Upgrade questions
Can anyone point in the direction of the best way to upgrade to Freeradius version 0.9.3 from version FreeRADIUS Version 0.8-pre with out losing my current configuration? currently FreeRADIUS Version 0.8-pre is being used to authenticate users dialing into a Lucent Max 6000. If there is any other info you would need just respond here. I'm not looking for any easy out, just want to research all possiblities before I mess with the current installation. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: help - checkrad not being called
I get entries all the time like line 7 below and I have to manually go
in to the database and remove them myself to clear that line for use.
is this similar to your problem?
I see no way to stop it other than manually removing them.
Phone numbers and ip's removed for security
# user ip address caller id name duration
1 sonny 204.49.000.00 0 Sonny Heath 02:38:04
2 robert 204.49.000.00 0 Robert Nelson 02:22:01
3 david 204.49.000.00 00 David Bartlett 01:52:39
4 nicole 204.49.000.00 0 Nicole Nelson 01:19:25
5 coblepdl 204.49.000.00 Betty Coble 00:28:32
6 angelheart 204.49.000.00 Joyce Smith 00:17:58
7 - 8508920287 Unknown User 00:12:08
8 jgodwin 204.49.000.00 0 Jenifer Godwin 00:10:29
9 carolcos1218 204.49.000.00 0 Carol Cosson 00:02:40
-Original Message-
From: [EMAIL PROTECTED]
[mailto:freeradius-users-admin;lists.cistron.nl] On Behalf Of Kostas
Kalevras
Sent: Saturday, October 12, 2002 2:19 PM
To: [EMAIL PROTECTED]
Subject: Re: help - checkrad not being called
On Thu, 10 Oct 2002, Tim wrote:
I have freeradius 0.7 MySQL up and running on a debian woody box
(kernel
2.2-20), and doing all that it should EXCEPT allowing users to login
if
they still have a stale session in the db (Mysql).. I have session{
sql }
in radius.conf set to sql ..
/usr/local/sbin checkrad runs correctly when run manually and I have
it set
to debug mode, so I can see when it is being called .. now, when I
have a
stale session in the DB, and use NTRadPing to request a new auth, it
ALWAYS
comes back saying the user is online, and checkrad never seems to get
called ..
I have searched the archives, and even applied a patch suggested back
in
August, but it still appears checkrad is still not being run.
I have tried with 0.7, and the latest snapshot 1009 .. and both give
the
same result ..
What am I missing that is causing checkrad to be ingnore/not called ??
All help greatly appreciated ..
Tim Fraser
Have you set Simultaneous-Use to 1 for your users?
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.400 / Virus Database: 226 - Release Date: 10/9/2002
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.400 / Virus Database: 226 - Release Date: 10/9/2002
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius and md5
How do I get freeradius to use md5 instead of crypt? I have in my pap settings to use md5 Encryption_scheme = md5 But it still tries to use crypt.. If I put a user in the database with an md5 encrypted password but it gets rejected at loging. But users with a crypt encrypted password log in fine. Any help would be greatly appreciated. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.394 / Virus Database: 224 - Release Date: 10/3/2002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: User Response.
Well Microsoft sucks.. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Kostas Kalevras Sent: Thursday, October 03, 2002 4:34 AM To: [EMAIL PROTECTED] Subject: Re: User Response. On Wed, 2 Oct 2002, Nick Marino wrote: I was curious is there a way for the disconnect reason to be displayed on a users machine when they are rejected from radius. Like normally if you dial in out side your allowed time limit dialup networking just responds with the message that you had an invalid user name or password. I found something in the documentation for my NAS one time where you would change a setting so that would not happen and the user would receive the reply that the radius sent and not the generic bad username or password message. Although I can not locate it now. Anyone know how to do this or is it possible? The RADIUS RFC defines the Reply-Message attribute. This is used by the counter and other modules to send back useful messages to the user. Microsoft's PPP implementation does not support it though so there isn't much you can do. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.393 / Virus Database: 223 - Release Date: 9/30/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.393 / Virus Database: 223 - Release Date: 9/30/2002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User Response.
I was curious is there a way for the disconnect reason to be displayed on a users machine when they are rejected from radius. Like normally if you dial in out side your allowed time limit dialup networking just responds with the message that you had an invalid user name or password. I found something in the documentation for my NAS one time where you would change a setting so that would not happen and the user would receive the reply that the radius sent and not the generic bad username or password message. Although I can not locate it now. Anyone know how to do this or is it possible? --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.389 / Virus Database: 220 - Release Date: 9/16/2002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
port problem
anyone know why I get this error? there is no other radius server running and that port is not inuse on the system. auth bind: Address already in use There appears to be another RADIUS server already running on the authentication port UDP 32768. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How can I configure freeradius0.7.1 to authenticate in Mysql database?
I am using mysql and pap, anything I can do to help? specific config entries in the conf files that is. - Original Message - From: Alberto Pereira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 9:30 AM Subject: How can I configure freeradius0.7.1 to authenticate in Mysql database? Hi, Someone can help me how How can I configure freeradius0.7.1 to authenticate in Mysql database? I read in list archives to put: Auth-Type=Pap But it don´t work! How i can configure Pap to use a mysql table? Thanks. Alberto - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: port problem
nope both are correct in my radius.conf and the services file. already checked both and did a scan on ports in use on my system and that port is not active that is why I can understand radiusd reporting it. - Original Message - From: Chris Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 25, 2002 10:24 AM Subject: Re: port problem At 09:26 AM 9/25/2002 -0500, Nick Marino wrote: anyone know why I get this error? there is no other radius server running and that port is not inuse on the system. auth bind: Address already in use There appears to be another RADIUS server already running on the authentication port UDP 32768. Check that you have the proper ports defined in /etc/services for FreeRADIUS to listen on. Or, you can specify the ports to be used in your 'radiusd.conf' file. I suspect you don't have it defined, or have it defined with a strange value. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ascend Max 6000
Anyone else here using FreeRadius against a Ascend Max 6000? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ascend Max 6000
you using it with sql?? - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 24, 2002 4:53 PM Subject: Re: Ascend Max 6000 Yup! ___ Gustavo A. Lozano Noldata CTO I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein On Tue, 24 Sep 2002, Nick Marino wrote: Anyone else here using FreeRadius against a Ascend Max 6000? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help
got it! Did away with radwatch and went with daemon tools instead. - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 23, 2002 1:34 PM Subject: Re: Help Nick Marino [EMAIL PROTECTED] wrote: Anyone know what this is all about? Weird thing is everything is working perfectly.. but I keep seeing this repeated over and over in the log. You're running radwatch, and there's already a RADIUS server running, so the one that radwatch tries to start fails. Figure out why you've told the machine to start two RADIUS servers, and fix that problem. The log messages should go away. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: a bug or a problem ?
- Original Message -
From: Dyego Souza do Carmo [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, September 23, 2002 1:56 PM
Subject: a bug or a problem ?
I´m using freeradius server 0.7 and mysql
The SQL Connection is OK !
but on /usr/local/radiusd/bin/radtest dyego 123 localhost 0 nervermind
the debug says:
radius_xlat: 'dyego'
sql_set_user: escaped user -- 'dyego'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'dyego' ORDER BY id'
rlm_sql: Reserving sql socket id: 2
query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'dyego' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'dyego' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
query: SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'dyego' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'dyego' ORDER BY id'
query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'dyego' ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'dyego' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
query: SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = 'dyego' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql: check items
Password = 123
rlm_sql: reply items
rlm_sql: Pairs do not match [dyego]
rlm_sql: Released sql socket id: 2
modcall[authorize]: module sql returns notfound
modcall: group authorize returns ok
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
The error is :
rlm_sql: check items
Password = 123
rlm_sql: reply items
rlm_sql: Pairs do not match [dyego]
In SQL database i insert :
insert into usergroup (username,groupname) values ('dyego','geral');
insert into radcheck (username,attribute,value) values
('dyego','Password','123');
is it a bug ? or configuration problem ?
-
++ Dyego Souza do Carmo ++ Dep. Desenvolvimento
-
E S C R I B A I N F O R M A T I C A
-
The only stupid question is the unasked one (somewhere in Linux's HowTo)
Linux registred user : #230601
--
$ look into my eyes
look: cannot open my eyes
-
Reply: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwtmp
I don't know what it was I looked through all the files again and ran your
query and the ip was right.
So finaly I copied the whole Dialup Admin directory from the source and then
redone admin.conf from scratch and now it is working fine.
Wierd, must have been something in there as now it works perfectly.
- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, September 22, 2002 3:33 AM
Subject: Re: radwtmp
On Sat, 21 Sep 2002, Nick Marino wrote:
Nope I had all that set like that. I am using an ascend 6000 max.
Below is the snippet from my admin.conf file for that section.
But it still wont show logged on users. it was working at one time.
Any other suggestions on where to look.. I am really stumped I went
though
just about every file.
general_finger_type:
#general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
#
First of all, if you are using ver 1.59 (check Changelog) and you have
enabled
sessions then you should also use the 'Clear Cache' if you 've done any
changes
in the configuration files. Other than that the only thing I can think of
is
that you have mispelled the nas ip in admin.conf.
Run the following sql query:
SELECT DISTINCT UserName,AcctStartTime,FramedIPAddress,CallingStationId
FROM radacct WHERE AcctStopTime = '0' AND NASIPAddress =
'NAS-IP-ADDRESS'
GROUP BY UserName ORDER BY AcctStartTime;
in sql where NAS-IP-ADDRESS is your NAS ip address and see what happens.
The
page should work if this query returns ok.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwtmp
what is the latest version of Dialup Admin and how can I tell what version I
have.
I looked around the files in there and can't find any version info anywere
and the changelog I have in the 0.7.1 directory shows the last entry of
version 1.30 .
- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, September 22, 2002 3:33 AM
Subject: Re: radwtmp
On Sat, 21 Sep 2002, Nick Marino wrote:
Nope I had all that set like that. I am using an ascend 6000 max.
Below is the snippet from my admin.conf file for that section.
But it still wont show logged on users. it was working at one time.
Any other suggestions on where to look.. I am really stumped I went
though
just about every file.
general_finger_type:
#general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
#
First of all, if you are using ver 1.59 (check Changelog) and you have
enabled
sessions then you should also use the 'Clear Cache' if you 've done any
changes
in the configuration files. Other than that the only thing I can think of
is
that you have mispelled the nas ip in admin.conf.
Run the following sql query:
SELECT DISTINCT UserName,AcctStartTime,FramedIPAddress,CallingStationId
FROM radacct WHERE AcctStopTime = '0' AND NASIPAddress =
'NAS-IP-ADDRESS'
GROUP BY UserName ORDER BY AcctStartTime;
in sql where NAS-IP-ADDRESS is your NAS ip address and see what happens.
The
page should work if this query returns ok.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ICRadius with mysql
not to hard to install an RPM. Obviously its not that important to you or you would at least have tried to get it running first. And on top of that your in the wrong place! - Original Message - From: Franco Guachisaca [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 22, 2002 11:30 AM Subject: ICRadius with mysql I need to install ICRadius with mysql for authentication of users. Somebody can help me? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwtmp
yeah that is what I am talking about. After untarring the source for FreeRadius 0.7.1 I go into the Dialup Admin directory and the change log there has the last entry which is at the top thats says version 1.30. Is that the most current version of Dialup Admin? Is there version info some where in the code so I can tell what version of Dialup Admin I have, Although it is the one that is being distributed with version 0.7.1 of FreeRadius. Other than that there is no clue to what version it is that I can see... - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 22, 2002 2:27 PM Subject: Re: radwtmp On Sun, 22 Sep 2002, Nick Marino wrote: what is the latest version of Dialup Admin and how can I tell what version I have. I looked around the files in there and can't find any version info anywere and the changelog I have in the 0.7.1 directory shows the last entry of version 1.30 . There is a Changelog in the dialup_admin directory. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Daily RADIUS window
I belive this is what you are looking for. Login-Time Help Page Login-Time defines the time span a user may login to the system. The format of a so-called time string is like the format used by UUCP. A time string may be a list of simple time strings separated by | or ,. Each simple time string must begin with a day definition. That can be just one day, multiple days, or a range of days separated by a hyphen. A day is Mo, Tu, We, Th, Fr, Sa or Su, or Wk for Mo-Fr. Any or Al means all days. After that a range of hours follows in hhmm-hhmm format. For example, Wk2305-0855,Sa,Su2305-1655. Radiusd calculates the number of seconds left in the time span, and sets the Session-Timeout to that number of seconds. So if someones Login-Time is Al0800-1800 and he logs in at 17:30, Session-Timeout is set to 1800 seconds so that he is kicked off at 18:00. - Original Message - From: Aaron Paetznick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 22, 2002 5:52 PM Subject: Daily RADIUS window I've looked through the docs and the mailing list archives. I want to be able to limit the time of day when a user can connect with the RADIUS server. I can define a daily total, but that's not going to be useful. For example, I want to be able to disallow a user from authenticating between 10:00PM and 8:00AM every day. Even better would be to further define that as only weekdays. Any suggestions? --Aaron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Daily RADIUS window
Although I have tried using this and it doesnt work. And Also when you try to add the Dialup Access attribute so you can lock a user out or not doesnt work either. You can select to add the attribute but it doesnt add the list just refreshes and you still have the list of attributes in Dialup Admin that you had to start with. - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 22, 2002 6:13 PM Subject: Re: Daily RADIUS window I belive this is what you are looking for. Login-Time Help Page Login-Time defines the time span a user may login to the system. The format of a so-called time string is like the format used by UUCP. A time string may be a list of simple time strings separated by | or ,. Each simple time string must begin with a day definition. That can be just one day, multiple days, or a range of days separated by a hyphen. A day is Mo, Tu, We, Th, Fr, Sa or Su, or Wk for Mo-Fr. Any or Al means all days. After that a range of hours follows in hhmm-hhmm format. For example, Wk2305-0855,Sa,Su2305-1655. Radiusd calculates the number of seconds left in the time span, and sets the Session-Timeout to that number of seconds. So if someones Login-Time is Al0800-1800 and he logs in at 17:30, Session-Timeout is set to 1800 seconds so that he is kicked off at 18:00. - Original Message - From: Aaron Paetznick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 22, 2002 5:52 PM Subject: Daily RADIUS window I've looked through the docs and the mailing list archives. I want to be able to limit the time of day when a user can connect with the RADIUS server. I can define a daily total, but that's not going to be useful. For example, I want to be able to disallow a user from authenticating between 10:00PM and 8:00AM every day. Even better would be to further define that as only weekdays. Any suggestions? --Aaron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Daily RADIUS window
couldnt tell you. It may just work using the flat file approach. I am using it with a mysql database. - Original Message - From: Aaron Paetznick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 22, 2002 6:39 PM Subject: Re: Daily RADIUS window So the issue you're having is with the admin interface you're using? How about if you manually define the attribute in the users file? Does the functionality itself work? --Aaron Nick Marino wrote: Although I have tried using this and it doesnt work. And Also when you try to add the Dialup Access attribute so you can lock a user out or not doesnt work either. You can select to add the attribute but it doesnt add the list just refreshes and you still have the list of attributes in Dialup Admin that you had to start with. - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 22, 2002 6:13 PM Subject: Re: Daily RADIUS window I belive this is what you are looking for. Login-Time Help Page Login-Time defines the time span a user may login to the system. The format of a so-called time string is like the format used by UUCP. A time string may be a list of simple time strings separated by | or ,. Each simple time string must begin with a day definition. That can be just one day, multiple days, or a range of days separated by a hyphen. A day is Mo, Tu, We, Th, Fr, Sa or Su, or Wk for Mo-Fr. Any or Al means all days. After that a range of hours follows in hhmm-hhmm format. For example, Wk2305-0855,Sa,Su2305-1655. Radiusd calculates the number of seconds left in the time span, and sets the Session-Timeout to that number of seconds. So if someones Login-Time is Al0800-1800 and he logs in at 17:30, Session-Timeout is set to 1800 seconds so that he is kicked off at 18:00. - Original Message - From: Aaron Paetznick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 22, 2002 5:52 PM Subject: Daily RADIUS window I've looked through the docs and the mailing list archives. I want to be able to limit the time of day when a user can connect with the RADIUS server. I can define a daily total, but that's not going to be useful. For example, I want to be able to disallow a user from authenticating between 10:00PM and 8:00AM every day. Even better would be to further define that as only weekdays. Any suggestions? --Aaron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help
Anyone know what this is all about? Weird thing is everything is working perfectly.. but I keep seeing this repeated over and over in the log. I am particularly interested in what the auth-bind in use is about. Sun Sep 22 21:25:55 2002 : Info: Starting - reading configuration files ... auth bind: Address already in use Sun Sep 22 21:25:55 CDT 2002: Radius died, restarting.. /bin/mail: Sendmail: command not found /bin/mail: Log: command not found /bin/mail: line 5: syntax error near unexpected token `(0' /bin/mail: line 5: `Total bytes transferred: (0.0 MB)' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwtmp
can anyone tell me why the radwtmp file would not be created? Everything seems to be working fine other than on the DIALUP ADMIN when you click on ONLINE USERS it shows no one is connected although there are and the radwtmp file is not being created and I think that is where it gets its info from. Please help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwtmp
ahhh thanks.. that helps alot. the radutmp is being created, and the info is in the radacct table like it is supposed to as I can look at accounting and that shows the connection there and I can click on the users name and it will show me the info and that they are currently connected and even shows how long they have been on in realtime, but the online users function displays nothing. - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, September 21, 2002 9:55 AM Subject: Re: radwtmp On Sat, 21 Sep 2002, Nick Marino wrote: can anyone tell me why the radwtmp file would not be created? Everything seems to be working fine other than on the DIALUP ADMIN when you click on ONLINE USERS it shows no one is connected although there are and the radwtmp file is not being created and I think that is where it gets its info from. Please help. Not exactly (to say the least). The radwtmp is created by the unix module. So you have to add that in your accounting section. It contains a history of user connections and *not* a list of currently online users. That's the job of the radutmp and sql modules. Dialup Admin will take it's info from the radacct table in sql. It will also first query the NAS through SNMP if you tell it to do so in the admin.conf file. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwtmp
Nope I had all that set like that. I am using an ascend 6000 max.
Below is the snippet from my admin.conf file for that section.
But it still wont show logged on users. it was working at one time.
Any other suggestions on where to look.. I am really stumped I went though
just about every file.
general_finger_type:
#general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
#
- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, September 21, 2002 11:06 AM
Subject: Re: radwtmp
On Sat, 21 Sep 2002, Nick Marino wrote:
ahhh thanks.. that helps alot. the radutmp is being created, and the
info is
in the radacct table like it is supposed to as I can look at accounting
and
that shows the connection there and I can click on the users name and it
will show me the info and that they are currently connected and even
shows
how long they have been on in realtime, but the online users function
displays nothing.
Check conf/admin.conf and especially the comments about
general_finger_type.
Make sure that bin/snmpfinger uses the correct snmpwalk command and that
it
returns the correct results (snmfinger works on cisco access servers). Try
commenting out general_finger_type so that the Online Users page will just
query the radacct table and not try to do a finger on the NAS.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Check-radiusd-config
Anyone know why I am getting the below message when I run check-radius-config? And there is no other radius server running. Module: Instantiated radutmp (radutmp) auth bind: Address already in use There appears to be another RADIUS server already running on the authentication port UDP 32768. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hmmm version 0.8
Anyone see version 0.8 released anywhere. according to this link it was released on 8-22 and shows the complete changelog for it.. http://www.freeradius.org/radiusd/doc/ChangeLog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius install problemo: help
are you authenticating against unix or linux accounts? - Original Message - From: mukhiya gurung [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 18, 2002 1:44 AM Subject: radius install problemo: help **I get this error message when i ran this command radiusd -X: [root@dhcppc3 raddb]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System unix: cache = yes unix: passwd = /etc/passwd unix: shadow = (null) unix: group = /etc/group unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 HASH: Reinitializing hash structures and lists for caching... rlm_unix: You MUST specify a shadow password file! HASH: unable to create user hash table. disable caching and run debugs radiusd.conf[462]: unix: Module instantiation failed. ***When i ran the radtest command i get this error: [root@dhcppc3 raddb]# radtest test test localhost 0 testing123 Sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 Re-sending Access-Request of id 166 to 127.0.0.1:1812 User-Name = test User-Password = \367\303#\n\007\322GS\254\025x\252\240\005\2017 NAS-IP-Address = dhcppc3 NAS-Port-Id = 0 radclient: no response from server Can Someone please advise be on what i am doing wrong or what needs to fixed ? thanks Mike ([EMAIL PROTECTED]) _ Chat with friends online, try MSN Messenger: http://messenger.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See
User Lock Out
Is there a way to lock a user out in Dialup Admin, other than changing their password? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Server Can't Authnticate Login
could be the same problem I had which was I didnt have the auth-type set in my NAS. - Original Message - From: Ahmad S. Taneo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 8:09 AM Subject: Radius Server Can't Authnticate Login Hi!!! I am using freeradius-7.0 in a redhat 7.2 kernel of linux. I have successfully installed freeeradius and binded it to ldap. My problem is when i tried testing the radius server as a dial in server for remote pc, the portslave recognizes incoming call but somehow can't authenticate the login process. but when testing raidius server it gives an Access-Accept to the binded ldap server. I have checked log for radius and it seems it doesn't give any information at all. It's just that the connection died somehow. I would appreciate any help you can give me from anyone of you out there.. ahmadz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: User Lock Out
dont see that anywhere in dialup admin, and I am using a sql database for auth not linux. - Original Message - From: Marcin Groszek [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 9:11 PM Subject: Re: User Lock Out Change the user shel to /dev/null. Nick Marino wrote: Is there a way to lock a user out in Dialup Admin, other than changing their password? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Best Regards: Marcin Groszek Http://www.hostplus.net Where we offer: Server Co-location, Web Site Hosting and Internet Access. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fradius] User Lock Out
Am I in the wrong place? I am not authenticating against linux users. - Original Message - From: R P Herrold [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 9:23 PM Subject: Re: fradius] User Lock Out On Tue, 17 Sep 2002, Nick Marino wrote: Is there a way to lock a user out in Dialup Admin, other than changing their password? passwd -l userid see man passwd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fradius] Re: User Lock Out
My original post was is there anyway to do it in DIALUP ADMIN that comes with free radius to lock a user out other than chaning thier password. - Original Message - From: R P Herrold [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 9:33 PM Subject: Re: fradius] Re: User Lock Out On Tue, 17 Sep 2002, Nick Marino wrote: dont see that anywhere in dialup admin, and I am using a sql database for auth not linux. Ahhh ... I have a presentation on the general topic of command shell MySQL access (in part) at: http://www.colug.net/notes/0208mtg/ This code fragment should work ... $select1 = select passwdhash from usertable \ where userid = '$userid' \ limit 1; $result1 = mysql_query($select1); $row1 = mysql_fetch_assoc($result); $t_passwdhash = $row1[passwdhash]; $t_passwdhash = *20020917* . $passwdhash; $select2 = update usertable set passwdhash = '$passwdhash' \ where userid = '$userid'; $result2= mysql_query($select2); -- Russ Herrold - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
New Question
Is there a way to upgrade to the lastest version of radius with out overwritting my current config files? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fradius] Re: User Lock Out
well I still havent figured out how to control individual users times they are alowed on the system and duration other than making everyone one unlimited time. I dont see where that is located either. - Original Message - From: Tim McCracken [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 9:52 PM Subject: RE: fradius] Re: User Lock Out I recently asked if Free Radius would recognize the Expiration-Date attribute and was told it would, so that should work. It should send an Auth-Reject if the current date/time is later than the expiration date. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nick Marino Sent: Tuesday, September 17, 2002 9:37 PM To: [EMAIL PROTECTED] Subject: Re: fradius] Re: User Lock Out My original post was is there anyway to do it in DIALUP ADMIN that comes with free radius to lock a user out other than chaning thier password. - Original Message - From: R P Herrold [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 9:33 PM Subject: Re: fradius] Re: User Lock Out On Tue, 17 Sep 2002, Nick Marino wrote: dont see that anywhere in dialup admin, and I am using a sql database for auth not linux. Ahhh ... I have a presentation on the general topic of command shell MySQL access (in part) at: http://www.colug.net/notes/0208mtg/ This code fragment should work ... $select1 = select passwdhash from usertable \ where userid = '$userid' \ limit 1; $result1 = mysql_query($select1); $row1 = mysql_fetch_assoc($result); $t_passwdhash = $row1[passwdhash]; $t_passwdhash = *20020917* . $passwdhash; $select2 = update usertable set passwdhash = '$passwdhash' \ where userid = '$userid'; $result2= mysql_query($select2); -- Russ Herrold - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New Question
cool thanks for the info that helps alot. I though about just coping it all to a temp dir and doing it then just coping it back if it got screwed up but that probably would be better that way I would always have a archived backup handy. - Original Message - From: Kevin Bonner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 17, 2002 9:58 PM Subject: Re: New Question Nick, The Makefile is setup so that it won't overwrite your config files. You should be fine by running 'make install'. If you're nervous of doing this, just tar up your raddb directory so you have a way to undo what has been done. Kevin On Tuesday 17 September 2002 22:39, Nick Marino wrote: Is there a way to upgrade to the lastest version of radius with out overwritting my current config files? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius SQL error
I get this message when I try to start FreeRadius. radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections -- they have no such method. When I take it out it starts up fine but how do I then authenticate against the mysql database and not a flat text file. Any help would be greatly appreciated.
