Re: change proxy attributes
first question is: can I only authenticate on the 2nd radius server? (the 1rst beeing the one acting as proxy). I'm asking this cause if the remote has something like: "wifi" Auth-Type := Reject, NAS-Port-Type == Virtual "wifi" User-Password == "wifi" when the proxy tries to use it, it gets a Reject response. So... Baring in mind that I can't mess with the above lines, isn't there a way to either always authenticate (doesn't need to authorize, which it looks like what it is doing now), or to change Virtual to something else so that it doesn't match? thanks Francois-Xavier GAILLARD wrote: Le Wed, May 24, 2006 at 02:42:40PM +0100, Andr? Lemos ecrivait: Is it possible to for instance changing the value of Framed-Protocol? I just wanted to avoid the remote radius server (I'm acting as a proxy) to only authenticate and not authorize. (ignore access-reject based on attributes). I'm afraid I didn't understand the question :/ Regards, Fox. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ André Ventura Lemos Software Engineer Critical Software, SA Webpage: www.andrelemos.com MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: change proxy attributes
Is it possible to for instance changing the value of Framed-Protocol? I just wanted to avoid the remote radius server (I'm acting as a proxy) to only authenticate and not authorize. (ignore access-reject based on attributes). Francois-Xavier GAILLARD wrote: Le Wed, May 24, 2006 at 12:13:43PM +0100, Andr? Lemos ecrivait: isn't there a way to change the attributes my freeradius sends out to a proxy by messing with the users file? You should try using the hints file. http://wiki.freeradius.org/index.php/Adding%2C_Removing%2C_Modifying_Attributes_for_further_processing Regards, Fox. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ André Ventura Lemos Software Engineer Critical Software, SA Webpage: www.andrelemos.com MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
change proxy attributes
isn't there a way to change the attributes my freeradius sends out to a proxy by messing with the users file? thanks DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Tipical LDAP Schema
here's a quick one: # test, People, local.loc dn: uid=test,ou=People,dc=local,dc=loc objectClass: top objectClass: inetOrgPerson objectClass: posixAccount objectClass: sambaSamAccount objectClass: radiusprofile uidNumber: 1500 gidNumber: 100 cn: test sn: test uid: test homeDirectory: /home/users/test loginShell: /bin/bash sambaLogonTime: 0 sambaLogoffTime: 2147483647 sambaKickoffTime: 2147483647 sambaPwdCanChange: 1 sambaSID: S-1-5-21-252606378-3735400111-1192195845-1500 sambaPrimaryGroupSID: S-1-5-21-252606378-3735400111-1192195845-100 sambaAcctFlags: [U] sambaLMPassword: 01FC5A6BE7BC6929AAD3B435B51404EE sambaNTPassword: 0CB6948805F797BF2A82807973B89537 dialupAccess: true userPassword:: e01ENX1DWTlyelVZaDAzUEszazZESmllMDlnPT0= description: test gecos: test displayName: test Luca wrote: > Hello, > I'm using freeradius with an LDAP Backend to authenticate some users (I'm > working in my University' labs). > As today, i'm using a clear unencrypted wifi connection authenticating > MAC through freeradius, my target is to use WPA (or WPA2) with Radius. > > What i need is a tipical ldap account ldif layout, 'cause this is the > first time i work with ldap and i hope to do my best. > > The best scenario is a single signon service, so... if you have an ldif > with the radiusProfile object plus some samba and other usefull > information... please add them too. > > Thanks in advance. > > Luca > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
Works: 10218 open("/etc/raddb/certs/cert-srv.pem", O_RDONLY) = 6 10218 fstat64(6, {st_mode=S_IFREG|0644, st_size=2439, ...}) = 0 10218 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f22000 10218 read(6, "Bag Attributes\nlocalKeyID: 0"..., 4096) = 2439 10218 read(6, "", 4096) = 0 10218 close(6) = 0 10218 munmap(0xb7f22000, 4096) = 0 10218 open("/etc/raddb/certs/demoCA/cacert.pem", O_RDONLY) = 6 Doesn't: 10218 open("/etc/raddb/certs/cert-srv.pem", O_RDONLY) = 6 10218 fstat64(6, {st_mode=S_IFREG|0644, st_size=2439, ...}) = 0 10218 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f22000 10218 read(6, "Bag Attributes\nlocalKeyID: 0"..., 4096) = 2439 10218 close(6) = 0 10218 munmap(0xb7f22000, 4096) = 0 10218 write(2, "10218:error:0906D06C:PEM routine"..., 100) = 100 10218 write(2, "10218:error:14085005:SSL routine"..., 70) = 70 André Lemos wrote: > copied over vanila configurations from another freeradius 1.1.0 > configuration, and now it seems to work fine. > > odd... > > Alan DeKok wrote: > >> =?ISO-8859-1?Q?Andr=E9_Lemos?= <[EMAIL PROTECTED]> wrote: >> >> >>> doesn't anyone also have this problem? >>> >>> >> It works in my tests. >> >> Hmm... the code prints the SSL errors to stderr. They're lost when >> running in daemon mode. Yuck. >> >> I *suspect* that the files aren't readable by the server after a >> HUP. Try making them owned by the UID the server is running as, and >> making them readable by that uid. >> >> Alan DeKok. >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> >> > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
nevermind... the tls/ttls was just commented out by default Alan DeKok wrote: > =?ISO-8859-1?Q?Andr=E9_Lemos?= <[EMAIL PROTECTED]> wrote: > >> doesn't anyone also have this problem? >> > > It works in my tests. > > Hmm... the code prints the SSL errors to stderr. They're lost when > running in daemon mode. Yuck. > > I *suspect* that the files aren't readable by the server after a > HUP. Try making them owned by the UID the server is running as, and > making them readable by that uid. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
copied over vanila configurations from another freeradius 1.1.0 configuration, and now it seems to work fine. odd... Alan DeKok wrote: > =?ISO-8859-1?Q?Andr=E9_Lemos?= <[EMAIL PROTECTED]> wrote: > >> doesn't anyone also have this problem? >> > > It works in my tests. > > Hmm... the code prints the SSL errors to stderr. They're lost when > running in daemon mode. Yuck. > > I *suspect* that the files aren't readable by the server after a > HUP. Try making them owned by the UID the server is running as, and > making them readable by that uid. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
Do you see anything in here? write(6, "Fri Mar 10 10:32:38 2006 : Info:"..., 86) = 86 close(6)= 0 munmap(0xb7fb6000, 4096)= 0 open("/etc/raddb/certs/cert-srv.pem", O_RDONLY) = 6 fstat64(6, {st_mode=S_IFREG|0644, st_size=2439, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb6000 read(6, "Bag Attributes\nlocalKeyID: 0"..., 4096) = 2439 close(6)= 0 munmap(0xb7fb6000, 4096)= 0 write(2, "12836:error:0906D06C:PEM routine"..., 100) = 100 write(2, "12836:error:14085005:SSL routine"..., 70) = 70 open("/var/log/freeradius/radius.log", O_WRONLY|O_APPEND|O_CREAT, 0666) = 6 fstat64(6, {st_mode=S_IFREG|0644, st_size=128573, ...}) = 0 old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7fb6000 fstat64(6, {st_mode=S_IFREG|0644, st_size=128573, ...}) = 0 _llseek(6, 128573, [128573], SEEK_SET) = 0 time(NULL) = 1141986758 write(6, "Fri Mar 10 10:32:38 2006 : Error"..., 78) = 78 Alan DeKok wrote: > =?ISO-8859-1?Q?Andr=E9_Lemos?= <[EMAIL PROTECTED]> wrote: > >> doesn't anyone also have this problem? >> > > It works in my tests. > > Hmm... the code prints the SSL errors to stderr. They're lost when > running in daemon mode. Yuck. > > I *suspect* that the files aren't readable by the server after a > HUP. Try making them owned by the UID the server is running as, and > making them readable by that uid. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
No dice... I've chowned and chmoed and still I get the same problem. Any more sugestions? Alan DeKok wrote: > =?ISO-8859-1?Q?Andr=E9_Lemos?= <[EMAIL PROTECTED]> wrote: > >> doesn't anyone also have this problem? >> > > It works in my tests. > > Hmm... the code prints the SSL errors to stderr. They're lost when > running in daemon mode. Yuck. > > I *suspect* that the files aren't readable by the server after a > HUP. Try making them owned by the UID the server is running as, and > making them readable by that uid. > > Alan DeKok. -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reload on freeradius 1.1.0
doesn't anyone also have this problem? André Lemos wrote: > freeradius 1.1.0 doesn't seem to cope with reloads as well as it did > with freeradius 1.0.5. > > On the version 1.1.0 after about 2/3 reloads, I get the following on > the logs: > > Tue Feb 25 16:23:22 2003 : Info: rlm_eap_tls: Loading the certificate > file as a chain > Tue Feb 25 16:23:22 2003 : Error: rlm_eap_tls: Error reading certificate > file > Tue Feb 25 16:23:22 2003 : Error: rlm_eap: Failed to initialize type tls > Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[9]: eap: Module > instantiation failed. > Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[1668] Unknown module "eap". > Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[1616] Failed to parse > authenticate section. > > this seems a bug related to how the version 1.1.0 copes with kill > signals (I can't reproduce the problem with the version 1.0.5) > > > > Thanks > > > Ps.: the command used was: kill -1 `cat /var/run/radiusd/radiusd.pid` > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reload on freeradius 1.1.0
freeradius 1.1.0 doesn't seem to cope with reloads as well as it did with freeradius 1.0.5. On the version 1.1.0 after about 2/3 reloads, I get the following on the logs: Tue Feb 25 16:23:22 2003 : Info: rlm_eap_tls: Loading the certificate file as a chain Tue Feb 25 16:23:22 2003 : Error: rlm_eap_tls: Error reading certificate file Tue Feb 25 16:23:22 2003 : Error: rlm_eap: Failed to initialize type tls Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[9]: eap: Module instantiation failed. Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[1668] Unknown module "eap". Tue Feb 25 16:23:22 2003 : Error: radiusd.conf[1616] Failed to parse authenticate section. this seems a bug related to how the version 1.1.0 copes with kill signals (I can't reproduce the problem with the version 1.0.5) Thanks Ps.: the command used was: kill -1 `cat /var/run/radiusd/radiusd.pid` -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **Webpage:****www.andrelemos.com** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NTLM
so this is the only way to get NT/LM for an AD server? Gilmour, Scott wrote: I read that you need to setup ntlm_auth to get Machine Authentication to work with Active Directory. How do I properly set up ntlm_auth to do this? Thanks, Scott Gilmour Software Engineer ENET, & ENSRT Enterasys Networks Phone: 978-684-1236 Email:sgilmour@enterasys.com www: http://www.enterasys.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.1.0 doesn't cope well with reloads
When doing several reloads (kill -1 $PID), freeradius eventually dies with: Fri Feb 17 15:59:26 2006 : Info: Reloading configuration files. Fri Feb 17 15:59:26 2006 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Feb 17 15:59:26 2006 : Info: rlm_exec: Wait=yes but no output defined. Did you mean output=none? Fri Feb 17 15:59:26 2006 : Info: rlm_eap_tls: Loading the certificate file as a chain Fri Feb 17 15:59:26 2006 : Error: rlm_eap_tls: Error reading certificate file Fri Feb 17 15:59:26 2006 : Error: rlm_eap: Failed to initialize type tls Fri Feb 17 15:59:26 2006 : Error: radiusd.conf[9]: eap: Module instantiation failed. Fri Feb 17 15:59:26 2006 : Error: radiusd.conf[1668] Unknown module "eap". Fri Feb 17 15:59:26 2006 : Error: radiusd.conf[1616] Failed to parse authenticate section. freeradius 1.0.5 would handle this without a problem. Is anyone else experiencing the same problem? -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: deny access to ms-chap
with: "user3" Auth-Type := Reject, Framed-Protocol == PPP seems to work :-) André Lemos wrote: Hi there How can I NOT authorize a user to use mschap? "user3" Framed-Protocol == PPP, Auth-Type := Reject doesn't seem to work Thanks -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
deny access to ms-chap
Hi there How can I NOT authorize a user to use mschap? "user3" Framed-Protocol == PPP, Auth-Type := Reject doesn't seem to work Thanks -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351916401042 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
mschap and users file
Right now I'm only using mschap and the users file to authenticate a user, but I'm getting: modcall: entering group Auth-Type for request 7 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for wifi with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect although on my users file I have: "wifi" Crypt-Password == "BcFvDSx8ydTSk" "wifi" lmPassword == "02D093CE93078E8FAAD3B435B51404EE" "wifi" ntPassword == "CAF13C4F321B608B27FD75D2549BA53C" can't I have my users file only with encrypted passwords? thanks -- **_** * *André Ventura Lemos** **Software Engineer** **Critical Software, SA** **MSN:**[EMAIL PROTECTED] **GSM:****+351916401042** **TLF:****+351239989100** DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgres + freeradius trouble
doesn't anyone use this kind of setup? André Lemos wrote: a bit more information: radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): No matching entry in the database for request from user [user2] rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns ok for request 1 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. André Lemos wrote: Hi, I'm sorry to be bothering you, but I'm having a strange problem with this combo. I am using freeradius 1.0.5 and have the following user: radius=# select * from radcheck order by id; id | username | attribute | op | value +--+-++- 10 | user2 | Framed-Protocol | != | PPP 14 | user2 | NAS-Port-Type | == | Virtual 16 | user2 | Password | == | teste if I remove the id 10, everything works as expected, but if I leave it as is, I can't authorize the user, although it matches the id 14 and the 10. The message I get is: rlm_sql (sql): No matching entry in the database for request from user [user2] which seems rather strange. Any insight you could give me? Very much appreciate it. -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgres + freeradius trouble
a bit more information: radius_xlat: 'SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id' rlm_sql_postgresql: query: SELECT radgroupreply.id, radgroupreply.GroupName, radgroupreply.Attribute, ??radgroupreply.Value, radgroupreply.Op ??FROM radgroupreply,usergroup ??WHERE usergroup.Username = 'user2' AND usergroup.GroupName = radgroupreply.GroupName ??ORDER BY radgroupreply.id rlm_sql_postgresql: Status: PGRES_TUPLES_OK rlm_sql_postgresql: affected rows = rlm_sql (sql): No matching entry in the database for request from user [user2] rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: group authorize returns ok for request 1 auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. André Lemos wrote: Hi, I'm sorry to be bothering you, but I'm having a strange problem with this combo. I am using freeradius 1.0.5 and have the following user: radius=# select * from radcheck order by id; id | username | attribute | op | value +--+-++- 10 | user2 | Framed-Protocol | != | PPP 14 | user2 | NAS-Port-Type | == | Virtual 16 | user2 | Password | == | teste if I remove the id 10, everything works as expected, but if I leave it as is, I can't authorize the user, although it matches the id 14 and the 10. The message I get is: rlm_sql (sql): No matching entry in the database for request from user [user2] which seems rather strange. Any insight you could give me? Very much appreciate it. -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
postgres + freeradius trouble
Hi, I'm sorry to be bothering you, but I'm having a strange problem with this combo. I am using freeradius 1.0.5 and have the following user: radius=# select * from radcheck order by id; id | username | attribute | op | value +--+-++- 10 | user2 | Framed-Protocol | != | PPP 14 | user2 | NAS-Port-Type | == | Virtual 16 | user2 | Password | == | teste if I remove the id 10, everything works as expected, but if I leave it as is, I can't authorize the user, although it matches the id 14 and the 10. The message I get is: rlm_sql (sql): No matching entry in the database for request from user [user2] which seems rather strange. Any insight you could give me? Very much appreciate it. -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
postgres + freeradius trouble
Hi, I'm sorry to be bothering you, but I'm having a strange problem with this combo. I am using freeradius 1.0.5 and have the following user: radius=# select * from radcheck order by id; id | username | attribute | op | value +--+-++- 10 | user2 | Framed-Protocol | != | PPP 14 | user2 | NAS-Port-Type | == | Virtual 16 | user2 | Password | == | teste if I remove the id 10, everything works as expected, but if I leave it as is, I can't authorize the user, although it matches the id 14 and the 10. The message I get is: rlm_sql (sql): No matching entry in the database for request from user [user2] which seems rather strange. Any insight you could give me? Very much appreciate it. -- _ André Ventura Lemos Software Engineer Critical Software, SA MSN: [EMAIL PROTECTED] GSM: +351969495155 TLF: +351239989100 DISCLAIMER: This message may contain confidential information or privileged material and is intended only for the individual(s) named. If you are not a named addressee and mistakenly received this message you should not copy or otherwise disseminate it: please delete this e-mail from your system and notify the sender immediately. E-mail transmissions are not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. Therefore, the sender does not accept liability for any errors or omissions in the contents of this message that arise as a result of e-mail transmissions. Please request a hard-copy version if verification is required. Critical Software. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html