Re: Urgent

[Marcin Groszek]

Das south Africa government know about this?
Send me my 25% first and i will run the transaction for you.
:)



TIMSON PARTHY wrote:

 Attention:

 I presume this email will not be a surprise to you.

 Am an engineer with the ministry of mineral resources
 and energy in south Africa and also a member of the
 contract awarding committee of this ministry under the south
 Africa government.

 Many year ago, the south Africa government asked this committee
 to awards contracts to foregn firms, in which myself and two
 of my partner are leader of the committee, with our good
 position in this committee, we over involved this contract to
 the tune of of us$21,500,000:00, to be benefited by me and two
 other of my partner that are in charge of this contract awarding
 committee in this ministry.

 Now, that the contracts value has been paid off to the actual
 contractor that executed this job, All we want is a trusted
 foreign partner like you that we shall front to claim this over
 involved sum.

 Upon our agreement to carry on this business transaction with you,
 the said fund will be share as follow, 75% will be for myself and two
 others of my partner, 20% will be for you for using your bank account,
 5% will be set aside for any expenses that might be incurred by us and
 you in the process of the document and other formalities that will
 justify you as the rightful owner of this said fund.

 You should bear in mind that you will be required to put head together
 with us, and give this business transaction moral and financially
 support it required to be successful.

 If you are interested and financially capable in handly this business
 transaction, Kindly reply us through this email address ([EMAIL PROTECTED])
 for more details and to let you know what is required of this business
 transaction to be successful.

 Also we request your private and office phone number to open communication
 with you.

 Your faithfully,

 Timson  Parthy.

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Best Regards: Marcin Groszek
Http://www.hostplus.net
Where we offer:
Server Co-location, Web Site Hosting and Internet Access.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

AS5200

[Marcin Groszek]

I am setting up my first as5200 and i am having really hard time with
it.
One problem is, the subnet mask assign to dial-up users is 255.0.0.0 and
i have no idea how to change it to 255.255.255.0
I am using ip local pool not dhcp server , the ip is getting assign from
local pool but the mask is 255.0.0.0.
I have try to setup user file to test user with static ip address  and
mask 255.255.255.0 but AS still assign ip from local pool.
The authentication is working, i get on line but because mask i am not
able to route.
Any help will do.


--
Best Regards: Marcin Groszek


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: users file cuases error

[Marcin Groszek]

Copy and paste users files aroud line 154.


Simon White wrote:

 15-Nov-02 at 12:01, Alex Zhang ([EMAIL PROTECTED]) wrote :
  Hi,
  FR 0.7.1
  SuSE linux 7.3
  Oracle DB 9i R2
 
  When I use 'radiusd start', it reports:
 
  radiusd: Unexpected character `:' (0x3a)
  radiusd: /etc/raddb/users[154]: Parse error (check) for entry DEFAULT
 
  Why?

 It can't parse the users file, line 154.

 --
 |-Simon White, Internet Services Manager, Certified Check Point CCSA.
 |-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
 |-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
 |-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Best Regards: Marcin Groszek
Http://www.hostplus.net
Where we offer:
Server Co-location, Web Site Hosting and Internet Access.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: group reject with realm problem

[Marcin Groszek]

I have try this and i did not get any positive results.
user get reject but user@realm did not.
I thind i will wait for version 0.8.

Chris Parker wrote:

 At 08:21 PM 11/12/2002 -0600, Marcin Groszek wrote:
 Version 0.7.1
 I am using default radius.config file and i experience problem with
 denying access to group of users.
 Normally I use realm, hunt-group work fine port limit also work but 
 
 Wen i send request to server with realm the server responds OK for user
 in reject group
 but wen i send same request to same server without realm the request is
 getting reject as should be.
 realms file is setup to LOCAL for my realm.
 I include debug from auth.
 
 rad_recv: Access-Request packet from host 127.0.0.1:1025, id=2, length=57
  User-Name = marcin
 modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
  rlm_realm: Looking up realm NULL for User-Name = marcin
  rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop
HASH:  user marcin found in hashtable bucket 68338
HASH:  matched user marcin in group users
  users: Matched DEFAULT at 71
modcall[authorize]: module files returns ok
 modcall: group authorize returns ok
rad_check_password:  Found Auth-Type Reject
 
 
 rad_recv: Access-Request packet from host 127.0.0.1:1025, id=6, length=70
  User-Name = [EMAIL PROTECTED]
 modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
  rlm_realm: Looking up realm hostplus.net for User-Name =
  [EMAIL PROTECTED]
  rlm_realm: Found realm hostplus.net
  rlm_realm: Adding Stripped-User-Name = marcin
rlm_realm: Proxying request from user marcin to realm hostplus.net
  rlm_realm: Adding Realm = hostplus.net
 rlm_realm:  Authentication realm is LOCAL.
 rlm_realm:  auth_port is not set.  proxy cancelled
modcall[authorize]: module suffix returns noop
  users: Matched DEFAULT at 152
modcall[authorize]: module files returns ok
 modcall: group authorize returns ok
rad_check_password:  Found Auth-Type System

 This seems like a bug in the operation of the server.  Assuming you
 have an entry along the lines of:

 DEFAULT   Group == reject, Auth-Type := Reject
  Fall-Through = No

 You could try adding the realm to the check items in a second entry
 such that you now have:

 DEFAULT   Group == reject, Auth-Type := Reject
  Fall-Through = No

 DEFAULT   Group == reject, Realm == hostplus.net, Auth-Type := Reject
  Fall-Through = No

 That may or may not work.  I suspect the problem lies with the Group
 lookup attempting to use 'User-Name' which I think will still contain
 '[EMAIL PROTECTED]'.  Can you include your realm entry for the realm?

 -Chris
 --
 \\\|||///  \  StarNet Inc.  \ Chris Parker
 \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
 | @   @ |\  http://www.starnetwx.net \  (847) 963-0116
 oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Best Regards: Marcin Groszek
Http://www.hostplus.net
Where we offer:
Server Co-location, Web Site Hosting and Internet Access.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: group reject with realm problem

[Marcin Groszek]

realm hostplus.net {
type   = radius
authhost= LOCAL
accthost= LOCAL
}

and file realms
hostplus.netLOCAL

Chris Parker wrote:

 At 10:11 AM 11/13/2002 -0600, Marcin Groszek wrote:
 I have try this and i did not get any positive results.
 user get reject but userrealm did not.
 I thind i will wait for version 0.8.

 What is the realm entry you have in proxy.conf for this realm?

 -Chris
 --
 \\\|||///  \  StarNet Inc.  \ Chris Parker
 \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
 | |\  http://www.starnetwx.net \  (847) 963-0116
 oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Best Regards: Marcin Groszek
Http://www.hostplus.net
Where we offer:
Server Co-location, Web Site Hosting and Internet Access.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: group reject with realm problem

[Marcin Groszek]

I try to use realms or proxy.cong with deferent options: nostrip norealm
But non of the combination  do the job.

Chris Parker wrote:

 At 10:43 AM 11/13/2002 -0600, Marcin Groszek wrote:

 realm hostplus.net {
  type= radius
  authhost= LOCAL
  accthost= LOCAL
 }
 
 and file realms
 hostplus.netLOCAL

 You'll want to use one or the other.  I recommend not using 'realms'
 as that is an older syntax and has fewer features than 'proxy.conf'.

 Something else you could try to to set the users 'shell' entry in the
 system password to '/bin/false' or some other shell that is not
 listed in /etc/shells.  This should also allow the users to be rejected,
 even if the password matches.

 -Chris
 --
 \\\|||///  \  StarNet Inc.  \ Chris Parker
 \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
 | |\  http://www.starnetwx.net \  (847) 963-0116
 oOo---(_)---oOo--\--
\ Wholesale Internet Services - http://www.megapop.net

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Best Regards: Marcin Groszek
Http://www.hostplus.net
Where we offer:
Server Co-location, Web Site Hosting and Internet Access.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

group reject problem

[Marcin Groszek]

Version 0.7.1
I am using default radius.config file and i experience problem with
denying access to group of users.
Normally I use realm, hunt-group work fine port limit also work but 

Wen i send request to server with realm the server responds OK for user
in reject group
but wen i send same request to same server without realm the request is
getting reject as should be.

realms file is setup to LOCAL for my realm.


--
Best Regards: Marcin Groszek
Http://www.hostplus.net
Where we offer:
Server Co-location, Web Site Hosting and Internet Access.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

group reject with realm problem

[Marcin Groszek]

Version 0.7.1
I am using default radius.config file and i experience problem with
denying access to group of users.
Normally I use realm, hunt-group work fine port limit also work but 

Wen i send request to server with realm the server responds OK for user
in reject group
but wen i send same request to same server without realm the request is
getting reject as should be.
realms file is setup to LOCAL for my realm.
I include debug from auth.

rad_recv: Access-Request packet from host 127.0.0.1:1025, id=2, length=57
User-Name = marcin
User-Password = f\326\031*\223\356\232\241\350\201\n\004\257g#\006
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = 100
modcall: entering group authorize
  modcall[authorize]: module preprocess returns ok
rlm_realm: Looking up realm NULL for User-Name = marcin
rlm_realm: No such realm NULL
  modcall[authorize]: module suffix returns noop
  HASH:  user marcin found in hashtable bucket 68338
  HASH:  matched user marcin in group users
users: Matched DEFAULT at 71
  modcall[authorize]: module files returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type Reject
  rad_check_password: Auth-Type = Reject, rejecting user
auth: Failed to validate the user.
Login incorrect: [marcin] (from client localhost port 0)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 2 to 127.0.0.1:1025

rad_recv: Access-Request packet from host 127.0.0.1:1025, id=6, length=70
User-Name = [EMAIL PROTECTED]
User-Password = S\377s.k\034\310\270\006\207\003V\027\335\335\370
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = 100
modcall: entering group authorize
  modcall[authorize]: module preprocess returns ok
rlm_realm: Looking up realm hostplus.net for User-Name = [EMAIL PROTECTED]
rlm_realm: Found realm hostplus.net
rlm_realm: Adding Stripped-User-Name = marcin
  rlm_realm: Proxying request from user marcin to realm hostplus.net
rlm_realm: Adding Realm = hostplus.net
rlm_realm:  Authentication realm is LOCAL.
rlm_realm:  auth_port is not set.  proxy cancelled
  modcall[authorize]: module suffix returns noop
users: Matched DEFAULT at 152
  modcall[authorize]: module files returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type System
modcall: entering group authenticate
  HASH:  user marcin found in hashtable bucket 68338
  modcall[authenticate]: module unix returns ok
modcall: group authenticate returns ok
Login OK: [[EMAIL PROTECTED]] (from client localhost port 0)
Sending Access-Accept of id 6 to 127.0.0.1:1025

--
Best Regards: Marcin Groszek
Http://www.hostplus.net
Where we offer:
Server Co-location, Web Site Hosting and Internet Access.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Group reject

[Marcin Groszek]

I have install freeradius 0.7.1 on slackware 8.0 with shadow password
Installation was ok and basic functions are working.
I have experience problems wen i try to deny access to one of the groups
on the radius server
Following instruction did not help.
I try :
DEFAULT Group == users , Auth-Type :=Reject
DEFAULT Group == users , Auth-Type :=Reject
DEFAULT Group == users , Auth-Type =Reject
DEFAULT Group == users , Auth-Type =Reject
And more before:
DEFAULT  Auth-Type := System
but nothing work.
User marcin , group users was always able to authenticate.
This is a debug of the auth process:

rad_recv: Access-Request packet from host 216.168.1.38:4751, id=131,
length=81
NAS-IP-Address = 216.168.1.38
Calling-Station-Id = 204.251.93.250
User-Name = [EMAIL PROTECTED]
User-Password = \274\252\2162\275\rS+\305F.\240\007Ia
modcall: entering group authorize
  modcall[authorize]: module preprocess returns ok
rlm_realm: Looking up realm hostplus.net for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm hostplus.net
rlm_realm: Adding Stripped-User-Name = marcin
  rlm_realm: Proxying request from user marcin to realm hostplus.net
rlm_realm: Adding Realm = hostplus.net
rlm_realm:  Authentication realm is LOCAL.
rlm_realm:  auth_port is not set.  proxy cancelled
  modcall[authorize]: module suffix returns noop
users: Matched DEFAULT at 6
  modcall[authorize]: module files returns ok
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type System
modcall: entering group authenticate
  modcall[authenticate]: module unix returns ok
modcall: group authenticate returns ok
Login OK: [[EMAIL PROTECTED]] (from client supernews port 0 cli
204.251.93.250)
Sending Access-Accept of id 131 to 216.168.1.38:4751
Finished request 4
Going to the next request

And one more thing.
Will i be able to limit access based on
Called-Station-id ?
If so what would be a process to set this up?




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: User Lock Out

[Marcin Groszek]

Change the user shel to /dev/null.


Nick Marino wrote:

 Is there a way to lock a user out in Dialup Admin, other than changing their
 password?

 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

--
Best Regards: Marcin Groszek
Http://www.hostplus.net
Where we offer:
Server Co-location, Web Site Hosting and Internet Access.




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html