Problem with crypt passwords matching
I am running Freeradius 2.1.12 on a Centos box. I am able to
authenticate from the server command line, and from a Cisco ASR1k BRAS
via the command line. However, when I attempt to authenticate
customers from the DSL network, I get a reject, even though the
crypt'd passwords match! Here is a sample from a trace:
rad_recv: Access-Request packet from host 204.111.5.9 port 1645,
id=235, length=89
Framed-Protocol = PPP
User-Name = k143rott
User-Password = k*
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = 0/0/0/304
Service-Type = Framed-User
NAS-IP-Address = 204.111.5.9
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = k143rott, looking up realm NULL
[suffix] Found realm NULL
[suffix] Adding Stripped-User-Name = k143rott
[suffix] Adding Realm = NULL
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns updated
[files] users: Matched entry DEFAULT at line 169
[files] users: Matched entry DEFAULT at line 172
[files] users: Matched entry DEFAULT at line 186
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password krt444
[pap] Using CRYPT password *3u.3LS/VKTOVc
[pap] Passwords don't match
++[pap] returns reject
Failed to authenticate the user.
Login incorrect (rlm_pap: CRYPT password check failed):
[k143rott/k*] (from client va-edbg-bras-1 port 0)
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - k143rott
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 30 for 1 seconds
Going to the next request
Sending delayed reject for request 21
Sending Access-Reject of id 227 to 204.111.5.9 port 1645
The crypt'd password (*3u.3LS/VKTOVc) is exactly what is in the
/etc/shadow file. So I am confident the shared secret is correct.
What am I doing wrong?
--
Haskins Family Farm
Middletown, VA
web: http://www.haskinsfamilyfarm.com
FB: http://www.facebook.com/pages/Middletown-VA/Haskins-Family-Farm/114984971161
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with crypt passwords matching
What do you mean by editing the passwd module? As for the users lines, here is what is in that file (first line is 169 and the last one is 186): DEFAULT Auth-Type == System Fall-Through == 1 DEFAULT Service-Type == Framed-User Framed-IP-Address == 255.255.255.254, Framed-Netmask == 255.255.255.255, Framed-MTU == 1500, Service-Type == Framed-User, Framed-Routing == None, Fall-Through == Yes # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = PPP, since PPP might also be auto-detected # by the terminal server in which case there may not be a P suffix. # The terminal server sends Framed-Protocol = PPP for auto PPP. # DEFAULT Framed-Protocol == PPP On Wed, Aug 15, 2012 at 4:52 PM, alan buxey a.l.m.bu...@lboro.ac.uk wrote: Hi, ++[unix] returns updated okay...so I assume you have edited the passwd module to read thew shadow file? [files] users: Matched entry DEFAULT at line 169 [files] users: Matched entry DEFAULT at line 172 [files] users: Matched entry DEFAULT at line 186 what do these lines have/say? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Haskins Family Farm Middletown, VA web: http://www.haskinsfamilyfarm.com FB: http://www.facebook.com/pages/Middletown-VA/Haskins-Family-Farm/114984971161 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compiling freeradius.org 2.0.3 on Red Hat 7.3
I'm trying to compile freeradius.org version 2.0.3 on Red Hat 7.3, and I'm getting the following error: /usr/local/src/radius/freeradius-server-2.0.3/src/freeradius-devel/rad_assert.h:26: warning: `used' attribute directive ignored In file included from ../../eap.h:34, from eap_tnc.c:58: ../../libeap/eap_types.h:30: warning: `used' attribute directive ignored eap_tnc.c: In function `eaptnc_extract': eap_tnc.c:137: parse error before `unsigned' eap_tnc.c:141: parse error before `int' eap_tnc.c:147: `ptr' undeclared (first use in this function) eap_tnc.c:147: (Each undeclared identifier is reported only once eap_tnc.c:147: for each function it appears in.) eap_tnc.c:153: `thisDataLength' undeclared (first use in this function) eap_tnc.c:154: `dataStart' undeclared (first use in this function) eap_tnc.c: In function `eaptnc_compose': eap_tnc.c:212: parse error before `unsigned' eap_tnc.c:214: `swappedDataLength' undeclared (first use in this function) eap_tnc.c:217: parse error before `thisDataLength' eap_tnc.c:220: parse error before `int' eap_tnc.c:224: `offset' undeclared (first use in this function) eap_tnc.c:225: `thisDataLength' undeclared (first use in this function) gmake[9]: *** [eap_tnc.lo] Error 1 gmake[9]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3/src/modules/rlm_eap/types/rlm_eap_tnc' gmake[8]: *** [common] Error 2 gmake[8]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3/src/modules/rlm_eap/types' gmake[7]: *** [all] Error 2 gmake[7]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3/src/modules/rlm_eap/types' gmake[6]: *** [common] Error 2 gmake[6]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3/src/modules/rlm_eap' gmake[5]: *** [common] Error 2 gmake[5]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3/src/modules' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/usr/local/src/radius/freeradius-server-2.0.3' make: *** [all] Error 2 I've searched the wiki site and the mailing list archives and not found much on this error. Yes, I know that RH 7.3 is old/etc., so I'm not looking for pat answers like upgrade to the latest O/S version. In searching for the error message (`used' attribute directive ignored) I haven't come up with anything helpful. Thanks for any assistance you can provide! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: copying accounting
I thought radrelay was the way to replicate accounting to other servers. Alexander Serkin wrote: Replicate-To-Realm seem to do what i want. Copying accounting matching the check item in acct_users to the realm specified while storing this accounting locally. Am i right? Alexander Serkin wrote: Is it possible to keep accounting for several realms locally along with sending it to third party AAA server? I.e. i need to write accounting for customers visiting us from another network, but also send it to their home AAA server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dialup Admin, problems with apache (httpd) and php
I had the same problem. Its really a PHP/apache config error. I had to add a line like this in my httpd.conf to get dialupadmin to work: AddType application/x-httpd-php .php3 Good luck! Evan Stenmark wrote: Apache (httpd) is not working with php it seems in the httpd.conf I made the DirectoryRoot /usr/local/dialupadmin/htdocs I start the server then access the page and on the right frame, there is Dialup Admin In the left frame, there is only php code ?php ... ? Obviously apache is not set up to work with php right now I am running Redhat 9 and from rpmquery there is httpd-2.0.40-21 php-4.2.2-17 I have looked through many of the posts on the archive and can't find any solutions that are working with my problem I suppose my main question is, how do I get apache working with php to disply dialup admin correctly? Or what is something common that I am missing? I will provide you with more information if you need it Thanks, Evan Stenmark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius GUI admin headaches
Can you point me to, or do you have an example MySQL query I could use for gathering unique user/month count data from the totacct/mtotacct tables? There doesn't seem to be anything in the stock dialupadmin program that does anything with these tables, though I know next to nothing about MySQL or PHP for that matter. Thanks for any help you can provide. Kostas Kalevras wrote: Regarding my additional functionality requirement, I need a report that shows the number of unique users who had sessions during the month. So if I had 347 individual accounts (User-Name attribute) access the system for the input time period, the system would report 347. This is independent of/in addition to the count of sessions, time or MB downloaded. You can easily use the totacct/mtotacct tables. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: HowTos, FAQs?
I reviewed this book in my ISPadmin column for Usenix ;login: in August, 2003. Unfortunately, the review only available to members until August, 2004 when non-members can view it. It is available here: http://www.usenix.org/publications/login/2003-08/pdfs/haskins.pdf But I didn't care for the book, I felt it basically covered only the basics and rehashed the RFC's. But I still bought it because its the only reference available. I haven't found that it answered the questions that I have had. Richard Marriner wrote: Also is the Radius book from O'reilly a good book? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius GUI admin headaches
I have had dialup_admin working for about a month now. It does take a little bit of configuring. And, it makes some assumptions (like that your RADIUS server is running on the same machine as dialup_admin), but it does indeed work and work well. I only use it for tracking RADIUS accounting usage, and have commented out the direct RADIUS manipulation stuff (user management, NAS checking, etc.). The only thing I see it is missing is the ability to query unique logins per month, for checking my wholesale provider bill against what I actually had login. I plan on making this change, I just haven't had a chance to work on it yet. Kerry Penland wrote: I understand people are actually using dialup_admin, although I haven't personally found anybody who is. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius and Syslog
I have attempted to get freeradius to output log info to syslog rather than radiusd.log, but it does not seem possible. GAUDIN Thomas wrote: Hello, I search to configure freeradius with syslog. Actually, my server doesn't want to start with my parameters. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 0.9.3 and syslog?
Sorry if this is a dupe, but my first attempt at posting this yesterday has yet to appear on the list/in my mailbox. -- How did you build it/configure syslog support for Freeradius? What issues have you had with it? The startup seems to ignore the command line switches, and there isn't any documentation on what the settings in radiusd.conf need to be, to make it write to anything other than radiusd.log (or similar). At least, I cannot locate any documentation. Christopher Kotran wrote: I have but it is problematic. CK - Original Message - From: Robert Haskins [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, January 31, 2004 10:24 PM Subject: Freeradius 0.9.3 and syslog? I am trying to enable Freeradius 0.9.3 to work with syslog. I see a number of posts on the list regarding syslog, but no one seems to have gotten it working. Has anyone been able to get it to work? Thanks for the help! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 0.9.3 and syslog?
I am trying to enable Freeradius 0.9.3 to work with syslog. I see a number of posts on the list regarding syslog, but no one seems to have gotten it working. Has anyone been able to get it to work? Thanks for the help! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Errors compiling freeradius-0.9.3 under Solaris 8
Has anyone been able to compile freeradius-0.9.3 under Solaris 8? Any help you could provide would be great. I have looked through the archives of the list, and I can't find anything related. I got errors on the following rlm modules so I removed the source completely: rlm_eap rlm_sql rlm_sqlcounter (didn't actually get an error on this one, removed it pre-emptively) But now I am getting an error in main: Making all in main... make[4]: Entering directory `/usr/local/src/freeradius-0.9.3/src/main' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c radiusd.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c files.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c util.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c acct.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c nas.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c log.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c valuepair.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -o version.o -c version.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c proxy.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c exec.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c auth.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c timestr.c timestr.c: In function `week_fill': timestr.c:189: warning: subscript has type `char' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c conffile.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -DRADIUSD_MAJOR_VERSION=0 -DRADIUSD_MINOR_VERSION=9.3 -c modules.c In file included from modules.c:35: ../include/modpriv.h:7:18: ltdl.h: No such file or directory In file included from modules.c:35: ../include/modpriv.h:16: parse error before lt_dlhandle ../include/modpriv.h:16: warning: no semicolon at end of struct or union ../include/modpriv.h:17: warning: type defaults to `int' in declaration of `module_list_t' ../include/modpriv.h:17: warning: data definition has no type or storage class ../include/modpriv.h:27: parse error before module_list_t ../include/modpriv.h:27: warning: no semicolon at end of struct or union ../include/modpriv.h:32: parse error before '}' token ../include/modpriv.h:32: warning: type defaults to `int' in declaration of `module_instance_t' ../include/modpriv.h:32: warning: data definition has no type or storage class ../include/modpriv.h:34: parse error before '*' token ../include/modpriv.h:34: warning: type defaults to `int' in declaration of `find_module_instance' For the interested, the rlm_eap compile errors were: Making static dynamic in rlm_eap... make[6]: Entering directory `/usr/local/src/freeradius-0.9.3/src/modules/rlm_eap' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_eap.c -o rlm_eap.o In file included from rlm_eap.c:25: rlm_eap.h:25:18: ltdl.h: No such file or directory In file included from rlm_eap.c:25: rlm_eap.h:77: parse error before lt_dlhandle The rlm_sql compile errors were: Making static dynamic in rlm_sql... make[6]: Entering directory `/usr/local/src/freeradius-0.9.3/src/modules/rlm_sql' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_sql.c -o rlm_sql.o In file included from rlm_sql.c:48: rlm_sql.h:15:25: ltdl.h: No such file or directory - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Errors compiling freeradius-0.9.3 under Solaris 8
Installing the gnu libtool 1.5 (http://www.gnu.org/software/libtool/) fixes the issue. Robert Haskins wrote: Has anyone been able to compile freeradius-0.9.3 under Solaris 8? Any help you could provide would be great. I have looked through the archives of the list, and I can't find anything related. I got errors on the following rlm modules so I removed the source completely: rlm_eap rlm_sql rlm_sqlcounter (didn't actually get an error on this one, removed it pre-emptively) But now I am getting an error in main: Making all in main... make[4]: Entering directory `/usr/local/src/freeradius-0.9.3/src/main' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c radiusd.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c files.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c util.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c acct.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c nas.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c log.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c valuepair.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -o version.o -c version.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c proxy.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c exec.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c auth.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c timestr.c timestr.c: In function `week_fill': timestr.c:189: warning: subscript has type `char' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c conffile.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../include -DRADIUSD_MAJOR_VERSION=0 -DRADIUSD_MINOR_VERSION=9.3 -c modules.c In file included from modules.c:35: ../include/modpriv.h:7:18: ltdl.h: No such file or directory In file included from modules.c:35: ../include/modpriv.h:16: parse error before lt_dlhandle ../include/modpriv.h:16: warning: no semicolon at end of struct or union ../include/modpriv.h:17: warning: type defaults to `int' in declaration of `module_list_t' ../include/modpriv.h:17: warning: data definition has no type or storage class ../include/modpriv.h:27: parse error before module_list_t ../include/modpriv.h:27: warning: no semicolon at end of struct or union ../include/modpriv.h:32: parse error before '}' token ../include/modpriv.h:32: warning: type defaults to `int' in declaration of `module_instance_t' ../include/modpriv.h:32: warning: data definition has no type or storage class ../include/modpriv.h:34: parse error before '*' token ../include/modpriv.h:34: warning: type defaults to `int' in declaration of `find_module_instance' For the interested, the rlm_eap compile errors were: Making static dynamic in rlm_eap... make[6]: Entering directory `/usr/local/src/freeradius-0.9.3/src/modules/rlm_eap' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_eap.c -o rlm_eap.o In file included from rlm_eap.c:25: rlm_eap.h:25:18: ltdl.h: No such file or directory In file included from rlm_eap.c:25: rlm_eap.h:77: parse error before lt_dlhandle The rlm_sql compile errors were: Making static dynamic in rlm_sql... make[6]: Entering directory `/usr/local/src/freeradius-0.9.3/src/modules/rlm_sql' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_sql.c -o rlm_sql.o In file included from rlm_sql.c:48: rlm_sql.h:15:25: ltdl.h: No such file or directory - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
