§Aº¡·N²{ª¬¶Ü¡I

[·Q­nµ¹®a¤H¹L§ó¦nªº¥Í¬¡]

Title: §Aº¡·N²{ª¬¶Ü_!







  
  

  
  
  ¤é¥»ªº¸gÀ礧¯«ªQ¤U©¯¤§§U¥ý¥Í´¿¸g»¡¹L¡G
  
  
  [EMAIL PROTECTED]±ß¤Wªº®É¶¡¦b°µ¤°»ò¡C
  
  ¦pªG¯à°÷µ½¥Î¤CÂI¨ì¤QÂIÄÁªº¤H¡A
  
  [EMAIL PROTECTED]¨â­¿¡C¡@
  ´¿¸g¦³¤H»¡¹L¡G
  
  
  [EMAIL PROTECTED]³Ð³y¾÷·|ªº¤H¡F
  
  
    ²Ä¤Gµ¥¤H¡A¬O´x´¤¾÷·|ªº¤H¡F
  
  
    ²Ä¤Tµ¥¤H¡A¬Oµ¥«Ý¾÷·|ªº¤H¡F
  
  
    ²Ä¥|µ¥¤H¡A¬O¿ù¥¢¾÷·|ªº¤H¡v

  
  ±z¬O²Ä´Xµ¥ªº¤H©O¡H¡H

  
  
   
  ¦pªG¦³¾÷·|¥i¥H§Q¥Î±ß¤W¤CÂI¨ì¤QÂIÄÁªº®É¶¡¡A

[EMAIL PROTECTED]
  ¡@
  
  [EMAIL PROTECTED]@©O?


¤£­n¿ù¹L¤F¤j¦n¾÷·|³á!!
  ¡@
  °l¨D¤H¥Íªº¹Ú·Q 
¬Û«H¬O«Ü­«­nªº¤O¶q


¦]¬°¦³«Ü¦h¤H¦b³o¸Ì¤w¸g¦¨¥\¤F¤]§¹¦¨¥L­Ìªº¹Ú·Q¡A¤µ¤Ñ¥u­n§A»{¦P´N¦³¾÷·|[EMAIL PROTECTED]
  


  
  
  §Ú·Q§ó²`¤J¤F¸Ñ

  
  







-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Odd behavior as proxy in event of no-response from authenticator

[Jim Underwood]

Perhaps someone has seen this same thing before. When FR 0.8.1 is
proxying auths in synchronous mode and there is no response to an
Access-Request, nothing is returned to the NAS (as expected) but on the next
Access-Request after some magic interval and before returning an 
Access-Accept, FR returns
an Access-Reject for the "no-reponse" request. Is this happening for a 
reason? I see in the
trace FR is "Rejecting request id=122" (from detail below).

Summary:

Access-Request (id=122) (src port=3779) [from NAS]



Access-Request (id=123) ( src port = 3455) [from NAS]
Access-Reject (id=122) (dest port = 3779) [from FR]
Access-Reply (id=123) (dest port=3455) [from FR]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Also .... Alvarion Wireless

[David Rodgers]

The problem that I am really having is that no accounting is showing up
other than the initial on packet.

David Rodgers


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Alvarion Wireless and Radius Accounting

[David Rodgers]

I am trying to setup an Alvarion wireless network to authenticate an
account against an existing freeradius 0.8.1 radius server. The clients
authenticate fine and I see an accounting on packet and after that just
a bunch of messages like this in the log



Fri Jun  6 15:13:35 2003 : Error: rlm_sql: Stop packet with zero session
length.  (user 'jsmith', nas '192.168.251.177')
Fri Jun  6 15:13:35 2003 : Error: rlm_sql: Stop packet with zero session
length.  (user 'jsmith', nas '192.168.251.177')



and here is what you get in debug mode

###

--- Walking the entire request list ---
Cleaning up request 12 ID 15 with timestamp 3ee0fe2e
Nothing to do.  Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 192.168.251.177:1001,
id=17, length=1124
Acct-Session-Id = "John Smith 
00-20-D6-AC-15-62 0011 04 "
User-Name = "jsmith"
Acct-Status-Type = Stop
NAS-Identifier = "00 20 D6 AC 15 62 "
Attr-46530649 =
0x3030204646462030303030203030302e3030302e3030302e3030302030302030203030303030303336203030303030303030203030303030303031203030303030303030203030303030303030203030303030303430203030303030303030203030303030303031
Attr-46530650 =
0x3030204646462030383036203030302e3030302e3030302e3030302030302030203030303030343430203030303030303030203030303030303131203030303030303030203030303030303538203030303030303538203030303030303031203030303030303031
Attr-46530651 =
0x3031204646462030383036203030302e3030302e3030302e3030302030302030203030303030303030203030303030303430203030303030303030203030303030303031203030303030303030203030303030353230203030303030303030203030303030303130
Attr-46530652 =
0x3030204646462030383030203036352e3032342e3235342e3232352030302030203030303030313639203030303030324431203030303030303033203030303030303035203030303030333439203030303030314231203030303030303035203030303030303033
Attr-46530653 =
0x3030204646462030383030203036362e3136382e3034352e3038372030302030203030303030314144203030303030324430203030303030303034203030303030303035203030303030333438203030303030323044203030303030303035203030303030303034
Attr-46530654 =
0x3030204646462030383030203036362e3232302e3031372e3033382030302030203030303030303030203030303030304643203030303030303030203030303030303032203030303030313243203030303030303030203030303030303032203030303030303030
Attr-46530655 =
0x3030204646462030383030203134312e3135352e3133392e3138302030302030203030303130373439203030303030413336203030303030303331203030303030303238203030303030444636203030303130424531203030303030303238203030303030303331
Attr-46530656 =
0x3031204646462030383030203230362e3130332e3131322e3032302030302030203030303030303030203030303030303030203030303030303030203030303030303030203030303030353134203030303030303534203030303030303031203030303030303031
Attr-46530657 =
0x3030204646462030383030203231362e3133362e3137352e3133322030302030203030303030303430203030303030303430203030303030303031203030303030303031203030303030303538203030303030303538203030303030303031203030303030303031
modcall: entering group preacct
  modcall[preacct]: module "preprocess" returns noop
rlm_realm: No '@' in User-Name = "jsmith", looking up realm NULL
rlm_realm: No such realm NULL
  modcall[preacct]: module "suffix" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique
ID MAY be inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address =
192.168.251.177,NAS-IP-Address =
192.168.251.177,Acct-Session-Id = "John Smithe 
00-20-D6-AC-15-62 0011 04 ",User-Name = "jsmith"'
rlm_acct_unique: Acct-Unique-Session-ID = "a44e411d5a638846".
  modcall[accounting]: module "acct_unique" returns ok
  modcall[accounting]: module "unix" returns noop
radius_xlat:  'jsmith'
rlm_sql (sql): sql_set_user escaped user --> 'jsmith'
radius_xlat:  'UPDATE radacct SET AcctStopTime = '2003-06-06 15:49:46',
AcctSessionTime = '', AcctInputOctets = '', AcctOutputOctets = '',
AcctTerminateCause =
'', AcctStopDelay = '', ConnectInfo_stop = '' WHERE AcctSessionId =
'John Smith  00-20-D6-AC-15-62 0011 04 ' AND
UserName = 'jsmith' AND NASIPAddress = '192.168.251.177' AND
AcctStopTime = 0'
rlm_sql (sql): Reserving sql socket id: 86
radius_xlat:  'rlm_sql: Stop packet with zero session length.  (user
'jsmith',
nas '192.168.251.177')'
rlm_sql: Stop packet with zero session length.  (user 'jsmith', nas
'192.168.251.177')
rlm_sql (sql): Released sql socket id: 86
  modcall[accounting]: module "sql" returns noop
modcall: group accounting returns ok
Sending Accounting-Response of id 17 to 192.168.251.177:1001
Finished request 13
Going to the next reque

Re: FreeRADIUS 0.8.1 and Aironet 350 LEAP Setup

[CHutchison]

Dennis,

We ran into the same problems. You have to download the latest CVS snapshot
for LEAP capabilities.

Chris


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: accounting file

[John M. Luker]

Sorry, that should have been "Funk & Wagnalls". Am fining
myself $5 for making stupid error while trying to be a smarta**. All
fines are donated to The Leukemia & Lymphoma Society (seriously). J.


At 04:25 PM 6/5/03, you wrote:
Hugu,
I don't know for sure, but I think it's hermetically sealed in a
mayonnaise jar on Funk & Wagner's doorstep since Noon todayno one
knows the contents of that envelope. 
Sorry, I couldn't help it...it's over 90 here in Portland today and we're
all a little giddy. J.
At 04:04 PM 6/5/03, you wrote:
Can
someone tell me where the freeradius keep the accounting data.

 

Thanks in advance

 

Hugo 

 
John M. Luker
www.flexpop.net

Re: accounting file

[John M. Luker]

Hugu,
I don't know for sure, but I think it's hermetically sealed in a
mayonnaise jar on Funk & Wagner's doorstep since Noon todayno one
knows the contents of that envelope. 
Sorry, I couldn't help it...it's over 90 here in Portland today and we're
all a little giddy. J.
At 04:04 PM 6/5/03, you wrote:
Can
someone tell me where the freeradius keep the accounting data.

 

Thanks in advance

 

Hugo 

 

John M. Luker
www.flexpop.net

accounting file

[Hugo]

Can someone tell me where the
freeradius keep the accounting data.

 

Thanks in advance

 

Hugo 

 

problem with rlm_perl

[Miranda Gomez Miguel Angel]

Hi ,
im trying to run a perl script using the rlm_perl module, the script abort
wirh exit code = 0, this is my test script:

#!/usr/bin/perl
use DBI;
use Data::Dumper;
use strict 'vars';
# use ...
# This is very important ! Without this script will not get the filled
hashesh from main.
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK );


# This is hash wich hold original request from radius
#my %RAD_REQUEST;
# In this hash you add values that will be returned to NAS.
#my %RAD_REPLY;
#This is for check items
#my %RAD_CHECK;

#
# This the remaping of return values 
#
use constantRLM_MODULE_REJECT=>0;#  /* immediately reject
the request */
use constantRLM_MODULE_FAIL=>  1;#  /* module failed, don't
reply */
use constantRLM_MODULE_OK=>2;#  /* the module is OK,
continue */
use constantRLM_MODULE_HANDLED=>   3;#  /* the module handled
the request, so stop. */
use constantRLM_MODULE_INVALID=>   4;#  /* the module considers
the request invalid. */
use constantRLM_MODULE_USERLOCK=>  5;#  /* reject the request
(user is locked out) */
use constantRLM_MODULE_NOTFOUND=>  6;#  /* user not found */
use constantRLM_MODULE_NOOP=>  7;#  /* module succeeded
without doing anything */
use constantRLM_MODULE_UPDATED=>   8;#  /* OK (pairs modified)
*/
use constantRLM_MODULE_NUMCODES=>  9;#  /* How many return codes
there are */

#
# This is authentication
#
#
sub authenticate 
{
for (keys %RAD_REQUEST) {
# This is for test only
&radiusd::radlog(1, "rlm_perl:: $_ = $RAD_REQUEST{$_} ");
}
}


this is relevant code when running in debug mode:

rlm_perl: perl_embed:: module = /usr/local/bin/prepagox.pl , 
func = authorize exit status=0, 
Undefined subroutine &main::authorize called.  
modcall[authorize]: module "perl" returns reject

I dont have any authorize function, the example.pl doesn't have it either.

Thanks in advance.
 


 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS 0.8.1 and Aironet 350 LEAP Setup

[Dennis (Tech Support)]

I've been playing with FreeRADIUS 0.8.1 to use EAP (or LEAP) with Cisco's
Aironet 350 Workgroup bridges.  So far, I've had no luck.  I think it's they
way I have FreeRadius set up.  The log files show the user name is accepted,
but the password is not:

Thu Jun  5 16:57:51 2003 : Auth: rlm_unix: Attribute "User-Password" is
required for authentication.
Thu Jun  5 16:57:51 2003 : Auth: Login incorrect: [dennis/] (from client test-radio port 10 cli 000cce211402)

I have looked through several webpages, all of which tell what you need to
edit to get it to work.  The problem is, none of them works for me.  I
usually get this error:

Thu Jun  5 12:59:02 2003 : Error: rlm_eap: Failed to link EAP-Type/leap:
file not found
Thu Jun  5 12:59:02 2003 : Error: radiusd.conf[572]: eap: Module
instantiation failed.

I don't know a whole lot about Radius, so any advice I can get (in the
simplest terms possible) would be greatly appreciated.

--
Thank you,
Dennis



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: configuration question

[Oliver Graf]

On Fri, Jun 06, 2003 at 03:06:24PM +0300, gunce ciftci wrote:
> 
> Hi All,
> 
> My question is about users file entries or perhaps radiusd.conf:
> 
> There are two RAS's serving two different groups of people.
> I am going to authenticate them with radiusd, according to their RAS's.
> guest's can only login to ras1
> staff ras2
> 
> Question is How do I configure the users file and radiusd.conf to do so?

Use huntgroups (looking for the NAS-IP-Address) and Huntgroup-Name tests in
the users file.

There is an example in the distributed huntgroup file.

Oliver.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radwho doesn't show anything

[Chaidan Mingmaung]

radwho doesn't show anything, Simultanous-Use not 
work with cisco SNMP enable why?

mod_auth_radius & Apache Accounting

[Daniel garcia MAgane]

Hi all,

I'm looking for an accounting module for my Apache 1.3.27 http server.

I've found that there is a mod_auth_radius module for AAA at the freeradius
web site availeable on this url http://www.freeradius.org/mod_auth_radius/.
Reading this URL, it looks that this module could be used for accounting
requests.
I paste this text from the related link :

"This is the Apache RADIUS authentication module. It allows any Apache
web-server to
become a RADIUS client for authentication and accounting requests. You
will, however,
need to supply your own RADIUS server to perform the actual authentication."
I have installed this module correctly and authentication of my users is
succesfull.
I want to account sessions sending Start / Stop accounting packets to my
freeradius server.
My question is: Is it posible to do accounting with this module ?

If anyone knows how to account with Apache, please help me.

Thanks in advance

Daniel García
VICIM (Virtual Institute for Chemometrics and  Industrial Metrology)
_
Dale vida a tu correo. Con MSN 8 podrás incluir fotos y textos increibles. 
http://join.msn.com/?pgmarket=es-es&XAPID=517&DI=1055

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRadius CygWin

[Navid Sheik]

Hello everybody, I'm trying to compile FreeRadius under CygWin with no 
luck, it's the first time I use cygwin and I honestly have no idea how 
to get it to work (fortunatly I rarely have to deal with Microsoft 
products).

Is anybody kind enough to send me a .diff to get it to work ?

Thanks a lot

Navid

--
"Believe you can, believe you can't; either way, you're right" - Henry Ford
"Security is a process, not a product..." - Bruce Schneier
Navid Sheik <[EMAIL PROTECTED]>
Key fingerprint = D6FA 566F C9D0 7A17 F25A  1C7C 21F6 3E22 01A7 F604
GPG Key: http://www.navid.cyberbeat.it/shnavid.gpg
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

VLAN

[tlabia]

Hi, i'm a new user of freeradius and since 2 month i am trying to associate
automatically a user to the good VLAN.
For a normal network, i succesfully authenticate but for a wireless network it's
not good but i am makink an ssl certificat and it will be good (i hope) 
I am using an AP1100 CISCO to do it and a server under freeradius.
I want to know how i could configure freeradius in order associate the
VLAN.Where I have to add a lign
If you could answer me, i would be gratefull

I am waiting for your answer and i hope that you have the solution.



-
This mail sent through IMP: http://horde.org/imp/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Duplicate accounting packets

[Owen DeLong]

not necessarily, but, start and stop records will have same id.

Also, two different boxes could have same session id's.

Owen

--On Thursday, June 5, 2003 10:26 -0500 Ross Reed <[EMAIL PROTECTED]> 
wrote:

I was considering marking the AcctSessionId Unique in MySQL in order to
not have duplicates. Duplicates are creating a problem for our radius
accounting data being imported to SQL2K.
Will setting that column Unique cause undo problems that I cannot forsee?

Ross Reed

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Auth-Type

[Engelbert de Guzman]

the users are in a mysql database

i forgot to comment out  files in authorize
sql
#files

its now working!
thanks



- Original Message -
From: "Jonathan Ruano" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, June 06, 2003 7:34 PM
Subject: RE: Auth-Type


Provided that you're not using info in users file, either
comment out files use in radiusd.conf, or the DEFAULT
entry in users, which sets Auth-Type System.

Jonathan.

P.S.: shouldnt Auth-Type be Local and not PAP? I'm a bit
newbie myself :)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Engelbert
de Guzman
Sent: Friday, June 06, 2003 1:34 PM
To: [EMAIL PROTECTED]
Subject: Auth-Type


###
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok
users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type "System"
auth: Failed to validate the user.


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Adding realm if not already given

[Dustin Doris]

> If not, then you could try setting up a realm for each user in proxy.conf

should read

... setting up each realm in proxy.conf

just didn't want to add any confusion



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

configuration question

[gunce ciftci]

Hi All,

My question is about users file entries or perhaps radiusd.conf:

There are two RAS's serving two different groups of people.
I am going to authenticate them with radiusd, according to their RAS's.
guest's can only login to ras1
staff ras2

Question is How do I configure the users file and radiusd.conf to do so?

I can store the passwords as /etc/passwd/staff
 /etc/passwd/guest
I thought if it is possible to look at different passwd files
according to the ip of ras that authentication request comes from.
Is it possible?
Or any suggestions to do so?

Regards,
gUnce CiftCi






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Adding realm if not already given

[Dustin Doris]

On Thu, 5 Jun 2003, Barry Brown wrote:

> Hi,
>
> I have been scratching my head all day trying to figure this out:
>
> I want to append a default realm to the User-Name if the user has not
> already supplied a realm name. This is to grandfather in existing users
> as we move toward realm-savvy authentication. Here are some sample
> User-Name mappings:
>
> bozo --> [EMAIL PROTECTED]   (@infostations.com is appended)
> [EMAIL PROTECTED] --> [EMAIL PROTECTED]   (no change)
> [EMAIL PROTECTED] --> [EMAIL PROTECTED]   (no change)
>
> Here is my attr_rewrite ruleset:
>
>  attr_rewrite add_realm {
>  attribute = User-Name
>  searchin = packet
>  searchfor = "^[a-z0-9_\-]+$"
>  replacewith = "[EMAIL PROTECTED]"
>  ignore_case = yes
>  new_attribute = no
>  max_matches = 1
>  append = no
>


You could try doing this, don't know if it would work, but its worth a
shot.

1.  in proxy.conf

Have

realm NULL {
...
}

Then in your rewrite have

attribute = Realm
searchin = packet
searchfor = "NULL"
replacewith "infostations.com"
ignorecase = yes
new_attribute = no
max_matches = 10
append = no

Then if a user comes in with no realm, the realm will be changed to
infostations.com.

Not sure if this would actually make the lookup on the username change,
however.

If not, then you could try setting up a realm for each user in proxy.conf
and making sure you strip the realm from the name.  Then instead of
looking up just %{UserName} you could change the query to lookup
[EMAIL PROTECTED]

If that doesn't work, and you do find something else that works for you,
let us
know.

I'm at least interested in what you did do to make it work,
as I may be required to do something like that in the future.


Dustin Doris

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Auth-Type

[Gregory G. V.]

I can explain my problem a little bit detail, with my new test module.
the module name is rlm_pp
the radiusd.conf has :
modules{
pp {
dbhome = ${localstatedir}/db
}
   
}
authorize {
pp
}
authenticate {
Auth-Type PP {
pp
}

the rlm_pp.c has the next code:

check_pairs = request->config_items;

reply = pairmake("Auth-Type", "PP", T_OP_SET);
pairadd(&check_pairs, reply);

And the output from radiusd -X shows :
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.

if I add the nex code to rlm_pp.c -

strncpy(passwd_item->strvalue,
request->password->strvalue,MAX_STRING_LEN - 1);
passwd_item->length =
(request->password->length > (MAX_STRING_LEN - 1)) ?
(MAX_STRING_LEN - 1) : request->password->length;
pairadd(&request->config_items,passwd_item);

I have next output -

modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password


 pp_authenticate defined in the rlm_pp.c

Any idea?


Gregory G. V.
---
Any opinions in this posting are my own and not those of my present
or previous employers.

According Isham Research's Devil's IT Dictionary mainframe is:
"an obsolete device still used by thousands of obsolete companies
serving billions of obsolete customers and making huge obsolete profits
for their obsolete shareholders.
And this year's run twice as fast as last year's."



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Auth-Type

[Jonathan Ruano]

Provided that you're not using info in users file, either
comment out files use in radiusd.conf, or the DEFAULT
entry in users, which sets Auth-Type System.

Jonathan.

P.S.: shouldnt Auth-Type be Local and not PAP? I'm a bit
newbie myself :)

-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Engelbert
de Guzman
Sent: Friday, June 06, 2003 1:34 PM
To: [EMAIL PROTECTED]
Subject: Auth-Type


###
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok
users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type "System"
auth: Failed to validate the user.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using /dev/random with EAP-TLS defunct

[Sepp Rudel]

/dev/urandom works like a charm, thanks for the tip!

__
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Auth-Type

[Engelbert de Guzman]

list,

having problems with authenticate { } module

i have tried changing Auth-Type to (Local, PAP, CHAP, MS-CHAP)
but it keeps returning the value System

what seems to be the problem? were will i look next?

thanks again



###
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok
users: Matched DEFAULT at 152
  modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type "System"
auth: Failed to validate the user.


### radiusd.conf
authenticate {
authtype PAP {
   pap
}
authtype CHAP {
   chap
}
authtype MS-CHAP{
   mschap
}
#pam
#unix
#authtype LDAP {
#   ldap
#}
}

mysql> select * from radgroupcheck;
++---+---++---+
| id | GroupName | Attribute | op | Value |
++---+---++---+
|  1 | dynamic   | Auth-Type | := | PAP   |
|  2 | static| Auth-Type | := | PAP   |
++---+---++---+


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius CygWin

[3APA3A]

Dear Navid Sheik,

Have you red doc/CYGWIN?

--Friday, June 6, 2003, 12:05:59 AM, you wrote to [EMAIL PROTECTED]:

NS> Hello everybody, I'm trying to compile FreeRadius under CygWin with no 
NS> luck, it's the first time I use cygwin and I honestly have no idea how 
NS> to get it to work (fortunatly I rarely have to deal with Microsoft 
NS> products).

NS> Is anybody kind enough to send me a .diff to get it to work ?

NS> Thanks a lot

NS> Navid




-- 
~/ZARAZA
Но ведь кому угодно могут прийти в голову яйца, пятки и епископы. (Лем)


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Duplicate accounting packets

[Kostas Kalevras]

On Thu, 5 Jun 2003, Ross Reed wrote:

> I was considering marking the AcctSessionId Unique in MySQL in order to not
> have duplicates. Duplicates are creating a problem for our radius accounting
> data being imported to SQL2K.
>
> Will setting that column Unique cause undo problems that I cannot forsee?

It's better to set AcctUniqueId as unique. AcctSessionId is as unique as the
nas manages to make it. One *big* problem I faced with such workarounds is that
accounting relaying with radrelay will not work anymore since the sql module
will return RLM_MODULE_FAIL and radiusd will just not respond to the
corresponding accounting request. As a result radrelay remains stuck in the same
accounting record.

>
> Ross Reed
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Duplicate accounting packets

[Ross Reed]

I was considering marking the AcctSessionId Unique in MySQL in order to not
have duplicates. Duplicates are creating a problem for our radius accounting
data being imported to SQL2K.

Will setting that column Unique cause undo problems that I cannot forsee?

Ross Reed


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Mysql Authentication

[Mauro]

I'm trying to pass wind value via dhcp to a remote client using
mysql...every dhcp fields seems to be passed fine (dns,IP.)except
wins ...during authentication on ras server I see the following
04:32:00: RADIUS: cisco AVPair ""ip:wins-servers=10.0.0.1"" not applied for
ip

the field in the radgroupreply is

id  GroupName   Attribute   op  Value   prio 
(???what is this ???)

1   adrtel  cisco-avpair := "ip:wins-servers=10.0.0.1"   1 
(just fill it
out)

any help ?

Thanks



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius - DLINK DWL-900+ - 802.1.X

[Pascal PELONI]

At 08:56 04/06/2003 -0600, you wrote:
What is your ap?
DLINK DWL-900+

, you set up the eap and wep key,
Yes, I did.

regards.

in the cisco 1200 ap this
is import.
att.
Mauricio
- Original Message -
From: "Pascal PELONI" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 03, 2003 9:24 AM
Subject: Re: FreeRadius - DLINK DWL-900+ - 802.1.X
> I forget to say that :
>
> 1. the authentication works well with radtest !
>
>  $ radtest tst1 pp 127.0.0.1 1 test
>  Sending Access-Request of id 68 to 127.0.0.1:1812
>  User-Name = "tst1"
>  User-Password =
> "\323\366\273\363\371Z\250]\231(w\265?\346G\253"
>  NAS-IP-Address = localhost
>  NAS-Port = 1
> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=68, length=20
>
> 2. with my AP I have the following output in radius.log :
>
>  Auth: Login incorrect: [pelo/]
>
> Thanks.
>
> At 16:58 03/06/2003 +0200, you wrote:
> >I've already read the FAQ and the README's, but it still doesn't work.
> >
> >Here is part of my config :
> >
> >radiusd.conf
> >
> >modules {
> > eap {
> > default_eap_type = md5
> > md5 {
> > }
> > }
> >}
> >
> >authorize {
> > eap
> >}
> >
> >authenticate {
> > eap
> >}
> >
> >client.conf
> >---
> >client localhost {
> > secret  = test
> > nastype = other
> > shortname   = test
> >}
> >
> >huntgroups
> >--
> >TESTNAS-IP-Address == 127.0.0.1, NAS-Port-Id == 0-3
> >
> >users
> >-
> >DEFAULT Huntgroup-Name == "TEST"
> > Framed-IP-Address = 192.168.1.11+
> >
> >tst1User-Password == "pp"
> >
> >tst2Auth-Type := Local, User-Password == "pp"
> >
> >Could someone help ?
> >
> >Thanks, PP.
> >
> >
> >
> >At 09:31 30/05/2003 -0400, you wrote:
> >>Pascal PELONI <[EMAIL PROTECTED]> wrote:
> >> > The problem is that when I try to authenticate with my AP & W2K, it
> >> doesn't
> >> > work :
> >> >
> >> > # less /var/log/radius.log
> >> > Thu May 29 18:17:07 2003 : Auth: Login incorrect: [aa/ >> > attribute>] (from client ap-wlan port 0 cli 00-40-05-CB-AD-7C)
> >>
> >>   Read the FAQ and the README's.
> >>
> >>   Read the FAQ and the README's.
> >>
> >>   Read the FAQ and the README's.
> >>
> >>   Read the FAQ and the README's.
> >>
> >>
> >>   Did I mention I *really* meant that you should read the FAQ and the
> >>README's?
> >>
> >>   Alan DeKok.
> >>
> >>-
> >>List info/subscribe/unsubscribe? See
> >>http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using /dev/random with EAP-TLS defunct

[Michael Griego]

Doing that is *NOT* cryptographically strong.  Use /dev/urandom and see
if your problems go away.  /dev/random blocks until enough entropy has
enterred the entropy pool.

--Mike



On Mon, 2003-05-05 at 09:03, [EMAIL PROTECTED] wrote:
> To create these file I use this command line and it's ok.
> #date > /your_directory/random
> 
> #date > /your_directory/dh
> 
> 
> 
> - Original Message - 
> From: "Sepp Rudel" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, June 05, 2003 9:35 AM
> Subject: Using /dev/random with EAP-TLS defunct
> 
> 
> > Hi,
> >
> > when trying to use /dev/random (on Linux) as
> > random_file and dh_file in EAP-TLS config, radiusd
> > hangs forever during start up while initializing tls
> > module. Should this work? Would it make anything "more
> > secure" if I could use /dev/random instead of some
> > static file?
> >
> > __
> > Do you Yahoo!?
> > The New Yahoo! Search - Faster. Easier. Bingo.
> > http://search.yahoo.com
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 

--Mike


Michael Griego
Wireless Network Administrator
University of Texas at Dallas



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Auth-Type

[Gregory G. V.]

Hello,
I'm testing a new module, which defined Auth-Type to itself, but when I
use it I see that radius use Auth-Type Local.
Could someone have a look piece of my code, or debug output to recognize
the problem?
radius.conf has an entry for the module, authorize section has, and
authenticate section has.

Gregory G. V.
---
Any opinions in this posting are my own and not those of my present
or previous employers.

According Isham Research's Devil's IT Dictionary mainframe is:
"an obsolete device still used by thousands of obsolete companies
serving billions of obsolete customers and making huge obsolete profits
for their obsolete shareholders.
And this year's run twice as fast as last year's."


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using /dev/random with EAP-TLS defunct

[pahartmann]

To create these file I use this command line and it's ok.
#date > /your_directory/random

#date > /your_directory/dh



- Original Message - 
From: "Sepp Rudel" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 05, 2003 9:35 AM
Subject: Using /dev/random with EAP-TLS defunct


> Hi,
>
> when trying to use /dev/random (on Linux) as
> random_file and dh_file in EAP-TLS config, radiusd
> hangs forever during start up while initializing tls
> module. Should this work? Would it make anything "more
> secure" if I could use /dev/random instead of some
> static file?
>
> __
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using /dev/random with EAP-TLS defunct

[Artur Hecker]

i've noticed the same in my case. i think that /dev/random is generally
too slow, because it searches the random numbers on the fly, one after
another, so radius waits till it gets enough numbers.

rather use /dev/random from time to time offline to produce fixed files
which you can define for radius usage (e.g. per cron dd from /dev/random
into a file).


ciao
artur


Sepp Rudel wrote:
> 
> Hi,
> 
> when trying to use /dev/random (on Linux) as
> random_file and dh_file in EAP-TLS config, radiusd
> hangs forever during start up while initializing tls
> module. Should this work? Would it make anything "more
> secure" if I could use /dev/random instead of some
> static file?
> 
> __
> Do you Yahoo!?
> The New Yahoo! Search - Faster. Easier. Bingo.
> http://search.yahoo.com
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Artur Hecker
artur[at]hecker.info

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html