RE: freeradius2 CVS - hostname lookup has no effect
Likely just an issue in -pre2. I don't see it in CVS head. Well I do. Just got the CVS version. Tried hostname_lookups = off / no ! No help. Only when the client is being entered in the clients.conf it is recognised. In the other hand I get Mon Dec 10 08:58:52 2007 : Error: Trying to look up name of unknown client 172.19.10.110. Mon Dec 10 08:58:52 2007 : Auth: Login OK: [00:01:6c:a0:93:57] (from client UNKNOWN-CLIENT port 23 cli 00-01-6c-a0-93-57) How come the hostname_lookups has no effect at all ? I suppose it's not working properly, since I can enter the value off ? How come the only known clients are found in the clients.conf ? Does the logging part even take a look at the virtual server configs? Is clients.conf being read at reload ? I have to restart the server to get the client back into the known list :( Is it just me ? TIA ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius + cisco vpn 3000 ip assignment
Hello, Can freeradius assign ip to users connecting to cisco VPN 3000 ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + cisco vpn 3000 ip assignment
Yes. Static - Framed-IP-Address attribute, dynamic - set up ippool in radiusd.conf. Ivan Kalik Kalik Informatika ISP Dana 10/12/2007, Marc delavaud [EMAIL PROTECTED] piše: Hello, Can freeradius assign ip to users connecting to cisco VPN 3000 ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
About radwho
Hello, I run freeradius 1.1.7. when I use the radwho command, I get : radwho: Error reading /usr/local/var/log/radius/radutmp: No such file or directory I looked in /usr/local/var/log/radius/ and didn't find radutmp file. I didn't read in the documentation that this file is to be created manually. Can you say me why radiusd didn't create it at the first time ? Do I have to create it now ? Regards. -- *Hospices Civils de Beaune* *Patrice OLIVER* /Chef de Projet Ville Hôpital/ /Responsable Réseau Sécurité/ BP 104 21203 BEAUNE Cedex Tél. 03 80 24 44 09 Fax. 03 80 24 45 90 Ce message, y compris les pièces jointes, est établi à l'attention exclusive de son ou ses destinataires et est confidentiel. Toute utilisation non conforme à sa destination, toute diffusion ou publication, totale ou partielle, est interdite sauf autorisation expresse de l'expéditeur. Si vous n'êtes pas le destinataire de ce message, merci d'avertir l'expéditeur de l'erreur de distribution puis de le détruire. Tout message électronique est susceptible d'altération et son intégrité ne peut être assurée. L'expéditeur décline toute responsabilité dans l'hypothèse où il aurait été modifié ou falsifié. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to add attributes to Access-Accept replies
Hi, I'm running a configuration where a Cisco 1600 router is running a PPPoE server and check user passwords against a freeRadius server running under FreeBSD. This Radius server checks passwords against a LDAP database running on another BSD server. The authentication is working great, the Radius replies with an Access-Accept reply to the Cisco router but it seems that the router needs two attributes to accept this reply : Service-Type = Framed-User, Framed-Protocol = PPP, So I did the following configuration in users.conf : DEFAULT Framed-Protocol == PPP Service-Type = Framed-User, Framed-Protocol = PPP, Fall-Through = Yes But freeradius still replies with no attributes in Access-Accept packet... I read a lot of documentation about this and I'm quite confused since I don't really see any other mean to add attributes to replies... Any Ideas ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to add attributes to Access-Accept replies
Default users file has DEFAULT entries for that Service-Type and protocol. Default radiusd.conf uses files. You have changed the defaults and it's not working anymore. In default configuration make changes only to the ldap section and leave the rest as it was. Ivan Kalik Kalik Informatika ISP Dana 10/12/2007, Lucien RENAULT [EMAIL PROTECTED] piše: Hi, I'm running a configuration where a Cisco 1600 router is running a PPPoE server and check user passwords against a freeRadius server running under FreeBSD. This Radius server checks passwords against a LDAP database running on another BSD server. The authentication is working great, the Radius replies with an Access-Accept reply to the Cisco router but it seems that the router needs two attributes to accept this reply : Service-Type = Framed-User, Framed-Protocol = PPP, So I did the following configuration in users.conf : DEFAULT Framed-Protocol == PPP Service-Type = Framed-User, Framed-Protocol = PPP, Fall-Through = Yes But freeradius still replies with no attributes in Access-Accept packet... I read a lot of documentation about this and I'm quite confused since I don't really see any other mean to add attributes to replies... Any Ideas ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to add attributes to Access-Accept replies
Yes indeed, I changed the default entries of the users.conf because freeradius wasn't replying with the attributes so I tried many tricks in order to improve this but I never managed to get those attributes in Access-Accept packets... I also modified the ldap section of radiusd.conf but this one is working fine so I guess I wont have to change this anymore. I really think the problem comes from this users.conf file but I really can't figure out why the modifications I bring to this file don't affect radius behavior. Are there options I'm missing in other conf files maybe ? [EMAIL PROTECTED] wrote: Default users file has DEFAULT entries for that Service-Type and protocol. Default radiusd.conf uses files. You have changed the defaults and it's not working anymore. In default configuration make changes only to the ldap section and leave the rest as it was. Ivan Kalik Kalik Informatika ISP Dana 10/12/2007, Lucien RENAULT [EMAIL PROTECTED] piše: Hi, I'm running a configuration where a Cisco 1600 router is running a PPPoE server and check user passwords against a freeRadius server running under FreeBSD. This Radius server checks passwords against a LDAP database running on another BSD server. The authentication is working great, the Radius replies with an Access-Accept reply to the Cisco router but it seems that the router needs two attributes to accept this reply : Service-Type = Framed-User, Framed-Protocol = PPP, So I did the following configuration in users.conf : DEFAULT Framed-Protocol == PPP Service-Type = Framed-User, Framed-Protocol = PPP, Fall-Through = Yes But freeradius still replies with no attributes in Access-Accept packet... I read a lot of documentation about this and I'm quite confused since I don't really see any other mean to add attributes to replies... Any Ideas ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius2 CVS - hostname lookup has no effect
Edvin Seferovic wrote: Well I do. Just got the CVS version. Tried hostname_lookups = off / no ! No help. Only when the client is being entered in the clients.conf it is recognised. In the other hand I get Ok... the issue isn't related to hostname lookups. The server keeps known clients internally, which are global. i.e. the per-server lookups confused the code. Try doing cvs update. It should be fixed. How come the only known clients are found in the clients.conf ? Does the logging part even take a look at the virtual server configs? It does now. Is clients.conf being read at reload ? I have to restart the server to get the client back into the known list :( The clients aren't read on HUP. See the debug output for what's read on HUP. i.e. In CVS head, HUP *works*. Nothing bad happens, and *some* modules are reloaded. Even though not everything is reloaded... what *is* reloaded doesn't cause anything to crash. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to add attributes to Access-Accept replies
Yes indeed, I changed the default entries of the users.conf because freeradius wasn't replying with the attributes Why? Are you sure that server didn't respont the way it was supposed to? Send the output from radiusd -X from the request. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius2 CVS - hostname lookup has no effect
Well I do. Just got the CVS version. Tried hostname_lookups = off / no ! No help. Only when the client is being entered in the clients.conf it is recognised. In the other hand I get Ok... the issue isn't related to hostname lookups. The server keeps known clients internally, which are global. i.e. the per-server lookups confused the code. Try doing cvs update. It should be fixed. It is now ! The clients aren't read on HUP. See the debug output for what's read on HUP. Didn't know that. Thanks ! i.e. In CVS head, HUP *works*. Nothing bad happens, and *some* modules are reloaded. Even though not everything is reloaded... what *is* reloaded doesn't cause anything to crash. Ain't crashing at all, so it is just fine ! Regards, E:S - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ip assignment issue with poptop
Hi,
I wana use freeradius to dynamically assign ip to my vpn clients.
so I defined an ip pool with the range of 10.3.3.1 to 10.3.3.255,
with the radtest command , I'm getting the the ip in answer but while trying
to connect from vpn client and at the same time looking the debug mod output
there's no ip returned in answer.
radtest:
radtest new3 new3 localhost 1685 testing123
Sending Access-Request of id 8 to 127.0.0.1 port 1812
User-Name = new3
User-Password = new3
NAS-IP-Address = 255.255.255.255
NAS-Port = 1685
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=8, length=32
Framed-IP-Address = 10.3.3.91
Framed-IP-Netmask = 255.255.255.255
debug mod:
rad_recv: Access-Request packet from host 127.0.0.1:33802, id=99, length=146
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = new3
MS-CHAP-Challenge = 0x9dbdf0a41b6c569d8565b6813f9ae9e2
MS-CHAP2-Response =
0xbf00403c6176c9e7b825fc6332f4ecbb5c8a0a65a6f35ab28326cf016a4c0636a167d0213b2d4d161cf9
Calling-Station-Id = 85.15.42.219
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok for request 1
modcall[authorize]: module chap returns noop for request 1
rlm_mschap: Found MS-CHAP attributes. Setting 'Auth-Type = mschap'
modcall[authorize]: module mschap returns ok for request 1
rlm_realm: No '@' in User-Name = new3, looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for request 1
users: Matched entry DEFAULT at line 173
users: Matched entry DEFAULT at line 185
modcall[authorize]: module files returns ok for request 1
radius_xlat: 'new3'
rlm_sql (sql): sql_set_user escaped user -- 'new3'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radcheck WHERE Username = 'new3' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,
radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM
radgroupcheck,usergroup WHERE usergroup.Username = 'new3' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id, UserName, Attribute, Value, op FROM
radreply WHERE Username = 'new3' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,
radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM
radgroupreply,usergroup WHERE usergroup.Username = 'new3' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module sql returns ok for request 1
rlm_pap: Found existing Auth-Type, not changing it.
modcall[authorize]: module pap returns noop for request 1
modcall: leaving group authorize (returns ok) for request 1
rad_check_password: Found Auth-Type MS-CHAP
auth: type MS-CHAP
Processing the authenticate section of radiusd.conf
modcall: entering group MS-CHAP for request 1
rlm_mschap: Told to do MS-CHAPv2 for new3 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module mschap returns ok for request 1
modcall: leaving group MS-CHAP (returns ok) for request 1
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 1
rlm_ippool: Searching for an entry for nas/port: 127.0.0.1/1
rlm_ippool: Found Framed-IP-Address attribute in reply attribute list.
rlm_ippool: override is set to no. Return NOOP.
modcall[post-auth]: module main_pool returns noop for request 1
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'new3'
rlm_sql (sql): sql_set_user escaped user -- 'new3'
radius_xlat: 'INSERT into radpostauth (user, pass, reply, date) values
('new3', 'Chap-Password', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (user, pass,
reply, date) values ('new3', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
modcall[post-auth]: module sql returns ok for request 1
modcall: leaving group post-auth (returns ok) for request 1
Sending Access-Accept of id 99 to 127.0.0.1 port 33802
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
MS-CHAP2-Success =
0xbf533d3946364438464133353045454338453245314132423144453245344036333538323435303646
MS-MPPE-Recv-Key = 0x6bf743cc4d6fcdfe9ca3db2ffa091f2d
MS-MPPE-Send-Key = 0xf7c1c3f1197d3b3637982d14423a98de
MS-MPPE-Encryption-Policy = 0x0001
