Freeradius as Authenticator
Hi, after testing and reading a lot of documentation, I have some questions. First my szenario: I want to use a freeradiusserver fpr authentication. The Users are stored in a LDAP-service. I have different user classes: 1.) Dialin-users: using PAP 2.) VPN-users: using PAP 3.) WLAN-Users: should work with EAP-TTLS/PEAP and MSCHAPV2 of PAP Why PAP? because I have an unix-community to supply and we do not want to have cleartext-passwords anywhere in our network (I know with PAP the cleartextpassword is sent to the radiusserver! But the radiusserver has none!) With MSCHAP we are using the NT-password ( I know it is not realy crypted, but still better than cleartext!) Now, how can I use PAP authentication with EAP-TTLS? - I read some mail before, but I still cannot get it working!! Meaning if I have an local user, defined in the useres.conf it works, but if I try to get the Informations from the LDAP-Server, the following error occours: rlm_ldap: user unrz148 authorized to use remote access Thu Aug 4 08:44:33 2005 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Thu Aug 4 08:44:33 2005 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 5 Thu Aug 4 08:44:33 2005 : Debug: modcall[authorize]: module "ldap" returns ok for request 5 Thu Aug 4 08:44:33 2005 : Debug: modcall: group authorize returns ok for request 5 Thu Aug 4 08:44:33 2005 : Debug: rad_check_password: Found Auth-Type LDAP Thu Aug 4 08:44:33 2005 : Debug: auth: type "LDAP" Thu Aug 4 08:44:33 2005 : Debug: ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. Thu Aug 4 08:44:33 2005 : Debug: auth: Failed to validate the user. Any hints for me? Also I have the problem with the difference between local and LDAP informations in generell. If I use a local-user everything works fine. If I use a LDAP-user he/she can authenticate, but later on the wpa_supplicant (supplicant fpr teh WLAN-users trying to do WPA) is accepting the authentication but not initiating the WPA-connection? With local-users and the same client-configuration everything works fine? Is it a problem within freeradius or wpa-supplicant?? Thanks Florian -- Dipl. Inf. Florian Prester Network Administration Regionales RechenZentrum Erlangen Universitaet Erlangen-Nuernberg Germany Tel.: +499131 8527813 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dialup-Admin & mysql Problems help plz!
Set sql_debug = no in admin.conf -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nicholas Briere Sent: Thursday, August 04, 2005 2:13 PM To: freeradius-users@lists.freeradius.org Subject: Dialup-Admin & mysql Problems help plz! hello i just installed Freeradius and Freeradius DialupAdmin (with mysql support) i changed the admin.conf so its using the correct db username/password. When i click on quite a few links Like Create New Group i get this atop of the New Group Page DEBUG(SQL,MYSQL DRIVER): Query: SELECT DISTINCT groupname FROM usergroup; DEBUG(SQL,MYSQL DRIVER): Query Result: then below under the word ' prefrences for new group ' DEBUG(SQL,MYSQL DRIVER): Query: SELECT attribute,value ,op FROM radgroupcheck WHERE groupname = ''; DEBUG(SQL,MYSQL DRIVER): Query Result: Num rows:: 0 DEBUG(SQL,MYSQL DRIVER): Query Result: DEBUG(SQL,MYSQL DRIVER): Query: SELECT attribute,value ,op FROM radgroupreply WHERE groupname = ''; DEBUG(SQL,MYSQL DRIVER): Query Result: Num rows:: 0 DEBUG(SQL,MYSQL DRIVER): Query Result: DEBUG(SQL,MYSQL DRIVER): Query: SELECT username FROM usergroup WHERE groupname = '' ORDER BY username; DEBUG(SQL,MYSQL DRIVER): Query Result: Num rows:: 0 DEBUG(SQL,MYSQL DRIVER): Query Result: Under " create a new User " i get DEBUG(SQL,MYSQL DRIVER): Query: SELECT DISTINCT groupname FROM usergroup; DEBUG(SQL,MYSQL DRIVER): Query Result: im using Debian (sarge) / apache 1.3 / php4 / mysql 4.0.24-10 Any help on this would be great as im Quite new the 'radius' enviroment and these sql errors have caused alot of headaches for me :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup-Admin & mysql Problems help plz!
hello i just installed Freeradius and Freeradius DialupAdmin (with mysql support) i changed the admin.conf so its using the correct db username/password. When i click on quite a few links Like Create New Group i get this atop of the New Group Page DEBUG(SQL,MYSQL DRIVER): Query: SELECT DISTINCT groupname FROM usergroup; DEBUG(SQL,MYSQL DRIVER): Query Result: then below under the word ' prefrences for new group ' DEBUG(SQL,MYSQL DRIVER): Query: SELECT attribute,value ,op FROM radgroupcheck WHERE groupname = ''; DEBUG(SQL,MYSQL DRIVER): Query Result: Num rows:: 0 DEBUG(SQL,MYSQL DRIVER): Query Result: DEBUG(SQL,MYSQL DRIVER): Query: SELECT attribute,value ,op FROM radgroupreply WHERE groupname = ''; DEBUG(SQL,MYSQL DRIVER): Query Result: Num rows:: 0 DEBUG(SQL,MYSQL DRIVER): Query Result: DEBUG(SQL,MYSQL DRIVER): Query: SELECT username FROM usergroup WHERE groupname = '' ORDER BY username; DEBUG(SQL,MYSQL DRIVER): Query Result: Num rows:: 0 DEBUG(SQL,MYSQL DRIVER): Query Result: Under " create a new User " i get DEBUG(SQL,MYSQL DRIVER): Query: SELECT DISTINCT groupname FROM usergroup; DEBUG(SQL,MYSQL DRIVER): Query Result: im using Debian (sarge) / apache 1.3 / php4 / mysql 4.0.24-10 Any help on this would be great as im Quite new the 'radius' enviroment and these sql errors have caused alot of headaches for me :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to bind user with different PPPoE service
Hi i m running freeradius 0-9.0 with mysql on a PPPoE server. i m runinng two different PPPoE service. can i bind a user to perticular PPPoE service using radius ? With Regards Thanks in Advance Nirmal Start your day with Yahoo! - make it your home page - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=* operator really work in 1.0.2 ?
Hello ! I use "=*" operator in User-Password attribute for special account, that accept any passwords. User-Password =*anypassword In pre-1.0.0 CVS it works fine. After upgrading to 1.0.2 it is really don't work. Is it bug or some configuration changes must be applied? Is any known work-arounds exists? Thanks a lot. -- Ruslan A Dautkhanov - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Regarding checkrad
mmm.. can I just check double login, perhaps by query database only without snmpwalk to ap. $sql = "SELECT COUNT(*) FROM radcheck WHERE Username='ultrabalad' AND AccTime=0; Once the result is equal to 1, freeradius will kick second login. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, August 04, 2005 11:00 AM To: FreeRadius users mailing list Subject: Re: Regarding checkrad "Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > Any suggestion for solution, perhaps my server configuration. I'm stupid > about snmp. It's not the server. It's the NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regarding checkrad
"Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > Any suggestion for solution, perhaps my server configuration. I'm stupid > about snmp. It's not the server. It's the NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to connect freeradius and SER!
Hello.. It's possible. We've a SER that authenticate in a freeRadius. Please, fell free to send me an email ([EMAIL PROTECTED]) and I can help you. Lima -Original Message- From: [EMAIL PROTECTED] on behalf of Alan DeKok Sent: Wed 3/8/2005 23:24 To: zhu lizhong; FreeRadius users mailing list Cc: Subject: Re: How to connect freeradius and SER! <>- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Regarding checkrad
Hi Alan, Any suggestion for solution, perhaps my server configuration. I'm stupid about snmp. Thanks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nurul Faizal M.Shukeri Sent: Thursday, August 04, 2005 8:57 AM To: 'FreeRadius users mailing list' Subject: RE: Regarding checkrad Thank Alan, perhaps my AP problem, coz I already enable the feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, August 04, 2005 12:28 AM To: FreeRadius users mailing list Subject: Re: Regarding checkrad "Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > My ap is cisco 340 and I already enable snmp feature. I don't know what the > problem is. Plz help me. Checkrad isn't able to talk to the AP. The AP isn't listening on SNMP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to connect freeradius and SER!
zhu lizhong <[EMAIL PROTECTED]> wrote: > I try ot connect Freeradius and SER. when i include the dictionary.ser > in dictionary, the ser tells me that it can nor open the > dictionary.ser. anyone knows how to fix it? thanks in advance! Are you willing to say what the errors are? Odds are it's an application-specific dictionary, and incompatible with FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication problem
On Wed, 3 Aug 2005, Hamid Salim wrote: > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on authentication *:1812 > Listening on accounting *:1813 > Listening on proxy *:1814 > Ready to process requests. > Dusty's response: You need to figure out why your NAS is not sending radius packets to the radius server. Check your network connections, your firewall rules, etc.. My question: i am not using NAS (as i understand) also i am not using Radius accounting. I am trying to use FreeRadius solely for authentication. what is check_with_nas = yes used for? do i need to change this??? thanks. Hamid. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Regarding checkrad
Thank Alan, perhaps my AP problem, coz I already enable the feature. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, August 04, 2005 12:28 AM To: FreeRadius users mailing list Subject: Re: Regarding checkrad "Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > My ap is cisco 340 and I already enable snmp feature. I don't know what the > problem is. Plz help me. Checkrad isn't able to talk to the AP. The AP isn't listening on SNMP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to connect freeradius and SER!
Hello, guys: I try ot connect Freeradius and SER. when i include the dictionary.ser in dictionary, the ser tells me that it can nor open the dictionary.ser. anyone knows how to fix it? thanks in advance! zhu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap basedn assignment
> How do you have this setup? Check out
doc/configurable_failover. That
> should show you how to do it.
>
I'm using configurable failover to get it to roll as it is.
>From my radiusd.conf file:
Authorize{
ldap1{
reject=1
}
ldap2{
reject=1
ok=return
}
}
Authenticate{
Auth-Type LDAP {
ldap1{
reject=1
ok=return
}
ldap2{
reject=1
ok=return
}
}
}
The output I see when I try to authenticate with an openldap
username/password where the username is also in AD
rad_recv: Access-Request packet from host
130.74.186.38:17688, id=1, length=46
User-Name = "username"
User-Password = "test123"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for
request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for username
radius_xlat: '(sAMAccountName=username)'
radius_xlat: 'cn=Users,dc=dept,dc=university,dc=edu'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to ad.dept.university.edu:389,
authentication 0
rlm_ldap: bind as
cn=aduser,cn=Users,dc=dept,dc=university,dc=edu/adpassword
to ad.dept.university.edu:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in
cn=Users,dc=dept,dc=university,dc=edu, with filter
(sAMAccountName=username)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user username authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok for request
0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for username
radius_xlat: '(uid=username)'
radius_xlat: 'dc=university,dc=edu,c=US'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to openldap.university.edu:1744,
authentication 0
rlm_ldap: bind as uid=ldapuser,ou=Special
Users,dc=university,dc=edu,c=US/ldappassword to
openldap.university.edu:1744
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=university,dc=edu,c=US,
with filter (uid=username)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user username authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap2" returns ok for request
0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type LDAP
auth: type "LDAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "username" with password
"test123"
rlm_ldap: user DN: CN=name\,
user,CN=Users,DC=dept,DC=university,DC=edu
rlm_ldap: (re)connect to ad.dept.university.edu:389,
authentication 1
rlm_ldap: bind as CN=name\,
user,CN=Users,DC=dept,DC=university,DC=edu/test123 to
ad.dept.university.edu:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind failed with invalid credentials
modcall[authenticate]: module "ldap1" returns reject for
request 0
rlm_ldap: - authenticate
rlm_ldap: login attempt by "username" with password
"test123"
rlm_ldap: user DN: CN=name\,
user,CN=Users,DC=dept,DC=university,DC=edu
rlm_ldap: (re)connect to openldap.university.edu:1744,
authentication 1
(THIS LINE IS THE PROBLEM) rlm_ldap: bind as CN=name\,
user,CN=Users,DC=dept,DC=university,DC=edu/test123 to
openldap.university.edu:1744
rlm_ldap: waiting for bind result ...
rlm_ldap: CN=name\,
user,CN=Users,DC=dept,DC=university,DC=edu bind to
openldap.university.edu:1744 failed No such object
rlm_ldap: ldap_connect() failed
modcall[authenticate]: module "ldap2" returns fail for
request 0
modcall: group Auth-Type returns fail for request 0
auth: Failed to validate the user.
The above problem line should be:
rlm_ldap: bind as uid=username, ou=People,
dc=university,dc=edu,c=us/test123 to
openldap.university.edu:1744
However, it is taking the userdn from the ad server which
gave the first authorize ok. What I need is for it to
attempt to authenticate with the appropriate userdn
depending on which server it is authenticating to. So it
would use the userdn from AD authenticating to the AD server
and the openldap userdn when authenticating to the openldap
server.
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication problem-FreeRadius Output
On Wed, 3 Aug 2005, Hamid Salim wrote: > radutmp: check_with_nas = yes > radutmp: perm = 384 > radutmp: callerid = yes > Module: Instantiated radutmp (radutmp) > Listening on authentication *:1812 > Listening on accounting *:1813 > Listening on proxy *:1814 > Ready to process requests. > You need to figure out why your NAS is not sending radius packets to the radius server. Check your network connections, your firewall rules, etc.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simple flat file passwords?
Stunning! Thanks Alan, that was all it took. I didn't even realise there
WAS a man page for the rlm_ modules. I'll go read some now.
|\/|artin
--
Senior Network Administrator, NEC (Europe) Ltd.
Acton extension: 3379
NEC*Net: 800-44-21-3379
Direct: +44 20 8752 3379
Fax: +44 20 8752 3389
Mobile: +44 7721 869 356
"Alan DeKok"
<[EMAIL PROTECTED]>
Sent by: To
freeradius-users- FreeRadius users mailing list
[EMAIL PROTECTED] <[EMAIL PROTECTED]
eradius.org org>
cc
03/08/2005 18:17 Subject
Re: Simple flat file passwords?
Please respond to
FreeRadius users
mailing list
> I am trying to use the passwd module to configure a simple flat file with
> two fields, a user name and a password. I believe I have the module
> configured right:
>
> passwd text_file {
> filename = /var/text_file
> format = "*User-Name:*User-Password"
From the "man" page for rlm_passwd:
The key field is signified by being preceded with a '*' character,
which indicates that the field has only one key, like the /etc/passwd
file.
> However I can't figure out which authtype to use. If I use PAP (above) I
> get the following errors:
>
> rlm_pap: login attempt by "mward" with password feeble
> rlm_pap: No password (or empty password) to check against for for user
> mward
Because you configured rlm_passwd wrong.
And don't set the "auth_type" in rlm_passwd. I think I'm going to
remove that option from the CVS head. It's just too confusing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication problem-FreeRadius Output
[EMAIL PROTECTED] sbin]# /opt/radiusd/sbin/runradiusd -X
+ LD_LIBRARY_PATH=/opt/openssl/lib
+ LD_PRELOAD=/opt/openssl/lib/libcrypto.so
+ export LD_LIBRARY_PATH
+ export LD_PRELOAD
+ /opt/radiusd/sbin/radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /opt/radiusd/etc/raddb/proxy.conf
Config: including file: /opt/radiusd/etc/raddb/clients.conf
Config: including file: /opt/radiusd/etc/raddb/snmp.conf
Config: including file: /opt/radiusd/etc/raddb/eap.conf
Config: including file: /opt/radiusd/etc/raddb/sql.conf
main: prefix = "/opt/radiusd"
main: localstatedir = "/opt/radiusd/var"
main: logdir = "/opt/radiusd/var/log/radius"
main: libdir = "/opt/radiusd/lib"
main: radacctdir = "/opt/radiusd/var/log/radius/radacct"
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = "/opt/radiusd/var/log/radius/radius.log"
main: log_auth = yes
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "/opt/radiusd/var/run/radiusd/radiusd.pid"
main: user = "(null)"
main: group = "(null)"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: checkrad = "/opt/radiusd/sbin/checkrad"
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /opt/radiusd/lib
Module: Loaded exec
exec: wait = yes
exec: program = "(null)"
exec: input_pairs = "request"
exec: output_pairs = "(null)"
exec: packet_type = "(null)"
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded eap
eap: default_eap_type = "tls"
eap: timer_expire = 60
eap: ignore_unknown_eap_types = no
eap: cisco_accounting_username_bug = no
tls: rsa_key_exchange = no
tls: dh_key_exchange = yes
tls: rsa_key_length = 512
tls: dh_key_length = 512
tls: verify_depth = 0
tls: CA_path = "(null)"
tls: pem_file_type = yes
tls: private_key_file = "/opt/radiusd/etc/1x/radiusd.ece.neu.edu.pem"
tls: certificate_file = "/opt/radiusd/etc/1x/radiusd.ece.neu.edu.pem"
tls: CA_file = "/opt/radiusd/etc/1x/root.pem"
tls: private_key_password = "serverpwd"
tls: dh_file = "/opt/radiusd/etc/1x/dh"
tls: random_file = "/opt/radiusd/etc/1x/random"
tls: fragment_size = 1024
tls: include_length = yes
tls: check_crl = no
tls: check_cert_cn = "(null)"
rlm_eap: Loaded and initialized type tls
mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = "/opt/radiusd/etc/raddb/huntgroups"
preprocess: hints = "/opt/radiusd/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = "(null)"
mschap: authtype = "MS-CHAP"
mschap: ntlm_auth = "(null)"
Module: Instantiated mschap (mschap)
Module: Loaded realm
realm: format = "suffix"
realm: delimiter = "@"
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = "/opt/radiusd/etc/raddb/users"
files: acctusersfile = "/opt/radiusd/etc/raddb/acct_users"
files: preproxy_usersfile = "/opt/radiusd/etc/raddb/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Addr"
Module: Instantiated acct_unique (acct_unique)
Module: Loaded detail
detail: detailfile =
"/opt/radiusd/var/log/radius/radacct/%{Client-IP-Address}"
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded System
unix: cache = no
unix: passwd = "(null)"
unix: shadow = "(null)"
unix: group = "(null)"
unix: radwtmp = "/opt/radiusd/var/log/radius/radwtmp"
unix: u
RES: Limiting the number of connections
Hi Alan, Thanks for your explanation. We´ve a shell script that do exactly what you sad. I´m trying to look for another way to do this. We´ve here a VoIP network and we need to restrict "N" connections to some groups. When i using a shell script it´s run properly, but it´s not fast. I thought that it can be did via mySQL in authorize_check query. It´s my scenario. Tks, Lima -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nome de Alan DeKok Enviada em: quarta-feira, 3 de agosto de 2005 13:32 Para: FreeRadius users mailing list Assunto: Re: Limiting the number of connections "Jose Divino de Lima" <[EMAIL PROTECTED]> wrote: > I´ve a challenge now to limit thu number of simultaneous connections > (i.e: we can permit only ten connections at the same time). doc/Simultaneous-Use If you're limiting connections to 10 *different* people, you'll have to write some custom code. Even a shell script would do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simple flat file passwords?
> I am trying to use the passwd module to configure a simple flat file with
> two fields, a user name and a password. I believe I have the module
> configured right:
>
> passwd text_file {
> filename = /var/text_file
> format = "*User-Name:*User-Password"
From the "man" page for rlm_passwd:
The key field is signified by being preceded with a '*' character,
which indicates that the field has only one key, like the /etc/passwd
file.
> However I can't figure out which authtype to use. If I use PAP (above) I
> get the following errors:
>
> rlm_pap: login attempt by "mward" with password feeble
> rlm_pap: No password (or empty password) to check against for for user
> mward
Because you configured rlm_passwd wrong.
And don't set the "auth_type" in rlm_passwd. I think I'm going to
remove that option from the CVS head. It's just too confusing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simple flat file passwords?
I am trying to use the passwd module to configure a simple flat file with
two fields, a user name and a password. I believe I have the module
configured right:
passwd text_file {
filename = /var/text_file
format = "*User-Name:*User-Password"
authtype = PAP
}
The contents of this file are:
mward:feeble
However I can't figure out which authtype to use. If I use PAP (above) I
get the following errors:
rlm_pap: login attempt by "mward" with password feeble
rlm_pap: No password (or empty password) to check against for for user
mward
If I use CHAP or MSCHAP I get errors like:
rlm_chap: Attribute "CHAP-Password" is required for authentication. Cannot
use "User-Password".
and if I change the format=line to suit, my passwd module fails with:
modcall[authorize]: module "text_file" returns notfound for request 0
Can anyone point out the undoubtedly siple thing I am missing? Thanks.
|\/|artin
--
Senior Network Administrator, NEC (Europe) Ltd.
Acton extension: 3379
NEC*Net: 800-44-21-3379
Direct: +44 20 8752 3379
Fax: +44 20 8752 3389
Mobile: +44 7721 869 356
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limiting the number of connections
"Jose Divino de Lima" <[EMAIL PROTECTED]> wrote: > I´ve a challenge now to limit thu number of simultaneous connections > (i.e: we can permit only ten connections at the same time). doc/Simultaneous-Use If you're limiting connections to 10 *different* people, you'll have to write some custom code. Even a shell script would do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication problem
Hamid Salim <[EMAIL PROTECTED]> wrote: > FreeRadius is not authenticating, there are no messages on the screen > or the logfile. The AP does not see the FreeRadius server! > > I think this is a configuration issue outside of FreeRadius. Use "tcpdump" to see where the packets are going. This is also covered in the FAQ. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa and Disconnect Message
gennaro amelio <[EMAIL PROTECTED]> wrote: > Can i use Freeradius to do a prepaid-billing system?? Yes. > Freeradius supports CoA and Disconnect Mesage? radclient can send those packets, but FreeRADIUS doesn't listen for them. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regarding checkrad
"Nurul Faizal M.Shukeri" <[EMAIL PROTECTED]> wrote: > My ap is cisco 340 and I already enable snmp feature. I don't know what the > problem is. Plz help me. Checkrad isn't able to talk to the AP. The AP isn't listening on SNMP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql post-auth variable bug?
Forgot to mention. This is on both 1.0.2 and 1.0.4 on both Linux &
FreeBSD.
Thanks.
Fernando.
En un mensaje anterior, Fernando Schapachnik escribió:
> Hi,
> In my AAA chain I have a module that *sometimes* adds a custom
> attribute (defined in my dictionary as ipaddr) called Auth-NAS. This
> module is called in the authorize section. Later on, in the post-auth
> session I have a SQL-module that has:
>
> postauth_query = "INSERT INTO ${postauth_table} (...) \
> VALUES ( \
> '%{check:Auth-NAS:-0.0.0.0}', ...)"
>
> When run, and Auth-NAS is not present, it outputs:
>
> rlm_sql (sql-xxx) in sql_postauth: query is INSERT INTO table
> (...) ??VALUES (..., '=01', ...);
>
>
> Sometimes the '=01' is replaced by '255.255.255.255'.
>
> Is this a bug in some place or am I doing something wrong? Any
> ideas?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ldap basedn assignment
> In the authorize stage it looks in both AD and ldap. In the > authenticate stage it queries both AD and ldap. The problem > is that in the authenticate stage it uses the basedn of the > server that returns the first ok in the authorize stage. So > if the username is in both AD and ldap, openldap rejects the > user because it is using the AD basedn to query the openldap > server. > > Is there a way for me to force the basedn for the ldap > server regardless of which server returned the first ok? > How do you have this setup? Check out doc/configurable_failover. That should show you how to do it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Limiting the number of connections
Hi people, I need your help. We´ve a solution that use SER athenticating, athotizing and accounting in a freeRadius+mySQL. I´ve a challenge now to limit thu number of simultaneous connections (i.e: we can permit only ten connections at the same time). Does anybody has any idea to implement this in freeRadius+mySQL ? I imagine that i need to change the sql queries in sql.conf, but i´m not sure.. Any ideas ? Tks, Lima - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Authentication-Please help
> FreeRadius is not authenticating, there are no messages on the screen > or the logfile. The AP does not see the FreeRadius server! > > I think this is a configuration issue outside of FreeRadius. > > Has anyone had similar problem. > > Any help will be greatly appreciated as i have hit a wall here and i am > on a deadline! > I would look at your network setup and firewall rules. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + TLS for Wifi networks
[EMAIL PROTECTED] on August 3, 2005 at 03:51 -0800 wrote: >However, I noticed that we have had multiple dropped connections from >Windows XP Pro with the Planet WAP-4000 and 3Com Office Connect Wireless >Access Points every 30 to 45 minutes but the freeradius server logs does >not show any errors. Remember: the logs only show what is sent to the radius server -- if the WAP doesn't send an accounting packet or authentication packet, nothing will be in your logs. > >I don't think this is a freeradius issue but I need to verify with >someone that this is not a radius related problem. > It doesn't sound like it is. > >Is there any configuration parameters within freeradius that I can tweak >to debug and check that radius is not the one causing this problem? Well, if you start radius like so: "radiusd -X" it will output debug info to stdout. It's rather complete information, but it only starts one process and may cause more output than you really want. > >Logically, I don't think it's a radius issue but I might be wrong. The only way it's a radius issue is if the machine is trying to reauthenticate, and radius is denying it the second time. Of course, this would show up in the radius logs if your AP was doing the right thing. > >If there is anyone that would like to get a copy of our RADIUS + TLS >HOWTO documentation with to find out how we did this integration, please >send me a personal email and I will send the PDF copy over. I'd love to see your documentation -- we're in the process of writing our own now, and anything that might have some more "gotchas" is good. -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql post-auth variable bug?
Hi,
In my AAA chain I have a module that *sometimes* adds a custom
attribute (defined in my dictionary as ipaddr) called Auth-NAS. This
module is called in the authorize section. Later on, in the post-auth
session I have a SQL-module that has:
postauth_query = "INSERT INTO ${postauth_table} (...) \
VALUES ( \
'%{check:Auth-NAS:-0.0.0.0}', ...)"
When run, and Auth-NAS is not present, it outputs:
rlm_sql (sql-xxx) in sql_postauth: query is INSERT INTO table
(...) ??VALUES (..., '=01', ...);
Sometimes the '=01' is replaced by '255.255.255.255'.
Is this a bug in some place or am I doing something wrong? Any
ideas?
Thanks in advance.
Fernando.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialadmin question
FreeRadius users mailing list on August 2, 2005 at 16:42 -0800 wrote: >hi all, > >can I use dialadmin for create users and autenticate this in a lan and >exit >out the router?? > > >LAN (many users) -> router/fw ---> internet > | > | >freeradius >server Hi Damon, I'm not familiar with dialadmin, but I think you would have some difficulty coercing the LAN clients into authenticating like that. Currently the only commonly-supported authentication method I am aware of for 802.3 ethernet networks is 802.1x. This would require either using HostAP (rumoured to work on wired NICs) or upgrade your LAN switches to ones that support 802.1x. Alternatively, you could use VLAN sectioning combined with a web server that can provide an authentication interface to the client. This is a bit of a pain, however. Hope that helps, -kb -- Kris Benson, CCP, I.S.P. Technical Analyst, District Projects School District #57 (Prince George) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Authentication problem
Post the output from starting Radius -X perhaps there we can see what is the Problem Mit freundlichen Grüßen Drießen Es liegt was in der Luft www.feilbingert.net Uwe Drießen Software & Computer Lembergstraße 33 67824 Feilbingert Tel.: 06708 660045 Fax 06708 661397 www.edv-driessen.de > -Ursprüngliche Nachricht- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im > Auftrag von Hamid Salim > Gesendet: Mittwoch, 3. August 2005 15:39 > An: freeradius-users@lists.freeradius.org > Betreff: Authentication problem > > Hi all, > i was wondering if anyone has successfully implemented the > following setup and/or had any issues. this is my second > post. your help will be greatly appreciated. > > > I have a setup as follows: > > Fedora core 3 > FreeRadius 1.0.4 > openssl .098 > Dell TrueMobile 1170 Access Pointv2.3.3 > 802.11b/g cards for AP and supplicant > Windows XP SP2 > > FreeRadius is not authenticating, there are no messages on > the screen or the logfile. The AP does not see the FreeRadius server! > > I think this is a configuration issue outside of FreeRadius. > > Has anyone had similar problem. > > Any help will be greatly appreciated as i have hit a wall > here and i am on a deadline! > > thanks > Hamid. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting - respose from freeradius, and forward
Tariq Rashid wrote: > we'd like freeradius to reply to accounting requests (start, stop, interim) > with acknowledgements, but also to forward the accounting request to a > backend radius server but to ignore the response from this prozy behaviour. > > this means that the querying NAS equipment doesn't spend time and resources > waiting for a backend reply to an accounting request. however, the backend > radius (possibly belionging to a 3rd party organisation) will need to see > the accounting packets - we just ignore/drop their repsonse. You could use radrelay. See the radrelay(8) manpage in 1.0.x version or radrelay.conf(5) manpage in CVS version. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting - respose from freeradius, and forward
hi - is it possible for freeradius to do the following? we'd like freeradius to reply to accounting requests (start, stop, interim) with acknowledgements, but also to forward the accounting request to a backend radius server but to ignore the response from this prozy behaviour. this means that the querying NAS equipment doesn't spend time and resources waiting for a backend reply to an accounting request. however, the backend radius (possibly belionging to a 3rd party organisation) will need to see the accounting packets - we just ignore/drop their repsonse. diagramatically: 1. [NAS] -- accounting -> [freeradius] 2. [NAS] <- accounting -- [freeradius] ---> [radius server] 3. [NAS] [freeradius] <--- [radius server] is this possible? tariq - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication problem
Hi all, i was wondering if anyone has successfully implemented the following setup and/or had any issues. this is my second post. your help will be greatly appreciated. I have a setup as follows: Fedora core 3 FreeRadius 1.0.4 openssl .098 Dell TrueMobile 1170 Access Pointv2.3.3 802.11b/g cards for AP and supplicant Windows XP SP2 FreeRadius is not authenticating, there are no messages on the screen or the logfile. The AP does not see the FreeRadius server! I think this is a configuration issue outside of FreeRadius. Has anyone had similar problem. Any help will be greatly appreciated as i have hit a wall here and i am on a deadline! thanks Hamid. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap basedn assignment
I have freeradius setup to use 2 ldap servers as backend authentication. One is openldap and the other is windows active directory. They have different basedn structures and these are laid out separately in the conf file. I have it setup to authenticate off of active directory first and openldap second. Everything is working fine except for the case of a user who's openldap username is the same as someone in active directory. In the authorize stage it looks in both AD and ldap. In the authenticate stage it queries both AD and ldap. The problem is that in the authenticate stage it uses the basedn of the server that returns the first ok in the authorize stage. So if the username is in both AD and ldap, openldap rejects the user because it is using the AD basedn to query the openldap server. Is there a way for me to force the basedn for the ldap server regardless of which server returned the first ok? Thanks in advance g - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No accounting replies to NAS'es!
Hi! > Setting accthost to LOCAL for handling the accounting. The problem is that > the NAS'es never recieves any accounting reply and I don't understand why? Is there possibly a firewall blocking the packets (UDP 1813 by default)? You should check with a packet sniffer on your server if the packets are sent or not. Greetings, Stefan Winter -- Stefan WINTER Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingénieur de recherche 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg email: [EMAIL PROTECTED] tél.: +352 424409-1 http://www.restena.lu fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No accounting replies to NAS'es!
Erling Paulsen wrote:
> realm student.X.Y {
> type= radius
> authhost= studentserv.X.Y:1812
> accthost= LOCAL
> secret =
> nostrip
> }
>
> Setting accthost to LOCAL for handling the accounting. The problem is that
> the NAS'es never recieves any accounting reply and I don't understand why?
It's a known bug of 1.0.x versions of FreeRADIUS. Try to replace the
file src/main/acct.c in the source tree by the file you can download
there:
http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radiusd/src/main/acct.c?rev=1.30.2.2
Then rebuild the server and try your setup again.
--
Nicolas Baradakis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
re:Re: huntgroups/groups with sql
Thanks, Michel Jansens >Michel Jansens <[EMAIL PROTECTED]> wrote: >> Tryed to add 'Fall-Through = Yes' to all 'radgroupcheck' entries, but it >> didn't work. > > It works in the CVS head, and will be in 1.1.x and following versions. > > Alan DeKok. >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No accounting replies to NAS'es!
Hi.
I might have missunderstood some concepts here!
We have a freeradius server as proxy, but it's doing all the accounting by
itself. Authentication is handled by remote servers, i.e. other
freeradius'es and IAS'es.
Accounting is logged fine to detail files and a remote Postgresql DB.
So, as I understood it, I have made proxy.conf setups like the following
example:
realm student.X.Y {
type= radius
authhost= studentserv.X.Y:1812
accthost= LOCAL
secret =
nostrip
}
Setting accthost to LOCAL for handling the accounting. The problem is that
the NAS'es never recieves any accounting reply and I don't understand why?
This causes the NAS'es (cisco switches) to timeout and retransmit lotsof
duplicates. So, any hints to why replies are not sent back?
- Erling
--
|sig|---
[EMAIL PROTECTED]
Nettseksjonen, ITavd UiT
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + TLS for Wifi networks
Hello there, I am implementing freeradius with openssl to do authentication for Wifi Windows XP clients with Wireless Access Points which has support for WPA. I am using a CommGate Shield product which is based on Red Hat Linux 9.0 with the latest patches, with a custom-compiled freeradius-1.0.4 and openssl-0.98 as the base system. After the compilation and configuration, we did our testing with a Windows XP Pro SP2 client and the integration was successful. However, I noticed that we have had multiple dropped connections from Windows XP Pro with the Planet WAP-4000 and 3Com Office Connect Wireless Access Points every 30 to 45 minutes but the freeradius server logs does not show any errors. I don't think this is a freeradius issue but I need to verify with someone that this is not a radius related problem. My question: --- Is there any configuration parameters within freeradius that I can tweak to debug and check that radius is not the one causing this problem? Logically, I don't think it's a radius issue but I might be wrong. If there is anyone that would like to get a copy of our RADIUS + TLS HOWTO documentation with to find out how we did this integration, please send me a personal email and I will send the PDF copy over. -- Stay driven! Moonshi Mohsenruddin CommGate Inc. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius with EAP-TTLS and PAP auth
> Don't. FreeRadius typically treats EAP-Requests as _two_ requests. It handles > the EAP stuff > and then generates a new request for the stuff that's contained in the tunnel > (e.g. PAP) and > sends that to itself. So, if you force Auth-Type to either EAP or PAP > unconditionally, either > the "inner" (PAP) or the outer (EAP) protocol cannot be handled. you are probably right, I definitly will avoid forcing Auth-Type and let freeradius do the job. > Apparently, it can't find a password (cleartext or uncrypted) for the user, > so it falls > back to Auth-Type System. Try to get PAP authentication working by itself, > first, i.e. > just use radtest to send username/password combinations to the server and fix > their > handling. Once that works, EAP-TTLS with PAP should work as well. You pointed it out. Actually I just had to *comment out* (or force Auth-Type := PAP) : DEFAULT Auth-Type = System Fall-Through = 1 which was earlier defined in the users file. And stay with the simple : "testuser" Password == "testpass" The proxy works also like a charm if you take care to add in the proxy.conf, in the realm definition : 'nostrip' (got that stupid error about "Identity does not match User-Name, setting from EAP Identity" for a while) So thanks for the quick reply Stefan ! -- Mathieu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius with EAP-TTLS and PAP auth
Hi, > And forces (even if I encountered several times that may not be done like > that) in the users conf : > testuser Auth-Type := PAP, User-Password == "testpass" > and also tested EAP, Don't. FreeRadius typically treats EAP-Requests as _two_ requests. It handles the EAP stuff and then generates a new request for the stuff that's contained in the tunnel (e.g. PAP) and sends that to itself. So, if you force Auth-Type to either EAP or PAP unconditionally, either the "inner" (PAP) or the outer (EAP) protocol cannot be handled. > and not specifying the Auth-Type (which then fallback to the System > module and obviously fail) Now, that's a problem... > Without Auth-Type : > > rad_check_password: Found Auth-Type System > auth: type "System" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 5 > rlm_unix: [testuser]: invalid password Apparently, it can't find a password (cleartext or uncrypted) for the user, so it falls back to Auth-Type System. Try to get PAP authentication working by itself, first, i.e. just use radtest to send username/password combinations to the server and fix their handling. Once that works, EAP-TTLS with PAP should work as well. HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Coa and Disconnect Message
hi all, i' am an italian student and i' m a newbie with freeradius. So sorry if i ask stupid things... Can i use Freeradius to do a prepaid-billing system?? Freeradius supports CoA and Disconnect Mesage? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius with EAP-TTLS and PAP auth
Hi folks,
I'm trying to configure freeradius to authenticate users through a TTLS tunnel
witth PA
authentication scheme. Xsupplicant has been configured like :
allow_types = eap_ttls
eap-ttls {
root_cert = /etc/xsupplicant/tls/ca_cert.pem
phase2_type = pap
pap {
username = testuser
password = testpass
}
}
subsequently for freeradius, I enabled in radius.conf the pap module :
pap {
encryption_scheme = md5
}
(tried also crypt and clear options without any success)
But I do not see anything in eap.conf like ttls { ... pap { ... } }
(the interesting part is the pap *inside* the ttls part)
So I tried to enable PAP directly in radiusd.conf authenticate part :
authenticate {
Auth-Type PAP {
pap
}
...
}
And forces (even if I encountered several times that may not be done like that)
in the users conf :
testuser Auth-Type := PAP, User-Password == "testpass"
and also tested EAP, and not specifying the Auth-Type (which then fallback to
the System
module and obviously fail)
With EAP the error I get is :
rlm_eap: EAP-Message not found
rlm_eap: Malformed EAP Message
(xsupplicant and freeradius are apparently not talking the same language)
With PAP :
rad_check_password: Found Auth-Type PAP
auth: type "PAP"
Processing the authenticate section of radiusd.conf
modcall: entering group Auth-Type for request 0
rlm_pap: Attribute "Password" is required for authentication.
modcall[authenticate]: module "pap" returns invalid for request 0
modcall: group Auth-Type returns invalid for request 0
auth: Failed to validate the user
(also tested to put 'Password' instead of 'User-Password' directive, still the
same error.)
Without Auth-Type :
rad_check_password: Found Auth-Type System
auth: type "System"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 5
rlm_unix: [testuser]: invalid password
I'm maybe trying to test something that is not still finished ?
By the way MD5 over TTLS works fine, tested with secureW2 WInXP supplicant.
(Seems that xsupplicant does not support md5 as TTLS phase2)
Thanks for your support !
--
Mathieu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Session-Timeout zero value
Rashad Rustamoff wrote: > What method will be correct to reject user when Session-Timeout are > exhausted. Just set "Auth-Type := Reject". -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Session-Timeout zero value
Plz, tell me the correct way. Our clients use prepaid hourly cards. I wrote external script that runs when Accounting-Stop packet received and decrements Session-Timeout attr. in database by value of Acct-Session-Time attr. in the Accounting-Stop packet. What method will be correct to reject user when Session-Timeout are exhausted. Has freeradius any built-in ability to realize a mechanism described above. Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: Tuesday, August 02, 2005 9:59 PM To: [EMAIL PROTECTED]; FreeRadius users mailing list Subject: Re: Session-Timeout zero value "Rashad Rustamoff" <[EMAIL PROTECTED]> wrote: > I'm wonder is it correct to reject user by setting Session-Timeout attribute > to zero. No. > In case of our NAS it works fine. That's blind luck. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segmentation fault
Hi all, I made make clean, re-configured with the option --disable-share, make and make install and now it works! Thanks for your help! --Vicky Nicolas Baradakis wrote: vicky wrote: Nicolas, Here is the output of gdb. Thanks a lot for your help! [...] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 12678)] 0x400633a2 in lt_dlsym (handle=0x8118398, symbol=0x8116698 "rlm_sql_mysql") at ltdl.c:3330 3330 lensym = LT_STRLEN (symbol) + LT_STRLEN (handle->loader->sym_prefix) It's bug #98. Please look at: http://bugs.freeradius.org/show_bug.cgi?id=98 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Regarding checkrad
Hi all... I'm trying to use checkrad to check for double login. I have read doc/Simultaneous-Use. The problem is when I'm trying to use checkrad, this is the output :- sony# checkrad cisco 10.201.1.3 37 ultrabalad 3706 Timeout: No Response from 10.201.1.3. Timeout: No Response from 10.201.1.3 My ap is cisco 340 and I already enable snmp feature. I don't know what the problem is. Plz help me. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
slipstream and freeradius Reply-Message
Title: Message I want to be able to specify a Reply-Message attribute which is passed to slipstream, which in turn picks up an replymsgs file. However, I only want this to happen when the login fails. Everything I do seems to make it return a Reply-message only when it is successful. I am using freeradius, mysql and slipstream 4.0.127. I have basic authentication working ok. What I am trying to do is create custom failure messages for each user Nitro Web Accelerator works in conjunction with acceleration servers on the Internet to provide dial-up users with the ability to rapidly access Web pages and e-mail, and to download files much faster than would otherwise be the case." - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
