Re: radlast output
On Fri, Jul 13, 2012 at 1:42 AM, Sergio Belkin wrote: > Storing data in a sql db looks interesting. I've never configured it. > If I use sql only for logging is /etc/raddb/sql.conf the main file > that I have to look? http://wiki.freeradius.org/SQL-HOWTO http://wiki.freeradius.org/Rlm_sql > Do sql storing exclude from using plain log > files? you can use both. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radlast output
2012/7/12 Fajar A. Nugraha : > On Thu, Jul 12, 2012 at 3:17 AM, Sergio Belkin wrote: > >> Alan, thanks for your advice, always in this mailing list I was >> willing to learn and to admit when I have to fix something. Mail from >> Tamás it looked somewhat sarcastic and had nothing to do with the main >> subject. > > > If you're still interested in getting full NAS-Identifier, you should > store accounting data in sql table. Even if you don't want to manage > separate sql server (e.g. mysql), you can use something like sqlite to > store the data. Needs some effort (e.g. the module is not built by > default), but should be doable. > > -- > Fajar > - Thanks Fajar, I wanted to get the "last access" of users. I was getting that informaNAS-Identifiertion parsing log files, but I found that radlast is a simple but useful thing except the NAS-Identifier characters limit. Storing data in a sql db looks interesting. I've never configured it. If I use sql only for logging is /etc/raddb/sql.conf the main file that I have to look? Do sql storing exclude from using plain log files? Thanks in advance -- -- Sergio Belkin http://www.sergiobelkin.com Watch More TV http://sebelk.blogspot.com LPIC-2 Certified - http://www.lpi.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling station ID
Hi, >> The radius server can only process on what the NAS sends it. Look at >> the NAS and configure the NAS to send the correct/full >> Calling-Station-Id. >> >Where I can Configure this (in which file ?) no file ont he RADIUS server - as per the original info, this is something you need to configure on the NAS - eg on the access point. the RADIUS server is simply reporting what its being told. I suspect a buggy NAS alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
One session per username
Hi All I have pptpd running with freeradius 2.0, all is fine but I want to limit each client to one session per username. Currently a user can logon using his username and password multiple times. Regards - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Calling station ID
I setup vpn server(pptp) with freeradius to handle ippool and stuff. I tried to figure out where in my vpn server I have to alter is bugging me. perhas in radiusclient.conf ? > > In Freeradius? Nowhere. > > You have to alter the configuration of the device you are logging in to. > "192.168.1.1" in your case. > > Freeradius only processes the data sent from the device. If this data is > wrong or incomplete, Freeradius can do nothing about it. > > Grüße, > Sven. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling station ID
On 12.07.2012 12:57, madal 30 wrote: >> From: sav...@savage.za.org >> To: freeradius-users@lists.freeradius.org >> On Thu, Jul 12, 2012 at 12:29 PM, madal 30 wrote: >> > Calling-Station-Id = ".031" >> >> > How do I or where do i adjust this parameter sothat full IP address is >> > logged in calling-station-ID ? I looked at detail file in modules/detail >> > but could not find the parameter >> >> The radius server can only process on what the NAS sends it. Look at >> the NAS and configure the NAS to send the correct/full >> Calling-Station-Id. >> > Where I can Configure this (in which file ?) In Freeradius? Nowhere. You have to alter the configuration of the device you are logging in to. "192.168.1.1" in your case. Freeradius only processes the data sent from the device. If this data is wrong or incomplete, Freeradius can do nothing about it. Grüße, Sven. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Calling station ID
Thanks Chris, > Date: Thu, 12 Jul 2012 12:38:17 +0200 > Subject: Re: Calling station ID > From: sav...@savage.za.org > To: freeradius-users@lists.freeradius.org > > On Thu, Jul 12, 2012 at 12:29 PM, madal 30 wrote: > > > Calling-Station-Id = ".031" > > > How do I or where do i adjust this parameter sothat full IP address is > > logged in calling-station-ID ? I looked at detail file in modules/detail > > but could not find the parameter > > The radius server can only process on what the NAS sends it. Look at > the NAS and configure the NAS to send the correct/full > Calling-Station-Id. > Where I can Configure this (in which file ?) > > -- > > Regards, > Chris Knipe > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Calling station ID
On Thu, Jul 12, 2012 at 12:29 PM, madal 30 wrote: > Calling-Station-Id = ".031" > How do I or where do i adjust this parameter sothat full IP address is > logged in calling-station-ID ? I looked at detail file in modules/detail > but could not find the parameter The radius server can only process on what the NAS sends it. Look at the NAS and configure the NAS to send the correct/full Calling-Station-Id. -- Regards, Chris Knipe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Calling station ID
I have enabled the detail log in my freeradius server. It logs everything which is cool. However, in Calling-Station-ID it only logs the last octes as : Acct-Session-Id = "4FEE219C619400"User-Name = "t...@test.com" Acct-Status-Type = StopService-Type = Framed-User Framed-Protocol = PPPAcct-Authentic = RADIUSAcct-Session-Time = 9Acct-Output-Octets = 320Acct-Input-Octets = 925 Acct-Output-Packets = 1Acct-Input-Packets = 4Calling-Station-Id = ".031"NAS-Port-Type = AsyncAcct-Terminate-Cause = User-RequestFramed-IP-Address = 192.168.1.20NAS-IP-Address = 192.168.1.1NAS-Port = 0Acct-Delay-Time = 0 Acct-Unique-Session-Id = "537e68121f1931c8"Stripped-User-Name = "test" Realm = "test.com"Timestamp = 1342054821 Request-Authenticator = Verified How do I or where do i adjust this parameter sothat full IP address is logged in calling-station-ID ? I looked at detail file in modules/detail but could not find the parameter M - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-SIM configuration on v2.1.12
Hi experts,
I am trying to configure eap-sim on and when I start the radiusd process I
get the following error:
---
Module: Linked to module rlm_eap
Module: Instantiating module "eap" from file /usr/local/etc/raddb/eap.conf
eap {
default_eap_type = "sim"
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
max_sessions = 4096
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = "Password: "
auth_type = "PAP"
}
Ignoring EAP-Type/tls because we do not have OpenSSL support.
Ignoring EAP-Type/ttls because we do not have OpenSSL support.
Ignoring EAP-Type/peap because we do not have OpenSSL support.
Module: Linked to sub-module rlm_eap_mschapv2
Module: Instantiating eap-mschapv2
mschapv2 {
with_ntdomain_hack = no
send_error = no
}
Module: Linked to sub-module rlm_eap_sim
Module: Instantiating eap-sim
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module "preprocess" from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = "/usr/local/etc/raddb/huntgroups"
hints = "/usr/local/etc/raddb/hints"
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating module "suffix" from file
/usr/local/etc/raddb/modules/realm
realm suffix {
format = "suffix"
delimiter = "@"
ignore_default = no
ignore_null = no
}
/usr/local/etc/raddb/radiusd.conf[698]: Failed to link to module
'rlm_sim_files': ld.so.1: radiusd: fatal: rlm_sim_files.so: open failed: No
such file or directory
/usr/local/etc/raddb/sites-enabled/default[157]: Failed to load module
"sim_files".
/usr/local/etc/raddb/sites-enabled/default[69]: Errors parsing authorize
section.
---
Are there anything that I have missed?
I have setup the config as follows:
The eap modules are present
# pwd
/usr/local/lib
# ls rlm_eap*
rlm_eap_gtc-2.1.12.la rlm_eap_leap-2.1.12.so rlm_eap_md5.a
rlm_eap_mschapv2.la rlm_eap_sim.so
rlm_eap_gtc-2.1.12.so rlm_eap_leap.a rlm_eap_md5.la
rlm_eap_mschapv2.so rlm_eap-2.1.12.la
rlm_eap_gtc.a rlm_eap_leap.la rlm_eap_md5.so
rlm_eap_sim-2.1.12.la rlm_eap-2.1.12.so
rlm_eap_gtc.la rlm_eap_leap.so
rlm_eap_mschapv2-2.1.12.la rlm_eap_sim-2.1.12.so rlm_eap.a
rlm_eap_gtc.so rlm_eap_md5-2.1.12.la
rlm_eap_mschapv2-2.1.12.so rlm_eap_sim.a rlm_eap.la
rlm_eap_leap-2.1.12.la rlm_eap_md5-2.1.12.so rlm_eap_mschapv2.a
rlm_eap_sim.la rlm_eap.so
Config files:
/usr/local/etc/raddb/radiusd.conf
modules {
sim_files {
simtriplets = "/usr/local/etc/raddb/simtriplets.dat"
}
/usr/local/etc/raddb/eap.conf
eap {
sim {
}
default_eap_type = sim
}
/usr/local/etc/raddb/sites-enabled/default
authorize {
sim_files
eap {
ok = return
}
}
The simtriplets.dat files are located in /usr/local/etc/raddb/
Are there anything that I missed out?
Thanks,
Tony
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP session for state problem
Hi,
We are using freeradius2-2.1.12-3.el5 on RHEL 5.8 for eduroaming. Sometimes
we are getting "EAP session for state ... did not finish!" warning as you
can see on case 1. We can successfully login after every three or four
tries without error (case 2).
How can I overcome this problem?
PS: I think it is more problem on windows 7.
Case 1:
rad_recv: Access-Request packet from host 10.200.0.2 port 32832, id=203,
length=238
User-Name = "x...@sabanciuniv.edu.tr"
NAS-IP-Address = 10.200.0.2
NAS-Port = 0
NAS-Identifier = "10.200.0.2"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "1C659DA0C84D"
Called-Station-Id = "000B8661DFC4"
Service-Type = Login-User
Framed-MTU = 1100
EAP-Message =
0x020a002401676f6b68616e67756e796f6c40736162616e6369756e69762e6564752e7472
Aruba-Essid-Name = "eduroam"
Aruba-Location-Id = "BM_IT_Net_Sys_3c:02"
Aruba-Attr-10 = 0x424d5f62696e617369
Message-Authenticator = 0x7bde0503caf078e16964c30bb649186a
Thu Jul 12 08:50:06 2012 : Info: server eduroam {
Thu Jul 12 08:50:06 2012 : Info: # Executing section authorize from file
/etc/raddb/sites-enabled/eduroam
Thu Jul 12 08:50:06 2012 : Info: +- entering group authorize {...}
Thu Jul 12 08:50:06 2012 : Info: ++[preprocess] returns ok
Thu Jul 12 08:50:06 2012 : Info: [auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/10.200.0.2/auth-detail-20120712
Thu Jul 12 08:50:06 2012 : Info: [auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to
/var/log/radius/radacct/10.200.0.2/auth-detail-20120712
Thu Jul 12 08:50:06 2012 : Info: [auth_log] expand: %t -> Thu Jul
12 08:50:06 2012
Thu Jul 12 08:50:06 2012 : Info: ++[auth_log] returns ok
Thu Jul 12 08:50:06 2012 : Info: ++[mschap] returns noop
Thu Jul 12 08:50:06 2012 : Info: [suffix] Looking up realm "
sabanciuniv.edu.tr" for User-Name = "x...@sabanciuniv.edu.tr"
Thu Jul 12 08:50:06 2012 : Info: [suffix] Found realm "sabanciuniv.edu.tr"
Thu Jul 12 08:50:06 2012 : Info: [suffix] Adding Stripped-User-Name = "xxx"
Thu Jul 12 08:50:06 2012 : Info: [suffix] Adding Realm = "sabanciuniv.edu.tr
"
Thu Jul 12 08:50:06 2012 : Info: [suffix] Authentication realm is LOCAL.
Thu Jul 12 08:50:06 2012 : Info: ++[suffix] returns ok
Thu Jul 12 08:50:06 2012 : Info: [eap] EAP packet type response id 10
length 36
Thu Jul 12 08:50:06 2012 : Info: [eap] No EAP Start, assuming it's an
on-going EAP conversation
Thu Jul 12 08:50:06 2012 : Info: ++[eap] returns updated
Thu Jul 12 08:50:06 2012 : Info: ++[files] returns noop
Thu Jul 12 08:50:06 2012 : Info: ++[expiration] returns noop
Thu Jul 12 08:50:06 2012 : Info: ++[logintime] returns noop
Thu Jul 12 08:50:06 2012 : Info: Found Auth-Type = EAP
Thu Jul 12 08:50:06 2012 : Info: # Executing group from file
/etc/raddb/sites-enabled/eduroam
Thu Jul 12 08:50:06 2012 : Info: +- entering group authenticate {...}
Thu Jul 12 08:50:06 2012 : Info: [eap] EAP Identity
Thu Jul 12 08:50:06 2012 : Info: [eap] processing type tls
Thu Jul 12 08:50:06 2012 : Info: [tls] Initiate
Thu Jul 12 08:50:06 2012 : Info: [tls] Start returned 1
Thu Jul 12 08:50:06 2012 : Info: ++[eap] returns handled
Thu Jul 12 08:50:06 2012 : Info: } # server eduroam
Sending Access-Challenge of id 203 to 10.200.0.2 port 32832
EAP-Message = 0x010b00061920
Message-Authenticator = 0x
State = 0x470f24c947043df52dda4e1a3d9334ec
Thu Jul 12 08:50:06 2012 : Info: Finished request 61.
Thu Jul 12 08:50:06 2012 : Debug: Going to the next request
Thu Jul 12 08:50:06 2012 : Debug: Waking up in 4.9 seconds.
Thu Jul 12 08:50:11 2012 : Info: Cleaning up request 61 ID 203 with
timestamp +434
Thu Jul 12 08:50:11 2012 : Debug: WARNING:
!!
Thu Jul 12 08:50:11 2012 : Debug: WARNING: !! EAP session for state
0x470f24c947043df5 did not finish!
Thu Jul 12 08:50:11 2012 : Debug: WARNING: !! Please read
http://wiki.freeradius.org/Certificate_Compatibility
Thu Jul 12 08:50:11 2012 : Debug: WARNING:
!!
Case2:
rad_recv: Access-Request packet from host 10.200.0.2 port 32832, id=215,
length=263
User-Name = "x...@sabanciuniv.edu.tr"
NAS-IP-Address = 10.200.0.2
NAS-Port = 0
NAS-Identifier = "10.200.0.2"
NAS-Port-Type = Wireless-802.11
Calling-Station-Id = "1C659DA0C84D&quo
