Authentication
Dear, I wonder if the Freeradius to authenticate a client by IP number, without using login and password, only the IP. If possible, how to do? thank you --- Marcelo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius server request from new server.
Hello, We are trying to figure out how to do an auth from one client but not from another. Let me explain: For our DSL clients we use a separate radius server and backup server. For everything else (dialup, news) we use "other" servers. Our problem comes in that we set all DSL clients on these "other" servers to Auth-Type := Reject for each DSL customer, unless they subscribe to discounted dialup service as well. The problem is if the DSL client wants to use the news servers, the "other" radius servers will not auth the client for news. Question?? How can we direct the authentication for a news server but not the dialup servers without using separate radius servers. Did that make any sense? Thanks, Ken - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySql Data base and FreeRadius
Hello,
We are just setting up 2 new FreeRadius boxes to handle DSL radius
authentication. This is nothing new to us. What is new is using a MySql data
base with the FreeRadius.
Anyway we have most everything working as should be. We are running the
MySql databases as master and slave for replication on the backup
FreeRadius server. This we have setup and running.
One problem we ran into was on the backup server (slave MySql) in the
radiusd.conf file we had set:
post-auth {
sql
}
We found this would change the radius->radpostauth table on the slave and
then we would get "Slave: Error 'Duplicate entry" errors. So we commented
out the "sql" line in the post-auth section of the radiusd.conf file and
that solved the problem.
My question?? Should I be looking for any other got-yas before putting
these servers into production?
Thanks,
Ken
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Realm and users file.
Kevin, I did run this in debug mode before I posted on the list, and could not quite figure it out. So here is part of the debug out below. Thanks, Ken On Tue, 24 Jan 2006, Kevin Bonner wrote: > On Monday 23 January 2006 20:37, User for Free Radius mail list wrote: > > The result is domain2.net will Auth OK them but they cannot get on line > > because domain1.com will reject them because of the "users" file. > > > > > > How do I fix this problem? > > > > Thanks! > > > > Ken > > Running in debug mode should show you what is happening...have you done this? > If you have and can't figure it out, post the debug output of an example > where domain2.net auth fails so we can parse the output and hopefully > determine what needs changed in your config. > > Kevin Bonner > I put in some notes <> and changed the IP addresses, names and passwords to protect the what ever... Going to the next request Thread 4 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Waking up in 3 seconds... rad_recv: Access-Request packet from host 209.111.111.12:1025, id=95, length=92 Thread 5 assigned request 14 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 2 seconds... Thread 5 handling request 14, (3 handled so far) User-Name = "[EMAIL PROTECTED]" User-Password = "" NAS-IP-Address = 209.111.111.12 NAS-Port = 20216 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP State = 0x Acct-Session-Id = "450788469" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm domain2.net for User-Name = "[EMAIL PROTECTED]" rlm_realm: Found realm domain2.net rlm_realm: Adding Stripped-User-Name = "joeblow" rlm_realm: Proxying request from user jowblow to realm domain2.net rlm_realm: Adding Realm = "domain2.net" rlm_realm: Preparing to proxy authentication request to realm domain2.net modcall[authorize]: module "suffix" returns updated users: Matched orchids at 708 ^^^ < NOTE: this is where it searches the "users" file on domain1.com radius server for the name "joeblow" and finds it at line 708. But this user name is in this file for the domain1.com NOT domain2.net. For the realm domain2.net I do not want it to search the "user" file on the domain1.com server but just be redirected to the domain2.net server and wait for an answer. > modcall[authorize]: module "files" returns ok modcall: group authorize returns updated Sending Access-Request of id 5 to 209.111.120.21:1645 <<< this is domain2.net server> User-Name = "joeblow" User-Password = "L\013\315\2151F\017[\317\215\212\3150J\313\241" NAS-IP-Address = 209.111.111.12 NAS-Port = 20216 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP State = 0x Acct-Session-Id = "450788469" Proxy-State = "95" Thread 5 waiting to be assigned a request rad_recv: Access-Accept packet from host 209.111.120.21:1645, id=5, <<< this is domain2.net server> length=42 Thread 1 assigned request 14 Waking up in 2 seconds... Thread 1 handling request 14, (4 handled so far) Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Service-Type = Framed-User Proxy-State = 0x3935 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Proxy reply, or no user name. Ignoring. modcall[authorize]: module "suffix" returns noop users: Matched orchids at 708 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Reject rad_check_password: Auth-Type = Reject, rejecting user auth: Failed to validate the user. Login incorrect: [EMAIL PROTECTED]/xxx] (from client abc8 port 20216) Delaying request 14 for 1 seconds Finished request 14 Going to the next request Thread 1 waiting to be assigned a request --- Walking the entire request list --- Threads: total/active/spare threads = 5/0/5 Sending Access-Reject of id 95 to 209.111.111.12:1025 Cleaning up request 10 ID 146 with timestamp 43d57a06 Waking up in 7 seconds... --- Walking the entire request list --- Cleaning up request 12 ID 193 with timestamp 43d57a0d Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 14 ID 95 with timestamp 43d57a0f Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
REPOST: Realms and users file.
I'm sure someone can give me a quick answer to this problem. I have one
radius server that handles request in the form:
username
[EMAIL PROTECTED]
[EMAIL PROTECTED]
We this setup in our proxy.conf file:
realm domain1.com {
type= radius
authhost= LOCAL
accthost= LOCAL
}
realm domain2.net {
type= radius
authhost= server.domain2.net:1645
accthost= LOCAL
secret = **
}
And uses the "users" file for local stuff
Everything works fine except when the username at the realm domain2.net
server matches a name in the "users" file on the domain1.com server. We
have usernames on the domain1.com "users" file that reject:
uername Auth-Type := Reject
These users have DSL access but no phone line access and belong to the
domain1.com server. But once in a while they will have the same username
on each system.
The result is domain2.net will Auth OK them but they cannot get on line
because domain1.com will reject them because of the "users" file.
How do I fix this problem?
Thanks!
Ken
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realm and users file.
I'm sure someone can give me a quick answer to this problem. I have one
radius server that handles request in the form:
username
[EMAIL PROTECTED]
[EMAIL PROTECTED]
We this setup in our proxy.conf file:
realm domain1.com {
type= radius
authhost= LOCAL
accthost= LOCAL
}
realm domain2.net {
type= radius
authhost= server.domain2.net:1645
accthost= LOCAL
secret = **
}
And uses the "users" file for local stuff
Everything works fine except when the username at the realm domain2.net
server matches a name in the "users" file on the domain1.com server. We
have usernames on the domain1.com "users" file that reject:
uername Auth-Type := Reject
These users have DSL access but no phone line access and belong to the
domain1.com server. But once in a while they will have the same username
on each system.
The result is domain2.net will Auth OK them but they cannot get on line
because domain1.com will reject them because of the "users" file.
How do I fix this problem?
Thanks!
Ken
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem on installing Version 1.0.3 on RedHat 9.0
Here is part of the message i got, when i MAKE. Making dynamic in rlm_eap_peap... gmake[10]: Entering directory `/root/freeradius/src/modules/rlm_eap/types/rlm_eap_peap' gmake[10]: Leaving directory `/root/freeradius/src/modules/rlm_eap/types/rlm_eap_peap' Making dynamic in rlm_eap_sim... gmake[10]: Entering directory `/root/freeradius/src/modules/rlm_eap/types/rlm_eap_sim' gmake[10]: Leaving directory `/root/freeradius/src/modules/rlm_eap/types/rlm_eap_sim' Making dynamic in rlm_eap_tls... gmake[10]: Entering directory `/root/freeradius/src/modules/rlm_eap/types/rlm_eap_tls' gmake[10]: Leaving directory `/root/freeradius/src/modules/rlm_eap/types/rlm_eap_tls' Making dynamic in rlm_eap_ttls... gmake[10]: Entering directory `/root/freeradius/src/modules/rlm_eap/types/rlm_eap_ttls' gmake[10]: Leaving directory `/root/freeradius/src/modules/rlm_eap/types/rlm_eap_ttls' gmake[9]: Leaving directory `/root/freeradius/src/modules/rlm_eap/types' gmake[8]: Leaving directory `/root/freeradius/src/modules/rlm_eap/types' gmake[7]: Leaving directory `/root/freeradius/src/modules/rlm_eap' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_eap' Making static dynamic in rlm_exec... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_exec' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_exec' Making static dynamic in rlm_expr... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_expr' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_expr' Making static dynamic in rlm_fastusers... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_fastusers' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_fastusers' Making static dynamic in rlm_files... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_files' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_files' Making static dynamic in rlm_ippool... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_ippool' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_ippool' Making static dynamic in rlm_krb5... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_krb5' gmake[6]: Nothing to be done for `static'. gmake[6]: Nothing to be done for `dynamic'. gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_krb5' Making static dynamic in rlm_ldap... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_ldap' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_ldap' Making static dynamic in rlm_mschap... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_mschap' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_mschap' Making static dynamic in rlm_ns_mta_md5... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_ns_mta_md5' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_ns_mta_md5' Making static dynamic in rlm_pam... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_pam' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_pam' Making static dynamic in rlm_pap... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_pap' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_pap' Making static dynamic in rlm_passwd... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_passwd' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_passwd' Making static dynamic in rlm_preprocess... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_preprocess' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_preprocess' Making static dynamic in rlm_radutmp... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_radutmp' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_radutmp' Making static dynamic in rlm_realm... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_realm' gmake[6]: Leaving directory `/root/freeradius/src/modules/rlm_realm' Making static dynamic in rlm_sql... gmake[6]: Entering directory `/root/freeradius/src/modules/rlm_sql' gmake[7]: Entering directory `/root/freeradius/src/modules/rlm_sql' Making static in drivers... gmake[8]: Entering directory `/root/freeradius/src/modules/rlm_sql/drivers' /usr/bin/gmake -w WHAT_TO_MAKE=static common gmake[9]: Entering directory `/root/freeradius/src/modules/rlm_sql/drivers' Making static in rlm_sql_iodbc... gmake[10]: Entering directory `/root/freeradius/src/modules/rlm_sql/drivers/rlm_sql_iodbc' gmake[10]: Nothing to be done for `static'. gmake[10]: Leaving directory `/root/freeradius/src/modules/rlm_sql/drivers/rlm_sql_iodbc' Making static in rlm_sql_mysql... gmake[10]: Entering directory `/root/freeradius/src/modules/rlm_sql/drivers/rlm_sql_mysql' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -I../.. -I../../../../include -I'/usr/include' -c sql_mysql.c -o sql_mysql.o sql_mysql.c:39:20: errmsg.h: No such file or directory sql_mysql.c:40:19: mysql.h: No such file or dire
