Re: Exec-Program-Wait
Felipe Ceglia - PY1NB wrote: I am trying to setup a prepaid style system on my freeradius. All I want is to check user name against a perl script that will let user get in or not. You should use rlm_perl rather than Exec-Program-Wait I put this on users file, but the script is not being run: DEFAULT Called-Station-Id == hotspot_shop_tere #THIS IS LINE 155 Exec-Program-Wait = /etc/raddb/scripts/hotspot_shop_tere.pl %U, You will need to add Auth-Type := Accept to the first line (with DEFAULT). DEFAULT Called-Station-Id == hotspot_shop_tere, Acct-Status-Type == Stop Exec-Program-Wait = /etc/raddb/scripts/hotspot_shop_tere.pl %U %{AcctSessionTime}, This entry should go into the acct_users file, not the users file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Configuring LEAP for freeradius
Gaurav Bandekar wrote: I wanted to know how to configure EAP-LEAP on FreeRadius Server. Use the default configuration. Tell the server a known good password for the user. e.g. the FAQ gives an example. Once that's done, LEAP will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration attribute
Thanks Ivan Best regards Message: 3 Date: Thu, 22 Nov 2007 07:51:41 +0100 From: [EMAIL PROTECTED] Subject: Re: Expire attribute To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=ISO-8859-2 Attribute name is Expiration. It is a check item so it does go into radcheck. I use is == as operator, but := should work as well. Format that works for me is: November 28 2007 20:26:43 Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius doesn't work with ldap
Eduardo Lima wrote: How do I make passwords hashes in ldap?? What kind of hashes? If you want NT hashes, use the smbencrypt program that comes with the server. Do I have to create all the passwords again??? Very likely, yes. The web page should make this clear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: local ssh authentication via radius possible?
How do I configure PAM to use radius? Date: Wed, 21 Nov 2007 21:45:32 +0100 From: [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Subject: Re: local ssh authentication via radius possible? Dan Gahlinger wrote: I understand that part. But I'm not talking about going to another server, I'm talking locally. so PAM can talk to the local radius server on the server the user is connecting to? The pam_radius_auth module can. Just tell it that the RADIUS server is 127.0.0.1 I still can't figure out how to configure this, which is where I really need the help. the dial-up/telnet examples don't help at all. What else do you want to do? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ R U Ready for Windows Live Messenger Beta 8.5? Try it today! http://entertainment.sympatico.msn.ca/WindowsLiveMessenger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem with CHAP
You are not sending that username: User-Name = chap Put usuario3 as a username on XP PC. Ivan Kalik Kalik Informatika ISP Dana 23/11/2007, Javier Fernando [EMAIL PROTECTED] piše: I think that this is a CHAP USER: usuario3 Cleartext-Password := testusuario3 How to add a Chap user to the users file? Javier. Do you have user chap in your users file? You have posted entries for some other usernames. Ivan Kalik Kalik Informatika ISP Dana 23/11/2007, Javier Fernando [EMAIL PROTECTED] pi#65533;e: I configure Freeradius , when the client try to connect with CHAP i have this error, and only connect with linux system users. When I connect locally with radtest i connect ok but when i connect remotely whit Windows Xp using CHAP don't connect. I run radius in debug mode with -X option. Part of clients.conf usuario1 Auth-Type := Local, Cleartext-Password := testusuario1 usuario2 Auth-Type := Local, Password := testusuario2 usuario3 Cleartext-Password := testusuario3 Error of freeradius running with -X option: rad_recv: Access-Request packet from host 192.168..1.100:1645, id=106, length=126 Framed-Protocol = PPP User-Name = chap CHAP-Password = 0x019c1a0fb685942ed07fdb1e2d100e93f0 NAS-Port-Type = Virtual NAS-Port = 1586 Calling-Station-Id = 1141323200 Called-Station-Id = 8003450410 Connect-Info = TLS-MISERVER-DIALUP Service-Type = Framed-User NAS-IP-Address = 192.168.1.100 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 2 modcall[authorize]: module preprocess returns ok for request 2 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 2 modcall[authorize]: module mschap returns noop for request 2 rlm_realm: No '@' in User-Name = chap, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 2 users: Matched entry DEFAULT at line 173 users: Matched entry DEFAULT at line 185 modcall[authorize]: module files returns ok for request 2rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 2modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found Auth-Type CHAPauth: type CHAP Processing the authenticate section of radiusd.confmodcall: entering group CHAP for request 2 rlm_chap: login attempt by chap with CHAP password rlm_chap: Could not find clear text password for user chap modcall[authenticate]: module chap returns invalid for request 2modcall: leaving group CHAP (returns invalid) for request 2auth: Failed to validate the user.Login incorrect (rlm_chap: Clear text password not available): [chap/CHAP-Password] (from client rasiplan2 port 1586 cli 1141323200)Delaying request 2 for 1 secondsFinished request 2Going to the next request--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Sending Access-Reject of id 106 to 192.168.1.1 port 1645Waking up in 4 seconds.--- Walking the entire request list ---Cleaning up request 2 ID 106 with timestamp 47472e23Nothing to do. Sleeping until we see a request. _ Tecnología, moda, motor, viajes,#65533;suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Tecnología, moda, motor, viajes,#65533;suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho does not show me any user
Hello, When I use the radwho utility to know actually connected radius users. It returns me an empty list since I'm actually connected and authenticated. Yesterday, I saw that the radutmp file did not exist. So I created it with 600 permissions. The radiusd.conf has been setup like this : radutmp { filename = ${logdir}/radutmp Can you help me ? Cordialement, Patrice OLIVER Chef du Projet Ville Hôpital Responsable Réseaux Sécurité HOSPICES CIVILS DE BEAUNE Service Informatique BP 104 21203 BEAUNE CEDEX Tél. 33 3 80 24 44 09 Fax 33 3 80 24 45 90 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho does not show me any user
OLIVER Patrice wrote: When I use the radwho utility to know actually connected radius users. It returns me an empty list since I'm actually connected and authenticated. Your NAS is not sending accounting packets. They are needed in order to create and update the database used by radwho. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho does not show me any user
-Original Message- From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Fri, 23 Nov 2007 11:04:35 +0100 Subject: Re: radwho does not show me any user OLIVER Patrice wrote: When I use the radwho utility to know actually connected radius users. It returns me an empty list since I'm actually connected and authenticated. Your NAS is not sending accounting packets. They are needed in order to create and update the database used by radwho. Alan DeKok. Ok, Thanks. I look the NAS configuration. :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is it something wrong in EAP-TLS ?
Hello, I try to use EAP-TLS authentication. Here is a part to the debugging messages : rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization TLS_accept: SSLv3 read client hello A TLS_accept: SSLv3 write server hello A TLS_accept: SSLv3 write certificate A TLS_accept: SSLv3 write key exchange A TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A rlm_eap: SSL error error::lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode What's about this error ? Regards. Cordialement, Patrice OLIVER Chef du Projet Ville Hôpital Responsable Réseaux Sécurité HOSPICES CIVILS DE BEAUNE Service Informatique BP 104 21203 BEAUNE CEDEX Tél. 33 3 80 24 44 09 Fax 33 3 80 24 45 90 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is it something wrong in EAP-TLS ?
OLIVER Patrice wrote: I try to use EAP-TLS authentication. With which version of FreeRADIUS? Here is a part to the debugging messages : ... rlm_eap: SSL error error::lib(0):func(0):reason(0) In SSL Handshake Phase In SSL Accept mode What's about this error ? It looks like you're using an older version of the server. Upgrade. If the message in question doesn't prevent users from authenticating, ignore it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with CHAP
I configure Freeradius , when the client try to connect with CHAP i have this error, and only connect with linux system users. When I connect locally with radtest i connect ok but when i connect remotely whit Windows Xp using CHAP don't connect. I run radius in debug mode with -X option. Part of clients.conf usuario1 Auth-Type := Local, Cleartext-Password := testusuario1 usuario2 Auth-Type := Local, Password := testusuario2 usuario3 Cleartext-Password := testusuario3 Error of freeradius running with -X option: rad_recv: Access-Request packet from host 192.168.1.100:1645, id=106, length=126Framed-Protocol = PPPUser-Name = chap CHAP-Password = 0x019c1a0fb685942ed07fdb1e2d100e93f0NAS-Port-Type = VirtualNAS-Port = 1586Calling-Station-Id = 1141323200 Called-Station-Id = 8003450410Connect-Info = TLS-MISERVER-DIALUP Service-Type = Framed-UserNAS-IP-Address = 192.168.1.100 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 2 modcall[authorize]: module preprocess returns ok for request 2 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 2 modcall[authorize]: module mschap returns noop for request 2rlm_realm: No '@' in User-Name = chap, looking up realm NULLrlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 2users: Matched entry DEFAULT at line 173users: Matched entry DEFAULT at line 185 modcall[authorize]: module files returns ok for request 2rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 2modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found Auth-Type CHAPauth: type CHAP Processing the authenticate section of radiusd.confmodcall: entering group CHAP for request 2 rlm_chap: login attempt by chap with CHAP password rlm_chap: Could not find clear text password for user chap modcall[authenticate]: module chap returns invalid for request 2modcall: leaving group CHAP (returns invalid) for request 2auth: Failed to validate the user.Login incorrect (rlm_chap: Clear text password not available): [chap/CHAP-Password] (from client rasiplan2 port 1586 cli 1141323200)Delaying request 2 for 1 secondsFinished request 2Going to the next request--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Sending Access-Reject of id 106 to 192.168.1.1 port 1645Waking up in 4 seconds...--- Walking the entire request list ---Cleaning up request 2 ID 106 with timestamp 47472e23Nothing to do. Sleeping until we see a request. _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with CHAP
Do you have user chap in your users file? You have posted entries for some other usernames. Ivan Kalik Kalik Informatika ISP Dana 23/11/2007, Javier Fernando [EMAIL PROTECTED] piše: I configure Freeradius , when the client try to connect with CHAP i have this error, and only connect with linux system users. When I connect locally with radtest i connect ok but when i connect remotely whit Windows Xp using CHAP don't connect. I run radius in debug mode with -X option. Part of clients.conf usuario1 Auth-Type := Local, Cleartext-Password := testusuario1 usuario2 Auth-Type := Local, Password := testusuario2 usuario3 Cleartext-Password := testusuario3 Error of freeradius running with -X option: rad_recv: Access-Request packet from host 192.168.1.100:1645, id=106, length=126Framed-Protocol = PPPUser-Name = chap CHAP-Password = 0x019c1a0fb685942ed07fdb1e2d100e93f0NAS-Port-Type = VirtualNAS-Port = 1586Calling-Station-Id = 1141323200 Called-Station-Id = 8003450410Connect-Info = TLS-MISERVER-DIALUP Service-Type = Framed-UserNAS-IP-Address = 192.168.1.100 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 2 modcall[authorize]: module preprocess returns ok for request 2 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 2 modcall[authorize]: module mschap returns noop for request 2rlm_realm: No '@' in User-Name = chap, looking up realm NULLrlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 2users: Matched entry DEFAULT at line 173users: Matched entry DEFAULT at line 185 modcall[authorize]: module files returns ok for request 2rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 2modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found Auth-Type CHAPauth: type CHAP Processing the authenticate section of radiusd.confmodcall: entering group CHAP for request 2 rlm_chap: login attempt by chap with CHAP password rlm_chap: Could not find clear text password for user chap modcall[authenticate]: module chap returns invalid for request 2modcall: leaving group CHAP (returns invalid) for request 2auth: Failed to validate the user.Login incorrect (rlm_chap: Clear text password not available): [chap/CHAP-Password] (from client rasiplan2 port 1586 cli 1141323200)Delaying request 2 for 1 secondsFinished request 2Going to the next request--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Sending Access-Reject of id 106 to 192.168.1.1 port 1645Waking up in 4 seconds--- Walking the entire request list ---Cleaning up request 2 ID 106 with timestamp 47472e23Nothing to do. Sleeping until we see a request. _ Tecnología, moda, motor, viajes,#65533;suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem with CHAP
I think that this is a CHAP USER: usuario3 Cleartext-Password := testusuario3 How to add a Chap user to the users file? Javier. Do you have user chap in your users file? You have posted entries for some other usernames. Ivan Kalik Kalik Informatika ISP Dana 23/11/2007, Javier Fernando [EMAIL PROTECTED] piše: I configure Freeradius , when the client try to connect with CHAP i have this error, and only connect with linux system users. When I connect locally with radtest i connect ok but when i connect remotely whit Windows Xp using CHAP don't connect. I run radius in debug mode with -X option. Part of clients.conf usuario1 Auth-Type := Local, Cleartext-Password := testusuario1 usuario2 Auth-Type := Local, Password := testusuario2 usuario3 Cleartext-Password := testusuario3 Error of freeradius running with -X option: rad_recv: Access-Request packet from host 192.168.1.100:1645, id=106, length=126 Framed-Protocol = PPP User-Name = chap CHAP-Password = 0x019c1a0fb685942ed07fdb1e2d100e93f0 NAS-Port-Type = Virtual NAS-Port = 1586 Calling-Station-Id = 1141323200 Called-Station-Id = 8003450410 Connect-Info = TLS-MISERVER-DIALUP Service-Type = Framed-User NAS-IP-Address = 192.168.1.100 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 2 modcall[authorize]: module preprocess returns ok for request 2 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 2 modcall[authorize]: module mschap returns noop for request 2 rlm_realm: No '@' in User-Name = chap, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 2 users: Matched entry DEFAULT at line 173 users: Matched entry DEFAULT at line 185 modcall[authorize]: module files returns ok for request 2rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. modcall[authorize]: module pap returns noop for request 2modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found Auth-Type CHAPauth: type CHAP Processing the authenticate section of radiusd.confmodcall: entering group CHAP for request 2 rlm_chap: login attempt by chap with CHAP password rlm_chap: Could not find clear text password for user chap modcall[authenticate]: module chap returns invalid for request 2modcall: leaving group CHAP (returns invalid) for request 2auth: Failed to validate the user.Login incorrect (rlm_chap: Clear text password not available): [chap/CHAP-Password] (from client rasiplan2 port 1586 cli 1141323200)Delaying request 2 for 1 secondsFinished request 2Going to the next request--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Waking up in 1 seconds...--- Walking the entire request list ---Sending Access-Reject of id 106 to 192.168.1.1 port 1645Waking up in 4 seconds--- Walking the entire request list ---Cleaning up request 2 ID 106 with timestamp 47472e23Nothing to do. Sleeping until we see a request. _ Tecnología, moda, motor, viajes,#65533;suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Tecnología, moda, motor, viajes,…suscríbete a nuestros boletines para estar a la última http://newsletters.msn.com/hm/maintenanceeses.asp?L=ESC=ESP=WCMaintenanceBrand=WLRU=http%3a%2f%2fmail.live.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: local ssh authentication via radius possible?
Dan Gahlinger wrote: How do I configure PAM to use radius? See the documentation in the pam_radius_auth module. It's on the freeradius web page. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html