RE: FreeRadius Log File ?
I'm not sure what you are looking for, but have you checked out the details files? They should be located in: /usr/local/var/log/radius/radacct John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ius.org] On Behalf Of Scott Miller Sent: Thursday, June 29, 2006 3:15 PM To: 'FreeRadius users mailing list' Subject: RE: FreeRadius Log File ? > -Original Message- > From: > [EMAIL PROTECTED] > [mailto:freeradius-users- > [EMAIL PROTECTED] On Behalf Of Konne > Sent: Thursday, June 29, 2006 12:47 PM > To: FreeRadius users mailing list > Subject: Re: FreeRadius Log File ? > > Scott Miller wrote: > > >>>Hello all - I have freeradius with mysql up and running perfectly. > >>>I recently "upgraded" from icradius because it seems to have > >>>dropped off > >>> > >>> > >>the > >> > >> > >>>face of the earth. Anyways - there was a feature in icradius where > >>>I > >>> > >>> > >>could > >> > >> > >>>poll the log file to get customers authentication status. I > >>>created a > >>> > >>> > >>link > >> > >> > >>>to a php file which referenced this log file for our techs to help > >>>with troubleshooting. The file looks like this: > >>> > >>> > >>> >>> > >>>include ('header.php'); > >>>$file ="/var/log/radius.log"; > >>>$limit="60"; > >>> > >>>$fp = popen("/usr/bin/tail -$limit $file", 'r'); > >>>if (! $fp ) { > >>> echo 'unable to pipe command'; > >>>} > >>> > >>>while (!feof($fp) ) { > >>> $line = fgets($fp, 4096); > >>>print $line.""; > >>> > >>>} > >>> > >>>include ('footer.php'); > >>>?> > >>> > >>>But - there doesn't seem to be any log file I can poll this type of > info > >>>from. Here's an excerpt of what I was able to get with the above: > >>> > >>>Wed Jun 28 13:22:13 2006: Auth: Login OK: [sshort] (from nas > >>> > >>> > >>CiscoAS5300/S0) > >> > >> > >>>socket 0 (0 sec) > >>>Wed Jun 28 13:22:56 2006: Auth: Login OK: [lilia] (from nas Cisco > >>> > >>> > >>AS5300/S0) > >> > >> > >>>socket 0 (0 sec) > >>>Wed Jun 28 13:23:03 2006: Auth: Login OK: [eaglesight] (from nas > >>>CiscoAS5300/S0) socket 0 (0 sec) > >>>Wed Jun 28 13:23:56 2006: Auth: Login OK: [dierman] (from nas > >>>CiscoAS5300/S0) socket 0 (0 sec) > >>>Wed Jun 28 13:23:58 2006: Auth: Login OK: [rprice] (from nas > >>> > >>> > >>CiscoAS5300/S0) > >> > >> > >>>socket 0 (0 sec) > >>>Wed Jun 28 13:25:32 2006: Auth: Login OK: [hafens] (from nas > >>> > >>> > >>CiscoAS5300/S0) > >> > >> > >>>socket 0 (0 sec) > >>>Wed Jun 28 13:25:43 2006: Auth: Login OK: [edie_a] (from nas > >>> > >>> > >>CiscoAS5300/S0) > >> > >> > >>>socket 0 (0 sec) > >>>Wed Jun 28 13:26:09 2006: Auth: Login OK: [megameg] (from nas > >>>CiscoAS5300/S0) socket 0 (0 sec) > >>>Wed Jun 28 13:26:35 2006: Auth: Login OK: [stinger] (from nas > >>>CiscoAS5300/S0) socket 0 (0 sec) > >>>Wed Jun 28 13:26:39 2006: Auth: Login OK: [inahat] (from nas > >>> > >>> > >>CiscoAS5300/S0) > >> > >> > >>>socket 0 (0 sec) > >>>Wed Jun 28 14:26:57 2006: Auth: Login OK: [cafe] (from > >>>nascore219.interbel.net/S10101001) socket 0 (0 sec) > >>> > >>> > >>>Do we have a log file we can poll this type of info from, or does > >>>it > >>> > >>> > >>store > >> > >> > >>>it in the mysql database somewhere? > >>> > >>>Thanks, > >>>Scott Miller > >>> > >>>-- > >>> > >>>Additional Information: > >>> > >>>I did find in the radiusd.conf file: > >>> > >>># allowed values: {no, yes} > >>># > >>>log_stripped_names = yes > >>> > >>># Log authentication requests to the log file. > >>># > >>># allowed values: {no, yes} > >>># > >>>log_auth = yes > >>> > >>># Log passwords with the authentication requests. > >>># log_auth_badpass - logs password if it's rejected > >>># log_auth_goodpass - logs password if it's correct > >>># > >>># allowed values: {no, yes} > >>># > >>>log_auth_badpass = yes > >>>log_auth_goodpass = yes > >>> > >>>But have not found where this log file resides. > >>> > >>>Thanks, > >>>Scott Miller > >>> > >>> > >>>- > >>>List info/subscribe/unsubscribe? See > >>> > >>> > >>http://www.freeradius.org/list/users.html > >> > >> > >>> > >>> > >>> > >>> > >>hi, > >> > >>in the radius.conf there must be on the top the path variables of > >>radius... something like following : See 'doc/variables.txt' for > >>more information. > >> > >> 23 prefix = /usr/local > >> 24 exec_prefix = ${prefix} > >> 25 sysconfdir = /etc/ > >> 26 localstatedir = ${prefix}/var > >> 27 sbindir = ${exec_prefix}/sbin > >> 28 logdir = ${localstatedir}/log/radius > >> 29 raddbdir = ${sysconfdir}/raddb > >> 30 radacctdir = ${logdir}/radacct > >> 31 > >> 32 # Location of config and logfiles. > >> 33 confdir = ${raddbdir} > >> 34 run_dir = ${localstatedir}/run/radiusd > >> 35 > >> 36 # > >> 37 # The logging messages for the server are appended to the > >> 38 # tail of this file. > >> 39 # > >> 40 log_file = ${logdir}/radius.log > >> > >> > >>bye > >>- > >> > >> > > <> > > > > > > [Scott Mil
RE: FreeRadius Log File ?
Have you looked in /usr/local/var/log/radius John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] ius.org] On Behalf Of Scott Miller Sent: Thursday, June 29, 2006 10:26 AM To: freeradius-users@lists.freeradius.org Subject: FreeRadius Log File ? Hello all - I have freeradius with mysql up and running perfectly. I recently "upgraded" from icradius because it seems to have dropped off the face of the earth. Anyways - there was a feature in icradius where I could poll the log file to get customers authentication status. I created a link to a php file which referenced this log file for our techs to help with troubleshooting. The file looks like this: "; } include ('footer.php'); ?> But - there doesn't seem to be any log file I can poll this type of info from. Here's an excerpt of what I was able to get with the above: Wed Jun 28 13:22:13 2006: Auth: Login OK: [sshort] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 13:22:56 2006: Auth: Login OK: [lilia] (from nas Cisco AS5300/S0) socket 0 (0 sec) Wed Jun 28 13:23:03 2006: Auth: Login OK: [eaglesight] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 13:23:56 2006: Auth: Login OK: [dierman] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 13:23:58 2006: Auth: Login OK: [rprice] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 13:25:32 2006: Auth: Login OK: [hafens] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 13:25:43 2006: Auth: Login OK: [edie_a] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 13:26:09 2006: Auth: Login OK: [megameg] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 13:26:35 2006: Auth: Login OK: [stinger] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 13:26:39 2006: Auth: Login OK: [inahat] (from nas CiscoAS5300/S0) socket 0 (0 sec) Wed Jun 28 14:26:57 2006: Auth: Login OK: [cafe] (from nascore219.interbel.net/S10101001) socket 0 (0 sec) Do we have a log file we can poll this type of info from, or does it store it in the mysql database somewhere? Thanks, Scott Miller - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compilation errors with 1.0.5 (Solaris)
I am pretty sure I have seen this before, but after searching the archives, I can't find the solution. Anyway, under Solaris 9 (SPARC) I get the following during compilation: Making static dynamic in rlm_eap... make[6]: Entering directory `/home/jheiden/freeradius-1.0.5/src/modules/rlm_eap' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -W -Wredundant-decls -Wundef -I../../include -I./libeap -c rlm_eap.c -o rlm_eap.o In file included from rlm_eap.c:26: rlm_eap.h:26:18: ltdl.h: No such file or directory In file included from rlm_eap.c:26: rlm_eap.h:36: error: parse error before "lt_dlhandle" rlm_eap.h:36: warning: no semicolon at end of struct or union rlm_eap.h:39: error: parse error before '}' token rlm_eap.h:39: warning: type defaults to `int' in declaration of `EAP_TYPES' rlm_eap.h:39: warning: data definition has no type or storage class rlm_eap.h:51: error: parse error before "EAP_TYPES" rlm_eap.h:51: warning: no semicolon at end of struct or union rlm_eap.h:66: error: parse error before '}' token rlm_eap.h:66: warning: type defaults to `int' in declaration of `rlm_eap_t' rlm_eap.h:66: warning: data definition has no type or storage class rlm_eap.h:70: error: parse error before '*' token rlm_eap.h:70: warning: function declaration isn't a prototype rlm_eap.h:71: error: parse error before '*' token rlm_eap.h:71: warning: function declaration isn't a prototype rlm_eap.h:72: error: parse error before '*' token rlm_eap.h:72: warning: function declaration isn't a prototype rlm_eap.h:75: error: parse error before '*' token rlm_eap.h:75: warning: function declaration isn't a prototype rlm_eap.h:79: error: parse error before '*' token rlm_eap.h:79: warning: function declaration isn't a prototype rlm_eap.h:89: error: parse error before '*' token rlm_eap.h:89: warning: function declaration isn't a prototype rlm_eap.h:90: error: parse error before '*' token rlm_eap.h:90: warning: function declaration isn't a prototype rlm_eap.h:91: error: parse error before '*' token rlm_eap.h:92: warning: function declaration isn't a prototype rlm_eap.c:33: error: parse error before ')' token rlm_eap.c:33: error: initializer element is not constant rlm_eap.c:33: error: (near initialization for `module_config[0].offset') rlm_eap.c:33: warning: missing initializer rlm_eap.c:33: warning: (near initialization for `module_config[0].offset') rlm_eap.c:33: error: initializer element is not constant rlm_eap.c:33: error: (near initialization for `module_config[0]') rlm_eap.c:35: error: parse error before ')' token rlm_eap.c:35: error: initializer element is not constant rlm_eap.c:35: error: (near initialization for `module_config[1].offset') rlm_eap.c:35: warning: missing initializer rlm_eap.c:35: warning: (near initialization for `module_config[1].offset') rlm_eap.c:35: error: initializer element is not constant rlm_eap.c:35: error: (near initialization for `module_config[1]') rlm_eap.c:37: error: parse error before ')' token rlm_eap.c:37: error: initializer element is not constant rlm_eap.c:37: error: (near initialization for `module_config[2].offset') rlm_eap.c:37: warning: missing initializer rlm_eap.c:37: warning: (near initialization for `module_config[2].offset') rlm_eap.c:37: error: initializer element is not constant rlm_eap.c:37: error: (near initialization for `module_config[2]') rlm_eap.c:39: error: parse error before ')' token rlm_eap.c:39: error: initializer element is not constant rlm_eap.c:39: error: (near initialization for `module_config[3].offset') rlm_eap.c:39: warning: missing initializer rlm_eap.c:39: warning: (near initialization for `module_config[3].offset') rlm_eap.c:39: error: initializer element is not constant rlm_eap.c:39: error: (near initialization for `module_config[3]') rlm_eap.c:41: error: initializer element is not constant rlm_eap.c:41: error: (near initialization for `module_config[4]') rlm_eap.c: In function `eap_detach': rlm_eap.c:55: error: `inst' undeclared (first use in this function) rlm_eap.c:55: error: (Each undeclared identifier is reported only once rlm_eap.c:55: error: for each function it appears in.) rlm_eap.c:58: error: parse error before ')' token rlm_eap.c:53: warning: unused parameter `instance' rlm_eap.c: At top level: rlm_eap.c:82: warning: declaration of `cs' shadows a global declaration rlm_eap.h:37: warning: shadowed declaration is here rlm_eap.c: In function `eap_instantiate': rlm_eap.c:87: error: `inst' undeclared (first use in this function) rlm_eap.c:89: error: parse error before ')' token rlm_eap.c: In function `eap_authenticate': rlm_eap.c:199: error: `inst' undeclared (first use in this function) rlm_eap.c:207: error: parse error before ')' token rlm_eap.c:197: warning: unused parameter `instance' rlm_eap.c: In function `eap_authorize': rlm_eap.c:428: error: `inst' undeclared (f
RE: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius
Why don't you put the 2600/2900 into debug mode for RADIUS? John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dustin Doris Sent: Friday, July 09, 2004 3:36 PM To: [EMAIL PROTECTED] Subject: Re: Authenticating to Cisco 29xx using OpenLDAP and FreeRadius What about radiusd -x? On Fri, 9 Jul 2004, Robert Banniza wrote: > Here is what we are seeing when a user tries to login: > > % Authorization failed. > > Connection to host lost. > > > On Fri, Jul 09, 2004 at 12:42:05PM -0400, Dustin Doris wrote: > > What is the debug output? What happens when you try to login to the > > router? User denied? > > > > On Fri, 9 Jul 2004, Robert Banniza wrote: > > > > > Guys, > > > We are trying to allow users to authenticate to Cisco 26xx routers using > > > Freeradius with the rlm_ldap module (OpenLDAP). We would like some of > > > these users to be able to log in with enable privileges. The following > > > is what we have done to try this with no avail. The following is a > > > sample ldif entry: > > > > > > # > > > dn: uid=homer, ou=people, dc=test, dc=net > > > objectclass: person > > > objectclass: radiusprofile > > > objectclass: uidObject > > > objectClass: inetOrgPerson > > > objectClass: posixAccount > > > objectClass: extensibleObject > > > cn: Homer Simpson > > > sn: Simpson > > > loginShell: /bin/bash > > > userpassword: {SSHA}fghkjfghkhgkfhgrofZyn2u9yiAAxbMP > > > uidnumber: 2001 > > > gidnumber: 20 > > > homeDirectory: /home/homer > > > uid: homer > > > shadowLastChange: 10877 > > > shadowMin: 0 > > > shadowMax: 99 > > > shadowWarning: 7 > > > shadowInactive: -1 > > > shadowExpire: -1 > > > shadowFlag: 0 > > > radiusAuthType: LDAP > > > radiusReplyItem: Juniper-Local-User-Name := tier1 > > > radiusReplyItem: Cisco-AVPair := "shell:priv-lvl=15" > > > radiusprofileDN: uid=homer, ou=people, dc=test, dc=net > > > # > > > > > > The following is what we have on the router: > > > > > > # > > > aaa new-model > > > aaa authentication login default group radius enable > > > aaa authorization exec default group radius > > > > > > enable secret password > > > > > > radius-server host 67.106.198.70 auth-port 1812 acct-port 1813 > > > radius-server retransmit 3 > > > radius-server key testing123 > > > # > > > > > > What else are we missing? Any help would be appreciated. > > > > > > Robert > > > > > > - > > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Wireless Authentication against Windows AD
Hi Steve, I tried to do this too. Never got it to work. If you find out anything, I would be very interested to hear what you did. Thanks much. John -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Steve OBrienSent: Thursday, April 01, 2004 10:08 AMTo: [EMAIL PROTECTED]Subject: Wireless Authentication against Windows ADDoes anyone know if wireless authentication (LEAP, PEAP, EAP, TLS, TTLS) is possible using freeradius authenticating to Windows AD without having to enter usernames or any user information on the freeradius box? I am still not sure why it cannot use the LDAPS connection that I have working from freeradius to Windows AD for simple authentication. Am I the only one trying to accomplish this task? TIA,Steve