Re: Auth-Type = System not working
Alan DeKok wrote: Shane <[EMAIL PROTECTED]> wrote: Read radiusd.conf, and look for "/etc/passwd". Odds are that you enabled caching of /etc/passw. There's a reason it's not enabled by default, it doesn't work on FreeBSD. Which is explicitly documented. No, that isn't the cause as I have the following in radiusd.conf: ... unix { # allowed values: {no, yes} cache = no OK... # This is required for some systems, like FreeBSD, # and Mac OSX. passwd = /etc/passwd Those should be commented out. Maybe radiusd doesn't have permission to call getpwent()? See the comments around the "unix" module in radiusd.conf. Alan DeKok. Thanks Alan. The lines: passwd = /etc/passwd shadow = /etc/shadow group = /etc/group should be commented out for FreeBSD even though in radiusd.conf the comment directly above states "This is required for some systems, like FreeBSD, and Mac OS" I missed the comment previous to this one which totally changes the meaning of the quoted comment above. Maybe that blank line should be removed between such comments to help some other newbie avoid similar problems. Thanks again, Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Huntgroups how to?
On Fri, 2006-06-02 at 11:16 +0100, vertito wrote: > most APs provide a feature wherein you can block certain MAC addr and/or IP > addr not to authenticate from that particular AP. > check its manual. check huntgroup to separate groups. > > no need to change the environment. cascading or non-cascading should work > out right. > > goodluck Thank you for the reply. The mac check is not a solution, because a malicious user can "steal" the mac from someone using the AP2 (the "staff" AP) and use it to gain access. My hope is to check something like a database plus the standar authentication method ONLY if the request comes from AP2. Thanks again. See Ya - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
peap authentication
Am having a strange problem after my supplicant get authenticated to my active directory. My supplicant trying to get authenticated to active directory or validating identity every 60 mins, which disturbs wireless connection that bother me a lot. Is this normal or can i set the timer to authenticate every 120 mins or whatever timing i like. Am using dynamic WEP and it has been set to change the key every 6 hours. Any help will be really appreciated. Please help me. Thanks in advance !!! Kartthik -- ___ Search for businesses by name, location, or phone number. -Lycos Yellow Pages http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_eap_mschapv2: out of memory
Thank You Alan, The microsoft dictionary was commented out in /usr/local/share/freeradius/dictionary. Ryan > -Original Message- > From: [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of Alan > DeKok > Sent: Friday, June 02, 2006 10:16 AM > To: FreeRadius users mailing list > Subject: Re: rlm_eap_mschapv2: out of memory > > "Ryan Melendez" <[EMAIL PROTECTED]> wrote: > > Can someone please tell me how I might fix this? > > > ... > > rlm_eap_mschapv2: out of memory > > rlm_eap: Default EAP type mschapv2 failed in initiate > > From looking at the source, it happens when a call to pairmake() > fails. I'd guess that the MS-CHAP-Challenge attribute it's in your > dictionaries. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: public secret and public radius server. Is it secure?
sophana <[EMAIL PROTECTED]> wrote: > In my project, I don't own the hotspots, and don't know about the > hotspots ISPs. > The hotspots communicate to the radius server though the internet. I would suggest using another method to get a secure connection to the hotspot. Maybe IPSec. Barring that, each hotspot has a dynamic IP within a small network range. So you can list the network in "clients.conf", and at least have one shared secret per hotspot location. This *is* documented in clients.conf, please read it. > Ok. I don't know much about the radius protocol details, maybe you could > help me understanding how secure would be a solution where the secret is > know by everybody. I thought I said it WOULDN'T be secure. What part of my response was unclear? > Now, once a user is authenticated, how does the nas send accounting info? Read the documentation. That's what it's there for. > Does it have to authenticate again, or is its ip address (and its > (public known)secret) sufficient to authenticate? > Do you need at least a session id? You're confused. Users authenticate. NASes don't. > Imagine that the malicious use cannot listen to the radius > communications. What can it do without authentication? Not get on the network? I don't understand why you're asking these questions. > I need security, because I will use accounting info to perform > facturation... Facturation isn't an english word. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: public secret and public radius server. Is it secure?
vertito wrote: vertito wrote: My question is : - What can a malicious user can do with the secret? Can it alter accounting and other things? (chillispot uses chap auth-type) one is spell it out and try rumble it so he forms a new word from it Is it a real security problem? I will be using accounting for facturation purposes... I am not sure what you mean by facturation. If a hacker knows the shared secret, he can assume the identity of the nas and can utilize the radius server in any way the NAS could, including injecting fake accounting packets, fake auth packets, whatever. This could potentially open up the potential for a DOS attack. For these reasons you should always keep this secret, hence shared SECRET ;-) But this is the way radius works according to the rfcs. It isn't just a freeradius thing. Chris Carver Network Engineer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Lawrence Billson has left Transurban
You think if someone was going to be out of the office for 2 and a half years, He might Unsubscribe from his mailing lists. > -Original Message- > From: > [EMAIL PROTECTED] > g > [mailto:[EMAIL PROTECTED] > adius.org] On Behalf Of Lawrence Billson > Sent: Friday, June 02, 2006 4:24 AM > To: freeradius-users@lists.freeradius.org > Subject: Lawrence Billson has left Transurban > > > > > > I will be out of the office starting 02/06/2006 and will not > return until 12/12/2008. > > > Please send personal messages to [EMAIL PROTECTED] > > For all business related matters, please contact Jeremy > Forrester at [EMAIL PROTECTED] > > Cheers, > Lawrence > > > Privileged/Confidential information may be contained in this > message. If you are not the addressee indicated in this > message (or responsible for delivery of the message to such > person), you may not copy or deliver this message to anyone. > In such a case, you should destroy this message and kindly > notify the sender by reply e-mail or by telephone on (03) > 9612-6999 or +61 3 9612-6999. > > Please advise immediately if you or your employer does not > consent to Internet e-mail for messages of this kind. > > Opinions, conclusions and other information in this message > that do not relate to the official business of Transurban > Limited or any companies within the Transurban Group shall be > understood as neither given nor endorsed by them. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: public secret and public radius server. Is it secure?
Alan DeKok wrote: My problem is that there can be hotspots on dynamic ip addresses. The solution I found actually is to have an unique secret shared with all hotspots. So the secret is known by everybody. Or, make the hotspots NOT have dynamic IP's. There's no reason why they should have dynamic IP's. In my project, I don't own the hotspots, and don't know about the hotspots ISPs. The hotspots communicate to the radius server though the internet. - What can a malicious user can do with the secret? Can it alter accounting and other things? (chillispot uses chap auth-type) If someone knows the secret, he can do *anything* to the packets without the RADIUS server being able to tell. Ok. I don't know much about the radius protocol details, maybe you could help me understanding how secure would be a solution where the secret is know by everybody. Chillispot uses CHAP authentication with a different secret per hotspot. I consider is part as secure. Now, once a user is authenticated, how does the nas send accounting info? Does it have to authenticate again, or is its ip address (and its (public known)secret) sufficient to authenticate? Do you need at least a session id? Imagine that the malicious use cannot listen to the radius communications. What can it do without authentication? I need security, because I will use accounting info to perform facturation... Thanks for your great help. - Is there a way of maintaining a per hotspot secret with dynamic ip addresses? Not really, no. this means I must use a vpn client to connect to the radius server? I would have liked a simple chillispot installation... Regards Sophana KOK - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: public secret and public radius server. Is it secure?
vertito wrote: > > >My question is : >- What can a malicious user can do with the secret? Can it alter >accounting and other things? (chillispot uses chap auth-type) > >one is spell it out and try rumble it so he forms a new word from it > > Is it a real security problem? I will be using accounting for facturation purposes... >- Is there a way of maintaining a per hotspot secret with dynamic ip >addresses? > >yes. check client and clients.conf relationship > > I did not find. clients.conf entry seems to be ip based. How do I setup a NAS without knowing its ip? (and differentiate between several of them) - why not implement static IP for APs? -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication Method
fvt3 <[EMAIL PROTECTED]> wrote: > I have questions concerning authentication method. Is > it possible to force radius to authenticate off of > ldap AND also from a local database? Example, say a > user is connected to radius, first his user > id/password will be authenticated against ldap and if > the supplied credential is correct, force it to also > authenticate against a local database. See doc/configurable_failover. It's possible to list multiple modules in a group in the "authenticate" section, but it's not generally a good idea. > Second question, can you force radius to authenticate > off of ldap or local database. I want the option to > choose which method a user should be authenticated > depending on their user id. Yes. See Auth-Type. But use it very carefully. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: public secret and public radius server. Is it secure?
sophana <[EMAIL PROTECTED]> wrote: > I saw in the freeradius source that the NAS are identified from the ip > address, and the secret is determined from it. That's how RADIUS works. > My problem is that there can be hotspots on dynamic ip addresses. > The solution I found actually is to have an unique secret shared with > all hotspots. > So the secret is known by everybody. Or, make the hotspots NOT have dynamic IP's. There's no reason why they should have dynamic IP's. > - What can a malicious user can do with the secret? Can it alter > accounting and other things? (chillispot uses chap auth-type) If someone knows the secret, he can do *anything* to the packets without the RADIUS server being able to tell. > - Is there a way of maintaining a per hotspot secret with dynamic ip > addresses? Not really, no. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_eap_mschapv2: out of memory
"Ryan Melendez" <[EMAIL PROTECTED]> wrote: > Can someone please tell me how I might fix this? > ... > rlm_eap_mschapv2: out of memory > rlm_eap: Default EAP type mschapv2 failed in initiate From looking at the source, it happens when a call to pairmake() fails. I'd guess that the MS-CHAP-Challenge attribute it's in your dictionaries. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sending multiple attributes from radius to the NAS
Hello all I have following doubts regarding access reply query 1. how do I send multiple attributes using the radreply E.g billing model, credit time etc 2. I have written a function in MySQL to return me the credit time. How do I include this function in my radreply query. Vignesh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication Method
Hi, I have questions concerning authentication method. Is it possible to force radius to authenticate off of ldap AND also from a local database? Example, say a user is connected to radius, first his user id/password will be authenticated against ldap and if the supplied credential is correct, force it to also authenticate against a local database. Second question, can you force radius to authenticate off of ldap or local database. I want the option to choose which method a user should be authenticated depending on their user id. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap_mschapv2: out of memory
Title: rlm_eap_mschapv2: out of memory Can someone please tell me how I might fix this? Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 20 rlm_eap: EAP Identity rlm_eap: processing type mschapv2 rlm_eap_mschapv2: out of memory rlm_eap: Default EAP type mschapv2 failed in initiate rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 20 modcall: leaving group authenticate (returns invalid) for request 20 auth: Failed to validate the user. 2.6.15-wpnmd.3.1 #1 SMP Wed Apr 12 04:50:31 GMT 2006 i686 GNU/Linux Thanks, Ryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: public secret and public radius server. Is it secure?
vertito wrote: My question is : - What can a malicious user can do with the secret? Can it alter accounting and other things? (chillispot uses chap auth-type) one is spell it out and try rumble it so he forms a new word from it Is it a real security problem? I will be using accounting for facturation purposes... - Is there a way of maintaining a per hotspot secret with dynamic ip addresses? yes. check client and clients.conf relationship I did not find. clients.conf entry seems to be ip based. How do I setup a NAS without knowing its ip? (and differentiate between several of them) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Xsupplicant is receiving this Error Message
[STATE] Backend State : RECEIVE -> TIMEOUT[WARNING] Timeout waiting for the authenticator to begin the EAP conversation. This usually happens when the RADIUS server is misconfigured, the authenticator can't talk to the RADIUS server, or the username provided is invalid. __Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ip pool
that simply means you need to call them from Accounting and Post-Auth module section of radius conf see more of Pool-Name attribute as well Hello Vertito, Thanks for your information.But I did not get the meaning of the attributes in the below sentence, dont forget to call them from conf and from attributes. I have configured these things in radiusd.conf. But I am not getting why it is requried,Because with out thses configuration I am able to do Authentication sucessfully. range-start = 192.168.1.1 range-stop = 192.168.1.200 netmask = 255.255.255.255 cache-size = 56 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes maximum-timeout = 90 Regards, Basavaraja. -Original Message- From: vertito [mailto:[EMAIL PROTECTED] Sent: Friday, June 02, 2006 11:07 AM To: 'Basavaraja.pv'; 'FreeRadius users mailing list' Subject: RE: ip pool range-start = 192.168.1.1 range-stop = 192.168.1.200 netmask = 255.255.255.255 cache-size = 56 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes maximum-timeout = 90 dont forget to call them from conf and from attributes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Basavaraja.pv Sent: Friday, June 02, 2006 10:00 AM To: freeradius-users@lists.freeradius.org Subject: ip pool Hello Sir, I went through the radiusd.conf file. I am not getting the exact purpose of the ippool main_pool{ rangesatrt = 192.168.1.1 rangestop = 192.168.3.254 } Please give me the working of the above code. Thanks and Regards, Basavaraja - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Huntgroups how to?
most APs provide a feature wherein you can block certain MAC addr and/or IP addr not to authenticate from that particular AP. check its manual. check huntgroup to separate groups. no need to change the environment. cascading or non-cascading should work out right. goodluck -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Unknown Sent: Friday, June 02, 2006 9:50 AM To: FreeRadius users mailing list Subject: Huntgroups how to? Hello, i'm pretty new to the freeradius world, so please forgive me if i don't use the correct terms. Here is my situation: 1 AP with a freeradius auth backend used to gain access to the inner network. All works fine, i've setup both clients and server to use EAP-TLS. Now the question: I need to add one more AP and another user class, specifically: UserClass1 Users (Students) must be able to gain access through AP1 Only UserClass2 Users (Staff) must be able to gain access through both APs I think that i can accomplish this using huntgroups, forcing all requests coming from AP2 (Staff only) to auth through EAP-TLS AND mysql backend, maybe. I need not to change the actual enviroment, so I cannot redestribuite certs again nor order the users to use another auth method. Is there a Way ? Thank you all in advance, Pieces of code, howto, links and whatsoever are wellcome :) Thanks Again - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: public secret and public radius server. Is it secure?
My question is : - What can a malicious user can do with the secret? Can it alter accounting and other things? (chillispot uses chap auth-type) one is spell it out and try rumble it so he forms a new word from it - Is there a way of maintaining a per hotspot secret with dynamic ip addresses? yes. check client and clients.conf relationship HTH milver -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ip pool
range-start = 192.168.1.1 range-stop = 192.168.1.200 netmask = 255.255.255.255 cache-size = 56 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes maximum-timeout = 90 dont forget to call them from conf and from attributes -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] .org] On Behalf Of Basavaraja.pv Sent: Friday, June 02, 2006 10:00 AM To: freeradius-users@lists.freeradius.org Subject: ip pool Hello Sir, I went through the radiusd.conf file. I am not getting the exact purpose of the ippool main_pool{ rangesatrt = 192.168.1.1 rangestop = 192.168.3.254 } Please give me the working of the above code. Thanks and Regards, Basavaraja - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.8.1/354 - Release Date: 6/1/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
public secret and public radius server. Is it secure?
Hi I'd like to make a public hotspot management system with chillispot and freeradius. I saw in the freeradius source that the NAS are identified from the ip address, and the secret is determined from it. My problem is that there can be hotspots on dynamic ip addresses. The solution I found actually is to have an unique secret shared with all hotspots. So the secret is known by everybody. My question is : - What can a malicious user can do with the secret? Can it alter accounting and other things? (chillispot uses chap auth-type) - Is there a way of maintaining a per hotspot secret with dynamic ip addresses? Regards Sophana - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ip pool
Hello Sir, I went through the radiusd.conf file. I am not getting the exact purpose of the ippool main_pool{ rangesatrt = 192.168.1.1 rangestop = 192.168.3.254 } Please give me the working of the above code. Thanks and Regards, Basavaraja - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Huntgroups how to?
Hello, i'm pretty new to the freeradius world, so please forgive me if i don't use the correct terms. Here is my situation: 1 AP with a freeradius auth backend used to gain access to the inner network. All works fine, i've setup both clients and server to use EAP-TLS. Now the question: I need to add one more AP and another user class, specifically: UserClass1 Users (Students) must be able to gain access through AP1 Only UserClass2 Users (Staff) must be able to gain access through both APs I think that i can accomplish this using huntgroups, forcing all requests coming from AP2 (Staff only) to auth through EAP-TLS AND mysql backend, maybe. I need not to change the actual enviroment, so I cannot redestribuite certs again nor order the users to use another auth method. Is there a Way ? Thank you all in advance, Pieces of code, howto, links and whatsoever are wellcome :) Thanks Again - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Lawrence Billson has left Transurban
I will be out of the office starting 02/06/2006 and will not return until 12/12/2008. Please send personal messages to [EMAIL PROTECTED] For all business related matters, please contact Jeremy Forrester at [EMAIL PROTECTED] Cheers, Lawrence Privileged/Confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such a case, you should destroy this message and kindly notify the sender by reply e-mail or by telephone on (03) 9612-6999 or +61 3 9612-6999. Please advise immediately if you or your employer does not consent to Internet e-mail for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Transurban Limited or any companies within the Transurban Group shall be understood as neither given nor endorsed by them. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius rlm_sql driver problem-need help
>Hello Edvin, >Thanks for responding. You welcome ! >mysql was installed from the linux Enterprise 4 cd by selecting the >mysql devel,server and client options. >--Monsur In your sql.conf file - you should enter only "rlm_sql_mysql" under "driver" option - not the whole path ! If this is entered, be sure that you have compiled mysql-driver. Regards, Edvin On 6/1/06, Seferovic Edvin <[EMAIL PROTECTED]> wrote: > Hi, > > how did you "installed" it? From an RPM ? or have you compiled and installed > it from source? Are your mysql libraries available? > > Regards, > > Edvin > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > g] On Behalf Of Abul Monsur Mannan > Sent: Donnerstag, 01. Juni 2006 08:12 > To: FreeRadius users mailing list > Subject: freeradius rlm_sql driver problem-need help > > Hello FR Users > > Can anybody here help me out of this problem? > I installed freeradius version 1.1.1 with mysql on RH Linux Enterprise 4 ed. > I've got this result > > [EMAIL PROTECTED] ~]# radiusd -X > Starting - reading configuration files ... > > reread_config: reading radiusd.conf > Config: including file: /usr/local/etc/raddb/proxy.conf > Config: including file: /usr/local/etc/raddb/clients.conf > Config: including file: /usr/local/etc/raddb/snmp.conf > Config: including file: /usr/local/etc/raddb/eap.conf > Config: including file: /usr/local/etc/raddb/sql.conf > main: prefix = "/usr/local" > main: localstatedir = "/usr/local/var" > main: logdir = "/usr/local/var/log/radius" > main: libdir = "/usr/local/lib" > main: radacctdir = "/usr/local/var/log/radius/radacct" > main: hostname_lookups = no > main: max_request_time = 30 > main: cleanup_delay = 5 > main: max_requests = 1024 > main: delete_blocked_requests = 0 > main: port = 0 > main: allow_core_dumps = no > main: log_stripped_names = no > main: log_file = "/usr/local/var/log/radius/radius.log" > main: log_auth = no > main: log_auth_badpass = no > main: log_auth_goodpass = no > main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" > main: user = "(null)" > main: group = "(null)" > main: usercollide = no > main: lower_user = "no" > main: lower_pass = "no" > main: nospace_user = "no" > main: nospace_pass = "no" > main: checkrad = "/usr/local/sbin/checkrad" > main: proxy_requests = yes > proxy: retry_delay = 5 > proxy: retry_count = 3 > proxy: synchronous = no > proxy: default_fallback = yes > proxy: dead_time = 120 > proxy: post_proxy_authorize = no > proxy: wake_all_if_all_dead = no > security: max_attributes = 200 > security: reject_delay = 1 > security: status_server = no > main: debug_level = 0 > read_config_files: reading dictionary > read_config_files: reading naslist > Using deprecated naslist file. Support for this will go away soon. > read_config_files: reading clients > read_config_files: reading realms > Using deprecated realms file. Support for this will go away soon. > radiusd: entering modules setup > Module: Library search path is /usr/local/lib > Module: Loaded exec > exec: wait = yes > exec: program = "(null)" > exec: input_pairs = "request" > exec: output_pairs = "(null)" > exec: packet_type = "(null)" > rlm_exec: Wait=yes but no output defined. Did you mean output=none? > Module: Instantiated exec (exec) > Module: Loaded expr > Module: Instantiated expr (expr) > Module: Loaded PAP > pap: encryption_scheme = "crypt" > Module: Instantiated pap (pap) > Module: Loaded CHAP > Module: Instantiated chap (chap) > Module: Loaded MS-CHAP > mschap: use_mppe = yes > mschap: require_encryption = no > mschap: require_strong = no > mschap: with_ntdomain_hack = no > mschap: passwd = "(null)" > mschap: authtype = "MS-CHAP" > mschap: ntlm_auth = "(null)" > Module: Instantiated mschap (mschap) > Module: Loaded eap > eap: default_eap_type = "md5" > eap: timer_expire = 60 > eap: ignore_unknown_eap_types = no > eap: cisco_accounting_username_bug = no > rlm_eap: Loaded and initialized type md5 > rlm_eap: Loaded and initialized type leap > gtc: challenge = "Password: " > gtc: auth_type = "PAP" > rlm_eap: Loaded and initialized type gtc > mschapv2: with_ntdomain_hack = no > rlm_eap: Loaded and initialized type mschapv2 > Module: Instantiated eap (eap) > Module: Loaded preprocess > preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" > preprocess: hints = "/usr/local/etc/raddb/hints" > preprocess: with_ascend_hack = no > preprocess: ascend_channels_per_line = 23 > preprocess: with_ntdomain_hack = no > preprocess: with_specialix_jetstream_hack = no > preprocess: with_cisco_vsa_hack = no > Module: Instantiated preprocess (preprocess) > Module: Loaded realm > realm: format = "suffix" > realm: delimiter = "@" > realm: ignore_default = no > realm: ignore_null = no > Module: Instantiated realm (suffix) > Module: Loaded files > files: usersfile = "/usr/local/etc/raddb/users" > files: acctusersfile = "/usr/local/etc/raddb/acct_users" > file
suppressing outbound leg on ipipgw
hello all i am using cisco ipipgw and free radius. for a single call i get 2 records. one for each leg. now i want to supress one of the leg mostly outbound. i cant use gw-accounting suppress as both the legs are voip. i even tried voice class aaa accounting suppress outbound leg but still no luck any idea guys how can i do this. thanks in advance Vignesh - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius rlm_sql driver problem-need help
Hello Edvin, Thanks for responding. mysql was installed from the linux Enterprise 4 cd by selecting the mysql devel,server and client options. --Monsur On 6/1/06, Seferovic Edvin <[EMAIL PROTECTED]> wrote: Hi, how did you "installed" it? From an RPM ? or have you compiled and installed it from source? Are your mysql libraries available? Regards, Edvin -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Abul Monsur Mannan Sent: Donnerstag, 01. Juni 2006 08:12 To: FreeRadius users mailing list Subject: freeradius rlm_sql driver problem-need help Hello FR Users Can anybody here help me out of this problem? I installed freeradius version 1.1.1 with mysql on RH Linux Enterprise 4 ed. I've got this result [EMAIL PROTECTED] ~]# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded SQL sql: driver = "/usr/local/src/freeradius-1.1.1/src/modules/rlm_sql/drivers/rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "radius" sql: password = "radpass" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "