Accounting Issue
Hi guys,
Having an accounting issue ... why does the bandwidth not get detected
everytime ... it is not being captured in sql or detailed?
Version - Freeradius 0.7.1
Radius.conf Section -
accounting {
acct_unique
detail
sql
radutmp
}
Sql.conf Section -
accounting_update_query = "UPDATE ${acct_table1} SET FramedIPAddress =
'%{Framed-IP-Address}', AcctInputOctets = '%{Acct-Input-Octets}',
AcctOutputOctets = '%{Acct-Output-Packets}' WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress=
'%{NAS-IP-Address}' AND AcctStopTime = 1"
Sample of report -
Radius Log Report for: scott
Date LoginLogoutOntime Port BandWt-In/Out Total
-
07/10/2002 20:48:34 20:54:31 5m57s A11 0.0K/0.0K0h05m
07/10/2002 20:59:14 21:07:24 8m10s A11 0.0K/0.0K0h14m
08/10/2002 12:07:32 12:15:20 7m48s A11 111.2K/1.4M 0h21m
09/10/2002 13:12:39 13:19:15 6m36s A12 7.1K/1.7K0h28m
16/10/2002 21:20:53 02:17:40 296m47s A11 0.0K/0.0K5h25m
17/10/2002 06:40:48 07:29:38 48m50s A11 0.0K/0.0K6h14m
I changed my account config in radiusd.conf and added acct_unique. I also
changed the AcctStopTime from 0 to 1 in my attempts to get things working
well.
Any suggestions would be appreciated ...
Thanks,
Scott
Scott Harris
Cairns, Queensland, Australia
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a question about the snapshot20021015
When trying to "make" the below mentioned snapshot .. 20021016 .. it fails with .. gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../include -c request_list.c make[4]: *** No rule to make target `-lltdl', needed by `radiusd'. Stop. make[4]: Leaving directory `/root/freeradius-snapshot-20021016/src/main' make[3]: *** [common] Error 1 make[3]: Leaving directory `/root/freeradius-snapshot-20021016/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/root/freeradius-snapshot-20021016/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/root/freeradius-snapshot-20021016' make: *** [all] Error 2 ??? Thank You At 11:28 16/10/2002 -0400, you wrote: >"wanglu" <[EMAIL PROTECTED]> wrote: > > I have downloaded the newest freeradius from= > > ftp://ftp.freeradius.org/pub/radius/cvs-snapshots. > > But after I configured ,there is an error when "make": > > .. > > Making static dynamic in rlm_eap_md5... > > /bin/sh: cd: rlm_eap_md5: No such file or directory > > Grab the CVS snapshot from last night (i.e. the one there now) > > Alan DeKok. > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html Tim Fraser * Relax Internet Internet Service Provider (dial-up & ADSL) / Web Hosting www.relax.com.au * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: config info for first time user
There's a sample chapter called "Getting Started with FreeRADIUS" on my website at http://www.theradiusbook.com. You might want to check there, as I think it's a decent introduction to FreeRADIUS. Jonathan Hassell Doug Young wrote: >>"Doug Young" <[EMAIL PROTECTED]> wrote: >> >> >>>I wish to setup radius in FreeBSD for authenticating dialin users but >>>haven't a ghost of a clue about where to start would someone please >>>advise where to find some explicit info ?? >>> >>> >> The documentation that comes with the server? The book that's >>pointed to from the web site? >> >> >> > >Thanks for the response > >The 'official' documentation is probably adequate for someone already >familiar with radius, but its totally inadequate for someone trying to >configure radius for the first time. As for the O'Reilly book, our currency >exchange rates make those things HORRIBLY expensive in OZ > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Running perl program
Might I suggest http://www.theradiusbook.com/html/buythebook.htm? I believe it answers all of your questions, and it should serve as a good introduction to RADIUS since you say you're new to the environment. To directly answer your question, can you clarify what you mean by "strange database"? Jonathan Hassell [EMAIL PROTECTED] wrote: > Hi guys, > >I'm new in this list and in the world Radius, and I aalready > have doubts :-) > >I have this scenery: > >My Radius Outside Radius RAS > --- > ----- > | A || B > | |C | > --- > ----- > >C send a request to B that make a Proxy to A (my Radius) and > then I need to AAA this request, but to validate this user, I need to > run a perl script to check in my strange Database. >Questions: >1) is it possible freeradius receive a proxy radius request? >2) Can "A" authenticate in this way? > >Thank you in advance >Alex Falcão - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Running perl program
Hi guys, I'm new in this list and in the world Radius, and I aalready have doubts :-) I have this scenery: My Radius Outside Radius RAS --- --- -- | A | | B | | C | --- --- -- C send a request to B that make a Proxy to A (my Radius) and then I need to AAA this request, but to validate this user, I need to run a perl script to check in my strange Database. Questions: 1) is it possible freeradius receive a proxy radius request? 2) Can "A" authenticate in this way? Thank you in advance Alex Falcão
Re: config info for first time user
> "Doug Young" <[EMAIL PROTECTED]> wrote: > > I wish to setup radius in FreeBSD for authenticating dialin users but > > haven't a ghost of a clue about where to start would someone please > > advise where to find some explicit info ?? > > The documentation that comes with the server? The book that's > pointed to from the web site? > Thanks for the response The 'official' documentation is probably adequate for someone already familiar with radius, but its totally inadequate for someone trying to configure radius for the first time. As for the O'Reilly book, our currency exchange rates make those things HORRIBLY expensive in OZ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: xlat.c issue...
>> The snapshot dated 20021002 handles accounting requests with a Realm AV >> pair just fine and the detailfile is expanded correctly. However, when no >> Realm AV pair is present, radius_xlat tacks on a '}' to the end of the >> literal string 'accounting': > > I've just committed a fix for that, thanks. > > Alan DeKok. Works perfectly, Alan. Thank you. Franklin -- Franklin Trumpy, NFA, MNGS, GSc | Say not, "I have found the truth," Sr. UNIX Systems Administrator | but rather, "I have found a truth." Lighthouse Communications | [EMAIL PROTECTED] | Say not, "I have found the path of the soul." (515)244-1115 | Say rather, "I have met the soul walking (888)953-3278 | upon my path." http://www.lh.net | | -Kahlil Gibran, _The Prophet_, 1923 | - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CLID for users...
On Wed, Oct 16, 2002 at 02:32:52PM +0300, Kostas Kalevras wrote: > rlm_checkval will also log failure messages if the CLID for a user does not > match the configured one. It will only do the check if you have configured an > allowed CLID in ldap for that user and a CLID is included in the incoming > Access-Request. FYI, the correct acronym is 'CNID', for Calling Number IDentification. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: CLID for users...
On Wed, 16 Oct 2002, Costas Christonis wrote: > First of all thanks for the aswer Kostas, > > WE try to compile the file but we didn't take an lib file like ".so" > Do we have to do something more than a simple compilation? Well you need a Makefile. The best thing is to go in src/modules create a folder rlm_checkval , copy and edit the Makefile from rlm_pap and do a make;make install > > Another thing is that the format of the callid... > I saw that the datatype must be string but it has to be just a string > like 0101234567 or does it has to be formated like 010-1234567 or > somehting ? It will just do a strcmp() so there is no special format. You can use the rlm_attr_rewrite to do any necessary rewrites if you need to. > > > Costas A. Christonis > Networking & Communications Centre > Gallos Campus - University of Crete > tel: +30-8310-77044 > email: [EMAIL PROTECTED] > http://www.ucnet.uoc.gr/ > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius and SQL/ORACLE
I have the same error: rlm_sql_getvpdata: database query error Could someone help? MM -Original Message- From: Adam Joncas [mailto:[EMAIL PROTECTED]] Sent: Tuesday, October 15, 2002 11:41 PM To: [EMAIL PROTECTED] Subject: FreeRadius and SQL/ORACLE Hello, I have successfully connected to Oracle from FreeRadius but it seems that I am unable to return the correct data to FreeRadius. I am getting the correct logs until I make an request from the client. Here is a snippet of the output after I make a request using the Radtest app. I have the user 'adam' in the oracle database in both the radreply and the radcheck tables and my oracle user has the correct privileges. What other information must I store in order for the requests to exchange correctly. The 'rlm_sql: failed after reconnect' below, is from the rlm_sql_select_query call. Also I built FreeRadius with Threads and Thread pool enabled. Thanks. rad_recv: Access-Request packet from host 10.11.10.24:32871, id=209, length=54 User-Name = "adam" User-Password = "'<2cH\257\246\002\341!Z\300\341\263\314\240" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "10" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok radius_xlat: 'adam' sql_set_user: escaped user --> 'adam' radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'adam' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'adam' ORDER BY id rlm_sql: Attempting to connect #4 rlm_sql: Connected new DB handle, #4 SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'adam' ORDER BY id rlm_sql: failed after re-connect rlm_sql_getvpdata: database query error rlm_sql: SQL query error; rejecting user rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns fail modcall: group authorize returns fail There was no response configured: rejecting request 0 Server rejecting request 0. Finished request 0 Going to the next request -- Adam Joncas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users file "Huntgroup-Name !=" not working
Hi, tried with today cvs, still can't work. my configuration: huntgroups file: --- bras NAS-Identifier == "BRAS" users file: --- DEFAULT Huntgroup-Name != "bras" Reply-Message = "test" DEFAULT Huntgroup-Name == "bras" Reply-Message = "no test" then I use radclient to send: User-Name = "abc", Password = "secret", NAS-IP-Address = 123.99.290.11, NAS-Identifier = "BRAS" then I got the reply: Received response ID 7, code 2, length = 29 Reply-Message = "test" but I can see from the debug message, that huntgroup of "bras" is match: modcall[authorize]: module "ldap" returns ok huntgroups: Matched bras at 1 huntgroups: Matched bras at 1 huntgroups: Matched bras at 1 huntgroups: Matched bras at 1 users: Matched DEFAULT at 1 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok seem like that the radiusd treate "Huntgroup-Name !=" same as "Huntgroup-Name ==". is this a bug? On Wed, 16 Oct 2002, Chris Parker wrote: > Date: Wed, 16 Oct 2002 10:06:31 -0500 > From: Chris Parker <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: [EMAIL PROTECTED] > Subject: Re: users file "Huntgroup-Name !=" not working > > At 11:56 AM 10/16/2002 +0800, CheongMeng wrote: > >Hi, > > > >can't get "Huntgroup-Name !=" working in the users file. > >tried to run in debug mode, I see it match the huntgroup line, > >but when come to "users", the "Huntgroup-Name" didn't take effect at all. > > > >I am using freeradius cvs dated 31 Aug. > > > >found that this bug did not exist at freeradius-0.5 > >a check on code, found that that are a lot of difference in the > >valuepair.c:paircmp and rlm_preprocess:huntgroup_access. > > > >I am not sure if this is the root of the problem, > >can some developer shed some light? > > Upgrade first. If you're still having the problem, we can look at it > further. It is very hard to determine whether it's a bug that has been > fixed or an improper configuration without running the latest release. > > -Chris > -- > \\\|||/// \ StarNet Inc. \ Chris Parker > \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering > | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\-- >\ Wholesale Internet Services - http://www.megapop.net > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Cheers, CM. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Errors when trying to make the configuration
"Coy Wadsworth" <[EMAIL PROTECTED]> wrote: > After I have ./configured the installation, when I type make it goes > through and then I get this error. I have search everything I can think > of and find nothing. > > Here is the error I'm getting > > raduse.c: In function `listnas': > raduse.c:93: structure has no member named `ut_tv' So... what platform are you running on? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: L2TP implemetation
=?iso-8859-1?q?Gbenga?= <[EMAIL PROTECTED]> wrote: > I will appreciate any info on how to set users up > using L2TP witH freeRADIUS. > > I have already searched the archive and can't find the > link to how to set it up. - or maybe I didn't see it. > I did find one for Cistron. That should be similar enough to use. > I also came accross > Tunnelling in the dictionary file commented out ?? > Just 2 entries. Then you're NOT looking at the dictionaries which come with FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication rejection
michael j douglas <[EMAIL PROTECTED]> wrote: > I have free radius running with mysql data base..The router is a Cisco > 2611 and I can authenticate locally using the cisco router.When I send > the request to the radius server the tunnel is opened and the radius > server rejects the user. it states "Unable to authenticate the user" Why? Did you bother running the server in debugging mode, and reading the output, as suggested in the FAQ, the README, and about 4 other places? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a question about the snapshot20021015
"wanglu" <[EMAIL PROTECTED]> wrote: > I have downloaded the newest freeradius from= > ftp://ftp.freeradius.org/pub/radius/cvs-snapshots. > But after I configured ,there is an error when "make": > .. > Making static dynamic in rlm_eap_md5... > /bin/sh: cd: rlm_eap_md5: No such file or directory Grab the CVS snapshot from last night (i.e. the one there now) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: config info for first time user
"Doug Young" <[EMAIL PROTECTED]> wrote: > I wish to setup radius in FreeBSD for authenticating dialin users but > haven't a ghost of a clue about where to start would someone please > advise where to find some explicit info ?? The documentation that comes with the server? The book that's pointed to from the web site? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (Plain Text This time, sorry) Possible Newbie conf issue: VPN authenticating against FreeRadius
The problem is quite obvious, so you have one of two choices. 1) Install the correct freeradius module to coincide with the method the wolverine is using to authenticate 2) change the authentication method of the wolverine to coincide with the way freeradius is configured. I would suggest you examine your freeradius logs in detail, line by line. Cross reference the entries from the logs with your configuration file and you will eventually figure it out. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Glynn Taylor > Sent: Wednesday, October 16, 2002 11:15 AM > To: [EMAIL PROTECTED] > Subject: (Plain Text This time, sorry) Possible Newbie conf > issue: VPN authenticating against FreeRadius > > > > I have a Wolverine VPN (www.coyotelinux.com) attempting to > authenticate > against FreeRadius. I have installed Wolverine and it works > ok with local > authentication. I have FreeRadius installed on another box. > I uncommented > out user steve in the users file for testing. I can get a positive > authentications when using Radping. If I try to authenticate steve via > Wolverine (where another box trys to start a pptp session > through wolverine > using steve as the userid with password) it fails. The dump of the two > conversations is below. Any ideas are way appreciated. > > Wolverine is 192.168.0.2 > FreeRadius is 192.168.0.3 > My workstation with NTRadPing is 192.168.0.125 > > Thanks > GT > > > Here is the Trace, I put in my comments surounded by plus(+) signs: > > > > [root@wfcRadiusSql01 raddb]# radiusd -sfxxyz -l stdout > Starting - reading configuration files ... > reread_config: reading radiusd.conf > Config: including file: /etc/raddb/proxy.conf > Config: including file: /etc/raddb/clients.conf > Config: including file: /etc/raddb/snmp.conf > Config: including file: /etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/var" > main: logdir = "/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = "/var/log/radius/radacct" > main: hostname_lookups = no > read_config_files: reading dictionary > read_config_files: reading clients > read_config_files: reading realms > read_config_files: reading naslist > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > security: max_attributes = 200 > security: reject_delay = 1 > main: debug_level = 0 > read_config_files: entering modules setup > Module: Library search path is /usr/local/lib > Module: Loaded System > unix: cache = yes > unix: passwd = "/etc/passwd" > unix: shadow = "/etc/shadow" > unix: group = "/etc/group" > unix: radwtmp = "/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > HASH: Reinitializing hash structures and lists for caching... > HASH: user root found in hashtable bucket 11726 > HASH: user bin found in hashtable bucket 86651 > HASH: user daemon found in hashtable bucket 11668 > HASH: user adm found in hashtable bucket 26466 > HASH: user lp found in hashtable bucket 54068 > HASH: user sync found in hashtable bucket 42895 > HASH: user shutdown found in hashtable bucket 71746 > HASH: user halt found in hashtable bucket 7481 > HASH: user mail found in hashtable bucket 79471 > HASH: user news found in hashtable bucket 5375 > HASH: user uucp found in hashtable bucket 38541 > HASH: user operator found in hashtable bucket 21748 > HASH: user games found in hashtable bucket 47657 > HASH: user gopher found in hashtable bucket 47357 > HASH: user ftp found in hashtable bucket 56226 > HASH: user nobody found in hashtable bucket 99723 > HASH: user ntp found in hashtable bucket 21418 > HASH: user rpc found in hashtable bucket 72373 > HASH: user vcsa found in hashtable bucket 25959 > HASH: user nscd found in hashtable bucket 36306 > HASH: user sshd found in hashtable bucket 71560 > HASH: user rpm found in hashtable bucket 72383 > HASH: user mailnull found in hashtable bucket 78086 > HASH: user smmsp found in hashtable bucket 13600 > HASH: user rpcuser found in hashtable bucket 552 > HASH: user nfsnobody found in hashtable bucket 51830 > HASH: user pcap found in hashtable bucket 55326 > HASH: user xfs found in hashtable bucket 17213 > HASH: user named found in hashtable bucket 7729 > HASH: user gdm found in hashtable bucket 50360 > HASH: user postgres found in hashtable bucket 19301 > HASH: user apache found in has
RE: Possible Newbie conf issue: VPN authenticating against FreeRadius
Title: Message The problem is quite obvious, so you have one of two choices. 1) Install the correct freeradius module to coincide with the method the wolverine is using to authenticate 2) change the authentication method of the wolverine to coincide with the way freeradius is configured. I would suggest you examine your freeradius logs in detail, line by line. Cross reference the entries from the logs with your configuration file and you will eventually figure it out. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Glynn TaylorSent: Wednesday, October 16, 2002 11:11 AMTo: [EMAIL PROTECTED]Subject: Possible Newbie conf issue: VPN authenticating against FreeRadius I have a Wolverine VPN (www.coyotelinux.com) attempting to authenticate against FreeRadius. I have installed Wolverine and it works ok with local authentication. I have FreeRadius installed on another box. I uncommented out user steve in the users file for testing. I can get a positive authentications when using Radping. If I try to authenticate steve via Wolverine (where another box trys to start a pptp session through wolverine using steve as the userid with password) it fails. The dump of the two conversations is below. Any ideas are way appreciated.Wolverine is 192.168.0.2FreeRadius is 192.168.0.3My workstation with NTRadPing is 192.168.0.125ThanksGTHere is the Trace, I put in my comments surounded by plus(+) signs:[root@wfcRadiusSql01 raddb]# radiusd -sfxxyz -l stdoutStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /etc/raddb/proxy.confConfig: including file: /etc/raddb/clients.confConfig: including file: /etc/raddb/snmp.confConfig: including file: /etc/raddb/sql.confmain: prefix = "/usr/local"main: localstatedir = "/var"main: logdir = "/var/log/radius"main: libdir = "/usr/local/lib"main: radacctdir = "/var/log/radius/radacct"main: hostname_lookups = noread_config_files: reading dictionaryread_config_files: reading clientsread_config_files: reading realmsread_config_files: reading naslistmain: max_request_time = 30main: cleanup_delay = 5main: max_requests = 1024main: delete_blocked_requests = 0main: port = 0main: allow_core_dumps = nomain: log_stripped_names = nomain: log_auth = nomain: log_auth_badpass = nomain: log_auth_goodpass = nomain: pidfile = "/var/run/radiusd/radiusd.pid"main: user = "(null)"main: group = "(null)"main: usercollide = nomain: lower_user = "no"main: lower_pass = "no"main: nospace_user = "no"main: nospace_pass = "no"main: proxy_requests = yesproxy: retry_delay = 5proxy: retry_count = 3proxy: synchronous = noproxy: default_fallback = yesproxy: dead_time = 120security: max_attributes = 200security: reject_delay = 1main: debug_level = 0read_config_files: entering modules setupModule: Library search path is /usr/local/libModule: Loaded Systemunix: cache = yesunix: passwd = "/etc/passwd"unix: shadow = "/etc/shadow"unix: group = "/etc/group"unix: radwtmp = "/var/log/radius/radwtmp"unix: usegroup = nounix: cache_reload = 600HASH: Reinitializing hash structures and lists for caching...HASH: user root found in hashtable bucket 11726HASH: user bin found in hashtable bucket 86651HASH: user daemon found in hashtable bucket 11668HASH: user adm found in hashtable bucket 26466HASH: user lp found in hashtable bucket 54068HASH: user sync found in hashtable bucket 42895HASH: user shutdown found in hashtable bucket 71746HASH: user halt found in hashtable bucket 7481HASH: user mail found in hashtable bucket 79471HASH: user news found in hashtable bucket 5375HASH: user uucp found in hashtable bucket 38541HASH: user operator found in hashtable bucket 21748HASH: user games found in hashtable bucket 47657HASH: user gopher found in hashtable bucket 47357HASH: user ftp found in hashtable bucket 56226HASH: user nobody found in hashtable bucket 99723HASH: user ntp found in hashtable bucket 21418HASH: user rpc found in hashtable bucket 72373HASH: user vcsa found in hashtable bucket 25959HASH: user nscd found in hashtable bucket 36306HASH: user sshd found in hashtable bucket 71560HASH: user rpm found in hashtable bucket 72383HASH: user mailnull found in hashtable bucket 78086HASH: user smmsp found in hashtable bucket 13600HASH: user rpcuser found in hashtable bucket 552HASH: user nfsnobody found in hashtable bucket 51830HASH: user pcap found in hashtable bucket 55326HASH: user xfs found in hashtable bucket 17213HASH: user named found in hashtable bucket 7729HASH: user gdm found in hashtable bucket 50360HASH: user postgres found in hashtable bucket 19301HASH: user apache found in hashtable bucket 26582HASH: user postfix found in hashtable bucket 23093HASH: user squid found in hashtable bucket 62826HASH: user webalizer found in hashtable buck
(Plain Text This time, sorry) Possible Newbie conf issue: VPN authenticating against FreeRadius
I have a Wolverine VPN (www.coyotelinux.com) attempting to authenticate against FreeRadius. I have installed Wolverine and it works ok with local authentication. I have FreeRadius installed on another box. I uncommented out user steve in the users file for testing. I can get a positive authentications when using Radping. If I try to authenticate steve via Wolverine (where another box trys to start a pptp session through wolverine using steve as the userid with password) it fails. The dump of the two conversations is below. Any ideas are way appreciated. Wolverine is 192.168.0.2 FreeRadius is 192.168.0.3 My workstation with NTRadPing is 192.168.0.125 Thanks GT Here is the Trace, I put in my comments surounded by plus(+) signs: [root@wfcRadiusSql01 raddb]# radiusd -sfxxyz -l stdout Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = yes unix: passwd = "/etc/passwd" unix: shadow = "/etc/shadow" unix: group = "/etc/group" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user bin found in hashtable bucket 86651 HASH: user daemon found in hashtable bucket 11668 HASH: user adm found in hashtable bucket 26466 HASH: user lp found in hashtable bucket 54068 HASH: user sync found in hashtable bucket 42895 HASH: user shutdown found in hashtable bucket 71746 HASH: user halt found in hashtable bucket 7481 HASH: user mail found in hashtable bucket 79471 HASH: user news found in hashtable bucket 5375 HASH: user uucp found in hashtable bucket 38541 HASH: user operator found in hashtable bucket 21748 HASH: user games found in hashtable bucket 47657 HASH: user gopher found in hashtable bucket 47357 HASH: user ftp found in hashtable bucket 56226 HASH: user nobody found in hashtable bucket 99723 HASH: user ntp found in hashtable bucket 21418 HASH: user rpc found in hashtable bucket 72373 HASH: user vcsa found in hashtable bucket 25959 HASH: user nscd found in hashtable bucket 36306 HASH: user sshd found in hashtable bucket 71560 HASH: user rpm found in hashtable bucket 72383 HASH: user mailnull found in hashtable bucket 78086 HASH: user smmsp found in hashtable bucket 13600 HASH: user rpcuser found in hashtable bucket 552 HASH: user nfsnobody found in hashtable bucket 51830 HASH: user pcap found in hashtable bucket 55326 HASH: user xfs found in hashtable bucket 17213 HASH: user named found in hashtable bucket 7729 HASH: user gdm found in hashtable bucket 50360 HASH: user postgres found in hashtable bucket 19301 HASH: user apache found in hashtable bucket 26582 HASH: user postfix found in hashtable bucket 23093 HASH: user squid found in hashtable bucket 62826 HASH: user webalizer found in hashtable bucket 3037 HASH: user mysql found in hashtable bucket 46314 HASH: user glynn found in hashtable bucket 57940 HASH: Stored 37 entries from /etc/passwd HASH: Stored 47 entries from /etc/group Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: compat = "no" Module: Instantiated
Possible Newbie conf issue: VPN authenticating against FreeRadius
I have a Wolverine VPN (www.coyotelinux.com) attempting to authenticate against FreeRadius. I have installed Wolverine and it works ok with local authentication. I have FreeRadius installed on another box. I uncommented out user steve in the users file for testing. I can get a positive authentications when using Radping. If I try to authenticate steve via Wolverine (where another box trys to start a pptp session through wolverine using steve as the userid with password) it fails. The dump of the two conversations is below. Any ideas are way appreciated.Wolverine is 192.168.0.2FreeRadius is 192.168.0.3My workstation with NTRadPing is 192.168.0.125ThanksGTHere is the Trace, I put in my comments surounded by plus(+) signs:[root@wfcRadiusSql01 raddb]# radiusd -sfxxyz -l stdoutStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /etc/raddb/proxy.confConfig: including file: /etc/raddb/clients.confConfig: including file: /etc/raddb/snmp.confConfig: including file: /etc/raddb/sql.confmain: prefix = "/usr/local"main: localstatedir = "/var"main: logdir = "/var/log/radius"main: libdir = "/usr/local/lib"main: radacctdir = "/var/log/radius/radacct"main: hostname_lookups = noread_config_files: reading dictionaryread_config_files: reading clientsread_config_files: reading realmsread_config_files: reading naslistmain: max_request_time = 30main: cleanup_delay = 5main: max_requests = 1024main: delete_blocked_requests = 0main: port = 0main: allow_core_dumps = nomain: log_stripped_names = nomain: log_auth = nomain: log_auth_badpass = nomain: log_auth_goodpass = nomain: pidfile = "/var/run/radiusd/radiusd.pid"main: user = "(null)"main: group = "(null)"main: usercollide = nomain: lower_user = "no"main: lower_pass = "no"main: nospace_user = "no"main: nospace_pass = "no"main: proxy_requests = yesproxy: retry_delay = 5proxy: retry_count = 3proxy: synchronous = noproxy: default_fallback = yesproxy: dead_time = 120security: max_attributes = 200security: reject_delay = 1main: debug_level = 0read_config_files: entering modules setupModule: Library search path is /usr/local/libModule: Loaded Systemunix: cache = yesunix: passwd = "/etc/passwd"unix: shadow = "/etc/shadow"unix: group = "/etc/group"unix: radwtmp = "/var/log/radius/radwtmp"unix: usegroup = nounix: cache_reload = 600HASH: Reinitializing hash structures and lists for caching...HASH: user root found in hashtable bucket 11726HASH: user bin found in hashtable bucket 86651HASH: user daemon found in hashtable bucket 11668HASH: user adm found in hashtable bucket 26466HASH: user lp found in hashtable bucket 54068HASH: user sync found in hashtable bucket 42895HASH: user shutdown found in hashtable bucket 71746HASH: user halt found in hashtable bucket 7481HASH: user mail found in hashtable bucket 79471HASH: user news found in hashtable bucket 5375HASH: user uucp found in hashtable bucket 38541HASH: user operator found in hashtable bucket 21748HASH: user games found in hashtable bucket 47657HASH: user gopher found in hashtable bucket 47357HASH: user ftp found in hashtable bucket 56226HASH: user nobody found in hashtable bucket 99723HASH: user ntp found in hashtable bucket 21418HASH: user rpc found in hashtable bucket 72373HASH: user vcsa found in hashtable bucket 25959HASH: user nscd found in hashtable bucket 36306HASH: user sshd found in hashtable bucket 71560HASH: user rpm found in hashtable bucket 72383HASH: user mailnull found in hashtable bucket 78086HASH: user smmsp found in hashtable bucket 13600HASH: user rpcuser found in hashtable bucket 552HASH: user nfsnobody found in hashtable bucket 51830HASH: user pcap found in hashtable bucket 55326HASH: user xfs found in hashtable bucket 17213HASH: user named found in hashtable bucket 7729HASH: user gdm found in hashtable bucket 50360HASH: user postgres found in hashtable bucket 19301HASH: user apache found in hashtable bucket 26582HASH: user postfix found in hashtable bucket 23093HASH: user squid found in hashtable bucket 62826HASH: user webalizer found in hashtable bucket 3037HASH: user mysql found in hashtable bucket 46314HASH: user glynn found in hashtable bucket 57940HASH: Stored 37 entries from /etc/passwdHASH: Stored 47 entries from /etc/groupModule: Instantiated unix (unix)Module: Loaded preprocesspreprocess: huntgroups = "/etc/raddb/huntgroups"preprocess: hints = "/etc/raddb/hints"preprocess: with_ascend_hack = nopreprocess: ascend_channels_per_line = 23preprocess: with_ntdomain_hack = nopreprocess: with_specialix_jetstream_hack = nopreprocess: with_cisco_vsa_hack = noModule: Instantiated preprocess (preprocess)Module: Loaded realmrealm: format = "suffix"realm: delimiter = "@"Module: Instantiated realm (suffix)Module: Loaded filesfiles: usersfile = "/etc/raddb/users"files: acctusersfile = "/etc/raddb/acct_users"files: compat = "no"Module: Instantiated files (files)Module: Loaded detaildetail: detailfil
Re: users file "Huntgroup-Name !=" not working
At 11:56 AM 10/16/2002 +0800, CheongMeng wrote: >Hi, > >can't get "Huntgroup-Name !=" working in the users file. >tried to run in debug mode, I see it match the huntgroup line, >but when come to "users", the "Huntgroup-Name" didn't take effect at all. > >I am using freeradius cvs dated 31 Aug. > >found that this bug did not exist at freeradius-0.5 >a check on code, found that that are a lot of difference in the >valuepair.c:paircmp and rlm_preprocess:huntgroup_access. > >I am not sure if this is the root of the problem, >can some developer shed some light? Upgrade first. If you're still having the problem, we can look at it further. It is very hard to determine whether it's a bug that has been fixed or an improper configuration without running the latest release. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: CLID for users...
First of all thanks for the aswer Kostas, WE try to compile the file but we didn't take an lib file like ".so" Do we have to do something more than a simple compilation? Another thing is that the format of the callid... I saw that the datatype must be string but it has to be just a string like 0101234567 or does it has to be formated like 010-1234567 or somehting ? Costas A. Christonis Networking & Communications Centre Gallos Campus - University of Crete tel: +30-8310-77044 email: [EMAIL PROTECTED] http://www.ucnet.uoc.gr/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: config info for first time user
> I wish to setup radius in FreeBSD for authenticating dialin users but > haven't a ghost of a clue about where to start would someone please > advise where to find some explicit info ?? There's plenty of info out there if you go hunting.. it'll all depend on what devices you are authenticating them from, what you previously used to authenticate them with - how many users you have - is it worth migrating them from something or creating them all again. Do you want to collect accounting info? If so how do you want to do it? We can each point you in one of a hundred different directions - it's a matter of what you want to accomplish with what. regards, Jared - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: searching for a stable postgresql tar.gz
Thai DANG([EMAIL PROTECTED])@Tue, Oct 15, 2002 at 12:08:55PM +0200: > > Euh..I didn't want to ask that, have some troubles with my keyboard...:o) > > I would like to download a stable postgresql compatible version of > freeradius ! > Indeed, the 0.7.1 version does not work at all with postgresql... > I heard about a patch in the archive... > 0.7.1 does infact work with postgresql, however you will have much more joy from a fairly recent CVS version (i'm running one from mid august and it has been up (without a single restart) for over a month. 0.7.1 I could only keep connected to the database for a few hours at a time without having to restart radiusd. If you have any freerad/pg questions drop me a line... I can send you some example config's etc. regards, jared. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication rejection
I have free radius running with mysql data base..The router is a Cisco 2611 and I can authenticate locally using the cisco router.When I send the request to the radius server the tunnel is opened and the radius server rejects the user. it states "Unable to authenticate the user" The cisco router shows the the authentication used is PAP and it sends the request at least 4 times beofre the session is closed. The tunnel connects he local phone company with my cisco router. That all works fine when I authenticate locally. Maybe my inforamtion is set up wrong with Mysql... -- Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
L2TP implemetation
Hi All, I will appreciate any info on how to set users up using L2TP witH freeRADIUS. I have already searched the archive and can't find the link to how to set it up. - or maybe I didn't see it. I did find one for Cistron. I also came accross Tunnelling in the dictionary file commented out ?? Just 2 entries. Has anyone set this up before ? Can you please send any tips on how to go about this. I already have a freeRADIUS running smoothly authenticating off a MySQL. Thanks __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
L2TP implemetation
Hi All, I will appreciate any info on how to set users up L2TP wit freeRADIUS. __ Do You Yahoo!? Everything you'll ever need on one web page from News and Sport to Email and Music Charts http://uk.my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Pb whem system user have a comment
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I use FreeRadius Version 0.7.1 on Linux (RehHat 7.2) to authenticate some user's logon on Cisco's routers. For this, i use account of Linux (/etc/password, /etc/shadow and /etc/group) and i define users in /opt/freeradius/etc/raddb/users like this : # File : /opt/freeradius/etc/raddb/users # testok : #- testok Auth-Type := System ~Service-Type = Login-User, ~Reply-Message = " Hello Testok !" # testko : #- testko Auth-Type := System ~Service-Type = Login-User, ~Reply-Message = " Hello Testko !" I create two users for my test (with the same password): useradd -u 602 -g 600 -d /home/testok -s /bin/rbash -m testok useradd -u 601 -g 600 -d /home/testko -s /bin/rbash -m -c foocomment testko In /etc/passwd : testok:x:602:600::/home/testok:/bin/rbash testko:x:601:600:foocomment:/home/testko:/bin/rbash There is a bug when the Unix's user have a comment in /etc/password. I couldn't connect to a Cisco with 'testko'. The Radiuslog see belong : Wed Oct 16 14:21:03 2002 : Info: Starting - reading configuration files ... Wed Oct 16 14:21:03 2002 : Debug: reread_config: reading radiusd.conf Wed Oct 16 14:21:03 2002 : Debug: Config: including file: /opt/freeradius/etc/raddb/proxy.conf Wed Oct 16 14:21:03 2002 : Debug: Config: including file: /opt/freeradius/etc/raddb/clients.conf Wed Oct 16 14:21:03 2002 : Debug: Config: including file: /opt/freeradius/etc/raddb/snmp.conf Wed Oct 16 14:21:03 2002 : Debug: Config: including file: /opt/freeradius/etc/raddb/sql.conf Wed Oct 16 14:21:03 2002 : Debug: main: prefix = "/opt/freeradius" Wed Oct 16 14:21:03 2002 : Debug: main: localstatedir = "/opt/freeradius/var" Wed Oct 16 14:21:03 2002 : Debug: main: logdir = "/opt/freeradius/var/log/radius" Wed Oct 16 14:21:03 2002 : Debug: main: libdir = "/opt/freeradius/lib" Wed Oct 16 14:21:03 2002 : Debug: main: radacctdir = "/opt/freeradius/var/log/radius/radacct" Wed Oct 16 14:21:03 2002 : Debug: main: hostname_lookups = no Wed Oct 16 14:21:03 2002 : Debug: read_config_files: reading dictionary Wed Oct 16 14:21:03 2002 : Debug: read_config_files: reading clients Wed Oct 16 14:21:03 2002 : Debug: read_config_files: reading realms Wed Oct 16 14:21:03 2002 : Debug: read_config_files: reading naslist Wed Oct 16 14:21:03 2002 : Debug: main: max_request_time = 30 Wed Oct 16 14:21:03 2002 : Debug: main: cleanup_delay = 5 Wed Oct 16 14:21:03 2002 : Debug: main: max_requests = 1024 Wed Oct 16 14:21:03 2002 : Debug: main: delete_blocked_requests = 0 Wed Oct 16 14:21:03 2002 : Debug: main: port = 1812 Wed Oct 16 14:21:03 2002 : Debug: main: allow_core_dumps = no Wed Oct 16 14:21:03 2002 : Debug: main: log_stripped_names = no Wed Oct 16 14:21:03 2002 : Debug: main: log_auth = yes Wed Oct 16 14:21:03 2002 : Debug: main: log_auth_badpass = yes Wed Oct 16 14:21:03 2002 : Debug: main: log_auth_goodpass = yes Wed Oct 16 14:21:03 2002 : Debug: main: pidfile = "/opt/freeradius/var/run/radiusd/radiusd.pid" Wed Oct 16 14:21:03 2002 : Debug: main: bind_address = 10.154.99.65 IP address [10.154.99.65] Wed Oct 16 14:21:03 2002 : Debug: main: user = "radiusd" Wed Oct 16 14:21:03 2002 : Debug: main: group = "radiusd" Wed Oct 16 14:21:03 2002 : Debug: main: usercollide = yes Wed Oct 16 14:21:03 2002 : Debug: main: lower_user = "no" Wed Oct 16 14:21:03 2002 : Debug: main: lower_pass = "no" Wed Oct 16 14:21:03 2002 : Debug: main: nospace_user = "no" Wed Oct 16 14:21:03 2002 : Debug: main: nospace_pass = "no" Wed Oct 16 14:21:03 2002 : Debug: main: proxy_requests = yes Wed Oct 16 14:21:03 2002 : Debug: proxy: retry_delay = 5 Wed Oct 16 14:21:03 2002 : Debug: proxy: retry_count = 3 Wed Oct 16 14:21:03 2002 : Debug: proxy: synchronous = no Wed Oct 16 14:21:03 2002 : Debug: proxy: default_fallback = yes Wed Oct 16 14:21:03 2002 : Debug: proxy: dead_time = 120 Wed Oct 16 14:21:03 2002 : Debug: security: max_attributes = 200 Wed Oct 16 14:21:03 2002 : Debug: security: reject_delay = 1 Wed Oct 16 14:21:03 2002 : Debug: main: debug_level = 0 Wed Oct 16 14:21:03 2002 : Debug: read_config_files: entering modules setup Wed Oct 16 14:21:03 2002 : Debug: Module: Library search path is /opt/freeradius/lib Wed Oct 16 14:21:03 2002 : Debug: Module: Loaded System Wed Oct 16 14:21:03 2002 : Debug: unix: cache = yes Wed Oct 16 14:21:03 2002 : Debug: unix: passwd = "/etc/passwd" Wed Oct 16 14:21:03 2002 : Debug: unix: shadow = "/etc/shadow" Wed Oct 16 14:21:03 2002 : Debug: unix: group = "/etc/group" Wed Oct 16 14:21:03 2002 : Debug: unix: radwtmp = "/opt/freeradius/var/log/radius/radwtmp" Wed Oct 16 14:21:03 2002 : Debug: unix: usegroup = no Wed Oct 16 14:21:03 2002 : Debug: unix: cache_reload = 600 Wed Oct 16 14:21:03 2002 : Info: HASH: Reinitializing hash structures and lists for caching... Wed Oct 16 14:21:03 2002 : Debug: H
Re: Sql version of IP pool
Would it work with two (or n) radius servers and only one IP database? If so, PLEASE let me use it. Thanks Guillermo Allister Maguire wrote: >Hello, > >We have been working on a sql version of the ip pool module for our own >use, a little more testing and it will be done. > >Would anyone else be interested in using it? > >Regards >Allister P Maguire > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a question about the snapshot20021015
hi,everyone I have downloaded the newest freeradius from ftp://ftp.freeradius.org/pub/radius/cvs-snapshots. But after I configured ,there is an error when "make": .. Making static dynamic in rlm_eap_md5... /bin/sh: cd: rlm_eap_md5: No such file or directory gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/root/freeradius-snapshot-20021015/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/root/freeradius-snapshot-20021015/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/freeradius-snapshot-20021015/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/root/freeradius-snapshot-20021015/src' gmake[1]: *** [common] Error 1 .. It seems this is because of the fiel:../src/modules/Makefile.But this file is generated automatically be configure and the rlm_eap_md5 does exist in ../modules/rlm_eap/types/rlm_eap_md5. I do not know why is that.Is it a bug?Anyone has used this version? I hope someone can help me!Thanks a lot! wanglu [EMAIL PROTECTED] 2002-10-16 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
old style naslist file vs new (in radius.conf)
Hi.. Have been looking through the code for info on the "new naslist" that is meant to be specified in radius.conf .. but can't find any reference to it .. has the "new" type been implemented as yet? If so, how & where is it meant to be supplied in radius.conf ?? Thanks Tim Fraser - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: fr0.5: logging: UNKNOWN-NAS, although ip entered?
hi, there. well - thanks a lot, that was it. looking thru the docs i saw the "UNKNOWN-NAS" problem being fixed since 0.6. anyway - once againg: thanks a lot! (upgrading was quite easy, i must admit. as i'm addicted to "never change a running system" i feared my whole work being spoiled when upgrading but it was smooth, painless and quite comfortable :) regards, -mp. Message: 4 From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: fr0.5: logging: UNKNOWN-NAS, although ip entered? Date: Wed, 09 Oct 2002 12:11:56 -0400 Reply-To: [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: > well, i think i've got a problem with logging the names or ip-addresses of > the nas'es that users try to authenticate from. > > although there are ip-addresses and shortnames set in clients.conf, fr0.5 Yuck. Why don't you upgrade to 0.7.1? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CLID for users...
On Wed, 16 Oct 2002, Costas Christonis wrote:
> Hi to all,
>
> WE use freeradius with LDAP server. What we want to do is to enable
> Caller ID for the users so they can connect through Freeradius only
> via the number that LDAP knows.
>
> Pls help...
Make sure your ldap.attrmap contains these lines:
checkItem Called-Station-Id radiusCalledStationId
checkItem Calling-Station-Id radiusCallingStationId
and that you have radiusCalledStationId,radiusCallingStationId in your ldap
schema. Compile the attached checkval module and add the following in
radiusd.conf
checkval callerid-check{
item-name = "Calling-Station-Id"
check-name = "Calling-Station-Id"
data-type = "string"
}
authorize{
ldap<--- ldap should be first so that it extracts the allowed CLID
from ldap
[...]
callerid-check
}
rlm_checkval will also log failure messages if the CLID for a user does not
match the configured one. It will only do the check if you have configured an
allowed CLID in ldap for that user and a CLID is included in the incoming
Access-Request.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
/*
* rlm_checkval.c
*
* Version: $Id: rlm_checkval.c,v 1.4 2001/03/06 17:29:40 aland Exp $
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* Copyright 2001 The FreeRADIUS server project
* Copyright 2001 Kostas Kalevras <[EMAIL PROTECTED]>
*/
#include "autoconf.h"
#include "libradius.h"
#include
#include
#include
#include "radiusd.h"
#include "modules.h"
#include "conffile.h"
#define RLM_CHECKVAL_STR0
#define RLM_CHECKVAL_INT1
#define RLM_CHECKVAL_IPADDR 2
#define RLM_CHECKVAL_DATE 3
#define RLM_CHECKVAL_BIN4
/*
* Define a structure for our module configuration.
*
* These variables do not need to be in a structure, but it's
* a lot cleaner to do so, and a pointer to the structure can
* be used as the instance handle.
*/
typedef struct rlm_checkval_t {
char*item_name; /* The attribute inside Access-Request ie
Calling-Station-Id */
char*check_name;/* The attribute to check it with ie
Allowed-Calling-Station-Id */
char*data_type; /* string,integer,ipaddr,date,abinary,octets */
chardat_type;
int item_attr;
int chk_attr;
} rlm_checkval_t;
/*
* A mapping of configuration file names to internal variables.
*
* Note that the string is dynamically allocated, so it MUST
* be freed. When the configuration file parse re-reads the string,
* it free's the old one, and strdup's the new one, placing the pointer
* to the strdup'd string into 'config.string'. This gets around
* buffer over-flows.
*/
static CONF_PARSER module_config[] = {
{ "item-name", PW_TYPE_STRING_PTR, offsetof(rlm_checkval_t,item_name), NULL,
NULL},
{ "check-name", PW_TYPE_STRING_PTR, offsetof(rlm_checkval_t,check_name), NULL,
NULL},
{ "data-type",PW_TYPE_STRING_PTR, offsetof(rlm_checkval_t,data_type),NULL,
"integer"},
{ NULL, -1, 0, NULL, NULL } /* end the list */
};
/*
* Do any per-module initialization that is separate to each
* configured instance of the module. e.g. set up connections
* to external databases, read configuration files, set up
* dictionary entries, etc.
*
* If configuration information is given in the config section
* that must be referenced in later calls, store a handle to it
* in *instance otherwise put a null pointer there.
*/
static int checkval_instantiate(CONF_SECTION *conf, void **instance)
{
rlm_checkval_t *data;
DICT_ATTR *dattr;
ATTR_FLAGS flags;
/*
* Set up a storage area for instance data
*/
data = rad_malloc(sizeof(*data));
/*
* If the configuration parameters can't be parsed, then
* fail.
CLID for users...
Hi to all, WE use freeradius with LDAP server. What we want to do is to enable Caller ID for the users so they can connect through Freeradius only via the number that LDAP knows. Pls help... Costas A. Christonis Networking & Communications Centre Gallos Campus - University of Crete tel: +30-8310-77044 email: [EMAIL PROTECTED] http://www.ucnet.uoc.gr/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
some sql-statements for one value
Hello,
Is there a way to define some sql-statements for one value in sql.conf,
for instance:
accounting_start_query = "UPDATE preauth SET currentcalls = currentcalls + 1 WHERE
calledstationid REGEXP
'.*%{Called-Station-Id}.*';
UPDATE radcheck SET Value = 'Accept', op = ':=' WHERE UserName =
'%{Called-Station-Id}' AND Attribute = 'Auth-Type'"
I will use it for ressource-accounting.
I use freeradius-0.7 and mysql-3.23.51.
Thanks for any answer.
Dirk Tanneberger
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using Vendor-Specific attributes
>foouser1 Auth-Type := Local, User-Password == "foouser1" > Service-Type == Login-User, > FOO-Priv = 0x8007 Thanks to all of you, everything works now! __ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sifreli Uydu Yayinlari Artik Bedava!... (G 10)
Title: DECODER SiFRELi TV/UYDU YAYINLARINI BiLGiSAYARINIZDAN BEDAVA iZLEMEK iSTEMEZ MiSiNiZ? Turkiye'de Ilk Defa!... Sifreli Yayinlar Artik Bedava!... DECODER CD (v2.0) 40 EURO + KDV Sayin Internet Kullanicisi, Turkiye ve dunya genelindeki tum sifreli TV/Uydu yayinlarinin sifrelerini kirabilir, bu yayinlari hicbir ucret odemeden bilgisayarinizdan basit bir TV karti ile izleyebilirsiniz. Detayli bilgi almak icin arayabilir, elektronik tanitim brosurlerimizi isteyebilirsiniz. "Net-Pa" Internet Marketing Center Ltd. Sti ® A. Menderes Cad. Atagun Is Merkezi, Kat 4 Sakarya, Turkey Abdullah Guclu (Marketing Expert) GSM: 0 (532) 310 49 16 (09:00-17.00) ICQ: 57298144 Bu ileti 5 Milyon Turk Internet kullanicisinin e-mail adresine gonderilmistir.
Re: help - checkrad not being called
On Tue, 15 Oct 2002, Tim wrote: > Hi, > > Yep.. I have both of the sql queries for simul use uncommented .. below is > my radiusd -X output .. (checkrad is in /usr/local/sbin and executable by I think that until today's cvs the server alaways thought that checkrad was located in /sbin/checkrad. Try moving it there. > everybody), also my NAS's are set up in clients.conf .. and below the > radiusd -X output is the output created when a user has 0 stoptime in the > db, but is not actually online .. (stale session) .. I also have debug in > checkrad turned on, but nothing is showing up .. > -- kkalev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
config info for first time user
I wish to setup radius in FreeBSD for authenticating dialin users but haven't a ghost of a clue about where to start would someone please advise where to find some explicit info ?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and authendication to a Lan
Hreiðar Jóelsson wrote: > Okay here is my situation: I have a Freeradius running on ?Linux > machine? whit two network cards. One of it is connected to my LAN and > the other is connected to the Internet. When Freeradius authenticates > one of my users (who is using a java based radius client) I need to > get Freeradius to manipulate the ?Linux machine? (that it runs on) to > NAT the user over the two networking cards. Is this a possible? > If your users dial up to the linux machine then you must give him an internal IP , if your users already dial up to another provider and you are trying to give them access to your internal network then you need PPTP not radius - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco NAS: how to reject user?
On Wed, 16 Oct 2002, Ruslan A Dautkhanov wrote: > Hi ! > > But I havn't found anywhere - How to kick PPPoE-users ? > I have found http://www.vayner.net/Docs/Cisco/SNMP/MIBs/CISCO-PPPOE-MIB.my.txt , > but it have no any variables, that can help to kick users. Don't know on that. > CISCO-AAA-SESSION-MIB.my.txt have no such variables also. Search the file for the casnDisconnect entry. It clearly states: "This object is used to terminate this session. Setting the value to true(1) will initiate termination of this session." > Please point me to OID, which can allow me kick any user (Session-Timeout > attribute is unuseful in this occurrence). Thanks a lot. > > > --- > best regards, > Ruslan A Dautkhanov [EMAIL PROTECTED] > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco NAS: how to reject user?
Kostas Kalevras wrote: > On Mon, 14 Oct 2002, Ruslan A Dautkhanov wrote: > > > Hi, > > > > I have to reject an dial-in user, when some events occur. > > Can anybody know what SNMP OID should I use to administratively > > disconnect user (I think that Cisco may have a number of > > such OIDs - one for rejecting user by IP, one for SessionID, > > one another for rejecting user by name, CallingNumber, and so on..). > > Can you list exactly numbers (.1.3.6), if it is possible? > > Thanks a lot. > > best regards, > > Ruslan A Dautkhanov [EMAIL PROTECTED] > > If you have a Cisco 5300/5800 you can use the AAA SESSION MIB. See: > >http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t3/dt_asmib.htm > and http://www.vayner.net/Docs/Cisco/MIBs/CISCO-AAA-SESSION-MIB.my.txt > Hi ! But I havn't found anywhere - How to kick PPPoE-users ? I have found http://www.vayner.net/Docs/Cisco/SNMP/MIBs/CISCO-PPPOE-MIB.my.txt , but it have no any variables, that can help to kick users. CISCO-AAA-SESSION-MIB.my.txt have no such variables also. Please point me to OID, which can allow me kick any user (Session-Timeout attribute is unuseful in this occurrence). Thanks a lot. --- best regards, Ruslan A Dautkhanov [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
