Re: accounting question
an idea: turn log_auth_badpass = on and write a shellscript which read out the logfile and delete the user who tried to login with a bad pazzword. i wrote a similar script to delete users by expiring date, using sed. ciao marc werner Am Dienstag, 23. März 2004 08:47 schrieb Tim Bots: As I am trying to tell is that my nas CAN disconnect users and block them from that time on. The only thing is that freeradius doesn't log this and as soon as they are logged out they can login again and the user gets again 5 hours. This is not a thing I like. I guess that I have to use a database or something to log this. I hope someone can help me, Tim Bots -- Marc Werner [EMAIL PROTECTED] ICQ#190044536 http://tuxxy.in.itzehoe.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with authorization
we have installed radius 0.9 on linux box and it works fine with cisco AS5200 and AS5300. WE tried to install a new AS5400 to work with radius but we have problem with the authorize section. The configuration in AS5400 is the following: aaa authentication login default local group tacacs+ group radius aaa authentication ppp default group radius aaa authorization exec default local group tacacs+ group radius aaa authorization network default group radius aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius with this config Async users can login with no problem but ISDN users pass the authentication section but have no authorize. When we change the authorization line for network with this aaa authorization network default if-authenticated group radius both ASYNC and ISDN users could login but some attributes not passed (like radiusframedipaddres, radiusportlimit). From the debuging we actually see that the radius works fine and send Auth Ack and after that sends the attributes for the user but for some reason the AS5400 can not accept those attributes and the PPP protocol terminates. Here is the debug from radius: rad_recv: Access-Request packet from host 147.52.3.14:1645, id=140, length=106 Framed-Protocol = PPP User-Name = xxx User-Password = xx NAS-Port = 2 NAS-Port-Type = ISDN Called-Station-Id = 5603327 Calling-Station-Id = 123456 Service-Type = Framed-User NAS-IP-Address = ... rad_lowerpair: User-Name now '[EMAIL PROTECTED]' modcall: entering group authorize modcall[authorize]: module preprocess returns ok users: Matched DEFAULT at 19 users: Matched DEFAULT at 26 modcall[authorize]: module files returns ok modcall[authorize]: module mschap returns noop modcall[authorize]: module chap returns noop rlm_realm: Looking up realm uoc.gr for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm uoc.gr rlm_realm: Adding Stripped-User-Name = kchristo rlm_realm: Proxying request from user kchristo to realm uoc.gr rlm_realm: Adding Realm = uoc.gr rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module uoc returns noop rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module old returns noop radius_xlat: '' rlm_sql (sql): sql_set_user escaped user -- 'xx' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'x' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User x not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User x not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns notfound rlm_ldap: - authorize rlm_ldap: performing user authorization for kchristo radius_xlat: '(uid=kchristo)' radius_xlat: 'ou=people,dc=uoc,dc=gr' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 147.52.80.1:389, authentication 0 rlm_ldap: bind as cn=Directory Manager/x to 147.52.80.1:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in ou=people,dc=uoc,dc=gr, with filter (uid=kchristo) rlm_ldap: performing search in uid=default-dialup,ou=people,dc=uoc,dc=gr, with filter (objectclass=radiusprofile) rlm_ldap: object not found or got ambiguous search result rlm_ldap: default_profile/user-profile search failed rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 12 op=21 rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 44 op=21 rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 39 op=21 rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 77 op=21 rlm_ldap: Adding radiusCalledStationId as Called-Station-Id, value 5603327 op=21 rlm_ldap: Adding npSessionsAllowed as Simultaneous-Use, value 3 op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusPortLimit as Port-Limit, value 1 op=11 rlm_ldap: Adding radiusFramedIPAddress as Framed-IP-Address, value 147.52.3.83 op=11 rlm_ldap: user kchristo authorized to use remote access ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok rlm_checkval: Item Name: Called-Station-Id, Value: 5603327 rlm_checkval:
Re: AW: Behavior for rlm_ldap module
Hi Kostas,
how could i get the patch? I saerched the developer list and did not find it.
which patch do you mean - the one for rlm_ldap or that for configurable failover?
regards,
Arne
Message: 1
Date: Fri, 19 Mar 2004 18:17:19 +0200 (EET)
From: Kostas Kalevras [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: AW: Behavior for rlm_ldap module
Reply-To: [EMAIL PROTECTED]
On Fri, 19 Mar 2004 [EMAIL PROTECTED] wrote:
Hi,
i would also appreciate a solution for this LDAP-ISSUE
(very much!)
does any know if a solution is in sight? And - more
importand - when??
when a patch is posted. I 'll try to work on it on the
weekend. It isn't too
much of a job.
Is anyony working on the extension of configurable failover??
Arne
Dataport
Altenholzer Str 10 - 14, 24161 Altenholz
Internet:www.dataport.de
E-Mail: [EMAIL PROTECTED]
Telefon: 0431 - 32 95 6840
Telefax: 0431 - 32 95 410
Message: 6
Date: Fri, 12 Mar 2004 16:17:14 +0200 (EET)
From: Kostas Kalevras [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Behavior for rlm_ldap module
Reply-To: [EMAIL PROTECTED]
On Fri, 12 Mar 2004, Pierluigi Frullani wrote:
Hi all.
Reading through the C code of rlm_ldap I've noticed that
the behavior for
this module, when it got a nosuchobject or a ambiguous
reply is to not
reject the request, but pass it over for some other
modules, either in
authorize then in authenticate.
This could be ok when you have a distributed ldap with
different databses,
but could result in some false positive when using a
replicated net of
ldap that have the same informations.
While I do have this latest configuration I've tried to
figure out how I
could get an reject if the modules fail with this two
options, and I made
a patch to rlm_ldap.c to have a configuration option for
achieve this
behavior.
So, my patch add the : not_found_should_reject (boolean
type yes/no)
keyword in ldap section of radiusd.conf, with a default
value of no, so
the normal behavior is keeped, and if setted to yes, will
make the module
to return a reject when it fails as described.
Could this patch be included in CVS, and so in next
distribution ?
I 'd prefer a more general approach. As previously
described by Alan
configurable failover could be extended so that something
like this can be
possible:
authorize{
eap
chap
files
ldap {
notfound = reject
}
}
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University
of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting question
I guess this is a bad idea, because I can't write shell-script's ant I don't like the idea of deleting users when their time is over. An example: I want to have a few users that have 1 hour the time and they log in with their browser. Some other users may have 2 hours and some may have another time. When their time is over my nas will disconnect them. I also have a few devices witch can't logon with a web-browser but they log on with their MAC-adress (username = MAC) and they may have infinite time to the internet. I hope someone can help me Tim Bots -Oorspronkelijk bericht- Van: Marc Werner [mailto:[EMAIL PROTECTED] Verzonden: Tuesday, March 23, 2004 9:22 Aan: [EMAIL PROTECTED] Onderwerp: Re: accounting question an idea: turn log_auth_badpass = on and write a shellscript which read out the logfile and delete the user who tried to login with a bad pazzword. i wrote a similar script to delete users by expiring date, using sed. ciao marc werner Am Dienstag, 23. März 2004 08:47 schrieb Tim Bots: As I am trying to tell is that my nas CAN disconnect users and block them from that time on. The only thing is that freeradius doesn't log this and as soon as they are logged out they can login again and the user gets again 5 hours. This is not a thing I like. I guess that I have to use a database or something to log this. I hope someone can help me, Tim Bots -- Marc Werner [EMAIL PROTECTED] ICQ#190044536 http://tuxxy.in.itzehoe.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Starting FreeRADIUS at boot on OS X
Hi All, I have a FreeRADIUS box setup on OSX 10.3.3. I have it doing basic MAC address authentication at the moment, using MySQL to retrieve its data from. This part works fine. My only problem, is that after loads of fiddling, I can't get it to startup at boot (daemonize) unless I include -X into the startup script. The only problem with using this is that it then fails to push anything to the logs (irritating) and will mysteriously reboot at a totally random interval after a period of time, usually 8hrs or so (unacceptable). If I start FreeRADIUS from the terminal, (again using -X) it works fine and stays up for ever. I've had it sat there for over a week (it's a test box and am just testing the capability really) However I'd really like it to launch at boot so in the advent of a power failure, it won't need human intervention to get it back up again, and also leaving a machine logged in is not the most secure method of operation. Is anybody using OSX and FreeRADIUS and have they this config (as in starting up on boot) working, reliably. TIA Dan -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP in authenticate, not authorize -- connect with client user/pass
Hello!
I'm trying to configure LDAP authentication to work with the user supplied
credentials. ACLs don't allow
me to browse the LDAP directory so I'd like to authenticate the user based on a
successfull connection to
LDAP server with his user/pass.
I've come up with this configuration but don't know how to insert user supplied username and password:
modules {
[...]
ldap {
server = x.x.x.x
identity = uid=%{Stripped-User-Name},ou=users,dc=org1,dc=tld
password = %{User-Password}
basedn = ou=users,dc=org1,dc=tld
filter = (uid=%{Stripped-User-Name})
}
}
authorize {
# No LDAP entry here, I don't want it to browse LDAP directory.
[...]
}
authenticate {
eap
Auth-Type LDAP {
ldap
}
Auth-Type PAP {
pap
}
}
Tue Mar 23 08:41:31 2004 : Debug: modcall: entering group Auth-Type for request 4
Tue Mar 23 08:41:31 2004 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap)
for request 4
Tue Mar 23 08:41:31 2004 : Debug: rlm_ldap: - authenticate
Tue Mar 23 08:41:31 2004 : Debug: rlm_ldap: login attempt by test1 with password
test1
Tue Mar 23 08:41:31 2004 : Debug: radius_xlat: '(uid=test1)'
Tue Mar 23 08:41:31 2004 : Debug: radius_xlat: 'ou=users,dc=org1,dc=tld'
Tue Mar 23 08:41:31 2004 : Debug: ldap_get_conn: Got Id: 0
Tue Mar 23 08:41:31 2004 : Debug: rlm_ldap: attempting LDAP reconnection
Tue Mar 23 08:41:31 2004 : Debug: rlm_ldap: (re)connect to x.x.x.x:y, authentication 0
Tue Mar 23 08:41:31 2004 : Debug: rlm_ldap: bind as
uid=%{Stripped-User-Name},ou=users,dc=org1,dc=tld/%{User-Password} to x.x.x.x:y
Tue Mar 23 08:41:31 2004 : Debug: rlm_ldap: waiting for bind result ...
Tue Mar 23 08:41:31 2004 : Error: rlm_ldap: LDAP login failed: check login, password
settings in ldap section of radiusd.conf
Tue Mar 23 08:41:31 2004 : Error: rlm_ldap: (re)connection attempt failed
Tue Mar 23 08:41:31 2004 : Debug: ldap_release_conn: Release Id: 0
Tue Mar 23 08:41:31 2004 : Debug: modsingle[authenticate]: returned from ldap
(rlm_ldap) for request 4
Tue Mar 23 08:41:31 2004 : Debug: modcall[authenticate]: module ldap returns fail
for request 4
Tue Mar 23 08:41:31 2004 : Debug: modcall: group Auth-Type returns fail for request 4
Tue Mar 23 08:41:31 2004 : Debug: auth: Failed to validate the user.
Tue Mar 23 08:41:31 2004 : Auth: Login incorrect: [EMAIL PROTECTED]/test1] (from
client localhost port 0)
As it can be seen from logs, the %{User-Password} and %{Stripped-User-Name} are not
substituted
in identity and password. If I enter the values (username and pass) directy into
these fields authentication works (naturaly).
How is it done correctly or doesn't rlm_ldap support this kind of LDAP authentication ?
--
Lep pozdrav,
Rok Papez.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
null port name?
I am using freeradius as a proxy for another radius. Everything works perfectly when trying to authenticate a prepaid calling card, but when the user dials, the primary radius rejects all the calls on the ground of null portname error. As far as I see, freeRadius sends forth what was sent to it. I have no idea why this is happening. Of course, after removing freeradius from the chain, everything works fine. Any idea why this happends? I am using a Cisco gateway for this. Thanks Costin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: no response from server?
hi! we have freeradius 0.9.3 installed and running i can run successful radtest's from the local machine, and from another (both are redhat enterprise...) in the same class c block, but when i try to test or reach it from outside that class c block, i get a 'no response from server' error... i thought this must be a firewall issue, but i have all three udp 1812, 1813 and 1814 wide open can anyone think of any configuration item in radius that i could possibly have messed up? any thoughts appreciated...! jim warren [EMAIL PROTECTED] 702.743.0208 fax: 702.921.0208 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Configuring Server for Access-Challenge Response
Hi Joseph, Just a question from urs mail ? When u say Auth-Type = example then the authentication for that user will go to a module named example, similarly Auth-Type=CHAP means the same The thing is i want to configure the Server for challenge response, please can u let me know how ? Thanks in advance ? Asif Eng, Joseph [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/17/04 06:43 AM Please respond to [EMAIL PROTECTED] To '[EMAIL PROTECTED]' [EMAIL PROTECTED] cc Subject RE: Configuring Server for Access-Challenge Response Appreciate the help. It's working fine now. -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 2:16 PM To: [EMAIL PROTECTED] Subject: Re: Configuring Server for Access-Challenge Response Eng, Joseph [EMAIL PROTECTED] wrote: Per previous suggestion I'm trying to use the rlm_example module to implement a challenge-response. However, I'm not quite sure how to configure the users file to invoke this modules on a certain user name. For example, what does one use for Auth-Type :=? example I don't see any obvious Auth-Type definitions in dictionary file for this. Because the names are automatically created at run-time, based on the module names. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Eap/peap ms-chapv2 with WinXP
Hello, i compiled snapshot freeradius-snapshot-20040318 with OpenSSL 0.9.7d 17 Mar 2004 like this : ./configure --with-experimental-modules --with-openssl-libraries=/usr/local/ssl/lib --with-openssl-includes=/usr/local/ssl/include In my user file, i have tis user : criup Auth-Type := EAP, User-Password == mypass But i can not use eap/peap or eap/tls authentication . I can't determine if it is an ssl problem, a certificate problem, compilation, WinXP Many thanks in advance. Logs are : /usr/local/sbin/radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: bind_address = 194.167.137.12 IP address [194.167.137.12] main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /usr/local/etc/raddb/certs/yaka2.univ-perp.fr.key tls: certificate_file = /usr/local/etc/raddb/certs/yaka2.univ-perp.fr.crt tls: CA_file = /usr/local/etc/raddb/certs/ca-cru.pem tls: private_key_password = (null) tls: dh_file = /usr/local/etc/raddb/certs/dh tls: random_file = /usr/local/etc/raddb/certs/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no rlm_eap: Loaded and initialized type tls ttls: default_eap_type = md5 ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess:
Eap/peap ms-chapv2 with WinXP
Sorry, the same message without signature. Hello, i compiled snapshot freeradius-snapshot-20040318 with OpenSSL 0.9.7d 17 Mar 2004 like this : ./configure --with-experimental-modules --with-openssl-libraries=/usr/local/ssl/lib --with-openssl-includes=/usr/local/ssl/include In my user file, i have this user : criup Auth-Type := EAP, User-Password == mypass But i can not use eap/peap or eap/tls authentication . I can't determine if it is an ssl problem, a certificate problem, compilation, WinXP Many thanks in advance. Logs are : /usr/local/sbin/radiusd -X -A Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: bind_address = 194.167.137.12 IP address [194.167.137.12] main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /usr/local/etc/raddb/certs/yaka2.univ-perp.fr.key tls: certificate_file = /usr/local/etc/raddb/certs/yaka2.univ-perp.fr.crt tls: CA_file = /usr/local/etc/raddb/certs/ca-cru.pem tls: private_key_password = (null) tls: dh_file = /usr/local/etc/raddb/certs/dh tls: random_file = /usr/local/etc/raddb/certs/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no rlm_eap: Loaded and initialized type tls ttls: default_eap_type = md5 ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints
AW: Proxying TTLS and PEAP
Hello I use freeradius-snapshot-20040314 and inserted the following on top of the users file: #--- DEFAULT Proxy-To-Realm := dbzone Fall-Through = Yes DEFAULT EAP-Type == PEAP, Proxy-To-Realm := LOCAL Fall-Through = Yes DEFAULT EAP-Type == EAP-TTLS, Proxy-To-Realm := LOCAL Fall-Through = Yes #--- The freeradius is supposed to locally terminate the TLS-Channel. However, it forwards every packet to the realm dbzone, which is a second freeradius-server on 195.186.1.143. What's wrong? In the following is the debug log. Thank you Roman Tue Mar 23 13:52:01 2004 : Info: Ready to process requests. rad_recv: Access-Request packet from host 195.186.248.36:21650, id=16, length=127 User-Name = wlantest1 Framed-MTU = 1400 Called-Station-Id = 000f.24a0.aca0 Calling-Station-Id = 0009.b741.3d5e Message-Authenticator = 0xeb96a7a46184a524d98af60348f27d35 EAP-Message = 0x0201000e01776c616e7465737431 NAS-Port-Type = Wireless-802.11 NAS-Port = 331 Service-Type = Framed-User NAS-IP-Address = 195.186.248.36 Tue Mar 23 13:52:05 2004 : Debug: Processing the authorize section of radiusd.conf Tue Mar 23 13:52:05 2004 : Debug: modcall: entering group authorize for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module preprocess returns ok for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module chap returns noop for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module mschap returns noop for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 0 Tue Mar 23 13:52:05 2004 : Debug: rlm_realm: No '@' in User-Name = wlantest1, looking up realm NULL Tue Mar 23 13:52:05 2004 : Debug: rlm_realm: No such realm NULL Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module suffix returns noop for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 0 Tue Mar 23 13:52:05 2004 : Debug: rlm_eap: EAP packet type response id 1 length 14 Tue Mar 23 13:52:05 2004 : Debug: rlm_eap: No EAP Start, assuming it's an on-going EAP conversation Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module eap returns updated for request 0 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: calling files (rlm_files) for request 0 Tue Mar 23 13:52:05 2004 : Debug: users: Matched DEFAULT at 66 Tue Mar 23 13:52:05 2004 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 0 Tue Mar 23 13:52:05 2004 : Debug: modcall[authorize]: module files returns ok for request 0 Tue Mar 23 13:52:05 2004 : Debug: modcall: group authorize returns updated for request 0 Sending Access-Request of id 1 to 195.186.1.143:1812 User-Name = wlantest1 Framed-MTU = 1400 Called-Station-Id = 000f.24a0.aca0 Calling-Station-Id = 0009.b741.3d5e Message-Authenticator = 0x EAP-Message = 0x0201000e01776c616e7465737431 NAS-Port-Type = Wireless-802.11 NAS-Port = 331 Service-Type = Framed-User NAS-IP-Address = 195.186.248.36 Proxy-State = 0x3136 Tue Mar 23 13:52:05 2004 : Debug: --- Walking the entire request list --- Tue Mar 23 13:52:05 2004 : Debug: Waking up in 6 seconds... rad_recv: Access-Challenge packet from host 195.186.1.143:1812, id=1, length=84 EAP-Message = 0x0102001604107dbd200e8a0a1de34d452d90d1ff8c3a Message-Authenticator = 0xe782985270084d9772347a9dbfe9d7ba State = 0x8d3739a4b75ba8ea8a63055bbf9867f5 Proxy-State = 0x3136 Tue Mar 23 13:52:06 2004 : Debug: Processing the post-proxy section of radiusd.conf Tue Mar 23 13:52:06 2004 : Debug: modcall: entering group post-proxy for request 0 Tue Mar 23 13:52:06 2004 : Debug: modsingle[post-proxy]: calling eap (rlm_eap) for request 0 Tue Mar 23 13:52:06 2004 : Debug: modsingle[post-proxy]: returned from eap (rlm_eap) for request 0 Tue Mar 23 13:52:06 2004 : Debug: modcall[post-proxy]: module eap returns noop for request 0 Tue Mar 23 13:52:06 2004 : Debug: modcall:
fail to link libcrypto and libssl
Hi all, I want to cross compiler "freeradius-snapshot-20040318" to MIPS. I hadcross compiler Openssl-0.9.7-stable-SNAP-20040318 and put libcrypto.a and libssl.a to /usr/local/openssl/lib. Iuse ./configure --enable-shared=no --localstatedir=/var --sysconfdir=/etc --build=i686-pc-linux-gnu --host=mipsel-linux --with-openssl-include=/home/nick/openssl-0.9.7-stable-SNAP-20040318/include --with-openssl-libraries=/usr/local/openssl/lib --with-snmp=no to config the freeradius, then I got the following warning(error) msg while configuring the rlm_eap_tls module checking for DH_new in -lcrypto...nochecking for SSL_new in -lcrypto...no checking how to run C preprocessor...(cached) gcc -E checking for openssl/err.h...(cached) yes checking for openssl/engine.h...(cached) yes configure: warning: silently not building rlm_eap_tls. configure: warning: FAILURE: rlm_eap_tls requires: libcrypto libssl 1. Why the library checking(linking) failed, I had alreay put it to /usr/local/openssl/lib?? Any comments will be very appreciated! Nick Wu Yahoo!
Re: SMC 2804WBR PEAP not working
I sniffed both interfaces (the one on the FreeRadius machine and the WiFi on the client). The sequence is this: packet sent from the AP to the NIC (identify) packet sent to the AP from the NIC (I am username) packet sent from the AP to FreeRadius (auth-request for username) packet sent from the FreeRadius to the AP (auth-challenge) silence :-) Ionut - Original Message - From: Pavol Zibrita [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 3:41 PM Subject: Re: SMC 2804WBR PEAP not working Hi ! I assumed Freeradius is expecting an answer from the supplicant. Unfortunatelly, there's no option (or I do not know about it) to increase the verbosity and no error message whatsoever is logged. I really do not know what to do - the strange thing is that - apparently - EAP/TLS does work and - afaik - the AP does not understand anything below the EAP message so it doesn't even know whether it's PEAP or TLS. Weird. I wasn't able to get it run, but I haven't tried since then anything with the smc, because I have to make other things. But now I will try to look at it and I'll report what have I found out. For example the first important question is, if the first message from radius is send to client or the ap blocks it, or if the ap blocks the clients reply to radius. I think I'll we be also possible to comapre the packets with the cisco as ap, so maybe I can found what is the problem. P.Zibrita - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x WLAN PEAP and Session-Timeout
Alex Barsky [EMAIL PROTECTED] wrote: This is an absolutely incredible discussion group! I was able to setup 802.1x / PEAP Authentication for the Windows XP Supplicant just following some of the discussions. Nice to know it's useful. Now, I want to be able to drop users from WLAN when their account is expired. Reading about PEAP made me believe that re-keying process will be regulated by RADIUS server, however it is not the case. It's *supposed* to be the case. I setup Session-Timeout = 30 in the user profile, but AP-3 just ignores this attribute. Then the AP is wrong. While 30 seconds might be a little short, I've set it to 5 minutes, and tested it with multiple AP's. How can I make user to re-Authenticate, let say every hour? Or there might be some other suggestions. Session-Timeout. It it doesn't work, yell at the AP vendor. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 802.1x WLAN PEAP and Session-Timeout
Don't use the AP-3 if you want to use the Session-Timeout attribute. They've been unable to get this right for as long as I can remember, even though their release notes say that they support it. From my experience, there *is* no other option other than rebooting the AP. With the latest firmware (v2.4.5), I have been unable to get Session-Timeout to work, and you can't set the reauth lifetime in the AP itself to anything less than 2 hours. It's a bug, and they're working on it... Proxim lacks a lot in their RADIUS client implementation. They have enough to get it working, but working well is another issue. My advice? If you want an enterprise-class AP, get a Cisco. It might cost a slight bit more up front, but you'll definitely recoup that in not having to deal with the headaches. --Mike On Tue, 2004-03-23 at 09:19, Alex Barsky wrote: Hi Everybody! This is an absolutely incredible discussion group! I was able to setup 802.1x / PEAP Authentication for the Windows XP Supplicant just following some of the discussions. There is my problem: I want to setup hotspot, I use FreeRADIUS ( FreeBSD ) and ORINOCO AP-2000 ( actually Avaya AP-3 ). Now, I want to be able to drop users from WLAN when their account is expired. Reading about PEAP made me believe that re-keying process will be regulated by RADIUS server, however it is not the case. When supplicant Authenticates with RADIUS over 802.1x and connects to the network, it communicates only with AP to regenerate new WEP key. I setup Session-Timeout = 30 in the user profile, but AP-3 just ignores this attribute. How can I make user to re-Authenticate, let say every hour? Or there might be some other suggestions. I tried use DHCP, thinking that if my supplicant will change an IP address, then it will be forced to renegotiate, but it did not help. Any suggestions (short of rebooting AP ) will be greatly appreciated. Regards, Alek Barsky -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using FreeRadius for a HotSpot with a PrePaid Billing System
Hi everyone, Iam trying to build a Hotspot systemusing FreeRADIUS, I have a Colubris CN3000 NAS and it works great with the FreeRADIUS, but now I need a billing system integrated to theFreeRADIUS so users when enter the hotspot can pay with credit cardusing theexplorer/mozilla to get access or to get login information. I would like to build a complete open source solution, so the only prepaid billing system open source that I have found thar "could" be intergrated with the FreeRADIUS is "FreeSide" (http://www.sisd.com/freeside/) but I haven't tried it yet, I would like to hear a little about this before doing it. So, any Opinion ? Suggestions ? is anybodytryng the same solution ??? I hope someone can help me, Thanks in advance !!! Oswin.
Re: PEAP with MS-Chapv2 Problem
xaeon [EMAIL PROTECTED] wrote: - And at the Login modcall: group authenticate returns reject for request 8 auth: Failed to validate the user. Login incorrect: [alex/no User-Password attribute] (from client Wlan-AP port 0 cli 00-02-72-02-86-73) The whole point of debugging output is to read ALL of it. The true cause of the error is in one of the messages *before* the lines you quoted. Looking at only the last few lines of the debug output is useless. Comment: I have no idea why the Freeradius get no Password .. :/ Because there was none. It's EAP, which doesn't inbclude a User-Password attribute. You can discover this for yourself by reading the debugging output, and noting that there's no User-Password in the request packet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Precedence of Realms and Groups in raddb/users
Bernie Dolan [EMAIL PROTECTED] wrote: We now find that if a username is sent with a suffixed Realm then the users group (readonly) is bypassed and the DEFAULT group is used. Groups and realms don't interact well in 0.9.3. It should work in the latest CVS snapshot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using freeradius to authenticate users to a Windows 2000 AD
Hmm, I don't get any TLS TRACE messages in my debug. Do we have the same debug tls settings? ldap_debug = 0x ldap_debug = 0x0001 ldap_debug = 0x0028 start_tls = no tls_cacertfile = /usr/local/etc/openldap/cacertder.pem tls_cacertdir = /usr/local/etc/openldap/demoCA #tls_mode = no Tarun Bhushan [EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 03/22/2004 05:30 PM Please respond to [EMAIL PROTECTED] To [EMAIL PROTECTED] cc Subject RE: Using freeradius to authenticate users to a Windows 2000 AD Steve Have a look at the following trace extract (for a successful rlm_ldap LDAPS connection to AD): rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to somedc.somecompany.com:636, authentication 0 rlm_ldap: setting TLS mode to 1 rlm_ldap: bind as cn=lookup,ou=something,dc=somecompany,dc=com/password to somedc.somecompany.com:636 ldap_bind ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection ldap_int_open_connection ldap_connect_to_host: TCP somedc.somecompany.com:636 ldap_new_socket: 6 ldap_prepare_socket: 6 ldap_connect_to_host: Trying 10.1.1.3:636 ldap_connect_timeout: fd: 6 tm: 5 async: 0 ldap_ndelay_on: 6 ldap_is_sock_ready: 6 ldap_ndelay_off: 6 TLS trace: SSL_connect:before/connect initialization TLS trace: SSL_connect:SSLv2/v3 write client hello A TLS trace: SSL_connect:SSLv3 read server hello A TLS certificate verification: depth: 1, err: 0, subject: /[EMAIL PROTECTED]/C=xx/ST=xx/L=xx/O=xx/OU=xx/CN=rootcadc .somecompany.com, issuer: /[EMAIL PROTECTED]/C=xx/ST=xx/L=xx/O=xx/OU=xx/CN=rootcadc .somecompany.com TLS certificate verification: depth: 0, err: 0, subject: /[EMAIL PROTECTED]/C=xx/ST=xx/L=xx/O=xx/OU=xx/CN=somedc.s omecompany.com, issuer: /[EMAIL PROTECTED]/C=xx/ST=xx/L=xx/O=xx/OU=xx/CN=rootcadc .somecompany.com TLS trace: SSL_connect:SSLv3 read server certificate A TLS trace: SSL_connect:SSLv3 read server certificate request A TLS trace: SSL_connect:SSLv3 read server done A TLS trace: SSL_connect:SSLv3 write client certificate A TLS trace: SSL_connect:SSLv3 write client key exchange A TLS trace: SSL_connect:SSLv3 write change cipher spec A TLS trace: SSL_connect:SSLv3 write finished A TLS trace: SSL_connect:SSLv3 flush data TLS trace: SSL_connect:SSLv3 read finished A ldap_open_defconn: successful ldap_send_server_request rlm_ldap: waiting for bind result ... The TLS setup involves verification of the root certificate and the server cert (the depth 1 and depth 0 above). This is not seen in your trace and is probably not being done at all. Permissions? Check the permissions on your root CA cert, the directory hierarchy it is in, check the ldap.conf file permissions and its directory hierarchy. If you look at the current CVS rlm_ldap source, you can see that you can set the tls_cacertfile, tls_cacertdir and other options in radiusd.conf as well. You could try that and thus eliminate permissions/config of openldap/ldap.conf altogether. I'm afraid you will have to work through this the hard way - trial and error, eliminating possibilities one by one. Tarun -Original Message- From: Steve OBrien [mailto:[EMAIL PROTECTED] Sent: Tuesday, 23 March 2004 11:00 AM To: [EMAIL PROTECTED] Subject: RE: Using freeradius to authenticate users to a Windows 2000 AD OK I got it going here too, just some login syntax issues with the ldabrowser. Now I can login with ssl there but am still getting errors with freeradius radtest. On a side note radtest is now working with identical radiusd.conf without ssl. To roll this out I need SSL to work. Here's Debug: Thanks again for all your help!! rad_recv: Access-Request packet from host 127.0.0.1:49066, id=128, length=56 User-Name = test User-Password = test NAS-IP-Address = 255.255.255.255 NAS-Port = 1 modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module eap returns noop for request 0 rlm_realm: No '@' in User-Name = test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type LDAP auth: type LDAP modcall: entering group Auth-Type for request 0 rlm_ldap: - authenticate rlm_ldap: login attempt by test with password test radius_xlat: '(SamAccountName=test)' radius_xlat: 'dc=ci,dc=bend,dc=or,dc=us' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to cityhalldc1.ci.bend.or.us:636, authentication 0 rlm_ldap: setting TLS mode to 1 ldap_err2string rlm_ldap: could not set LDAP_OPT_X_TLS option Success rlm_ldap: bind as cn=freeradius,cn=users,dc=ci,dc=bend,dc=or,dc=us/freerad1us to
Filtering Accounting-Data
Hi, I hope, you can help me with an idea, how to filter/strip the Framed-IP-Address of customers from the accounting data. At the moment, I delete the these lines in the detail logs, but I'd like to know, if there is a more elegant way to achieve this. Has freeradius-0.9.3 a feature, to filter these incoming data or not to write it to the accounting logs? Regards, Oliver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Filtering Accounting-Data
If you have the accounting compatible version of attr_filter, you should be able to do this. Instantiate attr_filter before detail in the accounting config, and whatever pairs you decide to strip should not make it into the detail file. HTH, Chris On Mar 23, 2004, at 9:58 AM, Oliver Zimmermann wrote: Hi, I hope, you can help me with an idea, how to filter/strip the Framed-IP-Address of customers from the accounting data. At the moment, I delete the these lines in the detail logs, but I'd like to know, if there is a more elegant way to achieve this. Has freeradius-0.9.3 a feature, to filter these incoming data or not to write it to the accounting logs? Regards, Oliver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SMC 2804WBR PEAP not working
Ionut Nistor [EMAIL PROTECTED] wrote: I sniffed both interfaces (the one on the FreeRadius machine and the WiFi on the client). The sequence is this: ... packet sent from the FreeRadius to the AP (auth-challenge) silence :-) Then the AP is broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: Proxying TTLS and PEAP
[EMAIL PROTECTED] wrote: I use freeradius-snapshot-20040314 and inserted the following on top of the users file: #--- DEFAULT Proxy-To-Realm := dbzone Fall-Through = Yes ... I don't think so. Tue Mar 23 13:52:05 2004 : Debug: users: Matched DEFAULT at 66 Line 66 doesn't look like the top of the users file. And it doesn't look like it's falling through to the other entries. Maybe it's not using the users file you're editing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: no response from server?
Jim Warren [EMAIL PROTECTED] wrote: we have freeradius 0.9.3 installed and running i can run successful radtest's from the local machine, and from another (both are redhat enterprise...) in the same class c block, but when i try to test or reach it from outside that class c block, i get a 'no response from server' error... Use tcpdump to track the packets through the network. i thought this must be a firewall issue, but i have all three udp 1812, 1813 and 1814 wide open You're running RADIUS through a firewall? Please tell me it doesn't do NAT. can anyone think of any configuration item in radius that i could possibly have messed up? It's not a RADIUS problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting detail importing?
I wrote a program that reads detail files and produces CVS or Tab delimited data as well it can connect to a PostgreSQL database and insert records directly. I have not compiled the program in quite a while, but use it to pull data out of detail records that I don't collect currently. Example: parserad -m c -i detail.2003Dec01 -o - -a /tmp/att.map \ | grep 207.34.60.83 \ | cut -d , -f 2 -f 24 \ | sort \ | uniq -c using an attribute map of : #start Time-Stamp = Time-Stamp Acct-Status-Type = Acct-Status-Type ...snip... Acct-Delay-Time = Acct-Delay-Time Connect-Info = Connect-Info end = end Generates : 1 'Start',28000 1 'Start',36000 1 'Start',41333 1 'Stop',28000 ...snip... 45 'Stop',26400 46 'Start',26400 57 'Stop',45333 65 'Start',45333 This is the Help output: parserad [-c configfile] [-i detailfile] [-o outputfile] [-a] [-f format] [-h] [-m [t|c [-s s]|s [-H host] [-D database] [-T table] [-U user] [-P password]]] Option Comment default --- --- -hDisplay this help screen. -c configfile Alternate config file. [parserad.conf] -a attributes Attribute map file. [attribute.map] -i detailfile Radius detail input file to be parsed. [detail] -o outputfile Output file. [radacct.csv] -rReplace outputfile or create new file. -s s Seperator character for CSV mode. [,] -f format Input file format string, double qoutes are stripped from the input file and the seperator must have white space around any characters. [%s = %s] -m c CSV output mode. default -m t TAB delimited output mode. -m s Direct SQL insert mode. -H host Host name of SQL Server. [localhost] -p port TCP port on SQL server.[5432] -D database Database name on SQL server. [radius] -T table Table name in database for inserting records. [detail] -U user User name to access SQL server. -P password Password for user accessing SQL server. -vShow comma seperated record as it is processed. If detailfile is '-' then input is from STDIN. If outputfile is '-' then output is to STDOUT. If your interested in getting this program contact me off list. Ryan Ghering wrote: Does anyone know of a script to import data from livingston radius to freeradius mysql ? If so where is the beast and how do I get my hands on it? Thanks Ryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius Requirements
Hi Everybody, I am new to freeradius, and am Curious to your thoughts of the requirements such as processor, memory, and Disk space for a radius server that will be used for no more than 100 Clients. I don't have a problem building to big of a machine, but I don't want to build one that would not be able to handle that number of clients. By the way FreeRadius will be the only thing running on this machine
Re: Freeradius Requirements
Almost anything 386DX and up could be used, you will probably need at least a 1GB Hard drive and ethernet controller. :-) All kidding aside, it will depend on the volume of radius traffic and the ammount of 'live' data you will keep on the server. I have about 1000 lines on about 40 clients. I am using a version of Cistron Radius that I modified to account ot PostGreSQL a few years ago. I collect around 12000 records per day and keep 3 years worth of daily and monthly summary data and 1 year of detailed accounting records. As a backup I also keep standard detail files. The machine I am using is an 1.5Ghz Athlon with 512MB ram and a 40GB ide drive. This machine is very under utilized. I have mrtg monitoring all of the NAS boxes and about 10 other routers and servers and the load on the machine is still rarely over 0.25 and I have lots of spare drive space as well. Hope that helps. Dwight Rogers wrote: Hi Everybody, I am new to freeradius, and am Curious to your thoughts of the requirements such as processor, memory, and Disk space for a radius server that will be used for no more than 100 Clients. I don't have a problem building to big of a machine, but I don't want to build one that would not be able to handle that number of clients. By the way FreeRadius will be the only thing running on this machine -- Guy Fraser - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using FreeRadius for a HotSpot with a PrePaid Billing System
I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JK On Tue, 23 Mar 2004 10:41:44 -0500 Oswin Ondarza [EMAIL PROTECTED] wrote: Hi everyone, I am trying to build a Hotspot system using FreeRADIUS, I have a Colubris CN3000 NAS and it works great with the FreeRADIUS, but now I need a billing system integrated to the FreeRADIUS so users when enter the hotspot can pay with credit card using the explorer/mozilla to get access or to get login information. I would like to build a complete open source solution, so the only prepaid billing system open source that I have found thar could be intergrated with the FreeRADIUS is FreeSide (http://www.sisd.com/freeside/) but I haven't tried it yet, I would like to hear a little about this before doing it. So, any Opinion ? Suggestions ? is anybody tryng the same solution ??? I hope someone can help me, Thanks in advance !!! Oswin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: null port name?
Costin Manda [EMAIL PROTECTED] wrote: I am using freeradius as a proxy for another radius. Everything works perfectly when trying to authenticate a prepaid calling card, but when the user dials, the primary radius rejects all the calls on the ground of null portname error. As far as I see, freeRadius sends forth what was sent to it. I have no idea why this is happening. If FreeRADIUS is sending *exactly* the same attributes, then the end server can't even tell FreeRADIUS is there. Of course, after removing freeradius from the chain, everything works fine. Make sure ALL packets sent by FreeRADIUS are the same as the situation when you don't use FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsubscribe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Detail log
Read the radius.log file, it may say why the detail file is not being created. Note: The detail file will only be created if an accounting record is accepted. Pavol Zibrita wrote: Hi! A small problem I hope. I just have the detail log configured as it was in the installed radius.conf, but no log is created. Where can be the problem? The detail is in accounting section I think. It should create an dir under var/log/radiusd/radacct/[the_client_ip], but no such dir is created and no log as well. the radiusd.log exist, loging some messages. P.Zibrita PS: The rights are correct (i hope) as the radiusd.log is created, and the server is running as user that owns the whole directory structure of the /var/log/radiusd. (rwx on the dirs for the user). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using FreeRadius for a HotSpot with a PrePaid Billing System
Yes please send !!! Thanks !! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kirti S. Bajwa Sent: Tuesday, March 23, 2004 12:01 PM To: '[EMAIL PROTECTED]' Subject: RE: Using FreeRadius for a HotSpot with a PrePaid Billing System Yes, I do. I am going to be working on something like this in a week or so Thanks. Kirti -Original Message- From: John Kiehnle [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JK On Tue, 23 Mar 2004 10:41:44 -0500 Oswin Ondarza [EMAIL PROTECTED] wrote: Hi everyone, I am trying to build a Hotspot system using FreeRADIUS, I have a Colubris CN3000 NAS and it works great with the FreeRADIUS, but now I need a billing system integrated to the FreeRADIUS so users when enter the hotspot can pay with credit card using the explorer/mozilla to get access or to get login information. I would like to build a complete open source solution, so the only prepaid billing system open source that I have found thar could be intergrated with the FreeRADIUS is FreeSide (http://www.sisd.com/freeside/) but I haven't tried it yet, I would like to hear a little about this before doing it. So, any Opinion ? Suggestions ? is anybody tryng the same solution ??? I hope someone can help me, Thanks in advance !!! Oswin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using FreeRadius for a HotSpot with a PrePaid Billing System
Hi John, thanks for that !!! Can I ask you a few other questions What equipments are you using ??? ( NAS, Bridges, APs, Antennas ) thanks. - Original Message - From: John Kiehnle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:03 PM Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System Ok... I'll post the full set of scripts later this afternoon. I need to sanitize some of our company specific data in configs etc... These rckk but are very beta with no good coders ever having looked at them. So now that I expose my bad undocumented code to the masses... I don't want to hear how crappy my undocumented code is. It is in fact all very simple. I am assuming for better or worse you have looked at php code and understand the basic mechanics of how php interfaces with MySQL and/or LDAP. My production stuff is all MySQL and did I say it rcks. The newest adventure is moving this all to LDAP. Your mileage may very. I'll post them when I get back from lunch. I got a quick 802.11 wireless issue I gotta tackle first. JK On Tue, 23 Mar 2004 11:13:31 -0800 (PST) Julius Igugu [EMAIL PROTECTED] wrote: Yes. John Kiehnle [EMAIL PROTECTED] wrote:I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JK On Tue, 23 Mar 2004 10:41:44 -0500 Oswin Ondarza wrote: Hi everyone, I am trying to build a Hotspot system using FreeRADIUS, I have a Colubris CN3000 NAS and it works great with the FreeRADIUS, but now I need a billing system integrated to the FreeRADIUS so users when enter the hotspot can pay with credit card using the explorer/mozilla to get access or to get login information. I would like to build a complete open source solution, so the only prepaid billing system open source that I have found thar could be intergrated with the FreeRADIUS is FreeSide (http://www.sisd.com/freeside/) but I haven't tried it yet, I would like to hear a little about this before doing it. So, any Opinion ? Suggestions ? is anybody tryng the same solution ??? I hope someone can help me, Thanks in advance !!! Oswin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Julius Igugu SouthWork Co. Ltd. 234 (802) 320-7540 Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using FreeRadius for a HotSpot with a PrePaid Billing System
Am using Orinoco 1100 ROR 1 watt smart amp 15 dbi omni on a 30ft pole on the roof of my house I am setting up wifi or have setup wifi for the neighborhood I have a rack o servers am running UNIX and windows servers I plan on using free radius for authentication etc ... Not yet implemented I have tried to setup but could not get it going correctly ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oswin Ondarza Sent: Tuesday, March 23, 2004 2:16 PM To: [EMAIL PROTECTED] Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System Hi John, thanks for that !!! Can I ask you a few other questions What equipments are you using ??? ( NAS, Bridges, APs, Antennas ) thanks. - Original Message - From: John Kiehnle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:03 PM Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System Ok... I'll post the full set of scripts later this afternoon. I need to sanitize some of our company specific data in configs etc... These rckk but are very beta with no good coders ever having looked at them. So now that I expose my bad undocumented code to the masses... I don't want to hear how crappy my undocumented code is. It is in fact all very simple. I am assuming for better or worse you have looked at php code and understand the basic mechanics of how php interfaces with MySQL and/or LDAP. My production stuff is all MySQL and did I say it rcks. The newest adventure is moving this all to LDAP. Your mileage may very. I'll post them when I get back from lunch. I got a quick 802.11 wireless issue I gotta tackle first. JK On Tue, 23 Mar 2004 11:13:31 -0800 (PST) Julius Igugu [EMAIL PROTECTED] wrote: Yes. John Kiehnle [EMAIL PROTECTED] wrote:I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JK On Tue, 23 Mar 2004 10:41:44 -0500 Oswin Ondarza wrote: Hi everyone, I am trying to build a Hotspot system using FreeRADIUS, I have a Colubris CN3000 NAS and it works great with the FreeRADIUS, but now I need a billing system integrated to the FreeRADIUS so users when enter the hotspot can pay with credit card using the explorer/mozilla to get access or to get login information. I would like to build a complete open source solution, so the only prepaid billing system open source that I have found thar could be intergrated with the FreeRADIUS is FreeSide (http://www.sisd.com/freeside/) but I haven't tried it yet, I would like to hear a little about this before doing it. So, any Opinion ? Suggestions ? is anybody tryng the same solution ??? I hope someone can help me, Thanks in advance !!! Oswin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Julius Igugu SouthWork Co. Ltd. 234 (802) 320-7540 Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using freeradius to authenticate users to a Windows 2000 AD
Steve You only need one of these: ldap_debug = 0x ldap_debug = 0x0001 ldap_debug = 0x0028 The 0x covers all the others. I have no other special TLS debug set - I just set it to 0x0001 normally, and 0x when more detail is needed, but TLS debug is available on either, IIRC. Also, only one of the other two is required: tls_cacertfile = /usr/local/etc/openldap/cacertder.pem tls_cacertdir = /usr/local/etc/openldap/demoCA The above are conflicting as the cert file is not in the demoCA directory indicated. Tarun -Original Message- From: Steve OBrien [mailto:[EMAIL PROTECTED] Sent: Wednesday, 24 March 2004 2:56 AM To: [EMAIL PROTECTED] Subject: RE: Using freeradius to authenticate users to a Windows 2000 AD Hmm, I don't get any TLS TRACE messages in my debug. Do we have the same debug tls settings? ldap_debug = 0x ldap_debug = 0x0001 ldap_debug = 0x0028 start_tls = no tls_cacertfile = /usr/local/etc/openldap/cacertder.pem tls_cacertdir = /usr/local/etc/openldap/demoCA #tls_mode = no NOTICE This e-mail and any attachments are confidential and may contain copyright material of Macquarie Bank or third parties. If you are not the intended recipient of this email you should not read, print, re-transmit, store or act in reliance on this e-mail or any attachments, and should destroy all copies of them. Macquarie Bank does not guarantee the integrity of any emails or any attached files. The views or opinions expressed are the author's own and may not reflect the views or opinions of Macquarie Bank. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using FreeRadius for a HotSpot with a PrePaid Billing System
thanks for the information John, where are you going to post the php files ??? and one other question: I am planning to make a hotspot for a residential condo, and I would like your opinion in my equipment list: FreeRADIUS on a dedicated ROOT server with 1and1 hosting (and hopefully a prepaid system also with your file's help) One Colubris CN3000 NAS for RADIUS server authentication conected to the WAN (this is in the leasing office / club house) One Proxim Tsunami Base station connected to the CN3000 (maybe I don't need the colubris and I can use the RADIUS auth with this Tsunami) with a Omni-directional 14dbi Antenna , and multi-point bridge mode. (this is in the club house ) Now, for each 3 floor residential building one Proxim Tsunami Residential Subscriber Unit in bridge mode pointing to the molti-point on the club house, with a directional 14dbi Antenna. This is like the backbone for spread the connection for all buildings. And finally, One Orinoco AP-600 Access Point for each floor of the building with omni antennas all connected with a switch to the Tsunami Residential Subscriber Unit. I was thinking on try with only One AP for the entire building placing it on the top of the third floor but using a good wide angle antenna, or maybe two AP on the top of the building with angle antennas, one pointing to half of the building and the other AP to the other Half. So what do you think of all this ??? thanks again - Original Message - From: John Kiehnle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 5:40 PM Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System For APs I use: ORiNOCO / YDI HighGain Mikrotik Linksys Antennas I use are: Hawking HighGain Superpass For Bridges I use: YDI ECII YDI Etherant Etherant LR HighGain w/ 10 13db antennas Hawking WB320s Netgear MA101s Belkin equivalent for macs I use Mikrotik for NAS JK On Tue, 23 Mar 2004 17:15:35 -0500 Oswin Ondarza [EMAIL PROTECTED] wrote: *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi John, thanks for that !!! Can I ask you a few other questions What equipments are you using ??? ( NAS, Bridges, APs, Antennas ) thanks. - Original Message - From: John Kiehnle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:03 PM Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System Ok... I'll post the full set of scripts later this afternoon. I need to sanitize some of our company specific data in configs etc... These rckk but are very beta with no good coders ever having looked at them. So now that I expose my bad undocumented code to the masses... I don't want to hear how crappy my undocumented code is. It is in fact all very simple. I am assuming for better or worse you have looked at php code and understand the basic mechanics of how php interfaces with MySQL and/or LDAP. My production stuff is all MySQL and did I say it rcks. The newest adventure is moving this all to LDAP. Your mileage may very. I'll post them when I get back from lunch. I got a quick 802.11 wireless issue I gotta tackle first. JK On Tue, 23 Mar 2004 11:13:31 -0800 (PST) Julius Igugu [EMAIL PROTECTED] wrote: Yes. John Kiehnle [EMAIL PROTECTED] wrote:I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JK On Tue, 23 Mar 2004 10:41:44 -0500 Oswin Ondarza wrote: Hi everyone, I am trying to build a Hotspot system using FreeRADIUS, I have a Colubris CN3000 NAS and it works great with the FreeRADIUS, but now I need a billing system integrated to the FreeRADIUS so users when enter the hotspot can pay with credit card using the explorer/mozilla to get access or to get login information. I would like to build a complete open source solution, so the only prepaid billing system open source that I have found thar could be intergrated with the FreeRADIUS is FreeSide (http://www.sisd.com/freeside/) but I haven't tried it yet, I would like to hear a little about this before doing it. So, any Opinion ? Suggestions ? is anybody tryng the same solution ??? I hope someone can help me, Thanks in advance !!! Oswin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Julius Igugu SouthWork Co. Ltd. 234 (802) 320-7540 Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - List info/subscribe/unsubscribe? See
Re: Using FreeRadius for a HotSpot with a PrePaid Billing System
You will need this too... Have fun JK On Tue, 23 Mar 2004 15:15:50 -0800 John Overman [EMAIL PROTECTED] wrote: *This message was transferred with a trial version of CommuniGate(tm) Pro* Am using Orinoco 1100 ROR 1 watt smart amp 15 dbi omni on a 30ft pole on the roof of my house I am setting up wifi or have setup wifi for the neighborhood I have a rack o servers am running UNIX and windows servers I plan on using free radius for authentication etc ... Not yet implemented I have tried to setup but could not get it going correctly ... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Oswin Ondarza Sent: Tuesday, March 23, 2004 2:16 PM To: [EMAIL PROTECTED] Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System Hi John, thanks for that !!! Can I ask you a few other questions What equipments are you using ??? ( NAS, Bridges, APs, Antennas ) thanks. - Original Message - From: John Kiehnle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:03 PM Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System Ok... I'll post the full set of scripts later this afternoon. I need to sanitize some of our company specific data in configs etc... These rckk but are very beta with no good coders ever having looked at them. So now that I expose my bad undocumented code to the masses... I don't want to hear how crappy my undocumented code is. It is in fact all very simple. I am assuming for better or worse you have looked at php code and understand the basic mechanics of how php interfaces with MySQL and/or LDAP. My production stuff is all MySQL and did I say it rcks. The newest adventure is moving this all to LDAP. Your mileage may very. I'll post them when I get back from lunch. I got a quick 802.11 wireless issue I gotta tackle first. JK On Tue, 23 Mar 2004 11:13:31 -0800 (PST) Julius Igugu [EMAIL PROTECTED] wrote: Yes. John Kiehnle [EMAIL PROTECTED] wrote:I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JK On Tue, 23 Mar 2004 10:41:44 -0500 Oswin Ondarza wrote: Hi everyone, I am trying to build a Hotspot system using FreeRADIUS, I have a Colubris CN3000 NAS and it works great with the FreeRADIUS, but now I need a billing system integrated to the FreeRADIUS so users when enter the hotspot can pay with credit card using the explorer/mozilla to get access or to get login information. I would like to build a complete open source solution, so the only prepaid billing system open source that I have found thar could be intergrated with the FreeRADIUS is FreeSide (http://www.sisd.com/freeside/) but I haven't tried it yet, I would like to hear a little about this before doing it. So, any Opinion ? Suggestions ? is anybody tryng the same solution ??? I hope someone can help me, Thanks in advance !!! Oswin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Julius Igugu SouthWork Co. Ltd. 234 (802) 320-7540 Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html master.cfg Description: Binary data
Re: Using FreeRadius for a HotSpot with a PrePaid Billing System
thanks John can you please take a look to my last post ??? I would like your opinion about the equipments I am planning to use, thanks again. Oswin. - Original Message - From: John Kiehnle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 7:50 PM Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System Oswin, You should see the three scripts in one post and the master.cfg file in a second post right here in the maillist. JK On Tue, 23 Mar 2004 19:14:40 -0500 Oswin Ondarza [EMAIL PROTECTED] wrote: *This message was transferred with a trial version of CommuniGate(tm) Pro* thanks for the information John, where are you going to post the php files ??? and one other question: I am planning to make a hotspot for a residential condo, and I would like your opinion in my equipment list: FreeRADIUS on a dedicated ROOT server with 1and1 hosting (and hopefully a prepaid system also with your file's help) One Colubris CN3000 NAS for RADIUS server authentication conected to the WAN (this is in the leasing office / club house) One Proxim Tsunami Base station connected to the CN3000 (maybe I don't need the colubris and I can use the RADIUS auth with this Tsunami) with a Omni-directional 14dbi Antenna , and multi-point bridge mode. (this is in the club house ) Now, for each 3 floor residential building one Proxim Tsunami Residential Subscriber Unit in bridge mode pointing to the molti-point on the club house, with a directional 14dbi Antenna. This is like the backbone for spread the connection for all buildings. And finally, One Orinoco AP-600 Access Point for each floor of the building with omni antennas all connected with a switch to the Tsunami Residential Subscriber Unit. I was thinking on try with only One AP for the entire building placing it on the top of the third floor but using a good wide angle antenna, or maybe two AP on the top of the building with angle antennas, one pointing to half of the building and the other AP to the other Half. So what do you think of all this ??? thanks again - Original Message - From: John Kiehnle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 5:40 PM Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System For APs I use: ORiNOCO / YDI HighGain Mikrotik Linksys Antennas I use are: Hawking HighGain Superpass For Bridges I use: YDI ECII YDI Etherant Etherant LR HighGain w/ 10 13db antennas Hawking WB320s Netgear MA101s Belkin equivalent for macs I use Mikrotik for NAS JK On Tue, 23 Mar 2004 17:15:35 -0500 Oswin Ondarza [EMAIL PROTECTED] wrote: *This message was transferred with a trial version of CommuniGate(tm) Pro* Hi John, thanks for that !!! Can I ask you a few other questions What equipments are you using ??? ( NAS, Bridges, APs, Antennas ) thanks. - Original Message - From: John Kiehnle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 4:03 PM Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System Ok... I'll post the full set of scripts later this afternoon. I need to sanitize some of our company specific data in configs etc... These rckk but are very beta with no good coders ever having looked at them. So now that I expose my bad undocumented code to the masses... I don't want to hear how crappy my undocumented code is. It is in fact all very simple. I am assuming for better or worse you have looked at php code and understand the basic mechanics of how php interfaces with MySQL and/or LDAP. My production stuff is all MySQL and did I say it rcks. The newest adventure is moving this all to LDAP. Your mileage may very. I'll post them when I get back from lunch. I got a quick 802.11 wireless issue I gotta tackle first. JK On Tue, 23 Mar 2004 11:13:31 -0800 (PST) Julius Igugu [EMAIL PROTECTED] wrote: Yes. John Kiehnle [EMAIL PROTECTED] wrote:I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JK On Tue, 23 Mar 2004 10:41:44 -0500 Oswin Ondarza wrote: Hi everyone, I am trying to build a Hotspot system using FreeRADIUS, I have a Colubris CN3000 NAS and it works great with the FreeRADIUS, but now I need a billing system integrated to the FreeRADIUS so users when enter the hotspot can pay with credit card using the
Re: Livingston PM3 and more than 8 username characters
On Tue, Mar 23, 2004 at 08:42:44PM -0500, Alex Redden wrote: Thank you for your time. I need to authenticate my PM3 NAS with more than 8 characters. The request is being authenticated by the freeradius 0.9.3 and the user structure /etc/passwd shadow file on the Linux box. formerly was using 8 char or less for username and username/email address as the 8 or more character. Sorry for slightly off topic as it does seem to be more of a portmaster question but thought someone here would know. Freeradius was a breeze to implement and seems solid. direct reply OK if off topic. Are you having problems authenticating users with longer than 8 characters? I never had that problem in all the years I ran PM3s at my $dayjob (there were 16 of them in the primary pool). I wasn't using Freeradius at that time, though, but the PM3s support longer than 8 characters. -- Mike Horwath, reachable via [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SMC 2804WBR PEAP not working
Probably - thanks. I already written to SMC support - hopefully I'll get a response. cheers, i - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 6:24 PM Subject: Re: SMC 2804WBR PEAP not working Ionut Nistor [EMAIL PROTECTED] wrote: I sniffed both interfaces (the one on the FreeRadius machine and the WiFi on the client). The sequence is this: ... packet sent from the FreeRadius to the AP (auth-challenge) silence :-) Then the AP is broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
