problem with LDAP backend
Hello Still trying to use freeradius with chillispot I still have problems I'm trying to use mixed authentication MAC addresses for some video devices in the users file as follows : 00-06-F4-0D-08-66 Auth-Type := Local, User-Password == Framed-IP-Address = 192.168.182.213, Fall-Through = Yes LDAP backend for real users at the end of the users file I have this statement DEFAULTAuth-Type = LDAP Fall-Through = 1 This configuration were working well on a very old debian machine which died suddenly When I try to access the the chilli portal it ask radius for authentication but it dows not work. See below the debug trace of radius daemon. Help greatly appreciated, thank you. Wed Aug 31 16:52:39 2011 : Debug: Processing the authorize section of radiusd.conf Wed Aug 31 16:52:39 2011 : Debug: modcall: entering group authorize for request 15 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 15 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 15 Wed Aug 31 16:52:39 2011 : Debug: modcall[authorize]: module preprocess returns ok for request 15 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: calling eap (rlm_eap) for request 15 Wed Aug 31 16:52:39 2011 : Debug: rlm_eap: No EAP-Message, not doing EAP Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: returned from eap (rlm_eap) for request 15 Wed Aug 31 16:52:39 2011 : Debug: modcall[authorize]: module eap returns noop for request 15 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: calling files (rlm_files) for request 15 Wed Aug 31 16:52:39 2011 : Debug: users: Matched entry DEFAULT at line 398 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 15 Wed Aug 31 16:52:39 2011 : Debug: modcall[authorize]: module files returns ok for request 15 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: calling ldap (rlm_ldap) for request 15 Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: - authorize Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: performing user authorization for Wed Aug 31 16:52:39 2011 : Debug: radius_xlat: '(uid=xxx)' Wed Aug 31 16:52:39 2011 : Debug: radius_xlat: 'ou=Users,dc=esiee,dc=fr' Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: ldap_get_conn: Checking Id: 0 Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: ldap_get_conn: Got Id: 0 Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: performing search in ou=Users,dc=esiee,dc=fr, with filter (uid=hrazdira) Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: checking if remote access for is allowed by uid Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: looking for check items in directory... Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: looking for reply items in directory... Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: user authorized to use remote access Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: returned from ldap (rlm_ldap) for request 15 Wed Aug 31 16:52:39 2011 : Debug: modcall[authorize]: module ldap returns ok for request 15 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: calling pap (rlm_pap) for request 15 Wed Aug 31 16:52:39 2011 : Debug: rlm_pap: WARNING! No known good password found for the user. Authentication may fail because of this. Wed Aug 31 16:52:39 2011 : Debug: modsingle[authorize]: returned from pap (rlm_pap) for request 15 Wed Aug 31 16:52:39 2011 : Debug: modcall[authorize]: module pap returns noop for request 15 Wed Aug 31 16:52:39 2011 : Debug: modcall: leaving group authorize (returns ok) for request 15 Wed Aug 31 16:52:39 2011 : Debug: rad_check_password: Found Auth-Type LDAP Wed Aug 31 16:52:39 2011 : Debug: auth: type LDAP Wed Aug 31 16:52:39 2011 : Debug: Processing the authenticate section of radiusd.conf Wed Aug 31 16:52:39 2011 : Debug: modcall: entering group authenticate for request 15 Wed Aug 31 16:52:39 2011 : Debug: modsingle[authenticate]: calling ldap (rlm_ldap) for request 15 Wed Aug 31 16:52:39 2011 : Debug: rlm_ldap: - authenticate Wed Aug 31 16:52:39 2011 : Auth: rlm_ldap: Attribute User-Password is required for authentication. Cannot use CHAP-Password. Wed Aug 31 16:52:39 2011 : Debug: modsingle[authenticate]: returned from ldap (rlm_ldap) for request 15 Wed Aug 31 16:52:39 2011 : Debug: modcall[authenticate]: module ldap returns invalid for request 15 Wed Aug 31 16:52:39 2011 : Debug: modcall: leaving group authenticate (returns invalid) for request 15 Wed Aug 31 16:52:39 2011 : Debug: auth: Failed to validate the user. Wed Aug 31 16:52:39 2011 : Debug: Delaying request 15 for 1 seconds Wed Aug 31 16:52:39 2011 : Debug: Finished request 15 Wed Aug 31 16:52:39 2011 : Debug: Going to the next request Wed Aug 31 16:52:39
problem with chillispot
Hello I'm in trouble using chillispot with freeradius on ubuntu 11.04 server freeradius works well with a LDAP backend but when I start chillispot I get that kind of error messages, the shared secret is OK on both sides as it is a testing install I haven't touch the famous testing123 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1 port 56851, id=0, length=162 Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response. Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 127.0.0.1 port 56851, id=1, length=162 Received packet from 127.0.0.1 with invalid Message-Authenticator! (Shared secret is incorrect.) Dropping packet without response. Going to the next request Thank you for any idea ... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + aironet 1131AG
Paweł Pogorzelski wrote: Hi! Please write me some links to materials where i can find how to configure freeradius with Cisco AP 1131 AG. I need to use it for eduroam. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Hi Pawel here is the starting point http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configuration_example09186a00801c40b6.shtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WPA + Freeradius + Chillispot
Leonardo Mártyres wrote: Does anyone use Chillispot to use WPA and FReeradius? Could tell me what I have to configure at dd-wrt? thanks Here is a good starting point http://coova.org/wiki/index.php/CoovaChilli/WithWPACaptivePortal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication (epilog)
Alan DeKok wrote: Frank Bonnet wrote: freeradius is used by chillispot on the machine, does your answer means chillispot is sending a CHAP request ? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html For information the problem is located in the cgi script called hotspotlogin.cgi that comes with chillispot. Once the problem is corrected users authenticate well, even against our LDAP server. Frank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
Alan DeKok wrote: Frank Bonnet wrote: is it possible to use freeradius with NIS instead of LDAP ? thanks Yes. NIS is just a different way of getting users to seem to be in /etc/passwd. So there shouldn't be anything to do. Just install the server, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html you mean uncomment the /etc/passwd in this section in radiusd.conf file right ? # Unix /etc/passwd style authentication - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
Frank Bonnet wrote: Alan DeKok wrote: Frank Bonnet wrote: is it possible to use freeradius with NIS instead of LDAP ? thanks Yes. NIS is just a different way of getting users to seem to be in /etc/passwd. So there shouldn't be anything to do. Just install the server, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html you mean uncomment the /etc/passwd in this section in radiusd.conf file right ? # Unix /etc/passwd style authentication OK now I'm still in trouble ... even after removing LDAP statements here is the log of the session, how to setup the User-password to the right value to use /etc/passwd file ? thanks rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214 User-Name = bonj CHAP-Challenge = 0xbba7f4f69dfb6cf2342f1cbba4e7e482 CHAP-Password = 0x00f7fbe0aa077445403b77c55ab120f811 NAS-IP-Address = 127.0.0.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.2 Calling-Station-Id = 00-15-AF-8E-7C-E4 Called-Station-Id = 00-12-79-90-10-21 NAS-Identifier = nas01 Acct-Session-Id = 49c8b4340030 NAS-Port-Type = Wireless-802.11 NAS-Port = 48 Message-Authenticator = 0x9dfa1ebe41cae3090fd9d919498bb04c WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_realm: No '@' in User-Name = bonj, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 155 modcall[authorize]: module files returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_unix: Attribute User-Password is required for authentication. Cannot use CHAP-Password. modcall[authenticate]: module unix returns invalid for request 0 modcall: leaving group authenticate (returns invalid) for request 0 auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
t...@kalik.net wrote: OK now I'm still in trouble ... even after removing LDAP statements here is the log of the session, how to setup the User-password to the right value to use /etc/passwd file ? thanks rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214 User-Name = bonj CHAP-Challenge = 0xbba7f4f69dfb6cf2342f1cbba4e7e482 CHAP-Password = 0x00f7fbe0aa077445403b77c55ab120f811 OK. Now read what's written in radiusd.conf unix section about using /etc/passwd with chap. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Hello I KNOW we cannot use /etc/passwd for chap authentication my question is HOW to use /etc/passwd with freeradius ? I only want to use users and /etc/passwd files and NO other source to authenticate my users. Thank you for help - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
t...@kalik.net wrote: I KNOW we cannot use /etc/passwd for chap authentication my question is HOW to use /etc/passwd with freeradius ? Great. So, you are aware it's not going to work with chap. And what do you do: rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214 User-Name = bonj CHAP-Challenge = 0xbba7f4f69dfb6cf2342f1cbba4e7e482 CHAP-Password = 0x00f7fbe0aa077445403b77c55ab120f811 You send a chap request!!! Believe me ... if I knew how not to send I would do it My question is how to instruct freeradius et use /etc/passwd in the configuration file thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
t...@kalik.net wrote: rad_recv: Access-Request packet from host 127.0.0.1:32817, id=0, length=214 User-Name = bonj CHAP-Challenge = 0xbba7f4f69dfb6cf2342f1cbba4e7e482 CHAP-Password = 0x00f7fbe0aa077445403b77c55ab120f811 You send a chap request!!! Believe me ... if I knew how not to send I would do it My question is how to instruct freeradius et use /etc/passwd in the configuration file You say: I KNOW we cannot use /etc/passwd for chap authentication It can't be done for a chap request! What part of that sentence don't you understand? If you are going to send chap requests you can't use passwords from /etc/passwd. If you are going to use passwords from /etc/passwd - don't send chap requests. If you don't know how to adjust your NAS - read a manual. OK could you give a link to a manual Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
Alan DeKok wrote: Frank Bonnet wrote: Believe me ... if I knew how not to send I would do it Fix the NAS. You bought it, you know what make/model it is, so you can find documentation for it. Maybe try asking the vendor for documentation? My question is how to instruct freeradius et use /etc/passwd in the configuration file Install the server. Put a user in /etc/passwd (or NIS). Send a PAP request to the server. Authentication will work. If it doesn't work, it's because: a) You're sending CHAP, not PAP b) you edited the configuration files, and broke system authentication freeradius is used by chillispot on the machine, does your answer means chillispot is sending a CHAP request ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
Alan DeKok wrote: Frank Bonnet wrote: freeradius is used by chillispot on the machine, does your answer means chillispot is sending a CHAP request ? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html OK thanks for your (constructive ;-)) answer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with ldap authentication
hello I'm in trouble with a debian version of freeradius I've installed chillispot and freeradius packages but it won't work for LDAP users it fails with such error messages : Mon Mar 23 16:41:05 2009 : Auth: Login incorrect: [/CHAP-Password] (from client localhost port 31 cli 00-13-02-AE-F1-01) Any help/idea welcome Thanks you . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
Alan DeKok wrote: Frank Bonnet wrote: I'm in trouble with a debian version of freeradius I've installed chillispot and freeradius packages but it won't work for LDAP users it fails with such error messages : Mon Mar 23 16:41:05 2009 : Auth: Login incorrect: [/CHAP-Password] (from client localhost port 31 cli 00-13-02-AE-F1-01) Is there any reason you're not running it in debugging mode, as suggested in the FAQ, README, INSTALL, man page, and nearly daily on this list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html OK here is the debug of one failed session thanks for your help Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:33076, id=0, length=217 User-Name = xxx CHAP-Challenge = 0x01464b2728f172473bf5dd5d64d71539 CHAP-Password = 0x00443c19722da8b5ac9799a1a5d39bc1af NAS-IP-Address = 127.0.0.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.54 Calling-Station-Id = 00-19-D2-78-56-4D Called-Station-Id = 00-12-79-90-10-21 NAS-Identifier = nas01 Acct-Session-Id = 49c7b8940034 NAS-Port-Type = Wireless-802.11 NAS-Port = 52 Message-Authenticator = 0x64d387cd750288b284dc8182e4f2dec6 WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = xxx, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched entry DEFAULT at line 363 modcall[authorize]: module files returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for xxx radius_xlat: '(uid=)' radius_xlat: 'dc=esiee,dc=fr' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.esiee.fr:389, authentication 0 rlm_ldap: bind as / to ldap.esiee.fr:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=esiee,dc=fr, with filter (uid=xxx) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns notfound for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type CHAP auth: type CHAP ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Login incorrect (rlm_ldap: User not found): [xxx/CHAP-Password] (from client localhost port 52 cli 00-19-D2-78-56-4D) Delaying request 0 for 1 seconds - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
Alan DeKok wrote: Frank Bonnet wrote: OK here is the debug of one failed session ... rlm_ldap: performing search in dc=esiee,dc=fr, with filter (uid=xxx) rlm_ldap: object not found or got ambiguous search result Well, that's relatively clear. There's no such user, OR it got multiple responses. You need to fix the LDAP configuration so that it can find the user's clear-text password in LDAP. This can be awkward... and I'm not an LDAP expert. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html is it possible to use freeradius with NIS instead of LDAP ? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with ldap authentication
Alan DeKok wrote: Frank Bonnet wrote: is it possible to use freeradius with NIS instead of LDAP ? thanks Yes. NIS is just a different way of getting users to seem to be in /etc/passwd. So there shouldn't be anything to do. Just install the server, and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html OK thanks a lot - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Connecting two freeradius server ?
Hello I use freeradius to authenticate Chillispot users using an Openldap backend , everything works like a charm :-) Another (friendly) site has quite the same configuration they do use freeradius too to authenticate their wi-fi users. Both sites have a permanent Internet access. Now is it possible for my daemon to communicate with another freeradius daemon which is running in another distant site to let all of our users ( my site + distant site ) authenticate transparently with their own site logins/passwds on the two sites ? Thank you. -- Frank Bonnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Connecting two freeradius server ?
Josh Howlett wrote: Yes, this is possible with proxy authentication. You allocate a 'realm' to each site (ie. 'franksite'), and users (typically) append the realm to their username in the format username@realm (ie. '[EMAIL PROTECTED]'). Take a look at proxy.conf, and google for freeradius proxy. josh. OK, thanks a lot Josh ! -- Frank Bonnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
preventing several login in with same username at the same time?
Hello I use Chillispot with Freeradius and ldap everything works well :-) But I would like to prevent users to log in with the same username at the same time ( *some* students give their passwords to anyone ) Thanks a lot -- Frank Bonnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
several LDAP servers to authenticate ?
Hello I actually use freeradius to authenticate wi-fi users thru the chillispot software. Our freeradius server use our LDAP as backend and everything runs well now I would like to know if it is possible to use _several_ LDAP servers with freeradius with a kind of the following mechanism : If the login is not found on our local LDAP server it will be search on the next LDAP server in a list and so on until all LDAP servers have been searched ? Thanks a lot -- Regards Frank - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius and LDAP : to be continued
Hello I have a chillispot that works with OpenLDAP on a Debian box here are the modifications in radiusd.conf I wrote # Lightweight Directory Access Protocol (LDAP) # # This module definition allows you to use LDAP for # authorization and authentication (Auth-Type := LDAP) # # See doc/rlm_ldap for description of configuration options # and sample authorize{} and authenticate{} blocks ldap { server = your.ldap.server basedn = ou=Person,dc=domain,dc= #filter = (posixAccount)(uid=%u)) filter = (uid=%{Stripped-User-Name:-%{User-Name}}) # base_filter = (objectclass=radiusprofile) access_attr = uid # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 hope this helps -- Cordialement Frank Bonnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
email the daily logfile ?
Hello before writing a script myself I would like to know if there is an option in freeradius to send by email the logfile generated in /var/log/freeradius/radacct/127.0.0.1/detail-MMDD ? Thank you -- Frank Bonnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting scripts ?
Alan DeKok wrote: Frank Bonnet [EMAIL PROTECTED] wrote: I'm searching for scripts that are able to parse the radacct/xxx.xxx.xxx.xxx/detail-xxx file to perform some simple statistics ? radiusreport. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanks a lot ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting scripts ?
Miguel wrote: Frank Bonnet wrote: Hello I'm searching for scripts that are able to parse the radacct/xxx.xxx.xxx.xxx/detail-xxx file to perform some simple statistics ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html what do you mean with parsing?, i got this, i call it summarize.pl, just change the attributes that you want to extract, the result is a csv file, the output is to your screen, so you have to redirecte it to a file, etc, with that csv file you can dump it to a db, or wharever. ej: for standar output: # ./summarize.pl name_of_detail_file for csv file: # ./summarize.pl name_of_detail_file name_of_csv_file ### BEGIN ### #!/usr/bin/perl # # define caracter de separacion para lineas $/ = \n\n; open(SUM,$ARGV[0]) or die No se encontro archivo detalle; print h323-call-origin,h323-call-type,out-intrfc-desc,h323-connect-time,; print Acct-Session-Time,h323-disconnect-time,h323-disconnect-cause,; print Cisco-NAS-Port,Calling-Station-Id,Called-Station-Id\n; while (SUM){ s/\t+//g; @campos = split(/\n/); foreach $c (@campos) { ($cpo, $vlr) = split(/ = /, $c); $vlr =~ s/^ |\//g; #print $cpo,$vlr,\n; if ($cpo eq h323-call-origin) {$h323_call_origin = $vlr;} if ($cpo eq h323-call-type) {$h323_call_type = $vlr;} if ($cpo eq Cisco-AVPair) { if ($vlr =~ /out-intrfc-desc/) { $out_intrfc_desc = (split(=,$vlr))[1]; } } if ($cpo eq h323-connect-time) {$h323_connect_time = $vlr;} if ($cpo eq Acct-Session-Time) {$Acct_Session_Time = $vlr;} if ($cpo eq h323-disconnect-time) {$h323_disconnect_time = $vlr;} if ($cpo eq h323-disconnect-cause) {$h323_disconnect_cause = $vlr;} if ($cpo eq Cisco-NAS-Port){$Cisco_NAS_Port = $vlr;} if ($cpo eq Calling-Station-Id){$Calling_Station_Id = $vlr;} if ($cpo eq Called-Station-Id) {$Called_Station_Id = $vlr;} } print $h323_call_origin,$h323_call_type,$out_intrfc_desc,$h323_connect_time,; print $Acct_Session_Time,$h323_disconnect_time,$h323_disconnect_cause,; print $Cisco_NAS_Port,$Calling_Station_Id,$Called_Station_Id\n; } close SUM; ### END ### - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html thanks also a lot ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting scripts ?
Hello I'm searching for scripts that are able to parse the radacct/xxx.xxx.xxx.xxx/detail-xxx file to perform some simple statistics ? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reject some users from radius - ldap ?
Hello I use freeradius with ldap to manage wi-fi users ( thru chillispot ) everything works well but I would like to know if it is possible to exclude some users with radius ? My purpose is to forbid wi-fi access BUT let use the wired LAN access to the considered users. Thanks a lot. -- Cordialement/Regards Frank Bonnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reject some users from radius - ldap ?
Nicolas Baradakis wrote: I'm doing this with MySQL on my site, but perhaps the following approach may work with LDAP: 1. Define huntgroups wifi and wired in raddb/huntgroups. 2. In LDAP, provision the attribute radiusHuntgroupName with the values wifi or wired (or both) in all the radiusprofile entries. 3. In the section ldap{} of raddb/radiusd.conf, modify the filter like that: filter = ((uid=%{User-Name})(radiusHuntgroupName=%{Huntgroup-Name})) Thanks a lot Nicolas , I'm going to try this way. -- Cordialement/Regards Frank Bonnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius LDAP problem ?
Hello I use freeradius through chillispot and with a LDAP auth session. I am in trouble with freeradius during the login phase see below the trace of the log. Ready to process requests. rad_recv: Access-Request packet from host 147.215.1.111:32787, id=218, length=57 User-Name = exam0 User-Password = intentionnaly hidden NAS-IP-Address = 255.255.255.255 NAS-Port = 1 rlm_ldap: - authorize rlm_ldap: performing user authorization for exam0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: (re)connect to ldap.esiee.fr:389, authentication 0 rlm_ldap: bind as / to ldap.esiee.fr:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: no dialupAccess attribute - access denied by default rlm_ldap: ldap_release_conn: Release Id: 0 rad_recv: Access-Request packet from host 147.215.1.111:32787, id=218, length=57 Sending Access-Reject of id 218 to 147.215.1.111:32787 rad_recv: Access-Request packet from host 127.0.0.1:32791, id=0, length=197 User-Name = exam01 User-Password = NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = 00-0E-35-4A-84-94 Called-Station-Id = 00-12-79-90-10-21 NAS-Identifier = nas01 Acct-Session-Id = 431321c6 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0x9d756035da40f907731462aca245f22c WISPr-Logoff-URL = http://192.168.182.1:3990/logoff; rlm_ldap: - authorize rlm_ldap: performing user authorization for exam01 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: no dialupAccess attribute - access denied by default rlm_ldap: ldap_release_conn: Release Id: 0 rad_recv: Access-Request packet from host 127.0.0.1:32791, id=0, length=197 Sending Access-Reject of id 0 to 127.0.0.1:32791 Thanks for any help -- Cordialement/Regards Frank Bonnet - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and LDAP-V2
Hello I'm new to the list :-) I am setting up a chillispot server to manage our future WiFi network and I wonder if the schemas given with the lastest freeradius ditribution as it is marqued for LDAP-v3 are OK for LDAP-v2 ? We actually use LDAP v2 ( openldap 2.0.27 ) as centralized auth system and we do not plan to upgrade to v3 since several monthes. Any infos,tricks welcome, thanks a lot. -- Cordialement/Regards Frank Bonnet http://www.esiee.fr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html