be according to that thread. > > The only thing that I can see that may be different is that have multiple > userPassword entries in a given user's LDAP record. One for {crypt} and > one for {clear}. Ah. That would be an issue. > I noticed the following line in the debug output: > > rlm_ldap: Password header not found in password {crypt}[cryptstring] for > user test Yup, that's what the debug output is for! > Is it possible that rlm_ldap is only taking the first userPassword > result returned and using that rather than the entry that matches the > password_header set in the ldap module? It's possible. I haven't looked at the ldap module recently, so I'm not sure what the problem could be. Once you get it to retreive the clear-text password, it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
At 09:19 AM 1/10/02 -0600, you wrote: >Also, the queries in sql conf are updated as well as the table >schema. You'll need to make sure the queries are retrieving the 'op' >value in the auth query. D'OH! *OF COURSE* I didn't replace the queries. Ok, I'll try this later today and report back. Thanks, Chris and Bas and Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
At 10:01 AM 1/10/2002 -0500, Steve Sobol wrote: >At 08:52 AM 1/10/02 -0600, you wrote: > > >>It's not the code the changed, but the table schema: > >OK. Well, I did find the new schema, and created a new database using >that schema. I pointed sql.conf at the new database and got the same results >I'd been getting. Also, the queries in sql conf are updated as well as the table schema. You'll need to make sure the queries are retrieving the 'op' value in the auth query. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
At 08:52 AM 1/10/02 -0600, you wrote: >It's not the code the changed, but the table schema: OK. Well, I did find the new schema, and created a new database using that schema. I pointed sql.conf at the new database and got the same results I'd been getting. >Note that the *check tables have added 'op char(2)' to the table definition. >You'll need to update you tables to add this column, and then set that to >':='. Noted, and yes, I did set the op column to := for the records containing the Auth-Type attribute. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
At 11:17 PM 1/9/2002 -0500, Steve Sobol wrote: >OK, this is getting aggravating. I built the 1/9 nightly snapshot off the >ftp site (id's itself as FR 0.5) and... nothing. >Searched through the source for rlm_sql and rlm_sql_mysql for any mention >of the word "operator" - not found. > >Same with the latest source off CVS. It's not the code the changed, but the table schema: src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql Note that the *check tables have added 'op char(2)' to the table definition. You'll need to update you tables to add this column, and then set that to ':='. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hi all, Please could somebody answer a question for me, even if it just to point out were the information is? I would like to add a third parameter to check on authentication. So when a user logs in radius takes the username and password checks them. if correct radius checks one further item "Caller-Id". The check only has to be a simple test to see if caller id is there. If it's not present deny the login. Else accept connection as normal. The Reason:- I could use it for our free ISP increasing our security when it comes to tracing customers against hacking etc (basically all the guff free ISP suffer from). Regards, Gareth - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
gouping modules in radius.conf
Hello. In authenticate section I can group some modules. e.g. ---radius.conf--- authtype SQL { sql sql2 } ---end of radius.conf--- My question is how can I do the same in accounting section? Or may be I don't need to do it, if authenticate modules are groupped in authenticate section? Thanks. --- Aleksandr Kuzminsky,AK476-RIPE System Administrator, AK16-UANIC ISP NBI. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql operator patch
Hi, Look in src/modules/rlm_sql/sql.c function: sql_userparse it is the "mode/row[4]". The schema update is in the latest CVS. bash On Wed, 9 Jan 2002, Steve Sobol wrote: > OK, this is getting aggravating. I built the 1/9 nightly snapshot off the > ftp site (id's itself as FR 0.5) and... nothing. > Searched through the source for rlm_sql and rlm_sql_mysql for any mention > of the word "operator" - not found. > > Same with the latest source off CVS. > > I hope this is just a result of me being stupid. (It's happened before. :) > Maybe I missed something. > > Does someone have a tarball with working operator code? > > Please? :) > > > > -- > JustThe.net LLC - Steve "Web Dude" Sobol, CTO ICQ: 56972932/WebDude216 > website: http://JustThe.net email: [EMAIL PROTECTED] phone: 216.619.2NET > postal: 5686 Davis Drive, Mentor On The Lake, OH 44060-2752 DalNet: ZX-2 > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html