Re: accounting data

2012-11-10 Thread Periko Support 
On Sat, Nov 10, 2012 at 6:27 AM, Alan DeKok  wrote:
> Periko Support wrote:
>>  This works, but I would like to understand, I can try that steps a
>> lot times and every time it give me the same result: 1770, doesn't
>> suppose that every time I run the same steps the counter must be
>> lower?
>
>   Only if the NAS is sending accounting packets.
>
>   What does the debug output say?
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

 This is the output:

radtest alice test 127.0.0.1 100 testing123
Sending Access-Request of id 32 to 127.0.0.1 port 1812
User-Name = "alice"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 100
Message-Authenticator = 0x
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=32, length=40
Reply-Message = "Hello, alice"
Session-Timeout = 300

debug:

rad_recv: Access-Request packet from host 127.0.0.1 port 36311, id=32, length=75
User-Name = "alice"
User-Password = "test"
NAS-IP-Address = 127.0.0.1
NAS-Port = 100
Message-Authenticator = 0x2c214bd6f2cb15d2c0d224a851ca167d
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry alice at line 170
[files] expand: Hello, %{User-Name} -> Hello, alice
++[files] returns ok
rlm_counter: Entering module authorize code
rlm_counter: Searching the database for key 'alice'
rlm_counter: Could not find the requested key in the database.
rlm_counter: Check item = 300, Count = 0
rlm_counter: res is greater than zero
rlm_counter: (Check item - counter) is greater than zero
rlm_counter: Authorized user alice, check_item=300, counter=0
rlm_counter: Sent Reply-Item for user alice, Type=Session-Timeout, value=300
++[daily] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "test"
[pap] Using clear text password "test"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 32 to 127.0.0.1 port 36311
Reply-Message = "Hello, alice"
Session-Timeout = 300
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 32 with timestamp +42
Ready to process requests.

accouting start:

radclient 127.0.0.1 auto testing123 -f 4088_06_acct_start.txt
Received response ID 15, code 5, length = 20

debug:

rad_recv: Accounting-Request packet from host 127.0.0.1 port 48415,
id=15, length=144
Acct-Session-Id = "4D2BB8AC-0098"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "alice"
NAS-Port = 0
Called-Station-Id = "00-02-6F-AA-AA-AA:My Wireless"
Calling-Station-Id = "00-1C-B3-AA-AA-AA"
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 48Mbps 802.11b"
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id =
"4D2BB8AC-0098",User-Name = "alice"'
[acct_unique] Acct-Unique-Session-ID = "e38661b89c4e83d0".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "alice", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]expand: %{Packet-Src-IP-Address} -> 127.0.0.1
[detail]expand:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/radius/radacct/127.0.0.1/detail-20121110
[detail] 
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/radius/radacct/127.0.0.1/detail-20121110
[detail]expand: %t -> Sat Nov 10 19:35:50 2012
++[detail] returns ok
rlm_counter: We only run on Accounting-Stop packets.
++[daily] returns noop
++[unix] returns ok
[radutmp]   e

Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

2012-11-10 Thread Shravan S G 
Issue is resolved.
I was infact editing the wrong users file. I was editing the users file in
the raddb folder of the uncompressed tarball.
Thanks for the help.

Regards,
Shravan

On Sat, Nov 10, 2012 at 6:54 AM, Phil Mayers wrote:

> On 11/10/2012 03:54 AM, Shravan S G wrote:
>
>> Hi all,
>>
>> I am trying to configure FreeRadius 2.2.0. I am trying to test with the
>> radtest utility. However, when I run radtest, on my radiusd server, I
>> get the following error - "ERROR: No authenticate method (Auth-Type)
>> found for the request: Rejecting the user". I know this is some issue
>> with the authentication part. However, I have not been able to pinpoint
>> the problem. Also, I haven't been able to find any relevant solutions on
>> the web.
>> I have just untarred the 2.2.0 tarball, and added just one line the
>> users file: gokul Cleartext-Password:="abcde"
>>
>
> If so, this hasn't taken. The debug shows:
>
>  ++[files] returns noop
>>
>
> ...and thenL
>
>
>  [pap] WARNING! No "known good" password found for the user.
>> Authentication may fail because of this.
>> ++[pap] returns noop
>> ERROR: No authenticate method (Auth-Type) found for the request:
>>
>
> Check you're editing the right file.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html 
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Debian 6.0.6 amd64 freeradius + xl2tpd + strongswan ipsec

2012-11-10 Thread Dmitry Korzhevin 

Hello guys,


Can you please advice good howto/guide to configure l2tp with radius 
server? I am already have configured pptp (poptop) and ipsec 
(strongSwan) on server, getting user logins and passwords from file. Now 
planning to use freeradius for auth.




Best Regards,
Dmitry

---
Dmitry KORZHEVIN
System Administrator
STIDIA S.A. - Luxembourg

e: dmitry.korzhe...@stidia.com
m: +38 093 874 5453
w: http://www.stidia.com



smime.p7s
Description: ÐÑипÑогÑаÑиÑеÑÐºÐ°Ñ Ð¿Ð¾Ð´Ð¿Ð¸ÑÑ S/MIME
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Concatenating/inserting strings with backslashes

2012-11-10 Thread Alan DeKok 
Brian Candler wrote:
> Here's something weird. I'm trying to concatenate some strings which contain
>   (i.e.  not a newline).

  Well... that's all pretty hacky.  It's made worse by Reply-Message
being automatically expanded, whereas other attributes aren't.  Try your
tests below using Filter-Id, and they will be different.

  The server has grown over the years in a fairly ad-hoc way.  I welcome
suggestions for sanitizing how it deals with string.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: accounting data

2012-11-10 Thread Alan DeKok 
Periko Support wrote:
>  This works, but I would like to understand, I can try that steps a
> lot times and every time it give me the same result: 1770, doesn't
> suppose that every time I run the same steps the counter must be
> lower?

  Only if the NAS is sending accounting packets.

  What does the debug output say?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: LDAP group child domain

2012-11-10 Thread Alan DeKok 
Menard, Yannick wrote:
> The problem I am have now is; If I have a user group with the same name
> in my primary domain (tata) and in my child domain (toto.tata), the
> freeradius does not seems to see the difference (for exemple the domain
> users group).

  That's how it works, unfortunately.

> What I would like to do is write it like that:
> 
> DEFAULT Ldap-Group == “cn=groupname, ou=OUofGroup, dc=toto, dc=tata”

  No.  The LDAP group is the name of the group.  Nothing else.

> If anyone got some insight on how to solve this problem, I would greatly
> appreciate.

  If you want to query two domains, you'll need to configure two LDAP
modules.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

2012-11-10 Thread Phil Mayers 

On 11/10/2012 03:54 AM, Shravan S G wrote:

Hi all,

I am trying to configure FreeRadius 2.2.0. I am trying to test with the
radtest utility. However, when I run radtest, on my radiusd server, I
get the following error - "ERROR: No authenticate method (Auth-Type)
found for the request: Rejecting the user". I know this is some issue
with the authentication part. However, I have not been able to pinpoint
the problem. Also, I haven't been able to find any relevant solutions on
the web.
I have just untarred the 2.2.0 tarball, and added just one line the
users file: gokul Cleartext-Password:="abcde"


If so, this hasn't taken. The debug shows:


++[files] returns noop


...and thenL


[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request:


Check you're editing the right file.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user

2012-11-10 Thread alan buxey 
Hi,

>I have just untarred the 2.2.0 tarball, and added just one line the users
>file: gokul Cleartext-Password:="abcde"

at the top of the file...or at the bottom?  If you add it to the bottom then 
other
things in the file will prevent that user from being seen/used - add your test 
user/pass
to the top of the users file

you didnt give the full output of 'radiusd -X' either - I'm assuming that you 
are 
editing the correct users file - eg /usr/local/etc/raddb/users  or 
/etc/raddb/users
and not the users file thats in the source directory...

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html