Please HELP!!! Any ideas??? MySQL and users file... Difference???
Please anybody help me... I am reposting this message, since I am hitting the dead end with this issue Thanks in advance... Hi to all... Does anyone have any idea why placing the following two lines into users file works perfectly with both PAP and CHAP users btest User-Password == Master1 btest Crypt-Password == "$1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1" whereas placing the same two records into radcheck table doesn't work for PAP it does however work for CHAP? username | att| op |val --+-++--- btest| User-Password | == | Master1 btest| Crypt-Password | == | $1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1 It seems that rlm_sql is hitting the unencrypted password only, whereas encryption-scheme in radiusd.conf is defined crypt... Am I missing something? Any help will be appreciated Alex Savguira radius -X (version 1.0.4 ) says rad_recv: Access-Request packet from host 192.168.0.8:4544, id=47, length=45 User-Name = "btest" User-Password = "Master1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "btest", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry DEFAULT at line 171 users: Matched entry DEFAULT at line 173 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'btest' rlm_sql (sql): sql_set_user escaped user --> 'btest' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'btest' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'btest' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'btest' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'btest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall[authorize]: module "domainmschap" returns noop for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type PAP auth: type "PAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_pap: login attempt by "btest" with password Master1 rlm_pap: Using password "Master1" for user btest authentication. rlm_pap: Using CRYPT encryption. rlm_pap: Passwords don't match modcall[authenticate]: module "pap" returns reject for request 0 modcall: group Auth-Type returns reject for request 0 auth: Failed to validate the user. Login incorrect (rlm_pap: CRYPT password check failed): [btest/Master1] (from client rasdata port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 47 to 192.168.0.8:4544 Waking up in 4 seconds... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MYSQL and FreeRadius
Maybe a firewall script at startup? Regards, Edvin From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Diniz Da Rocha Sent: Samstag, 25. Februar 2006 06:51 To: freeradius-users@lists.freeradius.org Subject: MYSQL and FreeRadius Hi I have currently setup FreeRadius 1.0.4 with ldap authentication and authorization as well as mysql authorization and its all working fine. The problem exists when I restart the server, freeradius starts on boot but it fails in connecting to the MYSQL server. If I then shutdown the service and start it again it works fine. I have move the boot order to be S99 but it still fails. The MYSQL server is on a seperate server, so I am wondering whether the ports are blocked until startup is complete, if this is the case How can I get round this??? I am using Fedora Core 4... Has anyone else had this problem??? thanks diniz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MYSQL and FreeRadius
Hi I have currently setup FreeRadius 1.0.4 with ldap authentication and authorization as well as mysql authorization and its all working fine. The problem exists when I restart the server, freeradius starts on boot but it fails in connecting to the MYSQL server. If I then shutdown the service and start it again it works fine. I have move the boot order to be S99 but it still fails. The MYSQL server is on a seperate server, so I am wondering whether the ports are blocked until startup is complete, if this is the case How can I get round this??? I am using Fedora Core 4... Has anyone else had this problem??? thanks diniz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MYSQL and Freeradius
Hi , - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: logging Access-Reject messages
Geoff Silver wrote:
post-auth {
reply_log
}
Mine looks like this, I log to an sql db. I am sure you could replace
"sql" with "reply_log".
post-auth {
sql
Post-Auth-Type REJECT {
sql
}
}
--
Richard Marriner II Marriner Technologies
[EMAIL PROTECTED] www.marrinertech.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault - FreeRadius 1.1.0.tar.gz with Debian 3.1
I haven`t got the file "mysql.conf" in the directory
"/usr/local/etc/raddb" but I have the file "sql.conf" where I have the
configuration of mysql.
In the file radiusd.conf has :
$INCLUDE ${confdir}/sql.conf
:(
That is OK. It is the default file name for mysql configuration. It was
rather confusing for me so I renamed it a long time ago and forgot to edit
it before "cut&paste-ing" it for you.
Does "strace radiusd" give you more information about the reason for
failure?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
logging Access-Reject messages
Hi everyone,
I have no trouble logging Access-Request and Access-Accept messages, but
neither rlm_detail nor "log_auth = yes" seems to log Access-Reject messages.
I feel quite silly asking this, but is there something special I need to do to
get these logged? My radiusd.conf file looks like:
authorize {
preprocess
detail
auth_log
attr_filter
files
}
authenticate {
Auth-Type System {
unix
}
}
preacct {
preprocess
acct_unique
files
}
accounting {
detail
}
session {
}
post-auth {
reply_log
}
I'm happy to send any extra config you'd like - just let me know.
Alternately, I'm happy to patch the code to allow this if someone knows the
right place to do it.
Thanks for any ideas!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault - FreeRadius 1.1.0.tar.gz with Debian 3.1
Hello Ivo,
I haven`t got the file "mysql.conf" in the directory "/usr/local/etc/raddb"
but I have the file "sql.conf" where I have the configuration of mysql.
In the file radiusd.conf has :
$INCLUDE ${confdir}/sql.conf
:(
- Original Message -
From: "Ivo" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Friday, February 24, 2006 6:14 PM
Subject: Re: Segmentation fault - FreeRadius 1.1.0.tar.gz with Debian 3.1
Maybe you are missing $INCLUDE ${confdir}/mysql.conf
in your radiusd.conf
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._: /"
Segmentation fault
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault - FreeRadius 1.1.0.tar.gz with Debian 3.1
Hello Alan,
I have searched the MySQL client libreries with "find . -name *mysql*"
...
...
./usr/lib/libmysqlclient.so.12.0.0
./usr/lib/libmysqlclient_r.so.12.0.0
./usr/lib/libmysqlclient_r.so.12
./usr/lib/libmysqlclient.so.12
./usr/lib/php4/20020429/mysql.so
...
...
I have edited my radiusd.conf and I added the path /usr/lib in the libdir :
...
...
prefix = /usr/local
exec_prefix = ${prefix}
libdir = ${exec_prefix}/lib:/usr/lib/
...
...
I have seen that directory "/usr/local/lib" has this files:
solsrv:/usr/local/lib# ls
firmware rlm_chap.a rlm_eap_md5-1.1.0.so
rlm_files.la rlm_realm-1.1.0.so
libeap-1.1.0.larlm_chap.larlm_eap_md5.a
rlm_files.so rlm_realm.a
libeap-1.1.0.sorlm_chap.sorlm_eap_md5.la
rlm_mschap-1.1.0.la rlm_realm.la
libeap.a rlm_checkval-1.1.0.la rlm_eap_md5.so
rlm_mschap-1.1.0.so rlm_realm.so
libeap.la rlm_checkval-1.1.0.so rlm_eap_mschapv2-1.1.0.la
rlm_mschap.a rlm_sim_files-1.1.0.la
libeap.so rlm_checkval.a rlm_eap_mschapv2-1.1.0.so
rlm_mschap.larlm_sim_files-1.1.0.so
libltdl.a rlm_checkval.larlm_eap_mschapv2.a
rlm_mschap.sorlm_sim_files.a
libltdl.la rlm_checkval.sorlm_eap_mschapv2.la
rlm_ns_mta_md5-1.1.0.la rlm_sim_files.la
libltdl.so rlm_cram-1.1.0.la rlm_eap_mschapv2.so
rlm_ns_mta_md5-1.1.0.so rlm_sim_files.so
libltdl.so.3 rlm_cram-1.1.0.so rlm_eap_sim-1.1.0.la
rlm_ns_mta_md5.a rlm_smb-1.1.0.la
libltdl.so.3.1.0 rlm_cram.a rlm_eap_sim-1.1.0.so
rlm_ns_mta_md5.larlm_smb-1.1.0.so
libradius-1.1.0.la rlm_cram.larlm_eap_sim.a
rlm_ns_mta_md5.sorlm_smb.a
libradius-1.1.0.so rlm_cram.sorlm_eap_sim.la
rlm_pap-1.1.0.la rlm_smb.la
libradius.arlm_detail-1.1.0.larlm_eap_sim.so
rlm_pap-1.1.0.so rlm_smb.so
libradius.la rlm_detail-1.1.0.sorlm_eap.so
rlm_pap.arlm_sql-1.1.0.la
libradius.so rlm_detail.a rlm_example-1.1.0.la
rlm_pap.la rlm_sql-1.1.0.so
rlm_acct_unique-1.1.0.la rlm_detail.la rlm_example-1.1.0.so
rlm_pap.so rlm_sql.a
rlm_acct_unique-1.1.0.so rlm_detail.so rlm_example.a
rlm_passwd-1.1.0.la rlm_sqlcounter-1.1.0.la
rlm_acct_unique.a rlm_digest-1.1.0.larlm_example.la
rlm_passwd-1.1.0.so rlm_sqlcounter-1.1.0.so
rlm_acct_unique.la rlm_digest-1.1.0.sorlm_example.so
rlm_passwd.a rlm_sqlcounter.a
rlm_acct_unique.so rlm_digest.a rlm_exec-1.1.0.la
rlm_passwd.larlm_sqlcounter.la
rlm_always-1.1.0.larlm_digest.la rlm_exec-1.1.0.so
rlm_passwd.sorlm_sqlcounter.so
rlm_always-1.1.0.sorlm_digest.so rlm_exec.a
rlm_perl-1.1.0.larlm_sql.la
rlm_always.a rlm_eap-1.1.0.la rlm_exec.la
rlm_perl-1.1.0.sorlm_sql_log-1.1.0.la
rlm_always.la rlm_eap-1.1.0.so rlm_exec.so
rlm_perl.a rlm_sql_log-1.1.0.so
rlm_always.so rlm_eap.a rlm_expr-1.1.0.la
rlm_perl.la rlm_sql_log.a
rlm_attr_filter-1.1.0.la rlm_eap_gtc-1.1.0.la rlm_expr-1.1.0.so
rlm_perl.so rlm_sql_log.la
rlm_attr_filter-1.1.0.so rlm_eap_gtc-1.1.0.so rlm_expr.a
rlm_preprocess-1.1.0.la rlm_sql_log.so
rlm_attr_filter.a rlm_eap_gtc.a rlm_expr.la
rlm_preprocess-1.1.0.so rlm_sql.so
rlm_attr_filter.la rlm_eap_gtc.la rlm_expr.so
rlm_preprocess.a rlm_unix-1.1.0.la
rlm_attr_filter.so rlm_eap_gtc.so rlm_fastusers-1.1.0.la
rlm_preprocess.larlm_unix-1.1.0.so
rlm_attr_rewrite-1.1.0.la rlm_eap.la rlm_fastusers-1.1.0.so
rlm_preprocess.sorlm_unix.a
rlm_attr_rewrite-1.1.0.so rlm_eap_leap-1.1.0.la rlm_fastusers.a
rlm_radutmp-1.1.0.la rlm_unix.la
rlm_attr_rewrite.a rlm_eap_leap-1.1.0.so rlm_fastusers.la
rlm_radutmp-1.1.0.so rlm_unix.so
rlm_attr_rewrite.larlm_eap_leap.a rlm_fastusers.so
rlm_radutmp.a
rlm_attr_rewrite.sorlm_eap_leap.larlm_files-1.1.0.la
rlm_radutmp.la
rlm_chap-1.1.0.la rlm_eap_leap.sorlm_files-1.1.0.so
rlm_radutmp.so
rlm_chap-1.1.0.so rlm_eap_md5-1.1.0.la rlm_files.a
rlm_realm-1.1.0.la
solsrv:/usr/local/lib#
I have runned "radiusd -X" and it doesn't work :-
- Original Message -
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list"
Sent: Friday, February 24, 2006 6:28 PM
Subject: Re: Segmentation fault - FreeRadius 1.1.0.tar.gz with Debian 3.1
"oscurin" <[EMAIL PROTECTED]> wrote:
Segmentation fault
solsrv:/usr/local/etc/raddb#=20
Your MySQL cli
Re: FreeRadius Features
Mohammad Flaifel wrote: Dears, I asked this question before but unfortunately I didn't get the answer yet, I hope this is not a negative sign :) Are the following features available in FreeRadius: - Change of Authorization while the subscriber's PPP session is still connected. - Radius initiated disconnect: Disconnect users based on download volume limitation RADIUS is a protocol. By the protocol definitions it either must, will, should, or may do or not do certain things as defined in those protocols. None of what you are asking for is in those RFC's. Having said that, Freeradius is very flexible in that you can call external scripts on all sorts of occurances which your NAS' will likely have to cooperate in. If all else fails, you have the source. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-3301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL and users file... Difference???
Hi to all... Does anyone have any idea why placing the following two lines into users file works perfectly with both PAP and CHAP users btest User-Password == Master1 btest Crypt-Password == "$1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1" whereas placing the same two records into radcheck table doesn't work for PAP it does however work for CHAP? username | att| op |val --+-++--- btest| User-Password | == | Master1 btest| Crypt-Password | == | $1$KyUhHIHD$R7mAm4rPX1q4WTEJY5rKQ1 It seems that rlm_sql is hitting the unencrypted password only, whereas encryption-scheme in radiusd.conf is defined crypt... Am I missing something? Any help will be appreciated Alex Savguira radius -X (version 1.0.4 ) says rad_recv: Access-Request packet from host 192.168.0.8:4544, id=47, length=45 User-Name = "btest" User-Password = "Master1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_realm: No '@' in User-Name = "btest", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched entry DEFAULT at line 171 users: Matched entry DEFAULT at line 173 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'btest' rlm_sql (sql): sql_set_user escaped user --> 'btest' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'btest' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'btest' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'btest' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'btest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall[authorize]: module "domainmschap" returns noop for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type PAP auth: type "PAP" Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 0 rlm_pap: login attempt by "btest" with password Master1 rlm_pap: Using password "Master1" for user btest authentication. rlm_pap: Using CRYPT encryption. rlm_pap: Passwords don't match modcall[authenticate]: module "pap" returns reject for request 0 modcall: group Auth-Type returns reject for request 0 auth: Failed to validate the user. Login incorrect (rlm_pap: CRYPT password check failed): [btest/Master1] (from client rasdata port 0) Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 47 to 192.168.0.8:4544 Waking up in 4 seconds... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius Features
Mohammad Flaifel <[EMAIL PROTECTED]> wrote: > Are the following features available in FreeRadius: > - Change of Authorization while the subscriber's PPP session is still > connected. radclient can send these packets. The RADIUS server doesn't. And your NAS will have to support these packets, too. > - Radius initiated disconnect: Disconnect users based on download volume > limitation Yes, if you write scripts that look at the accounting packets, and call radclient to disconnect users when their limit has been reached. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeRadius Features
AFAIK - Radius is stateless and cannot initiate disconnect. Freeradius can provide the AVP for NAS which contains remaining traffic limit. The NAS disconnects the user when limit is reached. Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Mohammad Flaifel Sent: Freitag, 24. Februar 2006 18:08 To: freeradius-users@lists.freeradius.org Subject: FreeRadius Features Dears, I asked this question before but unfortunately I didn't get the answer yet, I hope this is not a negative sign :) Are the following features available in FreeRadius: - Change of Authorization while the subscriber's PPP session is still connected. - Radius initiated disconnect: Disconnect users based on download volume limitation Appreciate you answer. Flaifel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault - FreeRadius 1.1.0.tar.gz with Debian 3.1
"oscurin" <[EMAIL PROTECTED]> wrote: > Segmentation fault > solsrv:/usr/local/etc/raddb#=20 Your MySQL client libraries cannot be found at run time. Edit the "libdir" configuration item to include the directory where the files are located, or update your dynamic linker. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault - FreeRadius 1.1.0.tar.gz with Debian 3.1
Maybe you are missing
$INCLUDE ${confdir}/mysql.conf
in your radiusd.conf
sql: safe-characters =
"@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789._: /"
Segmentation fault
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius Features
Dears, I asked this question before but unfortunately I didn't get the answer yet, I hope this is not a negative sign :) Are the following features available in FreeRadius: - Change of Authorization while the subscriber's PPP session is still connected. - Radius initiated disconnect: Disconnect users based on download volume limitation Appreciate you answer. Flaifel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Open Authentication for a realm
I want to have open authentication on a realm and setup an IP pool for that realm. So if your username is [EMAIL PROTECTED], you will be authenticated, no matter what your password is and you will be given an IP from the pool 10.0.0.0/24. Where in the config files do I have to put this? users file will work - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation fault - FreeRadius 1.1.0.tar.gz with Debian 3.1
Hello all, I have tried configure the freeradius from the debian's packages , but they haven't got sql_counter module. Then I decided to download the source freeradius-1.1.0.tar.gz , I configured it, with the next steps : ./configure --with-experimental-modules make make install For database I used the script "/freeradius-1.1.0/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql" I edited the configuration files sql.conf, clients.conf and radiusd.conf . (/usr/local/etc/raddb). To executed the radiusd -X : solsrv:/usr/local/etc/raddb# radiusd -XStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /usr/local/etc/raddb/proxy.confConfig: including file: /usr/local/etc/raddb/clients.confConfig: including file: /usr/local/etc/raddb/snmp.confConfig: including file: /usr/local/etc/raddb/eap.confConfig: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon.read_config_files: reading clientsread_config_files: reading realmsradiusd: entering modules setupModule: Library search path is /usr/local/libModule: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)"rlm_exec: Wait=yes but no output defined. Did you mean output=none?Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt"Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)"Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = norlm_eap: Loaded and initialized type md5rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP"rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = norlm_eap: Loaded and initialized type mschapv2Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = noModule: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = noModule: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no"Module: Instantiated files (files) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "root" sql: password = "fusi0n" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sq
Re: Help needed with MS-CHAP
"Charles Blake" <[EMAIL PROTECTED]> wrote: > I just want to authenticate MS-CHAPv2 passwords. My question is: > > Where do I have those passwords in my Linux server? I've been trying to say you don't. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Client certs with MSCHAPV2 in PEA
> > Dave Huff wrote: > > . > >> From: "Alan DeKok" <[EMAIL PROTECTED]> > > > >> Robert Myers <[EMAIL PROTECTED]> wrote: > >>> The reason I ask, is that I'm using a client cert signed > by my CA to > >>> do eap/tls, and it's working. I have not implemented the server > >>> cert as of yet. > > > >> Then it *should* work with PEAP. But I don't know of many people > >> that use client certs with PEAP. I suspect no one has > tested that, > >> and that the client may be doing something different than > with EAP-TLS. > > > >> My suggestion is don't use client certs with PEAP. > > > >> Alan DeKok. > > > > Ah well, I'm trying to authenticate both a machine (cert) and a user > > (password) to prevent people from using unchecked machines > on the network. > > PEAP sort of does that I guess since the internal CA isn't > set up on a > > client, but that's not a very secure method. Any suggestions > > appreciated and thanks for your help. > > Interesting. What client is this? FC4/2.6.15-1.1831 Freeradius 1.0.4 Intel PROset 9.0.3.0 Is there a debug mode that would show me exactly which certs are being exchanged? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Open Authentication for a realm
Hi, I am still quite new to radius so please forgive me if I make invalid assumptions or this question has been answered somewhere. I want to have open authentication on a realm and setup an IP pool for that realm. So if your username is [EMAIL PROTECTED], you will be authenticated, no matter what your password is and you will be given an IP from the pool 10.0.0.0/24. Where in the config files do I have to put this? I'm running FreeRadius 1.0.4 on FreeBSD 4.11-STABLE. Regards, -John - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CentOS
Italo Morellato wrote: Freeradius 1.1.0 RPM for CentOS 4.2 (smeserver) is possible? Thanks in advance. Haven't upgraded to 1.1 yet but 1.05 works great. As for RPM's, I don't know if a spec file is available or not. There are no rpms or other packages unless someone (maybe you) is producing/maintaining them. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-3301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Client certs with MSCHAPV2 in PEA
Dave Huff wrote: . From: "Alan DeKok" <[EMAIL PROTECTED]> Robert Myers <[EMAIL PROTECTED]> wrote: The reason I ask, is that I'm using a client cert signed by my CA to do eap/tls, and it's working. I have not implemented the server cert as of yet. Then it *should* work with PEAP. But I don't know of many people that use client certs with PEAP. I suspect no one has tested that, and that the client may be doing something different than with EAP-TLS. My suggestion is don't use client certs with PEAP. Alan DeKok. Ah well, I'm trying to authenticate both a machine (cert) and a user (password) to prevent people from using unchecked machines on the network. PEAP sort of does that I guess since the internal CA isn't set up on a client, but that's not a very secure method. Any suggestions appreciated and thanks for your help. Interesting. What client is this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IPpool & EAP?
Palmer J.D.F. wrote: Hello, Just a quick question, is it possible to allocate client IP details using ippools within FreeRADIUS when using EAP(PEAP)? Yes you can do that at the server side, but it won't DO anything if you're using EAP to protect wired or wireless networks. IPs are assigned by DHCP in those configurations - the NASes (switches, APs) will just ignore the Framed-IP-Address value. (You could be using EAP over say PPP in which case it would work fine, but I doubt it) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Duplicate entries and incorrect accounting and authorization (Cont'd)
Alan, Thank you so much. It was a firewall problem indeed. Running tcpdump on both sides really helped to spot the problem. -Bill On Thu, 23 Feb 2006 18:51:51 -0300 Alan DeKok <[EMAIL PROTECTED]> wrote: ><[EMAIL PROTECTED]> wrote: >> Thank you for your response. As you pointed out, by watching >> tcpdump outcome I see no Radius Responses coming back to the NAS >(I >> do see Radius Requests going out the NAS though). The shared >secret >> is fine and I use chillispot with the right configuration >(pointing >> at the right radius server). Also, I did not introduce any >changes >> at the NAS side from my previous working version. All changes >were >> introduced at the Radius server side. Any more suggestions? > > You have a firewall on the RADIUS server that's blocking >outgoing >packets. Or, the packets are going somewhere else. > > Alan DeKok. >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html Concerned about your privacy? Instantly send FREE secure email, no account required http://www.hushmail.com/send?l=480 Get the best prices on SSL certificates from Hushmail https://www.hushssl.com?l=485 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log file format
Date: Mon, 20 Feb 2006 13:44:05 -0500 From: "Alan DeKok" <[EMAIL PROTECTED]> Subject: Re: Log file format To: FreeRadius users mailing list Message-ID: <[EMAIL PROTECTED]> Walter Reynolds <[EMAIL PROTECTED]> wrote: We have some tools that currently run some statistics on the radius accounting file. Well, we currently use a different radius server. With that in mind the log format is different. Is there a way to modify the format of the accounting log format? Which accounting log? The detail file? That's pretty much unchanged since the original Livingston format 13 years ago. Could you be more specific, and say what should be changed, and to what it should be changed? Alan DeKok. I apologize for not giving all the info, I am new to radius and am still learning. Yes I am refering to the detail file. Currently we have implemented a version of MERIT Radius. I know less about that than Freeradius, so forgive me if I do not give you what you need. Currently we have two files that appear to be accounting data to me. Following are what we get (I have removed IP info for safty sake) These two lines are from logfile.20060220 Mon Feb 20 13:07:12 2006: Received-Authentication: 63/62890 'waltr' from XXX.XXX.XXX.XXX port 9126 PPP Mon Feb 20 13:07:12 2006: Authentication: 63/62890 'waltr' from XXX.XXX.XXX.XXX port 9126 PPP - OK -- total 0, holding 0 No, what is more important to me os from the session.20060220.las file (mainly the first line) This is strange though as because Pre-Auth the accounting data is sent to the merit radius then forwarded to a freeradius and back. Either way this is the format of the merit radius and our scripts. NA NA 1140458855 20 20 waltr@ NA 'PROFILE' NA NA XXX.XXX.XXX.XXX/9126NA NA Framed/PPP/XXX.XXX.XXX.XXX ## User-Name:0='waltr' Calling-Station-Id:0='XXX.XXX.XXX.XXX' Acct-Status-Type:1=Stop ## Acct-Input-Octets:1=1208Acct-Output-Octets:1=1648 Acct-Session-Id:0='0B901E52' ## Acct-Input-Packets:1=11 Acct-Output-Packets:1=9 Acct-Terminate-Cause:1=User-Request ## Tunnel-Client-Endpoint:10=:49:'XXX.XXX.XXX.XXX' Acct-Authentic:1=RADIUS Acct-Delay-Time:1=0 ## NAS-IP-Address:2=XXX.XXX.XXX.XXXNAS-Port-Type:1=Virtual I hope this helps clear up my question. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help reg free radius server
Hi,I am new to free radius server. I installed Radius server on my Linux platform. It is authenticating the user name and password successfully. But when I add the vendor specific attributes, it is not sending those attributes to the Radius server so that I am not able to login to the box. I added these attributes in the dictionary and user files successfully. Still, I could not able to make it. Can you tell me the reason why it is not happening with attributes. Thanks in advance...-- Thanks,Balajee - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Client certs with MSCHAPV2 in PEA
. >From: "Alan DeKok" <[EMAIL PROTECTED]> >Robert Myers <[EMAIL PROTECTED]> wrote: >> The reason I ask, is that I'm using a client cert signed by my CA to do >> eap/tls, and it's working. I have not implemented the server cert as of >> yet. > Then it *should* work with PEAP. But I don't know of many people >that use client certs with PEAP. I suspect no one has tested that, >and that the client may be doing something different than with EAP-TLS. > My suggestion is don't use client certs with PEAP. > Alan DeKok. Ah well, I'm trying to authenticate both a machine (cert) and a user (password) to prevent people from using unchecked machines on the network. PEAP sort of does that I guess since the internal CA isn't set up on a client, but that's not a very secure method. Any suggestions appreciated and thanks for your help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IPpool & EAP?
Hello, Just a quick question, is it possible to allocate client IP details using ippools within FreeRADIUS when using EAP(PEAP)? Many thanks, Jezz Palmer. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeBSD 6.0 and mysql
Not sure if this is any use, but the last time I saw an error like that was with a box which had conflicting threading libraries on it... in the end I just pulled the box down and reinstalled freebsd (box was not in production, thankfully!), but this might be useful to you (it's from a KDE mailing list, but the problem/solution should be the same): http://freebsd.kde.org/pipermail/kde-freebsd/2004-August/008692.html Maybe FreeRADIUS is linked against one library and MySQL is linked to another. Cheers, Rob. -Original Message- From: Alan Craig [mailto:[EMAIL PROTECTED] Sent: 24 February 2006 10:03 To: freeradius-users@lists.freeradius.org Subject: RE: FreeBSD 6.0 and mysql Nope this doesn't help. I have a suspicion it is a threading problem, but I haven't a clue on where to look to sort that out. -- View this message in context: http://www.nabble.com/FreeBSD-6.0-and-mysql-t1168311.html#a3105556 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS-CHAP
King, Michael wrote: Does this also apply to MS-CHAPv2? Yes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CentOS
Freeradius 1.1.0 RPM for CentOS 4.2 (smeserver) is possible? Thanks in advance. Italo Morellato - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FreeBSD 6.0 and mysql
Nope this doesn't help. I have a suspicion it is a threading problem, but I haven't a clue on where to look to sort that out. -- View this message in context: http://www.nabble.com/FreeBSD-6.0-and-mysql-t1168311.html#a3105556 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help needed with MS-CHAP
Charles Blake wrote: I am not trying to do that. I just want to authenticate MS-CHAPv2 passwords. My question is: Where do I have those passwords in my Linux server? You don't by default have them (at least on any distribution I'm aware of). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
