RE: Duplicate Logins!!!
Which file? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Julius Igugu Sent: Monday, January 30, 2006 5:52 AM To: FreeRadius users mailing list Subject: Re: Duplicate Logins!!! Use the 'Simultaneous-Login' check attribute. Simultaneous-Login := 1 "Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote: Hello List: I have tried but failed, since I am new to freeRADIUS, I humbly ask for help. I want to setup freeRADIUS so it does not allow more than one simultaneous login on the same UID/PW. I have read it somewhere that it can be done in freeRADIUS but not can't seem to find the file or the command string. Please help. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Julius Igugu SouthWork Co. Ltd. Yahoo! Autos. Looking for a sweet ride? Get pricing, reviews, & more on new and used cars. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Duplicate Logins!!!
Hello List: I have tried but failed, since I am new to freeRADIUS, I humbly ask for help. I want to setup freeRADIUS so it does not allow more than one simultaneous login on the same UID/PW. I have read it somewhere that it can be done in freeRADIUS but not can't seem to find the file or the command string. Please help. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Connection TimeOut!!!
Dusty: You made it so simple. IT WORKS LIKE A CHARM. Million thanks. Kirti -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of Dusty Doris Sent: Friday, January 06, 2006 10:39 AM To: FreeRadius users mailing list Subject: RE: Connection TimeOut!!! >> Do you mean max connection time before logging in again? In that case, > >> you usually just need to add > >> Session-Timeout = xxx > > Yes. > > I have looked into various files and can not find out where I enter this > setting. Kindly, point out the file & the location (or the module), > where I enter this command? > The users file. Read man 5 users and the comments in the file named users. If you want this for everyone. DEFAULT Session-Timeout = 7200 You can also make it so only certain users get it depending on something. DEFAULT NAS-IP-Address == 1.1.1.1 Session-Timeout = 7200 Or DEFAULT Ldap-Group == dial Session-Timeout = 7200 Or individual users bob User-Password == password Session-Timeout = 7200 etc.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Connection TimeOut!!!
>Do you mean max connection time before logging in again? In that case, >you usually just need to add >Session-Timeout = xxx Yes. I have looked into various files and can not find out where I enter this setting. Kindly, point out the file & the location (or the module), where I enter this command? Thanks a million. FUI, I use 3COM TCM. I think it handles the Session-Timeout featire. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Connection TimeOut!!!
Title: Connection TimeOut!!! Hello: RH 9.0, freeRADIUS 1.4 I have been using freeRADIUS for the last 10 Months. Works great. I like to setup a maximum connection time of 120 minutes for each user. I am a complete newbie. Can somebody direct me to the file I need to set the timeout time? I also need to know the exact command, if possible. Thanks in Advance. Kirt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem in Accounting Port
If I understand correctly, authentication/accounting port as used as follows: Authentication port (older systems) : 1645 Authentication port (newer systems) : 1812 Accounting port (older systems) : 1646 Accounting port (newer systems) : 1813 Our system is 3CON TC100 (NAS) and freeRADIUS-1.0.1 (Authentication. I have the authentication sending port (NAS)setup as 1645 but freeRADIUS authentication port setup as 1812. I have not tested the accounting. I think the above info and respective changes should do the trick. Kirti -Original Message- From: Michael Mitchell [mailto:[EMAIL PROTECTED] Sent: Saturday, February 05, 2005 12:02 AM To: freeradius-users@lists.freeradius.org Subject: Re: Problem in Accounting Port Your client is sending accounting packets to the port on which freeRADIUS is listening for proxy responses. Configure the client to send accounting packets to the correct port (probably 1646), and you should be good... Emman S. Loloy wrote: > Hi guys, > > anyone knows how to solve this problem? > > Sat Feb 5 12:19:04 2005 : Error: Accounting-Request packet sent to a > non-accounting port from client server:1647 - ID 0 : IGNORED > > > Thanks, > > Emman > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MTU Settings
Mike: There is another reponse from Jon Matias Fraile [EMAIL PROTECTED] He indicates that the maximun Framed-MTU is 1500. Many people on the 3COM list has suggested to change the setting to 1514, which I did. What settings do you have on your 3CON NAS? What is the best settings for Framed-MTU? Thanks you in advance. Kirti -Original Message- From: Mike Cisar [mailto:[EMAIL PROTECTED] Sent: Monday, February 07, 2005 12:04 PM To: freeradius-users@lists.freeradius.org Subject: RE: MTU Settings Hi Kirti, I experienced a similar problem a month or so ago, and talked to 4 or 5 people at the time who had all just fixed the problem. It seems that the default users file shipped with FreeRADIUS includes a "Framed-MTU=576" setting in one of the default sections. Simply removing that line was enough to get me up and running (I suppose I could have set it to 1514 or whatever, but not explicitly setting it seems to let it float with what the NAS is happy with anyway). Note to Alan... just a thought but given that MTU can be such a tricky problem to track down... might it be better to ship FreeRADIUS without a forced MTU setting in the sample config file... or at least have it commented out instead of active by default? Cheers, >>>>> Mike <<<<< > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Kirti S. Bajwa > Messenger, www.riteaid.net, and many many other web sites. > One the 3COM user site, I am told that MTU setting should be > 1514 both on 3COM & freeRADIUS. I am a newbie to freeRADIUS > so I need help. Please help with following: > > (1) How do I change the MTU settings in freeRADIUS to 1514? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MTU Settings
Hello List: I have a new Authentication server setup with freeRADIUS1.0.1. I am using 3COM as NAS. When I dial into 3COM, freeRADIUS authenticates the user login. Now the problem; After logging in, users can not access MS Messenger, www.riteaid.net, and many many other web sites. One the 3COM user site, I am told that MTU setting should be 1514 both on 3COM & freeRADIUS. I am a newbie to freeRADIUS so I need help. Please help with following: (1) How do I change the MTU settings in freeRADIUS to 1514? Thanks. Kirti
Authentication!!
Hello List: RH9 freeRadius-1.0.1 First I want to admit that I am a newbie to both LINUX & freeRadius: I have setup a freshly installed freeRadius serve. I tested this server by 'radtest' and then 'NTRagPing' utility. The freeRADIUS server authenticates like a charm. Now I set up a 3Com NAS. When I dial-in, authentication is rejected. To investigate the problem, I started the freeRADIUS server in debug mode 'radiusd -X'. After looking into output from the RADIUS Server's debug mode, I noticed the following lines: rlm_chap: login attempt by "test" with CHAP password rlm_chap: Could not find clear text password for user test I believe that the problem lies in the above description. If that is correct, why the password be clear test? I think somewhere a setting is missing!! HELP. Need more explanation, please ask. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dbMail with Radius Server
Hello List: I am posting this message both on freeRADIUS & dbMail list. Please read on.. Couple of months ago I learned about dbMail from somebody on freeRADIUS list. I was told that freeRADIUS can authenticate users with/from dbMail data. I have lost the email (damn Win NT server crashed) but if anybody on these lists know how freeRADIUS can authenticate users from dbMail, please let me know. I just got dbMail working & am ready to work on freeRADIUS. Thank you. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dual authentication!!
Hello: Presntly I run one server with RH 6.2 & qmail (for mail) & apache. My dial-in is an Ariel 4200 model card (they are out of business) which is installed into the same box. Authentication is via PAM (I think) using /etc/passwd & /etc/group. This server is named ns2.tibonline.net. Now I am setting up four new servers. The mail server, mail.tibinternet.net, is running RH9 + Postfix + mySQL + dbMail + Spamassissan + amavisd, etc. In this server, UID + PW will be stored in mySQL database (dbMail). I will be adding virtual domains. One of these servers is a RADIUS server, named rdx.tibinternet.net, with RH9 + FreeRADIUS (the latest vertion). My question is; Depending upon a domain name, is it possible for the freeRADIUS to: - First check the domain name and: (1) if the domain is tibinternet.net then only validate the UID/PW from the MySQL database (2) if the domain is tibonline.net then first validate the UID/PW on ns2.tibonline.net server and if no math is found then try validation from MySQL database? I am pretty green in LINUX so please give clear/simple answers. Thank you in advance. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Ignore Group ID
In 2001 In installed RH 6.2 on a server with qmail (email), djbDNS, Apache, etc. The system has been working fine except it is slow. Now I want to move over a new server with RH9 & authenticate using freeRADIUS. I noticed that in the old system (RH6.2), User Names (UID) & Groups (GRP) are different. For example, if I add a UID "mike", the GRP should be "mike", but it is not the case. I am sure it was a programming bug. I am physically copying /etc/passwd & /etc/group files from old RH6.2 system to the new RH9 & freeRADIUS server. Since UID & GID do not match, freeRADIUS does not authenticate. The old system (RH6.2) is a production system with 400 users. I want to leave it alone. My question is: (1) Is there any setting which will make freeRADIUS to bypass validating Group & just validate the UID & Password? (2) Is there any utility which can change UID & GID to be the same? This question is very confusing. I will be happy to answer any Q's! Thanks. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: User ID & Password
Great. I will try it. Thanks. Kirti -Original Message- From: Keith Yoder [mailto:[EMAIL PROTECTED] Sent: Saturday, June 05, 2004 3:29 PM To: [EMAIL PROTECTED] Subject: Re: User ID & Password >vpopmail is used to add UID & PW and the data is stored in vpopmail DB in >MySQL. Now freeRADIUS also uses UID & PW to authenticate and has its own >data structure. I like to know if there is a way so that user data is stored >in one table in MySQL so vpopmail and freeRADIUS can access the same >information?? > > With vpopmail you can't change the db schema or queries but you CAN with Freeradius. I would suggest altering the Freeradius queries in sql.conf to pull data from the vpopmail table. Hope that helps, Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
User ID & Password
Hello: I am posting this message on freeRADIUS, vpopmail & mysql lists. This may get few people upset but please read I am trying to install (on RH9), qmail, vpopmail, mysql, Courier-IMAP, squirrelmail, etc., with backend data on MySQL. On another computer I have installed RH9 & freeRADIUS server. vpopmail is used to add UID & PW and the data is stored in vpopmail DB in MySQL. Now freeRADIUS also uses UID & PW to authenticate and has its own data structure. I like to know if there is a way so that user data is stored in one table in MySQL so vpopmail and freeRADIUS can access the same information?? Thanks in advance. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RE: Web based front end?
Me tooo.. -Original Message-From: Radius [mailto:[EMAIL PROTECTED]Sent: Thursday, May 20, 2004 6:53 PMTo: [EMAIL PROTECTED]Subject: Re: RE: Web based front end? I would also be interested in it. > I wrote a small one using PHP & MySQL. Nothing too fancy, just lets you> enter in user info into the applicable tables. I can share the source> if anyone is interested.> > -Original Message-> From: Lance Uyehara [mailto:[EMAIL PROTECTED]> Sent: Thursday, May 20, 2004 3:40 PM> To: [EMAIL PROTECTED]> Subject: Web based front end?> > I'm trying to find out if there is a web based front end for> adding/deleting/modifying the FreeRADIUS users file. I've looked through> the> archives and the website and am unable to find any pointers.> > Any help is appreciated.> > Thanks,> Lance> > > -> List info/subscribe/unsubscribe? See> http://www.freeradius.org/list/users.html> > -> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Urgent Cannot Load rlm_sql_mysql!!!
Hi Gary: Does souce instalation package (example: 4.0.18) contains development package? Kirti -Original Message-From: Gary McKinney [mailto:[EMAIL PROTECTED]Sent: Wednesday, May 19, 2004 6:26 AMTo: [EMAIL PROTECTED]Subject: Re: Urgent Cannot Load rlm_sql_mysql!!! HI Alexander, I think if you search in the archives you will find you need to have the MySQL development package installed to compile the FreeRadius to work with the MySQL package... the MySQL binaries package does not have all of the pieces required to compile the rlm_sql_mysql module... gm... - Original Message - From: Alexander Khoo To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Wednesday, May 19, 2004 5:27 AM Subject: Urgent Cannot Load rlm_sql_mysql!!! Hi, I was trying to get my freeradius server connect to mysql server. i have encounter the following error: rlm_sql (sql): Could not link driver rlm_sql_mysql: file not foundrlm_sql (sql): Make sure it (and all its dependent libraries!) are in thesearch pathof your system's ld.radiusd.conf[14]: sql: Module instantiation failed. I check the configure log and found it complain mysql/mysql.h file is missing & say can't locate mysql header. Appreciate somebody can help me on this Regards Alexander Do you Yahoo!?SBC Yahoo! - Internet access at a great low price.
RE: I need exact instructions please
I second it. I am new to freeRADIUS but consulted the O'Reilly book. I had no problem installing and testing freeRADIUS. Invest in the book. It is wirth it. Kirti -Original Message- From: radius [mailto:[EMAIL PROTECTED] Sent: Friday, April 23, 2004 1:21 PM To: [EMAIL PROTECTED] Subject: Re: I need exact instructions please O'Reilly Books has a radius book that works real good. If you need exact instructions or someone to do it for you. Ask for commercial support plus radius can handle so much what is it that you want to do? Please change your subject to something more related to what you need to do. Right now it looks like " I need commercial support " - Original Message - From: "Linda Pagillo " <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 23, 2004 10:04 AM Subject: I need exact instructions please > Hello everyone: > > Would someone be so kind as to send me exact directions on how to configure and use freeradius version 0.9.3? I'm using Linux Red Hat 9. I have already downloaded and installed freeradius correctly per the installation directions. I'm very new at Linux and freeradius, therefore i have NO idea where to start or what to do. I searched all over the freeradius website and i did not see any instructions regarding how to configure or use it. Any and all help would be very much appreciated. Thank you in advance. > > Linda Pagillo > Director of Technical Services > N2 The Net > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeRADIUS with MySQL???
Keith: Thank you for your response. What type of MySQL installation; binary, rpm, etc., did you use? Which is the better installation method (binary,.. etc.). Thanks the second time. Please respond ASAP. I plan to do the installation either tonite or tomorrow. Kirt TIB Mountain City, TN 37683 -Original Message- From: Keith Yoder [mailto:[EMAIL PROTECTED] Sent: Friday, April 02, 2004 2:07 PM To: [EMAIL PROTECTED] Subject: Re: freeRADIUS with MySQL??? Kirti S. Bajwa escreveu: >Is there anybody who has successfully installed freeRADIUS 0.9.3 & MySQL >4.1? Is there any special procedure to follow? Has someone written a toaster >for such installation? > > I've used Freeradius with MySQL 4.0.18, 4.1.0 and 4.1.1 without any problems. The standard queries don't use any special syntax that would require any specific version of mysql. Keith Yoder - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeRADIUS with MySQL???
Hello List: This question is for anyone using freeRADIUS with MySQL (with InnoDB tables). I have installed and tested freeRADIUS 0.9.3 & MySQL 5.?? on a RH9 LINUX. It works fine. Now I want to install and test MySQL with InnoDB tables & freeRADIUS. My understanding is that MySQL 4.1 is the MySQL version to use. I have also heard that MySQL 4.1.? has problem when installed with freeRADIUS!!! Is there anybody who has successfully installed freeRADIUS 0.9.3 & MySQL 4.1? Is there any special procedure to follow? Has someone written a toaster for such installation? I have posted this message on MySQL list without getting a satisfactory message. Thanks in advance. Kirt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting to mysql database
I have no idea how this posting ending up on freeRADIUS!! Kirt -Original Message- From: Kirti S. Bajwa [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 10:46 AM To: '[EMAIL PROTECTED]' Subject: RE: accounting to mysql database Hello List: I have installed and tested freeRADIUS 0.9.3 & MySQL 5.?.? (latest dev version). Now I want to install & test freeRADIUS & MySQL with InnoDB tables. I have researched GOOGLE & MySQL web site for information on installing MySQL with InnoDB tables without success. I would appreciate if somebody direct me to: What version of MySQL do I need to install (with freeRADIUS) so I can use InnoDB tables? I understand that installing MySQL with freeRADIUS requires a specific MySQL version? Is it correct? I would be more than happy to read the procedure if someone point me to the chapter in MySQL Doc! I have not been able to find out myself. Is it possible that there is no special separate procedure and that is why I am missing it? Thanks in advance. Kirt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting to mysql database
Hello List: I have installed and tested freeRADIUS 0.9.3 & MySQL 5.?.? (latest dev version). Now I want to install & test freeRADIUS & MySQL with InnoDB tables. I have researched GOOGLE & MySQL web site for information on installing MySQL with InnoDB tables without success. I would appreciate if somebody direct me to: What version of MySQL do I need to install (with freeRADIUS) so I can use InnoDB tables? I understand that installing MySQL with freeRADIUS requires a specific MySQL version? Is it correct? I would be more than happy to read the procedure if someone point me to the chapter in MySQL Doc! I have not been able to find out myself. Is it possible that there is no special separate procedure and that is why I am missing it? Thanks in advance. Kirt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySql and freeRadius
Hello List: I want to make sure I am installing freeRADIUS & MySQL correctly. I installed (test installation) freeRADIUS (0.9.3) and MySQL 5.0.0 (?) from binaries on a RH9 machine. It tested fine. In the next couple of days, I am going to do a final installation of freeRADIUS & MySQL (with InnoDB). Questions: == (1) with the above setup, what version of MySQL (binaries or rpm) should I use? (2) Do I still need a develoment package of MySQL to work with freeRADIUS? If YES, what version of MySQL? I am new to MySQL!! Kirti -Original Message- From: Keith Yoder [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 24, 2004 2:36 PM To: [EMAIL PROTECTED] Subject: Re: MySql and freeRadius John Que escreveu: > As I understand , I must install the sources of MySql if I want to use > rlm_sql in freeRadius > (and not install the rpm for mySql Server and client). Actually, you can install the -devel rpms and that will allow you to compile the rlm_sql_mysql module. This will make sure all the libraries and header files get to the right places. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Using FreeRadius for a HotSpot with a PrePaid Billing System
Yes, I do. I am going to be working on something like this in a week or so Thanks. Kirti -Original Message- From: John Kiehnle [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: Using FreeRadius for a HotSpot with a PrePaid Billing System I have like many I am sure, developed a full system in php with registration linked to VeriSign for CC processing. If the card transaction is accepted VeriSign can send all the data to a form which posts the UID / password into MySQL or LDAP for instant authentication. It is very basic but gets the $$$ into bank and user online right now. Anyone want copies of the php scripts. JK On Tue, 23 Mar 2004 10:41:44 -0500 "Oswin Ondarza" <[EMAIL PROTECTED]> wrote: >Hi everyone, > >I am trying to build a Hotspot system using FreeRADIUS, > I have a Colubris CN3000 NAS and it works great with >the FreeRADIUS, but now I need a billing system >integrated to the FreeRADIUS so users when enter the >hotspot can pay with credit card using the >explorer/mozilla to get access or to get login >information. > >I would like to build a complete open source solution, so >the only prepaid billing system open source that I have >found thar "could" be intergrated with the FreeRADIUS is > "FreeSide" (http://www.sisd.com/freeside/) but I >haven't tried it yet, I would like to hear a little about >this before doing it. > > >So, any Opinion ? Suggestions ? is anybody tryng the >same solution ??? > > >I hope someone can help me, > >Thanks in advance !!! > >Oswin. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Remote Authentication????
Hello List: Consider me a newbie to both LINUX & freeRADIUS. Currently, I am running a RH6 server "taos", with about 200 users. Users dial-in into an ARIAL-4200 modem bank (modem bank is a card in this server) which in turn authenticates their UID/PW (I think it is PAP authentication). I add new users by using the standard RH add user screen and I can see that UID/PW information is in "/etc/passwd" file. I hope you get the picture. Now I have setup "rdx" (RH9 & freeRADIUS-0.9.3) server and tested it by adding couple of users. I am trying to figure out a ways to authenticate the current users on new server. I have considered the following: (1) Manually, add each UID/PW to "rdx" for authentication, (2) Manually copy "/etc/password" file from "taos" to "rdx", or (3) Direct freeRADIUS server "rdx" to "taos" to authenticate UID/PW. I prefer the (3) method. So my question: Is it possible to setup a freeRADIUS to look for UID/PW in another server to do authentication? Thanks. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dual User verification
Hi: Is it possible to somehow do dual verification of a customers UID & PW. Here is my scenario: Presently I am using a dial-in hardware from ARINC (I think this is correct name) & UID/PW verification with Shadow Password. Soon I will be switching over to a 3Com HiPer & freeRADIUS (with MySQL). When I switch over to 3Com HiPer dial-in box, I would like freeRADIUS to first authenticate UID/PW from MySQL DB and if the user authentication fails then authenticate from Shadow Password file. Is this type of dual user verification possible? Thanks. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dual User verification
Hi: Is it possible to somehow do dual verification of a customers UID & PW. Here is my scenario: Presently I am using a dial-in hardware from ARINC (I think this is correct name) & UID/PW verification with Shadow Password. Soon I will be switching over to a 3Com HiPer & freeRADIUS (with MySQL). When I switch over to 3Com HiPer dial-in box, I would like freeRADIUS to first authenticate UID/PW from MySQL DB and if the user authentication fails then authenticate from Shadow Password file. Is this type of dual user verification possible? Thanks. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Radius document
Title: Message To startwith please email me a copy of the document. Thanks. Kirt -Original Message-From: Truong Manh Cuong [mailto:[EMAIL PROTECTED]Sent: Saturday, February 21, 2004 9:38 PMTo: [EMAIL PROTECTED]Subject: Radius document Hi all, I see that there is so few document about freeradius. I use postgresql database and I have my own document for radius, and dialup_admin web interface. Where can I upload so that, some one can modify and add more to it. And then all newbies can read? Mailing list is a goodway but sometimes I see that there is some questions that newbie asks again and again and you have to waste your time to reply. Thanks and Regards Manh Cuong.
RE: Can't connect RADIUS Server!!!
This message is to thank both your (no name & Vincent Giovannone. You both are correct & some more. My response is for future reference & helping somebody else. Here is the problem solved: 1) Port number must be 1812 or it will not work 2) I did have a firewall (shorewall firewall, one of the best) & I needed to open port 1812 & 1813 (UDP) 3) I was using WinNT with Proxy Server. I had to allow traffic, both ways, on port 1812 (UDP) BAM... It worked. I do not think without both of your help, I could have done it. Thanks again. Kirti -Original Message- From: 321online.NET [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 8:15 PM To: [EMAIL PROTECTED] Subject: Re: Can't connect RADIUS Server!!! I bet it is all in the ports,if reeradius server host permissions and lastly iptable rules freeradius with mysql and iptable's rulz :) ! - Original Message - From: "Kirti S. Bajwa" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, January 08, 2004 6:03 PM Subject: Can't connect RADIUS Server!!! > Hello List: > > O/S: RH9 > freeRADIUS: 0.9.3 > > I have a fresh install of RH9 on a server & then installation of freeRADIUS > (FR) software. Installation and settings went smoothly. RADIUS server is up > and running & I can test it by running: > > %radtest 12.21.237.15 0 testing123 > > To authenticate a user other than from RADIUS server, I setup NTRadPing Test > Utility on a Window NT machine. However when I run this utility, I get an > error message "could not receive a response from server". > > It seems like that when I run NTRadPing, I am not reaching the RADIUS server > at 12.21.237.15. However I can PING the IP address of 12.21.237.15 from > Window NT machine. > > I am running RADIUS server in test mode (radiusd -X) and I see nothing > displayed on the terminal window. After couple of days of trying, I > appreciate if somebody can tell me what am I doing wrong and how to correct > it. > > As always, I highly appreciate all responses. > > Kirti > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Unable to do simple UNIX authentication
John: I just setup a freeRADIUS server and had the same problem. Please read the output and you will notice the following line: rlm_unix: [test]: invalid password Somehow the password is incorrect. Try another thing; restart the computer after making the changes and then run the same test. In my case, I could test after a re-boot. Good luck. Kirti -Original Message- From: John Sasso Jr [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 6:21 AM To: [EMAIL PROTECTED] Subject: Unable to do simple UNIX authentication I just built freeradius 0.9.3 on my RedHat Fedora Core 1 box. radiusd starts up fine and I modified the /etc/raddb/clients to have: localhost testing123 127.0.0.1 testing123 but when I use radtest against a test account (test) with a verifiably good password (t1e2s3t4), I get and Access-Reject. I've started radiusd in debug mode and examined the startup and authentication messages, but cannot determine why simple UNIX authentication is failing. I've included debug and radtest output below. Any help would be greatly appreciated, as I've been pulling my hair out since yesterday trying to resolve this. --john - # /etc/rc.d/init.d/radiusd debug Starting /usr/local/freeradius/sbin/radiusd in debug mode:Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local/freeradius" main: localstatedir = "/usr/local/freeradius/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/freeradius/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/freeradius/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/freeradius/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/freeradius/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 rlm_eap: Loaded and initialized the type leap Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id" Module: Instantiated acct_un
Can't connect RADIUS Server!!!
Hello List: O/S: RH9 freeRADIUS: 0.9.3 I have a fresh install of RH9 on a server & then installation of freeRADIUS (FR) software. Installation and settings went smoothly. RADIUS server is up and running & I can test it by running: %radtest 12.21.237.15 0 testing123 To authenticate a user other than from RADIUS server, I setup NTRadPing Test Utility on a Window NT machine. However when I run this utility, I get an error message "could not receive a response from server". It seems like that when I run NTRadPing, I am not reaching the RADIUS server at 12.21.237.15. However I can PING the IP address of 12.21.237.15 from Window NT machine. I am running RADIUS server in test mode (radiusd -X) and I see nothing displayed on the terminal window. After couple of days of trying, I appreciate if somebody can tell me what am I doing wrong and how to correct it. As always, I highly appreciate all responses. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Settings
Vincent: Thank you for your response. It does make sense & you have been kind to explain and respond to my concerns/questions. It is interesting how many people do not know the answer to this question. I have received several direct emails from people on this list who has mentioned that they also want to know the answer to my question but to scare to ask. They do not inflame anybody. Again thank you very much for your response. Kirti -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 07, 2004 9:28 AM To: [EMAIL PROTECTED] Subject: RE: Settings [EMAIL PROTECTED] wrote on 01/06/2004 04:48:36 PM: > Max_request setting in "radius.conf" is supposed to be the maximum number of > requests which the server keeps track of. It is supposed to be 4 * number of > clients. > > In this situation what is a client: > > (1) is it number of NAS being serviced by the RADIUS server -or- *ding* > (2) is it number of dial-in customers -or- No. That wouldn't make any sense; the only time a connection to the radius server is made (in _general_; not absolutely true) is when a user connects or disconnects. The connection to the radius server is NOT held open. So using that guideline above, let's say you have 10 NASes, and set max requests to 40. That means that one nas can handle 40 simultaneous requests, or all ten can handle four requests each, or one can have 39, one 1, and the rest none, or any combination thereof. The more important (and therefore more intelligent) question is how many people do you expect to be dialing in at the same time? Not connected, I mean actually either dialing the phone, or trying to authenticate to a wireless access point, or authenticate to a router, or whatever you're planning on using RADIUS for. THAT'S when max connections is important. > (3) is it number of dial-in ports which are serviced by a RADIUS server? That would make even less sense. > The RADIUS book by O'Rielly describes client as in Client/Server > relationship. It doesn't describe it as a user/server or port/server relationship? How appropriate! > If that is true, then Clients will be number of NAS on the > system. That does not make sense because one NAS (3Com TC) may have 10 HiPer > DSP cards and another may have 14. Therefore the number of maximum > connections might be quite different. The only reason that's not making sense is because you're thinking of RADIUS as a protocol that holds the connection open for the entire conversation, like telnet. Throw that idea away. Vincent Giovannone Network Infrastructure Group Information Services Division Rush University Medical Center - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Settings
Alan: Thanks for your response. I am quite sure you know the answer and I appreciate your help. I will try to clarify my question: Max_request setting in "radius.conf" is supposed to be the maximum number of requests which the server keeps track of. It is supposed to be 4 * number of clients. In this situation what is a client: (1) is it number of NAS being serviced by the RADIUS server -or- (2) is it number of dial-in customers -or- (3) is it number of dial-in ports which are serviced by a RADIUS server? The RADIUS book by O'Rielly describes client as in Client/Server relationship. If that is true, then Clients will be number of NAS on the system. That does not make sense because one NAS (3Com TC) may have 10 HiPer DSP cards and another may have 14. Therefore the number of maximum connections might be quite different. If clients are number of dial-in ports, then it makes more sense. However, it is not clear anywhere in the documentation and therefore my question. You have said that you do know the answer but you can't explain better than the book. From my explanation above, I do not think the O'Rielly RADIUS book explains it at all. SO, PLEASE, enlighten me!!! What is the answer?? Thanks, Kirti -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 3:50 PM To: [EMAIL PROTECTED] Subject: Re: Settings "Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote: > As I have said, I have read the book about 5 times and there are > several references to "clients" applicable to the subject being > discussed. Ok.. > Please read my question again & if you know the answer, then, please let me > know. The problem is, I *do* know the answer, but I can't explain it in any better terms than what's in the book. You haven't explained what you don't understand about the books definition of a "client", so I can't give you any information to help you understand what you're missing. And in the 3-4 messages you've posted here, you've said you don't understand what "clients" are, like it's some kind of mantra. We heard you the first time. Please *explain* yourself, instead of posting the same thing over and over. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Settings
Yes clients are mention all over the book but there is a definition on Page 3, which states: "When discussing AAA and RADIUS, the terms "clients" and "server" often comes up. However, there can be some confusion about which of these roles a particular machine is playing..". Please read the entire explanation. I do not believe it answer my question. As I have said, I have read the book about 5 times and there are several references to "clients" applicable to the subject being discussed. Please read my question again & if you know the answer, then, please let me know. Thanks. Kirti -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 12:30 PM To: [EMAIL PROTECTED] Subject: RE: Settings [EMAIL PROTECTED] wrote on 01/06/2004 11:22:29 AM: > I have the RADIUS book from O'Rilley & I am reading it. I have read the book > about 5-times. If the answer is in the book, kindly point me to the page > number. I will really appreciate it. You must be reading the book in sandscrit, because client references are all over it. Such as: http://safari.oreilly.com/?x=1&mode=section&sortKey=title&sortOrder=asc&view =&xmlid=0-596-00322-6/radius-CHP-6-SECT-3&open=false&g=&catid=&s=1&b=1&f=1&t =1&c=1&u=1&r=&o=1 Vincent Giovannone Network Infrastructure Group Information Services Division Rush University Medical Center "When I was four I wanted an Action Man armoured personnel carrier. I didn't have any genuine Action Men - my parents couldn't afford them; instead of a professional army I had a ragtag band of Korean and Chinese irregulars whose political commitment, I hoped, made up for their having no knee or elbow joints." -- Mil Millington - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Settings
I have the RADIUS book from O'Rilley & I am reading it. I have read the book about 5-times. If the answer is in the book, kindly point me to the page number. I will really appreciate it. Thanks. Kirti -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 12:12 PM To: [EMAIL PROTECTED] Subject: Re: Settings "Kirti S. Bajwa" <[EMAIL PROTECTED]> wrote: > I am a newbie to freeRADIUS. This is my first attempt to setup. I am > updating/setting "radius.conf" file. One question: > > What is RADIUS Clients? Buy the RADIUS book. If you don't know what RADIUS clients are, I don't think you need a RADIUS server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Settings
Please clarify NAS devices!!! I am using 3Com TC box. Is it 1-device therefore the max_requests = 1 * 256 ( = 256 )? or Is it number of Dial-up lines on a 3Com box. In my case it is 3 T1 Lines therefore max_requests = 3 * 256 ( = 768 ) Thanks. Kirti -Original Message- From: Cris Boisvert [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 06, 2004 11:32 AM To: [EMAIL PROTECTED] Subject: RE: Settings Clients would be Nas Devices .. Such as portmasters if you have dialup pool -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kirti S. Bajwa Sent: Tuesday, January 06, 2004 11:28 AM To: '[EMAIL PROTECTED]' Subject: RE: Settings Hello List: I am a newbie to freeRADIUS. This is my first attempt to setup. I am updating/setting "radius.conf" file. One question: What is RADIUS Clients? Is it number of users which will be dialing up and will be processed by the RADIUS server or is it the number of NAS Clients connected serviced by the RADIUS Server? Thanks. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Settings
Hello List: I am a newbie to freeRADIUS. This is my first attempt to setup. I am updating/setting "radius.conf" file. One question: What is RADIUS Clients? Is it number of users which will be dialing up and will be processed by the RADIUS server or is it the number of NAS Clients connected serviced by the RADIUS Server? Thanks. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
