RE: proxy.conf problem
Hi Alan
It worked, like this
I just changed proxy.conf to do this
Instead of
Realm DOMAIN {
Type= radius
Authhost = LOCAL
Accthost = LOCAL
strip
}
I did
Realm DOMAIN {
Type=radius
Authhost= localhost:1812
Accthost = localhost:1813
Secret = whatever
strip
}
and now it is working
do you think this is right ?
CHeers
>"Mustafa N. deeb" <[EMAIL PROTECTED]> wrote:
> Below is the debug of 2 attempts, the first is successful and the
other
> is not
> So compare the two, to see what the differences are.
>
> You do realize that the two usernames "test" and "[EMAIL PROTECTED]" are
>different, don't you? The 'users' file keys on the username, so
>you've got to somehow make those two different usernames the same.
> Hint: look for the 'strip' and/or 'nostrip' option in the proxy
>configuration.
> I'm using ntradping for testing
> I'm surprised that 'radtest', which comes with the server, is
>inadequate.
> Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: proxy.conf problem
Hi
Having this configured already in proxy.conf, why do I have to configure
the users file?
Realm DOMAIN {
Type = radius
authhost = LOCAL
accthost = LOCAL
Strip
}
Is this something standard in radius servers, I've worked with cistron
and icradius, and I usually did it by just adding LOCAL to the realm
file
>From what I saw from debug, the realm module recognizes the realm, but
when
The authorize module reaches "sql", it adds back the full (non-stripped
username) and it fails b/c as you said, for sql it is a different
username
radtest it does the job, but ntradping have nicer interface
cheers
>"Mustafa N. deeb" <[EMAIL PROTECTED]> wrote:
> Below is the debug of 2 attempts, the first is successful and the
other
> is not
> So compare the two, to see what the differences are.
>
> You do realize that the two usernames "test" and "[EMAIL PROTECTED]" are
>different, don't you? The 'users' file keys on the username, so
>you've got to somehow make those two different usernames the same.
> Hint: look for the 'strip' and/or 'nostrip' option in the proxy
>configuration.
> I'm using ntradping for testing
> I'm surprised that 'radtest', which comes with the server, is
>inadequate.
> Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: proxy.conf problem
20 2003 : Debug: Thread 2 handling request 1, (1 handled so far) User-Name = "[EMAIL PROTECTED]" User-Password = "136110" Sat Sep 20 15:26:20 2003 : Debug: modcall: entering group authorize Sat Sep 20 15:26:20 2003 : Debug: modcall[authorize]: module "preprocess" returns ok Sat Sep 20 15:26:20 2003 : Debug: radius_xlat: '[EMAIL PROTECTED]' Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]' Sat Sep 20 15:26:20 2003 : Debug: radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): Reserving sql socket id: 7 Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): User [EMAIL PROTECTED] not found in radcheck Sat Sep 20 15:26:20 2003 : Debug: radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' Sat Sep 20 15:26:20 2003 : Debug: radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): User [EMAIL PROTECTED] not found in radgroupcheck Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): User not found Sat Sep 20 15:26:20 2003 : Debug: rlm_sql (sql): Released sql socket id: 7 Sat Sep 20 15:26:20 2003 : Debug: modcall[authorize]: module "sql" returns notfound Sat Sep 20 15:26:20 2003 : Debug: rlm_sqlcounter: Entering module authorize code Sat Sep 20 15:26:20 2003 : Debug: rlm_sqlcounter: Could not find Check item value pair Sat Sep 20 15:26:20 2003 : Debug: modcall[authorize]: module "noresetcounter" returns noop Sat Sep 20 15:26:20 2003 : Debug: rlm_sqlcounter: Entering module authorize code Sat Sep 20 15:26:20 2003 : Debug: rlm_sqlcounter: Could not find Check item value pair Sat Sep 20 15:26:20 2003 : Debug: modcall[authorize]: module "dailyresetcounter" returns noop Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: No '/' in User-Name = "[EMAIL PROTECTED]", looking up realm NULL Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Found realm "NULL" Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Adding Stripped-User-Name = "[EMAIL PROTECTED]" Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Proxying request from user [EMAIL PROTECTED] to realm NULL Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Adding Realm = "NULL" Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Authentication realm is LOCAL. Sat Sep 20 15:26:20 2003 : Debug: modcall[authorize]: module "realmslash" returns noop Sat Sep 20 15:26:20 2003 : Debug: rlm_realm: Request already proxied. Ignoring. Sat Sep 20 15:26:20 2003 : Debug: modcall[authorize]: module "suffix" returns noop Sat Sep 20 15:26:20 2003 : Debug: modcall: group authorize returns ok Sat Sep 20 15:26:20 2003 : Debug: auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Sat Sep 20 15:26:20 2003 : Debug: auth: Failed to validate the user. Sat Sep 20 15:26:20 2003 : Auth: Login incorrect: [EMAIL PROTECTED]/PROTECTED] (from client mustafa port 0) Sat Sep 20 15:26:20 2003 : Debug: Delaying request 1 for 1 seconds Sat Sep 20 15:26:20 2003 : Debug: Finished request 1 Sat Sep 20 15:26:20 2003 : Debug: Going to the next request Sat Sep 20 15:26:20 2003 : Debug: Thread 2 waiting to be assigned a request Sat Sep 20 15:26:21 2003 : Debug: --- Walking the entire request list --- Sat Sep 20 15:26:21 2003 : Debug: Waking up in 1 seconds... Sat Sep 20 15:26:22 2003 : Debug: --- Walking the entire request list --- Sending Access-Reject of id 1 to 192.116.17.51:1883 Sat Sep 20 15:26:22 2003 : Debug: Waking up in 4 seconds... Sat Sep 20 15:26:26 2003 : Debug: --- Walking the entire request list --- Sat Sep 20 15:26:26 2003 : Debug: Cleaning up request 1 ID 1 with timestamp 3f6c476c Sat Sep 20 15:26:26 2003 : Debug: Nothing to do. Sleeping until we see a request. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, September 17, 2003 4:54 PM To: [EMAIL PROTECTED] Subject: Re: proxy.conf problem "Mustafa N. deeb" <[EMAIL PROTECTED]> wrote: > So far I'm able to authenticate users with any problems, but if I use > [EMAIL PROTECTED] it doesn't > > "user" is ok > [EMAIL PROTECTED]-> LOCAL doesn't authenticate, Have you tried running it in debugging mode, as suggested in the FAQ, README's, and multiple other places? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
proxy.conf problem
Hi
We have just migrated from Icradius
to FreeRadius using the MYSQL module
So far I’m able to authenticate users with any
problems, but if I use [EMAIL PROTECTED] it doesn’t
“user” is ok
[EMAIL PROTECTED] -> LOCAL doesn’t authenticate,
the data in proxy.conf looks like this
realm REALM {
type = radius
authhost = LOCAL
accthost = LOCAL
}
any
idea’s?
cheers
radiusd -x crashes
Hi I have a Freeradius system running on Redhat 9.0, it crashes with Segmentation Fault only if I add -x , debug Any idea's why this is happening CHeers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 0.8.1 -- Login-Time
can u attach some debug messages? - Original Message - From: "Alex Nazarov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 05, 2003 10:57 AM Subject: freeradius 0.8.1 -- Login-Time > Hello, freeradius-users. > > some strange things about Login-Time in 0.8.1. is it my fault or ...? > > 1. first attempt > current time: 1720 > Login-Time = Any1000-1800 > > failure (yes, it complaints about time) > > 2. second attempt > current time: 1721 > > Login-Time = Any1000-1759 > > success > > -- > Best regards, > Alex > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: isdn and caller-id
maybe the guys at the telco doesn't send u the Numbers.. do u have a PRI or R2? At 01:54 PM 4/21/2002, Petre L. Daniel wrote: >i got another nas as a portmaster 3 and it sends the caller-id alright. >the guy who configured the ar 395 assured me that its all being taken care >of. >still i cant see nothing related to the caler id in the detail file. > >On Sat, 20 Apr 2002, Roy Hooper wrote: > > > Be sure your telco is providing you with caller-ID data in the first place. > > All major brand gear (Cisco, Ascend, Livingston) I've encountered is very > > happy to send the caller-ID info when the gear itself gets it. Some gear > > can probably be configured not to send caller-ID. Caller-ID may not be > > available on T1 or E1 based services nor on services talking to modems over > > serial (eg, Portmaster 2). It is possible that the allied telsyn ISDN > > router is a poorly implemented NAS and doesn't support this. > > > > Roy > > > > - Original Message - > > From: "Alan DeKok" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Saturday, April 20, 2002 2:10 PM > > Subject: Re: isdn and caller-id > > > > > > > "Petre L. Daniel" <[EMAIL PROTECTED]> wrote: > > > > i got a allied telesyn ar 395 router for isdn. > > > > i cant see no caller-id with radwho nor dialup_admin .. > > > > everything seems okei in the freeradius conf.. > > > > what can i do to see the telephone numbers? > > > > > > Fix your NAS. The RADIUS server will only log what it receives. If > > > your NAS doesn't send caller ID, then there's nothing you can do to > > > FreeRADIUS to fix it. > > > > > > Alan DeKok. > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > >-- >Petre L. Daniel,System Administrator, >Canad Systems Pitesti SRL Romania, >tel:+4048206200,+4048206201 >email:[EMAIL PROTECTED] >http://www.cyber.ro > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Mustafa N. Deeb , CTO Palnet Communications Ltd. Tel: +970-2-2403434 Fax: +970-2-2403430 email:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: High CPU Load
Hi alan I have upgraded to the latest Snapshot, the CPU issue was solved But still, there is something wrong with accounting through proxy. And here I mean accounting to another radius machine, it does not work..., I just don't see the sessions. Until I add the line I mentioned in my last email, it works Ps. I found it in the users mailing list.. Cheers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, September 27, 2001 5:23 PM To: [EMAIL PROTECTED] Subject: Re: High CPU Load "Mustafa N. Deeb" <[EMAIL PROTECTED]> wrote: > I have moved 10 access servers today to FreeRadius, everything seems to > be fine > > But the more access servers I add, the higher CPU gets > > Radius.log is full of these entries, it says authentication, but 1646 is > the accounting port > > Thu Sep 27 09:08:32 2001 : Error: Dropping conflicting authentication > packet from client XXX:1646 - ID: 183 Yes. Upgrade to the latest CVS snapshot. There's at least a work-around for this problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
High CPU Load
Hi, I have moved 10 access servers today to FreeRadius, everything seems to be fine But the more access servers I add, the higher CPU gets Radius.log is full of these entries, it says authentication, but 1646 is the accounting port Thu Sep 27 09:08:32 2001 : Error: Dropping conflicting authentication packet from client XXX:1646 - ID: 183 Thu Sep 27 09:08:32 2001 : Error: Dropping conflicting authentication packet from client XXX:1646 - ID: 185 Thu Sep 27 09:08:34 2001 : Error: Dropping conflicting authentication packet from client X:1646 - ID: 95 Thu Sep 27 09:08:36 2001 : Error: Dropping conflicting authentication packet from client :1646 - ID: 98 Thu Sep 27 09:08:36 2001 : Error: Dropping conflicting authentication packet from client :1646 - ID: 102 Thu Sep 27 09:08:37 2001 : Error: Dropping conflicting authentication packet from client XXX:1646 - ID: 233 Thu Sep 27 09:08:37 2001 : Error: Dropping conflicting authentication packet from client XXX:1646 - ID: 235 Thu Sep 27 09:08:42 2001 : Error: Dropping conflicting authentication packet from client :1646 - ID: 112 Thu Sep 27 09:08:43 2001 : Error: Dropping conflicting authentication packet from client X:1646 PID USERNAME PRI NICE SIZERES STATETIME WCPUCPU COMMAND 92572 nobody51 0 7156K 5640K RUN 16:01 98.00% 98.00% radiusd I hope someone have any idea about this! Note: FreeRadius is working as a proxy machine, proxying to 4 machines... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Proxying to Cistron
I have the same problem,
On the mailing list for freeRadius, there is a posted patch for this.
Accounting through proxy does not work
You have to the changes below and recompile, I hope FreeRadius
programmers will add this in next releases
in acct.c
line 57
reply = RLM_MODULE_OK;
/*
* Do accounting
*/
reply = module_accounting(request);
/*
* Maybe one of the preacct modules has decided
* that a proxy should be used. If so, get out of
* here and send the packet.
*/
if(pairfind(request->config_items, PW_PROXY_TO_REALM)) {
module_accounting(request); <- ADD THIS
return reply;
}
Cheers
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Aaron
Weiker
Sent: Thursday, September 27, 2001 1:01 AM
To: [EMAIL PROTECTED]
Subject: Re: Proxying to Cistron
> Cistron does send the ack packet correctly, but FreeRADIUS
> remains oblivious to it and keeps on sending the acc start and
> stop packets for nearly 20 times.
>
>
> --
> Mojahed
> System Administrator
> Agni Systems Limited
I'm currently using Steel-Belted and I had this similar experience
recently
proxying to a Cistron AAA server. What appeared to be the problem was an
incorrect shared secret. You may want to double check that. It's
definatly
something that is easily overlooked.
Aaron Weiker
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy Setup.
Hi I have 2 radius servers running, Freeradius in the front, and another one in the backend I want the Freeradius to append some settings in addition to the settings coming from the one in the backend Depending on the profile the user have in usergroup in MYSQL. Basically I had to do this, since in a proxy setup you can't pass Tunnel Attributes. 2- I'm using usernames similar to this, 151000 , in hints, can I do this DEFAULT Prefix="151*". Best Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DEFAULT GROUP
Hi, I’m using Freeradius with MYSQL When I add this to the users file # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # from where does it read the group? Is it from usergroup , or /etc/group . Cheers
RE: rlm_counter not working
You are right , installing gdbm from port fixed it.. Anyways, what does it take to add another checkitem to freeradius Total-Time-Limit : Integer Once set, the user can't login after certain number of secs. Cheers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of [EMAIL PROTECTED] Sent: Sunday, September 09, 2001 4:42 PM To: [EMAIL PROTECTED] Subject: Re: rlm_counter not working "Mustafa N. Deeb" <[EMAIL PROTECTED]> wrote: > radiusd.conf[546] Failed to link to module 'rlm_counter': file not found > > when I looked in /usr/local/lib I found all of them rlm_* rlm_counter > wasn't there > > recompiled it again , same result. Did you look at the messages produced during the compilation? rlm_counter requires the GNU database libraries. If you don't have those, rlm_counter won't build. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_counter not working
Hi I’m trying to configure the counter module when I uncommented it from the authorize module, But I’m getting this radiusd.conf[546] Failed to link to module 'rlm_counter': file not found when I looked in /usr/local/lib I found all of them rlm_* rlm_counter wasn’t there recompiled it again , same result. any idea?
RE: trying to understand module counter?
Ok, one last thing
Reset = never??
At 01:18 PM 9/5/2001 +0200, you wrote:
>Hi all
>
>We can do this in radiusd.conf
>
>DEFAULT Daily-Session-Time > 3600, Auth-Type = Reject
Actually, you put the DEFAULT into the 'users' file, but I think you
knew that.
>What are the keywords that are supported?
What do you mean by this? Can you expand your question? There are
examples and an explanation in the comments for this module in the
'radiusd.conf' file.
>Can we do DEFAULT Total-Session-Time > 3600, Auth-Type = Reject?
Yes, please read the docs, it tells you what you can change in the
'radiusd.conf' file.
You would want something similar to:
counter {
filename = ${raddbdir}/db.counter
key = User-Name
count-attribute = Acct-Session-Time
reset = monthly
counter-name = Daily-Session-Time
check-name = Total-Session-Time
allowed-servicetype = Framed-User
cache-size = 5000
}
Give it a try, and test it, don't be afraid to change values.
-Chris
--
\\\|||/// \ Chris Parker-Manager, Development Engineering
\ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED]
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Without C we would have 'obol', 'basi', and 'pasal'
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
trying to understand module counter?
Hi all We can do this in radiusd.conf DEFAULT Daily-Session-Time > 3600, Auth-Type = Reject What are the keywords that are supported? Can we do DEFAULT Total-Session-Time > 3600, Auth-Type = Reject? Best Regards Mustafa N. Deeb Technical Manager Palnet Communications Ltd. Tel: ++972-2-2403434 Fax: ++972-2-2403430 www.palnet.com
nostrip not working
Hi, I have succeeded in configuring a realm for IPASS, slashrealm But it keeps on strip the domain name , although I almost filled up the config file with nostrip nostrip In proxy.conf and realms Any idea CHeers Mustafa N. Deeb Technical Manager Palnet Communications Ltd. Tel: ++972-2-2403434 Fax: ++972-2-2403430 www.palnet.com
RE: no memory !!!
Commenting out the bleow 3 lines, solved the issue
preacct {
suffix
files
preprocess
}
Mustafa N. Deeb
Technical Manager
Palnet Communications Ltd.
Tel: ++972-2-2403434
Fax: ++972-2-2403430
www.palnet.com
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of
[EMAIL PROTECTED]
Sent: Sunday, August 26, 2001 3:17 PM
To: [EMAIL PROTECTED]
Subject: Re: no memory !!!
"Mustafa N. Deeb" <[EMAIL PROTECTED]> wrote:
> And this turned out,, I'm using auth and authorization through mysql..
>
> The process died, the server has plenty of memory though
If the server dies with a "no memory" message, then it was unable to
allocate memory.
On the other hand, you may have found a bug, but I've never seen
that here.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
no memory !!!
Hi , I was running radiusd –xxxyA , And this turned out,, I’m using auth and authorization through mysql.. The process died, the server has plenty of memory though Thread 1 handling request 0, (1 handled so far) Acct-Session-Id = "1E001242" User-Name = "X" NAS-IP-Address = x NAS-Port-Id = 9 Acct-Status-Type = Stop Acct-Session-Time = 2177 Acct-Authentic = RADIUS Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = XXx Acct-Delay-Time = 612275 modcall: entering group preacct rlm_realm: Proxying request from user X to realm NULL no memory
Dynamic Pools
hi, how can I tell radius, if this user is from Group X, assign an IP from POOL A? cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Weird configure on BSD
u are right, I'm really sorry don't know what happened? Cheers -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: 18 March 1999 12:45 To: [EMAIL PROTECTED] Subject: Re: Weird configure on BSD "Mustafa N. Deeb" <[EMAIL PROTECTED]> wrote: > downloaded freeradius-0.2, ran ./configure then make > I got alot of errors, and when I tried to load it , radiusd gave me an error > about loading something in the dictionary If you read the error, it would tell you what went wrong, and would give you strong hints for how to fix it. > make clean > > deleted all of the directory > > extracted the files again > > forgot to run configure , and ran make immediately > > not a single error, and radiusd ran like a beauty. :):):) Hmm... I think you did something else, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Weird configure on BSD
hi all I'm running BSD 4.3 downloaded freeradius-0.2, ran ./configure then make I got alot of errors, and when I tried to load it , radiusd gave me an error about loading something in the dictionary make clean deleted all of the directory extracted the files again forgot to run configure , and ran make immediately not a single error, and radiusd ran like a beauty. :):):) just a FYI for BSD users Cheers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
