Re: Rejecting auth requests

2005-10-15 Thread Tim O'Donovan 

Hi,

But wouldn't that require using the users file instead of MySQL? Can the 
radcheck table be used in the same way? What I mean is, can a user have 
multiple entries within the table? At the moment we just have a single 
entry for each user:


++---+---++---+
| id | UserName  | Attribute | op | Value |
++---+---++---+
|  1 | [EMAIL PROTECTED] | Password  | == | test  |
++---+---++---+

But would this accomplish the same as using the users file:

++---+---++---+
| id | UserName  | Attribute | op | Value |
++---+---++---+
|  1 | [EMAIL PROTECTED] | Password  | == | test  |
|  2 | [EMAIL PROTECTED] | Auth-Type | := | Reject|
++---+---++---+

I'm not going to be able to actually try this for myself until Monday, 
but any advice in advance would be greatly appreciated.




Kind regards,
Tim O'Donovan



Joe Maimon wrote:




Tim O'Donovan wrote:


Hi,

Does anyone know of a simple way to invoke an Access-Reject for a 
user at the authenticate stage? Without changing the stored password. 
I have tried altering the 'op' to != and all manner of other 
combinations from within the rad_check table without success.


We would just like to be able to ban/unban a user with a single SQL 
update statement.




in the users file, setting a check item like this

userAuth-Type := Reject

Seems to do the job.
- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius/PEAP

2005-10-15 Thread Phil Mayers 

Alan DeKok wrote:

Phil Mayers [EMAIL PROTECTED] wrote:

PEAP can have several inner types. One of these is GTC (generic token 
card) which sends a prompt and asks for a response. I believe the prompt 
can be password and the response the actual password.


How well windows' GTC support works I couldn't tell you, though I know 
it's there.



  Windows doesn't support it, so far as I can tell.


My mistake - I was convinced I'd seen it.

(I suppose it's possible that I had the Cisco wireless card software 
installed, along with it's supplicant-fiddling extensions.)
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Login incorrect

2005-10-15 Thread Andrea Bencini 
I install FC4 with FreeRadius-1.0.4 and I have Colubris Network CN3000.
My Colubris dasn't login (the messages, clients.conf and users
configurations are below)
In the Colubris I put andreabencini password.


MESSAGES
.
.
.
Sat Oct 15 17:10:10 2005 : Debug: Waking up in 31 seconds...
Sat Oct 15 17:10:10 2005 : Debug: Thread 4 got semaphore
Sat Oct 15 17:10:10 2005 : Debug: Thread 4 handling request 3, (1 handled so
far)
Acct-Session-Id = 67de5136
NAS-Port = 0
NAS-Port-Type = Wireless-802.11
User-Name = L005-00076
Calling-Station-Id = 00-02-2D-A6-01-E9
Called-Station-Id = 00-03-52-00-0D-E8
Framed-IP-Address = 10.100.0.37
EAP-Message =
0x02c1002004109013bf17eda858f4a4bcb624e2b5f09e4c3030352d3030303736
State = 0x3fc4e80ba3884fe8c338f3da57f4b36f
NAS-Identifier = L005-00076
NAS-IP-Address = 10.100.0.37
Framed-MTU = 1496
Connect-Info = HTTPS
Service-Type = Administrative-User
Message-Authenticator = 0x92496a7f16273b8a17e589ca0527f580
Sat Oct 15 17:10:10 2005 : Debug:   Processing the authorize section of
radiusd.conf
Sat Oct 15 17:10:10 2005 : Debug: modcall: entering group authorize for
request 3
.
.
.
Sat Oct 15 17:10:10 2005 : Debug:   rad_check_password:  Found Auth-Type EAP
Sat Oct 15 17:10:10 2005 : Debug: auth: type EAP
Sat Oct 15 17:10:10 2005 : Debug:   Processing the authenticate section of
radiusd.conf
Sat Oct 15 17:10:10 2005 : Debug: modcall: entering group authenticate for
request 3
Sat Oct 15 17:10:10 2005 : Debug:   modsingle[authenticate]: calling eap
(rlm_eap) for request 3
Sat Oct 15 17:10:10 2005 : Debug:   rlm_eap: Request found, released from
the list
Sat Oct 15 17:10:10 2005 : Debug:   rlm_eap: EAP/md5
Sat Oct 15 17:10:10 2005 : Debug:   rlm_eap: processing type md5
Sat Oct 15 17:10:10 2005 : Info: rlm_eap_md5: User-Password is required for
EAP-MD5 authentication
Sat Oct 15 17:10:10 2005 : Debug:  rlm_eap: Handler failed in EAP/md5
Sat Oct 15 17:10:10 2005 : Debug:   rlm_eap: Failed in EAP select
Sat Oct 15 17:10:10 2005 : Debug:   modsingle[authenticate]: returned from
eap (rlm_eap) for request 3
Sat Oct 15 17:10:10 2005 : Debug:   modcall[authenticate]: module eap
returns invalid for request 3
Sat Oct 15 17:10:10 2005 : Debug: modcall: group authenticate returns
invalid for request 3
Sat Oct 15 17:10:10 2005 : Debug: auth: Failed to validate the user.
Sat Oct 15 17:10:10 2005 : Auth: Login incorrect: [L005-00076/no
User-Password attribute] (from client miarete-privata port 0 cli
00-02-2D-A6-01-E9)
Sat Oct 15 17:10:10 2005 : Debug: Delaying request 3 for 1 seconds
Sat Oct 15 17:10:10 2005 : Debug: Finished request 3
Sat Oct 15 17:10:10 2005 : Debug: Going to the next request


CLIENTS.CONF

client 10.100.0.37 {
 secret  = andreabencini
 shortname = miarete-privata
}

USERS

L005-0076 User-Password == andreabencini



Can you help me
thank
Andrea

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

auditing / biling users

2005-10-15 Thread Infusino, Michael - ADP Dataphile 
Hello,

Would anyone have an idea on how to record the time the user logs in and
more importantly the time the user logs off/disconnects from the system.  I
would prefer the information to be logged in the radius log file specified
in the radiusd.conf.

I am using the password/nis file for authentication.

Thanks michael

_
This message and any attachments are intended only for the use of the addressee 
and
may contain information that is privileged and confidential. If the reader of 
the 
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.
application/ms-tnef- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Login incorrect

2005-10-15 Thread Alan DeKok 
Andrea Bencini [EMAIL PROTECTED] wrote:
 In the Colubris I put andreabencini password.

  Did you tell the server that was the correct password?

 Sat Oct 15 17:10:10 2005 : Info: rlm_eap_md5: User-Password is required for
 EAP-MD5 authentication
 Sat Oct 15 17:10:10 2005 : Debug:  rlm_eap: Handler failed in EAP/md5

  Nope.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Rejecting auth requests

2005-10-15 Thread Alan DeKok 
Tim O'Donovan [EMAIL PROTECTED] wrote:
 But wouldn't that require using the users file instead of MySQL? Can the 
 radcheck table be used in the same way? What I mean is, can a user have 
 multiple entries within the table?

  Yes.

 But would this accomplish the same as using the users file:
 
 ++---+---++---+
 | id | UserName  | Attribute | op | Value |
 ++---+---++---+
 |  1 | [EMAIL PROTECTED] | Password  | == | test  
 |
 |  2 | [EMAIL PROTECTED] | Auth-Type | := | Reject
 |
 ++---+---++---+

  Yes.

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Newbie question. Where does Freeradius fit in?

2005-10-15 Thread jamrock 
I have done some reading re: radius in general and Freeradius in particular.

When should one use radius?

I have read that radius is useful when one needs a centralized user/password
database.  I guess that would be good when one has lots of remote access
servers.

I have read that radius is good when one needs accounting.

We just need a dial in solution for 6 or so users.  No accounting is
necessary.  What are the disadvantages of using a simple ppp solution that
authenticates against the /etc/passwd file on a Linux box?

We were thinking of using a pci card with 8 modems.

Is Freeradius overkill for us or is it a more secure solution?

Any advice/links to documentation would be useful.  The Freeradius FAQ's
don't address this issue.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: clients.conf problem

2005-10-15 Thread Michael Griego 
Try a fresh CVS checkout or tonight's CVS snapshot and see if this 
corrects your problems.  Looks like there was a byte ordering problem 
when sanitizing the client entry based on the netmask.  This would only 
have affected people with little-endian machines.


--Mike


Alan DeKok wrote:

dev_null [EMAIL PROTECTED] wrote:
  

Strange, I don't know why it won't work to me.
Ok. Never mind.



  Try from a fresh CVS checkout, and don't change anything other than
the clients.  If it's still a problem, it might be the inet_pton()
functions on your system.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

How freeradius compile with g++

2005-10-15 Thread Manoj Patel 
Hello,Does anyone know how I could compile freeradius in C++ using g++ instead of gcc ?I am not very familiar with the underlying configure mechanism , all i know is to type 'configure' an then 
'make' ...

I would make chane in Make.inc file
where CC= g++ insted of CC= gcc
then i got so many error
like
in radiusd.h file , there r operator is declare as variable , but it is key word in g++?

so how can i make freeradius with g++?

thanks
manoj
+ 91 - 9881403519

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html