Re: rlm_detail: Failed to create directory /var/log/radius/radacct/192.168.1.75: Permission denied
At Sun, 21 Dec 2003 19:32:19 -0600,
Radius Admin wrote:
>
> [1 ]
> I am receiving the following problems when trying to authenticate users
> with the auth_log and auth_detail sections Of radiusd.conf turned on.
>
> This is what I am seeing in debug mode:
>
> --- Walking the entire request list ---
> Cleaning up request 3 ID 102 with timestamp 3fe5
> Nothing to do. Sleeping until we see a request.
> rad_recv: Access-Request packet from host 192.168.1.75:2193, id=102,
> length=57
> User-Name = "[EMAIL PROTECTED]"
> CHAP-Password = 0xe2fb635de078f97ce128cbe469b79867a3
> modcall: entering group authorize for request 5
> modcall[authorize]: module "preprocess" returns ok for request 5
> radius_xlat: '/var/log/radius/radacct/192.168.1.75/detail'
> rlm_detail: %A/%{Client-IP-Address}/detail expands to
> /var/log/radius/radacct/192.168.1.75/detail
> rlm_detail: Failed to create directory
> /var/log/radius/radacct/192.168.1.75: Permission denied
> modcall[authorize]: module "auth_log" returns fail for request 5
> modcall: group authorize returns fail for request 5
> Finished request 5
> Going to the next request
>
>
It's pretty simple: the user the radiusd runs as, does not have
priviledges to write to the /var/log/radius/radacct/192.168.1.75
directory. Change the ownership of this dir (/var/log/radius/radacct)
to the user freeradius runs as and give write permissions.
>
> Does anybody have any clue as to why this would be happening?
>
>
>
>
> [2 ]
>
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
At Mon, 15 Dec 2003 12:57:24 +,
James Green wrote:
>
> ZORBADELOS KONSTANTINOS wrote:
>
You said you used radiusd -x and not radiusd -X (case is important).
Please send the output you receive from radiusd -X. See the rlm_sql
and radius_xlat messages. Perhaps something is wrong with the
configuration of queries.
> >At Mon, 15 Dec 2003 10:25:36 +,
> >James Green wrote:
> >
> >
> >Use radiusd -X and see what happens with the requests. You should see
> >the sql queries that the server tries to execute.
> >
> >
>
> Zorbadelos,
>
> This has been done. That is how I know it connects to the database, but
> doesn't perform any SQL queries.
>
> I can get it to look up the user in the database even, it just refuses
> to log the result in the database.
>
> Its driving me up the wall :-(
>
> James
>
> >
> >
> >>Good morning all,
> >>
> >>We have a server with a really old copy of FreeRADIUS logging accounting
> >>data to mysql 3.xx. We are now in the process of upgrading to the latest
> >>stable of mysql 4 and freeradius.
> >>
> >>We've built the system on a separate machine and it works during
> >>testing, except it doesn't log anything to mysql. We have authorisation
> >>checks using flat files, but use mysql for logging.
> >>
> >>radtest works fine, nothing in mysql. radiusd -x shows it connects fine
> >>to the mysql server, and mysqld shows it has connected.
> >>
> >>Yet there is no sqltrace.sql file either.
> >>
> >>We have confirmed the username/password details can log in, and the
> >>table names are correct. The accounting{} part is as default, with 'sql'
> >>right above 'unix'.
> >>
> >>Some help would be appreciated. We are at a loss!
> >>
> >>Thanks,
> >>
> >>James Green
> >>
> >>
> >>
> >>-
> >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >>
> >>
> >==
> > Kostas Zorbadelos
> > Currently at: Otenet IT Department
> > mailto: [EMAIL PROTECTED]
> >
> > Out there in the darkness, out there in the night
> > out there in the starlight, one soul burns brighter
> > than a thousand suns.
> >
> >
> >-
> >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> >
> >
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius 0.9.3 / mysql 4.0.16: no logging
At Mon, 15 Dec 2003 10:25:36 +,
James Green wrote:
>
Use radiusd -X and see what happens with the requests. You should see
the sql queries that the server tries to execute.
> Good morning all,
>
> We have a server with a really old copy of FreeRADIUS logging accounting
> data to mysql 3.xx. We are now in the process of upgrading to the latest
> stable of mysql 4 and freeradius.
>
> We've built the system on a separate machine and it works during
> testing, except it doesn't log anything to mysql. We have authorisation
> checks using flat files, but use mysql for logging.
>
> radtest works fine, nothing in mysql. radiusd -x shows it connects fine
> to the mysql server, and mysqld shows it has connected.
>
> Yet there is no sqltrace.sql file either.
>
> We have confirmed the username/password details can log in, and the
> table names are correct. The accounting{} part is as default, with 'sql'
> right above 'unix'.
>
> Some help would be appreciated. We are at a loss!
>
> Thanks,
>
> James Green
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Kill -HUP in debug mode eats all CPU
At Fri, 12 Dec 2003 19:24:03 +0200, ZORBADELOS KONSTANTINOS wrote: Here is the output after adding "debug_level = 2" as the last line of radiusd.conf. Sorry for the delay I was off for the weekend. By the way I compiled freeradius on another SUN machine (much bigger) with gcc 2.95.3 and in the HUP signal it didn't eat the cpu (without connections to an sql database). Thanks Alan. --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. Reloading configuration files. reread_config: reading radiusd.conf Config: including file: /export/home/radius/freeradius-0.9.3/BUILD/etc/raddb/proxy.conf Config: including file: /export/home/radius/freeradius-0.9.3/BUILD/etc/raddb/clients.conf Config: including file: /export/home/radius/freeradius-0.9.3/BUILD/etc/raddb/snmp.conf Config: including file: /export/home/radius/freeradius-0.9.3/BUILD/etc/raddb/oraclesql.conf main: prefix = "/export/home/radius/freeradius-0.9.3/BUILD" main: localstatedir = "/export/home/radius/freeradius-0.9.3/BUILD/var" main: logdir = "/export/home/radius/freeradius-0.9.3/BUILD/var/log/radius" main: libdir = "/export/home/radius/freeradius-0.9.3/BUILD/lib" main: radacctdir = "/export/home/radius/freeradius-0.9.3/BUILD/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/export/home/radius/freeradius-0.9.3/BUILD/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/export/home/radius/freeradius-0.9.3/BUILD/var/run/radiusd/radiusd.pid" main: user = "radius" main: group = "other" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/export/home/radius/freeradius-0.9.3/BUILD/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = yes proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 2 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup rlm_sql (sql1): Closing sqlsocket 2 rlm_sql (sql1): Closing sqlsocket 1 rlm_sql (sql1): Closing sqlsocket 0 rlm_sql (sql2): Closing sqlsocket 2 rlm_sql (sql2): Closing sqlsocket 1 rlm_sql (sql2): Closing sqlsocket 0 Bus Error (core dumped) == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kill -HUP in debug mode eats all CPU
Hello to everyone. As I have seen in a previous post a bug that occasionaly crashed the server when it received a HUP signal has been fixed. After compiling the latest release (0.9.3) on a SUN Ultra 100 (Solaris 8) I noticed that when I start the server in debug mode (radiusd -X) and send it a HUP signal it says that it rereads the configuration files but it eats the CPU resources, does not serve requests and it can't receive any other signal apart from -9. I used gcc 2.95.3. In the previous release when a HUP was received (in debug mode) the server crashed always. Here is part of the output from the first HUP signal --- Walking the entire request list --- Nothing to do. Sleeping until we see a request. Reloading configuration files. reread_config: reading radiusd.conf Config: including file: /export/home/radius/freeradius-0.9.3/BUILD/etc/raddb/proxy.conf Config: including file: /export/home/radius/freeradius-0.9.3/BUILD/etc/raddb/clients.conf Config: including file: /export/home/radius/freeradius-0.9.3/BUILD/etc/raddb/snmp.conf Config: including file: /export/home/radius/freeradius-0.9.3/BUILD/etc/raddb/oraclesql.conf main: prefix = "/export/home/radius/freeradius-0.9.3/BUILD" main: localstatedir = "/export/home/radius/freeradius-0.9.3/BUILD/var" main: logdir = "/export/home/radius/freeradius-0.9.3/BUILD/var/log/radius" main: libdir = "/export/home/radius/freeradius-0.9.3/BUILD/lib" main: radacctdir = "/export/home/radius/freeradius-0.9.3/BUILD/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/export/home/radius/freeradius-0.9.3/BUILD/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/export/home/radius/freeradius-0.9.3/BUILD/var/run/radiusd/radiusd.pid" main: user = "radius" main: group = "other" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/export/home/radius/freeradius-0.9.3/BUILD/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = yes proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. For anything else you might need to trace the error let me know. == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius with existing Oracle Database
At Thu, 11 Dec 2003 16:08:17 +0545 (NPT), [EMAIL PROTECTED] wrote: > > Hello: > > I have been going through doc, internet resources, configuration files and > items, and code itself regarding FreeRadius (freeradius-0.9.3) for about > two weeks now. > > Here is the task. > > We have an ORACLE database that has stored procedures for authorizing and > accounting incoming RADIUS requests. Further as it is something which is > application-specific, the database structure in ORACLE is *obviously* > different than that of RADIUS schema. > > Does anyone know of any information on implementing FreeRadius with > existing Oracle DB structure? (please be kind) > > With Regards, > Bhaskar. > I have been using freeradius with an Oracle DB for quite some time without any problems. The queries are fully configurable in oraclesql.conf. I just had to provide appropriate views for rad(group)check, rad(group)reply and also create the radaccct table. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Apologies; Ignoring Request from unknown client 192.168.2.102:2786
At Fri, 5 Dec 2003 05:43:11 -0700, Justin Bailey wrote: > > I believe I restarted freeRadius. If so, that did not fix it. I ended > up rebooting the system and then started up freeRadius again. Will that > restart it? How do I restart it without rebooting? (I know it involves > the radiusd.pid file, but also being new to Linux, this is an > interesting challenge.) > > Justin > Have a look at rc.radiusd script in your sbin directory. In general rebooting the entire system for restarting a single process is something that should never be done in a UNIX like operating system. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL with FreeRadius (rlm_sql_mysql driver problem)
At Wed, 3 Dec 2003 13:22:14 -0500,
Michael Shanafelt wrote:
>
Look into your ${exec_prefix}/lib to see if you have something like
rlm_sql_mysql.so -> rlm_sql_mysql-0.9.2.so
If you don't, make sure you have mysql-dev packages installed (header
files and stuff) and recompile paying attention to configure and make
messages.
> OK, I had my FreeRadius server working fine for Wireless LAN MAC
> authentication using the clients and users text files.
>
> My next step was to setup a MySQL database that would store the
> usernames and groups rather than having the text file. I followed the
> directions in Hassell's RADIUS book and everything was successful until
> I issued the radiusd -x -x command to start the server.
>
> Now I'm getting an error stating:
> rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found
> rlm_sql (sql): Make sure it (and all its dependent libraries!) are in
> the search path of your system's ld.
> Radiusd.conf[14]: sql: Module instantiation failed.
>
> My limited knowledge tells me that the rlm_sql_mysql driver isn't
> installed. Is this correct? How can I fix it?
>
> Thanks,
> Mike
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth MS-CHAP and mysql
At Mon, 1 Dec 2003 12:10:51 -0500, Duane Barnes wrote: > > [1 ] > I'm using freeradius 0.7.1. and mysql 3.23. I'm trying to setup radius to > allow ms-chap and have gotten it to instantiate the module, but I don't know > how to enter the ms-chap password into the mysql db. Below is the error: > > Error: rlm_sql_authorize: no rows returned from query (no such user) > Auth: Login incorrect: [testuser/] (from client radius port > 0) > [2 ] > http://www.frontios.com/freeradius.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL Instructions . . .
At Thu, 27 Nov 2003 09:06:50 -0800, Jason Flatt wrote: > > When I first setup freeradius about 2 months ago, I was following a HOW-TO > someone had up which showed how to get freeradius working with mysql. Now > I'm looking for it and I cannot locate it. Can someone point me in the > correct direction? > Perhaps you mean this http://www.frontios.com/freeradius.html > > -- > Jason Flatt (jason @ flattfamily . com) > Father of five (http://www.flattfamily.com/) > Linux user (http://www.sourcemage.org/) > IRC Nick: Oadae Channels: #sourcemage, #lvlug Server: irc.freenode.net > PGP Key: E992213F - 0254 9DB7 BE0E 312D 8352 6E39 0700 FB95 E992 213F > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication process
At Wed, 26 Nov 2003 11:55:30 -0800 (PST), Mike Million wrote: > Hi, I had a talk with a guy in my company that has experience setting up wireless stuff as I do not have any experience on that (I have a bit in the radius part). He told me that there are commercial solutions that offer the functionality you request, that is direct a user to a web page for AAA and engage a radius session. They are used in wireless environments and intercept the traffic before the outgoing router and enforce the policy you configure. Some solutions are Cisco BBSM, Nomadix USG, Nokia PO22. Without having any experience on that as I told you before, if I had to do such a project I would also try to find out if the functionality can be achieved using open source (free) software. We already have the radius part. I have seen a relevant article in linux journal http://www.linuxjournal.com/article.php?sid=6897 (Linux Makes Wi-Fi Happen in New York City) and also http://www-106.ibm.com/developerworks/library/l-wap.html?ca=dnt-429 (Building a wireless access point on Linux) I don't know if I helped at all but I also cc that to the list for archiving purposes. > [1 ] > hello! > > Thanks a bunch. > > Apart from web form & executing a CGI script, is there any way around? The > accounting will have to be from the radius client in the NAS. > > This is the problem that I am trying to solve. > When my users go to any of my location (hotel, cafe etc) I want to authenticate them > and also time them. They will be initially served a login page. I know there are > lots of people doing this already, like the guys who set up hotspots. When I go to a > starbucks house, this T-mobile login page comes up which then authenticates me. I am > looking for pretty much the same functionality. > > I deeply appreciate your tips. > > Thanks again > Mike > > ZORBADELOS KONSTANTINOS <[EMAIL PROTECTED]> wrote: > At Tue, 25 Nov 2003 20:18:30 -0800 (PST), > Mike Million wrote: > > > > [1 ] > > I am a novice here, so my question may sound pretty silly. > > > > I am trying to authenticate users through an Orinico AP-2500 WAP using an username > > & a password. AP-2500 provides this "portal page" feature where you can redirect > > the users to a webpage (in an external webserver) for then to log-in. So, I once I > > have a external form with the sufficient fields I want, how will i pass that > > information (username, pass etc) to the radius server. I mean what is the format > > that I use. Are there any client API's that I can call. ? > > > > Any help would be appreciated. > > > > Sincerely, > > Mike > > > > > Your web form should generate a valid radius message > (access-request). Now if this form sends the message directly to the radius > server your script will be the radius client and should therefore be > declared in clients.conf (the IP of your web server that is). What > about the accounting? Is this sent by the NAS equipment? > Now if you need to create a cgi script or something like that that > generates radius messages you should look for Radius libraries > (modules) for your language of choice. The format of the message is > specified in the rfcs. > > > > > > > - > > Do you Yahoo!? > > Free Pop-Up Blocker - Get it now > > [2 ] > > > == > Kostas Zorbadelos > Currently at: Otenet IT Department > mailto: [EMAIL PROTECTED] > > Out there in the darkness, out there in the night > out there in the starlight, one soul burns brighter > than a thousand suns. > > > - > Do you Yahoo!? > Free Pop-Up Blocker - Get it now > [2 ] > == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticate all, based on NAS IP Addr ?
At Wed, 26 Nov 2003 09:24:15 -0300,
Kevork wrote:
>
> > On Wed, Nov 26, 2003 at 02:48:53AM -0300, [EMAIL PROTECTED] wrote:
> > > Please, some one can giveme some idea about how get freeradius
> authenticate
> > > any request that comes from an specified NAS-IP ?.
> >
> > This
> > NAS-IP-Address == 1.2.3.4
> > Auth-Type := Accept
> > should do as radcheck.
> >
> > Oliver.
> >
> Oliver, thank you !, I tried this on table radchek, for user "DEFAULT" but
> no success,
> also tried creating a group for the user DEFAULT, and setting those A/V on
> radgroupcheck, and none
>
> This is from radius -X, I am sure that may help ... but I can not get where
> I have the problem:
>
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> radius_xlat: 'tk'
> sql_set_user: escaped user --> 'tk'
> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
> Username = 'tk' ORDER BY id'
> rlm_sql: Reserving sql socket id: 4
> rlm_sql: User tk not found
As you can see your sql query returns no records for this username.
One configuration that can work is:
in the users file put
DEFAULT NAS-IP-Address == 1.2.3.4, Auth-Type := Accept
DEFAULT Autz-Type := SQL1
in this order. Then in radiusd.conf in the authorize section
do
authorize {
Autz-Type SQL1{
sql1
}
#
# Read the 'users' file
files
}
Finally in the sql.conf
sql sql1 {
# Database type
# Current supported are: rlm_sql_mysql, rlm_sql_postgresql,
# rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds
driver = "rlm_sql_oracle"
}
In this senario every user coming from NAS 1.2.3.4 will be accepted
and for the rest the sql authorization will take place.
> radius_xlat: 'SELECT
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
> ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
> usergroup.Username = 'tk' AND usergroup.GroupName = radgroupcheck.GroupName
> ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
> ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
> usergroup.Username = 'tk' AND usergroup.GroupName = radgroupreply.GroupName
> ORDER BY radgroupreply.id'
> sql_set_user: escaped user --> 'DEFAULT'
> radius_xlat: 'SELECT
> radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
> ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
> usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
> radgroupcheck.GroupName ORDER BY radgroupcheck.id'
> radius_xlat: 'SELECT
> radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
> ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
> usergroup.Username = 'DEFAULT' AND usergroup.GroupName =
> radgroupreply.GroupName ORDER BY radgroupreply.id'
> rlm_sql: Pairs do not match [DEFAULT]
> rlm_sql: Released sql socket id: 4
> modcall[authorize]: module "sql" returns notfound
> modcall: group authorize returns ok
> auth: No Auth-Type configuration for the request, rejecting the user
> auth: Failed to validate the user.
>
>
>
> Thank you again,
> Kevork.
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
==
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication process
At Tue, 25 Nov 2003 20:18:30 -0800 (PST), Mike Million wrote: > > [1 ] > I am a novice here, so my question may sound pretty silly. > > I am trying to authenticate users through an Orinico AP-2500 WAP using an username & > a password. AP-2500 provides this "portal page" feature where you can redirect the > users to a webpage (in an external webserver) for then to log-in. So, I once I have > a external form with the sufficient fields I want, how will i pass that information > (username, pass etc) to the radius server. I mean what is the format that I use. Are > there any client API's that I can call. ? > > Any help would be appreciated. > > Sincerely, > Mike > > Your web form should generate a valid radius message (access-request). Now if this form sends the message directly to the radius server your script will be the radius client and should therefore be declared in clients.conf (the IP of your web server that is). What about the accounting? Is this sent by the NAS equipment? Now if you need to create a cgi script or something like that that generates radius messages you should look for Radius libraries (modules) for your language of choice. The format of the message is specified in the rfcs. > > > - > Do you Yahoo!? > Free Pop-Up Blocker - Get it now > [2 ] > == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP authentication
At Sun, 16 Nov 2003 05:15:53 -0800 (PST), apellido jr., wilfredo p <[EMAIL PROTECTED]> wrote: > > Good day Mr. Dekok, sorry if im asking stupid > question. Im just asking so that i can sure that chap > authentication doesnt work and maybe someone could > give some comment. Hoping maybe i miss something. I > test it already before asking this in mailing list and > it doesnt work. > > = > wilfredo pahilanga apellido jr. > technical support > mactan online > bacolod city, philippines > +63 34 4348311 > > If you can't hear me, it's because i'm in parentheses. > It works fine. Make sure you have the User-Password attribute in radcheck with == operator for the user. Store the clear text password in the db. Also make sure that the chap in authorize and authenticate sections is not commented out. Read also http://www.frontios.com/freeradius.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: check list multiple values in NAS-Port-Type
At Mon, 3 Nov 2003 14:12:04 +0200 (EET), Kostas Kalevras wrote: > Thanks for everything Kosta. > On Mon, 3 Nov 2003, ZORBADELOS KONSTANTINOS wrote: > > > At Mon, 3 Nov 2003 13:39:20 +0200 (EET), > > Kostas Kalevras wrote: > > > > > > On Mon, 3 Nov 2003, ZORBADELOS KONSTANTINOS wrote: > > > > > > > > > > > Hello to everyone. > > > > This is my first post to the list. I want to have a user that is > > > > allowed to have ISDN or PSTN access and another that should have PSTN > > > > access only. I am using the attribute NAS-Port-Type in the check list > > > > to accomplish this. In the first user I want the NAS-Port-Type to have > > > > values Async or ISDN and in the second I want to have Async only. I am > > > > also using the sql module so my users' authorization data are stored > > > > in an Oracle database. Freeradius version 0.9.2 (latest for now). > > > > My radcheck table looks like > > > > > > > > +--+--+--+-+--- > > > > id username attribute op value > > > > +--+--+--+-+--- > > > > 1 kzorbaUser-Password == > > > > 2 kzorbaNAS-Port-Type ==Async > > > > 3 kzorbaNAS-Port-Type ==ISDN > > > > 4 mitg User-Password == > > > > 5 mitg NAS-Port-Type ==Async > > > > +--+--+--+-+--- > > > > > > > > I am using the NTradping test utility (as descibed in the O'Reilly > > > > book) but the results are the same when I use a Cisco 3640 > > > > router. When I > > > > am sending one of the 2 allowed values in an > > > > Access-Request for kzorba I always get reject. I tried to put as a > > > > value for NAS-Port-Type "Async-ISDN" in one record instead of 2 and I > > > > always got accept no matter what I sent (even a value besides ISDN or > > > > Async). I only managed to get accept when I have one record with a > > > > specific value (in this case everything works as expected). So the > > > > question is: > > > > How can I express the fact that I want to accept the user when the > > > > attribute has value a OR b? By generalizing can I have boolean > > > > expressions in check items? > > > > Thank you in advance > > > > > > I think that the AND relation of the check items is rather strongly established > > > in the check functions of freeradius. The way i see it you have two choises: > > > 1. Use a regular expression > > > 2. Use the checkval module (check raddb/experimental.conf) > > > > > Thanks for the reply. I believe that the regular expressions can be > > used for string type attributes only. Unfortunately NAS-Port-Type is > > ENUM. I tried it using 'Async|ISDN' as value and it always returned > > accept. By the way what kind of syntax can I use for regexps? Perl > > like? > > Not perl, POSIX. But i do think that Async|ISDN should work. For regular > expressions we always use the string represantion of the attribute (that way > regexs can also work for ipaddr,enum and other attribute types). Try something > like: > > DEFAULT NAS-Port-Type =~ "Async|ISDN" > Reply-Message = "Yes it works" > > in your users file to make sure that it works that way. > > > Also is there any further documentation on the checkval apart > > from experimental.conf? > > No, and i don't think there's any need for. It is a rather simple module > actually. > > > I imagine that I need to enable experimental module support in the > > configure (./configure --with-experimental-modules) and then include > > experimental.conf in radius.conf? > > Yes for the configure part. You won't need to include the whole > experimental.conf file though, only the checkval section. > > > > > > > > > > > Kostas > > > > > > > > > > > > == > > > > Kostas Zorbadelos > > > > Currently at: Otenet IT Department > > > > mailto: [EMAIL PROTECTED] > > > > > > > > Out there in the darkness, out there in the night > > > > out there in the starlight, one soul burns brighter > > > > than a thou
Re: check list multiple values in NAS-Port-Type
At Mon, 3 Nov 2003 13:39:20 +0200 (EET), Kostas Kalevras wrote: > > On Mon, 3 Nov 2003, ZORBADELOS KONSTANTINOS wrote: > > > > > Hello to everyone. > > This is my first post to the list. I want to have a user that is > > allowed to have ISDN or PSTN access and another that should have PSTN > > access only. I am using the attribute NAS-Port-Type in the check list > > to accomplish this. In the first user I want the NAS-Port-Type to have > > values Async or ISDN and in the second I want to have Async only. I am > > also using the sql module so my users' authorization data are stored > > in an Oracle database. Freeradius version 0.9.2 (latest for now). > > My radcheck table looks like > > > > +--+--+--+-+--- > > id username attribute op value > > +--+--+--+-+--- > > 1 kzorbaUser-Password == > > 2 kzorbaNAS-Port-Type ==Async > > 3 kzorbaNAS-Port-Type ==ISDN > > 4 mitg User-Password == > > 5 mitg NAS-Port-Type ==Async > > +--+--+--+-+--- > > > > I am using the NTradping test utility (as descibed in the O'Reilly > > book) but the results are the same when I use a Cisco 3640 > > router. When I > > am sending one of the 2 allowed values in an > > Access-Request for kzorba I always get reject. I tried to put as a > > value for NAS-Port-Type "Async-ISDN" in one record instead of 2 and I > > always got accept no matter what I sent (even a value besides ISDN or > > Async). I only managed to get accept when I have one record with a > > specific value (in this case everything works as expected). So the > > question is: > > How can I express the fact that I want to accept the user when the > > attribute has value a OR b? By generalizing can I have boolean > > expressions in check items? > > Thank you in advance > > I think that the AND relation of the check items is rather strongly established > in the check functions of freeradius. The way i see it you have two choises: > 1. Use a regular expression > 2. Use the checkval module (check raddb/experimental.conf) > Thanks for the reply. I believe that the regular expressions can be used for string type attributes only. Unfortunately NAS-Port-Type is ENUM. I tried it using 'Async|ISDN' as value and it always returned accept. By the way what kind of syntax can I use for regexps? Perl like? Also is there any further documentation on the checkval apart from experimental.conf? I imagine that I need to enable experimental module support in the configure (./configure --with-experimental-modules) and then include experimental.conf in radius.conf? > > > > Kostas > > > > > > == > > Kostas Zorbadelos > > Currently at: Otenet IT Department > > mailto: [EMAIL PROTECTED] > > > > Out there in the darkness, out there in the night > > out there in the starlight, one soul burns brighter > > than a thousand suns. > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
check list multiple values in NAS-Port-Type
Hello to everyone. This is my first post to the list. I want to have a user that is allowed to have ISDN or PSTN access and another that should have PSTN access only. I am using the attribute NAS-Port-Type in the check list to accomplish this. In the first user I want the NAS-Port-Type to have values Async or ISDN and in the second I want to have Async only. I am also using the sql module so my users' authorization data are stored in an Oracle database. Freeradius version 0.9.2 (latest for now). My radcheck table looks like +--+--+--+-+--- id username attribute op value +--+--+--+-+--- 1 kzorbaUser-Password == 2 kzorbaNAS-Port-Type ==Async 3 kzorbaNAS-Port-Type ==ISDN 4 mitg User-Password == 5 mitg NAS-Port-Type ==Async +--+--+--+-+--- I am using the NTradping test utility (as descibed in the O'Reilly book) but the results are the same when I use a Cisco 3640 router. When I am sending one of the 2 allowed values in an Access-Request for kzorba I always get reject. I tried to put as a value for NAS-Port-Type "Async-ISDN" in one record instead of 2 and I always got accept no matter what I sent (even a value besides ISDN or Async). I only managed to get accept when I have one record with a specific value (in this case everything works as expected). So the question is: How can I express the fact that I want to accept the user when the attribute has value a OR b? By generalizing can I have boolean expressions in check items? Thank you in advance Kostas == Kostas Zorbadelos Currently at: Otenet IT Department mailto: [EMAIL PROTECTED] Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
