passing dns server to windows???
hello, i want to know if it possible to pass dns server to my clients windows ? i want to send the all the parameters with freeradius 0.8.1. this is my test but not working, using ms-primary-dns-server: jmena Auth-Type := System Service-Type = Framed-User, Framed-Protocol = PPP, MS-Primary-DNS-Server = 192.168.1.2, MS-Secondary-DNS-Server = 192.98.1.3, Framed-IP-Address = 255.255.255.254, Framed-Compression = Van-Jacobsen-TCP-IP thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_krb failing on start
From: Chris Akens Sent: Tuesday, 26 August 2003 5:49 AM I am having an issue with Freeradius not starting up correctly because of this error. I am using the latest CVS snapshot (20030825) on a RedHat 9 box and I do have the krb5 libs installed. ERROR = radiusd.conf[496] Failed to link to module 'rlm_krb5': file not found Hmm. Try running ldd on rlm_krb5.so and see if it can resolve all its dependant libraries. I am not having any problems during configure...below is the output from the rlm_krb5 section configuring in src/modules/rlm_krb5 running /bin/sh ./configure --with-rlm-krb5-include-dir=/usr/kerberos/include --with-rlm-krb5-lib-dir=/usr/kerberos/lib --enable-ltdl-install Is /usr/kerberos/lib in your ld.so.conf? -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Doco update, FAQ 4.14 - mysql_rlm error.
Title: Message Greetings, It might be nice to update the FAQ, part 4.14 (It says "Could not link...file not found", what do I do?", to suggest that perhaps the reason the rlm_sql module doesn't work is because it wasn't actually compiled. I recently had a very late night rebuilding a box, and in my delierium in the morning, had forgotten to do the make properly. It would have been good if the FAQ had suggest this. In FreeBSD, using the ports, the correct line was "cd /usr/ports/net/freeradius; make WITH_MYSQL_VER=3 all install". Other mysql version are WITH_MYSQL_VER=40, and WITH_MYSQL_VER=41. This was for verion freeradius 0.8.1. thanks, Dave Seddon
RE: passing dns server to windows???
From: Ramon Alvarez Rayo Sent: Tuesday, 26 August 2003 9:06 AM i want to know if it possible to pass dns server to my clients windows ? i want to send the all the parameters with freeradius 0.8.1. _Probably_. this is my test but not working, using ms-primary-dns-server: jmena Auth-Type := System Service-Type = Framed-User, Framed-Protocol = PPP, MS-Primary-DNS-Server = 192.168.1.2, MS-Secondary-DNS-Server = 192.98.1.3, The correct attributes to use depend on your NAS, not on the type of machine dialling in. Those should work if your NAS is a Windows RAS Server of some kind. Otherwise, you'll have to get the DNS Attributes from the appropriate dictionary. Framed-IP-Address = 255.255.255.254, Framed-Compression = Van-Jacobsen-TCP-IP -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hupping freeradius
Hi guys. I have just upgraded to 0.9.0. It's running really well. Big thanks goes to all the people involved. I have noticed that sending the HUP signal works now!. I changed my scripts to HUP the server every 20 minutes or so, so it can read the new userfiles. (I was loosing a lot of accounting packets when I did a restart so HUP works much better). The init script in the debian dir does a killall -HUP freeradius. When I do this 2 more threads appear for no reason and memory sky rockets after a while. After 1 day I am using 200meg or so. I onkly use 30meg when freeradius first starts. Firstly, is HUP something I should be using yet? Is anyone else seeing this problem? I am going to have a play around with just hupping the pid that ends up in /var/run/freeradius/radiusd.pid and see if that makes a difference. Thanks :) Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius is hosed
hello all I am getting this error and its not working help it just started today so it must be a file size I get the same error in sql ? freebsd 4.8 freeradius .0.7.0 upgraded to freeradius 0.8.1 Mon Aug 25 22:24:32 2003 : Error: rlm_sql (sql): Couldn't update SQL accounting for ALIVE packet - Can't open file: 'radacct.MYD'. (errno: 145) Mon Aug 25 22:24:32 2003 : Error: rlm_sql (sql): Couldn't update SQL accounting for ALIVE packet - Can't open file: 'radacct.MYD'. (errno: 145) Mon Aug 25 22:24:37 2003 : Error: rlm_sql (sql): Couldn't update SQL accounting for ALIVE packet - Can't open file: 'radacct.MYD'. (errno: 145) Mon Aug 25 22:24:37 2003 : Error: rlm_sql (sql): Couldn't update SQL accounting for ALIVE packet - Can't open file: 'radacct.MYD'. (errno: 145) Mon Aug 25 22:24:42 2003 : Error: rlm_sql (sql): Couldn't update SQL accounting for ALIVE packet - Can't open file: 'radacct.MYD'. (errno: 145) -- Randell Meyer [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radius is hosed
From: Randell Meyer Sent: Tuesday, 26 August 2003 7:55 AM Mon Aug 25 22:24:32 2003 : Error: rlm_sql (sql): Couldn't update SQL accounting for ALIVE packet - Can't open file: 'radacct.MYD'. (errno: 145) Try this: http://forums.alwayswebhosting.com/archive/topic/1564.html -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: hupping freeradius
From: Simon Allard Sent: Tuesday, 26 August 2003 12:56 PM I have noticed that sending the HUP signal works now!. I changed my scripts to HUP the server every 20 minutes or so, so it can read the new userfiles. (I was loosing a lot of accounting packets when I did a restart so HUP works much better). The init script in the debian dir does a killall -HUP freeradius. When I do this 2 more threads appear for no reason and memory sky rockets after a while. After 1 day I am using 200meg or so. I onkly use 30meg when freeradius first starts. Firstly, is HUP something I should be using yet? Is anyone else seeing this problem? Funny you asked this, I just asked the same question on the devel list, and the answer is that HUP should be useable. However, The only reason to HUP the server is to read changed *.conf files. If you use the 'fastusers' module ( recommended as it is faster as the name implies ) or sql, you won't need to HUP the server to read changes in the 'users' file, either. -- Chris Parker I guess this applies in your case though. :-) I am going to have a play around with just hupping the pid that ends up in /var/run/freeradius/radiusd.pid and see if that makes a difference. On reflection, that seems a better idea. If (when) you find it works better, I'll change the Debian initscript to do that instead. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: hupping freeradius
However, The only reason to HUP the server is to read changed *.conf files. If you use the 'fastusers' module ( recommended as it is faster as the name implies ) or sql, you won't need to HUP the server to read changes in the 'users' file, either. -- Chris Parker You say that I don't need to HUP the server to re-read the userfiles? Care to go into more detail? ATM I am only hupping the server to re-read the usersfile as I was under the assumption that it loaded it into memory. Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: hupping freeradius
You say that I don't need to HUP the server to re-read the userfiles? Care to go into more detail? ATM I am only hupping the server to re-read the usersfile as I was under the assumption that it loaded it into memory. RTFM Simon :D fastusers is exactly what I am after. Thanks :D. I will still look into that hup thing though for you as I will need to hup the server when the huntgroup file changes, Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sqlcounter cannot compile in FreeBSD 4.8
Hello guys, after sucessfully installed freeradius without experimental module. Our company decided to launch an prepaid internet. Now, im tried to reconfigure my freeradius with experimental module and here's the error after compiling. ### sh /usr/local/freeradius-snapshot-20030816/src/modules/rlm_sqlcounter/configure here's the Makefile # Generated automatically from Makefile.in by configure. TARGET = rlm_sqlcounter SRCS= rlm_sqlcounter.c HEADERS = RLM_CFLAGS = RLM_LIBS= RLM_INSTALL = include ../rules.mak $(STATIC_OBJS): $(HEADERS) $(DYNAMIC_OBJS): $(HEADERS) ## and here's the error after issuing make ../rules.mak, line 65: Missing dependency operator ../rules.mak, line 82: Missing dependency operator ../rules.mak, line 84: Need an operator ../rules.mak, line 86: Need an operator ../rules.mak, line 92: Missing dependency operator ../rules.mak, line 94: Need an operator ../rules.mak, line 123: Need an operator ../rules.mak, line 129: Need an operator make: fatal errors encountered -- cannot continue = [ apellido jr., wilfredo p. ] +63 034 4880-449 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql prepaid (block time)
I have freeradius running and authenticating/accounting via mysql. Very slick. Me too :) I can see the accounting showing up in mysql with an accurate AcctSessionTime. Is there a way to keep a running total of these times per user and authenticate not only on the basis of password but also on the value of the total connection time? I did the following: For auth, I used Exec-Program-Wait for every user. The script that gets executed calculates the left time and volume realtime. For acct, I used Exec-Program which updates the total used amount of the user realtime. I've searched the web and found some references to some python hacks but not really come across anything concrete. I didn't find anything either, except that there's a Perl module in FreeRadius 0.9.0, but still unstable and not compiled in by default. When I have time, I'll give the Perl module a try. Regards, Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql prepaid (block time)
On Tue August 26 2003 07:41, Scott wrote: I have freeradius running and authenticating/accounting via mysql. Very slick. I can see the accounting showing up in mysql with an accurate AcctSessionTime. Is there a way to keep a running total of these times per user and authenticate not only on the basis of password but also on the value of the total connection time? I've searched the web and found some references to some python hacks but not really come across anything concrete. It shouldn't be too difficult to do with some stored procedures on your DB, but as you are using MySQL you will probably have to do it another way. A small amount of Perl or Python could also do it.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Query from a newbie
Hi I am a total newbie to freeradius and am considering this software for a very specific purpose. So even before I read the full documentation, I wish to know if anyone has used freeradius for the following purpose : I run a wireless LAN with hostap drivers and a fixed encryption key. I wish to use freeradius as a means to generate a new secure key for each session, hopefully with CBC or some such strong encryption method. Thanks, MS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Query from a newbie
I run a wireless LAN with hostap drivers and a fixed encryption key. I wish to use freeradius as a means to generate a new secure key for each session, hopefully with CBC or some such strong encryption method. Sounds like EAP to me... FreeRadius supports EAP. Regards, Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter cannot compile in FreeBSD 4.8
En réponse à apellido jr., wilfredo p : Hello guys, after sucessfully installed freeradius without experimental module. Our company decided to launch an prepaid internet. Now, im tried to reconfigure my freeradius with experimental module and here's the error after compiling. Exactly the same question was asked in this mailing list last week. The answer was {Free,Net}BSD users have to use gmake instead of make -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the max users freeradius supported
Hello!I want to know the max users the freeradius supported!Can you tell me?Thank you! Regards jbhuang EMAIL:[EMAIL PROTECTED] TEL:020-87114020 020-87114021 2003-08-26 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: the max users freeradius supported
Dear , I'm not sure about China, but for average European country it's usually enough... --Tuesday, August 26, 2003, 12:02:35 PM, you wrote to [EMAIL PROTECTED]: ? Hello!I want to know the max users the freeradius supported!Can you tell me?Thank you! -- ~/ZARAZA ? ?? ?() - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: the max users freeradius supported
Dear 3APA3A Thank you for your answer! I am Chinese.My System have about 2-3 Simultaneous users,and the Freeradius's version is 0.8.Can the Freeradius support? === 2003-08-26 12:17:00 === Dear , I'm not sure about China, but for average European country it's usually enough... --Tuesday, August 26, 2003, 12:02:35 PM, you wrote to [EMAIL PROTECTED]: ? Hello!I want to know the max users the freeradius supported!Can you tell me?Thank you! -- ~/ZARAZA ? ?? ?() - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html = = = = = = = = = = = = = = = = = = = = Regards JNET huang EMAIL:[EMAIL PROTECTED] TEL:020-87114020 020-87114021 2003-08-26 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: If database stops
Dear Mr. Paul Hampson (B (BThank you for your reply. (B (B Not quite what you're asking for, but it is possible to tell your (B RADIUS servers to fall-back to the other server's database. That would (B maximise your redundancy, so that if one RADIUS server and the other (B database fall over, you can still operate. (B (B It would certainly solve your problem, as I understand it. (B Take a look at configurable_failover in the documentation directory (B (docs in the source tarball, or whereever the package chooses to (B put it if you just installed RPMs) (B (BI read the docs and tried it. I am sure it solves my problem. (BAlthough I don't want,The system rejects times of SQL connections (Bat the process of changing databases. (BBut it should be avoidable for me. (B (BThanks a lot, I can sleep every night without being worried. (B (B--Kojyu Omori (B (B- (BList info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: userinfo schema
see dialup_admin/sql Am Mon, 2003-08-25 um 22.04 schrieb MPDU Internet LLC: does anyone know where I might find a userinfo schema to load to my mysql server? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[Success] Group-Name : rlm_unix and rlm_passwd conflict
Hi, I was wanted to assign a Group-Name using rlm_passwd. But every try failed. In fact the unix modules (taht does nothing on my conf but was loaded) seems to conflict with passwd modules. The Group-Name set by rlm_passwd was like destroyed by the unix modules. Suppressing unix modules from the conf permits to have something working. BR, -- Eric Leblond [EMAIL PROTECTED] Alphalink - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Thank you!
Vous avez ecrit a: [EMAIL PROTECTED] Cette personne est maintenant a l'adresse: [EMAIL PROTECTED] Noter dans votre carnet d'adresses! You sent an e-mail to: [EMAIL PROTECTED] This person is now at: [EMAIL PROTECTED] Please update your addressbook! Voici une copie du mail recu: NB: ce mail a ete transmis a la nouvelle adresse. Here is a copy of the mail you sent: The mail is already forwarded to the new address. --- From [EMAIL PROTECTED] Tue Aug 26 11:18:29 2003 Received: from nef.ens.fr (nef [129.199.96.32]) by dmi.ens.fr (8.10.1/jb-1.3-180200) id h7Q9ITP09813 for [EMAIL PROTECTED]; Tue, 26 Aug 2003 11:18:29 +0200 (MET DST) Return-Path: [EMAIL PROTECTED] Received: from GLOBIX2 ([213.136.125.249]) by nef.ens.fr (8.12.9/1.01.28121999) with ESMTP id h7Q9IP5a011624 for [EMAIL PROTECTED]; Tue, 26 Aug 2003 11:18:25 +0200 (CEST) Message-Id: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Thank you! Date: Tue, 26 Aug 2003 9:26:13 +0200 X-MailScanner: Found to be clean Importance: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MSMail-Priority: Normal X-Priority: 3 (Normal) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=_NextPart_000_003DD336 This is a multipart message in MIME format --_NextPart_000_003DD336 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 7bit Please see the attached file for details. --_NextPart_000_003DD336 Content-Type: application/octet-stream; name=document_all.pif Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename=document_all.pif TVqQAAME//8AALgAQAAA 4A4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1v ZGUuDQ0KJADToEjPl8EmnJfBJpyXwSacFN0onI3BJpx/3iyc7cEmnMHeNZyawSacl8Em nJTBJpyXwSecBsEmnPXeNZyawSacf94tnI3BJpxSaWNol8EmnABQRQAA TAEEAF2zPz8AAOAADwELAQYAAABw1usBAAAQYAEAAABQ AgAABAAEAgAAEAAAF/EBAAIAABAAABAAEAAAEBAA AOLrAQCcfuwBAAgA AAAgAC5zaHJpbmsAAFABAAAQxBAAAEAAAMAu c2hyaW5rAAAwYAEAABIAAADUAABAAADALnNocmluawAAQJABAAAS 5gAAQAAAwC5zaHJpbmsAADDQAQAAIgAAAPgA AEAAAMAA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+mysql prepaid (block time)
rlm_sqlcounter is what you need to use in radius.conf look at counter section also look at sqlcounter.conf I'm sure there are some topics in the mail archive as well (but I wouldn't swear to it) From: Scott [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: freeradius+mysql prepaid (block time) Date: Tue, 26 Aug 2003 00:41:54 -0400 I have freeradius running and authenticating/accounting via mysql. Very slick. I can see the accounting showing up in mysql with an accurate AcctSessionTime. Is there a way to keep a running total of these times per user and authenticate not only on the basis of password but also on the value of the total connection time? I've searched the web and found some references to some python hacks but not really come across anything concrete. Thanks! Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Tired of 56k? Get a FREE BT Broadband connection http://www.msn.co.uk/specials/btbroadband - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin with ldap server
On Thu, 21 Aug 2003, Annie Tong wrote: hi, I've installed dialup_admin and want to use it to monitor the activities of our radius server. We're using ldap database for user authentication. The FQA of dailup_admin mentions mySQL is needed as it's used to keep the radius accounting data. I'm wondering is it possible to keep the data in flat files? We aren't in favor of installing another database just for the purpose of radius accounting data storage, and we want to keep ldap for authentication use only. Do you have any suggestions on how to implement that? Also in the admin.conf, can we disable the use of sql database so the php scripts won't try to connect to sql database? Not really. dialupadmin is designed to query an sql database for accounting data and an ldap/sql server for authentication data. Any help will be greatly appreciated. thanks, Annie Tong MAE Engineering MCI - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Expiration Date
On Sun, 17 Aug 2003, alantu wrote: HI all As we know int conf/sql.attrmap write that: chechItem Expiration Expiration when i set User Expiration Date 16 Aug 2003 ,it doesn't work. And i find the attr16 Aug 2003 is in the mysql radreply table but not radcheck table ? It should go in the radcheck table. If you are using dialupadmin it should insert it there. If it doesn't please report it to the list and I 'll see what might be wrong. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: not binding but query passwords in LDAP
On Wed, 20 Aug 2003, Ron Wahler wrote: Kostas, group, Question 1: Is there an example out there that shows how to configure radiusd.conf to Query an LDAP database for the passwords (not bind) and populate NT-Password or LM-Password. I need this to complete MS-CHAP PAP authentication to a backend LDAP Database. I just need a snip it of the config file. Check out raddb/ldap.attrmap and doc/rlm_ldap Just adding the ldap module in the authorize section (and not in the authenticate section) should be sufficient to extract the corresponding passwords. Question 2: Is there a way to bind with MS-CHAP passwords to a LDAP or active directory database? The ldap BIND operation requires the user plain text password so probably not. Thanks, Ron. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can Max-Daily-Session be done in a MySQL Table?
On Fri, 15 Aug 2003, Jonathan Richard Brockmeier wrote: Is there a way to have the counters use a SQL table to store it's data? Or is there a built in check in rlm_sql to do that? check out rlm_sqlcounter Trying to find a way for help desk to easly know what the Radius Server is thinking. It wouldn't be too difficult to create a php page that would read the corresponding counter db file. In any case if you are using dialupadmin and have enabled sql accounting it will report the user's daily/weekly/monthly usage. Jon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Authentication Logging
On Mon, 18 Aug 2003, Adam Carmichael wrote: Hi All! I'm currently running FreeRADIUS 0.9.0 on several *BSD boxes with MySQL4 for logging accounting and retrieving authentication information. I am interested in knowing how to log authentication attempts and even possibly why an attempt failled. For example, if we have a customer who thinks their dialup account is being exploited - they can change their password, and then see if any authentication requests are being made. (Actually, just thinking about it, the user would not need to change their password, they could just see the times at which their logons (or attempted logons) occur). I have made some Google searches on the list already, and I saw a few posts in which Alan DeKok said that it is possible to do this - however the rest of the replies seemed to wonder away from what I had hoped. Check out dialup_admin/bin/log_badlogins. It will do a tail -f on radius.log and log each failed login as a separate session in the radacct table. Thanks in advance Adam Adam Carmichael Network Operations Manager email: [EMAIL PROTECTED] web: http://www.no1.com.au icq: 2207644 #1 Computer Services, Empowerment Through Internet Communications. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Virus Alert - ScanMail for Lotus Notes--[SPAM] Re: Approved
IDG has detected a virus during a real-time scan of the email traffic. Date: 8/26/2003 9:40:56 Virus: WORM_SOBIG.F File:document_9446.pif From: [EMAIL PROTECTED] To: CN=Grant Gross/OU=NEWS SERVICE/O=IDG; Action: Uncleanable, Quarantined; Scanned by ScanMail for Lotus Notes 2.5 with scanengine 5.630-1025 and patternfile lpt$vpn.620 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login Incorrect question.
Greetings, The question that I have, is when an entry is created in the radius.log like Tue Aug 26 09:05:48 2003 : Auth: Login incorrect: [jtruckey/CHAP-Password] Is there a way to tell if it was for auth-reject, expiration, or bad passowrd. All of the above creates the same event in the radius.log. Jeff _ How many firemen does it take to change a light bulb? Four. One to change the bulb and 3 to chop a hole in the roof. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS trouble
Hi all , my eap module authentication doesn't seem to work properly. 1st of all here is my configuration : - AP : INTEL *PRO/Wireless 5000 LAN Access Point* *** - Radius server : Linux Mandrake 9.1 Beta with : Openssl (and openssl-develop) : 0.9.7a-1.1 Freeradius : 0.9.0 Cert generation : openssl openssl-certgen-0.9.7-beta3 - Wifi client : Windows 2000SP3 client with a pcmcia intel 5000 wireless LAN SO, after generating and installing freeradius, generating and installing certificates on server and client , I tried to initiate an EAP/TLS negociation but negocation failed after the 2nd frame : rad_recv: Access-Challenge packet from host 192.168.6.73:1024, id=203, length=84 Reply packet code 11 sent to a non-proxy reply port from client borne-wifi:1024 - ID 203 : IGNORED My idea is : the EAP start has not be done and the challenge is not possible : **rlm_eap: EAP Start not found* * my question is : where am I wrong Thanks a lot all ! In radiusd log I got : rad_recv: Access-Request packet from host 192.168.6.73:1024, id=209, length=157 User-Name = [EMAIL PROTECTED] NAS-IP-Address = 10.0.10.1 Called-Station-Id = 00053C085BFF Calling-Station-Id = 00053C081C8C NAS-Identifier = WDAP5000 NAS-Port = 1 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x02d0001d0141646d696e697374726174657572406f73697269732e6672 Message-Authenticator = 0x753bbcef45b7674e49cf5493743d7b24 modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_eap: EAP packet type notification id 208 length 29 rlm_eap: EAP Start not found modcall[authorize]: module eap returns updated rlm_realm: Looking up realm osiris.fr for User-Name = [EMAIL PROTECTED] is.fr rlm_realm: Found realm osiris.fr rlm_realm: Adding Stripped-User-Name = Administrateur rlm_realm: Proxying request from user Administrateur to realm osiris.fr rlm_realm: Adding Realm = osiris.fr rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop users: Matched DEFAULT at 158 users: Matched Administrateur at 223 modcall[authorize]: module files returns ok modcall: group authorize returns updated rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate rlm_eap: list_clean deleted one item rlm_eap: EAP packet type notification id 208 length 29 rlm_eap: EAP Start not found rlm_eap: EAP Identity rlm_eap: processing type tls rlm_eap_tls: Initiate rlm_eap_tls: Start returned 1 modcall[authenticate]: module eap returns ok modcall: group authenticate returns ok Sending Access-Challenge of id 209 to 192.168.6.73:1024 EAP-Message = 0x01d100060d20 Message-Authenticator = 0x State = 0xa13a1b3dc1e9b3750120ef9d9862851e7d654b3fe86a1ddfb96101aa4d067d 80103f6474 Finished request 60 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 192.168.6.73:1024, id=209, length=84 Reply packet code 11 sent to a non-proxy reply port from client borne-wifi:1024 Ethereal report : 0.00 192.168.6.73 - 192.168.6.38 RADIUS Access Request(1) (id=205, l=157) 0.489001 Intel_df:3b:b2 - BroadcastARP Who has 192.168.6.73? Tell 192.168.6.38 0.489210 3com_48:42:18 - Intel_df:3b:b2 ARP 192.168.6.73 is at 00:50:04:48:42:18 0.489236 192.168.6.38 - 192.168.6.73 RADIUS Access challenge(11) (id=205, l=84) 0.490142 192.168.6.73 - 192.168.6.38 RADIUS Access challenge(11) (id=205, l=84) 2.482117 192.168.6.73 - 192.168.6.38 RADIUS Access challenge(11) (id=205, l=84) *** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS trouble
Fabrice Beauvir [EMAIL PROTECTED] wrote: after generating and installing freeradius, generating and installing certificates on server and client , I tried to initiate an EAP/TLS negociation but negocation failed after the 2nd frame : rad_recv: Access-Challenge packet from host 192.168.6.73:1024, id=203, length=84 Reply packet code 11 sent to a non-proxy reply port from client borne-wifi:1024 - ID 203 : IGNORED You've got something seriously misconfigured. Sending Access-Challenge of id 209 to 192.168.6.73:1024 ... rad_recv: Access-Challenge packet from host 192.168.6.73:1024, id=209, You've managed to convince the server to send packets to itself. That's quite a feat. I have no clue what you're doing wrong, but it looks like you've gone out of your way to configure the server very strangely. I've been using EAP-TLS for a while, and have never had a problem like this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup-admin | new help pages
On Wed, 20 Aug 2003, Ulrich Walcher wrote: http://www.bcore.de/data/dialup_admin.help.tar.gz Added, thanks Am Mit, 2003-08-20 um 16.17 schrieb Alan DeKok: Ulrich Walcher [EMAIL PROTECTED] wrote: I just wrote some new help pages for dialup-admin and altered user_edit.attrs. Where to should I mail the diff and the pages? Put them in a 'tar' file on a web page, and mail the URL to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and automatic signups
Freeradius is working well for us, we use mySQL for the userbase, and dialup_admin for the front-end. My question is operational in nature; please lart me if this is way off-topic. I'm sure people have built web front-ends to let customers automatically sign up for services using freeradius, such as dialup. Since we are using sql for the users, it shouldn't be too hard, and we already have code for cc processing. We usually have the customers call us, and we manually enter them into radius. My question is, have any of you found any negatives to on-line, automatic sign up forms that I should be aware of, such as pump-and-dump spammers, drop-box spammers, charge-backs, etc? Any experiences you'd care to share? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
E-mail Antivirus scan results
--- This e-mail is generated by the mx2.skyinet.net mail server to warn you that the e-mail sent by [EMAIL PROTECTED] to [EMAIL PROTECTED] is infected with virus: Win32/[EMAIL PROTECTED] Please contact your system administrator for further information. If you are the sender: --- The scanned e-mail has your address in the From header field. Either your computer is infected or someone's computer having your e-mail address in the address book has been infected. (Please note that some viruses are sending e-mails directly from your computer. Our advise is to check your computer using an up-to-date antivirus product). Actions taken for the infected files: - The infected file was saved to quarantine with name: 1061908678-RAV26109. The file (part0002:movie0045.pif) attached to mail (with subject:Re: Wicked screensaver) sent by [EMAIL PROTECTED] to [EMAIL PROTECTED] is infected with virus: Win32/[EMAIL PROTECTED] Cannot clean this file. The mail was not delivered since it contained dangerous code. this is a copy of the e-mail header: Received: from BASHEKIM (unknown [213.243.25.74]) by mx2.skyinet.net (Postfix) with ESMTP id 5FF457B4031 for [EMAIL PROTECTED]; Tue, 26 Aug 2003 22:37:40 +0800 (HKT) RAV AntiVirus for Linux i386 version: 8.4.0 (snapshot-20020919) Scan engine 8.11 for i386. Last update: Mon, 25 Aug 2003 22:54:50 +08 Scanning for 81650 malwares (viruses, trojans and worms). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS trouble
Alan DeKok wrote: Fabrice Beauvir [EMAIL PROTECTED] wrote: after generating and installing freeradius, generating and installing certificates on server and client , I tried to initiate an EAP/TLS negociation but negocation failed after the 2nd frame : rad_recv: Access-Challenge packet from host 192.168.6.73:1024, id=203, length=84 Reply packet code 11 sent to a non-proxy reply port from client borne-wifi:1024 - ID 203 : IGNORED You've got something seriously misconfigured. Sending Access-Challenge of id 209 to 192.168.6.73:1024 ... rad_recv: Access-Challenge packet from host 192.168.6.73:1024, id=209, You've managed to convince the server to send packets to itself. That's quite a feat. No 192.168.6.73 is my AP .. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: the max users freeradius supported
=?GB2312?Q?=BB=C6=BD=A8=B2=A8?= [EMAIL PROTECTED] wrote: I am Chinese.My System have about 2-3 Simultaneous users,and the Freeradius's version is 0.8.Can the Freeradius support? Yes. I would suggest an SQL back-end, and a fairly large machine. You may have periods of large activity. I would also suggest running 0.9.0, as it contains a number of bug fixes over 0.8 Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP/TLS trouble
Fabrice Beauvir [EMAIL PROTECTED] wrote: You've managed to convince the server to send packets to itself. That's quite a feat. No 192.168.6.73 is my AP .. shrug Then the AP is bouncing the Access-Challenge packet back to the server. The AP SHOULD NOT be sending Access-Challenges to the server. Fix that, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
expiration attribute not work
HI all As we know int conf/sql.attrmap write that: chechItem Expiration Expiration when i set User Expiration Date 16 Aug 2003 ,it doesn't work. And i find the attr16 Aug 2003 is in the mysql radreply table but not radcheck table ? On 26 Aug 2003, Kostas Kalevras wrote: It should go in the radcheck table. If you are using dialupadmin it should insert it there. If it doesn't please report it to the list and I 'll see what might be wrong. yes ,i use dialupadmin to add the expiration attribute ,and the it always inserts into the radreply not the radcheck. Is that a bug? And whatever i insert it in radreply or radcheck, the expiration does not work ,but if i add it in the /raddb/users file with each users ,the expiration works well. any idea ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login Incorrect question.
start radiusd with -x that'll turn debugging on Thor Spruyt System Engineer Mobile: +32 (0)475 67 22 65 Email: [EMAIL PROTECTED] Website: www.wwworks.be Alles omtrent verkoop: www.salesguide.be Loose those wires ! www.sinfilo.com - Original Message - From: Jeff Sullivan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 3:42 PM Subject: Login Incorrect question. Greetings, The question that I have, is when an entry is created in the radius.log like Tue Aug 26 09:05:48 2003 : Auth: Login incorrect: [jtruckey/CHAP-Password] Is there a way to tell if it was for auth-reject, expiration, or bad passowrd. All of the above creates the same event in the radius.log. Jeff _ How many firemen does it take to change a light bulb? Four. One to change the bulb and 3 to chop a hole in the roof. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sqlcounter
Redhat8, freeradius 0.9.0 I can't get rlm_sqlcounter to work. I've read the docs carefully and performed all the steps. ./configure --with-experimental-modules During the configure process I see the following; configuring in src/modules/rlm_sqlcounter I've created the sqlcounter.conf file and added the proper lines into radiusd.conf I added some data into radcheck When I start up radiusd it dies with this output; radiusd.conf[2] Failed to link to module 'rlm_sqlcounter': file not found I noticed that the configure file in the rlm_sqlcounter directory was not executable and changed that. If I comment the module and accounting startements from radiusd.conf radiusd starts up and authenticates/accounts with mysql perfectly. I've read everything I can find on this and I still can't get it working. Thanks for any help, Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login Incorrect question.
El Tue, 26 Aug 2003 17:50:11 +0200 Thor Spruyt [EMAIL PROTECTED] escribió: start radiusd with -x that'll turn debugging on but wouldn't this option create a huge log file ??? because I have freeradius 0.8 ruuning and I get a 7 Mb log file daily, so as you see I have a 210Mb dir with log files each month I assume that if I use the -x option, the size of the log files will increase 400% since debbuging is very detailed. Isn't there any other option ? Without changing the password to PAP -- Pablo Veliz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting with Quintum
On Mon August 25 2003 07:14, [EMAIL PROTECTED] wrote: Hi there, I have a Quintum AS800 used for terminating calls. I'm running the CDR server utility to calculate the minutes generated by it and then make accounting. I have heard that I can do the whole things with Freeradius. Can any one there who can help me in this regards that how can I set up the whole things and which configuration I need to add in quintum freeeradius. Hmm.. Have a look in the src/billing directory It contains some info about seting up FreeRadius to do VoIP accounting with Cisco gateways. You should be able to modify the code there to work with Quintum, or maybe just use the default FreeRadius with a Postgres backend (without the schema changes in src/billing). It really depends on your requirements. I wrote the cisco specific stuff, but I dont have quintum, although I will help you where I can. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: High CPU load
On Tue August 26 2003 10:53, Costas Christonis wrote: Hi to all, We were trying to install freeradius 0.9 but the linux machine had high cpu load (over 90%) when we were strting ridusd deamon. Does anyone had the same problem ? With version 0.8 we had no problem... More info please... What modules? What load? What Linux? Is there a DB backend? etc etc.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Login Incorrect question.
start radiusd with -x that'll turn debugging on but wouldn't this option create a huge log file ??? because I have freeradius 0.8 ruuning and I get a 7 Mb log file daily, so as you see I have a 210Mb dir with log files each month I assume that if I use the -x option, the size of the log files will increase 400% since debbuging is very detailed. Isn't there any other option ? Without changing the password to PAP You could also edit the ...src/main/auth.c file and change the DEBUG2(...) instances in rad_authlog(...) Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: the max users freeradius supported
On Tue August 26 2003 18:05, Alan DeKok wrote: =?GB2312?Q?=BB=C6=BD=A8=B2=A8?= [EMAIL PROTECTED] wrote: I am Chinese.My System have about 2-3 Simultaneous users,and the Freeradius's version is 0.8.Can the Freeradius support? Yes. I would suggest an SQL back-end, and a fairly large machine. You may have periods of large activity. I would also suggest running 0.9.0, as it contains a number of bug fixes over 0.8 Further to Alan's suggestion I will make the following suggestions, none of them are mandatory, but this is how I would do it in your case. * Use Postgresql as a DB backend. You may find MySQL good enough for you (Or may own Oracle which is great :-), but in my experience Postgres is better than MySQL under high loads. Others may disagree with me. * If you have the budget for it and reliability is and issue, use 3 (or more) machines where you have 2 identical machines acting as RADIUS servers and one machine with fast hard disks acting as the DB backend. (If you wish you can have mutiple DBs. It all depends on budget) * Set all of your NAS boxes with both RADIUS servers listed, but have 50% with one RADIUS server as the primary, and the rest with the other RADIUS server as the primary. You don't say if you need to do accounting on the fly or not. If you do wish to have the Accounting records going directly to a DB rather than post processed, your DB server will need to be quite fast and have FAST DISKS. Hope that helps -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter
From: "Scott" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]> Subject: rlm_sqlcounter Date: Tue, 26 Aug 2003 11:54:43 -0400 Redhat8, freeradius 0.9.0 I can't get rlm_sqlcounter to work. I've read the docs carefully and performed all the steps. ./configure --with-experimental-modules During the configure process I see the following; configuring in src/modules/rlm_sqlcounter I've created the sqlcounter.conf file and added the proper lines into radiusd.conf I added some data into radcheck When I start up radiusd it dies with this output; radiusd.conf[2] Failed to link to module 'rlm_sqlcounter': file not found check that /usr/local/lib (or where ever you install the modules) contains rlm_sqlcounter.so If it isn't there it hasn't built correctly I noticed that the configure file in the rlm_sqlcounter directory was not executable and changed that. If I comment the module and accounting startements from radiusd.conf radiusd starts up and authenticates/accounts with mysql perfectly. I've read everything I can find on this and I still can't get it working. Thanks for any help, Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Get your hands on designer bargains for less - click here. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter
John, You are the man. Thanks so much. I configured/compiled/installed it manually. Working now. Scott From: john zurowski [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 2:10 PM Subject: Re: rlm_sqlcounter From: Scott Reply-To: [EMAIL PROTECTED] To: Subject: rlm_sqlcounter Date: Tue, 26 Aug 2003 11:54:43 -0400 Redhat8, freeradius 0.9.0 I can't get rlm_sqlcounter to work. I've read the docs carefully and performed all the steps. ./configure --with-experimental-modules During the configure process I see the following; configuring in src/modules/rlm_sqlcounter I've created the sqlcounter.conf file and added the proper lines into radiusd.conf I added some data into radcheck When I start up radiusd it dies with this output; radiusd.conf[2] Failed to link to module 'rlm_sqlcounter': file not found check that /usr/local/lib (or where ever you install the modules) contains rlm_sqlcounter.so If it isn't there it hasn't built correctly I noticed that the configure file in the rlm_sqlcounter directory was not executable and changed that. If I comment the module and accounting startements from radiusd.conf radiusd starts up and authenticates/accounts with mysql perfectly. I've read everything I can find on this and I still can't get it working. Thanks for any help, Scott - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Get your hands on designer bargains for less - click here. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and automatic signups
At 07:51 AM 8/26/2003 -0700, Andrew Staples wrote: Freeradius is working well for us, we use mySQL for the userbase, and dialup_admin for the front-end. My question is operational in nature; please lart me if this is way off-topic. I'm sure people have built web front-ends to let customers automatically sign up for services using freeradius, such as dialup. Since we are using sql for the users, it shouldn't be too hard, and we already have code for cc processing. We usually have the customers call us, and we manually enter them into radius. My question is, have any of you found any negatives to on-line, automatic sign up forms that I should be aware of, such as pump-and-dump spammers, drop-box spammers, charge-backs, etc? Any experiences you'd care to share? All that you mention there. I would recommend strongly against allowing users to create accounts without preseting billing information and you running a successful charge against their card ( as you are then open to and *will* be used by pump-and-dump spammers ). The issue related to charge-backs is definitely off-topic for here, but is something you will negotiate between your company and the company that you use to process CC transactions. As to automating a signup process, it works very well, users can get instant gratification, you have less overhead in account setups, etc. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html