RE: Ldap Authentication question
Thank you very much for the sarcastical reply, it was really usefull
instructive indeed.
It was just a conceptual question, but seems it was not clear enought, my
fault.
Let's specify a bit more, should the next users file work or it's flawed by
design:
Note: 0.- In ldap, I've uid=mac
address,ou=VLAN-Xn,ou=Radius,dc=machine,dc=com
1.- first I'm tring to check if the client mac address exists in
ldap subtree.
2.- second ldap authentication, match usermac+passmac, in our
case ¿Is macX == macX? via ldap.
DEFAULT Calling-Station-Id ==
%{VLAN-X1:ldap:///ou=VLAN-X1,ou=Radius,dc=machine,dc=com?uid?one?uid=%i};,
Auth-Type = VLAN-X
###
Extreme-Netlogin-Only = Enabled,
Extreme-CLI-Authorization = Disabled,
Extreme-Netlogin-Vlan = VLAN-X,
Termination-Action = 1,
Session-Timeout =3600,
Fall-Through = no
DEFAULT Calling-Station-Id ==
%{VLAN-X2:ldap:///ou=VLAN-X2,ou=Radius,dc=machine,dc=com?uid?one?uid=%i};,
Auth-Type = VLAN-2
###
Extreme-Netlogin-Only = Enabled,
Extreme-CLI-Authorization = Disabled,
Extreme-Netlogin-Vlan = VLAN-X,
Termination-Action = 1,
Session-Timeout =3600,
Fall-Through = no
()
DEFAULT Calling-Station-Id ==
%{VLAN-Xn:ldap:///ou=VLAN-Xn,ou=Radius,dc=machine,dc=com?uid?one?uid=%i};,
Auth-Type = VLAN-n
###
Extreme-Netlogin-Only = Enabled,
Extreme-CLI-Authorization = Disabled,
Extreme-Netlogin-Vlan = VLAN-n,
Termination-Action = 1,
Session-Timeout =3600,
Fall-Through = no
It's normal that the first authentication goes though them send the
access-accept to the switch, so radius it's ok
the switch opens the port as spected, but later all or near all
authentication are refused?
Radius.log
(...)
Wed Mar 30 17:15:17 2011 : Auth: Login OK: [008098A6B5A2](from client
OFF-network port 0 cli 008098A6B5A2)
Wed Mar 30 17:15:17 2011 : Auth: Login OK: [0019B43718D3] (from client
OFF-network port 0 cli 0019B43718D3)
Wed Mar 30 17:15:17 2011 : Auth: Login incorrect: [002437A858DB] (from
client OFF-network port 0 cli 002437A858DB)
Wed Mar 30 17:21:17 2011 : Auth: Login incorrect: [002437A858DB] (from
client OFF-network port 0 cli 002437A858DB)
Wed Mar 30 17:22:38 2011 : Info: Exiting normally.
Wed Mar 30 17:22:39 2011 : Info: Loaded virtual server inner-tunnel
Wed Mar 30 17:22:39 2011 : Info: Loaded virtual server default
Wed Mar 30 17:22:39 2011 : Info: Ready to process requests.
just a daemon restart + switch ports restart
Wed Mar 30 17:22:53 2011 : Auth: Login OK: [sadm] (from client OFF-network
port 0)
Wed Mar 30 17:23:10 2011 : Auth: Login OK: [sadm] (from client OFF-network
port 0)
Wed Mar 30 17:23:11 2011 : Auth: Login OK: [002437A858DB] (from client
OFF-Staff-extreme-network port 0 cli 002437A858DB)
Wed Mar 30 17:23:16 2011 : Auth: Login incorrect: [0019B43718D3] (from
client OFF-network port 0 cli 0019B43718D3)
Wed Mar 30 17:23:38 2011 : Auth: Login incorrect: [008098A6B5A2] (from
client OFF-network port 0 cli 008098A6B5A2)
Wed Mar 30 17:29:17 2011 : Auth: Login incorrect: [0019B43718D3] (from
client OFF-network port 0 cli 0019B43718D3)
Wed Mar 30 17:29:29 2011 : Auth: Login incorrect: [008098A6B5A2] (from
client OFF-network port 0 cli 008098A6B5A2)
Wed Mar 30 17:31:56 2011 : Info: Exiting normally.
Kind regards.
-Original Message-
From: freeradius-users-bounces+escriba=cells...@lists.freeradius.org
[mailto:freeradius-users-bounces+escriba=cells...@lists.freeradius.org] On
Behalf Of Alexander Clouter
Sent: miércoles, 30 de marzo de 2011 17:49
To: freeradius-users@lists.freeradius.org
Subject: Re: Ldap Authentication question
Ramon Escriba escr...@cells.es wrote:
Has any one a clue of what I did wrong?
attempts to read Ramon's mind
attempts to use remote viewing to see output of debugging
Actually, forget it...
http://wiki.freeradius.org/index.php/FAQ#It_still_doesn.27t_work.21
Regards
--
Alexander Clouter
.sigmonster says: Conscience is what hurts when everything else feels so
good.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius mysql acct copy
Hi. I need to copy acct packets to my billing server and save acct in standart freeradius radacct table in mysql. I'm saving acct in radacct table now, but can't duplicate them to other (billing) radius server. I've tried to use copy-acct-to-home-server but no success. As I understand, virtual server from copy-acct-to-home-server use a detail files to read acct information from default server. Is the way to don't use detail file and use mysql? Regards, Alexander. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius mysql acct copy
On Thu, Mar 31, 2011 at 2:45 PM, Alexander Kosykh avkos...@gmail.com wrote: Hi. I need to copy acct packets to my billing server and save acct in standart freeradius radacct table in mysql. I'm saving acct in radacct table now, but can't duplicate them to other (billing) radius server. I've tried to use copy-acct-to-home-server but no success. As I understand, virtual server from copy-acct-to-home-server use a detail files to read acct information from default server. Is the way to don't use detail file and use mysql? See http://freeradius.1045715.n5.nabble.com/Sending-accounting-packets-to-more-than-one-server-td3408816.html -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius mysql acct copy
Alexander Kosykh wrote: I need to copy acct packets to my billing server and save acct in standart freeradius radacct table in mysql. I'm saving acct in radacct table now, but can't duplicate them to other (billing) radius server. I've tried to use copy-acct-to-home-server but no success. See the FAQ for it doesn't work. As I understand, virtual server from copy-acct-to-home-server use a detail files to read acct information from default server. Is the way to don't use detail file and use mysql? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Ldap Authentication question
Ramon Escriba wrote: Thank you very much for the sarcastical reply, it was really usefull instructive indeed. It got you to follow the instructions in the documentation. Why didn't you follow them for your first message? Or for this one? It's normal that the first authentication goes though them send the access-accept to the switch, so radius it's ok the switch opens the port as spected, but later all or near all authentication are refused? Because something changes. Radius.log And again, you've refused to follow the instructions in the documentation. Why? Post the debug log as suggested in the FAQ, README, INSTALL, man page, web pages, Wiki, and daily on this list. It's not hard. The sarcastic reply you got is simply a response to the tone of your first message. It read like this: Hi, I have stuff going wrong, but I haven't bothered to read the existing documentation, or to follow it's instructions. Tell me how to fix it! The response: GO READ THE DOCUMENTATION AND FOLLOW THE INSTRUCTIONS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius mysql acct copy
On Thu, Mar 31, 2011 at 4:00 PM, Alan DeKok al...@deployingradius.com wrote:
Alexander Kosykh wrote:
As I
understand, virtual server from copy-acct-to-home-server use a detail
files to read acct information from default server. Is the way to don't
use detail file and use mysql?
No.
There's actually something interesting about that.
I just had a chat with a colleague that managed a system with similar
setup (acct to local mysql and copy to remote), the biggest difference
was that he used FR 1.1.3 (this system was created many years ago, and
back then the version was current). He actually used a setup like this
on proxy.conf
realm remoterealm {
type= radius
authhost= 10.11.12.1:1812
accthost= 10.11.12.1:1813
accthost= LOCAL
secret = remotesecret
nostrip
}
The biggest difference there from the standard configuration (example
from
https://github.com/alandekok/freeradius-server/blob/release_1_1_3/raddb/proxy.conf),
is that he used two accthost lines. And it worked :P
Can you confirm that this is bug, that it shouldn't behave like that
(since the example proxy.conf doesn't mention anything about two
accthost line).
Another thing, while reading http://wiki.freeradius.org/Proxy , the
link for doc/proxy is broken (it should be doc/proxy.rst).
Edit function in wiki is available for registered users only, while
create account function is disabled, so I can't fix it.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Ldap Authentication question
Alan, please do not get angry ok?,
The line in my answer about the sarcastical reply was for Alexander, not
for you.
Note: WIFIDATA WIFIVOIP do 802.1x EAP+mschapv2 ok.
Here're the logs:
First authentication
--
(...)
Listening on authentication interface eth0 address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.0.1port 32770, id=29,
length=95
User-Name = 0019B976CC36
User-Password = 0019B976CC36
NAS-IP-Address = 10.0.0.1
Service-Type = Login-User
Calling-Station-Id = 00-19-B9-76-CC-36
NAS-Port-Id = 2:18
NAS-Port-Type = Ethernet
+- entering group authorize {...}
[preprocess]expand: %{NAS-Port-Id} - 2:18
++[preprocess] returns ok
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -
/var/log/radius/radacct/10.0.0.1/auth-detail-20110331
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /var/log/radius/radacct/10.0.0.1/auth-detail-20110331
[auth_log] expand: %t - Thu Mar 31 11:31:09 2011
++[auth_log] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0
-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0
-9a-f]{2})[-:]?([0-9a-f]{2})/i) - TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0
-9a-f]{2})[-:]?([0-9a-f]{2})/i) - TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0
-9a-f]{2})[-:]?([0-9a-f]{2})/i) {...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} - 0019B976CC36
[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0
-9a-f]{2})[-:]?([0-9a-f]{2})/i) returns ok
+++ ... skipping else for request 0: Preceding if was taken
++- policy rewrite_calling_station_id returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = 0019B976CC36, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[ntdomain] No '\' in User-Name = 0019B976CC36, looking up realm NULL
[ntdomain] No such realm NULL
++[ntdomain] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[VOIP] - ldap_xlat
[files] expand:
ldap:///ou=VOIP,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=%i -
ldap:///ou=VOIP,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=0019B976CC3
6
[VOIP] ldap_get_conn: Checking Id: 0
[VOIP] ldap_get_conn: Got Id: 0
[VOIP] attempting LDAP reconnection
[VOIP] (re)connect to 127.0.0.1:389, authentication 0
[VOIP] bind as cn=Manager,dc=machine,dc=com/mypassword to 127.0.0.1:389
[VOIP] waiting for bind result ...
[VOIP] Bind was successful
[VOIP] performing search in ou=VOIP,ou=VLANS,ou=Radius,dc=machine,dc=com,
with filter uid=0019B976CC36
[VOIP] object not found
[VOIP] Search returned not found
[VOIP] ldap_release_conn: Release Id: 0
[files] expand:
%{VOIP:ldap:///ou=VOIP,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=%i}
-
[WIFIVOIP] - ldap_xlat
[files] expand:
ldap:///ou=WifiVoip,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=%i -
ldap:///ou=WifiVoip,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=0019B97
6CC36
[WIFIVOIP] ldap_get_conn: Checking Id: 0
[WIFIVOIP] ldap_get_conn: Got Id: 0
[WIFIVOIP] attempting LDAP reconnection
[WIFIVOIP] (re)connect to 127.0.0.1:389, authentication 0
[WIFIVOIP] bind as cn=Manager,dc=machine,dc=com/mypassword to
127.0.0.1:389
[WIFIVOIP] waiting for bind result ...
[WIFIVOIP] Bind was successful
[WIFIVOIP] performing search in
ou=WifiVoip,ou=VLANS,ou=Radius,dc=machine,dc=com, with filter
uid=0019B976CC36
[WIFIVOIP] object not found
[WIFIVOIP] Search returned not found
[WIFIVOIP] ldap_release_conn: Release Id: 0
[files] expand:
%{WIFIVOIP:ldap:///ou=WifiVoip,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?
uid=%i} -
[WIFIDATA] - ldap_xlat
[files] expand:
ldap:///ou=WifiData,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=%i -
ldap:///ou=WifiData,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=0019B97
6CC36
[WIFIDATA] ldap_get_conn: Checking Id: 0
[WIFIDATA] ldap_get_conn: Got Id: 0
[WIFIDATA] attempting LDAP reconnection
[WIFIDATA] (re)connect to 127.0.0.1:389, authentication 0
[WIFIDATA] bind as cn=Manager,dc=machine,dc=com/mypassword to
127.0.0.1:389
[WIFIDATA] waiting for bind result ...
[WIFIDATA] Bind was successful
[WIFIDATA] performing search in
ou=WifiData,ou=VLANS,ou=Radius,dc=machine,dc=com, with filter
uid=0019B976CC36
[WIFIDATA] object not found
[WIFIDATA] Search returned
Re: Ldap Authentication question
Ramon Escriba wrote:
Alan, please do not get angry ok?,
The line in my answer about the sarcastical reply was for Alexander, not
for you.
His answer is largely what mine would have been.
Here're the logs:
First authentication
...
rad_recv: Access-Request packet from host 10.0.0.1port 32770, id=29,
length=95
User-Name = 0019B976CC36
User-Password = 0019B976CC36
...
SECOND AUTHENTICATION --
...
rad_recv: Access-Request packet from host 10.0.0.1port 32770, id=30,
length=95
User-Name = 0026B9692F6F
User-Password = 0026B9692F6F
The requests are different. That's why they're being treated differently.
[files] expand:
%{STAFF2:ldap:///ou=Staff2,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=
%i} -
That would seem to be useful to look at.
Compare that to the similar line from the previous authentication.
i.e. the debug output looks scary, but it's not. Treat it as a
sequence of nonsense lines. Compare the two results line by line. The
differences are why one succeeds, and the other fails.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Ldap Authentication question
Here're the logs:
First authentication
...
rad_recv: Access-Request packet from host 10.0.0.1port 32770, id=29,
length=95
User-Name = 0019B976CC36
User-Password = 0019B976CC36
...
SECOND AUTHENTICATION --
...
rad_recv: Access-Request packet from host 10.0.0.1port 32770, id=30,
length=95
User-Name = 0026B9692F6F
User-Password = 0026B9692F6F
The requests are different. That's why they're being treated
differently.
Yes, they are different machines connected to different ports, but both macs
are stored in the same
ldap subtree.
[files] expand:
%{STAFF2:ldap:///ou=Staff2,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?on
e?uid=
%i} -
That would seem to be useful to look at.
This subtree it's empty, there is not a single uid=mac inside.
I commented STAFF2 lines in users file, but now it gets stacked @ the last
catch all reject.
++[mschap] returns noop
[suffix] No '@' in User-Name = 0026B9692F6F, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[ntdomain] No '\' in User-Name = 0026B9692F6F, looking up realm NULL
[ntdomain] No such realm NULL
++[ntdomain] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 261
++[files] returns ok
Found Auth-Type = Reject
Auth-Type = Reject, rejecting user
Failed to authenticate the user.
Login incorrect: [0026B9692F6F] (from client OFF-Staff-extreme-network port
0 cli 0026B9692F6F)
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - 0026B9692F6F
Compare that to the similar line from the previous authentication.
They are near the same until eaps return noop, mac differences of course:
(... Auth 1 ...)
++- policy rewrite_calling_station_id returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = 0019B976CC36, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[ntdomain] No '\' in User-Name = 0019B976CC36, looking up realm NULL
[ntdomain] No such realm NULL
++[ntdomain] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[VOIP] - ldap_xlat
[files] expand:
ldap:///ou=VOIP,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=%i -
ldap:///ou=VOIP,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=0019B976CC3
6
[VOIP] ldap_get_conn: Checking Id: 0
(...)
( Auth 2 ...)
++- policy rewrite_calling_station_id returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = 0026B9692F6F, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[ntdomain] No '\' in User-Name = 0026B9692F6F, looking up realm NULL
[ntdomain] No such realm NULL
++[ntdomain] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[STAFF2] - ldap_xlat
[files] expand:
ldap:///ou=Staff2,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=%i -
ldap:///ou=Staff2,ou=VLANS,ou=Radius,dc=machine,dc=com?uid?one?uid=0026B9692
F6F
[STAFF2] ldap_get_conn: Checking Id: 0
(...)
i.e. the debug output looks scary, but it's not. Treat it as a sequence
of nonsense lines. Compare the two results line by line. The differences
are why one succeeds, and the other fails.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius mysql acct copy
Fajar A. Nugraha wrote: Can you confirm that this is bug, that it shouldn't behave like that (since the example proxy.conf doesn't mention anything about two accthost line). In 1.1.3, multiple accthost lines do fail-over from one to the other. Another thing, while reading http://wiki.freeradius.org/Proxy , the link for doc/proxy is broken (it should be doc/proxy.rst). Edit function in wiki is available for registered users only, while create account function is disabled, so I can't fix it. I'll take a lok. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
access challenge on empty password
Hi, I use pam_radius with openssh on a FreeBSD box. When I authenticate, and for the first time I simply enter an empty password then the second time I am prompted for the password characters are echoed on the terminal. As I can see my freeradius server responses an access challenge to request with an existing user and empty password combo. Is this a normal behaviour? How can I configure the system not to do so? Thanks! -- View this message in context: http://freeradius.1045715.n5.nabble.com/access-challenge-on-empty-password-tp4273381p4273381.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: access challenge on empty password
izotov wrote: Hi, I use pam_radius with openssh on a FreeBSD box. When I authenticate, and for the first time I simply enter an empty password then the second time I am prompted for the password characters are echoed on the terminal. As I can see my freeradius server responses an access challenge to request with an existing user and empty password combo. Is this a normal behaviour? How can I configure the system not to do so? Why have you configured the server to respond with an Access-Challenge? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sqlcounter returning Gigawords?
Hi, We 're about to upgrade our radius which is still running 1.1.7 We use monthly datalimits so we patched the sqlcounter in order to make it reply max 4GB of left quota (to avoid wrapping), even if the user still has 10GB quota left. Of course this results in a logged out user when he reaches a session of 4GB. As general datatraffic increases we would like to avoid this in our new radius setup. In the newest version, is there a way to reply gigawords from sqlcounter? If not, is there another solution to this? Many thx. Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Certificate Compatibility - RESOLVED
Configuring the default_eap_type = mschapv2 in the ttls section allowed the EAP authentication to succeed. It had been at the default setting of md5. On Wed, Mar 30, 2011 at 12:49 PM, Jim Rice jmrice6...@yahoo.com wrote: Hi Ben, I really appreciate you taking the time to help me with this. Thanks! I believe that I have those three pieces installed. I discovered that I had specified server.pem for the private_key_file in eap.conf. Changed that to server.key, but ended with the same results. I wonder what else I might need to fix in the eap.conf file. I'm still not really sure how EAP_TLS and EAP_TTLS fit together... Perhaps a few more miles on the doc treadmill and I will graduate from the ranks of clueless newbie, and ask more intelligent questions. Thanks again for your patience. Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MLPPP Acct-Session-Id
Hi Alan, Thanks again for your reply, I just wanted to follow-up with you. On the ASR1K BRAS we see the same Message-Authenticator when performing COA via PPP so that is not the issue here After enabling more debug and performing COA when the multilink bundle is established, we get Mar 28 14:32:07.078 EST: RADIUS: 4E 6F 20 76 61 6C 69 64 20 53 65 73 73 69 6F 6E [ No valid Session] Mar 28 14:32:07.078 EST: RADIUS: Dynamic-Author-Error[101] 6 Unsupported Service [405] So far the bundle appears to be reflected in cli output as having the same type of UID, AAA_id and Sesison_Id as a PPP session but obviously that does not work. So we need to work with our Cisco development to understand how to identify the bundle. The qos policies are attached to the bundles and not the underlying PPP sessions so we truly need to address the bundle with COA. Just wanted to let you know where I'm at. Thanks, Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Jay Kuhne (jkuhne) Sent: Tuesday, March 29, 2011 10:56 AM To: FreeRadius users mailing list Subject: RE: MLPPP Acct-Session-Id Okay thanks. I'll do some investigating and let you know. It may be a little bit but I will reply with my findings. Jay -Original Message- From: freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org [mailto:freeradius-users-bounces+jkuhne=cisco@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Tuesday, March 29, 2011 10:20 AM To: FreeRadius users mailing list Subject: Re: MLPPP Acct-Session-Id Jay Kuhne (jkuhne) wrote: Do you know of a syntax on Radclient for defining the Message-Authenticator attribute? It's just like any other attribute... Message-Authenticator = I'll see if I can find it in the accounting record, get it working and then follow-up as to why the it's not as per RFC. The NAS vendors don't bother following (or even reading) the RFCs. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Convite para conectar-se no LinkedIn
LinkedIn Rui Oliveira requested to add you as a connection on LinkedIn: -- Glen, Eu gostaria de adicioná-lo à minha rede profissional no LinkedIn. -Rui Accept invitation from Rui Oliveira http://www.linkedin.com/e/f5ihn8-gly9zgzk-5r/ABSVWpZ1_sZ_yf9BG_W25ECMqsoijRbBG-E27EnW_z6-V09s3gIVpd3/blk/I116670870_9/pmpxnSRJrSdvj4R5fnhv9ClRsDgZp6lQs6lzoQ5AomZIpn8_elYMdPwMdPoScj59bR9WrkZWdA9BbP4Tej8RcjkNdz8LrCBxbOYWrSlI/EML_comm_afe/ View invitation from Rui Oliveira http://www.linkedin.com/e/f5ihn8-gly9zgzk-5r/ABSVWpZ1_sZ_yf9BG_W25ECMqsoijRbBG-E27EnW_z6-V09s3gIVpd3/blk/I116670870_9/0VnP0Te30TdzoNckALqnpPbOYWrSlI/svi/ -- (c) 2011, LinkedIn Corporation- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
version error rlm_exec module
Hi,
I am getting this error while I installed a 2.1.0 version. How do I delete the
older version of freeradius? Kindly let me know the exact command to remove all
files of older version.
radiusd: Instantiating modules
instantiate {
/usr/local/etc/raddb/modules/exec[25]: Invalid version in module 'rlm_exec'
Errors initializing modules
OR is there any tweek I can do to the exec module file?
Thanks,
Raheel
Date: Wed, 30 Mar 2011 06:42:34 +0800
Subject: Freeradius + Active Directory
From: lolo...@gmail.com
To: freeradius-users@lists.freeradius.org
Hi List,
I'm really sorry if this has been asked before, I was able to setup to
authenticate radius via AD, now the problem my problem is, is there a
way i can apply for Max-All-Session to each account on ad, just like
with any other modules like rlm_sql ?, or I should say, is there a
pre-autheticate section on the configs just like with pre-accounting
section?, please bare with my english :D.
Thanks in advance,
Best regards,
Ronaldo Chan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: version error rlm_exec module
Sorry the path is as follows
instantiate {
/etc/freeradius/modules/exec[25]: Invalid version in module 'rlm_exec'
Errors initializing modules
From: raheel...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: version error rlm_exec module
Date: Fri, 1 Apr 2011 10:19:43 +0500
Hi,
I am getting this error while I installed a 2.1.0 version. How do I delete the
older version of freeradius? Kindly let me know the exact command to remove all
files of older version.
radiusd: Instantiating modules
instantiate {
/usr/local/etc/raddb/modules/exec[25]: Invalid version in module 'rlm_exec'
Errors initializing modules
OR is there any tweek I can do to the exec module file?
Thanks,
Raheel
Date: Wed, 30 Mar 2011 06:42:34 +0800
Subject: Freeradius + Active Directory
From: lolo...@gmail.com
To: freeradius-users@lists.freeradius.org
Hi List,
I'm really sorry if this has been asked before, I was able to setup to
authenticate radius via AD, now the problem my problem is, is there a
way i can apply for Max-All-Session to each account on ad, just like
with any other modules like rlm_sql ?, or I should say, is there a
pre-autheticate section on the configs just like with pre-accounting
section?, please bare with my english :D.
Thanks in advance,
Best regards,
Ronaldo Chan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: version error rlm_exec module
Raheel Itrat wrote: I am getting this error while I installed a 2.1.0 version. How do I delete the older version of freeradius? Kindly let me know the exact command to remove all files of older version. rm Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
