Help me !!!
Hi everybody, I am new user for Radius Server.My requirement is to pass my username,password to radius server and to authenticate.Help me out how to add a user in radius server database and how to authenticate ?? regards,Prasad. Do you Yahoo!? Free Pop-Up Blocker - Get it now
Re: Help me !!!
Prasad Yaramti <[EMAIL PROTECTED]> wrote: > Help me how store the username and password in the server,how to > authneticate ? How to pass the my username and password to server ??? Read the FAQ. It explains how to do this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help me !!!
Can you give more details of your setup?Prasad Yaramti <[EMAIL PROTECTED]> wrote: Hi there, I am new this radius authentication Concept,actually my requirement is to check User name and Passsword via Radius server.In this aspect I have to pass user name and Password to Radius and to get authenticate. Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server Thanks inadvance for your help Regards,Prasad. Do you Yahoo!?Free Pop-Up Blocker - Get it now Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
Help me !!!
Hi there, I am new this radius authentication Concept,actually my requirement is to check User name and Passsword via Radius server.In this aspect I have to pass user name and Password to Radius and to get authenticate. Help me how store the username and password in the server,how to authneticate ? How to pass the my username and password to server Thanks inadvance for your help Regards,Prasad. Do you Yahoo!? Free Pop-Up Blocker - Get it now
RE: Please help me (It is very Urgent)
hi, Try using Auth-Type := LOCAL, and make a normal user in your Linux machine and then use that password to login to the server Ripunjay > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Shashidhara > S Bapat > Sent: Wednesday, December 17, 2003 12:43 PM > To: Free Radius Mailing group > Subject: Please help me (It is very Urgent) > > > Hello All, > I am a new user to this mailing list. I am using Radius server to see > how does it authenticate. > I am running freeradius on Linux machine and it is connected to a AP600 > (Access Point) through which users are connected. Users are running on > Windows 2000 Professional. Following are the configuration I have done: > > file - "clients.conf": > # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600) > # which supports RADIUS. > 192.168.100.7/24 { > secret = abcde > shortname = AP-600LAB > } > > file - "users": > # TECH4 is the name of the wireless client (machine name) which is > # running on Windows. > TECH4 Auth-Type := EAP, User-Password == "password" > Reply-Message = "Hello, %u" > > > I think the problem is with the 'user' part. I dont know which > 'Auth-Type' I have to use. Please help me in my settings. > Please let me know what modifications I have to do to make it working. > > FYI: The 'radtest' is working fine. > > -- > =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= > --Best Regards, > Shashi. > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please help me (It is very Urgent)
WAht type of EAP are you using? I supposed MD5. I think the name TECH4 has to be between "", so "TECH4". El mié, 17-12-2003 a las 11:36, Julius Igugu escribió: > did you setup eap? > > Shashidhara S Bapat <[EMAIL PROTECTED]> wrote: > Hello All, > I am a new user to this mailing list. I am using Radius server to see > how does it authenticate. > I am running freeradius on Linux machine and it is connected to a AP600 > (Access Point) through which users are connected. Users are running on > Windows 2000 Professional. Following are the configuration I have done: > > file - "clients.conf": > # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600) > # which supports RADIUS. > 192.168.100.7/24 { > secret = abcde > shortname = AP-600LAB > } > > file - "users": > # TECH4 is the name of the wireless client (machine name) which is > # running on Windows. > TECH4 Auth-Type := EAP, User-Password == "password" > Reply-Message = "Hello, %u" > > > I think the problem is with the 'user' part. I dont know which > 'Auth-Type' I have to use. Please help me in my settings. > Please let me know what modifications I have to do to make it working. > > FYI: The 'radtest' is working fine. > > -- > =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= > --Best Regards, > Shashi. > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > Do you Yahoo!? > New Yahoo! Photos - easier uploading and sharing - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please help me (It is very Urgent)
did you setup eap? Shashidhara S Bapat <[EMAIL PROTECTED]> wrote: Hello All,I am a new user to this mailing list. I am using Radius server to seehow does it authenticate.I am running freeradius on Linux machine and it is connected to a AP600(Access Point) through which users are connected. Users are running onWindows 2000 Professional. Following are the configuration I have done:file - "clients.conf":# 192.168.100.7 is the IP address of my Access Point (wireless) (AP600)# which supports RADIUS.192.168.100.7/24 {secret = abcdeshortname = AP-600LAB}file - "users":# TECH4 is the name of the wireless client (machine name) which is # running on Windows.TECH4 Auth-Type := EAP, User-Password == "password"Reply-Message = "Hello, %u"I think the problem is with the 'user' part. I dont know which'Auth-Type' I have to use. Please help me in my settings.Please let me know what modifications I have to do to make it working.FYI: The 'radtest' is working fine.-- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=--Best Regards,Shashi.=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing
Please help me (It is very Urgent)
Hello All, I am a new user to this mailing list. I am using Radius server to see how does it authenticate. I am running freeradius on Linux machine and it is connected to a AP600 (Access Point) through which users are connected. Users are running on Windows 2000 Professional. Following are the configuration I have done: file - "clients.conf": # 192.168.100.7 is the IP address of my Access Point (wireless) (AP600) # which supports RADIUS. 192.168.100.7/24 { secret = abcde shortname = AP-600LAB } file - "users": # TECH4 is the name of the wireless client (machine name) which is # running on Windows. TECH4 Auth-Type := EAP, User-Password == "password" Reply-Message = "Hello, %u" I think the problem is with the 'user' part. I dont know which 'Auth-Type' I have to use. Please help me in my settings. Please let me know what modifications I have to do to make it working. FYI: The 'radtest' is working fine. -- =-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-= --Best Regards, Shashi. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help me with cisco_pix525,freeradius and openldap?
hi, all,i am new to this list and freeradius.my environment is blow list: a cisco pix525 run as vpn. vpn authentication uses freeradius0.9.3 inside.the database of backend is OPENLDAP. who has such a solution? help me!!!help me!!! thank in advance regards, jiang _ 与联机的朋友进行交流,请使用 MSN Messenger: http://messenger.msn.com/cn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
please help me out
hello sir, i'm trying to connect freeradius & db2 . i want to know how the freeradius & my sql works. 1) i mean to say the front end of freeradius is available on -? where shall i find it? the interface?2) also how the tables are maintained in the freeradius server as well as the db2 server.3) also about the NAS4) about the connection from the freeradius to the NAS and then to the db2 server. i will be very greatful also very eagerly waiting for the replypuneeth Do you Yahoo!? Free Pop-Up Blocker - Get it now
Re: can u help me?
On Thu, Sep 18, 2003 at 09:27:14AM +0800, ???} wrote: > Hi jeffery : > > i am try to cross compile freeradius on a arm platform, but i have many strange > problems. > > can u tell me how to cross compile freeradius on a mips platform? You want to crosscompile a arm freeradius on a mips platform? Or the other way around? Or one each? What OS you are running on those platforms? Do you have some of those strange errors for us? Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
can u help me?
Hi jeffery : i am try to cross compile freeradius on a arm platform, but i have many strange problems. can u tell me how to cross compile freeradius on a mips platform? thank you very much leo
Could you help me? a question about freeradius & mssql2000
Sorry to bother you. I learn from freeradius mailing list that you have encountered a problem what is puzzling me: I am now trying to connect my freeradius to mssql2000 on freeBSD4.8 I am doing as below: setup unixODBC at /usr/apps/unixODBC compile and install freeTDS0.61 with --with-unixODBC at /usr/local/freetds complie and isntall freeradius 0.7.1 at /usr/apps/radius then I set the ini files as below: odbc.ini - [MyServer70] Description = MS SQLServer2000 Driver = TDS Server = 192.168.0.34 Database= master UID = sa PWD = 262721 Port= 1433 TDS_Version = 7.0 odbcinst.ini [TDS] Description = FreeTDS v0.60 Driver = /usr/local/freetds/lib/libtdsodbc.so FileUsage = 5 freetds.conf --- # A typical Microsoft SQL Server 7.0 configuration [MyServer70] host = 192.168.0.34 port = 1433 tds version = 7.0 sql.conf of freeradius: - driver = "rlm_sql_unixodbc" server = "MyServer70" login = "temp5" password = "" radius_db = "master" then I install the ODBC at /usr/apps/unixODBC/bin as below: odbcinst -i -d -f ../etc/odbcinst.ini odbcinst -i -s -f ../etc/odbc.ini and the next, I have a test : /isql -v MyServer70 temp5 It works fine.(I noticed that whereever I place the freetds.conf for even I delete it from the computer, isql works fine ) and then , I start radius and got the trace info as below: rlm_sql: Driver rlm_sql_unixodbc loaded and linked rlm_sql: Attempting to connect to [EMAIL PROTECTED]:/master rlm_sql: starting 0 rlm_sql: Attempting to connect #0 rlm_sql_unixodbc: Connection failed rlm_sql: Failed to connect DB handle #0 rlm_sql: starting 1 rlm_sql: starting 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Please Help me about Freeradius!
I don't know much about Proxying but I think that @ is often used as a delimitter for proxy-radius, you may fall into a realm scheme if you use logins with @ ... Make sure to disable proxy in radiusd.conf Nicolas > -Message d'origine- > De : [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] la part de Robert > Canary > Envoye : jeudi 10 juillet 2003 16:47 > A : [EMAIL PROTECTED] > Objet : Re: Please Help me about Freeradius! > > > If I'm not mistaken...I believe freeradius has some rewrite > capablilities that can be used on the User-Name. I remember someone > posting before with issues of trying to get his algorithm correct. > > I don't know the sytax, but you get the general idea. You need to use > the attr_rewrite > > > attr_rewrite add_at { > attribute = User-Name > searchin = packet > searchfor = "^[(a-z0-9)\\000(a-z0-9)]+$" > replacewith = [EMAIL PROTECTED] > ignore_case = yes > new_attribute = no > max_matches = 1 > append = no > > > Thassanai Mhuansean wrote: > > > > My system: > > FreeBSD 4.8 + freeradius-0.8.1 authentication with mysql . > > Access server is Cisco 3640 series and IOS version 12.2. > > > > My Question: > > I use RAN (Remote Access Network) to Router 3640 by > > username: [EMAIL PROTECTED] and > > password: test555 > > when I used authentication on router 3640, it 's OK. > > But when I used radius authentication and into debug mode it shown. > > > > > > rad_recv: Accounting-Request packet from host 203.121.143.20:1646, > > id=114, length=203 > > Acct-Session-Id = "0119" > > Tunnel-Server-Endpoint:0 = "172.21.250.34" > > Tunnel-Client-Endpoint:0 = "172.21.129.6" > > Tunnel-Assignment-Id:0 = "session-id" > > Tunnel-Type:0 = L2TP > > Acct-Tunnel-Connection = "265" > > Tunnel-Client-Auth-Id:0 = "LAC" > > Tunnel-Server-Auth-Id:0 = "session-id" > > Framed-Protocol = PPP > > Acct-Authentic = Local > > Acct-Status-Type = Start > > User-Name = "qwerty123\000isdn.xxx.com" > > Acct-Multi-Session-Id = "00BA" > > Acct-Link-Count = 2 > > Framed-IP-Address = 203.x.x.x > > NAS-Port = 2 > > NAS-Port-Type = Virtual > > Service-Type = Framed-User > > NAS-IP-Address = 203.x.x.x > > Acct-Delay-Time = 30 > > > > From above. Username field is encrypted from "@" into "\000" then > > Authentication fail!. > > What should I do? Please help me. > > > > Best regards, > > > > Thassanai Mhuansean > > System Engineer Wireless > > GMM GRAMMY PCL. > > Mobile: 661 4850300 > > Tel: 662 4850300p2 > > E-mail: [EMAIL PROTECTED] > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please Help me about Freeradius!
If I'm not mistaken...I believe freeradius has some rewrite capablilities that can be used on the User-Name. I remember someone posting before with issues of trying to get his algorithm correct. I don't know the sytax, but you get the general idea. You need to use the attr_rewrite attr_rewrite add_at { attribute = User-Name searchin = packet searchfor = "^[(a-z0-9)\\000(a-z0-9)]+$" replacewith = [EMAIL PROTECTED] ignore_case = yes new_attribute = no max_matches = 1 append = no > Thassanai Mhuansean wrote: > > My system: > FreeBSD 4.8 + freeradius-0.8.1 authentication with mysql . > Access server is Cisco 3640 series and IOS version 12.2. > > My Question: > I use RAN (Remote Access Network) to Router 3640 by > username: [EMAIL PROTECTED] and > password: test555 > when I used authentication on router 3640, it 's OK. > But when I used radius authentication and into debug mode it shown. > > > rad_recv: Accounting-Request packet from host 203.121.143.20:1646, > id=114, length=203 > Acct-Session-Id = "0119" > Tunnel-Server-Endpoint:0 = "172.21.250.34" > Tunnel-Client-Endpoint:0 = "172.21.129.6" > Tunnel-Assignment-Id:0 = "session-id" > Tunnel-Type:0 = L2TP > Acct-Tunnel-Connection = "265" > Tunnel-Client-Auth-Id:0 = "LAC" > Tunnel-Server-Auth-Id:0 = "session-id" > Framed-Protocol = PPP > Acct-Authentic = Local > Acct-Status-Type = Start > User-Name = "qwerty123\000isdn.xxx.com" > Acct-Multi-Session-Id = "00BA" > Acct-Link-Count = 2 > Framed-IP-Address = 203.x.x.x > NAS-Port = 2 > NAS-Port-Type = Virtual > Service-Type = Framed-User > NAS-IP-Address = 203.x.x.x > Acct-Delay-Time = 30 > > From above. Username field is encrypted from "@" into "\000" then > Authentication fail!. > What should I do? Please help me. > > Best regards, > > Thassanai Mhuansean > System Engineer Wireless > GMM GRAMMY PCL. > Mobile: 661 4850300 > Tel: 662 4850300p2 > E-mail: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please Help me about Freeradius!
My system: FreeBSD 4.8 + freeradius-0.8.1 authentication with mysql . Access server is Cisco 3640 series and IOS version 12.2. My Question: I use RAN (Remote Access Network) to Router 3640 by username: [EMAIL PROTECTED] and password: test555 when I used authentication on router 3640, it 's OK. But when I used radius authentication and into debug mode it shown. rad_recv: Accounting-Request packet from host 203.121.143.20:1646, id=114, length=203 Acct-Session-Id = "0119" Tunnel-Server-Endpoint:0 = "172.21.250.34" Tunnel-Client-Endpoint:0 = "172.21.129.6" Tunnel-Assignment-Id:0 = "session-id" Tunnel-Type:0 = L2TP Acct-Tunnel-Connection = "265" Tunnel-Client-Auth-Id:0 = "LAC" Tunnel-Server-Auth-Id:0 = "session-id" Framed-Protocol = PPP Acct-Authentic = Local Acct-Status-Type = Start User-Name = "qwerty123\000isdn.xxx.com" Acct-Multi-Session-Id = "00BA" Acct-Link-Count = 2 Framed-IP-Address = 203.x.x.x NAS-Port = 2 NAS-Port-Type = Virtual Service-Type = Framed-User NAS-IP-Address = 203.x.x.x Acct-Delay-Time = 30 From above. Username field is encrypted from "@" into "\000" then Authentication fail!. What should I do? Please help me. Best regards,Thassanai MhuanseanSystem Engineer WirelessGMM GRAMMY PCL.Mobile: 661 4850300Tel: 662 4850300p2E-mail: [EMAIL PROTECTED]
rlm_sql_counter, help me please
Please, Help me. I have made everything what the file says to rlm_sql_counter to use the counter, but when I execute radiusd - X says to me: ERROR: Cannot find a configuration entry for module "sql". What is this -- _*Liyuán García Caballero*_ *Consultor Informático* *ESI, Ciego de Ávila* *Cuba*. _* Contáctame en*_ Telf: 53-033-28734 ext. 120 AIM: liyuang Yahoo,MSN: liyuangarcia. Linux para todos Con grandes prestaciones y altos rendimientos, ha, menos costos. :)
rlm_sqlcounter: unknown xlat function [WAS: rlm_sqlcounter Help-me]
I have the same problem below as this previous message posted below. Did this ever get solved? I need help with: WARNING: Attempt to use unknown xlat function or attribute in string %{sqlcca3: as in the original message below. Ed original message From Mon, 23 Dec 2002 03:33:47 -0800 = i need help table radgroupcheck: mysql> select * from radgroupcheck where GroupName='35Horas'; ++---+-+++ | id | GroupName | Attribute | op | Value | ++---+-+++ | 15 | 35horas | Max-Monthly-Session | := | 126000 | ++---+-+++ 1 row in set (0.00 sec) mysql> SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='santos' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000'; +--+ | SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) | +--+ | 232305 | +--+ 1 row in set (0.00 sec) radius -X rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "noresetcounter" returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "dailycounter" returns noop rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000'' radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='santos' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000'' sqlcounter_expand: '%{sqlcca3:SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='santos' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000'}' WARNING: Attempt to use unknown xlat function or attribute in string %{sqlcca3:SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='santos' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000'} radius_xlat: '' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user santos, check_item=126000, counter=0 rlm_sqlcounter: Sent Reply-Item for user santos, Type=Session-Timeout, value=126000 modcall[authorize]: module "monthlycounter" returns ok modcall: group authorize returns ok Why not work ? =end of original message From Mon, 23 Dec 2002 03:33:47 -0800 = _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: help me
If you have "service password-encryption" on your cisco it will mismatch, this can be changed by "no service password-encryption" and then re typing the radius-server key command the secret must be the same on your Cisco as well as your clients.conf and proxy.conf That is how I got mine to work. -Vic -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nguyen Nhu Hao Sent: Saturday, March 01, 2003 9:23 PM To: [EMAIL PROTECTED] Subject: Re: help me Hi Tarvid, Thank a lot for your kindness. I followed as you showed me but I could not solve the problem. Could you help me to find out the bug I give you my router configuration here pascal#show run Building configuration... Current configuration : 4169 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname pascal ! no logging console aaa new-model aaa authentication login default group radius local ... ... radius-server host 172.16.5.5 auth-port 1645 acct-port 1646 radius-server retransmit 3 radius-server timeout 10 radius-server key 123456 and the file client.conf client 172.16.5.1 { secret = 123456 shortname = pascal } the file naslist # NAS Name Short Name Type # -- #portmaster1.isp.compm1.NY livingston #portmaster2.isp.compm1.LA livingston localhost local portslave pascal pascal cisco and radius log when logined fail more /usr/local/var/log/radius/radius.log Mon Dec 2 11:37:30 2002 : Info: HASH: Reinitializing hash structures and lists for caching... Mon Dec 2 11:37:30 2002 : Info: HASH: Stored 30 entries from /etc/passwd Mon Dec 2 11:37:30 2002 : Info: HASH: Stored 40 entries from /etc/group Mon Dec 2 11:37:30 2002 : Info: Listening on IP address 172.16.5.5, ports 1645/udp and 1646/udp. Mon Dec 2 11:37:30 2002 : Info: Ready to process requests. Mon Dec 2 11:37:57 2002 : Auth: Login incorrect: [hao/8R=\275\326CG\214\224\227\003\231Y'\230c] (from client pascal port 66 cli 172 .16.5.3) nhuhao - Original Message - From: "tarvid" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 28, 2003 5:49 PM Subject: Re: help me > On Saturday 01 March 2003 11:32 pm, Nguyen Nhu Hao wrote: > > Hi all, > > I am a newbie with radius and unix, I would like to install freeradius = > > in RedHat 7.1 and I use a router to authenicate via radius. I installed = > > ok, but I could not authenticate success. I configured authentication = > > use unix module. > > >HASH: user hao found in hashtable bucket 47290 > >modcall[authenticate]: module "unix" returns reject > > modcall: group authenticate returns reject > > auth: Failed to validate the user. > > Login incorrect: [hao/\236\232M\236s<\3121\211\214\344\347"+\214\031] = > > (from client pascal port 66 cli 172.16.5.3) > >WARNING: Unprintable characters in the password. ? Double-check the = > > shared secret on the server and the NAS! > > Have you followed up on the above error message? > > The 'secret" in clients.conf must match exactly the "secret" in your server. > > You might log bad passwords to see if your server got anything like what the > router sent. > > Jim Tarvid > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help me
Hi Tarvid, Thank a lot for your kindness. I followed as you showed me but I could not solve the problem. Could you help me to find out the bug I give you my router configuration here pascal#show run Building configuration... Current configuration : 4169 bytes ! version 12.1 service timestamps debug uptime service timestamps log uptime service password-encryption ! hostname pascal ! no logging console aaa new-model aaa authentication login default group radius local ... ... radius-server host 172.16.5.5 auth-port 1645 acct-port 1646 radius-server retransmit 3 radius-server timeout 10 radius-server key 123456 and the file client.conf client 172.16.5.1 { secret = 123456 shortname = pascal } the file naslist # NAS Name Short Name Type # -- #portmaster1.isp.compm1.NY livingston #portmaster2.isp.compm1.LA livingston localhost local portslave pascal pascal cisco and radius log when logined fail more /usr/local/var/log/radius/radius.log Mon Dec 2 11:37:30 2002 : Info: HASH: Reinitializing hash structures and lists for caching... Mon Dec 2 11:37:30 2002 : Info: HASH: Stored 30 entries from /etc/passwd Mon Dec 2 11:37:30 2002 : Info: HASH: Stored 40 entries from /etc/group Mon Dec 2 11:37:30 2002 : Info: Listening on IP address 172.16.5.5, ports 1645/udp and 1646/udp. Mon Dec 2 11:37:30 2002 : Info: Ready to process requests. Mon Dec 2 11:37:57 2002 : Auth: Login incorrect: [hao/8R=\275\326CG\214\224\227\003\231Y'\230c] (from client pascal port 66 cli 172 .16.5.3) nhuhao - Original Message - From: "tarvid" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, February 28, 2003 5:49 PM Subject: Re: help me > On Saturday 01 March 2003 11:32 pm, Nguyen Nhu Hao wrote: > > Hi all, > > I am a newbie with radius and unix, I would like to install freeradius = > > in RedHat 7.1 and I use a router to authenicate via radius. I installed = > > ok, but I could not authenticate success. I configured authentication = > > use unix module. > > >HASH: user hao found in hashtable bucket 47290 > >modcall[authenticate]: module "unix" returns reject > > modcall: group authenticate returns reject > > auth: Failed to validate the user. > > Login incorrect: [hao/\236\232M\236s<\3121\211\214\344\347"+\214\031] = > > (from client pascal port 66 cli 172.16.5.3) > >WARNING: Unprintable characters in the password. ? Double-check the = > > shared secret on the server and the NAS! > > Have you followed up on the above error message? > > The 'secret" in clients.conf must match exactly the "secret" in your server. > > You might log bad passwords to see if your server got anything like what the > router sent. > > Jim Tarvid > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help me
On Saturday 01 March 2003 11:32 pm, Nguyen Nhu Hao wrote: > Hi all, > I am a newbie with radius and unix, I would like to install freeradius = > in RedHat 7.1 and I use a router to authenicate via radius. I installed = > ok, but I could not authenticate success. I configured authentication = > use unix module. >HASH: user hao found in hashtable bucket 47290 >modcall[authenticate]: module "unix" returns reject > modcall: group authenticate returns reject > auth: Failed to validate the user. > Login incorrect: [hao/\236\232M\236s<\3121\211\214\344\347"+\214\031] = > (from client pascal port 66 cli 172.16.5.3) >WARNING: Unprintable characters in the password. ? Double-check the = > shared secret on the server and the NAS! Have you followed up on the above error message? The 'secret" in clients.conf must match exactly the "secret" in your server. You might log bad passwords to see if your server got anything like what the router sent. Jim Tarvid - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help me
Hi all, I am a newbie with radius and unix, I would like to install freeradius = in RedHat 7.1 and I use a router to authenicate via radius. I installed = ok, but I could not authenticate success. I configured authentication = use unix module. I wrote here what I saw when run radius -X and thank a lot for you help [EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix =3D "/usr/local" main: localstatedir =3D "/usr/local/var" main: logdir =3D "/usr/local/var/log/radius" main: libdir =3D "/usr/local/lib" main: radacctdir =3D "/usr/local/var/log/radius/radacct" main: hostname_lookups =3D no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time =3D 30 main: cleanup_delay =3D 5 main: max_requests =3D 1024 main: delete_blocked_requests =3D 0 main: port =3D 1645 main: allow_core_dumps =3D no main: log_stripped_names =3D yes main: log_auth =3D yes main: log_auth_badpass =3D yes main: log_auth_goodpass =3D yes main: pidfile =3D "/usr/local/var/run/radiusd/radiusd.pid" main: bind_address =3D 172.16.5.5 IP address [172.16.5.5] main: user =3D "root" main: group =3D "root" main: usercollide =3D no main: lower_user =3D "no" main: lower_pass =3D "no" main: nospace_user =3D "no" main: nospace_pass =3D "no" main: proxy_requests =3D no security: max_attributes =3D 200 security: reject_delay =3D 1 main: debug_level =3D 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded System=20 unix: cache =3D yes unix: passwd =3D "/etc/passwd" unix: shadow =3D "/etc/shadow" unix: group =3D "/etc/group" unix: radwtmp =3D "/usr/local/var/log/radius/radwtmp" unix: usegroup =3D no unix: cache_reload =3D 600 HASH: Reinitializing hash structures and lists for caching... HASH: user root found in hashtable bucket 11726 HASH: user bin found in hashtable bucket 86651 HASH: user daemon found in hashtable bucket 11668 HASH: user adm found in hashtable bucket 26466 HASH: user lp found in hashtable bucket 54068 HASH: user sync found in hashtable bucket 42895 HASH: user shutdown found in hashtable bucket 71746 HASH: user halt found in hashtable bucket 7481 HASH: user mail found in hashtable bucket 79471 HASH: user news found in hashtable bucket 5375 HASH: user uucp found in hashtable bucket 38541 HASH: user operator found in hashtable bucket 21748 HASH: user games found in hashtable bucket 47657 HASH: user gopher found in hashtable bucket 47357 HASH: user ftp found in hashtable bucket 56226 HASH: user nobody found in hashtable bucket 99723 HASH: user nscd found in hashtable bucket 36306 HASH: user mailnull found in hashtable bucket 78086 HASH: user ident found in hashtable bucket 40304 HASH: user rpc found in hashtable bucket 72373 HASH: user xfs found in hashtable bucket 17213 HASH: user gdm found in hashtable bucket 50360 HASH: user postgres found in hashtable bucket 19301 HASH: user apache found in hashtable bucket 26582 HASH: user amanda found in hashtable bucket 72438 HASH: user ldap found in hashtable bucket 45563 HASH: user pvm found in hashtable bucket 78527 HASH: user squid found in hashtable bucket 62826 HASH: user hao found in hashtable bucket 47290 HASH: user teo found in hashtable bucket 26706 HASH: Stored 30 entries from /etc/passwd HASH: Stored 40 entries from /etc/group Module: Instantiated unix (unix)=20 Module: Loaded preprocess=20 preprocess: huntgroups =3D "/usr/local/etc/raddb/huntgroups" preprocess: hints =3D "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack =3D no preprocess: ascend_channels_per_line =3D 23 preprocess: with_ntdomain_hack =3D no preprocess: with_specialix_jetstream_hack =3D no preprocess: with_cisco_vsa_hack =3D no Module: Instantiated preprocess (preprocess)=20 Module: Loaded realm=20 realm: format =3D "suffix" realm: delimiter =3D "@" Module: Instantiated realm (suffix)=20 Module: Loaded files=20 files: usersfile =3D "/usr/local/etc/raddb/users" files: acctusersfile =3D "/usr/local/etc/raddb/acct_users" files: compat =3D "no" Module: Instantiated files (files)=20 Module: Loaded detail=20 detail: detailfile =3D = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm =3D 384 detail: dirperm =3D 493 detail: locking =3D no Module: Instantiated detail (detail)=20 Module: Loaded radutmp=20 radutmp: filename =3D "/usr/local/var/log/radius/radutmp" radutmp: username =3D "%{Stripped-User-Name:-%{User-Name}}" radutmp: perm =3D 384 radutmp: callerid =3D yes Module: Instantiated radu
RE: Help-ME...radcheck: Permission denied
You need to determine why you are tring to insert a duplicate key. My wild guess from looking at your log is that you shut the system down and then restarted it, and when you restart, it is trying to reinsert records that already exist. Relational databases will not allow that on tables with a primary key or columns defined as 'unique'. > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of leaobicalho > Sent: Wednesday, February 19, 2003 12:52 PM > To: [EMAIL PROTECTED] > Subject: Help-ME...radcheck: Permission denied > > > Always when im check, show this > message, How can i do for work? > Above have logs of postmaster, radiusd > and radclient > > Log of postmaster > - > DEBUG: database system was shut down > at 2003-02-19 15:33:25 BRT > DEBUG: checkpoint record is at 0/19D420 > DEBUG: redo record is at 0/19D420; > undo record is at 0/0; shutdown TRUE > DEBUG: next transaction id: 875; next > oid: 16633 > DEBUG: database system is ready > ERROR: pg_atoi: error in "fredf": > can't parse "fredf" > ERROR: Cannot insert a duplicate key > into unique index usergroup_pkey > DEBUG: pq_recvbuf: unexpected EOF on > client connection > ERROR: radcheck: Permission denied. > ERROR: radcheck: Permission denied. > ERROR: radcheck: Permission denied. > ERROR: radcheck: Permission denied. > > > Log of Radius Server > > lm_sql (sql): Attempting to connect > rlm_sql_postgresql #0 > rlm_sql (sql): Connected new DB handle, #0 > rlm_sql_postgresql: query: SELECT > id,UserName,Attribute,Value,Op FROM > radcheck WHERE Username = 'fredf' > ORDER BY id > rlm_sql_postgresql: Status: > PGRES_FATAL_ERROR > rlm_sql_postgresql: affected rows = > rlm_sql_postgresql: Postgresql > check_error: s, returning SQL_DOWN > rlm_sql (sql): failed after re-connect > rlm_sql_getvpdata: database query error > rlm_sql (sql): SQL query error; > rejecting user > rlm_sql (sql): Released sql socket id: 0 > rad_recv: Access-Request packet from > host 200.253.21.202:32792, id=97, > length=57 > Dropping packet from client Leao:32792 > - ID: 97 due to dead request 2 > > > > Log of Radius Client > > [root@dev1 radius]# radclient -q -s > 127.0.0.1 auth test123 > user-name=test > radclient: no response from server > > > > > __ > E-mail Premium BOL > Antivírus, anti-spam e até 100 MB de espaço. Assine já! > http://email.bol.com.br/ > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help-ME...radcheck: Permission denied
Always when im check, show this message, How can i do for work? Above have logs of postmaster, radiusd and radclient Log of postmaster - DEBUG: database system was shut down at 2003-02-19 15:33:25 BRT DEBUG: checkpoint record is at 0/19D420 DEBUG: redo record is at 0/19D420; undo record is at 0/0; shutdown TRUE DEBUG: next transaction id: 875; next oid: 16633 DEBUG: database system is ready ERROR: pg_atoi: error in "fredf": can't parse "fredf" ERROR: Cannot insert a duplicate key into unique index usergroup_pkey DEBUG: pq_recvbuf: unexpected EOF on client connection ERROR: radcheck: Permission denied. ERROR: radcheck: Permission denied. ERROR: radcheck: Permission denied. ERROR: radcheck: Permission denied. Log of Radius Server lm_sql (sql): Attempting to connect rlm_sql_postgresql #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql_postgresql: query: SELECT id,UserName,Attribute,Value,Op FROM radcheck WHERE Username = 'fredf' ORDER BY id rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: affected rows = rlm_sql_postgresql: Postgresql check_error: s, returning SQL_DOWN rlm_sql (sql): failed after re-connect rlm_sql_getvpdata: database query error rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 0 rad_recv: Access-Request packet from host 200.253.21.202:32792, id=97, length=57 Dropping packet from client Leao:32792 - ID: 97 due to dead request 2 Log of Radius Client [root@dev1 radius]# radclient -q -s 127.0.0.1 auth test123 user-name=test radclient: no response from server __ E-mail Premium BOL Antivírus, anti-spam e até 100 MB de espaço. Assine já! http://email.bol.com.br/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sqlcounter Help-me
i need help table radgroupcheck: mysql> select * from radgroupcheck where GroupName='35Horas';++---+-+++| id | GroupName | Attribute | op | Value |++---+-+++| 15 | 35horas | Max-Monthly-Session | := | 126000 |++---+-+++1 row in set (0.00 sec) mysql> SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='santos' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000';+--+| SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) |+--+| 232305 |+--+1 row in set (0.00 sec) radius -X rlm_sqlcounter: Entering module authorize coderlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "noresetcounter" returns nooprlm_sqlcounter: Entering module authorize coderlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "dailycounter" returns nooprlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{User-Name}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000''radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='santos' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000'' sqlcounter_expand: '%{sqlcca3:SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='santos' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000'}' WARNING: Attempt to use unknown xlat function or attribute in string %{sqlcca3:SELECT SUM(AcctSessionTime - GREATEST((1038708000 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='santos' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1038708000'}radius_xlat: '' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user santos, check_item=126000, counter=0 rlm_sqlcounter: Sent Reply-Item for user santos, Type=Session-Timeout, value=126000 modcall[authorize]: module "monthlycounter" returns ok modcall: group authorize returns ok Why not work ?
How can I get PMK (EAP-TLS)from RADIUS server?Please help me!!!
hi I have some questions about freeradius. I have installed the freeradius0.7 and configured the server EAP-TLS authentication.The server can work correctly.It is said that the PMK(Pairwise Master Key) encapsuled in the vendor-specific attribute(id=MS-MPPE-RECV) is supported by 0.7.But I still can not get the vendor-specific attribute in its accept packet.It seems that after succeeding in EAP-TLS authentication,the server does not send the PMK.There is no VSAs in the accept packet. I just want to get the PMK and generate other keys. In freeradius0.7,I did not see the mppe.c file.Should I add the file to patch the radius or what can I do to get the PMK? Have you succeeded in getting the PMK?Hope you can help me!Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please help me!
hi I have some questions about freeradius. I have installed the freeradius0.7 and configured the server EAP-TLS authentication.The server can work correctly.It is said that the PMK(Pairwise Master Key) encapsuled in the vendor-specific attribute(id=MS-MPPE-RECV) is supported by 0.7.But I still can not get the vendor-specific attribute in its accept packet.It seems that after succeeding in EAP-TLS authentication,the server does not send the PMK.There is no VSAs in the accept packet. I just want to get the PMK and generate other keys. In freeradius0.7,I did not see the mppe.c file.Should I add the file to patch the radius or what can I do to get the PMK? Have you succeeded in getting the PMK?Hope you can help me!Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
please help me(Radclient)
Hi, I just installed the freeradius server. The command "radtest cool cool 192.168.36.34 1812 testing123" said it had accepted the request. Now how do i login or i used radclient .It was resending the reply. I used "echo "radclient -x -f accounts.txt 192.168.36.34 1812 testing123" accounts.txt User-Name=cool User-Password=cool ------ Some one help me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
please help me
Hi everyone: I have install freeradius-0.7,and it can run correctly with mysql and files. Now ,I want to change my database to postgresql.I have install postgresql-7.2 on my linux (my linux is Mandrake),and creat a database of radius .I use the following command to create tables: $ psql -d radius -f ../db_postgresql.sql When I test radius,I find these following errors: no connection to the server database query error Please help me,thanks! luckliuyuxin [EMAIL PROTECTED] 2002-09-06 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please HELP ME..can do Session TimeOut for Replace sql counter ?,
Gumilar Satriawan <[EMAIL PROTECTED]> wrote: > Alternatifely use Rlm_sqlcounter, But It intend not > for each user account balance but For Each Group > Defined in daily, weekly, etc.., 9 ( I have to > modified in long time ). I need For each users > can have Account Balance (Time Duration) and then > RADIUS system can Forcing disconnect POrtslave modem > if their used time expire ( may be use > PW_SESSION_TIME or ??? ) Have you looked at rlm_counter? It does exactly what you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please HELP ME..can do Session TimeOut for Replace sql counter ?,
Hi all, Guru.. I am configuring FreeRadius Server 07 and Portslave 2001-01-19 for internet prepaid in my campuss My problem is difficult disconnect users while their login to RADIUS. I have Idea to count for each session time use Session Time Out While user Logging on, But I am not sure it will working fine.. Alternatifely use Rlm_sqlcounter, But It intend not for each user account balance but For Each Group Defined in daily, weekly, etc.., 9 ( I have to modified in long time ). I need For each users can have Account Balance (Time Duration) and then RADIUS system can Forcing disconnect POrtslave modem if their used time expire ( may be use PW_SESSION_TIME or ??? ) Thank In Advanced Gumilar Satriawan __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please HELP ME..can do Session TimeOut for Replace sql counter ?,
Hi all, My Guru.. I am configuring FreeRadius Server 06 and Portslave 2001-01-19 for internet prepaid.. My problem is difficult disconnect users while their login to RADIUS. I have Idea to count for each session time use Session Time Out While user Logging on, But I am not sure it will working fine.. Alternatifely use Rlm_sqlcounter, But It intend not for each user account balance but For Each Group Defined in daily, weekly, etc.., 9 ( I have to modified in long time )I need For each users can have Account Balance ( Time Duration) and then system RADIUS can Forcing disconnect POrtslave modem if User account expired.. Please Help Me.. GURUs, mainly for Mr.Alan and Mr. Chris ... Thank In Advanced Gumilar Satriawan __ Do You Yahoo!? Yahoo! Health - Feel better, live better http://health.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: PLease help me with my freeradius and my MYSQL
On Sun, 23 Jun 2002 06:26:08 +0200, [EMAIL PROTECTED] wrote: >Subject: PLease help me with my freeradius and my MYSQL >Date: Sat, 22 Jun 2002 05:35:34 -0400 >Reply-To: [EMAIL PROTECTED] >already have a table usergroup as you can see: >mysql> select * from usergroup; >++--+---+ >| id | UserName | GroupName | >| 1 | paulin | dynamic | >Here 'is what exactly says about the problem: >rlm_sql: Pairs do not match [paulin] >rlm_sql: Released sql socket id: 4 Any information which can stop that authentication from being suceeded (for instance, when there's a Calling Station Id := 123123 on radcheck and the user comes in without this attribute, say from a portmaster2) put this message on radius debug output (and on radius.log if you specify so) Mene Sakkhet ur-seveh Alexandre Ganso - Diretor Steel Goose Moto Group 6, 7 e 8 de setembro - Aniversario 10 anos Steel Goose - Ouro Branco - MG 500 Four 1974... Não corre. Mas me leva até o fim do mundo. [EMAIL PROTECTED] ICQ# 3778773 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PLease help me with my freeradius and my MYSQL
hello freeradius users; thanks a lot rust, but please forgive me because I forgot to mention that I already have a table usergroup as you can see: mysql> select * from usergroup; ++--+---+ | id | UserName | GroupName | ++--+---+ | 1 | paulin | dynamic | ++--+---+ Here 'is what exactly says about the problem: rlm_sql: Pairs do not match [paulin] rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound modcall: group authorize returns ok Anyway I was looking at my problem and I'm not sure if I have to add something else in the table RADREPLY, because as I read all the SQL query it's look like is missing information on the mentioned table. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PLease help me with my freeradius and my MYSQL
Hello Gonzalo, You must add user 'paulin' into usergroup table insert into usergroup (UserName,GroupName) values ('paulin','dynamic'); Also better use crypted passwords for PAP in radiusd.conf change pap { encryption_scheme = crypt } and insert user into radcheck insert into radcheck (UserName,Attribute,Value,op) values ('paulin','Crypt-Password',encrypt('2135'),':='); -- Best regards, rustmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PLease help me with my freeradius and my MYSQL
Dear Simon, I, was following all the mailing list with the subject (Problems with MySQL Auth-Type), but I get a problem which I can't figure it out what's the cause, I'm sure you can help me. To help you understend what I have configured I'm putting the most relevant parts of my configuration files and the most importants tables: Radius.conf authorize { preprocess # counter # attr_filter # eap suffix sql # files # mschap } authenticate { pap # pam # unix # ldap # mschap # eap mysql> select * from radcheck; ++--+---+---+--+ | id | UserName | Attribute | Value | op | ++--+---+---+--+ | 1 | paulin | Password | 2135 | := | | 2 | pmerida | Password | 2135 | := | ++--+---+---+--+ mysql> select * from radgroupcheck; ++---+-+-+--+ | id | GroupName | Attribute | Value | op | ++---+-+-+--+ | 1 | dynamic | Auth-Type | PAP | := | | 2 | dynamic | Framed-Protocol | PPP | == | | 3 | dynamic | Service-Type| Framed-User | == | ++---+-+-+--+ mysql> select * from radgroupreply; ++---++-+--+--+ | id | GroupName | Attribute | Value | op | prio | ++---++-+--+--+ | 1 | dynamic | Framed-Compression | Van-Jacobsen-TCP-IP | := |0 | | 2 | dynamic | Framed-Protocol| PPP | := |0 | | 3 | dynamic | Service-Type | Framed-User | := |0 | | 5 | dynamic | Framed-MTU | 1500| := |0 | ++---++-+--+--+ mysql> select * from radreply; Empty set (0.00 sec) While I'm running in debug mode the server reply with this problem: rad_recv: Access-Request packet from host 166.114.22.4:2178, id=11, length=46 User-Name = "paulin" User-Password = "x~.>!\t>s7\330\031\251\353#\321/" rad_rmspace_pair: User-Name now 'paulin' rad_rmspace_pair: User-Password now '2135' modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok radius_xlat: 'paulin' sql_escape in: 'paulin' sql_escape out: 'paulin' sql_set_user: escaped user --> 'paulin' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE UserName = 'paulin' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE UserName = 'paulin' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.UserName = 'paulin' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.UserName = 'paulin' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE UserName = 'paulin' ORDER BY id' SELECT id,UserName,Attribute,Value,op FROM radreply WHERE UserName = 'paulin' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.UserName = 'paulin' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.UserName = 'paulin' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_sql: Pairs do not match [paulin] rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns notfound modcall: group authorize returns ok auth: No Auth-Type configuration for the request, rejecting the user auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: mysql + ms-chap2 - help me
At 10:06 AM 4/22/2002 +0400, rust wrote: >Hello Chris, > >Friday, April 19, 2002, 6:14:12 PM, you wrote: > >CP> At 12:17 PM 4/19/2002 +0400, rust wrote: > >>Hello freeradius-users, > >> > >> > >>I build pppd with radius.so plugin and it work with freeradius and PAP > >>auth with > >>encrypted passwords in mysql base. > >>Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2 > >> > >>I add user "rust" with pass "qwerty" in table radcheck in database radius > >> > >> > > >> > >> id UserName AttributeValue > >> 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE > >CP> You should add an Auth-Type := MS-CHAP ( don't forget about the operator >CP> column ). > > >What must be in op. column?? The operator. See 'man users'. It can ==, !=, :=, etc. And, you made two conflicting changes. Try putting back the original LM-Password. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[3]: mysql + ms-chap2 - help me
Dear rust, --Monday, April 22, 2002, 10:06:59 AM, you wrote to [EMAIL PROTECTED]: r> I change from r> authorize { r> preprocess r> suffix r> mschap r> sql r> } r> to r> authorize { r> preprocess r> suffix r> sql r> mschap r> } r> Table radcheck in database radius r> r> id UserName Attribute Value op r> 1 rust Password 598DDCE2660D3193AAD3B435B51404EE Now MS-CHAP is called for authentication but it fails due to invalid password. It looks like you've missed Password and NT-Password or LM-Password. Password is cleartext password. If you want to use LM, NT or both you should use 2 attributes LM-Password and NT-Password instead of Password. r> and i have now: r> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. r> Ready to process requests. r> rad_recv: Access-Request packet from host 192.168.200.1:4539, id=57, length=132 r> Service-Type = Framed-User r> Framed-Protocol = PPP r> User-Name = "rust" r> MS-CHAP-Challenge = 0x57f059a9234695cc18e4d76872562e67 r> MS-CHAP2-Response = 0x01001a4875d0fee41ae7e7d3f73ac484e78f292ed1a9b338633ff19c2f260e8a83e20bfa83de3f8624bb r> NAS-IP-Address = 127.0.0.1 r> NAS-Port = 1 r> modcall: entering group authorize r> modcall[authorize]: module "preprocess" returns ok r> modcall[authorize]: module "suffix" returns ok r> radius_xlat: 'rust' r> sql_escape in: 'rust' r> sql_escape out: 'rust' r> sql_set_user: escaped user --> 'rust' r> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'rust' ORDER BY id' r> rlm_sql: Reserving sql socket id: 4 r> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'rust' ORDER BY id r> radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND r> usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' r> SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND usergroup.GroupName r> = radgroupcheck.GroupName ORDER BY radgroupcheck.id r> radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'rust' ORDER BY id' r> SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'rust' ORDER BY id r> radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND r> usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' r> SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND usergroup.GroupName r> = radgroupreply.GroupName ORDER BY radgroupreply.id r> radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' r> SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC r> rlm_sql: Released sql socket id: 4 r> modcall[authorize]: module "sql" returns ok r> modcall[authorize]: module "mschap" returns ok r> modcall: group authorize returns ok r> rad_check_password: Found Auth-Type MS-CHAP r> auth: type "MS-CHAP" r> modcall: entering group authenticate r> modcall[authenticate]: module "mschap" returns reject r> modcall: group authenticate returns reject r> auth: Failed to validate the user. r> Delaying request 0 for 1 seconds r> Finished request 0 r> Going to the next request r> What wrong?? -- ~/ZARAZA Íî Ãàððè... ÿ áåçóñëîâíî îòäàþ ïðåäïî÷òåíèå åìó, çà âûñîêóþ ïèòàòåëüíîñòü è êàêîå-òî îñîáåííî íåæíîå ìÿñî. (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: mysql + ms-chap2 - help me
Hello Chris, Friday, April 19, 2002, 6:14:12 PM, you wrote: CP> At 12:17 PM 4/19/2002 +0400, rust wrote: >>Hello freeradius-users, >> >> >>I build pppd with radius.so plugin and it work with freeradius and PAP >>auth with >>encrypted passwords in mysql base. >>Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2 >> >>I add user "rust" with pass "qwerty" in table radcheck in database radius >> >> >> >> id UserName AttributeValue >> 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE CP> You should add an Auth-Type := MS-CHAP ( don't forget about the operator CP> column ). What must be in op. column?? I change from authorize { preprocess suffix mschap sql } to authorize { preprocess suffix sql mschap } Table radcheck in database radius id UserName Attribute Value op 1 rust Password 598DDCE2660D3193AAD3B435B51404EE and i have now: Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.200.1:4539, id=57, length=132 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "rust" MS-CHAP-Challenge = 0x57f059a9234695cc18e4d76872562e67 MS-CHAP2-Response = 0x01001a4875d0fee41ae7e7d3f73ac484e78f292ed1a9b338633ff19c2f260e8a83e20bfa83de3f8624bb NAS-IP-Address = 127.0.0.1 NAS-Port = 1 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok radius_xlat: 'rust' sql_escape in: 'rust' sql_escape out: 'rust' sql_set_user: escaped user --> 'rust' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'rust' ORDER BY id' rlm_sql: Reserving sql socket id: 4 SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'rust' ORDER BY id radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'rust' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'rust' ORDER BY id' SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'rust' ORDER BY id radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'rust' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' SELECT Value,Attribute FROM radcheck WHERE UserName = 'rust' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC rlm_sql: Released sql socket id: 4 modcall[authorize]: module "sql" returns ok modcall[authorize]: module "mschap" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group authenticate modcall[authenticate]: module "mschap" returns reject modcall: group authenticate returns reject auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request What wrong?? -- Best regards, rustmailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mysql + ms-chap2 - help me
Dear rust, First, sql should be _before_ mschap in authorize{}. Second, set NT password (it's better to set both NT and LM passwords). --Friday, April 19, 2002, 12:17:54 PM, you wrote to [EMAIL PROTECTED]: r> Hello freeradius-users, r> I build pppd with radius.so plugin and it work with freeradius and PAP auth with r> encrypted passwords in mysql base. r> Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2 r> I add user "rust" with pass "qwerty" in table radcheck in database radius r> r> id UserName AttributeValue r> 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE r> r> ./radiusd -X logs next: r> Starting - reading configuration files ... r> reread_config: reading radiusd.conf r> Config: including file: /usr/local/etc/raddb/proxy.conf r> Config: including file: /usr/local/etc/raddb/clients.conf r> Config: including file: /usr/local/etc/raddb/snmp.conf r> Config: including file: /usr/local/etc/raddb/sql.conf r> main: prefix = "/usr/local" r> main: localstatedir = "/usr/local/var" r> main: logdir = "/usr/local/var/log/radius" r> main: libdir = "/usr/local/lib" r> main: radacctdir = "/usr/local/var/log/radius/radacct" r> main: hostname_lookups = no r> read_config_files: reading dictionary r> read_config_files: reading clients r> read_config_files: reading realms r> read_config_files: reading naslist r> main: max_request_time = 30 r> main: cleanup_delay = 5 r> main: max_requests = 1024 r> main: delete_blocked_requests = 0 r> main: port = 0 r> main: allow_core_dumps = no r> main: log_stripped_names = no r> main: log_auth = no r> main: log_auth_badpass = no r> main: log_auth_goodpass = no r> main: pidfile = "/usr/local/var/run/radiusd.pid" r> main: user = "root" r> main: group = "root" r> main: usercollide = no r> main: lower_user = "no" r> main: lower_pass = "no" r> main: nospace_user = "no" r> main: nospace_pass = "no" r> main: proxy_requests = yes r> proxy: retry_delay = 5 r> proxy: retry_count = 3 r> proxy: synchronous = no r> proxy: default_fallback = yes r> proxy: dead_time = 120 r> security: max_attributes = 200 r> security: reject_delay = 1 r> main: debug_level = 0 r> read_config_files: entering modules setup r> Module: Library search path is /usr/local/lib r> Module: Loaded MS-CHAP r> mschap: ignore_password = no r> mschap: use_mppe = yes r> mschap: require_encryption = no r> mschap: require_strong = no r> mschap: passwd = "(null)" r> mschap: authtype = "MS-CHAP" r> Module: Instantiated mschap (mschap) r> Module: Loaded preprocess r> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" r> preprocess: hints = "/usr/local/etc/raddb/hints" r> preprocess: with_ascend_hack = no r> preprocess: ascend_channels_per_line = 23 r> preprocess: with_ntdomain_hack = no r> preprocess: with_specialix_jetstream_hack = no r> preprocess: with_cisco_vsa_hack = no r> Module: Instantiated preprocess (preprocess) r> Module: Loaded realm r> realm: format = "suffix" r> realm: delimiter = "@" r> Module: Instantiated realm (suffix) r> Module: Loaded SQL r> sql: driver = "rlm_sql_mysql" r> sql: server = "192.168.200.1" r> sql: port = "" r> sql: login = "radius" r> sql: password = "radpass" r> sql: radius_db = "radius" r> sql: acct_table = "radacct" r> sql: acct_table2 = "radacct" r> sql: authcheck_table = "radcheck" r> sql: authreply_table = "radreply" r> sql: groupcheck_table = "radgroupcheck" r> sql: groupreply_table = "radgroupreply" r> sql: usergroup_table = "usergroup" r> sql: nas_table = "nas" r> sql: dict_table = "dictionary" r> sql: sqltrace = yes r> sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" r> sql: deletestalesessions = yes r> sql: num_sql_socks = 5 r> sql: sql_user_name = "%{User-Name}" r> sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" r> sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" r> sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE r> usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id" r> sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE r> usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id" r> sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attr
Re: mysql + ms-chap2 - help me
At 12:17 PM 4/19/2002 +0400, rust wrote: >Hello freeradius-users, > > >I build pppd with radius.so plugin and it work with freeradius and PAP >auth with >encrypted passwords in mysql base. >Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2 > >I add user "rust" with pass "qwerty" in table radcheck in database radius > > > > id UserName AttributeValue > 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE You should add an Auth-Type := MS-CHAP ( don't forget about the operator column ). Here's the clue from the debug, that tells you this: >auth: No Auth-Type configuration for the request, rejecting the user >auth: Failed to validate the user. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mysql + ms-chap2 - help me
Hello freeradius-users, I build pppd with radius.so plugin and it work with freeradius and PAP auth with encrypted passwords in mysql base. Now I need authorize and accounting pptp with freeradius+mysql+ms-chap2 I add user "rust" with pass "qwerty" in table radcheck in database radius id UserName AttributeValue 1 rust LM-Password 598DDCE2660D3193AAD3B435B51404EE ./radiusd -X logs next: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd.pid" main: user = "root" main: group = "root" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "192.168.200.1" sql: port = "" sql: login = "radius" sql: password = "radpass" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = yes sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id" sql: authorize_group_check_query = "SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id" sql: authorize_group_reply_query = "SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id" sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE UserName = '%{User-Name}' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC" sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S', AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime), AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime <= '%S'" sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress = '%{Framed-IP-Address}' WHERE AcctSessionId
Re: a newbie question please help me.
At 06:48 PM 3/19/2002 +0200, Daniel Becheanu wrote: >The problem is that the radacct table is updated only when >Acct-Status-Type attribute has Stop value. >i want that it should be updated every 6 seconds.. >as i read the NAS should pass a Accounting-Request package to radius with >Acct-Status-Type set to Intertrim-Update >is that right or just a false presumtion. That's a function of the NAS. The radius server cannot request that accounting data be sent, only the NAS can cause it to be sent. >Another problem is that i want to make radius update the value from >Session-Timeout atribute in RadReply table.. Not currently. You would need to modify the existing code, or create a new module to perform this kind of task. Alternatively, you could look at the functionality provided by the 'counter' module. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a newbie question please help me.
The problem is that the radacct table is updated only when Acct-Status-Type attribute has Stop value. i want that it should be updated every 6 seconds.. as i read the NAS should pass a Accounting-Request package to radius with Acct-Status-Type set to Intertrim-Update is that right or just a false presumtion. Another problem is that i want to make radius update the value from Session-Timeout atribute in RadReply table.. Any help is welcome... thank you.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: who can help me!please
"gcao" <[EMAIL PROTECTED]> wrote: > This is a multi-part message in MIME format. > > --=_NextPart_000_0091_01C1CAAE.A2F574C0 > Content-Type: text/plain; > charset="gb2312" > Content-Transfer-Encoding: base64 > > aGVsbG8saSdtIG5ldyB0byB0aGUgbGlzdCBhbmQgYWxzbyBuZXcgdG8gcmFkaXVzLg0KaSBzcGVu Bleah. Mime to the list isn't nice. Double-encoded text+html text is worse. Anyways... > hello,i'm new to the list and also new to radius. > i spend three months to read the source code,but > there are lots of things which i don't understand. > for example ,in authentication,why do like that? Because it's the best way. > please tell me the thinking about it.thanks.my Uh... right. The comments in the source make it clear what the code is doing. The documentation in the configuration files makes it clear what they mean. Between the two, you should be able to figure out what's going on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
who can help me!please
hello,i'm new to the list and also new to radius. i spend three months to read the source code,but there are lots of things which i don't understand. for example ,in authentication,why do like that? please tell me the thinking about it.thanks.my email is [EMAIL PROTECTED].
aland help me !!! Proxy Accounting ????
I have two RADIUS servers , one is FR 3.0 and the other is another. Now FR 3.0 recieve authentication and accounting packet include username like "[EMAIL PROTECTED]" ,I want FR 3.0 forward the authentication and accounting request to another RADIUS server,and log the accounting packet to local FR 3.0 deplicately,my configure file is below: --- realms - aol.com 192.168.101.18:1645 nostrip - clients - 192.168.101.18aol---keyaol_1 - acct_users - DEFAULT Suffix == "@aol.com", Replicate-To-Realm := "aol.com" Fall-Through = No - when I send test authentication and accounting packet to FR 3.0, remote RADIUS server can recieve authentication and accounting packet and run well,but my FR 3.0 can not log the accounting packet to local ,WHY ??? can you help me to resolve it ??? -- Ò»ÌìÒ»²¿PDA£¬´¹Êֿɵà http://mail.21cn.com/7weapon/01.html 21CNÍøÂç²úÆ·³ÏÕ÷´úÀí http://agent.21cn.com ²»¿´ÊÇÄãµÄ´í£¬²»ÔÙ¿´ÊÇÎÒµÄ´í¡£ http://adinfo.21cn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html