rlm_sql module. HELP !

2002-12-12 Thread Genoud Richard 
hi !
I'm using freeradius 0.8.1 with mysql-3.23.49-3.
It' s working ok, with authentication and accounting.
but i'd like to add a SQL request in the sql.conf file ( 
accounting_stop_query )
the original query is :
accounting_stop_query = UPDATE ${acct_table2} SET AcctStopTime = '%S', 
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = 
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', 
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = 
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE 
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' 
AND NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0

and i'd like to add :
UPDATE ${authreply_table} SET Value='%{Session-Timeout}' WHERE 
Username='%{SQL-User-Name}' AND Attribute='Session-Timeout'

in the same accounting_stop_query.. .is it possible ?

I tried to put a simple ; between the 2 requests, but it doesn't work.
does anyone got a clue ?

regards.

---
CYBERDECK
Solutions de bornes interactives - Kiosk solutions
---
Richard Genoud
Ingenieur RD
---
300 route nationale 6 - 69760 Limonest - France
Tel. : 0820 820 107 - International +33 4 78 66 74 00
Fax : +33 4 78 66 74 69
[EMAIL PROTECTED] - www.cyberdeck.com
---


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Making FreeRadius

2002-12-12 Thread Lau Kin Hoong 
Hi,
  I'm trying to install freeRadius. I followed the instructions given in the web site 
www.missl.cs.umd.edu/wireless/eaptls. When I try to make, some errors were returned. 
The error returned was error [2] 
  Therefore, i couldn't even get to the make install stage. 
  The instructions mentioned that one solution to the problem (Linux system 
misdetecting the gethostbyadd_r() and gethostbyname_r() ) is radius-autoconf.h 
  So, what i did was, to place radius-autoconf.hin 
/usr/src/802/radius/radiusd/src/include
  Then make again.
  But it doesn't seem to solve the problem.
 
  Can you help me?

Regards,
Lau

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: understanding MIBs (simultaneous use with cisco's)

2002-12-12 Thread Harrie Hazewinkel 

On Wednesday, December 11, 2002, at 03:42 PM, Dan wrote:


Well I got our AS5200s simultaneous use to work finally.


congratulations


Now the problem is the cisco 7500 we have for DSL.
checkrad (running full debug mode on radius) shows
no response


The world is not perfect. :-)))
What cause this no response?? An SNMP query??



it looks like the MIBs are wrong.
so in this case I have two questions:

1. how do I find the correct MIBs? (yes, I could run SNMPwalk, but
I have no idea what I'm doing with that)


Follow the OID tree and hopefully you find via that the
correct MIB module.



2. once I do have them, how do I put them into checkrad without wrecking
the other cisco stuff (since they are both cisco)


Why would such a box need the MIB modules??
I beleive you want to place the MIB module somewhere on your manager
so your tools can do the translation on this side (not agent side).
Specifics of how depends on your tools.



I may (or may not) actually have a MIB string for the 7500, I don't 
undestand
what this stuff means, so I don't know what to do with it

You need to have a MIB module in order to know what a variable retrieved
from an SNMP agent means.


while on the topic of MIBs, can anyone tell me what this means or what
it could be used for:

1.3.6.1.4.1.9.10.19.1.1.4.0:public@usernas2


The prefix '1.3.6.1.4.1' means enterprises.
You could have found this easily yourselves by looking into
RFCs that specify the MIB module language (SMI) or most books
on the subject.

After that you have an enterprise specific OID which is 10.
That you can find in http://www.iana.org/assignments/enterprise-numbers

10
  NSC
John Lyman
  [EMAIL PROTECTED]

That seems to be NSC. No clue who or which company this is, but you can 
try
the email address that is the contact person. Possibly out of date.
Via him you could maybe get the MIB module definitions or ask where you
got the device from.

Then the part '19.1.1.4.0' seems to specify some scalar variable in
this domain.

'public' is the community

'@usernas' I guess the hostname.



I think this is the MIB for the IP pool on an AS500, which means it 
could be used
to keep track of how many users are online.

No clue.


Hope this helps,

Harrie
--
Author of MOD-SNMP, enabling SNMP management of Apache HTTP server


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: PEAP support

2002-12-12 Thread Lars Viklund 

 From: Ynjiun P. Wang [mailto:[EMAIL PROTECTED]] 
 Sent: den 12 december 2002 00:51
 To: Freeradius-Users@Lists. Cistron. Nl
 Subject: PEAP support
 
 
 Lars
 
   I am using the EAP-TLS code base and tweek it to work 
 up to the point of finishing PEAP Part I. Now XP can talk to 
 my prototype up to the Part I. 

Cool!

 Now I am getting into the Part 
 II to send EAP packet under TLS tunnel. Could you suggest 
 where to add the Part II code given the EAP-TLS code base? 
 and how to bootstrap EAP code assuming everything recursively 
 happening again? 

Sorry, I haven't had time to look closely at this. However, obviously you would like 
to hook into the rlm_eap module to be able to reuse the existing EAP machinery. I 
suspect you'll have to modify this module slightly to allow this.

 (PEAP is actually EAP-TLS-EAP, am I right?)

I guess you could say that it is EAP-TLS-EAP-X, where X is any EAP method.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Making FreeRadius

2002-12-12 Thread Glynn Taylor 
Try here:

http://www.oreilly.com/catalog/radius/chapter/ch05.html



--- Secure Wireless Networking Now ---

Glynn Taylor
President
WiFiConsulting, Inc.

Web:  http://www.WiFiConsulting.com
http://www.HotSpotVPN.com

--- Secure Wireless Networking Now ---

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Lau Kin
Hoong
Sent: Thursday, December 12, 2002 5:34 AM
To: [EMAIL PROTECTED]
Subject: Making FreeRadius


Hi,
  I'm trying to install freeRadius. I followed the instructions given in the
web site www.missl.cs.umd.edu/wireless/eaptls. When I try to make, some
errors were returned. The error returned was error [2]
  Therefore, i couldn't even get to the make install stage.
  The instructions mentioned that one solution to the problem (Linux system
misdetecting the gethostbyadd_r() and gethostbyname_r() ) is
radius-autoconf.h
  So, what i did was, to place radius-autoconf.hin
/usr/src/802/radius/radiusd/src/include
  Then make again.
  But it doesn't seem to solve the problem.

  Can you help me?

Regards,
Lau

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

plperl function for Postgres 7.3 and cisco VSA date accounting

2002-12-12 Thread Peter Nixon 
Hi Guys

I thought someone might find this usefull. I use posgres and freeradius with 
modified queries to use the extended VSA start and stop times of a session to 
save EVER doing an update on your database (everything is an insert). This 
allows me to scale to approximately 500 times more accounting requests per DB 
than I would otherwise be able to do. However there is a nasty problem that 
when a cisco loses ntp time sync it starts outputting the datetime with a 
fullstop . in front to specifiy that the time may be wrong. This then means 
that inserts will fail as the data is no longer in valid date format. This 
function strips the fullstop.

/*
 * --- Peter Nixon [ [EMAIL PROTECTED] ]
 * Remove . from the start of time fields (routers that have lost ntp timesync 
temporarily)
 *  * Used as:
 *  insert int mytable values (strip_dot('.16:46:02.356 EET Wed Dec 11 
2002'));
 */

CREATE OR REPLACE function strip_dot (text) returns text as '
my $datetime = $_[0];
$datetime =~ s/^\\.*//;
return $datetime;
' language 'plperl';


Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: plperl function for Postgres 7.3 and cisco VSA date accounting

2002-12-12 Thread Peter Nixon 
On Thu, 12 Dec 2002 04:56 pm, Peter Nixon wrote:
 Hi Guys

 I thought someone might find this usefull. I use posgres and freeradius
 with modified queries to use the extended VSA start and stop times of a
 session to save EVER doing an update on your database (everything is an
 insert). This allows me to scale to approximately 500 times more accounting
 requests per DB than I would otherwise be able to do. However there is a
 nasty problem that when a cisco loses ntp time sync it starts outputting
 the datetime with a fullstop . in front to specifiy that the time may be
 wrong. This then means that inserts will fail as the data is no longer in
 valid date format. This function strips the fullstop.

 /*
  * --- Peter Nixon [ [EMAIL PROTECTED] ]
  * Remove . from the start of time fields (routers that have lost ntp
 timesync temporarily)
  *  * Used as:
  *  insert int mytable values (strip_dot('.16:46:02.356 EET Wed Dec 11
 2002'));
  */

 CREATE OR REPLACE function strip_dot (text) returns text as '
 my $datetime = $_[0];
 $datetime =~ s/^\\.*//;
 return $datetime;
 ' language 'plperl';

Come to think of it, the following is even more useful :-)

CREATE OR REPLACE function strip_dot (text) returns timestamp as '
my $datetime = $_[0];
$datetime =~ s/^\\.*//;
return $datetime;
' language 'plperl';

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Realms and SQL

2002-12-12 Thread Chris Parker 
At 05:57 PM 12/12/2002 +1100, Alan Wong wrote:

Dear all,

I was just wondering when I set up realms through the proxy.conf file how do
I specify when it gets authenticated locally that it will check the SQL
Database. At the moment in the proxy.conf file it has

realm paris {
type  = radius
authhost= LOCAL
accthost= LOCAL
}

I want it to authenticate against the mysql database instead of the user
file currently specified. Sorry I have tried a few different combinations
and have read the mailing list but the threads I have read has either no
responses or responses that are vague.


Not sure what is confusing about it.  And you don't want to actually
authenticate against the mysql database.  What you want to do is retrieve
the users password from the database.

You'll need to add an 'sql' module instance to your 'authorize' block and
remove the 'files' module instance to use one over the other.  You should
not need to change anything in the 'authenticate' block.

-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: How to use Calling-Station-Id to filter client's MAC

2002-12-12 Thread Chris Parker 
At 03:30 PM 12/12/2002 +0800, Kevin wrote:


Could you tell more detail about this subjects,thanks a lot.

This my configuration in users

test  Auth-Type := EAP,User-Password  test,  Calling-Station-Id = 
aa-bb-cc-dd-ee-ff
  Service-Type = Call-Check

This is the debug message

snip

The debug message shows only the EAP call.  It is useless to debug the
MAC question as you have helpfully cut off the part of the debug where
it prints the attributes received from your NAS.  Also, you need to
read the other error messages it prints about the 'operators' you are
using in the check items for that profile.

*READ* the debug output.  It *will* tell you what it is doing and why
it is doing it.

-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sql module. HELP !

2002-12-12 Thread Chris Parker 
At 10:13 AM 12/12/2002 +0100, Genoud Richard wrote:

hi !
I'm using freeradius 0.8.1 with mysql-3.23.49-3.
It' s working ok, with authentication and accounting.
but i'd like to add a SQL request in the sql.conf file ( 
accounting_stop_query )
the original query is :
accounting_stop_query = UPDATE ${acct_table2} SET AcctStopTime = '%S', 
AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets = 
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}', 
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay = 
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE 
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND 
NASIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0

and i'd like to add :
UPDATE ${authreply_table} SET Value='%{Session-Timeout}' WHERE 
Username='%{SQL-User-Name}' AND Attribute='Session-Timeout'

in the same accounting_stop_query.. .is it possible ?

I tried to put a simple ; between the 2 requests, but it doesn't work.
does anyone got a clue ?

Not presently.  You can create another instance of an 'sql' module that
executes the second accounting query.

IE:

sql SQL1 {
   
}
sql SQL2 {
   
}

accounting {
   acct_unique
   detail
   SQL1
   SQL2
}

-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Making FreeRadius

2002-12-12 Thread Chris Parker 
At 06:33 PM 12/12/2002 +0800, Lau Kin Hoong wrote:

Hi,
  I'm trying to install freeRadius. I followed the instructions given in 
the web site www.missl.cs.umd.edu/wireless/eaptls. When I try to make, 
some errors were returned. The error returned was error [2]
  Therefore, i couldn't even get to the make install stage.
  The instructions mentioned that one solution to the problem (Linux 
system misdetecting the gethostbyadd_r() and gethostbyname_r() ) is 
radius-autoconf.h
  So, what i did was, to place 
radius-autoconf.hin /usr/src/802/radius/radiusd/src/include
  Then make again.
  But it doesn't seem to solve the problem.

  Can you help me?

Post the error message and we can try.  Without the actual error message,
it is very difficult to help.

Describe your system ( os, cpu arch, ... ), what your result was when you
ran './configure', if you specified any argurments to './configure', and
the actual output of 'make' where it fails for you.

-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_sql module. HELP !

2002-12-12 Thread Genoud Richard 


Chris Parker a écrit:


Not presently.  You can create another instance of an 'sql' module that
executes the second accounting query.

IE:

sql SQL1 {
   
}
sql SQL2 {
   
}

accounting {
   acct_unique
   detail
   SQL1
   SQL2
}



thank you ! that's a much better idea than mine !
( i was so desesperate that i modified the source code of the rlm_sql 
module... i'm quite proud of that indeed...)

regards.

--
---
CYBERDECK
Solutions de bornes interactives
---
Richard Genoud
Ingenieur RD
---
300 route nationale 6 - 69760 Limonest - France
Tel. : 0820 820 107 - International +33 4 78 66 74 00
Fax : +33 4 78 66 74 69
[EMAIL PROTECTED] - www.cyberdeck.com
---


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ip addressing

2002-12-12 Thread Scott_Knight 
I am moving from a linux based commserver with digi ras cards in it to a
cisco as5400 and I'm going to run freeradius on the linux box.  for the
linux commserver i developed a web based interface for user administration
which updated /etc/passwd and a pap-secrets file.  Those users who would
get a static ip address had that address placed the the gcos (comments)
field in /etc/passwd along with the pap-secrets file.

It looks to me like I'll have to put a seperate user entry in the
raddb/users file in order to assign a static ip address.  Is that the case
or is there some way for me to use a DEFAULT entry and have the
Framed-IP-Address attribute be the result of a script or something?

Thanks...
--
Scott Knight, Network Analyst - SSM Health Care, Information Center
email: [EMAIL PROTECTED] + phone: 314.644.7344 + fax: 314.647.1037
Dad, when you come home with only shattered pieces of your dreams, your
little one can mend them like new with two magic words - 'Hi Dad!'
- Alan Beck in Fathers and Sons -


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Webpage redirect

2002-12-12 Thread Fernando Teodoro 



Hello Chris,

I'm not sure if I post the details to the 
mailing-list, but I'm using the following RAS:
- Lucent PortMaster 3 (22 units)
- Lucent/Ascend Max6000 (4 units)
- MaxTNT (1 unit)

I was guessing if Cisco would do the trick - it 
does a lot of tricks. But I have only Cisco routers in the ISP, no RAS 
:-(
I was also guessing that it's out of the Radius 
scope. There's no way to interact Radius filter with http functions, like web 
redirect via proxy. 
Too sad. I'm working in a log-parser to extract 
"filtered" login/phone number from the log, and sent it to my helpdesk crew - 
and they will call the "filtered" customers. Not so elegant, but it's the most 
effective I can do now...

Again, thanks for the support. 

Fernando.

Re: Webpage redirect

2002-12-12 Thread Chris Parker 
At 03:15 PM 12/12/2002 -0300, Fernando Teodoro wrote:

Hello Chris,

I'm not sure if I post the details to the mailing-list, but I'm using the 
following RAS:
- Lucent PortMaster 3 (22 units)

EOL product, but this is capable of doing what you want, if you can
find the docs to configure it.


- Lucent/Ascend Max6000 (4 units)


EOL announced for this product, not cable of doing what you want anyway.


- MaxTNT (1 unit)


EOL not announced yet for this product ( that I know ), but expect it to
go the way of the 6000 shortly ( Lucent wants to push the APX line ).


I was guessing if Cisco would do the trick - it does a lot of tricks. But 
I have only Cisco routers in the ISP, no RAS :-(

Cisco was one example.  Other NAS ( such as the PM3 ) are also capable.


I was also guessing that it's out of the Radius scope. There's no way to 
interact Radius filter with http functions, like web redirect via proxy.
Too sad. I'm working in a log-parser to extract filtered login/phone 
number from the log, and sent it to my helpdesk crew - and they will call 
the filtered customers. Not so elegant, but it's the most effective I 
can do now...

Something that all of the nas you listed can do fairly easily is apply
a packet filter via RADIUS ( Filter-ID ).  This could block port 80 traffic
from going anywhere except the proxy server.  You apply it selectively to
the users you want.  If they don't have proxy settings, they won't be able
to surf the web, so they'll likely call your NOC.  Your NOC can then tell
them to add the proxy settings and VOILA.

Many ways to skin the cat on this one.  Tranparent proxying is nice, but
in practice it can be difficult to setup and maintain, especially across
a multi-nas environment.

-Chris
--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Webpage redirect

2002-12-12 Thread Fernando Teodoro 
 EOL product, but this is capable of doing what you want, if you can
 find the docs to configure it.

The magic can be done with PM3? Sounds great, it's the model for most of my
RAS.
I'll search about it, so. Do you know how this function (redirect according
filter) is called?


 Something that all of the nas you listed can do fairly easily is apply
 a packet filter via RADIUS ( Filter-ID ).  This could block port 80
traffic
 from going anywhere except the proxy server.  You apply it selectively to
 the users you want.  If they don't have proxy settings, they won't be able
 to surf the web, so they'll likely call your NOC.  Your NOC can then tell
 them to add the proxy settings and VOILA.

I'm using Filter-ID; filtered customers have only access to my webserver and
mail server
(I'm also trying to discover how limit the daily usage to 30 minutes)

The problem is my ISP was working together with another ISP, and now this
fellowship
has been broke apart. So, when I restrict my customers to only my webpage
(where there's
a message telling the story, with a link to validate their accounts), they
must ACTIVELLY
open the browser and go to my website (could be a proxy, which I'm not using
at this time),
to read the message. Therefore, if they can't go anywhere else in web,
there's 50% chance
they'll call my NOC, and 50% chance they'll call the other NOC (the other
ISP)

What a puzzle!


Fernando


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

CDMA28826368636

2002-12-12 Thread hello 
CDMA°üÔ¿¨°üº¬ÊÐÇøÄÚ´ò½ø´ò³öµÄ»°·Ñ£¨²»º¬³¤Í¾·Ñ£¬ºÍ¶ÌÐÅÏ¢£©£ºÊÖÐø·Ñ300Ôª
Êл°Í¨500ÔªËÍ400»°·Ñ
ÏêÇéÇëµç26368636×Éѯ

cisco-avpair

2002-12-12 Thread betux 
dear all,

i see at cisco log example :

..
May 26 02:03:45.615:RADIUS:Received from id 2 1.13.84.100:1645, Access-Accept, 
len 160
May 26 02:03:45.615:Attribute 26 26 000967146833
May 26 02:03:45.615:Attribute 26 30 00096B186833
May 26 02:03:45.615:Attribute 26 36 0009651E6833
May 26 02:03:45.615:Attribute 26 23 00096D116269
May 26 02:03:45.615:Attribute 26 25 00096E136375
May 26 02:03:45.615:RADIUS:saved authorization data for user 624E9550 at 
62512AA8
May 26 02:03:45.615:RADIUS:cisco AVPair :h323-return-code=0
May 26 02:03:45.615:RADIUS:cisco AVPair :h323-preferred-lang=en
May 26 02:03:45.615:RADIUS:cisco AVPair :h323-credit-amount=10.00
May 26 02:03:45.615:RADIUS:cisco AVPair :h323-billing-model=1
May 26 02:03:45.615:RADIUS:cisco AVPair :h323-currency=USD
May 26 02:03:45.615:AAA/MEMORY:free_user (0x624E9550) user='001234' ruser='' 
port='' 
rem_addr='101000' authen_type=ASCII service=LOGIN priv=0




but my freeradius don't send cisco avpair (vsa info).

why?



Regards,



Tjenen


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: cisco-avpair

2002-12-12 Thread Chris Parker 
At 04:59 AM 12/13/2002 +0700, betux wrote:

dear all,

i see at cisco log example :


snip


but my freeradius don't send cisco avpair (vsa info).


Debug info from FreeRADIUS would be more helpful in figuring out the
problem than debugging info from the NAS.

-Chris

--
   \\\|||///  \  StarNet Inc.  \ Chris Parker
   \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
   | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
  \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: cisco-avpair

2002-12-12 Thread betux 
i try test my freeradius with radtest and access accept.
but info radius.log just said :Pairs do not match for user [2101704]

is it caused because wrong reply attribute?


Regards,


Tjenen



On Friday 13 December 2002 05:04, Chris Parker wrote:
 At 04:59 AM 12/13/2002 +0700, betux wrote:
 dear all,
 
 i see at cisco log example :

 snip

 but my freeradius don't send cisco avpair (vsa info).

 Debug info from FreeRADIUS would be more helpful in figuring out the
 problem than debugging info from the NAS.

 -Chris


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

A question about EAP-MD5.....

2002-12-12 Thread cefiro\(\) 




sorry.
I am CEFIRO C.
I have some troubleduring setup 
Winxp AP ---RADIUS 
Server,ask for your help... 

I have similar environment setting with you,
using EAP-MD5, radiusd -X have the following message, I don't 
know what it meaning about 
" invalid Message-Authenticator "


My environment setup as follows
(1) supplicant : 
winxp 
   
10.0.5.222
(2) authenticator:AP 
 

 10.0.5.221
(3) authentication server: Linux Redhat 8.0 + 
RADIUS10.0.5.223
  (version : 
freeradius-snapshot-20021118)

radiusd -X output

rad_recv : Access-Request packet from 
host 10.0.5.221 : 1025, id=1, length =161
 Received packet from 10.0.5.221 with 
invalid Message-Authenticator!
 Server rejecting 
request0.
 Finished request 0
 Going to tje net request
 --- Walking the entire request list 
---
 
..
 
..
 nothing to do. Sleeping until we see a 
request. 
---

thanks for your 
help..

Re: A question about EAP-MD5.....

2002-12-12 Thread Artur Hecker 

hi


comments below.


  AP --- RADIUS Server , ask for your help... I have
 similar environment setting with you, using EAP-MD5, radiusd -X have
 the following message, I don't know what it meaning about  invalid
 Message-Authenticator 

 My environment setup as follows (1) supplicant : winxp
  10.0.5.222 (2) authenticator:AP
  10.0.5.221 (3) authentication server: Linux Redhat 8.0 + RADIUS
 10.0.5.223 (version : freeradius-snapshot-20021118)

 radiusd -X output
 --
 --- rad_recv : Access-Request
 packet from host 10.0.5.221 : 1025, id=1, length =161 Received packet
 from 10.0.5.221 with invalid Message-Authenticator! Server rejecting
 request 0. Finished request 0 Going to tje net request --- Walking
 the entire request list --- .. .. nothing to do. Sleeping
 until we see a request.

two possibilities (either...or)

1. your radius password is NOT the same in the client (authenticator)
and server for this client (FR), s. clients.conf and the config of your
authenticator.

2. your authenticator is a crap (tm) alan and doesn't know how to
produce a radius-conform message authenticator.


i bet for 1.


ciao
artur



-- 
Artur Hecker Groupe Acce`s et Mobilite'
hecker[at]enst[dot]fr De'partement Informatique et Re'seaux
+33 1 45 81 750746, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr  ENST Paris


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html