RE: McAfee update
http://www.mcafeeb2b.com/naicommon/download/dats/mcafee_4x.asp http://www.mcafeeb2b.com/ - Original Message - From: Thomas Friemelt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 19, 2002 12:45 PM Subject: McAfee update - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: WWW.FREERADIUS.ORG
If we can do somethig with these people please tell me they are doing spam every were . But I have not ever imegined that would reach this list. - Original Message - From: Christine Hall To: [EMAIL PROTECTED] Sent: Friday, January 11, 2002 1:45 AM Subject: WWW.FREERADIUS.ORG HiI visited WWW.FREERADIUS.ORG, and noticed that you're not listed on some search engines! I think we can offer you a service which can help you increase traffic and the number of visitors to your website.I would like to introduce you to TrafficMagnet.net. We offer a unique technology that will submit your website to over 300,000 search engines and directories every month. You'll be surprised by the low cost, and by how effective this website promotion method can be. To find out more about TrafficMagnet and the cost for submitting your website to over 300,000 search engines and directories, visit www.TrafficMagnet.net. I would love to hear from you. Best Regards,Christine Hall Sales and Marketing E-mail: [EMAIL PROTECTED] http://www.TrafficMagnet.net
RE:(solved by myself and lots of hours. it was an stupid thing, as my) how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
the error is in portslave conf. open big your EYES ! D O N O T D OI T (SAME IP) in pslave.conf all.authhost1 192.168.122.254 all.accthost1 192.168.122.254 becose i do not have 2 radius servers i put the same on both. damn moment when I do it. It was a week sice it. - Original Message - From: Linux!audimed [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 02, 2001 3:12 AM Subject: RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) ([EMAIL PROTECTED] responding) If I remember correctly, portslave by default tries to communicate with a RADIUS server using ports 1645 instead of the new standard 1812/1813. EXELENT!!! that it the port number ! portslave still use 1645 so I put a -p 1645 to the radiusd command and I get radius and portslave talking between boht machines 192.168.122.254 RadServer(254 on more) and 192.168.122.253 the RadClient (253 on more) I can see it doing tail -f on the logs it was fixed this way. But I cant still authenticate the user.Im using 3 machines for this test . (10dialclient)--(253RadClient)--(254RadServer) w9x Linuxrouter k2.2.16 redhat7.0 2.9.8pre It is intend to: w9x takes 192.168.122.10 IP by example here goes my next problem: IF I use a VALIDuser/WRONGpassword I ged DENIED by 254RadServer and DENIED by 253RadClient that is ok. by the least it looks normal BUT IF I use a VALIDuser/VALIDpassword I ged ACCESS by 254RadServer BUT DENIED by 253RadClient and 254RadServer keeps saying : Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 --- Walking the entire request list --- and 253RadClient keeps saying : Jan 1 02:19:01 myrouter pppd[550]: ul_login(lucas) called Jan 1 02:19:10 myrouter pppd[550]: [EMAIL PROTECTED] not responding at this moment you ask . where are the logs ? OK here is ALL it would be hard but I go on please be patient. I will cut in three important parts: 1 start of RADserver and RADclient(portslave) 2 a try with (valid user/ wrong pass ) 3 a try with (valid user/ valid pass ) # ALL 1 start of RADserver and RADclient(portslave) # portslave 1 from inittab with T0:23:respawn:+/usr/sbin/portslave 0 I ask myself for what is the + in inittab path of portslave ?? but it is not the big problem here. so lets continue... Jan 1 02:00:39 myrouter port[S0]: portslave started on port 0 (ttyS0) Jan 1 02:00:40 myrouter port[S0]: chat_expect() Jan 1 02:00:40 myrouter port[S0]: chat_expect - got it Jan 1 02:00:40 myrouter port[S0]: chat_send(\d\dATZ) Jan 1 02:00:42 myrouter port[S0]: chat_expect(OK\r\n) Jan 1 02:00:42 myrouter port[S0]: chat_expect - got it Jan 1 02:00:42 myrouter port[S0]: waiting for RING END portslave 1 ### radiusd 1 from console debug mode /usr/sbin/radiusd -fxxyz -p 1645 ### Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = yes main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd.pid main: bind_address = 192.168.122.254 IP address [192.168.122.254] main: user = root main: group = root main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: dead_time = 120 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/lib Module: Loaded System unix: cache = no unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints
RE: port number override when starting FreeRadius
I have done it appening -p 1645 (without cuotes) when I call /usr/sbin/radiusd 1645 is the old por used by portslave I beliebe. - Original Message - From: john [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, December 02, 2001 11:59 AM Subject: port number override when starting FreeRadius I am sorry to bother everyone. This is probably such an easy question but I have banged my head to many times looking for an answer...Somebody please help me. I need to know if I can override the default port numbers allocated from the /etc/services file. My requirement is simple, have 2 radius servers on one physical server. I understand how to override the directories at time of configure, my only problem I can foresee is that there will be a conflict in binding to port numbers. Thank you in advance to the person who shares the answer. John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
The log you posted showed that the RADIUS server sent an Access-Accept packet to the client. THat means the server is configured correctly. THX Alan. ! Ok I understand that If the client still does not let the user in, then the client has to be fixed. Right and clear. Do you have any doc tha explain howto set pslave.conf ? I done it with the self instructions of the archive. But is not enough to me. I need to know more since I do not understand well the options. at botom I will copy my pslave.conf file and 254RadServer keeps saying : Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0 Use 'tcpdump' to find out what's going on. The client appears to be sending bad packets to the server. The issue is that I do not know how is a good packet. please show me the way. Alan DeKok. Is a porrtslave from pslave.lrp package 1.17-1 This is the portslave radius client. This package includes pppd-radius 2.3.5. # pslave.conf Here is the sample server configuration file. # Version: 1.17 03-Nov-1998 Donloaded from ftp.linuxrouter.org/pub/linux/linux-router/dists/2.9.8/packages/ Can''t be this version is too old ? #pslave.conf # pslave.conf Here is the sample server configuration file. # # Version: 1.17 03-Nov-1998 # # # Hostname of the system. # conf.hostname dialup.uucp.com # # IP address - if left empty, uses the IP address of the system (hostname). # This is used as the local address for SLIP and PPP connections. # #conf.ipno 192.168.42.21 # # Lock directory - on FSSTND compliant systems it's /var/lock. # conf.lockdir /var/lock # # Where to find the rlogin binary that accepts the -i flag. # conf.rlogin /usr/bin/rlogin-radius # # Where to find our patched pppd that has radius linked in. # conf.pppd /usr/sbin/pppd-radius # # Where to find telnet. This can just be the system telnet. # conf.telnet /usr/bin/telnet # # If you set this to 1, you can always login locally by putting a '!' # before your loginname. Useful for emergencies when the RADIUS server is down. # conf.locallogins 1 # # Logging stuff - this program can use a remote syslog daemon if needed. # If you want to log locally leave the syslog field empty. The facility # field is an integer between 0 and 7 and sets the syslog facility to # local0-local7. # conf.syslog conf.facility 6 # # Stripnames - if you set this to 1, leading P, S, C, L or ! # characters and trailing .slip, .cslip and .ppp strings will be # stripped from the username before it is recorded in the system # utmp and wtmp files (if sysutmp or syswtmp are turned on ofcourse) # conf.stripnames 0 ## ## The all entry is used as a template for all others. This means that ## setting all.debug to 0, you set s0.debug, s1.debug, s2.debug etc. ## to 0. It also means that all these settings can be overridden on a ## per-port basis below. ## # # Debugging output to syslog. Set to 0 or 1. 1 is pretty verbose. # all.debug 1 # # Authentication type - either radius or none. # all.authtyperadius # # Authentication host and accounting host. We can have 2 of both. The # first one is always tried three times before switching to the second one. # They are alternately tried after that, upto maximum 10 times in total. # Timeout is 5 seconds per query. # all.authhost1 192.168.122.254 all.accthost1 192.168.122.254 #all.authhost2 backuphost.someisp.com #all.accthost2 backuphost.someisp.com # # # The shared secret for RADIUS. # all.secret clave2 # # Default protocol and host. This is for rlogin sessions. # #all.protocol rlogin #all.host shellhost.someisp.com # # Default IP stuff. If you end the ipno with a +, the portnumber will # be added to the IP number. The IP number of a port is used when the RADIUS # server doesn't send an IP number, or if it tells us to use a dynamic ipno. # # Leave the netmask at 255.255.255.255, unless your really know what # you're doing. # all.ipno 192.168.122.253 all.netmask 255.255.255.0 all.mtu 1500 # # Standard message that is issued on connect. # all.issue \n\ Cistron Internet Services \n\ POP Alphen aan den Rijn \n\ Welcome to terminal server %h port S%p\n # # Login prompt. # all.prompt Cistron login: # # Terminal type, for rlogin/telnet sessions. # all.term vt100 # # If you want portslave to update the utmp and/or wtmp files just # like a regular getty/login, set these to 1. # all.sysutmp 1 all.syswtmp 0 ## ## Options for the serial port. ## # # Porttype (passed to Radius for logging). # 0 = async, 1 = sync, 2 = ISDN, 3 = ISDN-V120, 4 = ISDN-V110 # all.porttype 0 # # Speed. All ports are set to 8N1. # all.speed 115200 # # Use this to initialize the modem. # all.initchat \d\dATZ OK\r\n-ATZ-OK\r\n # # You can use either waitfor or aa. # all.waitfor RING # # Chat string to get the modem to connect after waitfor. # The @ sign matches (.*)[\r\n] in regexp code, the match is logged # to Radius as Connection-Info. # all.answer ATA CONNECT@ # # Auto answer - if you set this to 1, the system
RE: how to Test my first freeradius install ? OK fixed ! BUT other problem: (long logs) (server@192.168.122.254not responding)
If I remember correctly, portslave by default tries to communicate with a
RADIUS server using ports 1645 instead of the new standard 1812/1813.
EXELENT!!! that it the port number !
portslave still use 1645
so I put a -p 1645 to the radiusd command
and I get radius and portslave talking between
boht machines 192.168.122.254 RadServer(254 on more) and
192.168.122.253 the RadClient (253 on more)
I can see it doing tail -f on the logs
it was fixed this way.
But I cant still authenticate the user.Im using 3
machines for this test .
(10dialclient)--(253RadClient)--(254RadServer)
w9x Linuxrouter k2.2.16 redhat7.0
2.9.8pre
It is intend to: w9x takes 192.168.122.10 IP by example
here goes my next problem:
IF I use a VALIDuser/WRONGpassword I ged DENIED by 254RadServer
and DENIED by 253RadClient
that is ok. by the least it looks normal
BUT
IF I use a VALIDuser/VALIDpassword I ged ACCESS by 254RadServer
BUT DENIED by 253RadClient
and 254RadServer keeps saying :
Malformed RADIUS packet from host 192.168.122.253: Invalid attribute 0
--- Walking the entire request list ---
and 253RadClient keeps saying :
Jan 1 02:19:01 myrouter pppd[550]: ul_login(lucas) called
Jan 1 02:19:10 myrouter pppd[550]: [EMAIL PROTECTED] not responding
at this moment you ask . where are the logs ? OK here is ALL
it would be hard but I go on please be patient.
I will cut in three important parts:
1 start of RADserver and RADclient(portslave)
2 a try with (valid user/ wrong pass )
3 a try with (valid user/ valid pass )
#
ALL 1 start of RADserver and RADclient(portslave)
#
portslave 1 from inittab with T0:23:respawn:+/usr/sbin/portslave 0
I ask myself for what is the + in inittab path of portslave ??
but it is not the big problem here. so lets continue...
Jan 1 02:00:39 myrouter port[S0]: portslave started on port 0 (ttyS0)
Jan 1 02:00:40 myrouter port[S0]: chat_expect()
Jan 1 02:00:40 myrouter port[S0]: chat_expect - got it
Jan 1 02:00:40 myrouter port[S0]: chat_send(\d\dATZ)
Jan 1 02:00:42 myrouter port[S0]: chat_expect(OK\r\n)
Jan 1 02:00:42 myrouter port[S0]: chat_expect - got it
Jan 1 02:00:42 myrouter port[S0]: waiting for RING
END portslave 1
###
radiusd 1 from console debug mode
/usr/sbin/radiusd -fxxyz -p 1645
###
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = /var/run/radiusd.pid
main: bind_address = 192.168.122.254 IP address [192.168.122.254]
main: user = root
main: group = root
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: dead_time = 120
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/lib
Module: Loaded System
unix: cache = no
unix: passwd = /etc/passwd
unix: shadow = /etc/shadow
unix: group = /etc/group
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
Module: Instantiated unix (unix)
Module: Loaded preprocess
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail
detail: detailperm = 384
detail: dirperm = 493
