Radius with SNMP -- Urgent
After compiling freeradius with "--with-snmp" option and when i try to run the server in the debug mode I see. Module: Instantiated radutmp (radutmp) main: smux_password = "verysecret" main: snmp_write_access = no SMUX connect try 1 Can't connect to SNMP agent with SMUX: Connection refused Listening on authentication *:1918 Listening on accounting *:1919 Ready to process requests. ___ I am still trying to figure out what step should i take next. Can anybody help me -Kshitij Tech Mahindra, formerly Mahindra-British Telecom. Disclaimer: This message and the information contained herein is proprietary and confidential and subject to the Tech Mahindra policy statement, you may review at http://www.techmahindra.com/Disclaimer.html externally and http://tim.techmahindra.com/Disclaimer.html internally within Tech Mahindra. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Attribute Operators
Thank you, Peter. You are so kind! Truly appreciated!! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Peter Nixon Sent: Thursday, September 14, 2006 2:48 PM To: FreeRadius users mailing list Subject: Re: Attribute Operators On Thu 14 Sep 2006 19:09, Cliff Hayes wrote: > Hello everyone, > > Does anyone know of a good reference site for the attribute operators (:=, > ==, +=) that shows what each means? http://wiki.freeradius.org/index.php/Operators -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attribute Operators
On Thursday 14 September 2006 17:47, Peter Nixon wrote: > On Thu 14 Sep 2006 19:09, Cliff Hayes wrote: > > Hello everyone, > > > > Does anyone know of a good reference site for the attribute operators > > (:=, ==, +=) that shows what each means? > > http://wiki.freeradius.org/index.php/Operators The := operator display is fixed. The wiki is responding much faster than it was earlier today. -Kevin pgpoQ156XexJb.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attribute Operators
On Thu 14 Sep 2006 23:19, Francois-Xavier GAILLARD wrote: > Le Thu, Sep 14, 2006 at 12:35:39PM -0400, Alan DeKok ecrivait: > > "Cliff Hayes" <[EMAIL PROTECTED]> wrote: > > > Does anyone know of a good reference site for the attribute operators > > > (:=, ==, +=) that shows what each means? > > > > "man users", or "man 5 users", depending on your OS. > > I was going to tell him to have a look at the wiki, the SQL part of it, > but I can't get to it. Port 80 is open but no response and no timeout: There is something causing Apache to occasionally hang on the server. When I figure out what it it I will fix it :-) -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgp4xOoKAWurz.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attribute Operators
On Thu 14 Sep 2006 19:09, Cliff Hayes wrote: > Hello everyone, > > Does anyone know of a good reference site for the attribute operators (:=, > ==, +=) that shows what each means? http://wiki.freeradius.org/index.php/Operators -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpaBeSCxVydt.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attribute Operators
Le Thu, Sep 14, 2006 at 12:35:39PM -0400, Alan DeKok ecrivait: > "Cliff Hayes" <[EMAIL PROTECTED]> wrote: > > Does anyone know of a good reference site for the attribute operators (:=, > > ==, +=) that shows what each means? > > "man users", or "man 5 users", depending on your OS. I was going to tell him to have a look at the wiki, the SQL part of it, but I can't get to it. Port 80 is open but no response and no timeout: [EMAIL PROTECTED] :~$telnet wiki.freeradius.org 80 Trying 66.139.73.209... Connected to wiki.freeradius.org. Escape character is '^]'. get / And I can wait hours. A normal connection would be: [EMAIL PROTECTED] :~$telnet 212.43.246.10 80 Trying 212.43.246.10... Connected to 212.43.246.10. Escape character is '^]'. get / 501 Method Not Implemented Method Not Implemented get to /index.html not supported. Invalid method in request get / Apache/1.3.33 Server at mailto:[EMAIL PROTECTED]">host1.thefox.com.fr Por t 80 Connection closed by foreign host. [EMAIL PROTECTED] :~ Don't you have any monitoring for the wiki website ? if none, do you want some ? Regards, Fox. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: denying access to user from device
> Rob Shepherd wrote: > TYPO! > > DEFAULT HuntGroup-Name == ciscovpnc > Autz-Type := ldap > > ...is how it looks in raddb/user. You need to put the Autz-Type on the first line as a check item. DEFAULT HuntGroup-Name == ciscovpnc, Autz-Type := ldap If I understand correctly, with the Autz-Type on the second line you are trying to set it as a reply item. However, Autz-Type is a server configuration attribute not a standard RADIUS attribute that a client (NAS) would understand, which is why you need to set it on the first line. I've been using a similar configuration for awhile, except we use multiple ldap modules and I also set Auth-Type as well as the Autz-Type. > Oh, and I tried various combos of > > Autz-Type ldap{ > ldap > } > > in authorize{ too. No joy. This looks fine to me, probably just need to fix the DEFAULT line. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: denying access to user from device
Rob Shepherd wrote: Dear freeradiuseers, I have my wireless network working great... PEAP supplicants are authenticated from either LDAP or MySQL and the appropriate Tunnel-Private-Group-ID is set to allocate the correct vlan. I also have a cisco VPN concentrator. I must only allow ldap users to authenticate to this. mysql users mustn't get a look in... I tried making a huntgroup in raddb/huntgroups... ciscovpnc NAS-IP-Address == 10.1.33.4 then in raddb/users... DEFAULT HuntGroup-Name == ciscovpnc Autz-Type = ldap however sql is still checked. Could some body shove me in the right direction.. Cheers Rob TYPO! DEFAULT HuntGroup-Name == ciscovpnc Autz-Type := ldap ...is how it looks in raddb/user. Oh, and I tried various combos of Autz-Type ldap{ ldap } in authorize{ too. No joy. Thanks IA Rob -- Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ [EMAIL PROTECTED] | 01248 675024 | 077988 72480 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attribute Operators
"Cliff Hayes" <[EMAIL PROTECTED]> wrote: > Does anyone know of a good reference site for the attribute operators (:=, > ==, +=) that shows what each means? "man users", or "man 5 users", depending on your OS. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: denying access to user from device
Rob Shepherd <[EMAIL PROTECTED]> wrote: > then in raddb/users... > > DEFAULT HuntGroup-Name == ciscovpnc > Autz-Type = ldap Run the server in debugging mode. It will tell you that Autz-Type doesn't belong there. Read the "man" page for the "users" file./ Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to return AV pairs from within an rlm module?
Hi Josh Thanks a lot. I am going to give it a try. Best Regards Ali On 9/14/06, Josh Howlett <[EMAIL PROTECTED]> wrote: Add your attributes to the reply structure. FreeRADIUS will take care ofthe rest.josh.Ali Majdzadeh wrote:> Hi all> I want to return AV pairs (Cisco VoIP) from within an rlm module. I > tried to printf them into stdout, but it didn't work.> Should I use the structures accessible within the rlm module? for> example, REQUEST.> Then, how should I pass them to Cisco?>> Regards > Ali>>> >> -> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attribute Operators
Hello everyone, Does anyone know of a good reference site for the attribute operators (:=, ==, +=) that shows what each means? I can't find them anywhere. I even bought the book Radius by Jonathan Hassell. Not there either. Thanks in advance, Cliff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
denying access to user from device
Dear freeradiuseers, I have my wireless network working great... PEAP supplicants are authenticated from either LDAP or MySQL and the appropriate Tunnel-Private-Group-ID is set to allocate the correct vlan. I also have a cisco VPN concentrator. I must only allow ldap users to authenticate to this. mysql users mustn't get a look in... I tried making a huntgroup in raddb/huntgroups... ciscovpnc NAS-IP-Address == 10.1.33.4 then in raddb/users... DEFAULT HuntGroup-Name == ciscovpnc Autz-Type = ldap however sql is still checked. Could some body shove me in the right direction.. Cheers Rob -- Rob Shepherd | Computer and Network Engineer | Technium CAST | LL57 4HJ [EMAIL PROTECTED] | 01248 675024 | 077988 72480 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dial-UP admin page problems
Ok, I removed apache2 and went backwards to apache1.3. I have php4 module working, and I have included the following lines in the httpd.conf. AddType application/x-httpd-php .php3 AddType application/x-httpd-php php Still whenever I try to access the dial-up admin page my browser wants me to download the buttons.php3 script. I’m at a loss. I’m a novice Linux admin so forgive me if I don’t sound like I know what I’m talking about. Nico Gazzano Network & Systems Admin MIS Choice Inc. 1699 Wall ST Suite 602 Mount Prospect, IL 60056 Phone 847-690-1900 ext206 Fax 847-690-1350 [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: segmentation fault bug with mysql5 backend
this bug seems to appear only on the debian unstable package since from source its compiling just fine.package maintainer was notified of this.On 9/14/06, liran tal <[EMAIL PROTECTED]> wrote: Debian Unstable kernel 2.6.17-2-686 Package: freeradius-mysql freeradius Version: 1.1.3-1 I've configured freeradius with a mysql backend using the gz'iped mysql.sql schema found on /usr/share/doc/freeradius/examples/ When I run a simple test with radtest I'm getting segmentation fault. Here's the log from /usr/sbin/freeradius -X when the radtest packet is sent: rad_recv: Access-Request packet from host 127.0.0.1:1046, id=25, length=57 User-Name = "admin" User-Password = "admin" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "admin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'admin'rlm_sql (sql): sql_set_user escaped user --> 'admin'radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'admin' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4Segmentation faultserver:/etc/freeradius# Never encountered in this bug before. Thanks, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with Certs
Mike May <[EMAIL PROTECTED]> wrote: > attached is a copy of my EAP.conf file with cert info, I need to renew > the certs and do not know what the process is You don't renew certs. You just create new ones, using the same process you used to create the old ones. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rautmp not working..
Collen Blijenberg <[EMAIL PROTECTED]> wrote: > but how can i see who's logged in then ? (and where) If the NAS won't tell the server who's logged in, the server won't know, and neither will you. Buy a real NAS. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS doc
"affora deeb" <[EMAIL PROTECTED]> wrote: > hi did u get the answer > if u did plz tell me > coz i got the same problem The online documentation is at http://www.freeradius.org/doc/, and the wiki. The directory http://www.freeradius.org/radiusd/doc/ is just a copy of the 'doc' directory that's included with the server. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
segmentation fault bug with mysql5 backend
Debian Unstable kernel 2.6.17-2-686 Package: freeradius-mysql freeradius Version: 1.1.3-1 I've configured freeradius with a mysql backend using the gz'iped mysql.sql schema found on /usr/share/doc/freeradius/examples/ When I run a simple test with radtest I'm getting segmentation fault. Here's the log from /usr/sbin/freeradius -X when the radtest packet is sent: rad_recv: Access-Request packet from host 127.0.0.1:1046, id=25, length=57 User-Name = "admin" User-Password = "admin" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "admin", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 152 modcall[authorize]: module "files" returns ok for request 0 radius_xlat: 'admin'rlm_sql (sql): sql_set_user escaped user --> 'admin'radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'admin' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4Segmentation faultserver:/etc/freeradius# Never encountered in this bug before. Thanks, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with Certs
Hello everyone, I am new to freeRadius and was wondering if someone could provide me some help on renewing my certs. attached is a copy of my EAP.conf file with cert info, I need to renew the certs and do not know what the process is thanks a bunch for any help, hopefully i will group out of my newbie phase soon. Mike tls { #private_key_password = #private_key_password = #private_key_file = ${raddbdir}/certs/newreq.pem private_key_file = ${raddbdir}/certs/selfsigned/radius-selfsigned.pem # If Private key & Certificate are located in # the same file, then private_key_file & # certificate_file must contain the same file # name. #certificate_file = ${raddbdir}/certs/newreq.pem certificate_file = ${raddbdir}/certs/selfsigned/radius-selfsigned.pem # Trusted Root CA list CA_file = ${raddbdir}/certs/demoCA/cacert.pem dh_file = ${raddbdir}/certs/dh random_file = ${raddbdir}/certs/random - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IAS and Openser
modcall[authorize]: module "auth_log" returns ok for request 3 modcall[authorize]: module "chap" returns noop for request 3 rlm_realm: Looking up realm "voip.domain.br" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "DEFAULT" rlm_realm: Proxying request from user teste to realm DEFAULT rlm_realm: Adding Realm = "DEFAULT" rlm_realm: Preparing to proxy authentication request to realm "DEFAULT" modcall[authorize]: module "suffix" returns updated for request 3 rlm_digest: Adding Auth-Type = DIGEST modcall[authorize]: module "digest" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for [EMAIL PROTECTED] radius_xlat: '([EMAIL PROTECTED])' radius_xlat: 'ou=users,dc=voip,dc=domain,dc=br' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=users,dc=voip,dc=domain,dc=br, with filter ([EMAIL PROTECTED]) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 3 modcall: leaving group authorize (returns notfound) for request 3 Sending Access-Request of id 3 to 10.2.1.XY port 1600 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = 0x0a077465737465 Digest-Attributes = 0x010e766f69702e756662612e6272 Digest-Attributes = 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131 Digest-Attributes = 0x04127369703a766f69702e756662612e6272 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "4283445dcb36643dab5f437e10f692bf" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 0x7465737465 NAS-IP-Address = 10.2.1.XX NAS-Port = 5060 Proxy-State = 0x323038 Re-sending Access-Request of id 0 to 10.2.1.XX port 1600 User-Name = "[EMAIL PROTECTED]" Digest-Attributes = 0x0a077465737465 Digest-Attributes = 0x010e766f69702e756662612e6272 Digest-Attributes = 0x022a34353039343233343264313165616336306262366262633263373539643630666362383939656131 Digest-Attributes = 0x04127369703a766f69702e756662612e6272 Digest-Attributes = 0x030a5245474953544552 Digest-Response = "4283445dcb36643dab5f437e10f692bf" Service-Type = IAPP-Register X-Ascend-PW-Lifetime = 0x7465737465 NAS-IP-Address = 10.2.1.XX NAS-Port = 5060 Client-IP-Address = 10.2.1.XX Realm = "DEFAULT" Module-Failure-Message = "rlm_ldap: User not found" Realm = "DEFAULT" Proxy-State = 0x323035 Waking up in 1 seconds... rad_recv: Access-Request packet from host 10.2.1.XX:33634, id=206, length=200 Ignoring duplicate packet from client OpenSER:33634 - ID: 206, due to outstanding proxied request 1. Its seems the proxy is working, but it dont communicate with the IAS. -- Module-Failure-Message = "rlm_ldap: User not found" -- I dont know what meanig, but the sound is not good. The command ldasearch return a rigth answer, I dont know what happended. The problem is in IAS? How can I test it? Any ideia? Merci. [EMAIL PROTECTED] escreveu:Hi,> How can I transform freeradius server in a proxy?> I configured the proxy.conf, but seems dont work>> And I uncommnet the line in radiusd.conf:>> proxy_requests = yes> $INCLUDE ${confdir}/proxy.conf>> I wanna do this:> |Openser| -> |Radiusclient| -> |Freeradius| -> |IAS| -> |AD|>> Its work?>> And in IAS should I configured anything?Configure the NULL realm with the same settings as DEFAULT. Other than that, the config sounds good to me. Did you change anything apart from that in the default config file? In particular, you need to have at least one instance of the "realm" module in authorize { }. The default config has "suffix" in there, that should be fine. You need to be sure then that your user names don't contain the @ character - otherwise they won't match the DEFAULT realm you set up in proxy.conf.If you are positive that an instance of realm is in authorize and NULL is configured, but it still doesn't work then please post the debug output (radiusd -X) of a packet that arrived and was supposed to be proxied, but wasn't.> Sorry for the portuguese e-mail.When I read it, I wondered what strange dialect of Spanish this is. :-) Portuguese and Spanish aren't that far apart after all, it seems.Greetings,Stefan Winter Yahoo! Acesso Grátis - Internet rápida e grátis. Instale o discador agora! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
issue while setting up clients list from mysql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I've running a freeradius 2.0.0.pre0 from CVS (20060912) and have problems generating the clients list from the nas table of an mysql server. The mysql server is running on localhost I can connect using the same user/password combination configured in the radiusd sql section. On the mysql console I can ask the SELECT query for the nas tables defined in sql/mysql-dialup.conf with success. But if I fire up the radiusd it gives this error: - --8<--- rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 rlm_sql (sql): Processing generate_sql_clients rlm_sql (sql) in generate_sql_clients: query is SELECT id, nasname, shortname, type, secret FROM nas rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id, nasname, shortname, type, secret FROM nas rlm_sql (sql): Read entry nasname=127.0.0.1,shortname=localhost,secret=testing123 rlm_sql (sql): Adding client 127.0.0.1 (localhost) to clients list rlm_sql (sql): generate_sql_clients() returned error rlm_sql (sql): Closing sqlsocket 4 rlm_sql (sql): Closing sqlsocket 3 rlm_sql (sql): Closing sqlsocket 2 rlm_sql (sql): Closing sqlsocket 1 rlm_sql (sql): Closing sqlsocket 0 radiusd.conf[11]: sql: Module instantiation failed. radiusd.conf[1966] Failed to find module "sql". radiusd.conf[1889] Failed to parse authorize section. Errors setting up modules I'm a little bit lost now, maybe I don't see the obvious. Any hints what can cause this error are appreciated. regards, Christian -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFCUPj6kMW7HW8620RAt9PAJ9pU1Ff4pmx5aIVuc7kfA7T7o2uWwCgnxDr FGRD6tYbV9JPq64hah4N48s= =6EQ9 -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NT-PASSWORD--Re: Freeradius-Users Digest, Vol 17, Issue 47
> rlm_sql: Failed to create the pair: Unknown attribute "NT_Password" > > |davide | NT_Password | := |781b0395cf9f8c1e5873eee5d28c38eb Shouldn't that be NT-Password (dash), not NT_Password (underscore)? Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpoHdfH9k450.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (Desperate) help setting up freeradius for use with eap-tls and win clients
Hi, > hello!1st of all, THANKS for replying!:) > unfortunately, when i try to type "radiusd -X -A" the ouput is what > follows.. read the output. it says the group 'nobody' doesnt exist. your radius.conf is saying use user X and group X. these must be changed to user and group you want to use. most people create a radiusd:radiusd setup. your files then need to have the correct permission. right now that are all owned by root:root - not desirable. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NT-PASSWORD--WORKING
FOUND ERROR if I insert NT-PASSWORD, instead of NT_PASSWORD, it work fine. thank you so much egoseekDate: Wed, 13 Sep 2006 16:35:49 +0100From: Rob Shepherd <[EMAIL PROTECTED]>Subject: Re: NT-PASSWORD--Re: Freeradius-Users Digest, Vol 17, Issue 47To: FreeRadius users mailing listMessage-ID: <[EMAIL PROTECTED]>Content-Type: text/plain; charset=ISO-8859-1; format=flowed ego seek wrote:> I'm working with mschapv2,> I use a PHP web site to register a user, can i insert into the db a> NT-hased password?Yes, radcheck should containUserName | Attribute | op | Value | --|---|--||colin | NT_Password | := | abcdef1234567890abcdef1234567890 |I use Pear Crypt... $cr = new Crypt_CHAP_MSv1(); $cr->password = $password; $NThash = bin2hex($cr->ntPasswordHash());?>Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NT-PASSWORD--Re: Freeradius-Users Digest, Vol 17, Issue 47
Date: Wed, 13 Sep 2006 16:35:49 +0100From: Rob Shepherd <[EMAIL PROTECTED]>Subject: Re: NT-PASSWORD--Re: Freeradius-Users Digest, Vol 17, Issue 47To: FreeRadius users mailing listMessage-ID: <[EMAIL PROTECTED]>Content-Type: text/plain; charset=ISO-8859-1; format=flowed Thank you, but, after done that radiusd display this to me:radius_xlat: 'davide'rlm_sql (sql): sql_set_user escaped user --> 'davide'radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'davide' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3rlm_sql: Failed to create the pair: Unknown attribute "NT_Password"rlm_sql (sql): Error getting data from databaserlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns fail for request 0modcall: leaving group authorize (returns fail) for request 0There was no response configured: rejecting request 0 Server rejecting request 0.Finished request 0What I have to do now? (username=davide, password=verde, my radcheck table row is: |--||--| |davide | NT_Password | := | 781b0395cf9f8c1e5873eee5d28c38eb ||--|-|--|where i have to configure radius?BEst regards.ego seek wrote: > I'm working with mschapv2,> I use a PHP web site to register a user, can i insert into the db a> NT-hased password?Yes, radcheck should containUserName | Attribute | op | Value | --|---|--||colin | NT_Password | := | abcdef1234567890abcdef1234567890 |I use Pear Crypt... $cr = new Crypt_CHAP_MSv1(); $cr->password = $password; $NThash = bin2hex($cr->ntPasswordHash());?>Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (Desperate) help setting up freeradius for use with eap-tls and win clients
Hi, > Cannot switch group; nobody doesn't exist that sounds pretty definitive. The group named "nobody" doesn't exist. radiusd.conf allows you to specify the group name for the server, and it is obviously set to "nobody", but "nobody" doesn't exist. You can either add that group to your system (that's the clean way) or set group=root (and probably even user=root) in radiusd.conf. Given that you just need a quick-and-dirty setup for your exam, just set both to root, then you won't have permissions problems anywhere. But be warned: I don't recommend this for production use. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpk9gnfSlEi9.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (Desperate) help setting up freeradius for use with eap-tls and win clients
hello!1st of all, THANKS for replying!:) unfortunately, when i try to type "radiusd -X -A" the ouput is what follows.. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "nobody" main: group = "nobody" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms Cannot switch group; nobody doesn't exist as i mentioned, maybe the problem is in the permissions/owners.. here is the list of important files and configuration -rw-r--r-- 1 root root 422 2006-09-13 13:25 acct_users -rw-r--r-- 1 root root 4074 2006-09-13 13:25 attrs drwxr-xr-x 3 root root 4096 2006-09-13 16:47 certs -rw-r- 1 root root 189 2006-09-13 13:25 clients -rw-r- 1 root root 2935 2006-09-13 17:18 clients.conf -rw-r- 1 root root 2933 2006-09-13 14:01 clients.conf~ -rw-r--r-- 1 root root 935 2006-09-13 13:25 dictionary -rw--- 1 root root 9974 2006-09-13 18:44 eap.conf -rw--- 1 root root 9966 2006-09-13 17:38 eap.conf~ -rwxr-xr-x 1 root root 4620 2006-09-13 13:25 example.pl -rw-r--r-- 1 root root 4405 2006-09-13 13:25 experimental.conf -rw-r--r-- 1 root root 2396 2006-09-13 13:25 hints -rw-r--r-- 1 root root 1604 2006-09-13 13:25 huntgroups -rw-r--r-- 1 root root 2424 2006-09-13 13:25 ldap.attrmap -rw-r--r-- 1 root root 8786 2006-09-13 13:25 mssql.conf -rw-r--r-- 1 root root 1020 2006-09-13 13:25 naslist -rw-r- 1 root root 856 2006-09-13 13:25 naspasswd -rw-r--r-- 1 root root 12267 2006-09-13 13:25 oraclesql.conf -rw-r--r-- 1 root root 7316 2006-09-13 13:25 otp.conf -rw-r--r-- 1 root root 1734 2006-09-13 13:25 otppasswd.sample -rw-r--r-- 1 root root 14514 2006-09-13 13:25 postgresql.conf -rw-r--r-- 1 root root 1039 2006-09-13 13:25 preproxy_users -rw-r--r-- 1 root root 8834 2006-09-13 13:25 proxy.conf -rw-r--r-- 1 root root 65378 2006-09-13 19:02 radiusd.conf -rw-r--r-- 1 root root 65378 2006-09-13 19:00 radiusd.conf~ -rw-r--r-- 1 root root 187 2006-09-13 13:25 realms -rw-r--r-- 1 root root 1405 2006-09-13 13:25 snmp.conf -rw-r--r-- 1 root root 14128 2006-09-13 13:25 sql.conf -rw-r--r-- 1 root root 3339 2006-09-13 13:25 sqlippool.conf -rw-r--r-- 1 root root 6940 2006-09-13 13:25 users and in the derectory cert the permeissions are: -r--r--r-- 1 root root 3194 2006-09-13 16:46 cacert.pem -rw-r--r-- 1 root root 721 2006-09-13 13:25 cert-clt.der -rw-r--r-- 1 root root 1741 2006-09-13 13:25 cert-clt.p12 -rw-r--r-- 1 root root 2452 2006-09-13 13:25 cert-clt.pem -rw-r--r-- 1 root root 717 2006-09-13 13:25 cert-srv.der -rw-r--r-- 1 root root 1733 2006-09-13 13:25 cert-srv.p12 -rw-r--r-- 1 root root 2439 2006-09-13 13:25 cert-srv.pem drwxr-xr-x 2 root root 4096 2006-09-13 13:25 demoCA -r 1 nobody root 466 2006-09-13 16:58 dh -rw-r--r-- 1 root root 2913 2006-09-13 13:25 newcert.pem -rw-r--r-- 1 root root 1753 2006-09-13 13:25 newreq.pem -r 1 nobody root 1024 2006-09-13 16:59 random -rw-r--r-- 1 root root 431 2006-09-13 13:25 README -rw-r--r-- 1 root root 954 2006-09-13 13:25 root.der -rw-r--r-- 1 root root 1973 2006-09-13 13:25 root.p12 -rw-r--r-- 1 root root 2764 2006-09-13 13:25 root.pem -r 1 nobody root 1815 2006-09-13 16:47 server_keycert.pem Any idea? Thanks a lot again! 2006/9/14, [EMAIL PROTECTED] <[EMAIL PROTECTED]>: Hi, > changing described in part III of the guide.. But when I finally > started the server by typing rc.radiusd start It just wrote radiusd as > response and then
Re: Maximum timed out Session
Yes there is you can set the maximum time out for every session...Iam actually using the dialup admin web interface to do that. So I cant really tell you in wich configuration file the option is. But I hope this helps you anyway. On 9/14/06, Elie Hani <[EMAIL PROTECTED]> wrote: Hi; Is there a way to disconnect a user after a certain time automatically using freeradius? I've tried the entry:"Max-All-Session" in the database, but it didn't work. Thanks Elie Hani - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards Ali Jawad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Maximum timed out Session
Elie Hani wrote: Hi; Is there a way to disconnect a user after a certain time automatically using freeradius? I’ve tried the entry:”Max-All-Session” in the database, but it didn’t work. Hi Elie, The standard way is to send the Session-Timeout attribute to the NAS, with a numerical value of seconds, eg: Session-Timeout=600 for a 10 minute timeout. -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: [EMAIL PROTECTED] Website: http://www.deakin.edu.au - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to return AV pairs from within an rlm module?
Hi Ali, it works from the exec program . Just by writing to the stdout in format "User-Name=steve".I have tried with vendor specfic attributes also it has worked. Rgds, Shankar ganesh -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Ali MajdzadehSent: Thursday, September 14, 2006 1:27 PMTo: FreeRadius users mailing listSubject: How to return AV pairs from within an rlm module?Hi allI want to return AV pairs (Cisco VoIP) from within an rlm module. I tried to printf them into stdout, but it didn't work.Should I use the structures accessible within the rlm module? for example, REQUEST. Then, how should I pass them to Cisco?RegardsAli - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (Desperate) help setting up freeradius for use with eap-tls and win clients
Hi, > changing described in part III of the guide.. But when I finally > started the server by typing rc.radiusd start It just wrote radiusd as > response and then the shell prompts for new commands, while I think it > should say something like "waiting to process..." that command should just start the service as per normal...which would drop you back to the shell. if you want to see radiusd working, then you need to either supply the forreground or debug flags to it...as in the documents.. radiusd -X should do nicely alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to return AV pairs from within an rlm module?
Add your attributes to the reply structure. FreeRADIUS will take care of the rest. josh. Ali Majdzadeh wrote: Hi all I want to return AV pairs (Cisco VoIP) from within an rlm module. I tried to printf them into stdout, but it didn't work. Should I use the structures accessible within the rlm module? for example, REQUEST. Then, how should I pass them to Cisco? Regards Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to return AV pairs from within an rlm module?
Hi allI want to return AV pairs (Cisco VoIP) from within an rlm module. I tried to printf them into stdout, but it didn't work.Should I use the structures accessible within the rlm module? for example, REQUEST. Then, how should I pass them to Cisco?RegardsAli - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Maximum timed out Session
Hi; Is there a way to disconnect a user after a certain time automatically using freeradius? I’ve tried the entry:”Max-All-Session” in the database, but it didn’t work. Thanks Elie Hani - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RADIUS proxy-----trace user site surfed------
You can use the radacct table to log your users. Obviously, you have to enable the use of a DB for working with freeradius. From: "ego seek" <[EMAIL PROTECTED]> Reply-To: FreeRadius users mailing list To: "Freeradius MailingList" Subject: RADIUS proxy-trace user site surfed-- Date: Wed, 13 Sep 2006 16:51:23 +0200 Does anybody know how can I setup RADIUS and a proxy server to generate a log for the users? I need to trace where in the Internet the user went. Do yoy have any other suggestion for this pourpose? thank you. Best regards egoseek - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Horóscopo, tarot, numerología... Escucha lo que te dicen los astros. http://astrocentro.msn.es/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rautmp not working..
Hmm, that could be true... ?! but how can i see who's logged in then ? (and where) Thx, Collen Alan DeKok wrote: Collen Blijenberg <[EMAIL PROTECTED]> wrote: but i also have no idea how to make the nas (linksys wap54g v3 eu) or the freeradius (1.1.3) do accounting. The linksys simply might not do accounting. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS doc
The same docs are in the docs/ directory in the source tarball and most of them are also available on wiki.freeradius.org Cheers Peter On Thu 14 Sep 2006 09:38, affora deeb wrote: > hi did u get the answer > if u did plz tell me > coz i got the same problem > > On 8/28/06, Carlo Prestopino <[EMAIL PROTECTED]> wrote: > > Hi all, > > I'm trying to access freeRaDIUS doc section > > (http://www.freeradius.org/radiusd/doc/), but I got a "Forbidden" access > > message. Is this section accessible to normal users? -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc pgpNYZn0W1owf.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(Desperate) help setting up freeradius for use with eap-tls and win clients
Hello everybody! I am completely new to freeradius and its world, as well as to linux environment.. I post this e-mail because I have few days left to configure freeradius for an exam about WLAN security and I am desperate... :( Yesterday I installed freeradius 1.1.3 on my linux kubuntu box (where I have kernel 2.6.15 installed) by following this step by step guide in 3 parts: http://www.linuxjournal.com/article/8151 Everything worked fine, maybe I just wasn't sure about the permissions changing described in part III of the guide.. But when I finally started the server by typing rc.radiusd start It just wrote radiusd as response and then the shell prompts for new commands, while I think it should say something like "waiting to process..." Can anybody please help me to fix this? Otherwise, if you could please suggest me another HOWTO more updated and more reliable of the one I mentioned above, I could also start again on another laptop where i have kubuntu installed as well.. Thanks a lot everybody for your attention/the help you will wish to give me!:) federico - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html