RE: Ntlm_auth how-to
Does this mean I don't have to edit the config files for winbindd and nmbd? The freeradius server is not on the same subnet as the domain controller (NT4), and neither are my clients, and the clients locate the domain controller via WINS. Don't I need to configure the freeradius server with WINS too, then? Thanks, Øystein Gåsdal -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: 1. oktober 2004 16:38 To: [EMAIL PROTECTED] Subject: Re: Ntlm_auth how-to =?iso-8859-1?Q?=D8ystein_G=E5sdal?= <[EMAIL PROTECTED]> wrote: > Anybody got a step by step guide how to set up freeradius to work with > authentication against a nt-domain? raddb/radiusd.conf, see "ntlm_auth". Or, if your users are only using PAP passwords, not MS-CHAP, see "rlm_smb", and "experimental.conf". It should take only a few minutes to set up rlm_smb, it's pretty simple. > It seems to me that it should be enough just to un-comment a few lines > = in radiusd.conf, and provide the domain name, but how does the > freeradius server know *where* to find the domain, for example? It's often in the User-Name attribute. > I will provide debug logs and everything i anyone is willing to help > (or maybe anyone has already written a guide for this? :) There are very few guides for the server. Most configuration is documented in the configuration files, leaving the administrator to figure it out for himself. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Howto for EAP-TTLS/PEAP?
Hi, I want to setup EAP-TTLS/PEAP for my wlan. I can find lots of howtos for setting up EAP-TLS with freeradius. But is there any howto for EAP-TTLS or PEAP? -- Regards Christoph Christoph Litauer [EMAIL PROTECTED] Uni Koblenz, Rechenzentrum,http://www.uni-koblenz.de/~litauer Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, Fax: -100 1311 PGP-Key: http://www.uni-koblenz.de/~litauer/public-key.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CHAP+MS-CHAP+freeRADIUS
Hi I did the same: username Auth-Type:= CHAP, CHAP-Password == "test" Service-Type = Framed-User, Framed-Protocol = PPP But still the server rejects the user. Regards & Thanks Mahesh S Kudva - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap-ttls on OS X
On Oct 3, 2004, at 7:16 PM, Alan DeKok wrote: Philip Ershler <[EMAIL PROTECTED]> wrote: it seems that rlm_unix is getting called rather than rlm_osxauth. I'm not smart enough to know how to fix this one. There is no osxauth included with the server. There is a patch, see bugs.freeradius.org, I forget which bug number. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html OK, so here is where I'm confused.Andreas Wolf put together a binary distribution of freeradius with a module for osxauth. [EMAIL PROTECTED]:rlm_osxauth> pwd /usr/local/freeradius/sources/freeradius-snapshot-20040607/src/modules/ rlm_osxauth [EMAIL PROTECTED]:rlm_osxauth> ls CVS Makefile README eapolclient.log out rlm_osxauth.c [EMAIL PROTECTED]:rlm_osxauth> He made the statement that if one sets auth_type to system, the server would figure out which module to call. But here's the debug output from sudo radtest ershler myTestPassword 127.0.0.1:1812 123 testing123 I've been staring at code all day long, but I'm not sharp enough to figure out what's going on. I even tried putting standard unix /etc/passwd and /etc/group files on the system and spec'ing them in the conf file, but it can't see to authenticate against them either. I'd appreciate any further suggestions, and I certainly appreciate all the work you have put into the freeRadius project. Thanks, Phil rad_recv: Access-Request packet from host 127.0.0.1:56784, id=216, length=59 User-Name = "ershler" User-Password = "myTestPassword" NAS-IP-Address = 255.255.255.255 NAS-Port = 123 Sun Oct 3 20:07:10 2004 : Debug: Processing the authorize section of radiusd.conf Sun Oct 3 20:07:10 2004 : Debug: modcall: entering group authorize for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall[authorize]: module "preprocess" returns ok for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall[authorize]: module "chap" returns noop for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall[authorize]: module "mschap" returns noop for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 1 Sun Oct 3 20:07:10 2004 : Debug: rlm_realm: No '@' in User-Name = "ershler", looking up realm NULL Sun Oct 3 20:07:10 2004 : Debug: rlm_realm: No such realm "NULL" Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall[authorize]: module "suffix" returns noop for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 1 Sun Oct 3 20:07:10 2004 : Debug: rlm_eap: No EAP-Message, not doing EAP Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall[authorize]: module "eap" returns noop for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: calling files (rlm_files) for request 1 Sun Oct 3 20:07:10 2004 : Debug: users: Matched DEFAULT at 152 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall[authorize]: module "files" returns ok for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall: group authorize returns ok for request 1 Sun Oct 3 20:07:10 2004 : Debug: rad_check_password: Found Auth-Type System Sun Oct 3 20:07:10 2004 : Debug: auth: type "System" Sun Oct 3 20:07:10 2004 : Debug: Processing the authenticate section of radiusd.conf Sun Oct 3 20:07:10 2004 : Debug: modcall: entering group authenticate for request 1 Sun Oct 3 20:07:10 2004 : Debug: modsingle[authenticate]: calling unix (rlm_unix) for request 1 Sun Oct 3 20:07:10 2004 : Auth: rlm_unix: [ershler]: invalid shell [/usr/local/bin/bash] Sun Oct 3 20:07:10 2004 : Debug: modsingle[authenticate]: returned from unix (rlm_unix) for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall[authenticate]: module "unix" returns reject for request 1 Sun Oct 3 20:07:10 2004 : Debug: modcall: group authenticate returns reject for request 1 Sun Oct 3 20:07:10 2004 : Debug: auth: Failed to validate the user. Sun Oct 3 20:07:10 2004 : Debug: Delaying request 1 for 1
Fw: radrelay problem....
reforward .. in case you all miss my
mail..
--haizam
- Original Message -
From: Rohaizam Abu
Bakar
To: [EMAIL PROTECTED]
Sent: Friday, September 24, 2004 12:07
Subject: radrelay problem
Hi...
Info: FreeBSD 4.9
FreeRADIUS 1.0.1
OpenLDAP backend
I'm using radrelay to duplicate accounting from a
few servers to one master server as below:
radius1->
radius2
>master_radius
radius3 >
It's working OK... and master_radius has full
records of all radius accounting including radutmp...
But there is problem when I pump back from from
master_radius to radiusX using radrelay
---> radius1
master_radius --->
radius2
--->
radius3
From radutmp record (using radwho)... I cannot get
full records as master_radius in radiusX
Even the detail-combined in master_radius also not
properly process.. it keep growing bigger... The detail-combined in radiusX is
OK...
Command used for radrelay..
/usr/local/bin/radrelay -a
/var/adm/radacct -d /usr/local/etc/raddb \ -S
/usr/local/etc/raddb/radrelay_secret -r master_radius:1646 \
detail-combined
/usr/local/bin/radrelay -a /var/adm/radacct -d /usr/local/etc/raddb
\ -S /usr/local/etc/raddb/radrelay_secret -r radiusX:1646
\ detail-combined
and detail-combined config in
radiusd.conf
detail
detail2
{
detailfile =
${radacctdir}/detail-combined
detailperm =
0644
locking = yes }
Anyone can help??
--haizam
Re: CHAP+MS-CHAP+freeRADIUS
"Mahesh S Kudva" <[EMAIL PROTECTED]> wrote: > How can I setup freeradius to use CHAP and MS-CHAP authentication? Tell the server what the clear-text password is for the user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap-ttls on OS X
Philip Ershler <[EMAIL PROTECTED]> wrote: > it seems that rlm_unix is getting called rather than rlm_osxauth. I'm > not smart enough to know how to fix this one. There is no osxauth included with the server. There is a patch, see bugs.freeradius.org, I forget which bug number. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit accounting to 1 users
"Pisinho" <[EMAIL PROTECTED]> wrote: > how to can limited accounting to one login simultaneously ? doc/Simultaneous-Use Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cisco_vsa_hack
If you can send me the patch asap I can test it (while I still have a quintum for testing) and commit it to cvs if it works ok Cheers Peter On Thursday 23 September 2004 16:16, Amedzekor Kafui wrote: > I don't know how to use CVS but I am learning to do > that now. > > I only tried it on postgresql using Peter Nixon's > schema. I only had to do some minor changes. > > I will post the patch here. > Thanks. > > Kafui Amedzekor > > --- Apu islam <[EMAIL PROTECTED]> wrote: > > Hello Kafui, > > > > Is that hack being sent with CVS/Standard > > distribution > > ? Does that work with the posgreSQL billing options > > that are provided ? > > > > -apu > > > > --- Amedzekor Kafui <[EMAIL PROTECTED]> wrote: > > > Yes I did write it. > > > > > > Kafui Amedzekor. > > > > > > --- Peter Nixon <[EMAIL PROTECTED]> wrote: > > > > On Friday 06 August 2004 18:19, Amedzekor Kafui > > > > wrote: > > > > --snip-- > > > > > > > > > Anyway what I am aiming at is to write a hack > > > > > > for > > > > > > > > quintum gateways so that Quintums sending > > > > cisco > > > > > > type > > > > > > > > > accounting packets can use the schema provided > > > > > > by > > > > > > > > Peter Nixon in src/billing. > > > > > > > > > > Has anyone written this already? > > > > > Thanks. > > > > > > > > > > Kafui Amedzekor. > > > > > > > > Did anyone ever write a Quintum VSA hack? > > > > > > > > Regards > > > > > > > > -- > > > > > > > > Peter Nixon > > > > http://www.peternixon.net/ > > > > PGP Key: http://www.peternixon.net/public.asc > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > ___ > > > Do you Yahoo!? > > > Declare Yourself - Register online to vote today! > > > http://vote.yahoo.com > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > __ > > Do you Yahoo!? > > Yahoo! Mail - You care about security. So do we. > > http://promotions.yahoo.com/new_mail > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > ___ > Do you Yahoo!? > Declare Yourself - Register online to vote today! > http://vote.yahoo.com > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Limit accounting to 1 users
Hi, how to can limited accounting to one login simultaneously ? Two user with only one login , don't access at my LAN simultaneously. Thanks in advance.
RE : radgroupreply
I'm still trying to make the radgroupreply work but it doesn't want
Is somebody has it working (which freeradius version...) and how do I do
to succeed ?
thx
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de EROS
Envoyé : vendredi 1 octobre 2004 14:15
À : [EMAIL PROTECTED]
Objet : radgroupreply
I've tried to change the request between user and group in sql.conf but
it doesn't work.
Somebody's some idea's ?
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de EROS
Envoyé : jeudi 30 septembre 2004 23:03 À :
[EMAIL PROTECTED]
Objet : radgroupreply
Yes I had it
rad_recv: Access-Request packet from host 192.168.200.1:4395, id=1,
length=48
User-Name = "test001"
CHAP-Password = 0xb9215f405119e840fdc14e628555747ff2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_realm: No '@' in User-Name = "test001", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
modcall: entering group redundant for request 0
radius_xlat: 'test001'
rlm_sql (sql1): sql_set_user escaped user --> 'test001'
rlm_sql (sql1): Reserving sql socket id: 3
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'test001' ORDER BY id' rlm_sql (sql1): User found in radcheck
table
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'test001' ORDER BY id' rlm_sql (sql1): Released sql socket
id: 3
modcall[authorize]: module "sql1" returns ok for request 0
modcall: group redundant returns ok for request 0
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='%{User-Name}' GROUP BY UserName='%{User-Name}''
radius_xlat: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='test001' GROUP BY UserName='test001''
sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime) FROM radacct
WHERE UserName='test001' GROUP BY UserName='test001'}'
radius_xlat: Running registered xlat function of module sql1 for string
'SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='test001' GROUP
BY UserName='test001'' rlm_sql (sql1): - sql_xlat
radius_xlat: 'test001'
rlm_sql (sql1): sql_set_user escaped user --> 'test001'
radius_xlat: 'SELECT SUM(AcctSessionTime) FROM radacct WHERE
UserName='test001' GROUP BY UserName='test001'' rlm_sql (sql1):
Reserving sql socket id: 2 rlm_sql (sql1): - sql_xlat finished rlm_sql
(sql1): Released sql socket id: 2
radius_xlat: '24388'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user test001, check_item=54000, counter=24388
rlm_sqlcounter: Sent Reply-Item for user test001, Type=Session-Timeout,
value=29612
modcall[authorize]: module "noresetcounter" returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type CHAP
auth: type "CHAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_chap: login attempt by "test001" with CHAP password
rlm_chap: Using clear text password test001 for user test001
authentication.
rlm_chap: chap user test001 authenticated succesfully
modcall[authenticate]: module "chap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Processing the session section of radiusd.conf
modcall: entering group session for request 0
modcall: entering group redundant for request 0
modcall[session]: module "sql1" returns noop for request 0
modcall: group redundant returns noop for request 0
modcall: group session returns noop for request 0
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
modcall: entering group redundant for request 0
rlm_sql (sql1): Processing sql_postauth
radius_xlat: 'test001'
rlm_sql (sql1): sql_set_user escaped user --> 'test001'
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date)
values ('', 'test001', 'Chap-Password', 'Access-Accept', NOW())' rlm_sql
(sql1) in sql_postauth: query is INSERT into radpostauth (id, user,
pass, reply, date) values ('', 'test001', 'Chap-Password',
'Access-Accept', NOW()) rlm_sql (sql1): Reserving sql socket id: 1
rlm_sql (sql1): Released sql socket id: 1
modcall[post-auth]: module "sql1" returns ok for request 0
modcall: group redundant returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Accept of id 1 to 192.168.200.1:4395
Session-Timeout = 29612
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 3 seconds...
rad_recv: Access-Request packet
Certificate issue with TLS
Hi,
I am still working on my problem and still haven't been able to find out
a solution. This is my first experience with Freeradius and OpenSSL,
hence my ignorance.
In view of my experience with these two products over the last couple of
days, I have a few more questions:
1- Is the use of .pem files mandatory for Private Key files that we
configure our server with? I have tried setting up the server to use
.der files but to no avail. In the file ssl_rsa.c on line 704, I am
returned error during initializing the Freeradius because "the file type
of my private key file is NOT pem". And therefore the freeradius server
never gets to start.
I have pem_file_type set to "no" in eap.conf. Do I need to the same in
some other file as well?
2- The particular version of SSL running on my Client does not support
pem format. Now when my Freeradius server sends it a .pem file in the
server handshake message, and my client tries to parse it out, I am
returned an error: ERR_R_EXPECTING_AN_ASN1_SEQUENCE. Following is the
program flow:
ssl3_connect()
|
--> ssl3_get_server_certificate()
|
--> d2i_X509()
|
--> asn1_GetSequence()
.
.
if (c->tag != V_ASN1_SEQUENCE)
{
c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE;
return(0);
}
.
.
Now, is it fair to assume that this error is occurring precisely because
of the fact that my Client does not support .pem version of files?
Thanks,
Bilal
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nas port / Pool-Name / ippool
I have some problems with ippool module.
Using 802.1x:
Access Point 3Com 8750
FreeRADIUS 1.0.1
Everything runs well except this problem with ippool-module.
users:
..
DEFAULTLdap-Group == "disabled", Auth-Type := Reject
Reply-Message = "Sie sind nicht berechtigt!"
DEFAULTLdap-Group == "allowed", Pool-Name := main_pool
DEFAULTMax-Daily-Session := 120
Fall-Through = 1
..
LDAP-Attribute radiusGroupName has only two values: allowed or disabled.
..
rlm_ldap: - authenticate
rlm_ldap: login attempt by "ekokor" with password "emil"
rlm_ldap: user DN: uid=ekokor,ou=People,dc=wss-stuttgart,dc=de
rlm_ldap: (re)connect to localhost:389, authentication 1
rlm_ldap: bind as uid=ekokor,ou=People,dc=wss-stuttgart,dc=de/emil to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: user ekokor authenticated succesfully
modcall[authenticate]: module "ldap" returns ok for request 6
modcall: group Auth-Type returns ok for request 6
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 6
rlm_ippool: Could not find nas port information. Return NOOP.<===what this means??
modcall[post-auth]: module "main_pool" returns noop for request 6
modcall: group post-auth returns noop for request 6
TTLS: Got tunneled reply RADIUS code 2
TTLS: Got tunneled Access-Accept
rlm_eap: Freeing handler
modcall[authenticate]: module "eap" returns ok for request 6
modcall: group authenticate returns ok for request 6
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 6
rlm_ippool: Could not find Pool-Name attribute. < and this also?
modcall[post-auth]: module "main_pool" returns noop for request 6
modcall: group post-auth returns noop for request 6
Sending Access-Accept of id 72 to 192.168.0.5:1160
Session-Timeout = 120
MS-MPPE-Recv-Key = 0x5aec0202c6c95fe34381139310c0053b03a8243f60fd01d1172c2724e68712d2
MS-MPPE-Send-Key = 0xb38b83e095aa1181cb77331f7fec4532f7706de17683be628770d4045767692d
EAP-Message = 0x03050004
Message-Authenticator = 0x
User-Name = "anonymous"
Finished request 6
Going to the next request
Waking up in 5 seconds...
--- Walking the entire request list ---
Cleaning up request 2 ID 68 with timestamp 4162a7d9
Cleaning up request 3 ID 69 with timestamp 4162a7d9
Cleaning up request 4 ID 70 with timestamp 4162a7d9
Waking up in 1 seconds...
--- Walking the entire request list ---
Cleaning up request 5 ID 71 with timestamp 4162a7da
Cleaning up request 6 ID 72 with timestamp 4162a7da
Nothing to do. Sleeping until we see a request.
rad_recv: Accounting-Request packet from host 192.168.0.5:1148, id=66, length=174
Acct-Status-Type = Start
Acct-Session-Id = "004005556832-000d54a941fd-08ae"
NAS-IP-Address = 0.0.0.0
Acct-Input-Octets = 483
Acct-Output-Octets = 1531
Acct-Input-Packets = 3
Acct-Output-Packets = 6
Vendor-Specific = 0x45415020557365726e616d652069733a20616e6f6e796d6f7573
Vendor-Specific = 0x564c414e2049442069733a2030
Vendor-Specific = 0x4553534944203d2033436f6d
Vendor-Specific = 0x45415020547970652069733a204541502d54544c53
Acct-Session-Time = 29
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 7
modcall[preacct]: module "preprocess" returns noop for request 7
rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID MAY be
inconsistent
rlm_acct_unique: WARNING: Attribute User-Name was not found in request, unique ID MAY be
inconsistent
rlm_acct_unique: Hashing ',Client-IP-Address = 192.168.0.5,NAS-IP-Address =
0.0.0.0,Acct-Session-Id = "004005556832-000d54a941fd-08ae",'
rlm_acct_unique: Acct-Unique-Session-ID = "8efb8a59b5fabe69".
modcall[preacct]: module "acct_unique" returns ok for request 7
rlm_realm: Proxy reply, or no User-Name. Ignoring.
modcall[preacct]: module "suffix" returns noop for request 7
modcall[preacct]: module "files" returns noop for request 7
modcall: group preacct returns ok for request 7
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 7
radius_xlat: '/var/log/radius/radacct/192.168.0.5/detail-20041005'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to
/var/log/radius/radacct/192.168.0.5/detail-20041005
modcall[accounting]: module "detail" returns ok for request 7
rlm_counter: We only run on Accounting-Stop packets.
modcall[accounting]: module "daily" returns noop for request 7
radius_xlat: '/var/log/radius/radutmp'
radius_xlat: ''
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
modcall[accounting]: module "radutmp" returns noop for request 7
rlm_ippool: This is not an Accounti
CHAP+MS-CHAP+freeRADIUS
Hi all How can I setup freeradius to use CHAP and MS-CHAP authentication? Thanks in advance Regards & Thanks Mahesh S Kudva Robosoft Technologies - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Exec-Program and iproute2
Hi all, I'm trying to shape ppp+ interfaces after successful authentication using Exec-Program. radiusd runs as root, in mysql radreply table the last row for the user contains: Exec-Program = '/etc/ppp/shd %f'. Freeradius version is 1.0.1,MySQL 4.0.21, Slackware 10, pptpd 1.2.1, iproute2(ip, tc). When user connects to the pptpd everythink is OK, link goes up, but the ppp interface is not shaped. If I run shaping script outside the radius it works. In radius.log the stage of executing the script is noted with correctly transfered value of attribute %f, script is owned by root(same as radiusd), there isnn't an error of any kind, but this automation doesn't work. Can anyone tell me where could the mistake or my misunderstanding in implementing Exec-Program attribute. Any advice I would appreciate. Thanks in advance __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kill online user
Hi again, How am I going to kill online users other than radkill, may be ucd-snmp. Anyone can help me.. Nurul Faizal Bin M.Shukeri Pusat Komputer, Universiti Sains Malaysia.
