FreeRadius + MySQL
Hello All, Please let's me know about freeradius+MySQL's paper to configuretion and command to use that or shown me step by step for me to config server to authenticate with freeradius+MySQL. Sincere. -- Chanin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
segmentation fault ( eaptls_process returned 3 )
I am facing a segmentation fault error while using following snapshots for openssl and freeradius openssl-0.9.6-stable-SNAP-20041002 Use 0.9.7b or later. Alan DeKok. Thanks Alan, I used 0.9.7b, however this time I noticed that if I select Validate certificate in the XP machine I do not get segmentation fault and if I de-select the same I get the segmentation fault error. I am new to the use of wireless and radius and would like to know : Do I need to install certificates on xp machine for peap, if yes can you please let me know the procedure for the same? Thanks in advance AD _ The new MSN toolbar! Your shortcut to the internet! http://toolbar.msn.co.in/ Access a world of convenience! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(tag != V_ASN1_INTEGER) error
Hi,
I have used the script CA.all to generate the Root, Server and Client
certificates. Now on the Freeradius Server side, all the required
certificates loaded successfully and the Freeradius Server initializes
successfully.
When I try to initialize my Client, it loads the Client certificate
successfully but while loading the private key (Client certificate and
its Private Key are in the same .der file), it returns with error after
hitting the following line of code:
tag != V_ASN1_INTEGER
{
i=ASN1_R_EXPECTING_AN_INTEGER;
goto err;
}
Value of tag is 16 whereas the code wants it to be V_ASN1_INTEGER (2).
I keep getting this error even after trying it with several different
certificates.
Could someone please help with this issue as to why this is happening?
Should I have the Client Certificate and its private ket in separate
file or it doesn't matter?
Thanks,
Bilal
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Problems with counter module
On Sun, 10 Oct 2004 [EMAIL PROTECTED] wrote: Thanks a lot for your answers. You said: So check if the user sessions are recorded. Maybe the accounting stop do not contain a session-time attribute. Post an accounting-stop debug output for the user. I understand what you mean, but i don't know how to Post an accounting-stop debug output for the user. How can i do it? You run the server in debug mode and wait for an accounting-stop packet for that user (the packet that is sent when the user is disconnected from the nas). Afterwards, you post that debug output. Thanks. __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
About -p command line option
Hi All, I am comparatively new to using free-radius. Let me first tell you what I want to do: -- I want to run radius on some port say 2342 I tried on cmd line: [EMAIL PROTECTED] raddb]# radiusd -xxx -p 2342 Ignoring deprecated command-line option -pThu Oct 7 22:11:39 2004 : Info: Starting - reading configuration files ... I went through the radiusd.conf file where it states # If you want to use the default RADIUS port as defined on your server, # (usually through 'grep radius /etc/services') set this to 0 (zero). # # A port given on the command-line via '-p' over-rides this one. # # As of 1.0, you can also use the listen directive. See below for # more information. # port =1898 When I change here, I am successfully able to start radius on my required port. Now my real problem is that, I want to allow multiple users to run their own radiuses on the same machine on different ports. How can I achieve that? Regards, Nirmal. -- Warm Regards, Nirmal Patel. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New rlm_sql behaviour updates for postgres a oracle
On Sun, 10 Oct 2004, Thor Spruyt wrote: Hi, Someone asked to supply patches, so I did... but they've never been applied. So here they are again: For Postgres: http://www.thor-spruyt.com/new-rlm-sql-db_postgresql-sql.diff http://www.thor-spruyt.com/new-rlm-sql-postgresql-conf.diff For Oracle: http://www.thor-spruyt.com/new-rlm-sql-db_oracle-sql.diff http://www.thor-spruyt.com/new-rlm-sql-oraclesql-conf.diff If there's something wrong with them, just let me know and I'll provide new ones :) Please also include the updated nas table info. Also it would be better to move this to freeradius-devel. Thanks for your efforts in any case though. ps=It would be even nicer to open a bug report for these patches. -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation fault
Thanks Alan, I used 0.9.7b, however this time I noticed that if I select Validate certificate in the XP machine I do not get segmentation fault and if I de-select the same I get the segmentation fault error. I am new to the use of wireless and radius and would like to know : Do I need to install certificates on xp machine for peap, if yes can you please let me know the procedure for the same? Thanks in advance AD Hi , Thanks for your support till now, I am very close to acheiving what have been trying to do however I will need some more comments from you. Following is the crux of what I am stuck on now: I am trying to use freeradius for xp clients, I get following messages when trying to use peap as default eap type (full log attched) : First i recieve all the success logs as follows: ...truncated... TLS_accept: SSLv3 write finished A TLS_accept: SSLv3 flush data (other): SSL negotiation finished successfully SSL Connection Established eaptls_process returned 13 rlm_eap_peap: EAPTLS_HANDLED modcall[authenticate]: module eap returns handled for request 3 modcall: group authenticate returns handled for request 3 Sending Access-Challenge of id 161 to 172.26.6.62:44530 EAP-Message = 0x0106003119001403010001011603010020dcd1f01332d46809f26364 888ab19d2259e9d6cbda6cd4bfad8f3da4a2bdfbbf Message-Authenticator = 0x State = 0xa70046675337ee5045cb375a4b7466a0 Finished request 3 Going to the next request Waking up in 6 seconds... And when I click on certificate prompt that says click to provide logon information I get following logs: - rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake is finished eaptls_verify returned 3 eaptls_process returned 3 Segmentation fault These are the steps I have followed : 1. installed openssl openssl-0.9.7b 2. installed freeradius freeradius-snapshot-20041006 3. imported certificate root.der to xp client and did the set up as in 'how to' document at freeradius web site Thanks much in advance AD _ Seized by wanderlust? Have the best vacation ever. http://www.msn.co.in/Travel/ Team up with MSN Travel! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using realm ntdomain fails
Alan DeKok schrieb: Christoph Litauer [EMAIL PROTECTED] wrote: I want to use realm ntdomin, but had no success so far. Debug output always says: modcall[authorize]: module ntdomain returns noop for request 47 OK rlm_realm: Looking up realm LAPLITAUER for User-Name = LAPLITAUER\litauer rlm_realm: No such realm LAPLITAUER So... did you define that realm in proxy.conf, or in the realms file? I'd bet that the answer is no. Alan DeKok. Thank you Alan, seems as if I still haven't understood who to handle realms. So if you please could give a short tip how to handle the following situation: I want to authenticate my wlan users via PEAP using ntlm_auth. This works if the windows users configure an authentication with an empty domain. I still want users to be able to use their windows logon and password. Unfortunatly this case prefixes the username with the domain (e.g. LAPLITAUER\litauer). I want to discard the domain part. Is it possible? Do I have to use realms? Thanks in advance. -- Regards Christoph Christoph Litauer [EMAIL PROTECTED] Uni Koblenz, Rechenzentrum,http://www.uni-koblenz.de/~litauer Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, Fax: -100 1311 PGP-Key: http://www.uni-koblenz.de/~litauer/public-key.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mod_auth_radius and ms-chapv2
Hello, I would like to set up freeradius, and mod_auth_radius on linux to authenticate users via ias (radius server). My problem is the ias administrator said the authentication method is pap and not ms-chapv2. How can I set up mod_auth_radius to use ms-chapv2? Is it possibile? Thanks... Janos Makadi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: mod_auth_radius and ms-chapv2
No. josh. --On Monday, October 11, 2004 14:25:15 +0200 Makadi Janos [EMAIL PROTECTED] wrote: Hello, I would like to set up freeradius, and mod_auth_radius on linux to authenticate users via ias (radius server). My problem is the ias administrator said the authentication method is pap and not ms-chapv2. How can I set up mod_auth_radius to use ms-chapv2? Is it possibile? Thanks... Janos Makadi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: received response to request we did not send
Raimund Sacherer wrote: [...] But THERE is somewhere a problem i could not figure out until now: If the 62.4 and the 10.4 are on different interfaces (eth0=62.4/eth1=10.4) the packet is send to the roamingpartner and the roamingpartner answers (i verified it with tcpdump) BUT the radius server did not seem to receive this packet. I'm not sure I understand the whole explanation. Please specify who is the radius client, who is the proxy and who is the server. (an ascii schema can help, too) I tried from localhost to connect with netcat to the proxy port 1814 and the server recieved something (as i typed nonsens, it put's malformed packet in the logfile, but it was receiving something). Netstat displayed the 62.4 and 10.4 listening on 1812 and 1813 and * (0.0.0.0) listening on 1814. In radiusd.conf, are you using the directive bind_address or listen ? Currently our implementation works very well and i also could create a heartbeat interface now, as it is possible to listen on more ip-addresses, but it is not a clean solution, i want to fix this proxy behavior in the right way and put my patches into radius itself soon, as it seems without this outstanding fixes the UDPFROMTO patch is not complete! Is this the final setup you want to implement ? proxy1 eth0 + 62.4.e.f client 1 vip 1 | 62.4.a.b --- 62.4.c.d -| proxy1 eth1 | +- 10.4.g.h | | | | proxy2 eth0 +--|- 62.4.m.n client 2 vip 2| 10.4.i.j --- 10.4.k.l | proxy2 eth1 +- 10.4.o.p -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with counter module
Hi all, maybe I found the reason... but I don't know how to fix it. Thanks in advance rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. modcall[accounting]: module daily returns noop for request 2 modcall[accounting]: module unix returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'Pablo' modcall[accounting]: module radutmp returns ok for request 2 rlm_ippool: Searching for an entry for nas/port: 192.168.0.136/2151677988 rlm_ippool: Entry not found modcall[accounting]: module main_pool returns ok for request 2 modcall: group accounting returns ok for request 2 Sending Accounting-Response of id 70 to 192.168.0.136:1027 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Accounting-stop packet for that user: Cleaning up request 2 ID 70 with timestamp 416aa6ac Nothing to do. Sleeping until we see a request. Users file: Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo, NAS-IP-Address == 192.168.0.136 Service-Type = Framed-User, Session-Timeout := 6, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 6, Port-Limit = 1 Thanks for helping me! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: using realm ntdomain fails
I didn't use realms to get this working, I think realms is only if you are going to use freeradius as a radius proxy. If you want to authenticate users using their domain user and password, you must get ntlm_auth working (search for it in radiusd.conf), but as Alan here pointed out to me, it is best to make it work manually by typing something like: ntlm_auth --request-nt-key --username=username --password=password --domain=DOMAIN But before I got this to work I had to configure and start the samba service, and make the freeradius server join the domain. The samba config for me is located here: /etc/samba/smb.conf, I changed only two things: workgroup = your domain name wins server = ip adress to your wins server Start samba with (i think): service start smbd I can't remember the command to join the domain, I'll have to get back to you on that one. ntlm_auth uses a another program called winbindd in the background... It can be difficult to make it work right, but read it's log in /var/log/samba/winbindd.log, and you'll understand. I hope this is some of what you were looking for. - Øystein -Original Message- From: Christoph Litauer [mailto:[EMAIL PROTECTED] Sent: 11. oktober 2004 14:20 To: [EMAIL PROTECTED] Subject: Re: using realm ntdomain fails Alan DeKok schrieb: Christoph Litauer [EMAIL PROTECTED] wrote: I want to use realm ntdomin, but had no success so far. Debug output always says: modcall[authorize]: module ntdomain returns noop for request 47 OK rlm_realm: Looking up realm LAPLITAUER for User-Name = LAPLITAUER\litauer rlm_realm: No such realm LAPLITAUER So... did you define that realm in proxy.conf, or in the realms file? I'd bet that the answer is no. Alan DeKok. Thank you Alan, seems as if I still haven't understood who to handle realms. So if you please could give a short tip how to handle the following situation: I want to authenticate my wlan users via PEAP using ntlm_auth. This works if the windows users configure an authentication with an empty domain. I still want users to be able to use their windows logon and password. Unfortunatly this case prefixes the username with the domain (e.g. LAPLITAUER\litauer). I want to discard the domain part. Is it possible? Do I have to use realms? Thanks in advance. -- Regards Christoph __ __ Christoph Litauer [EMAIL PROTECTED] Uni Koblenz, Rechenzentrum,http://www.uni-koblenz.de/~litauer Postfach 201602, 56016 Koblenz Fon: +49 261 287-1311, Fax: -100 1311 PGP-Key: http://www.uni-koblenz.de/~litauer/public-key.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem: Failed to link to module 'rlm_exec':File not found
Hey All,
I am having trouble and am hoping you can help me out. After
installing freeradius, I execute freeradius -X to enable debugging
mode. I am getting an error and am unsure on how to proceed.
Operating System OpenBSD3.5
Free Radius 1.0.1
./configure --without-rlm-krb5 --with-logdir=\var\log\radius
make
make install
In debugging mode the last three lines appear as follows.
radiusd: entering modules setup
Module :Library search path is /usr/local/lib
radiusd.conf{1367} Failed to link to module 'rlm_exec':File not found
The log file in /var/log/radius there is no useful information in it.
After looking at the radiusd.conf fileline 1367 givse me no clues as
to what I need to correct in my install
I've tried copying the rlm_exe directory from the tarball into
/usr/local/lib, still not working
Also tried to copying the files contained in rlm_exe to /usr/local/lib,
again not working.
I'm not sure if there are log files located elsewhere that will help
me.if not I would greatly appreciate any help you could provide.
Thanks You,
Scott J. Wolke
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: New rlm_sql behaviour updates for postgres a oracle
Thor Spruyt [EMAIL PROTECTED] wrote: Someone asked to supply patches, so I did... but they've never been applied. I also asked you to submit the patches on bugs.freeradius.org. I don't know why you're not doing that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wierd FR/MySQL behaviour
Josh Howlett [EMAIL PROTECTED] wrote: Replying to my own mail - the Authenticators are the same in both packets. So is this definitely a NAS bug? From my reading of the Authn RFC, the Authenticator should be unique... Yes. The NAS is broken. It *may* be possible to work around it a little, with hacks to the server. But I'm not sure I'd recommend that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: About -p command line option
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nirmal Patel Sent: Monday, October 11, 2004 8:07 AM To: [EMAIL PROTECTED] Subject: About -p command line option Now my real problem is that, I want to allow multiple users to run their own radiuses on the same machine on different ports. How can I achieve that? Use -d and have each user have their own configuration directory. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS-Identifier check
Hello, I want TTLS users to be authenticated using their login/pwd _AND_ the NAS-Identifier attribute from the Access-Req packet. It works fine with User-Password, but when I add NAS-Identifier == 'my_router' to radcheck table, freeradius says 'Auth-Type notfound'. The debug shows that 'my_router' sends thecorrect value for this attribute. When I change to :=, users can login even if the value is completely changed (i.e. I put his_router instead) Any clue ? Alex__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: Ascend MAX 6000 Problems
Corey Jarvis [EMAIL PROTECTED] wrote: I am getting this in debug mode from radius: Sun Oct 10 18:04:14 2004 : Error: Unknown packet code 33 from client nas0:1027 - ID 9 : IGNORED You should be able to configure the NAS to *not* send those packets. If not, the log messages can be ignored. They won't break anything, or cause any problems. On the max I am getting this from Syslog: Oct 10 17:23:52 nas0 Radius client timeout (code=51) for user RADIUS release all global-pool addresses So your NAS is complaining that it can't exchange packet code 51 with the server. If anyone has experienced something similar or can help it would be appreciated. What kind of solution are you looking for? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unfilled attributes in radacct mysql
zack musa [EMAIL PROTECTED] wrote: I'ved tested the accounting, authentication through it. When I checked the radacct table in MYSQL, there are some attributes information unfilled or filled with '0's.Hoe to get those missing information availabale? Make the NAS send those attributes. See the FAQ. How to simulate multiple user login at the same time? Is there any scripts available for this kind of test? radclient. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (tag != V_ASN1_INTEGER) error
Bilal Ahmed [EMAIL PROTECTED] wrote: When I try to initialize my Client, it loads the Client certificate successfully but while loading the private key (Client certificate and its Private Key are in the same .der file), it returns with error after hitting the following line of code: tag != V_ASN1_INTEGER You don't say which file it is, or where it comes from. Nice. In any case, that code isn't part of FreeRADIUS. I suggest asking the authors of the code about the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: About -p command line option
Nirmal Patel [EMAIL PROTECTED] wrote: Now my real problem is that, I want to allow multiple users to run their own radiuses on the same machine on different ports. How can I achieve that? Multiple radiusd.conf files. The -p option isn't supported any more. Read the output of the server in debugging mode. It will tell you this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
new user - configuration question
This is my first attempt at setting up a RADIUS server. I have downloaded and successfully installed FreeRadius version 1.0.1 on a Red Hat 8.0 Linux server. It seems to work fine based upon the testing included in the installation instructions. I am now starting to read through the documentation to complete the next phase. I know I still need to configure the radiusd.conf but wanted to verify that I also need to install MySQL w/PHP support and Apache servers. Is there any other step that I am missing?? I am new to the Linux world on a learning curve so please bear with me. Any assistance is appreciated. Brent Berry Network Engineer Mueller Industries Inc. (901) 759-7470 * Mueller Industries, Inc. - CONFIDENTIAL INFORMATION This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom it is addressed. This communication may contain privileged material. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail and any file attachments is not authorized by the sender of this e-mail or Mueller Industries, Inc. If you have received this e-mail in error, please immediately notify us by telephone at 1-800-348-8464 (or 901-753-3200) or reply by e-mail to the sender. If you are not the intended recipient, please destroy the original transmission and its contents.
Re: using realm ntdomain fails
Christoph Litauer [EMAIL PROTECTED] wrote: So... did you define that realm in proxy.conf, or in the realms file? I'd bet that the answer is no. Thank you Alan, seems as if I still haven't understood who to handle realms. Please read proxy.conf. I want to discard the domain part. Is it possible? Do I have to use realms? Yes, and yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Default messages
Hi all, do you know where can i change the default messages that radius send me? For example rejects a user (Simultaneous-Use := 1) and send me this message Reply-Message := "\r\nYou are already logged in - access denied\r\n\n" I want to include more lines... can i? Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED]
Re: New rlm_sql behaviour updates for postgres a oracle
Kostas Kalevras wrote: Please also include the updated nas table info. Also it would be better to move this to freeradius-devel. Thanks for your efforts in any case though. ps=It would be even nicer to open a bug report for these patches. For postgresql, I've sent to devel list for bug 139 and nas table update is included. -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: new user - configuration question
The current use for this server is to authenticate user access to our network hardware and eventually wi-fi access. The next phase is to get the user and device access configured. My test device is a Cisco 2600 router. According to the radius.conf the recommendation is to NOT use the clients or naslist. I took this as a recommendation to use SQL for storing the information. In reading through the installation for that was the comment that dialup_admin is used for management on the information in the SQL database. Brent From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anson Rinesmith Sent: Monday, October 11, 2004 9:22 AM To: [EMAIL PROTECTED] Subject: RE: new user - configuration question It depends on what features you want to use, your next phase doesnt tell us much. There is no NEED to install MySQL or Apache, unless you want a feature that requires them. It has also been my experience, that if you do decide you need MySQL, you will need to have it installed, before installing freeradius. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Berry, William Sent: Monday, October 11, 2004 9:08 AM To: [EMAIL PROTECTED] Subject: new user - configuration question This is my first attempt at setting up a RADIUS server. I have downloaded and successfully installed FreeRadius version 1.0.1 on a Red Hat 8.0 Linux server. It seems to work fine based upon the testing included in the installation instructions. I am now starting to read through the documentation to complete the next phase. I know I still need to configure the radiusd.conf but wanted to verify that I also need to install MySQL w/PHP support and Apache servers. Is there any other step that I am missing?? I am new to the Linux world on a learning curve so please bear with me. Any assistance is appreciated. Brent Berry Network Engineer Mueller Industries Inc. (901) 759-7470 * Mueller Industries, Inc. - CONFIDENTIAL INFORMATION This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom it is addressed. This communication may contain privileged material. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail and any file attachments is not authorized by the sender of this e-mail or Mueller Industries, Inc. If you have received this e-mail in error, please immediately notify us by telephone at 1-800-348-8464 (or 901-753-3200) or reply by e-mail to the sender. If you are not the intended recipient, please destroy the original transmission and its contents. * Mueller Industries, Inc. - CONFIDENTIAL INFORMATION This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom it is addressed. This communication may contain privileged material. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail and any file attachments is not authorized by the sender of this e-mail or Mueller Industries, Inc. If you have received this e-mail in error, please immediately notify us by telephone at 1-800-348-8464 (or 901-753-3200) or reply by e-mail to the sender. If you are not the intended recipient, please destroy the original transmission and its contents.
Re: Wierd FR/MySQL behaviour
--On Monday, October 11, 2004 09:57:58 -0400 Alan DeKok [EMAIL PROTECTED] wrote Josh Howlett [EMAIL PROTECTED] wrote: Replying to my own mail - the Authenticators are the same in both packets. So is this definitely a NAS bug? From my reading of the Authn RFC, the Authenticator should be unique... Yes. The NAS is broken. It *may* be possible to work around it a little, with hacks to the server. But I'm not sure I'd recommend that. That's what I figured too. Could I request that FreeRADIUS logs an error message when this condition occurs (ie. a reply is generated on basis of src IP/port authenticator)? The lack of any logging information at all (even at -X level) made this very difficult to trace... Thanks for your help with this. josh. -- --- Josh Howlett, Networking Digital Communications, Information Systems Computing, University of Bristol, U.K. 'phone: 0117 928 7850 email: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: new user - configuration question
Hi, Please try sending plain text mail, so it's easier to respond to your questions! To have support for mysql in freeradius, you need to have the mysql client libraries installed on your system before you configure/make freeradius. The files 'clients', 'naslist' are deprecated in favor of 'clients.conf'. You should store your NASes in clients.conf -- Regards, Thor Spruyt E: [EMAIL PROTECTED] W: www.thor-spruyt.com M: +32 (0)475 67 22 65 - Original Message - From: Berry, William To: [EMAIL PROTECTED] Sent: Monday, October 11, 2004 4:58 PM Subject: RE: new user - configuration question The current use for this server is to authenticate user access to our network hardware and eventually wi-fi access. The next phase is to get the user and device access configured. My test device is a Cisco 2600 router. According to the radius.conf the recommendation is to NOT use the client's or naslist. I took this as a recommendation to use SQL for storing the information. In reading through the installation for that was the comment that dialup_admin is used for management on the information in the SQL database. Brent From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anson Rinesmith Sent: Monday, October 11, 2004 9:22 AM To: [EMAIL PROTECTED] Subject: RE: new user - configuration question It depends on what features you want to use, your next phase doesn't tell us much. There is no NEED to install MySQL or Apache, unless you want a feature that requires them. It has also been my experience, that if you do decide you need MySQL, you will need to have it installed, before installing freeradius. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Berry, William Sent: Monday, October 11, 2004 9:08 AM To: [EMAIL PROTECTED] Subject: new user - configuration question This is my first attempt at setting up a RADIUS server. I have downloaded and successfully installed FreeRadius version 1.0.1 on a Red Hat 8.0 Linux server. It seems to work fine based upon the testing included in the installation instructions. I am now starting to read through the documentation to complete the next phase. I know I still need to configure the radiusd.conf but wanted to verify that I also need to install MySQL w/PHP support and Apache servers. Is there any other step that I am missing?? I am new to the Linux world on a learning curve so please bear with me. Any assistance is appreciated. Brent Berry Network Engineer Mueller Industries Inc. (901) 759-7470 * Mueller Industries, Inc. - CONFIDENTIAL INFORMATION This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom it is addressed. This communication may contain privileged material. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail and any file attachments is not authorized by the sender of this e-mail or Mueller Industries, Inc. If you have received this e-mail in error, please immediately notify us by telephone at 1-800-348-8464 (or 901-753-3200) or reply by e-mail to the sender. If you are not the intended recipient, please destroy the original transmission and its contents. * Mueller Industries, Inc. - CONFIDENTIAL INFORMATION This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom it is addressed. This communication may contain privileged material. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail and any file attachments is not authorized by the sender of this e-mail or Mueller Industries, Inc. If you have received this e-mail in error, please immediately notify us by telephone at 1-800-348-8464 (or 901-753-3200) or reply by e-mail to the sender. If you are not the intended recipient, please destroy the original transmission and its contents. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
realm information in accounting records
Im using a central freeradius/MySQL setup to do
proxying for 3 ISPs. I keep accounting records for each ISP. The problem
is that every record has the Realm set as DEFAULT. I would like to have the
realm reflect the realm it was proxied to.
My SQL statement, in sql.conf looks like this:
accounting_start_query = INSERT into radacct
(., Realm, .) values('., '%{Realm}',
.)
users and acct_users I have lines similar to these:
DEFAULT Called-Station-Id == 555,
Proxy-To-Realm := realm1
DEFAULT Called-Station-Id == 555,
Proxy-To-Realm := realm2
DEFAULT Called-Station-Id == 555,
Proxy-To-Realm := realm3
proxy.conf looks similar to:
realm realm1 {
type = radius
authhost = 1.2.3.4:1645
accthost = 1.2.3.4:1646
secret = ourlittlesecret
}
realm realm2 {
type = radius
authhost = 5.6.7.8:1645
accthost = 5.6.7.8:1646
secret = itsasecret
}
realm realm3 {
type = radius
authhost = 4.3.2.1:1645
accthost = 4.3.2.1:1646
secret = notgonnatellya
nostrip
}
RE : Default messages
Title: Message those type of message seems to be hardcoded ! maybe a more flexible module is comming to send specific reply message Cordialement,Nicolas ProstWISP-eTel : 08 71 71 51 69Fax : 04 78 42 88 34 -Message d'origine-De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Kyriaki GaliEnvoyé: lundi 11 octobre 2004 16:19À: [EMAIL PROTECTED]Objet: Default messages Hi all, do you know where can i change the default messages that radius send me? For example rejects a user (Simultaneous-Use := 1) and send me this message Reply-Message := "\r\nYou are already logged in - access denied\r\n\n" I want to include more lines... can i? Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED]
Re: Default messages
On Mon, 11 Oct 2004, Kyriaki Gali wrote: Hi all, do you know where can i change the default messages that radius send me? For example rejects a user (Simultaneous-Use := 1) and send me this message Reply-Message := \r\nYou are already logged in - access denied\r\n\n I want to include more lines... can i? See src/main/auth.c, function rad_authenticate Kyriaki Gali, IT Applications Specialist Kinetix Tele.com Support Center, Tel Fax: +30 2310 256140 GSM: +30 6947 723737 http://www.kinetix.gr e-mail: [EMAIL PROTECTED] -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wierd FR/MySQL behaviour
Josh Howlett [EMAIL PROTECTED] wrote: Could I request that FreeRADIUS logs an error message when this condition occurs (ie. a reply is generated on basis of src IP/port authenticator)? The lack of any logging information at all (even at -X level) made this In debugging mode, the server says sending duplicate reply to client t I'm not sure if it's logged, but I don't see why it couldn't be. See src/main'/radiusd.c. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RE : Default messages
On Mon, 11 Oct 2004, EROS wrote: those type of message seems to be hardcoded ! maybe a more flexible module is comming to send specific reply message In the future all these messages should be configurable and logging should be performed by modules. But that's a rather big task (see also bug #119). Cordialement, Nicolas Prost WISP-e Tel : 08 71 71 51 69 Fax : 04 78 42 88 34 -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Kyriaki Gali Envoy? : lundi 11 octobre 2004 16:19 ? : [EMAIL PROTECTED] Objet : Default messages Hi all, do you know where can i change the default messages that radius send me? For example rejects a user (Simultaneous-Use := 1) and send me this message Reply-Message := \r\nYou are already logged in - access denied\r\n\n I want to include more lines... can i? Kyriaki Gali, IT Applications Specialist Kinetix Tele.com Support Center, Tel Fax: +30 2310 256140 GSM: +30 6947 723737 http://www.kinetix.gr e-mail: [EMAIL PROTECTED] -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with counter module
On Mon, 11 Oct 2004 [EMAIL PROTECTED] wrote: Hi all, maybe I found the reason... but I don't know how to fix it. Thanks in advance rlm_counter: Could not find Service-Type attribute in the request. Returning NOOP. So fix that. See allowed-servicetype configuration directive ( i thought it would be rather obvious). modcall[accounting]: module daily returns noop for request 2 modcall[accounting]: module unix returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'Pablo' modcall[accounting]: module radutmp returns ok for request 2 rlm_ippool: Searching for an entry for nas/port: 192.168.0.136/2151677988 rlm_ippool: Entry not found modcall[accounting]: module main_pool returns ok for request 2 modcall: group accounting returns ok for request 2 Sending Accounting-Response of id 70 to 192.168.0.136:1027 Finished request 2 Going to the next request Thread 3 waiting to be assigned a request --- Walking the entire request list --- Accounting-stop packet for that user: Cleaning up request 2 ID 70 with timestamp 416aa6ac Nothing to do. Sleeping until we see a request. Users file: Pablo Auth-Type := Local, Max-Daily-Session := 6, User-Password == Pablo, NAS-IP-Address == 192.168.0.136 Service-Type = Framed-User, Session-Timeout := 6, Framed-Protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-MTU = 1500, Idle-Timeout = 6, Port-Limit = 1 Thanks for helping me! __ Tiscali Adsl 640 Free: fino al 15 novembre i consumi sono GRATIS! Se sottoscrivi un'Adsl Free 640 entro il 14 ottobre avrai gratis tutti i consumi fino al 15/11/04 compreso! In piu' sono gratis il modem in comodato e l'attivazione. Cosa aspetti? Prima attivi, piu' risparmi! http://abbonati.tiscali.it/adsl/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
define a Vendor-Specific Attribute in MYSql freeradius
Title: define a Vendor-Specific Attribute in MYSql freeradius Hi How can i use an attribute name from one of the vendor dictionaries. according to Alan DeKok answer . I just want to declare a Vendor-Specific 10x
Re: Ascend MAX 6000 Problems
Hi Alan, Thank you for the response. I found out the issue and its something my Telco did not give me for information. Thanks you for your time, Corey - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Vendor-Specific declare in sql
Title: Vendor-Specific declare in sql Hi I will be more specific now.. When i use freeradius without sql i just wrote in the users file : Vendor-Specific = route:filter-redirect-gw=10.0.0.1 and its work.. how can i do this in the sql free radius.. 10x for the great help
(Fwd) (Fwd) New Redback Attribute
Hello, Please add to Dictionnary Redback ATTRIBUTE RB-Attr-144 144 integer Redback ATTRIBUTE RB-Client-Mac 145 string Redback Don't know what's attr 144 , it return a number .. Can you search what's attr 144 Thanks --- End of forwarded message --- --- End of forwarded message --- BREUER NICOLAS Content Marketing Manager - Support Team - Avenue Henri Conscience, 94 B -1140 Bruxelles Tél. :+32 2 243 0 243 Fax :+32 2 243 0 244 Mobile :+32 486 50 27 87 E-Mail : [EMAIL PROTECTED] Support Team E-Mail : [EMAIL PROTECTED] Support Phone : 0902/40.120 - 0903/40.120 http://www.BelCenter.com | http://www.BelCenter.net http://www.LuxCenter.net | http://www.BulkSMS.be - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
default messages
Thanks , i changed and it works fine! Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED]
Re: Vendor-Specific declare in sql
Title: Vendor-Specific declare in sql If you use sql you must insert this attribute in radius's tables. Kyriaki Gali,IT Applications SpecialistKinetix Tele.com Support Center,Tel Fax: +30 2310 256140GSM: +30 6947 723737http://www.kinetix.gre-mail: [EMAIL PROTECTED] - Original Message - From: Elad Kugman To: '[EMAIL PROTECTED]' Sent: Monday, October 11, 2004 8:07 PM Subject: Vendor-Specific declare in sql Hi I will be more specific now.. When i use freeradius without sql i just wrote in the users file : Vendor-Specific = " route:filter-redirect-gw=10.0.0.1" and its work.. how can i do this in the sql free radius.. 10x for the great help
Re: FreeRadius + MySQL
On Monday 11 October 2004 01:17, Chanin Luangingkasut wrote: Hello All, Please let's me know about freeradius+MySQL's paper to configuretion and command to use that or shown me step by step for me to config server to authenticate with freeradius+MySQL. http://www.frontios.com/freeradius.html Sincere. -- CaribeNet S.A. - Cartagena - Colombia www.caribenet.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie question SQL-freeradius testing tools
Hello everybody, I just installed freeradius wth mysql and dialup admin. This was not easy, most because of missing or hard-to-find documentation. (Maybe you should at least add at least two links to the homepage: http://www.frontios.com/freeradius.html and http://sourceforge.net/projects/dialup-admin/ ) Well, everything is working fine, but I want to know if ther is a war to test accounting funcionality: I can connect by radtest, but accouning or logs wont start. Is there a trick or tool for testing the accounting function? Thanks a lot Enrique -- CaribeNet S.A. - Cartagena - Colombia www.caribenet.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius-Error
Hello Does anyone knows whatis is this error ? : on Oct 11 21:32:53 2004 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 -- Barbulescu Mihai Network Engineer RoEduNet Bucharest NOC - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Custom Log module installation
Hi, I got the source for the custom log module but, I don't see how to install it. I took a shot in the dark and put it into the src/modules directory and added it to the 'stable' file. That of course didn't work. Attached is the module and here is the thread from Oleg showing the configuration http://lists.cistron.nl/pipermail/freeradius-devel/2002-October/003675.html Can anyone show me how to get it installed? The capability to format, add/delete attributes from the logs seems like a very handy thing to do. Especially if you search log events to run scripts and such. Any chance of getting this module or one like it added to the next version of FreeRADIUS? Thanks, custom_log.tgz Description: application/compressed-tar
Re: mod_auth_radius and ms-chapv2
Josh Howlett wrote: No. josh. --On Monday, October 11, 2004 14:25:15 +0200 Makadi Janos [EMAIL PROTECTED] wrote: Hello, I would like to set up freeradius, and mod_auth_radius on linux to authenticate users via ias (radius server). My problem is the ias administrator said the authentication method is pap and not ms-chapv2. How can I set up mod_auth_radius to use ms-chapv2? Is it possibile? Thanks... Janos Makadi THX Janos Makadi - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
