§Aº¡·N²{ª¬¶Ü¡I
Title: §Aº¡·N²{ª¬¶Ü_! ¤é¥»ªº¸gÀ礧¯«ªQ¤U©¯¤§§U¥ý¥Í´¿¸g»¡¹L¡G [EMAIL PROTECTED]±ß¤Wªº®É¶¡¦b°µ¤°»ò¡C ¦pªG¯à°÷µ½¥Î¤CÂI¨ì¤QÂIÄÁªº¤H¡A [EMAIL PROTECTED]¨â¿¡C¡@ ´¿¸g¦³¤H»¡¹L¡G [EMAIL PROTECTED]³Ð³y¾÷·|ªº¤H¡F ²Ä¤Gµ¥¤H¡A¬O´x´¤¾÷·|ªº¤H¡F ²Ä¤Tµ¥¤H¡A¬Oµ¥«Ý¾÷·|ªº¤H¡F ²Ä¥|µ¥¤H¡A¬O¿ù¥¢¾÷·|ªº¤H¡v ±z¬O²Ä´Xµ¥ªº¤H©O¡H¡H ¦pªG¦³¾÷·|¥i¥H§Q¥Î±ß¤W¤CÂI¨ì¤QÂIÄÁªº®É¶¡¡A [EMAIL PROTECTED] ¡@ [EMAIL PROTECTED]@©O? ¤£n¿ù¹L¤F¤j¦n¾÷·|³á!! ¡@ °l¨D¤H¥Íªº¹Ú·Q ¬Û«H¬O«Ü«nªº¤O¶q ¦]¬°¦³«Ü¦h¤H¦b³o¸Ì¤w¸g¦¨¥\¤F¤]§¹¦¨¥L̪º¹Ú·Q¡A¤µ¤Ñ¥un§A»{¦P´N¦³¾÷·|[EMAIL PROTECTED] §Ú·Q§ó²`¤J¤F¸Ñ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Odd behavior as proxy in event of no-response from authenticator
Perhaps someone has seen this same thing before. When FR 0.8.1 is proxying auths in synchronous mode and there is no response to an Access-Request, nothing is returned to the NAS (as expected) but on the next Access-Request after some magic interval and before returning an Access-Accept, FR returns an Access-Reject for the "no-reponse" request. Is this happening for a reason? I see in the trace FR is "Rejecting request id=122" (from detail below). Summary: Access-Request (id=122) (src port=3779) [from NAS] Access-Request (id=123) ( src port = 3455) [from NAS] Access-Reject (id=122) (dest port = 3779) [from FR] Access-Reply (id=123) (dest port=3455) [from FR] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Also .... Alvarion Wireless
The problem that I am really having is that no accounting is showing up other than the initial on packet. David Rodgers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alvarion Wireless and Radius Accounting
I am trying to setup an Alvarion wireless network to authenticate an account against an existing freeradius 0.8.1 radius server. The clients authenticate fine and I see an accounting on packet and after that just a bunch of messages like this in the log Fri Jun 6 15:13:35 2003 : Error: rlm_sql: Stop packet with zero session length. (user 'jsmith', nas '192.168.251.177') Fri Jun 6 15:13:35 2003 : Error: rlm_sql: Stop packet with zero session length. (user 'jsmith', nas '192.168.251.177') and here is what you get in debug mode ### --- Walking the entire request list --- Cleaning up request 12 ID 15 with timestamp 3ee0fe2e Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 192.168.251.177:1001, id=17, length=1124 Acct-Session-Id = "John Smith 00-20-D6-AC-15-62 0011 04 " User-Name = "jsmith" Acct-Status-Type = Stop NAS-Identifier = "00 20 D6 AC 15 62 " Attr-46530649 = 0x3030204646462030303030203030302e3030302e3030302e3030302030302030203030303030303336203030303030303030203030303030303031203030303030303030203030303030303030203030303030303430203030303030303030203030303030303031 Attr-46530650 = 0x3030204646462030383036203030302e3030302e3030302e3030302030302030203030303030343430203030303030303030203030303030303131203030303030303030203030303030303538203030303030303538203030303030303031203030303030303031 Attr-46530651 = 0x3031204646462030383036203030302e3030302e3030302e3030302030302030203030303030303030203030303030303430203030303030303030203030303030303031203030303030303030203030303030353230203030303030303030203030303030303130 Attr-46530652 = 0x3030204646462030383030203036352e3032342e3235342e3232352030302030203030303030313639203030303030324431203030303030303033203030303030303035203030303030333439203030303030314231203030303030303035203030303030303033 Attr-46530653 = 0x3030204646462030383030203036362e3136382e3034352e3038372030302030203030303030314144203030303030324430203030303030303034203030303030303035203030303030333438203030303030323044203030303030303035203030303030303034 Attr-46530654 = 0x3030204646462030383030203036362e3232302e3031372e3033382030302030203030303030303030203030303030304643203030303030303030203030303030303032203030303030313243203030303030303030203030303030303032203030303030303030 Attr-46530655 = 0x3030204646462030383030203134312e3135352e3133392e3138302030302030203030303130373439203030303030413336203030303030303331203030303030303238203030303030444636203030303130424531203030303030303238203030303030303331 Attr-46530656 = 0x3031204646462030383030203230362e3130332e3131322e3032302030302030203030303030303030203030303030303030203030303030303030203030303030303030203030303030353134203030303030303534203030303030303031203030303030303031 Attr-46530657 = 0x3030204646462030383030203231362e3133362e3137352e3133322030302030203030303030303430203030303030303430203030303030303031203030303030303031203030303030303538203030303030303538203030303030303031203030303030303031 modcall: entering group preacct modcall[preacct]: module "preprocess" returns noop rlm_realm: No '@' in User-Name = "jsmith", looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module "suffix" returns noop modcall: group preacct returns noop modcall: entering group accounting rlm_acct_unique: WARNING: Attribute 87 was not found in request, unique ID MAY be inconsistent rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.251.177,NAS-IP-Address = 192.168.251.177,Acct-Session-Id = "John Smithe 00-20-D6-AC-15-62 0011 04 ",User-Name = "jsmith"' rlm_acct_unique: Acct-Unique-Session-ID = "a44e411d5a638846". modcall[accounting]: module "acct_unique" returns ok modcall[accounting]: module "unix" returns noop radius_xlat: 'jsmith' rlm_sql (sql): sql_set_user escaped user --> 'jsmith' radius_xlat: 'UPDATE radacct SET AcctStopTime = '2003-06-06 15:49:46', AcctSessionTime = '', AcctInputOctets = '', AcctOutputOctets = '', AcctTerminateCause = '', AcctStopDelay = '', ConnectInfo_stop = '' WHERE AcctSessionId = 'John Smith 00-20-D6-AC-15-62 0011 04 ' AND UserName = 'jsmith' AND NASIPAddress = '192.168.251.177' AND AcctStopTime = 0' rlm_sql (sql): Reserving sql socket id: 86 radius_xlat: 'rlm_sql: Stop packet with zero session length. (user 'jsmith', nas '192.168.251.177')' rlm_sql: Stop packet with zero session length. (user 'jsmith', nas '192.168.251.177') rlm_sql (sql): Released sql socket id: 86 modcall[accounting]: module "sql" returns noop modcall: group accounting returns ok Sending Accounting-Response of id 17 to 192.168.251.177:1001 Finished request 13 Going to the next reque
Re: FreeRADIUS 0.8.1 and Aironet 350 LEAP Setup
Dennis, We ran into the same problems. You have to download the latest CVS snapshot for LEAP capabilities. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting file
Sorry, that should have been "Funk & Wagnalls". Am fining myself $5 for making stupid error while trying to be a smarta**. All fines are donated to The Leukemia & Lymphoma Society (seriously). J. At 04:25 PM 6/5/03, you wrote: Hugu, I don't know for sure, but I think it's hermetically sealed in a mayonnaise jar on Funk & Wagner's doorstep since Noon todayno one knows the contents of that envelope. Sorry, I couldn't help it...it's over 90 here in Portland today and we're all a little giddy. J. At 04:04 PM 6/5/03, you wrote: Can someone tell me where the freeradius keep the accounting data. Thanks in advance Hugo John M. Luker www.flexpop.net
Re: accounting file
Hugu, I don't know for sure, but I think it's hermetically sealed in a mayonnaise jar on Funk & Wagner's doorstep since Noon todayno one knows the contents of that envelope. Sorry, I couldn't help it...it's over 90 here in Portland today and we're all a little giddy. J. At 04:04 PM 6/5/03, you wrote: Can someone tell me where the freeradius keep the accounting data. Thanks in advance Hugo John M. Luker www.flexpop.net
accounting file
Can someone tell me where the freeradius keep the accounting data. Thanks in advance Hugo
problem with rlm_perl
Hi , im trying to run a perl script using the rlm_perl module, the script abort wirh exit code = 0, this is my test script: #!/usr/bin/perl use DBI; use Data::Dumper; use strict 'vars'; # use ... # This is very important ! Without this script will not get the filled hashesh from main. use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK ); # This is hash wich hold original request from radius #my %RAD_REQUEST; # In this hash you add values that will be returned to NAS. #my %RAD_REPLY; #This is for check items #my %RAD_CHECK; # # This the remaping of return values # use constantRLM_MODULE_REJECT=>0;# /* immediately reject the request */ use constantRLM_MODULE_FAIL=> 1;# /* module failed, don't reply */ use constantRLM_MODULE_OK=>2;# /* the module is OK, continue */ use constantRLM_MODULE_HANDLED=> 3;# /* the module handled the request, so stop. */ use constantRLM_MODULE_INVALID=> 4;# /* the module considers the request invalid. */ use constantRLM_MODULE_USERLOCK=> 5;# /* reject the request (user is locked out) */ use constantRLM_MODULE_NOTFOUND=> 6;# /* user not found */ use constantRLM_MODULE_NOOP=> 7;# /* module succeeded without doing anything */ use constantRLM_MODULE_UPDATED=> 8;# /* OK (pairs modified) */ use constantRLM_MODULE_NUMCODES=> 9;# /* How many return codes there are */ # # This is authentication # # sub authenticate { for (keys %RAD_REQUEST) { # This is for test only &radiusd::radlog(1, "rlm_perl:: $_ = $RAD_REQUEST{$_} "); } } this is relevant code when running in debug mode: rlm_perl: perl_embed:: module = /usr/local/bin/prepagox.pl , func = authorize exit status=0, Undefined subroutine &main::authorize called. modcall[authorize]: module "perl" returns reject I dont have any authorize function, the example.pl doesn't have it either. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS 0.8.1 and Aironet 350 LEAP Setup
I've been playing with FreeRADIUS 0.8.1 to use EAP (or LEAP) with Cisco's Aironet 350 Workgroup bridges. So far, I've had no luck. I think it's they way I have FreeRadius set up. The log files show the user name is accepted, but the password is not: Thu Jun 5 16:57:51 2003 : Auth: rlm_unix: Attribute "User-Password" is required for authentication. Thu Jun 5 16:57:51 2003 : Auth: Login incorrect: [dennis/] (from client test-radio port 10 cli 000cce211402) I have looked through several webpages, all of which tell what you need to edit to get it to work. The problem is, none of them works for me. I usually get this error: Thu Jun 5 12:59:02 2003 : Error: rlm_eap: Failed to link EAP-Type/leap: file not found Thu Jun 5 12:59:02 2003 : Error: radiusd.conf[572]: eap: Module instantiation failed. I don't know a whole lot about Radius, so any advice I can get (in the simplest terms possible) would be greatly appreciated. -- Thank you, Dennis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuration question
On Fri, Jun 06, 2003 at 03:06:24PM +0300, gunce ciftci wrote: > > Hi All, > > My question is about users file entries or perhaps radiusd.conf: > > There are two RAS's serving two different groups of people. > I am going to authenticate them with radiusd, according to their RAS's. > guest's can only login to ras1 > staff ras2 > > Question is How do I configure the users file and radiusd.conf to do so? Use huntgroups (looking for the NAS-IP-Address) and Huntgroup-Name tests in the users file. There is an example in the distributed huntgroup file. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho doesn't show anything
radwho doesn't show anything, Simultanous-Use not work with cisco SNMP enable why?
mod_auth_radius & Apache Accounting
Hi all, I'm looking for an accounting module for my Apache 1.3.27 http server. I've found that there is a mod_auth_radius module for AAA at the freeradius web site availeable on this url http://www.freeradius.org/mod_auth_radius/. Reading this URL, it looks that this module could be used for accounting requests. I paste this text from the related link : "This is the Apache RADIUS authentication module. It allows any Apache web-server to become a RADIUS client for authentication and accounting requests. You will, however, need to supply your own RADIUS server to perform the actual authentication." I have installed this module correctly and authentication of my users is succesfull. I want to account sessions sending Start / Stop accounting packets to my freeradius server. My question is: Is it posible to do accounting with this module ? If anyone knows how to account with Apache, please help me. Thanks in advance Daniel García VICIM (Virtual Institute for Chemometrics and Industrial Metrology) _ Dale vida a tu correo. Con MSN 8 podrás incluir fotos y textos increibles. http://join.msn.com/?pgmarket=es-es&XAPID=517&DI=1055 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius CygWin
Hello everybody, I'm trying to compile FreeRadius under CygWin with no luck, it's the first time I use cygwin and I honestly have no idea how to get it to work (fortunatly I rarely have to deal with Microsoft products). Is anybody kind enough to send me a .diff to get it to work ? Thanks a lot Navid -- "Believe you can, believe you can't; either way, you're right" - Henry Ford "Security is a process, not a product..." - Bruce Schneier Navid Sheik <[EMAIL PROTECTED]> Key fingerprint = D6FA 566F C9D0 7A17 F25A 1C7C 21F6 3E22 01A7 F604 GPG Key: http://www.navid.cyberbeat.it/shnavid.gpg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
VLAN
Hi, i'm a new user of freeradius and since 2 month i am trying to associate automatically a user to the good VLAN. For a normal network, i succesfully authenticate but for a wireless network it's not good but i am makink an ssl certificat and it will be good (i hope) I am using an AP1100 CISCO to do it and a server under freeradius. I want to know how i could configure freeradius in order associate the VLAN.Where I have to add a lign If you could answer me, i would be gratefull I am waiting for your answer and i hope that you have the solution. - This mail sent through IMP: http://horde.org/imp/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting packets
not necessarily, but, start and stop records will have same id. Also, two different boxes could have same session id's. Owen --On Thursday, June 5, 2003 10:26 -0500 Ross Reed <[EMAIL PROTECTED]> wrote: I was considering marking the AcctSessionId Unique in MySQL in order to not have duplicates. Duplicates are creating a problem for our radius accounting data being imported to SQL2K. Will setting that column Unique cause undo problems that I cannot forsee? Ross Reed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type
the users are in a mysql database i forgot to comment out files in authorize sql #files its now working! thanks - Original Message - From: "Jonathan Ruano" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, June 06, 2003 7:34 PM Subject: RE: Auth-Type Provided that you're not using info in users file, either comment out files use in radiusd.conf, or the DEFAULT entry in users, which sets Auth-Type System. Jonathan. P.S.: shouldnt Auth-Type be Local and not PAP? I'm a bit newbie myself :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Engelbert de Guzman Sent: Friday, June 06, 2003 1:34 PM To: [EMAIL PROTECTED] Subject: Auth-Type ### rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" auth: Failed to validate the user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding realm if not already given
> If not, then you could try setting up a realm for each user in proxy.conf should read ... setting up each realm in proxy.conf just didn't want to add any confusion - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configuration question
Hi All, My question is about users file entries or perhaps radiusd.conf: There are two RAS's serving two different groups of people. I am going to authenticate them with radiusd, according to their RAS's. guest's can only login to ras1 staff ras2 Question is How do I configure the users file and radiusd.conf to do so? I can store the passwords as /etc/passwd/staff /etc/passwd/guest I thought if it is possible to look at different passwd files according to the ip of ras that authentication request comes from. Is it possible? Or any suggestions to do so? Regards, gUnce CiftCi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Adding realm if not already given
On Thu, 5 Jun 2003, Barry Brown wrote: > Hi, > > I have been scratching my head all day trying to figure this out: > > I want to append a default realm to the User-Name if the user has not > already supplied a realm name. This is to grandfather in existing users > as we move toward realm-savvy authentication. Here are some sample > User-Name mappings: > > bozo --> [EMAIL PROTECTED] (@infostations.com is appended) > [EMAIL PROTECTED] --> [EMAIL PROTECTED] (no change) > [EMAIL PROTECTED] --> [EMAIL PROTECTED] (no change) > > Here is my attr_rewrite ruleset: > > attr_rewrite add_realm { > attribute = User-Name > searchin = packet > searchfor = "^[a-z0-9_\-]+$" > replacewith = "[EMAIL PROTECTED]" > ignore_case = yes > new_attribute = no > max_matches = 1 > append = no > You could try doing this, don't know if it would work, but its worth a shot. 1. in proxy.conf Have realm NULL { ... } Then in your rewrite have attribute = Realm searchin = packet searchfor = "NULL" replacewith "infostations.com" ignorecase = yes new_attribute = no max_matches = 10 append = no Then if a user comes in with no realm, the realm will be changed to infostations.com. Not sure if this would actually make the lookup on the username change, however. If not, then you could try setting up a realm for each user in proxy.conf and making sure you strip the realm from the name. Then instead of looking up just %{UserName} you could change the query to lookup [EMAIL PROTECTED] If that doesn't work, and you do find something else that works for you, let us know. I'm at least interested in what you did do to make it work, as I may be required to do something like that in the future. Dustin Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth-Type
I can explain my problem a little bit detail, with my new test module. the module name is rlm_pp the radiusd.conf has : modules{ pp { dbhome = ${localstatedir}/db } } authorize { pp } authenticate { Auth-Type PP { pp } the rlm_pp.c has the next code: check_pairs = request->config_items; reply = pairmake("Auth-Type", "PP", T_OP_SET); pairadd(&check_pairs, reply); And the output from radiusd -X shows : modcall: group authorize returns ok auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. if I add the nex code to rlm_pp.c - strncpy(passwd_item->strvalue, request->password->strvalue,MAX_STRING_LEN - 1); passwd_item->length = (request->password->length > (MAX_STRING_LEN - 1)) ? (MAX_STRING_LEN - 1) : request->password->length; pairadd(&request->config_items,passwd_item); I have next output - modcall: group authorize returns ok auth: type Local auth: user supplied User-Password matches local User-Password pp_authenticate defined in the rlm_pp.c Any idea? Gregory G. V. --- Any opinions in this posting are my own and not those of my present or previous employers. According Isham Research's Devil's IT Dictionary mainframe is: "an obsolete device still used by thousands of obsolete companies serving billions of obsolete customers and making huge obsolete profits for their obsolete shareholders. And this year's run twice as fast as last year's." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Auth-Type
Provided that you're not using info in users file, either comment out files use in radiusd.conf, or the DEFAULT entry in users, which sets Auth-Type System. Jonathan. P.S.: shouldnt Auth-Type be Local and not PAP? I'm a bit newbie myself :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Engelbert de Guzman Sent: Friday, June 06, 2003 1:34 PM To: [EMAIL PROTECTED] Subject: Auth-Type ### rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" auth: Failed to validate the user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using /dev/random with EAP-TLS defunct
/dev/urandom works like a charm, thanks for the tip! __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth-Type
list, having problems with authenticate { } module i have tried changing Auth-Type to (Local, PAP, CHAP, MS-CHAP) but it keeps returning the value System what seems to be the problem? were will i look next? thanks again ### rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" auth: Failed to validate the user. ### radiusd.conf authenticate { authtype PAP { pap } authtype CHAP { chap } authtype MS-CHAP{ mschap } #pam #unix #authtype LDAP { # ldap #} } mysql> select * from radgroupcheck; ++---+---++---+ | id | GroupName | Attribute | op | Value | ++---+---++---+ | 1 | dynamic | Auth-Type | := | PAP | | 2 | static| Auth-Type | := | PAP | ++---+---++---+ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius CygWin
Dear Navid Sheik, Have you red doc/CYGWIN? --Friday, June 6, 2003, 12:05:59 AM, you wrote to [EMAIL PROTECTED]: NS> Hello everybody, I'm trying to compile FreeRadius under CygWin with no NS> luck, it's the first time I use cygwin and I honestly have no idea how NS> to get it to work (fortunatly I rarely have to deal with Microsoft NS> products). NS> Is anybody kind enough to send me a .diff to get it to work ? NS> Thanks a lot NS> Navid -- ~/ZARAZA Но ведь кому угодно могут прийти в голову яйца, пятки и епископы. (Лем) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate accounting packets
On Thu, 5 Jun 2003, Ross Reed wrote: > I was considering marking the AcctSessionId Unique in MySQL in order to not > have duplicates. Duplicates are creating a problem for our radius accounting > data being imported to SQL2K. > > Will setting that column Unique cause undo problems that I cannot forsee? It's better to set AcctUniqueId as unique. AcctSessionId is as unique as the nas manages to make it. One *big* problem I faced with such workarounds is that accounting relaying with radrelay will not work anymore since the sql module will return RLM_MODULE_FAIL and radiusd will just not respond to the corresponding accounting request. As a result radrelay remains stuck in the same accounting record. > > Ross Reed > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicate accounting packets
I was considering marking the AcctSessionId Unique in MySQL in order to not have duplicates. Duplicates are creating a problem for our radius accounting data being imported to SQL2K. Will setting that column Unique cause undo problems that I cannot forsee? Ross Reed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql Authentication
I'm trying to pass wind value via dhcp to a remote client using mysql...every dhcp fields seems to be passed fine (dns,IP.)except wins ...during authentication on ras server I see the following 04:32:00: RADIUS: cisco AVPair ""ip:wins-servers=10.0.0.1"" not applied for ip the field in the radgroupreply is id GroupName Attribute op Value prio (???what is this ???) 1 adrtel cisco-avpair := "ip:wins-servers=10.0.0.1" 1 (just fill it out) any help ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius - DLINK DWL-900+ - 802.1.X
At 08:56 04/06/2003 -0600, you wrote: What is your ap? DLINK DWL-900+ , you set up the eap and wep key, Yes, I did. regards. in the cisco 1200 ap this is import. att. Mauricio - Original Message - From: "Pascal PELONI" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, June 03, 2003 9:24 AM Subject: Re: FreeRadius - DLINK DWL-900+ - 802.1.X > I forget to say that : > > 1. the authentication works well with radtest ! > > $ radtest tst1 pp 127.0.0.1 1 test > Sending Access-Request of id 68 to 127.0.0.1:1812 > User-Name = "tst1" > User-Password = > "\323\366\273\363\371Z\250]\231(w\265?\346G\253" > NAS-IP-Address = localhost > NAS-Port = 1 > rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=68, length=20 > > 2. with my AP I have the following output in radius.log : > > Auth: Login incorrect: [pelo/] > > Thanks. > > At 16:58 03/06/2003 +0200, you wrote: > >I've already read the FAQ and the README's, but it still doesn't work. > > > >Here is part of my config : > > > >radiusd.conf > > > >modules { > > eap { > > default_eap_type = md5 > > md5 { > > } > > } > >} > > > >authorize { > > eap > >} > > > >authenticate { > > eap > >} > > > >client.conf > >--- > >client localhost { > > secret = test > > nastype = other > > shortname = test > >} > > > >huntgroups > >-- > >TESTNAS-IP-Address == 127.0.0.1, NAS-Port-Id == 0-3 > > > >users > >- > >DEFAULT Huntgroup-Name == "TEST" > > Framed-IP-Address = 192.168.1.11+ > > > >tst1User-Password == "pp" > > > >tst2Auth-Type := Local, User-Password == "pp" > > > >Could someone help ? > > > >Thanks, PP. > > > > > > > >At 09:31 30/05/2003 -0400, you wrote: > >>Pascal PELONI <[EMAIL PROTECTED]> wrote: > >> > The problem is that when I try to authenticate with my AP & W2K, it > >> doesn't > >> > work : > >> > > >> > # less /var/log/radius.log > >> > Thu May 29 18:17:07 2003 : Auth: Login incorrect: [aa/ >> > attribute>] (from client ap-wlan port 0 cli 00-40-05-CB-AD-7C) > >> > >> Read the FAQ and the README's. > >> > >> Read the FAQ and the README's. > >> > >> Read the FAQ and the README's. > >> > >> Read the FAQ and the README's. > >> > >> > >> Did I mention I *really* meant that you should read the FAQ and the > >>README's? > >> > >> Alan DeKok. > >> > >>- > >>List info/subscribe/unsubscribe? See > >>http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using /dev/random with EAP-TLS defunct
Doing that is *NOT* cryptographically strong. Use /dev/urandom and see if your problems go away. /dev/random blocks until enough entropy has enterred the entropy pool. --Mike On Mon, 2003-05-05 at 09:03, [EMAIL PROTECTED] wrote: > To create these file I use this command line and it's ok. > #date > /your_directory/random > > #date > /your_directory/dh > > > > - Original Message - > From: "Sepp Rudel" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, June 05, 2003 9:35 AM > Subject: Using /dev/random with EAP-TLS defunct > > > > Hi, > > > > when trying to use /dev/random (on Linux) as > > random_file and dh_file in EAP-TLS config, radiusd > > hangs forever during start up while initializing tls > > module. Should this work? Would it make anything "more > > secure" if I could use /dev/random instead of some > > static file? > > > > __ > > Do you Yahoo!? > > The New Yahoo! Search - Faster. Easier. Bingo. > > http://search.yahoo.com > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --Mike Michael Griego Wireless Network Administrator University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth-Type
Hello, I'm testing a new module, which defined Auth-Type to itself, but when I use it I see that radius use Auth-Type Local. Could someone have a look piece of my code, or debug output to recognize the problem? radius.conf has an entry for the module, authorize section has, and authenticate section has. Gregory G. V. --- Any opinions in this posting are my own and not those of my present or previous employers. According Isham Research's Devil's IT Dictionary mainframe is: "an obsolete device still used by thousands of obsolete companies serving billions of obsolete customers and making huge obsolete profits for their obsolete shareholders. And this year's run twice as fast as last year's." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using /dev/random with EAP-TLS defunct
To create these file I use this command line and it's ok. #date > /your_directory/random #date > /your_directory/dh - Original Message - From: "Sepp Rudel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 05, 2003 9:35 AM Subject: Using /dev/random with EAP-TLS defunct > Hi, > > when trying to use /dev/random (on Linux) as > random_file and dh_file in EAP-TLS config, radiusd > hangs forever during start up while initializing tls > module. Should this work? Would it make anything "more > secure" if I could use /dev/random instead of some > static file? > > __ > Do you Yahoo!? > The New Yahoo! Search - Faster. Easier. Bingo. > http://search.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using /dev/random with EAP-TLS defunct
i've noticed the same in my case. i think that /dev/random is generally too slow, because it searches the random numbers on the fly, one after another, so radius waits till it gets enough numbers. rather use /dev/random from time to time offline to produce fixed files which you can define for radius usage (e.g. per cron dd from /dev/random into a file). ciao artur Sepp Rudel wrote: > > Hi, > > when trying to use /dev/random (on Linux) as > random_file and dh_file in EAP-TLS config, radiusd > hangs forever during start up while initializing tls > module. Should this work? Would it make anything "more > secure" if I could use /dev/random instead of some > static file? > > __ > Do you Yahoo!? > The New Yahoo! Search - Faster. Easier. Bingo. > http://search.yahoo.com > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Artur Hecker artur[at]hecker.info - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html