vista support
Hi Peap, tls and eap-md5 work well for xp clients but peap and eap-md5 fail for vista client for version 1.1.3. Freeradius 1.1.4 version was released for vista support. But I couldn't update to this release from package manager programs(smart, aptitude, yast etc.). Updating and pasting configuration files are easy however installing it from source could be problematic. Is there a patch for working system or will this version soon be updated from linux distrubutions? Best regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialupadmin group problems
For some reason the edit user function of dialupadmin does not list all the groups available. The drop down box only shows the group the user is currently assigned to. In the add new user screen this box shows all groups and assigns them correctly. Looking at the page useredit.php I cannot discern why it is not showing all groups. Or allowing me to move the user from one group to another on the fly. Has anyone encountered this and fixed it or have the time to investigate it. As far as I can see the sql statement is correct to fill it with the group names. Regards Cory Robson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
wrong user name is stored in mysql radacct table
we are running freeradius-1.0.5-1.2 and mysql-5.0.27-1.fc5 when i look at the radacct table in the mysql database i see there are a number of entries with a non-existent user. i.e. D4JM4P61\\Kimberly Higgins when i look at the radius.log file i see that the correct user name appears and then the wrong one. why is the wrong one being stored in the database? radius.log Thu Mar 1 20:23:09 2007 : Error: TLS_accept:error in SSLv3 read client certificate A Thu Mar 1 20:23:09 2007 : Info: rlm_eap_tls: Received EAP-TLS ACK message Thu Mar 1 20:23:09 2007 : Info: (other): SSL negotiation finished successfully Thu Mar 1 20:23:09 2007 : Info: rlm_eap_tls: Received EAP-TLS ACK message Thu Mar 1 20:23:09 2007 : Info: rlm_eap_mschapv2: Issuing Challenge Thu Mar 1 20:23:09 2007 : Auth: Login OK: [Khiggins] (from client localhost port 0) Thu Mar 1 20:23:10 2007 : Auth: Login OK: [D4JM4P61\\Kimberly Higgins] (from client 3RE-BCardozo port 547472 cli 000e.35d8.4e66) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with authentication usin Freeradius with mysql
It works! Thank you for answering! Daniel Bojczuk > Daniel Bojczuk wrote: > ... >> rlm_sql (sql): Released sql socket id: 4 >> modcall[authorize]: module "sql" returns ok for request 0 >> modcall: group authorize returns ok for request 0 >> rad_check_password: Found Auth-Type System >> auth: type "System" >> ERROR: Unknown value specified for Auth-Type. Cannot perform >> requested >> action. >> auth: Failed to validate the user. >> Login incorrect: [daniel] (from client testee port 0) >> >> Someone can help me again? > > Edit the "users" file to get rid of the line that says "Auth-Type = > System". > > Use 1.1.4, which solves other issues. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Daniel Bojczuk SCREDES/CIRP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
guest acces?
Hi, I'm using EAP-TTLS-PAP aginst LDAP, however I want to provide guest access to users without adding these users to the LDAP directory. I know I could add them as local users to the /etc/raddb/users file, but that would involve a SIGHUP, and I'd prefer to avoid that if I could. Instead, what I'd like to do is create a user account on the radius server itself (with nologin, and an expiry, no rights, etc..). This could be done "on-the-fly" and therefore require no such SIGHUP. Now I know Alan does not recommend DEFAULT Auth-Type, but for here, I think it might be necessary. So in my users file, I added the following: DEFAULT Auth-Type := System Fall-Through = Yes Thinking that would allow my users who have accounts on the server to login. However, that is not working because in the logs in debug mode I see: Debug: modcall: group authorize returns ok for request 0 Debug: rad_check_password: Found Auth-Type System Debug: auth: type "System" Debug: ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. Debug: auth: Failed to validate the user. I'm sure it's something small I'm missing, but can't find it. That or this is not possible and I'm missing the reason why for that too! Any advice is appreciated. Thanks Matt [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Strange random disconnection (Lost-Carrier)
Hello, some of my users have a strange problem; randomly, they have been disconnected after a few minutes get authenticated. Searching in log file, i've seen that the problem is "Lost Carrier" Wed Feb 28 09:16:24 2007 : Debug: Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 192.168.181.1:32919, id=227, length=184 Acct-Status-Type = Stop User-Name = "user1" Calling-Station-Id = "00-0A-1D-18-61-B5" Called-Station-Id = "00-23-F7-F2-C1-1C" NAS-Port-Type = Wireless-802.11 NAS-Port = 0 NAS-Port-Id = "" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "20" Framed-IP-Address = 192.168.182.41 Acct-Session-Id = "45e53a51" Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Session-Time = 531 Acct-Terminate-Cause = Lost-Carrier Searching onf FreeRADIUS ML I have found that the Lost-Carrier is a problem between the NAS and the user, so the problem is between the Access Point and the Supplicant. Could be a signal problem (note that the distance between the AP and the NAS is short) or there could be other things that cause this disconnection? Thanks for help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
Alan DeKok-4 wrote: > > My point was that it may be possible in rlm_pap to normalize the > password... just like it does for other types of passwords. > > If rlm_pap won't help, then I *strongly* suggest you write your own > module. It's easier to integrate a module into a new release of > FreeRADIUS than it is to apply a patch to the server core. > > Alan DeKok. > Okay, I see what you mean now. Is there a tutorial on adding my own module to it? Or would I just include the chappatch.c file in the same directory, include the header file chappatch.h into the rlm_chap.c file (where do you stick the header files?) and recompile the whole thing? -- View this message in context: http://www.nabble.com/CHAP-Modification-tf3284565.html#a9253679 Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
not allowed user for few days
Dear all I have freeradius+mssql and i want to not allowed perticuler users so what solution for this Auth-Type:- Reject ??? is it best for anything else ? Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius users session stuck
Dear all I have useing freeradius + RHEL + cisco VPDN i have faceing some problem regarding session stuck in radius database tables means when user login in to radius its working fine but some time users session stuck in database and it show me it is currently login and user not able to login again i got this error Auth: Multiple logins (max 1) : [mlpm629/] (from client cisco port 473) so how can i clear those session in my tables ?? is it any method for this ??? * Notes :- i am useing mssql database and simultanieous-uses features #Satish Patel - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with authentication usin Freeradius with mysql
Daniel Bojczuk wrote: ... > rlm_sql (sql): Released sql socket id: 4 > modcall[authorize]: module "sql" returns ok for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type System > auth: type "System" > ERROR: Unknown value specified for Auth-Type. Cannot perform requested > action. > auth: Failed to validate the user. > Login incorrect: [daniel] (from client testee port 0) > > Someone can help me again? Edit the "users" file to get rid of the line that says "Auth-Type = System". Use 1.1.4, which solves other issues. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with authentication usin Freeradius with mysql
> Run the server in debugging mode, as suggested in the FAQ, README, > INSTALL, and daily on this list. Thank's for the tip. I'm new on this list too! I run freeradius in debug mode. The error is bellow: rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type System auth: type "System" ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Login incorrect: [daniel] (from client testee port 0) Someone can help me again? Thank's -- Daniel Bojczuk SCREDES/CIRP > Daniel Bojczuk wrote: >> Hi.. I'm developing an authentication system using Freeradius 1.0.2 > > Please upgrade to 1.1.4, which should be in Debian. > >> The log file shows me: >> Tue Feb 27 11:01:14 2007 : Auth: Login incorrect: [daniel] (from client >> testee port 0) >> >> Someone can help-me? It's the first time I'm using freeradius. > > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with authentication usin Freeradius with mysql
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alan DeKok wrote: >> Someone can help-me? It's the first time I'm using freeradius. > > Run the server in debugging mode, as suggested in the FAQ, README, > INSTALL, and daily on this list. > Launch, as root, "radiusd -X -A" and study the output. - -- == +--+ Martin Gadbois | "Windows might take you from 0 to 60 faster, | S/W Developer | but to go to 100 you need Unix."| Colubris Networks Inc. +--+ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFF5uHK9Y3/iTTCEDkRAlNTAJ9lfPEYj8Z16NN+Mi9kDejRSG1e/QCgjLaG MNwT70xUsAlFxzoRPLNV+tY= =r02b -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems with authentication usin Freeradius with mysql
Daniel Bojczuk wrote: > Hi.. I'm developing an authentication system using Freeradius 1.0.2 Please upgrade to 1.1.4, which should be in Debian. > The log file shows me: > Tue Feb 27 11:01:14 2007 : Auth: Login incorrect: [daniel] (from client > testee port 0) > > Someone can help-me? It's the first time I'm using freeradius. Run the server in debugging mode, as suggested in the FAQ, README, INSTALL, and daily on this list. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap-ttls proxy and ldap
basile wrote: > i don t want cancel proxying > i m doing eap-ttls , and user with realm @etab1 have to be proxied to > another radius > server , Just configure the realm on the server that's doing the proxying. The requests will then be proxied. After that, configure the home server to authenticate users. This is independent of proxying. > proxy works fine but authentication is done with anonymous > witch don t work > the first server don t send good username The first server just proxies whatever the client sends it. You said that's what you wanted/ > logs on the second server ( end server ) > > rad_recv: Access-Request packet from host xxx:1814, id=0, length=168 > User-Name = "anonymous" Set "striprealm = no" on the server that is doing the proxying. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap-ttls proxy and ldap
i don t want cancel proxying i m doing eap-ttls , and user with realm @etab1 have to be proxied to another radius server , proxy works fine but authentication is done with anonymous witch don t work the first server don t send good username logs on the second server ( end server ) rad_recv: Access-Request packet from host xxx:1814, id=0, length=168 User-Name = "anonymous" Framed-MTU = 1400 Called-Station-Id = "0011.bb08.1750" Calling-Station-Id = "0002.2d70.02a2" Service-Type = Login-User Message-Authenticator = 0x0bcc9455270523eb776eee73ffb48e7e EAP-Message = 0x0202001e01616e6f6e796d6f757340656e632e736f72626f6e6e652e6672 NAS-Port-Type = Wireless-802.11 NAS-Port = 569 NAS-IP-Address = NAS-Identifier = "AP1100_WDS_MANAGER" Proxy-State = 0x313630 rlm_ldap: - authorize rlm_ldap: performing user authorization for anonymous rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to yyy:389, authentication 0 rlm_ldap: bind as ... dc=enc,dc=sorbonne,dc=fr/x to yyy:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_pap: Attribute "Password" is required for authentication. rad_recv: Access-Request packet from host xxx:1814, id=0, length=168 Sending Access-Reject of id 0 to xxx port 1814 Proxy-State = 0x313630 and on the first server ( proxy server ) Re-sending Access-Request of id 0 to yyy port 1812 User-Name = "anonymous" Framed-MTU = 1400 Called-Station-Id = "0011.bb08.1750" Calling-Station-Id = "0002.2d70.02a2" Service-Type = Login-User Message-Authenticator = 0x EAP-Message = 0x0202001e01616e6f6e796d6f757340656e632e736f72626f6e6e652e6672 NAS-Port-Type = Wireless-802.11 NAS-Port = 623 NAS-IP-Address = NAS-Identifier = "AP1100_WDS_MANAGER" Client-IP-Address = Stripped-User-Name = "anonymous" Realm = "enc.sorbonne.fr" EAP-Type = Identity Realm = "enc.sorbonne.fr" Proxy-State = 0x313834 rad_recv: Access-Reject packet from host yyy:1812, id=0, length=25 Proxy-State = 0x313834 Login incorrect (Home Server says so): [anonymous/] (from client localhost port 623 cli 0002.2d70.02a2) Alan DeKok a écrit : > basile wrote: > >> i try with a user in the users file : same probleme >> [EMAIL PROTECTED] and [EMAIL PROTECTED] dont work ( proxy a request with >> user-name = anonymous ) >> [EMAIL PROTECTED] and [EMAIL PROTECTED] works >> > > You can cancel proxying for anonymous users. > > DEFAULT User-Name =~ "^anonymous", Proxy-To-Realm := LOCAL > > This requires a LOCAL realm in proxy.conf. > > Alan DeKok. > -- > http://deployingradius.com - The web site of the book > http://deployingradius.com/blog/ - The blog > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with authentication usin Freeradius with mysql
Hi.. I'm developing an authentication system using Freeradius 1.0.2 with mysql 4.0.24_Debian-10sarge2-log. In mysql I have the database radius: +--+ | Tables_in_radius | +--+ | nas | | radacct | | radcheck | | radgroupcheck| | radgroupreply| | radpostauth | | radreply | | usergroup| +--+ The table radcheck: ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | daniel | Password | == | senha | | 2 | joao | Password | == | senha | ++--+---++---+ The table radgroupchec: ++-+--++---+ | id | GroupName | Attribute| op | Value | ++-+--++---+ | 1 | sessaounica | Simultaneous-Use | := | 1 | ++-+--++---+ The table usergroup: +--+-+--+ | UserName | GroupName | priority | +--+-+--+ | daniel | sessaounica |1 | +--+-+--+ When I use de command: radtest daniel senha 143.107.200.64:1812 0 teste The log file shows me: Tue Feb 27 11:01:14 2007 : Auth: Login incorrect: [daniel] (from client testee port 0) Someone can help-me? It's the first time I'm using freeradius. Thank's -- Daniel Bojczuk SCREDES/CIRP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: clients.conf and nas table (was Re: installing FR on FBSD 6.2)
Hi, > Thx Andrew.. I found it at /usr/local/share/doc/freeradius/examples/ yes. you were reading documentation out of sync with your version. > Next questions... > at /usr/local/etc/raddb we has clients.conf that contain nas ip address, > secret, shortname and type. > but at radius database we also has nas table > > Should both of them contain the same datas ? > Why should we has both of them, not one only ? you shouldnt use both - that just creates confusion. if you want to use the NAS table, use that. if you want to use clients.conf use that. BUT if you use the NAS table you must have a dummy entry in clients.conf alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap-ttls proxy and ldap
basile wrote: > i try with a user in the users file : same probleme > [EMAIL PROTECTED] and [EMAIL PROTECTED] dont work ( proxy a request with > user-name = anonymous ) > [EMAIL PROTECTED] and [EMAIL PROTECTED] works You can cancel proxying for anonymous users. DEFAULT User-Name =~ "^anonymous", Proxy-To-Realm := LOCAL This requires a LOCAL realm in proxy.conf. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-AKA patch for FreeRadius Server
Hi, I am trying to use the patch for EAP-AKA on FreeRadius provided at ' http://bugs.freeradius.org/show_bug.cgi?id=386'. The patch file seems to contain some location information like '/nfs/build2/usr/bphaneuf/freeradius-1.1.X'. Is this correct? When I try to apply this patch, it is resulting in the following error: === (Stripping trailing CRs from patch.) patching file share/dictionary.freeradius.internal Hunk #1 succeeded at 145 (offset 2 lines). Hunk #3 succeeded at 182 (offset 2 lines). Hunk #5 succeeded at 207 (offset 2 lines). patch: malformed patch at line 65: diff -urN freeradius1.1.2/src/modules/rlm_eap/libeap/eap_aka.h /nfs/build2/usr/bphaneuf/freeradius1.1.X/src/modules/rlm_eap/libeap/eap_aka.h = Is this patch tested for EAP-AKA? Any pointers would be very much helpful. Thanks in advance, Best Regards, Ravi On 3/1/07, [EMAIL PROTECTED] < [EMAIL PROTECTED]> wrote: Welcome to the Freeradius-Users@lists.freeradius.org mailing list! To post to this list, send your email to: freeradius-users@lists.freeradius.org General information about the mailing list is at: http://lists.freeradius.org/mailman/listinfo/freeradius-users If you ever want to unsubscribe or change your options (eg, switch to or from digest mode, change your password, etc.), visit your subscription page at: http://lists.freeradius.org/mailman/options/freeradius-users/mailshark%40gmail.com You can also make such adjustments via email by sending a message to: [EMAIL PROTECTED] with the word `help' in the subject or body (don't include the quotes), and you will get back a message with instructions. You must know your password to change your options (including changing the password, itself) or to unsubscribe. It is: SaiBaba Normally, Mailman will remind you of your lists.freeradius.org mailing list passwords once every month, although you can disable this if you prefer. This reminder will also include instructions on how to unsubscribe or change your account options. There is also a button on your options page that will email your current password to you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [SOLVED] CHAP Modification
ChristosH wrote: > I don't see anything usefull in rlm_pap that could help me because it's CHAP > authentication I'm working on. Yes, I know. I knew that when I pointed to rlm_pap. My point was that it may be possible in rlm_pap to normalize the password... just like it does for other types of passwords. If rlm_pap won't help, then I *strongly* suggest you write your own module. It's easier to integrate a module into a new release of FreeRADIUS than it is to apply a patch to the server core. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
