disconnect user from terminal
hello, I have a problem using freeradius. when one user connect to freeradius can we disconnect them if we want to do that. Can we use terminal on Linux to disconnect??? thank you__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No communication between FreeRadius and Chilli
On Wed, 2005-07-20 at 21:29 +0200, freeradius-users- [EMAIL PROTECTED] wrote: > sean <[EMAIL PROTECTED]> wrote: > > The problem is > > that Chilli can't communicate with my Radius server. Ethereal tells > me > > that the destination is unreachable when replying to the Chilli box. > > It looks like the port isn't open. > > > No. TimeSourceDestination > Protocol Info > > 540 142.622909 192.168.1.6 82.141.232.132 > RADIUS Access Request(1) (id=0, l=195) > > Ok... > > > The Radius server and the Chilli AP get their IP's from DHCP on a > Caymen > > DSL modem with static IP. The Modem is 82.141.232.132. The Radius > server > > is 192.168.1.2 > > What's the problem? The Ethereal output you showed above disagrees > with your statement about the IP address of the RADIUS server. > > You have the Chilli AP configured to send RADIUS packets to the DSL > modem. The Ethereal output is telling you this. > > Alan DeKok. I have UDP and TCP Pinholes open in the modem for ports 1812, 1813 and 1814 pointing to 192.168.1.2 This should be directing trafic to 82.141.232.132:1812 etc to 192.168.1.2:1812. That is what I had to do for Apache, Jabber and other services. Does Radius use any other ports and should I have any ports opened to 192.168.1.6 Thanks for your help. Regards Sean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: Restricting Access by Group Membership
Hi,
To allow access the (regardless of password) you can set Auth-Type
:= Accept (See FreeRADIUS FAQ 5.5). I am not sure that is what you want
though, as in this case irrespective of what password a user enters he
will be granted access. You can use the configuration suggested by Dusty
Doris. That should work for you.
-Sayantan.
>>> [EMAIL PROTECTED] 07/21/05 1:04 AM >>>
My fault...members of that group are DENIED access. Now I get.
So, that leads me to another question. How do I change the syntax so
that users
are ALLOWED access if they are a member of the specified group? I
tried
changing the line in the users file to Auth-Type := Allow, but this
didn't work.
Unfortunately, I can't find anything on this in rlm_ldap or FAQ.
Thanks in advance,
Josh
-Original Message-
Setup:
FreeRADIUS 1.0.4 on FreeBSD 4.11 authenticating to eDirectory on
Netware 6.5 server.
Issue:
I have read the FAQ section regaring limiting access to specific
groups
(http://freeradius.org/faq/#5.2), but I can't get it to work. For one,
I am not
entirely certain where to add the lines. I have tried using the users
file, but
this doesn't seem to work. Two, I am not sure that I am using the
right syntax.
Here is what I have tried:
- adding the following lines to users file:
snip-
DEFAULT Group == "cn=remoteusers,o=services", Auth-Type := Reject
Reply-Message = "Your account has been disabled"
DEFAULT Auth-Type = LDAP
-snip-
Here is the debug:
-snip-
episd44# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded LDAP
ldap: server = "10.254.8.25"
ldap: port = 389
ldap: net_timeout = 20
ldap: timeout = 20
ldap: timelimit = 20
ldap: identity = "cn=raduser,o=services"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = "secretrad"
ldap: basedn = "o=services"
ldap: filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "(null)"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
ldap: edir_account_policy_check = no
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS
Called-Station-Id
rlm_ldap:
RE: EAP/TLS Problem
Hamid, > I have set up all components and I am getting following > message. any help will be appreciated. > > using openssl > fedora core 3 > radius latest release > Q: Was the fedora installation originally using the freeradius-1.0.2.rpm package? If so, then the /etc/init.d/radiusd script will need to be updated with the proper binary and library directories. This can easily be done by the following command: $ cp /usr/local/sbin/rc.radiusd /etc/init.d/radiusd ***NOTE: be certain the radiusd process is stopped prior to updating the init.d script. The RPM package installation passes different paths to radiusd on startup and this would explain the "No such file or directory" error. I ran into this problem recently on fedora core 4. > > Module: Loaded eap > eap: default_eap_type = "tls" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no > rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot > open shared object file: No such file or directory > radiusd.conf[9]: eap: Module instantiation failed. > Tom Tinsley - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: grouping services - LDAP
I've read the doc & do it exactly as suggested and it's working..
thanx!!
--haizam
- Original Message -
From: "Dusty Doris" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Wednesday, July 20, 2005 21:18
Subject: Re: grouping services - LDAP
On Wed, 20 Jul 2005, Rohaizam Abu Bakar wrote:
Hi all,
Using Freeradius 1.0.4 (FB 4.11)
I want to grouping between dialup & adsl... refer to users file below by
if if Ldap-Group ==ADSL is found, should authenticate/authorize by
"ldapadsl" and if not found, assuming dialup user and should
authenticate/authorize by "ldap1/ldap2" (DIALUP)
But the problem, referring to debug log.. doesn't matter whether
Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 &
ldapadsl i.e checking "adslAccess & dialAcess" atttribute.
What i want is that.. If Ldap-Group ==ADSL is found, it should be
handled by "ldapadsl" and not checking "ldap1/ldap2" and same goes when
not found, it will be handled by "ldap1/ldap2" and not checking
"ldapadsl"
anyone can help.?? thanks
Try using Autz Type as well, there is some documentation on it in the doc
dir.
It might look something like this.
DEFAULT Ldap-Group == "ADSL", Autz-Type := ADSL, Auth-Type := ADSL
DEFAULT Autz-Type := LDAP, Auth-Type := LDAP
#
authorize {
Autz-Type LDAP {
redundant {
ldap1
ldap2
}
}
Autz-Type ADSL {
ldapadsl
}
}
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS Problem
I have set up all components and I am getting following message. any help will be appreciated. using openssl fedora core 3 radius latest release Module: Loaded eap eap: default_eap_type = "tls" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Failed to link EAP-Type/tls: rlm_eap_tls.so: cannot open shared object file: No such file or directory radiusd.conf[9]: eap: Module instantiation failed. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco auth-proxy and cisco-avpair proxyacl
[EMAIL PROTECTED] wrote: > Problem: user test get successful auth-prox authorization but the dynamic > acl is not used by the router. > FYI - The RADIUS server passes the ACL and he router receives the ACL > (debug not reported in this email). Then the router is broken. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
filter id stored in LDAP
Can the actual Filter ID be store in and retreived by the radius server. By this I mean not just the name of the filter but it's actual contents? If so how? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco auth-proxy and cisco-avpair proxyacl
Hi there, I am running FreeRADIUS Version 1.0.4 on Solaris 8 for RADIUS services. Then I have a Cisco 3660 configured for inbound https auth-proxy. IOS on router -> c3660-ik9o3s-mz.123-14.T.bin % users # test Auth-Type := Local, User-Password == "test1234" Service-Type = Outbound, cisco-avpair = "auth-proxy:priv-lvl=15", cisco-avpair += "auth-proxy:proxyacl#1=permit tcp host 12.13.14.15 host 21.31.41.51 eq 22" # Problem: user test get successful auth-prox authorization but the dynamic acl is not used by the router. FYI - The RADIUS server passes the ACL and he router receives the ACL (debug not reported in this email). Can you help me? Thanks a lot. Full debug on the server: # radiusd -X rad_recv: Access-Request packet from host 131.176.131.40:1645, id=23, length=102 User-Name = "test" Reply-Message = "Password: " User-Password = "test1234" NAS-Port = 226 NAS-Port-Id = "tty226" NAS-Port-Type = Virtual Calling-Station-Id = "xx.xx.xx.xx" NAS-IP-Address = xx.xx.xx.xx Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "adalessa", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry adalessa at line 98 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 23 to xx.xx.xx.xx:1645 Cisco-AVPair = "auth-proxy:priv-lvl=15" Cisco-AVPair += "auth-proxy:proxyacl#1=permit tcp host 12.13.14.15 host 21.31.41.51 eq 22" Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 23 with timestamp 42dea17c Nothing to do. Sleeping until we see a request.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: Restricting Access by Group Membership
On Wed, 20 Jul 2005 [EMAIL PROTECTED] wrote: > My fault...members of that group are DENIED access. Now I get. > > So, that leads me to another question. How do I change the syntax so that > users > are ALLOWED access if they are a member of the specified group? I tried > changing the line in the users file to Auth-Type := Allow, but this didn't > work. > Unfortunately, I can't find anything on this in rlm_ldap or FAQ. > > Thanks in advance, > > Josh Just think backwards. DEFAULT Ldap-Group == "cn=remoteusers,o=services" DEFAULT Auth-Type := Reject Reply-Message = "Your account has been disabled" That will see if you match Ldap-Group, if not, you won't match that line in the users file so it will try the next line. The next line rejects everyone. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: Restricting Access by Group Membership
My fault...members of that group are DENIED access. Now I get.
So, that leads me to another question. How do I change the syntax so that users
are ALLOWED access if they are a member of the specified group? I tried
changing the line in the users file to Auth-Type := Allow, but this didn't work.
Unfortunately, I can't find anything on this in rlm_ldap or FAQ.
Thanks in advance,
Josh
-Original Message-
Setup:
FreeRADIUS 1.0.4 on FreeBSD 4.11 authenticating to eDirectory on Netware 6.5
server.
Issue:
I have read the FAQ section regaring limiting access to specific groups
(http://freeradius.org/faq/#5.2), but I can't get it to work. For one, I am not
entirely certain where to add the lines. I have tried using the users file, but
this doesn't seem to work. Two, I am not sure that I am using the right syntax.
Here is what I have tried:
- adding the following lines to users file:
snip-
DEFAULT Group == "cn=remoteusers,o=services", Auth-Type := Reject
Reply-Message = "Your account has been disabled"
DEFAULT Auth-Type = LDAP
-snip-
Here is the debug:
-snip-
episd44# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded LDAP
ldap: server = "10.254.8.25"
ldap: port = 389
ldap: net_timeout = 20
ldap: timeout = 20
ldap: timelimit = 20
ldap: identity = "cn=raduser,o=services"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = "secretrad"
ldap: basedn = "o=services"
ldap: filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "(null)"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
ldap: edir_account_policy_check = no
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP
Restricting Access by Group Membership
Setup:
FreeRADIUS 1.0.4 on FreeBSD 4.11 authenticating to eDirectory on Netware 6.5
server.
Issue:
I have read the FAQ section regaring limiting access to specific groups
(http://freeradius.org/faq/#5.2), but I can't get it to work. For one, I am not
entirely certain where to add the lines. I have tried using the users file, but
this doesn't seem to work. Two, I am not sure that I am using the right syntax.
Here is what I have tried:
- adding the following lines to users file:
snip-
DEFAULT Group == "cn=remoteusers,o=services", Auth-Type := Reject
Reply-Message = "Your account has been disabled"
DEFAULT Auth-Type = LDAP
-snip-
Here is the debug:
-snip-
episd44# /usr/local/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /usr/local/etc/raddb/clients.conf
Config: including file: /usr/local/etc/raddb/eap.conf
main: prefix = "/usr/local"
main: localstatedir = "/var"
main: logdir = "/var/log"
main: libdir = "/usr/local/lib"
main: radacctdir = "/var/log/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/var/log/radius.log"
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/usr/local/sbin/checkrad"
main: proxy_requests = yes
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded LDAP
ldap: server = "10.254.8.25"
ldap: port = 389
ldap: net_timeout = 20
ldap: timeout = 20
ldap: timelimit = 20
ldap: identity = "cn=raduser,o=services"
ldap: tls_mode = no
ldap: start_tls = no
ldap: tls_cacertfile = "(null)"
ldap: tls_cacertdir = "(null)"
ldap: tls_certfile = "(null)"
ldap: tls_keyfile = "(null)"
ldap: tls_randfile = "(null)"
ldap: tls_require_cert = "allow"
ldap: password = "secretrad"
ldap: basedn = "o=services"
ldap: filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
ldap: base_filter = "(objectclass=radiusprofile)"
ldap: default_profile = "(null)"
ldap: profile_attribute = "(null)"
ldap: password_header = "(null)"
ldap: password_attribute = "userPassword"
ldap: access_attr = "(null)"
ldap: groupname_attribute = "cn"
ldap: groupmembership_filter =
"(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))"
ldap: groupmembership_attribute = "(null)"
ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap"
ldap: ldap_debug = 0
ldap: ldap_connections_number = 5
ldap: compare_check_items = no
ldap: access_attr_used_for_allow = yes
ldap: do_xlat = yes
ldap: edir_account_policy_check = no
rlm_ldap: Registering ldap_groupcmp for Ldap-Group
rlm_ldap: Registering ldap_xlat with xlat_name ldap
rlm_ldap: reading ldap<->radius mappings from file
/usr/local/etc/raddb/ldap.attrmap
rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$
rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type
rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use
rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id
rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id
rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password
rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password
rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT
rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration
rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type
rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol
rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address
rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask
rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route
rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing
rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id
rlm_ldap: LDAP radiusFramedMTU mapp
Re: FW: TTLS and PAP
<[EMAIL PROTECTED]> wrote: > Here is the stack trace. > > Maybe my version of ssl is too old? Maybe. > #0 0x402d4a97 in eaptls_gen_mppe_keys (reply_vps=0x8179c08, > s=0x8157790, prf_label=0x402da5d9 "ttls keying material") at > mppe_keys.c:136 > 136 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE); TRhat doesn't tell me much, unfortunately. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Postgres problem
I am migrating mu MySQL DB to Postgres. My authentication ios OK, but the accounting query insertion fails with the following error:
rlm_sql_postgresql: Status: PGRES_FATAL_ERRORrlm_sql_postgresql: affected rows =rlm_sql_postgresql: Postgresql check_error: PGRES_FATAL_ERROR, returning SQL_DOWNrlm_sql (sql): failed after re-connectrlm_sql (sql): Couldn't insert SQL accounting START record - ERROR: relation "radacct_radacctid_seq" does not exist
I create all tables in the database RADIUS. Could you help me someone?Qué hacer en tu ciudad por la tarde y por la noche. No te lo pierdas en MSN Entretenimiento
Content-Type: text/html; charset=iso-8859-1; format=flowed
Hi people,
I am using freeradius with mysql support for two years. I installed the last version of freeradius 1.0.4 and a Postgres DB. My Radius server authorize well, however it can not account.
When I debug with radius -X in the inictial mesages appear this query:
INSERT into radacct ??(AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctAuthentic, ??ConnectInfo_start, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay) ??values('8060014b', 'cf3ead15f9af8ca7', '22107', '', '192.168.0.51', ??'2153775435', 'Cable', (now() - '0'::interval), '', '', ??'hs-eth1', '00:08:02:D2:72:0F', '', '', ??NULLIF('10.5.0.16', '')::inet, '0')'
In postgres.conf file I only modify host, user and passwd. So, why do double question mark appear???Acepta el reto MSN Premium: Envía hasta 500 megas diarios de fotos desde Hotmail. Descárgalo y pruébalo 2 meses gratis.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple Root Contexts
Great, that worked. Thanks.
Quoting Mearl Danner <[EMAIL PROTECTED]>:
>
> Might try downloading this and reading. It's very helpful.
>
> http://www.novell.com/documentation/edir_radius/pdfdoc/radadmin/radadmin.pdf
>
>
> If that's 3 separate "o=" at the root of the tree, the this from the above
> document.
>
>
> Example for Creating Multiple Instances of LDAP Module
>
> If you want multiple search bases, you can create multiple LDAP modules, by
> using the following
> syntax in the module section of the radiusd.conf.
>
> modules {
> ...
> ...
> ldap ldap1 {
> attribute = value
> attribute = value
> ...
> ...
> }
> ldap ldap2 {
> attribute = value
> attribute = value
> ...
> ...
> }
> ldap ldap3 {
> attribute = value
> attribute = value
> ...
> ...
> }
> }
>
> You can use the configured modules in authorize, authenticate and
> post-authenticate sections by
> specifying the module name and instance name. For example:
>
> authorize{
> .
> .
> ldap ldap1
> ldap ldap2
> .
> .
> }
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No communication between FreeRadius and Chilli
sean <[EMAIL PROTECTED]> wrote: > The problem is > that Chilli can't communicate with my Radius server. Ethereal tells me > that the destination is unreachable when replying to the Chilli box. It looks like the port isn't open. > No. TimeSourceDestination Protocol Info > 540 142.622909 192.168.1.6 82.141.232.132RADIUS > Access Request(1) (id=0, l=195) Ok... > The Radius server and the Chilli AP get their IP's from DHCP on a Caymen > DSL modem with static IP. The Modem is 82.141.232.132. The Radius server > is 192.168.1.2 What's the problem? The Ethereal output you showed above disagrees with your statement about the IP address of the RADIUS server. You have the Chilli AP configured to send RADIUS packets to the DSL modem. The Ethereal output is telling you this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: attribute checking with AD
Stefan Winter <[EMAIL PROTECTED]> wrote: > So far I mapped "Department" as a checkItem to one of our Vendor-Specific > attributes in ldap.attrmap and _wanted_ to do regexp matching in the users > file for that Vendor-Specific attribute after authorize->ldap passed through. > DEFAULT Our-Vendor-Specific-Thing =~ [^7].*, Auth-Type := Reject The "users" file doesn't do comparisons to check items very well. In the CVS head, the policy module can do this. You may be able to back-port it to 1.0.x. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple Appearing of the same Attribute & variables
"Metz, Frederic" <[EMAIL PROTECTED]> wrote:
> I have a Radius Packet with one Vendor Specific Attribute coming
> twice in that packet. Since I am writing the information into Mysql
> database, I wanted to know how to address the first and the second ?
> I saw that %{Attribute[index]} should work, but it doesn't. The
> entry (seen in Debug mode) is empty. I am using Radius 1.0.4. What's
> wrong with my conf ?
The problem is not your configuration. The problem is that the
syntax you quoted is valid only in the current CVS snapshot, not in
1.0.4.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius restart snmp
"Reza Toghraee" <[EMAIL PROTECTED]> wrote: > Is there any way to restart freeradius 1.0.4 using SNMP ? Yes. See the RADIUS MIBs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple Root Contexts
Might try downloading this and reading. It's very helpful.
http://www.novell.com/documentation/edir_radius/pdfdoc/radadmin/radadmin.pdf
If that's 3 separate "o=" at the root of the tree, the this from the above
document.
Example for Creating Multiple Instances of LDAP Module
If you want multiple search bases, you can create multiple LDAP modules, by
using the following
syntax in the module section of the radiusd.conf.
modules {
...
...
ldap ldap1 {
attribute = value
attribute = value
...
...
}
ldap ldap2 {
attribute = value
attribute = value
...
...
}
ldap ldap3 {
attribute = value
attribute = value
...
...
}
}
You can use the configured modules in authorize, authenticate and
post-authenticate sections by
specifying the module name and instance name. For example:
authorize{
.
.
ldap ldap1
ldap ldap2
.
.
}
>>> <[EMAIL PROTECTED]> 7/20/2005 9:51 AM >>>
Here is my setup:
FreeBSD 4.11 server with FreeRADIUS 1.0.4 authorizing/authenticating users in an
eDirectory Tree on a NetWare 6.5 server.
My issue:
There are three root contexts in the tree. If I set the basedn to context1, I
can successfully authorize/authenticate users in context1, but I need FreeRADIUS
to search all three contexts for users, and I can't figure out a way to add all
three as a basedn at the same time.
Thanks in advance,
Josh
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple Root Contexts
Here is my setup: FreeBSD 4.11 server with FreeRADIUS 1.0.4 authorizing/authenticating users in an eDirectory Tree on a NetWare 6.5 server. My issue: There are three root contexts in the tree. If I set the basedn to context1, I can successfully authorize/authenticate users in context1, but I need FreeRADIUS to search all three contexts for users, and I can't figure out a way to add all three as a basedn at the same time. Thanks in advance, Josh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re: Searching Subcontexts in eDir
Sayantan, It was a password error. Thanks. Josh Quoting Sayantan Bhowmick <[EMAIL PROTECTED]>: > Hi, >If you are getting a reply with ldapsearch then you should be able > to authenticate as that user. One of the possible causes of the -669 > error is an invalid password. So check the password and make sure you > are able to log in as that user. > > -Sayantan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attribute checking with AD
Hello,
after having almost successfully set-up authorize {} and authenticate {}
section to do AD clear-text logins, only a small problem remains:
We want to allow access for only a subset of the AD users. These users are
distinguished from the others by the following criterion (you don't want to
know why):
if the AD attribute "Department" begins with the character "7", the user is
allowed access, otherwise not.
So far I mapped "Department" as a checkItem to one of our Vendor-Specific
attributes in ldap.attrmap and _wanted_ to do regexp matching in the users
file for that Vendor-Specific attribute after authorize->ldap passed through.
DEFAULT Our-Vendor-Specific-Thing =~ [^7].*, Auth-Type := Reject
This doesn't work (sorry, no debug output available, not my machine). Now I
wonder: is there another possibility to do regexp matching against items that
are retrieved from AD or LDAP? Unfortunately just checking the attributes
delivered by the NAS is not enough.
Greetings,
Stefan Winter
--
Stefan WINTER
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Ingénieur de recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg
email: [EMAIL PROTECTED] tél.: +352 424409-1
http://www.restena.lu fax: +352 422473
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Nas-Port-Type quesiton
> When clients vpn into my server this is what part of the access-request > comes to my radius server: What you listed below is accounting, not access-request. Please post the access-request, along with your reply. > rad_recv: Accounting-Request packet from host 192.168.2.254:32955, > id=89, length=95 > Acct-Session-Id = "42DE38EA0AEA" > User-Name = "blabla" > Acct-Status-Type = Start > Service-Type = Framed-User > Framed-Protocol = PPP > Acct-Authentic = RADIUS >/* NAS-Port-Type = Async*/ > Framed-IP-Address = 192.168.0.244 > NAS-IP-Address = 127.0.0.1 > NAS-Port = 4 > Acct-Delay-Time = 0 > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple Appearing of the same Attribute & variables
Hi,
I have a Radius Packet with one Vendor Specific Attribute
coming twice in that packet. Since I am writing the information into Mysql
database, I wanted to know how to address the first and the second ? I saw that
%{Attribute[index]} should work, but it doesn’t. The entry (seen in Debug
mode) is empty. I am using Radius 1.0.4. What’s wrong with my conf ?
Frederic
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: grouping services - LDAP
On Wed, 20 Jul 2005, Rohaizam Abu Bakar wrote:
> Hi all,
>
> Using Freeradius 1.0.4 (FB 4.11)
>
>
> I want to grouping between dialup & adsl... refer to users file below by
> if if Ldap-Group ==ADSL is found, should authenticate/authorize by
> "ldapadsl" and if not found, assuming dialup user and should
> authenticate/authorize by "ldap1/ldap2" (DIALUP)
>
> But the problem, referring to debug log.. doesn't matter whether
> Ldap-Group=ADSL is found or not, it still check at both ldap1/ldap2 &
> ldapadsl i.e checking "adslAccess & dialAcess" atttribute.
>
> What i want is that.. If Ldap-Group ==ADSL is found, it should be
> handled by "ldapadsl" and not checking "ldap1/ldap2" and same goes when
> not found, it will be handled by "ldap1/ldap2" and not checking
> "ldapadsl"
>
>
> anyone can help.?? thanks
Try using Autz Type as well, there is some documentation on it in the doc
dir.
It might look something like this.
DEFAULT Ldap-Group == "ADSL", Autz-Type := ADSL, Auth-Type := ADSL
DEFAULT Autz-Type := LDAP, Auth-Type := LDAP
#
authorize {
Autz-Type LDAP {
redundant {
ldap1
ldap2
}
}
Autz-Type ADSL {
ldapadsl
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Restriction access via shell
I have some users who i gave a shell to of /etc/ppp/ppp-dynamic and it is valid in the /etc/shells and some that have a /bin/email-only which is not valid in the /etc/shell I just realized that some of those that are email-only are able to log on. How can I stop that? - This mail sent through Rural Communications Webmail http://www.myrural.com With Service in St. Joseph County Michigan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Raddb missing
Sharina Ibrahim wrote: > I just started installing freeradius from the Debian package. I'm > quiet confused because after I installed the package, I can't found > raddb , does raddb exist only when we install Freeradius from source > and not from the debian package? The config files are in /etc/freeradius when you install FreeRADIUS from the Debian package. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Nas-Port-Type quesiton
When clients vpn into my server this is what part of the access-request comes to my radius server: how will I be able to change that Port-Type from Async to VPN?, cause I use a portmaster on my network as well and my Analogue dialups is also Async , I want to be able to distinguish betweem the type of connection. rad_recv: Accounting-Request packet from host 192.168.2.254:32955, id=89, length=95 Acct-Session-Id = "42DE38EA0AEA" User-Name = "blabla" Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS /* NAS-Port-Type = Async*/ Framed-IP-Address = 192.168.0.244 NAS-IP-Address = 127.0.0.1 NAS-Port = 4 Acct-Delay-Time = 0 J Dusty Doris wrote: Hi guys, I use freeradius with poptop, just a question that im trying to figure out, My radius server sees the NAS-Port-Type as Async whenever a vpn connectio is made, is there anyway to change this to let radius see for example as a "vpn" nas-port-type .Must this port-type come from my vpn server? Thanks J Radius Attribute/Value pairs come from the NAS. Perhaps if you describe what it is you are trying to do, we can help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Regards Jandre "Some people are alive only because it is illegal to kill them." _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius as radius and proxy radius server
Hi Marc, > can freeradius work as a radius server and at the same time > as a proxy radius server? if this is possible, has anyone Yes. > found good links/resources on how to set this up? Have you read the docs that come with freeradius? Looked at the example configuration files? Done any searches of this list or google? Its not very difficult to set up, depending on the logic you wish to use to determine which requests to handle locally, and which requests to proxy. If you have more specific questions based on what you're trying to achieve, then the people on this list will be able to help you more easily... once you've had a go yourself ;-) Cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FW: TTLS and PAP
Alan,
Sorry about duplicating my original email. I found your reply about 3
seconds after doing that.
Here is the stack trace.
Maybe my version of ssl is too old?
[EMAIL PROTECTED] bin]$ openssl
OpenSSL> version
OpenSSL 0.9.7b 10 Apr 2003
#0 0x402d4a97 in eaptls_gen_mppe_keys (reply_vps=0x8179c08,
s=0x8157790, prf_label=0x402da5d9 "ttls keying material") at
mppe_keys.c:136
136 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
(gdb) bt
#0 0x402d4a97 in eaptls_gen_mppe_keys (reply_vps=0x8179c08,
s=0x8157790, prf_label=0x402da5d9 "ttls keying material") at
mppe_keys.c:136
#1 0x402d8912 in eapttls_authenticate (arg=0x814dcb0,
handler=0x81576e8) at rlm_eap_ttls.c:253
#2 0x4002a627 in eaptype_call (atype=0x814dba0, handler=0x81576e8) at
eap.c:167
#3 0x4002a9f5 in eaptype_select (inst=0x810fe60, handler=0x81576e8) at
eap.c:353
#4 0x40029d89 in eap_authenticate (instance=0x810fe60,
request=0x8179b38) at rlm_eap.c:271
#5 0x08054c7a in call_modsingle (component=0, sp=0x810ebe8,
request=0x8179b38, default_result=0) at modcall.c:219
#6 0x08054e6e in modcall (component=0, c=0x810ebe8, request=0x8179b38)
at modcall.c:344
#7 0x08054d37 in call_modgroup (component=0, g=0x814f3e0,
request=0x8179b38, default_result=0) at modcall.c:252
#8 0x08054e1d in modcall (component=0, c=0x814f3e0, request=0x8179b38)
at modcall.c:335
#9 0x0805492b in module_authenticate (auth_type=6, request=0x8179b38)
at modules.c:891
#10 0x0805198b in rad_check_password (request=0x8179b38) at auth.c:353
#11 0x08051d53 in rad_authenticate (request=0x8179b38) at auth.c:644
#12 0x0804d5a9 in rad_respond (request=0x8179b38, fun=0x8051a9c
) at radiusd.c:1642
#13 0x0804d2ea in main (argc=2, argv=0xb514) at radiusd.c:1427
#14 0x42017499 in __libc_start_main () from /lib/i686/libc.so.6
123 void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s,
124 const char *prf_label)
125 {
126 unsigned char out[2*EAPTLS_MPPE_KEY_LEN],
buf[2*EAPTLS_MPPE_KEY_LEN];
127 unsigned char seed[64 + 2*SSL3_RANDOM_SIZE];
(gdb) l
128 unsigned char *p = seed;
129 size_t prf_size;
130
131 prf_size = strlen(prf_label);
132
133 memcpy(p, prf_label, prf_size);
134 p += prf_size;
135
136 memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
137 p += SSL3_RANDOM_SIZE;
(gdb) print s
$2 = (SSL *) 0x8157790
(gdb) print s->s3
$3 = (struct ssl3_state_st *) 0x0
Regards,
Martin.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: 19 July 2005 20:01
To: FreeRadius users mailing list
Subject: Re: FW: TTLS and PAP
<[EMAIL PROTECTED]> wrote:
> I'm trying to get TTLS/PAP working using freeradius 1.0.4. I must
have
> it configured incorrectly because its giving a Segmentation fault just
> before giving the Access-Accept & EAP-Success back to the switch. I
> have searched the archives for a solution but not found help to sort
my
> problem out.
See doc/bugs
> I don't understand is why the modcall[authorise] appear often in
request
> processing before modcall[authenticate]. I thought the order was to
> authenticate a user and then once we are sure they are who they say
they
> are then we authorise them to use the network.
Due to historical issues, FreeRADIUS has pre-authenticate,
authenticate, and post-authenticate. The pre-authenticate is called
"authorize".
The sections could just as easily be called "foo", "bar", and "baz".
It makes no difference to the operation of the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Raddb missing
Hi guys, I just started installing freeradius from the Debian package. I'm quiet confused because after I installed the package, I can't found raddb , does raddb exist only when we install Freeradius from source and not from the debian package? Hopefully you guys can help me as I am quiet new in Debian and Freeradius. Thank you. Sincerely, Sharina - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
TTLS and PAP
Folks,
I'm repeating this message incase people thought it was not the
original. I had the Fw: on the front of the subject.
I'm trying to get TTLS/PAP working using freeradius 1.0.4. I must have
it configured incorrectly because its giving a Segmentation fault just
before giving the Access-Accept & EAP-Success back to the switch. I
have searched the archives for a solution but not found help to sort my
problem out.
I have played around with the configuration but don't fully understand
what I'm doing. Could someone point me to a place where I can read and
understand how the authenticate and autorize sections work. The
explanation in the radiusd.conf file don't seem to click with me.
I don't understand is why the modcall[authorise] appear often in request
processing before modcall[authenticate]. I thought the order was to
authenticate a user and then once we are sure they are who they say they
are then we authorise them to use the network.
Thanks for any help,
Martin.
radiusd.conf
authenticate {
Auth-Type PAP {
pap
}
eap
}
authorize {
preprocess
eap
files
}
Users file..
"Client certificate" Auth-Type := Local, User-Password == "bradley"
Service-Type = Framed-User,
Framed-Compression = Van-Jacobsen-TCP-IP
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "preprocess" returns ok for request 3
users: Matched entry DEFAULT at line 162
modcall[authorize]: module "files" returns ok for request 3
rlm_eap: EAP packet type response id 34 length 200
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 3
modcall: group authorize returns updated for request 3
rad_check_password: Found Auth-Type System
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'anonymous'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
rlm_eap_tls: Length Included
eaptls_verify returned 11
TLS_accept: SSLv3 read client key exchange A
TLS_accept: SSLv3 read finished A
TLS_accept: SSLv3 write change cipher spec A
TLS_accept: SSLv3 write finished A
TLS_accept: SSLv3 flush data
(other): SSL negotiation finished successfully
SSL Connection Established
eaptls_process returned 13
modcall[authenticate]: module "eap" returns handled for request 3
modcall: group authenticate returns handled for request 3
Sending Access-Challenge of id 34 to 10.230.199.248:1126
EAP-Message =
0x0123003d1580003314030100010116030100288b7a33f454f760f4cddff2f95941
b215a6f3d73b5e422d1744b2201bee31448f10dc78f33f354476
Message-Authenticator = 0x
State = 0x49b28c5e2307f384db00487f11336474
Going to the next request
Waking up in 5 seconds...
rad_recv: Access-Request packet from host 10.230.199.248:1126, id=35,
length=248
User-Name = "anonymous"
NAS-IP-Address = 10.230.199.248
NAS-Port = 2
State = 0x49b28c5e2307f384db00487f11336474
Calling-Station-Id = "00:06:5b:d6:ff:24"
NAS-Identifier = "radius-netgear"
NAS-Port-Type = Ethernet
EAP-Message =
0x02230078150017030100189e2c7d7fea093fe36d2ad301f92cc2ef4cba50563b00a0a8
1703010050b5955c43a5cd51375cebde00ed386a2f4273385aa3f6b0b2c6f7e15b73a75e
e8f64e15abdca0a875fd3408d3ce811a76580cee45fc540215f84bcc2f99a95cc5199a36
da952c0a76243f7f7645f4327b
Message-Authenticator = 0x3ddd5d8d65f10f4a26c7db7ab52a96db
X-Ascend-Token-Idle = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 4
modcall[authorize]: module "preprocess" returns ok for request 4
users: Matched entry DEFAULT at line 162
modcall[authorize]: module "files" returns ok for request 4
rlm_eap: EAP packet type response id 35 length 120
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 4
modcall: group authorize returns updated for request 4
rad_check_password: Found Auth-Type System
rad_check_password: Found Auth-Type EAP
Warning: Found 2 auth-types on request for user 'anonymous'
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 4
rlm_eap: Request found, released from the list
rlm_eap: EAP/ttls
rlm_eap: processing type ttls
rlm_eap_ttls: Authenticate
rlm_eap_tls: processing TLS
eaptls_verify returned 7
rlm_eap_tls: Done initial handshake
eaptls_process returned 7
rlm_eap_ttls: Session established. Proceeding t
Re: No communication between FreeRadius and Chilli
Hi, I have Chilli configured to run on Linksys WRT54G AP. I can access the Radius server at radius.chillispot.org with no problems. I have configured FreeRadius to run on a server also running Apache and MySQL.The FreeRadius installation compiled and runs with no errors and Radtest works fine, allowing me to authenticate users. The problem is that Chilli can't communicate with my Radius server. Ethereal tells me that the destination is unreachable when replying to the Chilli box. This is part of the Ethereal output:- No. TimeSourceDestination Protocol Info 540 142.622909 192.168.1.6 82.141.232.132RADIUS Access Request(1) (id=0, l=195) Frame 540 (237 bytes on wire, 237 bytes captured) Ethernet II, Src: 00:12:17:b7:a1:71, Dst: 00:00:c5:b1:0c:0c Internet Protocol, Src Addr: 192.168.1.6 (192.168.1.6), Dst Addr: 82.141.232.132 (82.141.232.132) User Datagram Protocol, Src Port: 2051 (2051), Dst Port: radius (1812) Radius Protocol No. TimeSourceDestination Protocol Info 541 142.623743 82.141.232.132192.168.1.6 ICMP Destination unreachable Frame 541 (70 bytes on wire, 70 bytes captured) Ethernet II, Src: 00:00:c5:b1:0c:0c, Dst: 00:12:17:b7:a1:71 Internet Protocol, Src Addr: 82.141.232.132 (82.141.232.132), Dst Addr: 192.168.1.6 (192.168.1.6) Internet Control Message Protocol The Radius server and the Chilli AP get their IP's from DHCP on a Caymen DSL modem with static IP. The Modem is 82.141.232.132. The Radius server is 192.168.1.2 and the Chilli AP is 192.168.1.6, its internal address is 192.168.10.1. I'd really appreciate any suggestions anyone might have to help me resolve this. Regards Sean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius as radius and proxy radius server
hi all, can freeradius work as a radius server and at the same time as a proxy radius server? if this is possible, has anyone found good links/resources on how to set this up? thanks. regards, marc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius restart snmp
Hello Is there any way to restart freeradius 1.0.4 using SNMP ? Regards Reza - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
