RE: cannot create core dump file?
Hi, thanks for the reply. i've checked the radius.conf, allow_core_dumps = yes. i am not sure abt the file name of the core dump file (nv seen it before), but seems there's no new created file in root directory either. any suggestion? KW - Original Message - From: "Joe Maimon" <[EMAIL PROTECTED]> To: "FreeRadius users mailing list" Sent: Tuesday, December 27, 2005 10:52 AM Subject: Re: cannot create core dump file? and where can i get the core dump file? any advise? thanks in advance. regards, Pang KW check the root directory, check radiusd.conf to see that core dumps are enabled - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot create core dump file?
and where can i get the core dump file? any advise? thanks in advance. regards, Pang KW check the root directory, check radiusd.conf to see that core dumps are enabled - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:cannot create core dump file?
encounterd the same situation..any idea? - Original Message - From: "pepsi cola" <[EMAIL PROTECTED]> To: Sent: Tuesday, December 27, 2005 9:30 AM Subject: cannot create core dump file? Hi all, i attemp to create core dump file since i encountered segmentation fault error. i have followed the steps in doc/bug, i.e. ./configure --enable--developer make make install ulimit -c unlimited then i ran the daemon using './radiusd -XXX' under /usr/local/radius/sbin as my current directory.but afterwards there's no core dump file generated in my currenct dir. how and where can i get the core dump file? any advise? thanks in advance. regards, Pang KW - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:cannot create core dump file?
Hi all, i attemp to create core dump file since i encountered segmentation fault error. i have followed the steps in doc/bug, i.e. ./configure --enable--developer make make install ulimit -c unlimited then i ran the daemon using './radiusd -XXX' under /usr/local/radius/sbin as my current directory.but afterwards there's no core dump file generated in my currenct dir. how and where can i get the core dump file? any advise? thanks in advance. regards, Pang KW - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Set user status to active / non-active ?
Hello freeradius-users, how to set user status to active / non-active? I use PPPoE (MikroTik PC RouterOS) already connect with FreeRadius + MySQL, i want to manage user's that haven't pay the bill.. so i will need to set it to non-active, then if the users already pay the bill, i will set it back to active. i mean.. i need to know what i need to set in freeradius database or conf? -- Best regards, Yudi mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
cannot create core dump file?
Hi all, i attemp to create core dump file since i encountered segmentation fault error. i ran the daemon using './radiusd -XXX' under /usr/local/radius/sbin as my current directory.but afterwards there's no core dump file generated. how and where can i get the core dump file? any advise? thanks in advance. regards, Pang KW - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 16:02, Markus Krause wrote: > i am not an expert but it seems that you (or some module) sets auth-type to > local. what does your authorize and authenticate sections in radiusd.conf > look like? Here is that portion authorize { preprocess chap mschap suffix sql noresetcounter } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } } the interface between the user and radius is done by a .cgi script -- LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > On Monday 26 December 2005 12:41, Markus Krause wrote: > I'm finally making progress. Now I'm getting the following: > > modcall: group authorize returns ok for request 0 > auth: type Local > auth: user supplied User-Password does NOT match local User-Password > auth: Failed to validate the user. > > even though the password that I entered in the login is correct. i am not an expert but it seems that you (or some module) sets auth-type to local. what does your authorize and authenticate sections in radiusd.conf look like? regards, markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 12:41, Markus Krause wrote: > what says freeradius if started in debug mode (freeradius -XA) ? > and what says radtest? I'm finally making progress. Now I'm getting the following: modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. even though the password that I entered in the login is correct. Now I'm really stuck. sigh! LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > On Monday 26 December 2005 06:15, Markus Krause wrote: > > Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > > > I'm getting the following error in the radius log and don't know how to > > > handle > > > it. I assume it's handled somewhere within the radius.conf file but I > > > can't find anything about it. > > > > > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: > > > Unknown attribute "Max-All-Session" > > > > add a line to your dictionary file (on suse: /etc/raddb/dictionary): > > ATTRIBUTE Max-All-Session 3000 integer > > > > Thanks Markus... Now I'm getting the following > > Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed > in 'authenticate' sections -- they have no such method. yes, it is not intended to be used in this section ;-) i hope i did not use this in the example config file i sent you! > If I remove the sql from that section it doesn't complain. How does sql > handle > this. Also as a side note, I tried logging on using a wireless client and the > loggin in "failed" both on the sql ( database is populated) and USERS > (uncommented "steve") but I can't find any logs on why. what says freeradius if started in debug mode (freeradius -XA) ? and what says radtest? regards markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: AW: unknown certificate??
=?iso-8859-1?Q?Armin_Kr=E4mer?= <[EMAIL PROTECTED]> wrote: > generate the certifikates with TinyCA2 ist automatically signs it. I only > have to export the Client Certifikate to PKCS12 format for my XP machine. > Could you tell me what there could go wrong? No idea, sorry. The "unknown certificate" error is generated by OpenSSL. I suggest reading their documentation to see when, and why, that error occurs. All I know is I use the scripts that come with FreeRADIUS to create certs, and EAP-TLS works. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Programmer/Admin Needed
Kyle Leissner wrote: I own a small dialup ISP (around 500 users at the current time) but we are expanding rapidly (at least 100 users per month signup) with no advertising since we started 4 months ago. We use Freeside as our main billing system and freeradius as our radius server. Currently we only have one programmer/admin that runs our whole operation. He does good work, but lives in New Zealand, and is very hard to get a hold of. We are looking for a freelance admin/programmer that has experience with Freeside and Freeradius features. We are looking to do the following: -setup accelerated dialup service with Freeside and radius groups -install the address book for our webmail program -upload and update the knowledge base -create an automated user signup/setup program -setup echecking features -make the signup page load faster and make it not so buggy -make/implement the customer login interface for them to cancel their account, update their password, update their information, and setup additional email accounts -setup newsgroups -setup user hosting service We are on a very tight budget as we have just broke even with our operation. Please respond off list if you are interested in doing freelance work on our system. Thank you, Kyle Leissner Ivan, the gentleman who designed freeside, is available and quite capable of all you ask. You can reach him at [EMAIL PROTECTED] His rates are good, especially when you consider your situation and the fact he is the most familiar with the code you want worked. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 10:12, LeRoy DeVries wrote: > On Monday 26 December 2005 09:38, Alan DeKok wrote: > > Try running the server in debugging mode, as suggested in the FAQ, > > README, INSTALL, and daily on this list. > > > > Honestly, I just don't understand why it's so hard to do that. > > > > Alan DeKok. > > Sorry I just could not find any info on that. After doing a google search I > finnaly found it and how to place in debug mode. > > Now I why it is failing... > > rlm_sqlcounter: Entering module authorize code > Segmentation fault > > Now to find out how to fix it. :) I found the error and corrected it. I forgot to add the query. LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Programmer/Admin Needed
I own a small dialup ISP (around 500 users at the current time) but we are expanding rapidly (at least 100 users per month signup) with no advertising since we started 4 months ago. We use Freeside as our main billing system and freeradius as our radius server. Currently we only have one programmer/admin that runs our whole operation. He does good work, but lives in New Zealand, and is very hard to get a hold of. We are looking for a freelance admin/programmer that has experience with Freeside and Freeradius features. We are looking to do the following:-setup accelerated dialup service with Freeside and radius groups -install the address book for our webmail program -upload and update the knowledge base -create an automated user signup/setup program-setup echecking features-make the signup page load faster and make it not so buggy-make/implement the customer login interface for them to cancel theiraccount, update their password, update their information, and setupadditional email accounts -setup newsgroups -setup user hosting service We are on a very tight budget as we have just broke even with our operation. Please respond off list if you are interested in doing freelance work on our system.Thank you,Kyle Leissner - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: unknown certificate??
Hmmm... like i said i generated that Certifikate with TinyCA2. If you generate the certifikates with TinyCA2 ist automatically signs it. I only have to export the Client Certifikate to PKCS12 format for my XP machine. Could you tell me what there could go wrong? Thanks, Armin =?iso-8859-1?Q?Armin_Kr=E4mer?= <[EMAIL PROTECTED]> wrote: > i installed the aktual version of freeradius on a debian system and > generated a CA und server/client certificates with TinyCA2. I want to > authenticate the clients using EAP/TLS. But now i get this output of > freeradius and freeradius freezes at this point. Can someone tell me why > this happens? The client certificate isn't signed by the server cert. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 09:38, Alan DeKok wrote: > Try running the server in debugging mode, as suggested in the FAQ, > README, INSTALL, and daily on this list. > > Honestly, I just don't understand why it's so hard to do that. > > Alan DeKok. Sorry I just could not find any info on that. After doing a google search I finnaly found it and how to place in debug mode. Now I why it is failing... rlm_sqlcounter: Entering module authorize code Segmentation fault Now to find out how to fix it. :) LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed to link to module 'rlm_eap': ... : No such file or directory
"Roberto S. G." <[EMAIL PROTECTED]> wrote: > I can see that previous package had rlm_eap.so, and that the last one > doesn't, and apparently has delete the previous one... What can I do? Either install a package that has rlm_eap.so, or re-build the server completely from source. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: unknown certificate??
=?iso-8859-1?Q?Armin_Kr=E4mer?= <[EMAIL PROTECTED]> wrote: > i installed the aktual version of freeradius on a debian system and > generated a CA und server/client certificates with TinyCA2. I want to > authenticate the clients using EAP/TLS. But now i get this output of > freeradius and freeradius freezes at this point. Can someone tell me why > this happens? The client certificate isn't signed by the server cert. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MD5 Authentication problem
Marco Spiga <[EMAIL PROTECTED]> wrote many, many, times: ... First, only one post to the list is necessary. Second: > rlm_eap_md5: User-Password is required for EAP-MD5 authentication You didn't tell the server what the user's *correct* password was. How did you expect the server to be able to authenticate the user? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
LeRoy DeVries <[EMAIL PROTECTED]> wrote: > Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed > in 'authenticate' sections -- they have no such method. Why did you put it there? > If I remove the sql from that section it doesn't complain. How does > sql handle this. Also as a side note, I tried logging on using a > wireless client and the loggin in "failed" both on the sql ( > database is populated) and USERS (uncommented "steve") but I can't > find any logs on why. Try running the server in debugging mode, as suggested in the FAQ, README, INSTALL, and daily on this list. Honestly, I just don't understand why it's so hard to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users Digest, Vol 8, Issue 108
Hi, Sorry that my PHP script didn't work straight out of the box. Have you tried the CGI script? Failing that you will have to tell your users to enable popups for your site. Regards, Sean - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 06:15, Markus Krause wrote: > Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > > I'm getting the following error in the radius log and don't know how to > > handle > > it. I assume it's handled somewhere within the radius.conf file but I > > can't find anything about it. > > > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: > > Unknown attribute "Max-All-Session" > > add a line to your dictionary file (on suse: /etc/raddb/dictionary): > ATTRIBUTE Max-All-Session 3000 integer > Thanks Markus... Now I'm getting the following Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections -- they have no such method. If I remove the sql from that section it doesn't complain. How does sql handle this. Also as a side note, I tried logging on using a wireless client and the loggin in "failed" both on the sql ( database is populated) and USERS (uncommented "steve") but I can't find any logs on why. FWIW I am using Chillispot for a captive portal which uses a SSL web interface for the radius server which I config to use sql database and the USERS file. The database was made from phpMyPrepaid. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: state of art of freeradius
Rafael Roldán wrote: Hy all, I would like to know your opinion about the following issues: Which is the most common use of the freeradius server in your particular cases? Authorizing dialup and highspeed wireless users. A secondary use is authenticating users allowed to log in to network equipment such as routers, switches, and servers. Which version are you using? is it stable? 1.0.5. Very stable What problems have you found using freeradius (during installation, configuration, use...)? Ignorance is always my biggest hurdle. I find I attempt to perform tasks with freeradius with which I am not familiar enough as to make the proper config very difficult. I expect the wiki to help with this as examples of challenges and their solutions are posted. My objective is writing a document trying to reflect the state of art of the freeradius server. I think if you are looking for the state of the art in RADIUS then you found it. Free or not. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd -X and Raddb Configure
Kai Geek wrote: radiusd.conf[1682] Unknown Auth-Type "System" in authenticate section. I always keep a default copy of the radius.conf around. When an error like this pops up (I have seen that exact one before) I do a diff of my radius.conf and the default and look for the offending itme. This might work for you. I can guarantee with no config posted no one will be able to help you. Other than that, inserting something in clients.conf relating to 10.0.0.250 may help with the setup you mentioned. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DialupAdmin gives Blank Pages
Scott MacEachern A.Sc.T wrote: apache2 The list contains the answer somewhere in there. Have you searched the archives? -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
LeRoy DeVries wrote: I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute "Max-All-Session" Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from database Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting user I'm a newbie to all this and am stumbling along :) You need to check that the dictionary that contains the attribute mentioned is included in /etc/raddb/dictionary or wherever your radius.conf lists it. Follow the syntax in that file to include it. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed to link to module 'rlm_eap': ... : No such file or directory
Hi, I'm having a similar problem with rlm_eap, and no google or list search have fixed it: I was using freeradius 1.0.2 in a Suse 9.2 machine, and in a system update, it tried to update to 1.0.5, which apparently was succesful, but it wasn't: Mon Dec 26 13:49:53 2005 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Mon Dec 26 13:49:53 2005 : Error: radiusd.conf[9] Failed to link to module 'rlm_eap': rlm_eap.so: cannot open shared object file: No such file or directory I can see that previous package had rlm_eap.so, and that the last one doesn't, and apparently has delete the previous one... What can I do? thanks. Message: 1 Date: Fri, 18 Nov 2005 16:16:00 +0100 (ora solare Europa occidentale) From: "Nicola Iotti" <[EMAIL PROTECTED]> Subject: Failed to link to module 'rlm_eap' To: Message-ID: <[EMAIL PROTECTED]> Content-Type: text/plain; charset="iso-8859-1" Hi, I'm using Freeradius 1.0.5, I ran ./configure -disable-shared but when I start radiusd -s -X .. it stops with this message ... radiusd.conf[9] Failed to link to module 'rlm_eap': unknown error I see in past mail that other people had this problem but I can't find solution.. Ing. Nicola Iotti Network Manager mailto: [EMAIL PROTECTED] Guglielmo S.r.l. Sede legale: Via Martiri di Minozzo, 12 Sede operativa: Via Sante Vincenzi , 2 / D 42100 Reggio Emilia ITALIA Tel.: +39-0522 - 40 63 67 Fax: +39-0522 - 54 08 16 Cell: +39-320 61 90 072 internet website: http://www.guglielmo.biz mailto:[EMAIL PROTECTED] -- next part -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unknown certificate??
Hi, i installed the aktual version of freeradius on a debian system and generated a CA und server/client certificates with TinyCA2. I want to authenticate the clients using EAP/TLS. But now i get this output of freeradius and freeradius freezes at this point. Can someone tell me why this happens? Sending Access-Challenge of id 22 to 192.168.1.252:1326 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0117040a0dc011da95300f0603551d130101ff040530030101ff301106096086480186f842010104040302010630090603551d1204023000302b06096086480186f842010d041e161c54696e7943412047656e65726174656420436572746966696361746530210603551d11041a3018811643412d52616469757340616b2d7365727665722e6465300b0603551d0f040403020106300d06092a864886f70d010105050003820201002cb7d2ab56adb9d5a348a6bc0391ecbd8f53215ca3ad83c74730cba78bcb0f36800f71f9c9e672b5ad761fddb06f72075715ad686dd6e31c496c015847927af98a5820860004122fd22eba64dbffe46d8def EAP-Message = 0x4dfd2195d70b313f472b31e0dec0d39f08e95d9c6ee43b060954e7cda70492fb473698daca42a3a76e07601ecc9d746ea3eac2daa4da050dd21d1c8daebf845abc3daa199a3fb35c5fc6c876d312b8c90775a6de01092e337da7ccb155f9e67713b1e3a8c171b3663256e60f25e009c9aa454db5299ed3de9ac280eca445f57ab53be98287d63540631085c9a166904842e44d4ff63e691c86590ff95319bf1370f7f5f1f8eaa331403588e2bda2bb2d6750e3a769fe878e9723ab0f8903deab637a6d83fe77f79f89af7dbb7578d511033d01b0f5455b016503582ca56fcc79142ff1551abab18e9f76a71e148838d7036db5de29a4f6bc4598daffd1 EAP-Message = 0x199ad4d07da7e11c82f03f6895c1b3941139eadf341ce19d3edbfd1bac3719b5f7eb22c5ba729d58c553ce72adb9af2e92edc34381b42c83c755bafa8442f28d5c574c8a9827938605f397110186c84e34d13bbd8fc322f58808f7f556518d19f93c42678f12acf01f3f1ab70834b2baa1cc461bdc970e0f942ea57f1b3913e55cca966066c00c504d12e8d22a81d0daee14c4e08165a871d33373b49037fe596fc987f47dfbea4343b2cad19053e50d95160301028d0c0002890040be4f362c2e1dd2744e7c980ee5d9a708e9075935767ee7fecb9a91b67b0e1611eb5acc1d7d32248195513d17734004d37cc721d59ed25d08a48a2164361419e300 EAP-Message = 0x010500400a294a0f089a763d7338d32e2f8c633b1e186a316091c678c314a1afb16ceb2b57090b5a068d36c54ff061e5ab76b4a969c88a0f7590aefef1b56512aebf5c2e02006572fd3a81faa03031a8dee67d18ee0625b873e37ede370854c4a7ee122ad3206d97e0ef365299eac3baa8d8bf6af223058628d5660da500e81a906cc044ef2f3ec59a7373f447e46e5ad84aaa0d373a1988f0cf6b647bcfb913d6607fc88e0287f201fc3ddc563921460daf1ed27988e407e65c2ea2b25173a95d2db5bda931ae2b9e8a5605d82e1331e3a091ee29029aa8218efb3c883da22208b556120a3e85a96206a29a8951e050439b350e932836667981dbd617 EAP-Message = 0x6d69bed85ccfa622102bcfe18acfe16c40c119ba45dc Message-Authenticator = 0x State = 0xd18c60556f39fcd47f7a825bbd1b5a27 Finished request 5 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.1.252:1327, id=23, length=130 User-Name = "Kraemer.Armin" NAS-IP-Address = 192.168.1.252 NAS-Identifier = "acess_point_siemens" NAS-Port = 29 Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 State = 0xd18c60556f39fcd47f7a825bbd1b5a27 EAP-Message = 0x021700060d00 Message-Authenticator = 0xe4c3119fa2de7a9cc9e9a4ec080c3826 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module "preprocess" returns ok for request 6 modcall[authorize]: module "chap" returns noop for request 6 modcall[authorize]: module "mschap" returns noop for request 6 rlm_realm: No '@' in User-Name = "Kraemer.Armin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 6 rlm_eap: EAP packet type response id 23 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 6 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 modcall[authorize]: module "files" returns ok for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 6 modcall: group authenticate returns handled for request 6 Sending Access-Challenge of id 23 to 192.168.1.252:1327 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type =
Re: Error in Radius.log
Zitat von LeRoy DeVries <[EMAIL PROTECTED]>: > I'm getting the following error in the radius log and don't know how to > handle > it. I assume it's handled somewhere within the radius.conf file but I can't > find anything about it. > > Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown > attribute "Max-All-Session" add a line to your dictionary file (on suse: /etc/raddb/dictionary): ATTRIBUTE Max-All-Session 3000 integer > Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from > database are you sure you set the correct variables in sql.conf, e.g. user who is allowd to connect to sql db and password? an example: sql { server = "localhost" login = "radiusd" password "donttellanyone" } > Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting > user > > I'm a newbie to all this and am stumbling along :) > > -- > LeRoy & Dorothy > Location: http://map.datastormusers.com/user2.cfm?user=1591 > My Web Page: http://www.rvfulltimer.com > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > regards markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-MD5 Authentication problem
Hello!!! I don't know why the 'radeapclient -s -xx 127.0.0.1 auth testing123 About to send encoded packet: User-Name = "test" User-Password = "password" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 210 EAP-Type-Identity = "test" Sending Access-Request of id 39 to 127.0.0.1:1812 User-Name = "test" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Message = 0x02d200090174657374 Message-Authenticator = 0x rad_recv: Access-Challenge packet from host 127.0.0.1:1812, id=39, length=80 EAP-Message = 0x01d300160410467a3e116557e810bee94bf5760a48c2 Message-Authenticator = 0xea22fa77b3f82094f1461d9300f85034 State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 <+++ EAP decoded packet: EAP-Message = 0x01d300160410467a3e116557e810bee94bf5760a48c2 Message-Authenticator = 0xea22fa77b3f82094f1461d9300f85034 State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Id = 211 EAP-Code = Request EAP-Type-MD5 = 0x10467a3e116557e810bee94bf5760a48c2 +++> About to send encoded packet: User-Name = "test" User-Password = "\207\310\025Oi\206\303\274 !'y\021Y\373" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 211 Message-Authenticator = 0x EAP-Type-MD5 = 0x101eb18c0bd5ae4e5d279d43fbdb577e5c State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 Sending Access-Request of id 40 to 127.0.0.1:1812 User-Name = "test" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" Message-Authenticator = 0x State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Message = 0x02d3001604101eb18c0bd5ae4e5d279d43fbdb577e5c Re-sending Access-Request of id 40 to 127.0.0.1:1812 User-Name = "test" User-Password = "s]\247\314\203\226\241\030\344\027t\223\264\271\273\002" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 211 Message-Authenticator = 0x EAP-Type-MD5 = 0x101eb18c0bd5ae4e5d279d43fbdb577e5c State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Message = 0x02d3001604101eb18c0bd5ae4e5d279d43fbdb577e5c rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=40, length=44 EAP-Message = 0x04d30004 Message-Authenticator = 0xbbd931385ade37c4675fa301f6c7a506 <+++ EAP decoded packet: EAP-Message = 0x04d30004 Message-Authenticator = 0xbbd931385ade37c4675fa301f6c7a506 EAP-Id = 211 EAP-Code = Failure Total approved auths: 0 Total denied auths: 2 the radius.conf file contain: modules { ... eap { default_eap_type = md5 md5 { } ... } ... } # eap sets the authenticate type as EAP authorize { ... eap } # eap authentication takes place. authenticate { eap } the eap.conf file contain: eap { default_eap_type = md5 md5 { } } the users file contain: "test" Auth-Type := EAP, User-Password == "password" Reply-Message = "Hello, %u" And the OUTPUT of the radiusd -XA is: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests
Re: huntgroups
Hello ! Another possible solution: Make authorization via SQL, and external program. External program called in configuration from users file. External program will make auth&acct for prepaid cards, and if it determine that authorization or accounting packet is for contract client, then it will no append any attributes except Fall-Through = Yes. When external program does billing for cards itself, it will return all necessary attributes in addition to Fall-Through = No. Is this alrotithm correct and implementable in FreeRadius ? Thanks Ruslan A Dautkhanov wrote: Hello ! Short question: Please point me how to make startup changes in huntgroup to configure FR to use two different sql-modules for auth&acct, based on some criterias?... Examples are most welcome. Explanation: We have contract subscribers and want to use the same RADIUS- server for auth&acct of prepaid cards. Contact users enters their login+realm and password, but cards users enter card number and PIN-code. That is the difference, that make difference. We need use another SQL module instance for card users... How to configure huntgroups for this situation? Conditions can be (1) if no '@' char in the User-Name attribute, then use 'sql-cards' instance for auth&acct. Otherwise, use 'sql-contracts'. (2) if User-Name attribute have (determ. via regex) exact 14 digits, then use 'sql-cards' instance for auth&acct. Otherwise, use 'sql-contracts'. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to use CRL by PEAP authentication
Hi Klaus, > For peap you don't use a certificate on the client (better: > supplicant) side, so it is not checked. What you seem to have revoked > is the certficate the server presents to the supplicant, which has no > part in deciding to authorize/authenticate the user. It is as surely your telling. I did not understand PEAP's specification, but I know it. Thank you for your answering! Best Regards, Kouji Amemiya On Fri, 16 Dec 2005 12:39:42 +0100 wbh <[EMAIL PROTECTED]> wrote: > On 12/16/05, Kouji Amemiya <[EMAIL PROTECTED]> wrote: > > I was using the certificate published by OpenSSL, I revoked this > > certificate. > > (Herewith, this certificate's information was written on CRL.) > > > > And I attempted PEAP authentication by this revoked certificate, > > but authentication result was "Access-Accept". > > For peap you don't use a certificate on the client (better: > supplicant) side, so it is not checked. What you seem to have revoked > is the certficate the server presents to the supplicant, which has no > part in deciding to authorize/authenticate the user. > > Why the supplicant doesn't refuse the supposedly revoked server > certificate would be interesting (you could look into your setup, if > the supplicant did check for the latest CRL of the certicate's > issuer), but is unresponsive to your original question. > > Regards, > Klaus Hvrcher > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
state of art of freeradius
Hy all, I would like to know your opinion about the following issues: Which is the most common use of the freeradius server in your particular cases? Which version are you using? is it stable? What problems have you found using freeradius (during installation, configuration, use...)? My objective is writing a document trying to reflect the state of art of the freeradius server. Thanks a lot for you help Best regards from Madrid Rafa - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-MD5 Authentication problem
Hello!!! I don't know why the 'radeapclient -s -xx 127.0.0.1 auth testing123 About to send encoded packet: User-Name = "test" User-Password = "password" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 210 EAP-Type-Identity = "test" Sending Access-Request of id 39 to 127.0.0.1:1812 User-Name = "test" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Message = 0x02d200090174657374 Message-Authenticator = 0x rad_recv: Access-Challenge packet from host 127.0.0.1:1812, id=39, length=80 EAP-Message = 0x01d300160410467a3e116557e810bee94bf5760a48c2 Message-Authenticator = 0xea22fa77b3f82094f1461d9300f85034 State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 <+++ EAP decoded packet: EAP-Message = 0x01d300160410467a3e116557e810bee94bf5760a48c2 Message-Authenticator = 0xea22fa77b3f82094f1461d9300f85034 State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Id = 211 EAP-Code = Request EAP-Type-MD5 = 0x10467a3e116557e810bee94bf5760a48c2 +++> About to send encoded packet: User-Name = "test" User-Password = "\207\310\025Oi\206\303\274 !'y\021Y\373" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 211 Message-Authenticator = 0x EAP-Type-MD5 = 0x101eb18c0bd5ae4e5d279d43fbdb577e5c State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 Sending Access-Request of id 40 to 127.0.0.1:1812 User-Name = "test" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" Message-Authenticator = 0x State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Message = 0x02d3001604101eb18c0bd5ae4e5d279d43fbdb577e5c Re-sending Access-Request of id 40 to 127.0.0.1:1812 User-Name = "test" User-Password = "s]\247\314\203\226\241\030\344\027t\223\264\271\273\002" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 211 Message-Authenticator = 0x EAP-Type-MD5 = 0x101eb18c0bd5ae4e5d279d43fbdb577e5c State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Message = 0x02d3001604101eb18c0bd5ae4e5d279d43fbdb577e5c rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=40, length=44 EAP-Message = 0x04d30004 Message-Authenticator = 0xbbd931385ade37c4675fa301f6c7a506 <+++ EAP decoded packet: EAP-Message = 0x04d30004 Message-Authenticator = 0xbbd931385ade37c4675fa301f6c7a506 EAP-Id = 211 EAP-Code = Failure Total approved auths: 0 Total denied auths: 2 the radius.conf file contain: modules { ... eap { default_eap_type = md5 md5 { } ... } ... } # eap sets the authenticate type as EAP authorize { ... eap } # eap authentication takes place. authenticate { eap } the eap.conf file contain: eap { default_eap_type = md5 md5 { } } the users file contain: "test" Auth-Type := EAP, User-Password == "password" Reply-Message = "Hello, %u" And the OUTPUT of the radiusd -XA is: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests
EAP-MD5 Authentication problem
Hello!!! I don't know why the 'radeapclient -s -xx 127.0.0.1 auth testing123 About to send encoded packet: User-Name = "test" User-Password = "password" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 210 EAP-Type-Identity = "test" Sending Access-Request of id 39 to 127.0.0.1:1812 User-Name = "test" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Message = 0x02d200090174657374 Message-Authenticator = 0x rad_recv: Access-Challenge packet from host 127.0.0.1:1812, id=39, length=80 EAP-Message = 0x01d300160410467a3e116557e810bee94bf5760a48c2 Message-Authenticator = 0xea22fa77b3f82094f1461d9300f85034 State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 <+++ EAP decoded packet: EAP-Message = 0x01d300160410467a3e116557e810bee94bf5760a48c2 Message-Authenticator = 0xea22fa77b3f82094f1461d9300f85034 State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Id = 211 EAP-Code = Request EAP-Type-MD5 = 0x10467a3e116557e810bee94bf5760a48c2 +++> About to send encoded packet: User-Name = "test" User-Password = "\207\310\025Oi\206\303\274 !'y\021Y\373" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 211 Message-Authenticator = 0x EAP-Type-MD5 = 0x101eb18c0bd5ae4e5d279d43fbdb577e5c State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 Sending Access-Request of id 40 to 127.0.0.1:1812 User-Name = "test" User-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" Message-Authenticator = 0x State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Message = 0x02d3001604101eb18c0bd5ae4e5d279d43fbdb577e5c Re-sending Access-Request of id 40 to 127.0.0.1:1812 User-Name = "test" User-Password = "s]\247\314\203\226\241\030\344\027t\223\264\271\273\002" EAP-MD5-Password = "password" NAS-IP-Address = 127.0.0.1 NAS-Port = 10 EAP-Code = Response Called-Station-Id = "00-06-25-57-18-B6" Calling-Station-Id = "00-06-23-27-38-E6" EAP-Id = 211 Message-Authenticator = 0x EAP-Type-MD5 = 0x101eb18c0bd5ae4e5d279d43fbdb577e5c State = 0x5b89e4e2d4f4726ac10c9f4ff49f0209 EAP-Message = 0x02d3001604101eb18c0bd5ae4e5d279d43fbdb577e5c rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=40, length=44 EAP-Message = 0x04d30004 Message-Authenticator = 0xbbd931385ade37c4675fa301f6c7a506 <+++ EAP decoded packet: EAP-Message = 0x04d30004 Message-Authenticator = 0xbbd931385ade37c4675fa301f6c7a506 EAP-Id = 211 EAP-Code = Failure Total approved auths: 0 Total denied auths: 2 the radius.conf file contain: modules { ... eap { default_eap_type = md5 md5 { } ... } ... } # eap sets the authenticate type as EAP authorize { ... eap } # eap authentication takes place. authenticate { eap } the eap.conf file contain: eap { default_eap_type = md5 md5 { } } the users file contain: "test" Auth-Type := EAP, User-Password == "password" Reply-Message = "Hello, %u" And the OUTPUT of the radiusd -XA is: Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/eap.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests
radiusd -X and Raddb Configure
Hello, i am installing freeradius server and operating system slackware 10.2 #cd /etc/raddb #list acct_users clients.conf hints naslist preproxy_users snmp.conf x99passwd.sample attrs dictionary huntgroupsnaspasswdproxy.conf sql.conf certs/ eap.conf ldap.attrmap oraclesql.conf radiusd.conf users clients experimental.conf mssql.confpostgresql.conf realms x99.conf #radiusd -X Module: Instantiated unix (unix) radiusd.conf[1682] Unknown Auth-Type "System" in authenticate section. what problem? -- -- | Radius Server || Dlink Switch | | IP : 10.0.0.200|--- | IP: 10.0.0.250 | -- -- | ssh accepting radius| ^ |__| | __| | (ssh wish request) | | -- | My Computer| | IP: 10.0.0.201 | -- How do I topology ensure this? what Raddb server must I do ? Thank you +-+-+- BEGIN PGP SIGNATURE -+-+-+ Version: GnuPG v1.4.2 (GNU/Linux) ___ / __)Kai "Ozgur" Geek \__ \PGP ID: B1B63B6E (___/lackwareNetwork Engineer +-+-+-+ END PGP SIGNATURE +-+-+-+ -- ___ Check out the latest SMS services @ http://www.linuxmail.org This allows you to send and receive SMS through your mailbox. Powered by Outblaze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html