change proxy attributes
isn't there a way to change the attributes my freeradius sends out to a proxy by messing with the users file? thanks DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: change proxy attributes
first question is: can I only authenticate on the 2nd radius server? (the 1rst beeing the one acting as proxy). I'm asking this cause if the remote has something like: "wifi" Auth-Type := Reject, NAS-Port-Type == Virtual "wifi" User-Password == "wifi" when the proxy tries to use it, it gets a Reject response. So... Baring in mind that I can't mess with the above lines, isn't there a way to either always authenticate (doesn't need to authorize, which it looks like what it is doing now), or to change Virtual to something else so that it doesn't match? thanks Francois-Xavier GAILLARD wrote: Le Wed, May 24, 2006 at 02:42:40PM +0100, Andr? Lemos ecrivait: Is it possible to for instance changing the value of Framed-Protocol? I just wanted to avoid the remote radius server (I'm acting as a proxy) to only authenticate and not authorize. (ignore access-reject based on attributes). I'm afraid I didn't understand the question :/ Regards, Fox. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ Andr Ventura Lemos Software Engineer Critical Software, SA Webpage: www.andrelemos.com MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tipical LDAP Schema
here's a quick one: # test, People, local.loc dn: uid=test,ou=People,dc=local,dc=loc objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount objectClass: radiusprofile uidNumber: 1500 gidNumber: 100 cn: test sn: test uid: test homeDirectory: /home/users/test loginShell: /bin/bash sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1 sambaSID: S-1-5-21-252606378-3735400111-1192195845-1500 sambaPrimaryGroupSID: S-1-5-21-252606378-3735400111-1192195845-100 sambaAcctFlags: [U] sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE sambaNTPassword: 0CB6948805F797BF2A82807973B89537 dialupAccess: true userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0= description: test gecos: test displayName: test Luca wrote: Hello, I'm using freeradius with an LDAP Backend to authenticate some users (I'm working in my University' labs). As today, i'm using a clear unencrypted wifi connection authenticating MAC through freeradius, my target is to use WPA (or WPA2) with Radius. What i need is a tipical ldap account ldif layout, 'cause this is the first time i work with ldap and i hope to do my best. The best scenario is a single signon service, so... if you have an ldif with the radiusProfile object plus some samba and other usefull information... please add them too. Thanks in advance. Luca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
No dice... I've chowned and chmoed and still I get the same problem. Any more sugestions? Alan DeKok wrote: =?ISO-8859-1?Q?Andr=E9_Lemos?= [EMAIL PROTECTED] wrote: doesn't anyone also have this problem? It works in my tests. Hmm... the code prints the SSL errors to stderr. They're lost when running in daemon mode. Yuck. I *suspect* that the files aren't readable by the server after a HUP. Try making them owned by the UID the server is running as, and making them readable by that uid. Alan DeKok. -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
Do you see anything in here?
write(6, Fri Mar 10 10:32:38 2006 : Info:..., 86) = 86
close(6)= 0
munmap(0xb7fb6000, 4096)= 0
open(/etc/raddb/certs/cert-srv.pem, O_RDONLY) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=2439, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7fb6000
read(6, Bag Attributes\nlocalKeyID: 0..., 4096) = 2439
close(6)= 0
munmap(0xb7fb6000, 4096)= 0
write(2, 12836:error:0906D06C:PEM routine..., 100) = 100
write(2, 12836:error:14085005:SSL routine..., 70) = 70
open(/var/log/freeradius/radius.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 6
fstat64(6, {st_mode=S_IFREG|0644, st_size=128573, ...}) = 0
old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS,
-1, 0) = 0xb7fb6000
fstat64(6, {st_mode=S_IFREG|0644, st_size=128573, ...}) = 0
_llseek(6, 128573, [128573], SEEK_SET) = 0
time(NULL) = 1141986758
write(6, Fri Mar 10 10:32:38 2006 : Error..., 78) = 78
Alan DeKok wrote:
=?ISO-8859-1?Q?Andr=E9_Lemos?= [EMAIL PROTECTED] wrote:
doesn't anyone also have this problem?
It works in my tests.
Hmm... the code prints the SSL errors to stderr. They're lost when
running in daemon mode. Yuck.
I *suspect* that the files aren't readable by the server after a
HUP. Try making them owned by the UID the server is running as, and
making them readable by that uid.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
**_**
* *André Ventura Lemos**
**Software Engineer**
**Critical Software, SA**
**Webpage:****www.andrelemos.com**
**MSN:**[EMAIL PROTECTED]
**GSM:****+351916401042**
**TLF:****+351239989100**
DISCLAIMER: This message may contain confidential information or privileged
material and is intended only for the individual(s) named. If you are not a
named addressee and mistakenly received this message you should not copy or
otherwise disseminate it: please delete this e-mail from your system and notify
the sender immediately. E-mail transmissions are not guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete or contain viruses. Therefore, the sender does not
accept liability for any errors or omissions in the contents of this message
that arise as a result of e-mail transmissions. Please request a hard copy
version if verification is required. Critical Software.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
copied over vanila configurations from another freeradius 1.1.0 configuration, and now it seems to work fine. odd... Alan DeKok wrote: =?ISO-8859-1?Q?Andr=E9_Lemos?= [EMAIL PROTECTED] wrote: doesn't anyone also have this problem? It works in my tests. Hmm... the code prints the SSL errors to stderr. They're lost when running in daemon mode. Yuck. I *suspect* that the files aren't readable by the server after a HUP. Try making them owned by the UID the server is running as, and making them readable by that uid. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
nevermind... the tls/ttls was just commented out by default Alan DeKok wrote: =?ISO-8859-1?Q?Andr=E9_Lemos?= [EMAIL PROTECTED] wrote: doesn't anyone also have this problem? It works in my tests. Hmm... the code prints the SSL errors to stderr. They're lost when running in daemon mode. Yuck. I *suspect* that the files aren't readable by the server after a HUP. Try making them owned by the UID the server is running as, and making them readable by that uid. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
Works:
10218 open(/etc/raddb/certs/cert-srv.pem, O_RDONLY) = 6
10218 fstat64(6, {st_mode=S_IFREG|0644, st_size=2439, ...}) = 0
10218 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f22000
10218 read(6, Bag Attributes\nlocalKeyID: 0..., 4096) = 2439
10218 read(6, , 4096) = 0
10218 close(6) = 0
10218 munmap(0xb7f22000, 4096) = 0
10218 open(/etc/raddb/certs/demoCA/cacert.pem, O_RDONLY) = 6
Doesn't:
10218 open(/etc/raddb/certs/cert-srv.pem, O_RDONLY) = 6
10218 fstat64(6, {st_mode=S_IFREG|0644, st_size=2439, ...}) = 0
10218 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f22000
10218 read(6, Bag Attributes\nlocalKeyID: 0..., 4096) = 2439
10218 close(6) = 0
10218 munmap(0xb7f22000, 4096) = 0
10218 write(2, 10218:error:0906D06C:PEM routine..., 100) = 100
10218 write(2, 10218:error:14085005:SSL routine..., 70) = 70
André Lemos wrote:
copied over vanila configurations from another freeradius 1.1.0
configuration, and now it seems to work fine.
odd...
Alan DeKok wrote:
=?ISO-8859-1?Q?Andr=E9_Lemos?= [EMAIL PROTECTED] wrote:
doesn't anyone also have this problem?
It works in my tests.
Hmm... the code prints the SSL errors to stderr. They're lost when
running in daemon mode. Yuck.
I *suspect* that the files aren't readable by the server after a
HUP. Try making them owned by the UID the server is running as, and
making them readable by that uid.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
**_**
* *André Ventura Lemos**
**Software Engineer**
**Critical Software, SA**
**Webpage:****www.andrelemos.com**
**MSN:**[EMAIL PROTECTED]
**GSM:****+351916401042**
**TLF:****+351239989100**
DISCLAIMER: This message may contain confidential information or privileged
material and is intended only for the individual(s) named. If you are not a
named addressee and mistakenly received this message you should not copy or
otherwise disseminate it: please delete this e-mail from your system and notify
the sender immediately. E-mail transmissions are not guaranteed to be secure or
error-free as information could be intercepted, corrupted, lost, destroyed,
arrive late or incomplete or contain viruses. Therefore, the sender does not
accept liability for any errors or omissions in the contents of this message
that arise as a result of e-mail transmissions. Please request a hard copy
version if verification is required. Critical Software.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
doesn't anyone also have this problem? André Lemos wrote: freeradius 1.1.0 doesn't seem to cope with reloads as well as it did with freeradius 1.0.5. On the version 1.1.0 after about 2/3 reloads, I get the following on the logs: Tue Feb 25 16:23:22 2003 : Info: rlm_eap_tls: Loading the certificate file as a chain Tue Feb 25 16:23:22 2003 : Error: rlm_eap_tls: Error reading certificate file Tue Feb 25 16:23:22 2003 : Error: rlm_eap: Failed to initialize type tls Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[9]: eap: Module instantiation failed. Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[1668] Unknown module eap. Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[1616] Failed to parse authenticate section. this seems a bug related to how the version 1.1.0 copes with kill signals (I can't reproduce the problem with the version 1.0.5) Thanks Ps.: the command used was: kill -1 `cat /var/run/radiusd/radiusd.pid` - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reload on freeradius 1.1.0
freeradius 1.1.0 doesn't seem to cope with reloads as well as it did with freeradius 1.0.5. On the version 1.1.0 after about 2/3 reloads, I get the following on the logs: Tue Feb 25 16:23:22 2003 : Info: rlm_eap_tls: Loading the certificate file as a chain Tue Feb 25 16:23:22 2003 : Error: rlm_eap_tls: Error reading certificate file Tue Feb 25 16:23:22 2003 : Error: rlm_eap: Failed to initialize type tls Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[9]: eap: Module instantiation failed. Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[1668] Unknown module eap. Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[1616] Failed to parse authenticate section. this seems a bug related to how the version 1.1.0 copes with kill signals (I can't reproduce the problem with the version 1.0.5) Thanks Ps.: the command used was: kill -1 `cat /var/run/radiusd/radiusd.pid` -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NTLM
so this is the only way to get NT/LM for an AD server? Gilmour, Scott wrote: I read that you need to setup ntlm_auth to get Machine Authentication to work with Active Directory. How do I properly set up ntlm_auth to do this? Thanks, Scott Gilmour Software Engineer ENET, ENSRT Enterasys Networks Phone: 978-684-1236 Email:sgilmour@enterasys.com www: http://www.enterasys.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.1.0 doesn't cope well with reloads
When doing several reloads (kill -1 $PID), freeradius eventually dies with: Fri Feb 17 15:59:26 2006 : Info: Reloading configuration files. Fri Feb 17 15:59:26 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Feb 17 15:59:26 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Feb 17 15:59:26 2006 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Feb 17 15:59:26 2006 : Error: rlm_eap_tls: Error reading certificate file Fri Feb 17 15:59:26 2006 : Error: rlm_eap: Failed to initialize type tls Fri Feb 17 15:59:26 2006 : Error: radiusd.conf[9]: eap: Module instantiation failed. Fri Feb 17 15:59:26 2006 : Error: radiusd.conf[1668] Unknown module "eap". Fri Feb 17 15:59:26 2006 : Error: radiusd.conf[1616] Failed to parse authenticate section. freeradius 1.0.5 would handle this without a problem. Is anyone else experiencing the same problem? -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
deny access to ms-chap
Hi there How can I NOT authorize a user to use mschap? "user3" Framed-Protocol == PPP, Auth-Type := Reject doesn't seem to work Thanks -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: deny access to ms-chap
with: "user3" Auth-Type := Reject, Framed-Protocol == PPP seems to work :-) Andr Lemos wrote: Hi there How can I NOT authorize a user to use mschap? "user3" Framed-Protocol == PPP, Auth-Type := Reject doesn't seem to work Thanks -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mschap and users file
Right now I'm only using mschap and the users file to authenticate a user, but I'm getting: modcall: entering group Auth-Type for request 7 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for wifi with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect although on my users file I have: wifi Crypt-Password == BcFvDSx8ydTSk wifi lmPassword == 02D093CE93078E8FAAD3B435B51404EE wifi ntPassword == CAF13C4F321B608B27FD75D2549BA53C can't I have my users file only with encrypted passwords? thanks -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgres + freeradius trouble
doesn't anyone use this kind of setup? Andr Lemos wrote: a bit more information: radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): No matching entry in the database for request from user [user2] rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns ok for request 1 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Andr Lemos wrote: Hi, I'm sorry to be bothering you, but I'm having a strange problem with this combo. I am using freeradius 1.0.5 and have the following user: radius=# select * from radcheck order by id; id | username | attribute | op | value +--+-++- 10 | user2 | Framed-Protocol | != | PPP 14 | user2 | NAS-Port-Type | == | Virtual 16 | user2 | Password | == | teste if I remove the id 10, everything works as expected, but if I leave it as is, I can't authorize the user, although it matches the id 14 and the 10. The message I get is: rlm_sql (sql): No matching entry in the database for request from user [user2] which seems rather strange. Any insight you could give me? Very much appreciate it. -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
postgres + freeradius trouble
Hi, I'm sorry to be bothering you, but I'm having a strange problem with this combo. I am using freeradius 1.0.5 and have the following user: radius=# select * from radcheck order by id; id | username | attribute | op | value +--+-++- 10 | user2 | Framed-Protocol | != | PPP 14 | user2 | NAS-Port-Type | == | Virtual 16 | user2 | Password | == | teste if I remove the id 10, everything works as expected, but if I leave it as is, I can't authorize the user, although it matches the id 14 and the 10. The message I get is: rlm_sql (sql): No matching entry in the database for request from user [user2] which seems rather strange. Any insight you could give me? Very much appreciate it. -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
postgres + freeradius trouble
Hi, I'm sorry to be bothering you, but I'm having a strange problem with this combo. I am using freeradius 1.0.5 and have the following user: radius=# select * from radcheck order by id; id | username | attribute | op | value +--+-++- 10 | user2 | Framed-Protocol | != | PPP 14 | user2 | NAS-Port-Type | == | Virtual 16 | user2 | Password | == | teste if I remove the id 10, everything works as expected, but if I leave it as is, I can't authorize the user, although it matches the id 14 and the 10. The message I get is: rlm_sql (sql): No matching entry in the database for request from user [user2] which seems rather strange. Any insight you could give me? Very much appreciate it. -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgres + freeradius trouble
a bit more information: radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): No matching entry in the database for request from user [user2] rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns ok for request 1 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. Andr Lemos wrote: Hi, I'm sorry to be bothering you, but I'm having a strange problem with this combo. I am using freeradius 1.0.5 and have the following user: radius=# select * from radcheck order by id; id | username | attribute | op | value +--+-++- 10 | user2 | Framed-Protocol | != | PPP 14 | user2 | NAS-Port-Type | == | Virtual 16 | user2 | Password | == | teste if I remove the id 10, everything works as expected, but if I leave it as is, I can't authorize the user, although it matches the id 14 and the 10. The message I get is: rlm_sql (sql): No matching entry in the database for request from user [user2] which seems rather strange. Any insight you could give me? Very much appreciate it. -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ Andr Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
