Re: radlast output
On Fri, Jul 13, 2012 at 1:42 AM, Sergio Belkin wrote: > Storing data in a sql db looks interesting. I've never configured it. > If I use sql only for logging is /etc/raddb/sql.conf the main file > that I have to look? http://wiki.freeradius.org/SQL-HOWTO http://wiki.freeradius.org/Rlm_sql > Do sql storing exclude from using plain log > files? you can use both. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radlast output
2012/7/12 Fajar A. Nugraha : > On Thu, Jul 12, 2012 at 3:17 AM, Sergio Belkin wrote: > >> Alan, thanks for your advice, always in this mailing list I was >> willing to learn and to admit when I have to fix something. Mail from >> Tamás it looked somewhat sarcastic and had nothing to do with the main >> subject. > > > If you're still interested in getting full NAS-Identifier, you should > store accounting data in sql table. Even if you don't want to manage > separate sql server (e.g. mysql), you can use something like sqlite to > store the data. Needs some effort (e.g. the module is not built by > default), but should be doable. > > -- > Fajar > - Thanks Fajar, I wanted to get the "last access" of users. I was getting that informaNAS-Identifiertion parsing log files, but I found that radlast is a simple but useful thing except the NAS-Identifier characters limit. Storing data in a sql db looks interesting. I've never configured it. If I use sql only for logging is /etc/raddb/sql.conf the main file that I have to look? Do sql storing exclude from using plain log files? Thanks in advance -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling station ID
Hi, >> The radius server can only process on what the NAS sends it. Look at >> the NAS and configure the NAS to send the correct/full >> Calling-Station-Id. >> >Where I can Configure this (in which file ?) no file ont he RADIUS server - as per the original info, this is something you need to configure on the NAS - eg on the access point. the RADIUS server is simply reporting what its being told. I suspect a buggy NAS alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
One session per username
Hi All I have pptpd running with freeradius 2.0, all is fine but I want to limit each client to one session per username. Currently a user can logon using his username and password multiple times. Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Calling station ID
I setup vpn server(pptp) with freeradius to handle ippool and stuff. I tried to figure out where in my vpn server I have to alter is bugging me. perhas in radiusclient.conf ? > > In Freeradius? Nowhere. > > You have to alter the configuration of the device you are logging in to. > "192.168.1.1" in your case. > > Freeradius only processes the data sent from the device. If this data is > wrong or incomplete, Freeradius can do nothing about it. > > Grüße, > Sven. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling station ID
On 12.07.2012 12:57, madal 30 wrote: >> From: sav...@savage.za.org >> To: freeradius-users@lists.freeradius.org >> On Thu, Jul 12, 2012 at 12:29 PM, madal 30 wrote: >> > Calling-Station-Id = ".031" >> >> > How do I or where do i adjust this parameter sothat full IP address is >> > logged in calling-station-ID ? I looked at detail file in modules/detail >> > but could not find the parameter >> >> The radius server can only process on what the NAS sends it. Look at >> the NAS and configure the NAS to send the correct/full >> Calling-Station-Id. >> > Where I can Configure this (in which file ?) In Freeradius? Nowhere. You have to alter the configuration of the device you are logging in to. "192.168.1.1" in your case. Freeradius only processes the data sent from the device. If this data is wrong or incomplete, Freeradius can do nothing about it. Grüße, Sven. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Calling station ID
Thanks Chris, > Date: Thu, 12 Jul 2012 12:38:17 +0200 > Subject: Re: Calling station ID > From: sav...@savage.za.org > To: freeradius-users@lists.freeradius.org > > On Thu, Jul 12, 2012 at 12:29 PM, madal 30 wrote: > > > Calling-Station-Id = ".031" > > > How do I or where do i adjust this parameter sothat full IP address is > > logged in calling-station-ID ? I looked at detail file in modules/detail > > but could not find the parameter > > The radius server can only process on what the NAS sends it. Look at > the NAS and configure the NAS to send the correct/full > Calling-Station-Id. > Where I can Configure this (in which file ?) > > -- > > Regards, > Chris Knipe > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling station ID
On Thu, Jul 12, 2012 at 12:29 PM, madal 30 wrote: > Calling-Station-Id = ".031" > How do I or where do i adjust this parameter sothat full IP address is > logged in calling-station-ID ? I looked at detail file in modules/detail > but could not find the parameter The radius server can only process on what the NAS sends it. Look at the NAS and configure the NAS to send the correct/full Calling-Station-Id. -- Regards, Chris Knipe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Calling station ID
I have enabled the detail log in my freeradius server. It logs everything which is cool. However, in Calling-Station-ID it only logs the last octes as : Acct-Session-Id = "4FEE219C619400"User-Name = "t...@test.com" Acct-Status-Type = StopService-Type = Framed-User Framed-Protocol = PPPAcct-Authentic = RADIUSAcct-Session-Time = 9Acct-Output-Octets = 320Acct-Input-Octets = 925 Acct-Output-Packets = 1Acct-Input-Packets = 4Calling-Station-Id = ".031"NAS-Port-Type = AsyncAcct-Terminate-Cause = User-RequestFramed-IP-Address = 192.168.1.20NAS-IP-Address = 192.168.1.1NAS-Port = 0Acct-Delay-Time = 0 Acct-Unique-Session-Id = "537e68121f1931c8"Stripped-User-Name = "test" Realm = "test.com"Timestamp = 1342054821 Request-Authenticator = Verified How do I or where do i adjust this parameter sothat full IP address is logged in calling-station-ID ? I looked at detail file in modules/detail but could not find the parameter M - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-SIM configuration on v2.1.12
Hi experts, I am trying to configure eap-sim on and when I start the radiusd process I get the following error: --- Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf eap { default_eap_type = "sim" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Ignoring EAP-Type/tls because we do not have OpenSSL support. Ignoring EAP-Type/ttls because we do not have OpenSSL support. Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Linked to sub-module rlm_eap_sim Module: Instantiating eap-sim Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /usr/local/etc/raddb/modules/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } /usr/local/etc/raddb/radiusd.conf[698]: Failed to link to module 'rlm_sim_files': ld.so.1: radiusd: fatal: rlm_sim_files.so: open failed: No such file or directory /usr/local/etc/raddb/sites-enabled/default[157]: Failed to load module "sim_files". /usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize section. --- Are there anything that I have missed? I have setup the config as follows: The eap modules are present # pwd /usr/local/lib # ls rlm_eap* rlm_eap_gtc-2.1.12.la rlm_eap_leap-2.1.12.so rlm_eap_md5.a rlm_eap_mschapv2.la rlm_eap_sim.so rlm_eap_gtc-2.1.12.so rlm_eap_leap.a rlm_eap_md5.la rlm_eap_mschapv2.so rlm_eap-2.1.12.la rlm_eap_gtc.a rlm_eap_leap.la rlm_eap_md5.so rlm_eap_sim-2.1.12.la rlm_eap-2.1.12.so rlm_eap_gtc.la rlm_eap_leap.so rlm_eap_mschapv2-2.1.12.la rlm_eap_sim-2.1.12.so rlm_eap.a rlm_eap_gtc.so rlm_eap_md5-2.1.12.la rlm_eap_mschapv2-2.1.12.so rlm_eap_sim.a rlm_eap.la rlm_eap_leap-2.1.12.la rlm_eap_md5-2.1.12.so rlm_eap_mschapv2.a rlm_eap_sim.la rlm_eap.so Config files: /usr/local/etc/raddb/radiusd.conf modules { sim_files { simtriplets = "/usr/local/etc/raddb/simtriplets.dat" } /usr/local/etc/raddb/eap.conf eap { sim { } default_eap_type = sim } /usr/local/etc/raddb/sites-enabled/default authorize { sim_files eap { ok = return } } The simtriplets.dat files are located in /usr/local/etc/raddb/ Are there anything that I missed out? Thanks, Tony - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP session for state problem
Hi, We are using freeradius2-2.1.12-3.el5 on RHEL 5.8 for eduroaming. Sometimes we are getting "EAP session for state ... did not finish!" warning as you can see on case 1. We can successfully login after every three or four tries without error (case 2). How can I overcome this problem? PS: I think it is more problem on windows 7. Case 1: rad_recv: Access-Request packet from host 10.200.0.2 port 32832, id=203, length=238 User-Name = "x...@sabanciuniv.edu.tr" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "1C659DA0C84D" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020a002401676f6b68616e67756e796f6c40736162616e6369756e69762e6564752e7472 Aruba-Essid-Name = "eduroam" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x7bde0503caf078e16964c30bb649186a Thu Jul 12 08:50:06 2012 : Info: server eduroam { Thu Jul 12 08:50:06 2012 : Info: # Executing section authorize from file /etc/raddb/sites-enabled/eduroam Thu Jul 12 08:50:06 2012 : Info: +- entering group authorize {...} Thu Jul 12 08:50:06 2012 : Info: ++[preprocess] returns ok Thu Jul 12 08:50:06 2012 : Info: [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.200.0.2/auth-detail-20120712 Thu Jul 12 08:50:06 2012 : Info: [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.200.0.2/auth-detail-20120712 Thu Jul 12 08:50:06 2012 : Info: [auth_log] expand: %t -> Thu Jul 12 08:50:06 2012 Thu Jul 12 08:50:06 2012 : Info: ++[auth_log] returns ok Thu Jul 12 08:50:06 2012 : Info: ++[mschap] returns noop Thu Jul 12 08:50:06 2012 : Info: [suffix] Looking up realm " sabanciuniv.edu.tr" for User-Name = "x...@sabanciuniv.edu.tr" Thu Jul 12 08:50:06 2012 : Info: [suffix] Found realm "sabanciuniv.edu.tr" Thu Jul 12 08:50:06 2012 : Info: [suffix] Adding Stripped-User-Name = "xxx" Thu Jul 12 08:50:06 2012 : Info: [suffix] Adding Realm = "sabanciuniv.edu.tr " Thu Jul 12 08:50:06 2012 : Info: [suffix] Authentication realm is LOCAL. Thu Jul 12 08:50:06 2012 : Info: ++[suffix] returns ok Thu Jul 12 08:50:06 2012 : Info: [eap] EAP packet type response id 10 length 36 Thu Jul 12 08:50:06 2012 : Info: [eap] No EAP Start, assuming it's an on-going EAP conversation Thu Jul 12 08:50:06 2012 : Info: ++[eap] returns updated Thu Jul 12 08:50:06 2012 : Info: ++[files] returns noop Thu Jul 12 08:50:06 2012 : Info: ++[expiration] returns noop Thu Jul 12 08:50:06 2012 : Info: ++[logintime] returns noop Thu Jul 12 08:50:06 2012 : Info: Found Auth-Type = EAP Thu Jul 12 08:50:06 2012 : Info: # Executing group from file /etc/raddb/sites-enabled/eduroam Thu Jul 12 08:50:06 2012 : Info: +- entering group authenticate {...} Thu Jul 12 08:50:06 2012 : Info: [eap] EAP Identity Thu Jul 12 08:50:06 2012 : Info: [eap] processing type tls Thu Jul 12 08:50:06 2012 : Info: [tls] Initiate Thu Jul 12 08:50:06 2012 : Info: [tls] Start returned 1 Thu Jul 12 08:50:06 2012 : Info: ++[eap] returns handled Thu Jul 12 08:50:06 2012 : Info: } # server eduroam Sending Access-Challenge of id 203 to 10.200.0.2 port 32832 EAP-Message = 0x010b00061920 Message-Authenticator = 0x State = 0x470f24c947043df52dda4e1a3d9334ec Thu Jul 12 08:50:06 2012 : Info: Finished request 61. Thu Jul 12 08:50:06 2012 : Debug: Going to the next request Thu Jul 12 08:50:06 2012 : Debug: Waking up in 4.9 seconds. Thu Jul 12 08:50:11 2012 : Info: Cleaning up request 61 ID 203 with timestamp +434 Thu Jul 12 08:50:11 2012 : Debug: WARNING: !! Thu Jul 12 08:50:11 2012 : Debug: WARNING: !! EAP session for state 0x470f24c947043df5 did not finish! Thu Jul 12 08:50:11 2012 : Debug: WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility Thu Jul 12 08:50:11 2012 : Debug: WARNING: !! Case2: rad_recv: Access-Request packet from host 10.200.0.2 port 32832, id=215, length=263 User-Name = "x...@sabanciuniv.edu.tr" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "1C659DA0C84D&quo