Using MySQL for authenticate
Hi My O.S. is RedHat7.2 and I installed the freeradius-snapshot2002-09-16. I'm using EAP for authentication.Now I want to use MySQL in FreeRadius. I think I should install the MySQL package first, and then add the 'sql' in module in authencation and authorization. Is that right?If you have used MySQL, please give me some advice. I am new to MySQL.How can I configure Radius to get it work with MySQL?Hope you can tell the steps.Thank you! wanglu [EMAIL PROTECTED] 2002-12-23 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
can i set attribute after the proxy server authenticated the user information?
I've downloaded freeradius0.8.1 and installed it on a
FreeBSD 4.4 pc.
I added the following lines in the config file "hints"
DEFAULT Suffix = "@test1.vpdn", Strip-User-Name = No
Hint = "PPP",
Service-Type = Framed-User,
Framed-Protocol = PPP,
cisco-avpair = "lcp:interface-config=ip vrf
forwarding vrf1\\n ip unnumbered loopback1\\n peer
default ip address pool vpn1"
# the last line is a set of command for the cisco
router as NAS
lines in proxy.conf
realm test1.vpdn {
type= radius
authhost= 211.xx.xx.93:1812
accthost= 211.xx.xx.93:1813
secret = WinRadius
}
# i dont want the radius server 211.xx.xx.93 to return
any attribtes about NAS because it belongs to our
customer.
now, the result is:
the customer's radius server successfully
authenticated the request from freeradius server, but
i lose the attributes added in the file "hints".
can i do anything to override the customer's radius's
returned attributes?
thank you all.
__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault.
From: "Alan DeKok" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Segmentation fault. Date: Sun, 22 Dec 2002 10:58:40 -0500 Reply-To: [EMAIL PROTECTED] >"Allister Maguire" <[EMAIL PROTECTED]> wrote: >> We are getting this segmentation fault with freeradius v0.8. > Try 0.8.1, it may be different. I will try, and re-post either way. >> The seg fault occurs while we restart any one of the servers, it use to >> work fine with version v0.7.1. > Ah. You're sending the server a HUP signal? That has problems. >Still, the module shouldn't die. I'm not that familiar with >Kerberos, so I can't help much. Sorry sould have made it clearer, when ever I restart one of the LDAP/Kerberos servers. Thanks Allister Maguire <>
RE: users file reloading
Thanks. It really helped. But what I want to know if that fastusers module uses the "-HUP" option for every reload. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kevin Bonner Sent: Sunday, December 22, 2002 6:57 PM To: [EMAIL PROTECTED] Subject: Re: users file reloading Read doc/rlm_fastusers Kevin On Friday 20 December 2002 23:10, Wisam Najim wrote: > Hi All, > > I'm authenticating ISDN users from users file while normal dialup users are > authenticated from Oracle database. Every time I add an ISDN user, I need > to stop and start the freeRADIUS instance. I want to know if I can reload > the users file without stopping and starting the freeRADIUS. > > > Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help for ldap configuration
I'am using the freeradius 0.5 because I have tried 0.8 and cannot manage the ldap module. Now I think my problem is not so big but I couldn't solve it. Here is my output from "radius -x" command. Could anybody help me to solve this problem. The user 'a' and password 'dWdy' are valid in the ldap directory but it doesn't send an accept message. Could anyone help me to solve this problem. Best regards. Gokce Starting - reading configuration files ... Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded LDAP conns: (nil) rlm_ldap: reading ldap<->radius mappings from file /etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Ne twork rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port conns: 0x80da1d0 Module: Instantiated ldap (ldap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded files Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id Module: Instantiated acct_unique (acct_unique) Module: Loaded detail Module: Instantiated detail (detail) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:2826, id=0, length=50 User-Name = "a" User-Password = "\024l\322o\266\305;0h\223K\340\213\242\310" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "0" rlm_chap: Could not find proper Chap-Password attribute in request rlm_ldap: - authenticate rlm_ldap: login attempt by "a" with password "dWdy" ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Mudur,dc=my-isp,dc=com/secret rlm_ldap: waiting for bind result ... ldap_release_conn: Release Id: 0 rlm_ldap: user DN: uid=a, ou=accounts, dc=my-isp, dc=com rlm_ldap: (re)connect to localhost:389, authentication 1 rlm_ldap: bind as uid=a, ou=accounts, dc=my-isp, dc=com/dWdy rlm_ldap: waiting for bind result ... rad_recv: Access-Request packet from host 127.0.0.1:2826, id=0, length=50 Sending duplicate authentication reply to client localhost:2826 - ID: 0 Sending Access-Reject of id 0 to 127.0.0.1:2826 Sending Access-Reject of id 0 to 127.0.0.1 __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com -
Re: Segmentation fault.
"Allister Maguire" <[EMAIL PROTECTED]> wrote: > We are getting this segmentation fault with freeradius v0.8. Try 0.8.1, it may be different. > The seg fault occurs while we restart any one of the servers, it use to > work fine with version v0.7.1. Ah. You're sending the server a HUP signal? That has problems. Still, the module shouldn't die. I'm not that familiar with Kerberos, so I can't help much. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user usage
On Wed, 18 Dec 2002, Craig Witter wrote: > I was wondering if anyone has found a way that users can go to a website, > enter their username, and see a history of their logins. I've seen > commercial software that does this before. Anyone seen an open source > version? Possible a cgi script? In dialup_admin there is the user_state.php3 page which can be used by outside pages to get a few statistics about a certain user like: account_status(active or inactive),lock message,weekly limit,daily limit, weekly used,weekly connections,daily used,daily connections You could also edit the user_accounting.php3 page to ask for the username before printing any information. The point is though that you should first authenticate your user before allowing him to gain access to your accounting records. That requires some work but if a few people need that feature i could create a page for user usage overview. > > Thanks, > > Craig > > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS with DEFAULT user
On Thu, 19 Dec 2002, Fernando Teodoro wrote: > Last question (the previous errors I've posted in the list was solved): > > I'm using MySQL auth/accouting.with FreeRADIUS. The last question remaining > is: is there a way to use DEFAULT user configuration (which can always log > in)? > > With ic-radius, this can be accomplished creating a group "GUEST" in > radgroup table, then setting a/v values in radgroupreply table, adding a > field "Auth-Type = Accept" for group GUEST in the same table. > > Is there a way to do the same with FreeRADIUS? Maybe using the old "users" > file with a DEFAULT user? In this case, I will need to use "Fall-Through" in > sql, but I can't imagine how (or where) add this attribute. > > I'll very helpfull for any tips about 'add an default user with a/v > auth-type=accept'. Check out the default_user_profile directive in sql.conf. This feature has been added in the latest versions of the sql module. The comments in sql.conf should also be very helpfull. > > Thanks in advance, > > > -- Fernando. > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: users file reloading
Read doc/rlm_fastusers Kevin On Friday 20 December 2002 23:10, Wisam Najim wrote: > Hi All, > > I'm authenticating ISDN users from users file while normal dialup users are > authenticated from Oracle database. Every time I add an ISDN user, I need > to stop and start the freeRADIUS instance. I want to know if I can reload > the users file without stopping and starting the freeRADIUS. > > > Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Oracle Database Failover
Dear All, I've tried the oracle database fail over option; it worked fine with me in case the database is down, but in case the network is down or the database server is not reachable, the fail over option is not working and the request is discarded. Is there a way to track this in order to implement it in the fail over? Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
