RES: How to connect mysql with freeradius
Are you configure sql.conf ?run radiusd with -X option ( debug ) and check if rlm_mysql is running ok. The radius user have permission to access mysql database ? Sergio Jose Ferreira WGO Internet Brazil -Mensagem original-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Em nome de aliEnviada em: quarta-feira, 24 de dezembro de 2003 10:42Para: [EMAIL PROTECTED]Assunto: How to connect mysql with freeradius How to connect mysql with freeradius? because freeradius and mysql setup ok. creating table and radius.confOK. but freeradius doesn'twrite calling log in tables of mysql.
Issues with the users' file.
Greetings, happy holidays and all of that good stuff.. I'm finally getting around to migrating our radius solution over to FreeRadius, and I've noticed a few issues, hopefully they're easy. In my users file I have around 45 users that have specific properties. Some of them are Dedicated Dial-Up, some of them are Dual channel ISDN with static IP, some of them are Dedicated Dual channel ISDN with static IP.. I'm having some problems making my old users file entries jive with the freeradius lingo. test Password == removedtoprotecttheinnocent Service-Type = Framed, Framed-Protocol = MPP, Ascend-Maximum-Time = 18000, Framed-IP-Address = 209.22.201.121, Framed-IP-Netmask = 255.255.255.248, Ascend-Idle-Limit = 900, Ascend-Maximum-Channels = 2, Framed-Routing = None, Fall-Through = 1 DoomPassword == thepassword Service-Type = Framed, Framed-Protocol = MPP, Ascend-Maximum-Time = 18000, Framed-IP-Address = 209.54.37.66, Framed-IP-Netmask = 255.255.255.255, Ascend-Idle-Limit = 900, Ascend-Maximum-Channels = 2, Framed-Routing = None, Fall-Through = 1 Now, 99% of my users use PAP, and authenticate via the SYSTEM method, this works excellent. However it seems that anyone who has a password listed in the users file automatically 'requires' CHAP, is there a way to make it 'allow CHAP if it has a password in users, but not REQUIRE chap?' We were using an old version of Merit AAA and (it didn't even support chap) but when we had users listed in the users file, it would allow them to auth via PAP just like everyone else. Another problem I noticed is that there is a difference in between what FreeRadius should be sending back to the NAS and what it is sending back to the NAS. Example. For the 'Doom' account. The doom account is basically getting all of the attributes of the DEFAULT account... but it should be using its own account specific attributes. DEFAULT Auth-Type = System Fall-Through = 1, Service-Type = Framed-User, Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP, Ascend-Maximum-Time = 18000, Ascend-Idle-Limit = 900, Ascend-Maximum-Channels = 1 I have the default entry listed at the top of the file. Anyone Have any ideas? -Drew - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Issues with the users' file.
Drew Weaver [EMAIL PROTECTED] wrote: Now, 99% of my users use PAP, and authenticate via the SYSTEM method, this works excellent. However it seems that anyone who has a password listed in the users file automatically 'requires' CHAP, is there a way to make it 'allow CHAP if it has a password in users, but not REQUIRE chap?' I don't see how it requires chap. The server is set up to *allow* the user to use CHAP, if there's a plain-text password available. But nothing in the server *requires* chap. I would suggest reading the debug output of the server. It will tell you why CHAP is being used. The doom account is basically getting all of the attributes of the DEFAULT account... but it should be using its own account specific attributes. Which is what you told it to do: DEFAULT Auth-Type = System Fall-Through = 1, ... I have the default entry listed at the top of the file. See the docs. The Fall-Through attribute tells it to continue processing the users file, where it then finds the Doom entry. Look at the sample users file. There's a reason the DEFAULTS are listed at the bottom. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unable to answer requests from an IAS proxy
Title: Unable to answer requests from an IAS proxy I have a Cisco AS5300 talking to an MS IAS server which proxies certain requests to a FreeRADIUS server. These requests are rejected by the FreeRADIUS server because of a bad password, but the password was entered correctly by the end user. The log seems to indicate that the FreeRADIUS server doesn't understand the encryption used to transmit the password, since debugging data shows a gibberish string instead of the actual password, which it shows during successful authentication attempts made directly from the NAS to the FreeRADIUS server. The FreeRADIUS server is version 0.9.3, the machine is running Solaris 7, patches are reasonably up to date, and as I indicated earlier, authenticating directly to the FreeRADIUS server works correctly. I am doing pass through authentication to the system. The client, the NAS and the IAS proxy are all configured for PAP only, no CHAP or EAP or any of that. Any assistance in getting the proxy to communicate with my FreeRADIUS server would be appreciated. There appear to be a number of references on the mail list archives to getting a FreeRADIUS proxy to talk to an IAS server, but I couldn't find anything going the other direction. Thanks, Jeff Vail This message is a private communication. It may contain information that is confidential and legally protected from disclosure. If you are not an intended recipient, please do not read, copy or use this message or any attachments, and do not disclose them to others. Please notify the sender of the delivery error by replying to this message, and then delete it and any attachments from your system. Thank you. Solucient LLC.
