Help needed.
Hello All,
I am a new user to this mailing list. I am using Radius server to see
how does it authenticate.
I am running freeradius on Linux machine and it is connected to a AP600
(Access Point) through which users are connected. Users are running on
Windows 2000 Professional. Following are the configuration I have done:
file - "clients.conf":
# 192.168.100.7 is the IP address of my Access Point (wireless) (AP600)
# which supports RADIUS.
192.168.100.7/24 {
secret = abcde
shortname = AP-600LAB
}
file - "users":
# TECH4 is the name of the wireless client (machine name) which is
# running on Windows.
TECH4 Auth-Type := EAP, User-Password == "password"
Reply-Message = "Hello, %u"
I think the problem is with the 'user' part. I dont know which
'Auth-Type' I have to use. Please help me in my settings.
Please let me know what modifications I have to do to make it working.
FYI: The 'radtest' is working fine.
--
=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=
--Best Regards,
Shashi.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius set up help needed
Hello Gurus, Iam a Research Assistant at George Mason University trying to set up freeradius server for cisco aironet 1200 APs (MAC based auth). Though I have been googling for almost 3 days I dont get the big picture. Its been hard to find documentation or configuration steps. Iam to install freeradius on RedHat Linux 9.0 that authenticates clients coming through cisco aironet 1200 APs. I have no clue what is to be done(totally confused). I would appreciate if anybody could run me through the process of getting this working/any extensive doc will be an added benifit. Thanking you all in anticipation, Ravi Kiran Bhaskar Do you Yahoo!? Exclusive Video Premiere - Britney Spears
Re: Help Needed Regarding Accounting in FreeRadius with / without MySql
On Wed, Jul 30, 2003 at 04:15:22PM +0530, Pradeep Rai wrote: > I do not know how to configure accounting information for new users. Does Tell your NAS to send accounting information. > this require MySQL for it. Is this possible w/o using MySQL. What all files you can log into detail files. > do I need to configure ? radiusd.conf, look for 'detail' Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help Needed Regarding Accounting in FreeRadius with / without MySql
Hi All, I am new to FreeRADIUS. I successfully installed it on Linux 2.4.18 system. I could add new users and could test authroization using radclient. I do not know how to configure accounting information for new users. Does this require MySQL for it. Is this possible w/o using MySQL. What all files do I need to configure ? I know there is simple web based interface available (Dialin_admin). But could any one help how to configure php3 in apache. Thanks in advance - Pradeep
Re: Serious error with accounting - help needed
Yasser Ahmed Hosny <[EMAIL PROTECTED]> wrote: > I am Freeradius 0.8.1 and I am writing accounting records to an Oracle > DB ver 8i. If the Database is down, the Freeradius give a segmentation > fault error and it dies also. I've tried also to point to another > database as a fail-over option, but the same results were encountered. > Worth to mention that if I am using the same scenario (database > fail-over) with Authentication the Freeradius did not fail. Try the latest CVS snapshot. It has many bug fixes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Serious error with accounting - help needed
I am Freeradius 0.8.1 and I am writing accounting records to an Oracle DB ver 8i. If the Database is down, the Freeradius give a segmentation fault error and it dies also. I've tried also to point to another database as a fail-over option, but the same results were encountered. Worth to mention that if I am using the same scenario (database fail-over) with Authentication the Freeradius did not fail. Can anyone help in this regard? Regards Yasser Ahmed Hosny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
group_member_query help needed
Title: group_member_query help needed Hello, Does anyone know how to use the "group_member_query" section of the sql.conf file? I would like to group my data into files based on the usergroup's GroupName. For example, if I have a group called "Boston", I would like all user's that logon from "Boston" to have their accounting data inserted into a file named Boston. This way I can manage my data by region rather than using a generic file such as "Radacct". Thanks Kenneth L. Miller Information Technology Specialist CENWP-IM-C Portland, Oregon (503) 808-5056
Re: Re[2]: Help needed with MS Chap v2
3APA3A <[EMAIL PROTECTED]> wrote: > I agree. Since 0.4 we warn people smbpasswd support in rlm_mschap is > outdated and will be removed in future versions. So it's time to remove > it. Done. Can you please double-check the module to ensure I didn't break anything? I've just re-added the support for SMB-Account-Ctrl, and done a few tests with MS-CHAPv1. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Help needed with MS Chap v2
Dear Alan DeKok, --Friday, March 28, 2003, 2:34:31 PM, you wrote to [EMAIL PROTECTED]: AD> To put it another way, what is the gain in having rlm_mschap read AD> /etc/smbpasswd? I agree. Since 0.4 we warn people smbpasswd support in rlm_mschap is outdated and will be removed in future versions. So it's time to remove it. -- ~/ZARAZA Стреляя во второй раз, он искалечил постороннего. Посторонним был я. (Твен) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS Chap v2
On Fri, Mar 28, 2003 at 06:34:31AM -0500, Alan DeKok wrote: > Frank Cusack <[EMAIL PROTECTED]>wrote: > > On Fri, Mar 28, 2003 at 11:51:36AM +0300, 3APA3A wrote: > > > /etc/smbpasswd is really not required and was only for compatibility > > > (anyway it should be noted in Release Notes for peoples who upgrade > > > their RADIUS versions). > > Yeah, I personally think both should be added back ... > > I am strongly opposed to duplicate functionality in the code. If > rlm_passwd can do all of the work of reading attributes from > /etc/smbpasswd, then we should use it, and not duplicate that code > elsewhere. > > To put it another way, what is the gain in having rlm_mschap read > /etc/smbpasswd? ah. none. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS Chap v2
Frank Cusack <[EMAIL PROTECTED]>wrote: > On Fri, Mar 28, 2003 at 11:51:36AM +0300, 3APA3A wrote: > > /etc/smbpasswd is really not required and was only for compatibility > > (anyway it should be noted in Release Notes for peoples who upgrade > > their RADIUS versions). I've done that, and added code to rlm_mschap which will complain if people try to configure it to use /etc/smbpasswd, and will tell people what to do to fix the problem. > > Removing SMB-Account-CTRL attribute handling is not good, I know people > > use it. It's very convinient if accounts are bulk imported from NT > > domain or from SAMBA. It's standard atribute from SAMBA passwd format, > > SAMBA LDAP schema, etc. That I agree with. But I was trying to take baby steps, to ensure that I could get one thing working, becofee I added another. > Yeah, I personally think both should be added back ... I am strongly opposed to duplicate functionality in the code. If rlm_passwd can do all of the work of reading attributes from /etc/smbpasswd, then we should use it, and not duplicate that code elsewhere. To put it another way, what is the gain in having rlm_mschap read /etc/smbpasswd? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS Chap v2
On Fri, Mar 28, 2003 at 11:51:36AM +0300, 3APA3A wrote: > > --Thursday, March 27, 2003, 2:39:42 PM, you wrote to [EMAIL PROTECTED]: > > > AD> Try the latest CVS snapshot. I've re-written rlm_mschap to be > AD> smaller, simpler, and to have significantly more debug messages. > > AD> It won't look at /etc/smbpasswd any more, but that's probably a Good > AD> Thing. > > /etc/smbpasswd is really not required and was only for compatibility > (anyway it should be noted in Release Notes for peoples who upgrade > their RADIUS versions). > > Removing SMB-Account-CTRL attribute handling is not good, I know people > use it. It's very convinient if accounts are bulk imported from NT > domain or from SAMBA. It's standard atribute from SAMBA passwd format, > SAMBA LDAP schema, etc. Yeah, I personally think both should be added back ... /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: Help needed with MS Chap v2
Dear Alan DeKok, --Thursday, March 27, 2003, 2:39:42 PM, you wrote to [EMAIL PROTECTED]: AD> Try the latest CVS snapshot. I've re-written rlm_mschap to be AD> smaller, simpler, and to have significantly more debug messages. AD> It won't look at /etc/smbpasswd any more, but that's probably a Good AD> Thing. /etc/smbpasswd is really not required and was only for compatibility (anyway it should be noted in Release Notes for peoples who upgrade their RADIUS versions). Removing SMB-Account-CTRL attribute handling is not good, I know people use it. It's very convinient if accounts are bulk imported from NT domain or from SAMBA. It's standard atribute from SAMBA passwd format, SAMBA LDAP schema, etc. -- ~/ZARAZA Машина оказалась способной к единственному действию, а именно умножению 2x2, да и то при этом ошибаясь. (Лем) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re[2]: Help needed with MS Chap v2
Hi Guy using the NAS to test with can be painfull. Here's what I do with radclient. radclient -f radtst-2.txt -x 127.0.0.1 auth testing123 Contents of file radtst-2.txt:- NAS-IP-Address = 10.3.1.252 NAS-Port = 1 NAS-Port-Type = Async User-Name = "barney" MS-CHAP-Challenge = 0xf891896ff83faf76 MS-CHAP-Response = 0x1c01000 02de6c684371d4373ff9ed97884686b55148577df9c12e0cc Service-Type = Framed-User Framed-Protocol = PPP The above is for user "barney" with passord "rockstar". Here's the hashes for same NT-Password: 746FDB64FD2E11D171D80823820969 LM-Password: 78D866152028B45E944E2DF489A880 I use the NAS at first and just screen-scrape (cut & paste actually) the challenge from the radiusd -sxx debug output for use with radclient. I use the PuTTY telnet client. Regards Mike D. >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Guy Warner >Sent: Thursday, March 27, 2003 5:09 PM >To: [EMAIL PROTECTED] >Subject: Re[2]: Help needed with MS Chap v2 > > >At 19:47 26/03/2003 +0300, you wrote: >>Dear Guy Warner, >> >>This line simply notifies you there is no authentication schema may be >>used for packet (for MS-CHAPv1 both LM and NT authentication is >>available, for MS-CHAPv2 only NT and it fails in your case). Packet >>corruption is most unlikely from all variants. > > >Hi > >Thanks for all your help so far. Given then that no authentication schema >is available is this because of a invalid MS-CHAP-Challenge and >MS-CHAP2-Response pair. If so is there any software to manually generate >the pairings so that the server can be tested with radclient. If on the >other hand the pairing is correct what are the most likely causes of this >problem. I am confident that the username and password being sent >are valid >and the password contains no non-ascii characters. > >Thanks again > >Guy Warner > > > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: Help needed with MS Chap v2
Guy Warner <[EMAIL PROTECTED]> wrote: > Thanks for all your help so far. Given then that no authentication schema > is available is this because of a invalid MS-CHAP-Challenge and > MS-CHAP2-Response pair. If so is there any software to manually generate > the pairings so that the server can be tested with radclient. Not really. > If on the other hand the pairing is correct what are the most likely > causes of this problem. I am confident that the username and > password being sent are valid and the password contains no non-ascii > characters. Try the latest CVS snapshot. I've re-written rlm_mschap to be smaller, simpler, and to have significantly more debug messages. It won't look at /etc/smbpasswd any more, but that's probably a Good Thing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Help needed with MS Chap v2
At 19:47 26/03/2003 +0300, you wrote: Dear Guy Warner, This line simply notifies you there is no authentication schema may be used for packet (for MS-CHAPv1 both LM and NT authentication is available, for MS-CHAPv2 only NT and it fails in your case). Packet corruption is most unlikely from all variants. Hi Thanks for all your help so far. Given then that no authentication schema is available is this because of a invalid MS-CHAP-Challenge and MS-CHAP2-Response pair. If so is there any software to manually generate the pairings so that the server can be tested with radclient. If on the other hand the pairing is correct what are the most likely causes of this problem. I am confident that the username and password being sent are valid and the password contains no non-ascii characters. Thanks again Guy Warner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Help needed with MS Chap v2
Dear Guy Warner,
This line simply notifies you there is no authentication schema may be
used for packet (for MS-CHAPv1 both LM and NT authentication is
available, for MS-CHAPv2 only NT and it fails in your case). Packet
corruption is most unlikely from all variants.
--Wednesday, March 26, 2003, 7:38:27 PM, you wrote to [EMAIL PROTECTED]:
GW> Thanks for the fast replies. The line
GW> Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the user
GW> makes me believe the packet is corrupted. Is there any way to test this. My
GW> suspicion is that the packet is being corrupted by the proxy server, however
GW> since this is running a dedicated operating system there is not a lot I can
GW> modify on it. The software used to send the initial request to the proxy is
GW> RASPPOE_098B.
GW> The LDAP server is authorizing the user names fine.
GW> Thanks again.
GW> Guy Warner
GW> - Original Message -
GW> From: "3APA3A" <[EMAIL PROTECTED]>
GW> To: "Guy Warner" <[EMAIL PROTECTED]>
GW> Sent: Wednesday, March 26, 2003 4:19 PM
GW> Subject: Re: Help needed with MS Chap v2
>> Dear Guy Warner,
>>
>> Authentication fails because of username or password mismatch. It may be
>> if packet is corrupted, if realm is not stripped from username or
>> password contains non-ASCII characters.
>>
>> --Wednesday, March 26, 2003, 7:10:32 PM, you wrote to
GW> [EMAIL PROTECTED]:
>>
>> GW> Hi
>>
>> GW> I am trying to set up a Freeradius 0.8.1 server to authenticate users
GW> with
>> GW> MS Chap v2. The information about each user is obtained from an LDAP
GW> server.
>> GW> The requests for authentication are being received via a proxy server.
>>
>> GW> The problem is that all requests to authenticate a user result in
>> GW> rlm_mschap: Nothing in the packet I recognise: Rejecting the
GW> user
>>
>> GW> The mschap section of radiusd.conf is as follows
>>
>> GW> mschap {
>> GW> authtype = MS-CHAP
>> GW> use_mppe = yes
>> GW> require_encryption = yes
>> GW> require_strong = yes
>> GW> }
>>
>>
>> GW> The output from radiusd in debug mode contains the following
>>
>> GW> rad_recv: Access-Request packet from host :1814,
GW> id=3,
>> GW> length=172
>> GW> MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
>> GW> MS-CHAP2-Response =
>> GW>
GW> 0x0100613e878f3075d4825db25f99da79dac32d620d49a20f637cae65f3
>> GW> 05c09460bdc1c3047ab43476f5
>> GW> User-Name = "[EMAIL PROTECTED]"
>> GW> NAS-IP-Address =
>> GW> NAS-Identifier =
>> GW> Service-Type = Framed-User
>> GW> Framed-Protocol = PPP
>> GW> Proxy-State = 0x313630
>> GW> ..
>> GW> Debug: modcall: entering group authtype
>> GW> Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
>> GW> Debug: rlm_mschap: Authentication failed
>> GW> Debug: rlm_mschap: Nothing in the packet I recognise:
GW> Rejecting the
>> GW> user
>> GW> Debug: modcall[authenticate]: module "mschap" returns reject
>>
>>
>> GW> The username is stripped of the domain since usernames are storred on
GW> the
>> GW> LDAP server in the short form.
>>
>> GW> Any suggestions on how to fix this problem would be gratefully
GW> received. If
>> GW> I have not provided sufficient information to diagnose the error then
GW> please
>> GW> let me know and I will send more information.
>>
>>
>> GW> Thanks in advance
>>
>>
>> GW> Guy Warner
>>
>>
>> GW> -
>> GW> List info/subscribe/unsubscribe? See
GW> http://www.freeradius.org/list/users.html
>>
>>
>> --
>> ~/ZARAZA
>> ÝÍÈÀÊàì - ïî ìîðäå! (Ëåì)
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
GW> http://www.freeradius.org/list/users.html
>>
GW> -
GW> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
Êëÿíóñü ëûñèíîé ïðîðîêà Ìîèñåÿ - ÿ òåáÿ ñåé÷àñ ñúåì. (Òâåí)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS Chap v2
Thanks for the fast replies. The line
Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the user
makes me believe the packet is corrupted. Is there any way to test this. My
suspicion is that the packet is being corrupted by the proxy server, however
since this is running a dedicated operating system there is not a lot I can
modify on it. The software used to send the initial request to the proxy is
RASPPOE_098B.
The LDAP server is authorizing the user names fine.
Thanks again.
Guy Warner
- Original Message -
From: "3APA3A" <[EMAIL PROTECTED]>
To: "Guy Warner" <[EMAIL PROTECTED]>
Sent: Wednesday, March 26, 2003 4:19 PM
Subject: Re: Help needed with MS Chap v2
> Dear Guy Warner,
>
> Authentication fails because of username or password mismatch. It may be
> if packet is corrupted, if realm is not stripped from username or
> password contains non-ASCII characters.
>
> --Wednesday, March 26, 2003, 7:10:32 PM, you wrote to
[EMAIL PROTECTED]:
>
> GW> Hi
>
> GW> I am trying to set up a Freeradius 0.8.1 server to authenticate users
with
> GW> MS Chap v2. The information about each user is obtained from an LDAP
server.
> GW> The requests for authentication are being received via a proxy server.
>
> GW> The problem is that all requests to authenticate a user result in
> GW> rlm_mschap: Nothing in the packet I recognise: Rejecting the
user
>
> GW> The mschap section of radiusd.conf is as follows
>
> GW> mschap {
> GW> authtype = MS-CHAP
> GW> use_mppe = yes
> GW> require_encryption = yes
> GW> require_strong = yes
> GW> }
>
>
> GW> The output from radiusd in debug mode contains the following
>
> GW> rad_recv: Access-Request packet from host :1814,
id=3,
> GW> length=172
> GW> MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
> GW> MS-CHAP2-Response =
> GW>
0x0100613e878f3075d4825db25f99da79dac32d620d49a20f637cae65f3
> GW> 05c09460bdc1c3047ab43476f5
> GW> User-Name = "[EMAIL PROTECTED]"
> GW> NAS-IP-Address =
> GW> NAS-Identifier =
> GW> Service-Type = Framed-User
> GW> Framed-Protocol = PPP
> GW> Proxy-State = 0x313630
> GW> ..
> GW> Debug: modcall: entering group authtype
> GW> Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
> GW> Debug: rlm_mschap: Authentication failed
> GW> Debug: rlm_mschap: Nothing in the packet I recognise:
Rejecting the
> GW> user
> GW> Debug: modcall[authenticate]: module "mschap" returns reject
>
>
> GW> The username is stripped of the domain since usernames are storred on
the
> GW> LDAP server in the short form.
>
> GW> Any suggestions on how to fix this problem would be gratefully
received. If
> GW> I have not provided sufficient information to diagnose the error then
please
> GW> let me know and I will send more information.
>
>
> GW> Thanks in advance
>
>
> GW> Guy Warner
>
>
> GW> -
> GW> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
> --
> ~/ZARAZA
> ÝÍÈÀÊàì - ïî ìîðäå! (Ëåì)
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS Chap v2
Guy,
Do the LDAP server logs show anything?
josh.
On Wed, 2003-03-26 at 16:10, Guy Warner wrote:
> Hi
>
> I am trying to set up a Freeradius 0.8.1 server to authenticate users with
> MS Chap v2. The information about each user is obtained from an LDAP server.
> The requests for authentication are being received via a proxy server.
>
> The problem is that all requests to authenticate a user result in
> rlm_mschap: Nothing in the packet I recognise: Rejecting the user
>
> The mschap section of radiusd.conf is as follows
>
> mschap {
> authtype = MS-CHAP
> use_mppe = yes
> require_encryption = yes
> require_strong = yes
> }
>
>
> The output from radiusd in debug mode contains the following
>
> rad_recv: Access-Request packet from host :1814, id=3,
> length=172
> MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
> MS-CHAP2-Response =
> 0x0100613e878f3075d4825db25f99da79dac32d620d49a20f637cae65f3
> 05c09460bdc1c3047ab43476f5
> User-Name = "[EMAIL PROTECTED]"
> NAS-IP-Address =
> NAS-Identifier =
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Proxy-State = 0x313630
> ..
> Debug: modcall: entering group authtype
> Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
> Debug: rlm_mschap: Authentication failed
> Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the
> user
> Debug: modcall[authenticate]: module "mschap" returns reject
>
>
> The username is stripped of the domain since usernames are storred on the
> LDAP server in the short form.
>
> Any suggestions on how to fix this problem would be gratefully received. If
> I have not provided sufficient information to diagnose the error then please
> let me know and I will send more information.
>
>
> Thanks in advance
>
>
> Guy Warner
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
---
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]
---
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS Chap v2
Dear Guy Warner,
Authentication fails because of username or password mismatch. It may be
if packet is corrupted, if realm is not stripped from username or
password contains non-ASCII characters.
--Wednesday, March 26, 2003, 7:10:32 PM, you wrote to [EMAIL PROTECTED]:
GW> Hi
GW> I am trying to set up a Freeradius 0.8.1 server to authenticate users with
GW> MS Chap v2. The information about each user is obtained from an LDAP server.
GW> The requests for authentication are being received via a proxy server.
GW> The problem is that all requests to authenticate a user result in
GW> rlm_mschap: Nothing in the packet I recognise: Rejecting the user
GW> The mschap section of radiusd.conf is as follows
GW> mschap {
GW> authtype = MS-CHAP
GW> use_mppe = yes
GW> require_encryption = yes
GW> require_strong = yes
GW> }
GW> The output from radiusd in debug mode contains the following
GW> rad_recv: Access-Request packet from host :1814, id=3,
GW> length=172
GW> MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
GW> MS-CHAP2-Response =
GW> 0x0100613e878f3075d4825db25f99da79dac32d620d49a20f637cae65f3
GW> 05c09460bdc1c3047ab43476f5
GW> User-Name = "[EMAIL PROTECTED]"
GW> NAS-IP-Address =
GW> NAS-Identifier =
GW> Service-Type = Framed-User
GW> Framed-Protocol = PPP
GW> Proxy-State = 0x313630
GW> ..
GW> Debug: modcall: entering group authtype
GW> Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
GW> Debug: rlm_mschap: Authentication failed
GW> Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the
GW> user
GW> Debug: modcall[authenticate]: module "mschap" returns reject
GW> The username is stripped of the domain since usernames are storred on the
GW> LDAP server in the short form.
GW> Any suggestions on how to fix this problem would be gratefully received. If
GW> I have not provided sufficient information to diagnose the error then please
GW> let me know and I will send more information.
GW> Thanks in advance
GW> Guy Warner
GW> -
GW> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
~/ZARAZA
ÝÍÈÀÊàì - ïî ìîðäå! (Ëåì)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed with MS Chap v2
Hi
I am trying to set up a Freeradius 0.8.1 server to authenticate users with
MS Chap v2. The information about each user is obtained from an LDAP server.
The requests for authentication are being received via a proxy server.
The problem is that all requests to authenticate a user result in
rlm_mschap: Nothing in the packet I recognise: Rejecting the user
The mschap section of radiusd.conf is as follows
mschap {
authtype = MS-CHAP
use_mppe = yes
require_encryption = yes
require_strong = yes
}
The output from radiusd in debug mode contains the following
rad_recv: Access-Request packet from host :1814, id=3,
length=172
MS-CHAP-Challenge = 0x18192e70aa5f3989b735ced1b471afd2
MS-CHAP2-Response =
0x0100613e878f3075d4825db25f99da79dac32d620d49a20f637cae65f3
05c09460bdc1c3047ab43476f5
User-Name = "[EMAIL PROTECTED]"
NAS-IP-Address =
NAS-Identifier =
Service-Type = Framed-User
Framed-Protocol = PPP
Proxy-State = 0x313630
..
Debug: modcall: entering group authtype
Debug: rlm_mschap: doing MS-CHAPv2 with NT-Password
Debug: rlm_mschap: Authentication failed
Debug: rlm_mschap: Nothing in the packet I recognise: Rejecting the
user
Debug: modcall[authenticate]: module "mschap" returns reject
The username is stripped of the domain since usernames are storred on the
LDAP server in the short form.
Any suggestions on how to fix this problem would be gratefully received. If
I have not provided sufficient information to diagnose the error then please
let me know and I will send more information.
Thanks in advance
Guy Warner
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help Needed: VoIP Billing System
Zahara wrote: Hello All I am analysing a VoIP billing application. I need some info about a few things. I'd appreciate all the help and details that you could provide. Here is what we need to do: Our customers connect to our gateway/gatekeeper through IP or PSTN (calling cards through IVR system). We have 2 RADIUS servers. I still don't know which RADIUS server they're going to be though. We have a web-enabled application that will be used to view billing reports and to register and manage customers etc. * * There can be 3 types of callers. prepaid, postpaid and calling cards. My questions are: Correct me if I'm wrong. The following is based on suggestion that you will use cisco gateways. 1. Is RADIUS server responsible to check the customer's billing status before authorizing the calls? To see if the user has enough balance to go ahead with this call (e.g. for prepaid customers). Radius is responsible for returning radius attribute wich you are responsible to insert as a reply item. The billing you must do yourself and based on it to tell the radius to return the required attribute. E.g h323-credit-time or h323-credit-amount. The h323-credit-amount can be implemented easy with database trigger.H323-credit-time is different story and is hardest to implement (rlm_perl,rlm_python are your friends) 2. Who is responsible for monitoring this call (during as well as after the call)? 3. Who is responsible to monitor bong charges (for calling cards) and other distance charges at each billing increment during the call 4. Who is responsible for disconnecting the call, as soon as the available balance is consumed? 5. How is this disconnection and monitoring process works? I don't understand what you mean by monitoring the call but the answer to 5. is IVR. Afther the call the ivr is responsible for everithing. When to disconnect the call, what message to play , to beep if you have one minute etc. 6. Who stores the CDR's? Where are they stored? Can they be stored directly to our Oracle DB? You have more than all the information you need to build a CDR in radacct table. Just write your own application. 7. When do the CDR's become available to our web-enable application for reporting and processing? After the call ends? see previous answer. Hope it helps. Looking forward to hear from you. Thanks. Zahara. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help Needed: VoIP Billing System
Dear Zahram If you are in iran We are working on a same project you can contact us for it. Mehdi Amiri ps : see Irandata.com for detail of us. --- Zahara <[EMAIL PROTECTED]> wrote: > Hello All > > I am analysing a VoIP billing application. I need some info about a few things. >I'd appreciate > all the help and details that you could provide. > > Here is what we need to do: > > Our customers connect to our gateway/gatekeeper through IP or PSTN (calling cards >through IVR > system). We have 2 RADIUS servers. I still don't know which RADIUS server they're >going to be > though. We have a web-enabled application that will be used to view billing reports >and to > register and manage customers etc. > > Authentication: > This is what I have understood about the process: > > RADIUS server and our web-enabled application will be sharing a database (we want >Oracle) > containing all the customer related info. The gatekeeper (cisco 7206 VXR) receives >a call > request. It is configured to ask the RADIUS server to authenticate the user. >RADIUS server is > configured to check our user table for authentication. For authentic users, the >next step is > authorization. > > Authorization: > There can be 3 types of callers. prepaid, postpaid and calling cards. My questions >are: > > 1. Is RADIUS server responsible to check the customer's billing status before >authorizing the > calls? To see if the user has enough balance to go ahead with this call (e.g. for >prepaid > customers). > > 2. Who is responsible for monitoring this call (during as well as after the call)? > > 3. Who is responsible to monitor bong charges (for calling cards) and other distance >charges at > each billing increment during the call? > > 4. Who is responsible for disconnecting the call, as soon as the available balance >is consumed? > > 5. How is this disconnection and monitoring process works? > > 6. Who stores the CDR's? Where are they stored? Can they be stored directly to our >Oracle DB? > > 7. When do the CDR's become available to our web-enable application for reporting and > processing? After the call ends? > > Looking forward to hear from you. > > Thanks. > > Zahara. > __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help Needed: VoIP Billing System
Hello All I am analysing a VoIP billing application. I need some info about a few things. I'd appreciate all the help and details that you could provide. Here is what we need to do: Our customers connect to our gateway/gatekeeper through IP or PSTN (calling cards through IVR system). We have 2 RADIUS servers. I still don't know which RADIUS server they're going to be though. We have a web-enabled application that will be used to view billing reports and to register and manage customers etc. Authentication: This is what I have understood about the process: RADIUS server and our web-enabled application will be sharing a database (we want Oracle) containing all the customer related info. The gatekeeper (cisco 7206 VXR) receives a call request. It is configured to ask the RADIUS server to authenticate the user. RADIUS server is configured to check our user table for authentication. For authentic users, the next step is authorization. Authorization: There can be 3 types of callers. prepaid, postpaid and calling cards. My questions are: 1. Is RADIUS server responsible to check the customer's billing status before authorizing the calls? To see if the user has enough balance to go ahead with this call (e.g. for prepaid customers). 2. Who is responsible for monitoring this call (during as well as after the call)? 3. Who is responsible to monitor bong charges (for calling cards) and other distance charges at each billing increment during the call? 4. Who is responsible for disconnecting the call, as soon as the available balance is consumed? 5. How is this disconnection and monitoring process works? 6. Who stores the CDR's? Where are they stored? Can they be stored directly to our Oracle DB? 7. When do the CDR's become available to our web-enable application for reporting and processing? After the call ends? Looking forward to hear from you. Thanks. Zahara.
LDAP help needed
Hello, I just started to try the FreeRADIUS with LDAP. Since I am new to LDAP I have encourted many problems and finaly wanted to consult to the users who done LDAP+Radius. Can you send simple one user examples files of: slapd.conf ldap.conf users radiusd.conf or just mentioning the required changes in the above files with an example users.ldif file with how to insert it into the LDAP database. Thanks in advance, Tamer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with setup of: freeradius-0.7 + mysql (+ dialup_admin)
"Max Gorouvein" <[EMAIL PROTECTED]> wrote: > One of the problems I ran into is that radius cannot connect to mysql > through a socket because it's looking for it in the /var/lib/mysql/ dir, but > the way I have it is in /tmp. Where/how do I change that? That's a MySQL setup question. FreeRADIUS can't control that at all. > It would save a lot of trouble if somebody could suggest where I can read > exactly the setup for mysql, or pin point me in the right direction. I've > never dealt with radius so i have no idea how the authentication works, nor > do i know what's required for the authentication (keywords, sections, etc > etc) Read the docs, and the configuration files. They're a decent start. Go to Amazon, and look at the RADIUS book, it has more information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed with setup of: freeradius-0.7 + mysql (+ dialup_admin)
Hi all, Maybe I haven't read enough documentation, or perhaps there isn't enough, so i've decided to post a question to the mailing list. I'm trying to setup FR-0.7 with mysql database. All i need is to authenticate ISDN and dial-up users against it. I've compiled the FR itself, looked through the radiusd.conf file, tweked it, tested a simple user "bob" like specified in one of the documentation files, works well. One of the problems I ran into is that radius cannot connect to mysql through a socket because it's looking for it in the /var/lib/mysql/ dir, but the way I have it is in /tmp. Where/how do I change that? It would save a lot of trouble if somebody could suggest where I can read exactly the setup for mysql, or pin point me in the right direction. I've never dealt with radius so i have no idea how the authentication works, nor do i know what's required for the authentication (keywords, sections, etc etc) Also I'm wondering if anyone has dialup_admin working with freeradius-0.7. I've got it installed, the only thing I need now is to get mysql going, and hopefully I'll be on my way. Thank you very much for any help/info/suggestions in advance. Regards, Max Gorouvein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxying problem Help needed
I have 2 numbers and 2 realms i'm trying to proxy. what i want to happen is i want it to proxy by realm first and if they don't have a realm then proxy by the number they dialed. and as i understand it the user file processed until a match is found.. with just this listed it will proxy based upon phone number but not based on realm. it sends the username and the realm to the proxy server and then i have to set up proxying on that server also if i want to send the realm to the proper server.. these two are put together because they are both the same number but sometimes the phone company sends me one number and sometimes they send me a different number DEFAULT Called-Station-Id == "5735309", Proxy-To-Realm := "realm2" DEFAULT Called-Station-Id == "5309", Proxy-To-Realm := "realm2" DEFAULT Called-Station-Id == "5730606", Proxy-To-Realm := "realm1.net" -- this is what i tryed to add to make it proxy based upon realm befor the phone number so i put this befor the DEFAULT entries for phone number .. #DEFAULT # Realm == "realm1.net", # Proxy-to-Realm := "realm1.net" # # #DEFAULT # Realm == "realm2", # Proxy-to-Realm := "realm2" but when i entered it into the config and restarted the radius server these lines below would not work. for some reason it caused them to not work. DEFAULT Called-Station-Id == "5735309", Proxy-To-Realm := "realm2" DEFAULT Called-Station-Id == "5309", Proxy-To-Realm := "realm2" this line still worked DEFAULT Called-Station-Id == "5730606", Proxy-To-Realm := "realm1.net" and proxy.conf still worked.. but the problem is getting it to proxy based upon realm then phone number. -- Business website -- www.realm2 Personal website -- www.tblx.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed
s.venkata krishnan <[EMAIL PROTECTED]> wrote: > i have installed 7.1 red hat linux in my system and i am not able to > find etc/raddb/radiusd.conf since /raddb directory is not found in my > installation. what may the problem for this. Any one can help me out > in this . Read the messages produced by 'make install' ?? That will tell you where the files are installed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed
> i have installed 7.1 red hat linux in my system and i am not able to find >etc/raddb/radiusd.conf since /raddb directory is not found in my installation. what >may the problem for this. Any one can help me out in this . peep in /usr/local/* > > Thanks in Advance > > Regards > > Venkata Krishnan. Nicola Orru' ENERGIT Via Efisio Melis, 26 09134 Cagliari - Italia Tel. +39 070 7521 Fax +39 070 7521 51 www.energit.it Energia Telefonia Servizi Internet Sistemi di Gestione per le Aziende - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed
Hi All i am working on free radius server for couple of days. I have downloaded freeradius.tar.gz. i have followed the foot steps like this Download a tarball Extract it with gunzip and tar > Run ./configure in the top directory, with your chosen parameters Run make As root, run make install Edit etc/raddb/radiusd.conf to suit your needs. i have installed 7.1 red hat linux in my system and i am not able to find etc/raddb/radiusd.conf since /raddb directory is not found in my installation. what may the problem for this. Any one can help me out in this . Thanks in Advance Regards Venkata Krishnan. - Sify Mail - now with Anti-virus protection powered by Trend Micro, USA. Know more at http://mail.sify.com Take the shortest route to success! Click here to know how http://education.sify.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed.. Message-Authenticator attribute..
"Sunil Chitnis" <[EMAIL PROTECTED]> wrote: > Has anybody made use of this attribute and found it working on the > FreeRadius server side? Yes. It interoperates with other NAS boxes and radius servers using Message-Authenticator. > Please let me know if you have any ideas to resolve/test this scenario. Fix your client code to interoperate. Look at 'src/lib/radius.c' for examples. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed.. Message-Authenticator attribute..
Hello, I am using FreeRadius 0.5 on Solaris to test EAP support for Radius client. The Radius authentication works fine in regular userid/password setup. During testing of 802.1X EAP Authentication using Radius, I am not getting proper expected response from server. Per the RFC 2869 (Radius Extensions), in my Radius request packet, I am sending following attributes... Service-Type=2 (Framed) NAS-IP-Address=0xc0a80277 (192.168.2.119) EAP-Message=0x010a000973756e696c (Code=Request, Id=0x0a, Length=0x9, Data="sunil") Message-Authenticator=<16-octet HMAC-MD5 digest> As specified in RFC 2869, I generated the HMAC-MD5 digest using my radius secret-key. This key is also configured in the FreeRadius server in /usr/local/etc/raddb/clients.conf (The key stuff works as the original userid/password autentication works). The hmac_md5() key generation code was taken from RFC 2104 (HMAC: Keyed-Hashing for Message Authentication). Per RFC 2869, I used 0 values in the Message-Authenticator value field, before creating the hash of the outgoing Radius packet. The generated hash was inserted as the values of Message-Authenticator field. On the receiving side, the FreeRadius server displays the following message.. rad_recv: Access-Request packet from host 192.168.2.119:1645, id=11, length=61 Received packet from 192.168.2.119 with invalid Message-Authenticator! Server rejecting request 10. Finished request 10 Has anybody made use of this attribute and found it working on the FreeRadius server side? Please let me know if you have any ideas to resolve/test this scenario. Regards. = Sunil Chitnis Foundry Networks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help needed for defining radius groups
On Wed, 6 Mar 2002, Pierre Strazza wrote: > Thxs for your answer ... things will not be tricky as i'm not an ldap expert > :) > > I also have another question ... > I need to define connection times, so that the user can connect from 8h00am > to 17h00 pm and not after ... Any experience on this functionnality > implemented on freeradius ? Yes, it's called Login-Time. Check out the README file -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Help needed for defining radius groups
Thxs for your answer ... things will not be tricky as i'm not an ldap expert :) I also have another question ... I need to define connection times, so that the user can connect from 8h00am to 17h00 pm and not after ... Any experience on this functionnality implemented on freeradius ? -Message d'origine- De : Kostas Kalevras [mailto:[EMAIL PROTECTED]] Envoyé : mardi 5 mars 2002 21:01 À : [EMAIL PROTECTED] Objet : Re: Help needed for defining radius groups On Tue, 5 Mar 2002, Pierre Strazza wrote: > Hi there !! > > I'm desesperately trying to define groups of users in radius according to > groups referenced in an LDAP directory. > What I plan is to pass specific informations to the NAS according to the > group the user belong. So I need to define groups of users, instead of users > themselves in the radius users config file. > > Can anyone help ? > Thxs in advance, > > Pierre. You can do one of the following: o Use default/regular profiles. Just add the DN of the profile entry in the corresponding user entries using the profile_attribute defined in the ldap module configuration. Something like: dn: uid=group1-dialup,ou=people,dc=company,dc=com objectclass: radiusprofile radiusPortLimit: 1 dn: uid=user1,ou=people,dc=company,dc=com objectclass: radiusprofile dialupregularprofile: uid=group1-dialup,ou=people,dc=company,dc=com o Create ldap groups containing all the users for which you want to pass specific information. Then you can do something like this: dn: cn=group1,ou=groups,dc=company,dc=com objectclass: groupofuniquenames uniquemember: uid=user1,ou=people,dc=company,dc=com [...] users file: DEFAULT Group == "group1" Port-Limit = 1 In general take a look at doc/rlm_ldap. It is quite helpfull. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . . . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed for defining radius groups
On Tue, 5 Mar 2002, Pierre Strazza wrote: > Hi there !! > > I'm desesperately trying to define groups of users in radius according to > groups referenced in an LDAP directory. > What I plan is to pass specific informations to the NAS according to the > group the user belong. So I need to define groups of users, instead of users > themselves in the radius users config file. > > Can anyone help ? > Thxs in advance, > > Pierre. You can do one of the following: o Use default/regular profiles. Just add the DN of the profile entry in the corresponding user entries using the profile_attribute defined in the ldap module configuration. Something like: dn: uid=group1-dialup,ou=people,dc=company,dc=com objectclass: radiusprofile radiusPortLimit: 1 dn: uid=user1,ou=people,dc=company,dc=com objectclass: radiusprofile dialupregularprofile: uid=group1-dialup,ou=people,dc=company,dc=com o Create ldap groups containing all the users for which you want to pass specific information. Then you can do something like this: dn: cn=group1,ou=groups,dc=company,dc=com objectclass: groupofuniquenames uniquemember: uid=user1,ou=people,dc=company,dc=com [...] users file: DEFAULT Group == "group1" Port-Limit = 1 In general take a look at doc/rlm_ldap. It is quite helpfull. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed for defining radius groups
Hi there !! I'm desesperately trying to define groups of users in radius according to groups referenced in an LDAP directory. What I plan is to pass specific informations to the NAS according to the group the user belong. So I need to define groups of users, instead of users themselves in the radius users config file. Can anyone help ? Thxs in advance, Pierre. . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: hi guys...help needed!!
At 02:19 PM 10/31/2001 +0100, Mayur Deodhar wrote: >hi guys, >am a new user to this group. would want help on how to install the radius >on redhat 7.1 system. ./configure make make install >also would like to know the options for the backend database for the >password access like ldap, mysql etc See the various docs in the '/docs' directory in the package. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: hi guys...help needed!!
On Wed, 31 Oct 2001, Mayur Deodhar wrote: > hi guys, > am a new user to this group. would want help on how to install the > radius on redhat 7.1 system. also would like to know the options for the > backend database for the password access like ldap, mysql etc > its urgent guys, > thanks in advance > Mayur. > smartmay > e-mail: [EMAIL PROTECTED] > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > ./configure --prefix=/usr/local/radiusd --with-rlm-ldap-lib-dir=/usr/local/openldap/lib --with-rlm-ldap-include-dir=/usr/local/openldap/include --with-mysql-lib-dir=/usr/local/mysql/lib/mysql --with-mysql-include-dir=/usr/local/mysql/include Look at doc dir,edit radiusd.conf and sql.conf to match your setup. Add nases in clients.conf,naslist and naspasswd If you want to do auth from ldap then you will have to add the radiusprofile schema in the ldap and change the corresponding user entries (add objectclass:radiusprofile and any radius attribute you want). You could place the default attributes in the users file in DEFAULT entries and only place non default radius attributes in ldap. -- kkalev - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
hi guys...help needed!!
hi guys, am a new user to this group. would want help on how to install the radius on redhat 7.1 system. also would like to know the options for the backend database for the password access like ldap, mysql etc its urgent guys, thanks in advance Mayur. smartmay e-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed
"Watson" <[EMAIL PROTECTED]> wrote: > When I authenticate a user I have an eror code that pops up in the > radius.log file. I don't really know what it means and could not find any > previous postings about it so I will ask it again. The error code is this. > > Mon Aug 6 15:06:31 2001 : Info: Listening on IP address *, ports 1645/udp > and 1646/udp, with proxy on 1647/udp. > Mon Aug 6 15:06:31 2001 : Info: Ready to process requests. > Mon Aug 6 15:07:42 2001 : Error: Invalid operator for item Password: > reverting to '==' Please do a 'man users'. The man page for the users file describes what the operators mean, how they work, and how they're used. The short answer is that FreeRADIUS is more configurable than Ascend RADIUS, so it's a little more picky about what format it takes in the 'users' file. Also, go to raddb/radiusd.conf, and look for the word 'compat'. Change that line to 'compat = yes'. This should help, too, for reasons described in the configuration file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed
At 03:30 PM 8/6/2001 +0900, Watson wrote: >To the most helpful Freeradius-users list; > I was having a problem with Ascend Radius user file as previous postings >inply. Now however those problems have been resolved due to a extremely >helpful posting. Now however I have another problem that I am seeking help >in. > When I authenticate a user I have an eror code that pops up in the >radius.log file. I don't really know what it means and could not find any >previous postings about it so I will ask it again. The error code is this. > >Mon Aug 6 15:06:31 2001 : Info: Listening on IP address *, ports 1645/udp >and 1646/udp, with proxy on 1647/udp. >Mon Aug 6 15:06:31 2001 : Info: Ready to process requests. >Mon Aug 6 15:07:42 2001 : Error: Invalid operator for item Password: >reverting to '==' > > Can any one tell me what this means? There seems to be know problem in >the authentication proccess. My radtest on one user came out as followings. It means that '=' is not valid. If you look at the sample 'users' file that ships with Freeradius you'll notice that the first line ( the check- items ) in the users file all use '==' instead of '='. If you are migrating from one radius to another you *will* need to make changes to the users file. There's no shortcuts about it. You need to edit your users file, so that is matches the syntax used in the sample users file. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed setting up Ascend with Freeradius
At 01:53 PM 8/6/2001 +0900, Watson wrote: >Hey everybody; > >I am trying to migrate from ascend radius to Freeradius. But, I'm having >alot of problems getting my present users file to work. I run a MAX 6000 >and MAX 4000. In the present users file their is a User-Service Attribute. >When I try to run radius with my present users file, it tells me that >User-Service is an invalid attribute. So I edited dictionary.ascend and >replaced Attribute 6 whitch read Service-Type and changed it to >User-Service. I'm not sure if that was the right move at all... No. Change your users file, not the dictionary. It is very possible to screw up the server if you make the wrong changes to the dictionary file. It will also make it harder to perform future upgrades ( as you'll need to make the same changes to the dictionary every time vs. changing your users file once. ) > Anyways now freeradius dies with Unknown Attribute Service-Type. My >question is.. Is there a simple way to migrate from Ascend Radius with the >User-Service Attribute to Freeradius. I would appreciate any information >greatly. Change your users file to match the attributes used by Freeradius ( which are the standard names in the RFC's vs. Ascends crufty names ). -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed
To the most helpful Freeradius-users list; I was having a problem with Ascend Radius user file as previous postings inply. Now however those problems have been resolved due to a extremely helpful posting. Now however I have another problem that I am seeking help in. When I authenticate a user I have an eror code that pops up in the radius.log file. I don't really know what it means and could not find any previous postings about it so I will ask it again. The error code is this. Mon Aug 6 15:06:31 2001 : Info: Listening on IP address *, ports 1645/udp and 1646/udp, with proxy on 1647/udp. Mon Aug 6 15:06:31 2001 : Info: Ready to process requests. Mon Aug 6 15:07:42 2001 : Error: Invalid operator for item Password: reverting to '==' Can any one tell me what this means? There seems to be know problem in the authentication proccess. My radtest on one user came out as followings. [root@ns2 raddb]# radtest usertest passtest 192.168.0.118:1645 0 secret123 Sending Access-Request of id 228 to 192.168.0.118:1645 User-Name = "usertest" Password = "\004I\221\353D\242\321\300\222\302\032\206\230s\346\255" NAS-IP-Address = ns2 NAS-Port-Id = "0" rad_recv: Access-Accept packet from host 192.168.0.118:1645, id=228, length=56 Service-Type = Framed-User Framed-Protocol = MPP Ascend-Assign-IP-Pool = 1 Ascend-Idle-Limit = 900 By this I figure that I was authenticated properly. If so what does the "Invalid operator for item Password" imply. Thankyou for you time and consideration. I appreciate any answers anybody may have. Sincerely, Craig Watson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help needed setting up Ascend with Freeradius
Hey everybody; I am trying to migrate from ascend radius to Freeradius. But, I'm having alot of problems getting my present users file to work. I run a MAX 6000 and MAX 4000. In the present users file their is a User-Service Attribute. When I try to run radius with my present users file, it tells me that User-Service is an invalid attribute. So I edited dictionary.ascend and replaced Attribute 6 whitch read Service-Type and changed it to User-Service. I'm not sure if that was the right move at all... Anyways now freeradius dies with Unknown Attribute Service-Type. My question is.. Is there a simple way to migrate from Ascend Radius with the User-Service Attribute to Freeradius. I would appreciate any information greatly. Sincerly, Craig Watson ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
