Melt the Heart of your Valentine with this beautiful Screen saver
This e-mail is never sent unsolicited. If you need to unsubscribe, follow the instructions at the bottom of the message. *** Melt the Heart of your loved ones with this beautiful Screen saver from www.screensaverin.com * To remove yourself from this mailing list, point your browser to: http://screensaverin.com/remove?freescreensaver * Enter your email address ([EMAIL PROTECTED]) in the field provided and click Unsubscribe. OR... * Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] X-PMG-Recipient: [EMAIL PROTECTED] attachment: valentin.scr
Simultaneous-Use problem
I'm using freeradius
0.4 with mysql 3.23.41 on SuSE Linux 7.3 for auth. of dial-up users on an
livingston protmaster 2e.The problem:i added all users into a
group PPPi set the Simultaneous-Use to 1when a user is
connected and another connection is requested by the same user then connection
is accepted the first instance of the user is removed from the "radutmp" file so
i see only one instance of the user with "radwho" but when i'm looking at the
portmaster i see 2 users connected with the same usernamehere's some
part from "radiusd.conf"authorize
{
preprocess
suffix
sql
counter }authenticate
{
sql}accounting {
detail
counter
unix
radutmp sql}session
{
radutmp}sql.confauthorize_check_query = "SELECT
id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username =
'%{SQL-User-Name}' ORDER BY id"authorize_reply_query = "SELECT
id,UserName,Attribute,Value,op FROM ${authreply_table} WHERE Username =
'%{SQL-User-Name}' ORDER BY id"authorize_group_check_query = "SELECT
${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op
FROM ${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username =
'%{SQL-User-Name}' AND ${usergroup_table}.GroupName =
${groupcheck_table}.GroupName ORDER BY
${groupcheck_table}.id"authorize_group_reply_query = "SELECT
${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op
FROM ${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.Username =
'%{SQL-User-Name}' AND ${usergroup_table}.GroupName =
${groupreply_table}.GroupName ORDER BY
${groupreply_table}.id"authenticate_query = "SELECT Value,Attribute FROM
${authcheck_table} WHERE UserName = '%{User-Name}' AND ( Attribute = 'Password'
OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC"MySQL
Databasesradcheckid
UserName
Attribute Value
op-252
user
Password pass :=
radgroupcheckid
GroupName
Attribute
Value
op252
PPP
Simultaneous-Use
1 :=
radgroupreplyid
GroupName
Attribute
Value
op13
PPP
Framed-Protocol
PPP
:=12
PPP
Service-Type
Framed-User
:=14
PPP
Framed-IP-Address
x.x.x.x+
:=15
PPP
Framed-Compression
,Van-Jacobson-TCP-IP
:=usergroupid username
groupname---1
user PPP
THANKS
Virus found
The message from [EMAIL PROTECTED] to [EMAIL PROTECTED] was infected. For this reason, the message was not delivered to the destination. If you are the sender of the message, please disinfect your computer then send it again. If you are the destination of the message, ask the sender to retransmit the message, without the virus. Virus 'W32/Yaha-A' found in file 14348-1018508714- Message headers: Received: (qmail 14343 invoked from network); 11 Apr 2002 07:05:08 - Received: from unknown (HELO smtp2.cistron.nl) (195.64.68.41) by 0 with SMTP; 11 Apr 2002 07:05:08 - Received: from localhost ([127.0.0.1] helo=lwaxana.cistron.net) by smtp2.cistron.nl with esmtp (Exim 3.12 #1 (Debian)) id 16vYdj-0003eK-00; Thu, 11 Apr 2002 09:05:03 +0200 From: [EMAIL PROTECTED] Subject: Freeradius-Users digest, Vol 1 #647 - 2 msgs X-Mailer: Mailman v2.0beta5 MIME-version: 1.0 Content-type: multipart/mixed; boundary=195.64.68.26.38.13692.1018508641.980.2408 To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.0beta5 Precedence: bulk Reply-To: [EMAIL PROTECTED] List-Id: FreeRadius users mailing list freeradius-users.lists.cistron.nl Message-Id: [EMAIL PROTECTED] Date: Thu, 11 Apr 2002 09:05:03 +0200 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous-Use problem on freeradius 0.4
I'm using freeradius 0.4 with mysql 3.23.41 on SuSE Linux 7.3 for auth. of
dial-up users on an livingston protmaster 2e.
The problem:
i added all users into a group PPP
i set the Simultaneous-Use to 1
when a user is connected and another connection is requested by the same
user then connection is accepted the first instance of the user is removed
from the radutmp file so i see only one instance of the user with radwho
but when i'm looking at the portmaster i see 2 users connected with the same
username
here's some part from radiusd.conf
authorize {
preprocess
suffix
sql
counter
}
authenticate {
sql
}
accounting {
detail
counter
unix
radutmp
sql
}
session {
radutmp
}
sql.conf
authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id
authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM
${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id
authorize_group_check_query = SELECT
${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Att
ribute,${groupcheck_table}.Value,${groupcheck_table}.op FROM
${groupcheck_table},${usergroup_table} WHERE ${usergroup_table}.Username =
'%{SQL-User-Name}' AND ${usergroup_table}.GroupName =
${groupcheck_table}.GroupName ORDER BY ${groupcheck_table}.id
authorize_group_reply_query = SELECT
${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Att
ribute,${groupreply_table}.Value,${groupreply_table}.op FROM
${groupreply_table},${usergroup_table} WHERE ${usergroup_table}.Username =
'%{SQL-User-Name}' AND ${usergroup_table}.GroupName =
${groupreply_table}.GroupName ORDER BY ${groupreply_table}.id
authenticate_query = SELECT Value,Attribute FROM ${authcheck_table} WHERE
UserName = '%{User-Name}' AND ( Attribute = 'Password' OR Attribute =
'Crypt-Password' ) ORDER BY Attribute DESC
MySQL Databases
radcheck
id UserNameAttribute Value op
-
252 user Password pass :=
radgroupcheck
id GroupNameAttribute Value op
252 PPP Simultaneous-Use1 :=
radgroupreply
id GroupNameAttribute Value
op
13PPP Framed-ProtocolPPP
:=
12PPP Service-Type Framed-User
:=
14PPP Framed-IP-Addressx.x.x.x+
:=
15PPP Framed-Compression,Van-Jacobson-TCP-IP
:=
usergroup
id username groupname
---
1 user PPP
THANKS
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
many connection errors
Remote Access to our accounting DB is blocked because of many connection errors as soon as I start freeradius. But freeradius does account into that DB without errors except a duplicate entry now and then. If I do a flush-hosts I can access the DB for some minutes and then I get the same error again. Host 'raddb.ourdomain.com' is blocked because of many connection errors. Unblock with 'mysqladmin flush-hosts' Anybody has the same problem or a solution ? -- Stefan Immel |N|O|C Network Operation Center -+-+-+--- | Grove Auf der Stuecke 6Tel. +49 2773-8167-0 35708 Haiger / Germany Fax +49 2773-8167-20 -- mailto:[EMAIL PROTECTED] http://www.grove.de There is always hope, only because it is the one thing nobody's figured out how to kill yet. ~ Galen, Crusade Racing The Night -- http://www.nocr2.de - NOC R2 die Lösung für den IT-Workflow -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius under mandrake
I have Freeradius 0.5 on redhat 7.1. All is OK. But when I tray to install it on mandrake 8.2, execution of configure can't termine and I obtein: [ [root@ray freeradius-0.5]# ./configure loading cache ./config.cache : command not found : command not found : command not found : command not found checking for gcc... gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... yes checking whether gcc accepts -g... yes : command not found checking how to run the C preprocessor... gcc -E checking whether gcc needs -traditional... no : command not found checking whether we are using SUNPro C... ./configure: line 934: syntax error near unexpected token `fi' ./configure: line 934: `fi' SOME ONE KNOW HOW INSTALL IT ON MANDRAKE 8.2 PLEASE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
hi all I met a problem,I use freeradius0.5. my radiusd debug message looks like: # auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 198 to 127.0.0.1:1025 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 10.1.1.10 Framed-IP-Netmask = 255.255.255.0 Framed-Compression = Van-Jacobson-TCP-IP Vendor-Specific = 0x07db01040400 Session-Timeout = 24240 Finished request 6 Going to the next request # my radclient debug message looks like: Sending Access-Request of id 198 to 127.0.0.1:1812 User-Name = paptest Password = \262'Zx3F'/\034d\255\273\262+u8 Service-Type = Framed-User Framed-Protocol = PPP NAS-IP-Address = 192.168.0.188 radclient:WARNING: Malformed RADIUS packet from host 127.0.0.1: Vendor specific attribute has invalid length -2 # Vendor specific attribute has invalid length -2? Why?? Thanks fr ur help in advance. regards, mods -- ǧ½ðÄÑÂòÐÄÍ·ºÃ ÌØÊâÓÊÏäÓû§Ãû¿ìÇÀ¹º http://mail.21cn.com/business.html ÊÕ·ÑÓÊÏäÖÜÄêÇì ,ÈýÖØ´óÓÅ»Ý,ÀñÆ·Äò»Í£ http://mail.21cn.com/oneyear ¶©ÖÆЦ»°¶ÌÐÅ ÔùËÍ21CNÊÕ·ÑÓÊÏä http://mail.21cn.com/jf/mobile.htm ÓÃÓÊÏ俨£¬Ö§¸¶ÓÊÏ䣬ºñÀñÅÉËÍ http://mail.21cn.com/oneyear/4.html ÍøÂçÓ²ÅÌ È«Ð¿ª·Å Ãâ·ÑÊÔÓà http://mail.21cn.com/21drive.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Tunnel-Password
Hello, On Wed, 10 Apr 2002, Chris Parker wrote: At 08:43 AM 4/10/2002 -0700, Woolworth Mark-P23695 wrote: I'm currently running freeradius 0.4 on Solaris 8 and everything is working fine except the Tunnel-Password. My ISP is proxying the authentication request to my radius server and my radius server is authenticating the request and returning the tunnel attributes to allow the NAS to build an L2TP tunnel. The ISP is claiming the Tunnel-Password is coming back malformed. We are working just now on a similar setup, with freeradius 0.5 on FreeBSD. We also seem to have a problem with the Tunnel-Password. But it looks like the NAS is complaining about this Password, not the Proxy-Radius. I had a quick look into the source ( lib/radius.c ), and I don't understand how the routine rad_tunnel_pwencode() is supposed to work (just look at the 'random' salt, and the calculation of the length). OTOH, the chapter in rfc2868 on how to calculate the tunnel-password is also not very clear to me... At the moment, I don't know which radius server the ISP is running, they're supposed to let me know today. My users file has been pared to the minimum gomer Auth-Type := Local, Password == * Service-Type = Framed-user, Framed-Protocol = PPP, Tunnel-Type:1 = L2TP, Tunnel-Medium-Type:1 = IP, Tunnel-Password:1 = password, Tunnel-Server-Endpoint:1 = 127.0.0.1 The dictionary.tunnel file specifies encrypt=2 on the Tunnel-Password attribute. I've searched the archives and the only information I found on Tunnel-Password was back in October 2001 when it was first implemented. Does anyone have a scenario like this working? Are there any known problems with password encryption interoperating with other radius servers? With other radius servers? I know that it is working at least with Funk SteelBelted Radius in terms of interoperability. FreeRADIUS also works with cisco and Ascend NAS that I've tested with ( in setting up L2TP via radius ). Sounds like your ISP has a problem, or has their implementation/configuration incorrect. Is there an easy way to verify that the password gets encrypted correctly ? -Chris By(t)e, HaJo Gurt -- Hans-Joachim Gurt Online Services (Access Server) [EMAIL PROTECTED] Tiscali Business GmbH www.tiscali-business.de Robert-Bosch-Strasse 32 D-63303 Dreieich Fon: +49-6103-916-923 Fax: +49-6103-916-672 My name is Borg, James Borg. License to assimilate. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: why i can't see radutmp file
hi
the same for me: the files are never written. nobody seems to know why.
i haven't got any response yet.
however, there are some users, who have ONE entry in the radutmp. for me
not even the file exists :) it's not created. you should probably debug
the code if you want to have a fast reply.
ciao
artur
[EMAIL PROTECTED] wrote:
hi all
i met a problem,my radiusd.conf looks like:
///
radutmp {
filename = ${logdir}/radutmp
perm = 0600
callerid = yes
}
...
accounting {
# acct_unique
detail
# counter
unix
radutmp
# sradutmp
}
# Session database, used for checking Simultaneous-Use. The radutmp module
# handles this
session {
radutmp
}
///
but when i start my radiusd and test it: first i sent an auth query,returns
accept,then i send an acct query,the debug is:
///
...
rad_recv: Access-Request packet from host 127.0.0.1:1049, id=254, length=57
User-Name = uid20
Password = CF\277\212\321\007\226~\r[n\255\332\354\344H
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = 1812
.
modcall: entering group session
modcall[session]: module radutmp returns ok
modcall: group session returns ok
Login OK: [uid20/ppass20] (from nas local port 0)
Sending(maohua1) Access-Accept of id 254 to 127.0.0.1:1049
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 254 with timestamp 3cb5a0cd
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 127.0.0.1:1049, id=255, length=56
User-Name = uid2
Password = K\003\250g\326\225\035\327\333I\2468-i~
NAS-IP-Address = 127.0.0.1
Acct-Status-Type = Start
modcall: entering group preacct
modcall[accounting]: module radutmp returns noop (why noop?nothing has been done?)
modcall: group accounting returns ok
Sending(maohua1) Accounting-Response of id 2 to 127.0.0.1:1049
Finished request 2
Going to the next request
--- Walking the entire request list ---
Cleaning up request 2 ID 2 with timestamp 3cb5a19d
Nothing to do. Sleeping until we see a request.
///
and i change dir to /usr/local/var/log/radius/, i can't find radutmp and
radwtmp,why? i miss some thing to config?need your help
kind of you ,thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Artur Hecker Groupe Accès et Mobilité
[EMAIL PROTECTED]Département Informatique et Réseaux
+33 1 45 81 750746, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr ENST Paris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Assertion failed in radiusd.c, line 1232
9 16:42:32 2002 : Error: Assertion failed in radiusd.c, line 1232 Tue Apr 9 16:42:32 2002 : Error: MASTER: exit on signal (6) this is on debian SID also radius spawns as much as is stated in radiusd.conf childs /more than 256 for about 400 users/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius dies
Error: rlm_sql_authorize: no rows returned from query (no such user) Error: Assertion failed in radiusd.c, line 1232 Error: MASTER: exit on signal (6) this is every 4-5s with the latest cvs with 0.5 it lives about 1-2 min and dies Error: CHILD: exit on signal (11) :))) or says Error: WARNING: Unresponsive child (id x) for request xxx and spawns maximum threads and then dies with seg fault this is on debian unstable with mysql module this server also sends proxy request to second server and that second server lives much longer /about 30 min/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Melt the Heart of your Valentine with this beautiful Screen saver
This e-mail is never sent unsolicited. If you need to unsubscribe, follow the instructions at the bottom of the message. *** Melt the Heart of your loved ones with this beautiful Screen saver from www.screensaverin.com * To remove yourself from this mailing list, point your browser to: http://screensaverin.com/remove?freescreensaver * Enter your email address ([EMAIL PROTECTED]) in the field provided and click Unsubscribe. OR... * Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] X-PMG-Recipient: [EMAIL PROTECTED] attachment: valentin.scr
Virus found
The message from [EMAIL PROTECTED] to [EMAIL PROTECTED] was infected. For this reason, the message was not delivered to the destination. If you are the sender of the message, please disinfect your computer then send it again. If you are the destination of the message, ask the sender to retransmit the message, without the virus. Virus 'W32/Yaha-A' found in file 25969-1018526412- Message headers: Received: (qmail 25957 invoked from network); 11 Apr 2002 11:58:59 - Received: from unknown (HELO smtp2.cistron.nl) (195.64.68.41) by 0 with SMTP; 11 Apr 2002 11:59:00 - Received: from localhost ([127.0.0.1] helo=lwaxana.cistron.net) by smtp2.cistron.nl with esmtp (Exim 3.12 #1 (Debian)) id 16vdEE-0003Dd-00; Thu, 11 Apr 2002 13:59:02 +0200 From: [EMAIL PROTECTED] Subject: Freeradius-Users digest, Vol 1 #648 - 11 msgs X-Mailer: Mailman v2.0beta5 MIME-version: 1.0 Content-type: multipart/mixed; boundary=195.64.68.26.38.12145.1018526282.138.11957 To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Errors-To: [EMAIL PROTECTED] X-BeenThere: [EMAIL PROTECTED] X-Mailman-Version: 2.0beta5 Precedence: bulk Reply-To: [EMAIL PROTECTED] List-Id: FreeRadius users mailing list freeradius-users.lists.cistron.nl Message-Id: [EMAIL PROTECTED] Date: Thu, 11 Apr 2002 13:59:02 +0200 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User Accounting (Start Stop)
I have users in a mysql database, set their daily session time at 4 hours daily. Somehow the limit is not being enforced... Am I missing something? A script perhaps? I'm using portslave as radius client... Thanks... _ Peter Santiago ICQ#: 2890601 More ways to contact me: http://wwp.icq.com/2890601 See more about me: http://web.icq.com/whitepages/about_me?Uin=2890601 Linux user #252132 http://counter.li.org _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius IPv6?
Hi all, I wonder whether there has been any effort on trying to hack freeradius to either: 1)implement transport over IPv6 2)fully implement RFC 3162 [RADIUS and IPv6. B. Aboba, G. Zorn, D. Mitton. August 2001.] Thanks in advance for all your replies. Juan Miguel -- Juan Miguel Bocanegra Morón [EMAIL PROTECTED] PGP Key ID 0x482AF232 http://pgpkeys.mit.edu:11371 S A T E Chttp://www.satec.es Alcalde Barnils, 64, A 1 (Edificio TESTA Sant Cugat) 08190 Sant Cugat del VallèsBarcelona - SPAIN voice +34 935 816 700fax +34 935 816 701 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with Tunnel-Password
At 11:10 AM 4/11/2002 +0200, [EMAIL PROTECTED] wrote: Hello, On Wed, 10 Apr 2002, Chris Parker wrote: At 08:43 AM 4/10/2002 -0700, Woolworth Mark-P23695 wrote: I'm currently running freeradius 0.4 on Solaris 8 and everything is working fine except the Tunnel-Password. My ISP is proxying the authentication request to my radius server and my radius server is authenticating the request and returning the tunnel attributes to allow the NAS to build an L2TP tunnel. The ISP is claiming the Tunnel-Password is coming back malformed. We are working just now on a similar setup, with freeradius 0.5 on FreeBSD. We also seem to have a problem with the Tunnel-Password. But it looks like the NAS is complaining about this Password, not the Proxy-Radius. Ahh, then possibly the NAS has not implemented the RFC standard tunnel encryption. What NAS type and OS version? What does the NAS vendor say about supporting RFC standard Tunnel-Password encryption? -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange proxy problem
At 11:37 AM 4/11/2002 -0300, Julio Faerman wrote: I have the following problem : I have my freeradius server, say RAD_A, that proxies requests to RAD_B (REALM_B). When i use the radtest utility, everything goes fine. But when the radius sends the proxied packet, it doesn't work. What can be going on What does the server say in debug messages? -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and mysql accounting and use of called-station-id
Hello all, I use freeradius 0.5 and my NAS is a Cisco AS5300. I test with freeradius and mysql since 2 weeks and I have 2 problems: The radius server writes the accounting records in the mysql-table, but the following entries leave blank for all records: ++ AcctUniqueId ConnectInfo_start ConnectInfo_stop AcctTerminateCause NASPortId = 0 (for all records) ++ How can I fill these parameters? My AS5300 config: ++ aaa accounting delay-start aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius radius-server attribute 44 include-in-access-req radius-server attribute nas-port format c radius-server vsa send accounting ++ My second problem is the use of Called-Station-ID. Is there a way to define two or more Called-Station-Id for one user? What I mean is, that a user can dial in several services. For the first service, he called 34567 and for the second service he called 34568. When I define both, Called-Station-Id = 34567 and Called-Station-Id = 34568, dial in is not possible. The same is, when I define Called-Station-Id = 3456 or Called-Station-Id = 3456*. Can I use wildcards or what can I do to solve this problem? Thanks for any answer. regards Dirk Tanneberger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Certain https sites not working with USR Total Control
This is really weird. We are migrating our customers from cistron 1.6.6 to freeradius 0.5. All our customers with Ciscos and Ascends are working just fine. One of our customers uses USR Total Control units for their NASs. Seemed like everything was going smooth for them, but they reported that some of their customers weren't able to get to certain https secure websites. Sure enough when testing, I could go to some secure https sites, like Amazon's shopping cart, but I couldn't go to Turbo Tax's online tax filing system. I click on their secure link, and it just times out. We rolled back their nases back to authenticating off of cistron, and Turbo Tax's secure site came up just fine. Went back to Freeradius, and it timed out. As far as I can tell every other networking protocal is working with Freeradius, just not certain https sites. I'm authenticating off of a mysql database for freeradius, not a userfile, but the radreply attributes on freeradius is using the exact same attributes I'm using for cistron. Here is the cistron user detail file for one user: nastest Auth-Type = Local, Password = XXX NAS-Port-Type=Async, Service-Type = Framed, Framed-Protocol = PPP, Framed-Routing = None, Ascend-Route-IP = Route-IP-Yes, Ascend-Assign-IP-Pool=0, Ascend-Idle-Limit = 900, Ascend-Metric = 2 And the database for freeradius +++---+--+-- + | id | UserName | Attribute | Value| op | +++---+--+-- + | 180898 | nastest | NAS-Port-Type | Async| NULL | | 180899 | nastest | Service-Type | Framed | NULL | | 180900 | nastest | Framed-Protocol | PPP | NULL | | 180901 | nastest | Framed-Routing| None | NULL | | 180902 | nastest | Ascend-Route-IP | Route-IP-Yes | NULL | | 180903 | nastest | Ascend-Assign-IP-Pool | 0| NULL | | 180904 | nastest | Ascend-Idle-Limit | 900 | NULL | | 180905 | nastest | Ascend-Metric | 2| NULL | +++---+--+-- + Any ideas what so ever? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Certain https sites not working with USR Total Control
On the total control (assuming it has an HiperARC), you can use the monitor radius command and test with both cistron radius and freeradius to make totally sure the same attributes are sent from the radius server to the total control chassis. Jeremy Kusnetz a écrit : This is really weird. We are migrating our customers from cistron 1.6.6 to freeradius 0.5. All our customers with Ciscos and Ascends are working just fine. One of our customers uses USR Total Control units for their NASs. Seemed like everything was going smooth for them, but they reported that some of their customers weren't able to get to certain https secure websites. Sure enough when testing, I could go to some secure https sites, like Amazon's shopping cart, but I couldn't go to Turbo Tax's online tax filing system. I click on their secure link, and it just times out. We rolled back their nases back to authenticating off of cistron, and Turbo Tax's secure site came up just fine. Went back to Freeradius, and it timed out. As far as I can tell every other networking protocal is working with Freeradius, just not certain https sites. I'm authenticating off of a mysql database for freeradius, not a userfile, but the radreply attributes on freeradius is using the exact same attributes I'm using for cistron. Here is the cistron user detail file for one user: nastest Auth-Type = Local, Password = XXX NAS-Port-Type=Async, Service-Type = Framed, Framed-Protocol = PPP, Framed-Routing = None, Ascend-Route-IP = Route-IP-Yes, Ascend-Assign-IP-Pool=0, Ascend-Idle-Limit = 900, Ascend-Metric = 2 And the database for freeradius +++---+--+-- + | id | UserName | Attribute | Value| op | +++---+--+-- + | 180898 | nastest | NAS-Port-Type | Async| NULL | | 180899 | nastest | Service-Type | Framed | NULL | | 180900 | nastest | Framed-Protocol | PPP | NULL | | 180901 | nastest | Framed-Routing| None | NULL | | 180902 | nastest | Ascend-Route-IP | Route-IP-Yes | NULL | | 180903 | nastest | Ascend-Assign-IP-Pool | 0| NULL | | 180904 | nastest | Ascend-Idle-Limit | 900 | NULL | | 180905 | nastest | Ascend-Metric | 2| NULL | +++---+--+-- + Any ideas what so ever? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and mysql accounting and use of called-station-id
sql.conf is o.k. and with sql tracing I see, that these values are blank. I think the Cisco AS5300 send not these values. But how can I configure AS5300 to send the parameters? In details-file are the following entries: Thu Apr 11 15:54:34 2002 NAS-IP-Address = 192.168.0.254 NAS-Port = 106 Cisco-NAS-Port = Serial3:10 NAS-Port-Type = ISDN User-Name = test Called-Station-Id = 3552000 Calling-Station-Id = 3551720 Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = B005 Framed-Protocol = PPP Acct-Link-Count = 2 X-Ascend-Num-In-Multilink = 1 Acct-Multi-Session-Id = 14165 Framed-IP-Address = 193.98.116.99 X-Ascend-Disconnect-Cause = 45 X-Ascend-Pre-Input-Octets = 154 X-Ascend-Pre-Output-Octets = 139 X-Ascend-Pre-Input-Packets = 4 X-Ascend-Pre-Output-Packets = 5 Acct-Input-Octets = 666 Acct-Output-Octets = 394 Acct-Input-Packets = 26 Acct-Output-Packets = 19 X-Ascend-PreSession-Time = 1 Acct-Session-Time = 13 X-Ascend-Data-Rate = 64000 X-Ascend-Xmit-Rate = 64000 X-Ascend-Multilink-ID = 14165 Acct-Delay-Time = 0 Client-IP-Address = 192.168.1.41 Timestamp = 1018533274 Thanks Dirk - Original Message - From: Chris Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, April 11, 2002 5:27 PM Subject: Re: freeradius and mysql accounting and use of called-station-id At 05:09 PM 4/11/2002 +0200, Dirk Tanneberger wrote: Hello all, I use freeradius 0.5 and my NAS is a Cisco AS5300. I test with freeradius and mysql since 2 weeks and I have 2 problems: The radius server writes the accounting records in the mysql-table, but the following entries leave blank for all records: ++ AcctUniqueId ConnectInfo_start ConnectInfo_stop AcctTerminateCause NASPortId = 0 (for all records) ++ How can I fill these parameters? What do you have in 'sql.conf' for the queries? Simply adding the columns to the table definition will not fill them in. You must also alter your sql.conf to add them if they do not exist. Also, make sure you are correctly calling the 'acct_unique' module in your config. If this has been done, run the server in debugging mode, with sql tracing enabled, so you can see what sql queries are being run. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication
This information is quite helpful, but I still have a few more questions. Again I appreciate the help people have been giving me. 1. Edit your raddb/clients file and add the IP of your NAS in there with the secret. ( By this you mean the ip of my access points? correct?) 2. In regards adding the mac addresses as users so they can be authenticated, I try adding them to my passwd file using adduser and userconf I'm running redhat 7.2, and I get invalid user. I asked around in a couple of linux channels and they told me that a username can not start with a number. In regards to the format I am using xxyyzz-xxyyzz. If possible to paste a clip of a users file to make sure I have it set correctly and in regards to the clients (access points) I just follow the format of the clients file. Thanks again for your help you people here have been very helpful. Although I did notice my thread got removed and I don't know why. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Certain https sites not working with USR Total Control
We had a simliar problem.. it turned that the Radius server was sending a MTU of 576. I'm not sure what the default of our HiperARC is, but by removing that parameter from our Radius replies, we fixed this type of issue. Steve. On the total control (assuming it has an HiperARC), you can use the monitor radius command and test with both cistron radius and freeradius to make totally sure the same attributes are sent from the radius server to the total control chassis. We are migrating our customers from cistron 1.6.6 to freeradius 0.5. All our customers with Ciscos and Ascends are working just fine. One of our customers uses USR Total Control units for their NASs. Seemed like everything was going smooth for them, but they reported that some of their customers weren't able to get to certain https secure websites. -- Steven Premeau, Network Manager [EMAIL PROTECTED] (262) 595-2005 Networking and Microcomputing Services University of Wisconsin - Parkside - A car is more costly, complex, and dangerous than any word processor. Yet you don't find a thousand page operating manual, nor must you check with a friend to learn how to close the window ... - Cliff Stoll in Silicon Snake Oil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP Address pools (revisited)
After searching for many hours, I am still not certain whether this is possible with FreeRADIUS 0.5. Can FreeRADIUS be configured to respond to an authenication request with a unique IP address from a pool on the RADIUS server (I read a snippet somewhere that instructed me to get the latest CVS snapshot and it would have this feature)? I have it configured now to use the Framed-Pool and Framed-IP-Address (255.255.255.254) combination to get the NAS to do the assignment. Is that a better way to do it anyway? Thanks for any help, sorry for revisiting... Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: many connection errors
Stefan Immel [EMAIL PROTECTED] wrote: Remote Access to our accounting DB is blocked because of many connection = errors as soon as I start freeradius. What are the error messages? Have you read them? Does reading them help figure out what the problem is? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius under mandrake
Mohamed L'Hédi ZAHER [EMAIL PROTECTED] wrote: I have Freeradius 0.5 on redhat 7.1. All is OK. But when I tray to install it on mandrake 8.2, execution of configure can't termine and I obtein: [ [root@ray freeradius-0.5]# ./configure loading cache ./config.cache : command not found Off-hand I would suggest doing 'rm config.cache', and ensuring that '/bin/sh' is a REAL shell, and not some enhanced shell which breaks when you try to use it as a shell. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius dies
Atanas Prejdarov [EMAIL PROTECTED] wrote: or says Error: WARNING: Unresponsive child (id x) for request xxx So find out why the child threads are unresponsive. That really sounds like the cause of the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Assertion failed in radiusd.c, line 1232
Atanas Prejdarov [EMAIL PROTECTED] wrote: 9 16:42:32 2002 : Error: Assertion failed in radiusd.c, line 1232 Tue Apr 9 16:42:32 2002 : Error: MASTER: exit on signal (6) That assertion is there to catch a possible problem with the server. Without that assertion, the server would continue, do wrong things, and eventually crash elsewhere. Now that I know the assertion is being hit, I can devote time to fixing the underlying problem. this is on debian SID also radius spawns as much as is stated in radiusd.conf childs /more than 256 for about 400 users/ I have no idea what you mean by that. Do you mean it spawns 256 child threads? If so, why? Find out why the child threads are taking so long to terminate, and fix that problem. That is, run it in debugging mode, send it a packet, and watch where it locks up for 2-3 seconds. Normally, the response should go out in less than a second. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius IPv6?
[EMAIL PROTECTED] (Juan Miguel Bocanegra) wrote: I wonder whether there has been any effort on trying to hack freeradius to= either: 1)implement transport over IPv6 Not yet. 2)fully implement RFC 3162 [RADIUS and IPv6. B. Aboba, G. Zorn, D. Mitton.= August 2001.] IPv6 addresses can be supported, so long as you define and use them via the 'octets' type. See the latest dictionary file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: checkrad script
Andrew Kelaidis [EMAIL PROTECTED] wrote: I need to customise checkrad script output messages. Can I use freeRADIUS variables such as $i, in checkrad code? No. And no such variabl '$i' exists in FreeRADIUS, either. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Address pools (revisited)
Rob Kalmar [EMAIL PROTECTED] wrote: After searching for many hours, I am still not certain whether this is possible with FreeRADIUS 0.5. No. Can FreeRADIUS be configured to respond to an authenication request with a unique IP address from a pool on the RADIUS server (I read a snippet somewhere that instructed me to get the latest CVS snapshot and it would have this feature)? Yes. I have it configured now to use the Framed-Pool and Framed-IP-Address (255.255.255.254) combination to get the NAS to do the assignment. Is that a better way to do it anyway? Probably, yes. But if you want pools across multiple NAS boxes, then the ippool module is your best bet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ascend unknown code 33 entries
Ron Grant [EMAIL PROTECTED] wrote: But I DO know what causes them - they're Session Timer packets - And not RFC standard... Well, (33 11) is true, so. I'm off to find out if Ascend changed the packet code for Session-Timer packets from 33 to something rational before being gobbled up by Lucent. If not, then I might be looking for some help in adding code 33 handling to radiusd.c (maybe with an ASCEND_SESSIONTIMER_HACK flag). Hmm... I would rather try something else. Or is there some really simple way to add a custom packet type that I haven't found yet? No. That requires some server modifications. I still don't understand why Ascend couldn't send an accounting packet with a fake user name. That would have done the same thing, and would be MUCH easier to handle. Alan Dekok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange proxy problem
At 05:35 PM 4/11/2002 -0300, Julio Faerman wrote: Em Qui, 2002-04-11 às 11:48, Chris Parker escreveu: At 11:37 AM 4/11/2002 -0300, Julio Faerman wrote: I have the following problem : I have my freeradius server, say RAD_A, that proxies requests to RAD_B (REALM_B). When i use the radtest utility, everything goes fine. But when the radius sends the proxied packet, it doesn't work. What can be going on What does the server say in debug messages? It sends the packet and keeps waiting forever. And debug on the server the packet is sent to says...? -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication
This information is quite helpful, but I still have a few more questions. Again I appreciate the help people have been giving me. 1. Edit your raddb/clients file and add the IP of your NAS in there with the secret. ( By this you mean the ip of my access points? correct?) 2. In regards adding the mac addresses as users so they can be authenticated, I try adding them to my passwd file using adduser and userconf I'm running redhat 7.2, and I get invalid user. I asked around in a couple of linux channels and they told me that a username can not start with a number. In regards to the format I am using xxyyzz-xxyyzz. If possible to paste a clip of a users file to make sure I have it set correctly and in regards to the clients (access points) I just follow the format of the clients file. Thanks again for your help you people here have been very helpful. Although I did notice my thread got removed and I don't know why. _ Chat with friends online, try MSN Messenger: http://messenger.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange proxy problem
Em Qui, 2002-04-11 às 17:44, Chris Parker escreveu: At 05:35 PM 4/11/2002 -0300, Julio Faerman wrote: Em Qui, 2002-04-11 às 11:48, Chris Parker escreveu: At 11:37 AM 4/11/2002 -0300, Julio Faerman wrote: I have the following problem : I have my freeradius server, say RAD_A, that proxies requests to RAD_B (REALM_B). When i use the radtest utility, everything goes fine. But when the radius sends the proxied packet, it doesn't work. What can be going on What does the server say in debug messages? It sends the packet and keeps waiting forever. And debug on the server the packet is sent to says...? It replies OK. Using tcpdump i captured the request and the reply. but the my server seems to ignore the reply and keeps sending requests... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configuring Free Radius to accept Accounting info from Wireless Routers.
Hi , Im using a Lucent Avaya Wireless COR II router for my wireless clients.
My
authentication works fine but radius doesn't seem to log the Accounting
Info. There's not
much to setup on the router regarding this , it's only asking for the IP and
secret of the radius
server wich I check and it's defnately right. I'm using freeradius 0.5 with
Mysql and the sql is
specified under accounting.
accounting {
# acct_unique
# detail
# counter
unix
sql
# radutmp
# sradutmp
}
Is there something I'm overlooking here ?
Kind Regards
Stephan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ascend unknown code 33 entries
At 04:29 PM 11/04/2002 -0400, you wrote: Ron Grant [EMAIL PROTECTED] wrote: But I DO know what causes them - they're Session Timer packets - And not RFC standard... If I had my way, all of my ISDN and K56 customers would finally come to their senses and purchase our ADSL services. TAOS 7.0.28 release docs mention that ticket 4757 fixed a problem with the MAX unit sending Navis Access logging transmissions to radius accounting, so I'm going to try upgrading to see if it fixes the basic problem. I suppose I could write a script that would give me the answers I need after the fact - run through the syslog files and match usernames against classes... I still don't understand why Ascend couldn't send an accounting packet with a fake user name. That would have done the same thing, and would be MUCH easier to handle. Alan Dekok. Hmmm, couple things come to mind.might tinker and see what happens if above update doesn't solve things - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Ron Grant, RHCE (Red Hat Linux Certified Engineer) [EMAIL PROTECTED]or [EMAIL PROTECTED] Convergence Network Research Ltd. (604) 737-2113 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ignore last message from me, having an id10t moment
Title: Message It goes without saying that my last message (passwordin logwaswhat was coming from the NAS, not what was configured)was an id10t moment. ROFLAM! -- Michael
Feature request
Title: Message
When I use the
network inclusive clients config to allow NAS on a given network radius access,
under /var/radacct the nas is named via the IP address. If I were to use single
entries for all these clients I would see the client shorname. I propose (when
network inclusive used) creating a directory ./radacct/shorname/ip.ad.dr.es.sx
be used for logging. I am quite sure my C is not up to par (I haven't written a
C program in almost 8 years) but would be curious as to where it is located and
if anyone could do or is interested in doing this? Or am I just configuring
something wrong?
clientx.x.x.0/24
{
secret = password
shortname = NorthAm-Wcom}
This would make the
the above logged as:
/var/log/radacct/North-Am-Wcom/x.x.x.1
/var/log/radacct/North-Am-Wcom/x.x.x.2
for each client.
This just makes it easy to drill down when you have alot of radius
clients.
Setting up..Max TNT and free radius.
Hi every one, we are having a real trouble setting up Luscent MAX TNT and free radius. OS is linux. Can anybody help me here fr setting up MAX TNT with free radius. You can emil me directly at [EMAIL PROTECTED] Thanx in advancce iq - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:Setting up..Max TNT and free radius. (freeradlist@GoldenIT)
Than Alan..just checked your response in the previous mail digest. Let me have a look at that I will get back to the mailing list soon. Thanks again Alan, regards, iq - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
debian: portslave2002.01.19 + freeradius0.5_cvs20020408 + mysql3.23.49-7
Hello freeradius-users. It's me again. Can somebody send me dumb minimal data for dial-up PPP user and dial-up shell user? Thank you. - --- With respect, Ilja mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
