Re: help with radius authentication
At 10:23 AM 7/9/2002 +0300, Nikodim Nikodimov wrote: >Hi again, >I post one e-mail yesterday about pptp&radius$mysql but no one answer me :((( >I manage to make something by myself but now when I tried to established a >connection and authentication I receive the following response > > > >and this is radius log: > >Tue Jul 9 10:09:54 2002 : Auth: Login incorrect: [dizma/attribute>] (from nas local port 0) >Tue Jul 9 10:10:04 2002 : Info: Sending duplicate authentication reply to >client 192.168.210.2:32769 - ID: 177 The PPTP host is using CHAP authentication and you have not configured the radius server to accept CHAP authentication requests. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: some help please
At 05:15 PM 7/9/2002 +1200, Johnno wrote: >I have just install freeradius 0.6 and I get this when I ran >check-radiusd-config > >HASH: Reinitializing hash structures and lists for caching... >rlm_unix: You MUST specify a shadow password file! >HASH: unable to create user hash table. disable caching and run debugs >radiusd.conf[462]: unix: Module instantiation failed. > >how do I fix this.. You'll need to look at the 'radiusd.conf' file, and follow the steps that the server is telling you to do above. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
HELP!.....Using Berkeley DBM
Thanks for the help! I am using freeradius 0.6 and my radius.conf does not have anything about DBM in it. In the Module Configuration section I have PAM, UNIX, EAP, MS-CHAP, PAP, LDAP, passwd, realm, and pre-processing, but nothing about DBM. I read somewhere that you can run ./configure with the --with-dbm flag, and I have tried that with identical results. "Brad Crotchett" <[EMAIL PROTECTED]> wrote: > No, I am using freeradius...I was just confused earlier because I was trying > cistron first. OK, then you edit the relevant section in 'radiusd.conf' for the module you're using. Look for 'dbm', it's not hard. Note that the Cistron dbm files CANNOT be used with FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to test help please
How do I test to see if the radius server is working right... I can see that is running fine Johnno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help with radius authentication
nowJul 9 10:10:04 proxy pptpd[12347]: MGR: Reaped child 14184 and this is radius log: Tue Jul 9 10:09:54 2002 : Auth: Login incorrect: [dizma/] (from nas local port 0)Tue Jul 9 10:10:04 2002 : Info: Sending duplicate authentication reply to client 192.168.210.2:32769 - ID: 177 PLEASE SOME HELP THANKS NN ---Risk Engineering Ltd. Nikodim Nikodimov34 Totleben Bulv. System AdministratorSofia 1604, Bulgaria e-mail: [EMAIL PROTECTED]http://www.riskeng.bg/ Phone: +359 (2) 9525236-110---
Re: some help please
Johnno wrote: > I have just install freeradius 0.6 and I get this when I ran > check-radiusd-config > > HASH: Reinitializing hash structures and lists for caching... > rlm_unix: You MUST specify a shadow password file! > HASH: unable to create user hash table. disable caching and run debugs > radiusd.conf[462]: unix: Module instantiation failed. > > how do I fix this.. try disabeling caching in radiusd.conf Gerald - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
some help please
I have just install freeradius 0.6 and I get this when I ran check-radiusd-config HASH: Reinitializing hash structures and lists for caching... rlm_unix: You MUST specify a shadow password file! HASH: unable to create user hash table. disable caching and run debugs radiusd.conf[462]: unix: Module instantiation failed. how do I fix this.. Many thanks, Johnno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help freeradius0.6 with mysql
At 06:48 PM 7/8/2002 -0400, Gonzalo Ivan Lozano Hoyos wrote: >thanks a lot, goem > >I found out that my problems is in the NAS(MAX6000) that I have, I added >my ip >in the menu > > >ethernet>Mod Config>RADIUS SERVER > >Mon Jul 8 11:45:38 2002 : Error: rlm_sql: Stop packet with zero session >length. (user '',nas '166.114.22.13') >Mon Jul 8 11:45:39 2002 : Auth: Login incorrect: [route-1/ascend] (from >client n1.unete.com.bo port 0) > >I'm going to try to fix this problem I think the problem is in the >proxy.conf file. No, it's not. And it's covered in the FAQ: http://www.freeradius.org/faq/#4.8 -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help freeradius0.6 with mysql
thanks a lot, goem I found out that my problems is in the NAS(MAX6000) that I have, I added my ip in the menu >ethernet>Mod Config>RADIUS SERVER Actually before I started to do accounting and to proxy to another radius I did not had this problem but now if I don't put my ip in this menu my radius server doesnt work and besides that it seems that my configuration of th e proxy is not working 100%, because in the logs file says: Mon Jul 8 11:45:37 2002 : Info: rlm_sql: received Acct On/Off packet Mon Jul 8 11:45:37 2002 : Info: NAS n1.unete.com.bo restarted (Accounting-On packet seen) Mon Jul 8 11:45:38 2002 : Error: rlm_sql: Stop packet with zero session length. (u ser '', nas '166.114.22.13') Mon Jul 8 11:45:39 2002 : Auth: Login incorrect: [route-1/ascend] (from client n1.un ete.com.bo port 0) I'm going to try to fix this problem I think the problem is in the proxy.conf file. thanks again -- Gonzalo Ivan Lozano Hoyos Network Administrator - NOC e-mail: [EMAIL PROTECTED] celular: 706-14-099 http://www.ifxnetworks.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help freeradius0.6 with mysql
--- Gonzalo Ivan Lozano Hoyos <[EMAIL PROTECTED]> wrote: > Hi folks, > > I have the problem with th freeradius > 1.- I have already configured everything including > the proxy.conf and my > freeradius is forwarding ok without any problem. > > 2.- Besides that I using the NTRadPing software in > windows which help me a lot > to find out problems and it works without any > problem. > > 3.- The problem ocurrs when I trying to make a real > dialup with the accounts I > created in my database radius (mysql). To be clear > with account that are > authentificated with another radius server it says > that it is starting th > accounting, BUT WITH MY ACCOUNTS THAT I CREATED IN > MY DATABASE IT DOESN'T SAY > A WORD NEITHER IN DEGUB MODE NOR IN NORMAL > OPERATION. > > 4.- I already did to function the freeradius 0.5 > with mysql but now I don't > know waht is going on. > > 5.- If somebody can tell me another way to debug > since the command > "radiusd -xxyz" it doesn say a word with my account > but with account that > belongs to another radius server it says evething > including that my server is > forwearding to the remote server. > > > please can somebody help me I'm really tired, but > i'm not to give up. By the > way sorry for my bad english. Hope everybody > undertood what I mind. > > regards > Gonzalo Ivan Lozano Hoyos > IFX Networks Bolivia > > > -- > Gonzalo Ivan Lozano Hoyos > Network Administrator - NOC > e-mail: [EMAIL PROTECTED] > celular: 706-14-099 > http://www.ifxnetworks.com > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html please, check your raddb/sql.conf .. carefully,, was your editing make it properly...? if true check your table database file.. goem_ -- electric engineering Bandung -Indonesia __ Do You Yahoo!? Sign up for SBC Yahoo! Dial - First Month Free http://sbc.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: SP/ROUTING: Re: HELP!.....Using Berkeley DBM
Thanks for the help! I am using freeradius 0.6 and my radius.conf does not have anything about DBM in it. In the Module Configuration section I have PAM, UNIX, EAP, MS-CHAP, PAP, LDAP, passwd, realm, and pre-processing, but nothing about DBM. I read somewhere that you can run ./configure with the --with-dbm flag, and I have tried that with identical results. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alan DeKok Sent: Monday, July 08, 2002 1:14 PM To: [EMAIL PROTECTED] Subject: Re: SP/ROUTING: Re: HELP!.Using Berkeley DBM "Brad Crotchett" <[EMAIL PROTECTED]> wrote: > No, I am using freeradius...I was just confused earlier because I was trying > cistron first. OK, then you edit the relevant section in 'radiusd.conf' for the module you're using. Look for 'dbm', it's not hard. Note that the Cistron dbm files CANNOT be used with FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SP/ROUTING: Re: HELP!.....Using Berkeley DBM
"Brad Crotchett" <[EMAIL PROTECTED]> wrote: > No, I am using freeradius...I was just confused earlier because I was trying > cistron first. OK, then you edit the relevant section in 'radiusd.conf' for the module you're using. Look for 'dbm', it's not hard. Note that the Cistron dbm files CANNOT be used with FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: SP/ROUTING: Re: HELP!.....Using Berkeley DBM
No, I am using freeradius...I was just confused earlier because I was trying cistron first. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alan DeKok Sent: Monday, July 08, 2002 1:00 PM To: [EMAIL PROTECTED] Subject: Re: SP/ROUTING: Re: HELP!.Using Berkeley DBM "Brad Crotchett" <[EMAIL PROTECTED]> wrote: > Yeah, I guess the compilation was actually from cistron-radiusmy bad. > So in radiusd.conf I would specify the path to my dbm file under what > section? If you're using Cistron, it doesn't *have* a 'radiusd.conf'. Ask on the Cistron list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SP/ROUTING: Re: HELP!.....Using Berkeley DBM
"Brad Crotchett" <[EMAIL PROTECTED]> wrote: > Yeah, I guess the compilation was actually from cistron-radiusmy bad. > So in radiusd.conf I would specify the path to my dbm file under what > section? If you're using Cistron, it doesn't *have* a 'radiusd.conf'. Ask on the Cistron list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: SP/ROUTING: Re: HELP!.....Using Berkeley DBM
Yeah, I guess the compilation was actually from cistron-radiusmy bad. So in radiusd.conf I would specify the path to my dbm file under what section? Thanks, Brad -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Alan DeKok Sent: Monday, July 08, 2002 12:32 PM To: [EMAIL PROTECTED] Subject: SP/ROUTING: Re: HELP!.Using Berkeley DBM "Brad Crotchett" <[EMAIL PROTECTED]> wrote: > We are trying to use a berkeley style dbm hash file for authentication with > freeradius 0.6. I have compiled freeradius with DBM support, I'm not sure how you did that. FreeRADIUS builds a DBM *module*, if you have DBM libraries. There's no way of telling FreeRADIUS to build with DBM. > but now I am not sure how to tell radius to use my DBM file instead > of the users file. Any help is greatly appreciated. See 'radiusd.conf' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HELP!.....Using Berkeley DBM
"Brad Crotchett" <[EMAIL PROTECTED]> wrote: > We are trying to use a berkeley style dbm hash file for authentication with > freeradius 0.6. I have compiled freeradius with DBM support, I'm not sure how you did that. FreeRADIUS builds a DBM *module*, if you have DBM libraries. There's no way of telling FreeRADIUS to build with DBM. > but now I am not sure how to tell radius to use my DBM file instead > of the users file. Any help is greatly appreciated. See 'radiusd.conf' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
HELP!.....Using Berkeley DBM
We are trying to use a berkeley style dbm hash file for authentication with freeradius 0.6. I have compiled freeradius with DBM support, but now I am not sure how to tell radius to use my DBM file instead of the users file. Any help is greatly appreciated. Brad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: dictionary files "has_tag" help
thanks On Sunday 07 July 2002 07:38 am, Alan DeKok wrote: > Ron Ripley <[EMAIL PROTECTED]> wrote: > > I am trying to find some information on some dictionary items. > > > > specifically the "dictionary.tunnel" > > > > each attribute has this "has_tag" keyword, what does that do? > > It says that the attributes are 'tagged' attributes, as per the > relevant RFC. > > See: http://www.freeradius.org/rfc/attributes.html > > and click on 'Tunnel-Assignment-Id' > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- -- Ron Ripley, Sr. Systems Engineer RedBack Networks Inc. (619)656-7371, [EMAIL PROTECTED] -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Fwd: dictionary files "has_tag" help
Ron Ripley <[EMAIL PROTECTED]> wrote: > I am trying to find some information on some dictionary items. > > specifically the "dictionary.tunnel" > > each attribute has this "has_tag" keyword, what does that do? It says that the attributes are 'tagged' attributes, as per the relevant RFC. See: http://www.freeradius.org/rfc/attributes.html and click on 'Tunnel-Assignment-Id' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fwd: dictionary files "has_tag" help
Hello, I hope i have just a simple questions... I am trying to find some information on some dictionary items. specifically the "dictionary.tunnel" each attribute has this "has_tag" keyword, what does that do? I had to remove it for my NAS to understand the response from radius: ATTRIBUTE Tunnel-Assignment-Id82 string has_tag I checked much of the documentation and even the RFC with little information. Thanks! --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxying problem Help needed
I have 2 numbers and 2 realms i'm trying to proxy. what i want to happen is i want it to proxy by realm first and if they don't have a realm then proxy by the number they dialed. and as i understand it the user file processed until a match is found.. with just this listed it will proxy based upon phone number but not based on realm. it sends the username and the realm to the proxy server and then i have to set up proxying on that server also if i want to send the realm to the proper server.. these two are put together because they are both the same number but sometimes the phone company sends me one number and sometimes they send me a different number DEFAULT Called-Station-Id == "5735309", Proxy-To-Realm := "realm2" DEFAULT Called-Station-Id == "5309", Proxy-To-Realm := "realm2" DEFAULT Called-Station-Id == "5730606", Proxy-To-Realm := "realm1.net" -- this is what i tryed to add to make it proxy based upon realm befor the phone number so i put this befor the DEFAULT entries for phone number .. #DEFAULT # Realm == "realm1.net", # Proxy-to-Realm := "realm1.net" # # #DEFAULT # Realm == "realm2", # Proxy-to-Realm := "realm2" but when i entered it into the config and restarted the radius server these lines below would not work. for some reason it caused them to not work. DEFAULT Called-Station-Id == "5735309", Proxy-To-Realm := "realm2" DEFAULT Called-Station-Id == "5309", Proxy-To-Realm := "realm2" this line still worked DEFAULT Called-Station-Id == "5730606", Proxy-To-Realm := "realm1.net" and proxy.conf still worked.. but the problem is getting it to proxy based upon realm then phone number. -- Business website -- www.realm2 Personal website -- www.tblx.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dictionary files "has_tag" help
Hello, I am trying to find some information on some dictionary items. specifically the dictionary.tunnel each attribute has this "has_tag" keyword, what does that do? I had to remove it for my NAS to understand the response from radius: ATTRIBUTE Tunnel-Assignment-Id82 string has_tag I checked much of the documentation and even the RFC with little information. Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help freeradius0.6 with mysql
Hi Again, This is the only I could read from the radius.log file, maybe it may help to depure my problem Thu Jul 4 13:20:26 2002 : Error: rlm_sql: Stop packet with zero session length. (user '', nas '166.114.22.13') Thu Jul 4 13:20:31 2002 : Proxy: marking accounting server 200.62.4.23:1646 for realm NULL dead Thu Jul 4 13:20:35 2002 : Proxy: marking accounting server 200.62.4.23:1646 for realm NULL dead Thu Jul 4 13:22:15 2002 : Info: Accounting: login: entry for NAS n2.unete.com.bo port 20110 duplicate Thu Jul 4 13:22:26 2002 : Error: Accounting: login: entry for NAS n2.unete.com.bo port 20122 wrong order Thu Jul 4 13:22:55 2002 : Pro If somebody knows what is wrong please let me know. -- Gonzalo Ivan Lozano Hoyos Network Administrator - NOC e-mail: [EMAIL PROTECTED] celular: 706-14-099 http://www.ifxnetworks.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help freeradius0.6 with mysql
Hi folks, I have the problem with th freeradius 1.- I have already configured everything including the proxy.conf and my freeradius is forwarding ok without any problem. 2.- Besides that I using the NTRadPing software in windows which help me a lot to find out problems and it works without any problem. 3.- The problem ocurrs when I trying to make a real dialup with the accounts I created in my database radius (mysql). To be clear with account that are authentificated with another radius server it says that it is starting th accounting, BUT WITH MY ACCOUNTS THAT I CREATED IN MY DATABASE IT DOESN'T SAY A WORD NEITHER IN DEGUB MODE NOR IN NORMAL OPERATION. 4.- I already did to function the freeradius 0.5 with mysql but now I don't know waht is going on. 5.- If somebody can tell me another way to debug since the command "radiusd -xxyz" it doesn say a word with my account but with account that belongs to another radius server it says evething including that my server is forwearding to the remote server. please can somebody help me I'm really tired, but i'm not to give up. By the way sorry for my bad english. Hope everybody undertood what I mind. regards Gonzalo Ivan Lozano Hoyos IFX Networks Bolivia -- Gonzalo Ivan Lozano Hoyos Network Administrator - NOC e-mail: [EMAIL PROTECTED] celular: 706-14-099 http://www.ifxnetworks.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help beginner. Simultaneous don't work :(
Everything works. Edit checkrad: #! /usr/bin/perl exit (1); Radiusd reads radutmp and run checkrad, if double entry and it always receive 1. After that find, why don't work snmp-request to NAS (from SNMP_Session.pm) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help beginner. Simultaneous don't work :(
When I make double entry with login test in radius.log: .. Auth: Login OK: [test/test] (from nas cisco port 71) Auth: Login OK: [test/test] (from nas cisco port 70) Error: Accounting-Request packet sent to a non-accounting port from client cisco:1645 - ID 0 : IGNORED Auth: Login OK: [test/test] (from nas cisco port 66) Error: Accounting-Request packet sent to a non-accounting port from client cisco:1646 - ID 1 : IGNORED Auth: Login OK: [test/test] (from nas cisco port 74) . I think, radiusd read radutmp and see double entry, but it allow enter, although Simultaneous-Use := 1 I don't understand, why it's. Maybe anybody know, where find bug. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help beginner. Simultaneous don't work :(
Cisco3640 IOS 12.2(8)T2
freeradius0.5 configure with support snmp
Perl 5.00503
BER.pm v0.88 & SNMP_Session.pm v0.92 from www.switch.ch/misc/leinen
I made double entry with login test
Then make: checkrad -d cisco nas_ip nas_port login session_id
Returning 0 (login ok)
nas_port and session_id was take from detail (User-Name and Acct-Session-Id)
>From Cisco.log:
2w1d: SNMP: Packet received via UDP from xxx.xxx.xxx.3 on Ethernet0/0
2w1d: SNMP: Get request, reqid 1447984954, errstat 0, erridx 0
ltsLineEntry.18.68 = NULL TYPE/VALUE
2w1d:
Incoming SNMP packet
2w1d: v1 packet
2w1d: community string: public
2w1d: SNMP: Response, reqid 1447984954, errstat 0, erridx 0
ltsLineEntry.18.68 =
2w1d: SNMP: Packet sent via UDP to xxx.xxx.xxx.3
conf cisco: snmp-server community public ro 2
conf users:testAuth-Type := Local, User-Password == "test"
Fall-Through = 1
DEFAULT Simultaneous-Use := 1
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.5.32+,
Framed-Compression = Van-Jacobson-TCP-IP
in radius.conf :
session {
radutmp
}
naspasswd: nas_ipSNMPpublic
Where I wrong %-(
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie -- need help
"BORCHERS,JASON (HP-Roseville,ex1)" <[EMAIL PROTECTED]> wrote: > I'm really at a loss here, and since I'm so new to RADIUS I have no idea > what to do next. I suspect I've missed an important step in setting up the > server. Does anyone have any ideas? Read the FAQ? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: PLease help me with my freeradius and my MYSQL
On Sun, 23 Jun 2002 06:26:08 +0200, [EMAIL PROTECTED] wrote: >Subject: PLease help me with my freeradius and my MYSQL >Date: Sat, 22 Jun 2002 05:35:34 -0400 >Reply-To: [EMAIL PROTECTED] >already have a table usergroup as you can see: >mysql> select * from usergroup; >++--+---+ >| id | UserName | GroupName | >| 1 | paulin | dynamic | >Here 'is what exactly says about the problem: >rlm_sql: Pairs do not match [paulin] >rlm_sql: Released sql socket id: 4 Any information which can stop that authentication from being suceeded (for instance, when there's a Calling Station Id := 123123 on radcheck and the user comes in without this attribute, say from a portmaster2) put this message on radius debug output (and on radius.log if you specify so) Mene Sakkhet ur-seveh Alexandre Ganso - Diretor Steel Goose Moto Group 6, 7 e 8 de setembro - Aniversario 10 anos Steel Goose - Ouro Branco - MG 500 Four 1974... Não corre. Mas me leva até o fim do mundo. [EMAIL PROTECTED] ICQ# 3778773 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie -- need help
Hi everyone, I need to set up a Freeradius server to act as an authenticator for network switches. I'm very new to Linux and RADIUS, and am having trouble. I've downloaded and installed version 0.5. I added a switch to the clients.conf file, and then configured the switch to use the Freeradius server for telnet login authentication. When I attempt to telnet into this switch, after I enter the user name and password, I get a "Can't reach RADIUS server" message as it times out. I know this isn't true, because I can successfully ping the server from the switch. I've also triple-checked to make sure I entered the correct server address into the switch. I'm really at a loss here, and since I'm so new to RADIUS I have no idea what to do next. I suspect I've missed an important step in setting up the server. Does anyone have any ideas? Thanks, Jason - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help please
Stefan Immel wrote: > >Hi everyone, > >i have a strange problem in my server. After a user has log off from the system or >especially when the light turn > >off, the system is still react as the user is still logged in. This is showed by > >RADLAST or RADWHO command. What's wrong and how can I solve this problem? > >I'm running RH 7.1 with radiusd-cistron-1.6.6. > >Thanks a lot for your help. > Wrong list. This is the freeradius list not the cistron radius list. > > But perhaps you should switch to freeradius cause it's more stable and better than >cistron. > > P.S.: could you please stop using HTML in your mails to a mailinglist, it's >considered to be not very polite. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Many thanks. I'm going to try and let you know what happens -- Bertrand TACHAGO Computer specialist, Network & Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need help please
>Hi everyone, >i have a strange problem in my server. After a user has log off from the system or >especially when the light turn >off, the system is still react as the user is still logged in. This is showed by >RADLAST or RADWHO command. What's wrong and how can I solve this problem? >I'm running RH 7.1 with radiusd-cistron-1.6.6. >Thanks a lot for your help. Wrong list. This is the freeradius list not the cistron radius list. But perhaps you should switch to freeradius cause it's more stable and better than cistron. P.S.: could you please stop using HTML in your mails to a mailinglist, it's considered to be not very polite. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help please
Hi everyone, i have a strange problem in my server. After a user has log off from the system or especially when the light turn off, the system is still react as the user is still logged in. This is showed by RADLAST or RADWHO command. What's wrong and how can I solve this problem? I'm running RH 7.1 with radiusd-cistron-1.6.6. Thanks a lot for your help. -- Bertrand TACHAGO Computer specialist, Network & Information Specialist SDNP SchoolNet Cameroon (237)221 25 53 Yaounde Cameroon My website: http://www.sdnp.cm/tachago/
PLease help me with my freeradius and my MYSQL
hello freeradius users; thanks a lot rust, but please forgive me because I forgot to mention that I already have a table usergroup as you can see: mysql> select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | paulin | dynamic | ++--+---+ Here 'is what exactly says about the problem: rlm_sql: Pairs do not match [paulin] rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound modcall: group authorize returns ok Anyway I was looking at my problem and I'm not sure if I have to add something else in the table RADREPLY, because as I read all the SQL query it's look like is missing information on the mentioned table. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please Help!! -- Attribute Expiration Question
I've been looking at using the Expiration attribute to make user accounts expire after 5 days if they do not change their password. I set up my radreply table like this. Id Username Atribute Value Op 1 testdate Expiration 2002-06-20 12:00:00 := I chose that date randomly just to see if I could still connect to our VPN concentrator, and sure enough I could. I'm thinking that I possibly have the wrong date format, I also tried the following based on other documentation I found on the web: 2002 Jun 20 and Jun 20 2002 Does FreeRadius have the logic to see that this account expired yesterday, therefore not to let it connect? Or is this something I'll have to jerry rig manually with like a cronjob, etc. Thanks! Chris DeRamus HQ VPN Administrator Verizon 301-903-2093
Re: PLease help me with my freeradius and my MYSQL
Hello Gonzalo,
You must add user 'paulin' into usergroup table
insert into usergroup (UserName,GroupName) values ('paulin','dynamic');
Also better use crypted passwords for PAP
in radiusd.conf change
pap {
encryption_scheme = crypt
}
and insert user into radcheck
insert into radcheck (UserName,Attribute,Value,op) values
('paulin','Crypt-Password',encrypt('2135'),':=');
--
Best regards,
rustmailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PLease help me with my freeradius and my MYSQL
Dear Simon,
I, was following all the mailing list with the subject (Problems with MySQL
Auth-Type), but I get a problem which I can't figure it out what's the cause,
I'm sure you can help me.
To help you understend what I have configured I'm putting the most relevant
parts of my configuration files and the most importants tables:
Radius.conf
authorize {
preprocess
# counter
# attr_filter
# eap
suffix
sql
# files
# mschap
}
authenticate {
pap
# pam
# unix
# ldap
# mschap
# eap
mysql> select * from radcheck;
++--+---+---+--+
| id | UserName | Attribute | Value | op |
++--+---+---+--+
| 1 | paulin | Password | 2135 | := |
| 2 | pmerida | Password | 2135 | := |
++--+---+---+--+
mysql> select * from radgroupcheck;
++---+-+-+--+
| id | GroupName | Attribute | Value | op |
++---+-+-+--+
| 1 | dynamic | Auth-Type | PAP | := |
| 2 | dynamic | Framed-Protocol | PPP | == |
| 3 | dynamic | Service-Type| Framed-User | == |
++---+-+-+--+
mysql> select * from radgroupreply;
++---++-+--+--+
| id | GroupName | Attribute | Value | op | prio |
++---++-+--+--+
| 1 | dynamic | Framed-Compression | Van-Jacobsen-TCP-IP | := |0 |
| 2 | dynamic | Framed-Protocol| PPP | := |0 |
| 3 | dynamic | Service-Type | Framed-User | := |0 |
| 5 | dynamic | Framed-MTU | 1500| := |0 |
++---++-+--+--+
mysql> select * from radreply;
Empty set (0.00 sec)
While I'm running in debug mode the server reply with this problem:
rad_recv: Access-Request packet from host 166.114.22.4:2178, id=11, length=46
User-Name = "paulin"
User-Password = "x~.>!\t>s7\330\031\251\353#\321/"
rad_rmspace_pair: User-Name now 'paulin'
rad_rmspace_pair: User-Password now '2135'
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
radius_xlat: 'paulin'
sql_escape in: 'paulin'
sql_escape out: 'paulin'
sql_set_user: escaped user --> 'paulin'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
UserName = 'paulin' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE UserName = 'paulin'
ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.UserName = 'paulin' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.UserName = 'paulin' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
UserName = 'paulin' ORDER BY id'
SELECT id,UserName,Attribute,Value,op FROM radreply WHERE UserName = 'paulin'
ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.UserName = 'paulin' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.UserName = 'paulin' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql: Pairs do not match [paulin]
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns notfound
modcall: group authorize returns ok
auth: No Auth-Type configuration for the request, rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help!!! Segmentation fault with accounting
alienoid <[EMAIL PROTECTED]> wrote: > I set up auth with freeradius0.5 + Oracle8.1.7 RH7.2. It works > well. But when I issue a command: echo "User-Name = test, > Acct-Status-Type = Start" | radclient -x 192.168.1.1:1646 acct DDD > I get Segmentation fault in freeradius. See 'doc/BUGS' Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help!!! Segmentation fault with accounting
Hello freeradius-users, I set up auth with freeradius0.5 + Oracle8.1.7 RH7.2. It works well. But when I issue a command: echo "User-Name = test, Acct-Status-Type = Start" | radclient -x 192.168.1.1:1646 acct DDD I get Segmentation fault in freeradius. Please help. Thanks in advance. -- Best regards, alienoid mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed
s.venkata krishnan <[EMAIL PROTECTED]> wrote: > i have installed 7.1 red hat linux in my system and i am not able to > find etc/raddb/radiusd.conf since /raddb directory is not found in my > installation. what may the problem for this. Any one can help me out > in this . Read the messages produced by 'make install' ?? That will tell you where the files are installed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed
> i have installed 7.1 red hat linux in my system and i am not able to find >etc/raddb/radiusd.conf since /raddb directory is not found in my installation. what >may the problem for this. Any one can help me out in this . peep in /usr/local/* > > Thanks in Advance > > Regards > > Venkata Krishnan. Nicola Orru' ENERGIT Via Efisio Melis, 26 09134 Cagliari - Italia Tel. +39 070 7521 Fax +39 070 7521 51 www.energit.it Energia Telefonia Servizi Internet Sistemi di Gestione per le Aziende - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed
Hi All i am working on free radius server for couple of days. I have downloaded freeradius.tar.gz. i have followed the foot steps like this Download a tarball Extract it with gunzip and tar > Run ./configure in the top directory, with your chosen parameters Run make As root, run make install Edit etc/raddb/radiusd.conf to suit your needs. i have installed 7.1 red hat linux in my system and i am not able to find etc/raddb/radiusd.conf since /raddb directory is not found in my installation. what may the problem for this. Any one can help me out in this . Thanks in Advance Regards Venkata Krishnan. - Sify Mail - now with Anti-virus protection powered by Trend Micro, USA. Know more at http://mail.sify.com Take the shortest route to success! Click here to know how http://education.sify.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Linux Newbie - Help with Radius Profiles
Hi All, I am using freeradius and the version of Openldap that is included with Red Hat v 7.3. I need to assign different radius attributes to different users. I have created a radius profile with servicetype=Administrative in Openldap through a ldif file. How do I link this profile to the users who need it ? PLEASE HELP. Regards, Michael Fuller - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help for radius groups against LDAP attribute
On Mon, 10 Jun 2002, Pierre Strazza wrote: > > Hi folks, > > I'm trying to define radius default groups, based on an LDAP directory. > The group information used to determine the profile of the user should be > checked against a LDAP attribute, called "profilad". > But things are always more complicated than they seem :-))) So any help will > be highly appreciated :-))) > > Here is the main LDAP organisation : > > O=Myorg > |_ OU=region >|_ CN=User Name > |_ cn=userid (attribute used for authentication) > |_ ... > |_ profilad=value (attribute that should be used for group > identification) Unfortunately, this can't be done with the current code. I 'll try and add some code in the following days to make it possible. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help for radius groups against LDAP attribute
Hi folks,
I'm trying to define radius default groups, based on an LDAP directory.
The group information used to determine the profile of the user should be
checked against a LDAP attribute, called "profilad".
But things are always more complicated than they seem :-))) So any help will
be highly appreciated :-)))
Here is the main LDAP organisation :
O=Myorg
|_ OU=region
|_ CN=User Name
|_ cn=userid (attribute used for authentication)
|_ ...
|_ profilad=value (attribute that should be used for group
identification)
Here is the radiusd.conf extract :
ldap {
server = "my_ldap"
basedn = "o=myorg"
filter = "(&(cn=%u)(droitad=Oui))"
start_tls = no
dictionary_mapping = ${raddbdir}/ldap.attrmap
groupname_attribute = profilad
groupmembership_filter =
"(&(cn=%u)(droitad=Oui)(profilad=%GroupName))"
timeout = 30
timelimit = 30
net_timeout = 1
}
and the users extract :
DEFAULT Group = "Profil04", Login-Time := "Mo-Fr0815-1930"
Framed-Compression := Stac-LZS,
Fall-Through = yes
DEFAULT Group = "Profil01", Login-Time := "Mo-Su0815-1930"
Framed-Compression := Stac-LZS,
Fall-Through = yes
[...]
Regs,
Pierre.
.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help! Newbie questions
Ruslan Spivak <[EMAIL PROTECTED]> wrote: > I have compiled and installed FreeRadius-0.5 under RH 7.2 > > user entry: > > test Auth-Type := Local, User-Password := "test" >Service-Type = Administrative-User > > radius.conf: > port = 1645 > > When I telnet to netserver I saw these multiple messages in radius.log: > Error: WARNING: Malformed RADIUS packet from host > 192.168.1.1: received 109 octets, packet size says 103 Your NAS is broken. Upgrade it's firmware to a version which sends real RADIUS packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help! Newbie questions
Sorry for previous letter! We have USR NETServer/16. I have compiled and installed FreeRadius-0.5 under RH 7.2 user entry: test Auth-Type := Local, User-Password := "test" Service-Type = Administrative-User radius.conf: port = 1645 When I telnet to netserver I saw these multiple messages in radius.log: Error: WARNING: Malformed RADIUS packet from host 192.168.1.1: received 109 octets, packet size says 103 And on the netserver's console appear such messages: Facility "User Manager", Level "CRITICAL"::AUTH: No acknowledgements from RADIUS accounting, reached max number of timeouts What does it mean? How can I view accounting for user test? (I can't find it anywhere) Best regards, Ruslan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help! Newbie questions
We have USR NETServer/16. I have compiled and installed FreeRadius-0.5 under RH 7.2 user entry: test Auth-Type := Local, User-Password := "test" Service-Type = Administrative-User - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 04:46 PM 5/28/2002 -0700, Lists wrote: >DEFAULT > Service-Type == Framed-User, > Service-Type == Login-User, > Login-Service == Telnet, > Login-Service == Rlogin, > Login-Service == TCP-Clear, > Login-TCP-Port <= 65536, > Framed-IP-Address == 255.255.255.254, > Framed-IP-Netmask == 255.255.255.255, > Framed-Protocol == PPP, > Framed-Protocol == SLIP, > Framed-Compression == Van-Jacobson-TCP-IP, > Framed-MTU >= 576, > Framed-Filter-ID =~ ".*", > Reply-Message =~ ".*", > Session-Timeout <= 28800, > Idle-Timeout <= 600, > Port-Limit <= 2, > Ascend-Data-Filter += "ip in forward tcp est", No. Use :=. > Ascend-Data-Filter := "ip in forward dstip ip.of.mailbox/32", > Ascend-Data-Filter := "ip in drop tcp dstport = 25", > Ascend-Data-Filter := "ip in forward", > Fall-Through = yes > >what gives? Run a recent version. Earlier versions have known problems that cannot be fixed except by upgrading. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
Well, to answer my own question, I should but I am not. I have the
following entry in radiusd.conf
authorize {
preprocess
attr_filter
sql
}
attr_filter in turn has this:
attr_filter {
attrsfile = ${confdir}/attrs
}
and attrs
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
Login-TCP-Port <= 65536,
Framed-IP-Address == 255.255.255.254,
Framed-IP-Netmask == 255.255.255.255,
Framed-Protocol == PPP,
Framed-Protocol == SLIP,
Framed-Compression == Van-Jacobson-TCP-IP,
Framed-MTU >= 576,
Framed-Filter-ID =~ ".*",
Reply-Message =~ ".*",
Session-Timeout <= 28800,
Idle-Timeout <= 600,
Port-Limit <= 2,
Ascend-Data-Filter += "ip in forward tcp est",
Ascend-Data-Filter := "ip in forward dstip ip.of.mailbox/32",
Ascend-Data-Filter := "ip in drop tcp dstport = 25",
Ascend-Data-Filter := "ip in forward",
Fall-Through = yes
what gives?
>OK it's getting clearer. Now, when I use radtest, should I see those
>filters in the output? Cause I am not seeing any.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Chris
Parker
Sent: Tuesday, May 28, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: Re: Need Help: Struggling to add Ascend-Data-Filter in
Freeradius 0.4
At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote:
>"Lists" <[EMAIL PROTECTED]> wrote:
> > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been
running
> > great. I am now required to add Ascend-Data-Filter (s). After
reading
> > the documentation I came up with the following:
> >
> > The following in /usr/local/freeradius/etc/raddb/attrs
> >
> > DEFAULT
> > Service-Type == Framed-User,
> > Service-Type == Login-User,
>
> This is wrong. Please read 'man 5 users' for a description of what
>'==' does.
This is not 'users'. This is 'attrs'. The operators specified were
correct for that usage, apart from the Data-Filter ones, which should
have been := ( Set Operator ). :)
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services -
http://www.megapop.net
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
OK it's getting clearer. Now, when I use radtest, should I see those filters in the output? Cause I am not seeing any. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Parker Sent: Tuesday, May 28, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4 At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote: >"Lists" <[EMAIL PROTECTED]> wrote: > > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running > > great. I am now required to add Ascend-Data-Filter (s). After reading > > the documentation I came up with the following: > > > > The following in /usr/local/freeradius/etc/raddb/attrs > > > > DEFAULT > > Service-Type == Framed-User, > > Service-Type == Login-User, > > This is wrong. Please read 'man 5 users' for a description of what >'==' does. This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
Chris Parker <[EMAIL PROTECTED]> wrote: > This is not 'users'. This is 'attrs'. The operators specified were > correct for that usage, apart from the Data-Filter ones, which should > have been := ( Set Operator ). :) Whoops, sorry. I skimmed the message too quickly, I think. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote: >"Lists" <[EMAIL PROTECTED]> wrote: > > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running > > great. I am now required to add Ascend-Data-Filter (s). After reading > > the documentation I came up with the following: > > > > The following in /usr/local/freeradius/etc/raddb/attrs > > > > DEFAULT > > Service-Type == Framed-User, > > Service-Type == Login-User, > > This is wrong. Please read 'man 5 users' for a description of what >'==' does. This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 02:16 PM 5/28/2002 -0700, Lists wrote: >I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running >great. I am now required to add Ascend-Data-Filter (s). After reading >the documentation I came up with the following: > >The following in /usr/local/freeradius/etc/raddb/attrs 8< snip >Ascend-Data-Filter = "ip in forward tcp est", > Ascend-Data-Filter = "ip in forward dstip ip.of.mail.box/32", > Ascend-Data-Filter = "ip in drop tcp dstport = 25", > Ascend-Data-Filter = "ip in forward" > > >but alas, the filters do not get send. What am I missing? := is the operator you want. And you really want to upgrade to the latest release, as there have been changes to the way attrs is parsed and the operators you can use ( two new ones are now available =* and !* ). -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
"Lists" <[EMAIL PROTECTED]> wrote: > I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running > great. I am now required to add Ascend-Data-Filter (s). After reading > the documentation I came up with the following: > > The following in /usr/local/freeradius/etc/raddb/attrs > > DEFAULT > Service-Type == Framed-User, > Service-Type == Login-User, This is wrong. Please read 'man 5 users' for a description of what '==' does. > Framed-MTU >= 576, This will NEVER do what you think. The Framed-MTU is an attribute which tells the NAS *exactly* what size MTU to use, and NOT a range. > Ascend-Data-Filter = "ip in forward tcp est", > Ascend-Data-Filter = "ip in forward dstip ip.of.mail.box/32", Use '+=' here, instead of '='. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running
great. I am now required to add Ascend-Data-Filter (s). After reading
the documentation I came up with the following:
The following in /usr/local/freeradius/etc/raddb/attrs
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
Login-TCP-Port <= 65536,
Framed-IP-Address == 255.255.255.254,
Framed-IP-Netmask == 255.255.255.255,
Framed-Protocol == PPP,
Framed-Protocol == SLIP,
Framed-Compression == Van-Jacobson-TCP-IP,
Framed-MTU >= 576,
Framed-Filter-ID =~ ".*",
Reply-Message =~ ".*",
Session-Timeout <= 28800,
Idle-Timeout <= 600,
Port-Limit <= 2,
Ascend-Data-Filter = "ip in forward tcp est",
Ascend-Data-Filter = "ip in forward dstip ip.of.mail.box/32",
Ascend-Data-Filter = "ip in drop tcp dstport = 25",
Ascend-Data-Filter = "ip in forward"
And the following in /usr/local/freeradus/etc/raddb/radius.conf
authorize {
preprocess
attr_filter
sql
# files
# counter
# attr_filter
# eap
# suffix
# files
# mschap
}
but alas, the filters do not get send. What am I missing?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling errors on Solaris 8 Please help
At 10:52 AM 5/28/2002 -0400, Russell Premont wrote: >I have just downloaded FreeRadius 0.5. and am trying to compile it on >Solaris 8 for Sparc with the following option >changes --localstatedir=/var --sysconfdir=/etc. I can run the configure >command and everything is ok but when I run make I >get the following errors Try to use the CVS snapshots. We are nearing the 0.6 release, so there have been many fixes since 0.5 came out. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compiling errors on Solaris 8 Please help
I have just downloaded FreeRadius 0.5. and am trying to compile it on Solaris 8 for Sparc with the following option changes --localstatedir=/var --sysconfdir=/etc. I can run the configure command and everything is ok but when I run make I get the following errors gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DND EBUG -I../../include -c rlm_eap.c -o rlm_eap.o In file included from rlm_eap.c:25: eap.h:9: ltdl.h: No such file or directory In file included from eap.h:17, from rlm_eap.c:25: /usr/include/netinet/in.h:271: warning: `INADDR_ANY' redefined ../../include/missing.h:73: warning: this is the location of the previous definition /usr/include/netinet/in.h:272: warning: `INADDR_LOOPBACK' redefined ../../include/missing.h:77: warning: this is the location of the previous definition make[6]: *** [rlm_eap.o] Error 1 make[6]: Leaving directory `/export/home/russell/freeradius-0.5/src/modules/rlm_eap' make[5]: *** [common] Error 1 make[5]: Leaving directory `/export/home/russell/freeradius-0.5/src/modules' make[4]: *** [all] Error 2 make[4]: Leaving directory `/export/home/russell/freeradius-0.5/src/modules' make[3]: *** [common] Error 1 make[3]: Leaving directory `/export/home/russell/freeradius-0.5/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/export/home/russell/freeradius-0.5/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/export/home/russell/freeradius-0.5' make: *** [all] Error 2 Could someone please tell me what the problem might be. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Pls help
"Mazen R. Kassem" <[EMAIL PROTECTED]> wrote:
> I'm using {radtest username "password" server.domain } command you can
> see the result on raddebug attached with all my configured files
...
> <> <> <> <>
> <> <> <>
I have no idea why you included the 'dictionary' file, as that is
already distributed with the server, and should NOT be changed.
raddebug says:
>rlm_ldap: performing search in dc=integratednetworks,dc=net, with filter (uid=taher)
>rlm_ldap: object not found or got ambiguous search result
>ldap_release_conn: Release Id: 0
> modcall[authenticate]: module "ldap" returns notfound
That would appear to be the problem. Did you try reading the log
message, and verifing that the objects are in your LDAP database?
In any case, it's either an LDAP problem, or a problem with a
misconfiguring the server to use an incorrect LDAP query. I would
suggest using ldap debugging tools to track down the problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Pls help
Title: Pls help
Hi
I sent this email for more than twice but nobody answer I hope this time someone help in here
I been working for few days on integrating freeradius and openldap on redhat 7.1 but unfortunately not get success tell know either some configuration missed or I don't know I follow all the examples attached with the documents but radius test always fail
I'm using {radtest username "password" server.domain } command you can see the result on raddebug attached with all my configured files
I will appreciate if you could help me in here
Best regards mazen
<> <> <> <> <> <> <>
Integrated Networks Co.
Tel: 2734474 x 148
Fax: 2734117 x 148
Mob: 054170626
Email: [EMAIL PROTECTED]
clients
Description: clients
clients.conf
Description: clients.conf
dictionary
Description: dictionary
raddebug
Description: raddebug
radiusd.conf
Description: radiusd.conf
slapd.conf
Description: slapd.conf
users
Description: users
Re: HELP!!!!!!! I'm so confused
Read the documentation.
--Original Message Text---
From: Steve Camacho
Date: Thu, 23 May 2002 11:21:59 -0400
Clean Clean DocumentEmail MicrosoftInternetExplorer4 st1\:*{behavior:url(#default#ieooui) } /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";}
Hello,
I came across freeRADIUS recently and decided to give it a try. It seems like a great idea and it has all the features I need. However, installing it is another story. Im trying to setup freeRADIUS to do some simple authentication and monitoring for my dialup and ISDN users. I dont need it for anything else. Im using a Cisco AS 5300 for the NAS (terminal server) and Im running freeRADIUS on FreeBSD 4.2. I wanted to design my own database and point freeRADIUS to certain tables and fields within the DB. I hope to make this part of a much larger system. However Im not sure if thats possible. Does FreeRADIUS create its own DB and tables or can it be customized? What I really need is more detailed instruction for installation on FreeBSD 4.2 using mySQL. If someone could give me any information on this topic or point me in the correct direction that would be great. I looked through the FAQs and the /doc directory and I could not find enough information to clarify things for me. Anything you can suggest would be great.
Thanks in advance,
--
Steve Camacho
Jr. Systems Administrator
As opiniões formuladas neste e-mail são de caráter
exclusivamente pessoal. Minha opinião não necessariamente
representa a opinião do meu Moto Grupo nem da empresa onde
trabalho.
Mene Sakkhet ur-seveh
Alexandre Ganso - Diretor Steel Goose Moto Group
6, 7 e 8 de setembro - Aniversario 10 anos Steel Goose - Ouro Branco - MG
500 Four Vermelha
[EMAIL PROTECTED]
ICQ# 3778773
Re: HELP!!!!!!! I'm so confused
raddb/sql.conf - Original Message - From: "Steve Camacho" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, May 23, 2002 3:09 PM Subject: RE: HELP!!! I'm so confused > Where can I find the queries to edit. The only thing I see is the > script that creates the default table. > > steve > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of Alan DeKok > Sent: Thursday, May 23, 2002 12:33 PM > To: [EMAIL PROTECTED] > Subject: Re: HELP!!! I'm so confused > > "Steve Camacho" <[EMAIL PROTECTED]> wrote: > > I wanted to design my own database and point freeRADIUS to certain > > tables and fields within the DB. > > FreeRADIUS lets you do this. That's why the SQL queries are > customizable. > > For the default MySQL tables, ee: > > See 'src/modules/rlm_sql/drivers/rlm_sql_mysql/ > > > What I really need is more detailed instruction for installation on > > FreeBSD 4.2 using mySQL. > > There isn't much in the way of documentation. Set up the database, > create the tables, edit the queries, and it should work. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: HELP!!!!!!! I'm so confused
Where can I find the queries to edit. The only thing I see is the script that creates the default table. steve -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Alan DeKok Sent: Thursday, May 23, 2002 12:33 PM To: [EMAIL PROTECTED] Subject: Re: HELP!!! I'm so confused "Steve Camacho" <[EMAIL PROTECTED]> wrote: > I wanted to design my own database and point freeRADIUS to certain > tables and fields within the DB. FreeRADIUS lets you do this. That's why the SQL queries are customizable. For the default MySQL tables, ee: See 'src/modules/rlm_sql/drivers/rlm_sql_mysql/ > What I really need is more detailed instruction for installation on > FreeBSD 4.2 using mySQL. There isn't much in the way of documentation. Set up the database, create the tables, edit the queries, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HELP!!!!!!! I'm so confused
"Steve Camacho" <[EMAIL PROTECTED]> wrote: > I wanted to design my own database and point freeRADIUS to certain > tables and fields within the DB. FreeRADIUS lets you do this. That's why the SQL queries are customizable. For the default MySQL tables, ee: See 'src/modules/rlm_sql/drivers/rlm_sql_mysql/ > What I really need is more detailed instruction for installation on > FreeBSD 4.2 using mySQL. There isn't much in the way of documentation. Set up the database, create the tables, edit the queries, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
HELP!!!!!!! I'm so confused
Hello, I came across freeRADIUS recently and decided to give it a try. It seems like a great idea and it has all the features I need. However, installing it is another story. I’m trying to setup freeRADIUS to do some simple authentication and monitoring for my dialup and ISDN users. I don’t need it for anything else. I’m using a Cisco AS 5300 for the NAS (terminal server) and I’m running freeRADIUS on FreeBSD 4.2. I wanted to design my own database and point freeRADIUS to certain tables and fields within the DB. I hope to make this part of a much larger system. However I’m not sure if that’s possible. Does FreeRADIUS create its own DB and tables or can it be customized? What I really need is more detailed instruction for installation on FreeBSD 4.2 using mySQL. If someone could give me any information on this topic or point me in the correct direction that would be great. I looked through the FAQs and the /doc directory and I could not find enough information to clarify things for me. Anything you can suggest would be great. Thanks in advance, -- Steve Camacho Jr. Systems Administrator
Re: FreeRadius Help Please..
"Johnno" <[EMAIL PROTECTED]> wrote: > I can this error and how do i fix it.. > > radiusd: Starting - reading configuration files ... > radiusd: radiusd.conf[426] Failed to link to module 'rlm_unix': file not > found Read the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Help Please..
> Thanks for you help Matt.. No problems. > I did that and now I get.. > > radiusd: Starting - reading configuration files ... > radiusd: radiusd.conf[426]: unix: Module instantiation failed. Not sure about that one.. If you know how to use it, you might want to see if you have strace, and see if you can see what's causing it to fail. The unix module doesn't need much configuring from what I recall, so I couldn't think what would cause it to fail. What unix variant are you building this on? Matt. -- This email is encrypted. To de-crypt : 1) Run the WhatITyped2WhatIMeant utility. 2) Disable your personal reality distortion field. 3) Add single instance of salt() - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Help Please..
Thanks for you help Matt.. I did that and now I get.. radiusd: Starting - reading configuration files ... radiusd: radiusd.conf[426]: unix: Module instantiation failed. Johnno - Original Message - From: "Matthew Wallis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, May 20, 2002 10:12 PM Subject: Re: FreeRadius Help Please.. > Yup, those are static libs, if you check with something like strace, > you'll find that radiusd is trying to load rlm_unix.so from the libs > directory. > > Build freeradius again, starting with deleting config.cache, and then > do make clean. > > Configure it with the option --enable-shared, and see how you go. > > Matt. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Help Please..
> where about will I find this in the lib directory?? > > in the lib directory i have > > rlm_unix.a > rlm_unix.la > > Johnno > Yup, those are static libs, if you check with something like strace, you'll find that radiusd is trying to load rlm_unix.so from the libs directory. Build freeradius again, starting with deleting config.cache, and then do make clean. Configure it with the option --enable-shared, and see how you go. Matt. -- This email is encrypted. To de-crypt : 1) Run the WhatITyped2WhatIMeant utility. 2) Disable your personal reality distortion field. 3) Add single instance of salt() - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Help Please..
where about will I find this in the lib directory?? in the lib directory i have rlm_unix.a rlm_unix.la Johnno - Original Message - From: "Matthew Wallis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, May 20, 2002 9:38 PM Subject: Re: FreeRadius Help Please.. > > > Hello, > > > > I have just installed FreeRadius, but when I do a > > > > ./radiusd -f -y > > > > I can this error and how do i fix it.. > > > > radiusd: Starting - reading configuration files ... > > radiusd: radiusd.conf[426] Failed to link to module 'rlm_unix': file not > > found > > Check that you have a rlm_unix.so file and not a rlm_unix.la file. > One is a static library, the other is a dynamic library. > > By default, freeradius will try to load the dynamic library. > > Matt. > > > -- > This email is encrypted. To de-crypt : > > 1) Run the WhatITyped2WhatIMeant utility. > 2) Disable your personal reality distortion field. > 3) Add single instance of salt() > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Help Please..
> Hello, > > I have just installed FreeRadius, but when I do a > > ./radiusd -f -y > > I can this error and how do i fix it.. > > radiusd: Starting - reading configuration files ... > radiusd: radiusd.conf[426] Failed to link to module 'rlm_unix': file not > found Check that you have a rlm_unix.so file and not a rlm_unix.la file. One is a static library, the other is a dynamic library. By default, freeradius will try to load the dynamic library. Matt. -- This email is encrypted. To de-crypt : 1) Run the WhatITyped2WhatIMeant utility. 2) Disable your personal reality distortion field. 3) Add single instance of salt() - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius Help Please..
Hello, I have just installed FreeRadius, but when I do a ./radiusd -f -y I can this error and how do i fix it.. radiusd: Starting - reading configuration files ... radiusd: radiusd.conf[426] Failed to link to module 'rlm_unix': file not found Many Thanks, Johnno - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help on freeRadius
Hi All, I have configured Radius authentication for our Cisco routers using freeRadius and Openldap. I used the AA authentication ... command on the cisco router to do this. The system is working fine, and I am able to authenticate users against the freeradius server with openldap. Now, I want to configure aaa authorisation for the cisco routers. How do I configure freeRadius and openldap to permit telnet access only to a few users, and deny telnet to the rest ? Many thanks for the help Michael Fuller. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySql accounting help
Alan- Excellent- thanks for this information. I now am able to send/test accounting packets. Rudimentary right now- but I'll be working it this weekend. Here is the result of a test packet: Sending Accounting-Request of id 140 to 127.0.0.1:1813 User-Name = "testuser" User-Password = "" NAS-IP-Address = 127.0.0.1 NAS-Port-Id = "0" Service-Type = Framed-User Acct-Status-Type = Start Acct-Session-Time = 24600 Acct-Session-Id = "12345" Acct-Authentic = Local rad_recv: Accounting-Response packet from host 127.0.0.1:1813, id=140, length=20 Here is how I changed my test file: User-Name = testuser User-Password = Nas-IP-Address = 127.0.0.1 Nas-Port-ID = 0 Service-Type = Framed-User Acct-Status-Type = Start Acct-Session-Time = 024600 Acct-Session-Id = 12345 Acct-Authentic = Local And here is my command line: radclient -x -f test localhost acct Of course, additional attributes can be added. M On Fri, 2002-05-10 at 14:27, Alan DeKok wrote: > Michael Klatsky <[EMAIL PROTECTED]> wrote: > > This is the ouptut of radclient. Below is the command line I used, along > > with the test file contents. > > > > radclient -f test -x localhost acct > > > > test: > > > > User-Name = testuser > > User-Password = > > Acct-Status-Type = Start > > You need Acct-Session-Id, too. > > See the RFC's for a list of attributes you need in an accounting > packet. A good starting point is: > >http://freeradius.org/rfc/attributes.html > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Sincerely, Michael Klatsky Senior Unix Administrator Connecticut Telephone 1 Talcott Plaza Hartford, CT 06103 1-860-240-6496 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySql accounting help
Michael Klatsky <[EMAIL PROTECTED]> wrote: > This is the ouptut of radclient. Below is the command line I used, along > with the test file contents. > > radclient -f test -x localhost acct > > test: > > User-Name = testuser > User-Password = > Acct-Status-Type = Start You need Acct-Session-Id, too. See the RFC's for a list of attributes you need in an accounting packet. A good starting point is: http://freeradius.org/rfc/attributes.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySql accounting help
Yes- that's what this output is from. I am not at the point where I am going to receive packets from a NAS yet. This is the ouptut of radclient. Below is the command line I used, along with the test file contents. radclient -f test -x localhost acct test: User-Name = testuser User-Password = Acct-Status-Type = Start Thanks again. M On Fri, 2002-05-10 at 14:19, Alan DeKok wrote: > Michael Klatsky <[EMAIL PROTECTED]> wrote: > > So my question is- how can I test accounting? It doesn't appear to be > > sending the info to mysql database, as this log entry shows: > > ... > > radius_xlat: 'rlm_sql: packet has no account status type. [user > > 'testuser', nas '255.255.255.255']' > > Step one would be convincing your NAS to send RFC compliant > accounting packets. > > You can test it yourself via 'radclient', which comes with the > server. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Sincerely, Michael Klatsky Senior Unix Administrator Connecticut Telephone 1 Talcott Plaza Hartford, CT 06103 1-860-240-6496 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySql accounting help
Michael Klatsky <[EMAIL PROTECTED]> wrote: > So my question is- how can I test accounting? It doesn't appear to be > sending the info to mysql database, as this log entry shows: > ... > radius_xlat: 'rlm_sql: packet has no account status type. [user > 'testuser', nas '255.255.255.255']' Step one would be convincing your NAS to send RFC compliant accounting packets. You can test it yourself via 'radclient', which comes with the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySql accounting help
Good afternoon- I have just configured freeradius .5, using ldap auth. That part works just fine. However, I wish to use mysql for accounting only. Upon startup, the log shows a successful connection to the mysql server/database: rlm_sql: Driver rlm_sql_mysql loaded and linked rlm_sql: Attempting to connect to root@localhost:/radius rlm_sql: Connected new DB handle, #0 rlm_sql: Connected new DB handle, #1 rlm_sql: Connected new DB handle, #2 rlm_sql: Connected new DB handle, #3 rlm_sql: Connected new DB handle, #4 Module: Instantiated sql (sql) So my question is- how can I test accounting? It doesn't appear to be sending the info to mysql database, as this log entry shows: modcall[accounting]: module "detail" returns ok Accounting: no Accounting-Status-Type record. modcall[accounting]: module "unix" returns noop radius_xlat: 'rlm_sql: packet has no account status type. [user 'testuser', nas '255.255.255.255']' Thanks in advance for any help. -- Sincerely, Michael Klatsky Senior Unix Administrator Connecticut Telephone 1 Talcott Plaza Hartford, CT 06103 1-860-240-6496 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius+oracle help!!!!!!!!
Hello!
Check your 'radreply' and 'radcheck' tables, OP field must be varchar2 type.
Try to execute check query from SQL Plus.
Replace value in OP '==' by ':=' in tables (it doesn't matter in my version,
but you could try).
in radiusd.conf:
authorize {
preprocess
suffix
sql
}
- Original Message -
From: surd
To: [EMAIL PROTECTED]
Sent: Monday, May 06, 2002 4:51 AM
Subject: freeradius+oracle help
hi everyone:
I am puzzled by the errors when i am trying to use freeradius+oracle. Can
you give me a favor?
I am using Redhat7.2+oracle8.1.7 on the same computer and the process of
installation is nothing wrong. The rlm_sql_oracle
is compiled successfully. Then I configured the conf file(mainly
radiusd.conf and sql.conf) and run
it in debug mode. The rlm_sql_oracle module is loaded and linked normally.
Then I use the db_oracle.sql file provided by the package to configure the
oracle db. But I find
that table dicitionary can not be created. Then I comment the section about
table dictionary in
db_oracle.sql file. And I add a column named op to
tables(radcheck,radreply,radgroupcheck,radgroupreply)
.As a result, db_oracle.sql is run normally. I don't know whether what i
have done is right or not.
i add a user(insert into radcheck values ('1','bob','Password','bob','=='));
I add a record into table radreply(insert into radreply
values('1','bob','Reply-Message','hi','=');
then i use the test program to test my configuration. Error appeared in the
output of debug.
my radiusd.conf and debug output is shown in the end.
#radiusd.conf configuration
authorize {
sql
}
authenticate {
chap
}
preacct {
# suffix
# files
# preprocess
}
accounting {
sql
}
session {
radutmp
}
# debug output
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = no
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded SQL
sql: driver = "rlm_sql_oracle"
sql: server = "localhost"
sql: port = ""
sql: login = "sys"
sql: password = "change_on_install"
sql: radius_db = "mydata"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = no
sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
freeradius+oracle help!!!!!!!!
hi everyone:
I am puzzled by the errors when i am trying to use
freeradius+oracle. Can you give me a favor?
I am using Redhat7.2+oracle8.1.7 on the same computer and the
process of installation is nothing wrong. The rlm_sql_oracleis compiled
successfully. Then I configured the conf file(mainly radiusd.conf and sql.conf)
and runit in debug mode. The rlm_sql_oracle module is loaded and linked
normally.Then I use the db_oracle.sql file provided by the package to
configure the oracle db. But I find that table dicitionary can not be
created. Then I comment the section about table dictionary indb_oracle.sql
file. And I add a column named op to
tables(radcheck,radreply,radgroupcheck,radgroupreply).As a result,
db_oracle.sql is run normally. I don't know whether what i have done is right or
not.
i add a user(insert into radcheck values
('1','bob','Password','bob','=='));I add a record into table radreply(insert
into radreply values('1','bob','Reply-Message','hi','=');
then i use the test program to test my configuration. Error
appeared in the output of debug.my radiusd.conf and debug output is shown in
the end.
#radiusd.conf configuration
authorize { sql}authenticate
{ chap}preacct
{# suffix# files# preprocess}accounting
{ sql}session { radutmp}
# debug output
Starting - reading configuration files
...reread_config: reading radiusd.confConfig:
including file: /usr/local/etc/raddb/clients.confConfig:
including file: /usr/local/etc/raddb/sql.conf main: prefix =
"/usr/local" main: localstatedir = "/usr/local/var" main:
logdir = "/usr/local/var/log/radius" main: libdir =
"/usr/local/lib" main: radacctdir =
"/usr/local/var/log/radius/radacct" main: hostname_lookups =
noread_config_files: reading dictionaryread_config_files:
reading clientsread_config_files: reading
realmsread_config_files: reading naslist main:
max_request_time = 30 main: cleanup_delay = 5 main:
max_requests = 1024 main: delete_blocked_requests = 0 main:
port = 0 main: allow_core_dumps = no main: log_stripped_names
= no main: log_auth = no main: log_auth_badpass =
no main: log_auth_goodpass = no main: pidfile =
"/usr/local/var/run/radiusd.pid" main: user = "root" main:
group = "root" main: usercollide = no main: lower_user =
"no" main: lower_pass = "no" main: nospace_user =
"no" main: nospace_pass = "no" main: proxy_requests =
no main: debug_level = 0read_config_files: entering modules
setupModule: Library search path is /usr/local/libModule: Loaded CHAP
Module: Instantiated chap (chap) Module: Loaded SQL sql:
driver = "rlm_sql_oracle" sql: server = "localhost" sql: port
= "" sql: login = "sys" sql: password =
"change_on_install" sql: radius_db = "mydata" sql: acct_table
= "radacct" sql: acct_table2 = "radacct" sql: authcheck_table
= "radcheck" sql: authreply_table = "radreply" sql:
groupcheck_table = "radgroupcheck" sql: groupreply_table =
"radgroupreply" sql: usergroup_table = "usergroup" sql:
nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace
= no sql: sqltracefile =
"/usr/local/var/log/radius/sqltrace.sql" sql: deletestalesessions =
yes sql: num_sql_socks = 5 sql: sql_user_name =
"%{User-Name}" sql: authorize_check_query = "SELECT
id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}'
ORDER BY id" sql: authorize_reply_query = "SELECT
id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}'
ORDER BY id" sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY
radgroupcheck.id" sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id" sql: authenticate_query = "SELECT Value,Attribute
FROM radcheck WHERE UserName = '%{User-Name}' AND ( Attribute = 'User-Password'
OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute
DESC" sql: accounting_onoff_query = "UPDATE radacct SET
AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') -
unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}',
AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0
AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <=
'%S'" sql: accounting_update_query = "UPDATE radacct SET
FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId =
'%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND NASIPAddress=
'%{NAS-IP-Address}'" sql: accounting_start_query = "INSERT into radacct
(RadAcctId
Re[2]: mysql + ms-chap2 - help me
At 10:06 AM 4/22/2002 +0400, rust wrote: >Hello Chris, > >Friday, April 19, 2002, 6:14:12 PM, you wrote: > >CP> At 12:17 PM 4/19/2002 +0400, rust wrote: > >>Hello freeradius-users, > >> > >> > >>I build pppd with radius.so plugin and it work with freeradius and PAP > >>auth with > >>encrypted passwords in mysql base. > >>Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2 > >> > >>I add user "rust" with pass "qwerty" in table radcheck in database radius > >> > >> > > >> > >> id UserName AttributeValue > >> 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE > >CP> You should add an Auth-Type := MS-CHAP ( don't forget about the operator >CP> column ). > > >What must be in op. column?? The operator. See 'man users'. It can ==, !=, :=, etc. And, you made two conflicting changes. Try putting back the original LM-Password. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[3]: mysql + ms-chap2 - help me
Dear rust,
--Monday, April 22, 2002, 10:06:59 AM, you wrote to [EMAIL PROTECTED]:
r> I change from
r> authorize {
r> preprocess
r> suffix
r> mschap
r> sql
r> }
r> to
r> authorize {
r> preprocess
r> suffix
r> sql
r> mschap
r> }
r> Table radcheck in database radius
r>
r> id UserName Attribute Value op
r> 1 rust Password 598DDCE2660D3193AAD3B435B51404EE
Now MS-CHAP is called for authentication but it fails due to invalid
password.
It looks like you've missed Password and NT-Password or LM-Password.
Password is cleartext password. If you want to use LM, NT or both you
should use 2 attributes LM-Password and NT-Password instead of Password.
r> and i have now:
r> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
r> Ready to process requests.
r> rad_recv: Access-Request packet from host 192.168.200.1:4539, id=57, length=132
r> Service-Type = Framed-User
r> Framed-Protocol = PPP
r> User-Name = "rust"
r> MS-CHAP-Challenge = 0x57f059a9234695cc18e4d76872562e67
r> MS-CHAP2-Response =
0x01001a4875d0fee41ae7e7d3f73ac484e78f292ed1a9b338633ff19c2f260e8a83e20bfa83de3f8624bb
r> NAS-IP-Address = 127.0.0.1
r> NAS-Port = 1
r> modcall: entering group authorize
r> modcall[authorize]: module "preprocess" returns ok
r> modcall[authorize]: module "suffix" returns ok
r> radius_xlat: 'rust'
r> sql_escape in: 'rust'
r> sql_escape out: 'rust'
r> sql_set_user: escaped user --> 'rust'
r> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'rust' ORDER BY id'
r> rlm_sql: Reserving sql socket id: 4
r> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'rust' ORDER
BY id
r> radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND
r> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
r> SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND
usergroup.GroupName
r> = radgroupcheck.GroupName ORDER BY radgroupcheck.id
r> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'rust' ORDER BY id'
r> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'rust' ORDER
BY id
r> radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND
r> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
r> SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND
usergroup.GroupName
r> = radgroupreply.GroupName ORDER BY radgroupreply.id
r> radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND (
Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password'
) ORDER BY Attribute DESC'
r> SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND ( Attribute =
'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY
Attribute DESC
r> rlm_sql: Released sql socket id: 4
r> modcall[authorize]: module "sql" returns ok
r> modcall[authorize]: module "mschap" returns ok
r> modcall: group authorize returns ok
r> rad_check_password: Found Auth-Type MS-CHAP
r> auth: type "MS-CHAP"
r> modcall: entering group authenticate
r> modcall[authenticate]: module "mschap" returns reject
r> modcall: group authenticate returns reject
r> auth: Failed to validate the user.
r> Delaying request 0 for 1 seconds
r> Finished request 0
r> Going to the next request
r> What wrong??
--
~/ZARAZA
Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà
âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: mysql + ms-chap2 - help me
Hello Chris,
Friday, April 19, 2002, 6:14:12 PM, you wrote:
CP> At 12:17 PM 4/19/2002 +0400, rust wrote:
>>Hello freeradius-users,
>>
>>
>>I build pppd with radius.so plugin and it work with freeradius and PAP
>>auth with
>>encrypted passwords in mysql base.
>>Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2
>>
>>I add user "rust" with pass "qwerty" in table radcheck in database radius
>>
>>
>>
>> id UserName AttributeValue
>> 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE
CP> You should add an Auth-Type := MS-CHAP ( don't forget about the operator
CP> column ).
What must be in op. column??
I change from
authorize {
preprocess
suffix
mschap
sql
}
to
authorize {
preprocess
suffix
sql
mschap
}
Table radcheck in database radius
id UserName Attribute Value op
1 rust Password 598DDCE2660D3193AAD3B435B51404EE
and i have now:
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.200.1:4539, id=57, length=132
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "rust"
MS-CHAP-Challenge = 0x57f059a9234695cc18e4d76872562e67
MS-CHAP2-Response =
0x01001a4875d0fee41ae7e7d3f73ac484e78f292ed1a9b338633ff19c2f260e8a83e20bfa83de3f8624bb
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
modcall[authorize]: module "suffix" returns ok
radius_xlat: 'rust'
sql_escape in: 'rust'
sql_escape out: 'rust'
sql_set_user: escaped user --> 'rust'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username =
'rust' ORDER BY id'
rlm_sql: Reserving sql socket id: 4
SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'rust' ORDER BY id
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username =
'rust' ORDER BY id'
SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'rust' ORDER BY id
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id
radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND (
Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password'
) ORDER BY Attribute DESC'
SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND ( Attribute =
'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY
Attribute DESC
rlm_sql: Released sql socket id: 4
modcall[authorize]: module "sql" returns ok
modcall[authorize]: module "mschap" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
modcall[authenticate]: module "mschap" returns reject
modcall: group authenticate returns reject
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
What wrong??
--
Best regards,
rustmailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql + ms-chap2 - help me
Dear rust,
First, sql should be _before_ mschap in authorize{}. Second, set NT
password (it's better to set both NT and LM passwords).
--Friday, April 19, 2002, 12:17:54 PM, you wrote to [EMAIL PROTECTED]:
r> Hello freeradius-users,
r> I build pppd with radius.so plugin and it work with freeradius and PAP auth with
r> encrypted passwords in mysql base.
r> Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2
r> I add user "rust" with pass "qwerty" in table radcheck in database radius
r>
r> id UserName AttributeValue
r> 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE
r>
r> ./radiusd -X logs next:
r> Starting - reading configuration files ...
r> reread_config: reading radiusd.conf
r> Config: including file: /usr/local/etc/raddb/proxy.conf
r> Config: including file: /usr/local/etc/raddb/clients.conf
r> Config: including file: /usr/local/etc/raddb/snmp.conf
r> Config: including file: /usr/local/etc/raddb/sql.conf
r> main: prefix = "/usr/local"
r> main: localstatedir = "/usr/local/var"
r> main: logdir = "/usr/local/var/log/radius"
r> main: libdir = "/usr/local/lib"
r> main: radacctdir = "/usr/local/var/log/radius/radacct"
r> main: hostname_lookups = no
r> read_config_files: reading dictionary
r> read_config_files: reading clients
r> read_config_files: reading realms
r> read_config_files: reading naslist
r> main: max_request_time = 30
r> main: cleanup_delay = 5
r> main: max_requests = 1024
r> main: delete_blocked_requests = 0
r> main: port = 0
r> main: allow_core_dumps = no
r> main: log_stripped_names = no
r> main: log_auth = no
r> main: log_auth_badpass = no
r> main: log_auth_goodpass = no
r> main: pidfile = "/usr/local/var/run/radiusd.pid"
r> main: user = "root"
r> main: group = "root"
r> main: usercollide = no
r> main: lower_user = "no"
r> main: lower_pass = "no"
r> main: nospace_user = "no"
r> main: nospace_pass = "no"
r> main: proxy_requests = yes
r> proxy: retry_delay = 5
r> proxy: retry_count = 3
r> proxy: synchronous = no
r> proxy: default_fallback = yes
r> proxy: dead_time = 120
r> security: max_attributes = 200
r> security: reject_delay = 1
r> main: debug_level = 0
r> read_config_files: entering modules setup
r> Module: Library search path is /usr/local/lib
r> Module: Loaded MS-CHAP
r> mschap: ignore_password = no
r> mschap: use_mppe = yes
r> mschap: require_encryption = no
r> mschap: require_strong = no
r> mschap: passwd = "(null)"
r> mschap: authtype = "MS-CHAP"
r> Module: Instantiated mschap (mschap)
r> Module: Loaded preprocess
r> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
r> preprocess: hints = "/usr/local/etc/raddb/hints"
r> preprocess: with_ascend_hack = no
r> preprocess: ascend_channels_per_line = 23
r> preprocess: with_ntdomain_hack = no
r> preprocess: with_specialix_jetstream_hack = no
r> preprocess: with_cisco_vsa_hack = no
r> Module: Instantiated preprocess (preprocess)
r> Module: Loaded realm
r> realm: format = "suffix"
r> realm: delimiter = "@"
r> Module: Instantiated realm (suffix)
r> Module: Loaded SQL
r> sql: driver = "rlm_sql_mysql"
r> sql: server = "192.168.200.1"
r> sql: port = ""
r> sql: login = "radius"
r> sql: password = "radpass"
r> sql: radius_db = "radius"
r> sql: acct_table = "radacct"
r> sql: acct_table2 = "radacct"
r> sql: authcheck_table = "radcheck"
r> sql: authreply_table = "radreply"
r> sql: groupcheck_table = "radgroupcheck"
r> sql: groupreply_table = "radgroupreply"
r> sql: usergroup_table = "usergroup"
r> sql: nas_table = "nas"
r> sql: dict_table = "dictionary"
r> sql: sqltrace = yes
r> sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
r> sql: deletestalesessions = yes
r> sql: num_sql_socks = 5
r> sql: sql_user_name = "%{User-Name}"
r> sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = '%{SQL-User-Name}' ORDER BY id"
r> sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = '%{SQL-User-Name}' ORDER BY id"
r> sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE
r> usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id"
r> sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE
r> usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id"
r> sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE UserName =
'%{User-Name}' AND ( Attribute = 'User-Password' OR Attr
Re: mysql + ms-chap2 - help me
At 12:17 PM 4/19/2002 +0400, rust wrote: >Hello freeradius-users, > > >I build pppd with radius.so plugin and it work with freeradius and PAP >auth with >encrypted passwords in mysql base. >Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2 > >I add user "rust" with pass "qwerty" in table radcheck in database radius > > > > id UserName AttributeValue > 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE You should add an Auth-Type := MS-CHAP ( don't forget about the operator column ). Here's the clue from the debug, that tells you this: >auth: No Auth-Type configuration for the request, rejecting the user >auth: Failed to validate the user. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql + ms-chap2 - help me
Hello freeradius-users,
I build pppd with radius.so plugin and it work with freeradius and PAP auth with
encrypted passwords in mysql base.
Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2
I add user "rust" with pass "qwerty" in table radcheck in database radius
id UserName AttributeValue
1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE
./radiusd -X logs next:
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/proxy.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/snmp.conf
Config: including file: /usr/local/etc/raddb/sql.conf
main: prefix = "/usr/local"
main: localstatedir = "/usr/local/var"
main: logdir = "/usr/local/var/log/radius"
main: libdir = "/usr/local/lib"
main: radacctdir = "/usr/local/var/log/radius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/usr/local/var/run/radiusd.pid"
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
security: max_attributes = 200
security: reject_delay = 1
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded MS-CHAP
mschap: ignore_password = no
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "192.168.200.1"
sql: port = ""
sql: login = "radius"
sql: password = "radpass"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = yes
sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = "%{User-Name}"
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply
WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE UserName =
'%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR
Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE
AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId
Re: dialup_admin help
On Mon, 15 Apr 2002, Armando Poyaoan wrote: > Hello to everybody, > > Im having a problem regarding some of the functionalities of dialup_admin > which are the Online Users, Edit User, New User and Check Server, > when I select this functions it gives a > pop-up output with the following message (Netscape:Error The document > contained no data) , > but with the explorer browser it gives a blank output. For the rest of the > dialup_admin functionalities (Accounting, Statistics, and Bad Users) are > working very fine. Any hint > regarding the problem? Call the individual pages directly. They are user_new.php3,user_finger.php3 etc. Check the apache server log files. > > > Thanks in Advance, > Armando > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help w/ Accounting error message
"Paul S. Puth" <[EMAIL PROTECTED]> wrote: > Mon Apr 15 12:18:27 2002 : Error: Received Accounting-Request packet > from xxx.xxx.xxx.xxx with invalid signature! > - > > and the radius accounting does not log any data coming from that > device. There is nothing wrong with the secret because customers are able > to authenticate. Some NAS boxes have a different secret for authentiction packets and accounting packets. You should check that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help w/ Accounting error message
Hi I am running FreeRadius 0.5. I keep seeing the following error in the radius.log file: - Mon Apr 15 12:18:27 2002 : Error: Received Accounting-Request packet from xxx.xxx.xxx.xxx with invalid signature! - and the radius accounting does not log any data coming from that device. There is nothing wrong with the secret because customers are able to authenticate. Can someone give me a hint or a clue on how to fix it? I tried searching for an answer with google.com but to no avail. Lucent PM3 Term servers, FreeBSD 4.5, MySQL Database ... Thanks, Paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin help
Hello to everybody, Im having a problem regarding some of the functionalities of dialup_admin which are the Online Users, Edit User, New User and Check Server, when I select this functions it gives a pop-up output with the following message (Netscape:Error The document contained no data) , but with the explorer browser it gives a blank output. For the rest of the dialup_admin functionalities (Accounting, Statistics, and Bad Users) are working very fine. Any hint regarding the problem? Thanks in Advance, Armando - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
No I don't want the mac addresses to have shells, I just thought it would be a little easier that's all. Thanks for your help. _ Chat with friends online, try MSN Messenger: http://messenger.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
I got it figured out thanks, btw you wouldn't happen to know how to set it up so it automatically starts and shuts down or can point me to a document. I know it has an init script. _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
"David Petruzzella" <[EMAIL PROTECTED]> wrote: > I'll try that next thanks, btw is there like a chat group or something where > we can get realtime help like a chat channel on an irc server some place? Not that I'm aware of. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
"David Petruzzella" <[EMAIL PROTECTED]> wrote: > I have it like that, but the wireless card won't authenticate. I also have > no way of adding the mac address to the passwd file, because usernames have > to start with an alpha character. Do you really want those "MAC address" usernames ot have login shells on your machine? Don't add MAC address to your passwd file. That's why RADIUS authentication is set up, and why the RADIUS server has it's own database of users. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
I'll try that next thanks, btw is there like a chat group or something where we can get realtime help like a chat channel on an irc server some place? _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
I have it like that, but the wireless card won't authenticate. I also have no way of adding the mac address to the passwd file, because usernames have to start with an alpha character. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
"David Petruzzella" <[EMAIL PROTECTED]> wrote: > 3. I tried adding a couple of MAC Addresses to the users file, but I can't > seem to get it to work it see's me trying to authenticate but it don't > authenticate. The ONLY way for you to debug the problem is to run the server in debugging mode. Get as much information as you can about what's heppening, and read any and all error messages. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
I'm running freeradius with SQL so I might be wrong here if I tell you that the account should be looking something like this in your users file. aabbcc-ccbbaa Auth-Type := Local, User-Password == "testing" The password should be the same as the secret of the Incoming Client (Router) This is what the clients file looks like. Client Name Secret 192.168.0.2 testing - Original Message - From: "David Petruzzella" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, April 13, 2002 6:59 AM Subject: Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP) > Can someone help me configure Free Radius to authenticate Mac Addresses for > my wireless network. Below is a list of what I have done so far. > > 1. Free Radius is compiled and running. > > 2. I have the ip addresses of my access points in the clients.conf file > which I'm suppose to have I believe. > > 3. I tried adding a couple of MAC Addresses to the users file, but I can't > seem to get it to work it see's me trying to authenticate but it don't > authenticate. If someone could help me out with this I would appreciate. A > clip of someone users file and clients.conf file will help, just so I can > make sure I have the format correct.. > > > I tried looking for information on the net in regards to this topic, but I > had no luck. The information you people have been giving me so far has been > helpful, but I still can't seem to get it to work right. Thanks in advance. > > > > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring Free Radius to do MAC Address Authentication (PLEASE HELP)
Can someone help me configure Free Radius to authenticate Mac Addresses for my wireless network. Below is a list of what I have done so far. 1. Free Radius is compiled and running. 2. I have the ip addresses of my access points in the clients.conf file which I'm suppose to have I believe. 3. I tried adding a couple of MAC Addresses to the users file, but I can't seem to get it to work it see's me trying to authenticate but it don't authenticate. If someone could help me out with this I would appreciate. A clip of someone users file and clients.conf file will help, just so I can make sure I have the format correct.. I tried looking for information on the net in regards to this topic, but I had no luck. The information you people have been giving me so far has been helpful, but I still can't seem to get it to work right. Thanks in advance. _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius newbee question, pls help
Hello, I'm very new with FreeRadius. Now I have a plan to let it work with our Cisco router for dial-up access and also work with Oracle & MS SQL. If any of you do something like that before, I'm happily to hear your suggestion & help. Tia, Nos
