ldap problem
hi all,
i try to add these in the radiusd.conf
authtype LDAP {
ldap
}
authtype LDAP1 {
ldap1
}
but when i start it and it prompt me
radiusd.conf[650] Failed to link to module 'rlm_ldap1': file not found
how should i fixed? Thank you
Regards,
Brian Leung
System Engineer
Pacific Supernet
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pptp radius mysql
Hi there, I'm trying set freeradius-0.5 to authenticate trough mysql database. And I'm receiving the following log: ... Jul 22 14:30:23 proxy pppd[2626]: rcvd [CHAP Response id=0x1 25aa03e195d05d392570518bf79a3ed0, name = "dizma"]Jul 22 14:30:33 proxy pppd[2626]: rc_check_reply: received invalid reply digest from RADIUS serverJul 22 14:30:33 proxy pppd[2626]: sent [CHAP Failure id=0x1 "I don't like you. Go 'way."]Jul 22 14:30:33 proxy pppd[2626]: CHAP peer authentication failed for remote host dizmaJul 22 14:30:33 proxy pppd[2626]: sent [LCP TermReq id=0x4 "Authentication failed"]Jul 22 14:30:33 proxy pppd[2626]: rcvd [CHAP Response id=0x1 25aa03e195d05d392570518bf79a3ed0, name = "dizma"]Jul 22 14:30:33 proxy last message repeated 2 timesJul 22 14:30:33 proxy pptpd[2625]: CTRL: Received PPTP Control Message (type: 15)Jul 22 14:30:33 proxy pptpd[2625]: CTRL: Got a SET LINK INFO packet with standard ACCMsJul 22 14:30:33 proxy pppd[2626]: rcvd [LCP TermAck id=0x4 "Authentication failed"]Jul 22 14:30:33 proxy pppd[2626]: Connection terminated.Jul 22 14:30:33 proxy pppd[2626]: Exit.Jul 22 14:30:33 proxy pptpd[2625]: GRE: read(fd=5,buffer=804da00,len=8196) from PTY failed: status = -1 error = Input/output errorJul 22 14:30:33 proxy pptpd[2625]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)Jul 22 14:30:33 proxy pptpd[2625]: CTRL: Client 192.168.210.55 control connection finishedJul 22 14:30:33 proxy pptpd[2625]: CTRL: Exiting nowJul 22 14:30:33 proxy pptpd[2007]: MGR: Reaped child 2625 and the following radius log: Mon Jul 22 14:30:23 2002 : Auth: Login incorrect: [dizma/CHAP-Password] (from nas local port 0)Mon Jul 22 14:30:33 2002 : Info: Sending duplicate authentication reply to client 192.168.210.2:32770 - ID: 111 I think that I didn't configure correct the CHAP authentication. Can someone help me please. NN ---Risk Engineering Ltd. Nikodim Nikodimov34 Totleben Bulv. System AdministratorSofia 1604, Bulgaria e-mail: [EMAIL PROTECTED]http://www.riskeng.bg/ Phone: +359 (2) 9525236-110---
pptp radius mysql
Hmm, I add another user with Attribute CHAP-Password in the radcheck tables and here is my radius log: Mon Jul 22 15:26:30 2002 : Auth: Login OK: [nick/CHAP-Password] (from nas local port 0) but I still can not connect and still receive: Jul 22 15:26:30 proxy pppd[3759]: rcvd [CHAP Response id=0x1 f48d9365dc9c35f343634418c8eb84fb, name = "nick"]Jul 22 15:26:30 proxy pppd[3759]: rc_check_reply: received invalid reply digest from RADIUS serverJul 22 15:26:30 proxy pppd[3759]: sent [CHAP Failure id=0x1 "I don't like you. Go 'way."]Jul 22 15:26:30 proxy pppd[3759]: CHAP peer authentication failed for remote host nickJul 22 15:26:30 proxy pppd[3759]: sent [LCP TermReq id=0x4 "Authentication failed"]Jul 22 15:26:30 proxy pptpd[3758]: CTRL: Received PPTP Control Message (type: 15)Jul 22 15:26:30 proxy pptpd[3758]: CTRL: Got a SET LINK INFO packet with standard ACCMsJul 22 15:26:30 proxy pppd[3759]: rcvd [LCP TermAck id=0x4 "Authentication failed"]Jul 22 15:26:30 proxy pppd[3759]: Connection terminated.Jul 22 15:26:30 proxy pppd[3759]: Exit.Jul 22 15:26:30 proxy pptpd[3758]: GRE: read(fd=5,buffer=804da00,len=8196) from PTY failed: status = -1 error = Input/output errorJul 22 15:26:30 proxy pptpd[3758]: CTRL: PTY read or GRE write failed (pty,gre)=(5,6)Jul 22 15:26:30 proxy pptpd[3758]: CTRL: Client 192.168.210.55 control connection finishedJul 22 15:26:30 proxy pptpd[3758]: CTRL: Exiting nowJul 22 15:26:30 proxy pptpd[3640]: MGR: Reaped child 3758 Best Regards NN --Risk Engineering Ltd. Nikodim Nikodimov34 Totleben Bulv. System AdministratorSofia 1604, Bulgaria e-mail: [EMAIL PROTECTED]http://www.riskeng.bg/ Phone: +359 (2) 9525236-110---
Re: ldap problem
Do something like this:
Define your ldap blocks:
ldap FOO{
...
}
ldap FOO2{
...
}
Then do your authtype:
authtype LDAP {
FOO
FOO2
}
Actually, you may want to make that:
authtype LDAP {
redundant {
FOO
FOO2
}
}
--JST
On Mon, 22 Jul 2002, Brian Leung wrote:
Date: Mon, 22 Jul 2002 17:30:27 +0800 (HKT)
From: Brian Leung [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: ldap problem
hi all,
i try to add these in the radiusd.conf
authtype LDAP {
ldap
}
authtype LDAP1 {
ldap1
}
but when i start it and it prompt me
radiusd.conf[650] Failed to link to module 'rlm_ldap1': file not found
how should i fixed? Thank you
Regards,
Brian Leung
System Engineer
Pacific Supernet
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot find a Domain attribute ??
Deramus, Chris [EMAIL PROTECTED] wrote: Sorry for the confusion, I meant I have to return that Domain attribute to the NAS, we have different program offices with resources on different domains. You can return the MS-CHAP-Domain domain attribute in the Access-Accept. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pptp radius mysql
Nikodim Nikodimov [EMAIL PROTECTED] wrote: I'm trying set freeradius-0.5 You should upgrade to the latest CVS snapshot. 0.7 will be released very soon. Jul 22 14:30:33 proxy pppd[2626]: rc_check_reply: received invalid reply = digest from RADIUS server So the shared secret is probably wrong. Did you read the FAQ? And please don't CC me on messages to the list. I *do* read the list, and I *don't* like getting multiple copies of the same email. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
HOWTO - Use RADIUS only if SSH Authen fails
Hi, on our machines, we can log using RADIUS or SSH (if RADIUS is not installed) the question is, how (if possible) to force all machines to try authenticating people first with an SSH key (let say, one change for ssh paraphrase) and only swap to radius if ssh authent fails ? I don't know if it sounds idiot or what... my problem with radius is that we have to wait for 1min between two consecutive loggins (and it sux for massive scp on different machines) - we can't log twice with the same radius key ... Thanks for answers, Jo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Pass variables between modules
Hi, all! I need my own modules for freeradius, and want to pass some values, produced by first module at authorization step, to second module which act later. What manner is best for doing this? I suppose that first module should set some attributes in request, and second remove it... But how I should assign number to such internal attributes? Thanks. -- Denis Tatarskikh [UdSU/MF] [UdSU/IC]mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pass variables between modules
Dear [EMAIL PROTECTED], --Monday, July 22, 2002, 6:26:38 PM, you wrote to [EMAIL PROTECTED]: dcur What manner is best for doing this? dcur I suppose that first module should set dcur some attributes in request, and second remove it... But how I should Not in request but in configured items. dcur assign number to such internal attributes? To be absolutely correct you should obtain private enterprise number (PEN) from IANA, to add your own dictionary and to create any Vendor-specific attributes under your PEN. But if you just need it to work and you don't care about possible future incompatibility you can add some large unassigned value to dictionary.freeradius (for example) or to take some unassigned PEN. -- ~/ZARAZA ðÉÛÉÔÅ ÅÝÅ. é ÅÓÌÉ × ×ÁÛÅÊ ÐÅÔÉÃÉÉ ÉÍÅÌÓÑ ËÁËÏÊ-ÎÉÂÕÄØ ÓÍÙÓÌ, ÔÏ, ÎÅ ÓÔÅÓÎÑÑÓØ, ÒÁÚßÑÓÎÉÔÅ × ÞÅÍ ÄÅÌÏ. (ô×ÅÎ) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Groups and users
Hi all. I've managed to run radius for several users using the text file users. Before attempting to try the sql method, I want to make some tests using users in a group. How do I define a group? I want to do it as if a new user is added to the users file, but dont know. For the moment I've test putting: bob Group:=testgroup rest of attributes testgroup Session-Timeout=200 As Session timeout is the same for all the users I dont want to put it on every user. Is there an easy way to do that? I dont want to do something very difficult, as it's just only a test. I've search in the mail list and said sth about the passwd module. Is it possible to do it without entering in it? I mean, just like adding a user to users file. TA. P.D.: Is it possible to do it in an easy way using SQL? cause then I jump into it. Jorge Lanza Calderón Department of Communications Engineering Telematic Engineering Group University of Cantabria Avda. de los Castros, s/n 39005 - Santander (SPAIN) Tel: +34 942 200914 Fax: +34 942 201488 mailto:[EMAIL PROTECTED] Web: http://www.tlmat.unican.es - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need help please
Run radiusd in debug mode with the -x flag. Then let us know what errors or stange things are appearing. Aaron Weiker -Original Message- From: Bertrand TACHAGO [mailto:[EMAIL PROTECTED]] Sent: Monday, July 22, 2002 11:14 AM To: [EMAIL PROTECTED] Subject: Need help please Hello, I was using freeradius version 0.5 with Redhat Linux 7.1 and everythings were working properly. But since I upgraded the system to Redhat Linux 7.2, nothing is working now: anyone is unable to connect. Please can someone help me solve this problem? Thanks in advance -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help
Hello, I was using freeradius version 0.5 with Redhat Linux 7.1 and everythings were working properly. But since i upgraded the system to Redhat Linux 7.2, nothing is working: anyone is unable to connect. Please can someone help me solve this problem? Thanks in advance -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help please
Hello, I was using freeradius version 0.5 with Redhat Linux 7.1 and everythings were working properly. But since I upgraded the system to Redhat Linux 7.2, nothing is working now: anyone is unable to connect. Please can someone help me solve this problem? Thanks in advance -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help
Hello, I was using freeradius version 0.5 with Redhat Linux 7.1 and everythings were working properly. But since i upgraded the system to Redhat Linux 7.2, nothing is working: anyone is unable to connect. Please can someone help me solve this problem? Thanks in advance -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help
Bertrand TACHAGO [EMAIL PROTECTED] wrote: ... Posting 4 copies of the same message to the list without reading any replies isn't nice. Read the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help
Sorry, there was a problem with my mail server. Alan DeKok wrote: Bertrand TACHAGO [EMAIL PROTECTED] wrote: ... Posting 4 copies of the same message to the list without reading any replies isn't nice. Read the FAQ. Alan DeKok. -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help please
I had recompiled the program as you adviced me but at now, when I'm trying to start the program, I have the following error: Starting Freeradius server: radwatch/etc/rc.d/init.d/rc.radiusd: start-stop-daemon: command not found radiusd. Please can you tell me what wrong is? Enesha Fairluck wrote: try recompiling the program - Original Message - From: Bertrand TACHAGO To: [EMAIL PROTECTED] Sent: Monday, July 22, 2002 10:28 AM Subject: Need help please Hello, I was using freeradius version 0.5 with Redhat Linux 7.1 and everythings were working properly. But since I upgraded the system to Redhat Linux 7.2, nothing is working now: anyone is unable to connect. Please can someone help me solve this problem? Thanks in advance -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need help please
The problem is the startup script you are using. To start the daemon just execute radiusd directly and pass the appropriate arguments. Not all flavors of *nix have the start-stop-daemon program/function. Aaron -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Bertrand TACHAGO Sent: Monday, July 22, 2002 1:17 PM To: Enesha Fairluck Cc: [EMAIL PROTECTED] Subject: Re: Need help please I had recompiled the program as you adviced me but at now, when I'm trying to start the program, I have the following error: Starting Freeradius server: radwatch/etc/rc.d/init.d/rc.radiusd: start-stop-daemon: command not found radiusd. Please can you tell me what wrong is? Enesha Fairluck wrote: try recompiling the program - Original Message - From: Bertrand TACHAGO To: [EMAIL PROTECTED] Sent: Monday, July 22, 2002 10:28 AM Subject: Need help please Hello, I was using freeradius version 0.5 with Redhat Linux 7.1 and everythings were working properly. But since I upgraded the system to Redhat Linux 7.2, nothing is working now: anyone is unable to connect. Please can someone help me solve this problem? Thanks in advance -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Bertrand TACHAGO Computer specialist, Network Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
as5300 telnet access
Hello all,i am trying to configure an as5300 to authenticate telnet
connections to my freeradius
but i keep getting authentication failed,i wanted to check out if
everything is ok..
I already have the as5300 logging voip connections to the radius server
without any problem..
Sorry for the long mail
The config. goes as follows:
Jhon is a valid username in the cisco as5300
Users file:
mike Auth-Type := Local, User-Password == lem1
Reply-Message = Hello, %u
mike2Auth-Type := Local, User-Password == lem1
Reply-Message = Hello, %u
JhonPassword = tryout -- The same password as in the cisco
device
User-Service-Type = Login-User,
Login-Host = 10.0.0.1,
Login-Service = Telnet
This is the debug output from the freeradius sever:
Sending Access-Reject of id 19 to 10.0.0.1:1645 -- I am using 1812 in
radiusd.conf
Waking up in 4 seconds...
rad_recv: Accounting-Request packet from host 10.0.0.1:1646, id=20,
length=109
NAS-IP-Address = 10.0.0.1
NAS-Port = 2
NAS-Port-Type = Virtual
User-Name = Jhon
Calling-Station-Id = 10.0.0.2
Acct-Status-Type = Stop
Acct-Authentic = RADIUS
Service-Type = NAS-Prompt-User
Acct-Session-Id = 0716
Acct-Terminate-Cause = User-Error
Acct-Session-Time = 2
Acct-Delay-Time = 0
modcall: entering group preacct
modcall[preacct]: module preprocess returns noop
rlm_realm: Looking up realm NULL for User-Name = Jhon
rlm_realm: No such realm NULL
modcall[preacct]: module suffix returns noop
modcall[preacct]: module files returns noop
modcall: group preacct returns noop
modcall: entering group accounting
radius_xlat: '/usr/lcoal/raddb/var/log/radius/radacct/10.0.0.1/detail'
rlm_detail:
/home/raddb/var/log/radius/radacct/%{Client-IP-Address}/detail expands
to /home/raddb/var/log/radius/radacct/10.0.0.1/detail
modcall[accounting]: module detail returns ok
modcall[accounting]: module unix returns ok
radius_xlat: 'Jhon'
modcall[accounting]: module radutmp returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 20 to 10.0.0.1:1646--- The problem
seems to be here..
Finished request 29
Going to the next request
I only have the 1812,1813 ports configured in the as5300,i tried to
configure 1845,1846 but
the results are the same..any ideas why the Response is being sent
trough the 1646 port
Sending Accounting-Response of id 20 to 10.0.0.1:1646---
Thank you very much,againsorry for the long mail
Hernan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: as5300 telnet access
Hernan Marcelo Salvarezza [EMAIL PROTECTED] wrote: Hello all,i am trying to configure an as5300 to authenticate telnet connections to my freeradius but i keep getting authentication failed,i wanted to check out if everything is ok.. Then run it in debugging mode, and read the results. This is the debug output from the freeradius sever: Sending Access-Reject of id 19 to 10.0.0.1:1645 -- I am using 1812 in radiusd.conf So what heppened BEFORE this? rad_recv: Accounting-Request packet from host 10.0.0.1:1646, id=20, length=109 ... Sending Accounting-Response of id 20 to 10.0.0.1:1646--- The problem seems to be here.. This is accounting, which has nothing to do with authentication. The user was already rejected, so they can't log in. I only have the 1812,1813 ports configured in the as5300,i tried to configure 1845,1846 but the results are the same..any ideas why the Response is being sent trough the 1646 port Sending Accounting-Response of id 20 to 10.0.0.1:1646--- The source port of the Accounting-Request packet from the NAS is not important. It can be anything, and I very much doubt that you can configure it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: as5300 telnet access
Hernan Marcelo Salvarezza [EMAIL PROTECTED] wrote: I am sorry that's from the previous loggin attempt If the accounting ports are not important,the only error like messages i got are the following: modcall[preacct]: module preprocess returns noop rlm_realm: Looking up realm NULL for User-Name = Jhon rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop modcall[preacct]: module files returns noop modcall: group preacct returns noop Those are NOT error messages. Those are debugging messages produced by the server. I am looking for this error but,i can not find anything in the web. Sending Accounting-Response of id 53 to 10.0.0.1:1646 Why do you think this message has anything to do with authentication rejects? Any idea why the user is being rejected? If you actually read the logs produced by the server, you would see the reason. I have no idea why you think that posting information from accounting packets will allow anyone to debug problems with authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help
I hope all your ports is open, specially for the radius. Because you might forgot the port to open, and its block of your ipchains policies... thats only I guess. thank's --ador On Monday 22 July 2002 21:07, you wrote: Hello, I was using freeradius version 0.5 with Redhat Linux 7.1 and everythings were working properly. But since i upgraded the system to Redhat Linux 7.2, nothing is working: anyone is unable to connect. Please can someone help me solve this problem? Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
