Re: eap/tls on freeradius
Hi, I have followed that instruccions and all goes perfectly. http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm I installed in Debian 3.0 r1 good luck. Omar Jonny Karlsson IT 00 wrote: Hello! Does anyone know how to implement eap/tls on Freeradius-0.9.0? I have tried older versions allso but I allways get the same error message when starting the radiusd server: rlm_eap: Failed to link EAP-Type/tls: file not found. I have allso tried to follow the instructions on http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm in detail about 4-5 times but it just doesn't work. Does anyone know a better manual for this or can anyone explain to me in detail how I can get it work? I don't understand how it can be so difficult!! I am using RedHat 9.0 as operating system. regards Jonny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with Cisco's BBSM
Passing a bandwidth attribute to the NAS only makes sense if you say less or equal - or easier: maximum allowed bandwidth is: ??? kbps So what's wrong to say: CBBSM-Bandwidth = 256 (or whatever you want to throttle it to) Am Mit, 2003-07-23 um 17.45 schrieb Alex: OK I added CBBSM_Bandwidth to the radreply table. The doc says = cannot be used as a reply item, so how else should I specify 'less than or eq to that_much_BW' ? Alex Alan DeKok [EMAIL PROTECTED] wrote: Alex wrote: Then I added another line, same user, attribute 'CBBSM-Bandwidth', op='=', Value='32768' but user is now rejected. ^^^ Huh? See the documentation for the meaning of the operators. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin
This question is not directly related to RADIUS, but a utility 'dialup_admin' that ships with FreeRadius. I tried to use dialup_admin in Linux, but the browser (Microsoft IE) did not show the page correctly. I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. According to the FAQ in dialup_admin, the php needs to be configured to handle files with php3 suffix. I have changed the Files directive in /etc/httpd/conf.d/php.conf to from Files *.php to Files ~ *\.php3?$ and restarted the httpd daemon. It still did not work. I would appreciate any help from someone who has successfully used dialup_admin from IE. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
On Thu, Jul 24, 2003 at 12:14:57AM -0700, Alex Chen wrote: This question is not directly related to RADIUS, but a utility 'dialup_admin' that ships with FreeRadius. I tried to use dialup_admin in Linux, but the browser (Microsoft IE) did not show the page correctly. Huh? IE for linux? I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. According to the FAQ in dialup_admin, the php needs to be configured to handle files with php3 suffix. I have changed the Files directive in /etc/httpd/conf.d/php.conf to from Files *.php to Files ~ *\.php3?$ and restarted the httpd daemon. It still did not work. does it work with mozilla, lynx, etc? if yes: it's an IE bug. If no: you need to configure your apache to handle .php3 files. The correct way (using php4) is: AddType application/x-httpd-php .php3 The Files section probably only sets some mod_php params. Like this: Files *.php3 LimitRequestBody 524288 RequestHeader unset If-Modified-Since /Files Regards, Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup_admin
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Oliver Graf Sent: Thursday, July 24, 2003 12:21 AM To: FreeRADIUS Users (E-mail) Subject: Re: dialup_admin On Thu, Jul 24, 2003 at 12:14:57AM -0700, Alex Chen wrote: This question is not directly related to RADIUS, but a utility 'dialup_admin' that ships with FreeRadius. I tried to use dialup_admin in Linux, but the browser (Microsoft IE) did not show the page correctly. Huh? IE for Linux? No, I meant the dialup_admin runs on Linux, but I used IE browser to view the 'index.html' under htdocs directory. From the IE, I could see two panes. The right pane is a dialup_admin image file and on the left pane, it shows the php script source text, not the rendering. I think IE should support PHP, otherwise 80% of the browser will fail to display PHP page. That's why I suspect some configuration problem in the Apache. Unfortunately, I am not an Apache expert and do not know what configuration file to tune. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
On Thu, Jul 24, 2003 at 12:33:40AM -0700, Alex Chen wrote: I think IE should support PHP, otherwise 80% of the browser will fail to display think again. php is a server side scripting language. what should ie possible have to do with it? short answer: nothing! PHP page. That's why I suspect some configuration problem in the Apache. Unfortunately, I am not an Apache expert and do not know what configuration file to tune. Read my last mail. Read apache docs. Read php docs. And: reading apache logs won't hurt also. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius with Cisco's BBSM
Cisco's BBSM corrctly interpreted the attribute after setting op to '=' and Value =xxx' (in kb), it works now. Indeeed, '=' is used as a reply op, as doc specifies. Thanks Ulrich and Alan for your precious input and time spent with me! AlexUlrich Walcher [EMAIL PROTECTED] wrote: Passing a bandwidth attribute to the NAS only makes sense if you sayless or equal - or easier: maximum allowed bandwidth is: ??? kbpsSo what's wrong to say:CBBSM-Bandwidth = 256 (or whatever you want to throttle it to)Am Mit, 2003-07-23 um 17.45 schrieb Alex: OK I added CBBSM_Bandwidth to the radreply table. The doc says "=" cannot be used as a reply item, so how else should I specify 'less than or eq to ' ? Alex Alan DeKok <[EMAIL PROTECTED]>wrote: Alex wrote: Then I added another line, same user, attribute 'CBBSM-Bandwidth', op='=', Value='32768' but user is now rejected. ^^^ Huh? See the documentation for the meaning of the operators. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo.
Re: dialup_admin
I use dialup_admin and then, I must rewrite all the code of PHP files, to fix my need. But I know your problem, and I know why and how to correct it. you should open /etc/php.ini and change global_register Off - On rename *.php3 - php4, you don'n need to change files in /conf, /lib..., just all files in /dialup_admin directory. open all file *.php to edit and modify the name having in any line code that you renamed. for example, /html/buttons/default/buttons.php3 href=accounting.php3 - href=accounting.php My English is still bad, do you understand what I mean ? If you don't want to rename php3 - php, you need to modify /etc/php.ini so that httpd can accept php3, I don't remember which option, you can search in mailling list because this question was asked by me and there is a person replyed to help me. thanks him. Manh Cuong. - Original Message - From: Alex Chen [EMAIL PROTECTED] To: FreeRADIUS Users (E-mail) [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 2:14 PM Subject: dialup_admin This question is not directly related to RADIUS, but a utility 'dialup_admin' that ships with FreeRadius. I tried to use dialup_admin in Linux, but the browser (Microsoft IE) did not show the page correctly. I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. According to the FAQ in dialup_admin, the php needs to be configured to handle files with php3 suffix. I have changed the Files directive in /etc/httpd/conf.d/php.conf to from Files *.php to Files ~ *\.php3?$ and restarted the httpd daemon. It still did not work. I would appreciate any help from someone who has successfully used dialup_admin from IE. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
IE is independent to script language (PHP,ASP,JSP) because these language is server side based language. httpd will read php file, see if there is any line code is PHP script, it will interpret to html format (tag) and send to web browser client. hope that will help you. Manh Cuong. - Original Message - From: Alex Chen [EMAIL PROTECTED] To: FreeRADIUS Users (E-mail) [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 2:14 PM Subject: dialup_admin This question is not directly related to RADIUS, but a utility 'dialup_admin' that ships with FreeRadius. I tried to use dialup_admin in Linux, but the browser (Microsoft IE) did not show the page correctly. I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. According to the FAQ in dialup_admin, the php needs to be configured to handle files with php3 suffix. I have changed the Files directive in /etc/httpd/conf.d/php.conf to from Files *.php to Files ~ *\.php3?$ and restarted the httpd daemon. It still did not work. I would appreciate any help from someone who has successfully used dialup_admin from IE. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
sorry, rename *.php3 - *.php global_register Off - On rename *.php3 - php4, you don'n need to change files in /conf, /lib..., just all files in /dialup_admin directory. open all file *.php to edit and modify the name having in any line code that you renamed. for example, /html/buttons/default/buttons.php3 href=accounting.php3 - href=accounting.php My English is still bad, do you understand what I mean ? If you don't want to rename php3 - php, you need to modify /etc/php.ini so that httpd can accept php3, I don't remember which option, you can search in mailling list because this question was asked by me and there is a person replyed to help me. thanks him. Manh Cuong. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
On Thu, Jul 24, 2003 at 02:51:33PM +0700, Truong Manh Cuong wrote: If you don't want to rename php3 - php, you need to modify /etc/php.ini so that httpd can accept php3, I don't remember which option, you can search in Huh? The php.ini does not know anything about file extensions. But the register globals thing is a good hint. Perhaps dialup_admin (if it uses the globals) should be changed to use the 'new' (it's php4 and php5 is just to be released as beta...) way of accesing them... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
On Thu, Jul 24, 2003 at 03:01:19PM +0700, Truong Manh Cuong wrote: sorry, rename *.php3 - *.php You don't really need to rename all files and change all links. Apache has all the power to do it with one line of config for you (see other mails in this thread). Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Expiring Accounts page
Well, I tried to manipulate MySQL to my best.
It is impossible to make date calculation functions inside mysql because
the Expiration Attribute is not stored in date type column.
It is also stupid to get each user to php and manipulate there since that
would be very inefficient. This is what I could do at most.
Please let me know about what you think :)
Evren?php
require('../conf/config.php3');
require('../lib/functions.php3');
?
html
?php
if (is_file(../lib/sql/drivers/$config[sql_type]/functions.php3))
include_once(../lib/sql/drivers/$config[sql_type]/functions.php3);
else{
echo EOM
titleExpiring User Accounts/title
meta http-equiv=Content-Type content=text/html; charset=$config[general_charset]
link rel=stylesheet href=style.css
/head
body bgcolor=#80a040 background=images/greenlines1.gif link=black alink=black
center
bCould not include SQL library functions. Aborting/b
/body
/html
EOM;
exit();
}
$now = time();
$now_str = ($now_str != '') ? $now_str : date(M Y,$now + 86400);
$min_str = ($min_str != '') ? $min_str : date(j,$now + 86400);
$max_str = ($max_str != '') ? $max_str : date(j,$now + 86400);
$num = 0;
$pagesize = ($pagesize) ? $pagesize : all;
$limit = ($pagesize == 'all') ? '' : LIMIT $pagesize;
$selected[$pagesize] = 'selected';
echo EOM
head
titleExpiring User Accounts/title
meta http-equiv=Content-Type content=text/html; charset=$config[general_charset]
link rel=stylesheet href=style.css
/head
body bgcolor=#80a040 background=images/greenlines1.gif link=black alink=black
center
table border=0 width=550 cellpadding=0 cellspacing=0
tr valign=top
td align=centerimg src=images/title2.gif/td
/tr
/table
EOM;
echo EOM
brbr
table border=0 width=740 cellpadding=1 cellspacing=1
tr valign=top
td width=55%/td
td bgcolor=black width=45%
table border=0 width=100% cellpadding=2 cellspacing=0
tr bgcolor=#907030 align=right valign=topth
font color=whiteExpiring User Accounts/fontnbsp;
/th/tr
/table
/td/tr
tr bgcolor=black valign=toptd colspan=2
table border=0 width=100% cellpadding=12 cellspacing=0 bgcolor=#d0
valign=top
trtd
For Date:
b$min_str - $max $now_str/b
EOM;
?
p
table border=1 bordercolordark=#e0 bordercolorlight=#00 width=100%
cellpadding=2 cellspacing=0 bgcolor=#e0 valign=top
tr bgcolor=#d0ddb0
th#/ththuser/ththdate/th
/tr
?php
$link = @da_sql_pconnect($config);
if ($link){
$search = @da_sql_query($link,$config,
SELECT UserName,Value as Date FROM $config[sql_check_table]
WHERE Attribute = 'Expiration'
AND Value LIKE '% $now_str' AND substring(Value,1,2) = $max_str AND
substring(Value,1,2) = $min_str
ORDER BY substring(Value,1,2)*1 DESC $limit;);
if ($search){
while( $row = @da_sql_fetch_array($search,$config) ){
$num++;
$user = $row[UserName];
$date = $row[Date];
echo EOM
tr align=center
td$num/td
tda href=user_admin.php3?login=$user title=Edit
user $user$user/a/td
td$date/td
/tr
EOM;
}
}
else
echo bDatabase query failed: . da_sql_error($link,$config) .
/bbr\n;
}
else
echo bCould not connect to SQL database/bbr\n;
echo EOM
/table
trtd
hr
trtd align=center
form action=expiration.php3 method=get name=master
table border=0
trtd colspan=5/td
td rowspan=3 valign=bottom
small
the bfrom day/b matches any login after the 00:00
that day,
and the bto day/b any login before the 23:59 that
day.
the default values shown are the bnext day/b.
/td
/tr
tr valign=bottom
tdsmallbfrom day/tdtdsmallbto
day/tdtdsmallbdate/tdtdsmallbpagesize/tdtd
nbsp;/td
tr valign=middletd
input type=text name=min_str size=11 value=$min_str/td
tdinput type=text name=max_str size=11 value=$max_str/td
tdinput type=text name=now_str size=11 value=$now_str/td
tdselect name=pagesize
option $selected[5] value=5 05
option $selected[10] value=1010
option $selected[15] value=1515
option $selected[20] value=2020
option $selected[40] value=4040
option $selected[80] value=8080
option $selected[all] value=allall
/select
/td
EOM;
?
tdinput type=submit class=button value=show/td/tr
/table/td/tr/form
/table
/tr
/table
/body
/html
Re: rlm_ippool missing gdbm.h header file
On Thu, 24 Jul 2003 01:36 am, SPJ.Schembri wrote: Hi, I am new to FreeRadius and only just downloaded the 0.9.0-pre3 version on Monday, although I have been an avid list reader for 6 months now. Please re-download the release version og 0.9.0 as it has a couple of bug fixes... -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
install TLS problem
I have followed the page http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm to install TLS on FreeRADIUS. But, I have a question about step6 CERTIFICATE GENERATION SCIRPTS WherecanI find those three scripts,or I should buildthose scripts by myself?
Re: install TLS problem
Hi, The three scripts are in that dociment. Make copy paste and use them. Yu-Ping Wang wrote: I have followed the page http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm to install TLS on FreeRADIUS. But, I have a question about step6 CERTIFICATE GENERATION SCIRPTS Where can I find those three scripts, or I should build those scripts by myself? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: install TLS problem
On Thu, Jul 24, 2003 at 04:55:39PM +0800, Yu-Ping Wang wrote: I have followed the page http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm to install TLS on FreeRADIUS. But, I have a question about step6 CERTIFICATE GENERATION SCIRPTS Where can I find those three scripts, or I should build those scripts by myself? hmm... did you read the howto? Certainly not. Read the two paragraphs after CERTIFICATE GENERATION SCIRPTS and you have your answer. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: XTRadius to FreeRadius migration
From: Tom Emerson [EMAIL PROTECTED]
I'll jump in here with a suggestion -- it took a while for it to sink in for
me, so perhaps this will help someone else stay afloat...
Thanks for the jump!
You can fake it somewhat with
SELECT id,user as username,Password as attribute,
password as value,== as op
FROM ${authcheck_table}...
in this example, I'm presuming actual field names of user and password,
which need to correspond to the names username and value as required by
the internals of the program [err, hope I have that part right] Likewise,
this returns hard-coded field values of the word password and an operator
of == for the attribute and op fields.
Yes, this is the last thing left to be clarified - whether the module reads data from
the database as hash with hardcoded field names, or its just a row, in which case the
position of fields in SQL reply is important. Anyway, it's possible to satisfy both at
the same time.
Thank you very much for your help!
--
Best Regards,
Sinisa Burina
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Environment variables
I have encountered an unexpected problem - environment variables passed to external programs are not the same as RADIUS attributes. All letters are in uppercase and dashes are replaced by underscores. It's not a crucial problem, but it would be extremely useful to have configuration option that would instruct FR not to translate attribute names to env vars, but copy them exactly as they are. -- Best Regards, Sinisa Burina smime.p7s Description: S/MIME cryptographic signature
USers files
Hello, I was using cistron-radius, now I changed for freeradius but my /etc/raddb/users file is not recognized but freeradius.I added a line in the freeradius users file in orders to include the users file used by cistron-radius but users trying to get access are matched with default entry of thecistron-radius users file when I used freeradius. how can used with freeradius my cistron-radius users file withing changing it ? this is the format of my cistron-radius users file: . . . . x Password = "yy", Simultaneous-Use = 1 Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, NAS-Port-Type = Async, Service-Type = Framed-User. . . . DEFAULT Auth-Type = System
Re: cisco accounting attribute
John A. Hengstler [EMAIL PROTECTED] wrote: Does anybody know why this accounting attribute would be listed this way coming from a cisco. Connect-Info = \320\272\254J721670\000\000\000\000\000\000\000\000\000\000\000 Because that's what the Cisco NAS sends to the RADIUS server? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session Timeout
Alex Chen [EMAIL PROTECTED] wrote: rlm_counter? How is it used? Where can I find a document about this? Have you tried reading the configuration files? I tried to use the 'counter daily' module, but do not know how the format of /usr/local/etc/raddb/db.daily. Why would you care? The 'file' command told me that the file is GNU dbm file format. I am using MySQL, can it read this file? No. Why would you want MySQL to read this file? Another question: Can the 'accounting_stop_query' SQL statement in the sql.conf file update two tables at all? No. There was a patch posted a while ago which let the server do this. In my previous mail, I added another 'UPDATE' statement after the original one, following the ';' SQL command separator. I got an error message from the server. If I typed the same command from 'mysql', it worked fine. Then the 'mysql' tool pre-parses the statements in a way that the 'mysqld' daemon does not. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Users File and VSA
Hi, I would know how use the attribute vendor specific : the syntax..etc... I have an example : Toto Autz-Type:=CISCO-ACCESS,Auth-Type:=CISCO-ACCESS Reply-Message = Toto connected..., Service-Type = Shell-User, Cisco-AVPair=shell:priv-lvl=15, Fall-Through = 1 The syntax is correct ? Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup_admin
-Original Message- I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. When I had this problem, it was due to permissions not being set correctly on the server, IIRC Andrew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Environment variables
From: Alan DeKok [EMAIL PROTECTED] I'm opposed to that. See: http://www.opengroup.org/onlinepubs/007908799/xbd/envvar.html Having '-' in an environment variable leads to problems. I understand. But you've got access to the source. If you don't like the way it works now, you can always fix it. If I succeed in this migration attempt, I think it's much better to change few external scripts and just leave FR as it is. Any code tweaks would (as always) lead to trouble on every future FR upgrade. Thanks for pointing out above URL to me! -- Best Regards, Sinisa Burina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
-Original Message- I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. When I had this problem, it was due to permissions not being set correctly on the server, IIRC Andrew When you get php code displayed and not parsed, 9/10 times its the mime-types that are not setup correctly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql escapes coma
Radius version 0.8.1.x , 0.9.0 ( I haven't made test on previous version. When using the attribute's value containing a coma, rlm_sql escapes the coma in a strange =2C within the String . For example let's use the WISPr-Location-Name (string) attribute . ( The problem is the same with any string attribute anyway) WISPr-Location-Name = xx,LOCATION1 it will be translated in xx=2CLOCATION1 in the SQL query (if this attribute is used by the SQL Authorize query ). This looks like a bug, doesn't it ? Ubu _ MSN - More Useful Every Day http://www.msn.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:(2) some bugs in dialup_admin
Sorry to bug the list... I have had serious email problems and I found
this email from archives even...
--
Now the thing about the usernames is;
Actually we dont have spaces in any of our usernames. But you know the
users! they make the most funny mistakes you wouldnt even imagine.
Now for a support person watching the failed logins, if he/she cant see
this user accidentally enters a space in the middle, front or end of the
username. Then it wouldnt be nice.
I just checked my radius log and I have this kind of entries...
Thu Jul 24 09:50:17 2003 : Auth: Login incorrect:
[%U4d1%K\\GWaSb6Uy\\m_\025vEH+)HC%4I#VQR5[6ugU*KF:UOV[LurD%*P2_G[-;:$n([j7S+BZmc#IN(=%fj0k4b)G%XU4d1%K\\GWaSb6Uy\\m_\025vEH+)HC%4I#VQR5[6ugU*KF:UOV[LurD%*P2_G[-;:$n([j7S+BZmc#IN(=%B`}Z]
(from client as1 port 57 cli )
Thu Jul 24 10:16:46 2003 : Auth: Login incorrect: [astoto ] (from client as1 port
107)
Thu Jul 24 11:57:21 2003 : Auth: Login incorrect: [ENG\335N TEK] (from client as1 port
4 cli 0XX)
Thu Jul 24 13:51:13 2003 : Auth: Login incorrect: [xy~j~LLL1L|IS_FfqxxxXA] (from
client as1 port 38)
Thu Jul 24 12:21:06 2003 : Auth: Invalid user: [no User-Name attribute] (from client
as1 port 48 cli 02XXX)
Anything is possible! Perhaps its better to get inside square brackets up
to 64 characters?
About the error messages, Isnt it a lot better to log the real message?
For example
Thu Jul 24 11:30:30 2003 : Auth: Multiple logins (max 1) [MPP attempt]: [myuser1]
(from client as1 port 20119 cli 0)
Thu Jul 24 11:38:08 2003 : Auth: Multiple logins (max 1) : [mmyuser2] (from client as1
port 20030)
It is more explanatory and perhaps diffferent people would have more
different messages anyway. I dont get the point of inserting Login
Incorrect instead of Login incorrect ? :)
Plus it is a lot easier to get the error message as it is from the logs
if ( ! /Login OK/ /: Auth:.+\(from client.+/ ) {
$cause = (split /:/,$_)[4];
$cause =~ s/^\s+|\s+$//g;
}
Can get any error message easily...?
I attached the unified diff output of the patch. How could I know that you
want that? I am a newbie at this after all.
Evren
On Sat, 19 Jul 2003, Evren Yurtesen wrote:
First of all log_badlogins is getting confused if there is a space in
username.
OK, although I don't like the idea of spaces inside the usernames I 've
added
support for that.
Also I thought it is not very efficent to give the error a name
and record this name to sql. I think its better to record the error
as it is and then recall it from mysql as it is. Well I attached a patch
for that to log_badlogins which breaks the failed_logins page which is
waiting to find the names that log_badlogins put into mysql. But the fix
for that is below also... The files were from freeradius-0.9.0-pre3
release so patch apply to dialup_adminn log_badlogins in that release
First of all the patch is not unified. Also I don't quite follow the
reason for
this change.
The other problem is in truncate_radacct... it gives this error. But it
works when the commands are given line by line
2003-04-20 18:35:04
DBD::mysql::db do failed: You have an error in your SQL syntax near
';DELETE FROM radacct WHERE AcctStopTime '2003-04-20 18:35:04';UNLOCK
TABLES' at line 1 at ./truncate_radacct line 30.
OK I 've made a few changes in the binary files and it should work now.
--- log_badlogins.orig Fri Jul 18 02:58:53 2003
+++ log_badlogins Fri Jul 18 03:04:34 2003
@@ -61,46 +61,24 @@
seek LOG, 0, 2 if ($all_file eq 'no');
for(;;){
while(LOG){
- $do=0;
chomp;
if ($_ ne ''){
$user = $nas = $port = $caller = '-';
- if (/Login incorrect/){
- if (/Login incorrect \((.+?)\):/){
- $cause = Login-Incorrect ($1);
- }else{
- $cause='Login-Incorrect';
- }
- $do=1;
- }
- elsif (/Invalid user/){
- if (/Invalid user \((.+?)\):/){
- $cause = Invalid-User ($1);
- }else{
- $cause='Invalid-User';
- }
- $do=1;
- }
- elsif (/Multiple logins/){
- $cause='Multiple-Logins';
- $do=1;
- }
- elsif (/(Outside allowed timespan \(.+?\)):/){
- $cause = $1;
- $do=1;
- }
- if ($do){
+ #process if login is not ok
+ if ( ! /Login OK/ /: Auth:.+\(from client.+/ ) {
disabling failed logins
Hello, I've been looking through the FAQ and the list archives for some kind of method to have freeradius disable authentications for users after a number of failed logins. The only reference I found was a message from 2002 saying that it couldn't be done. Is that still the case? Does anyone have an alternate method of blocking accounts automatically? Thanx, -- [EMAIL PROTECTED] - PGP KeyID#: 0xFB966670 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disabling failed logins
Bill Thompson [EMAIL PROTECTED] wrote: I've been looking through the FAQ and the list archives for some kind of method to have freeradius disable authentications for users after a number of failed logins. The only reference I found was a message from 2002 saying that it couldn't be done. Is that still the case? Does anyone have an alternate method of blocking accounts automatically? Have something post-process the log files, and mark the user in a database as disabled. The long answer is that the server does authentication, and not much more. Any kind of additional password policy is external to the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicated records in MySQL Radacct table.
Hello All, I a program in Java to read the logs recorded in MySQL DB and then make the billing for each customer's calls. I have faced a big problem that is: When I list the records from the table radacct or even if I use two table (one for start and another for stop) I find a lot of duplicated registers which makes my Billing incorrectly. How can I select (using SQL) just the unique records to see how many calls and to calculate the total time each user has used??? Thanks for your time Daniel --- Acabe com aquelas janelinhas que pulam na sua tela. AntiPop-up UOL - É grátis! http://antipopup.uol.com.br - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Custom Dictionnaries and vendor numbers.
Doh. forgot to attach the file. My bad dictionary.gandalf Description: Binary data
Re: rlm_ippool missing gdbm.h header file
Gustavo,
Thanks very much for the pointer, sorry if I wasted your time
Rgds
Stephen
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of
[EMAIL PROTECTED]
Sent: 24 July 2003 05:26
To: [EMAIL PROTECTED]
Subject: Freeradius-Users digest, Vol 1 #2109 - 2 msgs
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: rlm_ippool missing gdbm.h header file (Gustavo Lozano)
2. Re: XTRadius to FreeRadius migration (Tom Emerson)
--__--__--
Message: 1
Subject: Re: rlm_ippool missing gdbm.h header file
From: Gustavo Lozano [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Date: 23 Jul 2003 17:56:41 -0500
Reply-To: [EMAIL PROTECTED]
Of course you need to get the files.
Get the package from sunfreeware.
Rgds
On Wed, 2003-07-23 at 17:36, SPJ.Schembri wrote:
Hi,
I am new to FreeRadius and only just downloaded the 0.9.0-pre3 version on
Monday, although I have been an avid list reader for 6 months now.
I am running Solaris 8 on my sparc server and compiled it with gcc with
what
I thought was no problems.
On running some tests and attempting to use the rlm_ippool module I found
that it had not built the libraries due to gdbm header files being
missing.
I have since (today) downloaded the 0.9.0 release and found that the
problem
still exists.
Do I have to download the gdbm.h headers and libraries seperately ?
I have read the FAQs and the documentation and have found no mention to
gdbm.h issues.
Hopefully I am not doing something extremely silly, but could someone
please
point me in the right direction.
Thanking you in anticipation.
Stephen
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Gustavo A. Lozano Noldata Corporation
[EMAIL PROTECTED] Calle 46 No. 40-19
CTO Bogota D.C. Colombia
Noldata Corporation http://noldata.com
I know not with what weapons World War III will be fought,
but World War IV will be fought with sticks and stones.
Albert Einstein
--__--__--
Message: 2
From: Tom Emerson [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: XTRadius to FreeRadius migration
Date: Wed, 23 Jul 2003 18:31:24 -0700
Reply-To: [EMAIL PROTECTED]
--Boundary-02=_vbzH/SPXwVSfPVI
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline
On Wednesday 23 July 2003 8:31 am, Sinisa Burina wrote:
From: Alan DeKok [EMAIL PROTECTED]
Sinisa Burina [EMAIL PROTECTED] wrote:
accounting) by external scripts, with custom MySQL database in the
background that holds all the information and flags for ADSL/VPN
accounts.
FreeRADIUS can do this without running external scripts.
I'm still puzzled - do I _have_ to follow proposed MySQL DB structure with
attributes and operatirs, or there is a way to use my existing structure
which is conceptually very different and is not to be changed? Let's leave
all the rest on the side, and see how to authenticate the user against
plaintext password stored in one simple MySQL table with only two fields:
user and pass, using FR integrated features. A simple example would be
very appreciated! :-) Please?
I'll jump in here with a suggestion -- it took a while for it to sink in fo=
r=20
me, so perhaps this will help someone else stay afloat...
The sql statements given in the EXAMPLE configuration files are EXAMPLES.
Once you catch on to that idea, it becomes obvious that instead of the giv=
en=20
SQL statement of:
SELECT id,UserName,Attribute,Value,op
FROM ${authcheck_table}
WHERE Username =3D '%{SQL-User-Name}' ORDER BY id
You can fake it somewhat with
SELECT id,user as username,Password as attribute,
password as value,=3D=3D as op
FROM ${authcheck_table}...
in this example, I'm presuming actual field names of user and password,=
=20
which need to correspond to the names username and value as required by=
=20
the internals of the program [err, hope I have that part right] Likewise,=
=20
this returns hard-coded field values of the word password and an operator=
=20
of =3D=3D for the attribute and op fields.
The downside, of course, is that no other attributes can be checked... [tho=
ugh=20
I suppose you could put those in another table and/or query and/or SQL=20
definition...]
=2D-=20
Re: Custom Dictionnaries and vendor numbers.
Blaise St-Laurent [EMAIL PROTECTED] wrote: I've created a custom dictionary for the Gandalf equipment i'm working with. I'm not sure if this applies to more then just the XpressWay RLAN, but here it is. I've added it, thanks. It probably applies only to the RLAN, as I don't recall any other Gandalf product doing RADIUS... http://www.iana.org/numbers.html Gandalf is 64. Could you be a bit more precise with the link? couldn't find anything relating to Radius Vendors, but maybe i was looking at the wrong list. See 'Enterprise Numbers'. They're for more than just RADIUS. Yes, but I worked at Gandalf at the time, so I had a bit of an unfair advantage. Were you using Link authentication, or user authentication? User authentication as gandalf seems to mean it, is useless to me, so i'm hoping to be able to get Link auth working. It was 6 years ago, and I don't recall, sorry. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup_admin
Thanks for the information, Manh. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Truong Manh Cuong Sent: Thursday, July 24, 2003 12:52 AM To: [EMAIL PROTECTED] Subject: Re: dialup_admin I use dialup_admin and then, I must rewrite all the code of PHP files, to fix my need. But I know your problem, and I know why and how to correct it. you should open /etc/php.ini and change global_register Off - On rename *.php3 - php4, you don'n need to change files in /conf, /lib..., just all files in /dialup_admin directory. open all file *.php to edit and modify the name having in any line code that you renamed. for example, /html/buttons/default/buttons.php3 href=accounting.php3 - href=accounting.php My English is still bad, do you understand what I mean ? If you don't want to rename php3 - php, you need to modify /etc/php.ini so that httpd can accept php3, I don't remember which option, you can search in mailling list because this question was asked by me and there is a person replyed to help me. thanks him. Manh Cuong. - Original Message - From: Alex Chen [EMAIL PROTECTED] To: FreeRADIUS Users (E-mail) [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 2:14 PM Subject: dialup_admin This question is not directly related to RADIUS, but a utility 'dialup_admin' that ships with FreeRadius. I tried to use dialup_admin in Linux, but the browser (Microsoft IE) did not show the page correctly. I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. According to the FAQ in dialup_admin, the php needs to be configured to handle files with php3 suffix. I have changed the Files directive in /etc/httpd/conf.d/php.conf to from Files *.php to Files ~ *\.php3?$ and restarted the httpd daemon. It still did not work. I would appreciate any help from someone who has successfully used dialup_admin from IE. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup_admin
Barry, What kind of MIME type should it be? I added the following directive AddType application/x-httpd-php .php3 in /etc/httpd/conf.d/php.conf Stop and re-started the httpd. The result is still the same, nothing on the left pane, except the ?php... when I view 'index.html' under dialup_admin/htdocs. Am I starting from the wrong HTML file? If configuring the Apache still fails, I may have to go to the extreme by changing all the reference to php3 and file suffix to php, as suggested by Truong Manh. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 7:36 AM To: [EMAIL PROTECTED] Subject: Re: dialup_admin -Original Message- I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. When I had this problem, it was due to permissions not being set correctly on the server, IIRC Andrew When you get php code displayed and not parsed, 9/10 times its the mime-types that are not setup correctly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
typo in cisco_h323_db_schema-postgres.sql
Peter, I think there's a typo with the DataType for CiscoNASPort in Table StopVoIP. It should be perhaps varchar(16) instead of BOOLEAN. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup_admin
I had similar problem. You should also have LoadModule php4_module libexec/apache/libphp4.so AddModule mod_php4.c My problem was that these were under a IfDefine SSL clause and I have started server without ssl (doh!) Evren On Thu, 24 Jul 2003, Alex Chen wrote: Barry, What kind of MIME type should it be? I added the following directive AddType application/x-httpd-php .php3 in /etc/httpd/conf.d/php.conf Stop and re-started the httpd. The result is still the same, nothing on the left pane, except the ?php... when I view 'index.html' under dialup_admin/htdocs. Am I starting from the wrong HTML file? If configuring the Apache still fails, I may have to go to the extreme by changing all the reference to php3 and file suffix to php, as suggested by Truong Manh. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 7:36 AM To: [EMAIL PROTECTED] Subject: Re: dialup_admin -Original Message- I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. When I had this problem, it was due to permissions not being set correctly on the server, IIRC Andrew When you get php code displayed and not parsed, 9/10 times its the mime-types that are not setup correctly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup_admin
The LoadModule directive is already there. The AddModuleInfo needs two parameters. There is no 'AddModule' directive. I do not see how this affects the web server. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Evren Yurtesen Sent: Thursday, July 24, 2003 3:12 PM To: [EMAIL PROTECTED] Subject: RE: dialup_admin I had similar problem. You should also have LoadModule php4_module libexec/apache/libphp4.so AddModule mod_php4.c My problem was that these were under a IfDefine SSL clause and I have started server without ssl (doh!) Evren On Thu, 24 Jul 2003, Alex Chen wrote: Barry, What kind of MIME type should it be? I added the following directive AddType application/x-httpd-php .php3 in /etc/httpd/conf.d/php.conf Stop and re-started the httpd. The result is still the same, nothing on the left pane, except the ?php... when I view 'index.html' under dialup_admin/htdocs. Am I starting from the wrong HTML file? If configuring the Apache still fails, I may have to go to the extreme by changing all the reference to php3 and file suffix to php, as suggested by Truong Manh. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Thursday, July 24, 2003 7:36 AM To: [EMAIL PROTECTED] Subject: Re: dialup_admin -Original Message- I copied the dialup_admin directory to /var/www/html/dialup_admin Which I type the following URL in the browser, I got an dialup_admin image on the right and some text bearing ?php on the left. When I had this problem, it was due to permissions not being set correctly on the server, IIRC Andrew When you get php code displayed and not parsed, 9/10 times its the mime-types that are not setup correctly. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: install TLS problem
Yu-Ping Wang See the attachment. Jeson [EMAIL PROTECTED] 2003-07-25 -2003-07-2416:55:00--- I have followed the page http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm to install TLS on FreeRADIUS. But, I have a question about step6 CERTIFICATE GENERATION SCIRPTS WherecanI find those three scripts,or I should buildthose scripts by myself? -- xpextensions Description: Binary data ca.cli Description: Binary data ca.root Description: Binary data ca.ser Description: Binary data
