RE: counter module (again)
Due to a wrong install (my fault :-( ) the man command doesn't work for freeradius settings. Can you send me an copy of this page? The db file isn't generated (what do I do wrong :-?) I hope someone can help me, Tim Bots -Oorspronkelijk bericht- Van: Kostas Kalevras [mailto:[EMAIL PROTECTED] Verzonden: Thursday, April 01, 2004 10:20 Aan: [EMAIL PROTECTED] Onderwerp: Re: counter module (again) On Thu, 1 Apr 2004, Tim Bots wrote: Hi everyone, Can anyone tell me how I can use the counter module. I can't find the db.daily file in the ${raddbdir} directory. Do I must create this file or will it be generated automatically. If I have to create this file can anyone give me an example of this file. Or do I have to change something in the users file (if yes, an example please) The db files are created automatically. The comments in the counter section of radiusd.conf are quite helpfull. There's also a man page on rlm_counter I hope someone can help me, Tim Bots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
counter module (again)
Hi everyone, Can anyone tell me how I can use the counter module. I can't find the db.daily file in the ${raddbdir} directory. Do I must create this file or will it be generated automatically. If I have to create this file can anyone give me an example of this file. Or do I have to change something in the users file (if yes, an example please) I hope someone can help me, Tim Bots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: accounting question
I guess this is a bad idea, because I can't write shell-script's ant I don't like the idea of deleting users when their time is over. An example: I want to have a few users that have 1 hour the time and they log in with their browser. Some other users may have 2 hours and some may have another time. When their time is over my nas will disconnect them. I also have a few devices witch can't logon with a web-browser but they log on with their MAC-adress (username = MAC) and they may have infinite time to the internet. I hope someone can help me Tim Bots -Oorspronkelijk bericht- Van: Marc Werner [mailto:[EMAIL PROTECTED] Verzonden: Tuesday, March 23, 2004 9:22 Aan: [EMAIL PROTECTED] Onderwerp: Re: accounting question an idea: turn log_auth_badpass = on and write a shellscript which read out the logfile and delete the user who tried to login with a bad pazzword. i wrote a similar script to delete users by expiring date, using sed. ciao marc werner Am Dienstag, 23. März 2004 08:47 schrieb Tim Bots: As I am trying to tell is that my nas CAN disconnect users and block them from that time on. The only thing is that freeradius doesn't log this and as soon as they are logged out they can login again and the user gets again 5 hours. This is not a thing I like. I guess that I have to use a database or something to log this. I hope someone can help me, Tim Bots -- Marc Werner [EMAIL PROTECTED] ICQ#190044536 http://tuxxy.in.itzehoe.de - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: authentication with PEAP (EAP-MSCHAPV2) from WinXP
What I can tell of this debug info is that freeradius can't find the password in the users file. It can work if you put the authencation type from your cisco aironet 1100 to CHAP and change in the users file the Auth-Type := Local. This works quite well for me. (only not with a cisco aironet 1100 ;-))\ Tim Bots -Oorspronkelijk bericht- Van: stephane BRANCHOUX [mailto:[EMAIL PROTECTED] Verzonden: Thursday, March 18, 2004 10:54 Aan: [EMAIL PROTECTED] Onderwerp: authentication with PEAP (EAP-MSCHAPV2) from WinXP Hello, I use freeradius 0.9.3 on a Rehdat 9.0 box. I would like to authenticate from winXP (SP1 with all patches). My test user is in user file : criup Auth-Type := EAP, User-Password == mypass eap is configured in sections modules, authorize an authenticate ( default config). My wireless card is a cisco aironet 802.11 abg that connect an AP cisco aironet 1100. I searched all archives and documentations without success. my debug is : rad_recv: Access-Request packet from host 192.168.200.154:21733, id=96, length=162 User-Name = criup Framed-MTU = 1400 Called-Station-Id = 000f.34a6.5400 Calling-Station-Id = 0040.96a1.8d33 Message-Authenticator = 0xb560044f371b37da8a4f47bdea830755 EAP-Message = 0x020600060319 NAS-Port-Type = Wireless-802.11 NAS-Port = 430 State = 0x94e83c4f0161a127188534bbf1e614020c7159403e7e8b6273e47bbe24009c81d1dc2e7f Service-Type = Framed-User NAS-IP-Address = 192.168.200.154 NAS-Identifier = ap-SBHX modcall: entering group authorize for request 9383 modcall[authorize]: module preprocess returns ok for request 9383 modcall[authorize]: module chap returns noop for request 9383 rlm_eap: EAP packet type notification id 6 length 6 rlm_eap: EAP Start not found modcall[authorize]: module eap returns updated for request 9383 modcall[authorize]: module digest returns noop for request 9383 rlm_realm: No '@' in User-Name = criup, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 9383 users: Matched DEFAULT at 152 users: Matched DEFAULT at 171 users: Matched criup at 216 modcall[authorize]: module files returns ok for request 9383 modcall[authorize]: module mschap returns noop for request 9383 modcall: group authorize returns updated for request 9383 rad_check_password: Found Auth-Type EAP auth: type EAP modcall: entering group authenticate for request 9383 rlm_eap: EAP packet type notification id 6 length 6 rlm_eap: EAP Start not found rlm_eap: Request not found in the list rlm_eap: Either EAP-request timed out OR EAP-response to an unknown EAP-request modcall[authenticate]: module eap returns invalid for request 9383 modcall: group authenticate returns invalid for request 9383 auth: Failed to validate the user. Login incorrect: [criup/no User-Password attribute] (from client ap-sbhx port 430 cli 0040.96a1.8d33) Any idea? Many thanks in advance. stephane BRANCHOUX Centre de Ressources Informatiques de l'Université de Perpignan. Systèmes/Réseaux mailto:[EMAIL PROTECTED] 04 68 66 21 24 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting question
Hi everyone, I have freeradius working correct at this moment and now is my question how can I enable accounting? I mean: how can I give users more or less time / more or less session bytes with freeradius? I use freeradius version 0.9.3 running on a p1 with 64 mb memory (I guess) with linux slackware. This works perfect. I hope someone can help me, Tim Bots - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: accounting question
Hi everyone, The thing is that my hotspot can kill/logoff users when they have reached a certain amount of time/data transfer. The standard time that users get when they logon when I use freeradius is 5 hours. Is there a way to change this time? I hope someone can help me, Tim Bots -Oorspronkelijk bericht- Van: Graeme Hinchliffe [mailto:[EMAIL PROTECTED] Verzonden: Tuesday, March 16, 2004 17:43 Aan: [EMAIL PROTECTED] Onderwerp: Re: accounting question On Tue, 16 Mar 2004 16:17:03 +0100 Tim Bots [EMAIL PROTECTED] wrote: Hi everyone, I have freeradius working correct at this moment and now is my question how can I enable accounting? I mean: how can I give users more or less time / more or less session bytes with freeradius? I use freeradius version 0.9.3 running on a p1 with 64 mb memory (I guess) with linux slackware. This works perfect. I hope someone can help me, The only way it's possible that I can think of is by doing some crazy hackery. Assuming you get interim accounting updates and monitor these, when they hit a certain level (which you have defined as your cut off) you can trigger a user disconnect, and flag them as unallowed, so they cannot auth again. But this will require hackery on your part, and a dependence on decent accounting updates -- - Graeme Hinchliffe (BSc) Core Team Member Zen Internet (http://www.zen.co.uk) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html