Multiple Password Files

[Craig]

I have been trying to get

[EMAIL PROTECTED] to authenticated from /etc/shadow1
[EMAIL PROTECTED] to authenticated from /etc/shadow2

for a while but don't know how. Does freeradius allow this? Surely multiple 
password files/databases/locations would be supported, since many ISP's with 
resellers would want this.

Craig.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Trying to do accounting on freeradius+mysql

[Evren Yurtesen]

Well if I am not mistaken, you can see in dialupadmin, the daily totals
etc. But again if I am not mistaken there is mysql commands for adding up
the search results. You should either figure out the mysql commands from
the mysql manual or dig into dialup_admin files to find how its doing it,
then you write your own scripts or use the same commands

Perhaps somebody else on the list might have more information but I just
wanted to write a quick reply. =)

Evren

On Tue, 21 Jan 2003, Iq wrote:

> Hi Everyone,
>I have steup freeradius+mysqlfairly easy with the
> following links.
> http://www.ccs.neu.edu/home/peterm/freeradiusbuild.html
> http://www.frontios.com/freeradius.html
> 
> I did connect for a while to my POP as well using mysql at the backend. But
> i don't know how to do accounting. I did setup dialup_admin
> www.dialup.goldenwireless.com.au
> but I am doing something wring their is it is not working properlyl.  I have
> all the values in radacct table but I don't know how to calculate the time a
> customer is on and the data he has utilized.
> "iraja" is the username that get connected to the server rest of the
> usernames are just wrong attempts.
> 
> mysql> select * from radacct;
> 
> | RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm |
> NASIPAddress | NASPortId | NASPortType | AcctStartTime   | AcctStopTime
> | AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop  |
> AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId |
> AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |
> AcctStartDelay | AcctStopDelay |
> +---+---+--+--+---+-
> -+---+-+-+-+
> -+---+---+---+--
> ---+--+-+--+
> +-++-+--
> --+---+
> | 1 | 71000344  |  | p.richardson |   |
> 203.14.183.2 |16 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:26:56 |2197 | RADIUS|   | 49333
> LAPM/V42BIS |  434240 |  3449921 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.82   |
> 0 |45 |
> | 2 | 7100034B  |  | iraja|   |
> 203.14.183.2 |12 | Async   | 2002-11-26 22:27:39 | 2002-11-26
> 22:29:08 |  89 | RADIUS| 38666 LAPM/V42BIS | 24000
> LAPM/V42BIS |1399 | 1064 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.68   |
> 0 | 0 |
> | 3 | 7100033F  |  | mbc  |   |
> 203.14.183.2 | 0 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:30:45 |4705 | RADIUS|   | 49333
> LAPM/V42BIS |  179854 |  1081219 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.84   |
> 0 | 0 |
> | 4 | 7100034C  |  | iraja|   |
> 203.14.183.2 |11 | Async   | 2002-11-26 22:30:46 | 2002-11-26
> 22:36:12 | 326 | RADIUS| 52000 LAPM/V42BIS | 52000
> LAPM/V42BIS |  159179 |  1355687 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.87   |
> 0 | 0 |
> | 5 | 71000348  |  | colrado  |   |
> 203.14.183.2 | 6 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:31:29 | 847 | RADIUS|   | 52000
> LAPM/V42BIS |   30517 |   245308 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.75   |
> 0 | 0 |
> | 6 | 71000341  |  | arma |   |
> 203.14.183.2 |14 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:33:25 |3580 | RADIUS|   | 26400
> LAPM/V42BIS |  617265 |  4066119 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.79   |
> 0 | 0 |
> | 7 | 71000345  |  | hjbems   |   |
> 203.14.183.2 | 5 | Async   | -00-00 00:00:00 | 2002-11-26
> 22:33:37 |1988 | RADIUS|   | 4
> LAPM/V42BIS |  517318 |  6394135 | 87966000|
> | User-Request   | Framed-User | PPP| 203.14.183.94   |
> 0 | 0 |
> +---+---+--+--+---+-
> -+---+-+-+-+
> -+---+---+-

Re: HELP: EAP/TLS - XP

[David Baer]

hi, 
thanks for looking at the matter, Artur.
> in fact, unless you shortened your post, there seems to be two requests
> one after another or am i wrong? because radius actually doesn't do
> anything about the wrong request. it denies the next one... well, it's
> perhaps normal.
well strange is (or is it a normal retry?), that it has two rad_recv of id=95. one at 
(*A*) and than the other one at  (*B*).
then he is sending the reject message on the line (*E*) to id=95, but it is not clear 
to which. 
However, I think the problem really is between line (*C*) and (*D*) which prevents me 
from getting an Access-Accept
This error seems to happen from time to time, I've found another post in the mailing 
list (http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg11598.html). 
But there isn't a solution (or even a guess, as to where it comes from) around.
Advice is appreciated.
david



rad_recv: Access-Request packet from host 10.56.56.201:6001, id=95, length=180 
 (*A*)
User-Name = "Hera"
NAS-IP-Address = 10.56.56.201
Called-Station-Id = "00-02-2d-48-6d-89"
Calling-Station-Id = "00-05-3c-06-6e-61"
NAS-Identifier = "hercules"
State = 
0xcbc90276b2c75bcf69c846a00bbb35e62f922b3ea0b9afaf4605a59f14b2fa8fc483abdc
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 
"\002\007\000!\r\200\000\000\000\027\025\003\001\000\022^\333$,\363"\275\010\010\374\234\204y\337\306U-g"
Message-Authenticator = 0x9095e69b06f47161b67f54139c32e1ef
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "eap" returns updated
rlm_realm: No '@' in User-Name = "Hera", looking up realm NULL
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
users: Matched Hera at 98
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns updated
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
modcall: entering group authenticate
rlm_eap: Request found, released from the list
rlm_eap: EAP_TYPE - tls
rlm_eap: processing type tls
rlm_eap_tls:  Length Included
<<< TLS 1.0 Alert [length 0002], fatal access_denied   
 (*C*)

TLS Alert read:fatal:access denied
2727:error:14094419:SSL routines:SSL3_READ_BYTES:tlsv1 alert access 
denied:s3_pkt.c:1037:SSL alert number 49
rlm_eap_tls: SSL_read Error
 Error code is . 6
 SSL Error . 6
rlm_eap_tls: BIO_read Error
 Error code is . 5
 Error in SSL . 5  
  (*D*)
  modcall[authenticate]: module "eap" returns ok
modcall: group authenticate returns ok
Delaying request 10 for 1 seconds
Finished request 10
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.56.56.201:6001, id=95, length=180(*B*)
Sending Access-Reject of id 95 to 10.56.56.201:6001
(*E*)
EAP-Message = "\004\007\000\004"
Message-Authenticator = 0x
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 6 ID 91 with timestamp 3e2b922e
Cleaning up request 7 ID 92 with timestamp 3e2b922e
Cleaning up request 8 ID 93 with timestamp 3e2b922e
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 9 ID 94 with timestamp 3e2b922f
Cleaning up request 10 ID 95 with timestamp 3e2b922f
Nothing to do.  Sleeping until we see a request.




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Trying to do accounting on freeradius+mysql

[Iq]

Hi Everyone,
   I have steup freeradius+mysqlfairly easy with the
following links.
http://www.ccs.neu.edu/home/peterm/freeradiusbuild.html
http://www.frontios.com/freeradius.html

I did connect for a while to my POP as well using mysql at the backend. But
i don't know how to do accounting. I did setup dialup_admin
www.dialup.goldenwireless.com.au
but I am doing something wring their is it is not working properlyl.  I have
all the values in radacct table but I don't know how to calculate the time a
customer is on and the data he has utilized.
"iraja" is the username that get connected to the server rest of the
usernames are just wrong attempts.

mysql> select * from radacct;

| RadAcctId | AcctSessionId | AcctUniqueId | UserName | Realm |
NASIPAddress | NASPortId | NASPortType | AcctStartTime   | AcctStopTime
| AcctSessionTime | AcctAuthentic | ConnectInfo_start | ConnectInfo_stop  |
AcctInputOctets | AcctOutputOctets | CalledStationId | CallingStationId |
AcctTerminateCause | ServiceType | FramedProtocol | FramedIPAddress |
AcctStartDelay | AcctStopDelay |
+---+---+--+--+---+-
-+---+-+-+-+
-+---+---+---+--
---+--+-+--+
+-++-+--
--+---+
| 1 | 71000344  |  | p.richardson |   |
203.14.183.2 |16 | Async   | -00-00 00:00:00 | 2002-11-26
22:26:56 |2197 | RADIUS|   | 49333
LAPM/V42BIS |  434240 |  3449921 | 87966000|
| User-Request   | Framed-User | PPP| 203.14.183.82   |
0 |45 |
| 2 | 7100034B  |  | iraja|   |
203.14.183.2 |12 | Async   | 2002-11-26 22:27:39 | 2002-11-26
22:29:08 |  89 | RADIUS| 38666 LAPM/V42BIS | 24000
LAPM/V42BIS |1399 | 1064 | 87966000|
| User-Request   | Framed-User | PPP| 203.14.183.68   |
0 | 0 |
| 3 | 7100033F  |  | mbc  |   |
203.14.183.2 | 0 | Async   | -00-00 00:00:00 | 2002-11-26
22:30:45 |4705 | RADIUS|   | 49333
LAPM/V42BIS |  179854 |  1081219 | 87966000|
| User-Request   | Framed-User | PPP| 203.14.183.84   |
0 | 0 |
| 4 | 7100034C  |  | iraja|   |
203.14.183.2 |11 | Async   | 2002-11-26 22:30:46 | 2002-11-26
22:36:12 | 326 | RADIUS| 52000 LAPM/V42BIS | 52000
LAPM/V42BIS |  159179 |  1355687 | 87966000|
| User-Request   | Framed-User | PPP| 203.14.183.87   |
0 | 0 |
| 5 | 71000348  |  | colrado  |   |
203.14.183.2 | 6 | Async   | -00-00 00:00:00 | 2002-11-26
22:31:29 | 847 | RADIUS|   | 52000
LAPM/V42BIS |   30517 |   245308 | 87966000|
| User-Request   | Framed-User | PPP| 203.14.183.75   |
0 | 0 |
| 6 | 71000341  |  | arma |   |
203.14.183.2 |14 | Async   | -00-00 00:00:00 | 2002-11-26
22:33:25 |3580 | RADIUS|   | 26400
LAPM/V42BIS |  617265 |  4066119 | 87966000|
| User-Request   | Framed-User | PPP| 203.14.183.79   |
0 | 0 |
| 7 | 71000345  |  | hjbems   |   |
203.14.183.2 | 5 | Async   | -00-00 00:00:00 | 2002-11-26
22:33:37 |1988 | RADIUS|   | 4
LAPM/V42BIS |  517318 |  6394135 | 87966000|
| User-Request   | Framed-User | PPP| 203.14.183.94   |
0 | 0 |
+---+---+--+--+---+-
-+---+-+-+-+
-+---+---+---+--
---+--+-+--+
+-++-+--
--+---+

I will appreciate any help on how can I get accounting done on the data in
mysql (even an sql query will do), for the moment I am using plain text
files and getting accounting done by "Optigold ISP" log parser.
I want customers to check their usgae using a web base interface.

RH7.3 + Freeradius 8



kind regards,

Internet Services Administrator
Golden IT
Ph:  +61 (3) 97052511
Fax: +61 (3) 97052544
Email: [EMAIL PROTECTED]
Web: www.goldenit.net.au

---

Dynamic IP addresses from FreeRadius questions

[Li Lin]

Hi,

I am setting up the dynamic IP addresses from FreeRadius and I have some
questions as follows.

1. I included the rlm_ippool into the Makefile and put dbm in the users
file.
   I do not know why I still get the following an error message as follow.

"/usr/local/etc/raddb/users[101]: Parse error (reply) for entry
userSecret1Name: Unknown attribute Pool-Name
Errors reading /usr/local/etc/raddb/users "

2. Could you check my users, radiusd.conf files to see anything
missing/incorrect for the dynamic IP Radius addressing?

3. I also included the run time messages, could you please help me to take a
look whether all modules have been installed properly?

Thank you very much.

Li Lin

--

(a) RADIUSD.CONF file

modules  {
ippool ippool {
name = ippool
session-db = /usr/local/etc/raddb/ippool-sess-db
ip-index = /usr/local/etc/raddb/ippool-idx-db
range-start = 177.30.0.1
range-stop  = 177.30.255.254
netmask = 255.255.0.0
cache-size  = 1000
}

dbm {
 usersfile = /usr/local/etc/raddb/users.db
}

}

authorize {
  
preprocess
chap
mschap
suffix
files
mypool
dbm

}



accounting {
acct_unique
detail
unix# wtmp file
radutmp
mypool
}

post-auth {
  #  Get an address from the IP Pool.
  mypool

}

++


(b) USERS file

userSecret1Name Auth-Type := Local, Password == "XXX"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-MTU = 1500,
Framed-Filter-Id = "std.ppp",
Framed-Compression = Van-Jacobsen-TCP-IP,
Service-Type = Authenticate-Only,
Pool-Name := "mypool",
Framed-IP-Address = 177.30.0.1+,







(c) Run time messages.

/usr/local/etc/raddb#radiusd -X
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = "/usr/local/var/log/radius/radius.log"
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "root"
 main: group = "root"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: checkrad = "/usr/local/sbin/checkrad"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = no
 proxy: dead_time = 120
 proxy: servers_per_realm = 15
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded expr 
Module: Instantiated expr (expr) 
Module: Loaded PAP 
 pap: encryption_scheme = "crypt"
Module: Instantiated pap (pap) 
Module: Loaded CHAP 
Module: Instantiated chap (chap) 
Module: Loaded MS-CHAP 
 mschap: ignore_password = no
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap) 
Module: Loaded System 
 unix: cache = no
 unix: passwd = "(null)"
 unix: shadow = "(null)"
 unix: group = "(null)"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: preproxy_us

Re: Problem with 1,000,000 users

[Evren Yurtesen]

Well did you check the system messages right before the process is
killed? If you ran out of memory and swap, definetely there should be
something coming.

Or like this other email on the list, you might have hit to some ulimit
limits.

Evren

On Mon, 20 Jan 2003, leaobicalho wrote:

> Yes, the freeradius load for memory, but i think that 
> problem is not memory, because, im have 256RAM, 
> AtholonXP 1.5XP, and the size of file are only 50MB. 
> 
> > are you running out of memory? did you check?
> > a guess would be that freeradius is trying to load the 
> file into memory.
> > 
> > On Mon, 20 Jan 2003, leaobicalho wrote:
> > 
> > > Why when use  1,000,000 of users, with users file, sh
> ow 
> > > this message??? if i use 100,000 no have problem, but
>  
> > > when i use many always have problem...why? my struct 
> of 
> > > uses files:
> > > login1  auth-type=accept
> > > login2  auth-type=accept
> > > login3  auth-type=accept
> > > login4  auth-type=accept
> > > 
> > > root@lala> radiusd -x
> > > Load
> > > Loading fastusers
> > >  Usesfile...
> > > Killed
> > > root@lala>
> > > 
> > >  
> > > _
> _
> > > E-mail Premium BOL
> > > Antivírus, anti-
> spam e até 100 MB de espaço. Assine já!
> > > http://email.bol.com.br/
> > > 
> > > 
> > > 
> > > - 
> > > List info/subscribe/unsubscribe? See http://www.freer
> adius.org/list/users.html
> > > 
> > 
> > 
> > - 
> > List info/subscribe/unsubscribe? See http://www.freerad
> ius.org/list/users.html
> > 
> 
> ___
> Animation Design®
> www.animationdesign.com.br
> 
>  
> __
> E-mail Premium BOL
> Antivírus, anti-spam e até 100 MB de espaço. Assine já!
> http://email.bol.com.br/
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with 1,000,000 users

[leaobicalho]

Yes, the freeradius load for memory, but i think that
problem is not memory, because, im have 256RAM,
AtholonXP 1.5XP, and the size of file are only 50MB.

> are you running out of memory? did you check?
> a guess would be that freeradius is trying to load the
file into memory.
>
> On Mon, 20 Jan 2003, leaobicalho wrote:
>
> > Why when use  1,000,000 of users, with users file, sh
ow
> > this message??? if i use 100,000 no have problem, but

> > when i use many always have problem...why? my struct
of
> > uses files:
> > login1  auth-type=accept
> > login2  auth-type=accept
> > login3  auth-type=accept
> > login4  auth-type=accept
> >
> > root@lala> radiusd -x
> > Load
> > Loading fastusers
> >  Usesfile...
> > Killed
> > root@lala>
> >
> >
> > _
_
> > E-mail Premium BOL
> > Antivírus, anti-
spam e até 100 MB de espaço. Assine já!
> > http://email.bol.com.br/
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freer
adius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freerad
ius.org/list/users.html
>

___
Animation Design®
www.animationdesign.com.br


__
E-mail Premium BOL
Antivírus, anti-spam e até 100 MB de espaço. Assine já!
http://email.bol.com.br/



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with 1,000,000 users

[Evren Yurtesen]

are you running out of memory? did you check?
a guess would be that freeradius is trying to load the file into memory.

On Mon, 20 Jan 2003, leaobicalho wrote:

> Why when use  1,000,000 of users, with users file, show 
> this message??? if i use 100,000 no have problem, but 
> when i use many always have problem...why? my struct of 
> uses files:
> login1  auth-type=accept
> login2  auth-type=accept
> login3  auth-type=accept
> login4  auth-type=accept
> 
> root@lala> radiusd -x
> Load
> Loading fastusers
>  Usesfile...
> Killed
> root@lala>
> 
>  
> __
> E-mail Premium BOL
> Antivírus, anti-spam e até 100 MB de espaço. Assine já!
> http://email.bol.com.br/
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with 1,000,000 users

[Andrew Pilley]

On Mon, Jan 20, 2003 at 08:12:50PM -0200, leaobicalho wrote:
> Why when use  1,000,000 of users, with users file, show 
> this message??? if i use 100,000 no have problem, but 
> when i use many always have problem...why? my struct of 
> uses files:
> login1  auth-type=accept
> login2  auth-type=accept
> login3  auth-type=accept
> login4  auth-type=accept
> 
> root@lala> radiusd -x
> Load
> Loading fastusers
>  Usesfile...
> Killed
> root@lala>

i'm guessing that either a) you got killed by the OOM killer (out of
memory) in newer linux kernels, or b) you ran into a limit (run ulimit
-a to check this, although this probably isn't the case, since you're
running as root).

run "dmesg" after this happens, and check that it hasn't mentioned
something about killing your process.

Andrew Pilley

> 
>  
> __
> E-mail Premium BOL
> Antivírus, anti-spam e até 100 MB de espaço. Assine já!
> http://email.bol.com.br/
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Any experience with Symbol APs?

[Chad Houston]

I've seen several posts about the inconsistency of wireless access points.  I'm trying 
to use FreeRADIUS 0.8.1, a Symbol AP4131, and EAP/MD5 (on Windows XP, *without* 
service pack 1).  The identity request is received by FreeRADIUS, and the challenge is 
sent correctly back to the supplicant.  But, when the challenge response comes back, 
the State attribute has been changed.  According to the specification this value 
should be returned unaltered.  Perhaps it has been corrupted by a memory bug inside 
the access point?

Has anyone had any success (or failure) with Symbol access points?

Chad


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with 1,000,000 users

[leaobicalho]

Why when use  1,000,000 of users, with users file, show
this message??? if i use 100,000 no have problem, but
when i use many always have problem...why? my struct of
uses files:
login1  auth-type=accept
login2  auth-type=accept
login3  auth-type=accept
login4  auth-type=accept

root@lala> radiusd -x
Load
Loading fastusers
 Usesfile...
Killed
root@lala>


__
E-mail Premium BOL
Antivírus, anti-spam e até 100 MB de espaço. Assine já!
http://email.bol.com.br/



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

WISP Consultant Needed!

[William Pullinger]

I'm looking for someone experienced with wireless internet provider setups. 
We will be using Senao wireless routers and require an authentication system 
(preferable web based) for users to login (or purchase time usage for 
example).

If you're knowledgable in this field, please contact me at:

[EMAIL PROTECTED]
or
778 288 0278

_
MSN 8 with e-mail virus protection service: 2 months FREE* 
http://join.msn.com/?page=features/virus


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Dialup_admin

[System Administrator]

using apache 2.0   seems to be different setup
then what I am used to

thanks for the tip though
- Original Message -
From: "Duane Barnes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, January 20, 2003 3:02 PM
Subject: RE: Dialup_admin


> Do you have .php3 enabled as a proper extension in your httpd.conf file?
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]] On Behalf Of System
> Administrator
> Sent: Monday, January 20, 2003 2:46 PM
> To: [EMAIL PROTECTED]
> Subject: Dialup_admin
>
> can anyone tell me why I get this on the left frame of my dialup admin
> install?
>
>  $auth_user = $HTTP_SERVER_VARS["PHP_AUTH_USER"];
> if ($auth_user){
>  if (is_file("../html/buttons/$auth_user/buttons.html.php3"))
>   include("../html/buttons/$auth_user/buttons.html.php3");
>  else{
>   if (is_file("../html/buttons/default/buttons.html.php3"))
>include("../html/buttons/default/buttons.html.php3");
>  }
> }
> else{
>  if (is_file("../html/buttons/default/buttons.html.php3"))
>   include("../html/buttons/default/buttons.html.php3");
> }
> ?>
>
> the example on freeradius.org seems to have the same problem
> Redhat 8.0
> freeradius .8.1
>
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius and ippools

[Alan DeKok]

Norbert Wegener <[EMAIL PROTECTED]> wrote:
> Just another question: How can I query which ipaddresses of the pool are 
> in use? Only ping them might not be the best solution.

  For the IP pools module, I would expect that there could be an
associated utility program which would print out that information.

  I don't know if such a program exists, though.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Authorization / Authentication

[Alan DeKok]

Shannon Johnson" <[EMAIL PROTECTED]> wrote:
> My users file isn't very large. I'm not going to pretend to know what
> most of this means,

  That would appear to be the foundation of your problems wrth the
SQL module.  The SQL configuration mirrors the 'users' file, so if you
don't understand the 'users' file, you'll never get the SQL
configuration to do what you want.

  Look over the examples in the 'users' file.  Come up with a
configuration that you think *should* work.  Try it, debug it, and try
again.  It's exactly the method I use.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Authorization / Authentication

[Nick Davis]

Shannon,

> My users file isn't very large. I'm not going to pretend to know what
> most of this means, but suffice it to say that I don't have any dial-in
> users, so I'm not sure that the PPP, CSLIP, or SLIP parts apply. If they
> don't, should I comment them out? 

If there is something in your user file that is not being used, you can 
comment it out, delete it or just leave it. If it's not being used, it is 
just ignored. My users file looks just like yours, however I don't use it so 
it really doesn't matter.

> Also, I don't think the Default
> Auth-type should be System, but I didn't see any other option, besides
> Reject. Is there an SQL option? 

 Auth-Type could be System, Reject, sql or a few others too. You base that on 
what is in the Authorize section of radius.conf. 

I think you might not be understanging what Alan said in his previous post.

>   Look through the SQL configuration, seeing why the user doesn't
> match.

This means look at sql.conf and see how the username and password are entered 
into the sql queries. Are the queries missing something?


>   I'd suggest debugging it with the 'users' file first, though.  Get
> the config working for the user, and then move it over to SQL.  That
> way you're tracking down one problem at a time.

This does NOT mean, look at the users file to see what might be wrong with it. 
It does mean that if you can't get it to work with sql right away, comment 
out "sql" in the Authorize and Accounting sections of your radius.conf, and 
use "files" instead to get radius working in the first place. Once you know 
it is working and understand what is going on, then you can move on to a more 
difficult scenario... using sql.

Nick

-- 
Nick Davis 
Associate Systems Administrator 
[EMAIL PROTECTED] 
Internet Exposure, Inc. 
http://www.iexposure.com  

(612)676-1946 
Web Development-Web Marketing-ISP Services

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radiusd dying when closing connection to postgres

[Moisés David Rincón D'Hoyos]

Hi,

I have installed FR0.8.1 in RedHat7.3. radiusd runs fine for some hours
sometimes but always at some point it crashes dumping a core, ending in
one of two functions:

(gdb) bt
#0  0x4207ad9e in chunk_free () from /lib/i686/libc.so.6
#1  0x4207ad24 in free () from /lib/i686/libc.so.6
#2  0x400bef6f in freePGconn () from /usr/lib/libpq.so.2
#3  0x400a02e2 in sql_close (sqlsocket=0x80ec0b8, config=0x80bd948)
at sql_postgresql.c:390
#4  0x400afad1 in rlm_sql_query (sqlsocket=0x80ec0b8, inst=0x80bd530,
query=0x404358dc "UPDATE radacct SET AcctStopTime = '2003-01-16
12:14:17', AcctSessionTime = 263, AcctInputOctets = 24304,
AcctOutputOctets = 394481, AcctTerminateCause = '', AcctStopDelay = 6,
FramedIPAddress = '200.1"...) at sql.c:384
#5  0x400aed0b in rlm_sql_accounting (instance=0x80bd530,
request=0x40d5b4a0)
at rlm_sql.c:745
#6  0x08054981 in module_post_auth ()
#7  0x08054aca in modcall ()
#8  0x080549cb in module_post_auth ()
#9  0x08054a91 in modcall ()
#10 0x0805466a in module_accounting ()
#11 0x0804f736 in rad_accounting ()
#12 0x0804d2fa in rad_respond ()
#13 0x0805635c in radius_xlat ()
#14 0x40073faf in pthread_start_thread () from /lib/i686/libpthread.so.0

(gdb) bt
#0  0x40075087 in pthread_mutex_lock () from /lib/i686/libpthread.so.0
#1  0x4207ad18 in free () from /lib/i686/libc.so.6
#2  0x400bef6f in freePGconn () from /usr/lib/libpq.so.2
#3  0x400a02e2 in sql_close (sqlsocket=0x80f89d8, config=0x80bd948)
at sql_postgresql.c:390
#4  0x400afad1 in rlm_sql_query (sqlsocket=0x80f89d8, inst=0x80bd530,
query=0x406358dc "INSERT into radacct (AcctSessionId, AcctUniqueId,
UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, 
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputO"...) at sql.c:384
#5  0x400aebab in rlm_sql_accounting (instance=0x80bd530,
request=0x81459f0)
at rlm_sql.c:701
#6  0x08054981 in module_post_auth ()
#7  0x08054aca in modcall ()
#8  0x080549cb in module_post_auth ()
#9  0x08054a91 in modcall ()
#10 0x0805466a in module_accounting ()
#11 0x0804f736 in rad_accounting ()
#12 0x0804d2fa in rad_respond ()
#13 0x0805635c in radius_xlat ()
#14 0x40073faf in pthread_start_thread () from /lib/i686/libpthread.so.0

Any ideas?

Thanks.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Re: Re: SQL Authorization / Authentication

[Shannon Johnson]

Alan,

 

My users file isn’t very large. I’m not going to
pretend to know what most of this means, but suffice it to say that I don’t
have any dial-in users, so I’m not sure that the PPP, CSLIP, or SLIP
parts apply. If they don’t, should I comment them out? Also, I don’t
think the Default Auth-type should be System, but I didn’t see any other
option, besides Reject. Is there an SQL option? The contents of my /etc/raddb/users
file are as follows:

 

 

DEFAULT Auth-Type := System

    Fall-Through = Yes

 

DEFAULT Service-Type == Framed-User

    Framed-IP-Address = 255.255.255.254,

    Framed-MTU = 576,

    Service-Type = Framed-User,

    Fall-Through = Yes

 

DEFAULT Framed-Protocol == PPP

    Framed-Protocol = PPP,

    Framed-Compression = Van-Jacobson-TCP-IP

 

DEFAULT Hint == "CSLIP"

    Framed-Protocol = SLIP,

    Framed-Compression = Van-Jacobson-TCP-IP

 

DEFAULT Hint == "SLIP"

    Framed-Protocol = SLIP

 

 

Shannon

 

 

"Shannon Johnson" <[EMAIL PROTECTED]> wrote:> That's what I thought, but the definition of Authorization and> Authentication got me a little confused. New question now..> rlm_sql (sql): User  not found in radgroupcheck> rlm_sql (sql): User not found> rlm_sql (sql): Released sql socket id: 2>   modcall[authorize]: module "sql" returns notfound...> From what I can tell, it's not passing the username (or password, for> that matter) to the SQL database. Would that be a correct assumption? If> so, do you have any suggestions on what to do to fix?   Look through the SQL configuration, seeing why the user doesn'tmatch.   I'd suggest debugging it with the 'users' file first, though.  Getthe config working for the user, and then move it over to SQL.  Thatway you're tracking down one problem at a time.   Alan DeKok.

 

RE: Dialup_admin

[Duane Barnes]

Do you have .php3 enabled as a proper extension in your httpd.conf file?

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of System
Administrator
Sent: Monday, January 20, 2003 2:46 PM
To: [EMAIL PROTECTED]
Subject: Dialup_admin

can anyone tell me why I get this on the left frame of my dialup admin
install?



the example on freeradius.org seems to have the same problem
Redhat 8.0
freeradius .8.1



- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dialup_admin

[System Administrator]

can anyone tell me why I get this on the left frame of my dialup admin
install?



the example on freeradius.org seems to have the same problem
Redhat 8.0
freeradius .8.1



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius and ippools

[Norbert Wegener]

Thank you Alan,
with this little bit of - for me - missing information it nearly worked 
out of the box.
Just another question: How can I query which ipaddresses of the pool are 
in use? Only ping them might not be the best solution.
Thanks
Norbert


Alan DeKok schrieb:
Norbert Wegener <[EMAIL PROTECTED]> wrote:


I appended the following to radiusd.conf:

ippool main_pool {
session-db = /usr/local/etc/raddb/ippool-sess-db
ip-index = /usr/local/etc/raddb/ippool-idx-db
range-start = 192.168.100.20
range-stop  = 192.168.100.40
}

Starting radius with -X gives the following error message: ERROR: Cannot 
find a configuration entry for module "main_pool"


  Put the configuration into the 'modules' section of radiusd.conf.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


--
Norbert Wegener Phone : (49) 201 2661 379
SBS Essen   Fax:(49) 201 2661 377
Germany Mail:   [EMAIL PROTECTED]
http://relax.sbs.de (intranet)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Authorization / Authentication

[Alan DeKok]

"Shannon Johnson" <[EMAIL PROTECTED]> wrote:
> That's what I thought, but the definition of Authorization and
> Authentication got me a little confused. New question now...
...
> rlm_sql (sql): User  not found in radgroupcheck
> rlm_sql (sql): User not found
> rlm_sql (sql): Released sql socket id: 2
>   modcall[authorize]: module "sql" returns notfound
...
> From what I can tell, it's not passing the username (or password, for
> that matter) to the SQL database. Would that be a correct assumption? If
> so, do you have any suggestions on what to do to fix?

  Look through the SQL configuration, seeing why the user doesn't
match.

  I'd suggest debugging it with the 'users' file first, though.  Get
the config working for the user, and then move it over to SQL.  That
way you're tracking down one problem at a time.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Re: SQL Authorization / Authentication

[Shannon Johnson]

Alan, That’s what I thought, but the definition of Authorization and Authentication got me a little confused. New question now...  I have the MySQL database set up with a test account (username test, password test). When I run “radiusd –xxp 1645” and try “radtest test test localhost:1645 0 testing”, it gives me a bunch of stuff, but the part that stands out is the following: rad_recv: Access-Request packet from host 130.203.224.111:32769, id=167, length=56Thread 2 assigned request 1--- Walking the entire request list ---Threads: total/active/spare threads = 5/1/4Waking up in 5 seconds...Thread 2 handling request 1, (1 handled so far)    User-Name = "test"    User-Password = "test"    NAS-IP-Address = 255.255.255.255    NAS-Port = 0modcall: entering group authorize  modcall[authorize]: module "preprocess" returns okrlm_chap: Could not find proper Chap-Password attribute in request  modcall[authorize]: module "chap" returns noop  modcall[authorize]: module "mschap" returns notfound    rlm_realm: No '@' in User-Name = "test", looking up realm NULL    rlm_realm: No such realm NULL  modcall[authorize]: module "suffix" returns noopradius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '' ORDER BY id'rlm_sql (sql): Reserving sql socket id: 2rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '' ORDER BY idrlm_sql (sql): User  not found in radcheckradius_xlat:  'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = '' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'rlm_sql_mysql: query:  SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE usergroup.Username = '' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.idradius_xlat:  'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = '' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'rlm_sql_mysql: query:  SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE usergroup.Username = '' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.idrlm_sql (sql): User  not found in radgroupcheckrlm_sql (sql): User not foundrlm_sql (sql): Released sql socket id: 2  modcall[authorize]: module "sql" returns notfound    users: Matched DEFAULT at 152  modcall[authorize]: module "files" returns okmodcall: group authorize returns ok  rad_check_password:  Found Auth-Type System  From what I can tell, it’s not passing the username (or password, for that matter) to the SQL database. Would that be a correct assumption? If so, do you have any suggestions on what to do to fix? Thanks for your help! ShannonShannon Johnson" <[EMAIL PROTECTED]> wrote:> I need this radius server to authenticate / authorize (still a> little hazy on the difference) console and ssh access to 10> workstations. The requests would come in to the workstation, get> routed to the server via a pam module, hit the freeradius server,> verify the username and password in the database, and let the person> on if their info is correct. First question, is this possible?   For username/password verification, yes.  They'll still have to getuid/gid/shell from somewhere, though. > I just got done reading about the differences between authorization> and authentication, and from what I gather, freeradius can't do> authentication to an SQL database. Is that correct?   Yes.  It won't try to log users into an SQL database. > Ideally, what I would like, is to have a database holding all the> usernames and passwords (holding in clear text, but transmitting> encrypted, if that matters). Can I do that with freeradius?   Yes.  That's storing the username/password in SQL, and lettingFreeRADIUS use trhat information to authenticate them.   Alan DeKok.

 

Compile freeradius on RH8

[João Sá]

Hi,

I'm trying to compile FreeRadius 0.8.1 on a clean Red Hat 8 Install but 
it seems to be some problems.

First, it returns an error related with DBM.
I changed the line RLM_LIBS on the file src/modules/rlm_dbm/Makefile
to RLM_LIBS= -lgdbm ant it worked.

After that I needed Postgresql-devel package.

But now I get this error
---
gcc  -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE 
-DNDEBUG -I../include   -c radiusd.c
radiusd.c:103: parse error before "RADIUSD_VERSION"
---

I'm compiling with gcc version 3.2 20020903 (Red Hat Linux 8.0 3.2-7)

I'm waiting you help tips.

Thanks In Advance,
Joao Sa



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MPPE dynamic re-keying

[Alan DeKok]

Artur Hecker <[EMAIL PROTECTED]> wrote:
> well, yes and no: actually, rekeying should be done between the 
> supplicant and the AP since only those two support the actual 
> cryptosuite, namely WEP if we are talking about 802.11.

  Wait for 802.11f.  It over-loads RADIUS to do re-keying...

  It's astonishingly ugly.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL Authorization / Authentication

[Alan DeKok]

"Shannon Johnson" <[EMAIL PROTECTED]> wrote:
> I need this radius server to authenticate / authorize (still a
> little hazy on the difference) console and ssh access to 10
> workstations. The requests would come in to the workstation, get
> routed to the server via a pam module, hit the freeradius server,
> verify the username and password in the database, and let the person
> on if their info is correct. First question, is this possible?

  For username/password verification, yes.  They'll still have to get
uid/gid/shell from somewhere, though.

> I just got done reading about the differences between authorization
> and authentication, and from what I gather, freeradius can't do
> authentication to an SQL database. Is that correct?

  Yes.  It won't try to log users into an SQL database.

> Ideally, what I would like, is to have a database holding all the
> usernames and passwords (holding in clear text, but transmitting
> encrypted, if that matters). Can I do that with freeradius?

  Yes.  That's storing the username/password in SQL, and letting
FreeRADIUS use trhat information to authenticate them.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Upgrading to Freeradius from Cistron Radius

[Kevin Hemsley]

I'm looking at making the jump to Freeradius. We have TotalControl HiPerARCs
and one POP of PortMasters. Any tips or caveats I should be aware of?

Thanks,
Kevin.
--
Kevin Hemsley
Systems Engineer
Microserv Computer Technologies, Inc.
[EMAIL PROTECTED]
NF7J



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error: Accounting: logout

[Mieczyslaw Maciejewski (EPO)]

Hi

In radius.log file I found some records which indicate errors. I use FreeRadius 0.8 
with Oracle for accounting
Could someone explain me reason for such  records (as below)

Sometime I don't observe (about 3% of records) packets (or at least records) 
"Accounting Stop" for appropriate "Accounting Start".  Maybe that's a quite different 
problem.

Sun Jan 19 11:14:25 2003 : Error: Accounting: logout: entry for NAS Tigris port 1541 
has wrong ID 
Sun Jan 19 11:14:25 2003 : Error: Accounting: logout: entry for NAS Tigris port 488 
has wrong ID 
Sun Jan 19 11:14:35 2003 : Error: Accounting: logout: entry for NAS Tigris port 1781 
has wrong ID 
Sun Jan 19 11:14:52 2003 : Error: Accounting: logout: entry for NAS Tigris port 453 
has wrong ID 
Sun Jan 19 11:15:16 2003 : Error: Accounting: logout: entry for NAS Tigris port 320 
has wrong ID 
Sun Jan 19 11:15:27 2003 : Error: Accounting: logout: entry for NAS Tigris port 396 
has wrong ID 
Sun Jan 19 11:15:58 2003 : Error: Accounting: logout: login entry for NAS Tigris port 
411 not found 
Sun Jan 19 11:16:16 2003 : Error: Accounting: logout: entry for NAS Tigris port 448 
has wrong ID 
Sun Jan 19 11:16:55 2003 : Error: Accounting: logout: entry for NAS Tigris port 1859 
has wrong ID 
Sun Jan 19 11:17:25 2003 : Error: Accounting: logout: entry for NAS Tigris port 1919 
has wrong ID 
Sun Jan 19 11:17:31 2003 : Error: Accounting: logout: entry for NAS Tigris port 314 
has wrong ID 
Sun Jan 19 11:17:57 2003 : Error: Accounting: logout: entry for NAS Tigris port 351 
has wrong ID 
Sun Jan 19 11:18:32 2003 : Error: Accounting: logout: entry for NAS Tigris port 538 
has wrong ID 
Sun Jan 19 11:19:57 2003 : Error: Accounting: logout: entry for NAS Tigris port 1499 
has wrong ID 
Sun Jan 19 11:19:58 2003 : Error: Accounting: logout: entry for NAS Tigris port 1977 
has wrong ID 
Sun Jan 19 11:30:50 2003 : Error: Accounting: logout: entry for NAS Tigris port 1337 
has wrong ID 
Sun Jan 19 11:31:24 2003 : Error: Accounting: logout: entry for NAS Tigris port 1955 
has wrong ID 
Sun Jan 19 11:31:58 2003 : Error: Accounting: logout: entry for NAS Tigris port 543 
has wrong ID 
Sun Jan 19 11:32:17 2003 : Error: Accounting: logout: entry for NAS Tigris port 458 
has wrong ID 
Sun Jan 19 11:32:19 2003 : Error: Accounting: logout: entry for NAS Tigris port 1586 
has wrong ID 
Sun Jan 19 11:32:57 2003 : Error: Accounting: logout: entry for NAS Tigris port 1228 
has wrong ID 
Sun Jan 19 11:33:01 2003 : Error: Accounting: logout: entry for NAS Tigris port 1354 
has wrong ID 
Sun Jan 19 11:33:56 2003 : Error: Accounting: logout: entry for NAS Tigris port 1307 
has wrong ID 
Sun Jan 19 11:34:54 2003 : Error: Accounting: logout: login entry for NAS Tigris port 
37 not found 
Sun Jan 19 11:35:15 2003 : Error: Accounting: logout: entry for NAS Tigris port 529 
has wrong ID 
Sun Jan 19 11:35:16 2003 : Error: Accounting: logout: login entry for NAS Tigris port 
442 not found 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius and ippools

[Alan DeKok]

Norbert Wegener <[EMAIL PROTECTED]> wrote:
> I appended the following to radiusd.conf:
> 
> ippool main_pool {
>  session-db = /usr/local/etc/raddb/ippool-sess-db
>  ip-index = /usr/local/etc/raddb/ippool-idx-db
>  range-start = 192.168.100.20
>  range-stop  = 192.168.100.40
> }
> 
> Starting radius with -X gives the following error message: ERROR: Cannot 
> find a configuration entry for module "main_pool"

  Put the configuration into the 'modules' section of radiusd.conf.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius and ippools

[Norbert Wegener]

I have downloaded the actual freeradius sources and wanted to make use 
of ippools. The module is still experimental(?)
and so I configured fr with
./configure  --with-experimental-modules

From raddb/experimental.conf:
#  Do server side ip pool management. Should be added in post-auth and
#  accounting sections.
As the distributed radiusd.conf contains an entry #main_pool in the 
post-auth section, I uncommented it. In the
accounting section I added  main_pool.

I appended the following to radiusd.conf:

ippool main_pool {
session-db = /usr/local/etc/raddb/ippool-sess-db
ip-index = /usr/local/etc/raddb/ippool-idx-db
range-start = 192.168.100.20
range-stop  = 192.168.100.40
}

Starting radius with -X gives the following error message: ERROR: Cannot 
find a configuration entry for module "main_pool"

Supposed I misunderstand the documentation, I changed the entries in the 
accounting and post-auth section to ippool.
What changed was the error message:
ERROR: Cannot find a configuration entry for module "ippool"

What am I doing wrong and/or where can I find more documentation about this
Norbert

--
Norbert WegenerPhone:(49)2012661379 Fax:(49)2012661377
SBS Essen,Germany  Mail: [EMAIL PROTECTED] 	Mailfax:(49)2018165521379


smime.p7s
Description: S/MIME Cryptographic Signature

Re: MPPE dynamic re-keying

[Artur Hecker]

hi

Klaus Heck wrote:

Did I get this right? FreeRADIUS does send a dynamically created MPPE
key once the authentication is performed. But there's no dynamic


yes, if you use EAP/TLS.



re-keying after certain time spans. Is that correct? And how hard is it
to implement it, say with configurable time intervals?


well, yes and no: actually, rekeying should be done between the 
supplicant and the AP since only those two support the actual 
cryptosuite, namely WEP if we are talking about 802.11.

so, it's more the function of your AP.

the auth server (AS) like freeradius shouldn't change the keys at the AP 
without supplicant beeing involved, since this risks to provoke key 
desynchronization. on the other side, the AS never contacts the 
supplicant from itself.

so basically, the supplicant has to contact the AS after some period of 
time. that's possible to do whenever you want, if the supplicant 
supports it. the radius server will reply with an usual Accept-Accept 
with all the MPPE stuff in it. other possibility to do this is by using 
Radius-attribute "Session-Timeout" (or something like that). In this 
manner, the AP (radius-client) will close the session after this time 
has elapsed and the supplicant will have to re-authenticate. this 
however is very likely to cut any open connections.


ciao
artur


--
Artur Hecker Groupe Accès et Mobilité
hecker[at]enst[dot]fr		  Département Informatique et Réseaux
+33 1 45 81 7507		46, rue Barrault 75634 Paris cedex 13
http://www.infres.enst.fr   ENST Paris


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

MPPE dynamic re-keying

[Klaus Heck]

Did I get this right? FreeRADIUS does send a dynamically created MPPE
key once the authentication is performed. But there's no dynamic
re-keying after certain time spans. Is that correct? And how hard is it
to implement it, say with configurable time intervals?


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SQL Authorization / Authentication

[Shannon Johnson]

I got the radius server talking to the sql database finally (thanks Nick). I
now have another question.

I need this radius server to authenticate / authorize (still a little hazy
on the difference) console and ssh access to 10 workstations. The requests
would come in to the workstation, get routed to the server via a pam module,
hit the freeradius server, verify the username and password in the database,
and let the person on if their info is correct. First question, is this
possible?

I just got done reading about the differences between authorization and
authentication, and from what I gather, freeradius can't do authentication
to an SQL database. Is that correct? Ideally, what I would like, is to have
a database holding all the usernames and passwords (holding in clear text,
but transmitting encrypted, if that matters). Can I do that with freeradius?

Shannon


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Unwanted character in time field

[Peter Nixon]

On Sat, 18 Jan 2003 01:59 am, Andy Melton wrote:
> I have recently installed a Free Radius server to collect accounting
> output from a Cisco AS5350.  Up until today, it was working fine, but at
> 4:00 pst yesterday, the timestamps from the accounting record are
> prepended by an *.
>
> I'm not sure if this was caused by the AS5350, which I'm guessing it is,
> but has anyone seen this and do you know how to strip off that *?
>
> Thanks for your help.

Yes. I have had this problem in the past. It happens when your ciscos loose 
NTP timesync. I have fixed it in two ways.
a) I run multiple local NTP servers
b) I use Postgres 7.3 as my backend DB. I have an embeded regexp perl function 
that strips out the asterix if there is one before inserting into the DB 
field.

Cheers

Peter

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: **Re2: I have rlm_eap_tls-0.8.1.so: undefinedsymbol:SSL_set_msg_callback while trying to use EAP/TLS authenticationover LAN

[Artur Hecker]

hi Ian


[ichew@sg-dsbu-ws1 lib]# rpm -qa |grep openssl
openssl-0.9.6b-18 <---existing one on my Redhat Linux 7.1
openssl-devel-0.9.6-3