RE: Failed to link to module 'rlm_unix-0.6': file not found
> What platform are you running on? SuSE Linux 7.3 Kernel Version 2.4.18 I got it running but only with an strace and some strange links. I had to link each and every rlm_*so.la file ro rlm_*-0.6.la to got it working. Now I've got the "Assertion failed in radiusd.c, line 2540" Error. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
odbc & iodb
Hi! Which options in configure I can use for disabling rlm-sql-unixodbc and rlm-sql-iodbc. Regards Victor V Ismakaev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not Session-Timeout, but Session-Timeouts
Hi all, I have configured my FreeRadius server, so it do AAA for my dialup users. I have tried to use Session-Timeout. It have been used to reject users when they don't have many on their account anymore. It's worked perfectly good. I have tried to use Login-Time, it worked also - FR just set properly Session-Timeout value every time. But how can use Session-Time and Login-Time attributes simultaneously??? Both of them try to add Session-Timeout to reply VPs. The right choice is to return _MINIMUM_ of these Session-Timeouts, so user's session will be terminated automatically when he step over to not permitted time period (this period seted by Login-Time), _OR_ when his money account exhausted. Is it possible to return minimum of these? Thanks, Ruslan A Dautkhanov - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
libiodbc in non-typical place
Hi! I have an iODBC installed on non-standart place(/usr/include/iodbc, /usr/lib/iodbc). Which options should I use in configure script in this case? I tried ./configure --with-odbc-lib-dir=/usr/lib/iodbc --with-odbc-include-dir=/usr/include/iodbc , but that did nothing. Any suggestions? Regarts Victor V Ismakaev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with compiling freeradius - newbie LONG
On Thu, 30 May 2002 09:26:31 +0200, Rennes Neps wrote: >> I configure with the "--enable-ltdl-install=no" set. In fact, I don't >> even remember >> what it is, exactly because I don't need it. >Tried it, no luck. It says invalid feature name :( >[root@radius freeradius-0.5]# ./configure --disable-ltdl-install >configure: error: ltdl-install: invalid feature name >[root@radius freeradius-0.5]# ./configure --enable-ltdl-install=no >configure: error: ltdl-install: invalid feature name Hey, please remember me to send you my ./configure file. I'm at home now, and this is at my work. As opiniões formuladas neste e-mail são de caráter exclusivamente pessoal. Minha opinião não necessariamente representa a opinião do meu Moto Grupo nem da empresa onde trabalho. Mene Sakkhet ur-seveh Alexandre Ganso - Diretor Steel Goose Moto Group 6, 7 e 8 de setembro - Aniversario 10 anos Steel Goose - Ouro Branco - MG 500 Four Vermelha [EMAIL PROTECTED] ICQ# 3778773 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[6]: PPTP
Hello Pedro,
Tuesday, June 04, 2002, 11:54:52 PM, you wrote:
>>
>> What's the way to encrypt the passwords in the database.
>>
>> I am using...
>>
>> mysql> update radcheck set value = encrypt('pptp2002') where id = 730;
>>
>> +-+--+-+---+--+
>> | id | UserName | Attribute | Value | op |
>> +-+--+-+---+--+
>> | 732 | pptp | Auth-Type | MS-CHAP | := |
>> | 730 | pptp | NT-Password | uFdiBao.l.ijQ | := |
>> +-+--+-+---+--+
Sorry fo bad english
You not read my previuos letter :(
I detaily give you my working configuration for MS-CHAP + pptp
NT-Password is NOT encrypt password :(
Use program by [EMAIL PROTECTED] (big thanks)
put it to rlm_mschap and compile
gcc -o smbencrypt deskey.c desport.c smbencrypt.c md4c.c
$ smbencrypt qwerty<-Pass 'qwerty'
LM Hash NT Hash
598DDCE2660D3193AAD3B435B51404EE2D20D252A479F485CDF5E171D93985BF
Now do
>> mysql> update radcheck set value = '2D20D252A479F485CDF5E171D93985BF' where id =
>730;
>select id,UserName,Attribute,Value,op from radcheck where UserName='q1test';
+-+--+-+--+--+
| id | UserName | Attribute | Value| op |
+-+--+-+--+--+
| 310 | q1test | NT-Password | 2D20D252A479F485CDF5E171D93985BF | := |
+-+--+-+--+--+
1 row in set (0.00 sec)
Change in sql.conf
authenticate_query = "SELECT Value,Attribute FROM ${authcheck_table} WHERE UserName =
'%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR
Attribute =
'Crypt-Password' OR Attribute = 'NT-Password') ORDER BY Attribute DESC"
--
Best regards,
rustmailto:[EMAIL PROTECTED]
smbencrypt.c
Description: Binary data
Re: Stop radacct logs
I've not tested it out. but it think you can comment the like containg
"detail" in accounting section of radiusd.con file as :
accounting {
# acct_unique
#detail < -
# counter
unix
radutmp
# sradutmp
}
- Original Message -
From: "Ronan Lucio" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 05, 2002 1:06 AM
Subject: Stop radacct logs
> Hello,
>
> Is there a way freeradius don't the accounting logs?
> I've storing accounting logs on a Postgres database
> via Exec-Program.
>
> Thank's,
> Ronan
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Question about logging
I have log Auth set to yes but I only see Unknown NAS, is there a way to get the name of the access point to show up in stead of Unknown NAS. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dialup Admin question
On Mon, 3 Jun 2002, Deramus, Chris wrote: > Does it print out any messages? If you try adding a new user what happens? > Do you have problem seeing the accounting information or everything? If you > try to administer an active account, does it report that it didn't find it > or does it show the user administration page ok? > > The page to load fine. I click the Edit Users section on the left frame and > it says user not found. I do a search for user 'TestRad' (which does exist > cause I'm currently logged in as him on my laptop) and it says User does not > exist. > > The accounting page shows my attributes and gives me the selection to choose > from, but when I hit the submit button it just resets the values and doesn't > display anything (including error messages). When I had enter new user > information on the Add User section, and then hit the enter button the > information disappears and that entry isn't added to the database. So it takes the column information from the database but doesn't find anything in the accounting table. That seems strange. If you do a 'SELECT UserName FROM radacct LIMIT 10' will it give you any results? Could you send the sql_* config directives from the admin.conf (apart from the sql password of course). > > It doesn't display any active accounts even though I'm currently logged on > right now. If you do a 'SELECT UserName from radacct WHERE AcctStartTime = '0'' what does it show when you are loged in? The admin.conf allows you to do a finger to the nas (that only works for cisco access servers currently) or just use the information provided from the accounting database. Which of the two have you enabled? > > Thanks, > > Chris DeRamus > HQ VPN Administrator > Verizon > 301-903-2093 > > > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Any plans for making Simultaneous-Use SQL aware?
At 02:28 PM 6/4/2002 -0400, you wrote: >Randy Moore <[EMAIL PROTECTED]> wrote a long time ago: > > After talking about it this morning, I couldn't get this out of my > head, so > > I also worked up a version of this today. I think mine already handles > the > > session zap issue properly, but I'm not 100% sure of the MLPPP > > handling. But it sounds like between the two, we should be able to > come up > > with a good solution. > > > > A patch for this version is available at: > > http://www.axion-it.net/download/sql_simul.patch > > If this works for you, can you commit it to CVS, along with the >changes to radiusd.conf.in, and sql.conf? Hi Alan, It has been working well for me. I just tested it with the latest CVS revision and it compiled and worked properly there as well, so I've commited it. Thanks much. Randy Moore Axion Information Technologies, Inc. email [EMAIL PROTECTED] phone 301-408-1200 fax301-445-3947 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pass through failures
I'm replacing an old Ascend radius server on an NT Box with freeradius and the client I'm doing this for bought the business a year or so ago and the previous owner didn't bother to give him all of the user passwords. SO, I need a way where I can point all of the terminal servers through freeradius and if a user exists in the mysql table, it authenticates there if the password matches... If the user doesn't exist in the mysql table then it proxies the radius request to another radius server. I have users authenticating through the freeradius/mysql combo now and using the dialup_admin to edit them, but I need to start logging the passwords used through the system (using log_auth=yes, log_auth_badpass=yes and log_auth_goodpass=yes in radiusd.conf) Thanks! william
Re: radius+pppoe
> Date: Tue, 4 Jun 2002 17:59:44 +0300 (EEST) > From: Viliana Atanasova <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: radius+pppoe > Reply-To: [EMAIL PROTECTED] > > > Hi all, > > Recently I had the following problem, > I use cistron radius + pppoe server on a Slackware platform, and my > clients log on using RasPPPoe for Windows (as all of them are win98 or > winXP users) and sometimes my clients got disconected verry often ( for > example every 10-15mins) and on the next day everything is OK > and this for another two, three days and then again happens the same. > At first I thought the problem was packet loss, but after a lot of > research it became clear this was not the problem, there wasn't any packet > loss at all. > > Has anyone idea where might be the problem ? Or how can I find out what > exactly happens there ? > ( as I've already changed every hub/switch tried it again, checked cables > and every other technical problem there might be ) Hello, I don't think this is a radius issue at all. Please try using 'lcp-echo-interval', 'lcp-echo-failure' while using 'debug' pppd option. If you ever have lcp timeout then the problem is either in the phisycal layer or in the pppoe software you are using. Best regards, -- Theodor Milkov Administrator IP Networks Davidov Electric Ltd.Phone: +359 (2) 730158 PGP: http://www.zimage.delbg.com/zimage.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with MySQL Auth-Type
Nick Davis <[EMAIL PROTECTED]> wrote: > Also, if PAP can do cleartext, crypt and md5 passwords, why would > anyone need to use Auth-Type := Local while using a sql database to > store user names and pwds? Historical reasons. That should probably be fixed, so that the server core does NO authentication comparisons at all. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stop radacct logs
Hello, Is there a way freeradius don't the accounting logs? I've storing accounting logs on a Postgres database via Exec-Program. Thank's, Ronan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[4]: PPTP
>
> What's the way to encrypt the passwords in the database.
>
> I am using...
>
> mysql> update radcheck set value = encrypt('pptp2002') where id = 730;
>
> +-+--+-+---+--+
> | id | UserName | Attribute | Value | op |
> +-+--+-+---+--+
> | 732 | pptp | Auth-Type | MS-CHAP | := |
> | 730 | pptp | NT-Password | uFdiBao.l.ijQ | := |
> +-+--+-+---+--+
>
> This is what I got:
>
> rlm_sql: Released sql socket id: 4
> modcall[authorize]: module "sql" returns ok
> modcall[authorize]: module "mschap" returns ok
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type MS-CHAP
> auth: type "MS-CHAP"
> modcall: entering group authenticate
> rlm_mschap: Invalid NT Password text
> modcall[authenticate]: module "mschap" returns reject
> modcall: group authenticate returns reject
>
>
> > -Original Message-
> > From: 3APA3A [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, June 04, 2002 11:04 AM
> > To: [EMAIL PROTECTED]; Gonzalez, Pedro
> > Cc: '[EMAIL PROTECTED]'
> > Subject: Re[4]: PPTP
> >
> >
> > Dear Gonzalez, Pedro,
> >
> > You have Password attribute configures for user. It means
> > you need to
> > have mschap in authorize{}. You have to configure
> > NT-Password and
> > LM-Password if you want to use MS-crypted passwords.
> >
> > --Tuesday, June 4, 2002, 6:53:01 PM, you wrote to
> > [EMAIL PROTECTED]:
> >
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Windows DomainName+UserName in access-request
> It is almost completed. Freeraduis is authenticating IP-Sec
> clients using Cisco-VPN software, PPTP and IPSec over Windows
> dial-up interface w/Win-XP/2000. The problem is Win95/98 do
> not have an option to remove the domain name from the dial-up
> PPTP client.
>
> So I have this request:
>
> rad_recv: Access-Request packet from host 10.16.3.98:1331,
> id=56, length=160
> User-Name = "AD\\KWaterma"
> NAS-Port = 3889
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Tunnel-Client-Endpoint:0 = "64.218.189.47"
> MS-CHAP-Challenge = 0x11345d9364f0d75c905005ec8da980ce
> MS-CHAP2-Response =
> 0x0200cc8a3d22894b0143ec5109be94573955e52e54ea
> 8adf48a21f95b918395d3cabd0653989f199a76c
> NAS-IP-Address = 10.16.3.98
> NAS-Port-Type = Virtual
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> radius_xlat: 'AD\\KWaterma'
> sql_escape in: 'AD\\KWaterma'
> sql_escape out: 'ADKWaterma'
> sql_set_user: escaped user --> 'ADKWaterma'
> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM
> radcheck WHERE Username = 'ADKWaterma' ORDER BY id'
> rlm_sql: Reserving sql socket id: 4
> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = 'ADKWaterma' ORDER BY id
> sql_escape in: 'DEFAULT'
> sql_escape out: 'DEFAULT'
> sql_set_user: escaped user --> 'DEFAULT'
> radius_xlat: 'SELECT
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribu
> te,radgroupcheck.Value,radgroupcheck.op FROM
> radgroupcheck,usergroup WHERE usergroup.Username = 'DEFAULT'
> AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY
> radgroupcheck.id'
> SELECT
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribu
> te,radgroupcheck.Value,radgroupcheck.op FROM
> radgroupcheck,usergroup WHERE usergroup.Username = 'DEFAULT'
> AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY
> radgroupcheck.id
> radius_xlat: 'SELECT
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribu
> te,radgroupreply.Value,radgroupreply.op FROM
> radgroupreply,usergroup WHERE usergroup.Username = 'DEFAULT'
> AND usergroup.GroupName = radgroupreply.GroupName ORDER BY
> radgroupreply.id'
> SELECT
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribu
> te,radgroupreply.Value,radgroupreply.op FROM
> radgroupreply,usergroup WHERE usergroup.Username = 'DEFAULT'
> AND usergroup.GroupName = radgroupreply.GroupName ORDER BY
> radgroupreply.id
> rlm_sql: User DEFAULT not found and DEFAULT not found
> rlm_sql: Released sql socket id: 4
> modcall[authorize]: module "sql" returns notfound
> modcall[authorize]: module "mschap" returns notfound
> modcall: group authorize returns ok
> auth: No Auth-Type configuration for the request, rejecting the user
> auth: Failed to validate the user.
>
> Here is how radiusd.conf is right now:
>
> authorize {
> preprocess
> sql
> mschap
> }
>
> authenticate {
> mschap
> pap
> }
>
> preacct {
> suffix
> files
> preprocess
> }
>
> accounting {
> sql
> radutmp
> }
>
> session {
> radutmp
> }
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Any plans for making Simultaneous-Use SQL aware?
Randy Moore <[EMAIL PROTECTED]> wrote a long time ago: > After talking about it this morning, I couldn't get this out of my head, so > I also worked up a version of this today. I think mine already handles the > session zap issue properly, but I'm not 100% sure of the MLPPP > handling. But it sounds like between the two, we should be able to come up > with a good solution. > > A patch for this version is available at: > http://www.axion-it.net/download/sql_simul.patch If this works for you, can you commit it to CVS, along with the changes to radiusd.conf.in, and sql.conf? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ascend MAX / Cisco snmpfinger utilities?
I can't seem to pull any logged in user information with the snmpfinger utility from my Ascend MAX4048's and Cisco AS5200's. Are there any other utilities that can cull this information to use with the 'Online Users' link with the dialup_admin with freeradius? Thanks! William
Re: Failed to link to module 'rlm_unix-0.6': file not found
On Tue, Jun 04, 2002 at 01:47:09PM +0200, Stefan Immel wrote: > Failed to link to module 'rlm_unix-0.6': file not found > > every time I try to start the radius deamon from the newest snapshot I get this >error message. > > a ls in /usr/local/lib shows the following: > > rlm_unix-0.6.so rlm_unix.la rlm_unix.so.0 > rlm_unix.a rlm_unix.so rlm_unix.so.0.0.0 > > a radiusd -X shows: > Module: Library search path is /usr/local/lib > radiusd.conf[328] Failed to link to module 'rlm_unix-0.6': file not found > > Is there any way so find out why he can't load that module ??? What platform are you running on? /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[6]: PPTP
Dear Alan DeKok, --Tuesday, June 4, 2002, 8:22:09 PM, you wrote to [EMAIL PROTECTED]: AD> The authorize section of the MSCHAP module can still set Auth-Type AD> to MSCHAP. But if another module sets Auth-Type to MSCHAP, you AD> shouldn't need mschap in authorize. OK. I'll move this code to authenticate. -- ~/ZARAZA Åñòü òàì âåðñèè Îòåëëî, ãäå Äåçäåìîíà äóøèò Ìàâðà. (Ëåì) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Question about logging
radiusd.conf: log_auth = yes > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of David > Petruzzella > Sent: Tuesday, June 04, 2002 1:26 PM > To: [EMAIL PROTECTED] > Subject: RE:Question about logging > > > When ever a user or wireless card authenticates or fails to authenticate > will the log reflect the name of of the access point the person was > authenticating or failed to authenticate with? Also is it > possible for the > name of the person that is requesting to be authenticated to show > up in the > log? I don't remember seeing anything on the messages about this topic. > Thanks in advance for your help. > > > > _ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE:Question about logging
When ever a user or wireless card authenticates or fails to authenticate will the log reflect the name of of the access point the person was authenticating or failed to authenticate with? Also is it possible for the name of the person that is requesting to be authenticated to show up in the log? I don't remember seeing anything on the messages about this topic. Thanks in advance for your help. _ Chat with friends online, try MSN Messenger: http://messenger.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can i get get in-correct passwords auth logs in database(sql), instead of radius.log
On Tue, 4 Jun 2002, Ali wrote: > i'm using freeRadius version 0.5, with rlm_sql module. auth and acct with > freeradius and postgresql is working fine. I want to get the radius.log > messages in my database, so that i can get the authntication failure messages > with incorrect passwords in the postgresql tables > > -ali > Check out the dialup_admin/bin/log_badlogins script. It works with mysql right now but it should not be that hard to make it work with postgresql. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can i get get in-correct passwords auth logs in database (sql), instead of radius.log
> Then is there some attribute in accounting logs that gives the idea about > incorrect passwords (auth error)entered be remote users. ( sorry, if it does > look like a good question ) ? What I have done to log the invalid logins to the database, is write a simple perl script which watches the radius.log and inserts the invalid ones into a bad_logins table. This way they go to both places. If you only want it to go to sql, I don't know how to do that. Perhaps you could use a fifo as the log file? Josh -- Josh Wilsdon <[EMAIL PROTECTED]> Programmer Analyst Wizard IT Services - http://www.wizard.ca Linux Support Specialist - http://linuxmagic.com Unix Administration, Website Hosting, Network Services, Programming (604) 589-0037 Beautiful British Columbia, Canada LinuxMagic is a TradeMark of Wizard Tower TechnoServices Ltd. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how can i get get in-correct passwords auth logs in database (sql), instead of radius.log
- Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 04, 2002 7:47 PM Subject: Re: how can i get get in-correct passwords auth logs in database (sql), instead of radius.log > "Ali" <[EMAIL PROTECTED]> wrote: > > i'm using freeRadius version 0.5, with rlm_sql module. auth and acct > > with freeradius and postgresql is working fine. I want to get the > > radius.log messages in my database, so that i can get the authntication > > failure messages with incorrect passwords in the postgresql tables > > Right now the server can't log messages to a database, sorry. > Then is there some attribute in accounting logs that gives the idea about incorrect passwords (auth error)entered be remote users. ( sorry, if it does look like a good question ) ? -Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[4]: PPTP
3APA3A <[EMAIL PROTECTED]> wrote:
> You have Password attribute configures for user. It means you need to
> have mschap in authorize{}. You have to configure NT-Password and
> LM-Password if you want to use MS-crypted passwords.
Which is why I would prefer to have all of that work done in the
authenticate section of the MSCHAP module.
The authorize section of the MSCHAP module can still set Auth-Type
to MSCHAP. But if another module sets Auth-Type to MSCHAP, you
shouldn't need mschap in authorize.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Controlling Accounts
Never mind. I found the date format for those attributes. Thanks Pedro > -Original Message- > From: Gonzalez, Pedro [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 04, 2002 10:50 AM > To: '[EMAIL PROTECTED]' > Subject: Controlling Accounts > > > I finally have MS-CHAP working with clear text password. It > did not work > with encrypted passwords. Now I need a way to control when > the user can and > cann't login. Is there a way to do it by using "Activation" > and "Expiration" > attributes? like in ICRadius or is there another way? > > Thanks > Pedro > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: PPTP
Dear Gonzalez, Pedro,
You have Password attribute configures for user. It means you need to
have mschap in authorize{}. You have to configure NT-Password and
LM-Password if you want to use MS-crypted passwords.
--Tuesday, June 4, 2002, 6:53:01 PM, you wrote to [EMAIL PROTECTED]:
GP> This is what I have now. Still not working but I think we have made some
GP> progress.
GP> rad_recv: Access-Request packet from host 10.16.3.98:1331, id=16, length=145
GP> User-Name = "pptp"
GP> NAS-Port = 3789
GP> Service-Type = Framed-User
GP> Framed-Protocol = PPP
GP> Tunnel-Client-Endpoint:0 = "64.218.189.47"
GP> MS-CHAP-Response =
GP> 0x0201194aab92ae3a1eaa9e281a
GP> 9640a207ec802943af2ade44f8
GP> MS-CHAP-Challenge = 0xa91b47b2c20a4b44
GP> NAS-IP-Address = 10.16.3.98
GP> NAS-Port-Type = Virtual
GP> ..
GP> rlm_sql: Released sql socket id: 4
GP> modcall[authorize]: module "sql" returns ok
GP> modcall[authorize]: module "mschap" returns ok
GP> modcall: group authorize returns ok
GP> rad_check_password: Found Auth-Type MS-CHAP
GP> auth: type "MS-CHAP"
GP> modcall: entering group authenticate
GP> modcall[authenticate]: module "mschap" returns reject
GP> modcall: group authenticate returns reject
GP> auth: Failed to validate the user.
GP> Database:
GP> mysql> select * from radcheck where username = 'pptp';
GP> +-+--+---+---+--+
GP> | id | UserName | Attribute | Value | op |
GP> +-+--+---+---+--+
GP> | 730 | pptp | Password | ctBFfcBOu1j4g | := |
GP> +-+--+---+---+--+
GP> 1 row in set (0.00 sec)
GP> mysql> select * from radgroupcheck where groupname = 'pptp';
GP> ++---+---+-+--+
GP> | id | GroupName | Attribute | Value | op |
GP> ++---+---+-+--+
GP> | 21 | pptp | Auth-Type | MS-CHAP | := |
GP> | 22 | pptp | Framed-Protocol | PPP | := |
GP> | 23 | pptp | Service-Type | Framed-User | := |
GP> | 24 | pptp | MS-Acct-Auth-Type | MS-CHAP-2 | := |
GP> ++---+---+-+--+
GP> 4 rows in set (0.00 sec)
>> -Original Message-
>> From: Gonzalez, Pedro [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, June 04, 2002 9:13 AM
>> To: '[EMAIL PROTECTED]'
>> Subject: RE: Re[2]: PPTP
>>
>>
>> Dear 3APA3A,
>>
>> What's the dictionary's attribute entry for Auth-Type MS-CHAP?
>>
>> Thanks
>> Pedro
>>
>> > -Original Message-
>> > From: 3APA3A [mailto:[EMAIL PROTECTED]]
>> > Sent: Tuesday, June 04, 2002 7:42 AM
>> > To: Gonzalez, Pedro
>> > Subject: Re[2]: PPTP
>> >
>> >
>> > Dear Gonzalez, Pedro,
>> >
>> >
>> > --Tuesday, June 4, 2002, 4:27:00 PM, you wrote to
>> > [EMAIL PROTECTED]:
>> >
>> > GP> 3APA3A
>> >
>> > GP> I had mschap in the authentication {} section. I did not
>> > have mschap in
>> > GP> authorize {} section though. From your recomendation you
>> > are saying that if
>> > GP> I have clear text passwords I have to enable mschap in
>> > authorize {} section?
>> > GP> and if I want to use encrypted passwords I don't?
>> >
>> > Yes, mschap in authorize{} may be required for one of 2 purposes:
>> >
>> > 1. Convert cleartext password to NT/LM passwords
>> > 2. Autodetect MS-CHAP authentication (in a case user
>> > allowed to use
>> > different authentication type).
>> >
>> > GP> The point is I am using encrypted password for most of my
>> > users. I was
>> > GP> testing this one that is clear text password but I am
>> > converting all my
>> > GP> users to encrypted password so they feel better about
>> > their privacy.
>> >
>> > GP> I'll do the testing this afternoon.
>> >
>> > GP> Thanks
>> > GP> Pedro
>> >
>> > >> -Original Message-
>> > >> From: 3APA3A [mailto:[EMAIL PROTECTED]]
>> > >> Sent: Tuesday, June 04, 2002 4:12 AM
>> > >> To: Gonzalez, Pedro
>> > >> Subject: Re: PPTP
>> > >>
>> > >>
>> > >> Dear Gonzalez, Pedro,
>> > >>
>> > >> Add mschap to authorize{} section (if you store cleartext
>> > >> password) and
>> > >> to authenticate{} section, set Auth-Type to MS-CHAP instead
>> > >> of Local or
>> > >> add authtype = MS-CHAP to mschap module configuration.
>> > >>
>> > >> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to
>> > >> [EMAIL PROTECTED]:
>> > >>
>> > >> GP> Could you tell me how to activate MS-CHAP authentication?
>> > >>
>> > >> GP> This is the request:
>> > >>
>> > >> GP> rad_recv: Access-Request packet from host
>> > >> 10.16.3.98:1331, id=11, length=154
>> > >> GP> User-Name = "shicks"
>> > >> GP> NAS-Port = 3753
>> > >> GP> Service-Type = Framed-User
>> > >> GP> Framed-Protocol = PPP
>> > >> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
>> > >> GP>
Re: Compile errors on Solaris 8 sparc
Thank you for all your help. I think I have gotten it to install. What I had
to end up doing was leave the lines as follows
LIBLTDL = -ltdl
INCLTDL = -I${top_builddir}/libltdl
and I was able to run
./configure --localstatedir=/var --sysconfdir=/etc
make
make install
with no errors.
Thanks again,
Russel Premont
"Russell Premont" <[EMAIL PROTECTED]> wrote:
> I just downloaded the latest snapshot did not change any of the defaults
ran
> ./configure
> make
>
> and got the same error again. Any ideas?
I just ran it on a Solaris 7 machine. The compile line is:
gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -
Wshadow
-Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes
-Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../../include
-I/vol/home/aland/src/freeradius-snapshot-20020603/libltdl -c sql.c -o sql.o
Note the last '-I' above. That's what tells it where to find
ltdl.h.
Look in the file 'Make.inc' at the top-level. There should be lines
like:
LIBLTDL = ${top_builddir}/libltdl/libltdl.la
INCLTDL = -I${top_builddir}/libltdl
Set them appropriately, if they're not set.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Controlling Accounts
I finally have MS-CHAP working with clear text password. It did not work with encrypted passwords. Now I need a way to control when the user can and cann't login. Is there a way to do it by using "Activation" and "Expiration" attributes? like in ICRadius or is there another way? Thanks Pedro - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius+pppoe
Hi all, Recently I had the following problem, I use cistron radius + pppoe server on a Slackware platform, and my clients log on using RasPPPoe for Windows (as all of them are win98 or winXP users) and sometimes my clients got disconected verry often ( for example every 10-15mins) and on the next day everything is OK and this for another two, three days and then again happens the same. At first I thought the problem was packet loss, but after a lot of research it became clear this was not the problem, there wasn't any packet loss at all. Has anyone idea where might be the problem ? Or how can I find out what exactly happens there ? ( as I've already changed every hub/switch tried it again, checked cables and every other technical problem there might be ) Thanks in advance Best Regards, Viliana Atanassova - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PPTP
"Gonzalez, Pedro" <[EMAIL PROTECTED]> wrote: > Could you tell me how to activate MS-CHAP authentication? Don't tell it to use 'Local' > These are user's attributes > > +-+--+---+---+--+ > | id | UserName | Attribute | Value | op | > +-+--+---+---+--+ > | 727 | shicks | MS-CHAP-Challenge | password | := | > | 728 | shicks | Auth-Type | Local | := | That's the problem. It's doing what you tell it to do, NOT what you want it to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[2]: PPTP
This is what I have now. Still not working but I think we have made some
progress.
rad_recv: Access-Request packet from host 10.16.3.98:1331, id=16, length=145
User-Name = "pptp"
NAS-Port = 3789
Service-Type = Framed-User
Framed-Protocol = PPP
Tunnel-Client-Endpoint:0 = "64.218.189.47"
MS-CHAP-Response =
0x0201194aab92ae3a1eaa9e281a
9640a207ec802943af2ade44f8
MS-CHAP-Challenge = 0xa91b47b2c20a4b44
NAS-IP-Address = 10.16.3.98
NAS-Port-Type = Virtual
..
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall[authorize]: module "mschap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
modcall[authenticate]: module "mschap" returns reject
modcall: group authenticate returns reject
auth: Failed to validate the user.
Database:
mysql> select * from radcheck where username = 'pptp';
+-+--+---+---+--+
| id | UserName | Attribute | Value | op |
+-+--+---+---+--+
| 730 | pptp | Password | ctBFfcBOu1j4g | := |
+-+--+---+---+--+
1 row in set (0.00 sec)
mysql> select * from radgroupcheck where groupname = 'pptp';
++---+---+-+--+
| id | GroupName | Attribute | Value | op |
++---+---+-+--+
| 21 | pptp | Auth-Type | MS-CHAP | := |
| 22 | pptp | Framed-Protocol | PPP | := |
| 23 | pptp | Service-Type | Framed-User | := |
| 24 | pptp | MS-Acct-Auth-Type | MS-CHAP-2 | := |
++---+---+-+--+
4 rows in set (0.00 sec)
> -Original Message-
> From: Gonzalez, Pedro [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 04, 2002 9:13 AM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Re[2]: PPTP
>
>
> Dear 3APA3A,
>
> What's the dictionary's attribute entry for Auth-Type MS-CHAP?
>
> Thanks
> Pedro
>
> > -Original Message-
> > From: 3APA3A [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, June 04, 2002 7:42 AM
> > To: Gonzalez, Pedro
> > Subject: Re[2]: PPTP
> >
> >
> > Dear Gonzalez, Pedro,
> >
> >
> > --Tuesday, June 4, 2002, 4:27:00 PM, you wrote to
> > [EMAIL PROTECTED]:
> >
> > GP> 3APA3A
> >
> > GP> I had mschap in the authentication {} section. I did not
> > have mschap in
> > GP> authorize {} section though. From your recomendation you
> > are saying that if
> > GP> I have clear text passwords I have to enable mschap in
> > authorize {} section?
> > GP> and if I want to use encrypted passwords I don't?
> >
> > Yes, mschap in authorize{} may be required for one of 2 purposes:
> >
> > 1. Convert cleartext password to NT/LM passwords
> > 2. Autodetect MS-CHAP authentication (in a case user
> > allowed to use
> > different authentication type).
> >
> > GP> The point is I am using encrypted password for most of my
> > users. I was
> > GP> testing this one that is clear text password but I am
> > converting all my
> > GP> users to encrypted password so they feel better about
> > their privacy.
> >
> > GP> I'll do the testing this afternoon.
> >
> > GP> Thanks
> > GP> Pedro
> >
> > >> -Original Message-
> > >> From: 3APA3A [mailto:[EMAIL PROTECTED]]
> > >> Sent: Tuesday, June 04, 2002 4:12 AM
> > >> To: Gonzalez, Pedro
> > >> Subject: Re: PPTP
> > >>
> > >>
> > >> Dear Gonzalez, Pedro,
> > >>
> > >> Add mschap to authorize{} section (if you store cleartext
> > >> password) and
> > >> to authenticate{} section, set Auth-Type to MS-CHAP instead
> > >> of Local or
> > >> add authtype = MS-CHAP to mschap module configuration.
> > >>
> > >> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to
> > >> [EMAIL PROTECTED]:
> > >>
> > >> GP> Could you tell me how to activate MS-CHAP authentication?
> > >>
> > >> GP> This is the request:
> > >>
> > >> GP> rad_recv: Access-Request packet from host
> > >> 10.16.3.98:1331, id=11, length=154
> > >> GP> User-Name = "shicks"
> > >> GP> NAS-Port = 3753
> > >> GP> Service-Type = Framed-User
> > >> GP> Framed-Protocol = PPP
> > >> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
> > >> GP> MS-CHAP-Challenge =
> 0x425bf34f5b693a8420d8416da4c333d6
> > >> GP> MS-CHAP2-Response =
> > >> GP>
> > >> 0x020087aa098db1d035629ac54738288a0fef9b2efc6e
> > >> c56f127ec72e10
> > >> GP> 5a50c3c706c899c3d133c8d5db
> > >> GP> NAS-IP-Address = 10.16.3.98
> > >> GP> NAS-Port-Type = Virtual.
> > >>
> > >> GP> This is the result:
> > >>
> > >> GP>
> > >> GP> rlm_sql: Released sql socket id: 4
> > >> GP> rlm_sql_authorize: no rows returned from query (no such user)
> > >> GP> modcall[autho
Re: how can i get get in-correct passwords auth logs in database (sql), instead of radius.log
"Ali" <[EMAIL PROTECTED]> wrote: > i'm using freeRadius version 0.5, with rlm_sql module. auth and acct > with freeradius and postgresql is working fine. I want to get the > radius.log messages in my database, so that i can get the authntication > failure messages with incorrect passwords in the postgresql tables Right now the server can't log messages to a database, sorry. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[2]: PPTP
Dear 3APA3A,
What's the dictionary's attribute entry for Auth-Type MS-CHAP?
Thanks
Pedro
> -Original Message-
> From: 3APA3A [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 04, 2002 7:42 AM
> To: Gonzalez, Pedro
> Subject: Re[2]: PPTP
>
>
> Dear Gonzalez, Pedro,
>
>
> --Tuesday, June 4, 2002, 4:27:00 PM, you wrote to
> [EMAIL PROTECTED]:
>
> GP> 3APA3A
>
> GP> I had mschap in the authentication {} section. I did not
> have mschap in
> GP> authorize {} section though. From your recomendation you
> are saying that if
> GP> I have clear text passwords I have to enable mschap in
> authorize {} section?
> GP> and if I want to use encrypted passwords I don't?
>
> Yes, mschap in authorize{} may be required for one of 2 purposes:
>
> 1. Convert cleartext password to NT/LM passwords
> 2. Autodetect MS-CHAP authentication (in a case user
> allowed to use
> different authentication type).
>
> GP> The point is I am using encrypted password for most of my
> users. I was
> GP> testing this one that is clear text password but I am
> converting all my
> GP> users to encrypted password so they feel better about
> their privacy.
>
> GP> I'll do the testing this afternoon.
>
> GP> Thanks
> GP> Pedro
>
> >> -Original Message-
> >> From: 3APA3A [mailto:[EMAIL PROTECTED]]
> >> Sent: Tuesday, June 04, 2002 4:12 AM
> >> To: Gonzalez, Pedro
> >> Subject: Re: PPTP
> >>
> >>
> >> Dear Gonzalez, Pedro,
> >>
> >> Add mschap to authorize{} section (if you store cleartext
> >> password) and
> >> to authenticate{} section, set Auth-Type to MS-CHAP instead
> >> of Local or
> >> add authtype = MS-CHAP to mschap module configuration.
> >>
> >> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to
> >> [EMAIL PROTECTED]:
> >>
> >> GP> Could you tell me how to activate MS-CHAP authentication?
> >>
> >> GP> This is the request:
> >>
> >> GP> rad_recv: Access-Request packet from host
> >> 10.16.3.98:1331, id=11, length=154
> >> GP> User-Name = "shicks"
> >> GP> NAS-Port = 3753
> >> GP> Service-Type = Framed-User
> >> GP> Framed-Protocol = PPP
> >> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
> >> GP> MS-CHAP-Challenge = 0x425bf34f5b693a8420d8416da4c333d6
> >> GP> MS-CHAP2-Response =
> >> GP>
> >> 0x020087aa098db1d035629ac54738288a0fef9b2efc6e
> >> c56f127ec72e10
> >> GP> 5a50c3c706c899c3d133c8d5db
> >> GP> NAS-IP-Address = 10.16.3.98
> >> GP> NAS-Port-Type = Virtual.
> >>
> >> GP> This is the result:
> >>
> >> GP>
> >> GP> rlm_sql: Released sql socket id: 4
> >> GP> rlm_sql_authorize: no rows returned from query (no such user)
> >> GP> modcall[authorize]: module "sql" returns ok
> >> GP> modcall: group authorize returns ok
> >> GP> rad_check_password: Found Auth-Type Local
> >> GP> auth: type Local
> >> GP> auth: No User-Password or CHAP-Password attribute in
> the request
> >> GP> auth: Failed to validate the user.
> >>
> >> GP> These are user's attributes
> >>
> >> GP> +-+--+---+---+--+
> >> GP> | id | UserName | Attribute | Value | op |
> >> GP> +-+--+---+---+--+
> >> GP> | 727 | shicks | MS-CHAP-Challenge | password | := |
> >> GP> | 728 | shicks | Auth-Type | Local | := |
> >> GP> | 726 | shicks | MS-Acct-Auth-Type | MS-CHAP-2 | := |
> >> GP> +-+--+---+---+--+
> >>
> >> GP> Thanks
> >> GP> Pedro
> >>
> >>
> >> --
> >> ~/ZARAZA
> >> Èòàê, ÿ áóäó êðàòîê. (Òâåí)
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
>
> GP> -
> GP> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> --
> ~/ZARAZA
> Îñîáóþ ïðîáëåìó ñîñòàâëÿåò àëêîãîëèçì. (Ëåì)
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Assertion failed in radiusd.c, line 2540
Finaly got the actual snapshot running but now I got the following error message: Assertion failed in radiusd.c, line 2540 Anybody any idea ?? -- Stefan Immel |N|O|C Network Operation Center -+-+-+--- | Grove Auf der Stuecke 6Tel. +49 2773-8167-0 35708 Haiger / Germany Fax +49 2773-8167-20 -- mailto:[EMAIL PROTECTED] http://www.grove.de "There is always hope, only because it is the one thing nobody's figured out how to kill yet." ~ Galen, Crusade "Racing The Night" -- http://www.nocr2.de -> NOC R2 die Lösung für den IT-Workflow -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: PPTP
Dear Gonzalez, Pedro,
--Tuesday, June 4, 2002, 4:27:00 PM, you wrote to [EMAIL PROTECTED]:
GP> 3APA3A
GP> I had mschap in the authentication {} section. I did not have mschap in
GP> authorize {} section though. From your recomendation you are saying that if
GP> I have clear text passwords I have to enable mschap in authorize {} section?
GP> and if I want to use encrypted passwords I don't?
Yes, mschap in authorize{} may be required for one of 2 purposes:
1. Convert cleartext password to NT/LM passwords
2. Autodetect MS-CHAP authentication (in a case user allowed to use
different authentication type).
GP> The point is I am using encrypted password for most of my users. I was
GP> testing this one that is clear text password but I am converting all my
GP> users to encrypted password so they feel better about their privacy.
GP> I'll do the testing this afternoon.
GP> Thanks
GP> Pedro
>> -Original Message-
>> From: 3APA3A [mailto:[EMAIL PROTECTED]]
>> Sent: Tuesday, June 04, 2002 4:12 AM
>> To: Gonzalez, Pedro
>> Subject: Re: PPTP
>>
>>
>> Dear Gonzalez, Pedro,
>>
>> Add mschap to authorize{} section (if you store cleartext
>> password) and
>> to authenticate{} section, set Auth-Type to MS-CHAP instead
>> of Local or
>> add authtype = MS-CHAP to mschap module configuration.
>>
>> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to
>> [EMAIL PROTECTED]:
>>
>> GP> Could you tell me how to activate MS-CHAP authentication?
>>
>> GP> This is the request:
>>
>> GP> rad_recv: Access-Request packet from host
>> 10.16.3.98:1331, id=11, length=154
>> GP> User-Name = "shicks"
>> GP> NAS-Port = 3753
>> GP> Service-Type = Framed-User
>> GP> Framed-Protocol = PPP
>> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
>> GP> MS-CHAP-Challenge = 0x425bf34f5b693a8420d8416da4c333d6
>> GP> MS-CHAP2-Response =
>> GP>
>> 0x020087aa098db1d035629ac54738288a0fef9b2efc6e
>> c56f127ec72e10
>> GP> 5a50c3c706c899c3d133c8d5db
>> GP> NAS-IP-Address = 10.16.3.98
>> GP> NAS-Port-Type = Virtual.
>>
>> GP> This is the result:
>>
>> GP>
>> GP> rlm_sql: Released sql socket id: 4
>> GP> rlm_sql_authorize: no rows returned from query (no such user)
>> GP> modcall[authorize]: module "sql" returns ok
>> GP> modcall: group authorize returns ok
>> GP> rad_check_password: Found Auth-Type Local
>> GP> auth: type Local
>> GP> auth: No User-Password or CHAP-Password attribute in the request
>> GP> auth: Failed to validate the user.
>>
>> GP> These are user's attributes
>>
>> GP> +-+--+---+---+--+
>> GP> | id | UserName | Attribute | Value | op |
>> GP> +-+--+---+---+--+
>> GP> | 727 | shicks | MS-CHAP-Challenge | password | := |
>> GP> | 728 | shicks | Auth-Type | Local | := |
>> GP> | 726 | shicks | MS-Acct-Auth-Type | MS-CHAP-2 | := |
>> GP> +-+--+---+---+--+
>>
>> GP> Thanks
>> GP> Pedro
>>
>>
>> --
>> ~/ZARAZA
>> Èòàê, ÿ áóäó êðàòîê. (Òâåí)
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
GP> -
GP> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
Îñîáóþ ïðîáëåìó ñîñòàâëÿåò àëêîãîëèçì. (Ëåì)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PPTP
3APA3A
I had mschap in the authentication {} section. I did not have mschap in
authorize {} section though. From your recomendation you are saying that if
I have clear text passwords I have to enable mschap in authorize {} section?
and if I want to use encrypted passwords I don't?
The point is I am using encrypted password for most of my users. I was
testing this one that is clear text password but I am converting all my
users to encrypted password so they feel better about their privacy.
I'll do the testing this afternoon.
Thanks
Pedro
> -Original Message-
> From: 3APA3A [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 04, 2002 4:12 AM
> To: Gonzalez, Pedro
> Subject: Re: PPTP
>
>
> Dear Gonzalez, Pedro,
>
> Add mschap to authorize{} section (if you store cleartext
> password) and
> to authenticate{} section, set Auth-Type to MS-CHAP instead
> of Local or
> add authtype = MS-CHAP to mschap module configuration.
>
> --Tuesday, June 4, 2002, 12:29:38 AM, you wrote to
> [EMAIL PROTECTED]:
>
> GP> Could you tell me how to activate MS-CHAP authentication?
>
> GP> This is the request:
>
> GP> rad_recv: Access-Request packet from host
> 10.16.3.98:1331, id=11, length=154
> GP> User-Name = "shicks"
> GP> NAS-Port = 3753
> GP> Service-Type = Framed-User
> GP> Framed-Protocol = PPP
> GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
> GP> MS-CHAP-Challenge = 0x425bf34f5b693a8420d8416da4c333d6
> GP> MS-CHAP2-Response =
> GP>
> 0x020087aa098db1d035629ac54738288a0fef9b2efc6e
> c56f127ec72e10
> GP> 5a50c3c706c899c3d133c8d5db
> GP> NAS-IP-Address = 10.16.3.98
> GP> NAS-Port-Type = Virtual.
>
> GP> This is the result:
>
> GP>
> GP> rlm_sql: Released sql socket id: 4
> GP> rlm_sql_authorize: no rows returned from query (no such user)
> GP> modcall[authorize]: module "sql" returns ok
> GP> modcall: group authorize returns ok
> GP> rad_check_password: Found Auth-Type Local
> GP> auth: type Local
> GP> auth: No User-Password or CHAP-Password attribute in the request
> GP> auth: Failed to validate the user.
>
> GP> These are user's attributes
>
> GP> +-+--+---+---+--+
> GP> | id | UserName | Attribute | Value | op |
> GP> +-+--+---+---+--+
> GP> | 727 | shicks | MS-CHAP-Challenge | password | := |
> GP> | 728 | shicks | Auth-Type | Local | := |
> GP> | 726 | shicks | MS-Acct-Auth-Type | MS-CHAP-2 | := |
> GP> +-+--+---+---+--+
>
> GP> Thanks
> GP> Pedro
>
>
> --
> ~/ZARAZA
> Èòàê, ÿ áóäó êðàòîê. (Òâåí)
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed to link to module 'rlm_unix-0.6': file not found
Failed to link to module 'rlm_unix-0.6': file not found every time I try to start the radius deamon from the newest snapshot I get this error message. a ls in /usr/local/lib shows the following: rlm_unix-0.6.so rlm_unix.la rlm_unix.so.0 rlm_unix.a rlm_unix.so rlm_unix.so.0.0.0 a radiusd -X shows: Module: Library search path is /usr/local/lib radiusd.conf[328] Failed to link to module 'rlm_unix-0.6': file not found Is there any way so find out why he can't load that module ??? Regards -- Stefan Immel |N|O|C Network Operation Center -+-+-+--- | Grove Auf der Stuecke 6Tel. +49 2773-8167-0 35708 Haiger / Germany Fax +49 2773-8167-20 -- mailto:[EMAIL PROTECTED] http://www.grove.de "There is always hope, only because it is the one thing nobody's figured out how to kill yet." ~ Galen, Crusade "Racing The Night" -- http://www.nocr2.de -> NOC R2 die Lösung für den IT-Workflow -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how can i get get in-correct passwords auth logs in database (sql), instead of radius.log
i'm using freeRadius version 0.5, with rlm_sql module. auth and acct with freeradius and postgresql is working fine. I want to get the radius.log messages in my database, so that i can get the authntication failure messages with incorrect passwords in the postgresql tables -ali
Re: PPTP
Dear Gonzalez, Pedro,
Add mschap to authorize{} section (if you store cleartext password) and
to authenticate{} section, set Auth-Type to MS-CHAP instead of Local or
add authtype = MS-CHAP to mschap module configuration.
--Tuesday, June 4, 2002, 12:29:38 AM, you wrote to [EMAIL PROTECTED]:
GP> Could you tell me how to activate MS-CHAP authentication?
GP> This is the request:
GP> rad_recv: Access-Request packet from host 10.16.3.98:1331, id=11, length=154
GP> User-Name = "shicks"
GP> NAS-Port = 3753
GP> Service-Type = Framed-User
GP> Framed-Protocol = PPP
GP> Tunnel-Client-Endpoint:0 = "68.15.204.39"
GP> MS-CHAP-Challenge = 0x425bf34f5b693a8420d8416da4c333d6
GP> MS-CHAP2-Response =
GP> 0x020087aa098db1d035629ac54738288a0fef9b2efc6ec56f127ec72e10
GP> 5a50c3c706c899c3d133c8d5db
GP> NAS-IP-Address = 10.16.3.98
GP> NAS-Port-Type = Virtual.
GP> This is the result:
GP>
GP> rlm_sql: Released sql socket id: 4
GP> rlm_sql_authorize: no rows returned from query (no such user)
GP> modcall[authorize]: module "sql" returns ok
GP> modcall: group authorize returns ok
GP> rad_check_password: Found Auth-Type Local
GP> auth: type Local
GP> auth: No User-Password or CHAP-Password attribute in the request
GP> auth: Failed to validate the user.
GP> These are user's attributes
GP> +-+--+---+---+--+
GP> | id | UserName | Attribute | Value | op |
GP> +-+--+---+---+--+
GP> | 727 | shicks | MS-CHAP-Challenge | password | := |
GP> | 728 | shicks | Auth-Type | Local | := |
GP> | 726 | shicks | MS-Acct-Auth-Type | MS-CHAP-2 | := |
GP> +-+--+---+---+--+
GP> Thanks
GP> Pedro
--
~/ZARAZA
Èòàê, ÿ áóäó êðàòîê. (Òâåí)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mac adress authentication
hi, i'm using freeradius and Aeronet340. how can i configure radius to accept mac address authetication? my access point is all ready configured to use MAC authentication. ___ Copa del Mundo de la FIFA 2002 El único lugar de Internet con vídeos de los 64 partidos. ¡Apúntante ya! en http://fifaworldcup.yahoo.com/fc/es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
