Crazy Log File Entry
Has anybody on the list seen dialup log files that look like this: Fri Feb 28 23:49:18 2003 : Auth: Login incorrect: [EMAIL PROTECTED]"} }7}"}&} }*} } }%}&} 4!}'}"}(}"}-}#}&[EMAIL PROTECTED] }7}"}&} }*} } }%}&} 4!}'}"}(}"}-}#}&[EMAIL PROTECTED] }7}"}&} }*} } }%}&} 4!}'}"}(}"}-}#}&[EMAIL PROTECTED] }4}"}&} }*} } }%}&} 4!}'}"}(}"q}&[EMAIL PROTECTED]&} }4}"}&} }*} } }%}&} 4!}'}"}(}";;[EMAIL PROTECTED]'} }$d}1~A/] (from client as5200 port 40) The user called support notified us, and logged in ok the second time. The problem is random but we are starting to see more logs just like the one above. Does anybody have any ideas of what it could be? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help me
Hi Tarvid,
Thank a lot for your kindness.
I followed as you showed me but I could not solve the problem. Could you
help me to find out the bug
I give you my router configuration here
pascal#show run
Building configuration...
Current configuration : 4169 bytes
!
version 12.1
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname pascal
!
no logging console
aaa new-model
aaa authentication login default group radius local
...
...
radius-server host 172.16.5.5 auth-port 1645 acct-port 1646
radius-server retransmit 3
radius-server timeout 10
radius-server key 123456
and the file client.conf
client 172.16.5.1 {
secret = 123456
shortname = pascal
}
the file naslist
# NAS Name Short Name Type
# --
#portmaster1.isp.compm1.NY livingston
#portmaster2.isp.compm1.LA livingston
localhost local portslave
pascal pascal cisco
and radius log when logined fail
more /usr/local/var/log/radius/radius.log
Mon Dec 2 11:37:30 2002 : Info: HASH: Reinitializing hash structures and
lists for caching...
Mon Dec 2 11:37:30 2002 : Info: HASH: Stored 30 entries from /etc/passwd
Mon Dec 2 11:37:30 2002 : Info: HASH: Stored 40 entries from /etc/group
Mon Dec 2 11:37:30 2002 : Info: Listening on IP address 172.16.5.5, ports
1645/udp and 1646/udp.
Mon Dec 2 11:37:30 2002 : Info: Ready to process requests.
Mon Dec 2 11:37:57 2002 : Auth: Login incorrect:
[hao/8R=\275\326CG\214\224\227\003\231Y'\230c] (from client pascal port 66
cli 172
.16.5.3)
nhuhao
- Original Message -
From: "tarvid" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 28, 2003 5:49 PM
Subject: Re: help me
> On Saturday 01 March 2003 11:32 pm, Nguyen Nhu Hao wrote:
> > Hi all,
> > I am a newbie with radius and unix, I would like to install freeradius
=
> > in RedHat 7.1 and I use a router to authenicate via radius. I installed
=
> > ok, but I could not authenticate success. I configured authentication =
> > use unix module.
>
> >HASH: user hao found in hashtable bucket 47290
> >modcall[authenticate]: module "unix" returns reject
> > modcall: group authenticate returns reject
> > auth: Failed to validate the user.
> > Login incorrect: [hao/\236\232M\236s<\3121\211\214\344\347"+\214\031] =
> > (from client pascal port 66 cli 172.16.5.3)
> >WARNING: Unprintable characters in the password. ? Double-check the
=
> > shared secret on the server and the NAS!
>
> Have you followed up on the above error message?
>
> The 'secret" in clients.conf must match exactly the "secret" in your
server.
>
> You might log bad passwords to see if your server got anything like what
the
> router sent.
>
> Jim Tarvid
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help me
On Saturday 01 March 2003 11:32 pm, Nguyen Nhu Hao wrote: > Hi all, > I am a newbie with radius and unix, I would like to install freeradius = > in RedHat 7.1 and I use a router to authenicate via radius. I installed = > ok, but I could not authenticate success. I configured authentication = > use unix module. >HASH: user hao found in hashtable bucket 47290 >modcall[authenticate]: module "unix" returns reject > modcall: group authenticate returns reject > auth: Failed to validate the user. > Login incorrect: [hao/\236\232M\236s<\3121\211\214\344\347"+\214\031] = > (from client pascal port 66 cli 172.16.5.3) >WARNING: Unprintable characters in the password. ? Double-check the = > shared secret on the server and the NAS! Have you followed up on the above error message? The 'secret" in clients.conf must match exactly the "secret" in your server. You might log bad passwords to see if your server got anything like what the router sent. Jim Tarvid - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help me
Hi all, I am a newbie with radius and unix, I would like to
install freeradius = in RedHat 7.1 and I use a router to authenicate
via radius. I installed = ok, but I could not authenticate success. I
configured authentication = use unix module. I wrote here what
I saw when run radius -X and thank a lot for you help [EMAIL PROTECTED]
raddb]# /usr/local/sbin/radiusd -X Starting - reading configuration
files ... reread_config: reading
radiusd.conf Config: including file:
/usr/local/etc/raddb/clients.conf Config: including file:
/usr/local/etc/raddb/sql.conf main: prefix =3D "/usr/local"
main: localstatedir =3D "/usr/local/var" main: logdir =3D
"/usr/local/var/log/radius" main: libdir =3D
"/usr/local/lib" main: radacctdir =3D
"/usr/local/var/log/radius/radacct" main: hostname_lookups =3D
no read_config_files: reading
dictionary read_config_files: reading
clients read_config_files: reading
realms read_config_files: reading naslist main:
max_request_time =3D 30 main: cleanup_delay =3D 5 main:
max_requests =3D 1024 main: delete_blocked_requests =3D 0
main: port =3D 1645 main: allow_core_dumps =3D no main:
log_stripped_names =3D yes main: log_auth =3D yes main:
log_auth_badpass =3D yes main: log_auth_goodpass =3D yes
main: pidfile =3D "/usr/local/var/run/radiusd/radiusd.pid" main:
bind_address =3D 172.16.5.5 IP address [172.16.5.5] main: user =3D
"root" main: group =3D "root" main: usercollide =3D
no main: lower_user =3D "no" main: lower_pass =3D
"no" main: nospace_user =3D "no" main: nospace_pass =3D
"no" main: proxy_requests =3D no security: max_attributes
=3D 200 security: reject_delay =3D 1 main: debug_level =3D
0 read_config_files: entering modules setup Module:
Library search path is /usr/local/lib Module: Loaded
System=20 unix: cache =3D yes unix: passwd =3D
"/etc/passwd" unix: shadow =3D "/etc/shadow" unix: group =3D
"/etc/group" unix: radwtmp =3D
"/usr/local/var/log/radius/radwtmp" unix: usegroup =3D no
unix: cache_reload =3D 600 HASH: Reinitializing hash structures
and lists for caching... HASH: user root found in
hashtable bucket 11726 HASH: user bin found in hashtable
bucket 86651 HASH: user daemon found in hashtable bucket
11668 HASH: user adm found in hashtable bucket
26466 HASH: user lp found in hashtable bucket
54068 HASH: user sync found in hashtable bucket
42895 HASH: user shutdown found in hashtable bucket
71746 HASH: user halt found in hashtable bucket
7481 HASH: user mail found in hashtable bucket
79471 HASH: user news found in hashtable bucket
5375 HASH: user uucp found in hashtable bucket
38541 HASH: user operator found in hashtable bucket
21748 HASH: user games found in hashtable bucket
47657 HASH: user gopher found in hashtable bucket
47357 HASH: user ftp found in hashtable bucket
56226 HASH: user nobody found in hashtable bucket
99723 HASH: user nscd found in hashtable bucket
36306 HASH: user mailnull found in hashtable bucket
78086 HASH: user ident found in hashtable bucket
40304 HASH: user rpc found in hashtable bucket
72373 HASH: user xfs found in hashtable bucket
17213 HASH: user gdm found in hashtable bucket
50360 HASH: user postgres found in hashtable bucket
19301 HASH: user apache found in hashtable bucket
26582 HASH: user amanda found in hashtable bucket
72438 HASH: user ldap found in hashtable bucket
45563 HASH: user pvm found in hashtable bucket
78527 HASH: user squid found in hashtable bucket
62826 HASH: user hao found in hashtable bucket
47290 HASH: user teo found in hashtable bucket
26706 HASH: Stored 30 entries from
/etc/passwd HASH: Stored 40 entries from
/etc/group Module: Instantiated unix (unix)=20 Module: Loaded
preprocess=20 preprocess: huntgroups =3D
"/usr/local/etc/raddb/huntgroups" preprocess: hints =3D
"/usr/local/etc/raddb/hints" preprocess: with_ascend_hack =3D
no preprocess: ascend_channels_per_line =3D 23 preprocess:
with_ntdomain_hack =3D no preprocess: with_specialix_jetstream_hack
=3D no preprocess: with_cisco_vsa_hack =3D no Module:
Instantiated preprocess (preprocess)=20 Module: Loaded
realm=20 realm: format =3D "suffix" realm: delimiter =3D
"@" Module: Instantiated realm (suffix)=20 Module: Loaded
files=20 files: usersfile =3D "/usr/local/etc/raddb/users"
files: acctusersfile =3D "/usr/local/etc/raddb/acct_users" files:
compat =3D "no" Module: Instantiated files (files)=20 Module:
Loaded detail=20 detail: detailfile =3D
= "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
detail: detailperm =3D 384 detail: dirperm =3D 493 detail:
locking =3D no Module: Instantiated detail (detail)=20 Module:
Loaded radutmp=20 radutmp: filename =3D
"/usr/local/var/log/radius/radutmp" radutmp: username =3D
"%{Stripped-User-Name:-%{User-Name}}" radutmp: perm =3D 384
radutmp: callerid =3D yes Module: Instantiated radu
Re: MySQL table definition for RADIUS accounting data and duplicates
Derrik Pates wrote: Is there ever a legitimate situation where the AcctSessionId field might end up with the same value twice? My Cisco 350 AP uses the same AcctSessionId for multiple association/deassociates as long as the client's MAC address remains the same. So for any given AcctSessionId there will be multiple entries, but at most only one will have 0 in the AcctStopTime. For the most part it will use the same AcctSessionId for a given client until the AP is rebooted. -- Jacob S. Barrett [EMAIL PROTECTED] www.amduat.net "I don't suffer from insanity, I enjoy every minute of it." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL table definition for RADIUS accounting data and duplicates
I ended up needing to modify the MySQL table for RADIUS accounting data to mark the AcctSessionId and AcctUniqueId fields as UNIQUE. I was having problems with receiving duplicate accounting records, showing users logged in multiple times who actually were not. Does this seem like a good idea to anyone else? Is there ever a legitimate situation where the AcctSessionId field might end up with the same value twice? -- Derrik Pates [EMAIL PROTECTED] [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Few start script issues with installing on RedHat 7.3
I installed the recent freeradius on a RedHat 7.3 box. There were two
issues with the /usr/local/sbin/rc.radiusd script that I copied to
/etc/init.d.
First, under the stop) section, I was receiving an error that there was a
missing ']'. I added a space after -f $rundir/radiusd.pid to move the end
bracket over.
Second, I had to add either the variable
RADIUSD=${sbindir}/radiusd
or
sbindir=${exec_prefix}/sbin
It was late when I did this and I don't exactly recall which I had to add.
I am fully impressed with this radius version. Real nice work to all those
that have and are continuing to develop this. Thank you all.
Drew Flickema
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Garbase from terminal server / freeradius crashes?
Brendon Colby <[EMAIL PROTECTED]> wrote: > I wrote in a while back about garbage in our logs from our routers. The > terminal servers are logging in to the device causing this garbage to show up > in the radius logs. For example: > > Fri Feb 28 13:16:38 2003 : Auth: Login incorrect: [5)55)AiMM]=Ii] (from client > network-backbone port 1) Hmm... a useful hack to rlm_preprocess may be a list of characters which are allowed in usernames. e.g. "[EMAIL PROTECTED]" etc. If the server receives a request with a crazy username, it should be rejected *immediately*. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Garbase from terminal server / freeradius crashes?
When I had my terminal servers misconfigured (in my case, they were looking for XON/OFF flow control that wasn't there), I had nearly the same results. Check your terminal server config. If you want to test it, how about unplugging your terminal servers for a while and seeing if radius stops dying? (seriously) Although it's almost assuredly a bug that should be addressed (processes dying are _never_ a good thing), might want to get the ball rolling that way. Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center "So for the IT Manager Role, you want someone who's absolute crap, looks reasonable on paper, and won't cause too much trouble. ... Well I don't have any MCSEs on my books at the moment, but I could call around."-- Simon Travaglia Brendon Colby <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 02/28/2003 01:27 PM Please respond to freeradius-users To: [EMAIL PROTECTED] cc: Subject:Garbase from terminal server / freeradius crashes? Greetings, I wrote in a while back about garbage in our logs from our routers. The terminal servers are logging in to the device causing this garbage to show up in the radius logs. For example: Fri Feb 28 13:16:38 2003 : Auth: Login incorrect: [5)55)AiMM]=Ii] (from client network-backbone port 1) Fri Feb 28 13:16:38 2003 : Auth: Login incorrect: [9Q%] (from client network-backbone port 1) Fri Feb 28 13:16:38 2003 : Auth: Login incorrect: [ap-vxr#] (from client corporate-network port 11) So this is a known issue with the terminal servers logging in to the devices. Our network engineers are aware of this problem but do not know how to fix it. My question is, would this sort of constant stream of garbage hitting our RADIUS server cause freeradius to just die with no warning or errors? This is what happens and I cannot seem to find a reason why. The process just seems to die at random. We're running 0.8.1. Also, if anyone has any pointers on fixing this issue with all Cisco equipment please let me know. Thanks. -- Brendon Colby Systems Administrator Midcontinent Communications - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Garbase from terminal server / freeradius crashes?
Greetings, I wrote in a while back about garbage in our logs from our routers. The terminal servers are logging in to the device causing this garbage to show up in the radius logs. For example: Fri Feb 28 13:16:38 2003 : Auth: Login incorrect: [5)55)AiMM]=Ii] (from client network-backbone port 1) Fri Feb 28 13:16:38 2003 : Auth: Login incorrect: [9Q%] (from client network-backbone port 1) Fri Feb 28 13:16:38 2003 : Auth: Login incorrect: [ap-vxr#] (from client corporate-network port 11) So this is a known issue with the terminal servers logging in to the devices. Our network engineers are aware of this problem but do not know how to fix it. My question is, would this sort of constant stream of garbage hitting our RADIUS server cause freeradius to just die with no warning or errors? This is what happens and I cannot seem to find a reason why. The process just seems to die at random. We're running 0.8.1. Also, if anyone has any pointers on fixing this issue with all Cisco equipment please let me know. Thanks. -- Brendon Colby Systems Administrator Midcontinent Communications - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:FreeRADIUS 0.8.1 and Postgresql 7.3.2
Hits.. 1) Try open postmaster without in mode background 2) After run radiusd, with parametr -xxx 3) Chech string that radiusd make to check in postgres, test this string in psql to see error 4) Check messages ni postmaster > I have problem with radius. > Radiusd dead with some errors( cpu usage 99% ) : > > rlm_sql_postgresql: Status: PGRES_FATAL_ERROR > rlm_sql_postgresql: affected rows = > rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERRORs, returning > SQL_DOWN > rlm_sql (sql): Attempting to connect rlm_sql_postgresql #13 > rlm_sql_postgresql: Couldn't connect socket to PostgreSQL server > [EMAIL PROTECTED]:mydb > rlm_sql_postgresql: Postgresql error '' > rlm_sql (sql): Connected new DB handle, #13 > > but Postgresql don't dead and work fine. > > Thanks > ___ Animation Design® www.animationdesign.com.br __ E-mail Premium BOL Antivírus, anti-spam e até 100 MB de espaço. Assine já! http://email.bol.com.br/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS 0.8.1 and Postgresql 7.3.2
I have problem with radius. Radiusd dead with some errors( cpu usage 99% ) : rlm_sql_postgresql: Status: PGRES_FATAL_ERRORrlm_sql_postgresql: affected rows =rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERRORs, returningSQL_DOWNrlm_sql (sql): Attempting to connect rlm_sql_postgresql #13rlm_sql_postgresql: Couldn't connect socket to PostgreSQL server[EMAIL PROTECTED]:mydbrlm_sql_postgresql: Postgresql error ''rlm_sql (sql): Connected new DB handle, #13 but Postgresql don't dead and work fine. Thanks
Re: calling-station-id
Quoting Alan DeKok <[EMAIL PROTECTED]>: > > calledstationid > > callingstationid > > They should be at least 10 characters, and no more than 256. It's > safe to change those values to anything within that range. Thanks for the clearification... Didi -- - Didi Rieder [EMAIL PROTECTED] PGPKey ID: 3431D0B0 - pgp0.pgp Description: PGP Digital Signature
Re: mysql authorization
If you remark out the 'Auth-Type' all together in the 'users' file, then freeradius will begin to use the 'Auth-Type' specified in MySQL. That has been my experience at least. Rick E. - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 28, 2003 5:33 AM Subject: Re: mysql authorization > "John E Murphy" <[EMAIL PROTECTED]> wrote: > > I am trying to use mysql to authorize users. It seems that they are > > authorized but never get through because the system looks at the /etc/passwd > > file. Attached is the -X output. > > So configure the server to use a different Auth-Type. It comes > configured to use 'Auth-Type := System', and it looks like you didn't > change that. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: calling-station-id
Didi Rieder <[EMAIL PROTECTED]> wrote: > is there any reason why > > calledstationid > callingstationid > > are limited to VARCHAR(10) in db_oracle.sql, or is it save to change them to > VARCHAR(15) ? They should be at least 10 characters, and no more than 256. It's safe to change those values to anything within that range. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: realm length
Josh Howlett <[EMAIL PROTECTED]> wrote: > I got an error when I tried to specify a realm length > 63 characters. > > Is this an arbitrary limitation that could be extended beyond 63 > characters? Sure. Edit src/include/radiusd.c, and change the 64 to 256. There isn't much point in making it larger than 256, though, due to the RADIUS attribute size limits. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql authorization
"John E Murphy" <[EMAIL PROTECTED]> wrote: > I am trying to use mysql to authorize users. It seems that they are > authorized but never get through because the system looks at the /etc/passwd > file. Attached is the -X output. So configure the server to use a different Auth-Type. It comes configured to use 'Auth-Type := System', and it looks like you didn't change that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: error in rlm_accnt_unique
"Charles Nierva" <[EMAIL PROTECTED]> wrote: > h but how come when i tail-f the > /usr/local/var/log/radiusd/radacct/client/detail > > and when a diaulup user logs, there is a NAS-Port-Id. Then rlm_acct_unique is complaining about another packet, which *doesn't* contain a NAS-Port-Id. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Setting Realm attribute based on NAS-IP-Address?
At 07:51 AM 2/28/2003 -0700, [EMAIL PROTECTED] wrote: Quoting Chris Parker <[EMAIL PROTECTED]>: > At 01:30 PM 2/21/2003 -0500, Derrik Pates wrote: > >On Fri, Feb 21, 2003 at 12:18:00PM -0600, Chris Parker wrote: > > > DEFAULT NAS-IP-Address == a.b.c.d, Proxy-To-Realm := "foobar" > > >Fall-Through = Yes > I believe it should be. You'll want to check it yourself to make sure > your setup is behaving as you want. I did try that, unfortunately no dice. I need to be able to set the realm, and then use it later in the 'users' file (for assigning Auth-Type/Autz-Type). You're going to say, "ok, so why not just assign those and forget about the realm?" Well, that'd be because we need to be able to set Simultaneous-Use restrictions based on LDAP groups, and I'd rather not have to duplicate that entire thing just for the IP address of one (or potentially more) RAS servers. Any other thoughts? If you are basing on NAS-IP-Address, why not use the 'Huntgroups' feature? -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: auth through mysql
On Friday 28 February 2003 09:25 am, Ina Patricia Lopez wrote: > hi! > do you have any docs/guides on using freeradius to authenticate users > on mysql database? i'd appreciate any help. > > thanks, > ina patricia > you might try http://www.frontios.com/freeradius.html i am working through it myself jim tarvid - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius, OpenLDAP, CHAP and MD5 passwords
We have usernames and passwords stored in an OpenLDAP server with MD5 passwords. Freeradius 0.8 authenticating with PAP works fine. With CHAP the radius daemon reports that password should be stored in clear text and rejects the access, but the FAQ “5.11 How do I make CHAP work with LDAP” suggests I can use encrypted passwords. Is this interpretation correct? If so, what can be wrong? Thanks in advance for any help. Best regards, C. Pratas
Re: Setting Realm attribute based on NAS-IP-Address?
Quoting Chris Parker <[EMAIL PROTECTED]>: > At 01:30 PM 2/21/2003 -0500, Derrik Pates wrote: > >On Fri, Feb 21, 2003 at 12:18:00PM -0600, Chris Parker wrote: > > > DEFAULT NAS-IP-Address == a.b.c.d, Proxy-To-Realm := "foobar" > > >Fall-Through = Yes > I believe it should be. You'll want to check it yourself to make sure > your setup is behaving as you want. I did try that, unfortunately no dice. I need to be able to set the realm, and then use it later in the 'users' file (for assigning Auth-Type/Autz-Type). You're going to say, "ok, so why not just assign those and forget about the realm?" Well, that'd be because we need to be able to set Simultaneous-Use restrictions based on LDAP groups, and I'd rather not have to duplicate that entire thing just for the IP address of one (or potentially more) RAS servers. Any other thoughts? -- Derrik Pates [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
auth through mysql
hi! do you have any docs/guides on using freeradius to authenticate users on mysql database? i'd appreciate any help. thanks, ina patricia __ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius segmentation fault
freeradius (running a cvs snapshot of like 1 week) is crashing when I run it as "radiusd -y -z -f" or without the "-f". But when I run freeradius as "radiusd -X" it doesn't crash. I am using rlm_sql_sybase as my SQL driver for both authorize and accounting. The radiusd starts OK, serve a few requests then crashes. Heres a gdb backtrace. (gdb) bt #0 0x281005dc in kill () from /usr/lib/libc_r.so.4 #1 0x2815045d in abort () from /usr/lib/libc_r.so.4 #2 0x2814eeea in _thread_leave_cancellation_point () from /usr/lib/libc_r.so.4 #3 0x2814fd33 in _thread_leave_cancellation_point () from /usr/lib/libc_r.so.4 #4 0x281500c1 in free () from /usr/lib/libc_r.so.4 #5 0x2813d9d6 in fclose () from /usr/lib/libc_r.so.4 #6 0x804fd5b in vradlog (lvl=4, fmt=0x28233320 "rlm_sql_sybase(sql_query): Unexpected return value from ct_results()\n%s", ap=0xbfa85b2c "\004K#(ˬ\r\b") at log.c:169 #7 0x804fde4 in radlog (lvl=4, msg=0x28233320 "rlm_sql_sybase(sql_query): Unexpected return value from ct_results()\n%s") at log.c:216 #8 0x2823249b in sql_query (sqlsocket=0x80da8c0, config=0x80b5400, querystr=0xbfa86dcc "UPDATE r_radacct SET AcctStartTime = '2003-02-28 09:47:06', AcctStartDelay = '45', ConnectInfo_start = '' WHERE AcctSessionId = '335845320' AND UserName = 'gmorales' AND NASIPAddress = '196.12.179.5' "...) at sql_sybase.c:440 #9 0x2822d8d7 in rlm_sql_query (sqlsocket=0x80da8c0, inst=0x80daaa0, query=0xbfa86dcc "UPDATE r_radacct SET AcctStartTime = '2003-02-28 09:47:06', AcctStartDelay = '45', ConnectInfo_start = '' WHERE AcctSessionId = '335845320' AND UserName = 'gmorales' AND NASIPAddress = '196.12.179.5' "...) at sql.c:380 #10 0x2822c99b in rlm_sql_accounting (instance=0x80daaa0, request=0x81c6500) at rlm_sql.c:715 #11 0x8054ca2 in call_modsingle (component=3, sp=0x8120200, request=0x81c6500, default_result=7) at modcall.c:198 #12 0x8054e10 in modcall (component=3, c=0x8120200, request=0x81c6500) at modcall.c:304 #13 0x8054cf3 in call_modgroup (component=3, g=0x8120100, request=0x81c6500, default_result=7) at modcall.c:220 #14 0x8054dc3 in modcall (component=3, c=0x8120100, request=0x81c6500) at modcall.c:296 #15 0x805441b in indexed_modcall (comp=3, idx=0, request=0x81c6500) at modules.c:449 #16 0x8054a02 in module_accounting (acct_type=0, request=0x81c6500) at modules.c:793 #17 0x804f4ad in rad_accounting (request=0x81c6500) at acct.c:69 #18 0x804d20e in rad_respond (request=0x81c6500, fun=0x804f448 ) at radiusd.c:1444 #19 0x8056754 in request_handler_thread (arg=0x81209c0) at threads.c:210 #20 0x280da1b4 in _thread_start () from /usr/lib/libc_r.so.4 #21 0x0 in ?? () (gdb) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RV: freeradius-ldap is not running
On Fri, 28 Feb 2003, Federico Edelman wrote:
> I've got a dout. The rlm_ldap does support LDAPv3? Because I trying to
> connect to LDAP Server does support LDAPv2 and the freeradius does running ok
Yes it does. It even requests for LDAPv3 on ldap_connect.
>
>
> > -Mensaje original-
> > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > Enviado el: martes, 25 de febrero de 2003 12:48
> > Para: [EMAIL PROTECTED]
> > Asunto: Re: RV: freeradius-ldap is not running
> >
> > I don't _know_ it is wrong, I have only seen ldap dn (ones with access
> > to passwords) include a cn of the a user configures in the ACL to see
> > passwords. Your basedn dosen't have that, curious.
> >
> > Federico Edelman wrote:
> > >
> > > Ok! But, I think, the freeradius should be warns me if the basedn has
> > wrong.
> > > I don't like guest error.
> > > My basedn is that.
> > >
> > > Why do you say the basedn is wrong?
> > >
> > > Thanks very much.
> > > Fede
> > >
> > > > -Mensaje original-
> > > > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > > > Enviado el: lunes, 24 de febrero de 2003 20:40
> > > > Para: [EMAIL PROTECTED]
> > > > Asunto: Re: RV: freeradius-ldap is not running
> > > >
> > > > You have ldap configured in the radius. You have ldap configured to
> > be
> > > > a default fall-through. I understand your ldap server is working
> > fine.
> > > > I'm saying the radius server isn't talking to the ldap server, _maybe_
> > > > because the basedn is set wrong.
> > > >
> > > > Federico Edelman wrote:
> > > > >
> > > > > My LDAP server works fine. I'm using the LDAP server for other
> > services.
> > > > >
> > > > > > -Mensaje original-
> > > > > > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > > > > > Enviado el: lunes, 24 de febrero de 2003 15:35
> > > > > > Para: [EMAIL PROTECTED]
> > > > > > Asunto: Re: RV: freeradius-ldap is not running
> > > > > >
> > > > > > I think you should look at your ldap server logs. Your "basedn"
> > > > dosen't
> > > > > > look right to me. I think it should be something like,
> > > > > > "cn=user-that-can-read-passwords,dc=example,dc=com"
> > > > > >
> > > > > > Federico Edelman wrote:
> > > > > > >
> > > > > > > I can't get a response.
> > > > > > > Somebody know about this trouble?
> > > > > > >
> > > > > > > -Mensaje original-
> > > > > > > De: Federico Edelman
> > > > > > > Enviado el: jueves, 20 de febrero de 2003 10:29
> > > > > > > Para: [EMAIL PROTECTED]
> > > > > > > Asunto: RE: freeradius-ldap is not running
> > > > > > >
> > > > > > > Robert:
> > > > > > > This is the complete log file.
> > > > > > >
> > > > > > > > -Mensaje original-
> > > > > > > > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > > > > > > > Enviado el: mi?rcoles, 19 de febrero de 2003 17:54
> > > > > > > > Para: [EMAIL PROTECTED]
> > > > > > > > Asunto: Re: freeradius-ldap is not running
> > > > > > > >
> > > > > > > > Why did you snip-it? We need the rest of the lof file.
> > > > > > > >
> > > > > > > > Do this radiusd -X >/var/log/radiusd_dbg_con.log
> > > > > > > >
> > > > > > > > It is esasier to capture the error messages that way.
> > > > > > > >
> > > > > > > > Also what shows up in your freeradius logs during this time?
> > > > > > > >
> > > > > > > > Federico Edelman wrote:
> > > > > > > > >
> > > > > > > > > Hi guys,
> > > > > > > > > I'm newbie with freeradius. I'm running freeradius-
> > 0.8.1
> > > > on
> > > > > > > > > Linux Debian 3.1. The LDAP server/client is openldap-2.1.12.
> > > > > > > > >
> > > > > > > > > I've compiled the freeradius with:
> > > > > > > > >
> > > > > > > > > # LD_LIBRARY_PATH="/usr/local/openldap/lib:/usr/local/lib"
> > > > > > > > > # LDFLAGS="-L/usr/local/openldap/lib -L/usr/local/lib"
> > > > > > > > > # CFLAGS="-O -g -I/usr/local/openldap/include -
> > > > I/usr/local/include"
> > > > > > > > > # CC="gcc"
> > > > > > > > > # export LD_LIBRARY_PATH LDFLAGS CFLAGS CC
> > > > > > > > > # ./configure --prefix=/usr/local/freeradius --with-
> > > > > > > > > openldap=/usr/local/openldap
> > > > > > > > > # make
> > > > > > > > > # make install
> > > > > > > > >
> > > > > > > > > All's ok.
> > > > > > > > >
> > > > > > > > > I've run:
> > > > > > > > > # /usr/local/freeradius/sbin/radiusd -X
> > > > > > > > > And...
> > > > > > > > > # /usr/local/freeradius/bin/radtest
> > > > > > > > >
> > > > > > > > > All's ok. The radtest connect with radiusd successfully.
> > > > > > > > >
> > > > > > > > > But, When I setting up the radius with LDAP support the
> > radiusd
> > > > exit
> > > > > > and
> > > > > > > > > not running.
> > > > > > > > >
> > > > > > > > > The radius ldap configuration:
> > > > > > > > >
> > > > > > > > > My /usr/local/freeradius/etc/raddb/radiusd.conf:
> > > > > > > > > snip snip
> > > > > > > > > ldap {
> > > > > > > > > server = "myldapserver"
> > > > > > > > > basedn = "ou=people,dc=rootldap"
> > > > > > > > > filter = "((posixAcc
RE: RV: freeradius-ldap is not running
I've got a dout. The rlm_ldap does support LDAPv3? Because I trying to connect to LDAP
Server does support LDAPv2 and the freeradius does running ok
> -Mensaje original-
> De: Robert Canary [mailto:[EMAIL PROTECTED]
> Enviado el: martes, 25 de febrero de 2003 12:48
> Para: [EMAIL PROTECTED]
> Asunto: Re: RV: freeradius-ldap is not running
>
> I don't _know_ it is wrong, I have only seen ldap dn (ones with access
> to passwords) include a cn of the a user configures in the ACL to see
> passwords. Your basedn dosen't have that, curious.
>
> Federico Edelman wrote:
> >
> > Ok! But, I think, the freeradius should be warns me if the basedn has
> wrong.
> > I don't like guest error.
> > My basedn is that.
> >
> > Why do you say the basedn is wrong?
> >
> > Thanks very much.
> > Fede
> >
> > > -Mensaje original-
> > > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > > Enviado el: lunes, 24 de febrero de 2003 20:40
> > > Para: [EMAIL PROTECTED]
> > > Asunto: Re: RV: freeradius-ldap is not running
> > >
> > > You have ldap configured in the radius. You have ldap configured to
> be
> > > a default fall-through. I understand your ldap server is working
> fine.
> > > I'm saying the radius server isn't talking to the ldap server, _maybe_
> > > because the basedn is set wrong.
> > >
> > > Federico Edelman wrote:
> > > >
> > > > My LDAP server works fine. I'm using the LDAP server for other
> services.
> > > >
> > > > > -Mensaje original-
> > > > > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > > > > Enviado el: lunes, 24 de febrero de 2003 15:35
> > > > > Para: [EMAIL PROTECTED]
> > > > > Asunto: Re: RV: freeradius-ldap is not running
> > > > >
> > > > > I think you should look at your ldap server logs. Your "basedn"
> > > dosen't
> > > > > look right to me. I think it should be something like,
> > > > > "cn=user-that-can-read-passwords,dc=example,dc=com"
> > > > >
> > > > > Federico Edelman wrote:
> > > > > >
> > > > > > I can't get a response.
> > > > > > Somebody know about this trouble?
> > > > > >
> > > > > > -Mensaje original-
> > > > > > De: Federico Edelman
> > > > > > Enviado el: jueves, 20 de febrero de 2003 10:29
> > > > > > Para: [EMAIL PROTECTED]
> > > > > > Asunto: RE: freeradius-ldap is not running
> > > > > >
> > > > > > Robert:
> > > > > > This is the complete log file.
> > > > > >
> > > > > > > -Mensaje original-
> > > > > > > De: Robert Canary [mailto:[EMAIL PROTECTED]
> > > > > > > Enviado el: miércoles, 19 de febrero de 2003 17:54
> > > > > > > Para: [EMAIL PROTECTED]
> > > > > > > Asunto: Re: freeradius-ldap is not running
> > > > > > >
> > > > > > > Why did you snip-it? We need the rest of the lof file.
> > > > > > >
> > > > > > > Do this radiusd -X >/var/log/radiusd_dbg_con.log
> > > > > > >
> > > > > > > It is esasier to capture the error messages that way.
> > > > > > >
> > > > > > > Also what shows up in your freeradius logs during this time?
> > > > > > >
> > > > > > > Federico Edelman wrote:
> > > > > > > >
> > > > > > > > Hi guys,
> > > > > > > > I'm newbie with freeradius. I'm running freeradius-
> 0.8.1
> > > on
> > > > > > > > Linux Debian 3.1. The LDAP server/client is openldap-2.1.12.
> > > > > > > >
> > > > > > > > I've compiled the freeradius with:
> > > > > > > >
> > > > > > > > # LD_LIBRARY_PATH="/usr/local/openldap/lib:/usr/local/lib"
> > > > > > > > # LDFLAGS="-L/usr/local/openldap/lib -L/usr/local/lib"
> > > > > > > > # CFLAGS="-O -g -I/usr/local/openldap/include -
> > > I/usr/local/include"
> > > > > > > > # CC="gcc"
> > > > > > > > # export LD_LIBRARY_PATH LDFLAGS CFLAGS CC
> > > > > > > > # ./configure --prefix=/usr/local/freeradius --with-
> > > > > > > > openldap=/usr/local/openldap
> > > > > > > > # make
> > > > > > > > # make install
> > > > > > > >
> > > > > > > > All's ok.
> > > > > > > >
> > > > > > > > I've run:
> > > > > > > > # /usr/local/freeradius/sbin/radiusd -X
> > > > > > > > And...
> > > > > > > > # /usr/local/freeradius/bin/radtest
> > > > > > > >
> > > > > > > > All's ok. The radtest connect with radiusd successfully.
> > > > > > > >
> > > > > > > > But, When I setting up the radius with LDAP support the
> radiusd
> > > exit
> > > > > and
> > > > > > > > not running.
> > > > > > > >
> > > > > > > > The radius ldap configuration:
> > > > > > > >
> > > > > > > > My /usr/local/freeradius/etc/raddb/radiusd.conf:
> > > > > > > > snip snip
> > > > > > > > ldap {
> > > > > > > > server = "myldapserver"
> > > > > > > > basedn = "ou=people,dc=rootldap"
> > > > > > > > filter = "((posixAccount)(uid=%u))"
> > > > > > > > start_tls = no
> > > > > > > > tls_mode = no
> > > > > > > > dictionary_mapping =
> ${raddbdir}/ldap.attrmap
> > > > > > > > ldap_connections_number = 5
> > > > > > > > timeout = 4
> > > > > > > > timelimit = 3
> > > > > > > >
calling-station-id
Hi, is there any reason why calledstationid callingstationid are limited to VARCHAR(10) in db_oracle.sql, or is it save to change them to VARCHAR(15) ? Didi -- - Didi Rieder [EMAIL PROTECTED] PGPKey ID: 3431D0B0 - pgp0.pgp Description: PGP Digital Signature
FreeRadius MD5 setup
Hello friends, I'd like to know which are the right files I must configure in my FreeRADIUS server to allow a client to authenticate with MD5 algorithm. Thanks very much, emi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS and MD5
Hello, I'm using, like server, a Sun Sparc with freeradius 0.7.1 in md5 authentication. Username and password are defined VALUE_PAIR. I'd like to know how to store user's username and password in the database of this server. Thanks in advance, Emiliano - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: login with eap-tls ??
Paul Dekkers wrote: Interesting post (and thread) on TTLS. Sounds like what Surfnet is doing (along with Twente, Hogeschool Amsterdam and a couple of others in the NL academic community, right?) is pretty interesting. I hope TTLS makes it to Freeradius soon I hope so. I was thinking this over, and was wondering if there was anyone that started working on TTLS support, and/or if there is anyone with the time to do it? (Or maybe it's already on someone's todo list ;-)) Until now I only saw people "hoping" that there will be support one day... ;-) It would be a pity if TTLS would fail als a protocol because MS has the capacity to work on it (PEAP, that is), and the open source|standard community has not :-| I think I'm not such a good programmer myself, so I'm afraid I'm not albe to participate in the development actively... :-| (However I have to admit that I've not looked at the source yet.) I am of course able to test. Regards, Paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS MD5 setup
Hello, my server is supporting FreeRADIUS 0.7.1 and I'm trying to authenticate a client with MD5 algorithm. I'd like exactly to know which are the files I must configure for a successfully setup of the server allowing a proper communication between Server-Access Point-Client. Thank you very much, emiliano - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CISTRON vs. FreeRADIUS :: Extra Bit and/or Case Sensitivity
In article <[EMAIL PROTECTED]>, Ryan Beisner <[EMAIL PROTECTED]> wrote: >In FreeRADIUS there is an option to alter the user name's case Before or >After authentication (failure). I have many users who (even though you >say to use lower case), continue to use a capital letter or two in their >login name. Since all users are entered into Linux as lower-case, the >authentication fails in CISTRON RADIUSD whereas it had passed in >FreeRADIUS. (Authentication method is System.) System is RH8. > >Can you force usernames to be rewritten in lowercase on the fly >using CISTRON like you can with FreeRADIUS? (ie. force lower case >before authentication attempt) No, you can't. And I'm against it as well: been there, done that. It only works if you also hack the POP3 and FTP servers the same way, otherwise those users will call the support desk saying 'your system is broken, my login/password works for dialing in but not to POP my mail!' Mike. -- Anyone who is capable of getting themselves made President should on no account be allowed to do the job -- Douglas Adams. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
realm length
Hi, I got an error when I tried to specify a realm length > 63 characters. Is this an arbitrary limitation that could be extended beyond 63 characters? Thanks. josh. -- --- Josh Howlett, Networking & Digital Communications, Information Systems & Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More than on freeradius server...
And which is the flag that must be changed to do so? Thanks! > <[EMAIL PROTECTED]> wrote: > > We are trying to create a FreeRADIUS system with different FreeRADIUS > > servers. > > One is the main server, and when it receives some requests it will > > deliver to another FreeRADIUS servers to authenticate those users. > > We would like to this "secondary" FreeRADIUS server just authenticates > > the user, but it should not provide an IP address... Is it possible? > > Yes. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with EAP/TLS= "undefined symbol: eaptls_gen_mppe_keys"
hi I've configured everything as in 'Howto', but FreeRADIUS craches when a wireless client is detected: modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "eap" returns updated rlm_realm: No '@' in User-Name = "sgi", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched sgi at 97 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type "EAP" modcall: entering group authenticate rlm_eap: Request found, released from the list rlm_eap: EAP_TYPE - tls rlm_eap: processing type tls rlm_eap_tls: Received EAP-TLS ACK message /usr/local/radius/sbin/radiusd: relocation error: /usr/local/radius/lib/rlm_eap_tls-0.8.1.so: undefined symbol: eaptls_gen_mppe_keys What could be the problem? something went wrong with linking to the mentioned module. perhaps it didn't compile well. verify that it exists, is accessible, is not of zero length and try "ldd /usr/local/radius/lib/rlm_eap_tls-0.8.1.so" to see what's wrong. and: it's not really a crash. it exits with an error. ciao artur -- Artur Hecker Département Informatique et Réseaux, ENST Paris http://www.infres.enst.fr/~hecker - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authenticate fails, dialup_admin does not write
On Fri, 28 Feb 2003, tarvid wrote: > two separate issues > > testing an rpm for mandrake 9.1 > > issue#1 authenticate fails > > [EMAIL PROTECTED] raddb]# finger test > Login: test Name: (null) > Directory: /home/test Shell: /bin/bash > > password is testpass > > after > radiusd -sfxxyz -l stdout > > system loads > > Module: Loaded System > unix: cache = no > unix: passwd = "(null)" > unix: shadow = "(null)" > unix: group = "(null)" > unix: radwtmp = "/var/log/radius/radwtmp" > unix: usegroup = no > unix: cache_reload = 600 > Module: Instantiated unix (unix) > > and testing using ntradping > > auth: type "System" > modcall: entering group authenticate > rlm_unix: [test]: invalid password > modcall[authenticate]: module "unix" returns reject > modcall: group authenticate returns reject > auth: Failed to validate the user. > Login incorrect: [test/testpass] (from client diva port 0) > > issue#2 > using the web interface > > connect works (i think) > > but adding a group "staff" > show no groups Use the latest dialup_admin (from the cvs). If it still does not work enable sql_debug in admin.conf. That should probably show you where the problem is. > > if anyone has suggests on a specfile for mandrake, i'd try a rebuild > > jim tarvid > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql authorization
I am trying to use mysql to authorize users. It seems that they are authorized but never get through because the system looks at the /etc/passwd file. Attached is the -X output. rad_recv: Access-Request packet from host 192.168.1.100:1880, id=17, length=46 User-Name = "fred33" User-Password = "fred33" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall[authorize]: module "mschap" returns notfound rlm_realm: No '@' in User-Name = "fred33", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok radius_xlat: 'fred33' rlm_sql (sql): sql_set_user escaped user --> 'fred33' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'fred33' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 2 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'fred33' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'fred33' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'fred33' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 2 modcall[authorize]: module "sql" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate modcall[authenticate]: module "unix" returns notfound modcall: group authenticate returns notfound auth: Failed to validate the user. Delaying request 2 for 1 seconds Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 17 to 192.168.1.100:1880 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 2 ID 17 with timestamp 3e5f2092 Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unix authenticate error
Hi all,
I am a newbie with radius and unix, I would like to
install freeradius in RedHat 7.1 and I use a router to authenicate via radius. I
installed ok, but I could not authenticate success. I configured
authentication use unix module.
I wrote here what I saw when run radius -X and
thank a lot for you help
[EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd
-XStarting - reading configuration files ...reread_config: reading
radiusd.confConfig: including file:
/usr/local/etc/raddb/clients.confConfig: including file:
/usr/local/etc/raddb/sql.conf main: prefix =
"/usr/local" main: localstatedir = "/usr/local/var" main:
logdir = "/usr/local/var/log/radius" main: libdir =
"/usr/local/lib" main: radacctdir =
"/usr/local/var/log/radius/radacct" main: hostname_lookups =
noread_config_files: reading dictionaryread_config_files:
reading clientsread_config_files: reading
realmsread_config_files: reading naslist main:
max_request_time = 30 main: cleanup_delay = 5 main:
max_requests = 1024 main: delete_blocked_requests = 0 main:
port = 1645 main: allow_core_dumps = no main:
log_stripped_names = yes main: log_auth = yes main:
log_auth_badpass = yes main: log_auth_goodpass = yes main:
pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: bind_address =
172.16.5.5 IP address [172.16.5.5] main: user = "root" main:
group = "root" main: usercollide = no main: lower_user =
"no" main: lower_pass = "no" main: nospace_user =
"no" main: nospace_pass = "no" main: proxy_requests =
no security: max_attributes = 200 security: reject_delay =
1 main: debug_level = 0read_config_files: entering modules
setupModule: Library search path is /usr/local/libModule: Loaded System
unix: cache = yes unix: passwd = "/etc/passwd" unix:
shadow = "/etc/shadow" unix: group = "/etc/group" unix:
radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup =
no unix: cache_reload = 600HASH: Reinitializing hash
structures and lists for caching... HASH: user root found in
hashtable bucket 11726 HASH: user bin found in hashtable bucket
86651 HASH: user daemon found in hashtable bucket
11668 HASH: user adm found in hashtable bucket 26466
HASH: user lp found in hashtable bucket 54068 HASH: user
sync found in hashtable bucket 42895 HASH: user shutdown found
in hashtable bucket 71746 HASH: user halt found in hashtable
bucket 7481 HASH: user mail found in hashtable bucket
79471 HASH: user news found in hashtable bucket 5375
HASH: user uucp found in hashtable bucket 38541 HASH: user
operator found in hashtable bucket 21748 HASH: user games found
in hashtable bucket 47657 HASH: user gopher found in hashtable
bucket 47357 HASH: user ftp found in hashtable bucket
56226 HASH: user nobody found in hashtable bucket
99723 HASH: user nscd found in hashtable bucket 36306
HASH: user mailnull found in hashtable bucket 78086 HASH:
user ident found in hashtable bucket 40304 HASH: user rpc found
in hashtable bucket 72373 HASH: user xfs found in hashtable
bucket 17213 HASH: user gdm found in hashtable bucket
50360 HASH: user postgres found in hashtable bucket
19301 HASH: user apache found in hashtable bucket
26582 HASH: user amanda found in hashtable bucket
72438 HASH: user ldap found in hashtable bucket 45563
HASH: user pvm found in hashtable bucket 78527 HASH: user
squid found in hashtable bucket 62826 HASH: user hao found in
hashtable bucket 47290 HASH: user teo found in hashtable bucket
26706HASH: Stored 30 entries from /etc/passwdHASH: Stored 40
entries from /etc/groupModule: Instantiated unix (unix) Module: Loaded
preprocess preprocess: huntgroups =
"/usr/local/etc/raddb/huntgroups" preprocess: hints =
"/usr/local/etc/raddb/hints" preprocess: with_ascend_hack =
no preprocess: ascend_channels_per_line = 23 preprocess:
with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack =
no preprocess: with_cisco_vsa_hack = noModule: Instantiated
preprocess (preprocess) Module: Loaded realm realm: format =
"suffix" realm: delimiter = "@"Module: Instantiated realm (suffix)
Module: Loaded files files: usersfile =
"/usr/local/etc/raddb/users" files: acctusersfile =
"/usr/local/etc/raddb/acct_users" files: compat = "no"Module:
Instantiated files (files) Module: Loaded detail detail:
detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail" detail:
detailperm = 384 detail: dirperm = 493 detail: locking =
noModule: Instantiated detail (detail) Module: Loaded radutmp
radutmp: filename =
"/usr/local/var/log/radius/radutmp" radutmp: username =
"%{Stripped-User-Name:-%{User-Name}}" radutmp: perm =
384 radutmp: callerid = yesModule: Instantiated radutmp (radutmp)
main: smux_password = "" main: snmp_write_access = noSMUX
connect try 1Can't connect to SNMP agent with SMUX: Connection
refusedListening on IP address 172.16.5.5, ports 1645/udp and
1646/udp.Ready to process requests.rad_recv: Access-Reques
Re: Online Status?
On Thu, 27 Feb 2003, Benjamin Smith wrote: > Using openLDAP/Freeradius 0.8.1 (should say, setting it up). > > What's the easiest way to determine if anybody is online right now? > > Optimum would be a "Web-thingy" with little red/green lights, but that may be > asking a bit much! Dialup_admin > > Searching freshmeat, google and the freeradius website turned up surprisingly > little. http://www.freeradius.org/features.html > > -Ben > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
