test
The message contains Unicode characters and has been sent as a binary attachment. attachment: document.zip
Re:
body: - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
= Love, Kiran Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius+MySql (Authorization Query) - regexp
Hi I am using the following query for authorization and I am getting the error 1064 from MySql (PARSE ERROR). But when I am giving the same query replacing the variables with values, I am getting the output. Can someone explain me why. (select id,UserName,Attribute,Value,op from ${authreply_table} where username='%{SQL-User-Name}') union (select id,UserName, Attribute, concat('h323-credit-time=',round(substring(value,20)/(tas_rate+charge))*60) Value,op from ${authreply_table}, pb_tariffs,surcharge where \%{Called-Station-Id}\ regexp concat(^,de_prefix) and value like 'h323-credit-amount=%' and username='%{SQL-User-Name}' and dnis='%{Calling-Station-Id}' order by de_prefix desc limit 1) I am getting the error after adding 'regexp' to the query. Thanks, Kiran Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP and MS-CHAPv2
I have written a week ago about the problem that with PEAP and MS-CHAPv2 authentication the authentication is repeated every minute and that Windows XP (with Service Pack 1) never gets the Accept back. I am using the included X Supplicant from Windows XP. When I use the Aegeis Client it works. Now I tried the same thing with Radiator and there it works like it should. Knows someone about this problem, or is there maybe a problem with the PEAP code in freeradius? Thanks Berndt - TGM - Die Schule der Technik IT-Service A-1200 Wien, Wexstr. 19-23 Tel. +43(1)33126/316 Fax: +43(1)33126/154 E-Mail: [EMAIL PROTECTED] - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Easy User Interface?
I've installed dialup admin although the it keeps looking for tables that we not created from the sql dump files That were included with it? Did I miss some ... It came with 4 sql files When I try to add a group it says this... Usergroup is not a table that is setup .. But how does dialup admin want the table to be setup?usually this would be defined in a sql file and make all the correct tables.. Database query failed: Table 'radius.usergroup' doesn't exist When I try to add a user it says this. Database query failed: Table 'radius.radcheck' doesn't exist - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_mysql problem
dear all, i got message from my radius (freeradius-0.9.1) like this : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. any suggest for this case ? Thanks, Andrés - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql problem
The driver should be installed into /usr/local/lib with the filename rlm_sql.la first check if the file exists there, and then check configure log, in the directory where U compiled the module, probably U are missing a library or any other required file, and that's why U couldn't compile the driver Pozdrawiam Przemek Bozek 33-25-564 - Original Message - From: Andrés de Barros [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 3:52 PM Subject: rlm_sql_mysql problem dear all, i got message from my radius (freeradius-0.9.1) like this : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. any suggest for this case ? Thanks, Andrés - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RES: rlm_sql_mysql problem
Check if you have all of the mysql's libraries on your system and if they are on the correct place. What's your system ( Linux / FreeBSD ) ?? Sergio Jose Ferreira WGO Internet Brazil -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de Przemek Bozek Enviada em: segunda-feira, 22 de dezembro de 2003 13:03 Para: [EMAIL PROTECTED] Assunto: Re: rlm_sql_mysql problem The driver should be installed into /usr/local/lib with the filename rlm_sql.la first check if the file exists there, and then check configure log, in the directory where U compiled the module, probably U are missing a library or any other required file, and that's why U couldn't compile the driver Pozdrawiam Przemek Bozek 33-25-564 - Original Message - From: Andrés de Barros [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 3:52 PM Subject: rlm_sql_mysql problem dear all, i got message from my radius (freeradius-0.9.1) like this : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. any suggest for this case ? Thanks, Andrés - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup_admin Postgresql
Hi All, does anyone know if Dialup_admin works with PostgreSQL 7.3.4 ? I'm using RH9b with Freeradius 0.9.3. Thanks in advance. Roberto Fichera. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dialup_admin Postgresql
Hi I did a bunch of work on Dialup Admin, and it works with PostgreSQL in CVS, I have just put up a patch site for the dialup_admin/bin scripts, but they have not been approved yet. This is where you can find the patch for the dialup_admin/bin scripts against the cvs : http://sphinx.incentre.net/ The instructions to get the cvs are at : http://www.freeradius.org/development.html#cvs Have a nice day Roberto Fichera wrote: Hi All, does anyone know if Dialup_admin works with PostgreSQL 7.3.4 ? I'm using RH9b with Freeradius 0.9.3. Thanks in advance. Roberto Fichera. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Limiting Users
How/Can freeradius limit the number of users logged into a certain NAS? Lets say I have 2 NASs with 120 ports apiece that I resell ports to other ISPs. I have one ISP that wants 24 ports at each location, and a second ISP that wants 24 ports at each location, how can I keep one ISP from spilling over their 24 ports? Anson Rinesmith Internet Operations Manager Big River Telephone Company 800-455-1608 x106 573-382-0555 www.bigrivertelephone.com Real People. Real Service. Real Simple. image001.jpg
Limit Ports used
How/Can freeradius limit the number of users logged into a certain NAS? Lets say I have 2 NASs with 120 ports apiece that I resell ports to other ISPs. I have one ISP that wants 24 ports at each location, and a second ISP that wants 24 ports at each location, how can I keep one ISP from spilling over their 24 ports? Anson Rinesmith
errors creating certificates
I am trying to create some certificates and having problems. I am using Redhat 8.0 and openssl .9.7c. I am using the CA.all script found http://www.missl.cs.umd.edu/wireless/eaptls/doc/CA.all. It seems to create the first certificate fine, then when it goes to create the client and then the server I get the following error after I enter "y" to sign the certificate. Can someone please help me figure this out? Thanks! Sign the certificate? [y/n]:y-passin: No such file or directory14554:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('-passin','r')14554:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278:No certificate matches private key14556:error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long:asn1_lib.c:140:unable to load certificate14557:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:632:Expecting: TRUSTED CERTIFICATE
freeradius sql accounting/simultaeneous use
I am running FreeRadius 0.9.3 and I currently have it configured for Postgresql support. I want to make Sure that it logs currently connected users as well as past users who logged in into a SQL database. I also want to make sure it correctly only allows a username to connect only once. I have attached a few lines from my configuration and make sure it is correct. session { sql } accounting { acct_unique sql } Would having the above sections in my radiusd.conf be what I am looking for to make this happen? I currently have my accounting set to use radutmp which I think is why it is saving the currently connected users into the radutmp file instead of sql, plus I think with my current config I probably have the simultaneous use feature broken. Any comments on this would be appreciated. Devin Atencio
Re: Limiting Users
rlm_counter can be configured to limit things other than time. It should be possible to limit the number of calls that match some parameters. The parameter that should match would likely be Called-Station-Id or Realm to determine an ISP. Check the Archives there are probably some examples, I seem to recall this question being answered before. Anson Rinesmith wrote: How/Can freeradius limit the number of users logged into a certain NAS? Lets say I have 2 NASs with 120 ports apiece that I resell ports to other ISPs. I have one ISP that wants 24 ports at each location, and a second ISP that wants 24 ports at each location, how can I keep one ISP from spilling over their 24 ports? Anson Rinesmith Internet Operations Manager Big River Telephone Company 800-455-1608 x106 573-382-0555 www.bigrivertelephone.com http://www.bigrivertelephone.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[ADMIN] REMINDER: mailinglist address change
As was announced last week, the addresses of the mailinglists will change today. I'll change it after this message (with the old addresses in the headers) is queued to all list members. Original announcement below: From: Miquel van Smoorenburg [EMAIL PROTECTED] Date: Thu, 18 Dec 2003 16:14:10 +0100 Subject: [ADMIN] IMPORTANT: List address change Message-ID: [EMAIL PROTECTED] Next monday, the addresses of the freeradius lists will change. The lists will migrate to the freeradius.org domain. This means that instead of mailing to [EMAIL PROTECTED] you then need to mail to [EMAIL PROTECTED] Mail you receive from the list is now sent with the envelope-sender address [EMAIL PROTECTED], that will change to [EMAIL PROTECTED] And the webinterface that now runs at http://lists.cistron.nl/ will move to http://lists.freeradius.org/ Same goes for the freeradius-devel and freeradius-announce lists. As you can see, it's a simple matter of s/cistron.nl/freeradius.org/g The old [EMAIL PROTECTED] (etc) addresses will remain working for the forseeable future. The most important thing is that if you filter your mail into folders based on the To:/Cc: or Return-Path: headers, you need to update your filter rules to also filter correctly for the new addresses. Also, please whitelist the new addresses in any spam/TDMA like systems if you're running something like that. Your listmaster, Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius without libtool
Arindam Roy [EMAIL PROTECTED] wrote: I know the question might sound silly, but do you know of any way of compiling freeradius without libtool, with all the modules as static modules. ./configure --disable-shared ? It still needs libtool, though. The API's used to link the modules are supplied by libtool. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+MySql (Authorization Query) - regexp
=?iso-8859-1?q?Kiran?= [EMAIL PROTECTED] wrote: I am using the following query for authorization and I am getting the error 1064 from MySql (PARSE ERROR). But when I am giving the same query replacing the variables with values, I am getting the output. Can someone explain me why. Look at the SQL debug log file. It will have the queries with the variables replaced by values. (select id,UserName,Attribute,Value,op from ${authreply_table} where username='%{SQL-User-Name}') union (select id,UserName, Attribute, concat('h323-credit-time=',round(substring(value,20)/(tas_rate+charge))*60) Value,op from ${authreply_table}, pb_tariffs,surcharge where \%{Called-Station-Id}\ regexp concat(^... A double quote inside of a double-quoted string? I am getting the error after adding 'regexp' to the query. Then what you added is the source of the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql_mysql problem
RedHat 8.0 work ok, thanks Andrés de Barros - Original Message - From: Sérgio José Ferreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 12:08 PM Subject: RES: rlm_sql_mysql problem Check if you have all of the mysql's libraries on your system and if they are on the correct place. What's your system ( Linux / FreeBSD ) ?? Sergio Jose Ferreira WGO Internet Brazil -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de Przemek Bozek Enviada em: segunda-feira, 22 de dezembro de 2003 13:03 Para: [EMAIL PROTECTED] Assunto: Re: rlm_sql_mysql problem The driver should be installed into /usr/local/lib with the filename rlm_sql.la first check if the file exists there, and then check configure log, in the directory where U compiled the module, probably U are missing a library or any other required file, and that's why U couldn't compile the driver Pozdrawiam Przemek Bozek 33-25-564 - Original Message - From: Andrés de Barros [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, December 22, 2003 3:52 PM Subject: rlm_sql_mysql problem dear all, i got message from my radius (freeradius-0.9.1) like this : rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. any suggest for this case ? Thanks, Andrés - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sqlcounter problem
dear all, I got message from my radius (freeradius-0.9.1), RedHat 8.0, like this : rlm_sqlcounter: coult not find check item value pair. any suggest for this case ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: (URGENT!!!!) How to configure freeradius for windows 2000 users?
please send debug output of radiusd debug command to run radiusd == radiusd -X Ripunjay -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Shashidhara S Bapat Sent: Saturday, December 20, 2003 4:38 PM To: Free Radius Mailing group Cc: Shashidhara S Bapat Subject: (URGENT) How to configure freeradius for windows 2000 users? Hello all, I am running FreeRadius 'radiusd' on Linux machine which should authenticate wireless Windows-2000 users (through AP600 access point (it supports RADIUS protocol)). I am failing to add a windows user (or machine) as a user to the server. Everything works fine when I try with 'radtest' command. Following is my setup: (Linux) (NAS)(user) +--+ +--++++-+ + Internet +| Radius | | AP-600 | wireless |Win-2000 | +--+ +--++++-+ Please let me know what setup I have to make to make above thing working. In case anyone has example 'users', 'radiusd.conf', 'clients.conf' files, please forward it to me. FYI: 1 Server: Redhat Linux v9.0 (Kernel 2.4.20-8) NAS : AP-600 (this supports RADIUS protocol) wireless users; Windows 2000 professional. 2 I have enabled EAP. 3 have added windows user in 'users' file. 4 have added AP-600 entry in the 'clients.conf' file. (I dont know exactly which Auth-Type I have to use. I have tried with 'Local', 'System', 'eap', 'ms-chap'..etc) Thanks in advance for all the help. Please reply asap. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. \\\/// \ ~ ~ / | @ @ | oOo(_)---oOo =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_detail: Failed to create directory /var/log/radius/radacct/192.168.1.75: Permission denied
I am receiving the following problems when trying to authenticate users with the auth_log and auth_detail sections Of radiusd.conf turned on. This is what I am seeing in debug mode: --- Walking the entire request list --- Cleaning up request 3 ID 102 with timestamp 3fe5 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 192.168.1.75:2193, id=102, length=57 User-Name = [EMAIL PROTECTED] CHAP-Password = 0xe2fb635de078f97ce128cbe469b79867a3 modcall: entering group authorize for request 5 modcall[authorize]: module preprocess returns ok for request 5 radius_xlat: '/var/log/radius/radacct/192.168.1.75/detail' rlm_detail: %A/%{Client-IP-Address}/detail expands to /var/log/radius/radacct/192.168.1.75/detail rlm_detail: Failed to create directory /var/log/radius/radacct/192.168.1.75: Permission denied modcall[authorize]: module auth_log returns fail for request 5 modcall: group authorize returns fail for request 5 Finished request 5 Going to the next request Does anybody have any clue as to why this would be happening?
(no subject)
Error message
I'm getting to following error message using freeradius 0.9.3: Error: rlm_eap: EAP-Message not found Radiusd is working fine, so I'm not quite sure what the problem is. I did some googling, but was not able to fine a solution. I migrated from an older version of Radius and updated my decrepit configuration files to the new standards. Any ideas on what I'm doing to cause this message? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Timeout in listening
Hi all! I have downloaded freeradius 0.9.3. Compiled it succesfully configured and started with -X option. After some time (about 10 hours) freeradius cannot receive any request. radtest permanently re-sending packets and get no answer. In the logs of radius: Nothing to do. Sleeping until we see a request. What the trouble? Cheers, SaLiK - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help me !!!
Hi everybody, I am new user for Radius Server.My requirement is to pass my username,password to radius server and to authenticate.Help me out how to add a user in radius server database and how to authenticate ?? regards,Prasad. Do you Yahoo!? Free Pop-Up Blocker - Get it now
freeradius without libtool
Hello all, I know the question might sound silly, but do you know of any way of compiling freeradius without libtool, with all the modules as static modules. I mean can I pass any specific flag to the GCC so that the modules are dlpreopened. Or is this a specific feature of libtool(the ltdl sybol list I mean). Any help will be hugely appreciated. Thanking you, Arindam Roy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(URGENT!!!!) How to configure freeradius for windows 2000 users?
Hello all, I am running FreeRadius 'radiusd' on Linux machine which should authenticate wireless Windows-2000 users (through AP600 access point (it supports RADIUS protocol)). I am failing to add a windows user (or machine) as a user to the server. Everything works fine when I try with 'radtest' command. Following is my setup: (Linux) (NAS)(user) +--+ +--++++-+ + Internet +| Radius | | AP-600 | wireless |Win-2000 | +--+ +--++++-+ Please let me know what setup I have to make to make above thing working. In case anyone has example 'users', 'radiusd.conf', 'clients.conf' files, please forward it to me. FYI: 1 Server: Redhat Linux v9.0 (Kernel 2.4.20-8) NAS : AP-600 (this supports RADIUS protocol) wireless users; Windows 2000 professional. 2 I have enabled EAP. 3 have added windows user in 'users' file. 4 have added AP-600 entry in the 'clients.conf' file. (I dont know exactly which Auth-Type I have to use. I have tried with 'Local', 'System', 'eap', 'ms-chap'..etc) Thanks in advance for all the help. Please reply asap. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. \\\/// \ ~ ~ / | @ @ | oOo(_)---oOo =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me !!!
Can you give more details of your setup?Prasad Yaramti [EMAIL PROTECTED] wrote: Hi there, I am new this radius authentication Concept,actually my requirement is to check User name and Passsword via Radius server.In this aspect I have to pass user name and Password to Radius and to get authenticate. Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server Thanks inadvance for your help Regards,Prasad. Do you Yahoo!?Free Pop-Up Blocker - Get it now Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
FreeRadius Vs Supllicant. EAP-TLS Certificates problem
Hi guys! I am triying to create the client and server certificates. I am following the Howtos: http://www.missl.cs.umd.edu/wireless/eaptls/ http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm When I try to create the CA hierarchy ( usin CA.pl -newca), I suppose taht the program can´t create the cacert.pem certificate, because In the followings lines I must execute an orden with the argument demoCA/cacert.pem and the program says me that the file doesn´t exist. if someone could help me, I would be very greated. Thanks for all _ Deja tu CV y recibe ofertas personalizadas de trabajo en tu buzón. http://www.msn.es/Empleo/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Vs Supllicant. EAP-TLS Certificates problem
Yosi Corcia [EMAIL PROTECTED] wrote: I am triying to create the client and server certificates. I am following the Howtos: See 'scripts/CA.all'. It's a script taken from the Howto's, which will create the certificates for you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: conflicting packet problem
Simon Allard [EMAIL PROTECTED] wrote: So if I have 100 NAS's behind a proxy, since the source is the same for all of the NAS's does it compare NAS-IP-Address or does it use the IP of the proxy? It uses the IP of the proxy. The IP's of the NAS boxes are totally irrelevant. What is the most common cause for conflicting packet's and are there any easy fixes? The most common cause is that the server is taking a long time to process requests. The only fix is to find out what's taking so long, and correct the problem. I am using freeradius 0.9.0 with LDAP on a dual 2Ghz mahine. I have 3 of these load balanced behind a L4 Switch. You should upgrade to 0.9.3, bu those machines are definitely powerful enough. I am even getting dupulate records with accounting which is odd because all its doing is writing the accounting record straight to the disk. If the NAS sends two accounting packets, the server logs two. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius not responding to the user request
Shashidhara S Bapat [EMAIL PROTECTED] wrote: Please let me know what all changes I have to do for my network to work. See the FAQ, and run the server in debugging mode. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me !!!
Prasad Yaramti [EMAIL PROTECTED] wrote: Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server ??? Read the FAQ. It explains how to do this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Easy User Interface?
As for configuring the server... {scratching head} ...that isn't available. Once the servr is configured, it shouldn't require very much fiddling with, but it would be nice to be able to change more than just user accounts. Eventualy it would be nice to be able to maintain realms, and NAS configurations as well. Yes. this would be trivially possible by way of storing this information in SQL, however as has been discussed previously on the list this can open the server up to a DoS attack, therefore the NAS and realms info should be stored in SQL, but not accessed in real time but rather loaded once on server start up and SIGHUP. As yet no-one has stepped up to the plate with code to impliment this :-) Cheer Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:Make your friends Jealous
Re: Re start radiusd
For me, it's necessary to restart radius deamon. To do this, i use the sample script with little changes : freeradius-sources/redhat/rc.radiusd-redhat JP Cris Boisvert wrote: I using Redhat 9.. I got a couple of foolish questions sorry.. When I add another user to the users file... Do I need to restart the radiusd service? If not. How long will it take to re parse the users file to take the new change... The old mac radius server I had didn't require a restart, that's why I ask.. How can I restart the process short of finding the process and killing the pid and restarting the service. Thanx Sorry for the ignorance.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl strange behaviour problem
On Thu, Dec 18, 2003 at 05:04:04PM +0200, Aivis Olsteins wrote: hello, We are running into following strange situation when using rlm_perl: System had perl version 5.8.0 which was later upgraded to 5.8.2 1. when running perl command perl -v, it indicates correct version: 5.8.2 2. when adding to our default perl radius script following first line: #!/usr/bin/perl -v it displays perl version v.5.8.2 and correctly executes script. It seems that you compile 5.8.2 without shared lib libperl.so You have to recompile it again with libperl.so setting to yes. After this recompiling latest radius will solve the problem. 3. when calling same script with same line from radius, it displays old perl version 5.8.0 (which is completely removed from system) and also have other problem during run time like not filling arrays with values, etc. The radius server was upgraded to 0.9.3 , it did not help. Is there something very specific in a way perl is called from C what we need to take in account? Any help will be highly appreciated. Best Regards, Aivis Olsteins [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho problem
Hi,All! I use the command radwho to see who has online ,But no result.And There is no the files radutmp radwtmp in the logdir.How can I deal with it? EMAIL:[EMAIL PROTECTED] MSN: [EMAIL PROTECTED] TEL: 020-87114020 020-87114021 2003-12-19 ?b{???y'???0???(f
RE: Re start radiusd
What is the syntax? rc.radiusd-redhat restart .or stop or start...? I ran it and it didn't seem to do anything.. Thanx Cris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jean-Paul Chapalain Sent: Friday, December 19, 2003 2:27 AM To: [EMAIL PROTECTED] Subject: Re: Re start radiusd For me, it's necessary to restart radius deamon. To do this, i use the sample script with little changes : freeradius-sources/redhat/rc.radiusd-redhat JP Cris Boisvert wrote: I using Redhat 9.. I got a couple of foolish questions sorry.. When I add another user to the users file... Do I need to restart the radiusd service? If not. How long will it take to re parse the users file to take the new change... The old mac radius server I had didn't require a restart, that's why I ask.. How can I restart the process short of finding the process and killing the pid and restarting the service. Thanx Sorry for the ignorance.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re start radiusd
Move the script like this mv freeradius-sources/redhat/rc.radiusd-redhat /etc/init.d/radiusd Modify the script : depending where radius is installed Use chkconfig (man chkconfig) Jp. Cris Boisvert wrote: What is the syntax? rc.radiusd-redhat restart .or stop or start...? I ran it and it didn't seem to do anything.. Thanx Cris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jean-Paul Chapalain Sent: Friday, December 19, 2003 2:27 AM To: [EMAIL PROTECTED] Subject: Re: Re start radiusd For me, it's necessary to restart radius deamon. To do this, i use the sample script with little changes : freeradius-sources/redhat/rc.radiusd-redhat JP Cris Boisvert wrote: I using Redhat 9.. I got a couple of foolish questions sorry.. When I add another user to the users file... Do I need to restart the radiusd service? If not. How long will it take to re parse the users file to take the new change... The old mac radius server I had didn't require a restart, that's why I ask.. How can I restart the process short of finding the process and killing the pid and restarting the service. Thanx Sorry for the ignorance.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- -- Jean-Paul Chapalain - GICM - Resp. Reseaux et Infrastructure -- 32 rue Mirabeau - Le Relecq-Kerhuon - 29808 Brest Cedex 9, FRANCE -- Tel +33298002873 - Fax +33298284005 - [EMAIL PROTECTED] -- Key Fingerprint: 192C 1CFE F24A 050D F280 A086 AF15 8631 3ABB 4C7D - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Collect user's password
Roberto Fichera [EMAIL PROTECTED] wrote: how can I collect all the CHAP-Password or in general all encrypted password in a text file ? It's possible to run some script from the pre-authorization section where the plain password is available ? I don't know what you're trying to do. If you're trying to create CHAP-Passwords from plain-text passwords, you shouldn't. There's no point. If you're trying to create plain-text passwords from CHAP-Passwords, you can't. It's impossible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: conflicting packet problem
Simon Allard [EMAIL PROTECTED] wrote: Thu Dec 18 16:37:49 2003 : Error: Dropping conflicting packet from client ihug-phone:1646 - ID: 122 due to unfinished request 514640 As you can see they all from the same client. The client happens to be a /24 network. OK. The question is, does freeradius treat each nas in the /24 as being different so it knows that the ID is different even though the ID is the same for another NAS in the /24. Or does it assume its the same? The shared secrets are looked up via the 'clients.conf' file, which has a netmask. Duplicate requests are found by comparing source IP addresses. So the packets should be duplicate *only* if they're being sent from the same IP. delete_blocked_requests = no (Is this safe to turn to yes yet) No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Collect user's password
At 16.35 19/12/2003, you wrote: Roberto Fichera [EMAIL PROTECTED] wrote: how can I collect all the CHAP-Password or in general all encrypted password in a text file ? It's possible to run some script from the pre-authorization section where the plain password is available ? I don't know what you're trying to do. I have lost some password on the database (the backup was to old sigh :-(! ), so I wish to collect it from the radius.log ... but ... If you're trying to create CHAP-Passwords from plain-text passwords, you shouldn't. There's no point. If you're trying to create plain-text passwords from CHAP-Passwords, you can't. It's impossible. ... this's the answare that I already know :-(. However I was hoping there was other tips ;-). Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Roberto Fichera. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re start radiusd
Is anyone Using Optigold ISP with free radius... I'm trying to setup the server action to add , remove, and change passwords in the users file.. Does anyone have any examples.. On how to add a user through either a script or command.? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Optigold ISP?
Is anyone Using Optigold ISP with free radius... I'm trying to setup the server action to add , remove, and change passwords in the users file.. Does anyone have any examples.. On how to add a user through either a script or command.? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with attr_filter
Stephan von Krawczynski [EMAIL PROTECTED] wrote: Only half answered, I'm afraid. I tried auth_log and reply_log, but it is unclear how to find out corresponding req and reply without any id logging ... shrug You've got the source code. It's only a 1-line change. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
running from daemontools
Hey All, Running FreeRadius 0.9.3 w/ MySQL from daemontools and I get these strange messages on my radius log : Error: Discarding new request from client xyz:1027 - ID: 73 due to live request 0 Doesn't seem to cause any problems, radius clients still work fine - but I'm not quite sure why this is happening and would like to know (in case things start to get whacky later down the line). linux redhat 9 freeradius 0.9.3 mysql 4.0.16 standard daemontools (0.8x i think) run file: #!/bin/sh exec /usr/local/sbin/radiusd -f I'm running Freeradius on a Solaris box w/o mysql and I've never seen this message before (totally different nas setup as well) Any thoughts/suggestions? Thanks, Rob Genovesi [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: migrate PAP to CHAP for LDAP
On Wed, Dec 17, 2003 at 06:21:12PM +0800, Rohaizam Abu Bakar wrote: # debug MODE [deleted] auth: type LDAP why are you setting your auth type to LDAP when you want CHAP authentication ? modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: Attribute User-Password is required for authentication. Cannot use CHAP-Password. The above line tells you all, ldap is not supposed to do the auth. Let it extract the the password and let the mschap module set the Auth-Type to MSCHAP. -- Andrej Brkic Fakultet Prometnih Znanosti, Zagreb, Croatia E-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mac Radius
Cris Boisvert [EMAIL PROTECTED] wrote: Is their a way to use the exported users.txt file from mac radius to import it into freeradius? Edit it by hand. The configuration files are probably quite different. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Requests appear to be from 255.255.255.255
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote: I am now seeing 2 different things that may or may not be related. 1. Some ISP's report that our requests seem to be coming from the internal IP address assigned to our radius server. Then the routing on your network needs to be fixed. You're routing internal address to the net. Or, the IP's *inside* the RADIUS packet may be IP's from your internal net. That's a different issue, and not nearly as much of a problem. 2. One ISP now reports that our requests seem to be coming from 255.255.255.255 ? Then your network is completely broken. The response can't make it back from the ISP to you, so I don't see how *anything* would work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Easy User Interface?
Does Anyone Use an easy user interface...Webmin.. Or a script? I don't mind adding the users by hand although I prefer that one of my tech support people don't destroy my radius server due to their ignorance.? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Easy User Interface?
Webmin is a bigger risk than teaching your techs to use pico or adduser. -Drew -Original Message- From: Cris Boisvert [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 3:30 PM To: [EMAIL PROTECTED] Subject: Easy User Interface? Does Anyone Use an easy user interface...Webmin.. Or a script? I don't mind adding the users by hand although I prefer that one of my tech support people don't destroy my radius server due to their ignorance.? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Easy User Interface?
Cris Boisvert [EMAIL PROTECTED] wrote: Does Anyone Use an easy user interface...Webmin.. Or a script? dialup_admin? It comes with the server. Did you look? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Easy User Interface?
Yes I agree Doesn't adduser make a unix user also? I only want to make a radius user .. And I want to set options Also... I'm guessing that someone has made a ease of use system that can add, subtract and modify users? Thanx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew Weaver Sent: Friday, December 19, 2003 3:57 PM To: '[EMAIL PROTECTED]' Subject: RE: Easy User Interface? Webmin is a bigger risk than teaching your techs to use pico or adduser. -Drew -Original Message- From: Cris Boisvert [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 3:30 PM To: [EMAIL PROTECTED] Subject: Easy User Interface? Does Anyone Use an easy user interface...Webmin.. Or a script? I don't mind adding the users by hand although I prefer that one of my tech support people don't destroy my radius server due to their ignorance.? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
certificate generation and freeradius
I am new to this users list and hope this gets to someone that can help me. I am trying to set up a RADIUS server for my wireless network. I am running RedHat 8.0 and have installed freeradius-0.9.3 that I downloaded from the freeradius.org site in tar.gz format. I am utilizing two HOWTO docs http://www.freeradius.org/doc/EAPTLS.pdfand http://www.impossiblereflex.com/8021x/eap-tls-HOWTO.htm#6. I am primarliy using the latter for the freeradius setup and certificate generation. I configured my radiusd.conf (located in /usr/local/etc/radius/raddb/) based on the second link under the radiusd.conf section. I then created the script run-radiusd that is also detailed on that page. I get the following errors: ... ... ... ... tls: dh_file = "/etc/1x/r/DH"tls: random_file = "/etc/1x/r/random"tls: fragment_size = 1024tls: include_length = yes24076:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=engine name=default24076:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=engine name=rsa24076:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=engine name=dsa24076:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=engine name=dh24076:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=engine name=rand24076:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=engine name=bn_mod_exp24076:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:329:group=engine name=bn_mod_exp_crt24076:error:02001002:system library:fopen:No such file or directory:bss_file.c:104:fopen('/etc/1x/r/CA.pam','r')24076:error:2006D080:BIO routines:BIO_new_file:no such file:bss_file.c:107:24076:error:0B084002:x509 certificate routines:X509_load_cert_crl_file:system lib:by_file.c:274:rlm_eap_tls: Error reading Trusted root CA listrlm_eap: Failed to initialize the type tlsradiusd.conf[600]: eap: Module instantiation failed. Now I do not have a CA.pam file in my /etc/1x/r/ directory and do not know where or how to get that file. I did create the CA.root, CA.svr, and CA.clt files and execute them. They seemed to create all the files except I think the client file has no name except .p12 At any rate, here is a directory list of where I ran the CA.* scripts. (there are suppose to be 3 columns) . demoCA .. .der .p12 .bash_logout .pem.bash_profile .bashrc .gtkrc root.derCA.all newcert.pem root.p12CA.clt root.pemCA.root xpextensionsCA.svr If someone can give me some advice on where to go from here I would appreciate it. Thanks! Tony
(no subject)
Can anybody tell me if FreeRadius will work with a Nortel VPN Contivity Gateway? In other words, is FreeRadius limited to work with specific vendor products or can it authenticate any client type? Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
Alfonso Gallegos wrote: Can anybody tell me if FreeRadius will work with a Nortel VPN Contivity Gateway? In other words, is FreeRadius limited to work with specific vendor products or can it authenticate any client type? It should work with any device that supports RADIUS. Some devices have Vendor Specific Additions to the RADIUS spec, in which case FreeRADIUS needs to needs to know about the extensions by way of a dictionary file. There is no Nortel specific dictionary in FreeRADIUS at this time, probably because it doesn't need one. If you find out that it does feel free to tell us and we will update FreeRADIUS :-) Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Easy User Interface?
If you are using MySQL, then dialup admin is a good option, for maintaning accounts. I have been building compatability for PostgreSQL into Dialup Admin in CVS. If you wanted PostgreSQL support for Dialup Admin in 0.9.3, you could go to the developer area and get the CVS version. I am still testing the bin scripts, but the php has already been commited. As for configuring the server... {scratching head} ...that isn't available. Once the servr is configured, it shouldn't require very much fiddling with, but it would be nice to be able to change more than just user accounts. Eventualy it would be nice to be able to maintain realms, and NAS configurations as well. Cris Boisvert wrote: Yes I agree Doesn't adduser make a unix user also? I only want to make a radius user .. And I want to set options Also... I'm guessing that someone has made a ease of use system that can add, subtract and modify users? Thanx -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew Weaver Sent: Friday, December 19, 2003 3:57 PM To: '[EMAIL PROTECTED]' Subject: RE: Easy User Interface? Webmin is a bigger risk than teaching your techs to use pico or adduser. -Drew -Original Message- From: Cris Boisvert [mailto:[EMAIL PROTECTED] Sent: Friday, December 19, 2003 3:30 PM To: [EMAIL PROTECTED] Subject: Easy User Interface? Does Anyone Use an easy user interface...Webmin.. Or a script? I don't mind adding the users by hand although I prefer that one of my tech support people don't destroy my radius server due to their ignorance.? Thanx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multicultural Business Conference - 2004
Title: DiversityBusiness.com | 2004 Multicultural Business Conference DiversityBusiness.com (formerly Div2000.com) invites you to attend the Fourth National Multicultural Business Conference taking place on March 17-18, 2004 at the beautiful Foxwoods Resort Casino located in Mashantucket, CT. Come meet with other DiversityBusiness.com members and share your business ideas. This momentous occasion is the only national event sponsored by diversity businesses to salute our corporate partners. The conference offers Education, Training and Networking for: Corporate CEOs Chief Diversity Officers Women Entrepreneurs Purchasing, Marketing and Human Resource Executives Minority Entrepreneurs Government Decision-makers Financial Services Professionals And other national experts on diversity business development Seating is limited so please confirm your attendance as early as possible. To confirm your attendance or for more event information logon to: www.div2000.com/conference I look forward to meeting you in person. Sincerely, Jose Beria www.DiversityBusiness.com To be removed from this mailing list Click Here - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: conflicting packet problem
The question is, does freeradius treat each nas in the /24 as being different so it knows that the ID is different even though the ID is the same for another NAS in the /24. Or does it assume its the same? The shared secrets are looked up via the 'clients.conf' file, which has a netmask. Duplicate requests are found by comparing source IP addresses. So if I have 100 NAS's behind a proxy, since the source is the same for all of the NAS's does it compare NAS-IP-Address or does it use the IP of the proxy? What is the most common cause for conflicting packet's and are there any easy fixes? I am using freeradius 0.9.0 with LDAP on a dual 2Ghz mahine. I have 3 of these load balanced behind a L4 Switch. I am even getting dupulate records with accounting which is odd because all its doing is writing the accounting record straight to the disk. Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help me !!!
Hi there, I am new this radius authentication Concept,actually my requirement is to check User name and Passsword via Radius server.In this aspect I have to pass user name and Password to Radius and to get authenticate. Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server Thanks inadvance for your help Regards,Prasad. Do you Yahoo!? Free Pop-Up Blocker - Get it now
Radius not responding to the user request
Hello All, I am running freeradius on Linux which is connected to NAS (AP600, an access point supporting Radius). Remote users run on Windows 2000 professional. When wireless users try to access NAS/Radius Server, my server has become dumb (i mean, it remains inert and doesnt display anything related to that user). Please let me know what all changes I have to do for my network to work. In case someone has configured files which is working, please forward it to me. FYI: These are the settings I have done users file: TECH4 Auth-Type := eap, User-Password = password Reply-Message = Hello, %u clients.conf file: client 192.168.100.7/24 { secret = abcde shortname = AP-600LAB nastype = other } -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. \\\/// \ ~ ~ / | @ @ | oOo(_)---oOo =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ip pool problem ?
Dearest Freeradiusers, I need help on configuring freeradius , on ip pooling. issue i use mysql as the user as well as ip database. But it seems , radius can works on range ip i gave but i works on ip with "+", but i can control the ip assignment that server gave to user who dials in. Also i previously try using main_ippool with range start range stop, it seems dont work. Can anyone help me figure out this phenomena ? Thx i look fwd for any respond and advice Joko P.
ip pooling conf.
Dearest Freeradiusers, I need help on configuring freeradius , on ip pooling. issue i use mysql as the user as well as ip database. But it seems , radius can works on range ip i gave but i works on ip with +, but i can control the ip assignment that server gave to user who dials in. Also i previously try using main_ippool with range start range stop, it seems dont work. Can anyone help me figure out this phenomena ? Thx i look fwd for any respond and advice Joko P. === Gunakan layanan download ringtone dan wallpaper dari Fun Dering dari PlasaCom untuk menambah keceriaan di handphone Anda... http://fun-dering.plasa.com === - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool problem ?
On Thu, Dec 18, 2003 at 03:49:20PM +0700, [EMAIL PROTECTED] wrote: I need help on configuring freeradius , on ip pooling. issue i use mysql as the user as well as ip database. But it seems , radius can works on range ip i gave but i works on ip with +, but i can control the ip assignment that server gave to user who dials in. Also i previously try using main_ippool with range start range stop, it seems dont work. Can anyone help me figure out this phenomena ? As far as I know, freeradius does not store ip pools in sql databases. Perhaps you can provide some debugging output and confguration you use (don't send everything, only the 'interesting' parts). Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
install EAP-ttls
Hi. I have radius server with EAP-TLS and I'm tryin to install eap-ttls. HAve you a howto of eap-ttls. ___ Yahoo! Sorteos ¡Ya puedes comprar Lotería de Navidad! http://yahoo.ventura24.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Callback issue
Hi folks I've tried to figure out through the news if it possible implementing a prompt callback meccanism (as Cisco has..), cause I'm using freeradius + mysqlin a negative case how can I configure does anybody knows If is possible to configure the callback part in the Cisco Router while all the other AAA stuffs run on freeradius + mysql ??? Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More Questions
First off I am new to radius and am trying to figure how to do what I want it to do. ANY help is greatly appreciate and hope to be able to help others in the future. I will start off by stating what I am trying to do: I have 2 locations that have wireless access to internet and am trying to find a way to secure the access for any authed users (got that figured out). I am not using a traditional NAS since budget does not allow for that cost. What i am using is a FreeBSD box loaded with a program called OpenGate that uses CGI to query radius server for auth. (working). I am running FreeRadius on another FreeBSD machine and have it set up to use MySQL for usernames and such (working). In MySQL I am using the default database structure and have not modified any of it except for users and such. Now for the questions: 1: I have read all the Doc's that come with radius and searche dthe web and still have not found how to log accounting info in radius. I have turned on log_auth, log_auth_badpass, and log_auth_goodpass in radiusd.conf. Having done this I am still not getting any accounting info in the database or log file. Am I missing something here? 2: I am trying to limit simultaneous use and am a bit confused. One file says that it only works with users file and pam (i believe) but not with SQL, LDAP and so forth. In another doc it says to change in tablr radgruopcheck Attribute=Simultaneoius-use OP=:= and value to 1. I have done this and still allows multiples. Also saw in radiusd.conf where i need to uncomment simul_count_query but that appears to only work if you have accounting working. Am doing something wrong here as well? Concerns: 1: Does the traditional NAS send radius the accounting info or does radius insert as authed, denyied, etc? Thanks in advance for all your help Roy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pam authentication documentation
I'm looking for some good documentation on PAM for authentication with radius or with any service. I've only been able to find documentation that is either brief or out of date. Any good books, or sites Thanks! John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More Questions
1: I have read all the Doc's that come with radius and searche dthe web and still have not found how to log accounting info in radius. I have turned on log_auth, log_auth_badpass, and log_auth_goodpass in radiusd.conf. Having done this I am still not getting any accounting info in the database or log file. Am I missing something here? This question was asked earlier this week. I guess it might be a good idea to ask Alan to put sql as a commented option in the authorize and accounting sections of the radiusd.conf. You need to add sql to your accounting section of radiusd.conf if you want it to write accounting info the the database. You also need to make sure the sql queries in sql.conf that use the radacct table are correct for your database. 2: I am trying to limit simultaneous use and am a bit confused. One file says that it only works with users file and pam (i believe) but not with SQL, LDAP and so forth. In another doc it says to change in tablr radgruopcheck Attribute=Simultaneoius-use OP=:= and value to 1. I have done this and still allows multiples. Also saw in radiusd.conf where i need to uncomment simul_count_query but that appears to only work if you have accounting working. Am doing something wrong here as well? It works with SQL, as you describe in the radgroupcheck table. At the bottom of the radiusd.conf is a section called session, in there is a flag which tells it to use the sql or radutmp for Simult-use checking. If you don't you don't uncomment the queries simult-use needs in the sql.conf, it will not work. Take a look at my radiusd.conf for reference: http://mrtizmo.com/freeradius/ Concerns: 1: Does the traditional NAS send radius the accounting info or does radius insert as authed, denyied, etc? radius just sits there waiting for an NAS to send it data, then it auth's/denies it and then logs everything. Hope that helps! Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl strange behaviour problem
hello, We are running into following strange situation when using rlm_perl: System had perl version 5.8.0 which was later upgraded to 5.8.2 1. when running perl command perl -v, it indicates correct version: 5.8.2 2. when adding to our default perl radius script following first line: #!/usr/bin/perl -v it displays perl version v.5.8.2 and correctly executes script. 3. when calling same script with same line from radius, it displays old perl version 5.8.0 (which is completely removed from system) and also have other problem during run time like not filling arrays with values, etc. The radius server was upgraded to 0.9.3 , it did not help. Is there something very specific in a way perl is called from C what we need to take in account? Any help will be highly appreciated. Best Regards, Aivis Olsteins [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[ADMIN] IMPORTANT: List address change
Next monday, the addresses of the freeradius lists will change. The lists will migrate to the freeradius.org domain. This means that instead of mailing to [EMAIL PROTECTED] you then need to mail to [EMAIL PROTECTED] Mail you receive from the list is now sent with the envelope-sender address [EMAIL PROTECTED], that will change to [EMAIL PROTECTED] And the webinterface that now runs at http://lists.cistron.nl/ will move to http://lists.freeradius.org/ Same goes for the freeradius-devel and freeradius-announce lists. As you can see, it's a simple matter of s/cistron.nl/freeradius.org/g The old [EMAIL PROTECTED] (etc) addresses will remain working for the forseeable future. The most important thing is that if you filter your mail into folders based on the To:/Cc: or Return-Path: headers, you need to update your filter rules to also filter correctly for the new addresses. Also, please whitelist the new addresses in any spam/TDMA like systems if you're running something like that. Your listmaster, Mike. -- When life hands you lemons, grab the salt and pass the tequila. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: semaphore not initialized - Question on how to implement
At 09:04 PM 12/17/2003, David Watson wrote: I'm trying to run freeradius on an OS X machine and I have been reading threads relating to issues people have had over the years when receiving a message saying: ERROR: Failed to initialize semaphore: Function not implemented Running radiusd -X works fine on OS X but doing rc.radiusd start or just radiusd gives the error. I'm guessing that the -X parameter gives realtime logging information probably doesn't use semaphores as it may only be a single thread. -X is shorthand for several options, one of which causes the server to run in single-threaded mode. If you want normal operation with debugging messages, use ( -x -x ) instead. I have downloaded the BSD code for semaphores and copied libsem.a and the associated .h, .c and .o files to the /src/main directory. I've gone into the Makefile and edited the libs line to look like this as per the message at http://www.mail-archive.com/[EMAIL PROTECTED]/ msg04260.html (I think there was a typo in the original message and I interpreted it to really be this). LIBS+= -lradius $(SNMP_LIBS) libsem.a Implementing this change or the alternate one suggested on the above link has not changed the situation. I am not an expert with linking libraries. OS X with developer tools does have a semaphore.h file located in /usr/include. I would guess that there may be a dynamic library somewhere in the OS. Could this be conflicting with the BSD implementation I downloaded? What is the process to get this to link properly? The latest CVS should build on an OSX system, though it gets trickier if you want to use modules such as SQL due to the way OSX handles libraries and linking. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Connection is dropped.
Hi all! Updating the FreeRadius to the last snapshot of november I decide to change my old snapshot of OpenSSL to the stable release of OpenSSL 0.9.7c. After having a couple of troubles with the different versions of the OpenSSL, I recompiled and they worked together. Now, Using a similar configuration to the one I was using, I found that the authentication succeed, but it is dropped. (My client is Windows XP, and the AP is a Cisco 350 series). The AP said to succeed when authenticating the client, but the client (which also said to succeed) says that there is no connection available. The full info of the radius server is at: http://www.ece.udel.edu/~barrera/logradius Everything seems to be fine with radius, or at least I couldn't find the problem. Does anyone face with this thing before? Thank you, Have a nice time this hollydays!! Ivan D. Barrera - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: install EAP-ttls
=?iso-8859-1?q?santi=20baztan?= [EMAIL PROTECTED] wrote: I have radius server with EAP-TLS and I'm tryin to install eap-ttls. HAve you a howto of eap-ttls. You configure it, as it says in 'radiusd.conf'. After that, you have a client send it EAP-TTLS packets. It's that easy. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More Questions
Roy Wills [EMAIL PROTECTED] wrote: I have turned on log_auth, log_auth_badpass, and log_auth_goodpass in radiusd.conf. Having done this I am still not getting any accounting info in the database or log file. Am I missing something here? Your NAS needs to send accounting packets. Nothing you do to the server will make any difference. Also saw in radiusd.conf where i need to uncomment simul_count_query but that appears to only work if you have accounting working. Exactly. No accounting, no simultaneous-use checks. Am doing something wrong here as well? Make the NAS send accounting packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pam authentication documentation
[EMAIL PROTECTED] wrote: I'm looking for some good documentation on PAM for authentication with radius or with any service. I've only been able to find documentation that is either brief or out of date. Any good books, or sites Try the PAM radius authentication module. There's really nothing else. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More Questions
Nick Davis [EMAIL PROTECTED] wrote: I guess it might be a good idea to ask Alan to put sql as a commented option in the authorize and accounting sections of the radiusd.conf. Done. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl strange behaviour problem
Aivis Olsteins [EMAIL PROTECTED] wrote: 3. when calling same script with same line from radius, it displays old perl version 5.8.0 (which is completely removed from system) No, it's not. You've linked rlm_perl to the old perl, so it's still somehow sticking around. The radius server was upgraded to 0.9.3 , it did not help. That *should* do it, if you deleted the old libperl files. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: More Questions
file. Am I missing something here? I guess it might be a good idea to ask Alan to put sql as a commented option in the authorize and accounting sections of the radiusd.conf. You need to add sql to your accounting section of radiusd.conf if you want it to write accounting info the the database. You also need to make sure the sql queries in sql.conf that use the radacct table are correct for your database. ...Assuming your NAS is even sending accounting packets to the server. Is it? Concerns: 1: Does the traditional NAS send radius the accounting info or does radius insert as authed, denyied, etc? radius just sits there waiting for an NAS to send it data, then it specifically authentication, authorization, and accounting packets auth's/denies it and then logs everything. Again, the NAS must send accounting packets before the server will log them in a details file or DB. I'd look at the NAS configuration. I'm not at all familiar with your setup, so I can't help there. Sorry. But, make sure it's sending accounting data. Then you can move onto making FreeRADIUS and your SQL DB work. Actually, I wouldn't even worry about the SQL stuff until you're getting what you want in a basic details file. Then I'd get the SQL accounting working. Battle one dragon at time, etc... -- Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using different queries with rlm_sql
Hi, I have freeradius 231201 snapshot working with a MSSQL database using rlm_sql+rlm_sql_unixODBC+freeTDS. I am now looking forward towards being able to issue different queries to the database depending on the value of request variables. For example, I have a NAS that authenticates itself with the radius server before authenticating clients. The Access-Accept reply should have different attributes depending on if it's a NAS or a client. I would use the Service-Type request to identify request type. Is this possible? As a more general question, is there a way to implement some kind of 'simple' logic on the radius depending on the value of request variables? Thanks in advance, Olmo González Este mensaje ha sido analizado y protegido por la tecnologia antivirus www.trendmicro.es - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
First timer
Hello, I have a wireless network setup and we are using freeRADIUS for, well... authenticating. I have never experimented with this so if someone could point me in the right direction I would really appreiciate it. I have read all the INSTALL doc and I am still a little foggy. Simple questions are: -OK I install on my linux box and then run, are there any settings that need to be done before running? -Also the user logs on and the info is sent through the RADIUS server and then to the rest of the network? True of False I know these are stupid questions, but I a beginner and I would like some direction, please thank you. Stepon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: First timer
-OK I install on my linux box and then run, are there any settings that need to be done before running? Yes, you will need to modify the naslist and users.conf files to put in your access points and the MAC addresses of valid clients. If you want it to be database driven, then you will need to install MySQL and configure it to work with the RADIUS Server. -Original Message- From: Stepon Esfandiary [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 11:39 AM To: [EMAIL PROTECTED] Subject: First timer Hello, I have a wireless network setup and we are using freeRADIUS for, well... authenticating. I have never experimented with this so if someone could point me in the right direction I would really appreiciate it. I have read all the INSTALL doc and I am still a little foggy. Simple questions are: -OK I install on my linux box and then run, are there any settings that need to be done before running? -Also the user logs on and the info is sent through the RADIUS server and then to the rest of the network? True of False I know these are stupid questions, but I a beginner and I would like some direction, please thank you. Stepon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CVP3000 VSA Dictionary
Spetzler, Arne (DZ-SH) [EMAIL PROTECTED] wrote: in the process of superseding Cisco ACS with freeradius, I have enhanced the dictionary.cisco.vpn3000 ... Those attributes are already in the CVS head. They weren't included in 0.9.3, though. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mac Radius
I am currently using mac radius as our radius server. I was wondering if anyone has done a migration from Macradius to freeradius? Is their a way to use the exported users.txt file from mac radius to import it into freeradius? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Requests appear to be from 255.255.255.255
Hi, I am running FreeRadius as a proxy. Users hit our NAS and then the request is proxied off to the proper downstream ISP. Our radius server is on an internal network in a DMZ and then firewalled (NAT'd) out to the real world. For the most part, each ISP just sets us up as a client using our external IP and everything seems to work fine. I am now seeing 2 different things that may or may not be related. 1. Some ISP's report that our requests seem to be coming from the internal IP address assigned to our radius server. 2. One ISP now reports that our requests seem to be coming from 255.255.255.255 ? I am dealing with an increasing number of ISP's that use a variety of radius servers, OS's, NAS's and infrastructures. So I am trying to keep a fairly simple radius configuration so that everything remains operational. Does anyone have any ideas why our requests appear to be coming from 255.255.255.255 or the internal ip? If so, how can I make the requests appear to come from our external IP? Thanks, dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Collect user's password
Hi All, I can collect all the plain text password from radius.log but how can I collect all the CHAP-Password or in general all encrypted password in a text file ? It's possible to run some script from the pre-authorization section where the plain password is available ? Does anyone have some tips ? Thanks in advance, Roberto Fichera. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mac OS X
You don't have to disable shared libraries anymore with MacOS X 10.3. In my experience this was only necessary until 10.2 (Jaguar). ./configure make make install works just fine for me. -Andreas On Dec 17, 2003, at 10:28 PM, David Watson wrote: I used the following ./configure --localstatedir=/var --sysconfdir=/etc --disable-shared make make install I'm not entirely sure but I believe the disable-shared is required to get it to run on OS X. You may not need to set up the local state and configuration directories but I seem to recall a hierarchy of folders (/etc, /var and others) all appearing under /usr/local without the extra definitions. Then you may need to go into the radiusd.conf file within /etc/raddb and comment out the sections that activate and configure EAP. You should be able to issue the command /usr/local/sbin/radiusd -X This has worked for me though I've had issues with semaphores when trying to run the daemon without any parameters. David Watson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re start radiusd
I using Redhat 9.. I got a couple of foolish questions sorry.. When I add another user to the users file... Do I need to restart the radiusd service? If not. How long will it take to re parse the users file to take the new change... The old mac radius server I had didn't require a restart, that's why I ask.. How can I restart the process short of finding the process and killing the pid and restarting the service. Thanx Sorry for the ignorance.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
conflicting packet problem
I am seeing alot of these in my logs. I am running freeradius 0.9.0 on Linux. Thu Dec 18 16:33:48 2003 : Error: Dropping conflicting packet from client ihug-phone:1646 - ID: 122 due to unfinished request 514640 Thu Dec 18 16:34:54 2003 : Error: Dropping conflicting packet from client ihug-phone:1646 - ID: 122 due to unfinished request 514640 Thu Dec 18 16:36:15 2003 : Error: Dropping conflicting packet from client ihug-phone:1646 - ID: 122 due to unfinished request 514640 Thu Dec 18 16:37:49 2003 : Error: Dropping conflicting packet from client ihug-phone:1646 - ID: 122 due to unfinished request 514640 As you can see they all from the same client. The client happens to be a /24 network. The question is, does freeradius treat each nas in the /24 as being different so it knows that the ID is different even though the ID is the same for another NAS in the /24. Or does it assume its the same? I am losing alot of radius records because of this. So any ideas on what could be causing these would be great. max_request_time = 30 delete_blocked_requests = no (Is this safe to turn to yes yet) max_requests = 51200 (I have about 200 NAS's). Thanks. Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] I'm out of my mind right now, but feel free to leave a message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Number of MySQL connections needed?
Heya, all. This might be a silly question, but can anyone tell me a rule of thumb to figure out how many MySQL connections (num_sql_socks in the config) to configure based on ... heck, I don't know ... something like number of people dialed up at the same time? It's a bit difficult to say how many users I have simultaneously using FR, since the logs/debug stuff is sequential. Currently using 24 connections for auth and 24 for accounting. I'm wondering if I really need that many or if I should add more. Any ideas? What I've got seems to work: I'm just trying to be a little more scientific about it. Pointers to docs appreciated if this is in the docs and I missed it! Thanks! Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Number of MySQL connections needed?
On Thu, 18 Dec 2003, Kristina Pfaff-Harris wrote: Heya, all. This might be a silly question, but can anyone tell me a rule of thumb to figure out how many MySQL connections (num_sql_socks in the config) to configure based on ... heck, I don't know ... something like number of people dialed up at the same time? It's a bit difficult to say how many users I have simultaneously using FR, since the logs/debug stuff is sequential. Currently using 24 connections for auth and 24 for accounting. I'm wondering if I really need that many or if I should add more. Any ideas? What I've got seems to work: I'm just trying to be a little more scientific about it. Pointers to docs appreciated if this is in the docs and I missed it! See doc/tuning_guide In any case it depends on how fast your sql server responds to queries. One way is to do a 'SHOW PROCESSLIST;' in mysql during radius peek time If you see active threads put in a few sql connections more than the maximum number of active threads. A more scientific solution is to increase the connection pool if you get 'out of sql sockets' errors radius.log :-) Thanks! Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: migrate PAP to CHAP for LDAP
can anyone help me on this CHAP issue thanks... - Original Message - From: Rohaizam Abu Bakar To: [EMAIL PROTECTED] Sent: Wednesday, December 17, 2003 6:21 PM Subject: migrate PAP to CHAP for LDAP How can i migrate PAP authentication method to CHAP using existing LDAP data ?? Tested below: - In radiusd.conf under ldap module: password_header = "{clear}"password_attribute = radiusCHAPPassword [mapped to CHAP-Password] = added radiusCHAPPassword in LDAP entry Although at first its detect Auth-Type = CHAP... then rlm_ldap still complaining needing "User-Password" # debug MODE rad_recv: Access-Request packet from host 10.1.1.1:16941, id=30, length=51 User-Name = "haizamchap" CHAP-Password = 0xf47dcdd9b0c307fc682539df2704ac6a20modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 rlm_realm: No '@' in User-Name = "haizamchap", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "haizamchap" rlm_realm: Proxying request from user haizamchap to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 43 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0rlm_ldap: - authorizerlm_ldap: performing user authorization for haizamchapradius_xlat: '(uid=haizamchap)'radius_xlat: 'ou=People,dc=jaring,dc=my'ldap_get_conn: Got Id: 0rlm_ldap: attempting LDAP reconnectionrlm_ldap: (re)connect to 127.0.0.1:389, authentication 0rlm_ldap: bind as cn=Sysadmin,ou=Applications,dc=jaring,dc=my/ to 127.0.0.1:389rlm_ldap: waiting for bind result ...rlm_ldap: performing search in ou=People,dc=jaring,dc=my, with filter (uid=haizamchap)rlm_ldap: checking if remote access for haizamchap is allowed by dialupAccessrlm_ldap: Password header not found in password haizamchap for user haizamchaprlm_ldap: looking for check items in directory...rlm_ldap: Adding radiusCHAPPassword as CHAP-Password, value haizamchap op=21rlm_ldap: looking for reply items in directory...rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value Van-Jacobson-TCP-IP op=11rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 op=11rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP op=11rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User op=11rlm_ldap: user haizamchap authorized to use remote accessldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap1" returns ok for request 0modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAPauth: type "LDAP"modcall: entering group Auth-Type for request 0rlm_ldap: - authenticaterlm_ldap: Attribute "User-Password" is required for authentication. Cannot use "CHAP-Password". modcall[authenticate]: module "ldap1" returns invalid for request 0modcall: group Auth-Type returns invalid for request 0auth: Failed to validate the user. --haizam [ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]
Re: Number of MySQL connections needed?
On Fri, 19 Dec 2003, Kostas Kalevras wrote: See doc/tuning_guide Thanks! I did check that out, but all it said was to make num_sql_socks larger than the number of simultaneous requests. (Hehe! Of course!) I'm still using 0.8.1, though: is tuning_guide updated in the latest? In any case it depends on how fast your sql server responds to queries. One way is to do a 'SHOW PROCESSLIST;' in mysql during radius peek time If you see active threads put in a few sql connections more than the maximum number of active threads. So, if I understand you correctly, if during peak times only 5 connections are active, and the rest are sleeping, then I could get away with 10 connections? If so, then that makes a lot of sense. Most of my connections are sleeping at any given time. A more scientific solution is to increase the connection pool if you get 'out of sql sockets' errors radius.log :-) Haha! The people answering the tech support calls will not like that option, I think. :-) Kristina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please help me (It is very Urgent)
Hello All, I am a new user to this mailing list. I am using Radius server to see how does it authenticate. I am running freeradius on Linux machine and it is connected to a AP600 (Access Point) through which users are connected. Users are running on Windows 2000 Professional. Following are the configuration I have done: file - clients.conf: # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600) # which supports RADIUS. 192.168.100.7/24 { secret = abcde shortname = AP-600LAB } file - users: # TECH4 is the name of the wireless client (machine name) which is # running on Windows. TECH4 Auth-Type := EAP, User-Password == password Reply-Message = Hello, %u I think the problem is with the 'user' part. I dont know which 'Auth-Type' I have to use. Please help me in my settings. Please let me know what modifications I have to do to make it working. FYI: The 'radtest' is working fine. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP problem - HELP PLEASE
Thanks everyone for your help, yes Brian, you are right, i made a mistake when I wrote my users entry in the last mail! I wanted to say: ourson User-password = testtest In fact your right for the = which is better to be renplaced by == here. But in reallity, I didn't put any space on my user paswword I tried to put this entry: ourson User-Password == a Reply-Message = YSS, %u With this, I tought that if authentication were bad, my reply message won't appear, isn't it right? But in fact, I have already the same error, but in response I have my reply message! It's very strange. here are my last logs : rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate for request 0 rlm_eap: Identity does not match User-Name, authentication failed. rlm_eap: Failed in handler modcall[authenticate]: module eap returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Login incorrect: [ourson/no User-Password attribute] (from client AP1 port 37 cli 000af49c507f)Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 113 to 192.168.1.2:3186 Reply-Message = yeess Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 113 with timestamp 3fdf0ed2 Nothing to do. Sleeping until we see a request. I really don't understand how radiusd can say : Identity does not match User-Name, authentication failed and [ourson/no User-Password attribute] ... It seems that no password is sent from my supplicant..?? I tried to do radtest from another unix machine and it works : ... rad_recv: Access-Request packet from host 192.168.1.1:32769, id=85, length=58 User-Name = ourson User-Password = a NAS-IP-Address = 255.255.255.255 NAS-Port = 10 modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 6 rlm_realm: No '@' in User-Name = ourson, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched ourson at 97 modcall[authorize]: module files returns ok for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns ok for request 6 auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: ' YSS, ourson' Sending Access-Accept of id 85 to 192.168.1.1:32769 Reply-Message = YSS, ourson Finished request 6 Going to the next request --- Walking the entire request list --- Cleaning up request 5 ID 170 with timestamp 3fdf22be Waking up in 6 seconds... I think that freeradius is well configured and it must be a windows or Access Point problem, don't you think so? Please if someone knows or just have an idea, tell me !! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with rlm_ippool PW_STATUS_ACCOUNTING_ON/OFF
When radiusd received a request of accounting on/off from NAS, ippool cannot free IP that have been allocated to radclient via NAS. I see the file rlm_ippool.c and find it doesn't deal with this request of accounting on/off. Why? And How can I free those pathetic IP? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
migrate PAP to CHAP for LDAP
How can i migrate PAP authentication method to CHAP using existing LDAP data ?? Tested below: - In radiusd.conf under ldap module: password_header = "{clear}"password_attribute = radiusCHAPPassword [mapped to CHAP-Password] = added radiusCHAPPassword in LDAP entry Although at first its detect Auth-Type = CHAP... then rlm_ldap still complaining needing "User-Password" # debug MODE rad_recv: Access-Request packet from host 10.1.1.1:16941, id=30, length=51 User-Name = "haizamchap" CHAP-Password = 0xf47dcdd9b0c307fc682539df2704ac6a20modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 rlm_realm: No '@' in User-Name = "haizamchap", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "haizamchap" rlm_realm: Proxying request from user haizamchap to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 43 modcall[authorize]: module "files" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0rlm_ldap: - authorizerlm_ldap: performing user authorization for haizamchapradius_xlat: '(uid=haizamchap)'radius_xlat: 'ou=People,dc=jaring,dc=my'ldap_get_conn: Got Id: 0rlm_ldap: attempting LDAP reconnectionrlm_ldap: (re)connect to 127.0.0.1:389, authentication 0rlm_ldap: bind as cn=Sysadmin,ou=Applications,dc=jaring,dc=my/ to 127.0.0.1:389rlm_ldap: waiting for bind result ...rlm_ldap: performing search in ou=People,dc=jaring,dc=my, with filter (uid=haizamchap)rlm_ldap: checking if remote access for haizamchap is allowed by dialupAccessrlm_ldap: Password header not found in password haizamchap for user haizamchaprlm_ldap: looking for check items in directory...rlm_ldap: Adding radiusCHAPPassword as CHAP-Password, value haizamchap op=21rlm_ldap: looking for reply items in directory...rlm_ldap: Adding radiusFramedCompression as Framed-Compression, value Van-Jacobson-TCP-IP op=11rlm_ldap: Adding radiusFramedMTU as Framed-MTU, value 1500 op=11rlm_ldap: Adding radiusFramedProtocol as Framed-Protocol, value PPP op=11rlm_ldap: Adding radiusServiceType as Service-Type, value Framed-User op=11rlm_ldap: user haizamchap authorized to use remote accessldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap1" returns ok for request 0modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAPauth: type "LDAP"modcall: entering group Auth-Type for request 0rlm_ldap: - authenticaterlm_ldap: Attribute "User-Password" is required for authentication. Cannot use "CHAP-Password". modcall[authenticate]: module "ldap1" returns invalid for request 0modcall: group Auth-Type returns invalid for request 0auth: Failed to validate the user. --haizam