Re: Strange problem, HiperARC & FreeRADIUS & MacRADIUS
It's always the simple things that get me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem, HiperARC & FreeRADIUS & MacRADIUS
14-Nov-02 at 11:46, Alan DeKok ([EMAIL PROTECTED]) wrote : Adam Moffett <[EMAIL PROTECTED]> wrote: > At first everything seemed to be working, but then we discovered this > very strange thing. Authentication requests from our 3Com Total > Control unit (HiperARC V4.2.32) in which the username started with a > Capitol "S" would get the "S" stripped out when they were sent to > MacRADIUS. raddb/hints Hints looks for capital S or P by default to denote a specific type of user profile (Slip, PPP)... you'll have to take them out of the file. Hey thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem, HiperARC & FreeRADIUS & MacRADIUS
14-Nov-02 at 11:46, Alan DeKok ([EMAIL PROTECTED]) wrote : > Adam Moffett <[EMAIL PROTECTED]> wrote: > > At first everything seemed to be working, but then we discovered this > > very strange thing. Authentication requests from our 3Com Total > > Control unit (HiperARC V4.2.32) in which the username started with a > > Capitol "S" would get the "S" stripped out when they were sent to > > MacRADIUS. > > raddb/hints Hints looks for capital S or P by default to denote a specific type of user profile (Slip, PPP)... you'll have to take them out of the file. -- |-Simon White, Internet Services Manager, Certified Check Point CCSA. |-MTDS Internet, Security, Anti-Virus, Linux and Hosting Solutions. |-MTDS 14, rue du 16 novembre, Agdal, Rabat, Morocco. |-MTDS tel +212.3.767.4861 - fax +212.3.767.4863 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem, HiperARC & FreeRADIUS & MacRADIUS
Adam Moffett <[EMAIL PROTECTED]> wrote: > At first everything seemed to be working, but then we discovered this > very strange thing. Authentication requests from our 3Com Total > Control unit (HiperARC V4.2.32) in which the username started with a > Capitol "S" would get the "S" stripped out when they were sent to > MacRADIUS. raddb/hints Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange problem, HiperARC & FreeRADIUS & MacRADIUS
Hi, I've just started using FreeRADIUS and I've encountered something that's got me a little baffled. We've been using MacRADIUS for years, but we needed something that could support realms in order to add certain new services. I set up a RADIUS proxy using a minimal installation of Mandrake Linux 9.0 and compiled FreeRADIUS 0.7.1 from the source. I intended for the proxy to send all requests containing a certain realm over to another ISP's radius servers, and send anything else to the existing MacRADIUS system. So I set up the special realm, and that seems to work fine. And I set up a NULL and DEFAULT realm that direct everything else to MacRADIUS. At first everything seemed to be working, but then we discovered this very strange thing. Authentication requests from our 3Com Total Control unit (HiperARC V4.2.32) in which the username started with a Capitol "S" would get the "S" stripped out when they were sent to MacRADIUS. We can observe that the username has the "S" when it goes to FreeRADIUS, and that it doesn't have the "S" when it goes to MacRADIUS...but beyond that we are confused. I just need someone to point me in the right direction. Thanks in Advance, Adam Moffett - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth (SOLVED)
On Thu, Aug 01, 2002 at 06:47:10PM +0600, Dr. Muhammad Masroor Ali wrote: > My problem has been solved by the kind suggestion of Mojahedul Hoque Abul Hasanat > <[EMAIL PROTECTED]>. Direct quote from his mail. > > > > This is a bit wild guess, but might help. Put an "account" line squids > pam config file with pam_permit.so as the module. The line will be > similar to: > > account requiredpam_permit.so > > I have seen some applications that don't seem to need an "account" > section at first glance. But they open a pam session requiring an > account entry. They do it to impose login time restrictions. > > > > > > Greetings, > > I have tried both the kind suggestions of Alan DeKok and Frank Cusack > > without any avail. First of all, the latest version from CVS, did > > improve the situation. And second, putting daemon.debug in syslog.conf > > is not generating anything. The relevant lines I used, > > > > # Daemon debug messages > > daemon.debug/usr/local/var/log/deamondebuglog > > > > Yes, this file exists (created by touch) and I remembered to restart > > syslogd. > > > > I am really frustrated. Any help will be appreciated. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > -- > Nobody's gonna believe that computers are intelligent until they start > coming in late and lying about it. > > Dr. Muhammad Masroor Ali > Associate Professor and Associate Director > Institute of Information and Communication Technology > Bangladesh University of Engineering and Technology > Dhaka-1000, Bangladesh > > Phone: 880 2 966 5650 ext 7245, 7756 (work) > ext 7748 or 880 2 966 5700 (residence) > FAX: 880 2 861 3046, 880 2 861 3026 > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
Greetings, I have tried both the kind suggestions of Alan DeKok and Frank Cusack without any avail. First of all, the latest version from CVS, did improve the situation. And second, putting daemon.debug in syslog.conf is not generating anything. The relevant lines I used, # Daemon debug messages daemon.debug/usr/local/var/log/deamondebuglog Yes, this file exists (created by touch) and I remembered to restart syslogd. I am really frustrated. Any help will be appreciated. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
On Tue, Jul 30, 2002 at 06:41:56PM +0600, Dr. Muhammad Masroor Ali wrote: > My squid file in pam.d (as was suggested in INSTALL) > > auth required /lib/security/pam_securetty.so > auth sufficient /lib/security/pam_radius_auth.so debug > auth required /lib/security/pam_unix_auth.so Do you have the accounts in /etc/passwd? If not, why is pam_unix_auth there? For this example, it shouldn't matter, as you show that radiusd does send back an access-accept, but let's clean up the config anyway. > There is no indication of a mishap in var/log/messages, (the last lines > are shown here), Did you set daemon.debug to go to /var/log/messages? /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem with pam_radius_auth
"Dr. Muhammad Masroor Ali" <[EMAIL PROTECTED]> wrote: > I am trying to use pam_radius_auth with squid. The authentication > program I am using (pam_auth) for squid works perfectly when I use > system authentication. But when I switch to pam_radius_auth, messages > from radius says the user is being authenticated perfectly, while squid > thinks otherwise. And the messages about what PAM is doing are non-existent, right? PAM has no helpful debugging information, so of course, it's the one denying the user authentication, and there's no way for you to find out why. Grab the latest pam_radius_auth module from CVS: http://www.freeradius.org/development.html It has a patch submitted recently which may help. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange problem with pam_radius_auth
Greetings, I have spent the last four hours on this problem without any success. I have searched the whole Internet, and done everything conceivable (imaginable) but all else have failed. I am trying to use pam_radius_auth with squid. The authentication program I am using (pam_auth) for squid works perfectly when I use system authentication. But when I switch to pam_radius_auth, messages from radius says the user is being authenticated perfectly, while squid thinks otherwise. My squid file in pam.d (as was suggested in INSTALL) auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_radius_auth.so debug auth required /lib/security/pam_unix_auth.so There is no indication of a mishap in var/log/messages, (the last lines are shown here), Jul 30 18:13:40 iictss squid[4786]: Squid Parent: child process 4788 started See, there is nothing after squid has started. radiusd is being run is debug mode, and the relevant last lines are, rad_recv: Access-Request packet from host 127.0.0.1:5814, id=182, length=78 User-Name = "radtest" User-Password = "\342\031$\227<\002G\202\364\263fSK\003\305~" NAS-IP-Address = 127.0.0.1 NAS-Identifier = "squid" NAS-Port = 4789 NAS-Port-Type = Virtual Service-Type = Authenticate-Only modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "radtest" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 152 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate HASH: user radtest found in hashtable bucket 16015 modcall[authenticate]: module "unix" returns ok modcall: group authenticate returns ok Sending Access-Accept of id 182 to 127.0.0.1:5814 Finished request 10 Going to the next request See that line with Access-Accept!!! I have even tried running squid in debug mode, but nothing is said there. Other relevant informations, RH 7.3, Squid 2.4.STABLE6 freeradius-0.7 pam_radius-1.3.15 Any help will be highly appreciated. Masroor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
FYI It looks like the MTU could be it. I made the chang and 3 of the 6 customers have reported "its working now". I'm waiting on the others to report. Thanks for the help. Lee On Wednesday 20 February 2002 04:31 am, you wrote: > Seems like a MTU-problem to me. I have had similar problems when the MTU is > set too low or too high. > > Regards, > > Mattias E. > > > -Original Message- > > From: Lee W [mailto:[EMAIL PROTECTED]] > > Sent: den 19 februari 2002 23:55 > > To: [EMAIL PROTECTED] > > Subject: Strange problem > > > > > > Hi all, > > > > Well this is one for the books. I'm not sure it is FR causing > > it but the time > > frame is right. As of today we have six customers that have > > reported that > > they can't get to some sites. The sites they report are the > > same, like > > (wellsfargo.com) (ibm.com) (cnn.com) (ebay.com). and some > > others. They report > > that some will load part of the site and stop. Others report > > that they can't > > get to the site at all. However, I can get to all of them > > from our network > > and from a test dial-up account on the same infrastructure. > > The customer says > > its been happening for two weeks thats about how long I have > > had FR in place. > > I can't see how the two are linked other then the time it > > started. However I > > can't work up a pattern. Has anyone had such a problem? > > > > > > Thanks > > > > -- > > Lee Wolf > > EMR Data Services > > [EMAIL PROTECTED] > > 623-764-0870 cell > > 623-581-0842 voice > > 623-582-9499 fax > > > > EMR Internet > > A Serious Internet Experience > > > > ** 56K Dial-up ** DSL ** Web-hosting ** > > ** Co-location ** T1s ** ISDN ** > > ** High-Speed Fiber Backbone ** Linux powered ** > > ** Custom Web Design ** Site Development ** > > ** Search Engine Placement & Web Consultation ** > > Visit us at http://www.emr.net! > > > > Ask about our reseller programs! > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
That will work, thanks. One more question, please. Whats the problem when I run radwho and just get back a prompt? Is that a path to the logs issue? On Wednesday 20 February 2002 10:13 am, you wrote: > Lee W <[EMAIL PROTECTED]> wrote: > > Can someone point me to documentation on how to stop a user from logging > > in more then one or two times? Its amazing how many users will give out > > an account to friends. > > doc/Simultaneous-Use > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
Lee W <[EMAIL PROTECTED]> wrote: > Can someone point me to documentation on how to stop a user from logging in > more then one or two times? Its amazing how many users will give out an > account to friends. doc/Simultaneous-Use Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
Ok, Well thats a start. I will look in to duplicate IPs and MTU. Can someone point me to documentation on how to stop a user from logging in more then one or two times? Its amazing how many users will give out an account to friends. Thanks again Lee On Wednesday 20 February 2002 08:31 am, you wrote: > Lee W <[EMAIL PROTECTED]> wrote: > > Well this is one for the books. I'm not sure it is FR causing it but > > the time frame is right. As of today we have six customers that have > > reported that they can't get to some sites. The sites they report > > are the same, like (wellsfargo.com) (ibm.com) (cnn.com) > > (ebay.com). and some others. They report that some will load part of > > the site and stop. > > RADIUS does authentication (username/password) and authorization (IP > address, etc.) Once the user is connected, any subsequent problems > cannot be RADIUS related. > > The *only* network problems that RADIUS can create is if you > misconfigure the RADIUS responses you send to the NAS. e.g. Give two > different people the same IP. Or, you configure a filter that lets > the user get to some sites, and not to others. > > If you haven't misconfigured the RADIUS responses, then I don't see > any way that the RADIUS server can be responsible for network problems > *after* the user has authenticated. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Strange problem
Lee W <[EMAIL PROTECTED]> wrote: > Well this is one for the books. I'm not sure it is FR causing it but > the time frame is right. As of today we have six customers that have > reported that they can't get to some sites. The sites they report > are the same, like (wellsfargo.com) (ibm.com) (cnn.com) > (ebay.com). and some others. They report that some will load part of > the site and stop. RADIUS does authentication (username/password) and authorization (IP address, etc.) Once the user is connected, any subsequent problems cannot be RADIUS related. The *only* network problems that RADIUS can create is if you misconfigure the RADIUS responses you send to the NAS. e.g. Give two different people the same IP. Or, you configure a filter that lets the user get to some sites, and not to others. If you haven't misconfigured the RADIUS responses, then I don't see any way that the RADIUS server can be responsible for network problems *after* the user has authenticated. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Strange problem
Seems like a MTU-problem to me. I have had similar problems when the MTU is set too low or too high. Regards, Mattias E. > -Original Message- > From: Lee W [mailto:[EMAIL PROTECTED]] > Sent: den 19 februari 2002 23:55 > To: [EMAIL PROTECTED] > Subject: Strange problem > > > Hi all, > > Well this is one for the books. I'm not sure it is FR causing > it but the time > frame is right. As of today we have six customers that have > reported that > they can't get to some sites. The sites they report are the > same, like > (wellsfargo.com) (ibm.com) (cnn.com) (ebay.com). and some > others. They report > that some will load part of the site and stop. Others report > that they can't > get to the site at all. However, I can get to all of them > from our network > and from a test dial-up account on the same infrastructure. > The customer says > its been happening for two weeks thats about how long I have > had FR in place. > I can't see how the two are linked other then the time it > started. However I > can't work up a pattern. Has anyone had such a problem? > > > Thanks > > -- > Lee Wolf > EMR Data Services > [EMAIL PROTECTED] > 623-764-0870 cell > 623-581-0842 voice > 623-582-9499 fax > > EMR Internet > A Serious Internet Experience > > ** 56K Dial-up ** DSL ** Web-hosting ** > ** Co-location ** T1s ** ISDN ** > ** High-Speed Fiber Backbone ** Linux powered ** > ** Custom Web Design ** Site Development ** > ** Search Engine Placement & Web Consultation ** > Visit us at http://www.emr.net! > > Ask about our reseller programs! > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange problem
Hi all, Well this is one for the books. I'm not sure it is FR causing it but the time frame is right. As of today we have six customers that have reported that they can't get to some sites. The sites they report are the same, like (wellsfargo.com) (ibm.com) (cnn.com) (ebay.com). and some others. They report that some will load part of the site and stop. Others report that they can't get to the site at all. However, I can get to all of them from our network and from a test dial-up account on the same infrastructure. The customer says its been happening for two weeks thats about how long I have had FR in place. I can't see how the two are linked other then the time it started. However I can't work up a pattern. Has anyone had such a problem? Thanks -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
strange problem
I have a some problem with freeradius 0.4 1) I have 2 freeradius 0.4 one with a user file and the other with mysql authentication. Today after running for days, a big problem occured with the second one : radius send Access-accept packet but my NAS Disconnect them anyway replying (USR-HARC-Disconnect-Code = PAP-Auth-Failed) but when i turn authentication on the first radius, authentication work great. Any idea (i haven't made any changes on the NAS)? 2) In my log I have a lot of this message : Info : The maximum number of threads (128) are active, cannot spawn new thread to handle request I tried to increase or decrease the thread pool parameter but It can't help This append after the authentication failed on my first radius. Any help as soon as possible would be fine. Thank you everybody -- Gilles HAUTZ MANA S.A., APNIC MemberIAP/ISP of Tahiti and her Islands Box 14 174 Arue - 98701 TAHITI - FRENCH POLYNESIA Phone : (689) 50 88 88 - Fax : (689) 50 88 89 E-mail : [EMAIL PROTECTED] http://www.mana.pf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
