Re:

[jon jon]

Ivan,
So if I do this command for mysql database
insert into radcheck values ('macaddress','Auth-Type',':=','Accept');
This will put the mac address as the username and will be authenticated
automatically, as long as I tell the chillispot server to do mac
authentication. Am I on the right track? Or have I derailed?
thanks



On Mon, Oct 26, 2009 at 2:11 PM, Ivan Kalik  wrote:

> > I want to have one computer just do mac authentication, instead of
> > matching
> > username and password. Can I just add this mac address to the mysql
> > database.
>
> Yes, as User-Name with Auth-Type Accept.
>
> > I am running chillispot also, I believe all I have to do is
> > uncomment a line in the chilli.conf file to have it do mac
> authentication.
> > Would this be the right way to do this?
>
> Probably. That's the question for ChilliSpot list.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:

[John Ward]

Hi There, so would you use the mac address as the username in the table?

i have a similar requirement but with calling station id.
right now i use a file with the DEFAULT Calling-Station-Id =
"12345567" , Auth-Type := Accept but have wondered how to put it into
the mysql database without messing the sql queries up

J

On Mon, Oct 26, 2009 at 9:11 PM, Ivan Kalik  wrote:
>> I want to have one computer just do mac authentication, instead of
>> matching
>> username and password. Can I just add this mac address to the mysql
>> database.
>
> Yes, as User-Name with Auth-Type Accept.
>
>> I am running chillispot also, I believe all I have to do is
>> uncomment a line in the chilli.conf file to have it do mac authentication.
>> Would this be the right way to do this?
>
> Probably. That's the question for ChilliSpot list.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



-- 
--
Regards
John

DISCLAIMER: The information in this message is confidential and may be
legally privileged. It is intended solely for the addressee. Access to
this message by anyone else is unauthorised. If you are not the
intended recipient, any disclosure, copying, or distribution of the
message, or any action or omission taken by you in reliance on it, is
prohibited and may be unlawful. Please immediately contact the sender
if you have received this message in error. Thank you.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re:

[Ivan Kalik]

> I want to have one computer just do mac authentication, instead of
> matching
> username and password. Can I just add this mac address to the mysql
> database.

Yes, as User-Name with Auth-Type Accept.

> I am running chillispot also, I believe all I have to do is
> uncomment a line in the chilli.conf file to have it do mac authentication.
> Would this be the right way to do this?

Probably. That's the question for ChilliSpot list.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: separate log file and access list config

[Ivan Kalik]

> How can we use separate flies for logging authentication and accouting
> information.

raddb/modules/detail.log

> Also wanted to know does free radius configure the access
> list on the interface, similar to the ip address.

Sort of. You configure a list of clients from which requests will be
accepted.

> One more quick question, how can we set timeout for different users, so if
> the connection is ideal for say 4 hrs, it should get disconnected.

See Session-Timeout attribute.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

custom script for access

[d . tom . schmitt]

I have an Asterisk (PBX-in-a-Flash) system running freeRADIUS version
1.1.3 i686-redhat-linux-gnu.

Running on CentOS 5.2 - soon to be upgraded to 5.3.

 

I need to setup an account on the freeradius server that can be accessed
by another system as a radius server - not the problem.

I then need to have freeradius call a script that checks additional
credentials before allowing the user to be accepted or rejected access
to the system they are on.

This check can take a few seconds to complete.

 

This could be similar to someone using an RSA or other token - but it is
not a token.

 

So basically I need to have freeradius after verifying login/password,
call the script and depending upon the outcome either allow or deny the
user access.

The script for testing could be as simple as: 

If minute is EVEN = allow in and say an appropriate
message

If minute is ODD   = do not allow access and say an
appropriate message

 

I have read most of the .conf files but am still confused.  Is there a
HOW-TO that shows a simple example?

 

 

Thanks,

 

Tom Schmitt

Senior IT Staff - R&D

Phone (801) 594-3030

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

[no subject]

[jon jon]

Hi,
I want to have one computer just do mac authentication, instead of matching
username and password. Can I just add this mac address to the mysql
database. I am running chillispot also, I believe all I have to do is
uncomment a line in the chilli.conf file to have it do mac authentication.
Would this be the right way to do this?
thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Segmentation fault in rlm_sql_postgresql

[Olivn]

Hi all

radiusd crashes when Postgresql returns PGRES_FATAL_ERROR.


Olivier


 environment ---

OS: Centos 5.3
Freeradius : 2.1.7 (also occurred in 2.1.6)
packages are from
http://people.redhat.com/jdennis/freeradius-rhel-centos/i386/
Postgresql : 8.1



--- debug output ---


radius -X output:

...
}
rlm_sql (sql_secondary): Driver rlm_sql_postgresql (module
rlm_sql_postgresql) loaded and linked
rlm_sql (sql_secondary): Attempting to connect to
rad...@100.100.100.131:5432/radius
rlm_sql (sql_secondary): starting 0
rlm_sql (sql_secondary): Attempting to connect rlm_sql_postgresql #0
rlm_sql (sql_secondary): Connected new DB handle, #0
rlm_sql (sql_secondary): starting 1
rlm_sql (sql_secondary): Attempting to connect rlm_sql_postgresql #1
rlm_sql (sql_secondary): Connected new DB handle, #1
rlm_sql (sql_secondary): starting 2
rlm_sql (sql_secondary): Attempting to connect rlm_sql_postgresql #2
rlm_sql (sql_secondary): Connected new DB handle, #2
rlm_sql (sql_secondary): starting 3
rlm_sql (sql_secondary): Attempting to connect rlm_sql_postgresql #3
rlm_sql (sql_secondary): Connected new DB handle, #3
rlm_sql (sql_secondary): starting 4
rlm_sql (sql_secondary): Attempting to connect rlm_sql_postgresql #4
rlm_sql (sql_secondary): Connected new DB handle, #4
Module: Checking post-proxy {...} for more modules to load
} # modules
} # server
radiusd:  Opening IP addresses and Ports 
listen {
type = "auth"
ipaddr = *
port = 1812
}
Listening on authentication address * port 1812
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 100.100.100.2 port 12048,
id=38, length=116
NAS-Identifier = "XX"
User-Name = "U0123456"
User-Password = "XXX"
NAS-IP-Address = 100.100.100.2
NAS-Port = 0
Acct-Session-Id = "XXX(ZZZ)\"Sun Oct 25 10:16:45 2009\"HcSrdUv5"
+- entering group authorize {...}
[suffix] No '@' in User-Name = "U0123456", looking up realm NULL
[suffix] Found realm "NULL"
[suffix] Adding Stripped-User-Name = "U0123456"
[suffix] Adding Realm = "NULL"
[suffix] Proxying request from user U0123456 to realm NULL
[suffix] Preparing to proxy authentication request to realm "NULL"
++[suffix] returns updated
++- entering policy redundant {...}
[sql_primary] expand: %{User-Name} ->  U0123456
[sql_primary] sql_set_user escaped user -->  'U0123456'
rlm_sql (sql_primary): Reserving sql socket id: 4
[sql_primary] expand: SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id ->  SELECT id,
UserName, Attribud
rlm_sql_postgresql: Status: PGRES_FATAL_ERROR
rlm_sql_postgresql: Error (null)


Program received signal SIGSEGV, Segmentation fault.
0x00c6040a in strcmp () from /lib/libc.so.6
(gdb) info threads
* 1 Thread 0xb7fcead0 (LWP 30560) 0x00c6040a in strcmp () from
/lib/libc.so.6
(gdb) thread apply all bt full

Thread 1 (Thread 0xb7fcead0 (LWP 30560)):
#0 0x00c6040a in strcmp () from /lib/libc.so.6
No symbol table info available.
#1 0x006c790f in sql_query (sqlsocket=0x867a968, config=0x8657cf8,
querystr=0xbfc78fdc "SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = 'U0123456' ORDER BY id") at sql_postgresql.c:118
status =
pg_sock =
numfields =
errorcode = 0x0
errormsg =
#2 0x008911e2 in rlm_sql_select_query (sqlsocket=0x867a968, inst=0x8657cc0,
query=0xbfc78fdc "SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = 'U0123456' ORDER BY id") at sql.c:559
ret =
#3 0x00891782 in sql_getvpdata (inst=0x8657cc0, sqlsocket=0x867a968,
pair=0xbfc78fd8,
query=0xbfc78fdc "SELECT id, UserName, Attribute, Value, Op FROM
radcheck WHERE Username = 'U0123456' ORDER BY id") at sql.c:606
row =
rows = 0
#4 0x0088efae in rlm_sql_authorize (instance=0x8657cc0,
request=0x86b2048) at rlm_sql.c:1007
check_tmp = (VALUE_PAIR *) 0x0
reply_tmp = (VALUE_PAIR *) 0x0
user_profile =
found =
dofallthrough = 1
rows =
sqlsocket = (SQLSOCK *) 0x867a968
inst =
querystr = "SELECT id, UserName, Attribute, Value, Op FROM radcheck
WHERE Username = 'U0123456' ORDER BY
id\000o/'\006?o/'X?o/'?\017?\000\b\222o/'|\220o/'h\221o/'5b?\000|\220o/'A?\.
sqlusername = "U0123456", '\0', "
?o/'(xe\b??\210\000\214+\000\000\000\000\000u
list = (modcallable *) 0x8657570
server =
#7 0x0805fe0c in module_authorize (autz_type=0, request=0x86b2048) at
modules.c:1453
No locals.
#8 0x0804e678 in rad_authenticate (request=0x86b2048) at auth.c:565
namepair =
check_item =
auth_item = (VALUE_PAIR *) 0x86b23e0
module_msg =
tmp =
result = 12
autz_retry = 0 '\0'
autz_type = 7112497
#9 0x0806e4d5 in radius_handle_request (request=0x86b2048, fun=0x804e550
) at event.c:3693
No locals.
#10 0x08065a5c in thread_pool_addrequest (request=0x86b2048,
fun=0x804e550) at threads.c:841
now = 1256462126
#11 0x0806aef2 in event_socket_handler (xel=0x86ae3e0, fd=18,
ctx=0x86b1e58) at event.c:3317
fun = (RAD_REQUEST_FUNP) 0x804e550
r

separate log file and access list config

[Yagnesh Dave]

Hi All,

How can we use separate flies for logging authentication and accouting 
information. Also wanted to know does free radius configure the access list on 
the interface, similar to the ip address.

One more quick question, how can we set timeout for different users, so if the 
connection is ideal for say 4 hrs, it should get disconnected.

Regards,
Yagnesh-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Failed to initialize type tls

[Francisco Javier Valdera Garcia]

Ignore my last post. It was a permission issue. It's solved.

Thanks again four your help.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Failed to initialize type tls

[Francisco Javier Valdera Garcia]

Alan Buxey escribió:

Hi,

  

This is the output from a ls command:

# ls -lh certs
total 100K
-rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
-rw-r- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
-rw-r- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
-rw-r- 1 root radiusd 1,1K sep 18 16:59 client.cnf
-rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
-rw-r- 1 root radiusd 4,3K sep 18 16:59 Makefile
-rw-rw 1 root radiusd0 oct 26 11:09 random
-rw-r- 1 root radiusd 7,7K sep 18 16:59 README
-rw-r- 1 root radiusd 1,1K sep 18 16:59 server.cnf
-rw-r- 1 root radiusd 1,7K oct 21 11:19 servicios.key
-rw-r- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
-rw-r- 1 root radiusd  578 sep 18 16:59 xpextensions

Can you see anything wrong?



err yes - look at that entry for 'random' - its blank.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  

OK, I have executed the bootstrap script, and now I have

# ls -lh certs
total 224K
-rw-r- 1 root root4,2K oct 26 12:16 01.pem
-rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
-rw-r- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
-rw-r- 1 root root1,2K oct 26 12:16 ca.der
-rw-r- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
-rw-r- 1 root root1,8K oct 26 12:16 ca.key
-rw-r- 1 root root1,7K oct 26 12:16 ca.pem
-rw-r- 1 root radiusd 1,1K sep 18 16:59 client.cnf
-rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
-rw-r- 1 root root 120 oct 26 12:16 index.txt
-rw-r- 1 root root  21 oct 26 12:16 index.txt.attr
-rw-r- 1 root root   0 oct 26 12:16 index.txt.old
-rw-r- 1 root radiusd 4,3K sep 18 16:59 Makefile
-rw-r- 1 root root5,0K oct 26 12:16 random
-rw-r- 1 root radiusd 7,7K sep 18 16:59 README
-rw-r- 1 root root   3 oct 26 12:16 serial
-rw-r- 1 root root   3 oct 26 12:16 serial.old
-rw-r- 1 root radiusd 1,1K sep 18 16:59 server.cnf
-rw-r- 1 root root4,2K oct 26 12:16 server.crt
-rw-r- 1 root root1,1K oct 26 12:16 server.csr
-rw-r- 1 root root1,8K oct 26 12:16 server.key
-rw-r- 1 root root2,5K oct 26 12:16 server.p12
-rw-r- 1 root root3,5K oct 26 12:16 server.pem
-rw-r- 1 root radiusd 1,7K oct 21 11:19 servicios.key
-rw-r- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
-rw-r- 1 root radiusd  578 sep 18 16:59 xpextensions

but still the same problem:

rlm_eap: SSL error error::lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[293]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[240]: Errors parsing authenticate section.

I don't know what to do.

Thanks for your help.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Failed to initialize type tls

[Alan Buxey]

Hi,

> This is the output from a ls command:
>
> # ls -lh certs
> total 100K
> -rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
> -rw-r- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
> -rw-r- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
> -rw-r- 1 root radiusd 1,1K sep 18 16:59 client.cnf
> -rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
> -rw-r- 1 root radiusd 4,3K sep 18 16:59 Makefile
> -rw-rw 1 root radiusd0 oct 26 11:09 random
> -rw-r- 1 root radiusd 7,7K sep 18 16:59 README
> -rw-r- 1 root radiusd 1,1K sep 18 16:59 server.cnf
> -rw-r- 1 root radiusd 1,7K oct 21 11:19 servicios.key
> -rw-r- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
> -rw-r- 1 root radiusd  578 sep 18 16:59 xpextensions
>
> Can you see anything wrong?

err yes - look at that entry for 'random' - its blank.

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Failed to initialize type tls

[Francisco Javier Valdera Garcia]

Alan Buxey escribió:

Hi,

  

   private_key_file = "/etc/raddb/certs/servicios.key"
   certificate_file = "/etc/raddb/certs/servicios.pem"
   CA_file = "/etc/raddb/certs/ca_globalsign.pem"
   dh_file = "/etc/raddb/certs/dh"
   random_file = "/etc/raddb/certs/random"


^^

  

rlm_eap_tls: Error loading randomness


 

ensure that all the files are present - including your random file
and permissions are correct

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  

This is the output from a ls command:

# ls -lh certs
total 100K
-rwxr-x--- 1 root radiusd 2,1K sep 18 16:59 bootstrap
-rw-r- 1 root radiusd 1,3K sep 18 16:59 ca.cnf
-rw-r- 1 root radiusd 2,4K oct 21 11:19 ca_globalsign.pem
-rw-r- 1 root radiusd 1,1K sep 18 16:59 client.cnf
-rw-r--r-- 1 root radiusd  245 oct 26 11:35 dh
-rw-r- 1 root radiusd 4,3K sep 18 16:59 Makefile
-rw-rw 1 root radiusd0 oct 26 11:09 random
-rw-r- 1 root radiusd 7,7K sep 18 16:59 README
-rw-r- 1 root radiusd 1,1K sep 18 16:59 server.cnf
-rw-r- 1 root radiusd 1,7K oct 21 11:19 servicios.key
-rw-r- 1 root radiusd 1,8K oct 21 11:19 servicios.pem
-rw-r- 1 root radiusd  578 sep 18 16:59 xpextensions

Can you see anything wrong?

Thanks.

F.J. Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Failed to initialize type tls

[Alan Buxey]

Hi,

>private_key_file = "/etc/raddb/certs/servicios.key"
>certificate_file = "/etc/raddb/certs/servicios.pem"
>CA_file = "/etc/raddb/certs/ca_globalsign.pem"
>dh_file = "/etc/raddb/certs/dh"
>random_file = "/etc/raddb/certs/random"
^^

> rlm_eap_tls: Error loading randomness
 

ensure that all the files are present - including your random file
and permissions are correct

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FR2 EAP-PEAP proxy does not saving attributes

[Daniil L. Kharoun]

> You should report that as a bug.

I reported a bug in Bugzilla. How can I speed up the solution of the problem?

-- 
Best regards, Daniil Kharun


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Failed to initialize type tls

[Francisco Javier Valdera Garcia]

Hi,

I'm installing a 2.1.7 radius server, using a configuration developed in 
a test environment. The configuration worked great in th test 
environment, but I'm finding some problems in the production 
environment. The output from radiusd -CX is as follows:


Module: Instantiating eap
 eap {
   default_eap_type = "ttls"
   timer_expire = 60
   ignore_unknown_eap_types = yes
   cisco_accounting_username_bug = yes
   max_sessions = 2048
 }
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
  tls {
   rsa_key_exchange = no
   dh_key_exchange = yes
   rsa_key_length = 512
   dh_key_length = 512
   verify_depth = 0
   pem_file_type = yes
   private_key_file = "/etc/raddb/certs/servicios.key"
   certificate_file = "/etc/raddb/certs/servicios.pem"
   CA_file = "/etc/raddb/certs/ca_globalsign.pem"
   dh_file = "/etc/raddb/certs/dh"
   random_file = "/etc/raddb/certs/random"
   fragment_size = 1024
   include_length = yes
   check_crl = no
  }
rlm_eap: SSL error error::lib(0):func(0):reason(0)
rlm_eap_tls: Error loading randomness
rlm_eap: Failed to initialize type tls
/etc/raddb/eap.conf[17]: Instantiation failed for module "eap"
/etc/raddb/sites-enabled/default[293]: Failed to find module "eap".
/etc/raddb/sites-enabled/default[240]: Errors parsing authenticate section.


Can anyone help me?

Thanks a lot.

Francisco Javier Valdera.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html