CHAP authentication
can i use chap authentication in rlm_sql? = wilfredo pahilanga apellido jr. technical support mactan online bacolod city, philippines +63 34 4348311 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login into radius
is this possible to login into radius server ( with somesort of tool like radtest ) some who that radius think (!) user is online ? i think it could be great test . -- It's a poor workman who blames his tools. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + mysql problems
Do you have this on your clients.conf file ?
client 127.0.0.1 {
secret = test
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
Without this, radius will reject packets from localhost.
[]´s
Marcio
- Original Message -
From: Rob Hinst [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, November 15, 2003 12:03 AM
Subject: freeradius + mysql problems
Hi all,
My goal is to use Freeradius with the sql module for authenticating
users. I'm using version 0.9.2 (installed from rpms i created with the
specfile that came with the tarball). There doesn't seem to be a wealth
of information available for using the sql module, but I've been working
off of this tutorial: http://www.frontios.com/freeradius.html
I got everything working using /etc/shadow to authenticate users, but
then I proceeded to follow the instructions for sql and have run in to
some trouble. I followed all of the required steps and am unable to
authenticate. I'm using the following command to test the server:
radtest robtest test localhost 0 testing123
and i get the following result:
Sending Access-Request of id 170 to 127.0.0.1:1812
User-Name = robtest
User-Password = test
NAS-IP-Address = radius.mydomain.com (changed the domain)
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=170,
length=20
Here is a snippet of the output produced when i run in debug mode:
rad_recv: Access-Request packet from host 127.0.0.1:32819, id=170,
length=59
User-Name = robtest
User-Password = test
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: ''
modcall[authorize]: module sql returns fail for request 0
modcall: group authorize returns fail for request 0
There was no response configured: rejecting request 0
Server rejecting request 0.
And here's the only entry in my radcheck table:
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | robtest | Password | == | test |
++--+---++---+
Debug mode doesn't seem to provide very verbose output when it comes
time to call the sql module. I turned on sqltrace in my sql module
configuration file, but no queries are showing up. I even turned on
query logging on my MySQL server and none show up, which means it's not
even getting to the part where it tries to find a matching user in the
radcheck table. What could be preventing it from getting it that far?
Any suggestions would be greatly appreciated. I've been working on this
for several days now and haven't made much progress. I hope I've done
enough footwork on my own to keep away the flames :)
Thanks in advance,
Rob
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
El mejor libro de Liderazgo
Title: Documento sin ttulo Liderazgo es apreciar el arte de vivir. Cada vez ms datos estadsticos demuestran que las empresas adquieren un mayor valor a travs de los intangibles, especialmente del liderazgo y el talento. Es por ello que el desarrollo del liderazgo en el mundo empresarial no puede pasar desapercibido ni ser tomado a la ligera. Juan Carlos Cubeiro, autor de La Sensacin de Fluidez, considera el liderazgo como algo asociado y relacionado con el contexto cultural que nos rodea y por las seis dimensiones que configuran dicho contexto: dimensin de las reglas, de las relaciones, de los sistemas, del estatus, de la direccin y del tiempo. El liderazgo no es slo aptitud, tambin es actitud. La aptitud es una condicin necesaria pero no suficiente para ser un buen lder en la empresa. Tampoco es cierto que dicha actitud o carcter venga como algo innato desde el nacimiento, sino que surge por una motivacin y un talento interno que puede ser desarrollado por cualquier persona. Autor de ms del mil artculos sobre gestin. Cubeiro est contribuyendo a un nuevo estilo de direccin. En 'La sensacin de fluidez' recoge sus mejores experiencias Licenciado en Econmicas y Derecho, diplomado en Mrketing Internacional y agente de la propiedad inmobiliaria. Pero ha sido en su carrera profesional donde ha podido desarrollar su creatividad y sentido pedaggico. Este profesional, que se estren en la consultora norteamericana Honey-Well, ha difundido sus tesis sobre la direccin de empresas en ms de mil artculos. Aunque se consagr como articulista con los premios de AECA al mejor artculo de management, que gan en 1995 , sus primeras colaboraciones aparecieron en EXPANSIN. 1. ltimas jornadas. 2. Llegando a Urdaibai. 3. Si no sabes a dnde vas... La especialidad del da: el secreto de la longevidad. Compromisos correspondientes a la visin. 4. Olfato para los negocios. La especialidad del da: respira hondo. Compromisos personales sobre el olfato. 5. Cuestin de confianza. La especialidad del da: msica acutica. Compromisos personales sobre la escucha activa. 6. Con tacto La especialidad del da: la sensacin de fluidez. Compromisos personales sobre el tacto 7. El gusto es mo La especialidad del da: H3 = L 8. Final de etapa Eplogo / Bibliografa. Servico a domicilio Telfonos 526 54 85 01 8000 91 11 91 e-mail [EMAIL PROTECTED] Pedido en Lnea Informacin del Libro Titulo: La sensacin de Fluidez Autor: Juan Carlos Cubeiro Paginas: 204 Pasta: Dura Tema: Liderazgo Editorial: Pearson Educacin
Re: freeradius + mysql problems
Hi Marcio,
Actually, my clients.conf file has the following entry, since the secret
i was using with radtest is testing123 and not test:
client 127.0.0.1 {
secret = testing123
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
Thanks for the response. Any other takers?
Rob
On Sat, 2003-11-15 at 08:35, Marcio R A Garcia wrote:
Do you have this on your clients.conf file ?
client 127.0.0.1 {
secret = test
shortname = localhost
nastype = other # localhost isn't usually a NAS...
}
Without this, radius will reject packets from localhost.
[]s
Marcio
- Original Message -
From: Rob Hinst [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, November 15, 2003 12:03 AM
Subject: freeradius + mysql problems
Hi all,
My goal is to use Freeradius with the sql module for authenticating
users. I'm using version 0.9.2 (installed from rpms i created with the
specfile that came with the tarball). There doesn't seem to be a wealth
of information available for using the sql module, but I've been working
off of this tutorial: http://www.frontios.com/freeradius.html
I got everything working using /etc/shadow to authenticate users, but
then I proceeded to follow the instructions for sql and have run in to
some trouble. I followed all of the required steps and am unable to
authenticate. I'm using the following command to test the server:
radtest robtest test localhost 0 testing123
and i get the following result:
Sending Access-Request of id 170 to 127.0.0.1:1812
User-Name = robtest
User-Password = test
NAS-IP-Address = radius.mydomain.com (changed the domain)
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=170,
length=20
Here is a snippet of the output produced when i run in debug mode:
rad_recv: Access-Request packet from host 127.0.0.1:32819, id=170,
length=59
User-Name = robtest
User-Password = test
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: ''
modcall[authorize]: module sql returns fail for request 0
modcall: group authorize returns fail for request 0
There was no response configured: rejecting request 0
Server rejecting request 0.
And here's the only entry in my radcheck table:
++--+---++---+
| id | UserName | Attribute | op | Value |
++--+---++---+
| 1 | robtest | Password | == | test |
++--+---++---+
Debug mode doesn't seem to provide very verbose output when it comes
time to call the sql module. I turned on sqltrace in my sql module
configuration file, but no queries are showing up. I even turned on
query logging on my MySQL server and none show up, which means it's not
even getting to the part where it tries to find a matching user in the
radcheck table. What could be preventing it from getting it that far?
Any suggestions would be greatly appreciated. I've been working on this
for several days now and haven't made much progress. I hope I've done
enough footwork on my own to keep away the flames :)
Thanks in advance,
Rob
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius newbie questions
Got it, I will put together some examples going forward for submissions to a newbie doc. joeuser Auth-Type := Local, Service-Type = NAS-Prompt-User, Acct-Authentic == RADIUS, Vendor-Specific == 1991, Foundry-Privilege-level == 0, Service-Type == 6 I love the fact that radiusd fixes typo's :-) Where would one submit docs for newbies? Thanks, Ted On Fri, 2003-11-14 at 12:22, Kaczmarek, Thaddeus wrote: I just ordered the radius book, and used to use Funk software a while back. I can get logged in via freeradius but can't seem to figure out how to get foundry-privilege-level == 0 to work. I get logged in with read only permissions. rad_recv: Access-Request packet from host 10.0.5.252:1645, id=93, length=65 User-Name = joeuser User-Password = joepassw0rd Service-Type = NAS-Prompt-User NAS-IP-Address = 10.0.5.252 NAS-Port = 1 modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module chap returns noop rlm_eap: EAP-Message not found modcall[authorize]: module eap returns noop rlm_realm: No '@' in User-Name = joeuser, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok modcall[authorize]: module mschap returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type System modcall: entering group authenticate modcall[authenticate]: module unix returns ok modcall: group authenticate returns ok Login OK: [joeuser/joepassw0rd] (from client cr1corsw2 port 1) Sending Access-Accept of id 93 to 10.0.5.252:1645 Finished request 1 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 1 ID 93 with timestamp 3fb50e3d Nothing to do. Sleeping until we see a request. This id from users file joeuser Acct-Authentic == RADIUS, Service-Type == NAS-Prompt-User, foundry-privilege-level == 0, foundry-command-string == * Any help would be greatly appreciated :-) Ted DISCLAIMER e-mail, and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution or copying of this e-mail, and any attachments thereto, is strictly prohibited. If you have received this e-mail in error, please immediately notify me and permanently delete the original and any copy of any e-mail and any printout thereof. E-mail transmission cannot be guaranteed to be secure or error-free. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. REGARDING PRIVACY AND CONFIDENTIALITY Crown Financial Group may, at its discretion, monitor and review the content of all e-mail communications. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP authentication
apellido jr., wilfredo p [EMAIL PROTECTED] wrote: can i use chap authentication in rlm_sql? You don't. The SQL module doesn't do authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Quintum Help
Amgaabaatar Purevjal [EMAIL PROTECTED] wrote: Could you help me to configure freeradius for quintum . I installed radius. But itis rejecting users ... rad_recv: Access-Request packet from host 192.168.1.10:24579, id=34, length=157 Attr-4 = 0xc0a8010a Attr-1 = 0x3132333435 I am absolutely amazed at the effort you've put into destroying the default configuration of the server. You've done a lot of work to make sure that the server won't be able to do anything. I have no idea why you've done this. The only answer I can give to your problem is to use the server as it is installed. Don't break it. Don't edit the dictionary files. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius newbie questions
Ted Kaczmarek [EMAIL PROTECTED] wrote: Got it, I will put together some examples going forward for submissions to a newbie doc. Please do so! Where would one submit docs for newbies? Put a page on the web, and mail the URL to the list. The EAP-TLS documents should really be included with the server, but they're large, and need minor updates... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to limit downloads per user
Greetings,
How do I make/configure a module wherein I want to do the following...
based on a value in a table in a database I want to accept/reject a user
select username,password,enable from radcheck where username=%{username} and
password=%{password} and enabled=1;
p.s. : I think the above can also be achieved using Auth:=reject a/v pair
second:
select
radacct.username,radacct.inputoctets,radacct.outputoctets,radacctdet.maxdown
load from radacct,radacctdet where radacct.username=radacctdet.username and
radacct.username=%{username} and maxdownloadsum(radacct.outputoctets) and
radacct.outputoctets;
thanks
Ripunjay
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CHAP authentication
Good day Mr. Dekok, sorry what i mean is im using mysql to store user's information and pap authentication to authenticatite them. what im asking is if i can use chap? = wilfredo pahilanga apellido jr. technical support mactan online bacolod city, philippines +63 34 4348311 If you can't hear me, it's because i'm in parentheses. __ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP authentication
apellido jr., wilfredo p [EMAIL PROTECTED] wrote: what i mean is im using mysql to store user's information and pap authentication to authenticatite them. what im asking is if i can use chap? I don't understand why you're asking this question on the mailing list. It would take you 5 seconds to test the server with CHAP authentication, to see if it works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
