RE: Help with FreeBSD4.6

2002-09-18 Thread Mathias . Kenfack-Tabakem 

I am running FreeRadius 0.7.1 on FreeBSD 4.6 below is a sample of my user
file

userid Auth-Type += System, Service-Type == Login

(I hope this helps)

This tells radius to use /etc/master.passwd for authentication and it works
on my. I do have a problem though. After login, I don't have any privilege
commands (I can't even read the running config on Extreme switches - but I
can on Cisco and Foundry) So my problem is only with Extreme.

I used  the Service-Type = Administrative (as specified in rfc2865) but
freeradius complains Unknown value Administrative for attribute
Service-Type

Can anyone please tells me if FreeRadius support rfc2865 attributes.

Thanks in advance,
Many thanks for your help with accounting issue I'll have another go at it
next week. Victor says it works on his system so it is possible.

Mathias,


-Original Message-
From: Monah Baki [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2002 21:16
To: [EMAIL PROTECTED]
Subject: Re: Help with FreeBSD4.6 


Any comments are most welcome, I'm still learning :)

I have Freeradius running on FreeBSD 4.6.2, and Openbsd as a client 
(Still in a test environment)

vi /usr/local/radius/etc/raddb/users
add the following:

userid1   Auth-Type := Local, User-Password == password

vi /usr/local/radius/etc/raddb/clients.conf
client client IP {  My OpenBSD IP address
 secret  = Shared key   must match the shared key 
in /etc/raddb/servers
 shortname   = name_of_server
}


On the Openbsd server:
vi /etc/login.conf
add the following:
New_Login_Class:\
 :requirehome@:\
 :auth=radius:\
 :radius-server=IP address of radius-server:\
 :radius-timeout=1:\
 :radius-retries=5:

add the following as root
useradd -m -d /home/userid1 -c test radius user -s /bin/ksh -u 
1 -L New_Login_Class userid

mkdir -m 755 /etc/raddb
echo ip radius server shared key  /etc/raddb/servers
chmod 400 /etc/raddb/servers

On Wednesday, September 18, 2002, at 03:47  AM, Gian-Carlo Baldarelli 
wrote:

 I need only system authentication and as I red in the conf

 - I comment out in radius.conf

 #  for some systems, like FreeBSD.
 #
 #passwd = /etc/passwd
 #   shadow = /etc/shadow
 group = /etc/group

 - Radius is running under nobody:nobody

 output:
 ...
  rad_check_password:  Found Auth-Type System
 auth: type System
 modcall: entering group authenticate
 rlm_unix: [remadmin]: invalid password
   modcall[authenticate]: module unix returns reject
 modcall: group authenticate returns reject
 auth: Failed to validate the user.

 ..

 Where is the problem ?
 The password is correct, the user can log on locally
 Has this user to be part of a particular group ?
 Where I do configure the group that has the authorizations ???


 -Messaggio originale-
 Da: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]]Per conto di Artur
 Hecker
 Inviato: martedì 17 settembre 2002 15.55
 A: [EMAIL PROTECTED]
 Oggetto: Re: R: R: radius.conf


 hi

 Here is my user in /etc/passwd

 demo:*:1906:100:demo:/home/ftp/./:/etc/notelnet

 until know the user config file, is the user.sample with no change

 can you login locally with the password you used? does radius read both
 /etc/passwd AND /etc/shadow? i can't see it in the log since you
 truncated it.


 rlm_unix: [demo]: invalid password
   modcall[authenticate]: module unix returns reject
 modcall: group authenticate returns reject
 auth: Failed to validate the user.


 ciao
 artur


 --
 Artur Hecker   Groupe Accès et Mobilité
 hecker[at]enst[dot]fr   Département Informatique et Réseaux
 +33 1 45 81 7507  46, rue Barrault 75634 Paris cedex 13
 http://www.infres.enst.frENST Paris

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html


 -
 List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


DISCLAIMER
This e-mail is intended only for the use of the addressees named above and
may be confidential. If you are not an addressee you must not read it and
must not use any information contained in nor copy it nor inform any person
other than TeleCity Limited or the addressees of its existence or contents.
If you have received this email and are not a named addressee, please delete
it and notify the TeleCity IT department on 0161 226 7643 or by email at
[EMAIL PROTECTED]



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Cisco accounting

2002-09-17 Thread Mathias . Kenfack-Tabakem 

I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is
working just fine. But accounting only works on Foundry and not Cisco. I'm
not sure if anyone has experienced this in the pass. Any help is
appreciated.

Regards
Mathias,


DISCLAIMER
This e-mail is intended only for the use of the addressees named above and
may be confidential. If you are not an addressee you must not read it and
must not use any information contained in nor copy it nor inform any person
other than TeleCity Limited or the addressees of its existence or contents.
If you have received this email and are not a named addressee, please delete
it and notify the TeleCity IT department on 0161 226 7643 or by email at
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Cisco accounting

2002-09-17 Thread Mathias . Kenfack-Tabakem 

If someone logs in to a router and issue a command, this is recorded in a
file. I currently use IOS 12.2 The following commands are configured on the
Cisco router. 

aaa accounting commands 15 acc1 start-stop radius
radius-server host x.x.x.x auth-port 1812 acct-port 1813 this
radius-server key x

Foundry has the same config and is working as it should. Below is a snapshot
of the file freeradius has generated for a Foundry.



Mon Sep 16 22:07:56 2002
User-Name = mathias
NAS-IP-Address = x.x.x.x
NAS-Port = 1
NAS-Port-Type = Virtual
Calling-Station-Id = x.x.x.x
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
Service-Type = NAS-Prompt-User
Acct-Session-Id = 0
Attr-130482178 = copy running-config tftp x.x.x.x lon50big.conf
Acct-Delay-Time = 0
Client-IP-Address = x.x.x.x
Timestamp = 1032210476

Mon Sep 16 22:08:38 2002
User-Name = mathias
NAS-IP-Address = x.x.x.x.x
NAS-Port = 1
NAS-Port-Type = Virtual
Calling-Station-Id = x.x.x.x
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
Service-Type = NAS-Prompt-User
Acct-Session-Id = 0
Attr-130482178 = exit
Acct-Delay-Time = 0
Client-IP-Address = x.x.x.x
Timestamp = 1032210518

Mathias,

-Original Message-
From: Frank Cusack [mailto:[EMAIL PROTECTED]]
Sent: 18 September 2002 05:09
To: [EMAIL PROTECTED]
Subject: Re: Cisco accounting


On Wed, Sep 18, 2002 at 04:05:58AM +0100,
[EMAIL PROTECTED] wrote:
 I recently installed freeradius 0.7.1 on freebsd4.6 and authentication is
 working just fine. But accounting only works on Foundry and not Cisco. I'm
 not sure if anyone has experienced this in the pass. Any help is
 appreciated.

Exactly what kind of accounting are you talking about here?  Cisco IOS
(up to 12.1 at least) does not support command accounting via RADIUS.
Other accounting should be supported but I have no further info on it.

/fc

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


DISCLAIMER
This e-mail is intended only for the use of the addressees named above and
may be confidential. If you are not an addressee you must not read it and
must not use any information contained in nor copy it nor inform any person
other than TeleCity Limited or the addressees of its existence or contents.
If you have received this email and are not a named addressee, please delete
it and notify the TeleCity IT department on 0161 226 7643 or by email at
[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html