Re: detail sql logging problem
Hi, > "unlang". :) yes - i was pondering that one. okay. and even better, use eg sql_log for the ones that are session-time = 0 so that i can capture them, know them, and see when the issue is fixed etc... alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: location of source files in windows freeradius
Hi, The site is down for maintenance. Is there any place I can get the source codes other than this? Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik Sent: Thursday, April 10, 2008 2:12 PM To: FreeRadius users mailing list Subject: RE: location of source files in windows freeradius Same place. When it works. Ivan Kalik Kalik Informatika ISP Dana 10/4/2008, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> piše: >Hi, >This link contains the exe for freeradius 1.1.7. I have already installed >that. But the problem for me is that I am not able to locate the source files >as was available in linux. Can you please let me know where I can get the >source files once the exe is installed? > >Thanks. > >-Original Message- >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ivan Kalik >Sent: Wednesday, April 09, 2008 6:07 PM >To: FreeRadius users mailing list >Subject: Re: location of source files in windows freeradius > >http://freeradius.net/ > >Ivan Kalik >Kalik Informatika ISP > > >Dana 9/4/2008, "[EMAIL PROTECTED]" ><[EMAIL PROTECTED]> piše: > >>Hi, >>I tried installing freeradius 1.1.7 in windows XP machine. Here I am not >>able to locate the source files as was available in Linux. >>Can you please guide me by telling if the source file gets installed to >>some particular directory in windows when we install the freeradius exe. >>Or is there any website where I can get the source files. >>Any help is highly appreciated. >> >>Thanks >> >> >>The information contained in this electronic message and any attachments to >>this message are intended for the exclusive use of the addressee(s) and may >>contain proprietary, confidential or privileged information. If you are not >>the intended recipient, you should not disseminate, distribute or copy this >>e-mail. Please notify the sender immediately and destroy all copies of this >>message and any attachments. >> >>WARNING: Computer viruses can be transmitted via email. The recipient should >>check this email and any attachments for the presence of viruses. The company >>accepts no liability for any damage caused by any virus transmitted by this >>email. >> >>www.wipro.com >> >> >>- >>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html >> >> > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > >The information contained in this electronic message and any attachments to >this message are intended for the exclusive use of the addressee(s) and may >contain proprietary, confidential or privileged information. If you are not >the intended recipient, you should not disseminate, distribute or copy this >e-mail. Please notify the sender immediately and destroy all copies of this >message and any attachments. > >WARNING: Computer viruses can be transmitted via email. The recipient should >check this email and any attachments for the presence of viruses. The company >accepts no liability for any damage caused by any virus transmitted by this >email. > >www.wipro.com > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain proprietary, confidential or privileged information. If you are not the intended recipient, you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately and destroy all copies of this message and any attachments. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. www.wipro.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:Re: eap
Thank you! Thank you very much!
在2008-04-15,"Alan DeKok" <[EMAIL PROTECTED]> 写道:
[EMAIL PROTECTED] wrote:
> Thank you! Thank you very much!
> But when I add a new type ("eap_test"),it says "Failed to link
> rlm_eap_test in structure test" .
> Why?And do I need to modify the configure files or makefiles?
Don't touch the "configure" file. Just create a Makefile in that
directory that works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: detail sql logging problem
[EMAIL PROTECTED] wrote:
> further to last email, heres example packet:
>
...
> Acct-Session-Time = 0
"unlang". :)
accounting {
...
if (Acct-Sesion-Time != 0) {
sql
}
else {
ok
}
...
}
i.e. bypass the module that gets upset over 0 session time.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
detail sql logging problem
hi, further to last email, heres example packet: Tue Apr 15 12:20:56 2008 User-Name = "x" NAS-Port = 29 NAS-IP-Address = 192.168.1.28 Framed-IP-Address = 192.168.0.3 NAS-Identifier = "wism" Airespace-Wlan-Id = 1 Acct-Session-Id = "48048f97/00:11:12:12:14:11/8514" Acct-Authentic = RADIUS Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "222" Acct-Status-Type = Stop Acct-Input-Octets = 1942107 Acct-Output-Octets = 5085070 Acct-Input-Packets = 9162 Acct-Output-Packets = 8299 Acct-Terminate-Cause = Lost-Service Acct-Session-Time = 0 Acct-Delay-Time = 0 Calling-Station-Id = "192.168.0.3" Called-Station-Id = "192.168.1.28" Acct-Unique-Session-Id = "f7ebd89424c03437" Timestamp = 1208258456 Request-Authenticator = Verified as you can see, Stop request, due to lost service. however, sessio-time is 0 - i suspect this is because of mobility. they've moved from one wism controller to another or from one AP to another and then left the network altogther. either way, kit is reporting the value. in our SQL logging we look for the Acct-Session-Id, and the Timestamp and then use those to create the session time due to wierdnesses (see the example UPDATE comand in sql/postgresl/dialup.conf to get what I mean) so hope we dont actually care about what the kit tells us(!) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_detail and the processing of logs into SQL
hi, we're using the detail method to put accounting packets into a file and then using the buffered-sql virtual server to then poll that file and periodically put it into a postgres database. however, we are hitting this little nastiness rlm_sql (sql) in sql_accounting: stop packet with zero session length. our NAS is sending a stop packet with a zero session length to the RADIUS server. at this point, the server gets stuck on this one and spends all its time complaining about this packet - this fills up the radiusd log very quickly (gigabytes of logs within hours) and the detail file is no longer processed. how can this be trivially tweaked so that this doesnt happen? in the database, acctsessiontime field is a bigint and is not enforced to be not null. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Virtual-Server attribute matching in users file.
Alan DeKok wrote:
Matthew Schumacher wrote:
I see that there is a Virtual-Server internal attribute so I thought I
could do something like this:
DEFAULT Virtual-Server == 'dsl'
...
DEFAULT Virtual-Server == 'dialup'
Why? The whole point of virtual servers is that you shouldn't have to
do such comparisons.
I've been doing it this way for a long time to get around the lack of
virtual servers. I've been setting the autz|auth|sess type based on
what I get from the NAS-Identifier. Now that virtual servers are
supported, your right, I don't need this anymore.
It looks like you're pointing *multiple* virtual servers at the same
"users" file. Don't do that...
modules {
files dsl_files {
usersfile = ...dsl_users
...
}
files dialup_files {
usersfile = ...dialup_users
...
}
}
That makes sense, I put it in and it works perfectly.
Fix the config as above, and then post full debug. Please.
No need, it's working great now that I'm using a separate user file for
each virtual server.
Also, I'm noticing that the server returns attributes even when the
access request is rejected. Anyone know why that is?
Because that's what you've configured. See attr_filter.access_reject
for a module that filters the contents of Access-Reject.
Your right, I had the attr_filter module commented out because I remove
everything thing I don't think I need, and I didn't think I needed it.
Overall, there are a few changes in 2.x that where different enough that
it took a little head scratching, but now that it's up and running it
makes much more sense. 2.x solves a bunch of problems I was having. In
fact I was getting ready to run a split radius system when I found 2.x
and the new virtual server feature.
Thanks,
schu
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR 1.1.7 + AD 2003 + LDAP
Hello, Looks like the kerberos was only a piece to the puzzle. When a user enters the 14 day period prior to being required to change password, windows XP is changing the password of the user in some way that deauthenticates the user. any ideas? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP module problem in 2.0.3
> Hi Jason,
> with the answer from Alan we have found the dn-information in the control
> item. You must use %{control:Ldap-UserDn} instead of %{Ldap-UserDn}
Perfect. Unlang works now. Thanks.
However, there is still the problem with postauth.
>> the function ldap_postauth in rlm_ldap.c still looks for Ldap-UserDn
>> in request->packet->vps.
The attached patch updates ldap_postauth to check the control items, which
solves the problem for me. I assume that's the best way to fix it.
Jason--- rlm_ldap.c.orig 2008-04-15 09:25:54.0 -0400
+++ rlm_ldap.c 2008-04-15 09:29:00.0 -0400
@@ -2083,7 +2083,7 @@
return RLM_MODULE_FAIL;
}
- vp_fdn = pairfind(request->packet->vps,
da->attr);
+ vp_fdn = pairfind(request->config_items,
da->attr);
if (vp_fdn == NULL) {
DEBUG("rlm_ldap: User's FQDN not in
config items list.");
return RLM_MODULE_FAIL;-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap
[EMAIL PROTECTED] wrote:
> Thank you! Thank you very much!
> But when I add a new type ("eap_test"),it says "Failed to link
> rlm_eap_test in structure test" .
> Why?And do I need to modify the configure files or makefiles?
Don't touch the "configure" file. Just create a Makefile in that
directory that works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re:Re: eap
Thank you! Thank you very much!
But when I add a new type ("eap_test"),it says "Failed to link rlm_eap_test in
structure test" .
Why?And do I need to modify the configure files or makefiles?
在2008-04-15,"Alan DeKok" <[EMAIL PROTECTED]> 写道:
xiningtom_1986 wrote:
> Hello!I want to know how to add a new eap type in freeradius!I expect
> your reply!Thank you!
src/modules/rlm_eap/
See the current EAP methods. If you want a new one, start off by
copying the MD5 method, and editing it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: exec-program-wait problem with freeradius 2.0.3
Emmanuel Willems wrote: > I added exec in post-auth in sites-enabled/default and > sites-enabled/inner-tunnel and it's still no go. > Did i miss something? Debug log? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How do i change the NAS ip address
http://wiki.freeradius.org/Clients.conf Ivan Kalik Kalik Informatika ISP Dana 15/4/2008, "johnson elangbam" <[EMAIL PROTECTED]> piše: > hi, >I've been configuring free radius 2.0.3, I've configured almost all >the files and run successfully for the testing purpose from the localhost by >using the "radtest", now I need to implement my radius in the real >invironment by putting the NAS ip address, currently my NAS ip address is >displayed as 127.0.0.1, I need to change this ip address. Please anybody >tell how to change the NAS ip address. > >Thanks and Regards >Elangbam Johnson > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do i change the NAS ip address
hi, I've been configuring free radius 2.0.3, I've configured almost all the files and run successfully for the testing purpose from the localhost by using the "radtest", now I need to implement my radius in the real invironment by putting the NAS ip address, currently my NAS ip address is displayed as 127.0.0.1, I need to change this ip address. Please anybody tell how to change the NAS ip address. Thanks and Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: attributes lost
Marc Boisis-Delavaud wrote: > Is it normal freeradius send attributes before access-accept ? Yes. This is legacy behavior, and will eventually be fixed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: attributes lost
Is it normal freeradius send attributes before access-accept ? Sending Access-Challenge of id 179 to 10.14.0.59 port 1645 Class = 0x4f553d61646d696e3b Tunnel-Private-Group-Id:0 = "1" Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Type:0 = VLAN EAP-Message = 0x010200061920 Message-Authenticator = 0x State = 0x6c8328596c8131bb1c60acbabc365bde ... Le 14 avr. 08 à 19:05, [EMAIL PROTECTED] a écrit : Hi, You need to buy a wireless LAN controller as well. not at all - you can return VLAN tunnel attributes to an 1130 aironet AP - but it needs to be configured to understand the VLANs and run a version of the firmware that can do it. use_tunnelled_reply is definately needed alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Merci de penser à la planète! N'imprimez pas inutilement les documents transmis par courrier électronique. --- Marc Boisis-Delavaud tel: 05 46 45 82 14 Centre de Ressources Informatiques Université de La Rochelle --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: exec-program-wait problem with freeradius 2.0.3
I added exec in post-auth in sites-enabled/default and sites-enabled/inner-tunnel and it's still no go. Did i miss something? Thankx, Emmanuel Alan DeKok wrote: Emmanuel Willems wrote: > All works well in version 1.1.3 but the script does not get called in > version 2.0.3 List 'exec' in the "post-auth" section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not starting
Hi,
but even as root:root it's not working !
Shouldn't there be a access denied or smoething like this ?
Here is the startup:
## more Rad2.log#
FreeRADIUS Version 2.0.3, for host i686-suse-linux-gnu, built on Mar 19
2008 at 10:23:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including configuration file /etc/raddb/snmp.conf
including configuration file /etc/raddb/eap.conf
including dictionary file /etc/raddb/dictionary
main {
prefix = "/usr"
localstatedir = "/var"
logdir = "/var/log/radius"
libdir = "/usr/lib/freeradius"
radacctdir = "/var/log/radius/radacct"
hostname_lookups = no
max_request_time = 80
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = "/var/run/radiusd/radiusd.pid"
user = "root"
group = "root"
checkrad = "/usr/sbin/checkrad"
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
[EMAIL PROTECTED] schrieb:
Hi,
we updated yesterday one of our server running Novell SLES 9.
After the update the "raidusd" (not the sles version, self compiled)
did not work correctly (the load was getting higher and higher).
Therefore I installed the current version of the
freeradius-server (2.0.3) from
http://download.opensuse.org/repositories/network:/aaa/
After fixing a few things in the /etd/raddb/users
the server is running fine, when I do a
radiusd -X
also
radius -f
seem's to work.
But neither a
radiusd
not
/etc/init.d/freeradius start
is launching the radiusd-Daemon. But I can not see
WHY the raidusd is not starting as daemon.
Any idea ?
permissions - and if you ran "radiusd -x" you might even see that -
its probably unabled to read some /etc/raddb files, or write to /var/log/radius
etc etc -
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Mit freundlichem Gruss
Peer-Joachim Koch
_
Max-Planck-Institut fuer Biogeochemie
Dr. Peer-Joachim Koch
Hans-Knöll Str.10Telefon: ++49 3641 57-6705
D-07745 Jena Telefax: ++49 3641 57-7705
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP module problem in 2.0.3
Hi Jason,
with the answer from Alan we have found the dn-information in the control
item. You must use %{control:Ldap-UserDn} instead of %{Ldap-UserDn}
Regards,
Christan
On Monday 14 April 2008 23:18:42 Jason Alderfer wrote:
> > Jason Alderfer wrote:
> >> I'm testing upgrading to 2.0.3 from 1.1.7 and it appears that the LDAP
> >> module in 2.0.3 is not setting the Ldap-UserDn in a way that is
> >> available
> >> for further analysis.
> >
> > It's now in the "control" item list. This should be better
> > documented...
>
> But the function ldap_postauth in rlm_ldap.c still looks for Ldap-UserDn
> in request->packet->vps. Should I patch it to look in the new
> location? Or will it even exist in the control items in post auth?
>
> vp_fdn = pairfind(request->packet->vps, da->attr);
> if (vp_fdn == NULL) {
> DEBUG("rlm_ldap: User's FQDN not in config items list.");
> return RLM_MODULE_FAIL;
> }
>
>
> Also, I can see on the unlang man page how to update an item on the
> control list, but I'm not clear how to test one. What should I change in
> the unlang below?
>
> if (Ldap-UserDn =~ /ou=is,ou=n,o=emu/i) {
> update reply {
> Tunnel-Type := "VLAN"
> Tunnel-Medium-Type := "IEEE-802"
> Tunnel-Private-Group-Id := 3
> }
> }
>
> Thanks
> Jason
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd not starting
Hi, > we updated yesterday one of our server running Novell SLES 9. > After the update the "raidusd" (not the sles version, self compiled) > did not work correctly (the load was getting higher and higher). > > Therefore I installed the current version of the > freeradius-server (2.0.3) from > http://download.opensuse.org/repositories/network:/aaa/ > > After fixing a few things in the /etd/raddb/users > the server is running fine, when I do a >radiusd -X > also > radius -f > seem's to work. > > But neither a > radiusd > not > /etc/init.d/freeradius start > is launching the radiusd-Daemon. But I can not see > WHY the raidusd is not starting as daemon. > > Any idea ? permissions - and if you ran "radiusd -x" you might even see that - its probably unabled to read some /etc/raddb files, or write to /var/log/radius etc etc - alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd not starting
Hi, we updated yesterday one of our server running Novell SLES 9. After the update the "raidusd" (not the sles version, self compiled) did not work correctly (the load was getting higher and higher). Therefore I installed the current version of the freeradius-server (2.0.3) from http://download.opensuse.org/repositories/network:/aaa/ After fixing a few things in the /etd/raddb/users the server is running fine, when I do a radiusd -X also radius -f seem's to work. But neither a radiusd not /etc/init.d/freeradius start is launching the radiusd-Daemon. But I can not see WHY the raidusd is not starting as daemon. Any idea ? -- Bye, Peer _ Max-Planck-Institut fuer Biogeochemie Dr. Peer-Joachim Koch Hans-Knöll Str.10Telefon: ++49 3641 57-6705 D-07745 Jena Telefax: ++49 3641 57-7705 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: eap
xiningtom_1986 wrote: > Hello!I want to know how to add a new eap type in freeradius!I expect > your reply!Thank you! src/modules/rlm_eap/ See the current EAP methods. If you want a new one, start off by copying the MD5 method, and editing it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
