Assertion failed in request_list.c, line 213 freeRadius 1.0 pre
Hello,
I am testing the pre version 1.0 release and get this error whenever I
receive an account record. We proxy accounting records to another server
to be logged and processed:
realm NULL {
type= radius
authhost= LOCAL
accthost= radaccount.mydomain.com:1646
secret = abc123
}
I get the error below when a radius accounting request is processed:
rlm_sql (sql): Released sql socket id: 3
modcall[accounting]: module "sql" returns ok for request 1
modcall: group accounting returns ok for request 1
Sending Accounting-Request of id 0 to 203.xxx.xxx.6:1646
User-Name = "lhurrell"
Acct-Status-Type = Start
Acct-Session-Id = "1086884216.23.6788"
NAS-Identifier = "ap-1-wlg"
NAS-IP-Address = 203.xxx.xxx.3
NAS-Port-Type = Virtual
Service-Type = Framed-User
Framed-IP-Address = 203.xxx.xxx.14
Acct-Tunnel-Connection = "0e006c56h"
Called-Station-Id = "069680166"
Calling-Station-Id = "67512965"
Event-Timestamp = "Jun 12 2004 05:30:29 NZST"
Acct-Delay-Time = 0
Proxy-State = 0x313931
Thread 2 waiting to be assigned a request
rad_recv: Accounting-Response packet from host 203.xxx.xxx.6:1646, id=0,
length=25
Assertion failed in request_list.c, line 213
Aborted
Thanks
Allister P Maguire
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeRadius compile time errors
Hi, every body i am newly joinded in group. Now i want to setup Radius server with EAP_TLS. for that i downloaded openssl-0.9.7-stable-SNAP-20040609.t... it is compiled and installed successfully and i created certificates also. after this i downloaded freeradius-0.8.1.tar.gz and configured it and i modified Makefile in directory, src/modules/rlm_eap/types/rlm_eap_tls as given in doucument. when i try to make this in this directory i am getting liking errors like /** 47 rlm_eap_tls.o(.data+0x140): In function `eaptls_initiate': 48 /usr/local/src/freeradius-0.9.3/src/modules/rlm_eap/types/rlm_eap_tls/rl m_eap_tls.c:138: multiple definition of `rlm_eap_tls' 49 rlm_eap_tls.o(.data+0x140):/usr/local/src/freeradius-0.9.3/src/modules/r lm_eap/types/rlm_eap_tls/rlm_eap_tls.c:138: first defined here 50 eap_tls.o(.text+0x0): In function `eaptls_alloc': 51 /usr/local/src/freeradius-0.9.3/src/modules/rlm_eap/types/rlm_eap_tls/ea p_tls.c:45: multiple definition of `eaptls_alloc' .So many errors like **/ same promlem i faced with freeradius-0.9.3.tar.gz also can any body help me. please this is urgent for me. thanks in adv -Venkat This message was sent using IMP, the Internet Messaging Program. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error
yup.thanx a lot it works!! giving the path works perfectly fine even if i messed up the paths while ./configure thanx, regards, manjunath -Original Message- From: Thor Spruyt [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: radiusd -x gives error - Original Message - From: "Manjunath M Prabhu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 10, 2004 5:51 PM Subject: RE: radiusd -x gives error > i have made the change in the /sbin/rc.radiusd file Try this: # radiusd -d You'll have to know how the binary was compiled. Since rc.radiusd is in /sbin, my best guess is that the binary was compiled with ./configure --prefix=/, so then I guess that radiusd.conf should be located in /etc/raddb > now i try again with radiusd -x but still get the same error. > do i have to change someother script or path variable...if so please tell me > which one?? > regards, > manjunath > > > -Original Message- > From: Milver S. Nisay [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 10, 2004 8:32 PM > To: [EMAIL PROTECTED] > Subject: Re: radiusd -x gives error > > > > hi all, > > i have installed freeradius-1.0.0-pre1. > > when i start the radius server using radiusd -x i get the following error > > > > Starting - reading configuration files ... > > Unable to open file "DIR/radiusd.conf": No such file or directory > > Errors reading radiusd.conf > > > > the radiusd.conf is in /usr/local/etc/raddb/ directory... > > do i have to set an path??? > > the radiusd.conf is either missing or misplace. > you can copy the config file to where radius is looking for it or > you can change the path location, both ways should work > //milver > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help for beginner
I've recently installed freeradius-1.0.0-pre1 and need to configure it to support authentication for users of Baystack 450's and other Baystack devices. It is planned to run on the same servers as tacacs, and I'd like to authenticate against the passwd/shadow files. Is this doable? If so, I need some hints for the config files, especially radiusd.conf. TIA, Pat __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: High CPU usage after FreeBSD Upgrade
Tuc <[EMAIL PROTECTED]> wrote: > Still, is there something if I do run the debug mode again that > we need to look for about these threads that seem to get used up, or > unresponsive children? Look for pauses. If a thread is dead, that means it's blocking for more than 5 seconds. If you run in debug mode, you should see the server *stop* for 5 seconds. That will be indicative. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Installing 0.9.2
"Hauser, Dewitt C, IV (Clint), WCS" <[EMAIL PROTECTED]> wrote: > If there is someone out there with the time and the inclination, I would > appreciate some help getting freeRadius 0.9.2 up and running on a > Solaris 2.7 platform. FreeRADIUS 0.9.3 has some issues on Solaris, and on 64-bit platforms. I suggest trying 1.0.0-pre2, which should be out in a day or so. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Installing 0.9.2
If there is someone out there with the time and the inclination, I would appreciate some help getting freeRadius 0.9.2 up and running on a Solaris 2.7 platform. Please drop me a line off list if you can help. Thanks. -- Clint Hauser AT&T/Merrill Lynch - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: High CPU usage after FreeBSD Upgrade
> > Tuc <[EMAIL PROTECTED]> wrote: > > BEGIN failed--compilation aborted at /usr/local/radius/etc/raddb/scripts/login.p > > l line 15. > > > > Could this be related to the Perl issue your seeing in GNA? > > I'm not sure what you mean by that. > Sorry, faded out there for a second. This was supposed to be my customer. > > I wouldn't be surprised if that problem was the root cause of the > server slowdowns. > The server really isn't slowing down, just chewing CPU. But we've fixed this, restarted, and will see if it fixes it. Still, is there something if I do run the debug mode again that we need to look for about these threads that seem to get used up, or unresponsive children? Thanks, Tuc/TTSG Internet Services, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: High CPU usage after FreeBSD Upgrade
I believe that 4.9 installs perl 5.6 as the default and it appears to be looking for 5.005. Perhaps you need to reinstall the perl DBI or run a portupgrade on it. Or change the path to perl in your script? /usr/ports/databases/p5-DBI Just a shot in the dark, hope that is helpful. On Thu, 10 Jun 2004, Tuc wrote: > Hi, > > I just ran it in debug as per the FAQ, and in the first few seconds > I noticed: > > Can't locate DBI.pm in @INC (@INC contains: /usr/local/radius/etc/raddb/scripts > /usr/local/lib/perl5/site_perl/5.005/i386-freebsd /usr/local/lib/perl5/site_perl > /5.005 . /usr/libdata/perl/5.00503/mach /usr/libdata/perl/5.00503) at /usr/local > /radius/etc/raddb/scripts/DB_utils.pm line 4. > BEGIN failed--compilation aborted at /usr/local/radius/etc/raddb/scripts/DB_util > s.pm line 4. > BEGIN failed--compilation aborted at /usr/local/radius/etc/raddb/scripts/login.p > l line 15. > > Could this be related to the Perl issue your seeing in GNA? > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: High CPU usage after FreeBSD Upgrade
Tuc <[EMAIL PROTECTED]> wrote: > BEGIN failed--compilation aborted at /usr/local/radius/etc/raddb/scripts/login.p > l line 15. > > Could this be related to the Perl issue your seeing in GNA? I'm not sure what you mean by that. I wouldn't be surprised if that problem was the root cause of the server slowdowns. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
failover ippool 1.3
Hello Kostas,
ia have installed freeradius 1.0, ia have tried to
configure failover with ippool, to asign IPs from
two
Pools. I have configure the users:
userUser-Password == "password", Pool-
Name := "PoolA"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = 0,
Port-Limit = 1,
Idle-Timeout = 0,
Session-Timeout = 0
in radius.conf:
ippool PoolA {
range-start = x.x.x.33
range-stop = x.x.x.51
netmask = 255.255.255.255
cache-size = 24
session-db = ${raddbdir}/db.ippoolA
ip-index = ${raddbdir}/db.ipindexA
override = no
}
ippool PoolB {
range-start = x.x.x.80
range-stop = x.x.x.89
netmask = 255.255.255.255
cache-size = 10
session-db = ${raddbdir}/db.ippoolB
ip-index = ${raddbdir}/db.ipindexB
override = no
}
Somebody in the list say me that when a Pool y
full the
ippool module return noop, but i don not known how
to
write this. If saomebody could explain me it?
Than you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: High CPU usage after FreeBSD Upgrade
Hi, I just ran it in debug as per the FAQ, and in the first few seconds I noticed: Can't locate DBI.pm in @INC (@INC contains: /usr/local/radius/etc/raddb/scripts /usr/local/lib/perl5/site_perl/5.005/i386-freebsd /usr/local/lib/perl5/site_perl /5.005 . /usr/libdata/perl/5.00503/mach /usr/libdata/perl/5.00503) at /usr/local /radius/etc/raddb/scripts/DB_utils.pm line 4. BEGIN failed--compilation aborted at /usr/local/radius/etc/raddb/scripts/DB_util s.pm line 4. BEGIN failed--compilation aborted at /usr/local/radius/etc/raddb/scripts/login.p l line 15. Could this be related to the Perl issue your seeing in GNA? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: High CPU usage after FreeBSD Upgrade
Tuc <[EMAIL PROTECTED]> wrote: > When it starts to chew CPU, I see alot of : > > poll(0x81c7c00,0x3,0x0) = 0 (0x0) > gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) ... > Does this seem odd? Yes. It looks like the main loop which reads requests is getting poked, even when there's nothing to do. As a result, it keeps waking up, and looking for things to do. Without access to a FreeBSD system, there isn't much more I can say. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MS-CHAP V2 and VSA for freeRADIUS?
Veerabhushan Hatte <[EMAIL PROTECTED]> wrote: > Does freeRADIUS running on Linux box works with WINDOWS systems using > MSCHAP V2? Using PEAP, which has support for tunneled EAP-MSCHAPv2. > Is there any place to find vendors suuported by freeRADIUS? FreeRADIUS supports all vendors which implement RADIUS. > Is there any place to find supported VSA's for supported vendor? The dictionary files that come with the server? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MS-CHAP V2 and VSA for freeRADIUS?
Hi,Does freeRADIUS running on Linux box works with WINDOWS systems using MSCHAP V2? Is there any place to find vendors suuported by freeRADIUS? Is there any place to find supported VSA's for supported vendor? Thanks,Veera. Do you Yahoo!?Friends. Fun. Try the all-new Yahoo! Messenger
Re: High CPU usage after FreeBSD Upgrade
Hi, When it starts to chew CPU, I see alot of : poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) gettimeofday(0xbfbfeabc,0x0) = 0 (0x0) poll(0x81c7c00,0x3,0x0) = 0 (0x0) Does this seem odd? Thanks, Tuc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -x gives error
- Original Message - From: "Manjunath M Prabhu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 10, 2004 5:51 PM Subject: RE: radiusd -x gives error > i have made the change in the /sbin/rc.radiusd file Try this: # radiusd -d You'll have to know how the binary was compiled. Since rc.radiusd is in /sbin, my best guess is that the binary was compiled with ./configure --prefix=/, so then I guess that radiusd.conf should be located in /etc/raddb > now i try again with radiusd -x but still get the same error. > do i have to change someother script or path variable...if so please tell me > which one?? > regards, > manjunath > > > -Original Message- > From: Milver S. Nisay [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 10, 2004 8:32 PM > To: [EMAIL PROTECTED] > Subject: Re: radiusd -x gives error > > > > hi all, > > i have installed freeradius-1.0.0-pre1. > > when i start the radius server using radiusd -x i get the following error > > > > Starting - reading configuration files ... > > Unable to open file "DIR/radiusd.conf": No such file or directory > > Errors reading radiusd.conf > > > > the radiusd.conf is in /usr/local/etc/raddb/ directory... > > do i have to set an path??? > > the radiusd.conf is either missing or misplace. > you can copy the config file to where radius is looking for it or > you can change the path location, both ways should work > //milver > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying MS-CHAP request to a PAP RADIUS server. 0.9.3
- Original Message - From: "Simon Bond" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 10, 2004 3:17 PM Subject: Proxying MS-CHAP request to a PAP RADIUS server. 0.9.3 > Hello, > > My overall plan is to authenticate from my Draytek 2600W ADSL router to a RSA ACE/Server which provides one-time passwords using a hardware SecurID keyfob. > > The RSA ACE/Server supports authentication via SecurID (UDP/5500) or via RADIUS, but the RADIUS server only supports PAP and EAP authentication (there is a good reason for this), whilst the Draytek only supports MS-CHAP. Doh! > > I can however authenticate fine from the Draytek 2600 to FreeRadius 0.9.3 which I'm running on a Sun Ultra 5. I'm very pleased with FreeRadius - it's also working very well with Wireless 802.1X / EAP authentication. > > I was hoping to use the Proxy feature of FreeRadius to take the authentication request from the Draytek (MS-CHAP) and pass it on to the RSA ACE/Server (PAP), but when proxying, it would only use the same authentication scheme as sent from the Draytek (i.e. MS-CHAP). > > Is there any way to proxy a request and change the authentiation type at the same time - so take a MS-CHAP request from the Draytek and proxy it on to the RSA ACE/Server as a PAP request?? > The CHAP password is made of a ONEWAY encryption of a challenge and the real password. The NAS sends the challenge and the encypted password to the radiusserver. The only way to check the password is to have it at the radiusserver in cleartext, since it's oneway encyption. The radiusserver will take the cleartext password, add the challenge and also to oneway encryption, then it can compare the encypted result with the encypted password coming from the NAS. One of the reasons for this is to make it impossible for intermediate proxy radiusservers to get the user's password. > > As a complete aside (and not high on my list), I was able to compile 0.9.3 OK, but couldn't compile 1.0.0pre1 at all - failed whilst compiling md4.c. Is this a common fault? I've not spotted anything on the lists about this. > > P.S. The RSA ACE/Server is also running on the Sparc 5. I'm running FreeRadius on UDP/1812 and RSA ACE/Server RADIUS on UDP/1645. > > If this fails, I do know that I can use Funk Proxy because it will take the MS-CHAP RADIUS request and forward that as a SecurID (UDP/5500) request to the ACE/Server. I'd rather use open source software though as I prefer the open development model (and would hope to contribute back one day). > > > Thanks in advance. > > Simon Bond > [EMAIL PROTECTED] > > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error
Try using -d option. For example, Radiusd -X -d /usr/local/etc/raddb Or just reconfigure with the right path. Htin > -Original Message- > From: [EMAIL PROTECTED] [mailto:freeradius- > [EMAIL PROTECTED] On Behalf Of Manjunath M Prabhu > Sent: Thursday, June 10, 2004 8:52 AM > To: '[EMAIL PROTECTED]' > Subject: RE: radiusd -x gives error > > i have made the change in the /sbin/rc.radiusd file > now i try again with radiusd -x but still get the same error. > do i have to change someother script or path variable...if so please tell > me > which one?? > regards, > manjunath > > > -Original Message- > From: Milver S. Nisay [mailto:[EMAIL PROTECTED] > Sent: Thursday, June 10, 2004 8:32 PM > To: [EMAIL PROTECTED] > Subject: Re: radiusd -x gives error > > > > hi all, > > i have installed freeradius-1.0.0-pre1. > > when i start the radius server using radiusd -x i get the following > error > > > > Starting - reading configuration files ... > > Unable to open file "DIR/radiusd.conf": No such file or directory > > Errors reading radiusd.conf > > > > the radiusd.conf is in /usr/local/etc/raddb/ directory... > > do i have to set an path??? > > the radiusd.conf is either missing or misplace. > you can copy the config file to where radius is looking for it or > you can change the path location, both ways should work > //milver > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: High CPU usage after FreeBSD Upgrade
> > Tuc <[EMAIL PROTECTED]> wrote: > > We've started to see things like : > > > > Mon Jun 7 11:00:13 2004 : Info: The maximum number of threads (32) are active, > > cannot spawn new thread to handle request > > Mon Jun 7 11:00:14 2004 : Error: Dropping packet from client L3-LasVegas:58096 - > > ID: > > 220 due to dead request 42218 > > Something is blocking the server. Run it in debugging mode to see > what's taking so long. > This is of course a production server. What impact will this have on performance/disk/etc? Is there something we can do a scan of the logs for (Some identifier, like "*ERR*-") that we can trap on? Thanks, Tuc/TTSG Internet Services, Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radiusd -x gives error
i have made the change in the /sbin/rc.radiusd file now i try again with radiusd -x but still get the same error. do i have to change someother script or path variable...if so please tell me which one?? regards, manjunath -Original Message- From: Milver S. Nisay [mailto:[EMAIL PROTECTED] Sent: Thursday, June 10, 2004 8:32 PM To: [EMAIL PROTECTED] Subject: Re: radiusd -x gives error > hi all, > i have installed freeradius-1.0.0-pre1. > when i start the radius server using radiusd -x i get the following error > > Starting - reading configuration files ... > Unable to open file "DIR/radiusd.conf": No such file or directory > Errors reading radiusd.conf > > the radiusd.conf is in /usr/local/etc/raddb/ directory... > do i have to set an path??? the radiusd.conf is either missing or misplace. you can copy the config file to where radius is looking for it or you can change the path location, both ways should work //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS Id and clients.conf
- Original Message -
From: "Michael Griego" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, June 10, 2004 2:52 PM
Subject: Re: NAS Id and clients.conf
> Clients aren't matched on any attributes (such as NAS-IP-Address).
> They're matched on the source IP address of the RADIUS packet.
I was also wondering where this went... although I don't need it.
If I'm not mistaking, there was a time that it was possible to say
nas mynasid {
...
}
>
> --Mike
>
>
> On Thu, 2004-06-10 at 07:49, Prabhdeep wrote:
> > Hi,
> > Does anybody know how I can add NAS-ID instead of
> > NAS-IP Address for identification?
> >
> > In other words if NAS-ID and secret matches then its
> > as good as matching NAS-IP Address and secret.
> >
> > Thanks.
> > With regards,
> > Prabh
> >
> >
> >
> >
> >
> >
> >
> >
> > __
> > Post your free ad now! http://personals.yahoo.ca
> >
> > -
> > List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -x gives error
- Original Message - From: "Manjunath M Prabhu" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 10, 2004 2:31 PM Subject: radiusd -x gives error > hi all, > i have installed freeradius-1.0.0-pre1. > when i start the radius server using radiusd -x i get the following error > > Starting - reading configuration files ... > Unable to open file "DIR/radiusd.conf": No such file or directory Odd. This should read something like: Unable to open file "/usr/local/etc/raddb/radiusd.conf": ... Look in radiusd.conf at the raddbdir variable. > Errors reading radiusd.conf > > the radiusd.conf is in /usr/local/etc/raddb/ directory... > do i have to set an path??? > thanx, > regards, > manjunath > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Slipstream dictionary?
I just setup a Global pops account and I'm not sure how to get the Slipstream attribute into freeradius. This is the directions I got from globalpops "This is a vendor specific attribute we numbered as 7000. The attribute is Slipstream-Auth 1 string. The value must be set as true. " Has anyone set this up yet? Thanx Cris --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.700 / Virus Database: 457 - Release Date: 6/6/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PEAP with MSChapV2 on wireless network
Bragg Mario-mbragg1 <[EMAIL PROTECTED]> wrote: > I am unable to get PEAP working with WinXP (using MSChapV2) on my > wireless network. I am using Freeradius Version 1.0.0-pre1. For > authentication I am using etc_smbpassword. Ok... > I saw an earlier message in the archive stating that MSChap wasn't > supposed to be used for wireless, Huh? I don't think so. > Thu Jun 10 10:57:34 2004 : Debug: rlm_passwd: Added LM-Password: > '9D4426742166CA54695109AB020E401C' to config_items > Thu Jun 10 10:57:34 2004 : Debug: rlm_passwd: Added NT-Password: > '90A3404003BACDBE506C86F110DB7AE0' to config_items > Thu Jun 10 10:57:34 2004 : Debug: rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U ]' to > config_items > Thu Jun 10 10:57:34 2004 : Info: rlm_passwd: Adding Auth-Type: MS-CHAP That's your problem. You've configured the "passwd" module to force MS-CHAP authentication. > Thu Jun 10 10:57:34 2004 : Debug: rad_check_password: Found Auth-Type EAP > Thu Jun 10 10:57:34 2004 : Debug: rad_check_password: Found Auth-Type MS-CHAP > Thu Jun 10 10:57:34 2004 : Error: Warning: Found 2 auth-types on request for user > 'mbragg1' That message would appear to be informative. My suggestion is to comment out the "authtype" entry in the "smbpasswd" configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pam_radius option
Asif Iqbal <[EMAIL PROTECTED]> wrote: > Is there a mailing list that discusses about pam_radius? This list. But your question was how to get PAM to NOT call pam_radius. That question has nothing to do with pam_radius, and nothing to do with RADIUS. It's a simple PAM question. The question belonged on a PAM list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroup trouble
H.. You are right. I don't know why i cahnged that. I've been stearinf at it for 2 hours. Sometimes it's hard to spot own mistakes :-) Thanx Paul Michael Griego wrote: > Since you didn't post your radiusd.conf, I'm going to have to assume > based on your output that your "preprocess" line in the authorize > section is *after* your "files" line. Why did you do this? This is not > the default. The preprocess module is first for a reason (also why it's > called *pre*process. > > Also, make sure you have the rlm_unix module loaded somewhere to process > those UNIX groups. > > --Mike > > On Thu, 2004-06-10 at 08:34, Paul Khavkine wrote: > > Hi folks. > > > > > > I'm trying to get Huntgroups to work with matching a NAS-IP-Address and > > a unix group. > > > > Here's raddb/huntgroups > > > > adslNAS-IP-Address == 10.0.0.1 > > Group = adslpppoe, > > Group = adsldedic, > > Group = employees, > > Group = adsl > > > > > > raddb/users: > > > > DEFAULT Huntgroup-Name == adsl, Simultaneous-Use := 3 > > Fall-Through := 1 > > > > DEFAULT Huntgroup-Name == dialup, Simultaneous-Use := 1 > > Fall-Through := 1 > > > > DEFAULT Auth-Type := System > > Framed-IP-Address = 255.255.255.254, > > Framed-MTU = 1500, > > Session-Timeout = 18001, > > Idle-Timeout = 1800, > > Service-Type = Framed-User, > > Framed-Protocol = PPP, > > Framed-IP-Netmask = 255.255.255.255, > > Framed-Routing = None, > > Framed-Compression = None > > > > The user does exist in the system and does belong to one of the groups: > > willie# id test123 > > uid=1035(test123) gid=800(adslpppoe) groups=800(adslpppoe) > > > > So everything seems correct, but still preprocess group fails: > > > > rad_recv: Access-Request packet from host 127.0.0.1:49659, id=74, > > length=59 > > User-Name = "test123" > > User-Password = "x" > > NAS-IP-Address = 10.0.0.1 > > NAS-Port = 9175 > > Processing the authorize section of radiusd.conf > > modcall: entering group authorize for request 2 > > rlm_realm: No '@' in User-Name = "test123", looking up realm NULL > > rlm_realm: Found realm "NULL" > > rlm_realm: Adding Stripped-User-Name = "test123" > > rlm_realm: Proxying request from user test123 to realm NULL > > rlm_realm: Adding Realm = "NULL" > > rlm_realm: Authentication realm is LOCAL. > > modcall[authorize]: module "suffix" returns noop for request 2 > > users: Matched DEFAULT at 8 > > modcall[authorize]: module "files" returns ok for request 2 > > No huntgroup access: [test123] (from client localhost port 9175) > > modcall[authorize]: module "preprocess" returns reject for request 2 > > modcall: group authorize returns reject for request 2 > > Invalid user: [test123/x] (from client localhost port 9175) > > > > > > Any pointers to what the problem might be ? > > > > > > Thanx > > Paul > > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- > > --Mike > > -- > Michael Griego > Wireless LAN Project Manager > The University of Texas at Dallas > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP with MSChapV2 on wireless network
Title: Message
I am unable to get
PEAP working with WinXP (using MSChapV2) on my wireless network. I am using
Freeradius Version 1.0.0-pre1. For authentication I am using
etc_smbpassword. I saw an earlier message in the archive stating that MSChap
wasn't supposed to be used for wireless, however, under WinXP, this is the only
option with PEAP. TLS works fine. I am receiving the following error message.
Any ideas?
Mario
Bragg
Thu Jun 10 10:57:31 2004 : Debug: Nothing to do. Sleeping until we see a
request.
rad_recv: Access-Request packet from host 192.168.1.1:55048, id=44,
length=148
User-Name = "NA3\\mbragg1"
NAS-IP-Address = 192.168.1.1
Called-Station-Id = "00-0c-41-f7-f3-f6"
Calling-Station-Id = "00-0c-f1-30-67-40"
NAS-Identifier = "Linksys BEFW11S4-V4.X"
Framed-MTU = 1300
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x022c0010014e41335c6d627261676731
Message-Authenticator = 0xc647195a743b7665871bdfc633922bf4
Thu Jun 10 10:57:34 2004 : Debug: Processing the authorize section of
radiusd.conf
Thu Jun 10 10:57:34 2004 : Debug: modcall: entering group authorize for
request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling preprocess
(rlm_preprocess) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: returned from
preprocess (rlm_preprocess) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modcall[authorize]: module "preprocess"
returns ok for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling auth_log
(rlm_detail) for request 27
Thu Jun 10 10:57:34 2004 : Debug: radius_xlat:
'/usr/local/radius/var/log/radius/radacct/192.168.1.1/auth-detail-20040610'
Thu Jun 10 10:57:34 2004 : Debug: rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/radius/var/log/radius/radacct/192.168.1.1/auth-detail-20040610
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: returned from
auth_log (rlm_detail) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modcall[authorize]: module "auth_log"
returns ok for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling chap
(rlm_chap) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: returned from chap
(rlm_chap) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modcall[authorize]: module "chap" returns
noop for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling mschap
(rlm_mschap) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: returned from mschap
(rlm_mschap) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modcall[authorize]: module "mschap" returns
noop for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling suffix
(rlm_realm) for request 27
Thu Jun 10 10:57:34 2004 : Debug: rlm_realm: No '@' in User-Name = "mbragg1",
looking up realm NULL
Thu Jun 10 10:57:34 2004 : Debug: rlm_realm: No such realm "NULL"
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: returned from suffix
(rlm_realm) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modcall[authorize]: module "suffix" returns
noop for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling eap (rlm_eap)
for request 27
Thu Jun 10 10:57:34 2004 : Debug: rlm_eap: EAP packet type response id 44
length 16
Thu Jun 10 10:57:34 2004 : Debug: rlm_eap: No EAP Start, assuming it's an
on-going EAP conversation
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: returned from eap
(rlm_eap) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modcall[authorize]: module "eap" returns
updated for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling files
(rlm_files) for request 27
Thu Jun 10 10:57:34 2004 : Debug: users: Matched DEFAULT at 158
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: returned from files
(rlm_files) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modcall[authorize]: module "files" returns
ok for request 27
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: calling etc_smbpasswd
(rlm_passwd) for request 27
Thu Jun 10 10:57:34 2004 : Debug: rlm_passwd: Added LM-Password:
'9D4426742166CA54695109AB020E401C' to config_items
Thu Jun 10 10:57:34 2004 : Debug: rlm_passwd: Added NT-Password:
'90A3404003BACDBE506C86F110DB7AE0' to config_items
Thu Jun 10 10:57:34 2004 : Debug: rlm_passwd: Added SMB-Account-CTRL-TEXT:
'[U ]' to config_items
Thu Jun 10 10:57:34 2004 : Info: rlm_passwd: Adding Auth-Type: MS-CHAP
Thu Jun 10 10:57:34 2004 : Debug: modsingle[authorize]: returned from
etc_smbpasswd (rlm_passwd) for request 27
Thu Jun 10 10:57:34 2004 : Debug: modcall[authorize]: module "etc_smbpasswd"
re
Re: fast reconnect
hello the team thank for your differents answers, after some searchs, I found that fast connect is a way to speed up the connexion between the server an the client ; I found this in microsoft : PEAP Fast Reconnect You can also use PEAP to quickly resume a TLS session. If PEAP Part 2 is successful, the RADIUS server can cache the TLS session created during PEAP Part 1. Because the cache entry was created through a successful PEAP Part 2 authentication process, the session can be resumed without having to perform PEAP Part 1 or PEAP Part 2. In this case, an EAP-Success message is sent immediately for a reauthentication attempt. This is known as fast reconnect. Fast reconnect minimizes the connection delay in wireless environments when a wireless client roams from one wireless AP to another. so I seem that is a feature of the client ? after some test I found that the password, the login and the tls key was cache in the profile of the windows user. best regard dom Selon Alan DeKok <[EMAIL PROTECTED]>: > "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > > can I, on the radius server, not permit the "fast connect" option ? > > FreeRADIUS doesn't support "fast reconnect". > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- Dominique Dalponte Utbm, Centre de Ressource en informatique 90010 Belfort Cedex, France tél : 03/84/58/31/49http://www.utbm.fr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pam_radius option
Alan DeKok wrote: > Asif Iqbal <[EMAIL PROTECTED]> wrote: > > Can you please help? I am really looking for a solution/tip to allow > > root skip the radius authentication while force other users to go > > through this auth > > It's a PAM question, and has nothing to do with RADIUS. > > Alan DeKok. > Hi Alan Is there a mailing list that discusses about pam_radius? There was one suggestion I got to try but that did not help Thanks > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Asif Iqbal PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu There's no place like 127.0.0.1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Anyone using FreeRadius on Windows 2003 ?
"Jon Bebeau" <[EMAIL PROTECTED]> wrote: > I'm searching for a flexible, open Radius for a Windows (2003 server) to > run Ascend MAX-TXT RAS boxes. It's a small implementation with 2-4048s > and maybe 100 users. I'd like to position to authenticate WLAN uses and > have the user data in MS/SQL on Win/2003. See doc/CYGWIN. You can install Cygwin, and run the server under that. I've had good luck with XP & SFU, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: %{Packet-Type} ?
Josh Howlett <[EMAIL PROTECTED]> wrote: > I saw this and assumed it was... > > http://lists.cistron.nl/pipermail/freeradius-devel/2003-September/006023.html That's September. 0.9.3 was from the 0.9 branch, which was forked in June. > Should I try FR 1.0? Yes. Try 1.0.0-pre2, which I'm hoping to have out tomorrow. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Anyone using FreeRadius on Windows 2003 ?
Hello all...Newbie here... I'm searching for a flexible, open Radius for a Windows (2003 server) to run Ascend MAX-TXT RAS boxes. It's a small implementation with 2-4048s and maybe 100 users. I'd like to position to authenticate WLAN uses and have the user data in MS/SQL on Win/2003. Is anyone using this under Windows, any suggestions, ideas or warnings? Jon Tampa
Re: radiusd -x gives error
> hi all, > i have installed freeradius-1.0.0-pre1. > when i start the radius server using radiusd -x i get the following error > > Starting - reading configuration files ... > Unable to open file "DIR/radiusd.conf": No such file or directory > Errors reading radiusd.conf > > the radiusd.conf is in /usr/local/etc/raddb/ directory... > do i have to set an path??? the radiusd.conf is either missing or misplace. you can copy the config file to where radius is looking for it or you can change the path location, both ways should work //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: %{Packet-Type} ?
On Thu, 2004-06-10 at 15:52, Alan DeKok wrote:
> Josh Howlett <[EMAIL PROTECTED]> wrote:
> > exec myscript {
> > program = '/path/to/myscript.sh %{Packet-Type}'
> > ...
> > }
> >
> > The first argument presented to the script is null :-/. I'm running FR
> > 0.9.3.
>
> I'm not sure that's supported in 0.9.3.
I saw this and assumed it was...
http://lists.cistron.nl/pipermail/freeradius-devel/2003-September/006023.html
Should I try FR 1.0?
josh.
--
---
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying MS-CHAP request to a PAP RADIUS server. 0.9.3
Simon Bond <[EMAIL PROTECTED]> wrote: > I was hoping to use the Proxy feature of FreeRadius to take the > authentication request from the Draytek (MS-CHAP) and pass it on to > the RSA ACE/Server (PAP), You can't. It's impossible. > As a complete aside (and not high on my list), I was able to compile > 0.9.3 OK, but couldn't compile 1.0.0pre1 at all - failed whilst > compiling md4.c. Is this a common fault? I've not spotted anything on > the lists about this. It was a last-minute change, which has since been fixed. > If this fails, I do know that I can use Funk Proxy because it will > take the MS-CHAP RADIUS request and forward that as a SecurID > (UDP/5500) request to the ACE/Server. I'd rather use open source > software though as I prefer the open development model (and would hope > to contribute back one day). If you can figure out how the Funk server does that (i.e. what protocol it uses), then FreeRADIUS can be made to do the same thing. Also, try checking SecurID's command-line tools. They may have something which takes MS-CHAP, and does their authentication. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: %{Packet-Type} ?
Josh Howlett <[EMAIL PROTECTED]> wrote:
> exec myscript {
> program = '/path/to/myscript.sh %{Packet-Type}'
> ...
> }
>
> The first argument presented to the script is null :-/. I'm running FR
> 0.9.3.
I'm not sure that's supported in 0.9.3.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using CLID
Alexander Serkin <[EMAIL PROTECTED]> wrote: > Is there some way to use CLID (Calling-Station-Id attribute) to > determine wich server to proxy access-request to? You can proxy on any criteria you want. Just set the Proxy-To-Realm attribute. That's what rlm_realm does. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fast reconnect
"[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > can I, on the radius server, not permit the "fast connect" option ? FreeRADIUS doesn't support "fast reconnect". Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: make error on Solaris 9
"Victor Belous" <[EMAIL PROTECTED]> wrote: > I was trying to install freeradius-1.0.0-pre1 and get the error messages ... > ../include/md4.h:72: parse error before "u_int32_t" It's fixed, and will be in 1.0.0-pre2, probably tomorrow. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuring freeradius on freebsd 4.10
Darko Kalevski <[EMAIL PROTECTED]> wrote: > > Try any other user than root - freebsd denies remote root login by default, > > this may be your problem. > > problem solved :) - thanks to Roy Hooper :) > > >Because FreeBSD doesn't support shadow passwords, if I remember the > >code correctly, you have to comment out passwd= and shadow= to get > >system password file authentication that uses master.passwd. Which is how the server comes configured by default. There are also comments in radiusd.conf SPECIFICALLY MENTIONING FREEBSD. So... you edited "radiusd.conf" to change the default configurastion, but didn't read the comments directly above the section you were editing. What kind of documentation could we have to include in the server so that you would read it? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pam_radius option
Asif Iqbal <[EMAIL PROTECTED]> wrote: > Can you please help? I am really looking for a solution/tip to allow > root skip the radius authentication while force other users to go > through this auth It's a PAM question, and has nothing to do with RADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Huntgroup trouble
Since you didn't post your radiusd.conf, I'm going to have to assume based on your output that your "preprocess" line in the authorize section is *after* your "files" line. Why did you do this? This is not the default. The preprocess module is first for a reason (also why it's called *pre*process. Also, make sure you have the rlm_unix module loaded somewhere to process those UNIX groups. --Mike On Thu, 2004-06-10 at 08:34, Paul Khavkine wrote: > Hi folks. > > > I'm trying to get Huntgroups to work with matching a NAS-IP-Address and > a unix group. > > Here's raddb/huntgroups > > adslNAS-IP-Address == 10.0.0.1 > Group = adslpppoe, > Group = adsldedic, > Group = employees, > Group = adsl > > > raddb/users: > > DEFAULT Huntgroup-Name == adsl, Simultaneous-Use := 3 > Fall-Through := 1 > > DEFAULT Huntgroup-Name == dialup, Simultaneous-Use := 1 > Fall-Through := 1 > > DEFAULT Auth-Type := System > Framed-IP-Address = 255.255.255.254, > Framed-MTU = 1500, > Session-Timeout = 18001, > Idle-Timeout = 1800, > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-IP-Netmask = 255.255.255.255, > Framed-Routing = None, > Framed-Compression = None > > The user does exist in the system and does belong to one of the groups: > willie# id test123 > uid=1035(test123) gid=800(adslpppoe) groups=800(adslpppoe) > > So everything seems correct, but still preprocess group fails: > > rad_recv: Access-Request packet from host 127.0.0.1:49659, id=74, > length=59 > User-Name = "test123" > User-Password = "x" > NAS-IP-Address = 10.0.0.1 > NAS-Port = 9175 > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 2 > rlm_realm: No '@' in User-Name = "test123", looking up realm NULL > rlm_realm: Found realm "NULL" > rlm_realm: Adding Stripped-User-Name = "test123" > rlm_realm: Proxying request from user test123 to realm NULL > rlm_realm: Adding Realm = "NULL" > rlm_realm: Authentication realm is LOCAL. > modcall[authorize]: module "suffix" returns noop for request 2 > users: Matched DEFAULT at 8 > modcall[authorize]: module "files" returns ok for request 2 > No huntgroup access: [test123] (from client localhost port 9175) > modcall[authorize]: module "preprocess" returns reject for request 2 > modcall: group authorize returns reject for request 2 > Invalid user: [test123/x] (from client localhost port 9175) > > > Any pointers to what the problem might be ? > > > Thanx > Paul > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --Mike -- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
certs.sh
how do i adjust certs.sh to run in freebsd? since openssl is already installed and i dont have a /usr/local/ssl directory. ive just edited certs.sh openssl location from /bin/openssl to /usr/bin/openssl and SSL=/usr/local/ssl to SSL=/usr/src/crypto/openssl/ssl but no luck. thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Huntgroup trouble
Hi folks. I'm trying to get Huntgroups to work with matching a NAS-IP-Address and a unix group. Here's raddb/huntgroups adslNAS-IP-Address == 10.0.0.1 Group = adslpppoe, Group = adsldedic, Group = employees, Group = adsl raddb/users: DEFAULT Huntgroup-Name == adsl, Simultaneous-Use := 3 Fall-Through := 1 DEFAULT Huntgroup-Name == dialup, Simultaneous-Use := 1 Fall-Through := 1 DEFAULT Auth-Type := System Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Session-Timeout = 18001, Idle-Timeout = 1800, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.255, Framed-Routing = None, Framed-Compression = None The user does exist in the system and does belong to one of the groups: willie# id test123 uid=1035(test123) gid=800(adslpppoe) groups=800(adslpppoe) So everything seems correct, but still preprocess group fails: rad_recv: Access-Request packet from host 127.0.0.1:49659, id=74, length=59 User-Name = "test123" User-Password = "x" NAS-IP-Address = 10.0.0.1 NAS-Port = 9175 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 rlm_realm: No '@' in User-Name = "test123", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "test123" rlm_realm: Proxying request from user test123 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module "suffix" returns noop for request 2 users: Matched DEFAULT at 8 modcall[authorize]: module "files" returns ok for request 2 No huntgroup access: [test123] (from client localhost port 9175) modcall[authorize]: module "preprocess" returns reject for request 2 modcall: group authorize returns reject for request 2 Invalid user: [test123/x] (from client localhost port 9175) Any pointers to what the problem might be ? Thanx Paul - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxying MS-CHAP request to a PAP RADIUS server. 0.9.3
Hello, My overall plan is to authenticate from my Draytek 2600W ADSL router to a RSA ACE/Server which provides one-time passwords using a hardware SecurID keyfob. The RSA ACE/Server supports authentication via SecurID (UDP/5500) or via RADIUS, but the RADIUS server only supports PAP and EAP authentication (there is a good reason for this), whilst the Draytek only supports MS-CHAP. Doh! I can however authenticate fine from the Draytek 2600 to FreeRadius 0.9.3 which I'm running on a Sun Ultra 5. I'm very pleased with FreeRadius - it's also working very well with Wireless 802.1X / EAP authentication. I was hoping to use the Proxy feature of FreeRadius to take the authentication request from the Draytek (MS-CHAP) and pass it on to the RSA ACE/Server (PAP), but when proxying, it would only use the same authentication scheme as sent from the Draytek (i.e. MS-CHAP). Is there any way to proxy a request and change the authentiation type at the same time - so take a MS-CHAP request from the Draytek and proxy it on to the RSA ACE/Server as a PAP request?? As a complete aside (and not high on my list), I was able to compile 0.9.3 OK, but couldn't compile 1.0.0pre1 at all - failed whilst compiling md4.c. Is this a common fault? I've not spotted anything on the lists about this. P.S. The RSA ACE/Server is also running on the Sparc 5. I'm running FreeRadius on UDP/1812 and RSA ACE/Server RADIUS on UDP/1645. If this fails, I do know that I can use Funk Proxy because it will take the MS-CHAP RADIUS request and forward that as a SecurID (UDP/5500) request to the ACE/Server. I'd rather use open source software though as I prefer the open development model (and would hope to contribute back one day). Thanks in advance. Simon Bond [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
%{Packet-Type} ?
Why can't I do this:
exec myscript {
program = '/path/to/myscript.sh %{Packet-Type}'
...
}
The first argument presented to the script is null :-/. I'm running FR
0.9.3.
josh.
--
---
Josh Howlett, Networking & Digital Communications,
Information Systems & Computing, University of Bristol, U.K.
'phone: 0117 928 7850 email: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
using CLID
Hello, freeradius-users. Is there some way to use CLID (Calling-Station-Id attribute) to determine wich server to proxy access-request to? Do not ask why not using realms. We do use realms too. But the only way to validate that the user comes from our network is to check his CLID. Because everybody can set any realm in his login credentials. CLID, also known as IMSI in CDMA packet data, is in the form of 15 digits XXX. A few starting digits (say first six ones) identify our network. If this first digits are different from ours, that means the access request should be sent to another operator's AAA server. -- Sincerely Yours, Alexander Serkin, Moscow Cellular Communications ph. +7(095)7952089 fa. +7(095)7952084 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS Id and clients.conf
Clients aren't matched on any attributes (such as NAS-IP-Address). They're matched on the source IP address of the RADIUS packet. --Mike On Thu, 2004-06-10 at 07:49, Prabhdeep wrote: > Hi, > Does anybody know how I can add NAS-ID instead of > NAS-IP Address for identification? > > In other words if NAS-ID and secret matches then its > as good as matching NAS-IP Address and secret. > > Thanks. > With regards, > Prabh > > > > > > > > > __ > Post your free ad now! http://personals.yahoo.ca > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS Id and clients.conf
Hi, Does anybody know how I can add NAS-ID instead of NAS-IP Address for identification? In other words if NAS-ID and secret matches then its as good as matching NAS-IP Address and secret. Thanks. With regards, Prabh __ Post your free ad now! http://personals.yahoo.ca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd -x gives error
hi all, i have installed freeradius-1.0.0-pre1. when i start the radius server using radiusd -x i get the following error Starting - reading configuration files ... Unable to open file "DIR/radiusd.conf": No such file or directory Errors reading radiusd.conf the radiusd.conf is in /usr/local/etc/raddb/ directory... do i have to set an path??? thanx, regards, manjunath - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: make error on Solaris 9
On Thu, Jun 10, 2004 at 03:12:23PM +0400, Victor Belous wrote: > I was trying to install freeradius-1.0.0-pre1 and get the error messages > gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 > -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align > -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes > -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef > -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LIBRADIUS -I../include > -DHMAC_SHA1_DATA_PROBLEMS -c dict.c -o dict.o > > In file included from ../include/libradius.h:60, > > from dict.c:35: > > ../include/md4.h:72: parse error before "u_int32_t" Sorry 'bout that. It'll be fixed in 1.0.0-pre2 -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PEAP
Hi, I'm working on a software that shall use PEAPv0 to communicate with a radius server, in my case freeradius. Which version of freeradius should I use, 0.8.1, 0.9.3, 1.0.0pre1? Is the PEAP implementation stable enough or should I use a different server? TIA and best regards, Axel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
make error on Solaris 9
I was trying to install freeradius-1.0.0-pre1 and get the error messages bash-2.05# make make[1]: Entering directory `/usr/local/src/freeradius-1.0.0-pre1' Making all in libltdl... make[2]: Entering directory `/usr/local/src/freeradius-1.0.0-pre1/libltdl' make[2]: Leaving directory `/usr/local/src/freeradius-1.0.0-pre1/libltdl' Making all in src... make[2]: Entering directory `/usr/local/src/freeradius-1.0.0-pre1/src' make[3]: Entering directory `/usr/local/src/freeradius-1.0.0-pre1/src' Making all in include... make[4]: Entering directory `/usr/local/src/freeradius-1.0.0-pre1/src/include' make[4]: Nothing to be done for `all'. make[4]: Leaving directory `/usr/local/src/freeradius-1.0.0-pre1/src/include' Making all in lib... make[4]: Entering directory `/usr/local/src/freeradius-1.0.0-pre1/src/lib' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -D_LIBRADIUS -I../include -DHMAC_SHA1_DATA_PROBLEMS -c dict.c -o dict.o In file included from ../include/libradius.h:60, from dict.c:35: ../include/md4.h:72: parse error before "u_int32_t" ../include/md4.h:72: warning: no semicolon at end of struct or union ../include/md4.h:73: warning: type defaults to `int' in declaration of `count' ../include/md4.h:73: warning: data definition has no type or storage class ../include/md4.h:74: parse error before "buffer" ../include/md4.h:74: warning: type defaults to `int' in declaration of `buffer' ../include/md4.h:74: warning: data definition has no type or storage class ../include/md4.h:75: parse error before '}' token ../include/md4.h:75: warning: type defaults to `int' in declaration of `librad_MD4_CTX' ../include/md4.h:75: warning: data definition has no type or storage class ../include/md4.h:80: parse error before '*' token ../include/md4.h:80: warning: function declaration isn't a prototype ../include/md4.h:81: parse error before '*' token ../include/md4.h:82: warning: function declaration isn't a prototype ../include/md4.h:83: parse error before '[' token ../include/md4.h:84: warning: function declaration isn't a prototype ../include/md4.h:85: parse error before '[' token ../include/md4.h:87: warning: function declaration isn't a prototype In file included from dict.c:35: ../include/libradius.h:262: warning: declaration of `buffer' shadows a global declaration ../include/md4.h:74: warning: shadowed declaration is here ../include/libradius.h:292: warning: declaration of `buffer' shadows a global declaration ../include/md4.h:74: warning: shadowed declaration is here ../include/libradius.h:294: warning: declaration of `buffer' shadows a global declaration ../include/md4.h:74: warning: shadowed declaration is here ../include/libradius.h:306: warning: declaration of `buffer' shadows a global declaration ../include/md4.h:74: warning: shadowed declaration is here make[4]: *** [dict.o] Error 1 make[4]: Leaving directory `/usr/local/src/freeradius-1.0.0-pre1/src/lib' make[3]: *** [common] Error 1 make[3]: Leaving directory `/usr/local/src/freeradius-1.0.0-pre1/src' make[2]: *** [all] Error 2 make[2]: Leaving directory `/usr/local/src/freeradius-1.0.0-pre1/src' make[1]: *** [common] Error 1 make[1]: Leaving directory `/usr/local/src/freeradius-1.0.0-pre1' make: *** [all] Error 2 bash-2.05# How can I make it? Victor Belous Lynx BCC company
RE: fast reconnect
Hello, Can you please tell us how you did configure Freeradius to use peap ? What changes did you maje tp eap.conf ? And in the client plateforme ? It woud be nice of you to attach us your config files. Merci _ MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
fast reconnect
hello I have installed freeradius-1.0.0-pre1 + cisco 2950T + a client windows2000SP4 I sucess to configure TTLS and PEAP but I have a question : can I, on the radius server, not permit the "fast connect" option ? bye -- Dominique Dalponte Utbm, Centre de Ressource en informatique 90010 Belfort Cedex, France tél : 03/84/58/31/49http://www.utbm.fr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: An Enterasys - Freeradius Question Again
Thx a lot, maybe I'm going to upgrade to the last firmware too. Fred > >> >> If you don't want to use radius auth for management access, how are you >> doing ?? >> Thx > > On the Cabletron/Enterasys 2nd gen. (6E2xxx / 2E2xxx) products it is a > matter > of using the LM menu to step through Security | Radius Configuration and > setting RADIUS Management to DISABLED. This reverts you to using the local > password for access of remote and local management. I know of no > equivalent > setting on the Matrix E1. My firmware needs to be updated it may be in the > more recent releases. > > I had set up a user in the radius users file that sends the Filter-ID with > mgmt=su. On the switch, set the radius last-resort-action for remote and > local management to challenge in the event of not being able to access the > the radius server. > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-TTLS : SEGMENTATION FAULT
Thank you, I will try and let you know results I will be trying on RedHat. Thank you, Sathish Challa. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jawhar TAZI Sent: Thursday, June 10, 2004 1:31 AM To: [EMAIL PROTECTED] Subject: Re: EAP-TTLS : SEGMENTATION FAULT Hi everybody, Well Alan yes I did configure tls, because juste before it was working with eap-tls perfectly, si i decided to move to eap-ttls, but i don't know what are the exact changes to make. Well for people interestyed in it i send you as an attachment a doc (in french) about what i did to make eap-tls work. So, anybody what successfully migrate from tls to ttls ? :) _ MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuring freeradius on freebsd 4.10
Try any other user than root - freebsd denies remote root login by default, this may be your problem. problem solved :) - thanks to Roy Hooper :) >Because FreeBSD doesn't support shadow passwords, if I remember the >code correctly, you have to comment out passwd= and shadow= to get >system password file authentication that uses master.passwd. The >caching is unnecessary for the FreeBSD system password file as it is a >berkeley DB file that drives the getpw*() functions. Darko - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
