trouble seting up freeradius :((
Hi, I really (desperatelly) need freeradius to work on my schools network - it's urgent. I've got server on Ubuntu 7.04. I setup freeradius accoring to some howtoos and tutorials, but with no luck. What I did was: - made deb package with tls support - installed deb freeradius package - did setup freeradius as told here http://ubuntuforums.org/showthread.php?t=478804&highlight=freeradius+openssl - problems... When I issue command freeradius -x i got this: rlm_eap_tls: Loading the certificate file as a chain rlm_eap: SSL error error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt rlm_eap_tls: Error reading private key file rlm_eap: Failed to initialize type tls radiusd.conf[10]: eap: Module instantiation failed. radiusd.conf[1944] Unknown module "eap". radiusd.conf[1891] Failed to parse authenticate section. Any idea ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hey Devinder, On Jan 29, 2008 9:50 AM, Devinder Singh <[EMAIL PROTECTED]> wrote: > Hi Liran > > The exact error message on Dial Up Admin is > > cannot connec to sql database. > Well that's not too helpful now, is it? I'm not too familiar with dialupadmin, maybe someone else can donate his 2 cents if they had this problem as well. Like I said before, you should try debugging the problem by taking a look at log files instead of trying to guess the problem into discovery. Some thoughts to think about: - is this working if you run it from console? mysql -u freeradius -pmysuperpassword radius - do you have the necessary php mysql package installed? (php4-mysql or php5-mysql) Regards, Liran Tal. > > > On 29/01/2008, Liran Tal <[EMAIL PROTECTED]> wrote: > > > > Hey Devinder, > > > > On Jan 29, 2008 9:41 AM, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > > > Hi Liran > > > > > > Where shoud i turn on the Logging in which file could you let me know > > > what files are involved to do logging. > > > > > > > > > > Turning on the mysql logging is done in mysql's configuration > > file (on debian it's found at /etc/mysql/my.cnf). > > > > What is the exact error message you receive in the web page? > > "Dial Up admin page i get cannot connect to sql databse" is too > > ambiguous. > > Copy and paste it here. > > > > > > Regards, > > Liran Tal. > > > > > > > > > > > > > > > > > On 29/01/2008, liran tal <[EMAIL PROTECTED]> wrote: > > > > > > > > Hey Devinder, > > > > > > > > On Jan 29, 2008 5:06 AM, Devinder Singh <[EMAIL PROTECTED]> > > > > wrote: > > > > > > > > > Dear Liran > > > > > > > > > > this is my dialup_admin.conf file > > > > > sql_type: mysql > > > > > sql_server: localhost > > > > > sql_port: 3306 > > > > > sql_username: freeradius > > > > > sql_password: mysuperpassword > > > > > sql_database: radius > > > > > sql_accounting_table: radacct > > > > > sql_badusers_table: badusers > > > > > sql_check_table: radcheck > > > > > sql_reply_table: radreply > > > > > sql_user_info_table: userinfo > > > > > sql_groupcheck_table: radgroupcheck > > > > > sql_groupreply_table: radgroupreply > > > > > sql_usergroup_table: usergroup > > > > > > > > > > and this is the /usr/raddb/sql.conf confihguration > > > > > > > > > > sql { > > > > > # Database type > > > > > # Current supported are: rlm_sql_mysql, > > > > > rlm_sql_postgresql, > > > > > # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, > > > > > rlm_sql_freetds > > > > > driver = "rlm_sql_mysql" > > > > > > > > > > # Connect info > > > > > server = "localhost" > > > > > login = "freeradius" > > > > > password = "mysuperpassword" > > > > > > > > > > # Database table configuration > > > > > radius_db = "radius" > > > > > > > > > > # If you want both stop and start records logged to the > > > > > # same SQL table, leave this as is. If you want them in > > > > > # different tables, put the start table in acct_table1 > > > > > # and stop table in acct_table2 > > > > > acct_table1 = "radacct" > > > > > acct_table2 = "radacct" > > > > > > > > > > # Allow for storing data after authentication > > > > > postauth_table = "radpostauth" > > > > > > > > > > Is there anything that i as missing pls advise. > > > > > > > > > > > > > > > > > I guess that looks alright but you haven't done any debugging like > > > > I suggested. Turn on mysql logging and see if there's even a > > > > connection > > > > attempt and if there is you can track what query is going wrong. > > > > > > > > You haven't detailed what is the exact error, it could just as well > > > > be that > > > > everything is configured fine but you haven't installed any > > > > php-mysql > > > > package and you have error_reporting turned off and so you are not > > > > seeing > > > > the error. > > > > > > > > Please check these things first. > > > > > > > > Regards, > > > > Liran Tal. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 28/01/2008, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > Hi Liran > > > > > > > > > > > > Are the a lot of changes to be made on Dial Up Admin admin.conffile > > > > > > > > > > > > > > > > > > Could you suggest any specific changes as well in > > > > > > etc/raddb/sql.conf > > > > > > > > > > > > > > > > > > Regards > > > > > > Devinder > > > > > > > > > > > > > > > > > > On 28/01/2008, Liran Tal <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > Hey Devinder, > > > > > > > > > > > > > > On Jan 28, 2008 8:44 AM, Devinder Singh < > > > > > > > [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > Hi Liran > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > I amd using MySQL would daloradius work with MySQL > > > > > > > > > > > > > > > > > > > > > > Yes, daloradius has native support for mysql. > > > > > > > You check on dialupadmin for configuring errors - what is the > > >
Re: Detailed logging on 1.1.7 [fixed]
Peter Nixon wrote: On Mon 28 Jan 2008, Mother wrote: 1. Install screen (not by default installed in FreeBSD). 2. Run a new screen, name it something convenient (# screen -S radiusd) 3. Hit Ctrl+A-H, this will log all console output to file. 4. Start radiusd with -X or -x 5. Detach from the screen with Ctrl+A-d FreeRADIUS is now running in this screen, and everything is being stored to log file. At any time, you can reattach to the screen (both from local and over SSH) to see what is going on in real time. Thanks. Nice instructions. I have added them to the wiki (slightly modified) Cheers Thanks Peter, it's nice to see the contribution was meaningful :) Cheers, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: one RADIUS server per realm setup
I appear to have gotten this working by adding the following to my authorize {} section: if (Realm == "localdomain.edu") { files ldap } Obviously removing the reference to "files" and "ldap" from elsewhere in the authorize section. Then I do LDAP group checking in the users file like this: # Allow Students DEFAULT Ldap-Group == 30 # ...and Staff DEFAULT Ldap-Group == 40 # ...and Faculty DEFAULT Ldap-Group == 50 # ...and nobody else! DEFAULT Auth-Type := Reject Reply-Message = "Only current faculty, staff or students are allowed to log in." ...and in radiusd.conf, the following non-default config in the ldap section to establish how to find Ldap-Group: base_filter = "(objectclass=posixAccount)" groupname_attribute = gidNumber groupmembership_filter = "(&(objectClass=posixAccount)(uid=%{Stripped-User-Name}))" groupmembership_attribute = gidNumber And then I have set up my proxy hosts for other realms (domains) in proxy.conf This seems to accomplish what I want, which is to check LDAP groups during authorization only if the realm is local. I'm not sure what the syntax rules for the authorize{} section of the config files are; I was unable to find any description in the docs of how one goes about figuring out how to write these conditional statements. What language is it? It seems C-like, but only kindof. Did I miss this in the documentation? And the only way I could tell that I could use the variable "Realm" is because it was in the debugging output of freeradius. I couldn't find a list of available variables on the wiki, other than http://wiki.freeradius.org/Run-time_variables#Conditional_syntax , which is very incomplete non self-explanatory. I'm just confused as to how I was supposed to figure all this out without doing what I did, which was bang my head against the wall for a long time. I kinda figured there was some default way I was supposed to be doing what I was doing, but I gave up and did what feels like a "hack" to me. Is it OK? Am I missing a clear place where all of this is described? This is a fabulous piece of software, and I appreciate its license, its functionality, and its highly-configurable nature, I just feel like I'm missing something :) All the best, -Josiah Wm. Josiah Erikson wrote: I see. I can, indeed, remove Auth-Type := LDAP from the users file and it still works. Cool! However, the behavior described in the documentation is not what I'm seeing, and I'm still getting (contrary to what I said in my previous email) authorization requests not being proxied, even though I have, in my authorize section, the "suffix" directive previous to "files" and "ldap", which is where I check the LDAP group If my realm is @hampshire.edu, everything works as I want it to, because it doesn't proxy. But when I try to authenticate as a fake user in my test proxy realm (I just want to see it try to proxy), it looks in the local LDAP database! Huh? It says it's preparing to proxy , as it should... how do I make it either proxy authorization as well, or skip authorization for non-local domains? How should I go about this? I must be misunderstanding something. I don't want it to do anything locally if I've set it to proxy! I get the following relevant output from freeradius -X: Listening on authentication address * port 1812 Listening on accounting address * port 1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 34022, id=118, length=66 User-Name = "[EMAIL PROTECTED]" User-Password = "passwowrd" NAS-IP-Address = 172.20.66.104 NAS-Port = 1 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: Looking up realm "testdomain.edu" for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm "testdomain.edu" rlm_realm: Adding Stripped-User-Name = "dude" rlm_realm: Proxying request from user dude to realm testdomain.edu rlm_realm: Adding Realm = "testdomain.edu" rlm_realm: Preparing to proxy authentication request to realm "testdomain.edu" ++[suffix] returns updated ++[unix] returns notfound rlm_ldap: Entering ldap_groupcmp() expand: dc=hampshire, dc=edu -> dc=hampshire, dc=edu expand: (uid=%{Stripped-User-Name}) -> (uid=dude) rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.hampshire.edu:389, authentication 0 rlm_ldap: bind as uid=tu, ou=account, dc=hampshire, dc=edu/tp to ldap.hampshire.edu:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=hampshire, dc=edu, with filter (uid=dude) rlm_ldap: object not found or got ambiguous search result rlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: Enterin
memory corruption when proxying accounting requests
Hi, Im having problems proxying accounting requests on FreeRadius 2. Local auth and acct works fine, and proxying auth works. But as soon as I try to proxy accounting then Freeradius crashes. I have tried proxying to an old stable freeradius server, through a home server, direct to a virtual server, home server pools, and I have tried to add and remove all the modules and options I can to try to find if there is a particular part that makes it crash but no luck. The accounting requests gets sent, and FreeRadius crashes after. Ive tried to install both version FreeRadius 2.0.0 and 2.0.1 on two different servers both running different Ubuntu versions. Anyone have an idea what I can try next? Here is output from one of the installations: *** glibc detected *** ../../sbin/radiusd: malloc(): memory corruption: 0x081b7460 *** === Backtrace: = /lib/tls/i686/cmov/libc.so.6[0xb7c7c1cd] /lib/tls/i686/cmov/libc.so.6(malloc+0x7f)[0xb7c7d83f] /usr/local/freeradius2/lib/libfreeradius-radius-2.0.1.so(paircopy2+0x69)[0xb 7f503d9] /usr/local/freeradius2/lib/libfreeradius-radius-2.0.1.so(paircopy+0x25)[0xb7 f50475] ../../sbin/radiusd[0x806150d] ../../sbin/radiusd(radius_handle_request+0x5b)[0x806160b] ../../sbin/radiusd(thread_pool_addrequest+0x36)[0x805bd56] ../../sbin/radiusd[0x8060c32] /usr/local/freeradius2/lib/libfreeradius-radius-2.0.1.so(fr_event_loop+0x236 )[0xb7f53db6] ../../sbin/radiusd(radius_event_process+0x30)[0x80624e0] ../../sbin/radiusd(main+0x572)[0x805ad52] /lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb7c2a8cc] ../../sbin/radiusd[0x804d1f1] === Memory map: 08048000-08076000 r-xp 08:07 326643 /usr/local/freeradius2/sbin/radiusd 08076000-08078000 rw-p 0002d000 08:07 326643 /usr/local/freeradius2/sbin/radiusd 08078000-081d3000 rw-p 08078000 00:00 0 [heap] b780-b7821000 rw-p b780 00:00 0 b7821000-b790 ---p b7821000 00:00 0 b79ab000-b79b5000 r-xp 08:01 144592 /lib/libgcc_s.so.1 b79b5000-b79b6000 rw-p 9000 08:01 144592 /lib/libgcc_s.so.1 b79bb000-b79bd000 r-xp 08:07 326401 /usr/local/freeradius2/lib/rlm_attr_filter-2.0.1.so b79bd000-b79be000 rw-p 1000 08:07 326401 /usr/local/freeradius2/lib/rlm_attr_filter-2.0.1.so b79be000-b79e2000 r-xp 08:01 144858 /lib/tls/i686/cmov/libm-2.4.so b79e2000-b79e4000 rw-p 00023000 08:01 144858 /lib/tls/i686/cmov/libm-2.4.so b79e4000-b7b73000 r-xp 08:07 505387 /usr/lib/libmysqlclient_r.so.15.0.0 b7b73000-b7bb7000 rw-p 0018e000 08:07 505387 /usr/lib/libmysqlclient_r.so.15.0.0 b7bb7000-b7bb8000 rw-p b7bb7000 00:00 0 b7bba000-b7bbc000 r-xp 08:07 326391 /usr/local/freeradius2/lib/rlm_acct_unique-2.0.1.so b7bbc000-b7bbd000 rw-p 1000 08:07 326391 /usr/local/freeradius2/lib/rlm_acct_unique-2.0.1.so b7bbd000-b7bbf000 r-xp 08:07 326608 /usr/local/freeradius2/lib/rlm_sql_mysql-2.0.1.so b7bbf000-b7bc rw-p 1000 08:07 326608 /usr/local/freeradius2/lib/rlm_sql_mysql-2.0.1.so b7bc-b7bc8000 r-xp 08:07 326613 /usr/local/freeradius2/lib/rlm_sql-2.0.1.so b7bc8000-b7bc9000 rw-p 7000 08:07 326613 /usr/local/freeradius2/lib/rlm_sql-2.0.1.so b7bc9000-b7bcb000 r-xp 08:07 326598 /usr/local/freeradius2/lib/rlm_realm-2.0.1.so b7bcb000-b7bcc000 rw-p 1000 08:07 326598 /usr/local/freeradius2/lib/rlm_realm-2.0.1.so b7bcc000-b7bce000 r-xp 08:07 326583 /usr/local/freeradius2/lib/rlm_preprocess-2.0.1.so b7bce000-b7bcf000 rw-p 2000 08:07 326583 /usr/local/freeradius2/lib/rlm_preprocess-2.0.1.so b7bcf000-b7bd1000 r-xp 08:07 326411 /usr/local/freeradius2/lib/rlm_chap-2.0.1.so b7bd1000-b7bd2000 rw-p 1000 08:07 326411 /usr/local/freeradius2/lib/rlm_chap-2.0.1.so b7bd2000-b7bd5000 r-xp 08:07 326567 /usr/local/freeradius2/lib/rlm_pap-2.0.1.so b7bd5000-b7bd6000 rw-p 3000 08:07 326567 /usr/local/freeradius2/lib/rlm_pap-2.0.1.so b7bd6000-b7bd9000 r-xp 08:07 326551 /usr/local/freeradius2/lib/rlm_logintime-2.0.1.so b7bd9000-b7bda000 rw-p 2000 08:07 326551 /usr/local/freeradius2/lib/rlm_logintime-2.0.1.so b7bda000-b7bdc000 r-xp 08:07 326514 /usr/local/freeradius2/lib/rlm_expiration-2.0.1.so b7bdc000-b7bdd000 rw-p 1000 08:07 326514 /usr/local/freeradius2/lib/rlm_expiration-2.0.1.so b7bdd000-b7be r-xp 08:07 326519 /usr/local/freeradius2/lib/rlm_expr-2.0.1.so b7be-b7be1000 rw-p 2000 08:07 326519 /usr/local/freeradius2/lib/rlm_expr-2.0.1.so b7be1000-b7beaAborted Cheers, Jørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Issue reading from detail to sql (buffered-sql virtual server)
Hi, I'm trying to get my detail file picked up by multiple virtual servers and relayed to multiple PostgreSQL backends. The detail file writes fine, however the detail reader will only ever write one entry to the Postgres DB when it starts. The config I have for the virtual server in question is below: server local_logger { listen { type = detail filename = ${radacctdir}/detail load_factor = 20 } preacct { preprocess acct_unique files } accounting { sql_logger1 } } I have verified that sql_logger1 isn't the problem, if I put that after the detail directive in another virtual server data gets written to the database every time. It looks like my local_logger never picks anything up (except once on startup). Looking at server starting in debug mode I see this: listen { type = "detail" listen { filename = "/var/log/freeradius/radacct/detail" load_factor = 20 } } Is this normal? The listen directive is in the same format as the other virtual servers but this is the only one which has nested listens in the server startup. Thanks in advance, Nick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap authentication problem
Can anyone tell me what I'm doing wrong here? trying to auth. a wireless user with freeradius. I'm not sure if the mistake is in the certificates of the radius config. authebtication process gets stuck in "attempting to authenticate" EAP-Message = 0x064d5a2d6166740e00 Message-Authenticator = 0x State = 0x55a44efe0a103d2b2a24bb8f72998edc Finished request 6 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.100.5:4855, id=3, length=191 Message-Authenticator = 0xfab5bbc4d21c025b436d243b9579b617 Service-Type = Framed-User User-Name = "wireless" Framed-MTU = 1488 State = 0x55a44efe0a103d2b2a24bb8f72998edc Called-Station-Id = "00-18-F8-F5-87-53:mikiemike" Calling-Station-Id = "00-13-E8-94-F3-B5" NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" EAP-Message = 0x020300060d00 NAS-IP-Address = 192.168.100.5 NAS-Port = 1 NAS-Port-Id = "STA port # 1" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 7 modcall[authorize]: module "preprocess" returns ok for request 7 modcall[authorize]: module "chap" returns noop for request 7 modcall[authorize]: module "mschap" returns noop for request 7 rlm_realm: No '@' in User-Name = "wireless", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 7 rlm_eap: EAP packet type response id 3 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 7 users: Matched DEFAULT at 152 users: Matched DEFAULT at 171 users: Matched wireless at 231 modcall[authorize]: module "files" returns ok for request 7 modcall: group authorize returns updated for request 7 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 7 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message rlm_eap_tls: ack handshake fragment handler eaptls_verify returned 1 eaptls_process returned 13 modcall[authenticate]: module "eap" returns handled for request 7 modcall: group authenticate returns handled for request 7 Sending Access-Challenge of id 3 to 192.168.100.5:4855 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User EAP-Message = 0x0104000a0d80 Message-Authenticator = 0x State = 0xbf025c40824435e386c6a8b6a1ad5735 Finished request 7 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Cleaning up request 4 ID 0 with timestamp 479f9369 Cleaning up request 5 ID 1 with timestamp 479f9369 Cleaning up request 6 ID 2 with timestamp 479f9369 Cleaning up request 7 ID 3 with timestamp 479f936 thanks a lot in advance for any help. reg. Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Different outgoing then ingoing IP when proxying
My guess is that this means that you don't have the network interface lo running, or your routing table is messed up? If you're sending from the localhost to 127.0.0.1, the source should be 127.0.0.1, I would think. What OS are you using? If it's linux (or another *nix), you could paste the output of "route -n" here and it might help us to debug your problem. Is the firewall running locally on the box or elsewhere? -Josiah Alan DeKok wrote: Jørn Kostøl wrote: However a firewall, which cannot be changed, does not let me send packets from the external IP to the localhost on which the virtual server is listening. It's weird that the kernel would choose an external IP to use as the source for packets to localhost. Is it possible to have Freeradius listen on one IP for the NAS, but proxy on a different IP (localhost) ? Not right now. It wouldn't be too difficult to add a "source IP" field to the "home server" entry, so you could specify where packets came from. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Wm. Josiah Erikson Computing Support School of Cognitive Science Hampshire College Amherst, MA 01002 (413) 559-6091 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Different outgoing then ingoing IP when proxying
Jørn Kostøl wrote: > However a firewall, which cannot be changed, does not let me send > packets from the external IP to the localhost on which the virtual > server is listening. It's weird that the kernel would choose an external IP to use as the source for packets to localhost. > Is it possible to have Freeradius listen on one IP for the NAS, but > proxy on a different IP (localhost) ? Not right now. It wouldn't be too difficult to add a "source IP" field to the "home server" entry, so you could specify where packets came from. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Enterasys gear and freeradius
Anyone using freeradius with Enterasys switches/routers for mac authentication with openldap backend? Currently using SBR with some problems that can only be fixed by upgrading to the GEE edition $$. Radius system: CentOS 5 Linux Freeradius 1.1.3 OpenLDAP server: CentOS 5 Linux OpenLDAP 2.3.39 Already using RADIUS-LDAPv3.schema with SBR Regards, Kent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Different outgoing then ingoing IP when proxying
Hi, I have a 2.0.1 server running as proxy, with a virtual server handling the proxied requests. However a firewall, which cannot be changed, does not let me send packets from the external IP to the localhost on which the virtual server is listening. Is it possible to have Freeradius listen on one IP for the NAS, but proxy on a different IP (localhost) ? Cheers, Jørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: deactivate ldap.attrmap
Sebastian Heil wrote: > Is there a way to deactivate the ldap.attrmap file? Edit the source code & re-compile. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
deactivate ldap.attrmap
Hello, we are using freeradius 2.0.1 on SLES 10. Our users are authorized and authenticated via ldap against a Novell eDirectory. When i look at a trace on the eDirectory, i see a lot of attributes, the Freeradius-Server wants to get from the directory. But we don't have any of these attributes in the directory, and we don't need them. So, i tried to comment out the line #dictionary_mapping = ${confdir}/ldap.attrmap in the radiusd.conf, but the server still wants to get the attributes from the directory. So, i commented out all the lines in the file ldap.attrmap, which doesn't work... The server still wants to have a least one active line in the file. --- rlm_ldap: dictionary mappings file /etc/raddb/ldap.attrmap did not contain any mappings /etc/raddb/radiusd.conf[637]: Instantiation failed for module "ldap" --- Is there a way to deactivate the ldap.attrmap file? Thanks a lot! Sebastian -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
users file matching rules
hi, i have a problem with the users file rules. I can use "NAS-IP-Address", "User-Name", "NAS-Port-Type" field in order to filter the packet and make different type of authentication inside users file. for example DEFAULT NAS-Port-Type == Wireless-802.11 , Autz-Type := wireless , Auth-Type := wireless this rule matches the packet and start wireless auth-type etc etc... but if i use DEFAULT Called-Station-Id == "0A-11-22-33-44-55:ssid" , Autz-Type := wireless , Auth-Type := wireless with or without double quotes this rule doesn't match the packet. I'm using EAP-TTLS+pap , maybe there's a problem with the session inside the tunnel and the one outside the tunnel? the simple question is, why if i see that field i 'm not able to use it? where's my misconfiguration? of course radiusd -X gives rad_recv: Access-Request packet from host 192.168.123.251.:1365, id=69, length=744 User-Name = "testuser" NAS-IP-Address = 127.0.0.1 NAS-Port = 1 Called-Station-Id = "0A-11-22-33-44-55:ssid" Calling-Station-Id = "00-00-11-11-11-55" Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = "CONNECT 54Mbps 802.11g" (i didn't send the whole radiusd -X output because i thought it was useless) arjuna -- View this message in context: http://www.nabble.com/users-file-matching-rules-tp15156740p15156740.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
On Tue, Jan 29, 2008 at 04:50:07PM +0800, Devinder Singh <[EMAIL PROTECTED]> wrote a message of 390 lines which said: > The exact error message on Dial Up Admin is ^ I doubt it because there is a typo in it > cannot connec to sql database. ^^ Learning to copy-and-paste may be useful :-) See http://catb.org/~esr/faqs/smart-questions.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hey Devinder, On Jan 29, 2008 9:41 AM, Devinder Singh <[EMAIL PROTECTED]> wrote: > Hi Liran > > Where shoud i turn on the Logging in which file could you let me know what > files are involved to do logging. > > Turning on the mysql logging is done in mysql's configuration file (on debian it's found at /etc/mysql/my.cnf). What is the exact error message you receive in the web page? "Dial Up admin page i get cannot connect to sql databse" is too ambiguous. Copy and paste it here. Regards, Liran Tal. > > > On 29/01/2008, liran tal <[EMAIL PROTECTED]> wrote: > > > > Hey Devinder, > > > > On Jan 29, 2008 5:06 AM, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > > > Dear Liran > > > > > > this is my dialup_admin.conf file > > > sql_type: mysql > > > sql_server: localhost > > > sql_port: 3306 > > > sql_username: freeradius > > > sql_password: mysuperpassword > > > sql_database: radius > > > sql_accounting_table: radacct > > > sql_badusers_table: badusers > > > sql_check_table: radcheck > > > sql_reply_table: radreply > > > sql_user_info_table: userinfo > > > sql_groupcheck_table: radgroupcheck > > > sql_groupreply_table: radgroupreply > > > sql_usergroup_table: usergroup > > > > > > and this is the /usr/raddb/sql.conf confihguration > > > > > > sql { > > > # Database type > > > # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, > > > # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, > > > rlm_sql_freetds > > > driver = "rlm_sql_mysql" > > > > > > # Connect info > > > server = "localhost" > > > login = "freeradius" > > > password = "mysuperpassword" > > > > > > # Database table configuration > > > radius_db = "radius" > > > > > > # If you want both stop and start records logged to the > > > # same SQL table, leave this as is. If you want them in > > > # different tables, put the start table in acct_table1 > > > # and stop table in acct_table2 > > > acct_table1 = "radacct" > > > acct_table2 = "radacct" > > > > > > # Allow for storing data after authentication > > > postauth_table = "radpostauth" > > > > > > Is there anything that i as missing pls advise. > > > > > > > > > I guess that looks alright but you haven't done any debugging like > > I suggested. Turn on mysql logging and see if there's even a connection > > attempt and if there is you can track what query is going wrong. > > > > You haven't detailed what is the exact error, it could just as well be > > that > > everything is configured fine but you haven't installed any php-mysql > > package and you have error_reporting turned off and so you are not > > seeing > > the error. > > > > Please check these things first. > > > > Regards, > > Liran Tal. > > > > > > > > > > > > > > > > > > On 28/01/2008, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > > > > > > Hi Liran > > > > > > > > Are the a lot of changes to be made on Dial Up Admin admin.conf file > > > > > > > > > > > > Could you suggest any specific changes as well in etc/raddb/sql.conf > > > > > > > > > > > > Regards > > > > Devinder > > > > > > > > > > > > On 28/01/2008, Liran Tal <[EMAIL PROTECTED]> wrote: > > > > > > > > > > Hey Devinder, > > > > > > > > > > On Jan 28, 2008 8:44 AM, Devinder Singh <[EMAIL PROTECTED]> > > > > > wrote: > > > > > > > > > > > Hi Liran > > > > > > > > > > > > > > > > > > > > > > > > I amd using MySQL would daloradius work with MySQL > > > > > > > > > > > > > > > > Yes, daloradius has native support for mysql. > > > > > You check on dialupadmin for configuring errors - what is the > > > > > error message that you get? > > > > > > > > > > It is also very useful to turn on mysql logging to see if there's > > > > > even a connection attempt and if there is, what is causing > > > > > the error. > > > > > > > > > > Regards, > > > > > Liran Tal. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 28/01/2008, liran tal <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > Hey Devinder, > > > > > > > > > > > > > > On Jan 28, 2008 4:35 AM, Devinder Singh < > > > > > > > [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > > > Hi > > > > > > > > > > > > > > > > I am using Dial Up Admin on Free radius > > > > > > > > > > > > > > > > > > > > > > > > Free Radius is Running but when i acccess Dial Up admin page > > > > > > > > i get cannot connect to sql databse > > > > > > > > > > > > > > > > I have done most of the configuration settings and followed > > > > > > > > the wiki tutorial on Free Radius. > > > > > > > > > > > > > > > > > > > > > > Did you check that your sql server is actually running? > > > > > > > Did you import the radius database schema into the sql server? > > > > > > > Did you configure all the required settings to connect to the > > > > > > > sql server in dialupadmin? > > > > > > > > > > > > > > > > > > > > > You also might want to take a look at daloRADIUS fo
Re: cannot connect to sql databse
Hi Liran The exact error message on Dial Up Admin is cannot connec to sql database. Rgds Devinder On 29/01/2008, Liran Tal <[EMAIL PROTECTED]> wrote: > > Hey Devinder, > > On Jan 29, 2008 9:41 AM, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > Hi Liran > > > > Where shoud i turn on the Logging in which file could you let me know > > what files are involved to do logging. > > > > > > Turning on the mysql logging is done in mysql's configuration > file (on debian it's found at /etc/mysql/my.cnf). > > What is the exact error message you receive in the web page? > "Dial Up admin page i get cannot connect to sql databse" is too ambiguous. > Copy and paste it here. > > > Regards, > Liran Tal. > > > > > > > > > > On 29/01/2008, liran tal <[EMAIL PROTECTED]> wrote: > > > > > > Hey Devinder, > > > > > > On Jan 29, 2008 5:06 AM, Devinder Singh <[EMAIL PROTECTED]> > > > wrote: > > > > > > > Dear Liran > > > > > > > > this is my dialup_admin.conf file > > > > sql_type: mysql > > > > sql_server: localhost > > > > sql_port: 3306 > > > > sql_username: freeradius > > > > sql_password: mysuperpassword > > > > sql_database: radius > > > > sql_accounting_table: radacct > > > > sql_badusers_table: badusers > > > > sql_check_table: radcheck > > > > sql_reply_table: radreply > > > > sql_user_info_table: userinfo > > > > sql_groupcheck_table: radgroupcheck > > > > sql_groupreply_table: radgroupreply > > > > sql_usergroup_table: usergroup > > > > > > > > and this is the /usr/raddb/sql.conf confihguration > > > > > > > > sql { > > > > # Database type > > > > # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, > > > > # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, > > > > rlm_sql_freetds > > > > driver = "rlm_sql_mysql" > > > > > > > > # Connect info > > > > server = "localhost" > > > > login = "freeradius" > > > > password = "mysuperpassword" > > > > > > > > # Database table configuration > > > > radius_db = "radius" > > > > > > > > # If you want both stop and start records logged to the > > > > # same SQL table, leave this as is. If you want them in > > > > # different tables, put the start table in acct_table1 > > > > # and stop table in acct_table2 > > > > acct_table1 = "radacct" > > > > acct_table2 = "radacct" > > > > > > > > # Allow for storing data after authentication > > > > postauth_table = "radpostauth" > > > > > > > > Is there anything that i as missing pls advise. > > > > > > > > > > > > > I guess that looks alright but you haven't done any debugging like > > > I suggested. Turn on mysql logging and see if there's even a > > > connection > > > attempt and if there is you can track what query is going wrong. > > > > > > You haven't detailed what is the exact error, it could just as well be > > > that > > > everything is configured fine but you haven't installed any php-mysql > > > package and you have error_reporting turned off and so you are not > > > seeing > > > the error. > > > > > > Please check these things first. > > > > > > Regards, > > > Liran Tal. > > > > > > > > > > > > > > > > > > > > > > > > > On 28/01/2008, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > > > > > > > > Hi Liran > > > > > > > > > > Are the a lot of changes to be made on Dial Up Admin admin.conffile > > > > > > > > > > > > > > > Could you suggest any specific changes as well in > > > > > etc/raddb/sql.conf > > > > > > > > > > > > > > > Regards > > > > > Devinder > > > > > > > > > > > > > > > On 28/01/2008, Liran Tal <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > Hey Devinder, > > > > > > > > > > > > On Jan 28, 2008 8:44 AM, Devinder Singh <[EMAIL PROTECTED]> > > > > > > wrote: > > > > > > > > > > > > > Hi Liran > > > > > > > > > > > > > > > > > > > > > > > > > > > > I amd using MySQL would daloradius work with MySQL > > > > > > > > > > > > > > > > > > > Yes, daloradius has native support for mysql. > > > > > > You check on dialupadmin for configuring errors - what is the > > > > > > error message that you get? > > > > > > > > > > > > It is also very useful to turn on mysql logging to see if > > > > > > there's > > > > > > even a connection attempt and if there is, what is causing > > > > > > the error. > > > > > > > > > > > > Regards, > > > > > > Liran Tal. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On 28/01/2008, liran tal <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > > > Hey Devinder, > > > > > > > > > > > > > > > > On Jan 28, 2008 4:35 AM, Devinder Singh < > > > > > > > > [EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > > > > > > > > > > Hi > > > > > > > > > > > > > > > > > > I am using Dial Up Admin on Free radius > > > > > > > > > > > > > > > > > > > > > > > > > > > Free Radius is Running but when i acccess Dial Up admin > > > > > > > > > page i get cannot connect to sql databse > > > > > > > > > > > >
Re: cannot connect to sql databse
Hi Liran Where shoud i turn on the Logging in which file could you let me know what files are involved to do logging. Regards Devinder On 29/01/2008, liran tal <[EMAIL PROTECTED]> wrote: > > Hey Devinder, > > On Jan 29, 2008 5:06 AM, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > Dear Liran > > > > this is my dialup_admin.conf file > > sql_type: mysql > > sql_server: localhost > > sql_port: 3306 > > sql_username: freeradius > > sql_password: mysuperpassword > > sql_database: radius > > sql_accounting_table: radacct > > sql_badusers_table: badusers > > sql_check_table: radcheck > > sql_reply_table: radreply > > sql_user_info_table: userinfo > > sql_groupcheck_table: radgroupcheck > > sql_groupreply_table: radgroupreply > > sql_usergroup_table: usergroup > > > > and this is the /usr/raddb/sql.conf confihguration > > > > sql { > > # Database type > > # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, > > # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, > > rlm_sql_freetds > > driver = "rlm_sql_mysql" > > > > # Connect info > > server = "localhost" > > login = "freeradius" > > password = "mysuperpassword" > > > > # Database table configuration > > radius_db = "radius" > > > > # If you want both stop and start records logged to the > > # same SQL table, leave this as is. If you want them in > > # different tables, put the start table in acct_table1 > > # and stop table in acct_table2 > > acct_table1 = "radacct" > > acct_table2 = "radacct" > > > > # Allow for storing data after authentication > > postauth_table = "radpostauth" > > > > Is there anything that i as missing pls advise. > > > > > I guess that looks alright but you haven't done any debugging like > I suggested. Turn on mysql logging and see if there's even a connection > attempt and if there is you can track what query is going wrong. > > You haven't detailed what is the exact error, it could just as well be > that > everything is configured fine but you haven't installed any php-mysql > package and you have error_reporting turned off and so you are not seeing > the error. > > Please check these things first. > > Regards, > Liran Tal. > > > > > > > > > > > On 28/01/2008, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > > > > Hi Liran > > > > > > Are the a lot of changes to be made on Dial Up Admin admin.conf file > > > > > > > > > Could you suggest any specific changes as well in etc/raddb/sql.conf > > > > > > > > > Regards > > > Devinder > > > > > > > > > On 28/01/2008, Liran Tal <[EMAIL PROTECTED]> wrote: > > > > > > > > Hey Devinder, > > > > > > > > On Jan 28, 2008 8:44 AM, Devinder Singh <[EMAIL PROTECTED]> > > > > wrote: > > > > > > > > > Hi Liran > > > > > > > > > > > > > > > > > > > > I amd using MySQL would daloradius work with MySQL > > > > > > > > > > > > > Yes, daloradius has native support for mysql. > > > > You check on dialupadmin for configuring errors - what is the > > > > error message that you get? > > > > > > > > It is also very useful to turn on mysql logging to see if there's > > > > even a connection attempt and if there is, what is causing > > > > the error. > > > > > > > > Regards, > > > > Liran Tal. > > > > > > > > > > > > > > > > > > > > > > > > > > On 28/01/2008, liran tal <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > > > > Hey Devinder, > > > > > > > > > > > > On Jan 28, 2008 4:35 AM, Devinder Singh <[EMAIL PROTECTED]> > > > > > > wrote: > > > > > > > > > > > > > > > > > > > > Hi > > > > > > > > > > > > > > I am using Dial Up Admin on Free radius > > > > > > > > > > > > > > > > > > > > > Free Radius is Running but when i acccess Dial Up admin page i > > > > > > > get cannot connect to sql databse > > > > > > > > > > > > > > I have done most of the configuration settings and followed > > > > > > > the wiki tutorial on Free Radius. > > > > > > > > > > > > > > > > > > > Did you check that your sql server is actually running? > > > > > > Did you import the radius database schema into the sql server? > > > > > > Did you configure all the required settings to connect to the > > > > > > sql server in dialupadmin? > > > > > > > > > > > > > > > > > > You also might want to take a look at daloRADIUS for easy web > > > > > > management > > > > > > of freeradius with sql servers: > > > > > > http://sourceforge.net/projects/daloradius/ > > > > > > > > > > > > > > > > > > Regards, > > > > > > Liran. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > - > > > > > > List info/subscribe/unsubscribe? See > > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > > Devinder > > > > > - > > > > > List info/subscribe/unsubscribe? See > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/
Re: Logging from another PC
Hey, On Jan 29, 2008 9:45 AM, <[EMAIL PROTECTED]> wrote: > Hi, > > I have a question. > When the user logs using own username and password into Radius server (ie, > using 192.168.160.5), it is OK. When someone change IP address statically > into logged IP (to 192.168.160.5), he can use the logged account. I mean > he can use another one's account. This is something that the NAS controls. FreeRADIUS only receives authentication requests upon which it can Accept or Reject the user. You might also want to look at the Simultaneous-Use attribute. > How can I block another PC? And I don't > want the user logs often in one day. You can set a check attribute for the Calling-Station-Id MAC Address and so the user will be granted access only if he logs in from a specific machine. > User must logs once in a day. That's > why I don't want to put Idle-Timeout attribute. > > Explain better please. Regards, Liran Tal. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: cannot connect to sql databse
Hey Devinder, On Jan 29, 2008 5:06 AM, Devinder Singh <[EMAIL PROTECTED]> wrote: > Dear Liran > > this is my dialup_admin.conf file > sql_type: mysql > sql_server: localhost > sql_port: 3306 > sql_username: freeradius > sql_password: mysuperpassword > sql_database: radius > sql_accounting_table: radacct > sql_badusers_table: badusers > sql_check_table: radcheck > sql_reply_table: radreply > sql_user_info_table: userinfo > sql_groupcheck_table: radgroupcheck > sql_groupreply_table: radgroupreply > sql_usergroup_table: usergroup > > and this is the /usr/raddb/sql.conf confihguration > > sql { > # Database type > # Current supported are: rlm_sql_mysql, rlm_sql_postgresql, > # rlm_sql_iodbc, rlm_sql_oracle, rlm_sql_unixodbc, rlm_sql_freetds > driver = "rlm_sql_mysql" > > # Connect info > server = "localhost" > login = "freeradius" > password = "mysuperpassword" > > # Database table configuration > radius_db = "radius" > > # If you want both stop and start records logged to the > # same SQL table, leave this as is. If you want them in > # different tables, put the start table in acct_table1 > # and stop table in acct_table2 > acct_table1 = "radacct" > acct_table2 = "radacct" > > # Allow for storing data after authentication > postauth_table = "radpostauth" > > Is there anything that i as missing pls advise. > I guess that looks alright but you haven't done any debugging like I suggested. Turn on mysql logging and see if there's even a connection attempt and if there is you can track what query is going wrong. You haven't detailed what is the exact error, it could just as well be that everything is configured fine but you haven't installed any php-mysql package and you have error_reporting turned off and so you are not seeing the error. Please check these things first. Regards, Liran Tal. > > > > On 28/01/2008, Devinder Singh <[EMAIL PROTECTED]> wrote: > > > > Hi Liran > > > > Are the a lot of changes to be made on Dial Up Admin admin.conf file > > > > > > Could you suggest any specific changes as well in etc/raddb/sql.conf > > > > > > Regards > > Devinder > > > > > > On 28/01/2008, Liran Tal <[EMAIL PROTECTED]> wrote: > > > > > > Hey Devinder, > > > > > > On Jan 28, 2008 8:44 AM, Devinder Singh <[EMAIL PROTECTED]> > > > wrote: > > > > > > > Hi Liran > > > > > > > > > > > > > > > > I amd using MySQL would daloradius work with MySQL > > > > > > > > > > Yes, daloradius has native support for mysql. > > > You check on dialupadmin for configuring errors - what is the > > > error message that you get? > > > > > > It is also very useful to turn on mysql logging to see if there's > > > even a connection attempt and if there is, what is causing > > > the error. > > > > > > Regards, > > > Liran Tal. > > > > > > > > > > > > > > > > > > > > On 28/01/2008, liran tal <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > > > > Hey Devinder, > > > > > > > > > > On Jan 28, 2008 4:35 AM, Devinder Singh <[EMAIL PROTECTED]> > > > > > wrote: > > > > > > > > > > > > > > > > > Hi > > > > > > > > > > > > I am using Dial Up Admin on Free radius > > > > > > > > > > > > > > > > > > Free Radius is Running but when i acccess Dial Up admin page i > > > > > > get cannot connect to sql databse > > > > > > > > > > > > I have done most of the configuration settings and followed the > > > > > > wiki tutorial on Free Radius. > > > > > > > > > > > > > > > > Did you check that your sql server is actually running? > > > > > Did you import the radius database schema into the sql server? > > > > > Did you configure all the required settings to connect to the > > > > > sql server in dialupadmin? > > > > > > > > > > > > > > > You also might want to take a look at daloRADIUS for easy web > > > > > management > > > > > of freeradius with sql servers: > > > > > http://sourceforge.net/projects/daloradius/ > > > > > > > > > > > > > > > Regards, > > > > > Liran. > > > > > > > > > > > > > > > > > > > > > > > > > - > > > > > List info/subscribe/unsubscribe? See > > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Devinder > > > > - > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > -- > > Devinder > > > > > > -- > Devinder > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html