Re: how to record certificates error in radius.log?
WWF wrote: But no log is recorded if the certificates is wrong (which is possible in real scenarios). It should log that authentication has failed. I have noticed that if the certificates is wrong, the radiusd -X will output things like that: Fri Jul 16 17:23:30 2010 : Info: [eap] EAP NAK Fri Jul 16 17:23:30 2010 : Info: [eap] EAP-NAK asked for EAP-Type/ttls Fri Jul 16 17:23:30 2010 : Info: [eap] processing type askedtls That message has nothing to do with a wrong certificate. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to record certificates error in radius.log?
hi, all! Now I want to record the user access history in the radius.log file. I use fr 2.19 and ttls-mschapv2. I notice that it now only records the user/password log in the radius.log file. for example, when I use a correct password for user test, Tue Jul 13 12:03:49 2010 : Auth: Login OK: [test/via Auth-Type = EAP] (from client localhost port 0 via TLS tunnel) Tue Jul 13 12:03:49 2010 : Auth: Login OK: [anonymous_identity/via Auth-Type = EAP] (from client localhost port 0 cli 02-00-00-00-00-01) when I use a wrong password for user test, Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [test/via Auth-Type = EAP] (from client localhost port 0 via TLS tunnel) Tue Jul 13 12:04:09 2010 : Auth: Login incorrect: [anonymous_identity/via Auth-Type = EAP] (from client localhost port 0 cli 02-00-00-00-00-01) But no log is recorded if the certificates is wrong (which is possible in real scenarios). I have noticed that if the certificates is wrong, the radiusd -X will output things like that: Fri Jul 16 17:23:30 2010 : Info: [eap] EAP NAK Fri Jul 16 17:23:30 2010 : Info: [eap] EAP-NAK asked for EAP-Type/ttls Fri Jul 16 17:23:30 2010 : Info: [eap] processing type askedtls If this notifys the wrong certificate? Then maybe I can put a radlog in the following part of eap.c?: case PW_EAP_NAK: /* *The NAK data is the preferred EAP type(s) of *the client. * *RFC 3748 says to list one or more proposed *alternative types, one per octet, or to use *0 for no alternative. */ RDEBUG2(EAP NAK); thanks a lot! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 16:17, LeRoy DeVries wrote:
On Monday 26 December 2005 16:02, Markus Krause wrote:
i am not an expert but it seems that you (or some module) sets auth-type
to local. what does your authorize and authenticate sections in
radiusd.conf look like?
Here is that portion
authorize {
preprocess
chap
mschap
suffix
sql
noresetcounter
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
}
the interface between the user and radius is done by a .cgi script
I found the problem. It was a password error between the Web Server and
ChilliSpot captive portal. All is working as designed. Thanks for EVERYONES
help here. I have learned alot and I appreciate it very much.
Happy New Year
--
LeRoy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries [EMAIL PROTECTED]:
I'm getting the following error in the radius log and don't know how to
handle
it. I assume it's handled somewhere within the radius.conf file but I can't
find anything about it.
Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown
attribute Max-All-Session
add a line to your dictionary file (on suse: /etc/raddb/dictionary):
ATTRIBUTE Max-All-Session 3000 integer
Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from
database
are you sure you set the correct variables in sql.conf, e.g. user who is allowd
to connect to sql db and password?
an example:
sql {
server = localhost
login = radiusd
password donttellanyone
}
Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting
user
I'm a newbie to all this and am stumbling along :)
--
LeRoy Dorothy
Location: http://map.datastormusers.com/user2.cfm?user=1591
My Web Page: http://www.rvfulltimer.com
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
regards
markus
--
Markus Krause email: [EMAIL PROTECTED]
Computing CenterTel.: 089 - 89 40 85 99
Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98
-
This message was sent using https://webmail.biochem.mpg.de
If you encounter any problems please report to [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
LeRoy DeVries wrote: I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute Max-All-Session Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from database Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting user I'm a newbie to all this and am stumbling along :) You need to check that the dictionary that contains the attribute mentioned is included in /etc/raddb/dictionary or wherever your radius.conf lists it. Follow the syntax in that file to include it. -- Lewis Bergman Texas Communications 4309 Maple St. Abilene, TX 79602-8044 Off. 325-691-1301 Cell 325-439-0533 fax 325-695-6841 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 06:15, Markus Krause wrote: Zitat von LeRoy DeVries [EMAIL PROTECTED]: I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute Max-All-Session add a line to your dictionary file (on suse: /etc/raddb/dictionary): ATTRIBUTE Max-All-Session 3000 integer Thanks Markus... Now I'm getting the following Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: SQL modules aren't allowed in 'authenticate' sections -- they have no such method. If I remove the sql from that section it doesn't complain. How does sql handle this. Also as a side note, I tried logging on using a wireless client and the loggin in failed both on the sql ( database is populated) and USERS (uncommented steve) but I can't find any logs on why. FWIW I am using Chillispot for a captive portal which uses a SSL web interface for the radius server which I config to use sql database and the USERS file. The database was made from phpMyPrepaid. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
LeRoy DeVries [EMAIL PROTECTED] wrote: Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: SQL modules aren't allowed in 'authenticate' sections -- they have no such method. Why did you put it there? If I remove the sql from that section it doesn't complain. How does sql handle this. Also as a side note, I tried logging on using a wireless client and the loggin in failed both on the sql ( database is populated) and USERS (uncommented steve) but I can't find any logs on why. Try running the server in debugging mode, as suggested in the FAQ, README, INSTALL, and daily on this list. Honestly, I just don't understand why it's so hard to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 09:38, Alan DeKok wrote: Try running the server in debugging mode, as suggested in the FAQ, README, INSTALL, and daily on this list. Honestly, I just don't understand why it's so hard to do that. Alan DeKok. Sorry I just could not find any info on that. After doing a google search I finnaly found it and how to place in debug mode. Now I why it is failing... rlm_sqlcounter: Entering module authorize code Segmentation fault Now to find out how to fix it. :) LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 10:12, LeRoy DeVries wrote: On Monday 26 December 2005 09:38, Alan DeKok wrote: Try running the server in debugging mode, as suggested in the FAQ, README, INSTALL, and daily on this list. Honestly, I just don't understand why it's so hard to do that. Alan DeKok. Sorry I just could not find any info on that. After doing a google search I finnaly found it and how to place in debug mode. Now I why it is failing... rlm_sqlcounter: Entering module authorize code Segmentation fault Now to find out how to fix it. :) I found the error and corrected it. I forgot to add the query. LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries [EMAIL PROTECTED]: On Monday 26 December 2005 06:15, Markus Krause wrote: Zitat von LeRoy DeVries [EMAIL PROTECTED]: I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute Max-All-Session add a line to your dictionary file (on suse: /etc/raddb/dictionary): ATTRIBUTE Max-All-Session 3000 integer Thanks Markus... Now I'm getting the following Mon Dec 26 08:13:56 2005 : Error: radiusd.conf: SQL modules aren't allowed in 'authenticate' sections -- they have no such method. yes, it is not intended to be used in this section ;-) i hope i did not use this in the example config file i sent you! If I remove the sql from that section it doesn't complain. How does sql handle this. Also as a side note, I tried logging on using a wireless client and the loggin in failed both on the sql ( database is populated) and USERS (uncommented steve) but I can't find any logs on why. what says freeradius if started in debug mode (freeradius -XA) ? and what says radtest? regards markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 12:41, Markus Krause wrote: what says freeradius if started in debug mode (freeradius -XA) ? and what says radtest? I'm finally making progress. Now I'm getting the following: modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. even though the password that I entered in the login is correct. Now I'm really stuck. sigh! LeRoy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
Zitat von LeRoy DeVries [EMAIL PROTECTED]: On Monday 26 December 2005 12:41, Markus Krause wrote: I'm finally making progress. Now I'm getting the following: modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password does NOT match local User-Password auth: Failed to validate the user. even though the password that I entered in the login is correct. i am not an expert but it seems that you (or some module) sets auth-type to local. what does your authorize and authenticate sections in radiusd.conf look like? regards, markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in Radius.log
On Monday 26 December 2005 16:02, Markus Krause wrote:
i am not an expert but it seems that you (or some module) sets auth-type to
local. what does your authorize and authenticate sections in radiusd.conf
look like?
Here is that portion
authorize {
preprocess
chap
mschap
suffix
sql
noresetcounter
}
authenticate {
Auth-Type PAP {
pap
}
Auth-Type CHAP {
chap
}
Auth-Type MS-CHAP {
mschap
}
}
the interface between the user and radius is done by a .cgi script
--
LeRoy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error in Radius.log
I'm getting the following error in the radius log and don't know how to handle it. I assume it's handled somewhere within the radius.conf file but I can't find anything about it. Sun Dec 25 09:28:07 2005 : Error: rlm_sql: Failed to create the pair: Unknown attribute Max-All-Session Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): Error getting data from database Sun Dec 25 09:28:07 2005 : Error: rlm_sql (sql): SQL query error; rejecting user I'm a newbie to all this and am stumbling along :) -- LeRoy Dorothy Location: http://map.datastormusers.com/user2.cfm?user=1591 My Web Page: http://www.rvfulltimer.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error in radius.log
On Fri, 18 Feb 2005 07:22:42 + nake116 nake116 [EMAIL PROTECTED] wrote: Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u dp and 1813/udp, with proxy on 1814/udp. Fri Feb 18 06:26:50 2005 : Info: Ready to process requests. What is cause of this problem ?, and how to fix it ? - delete the naslist,clients and realms files from the configuration directory. Freeradius now uses SQL or other files for the same purpose. -- Siderite [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Error in radius.log
Fri Feb 18 06:26:50 2005 : Info: Using deprecated naslist file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Info: Using deprecated clients file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Info: Using deprecated realms file. Support for this will go away soon. Fri Feb 18 06:26:50 2005 : Error: rlm_eap_tls: conf N ctx stored Fri Feb 18 06:26:50 2005 : Info: Listening on IP address *, ports 1812/u dp and 1813/udp, with proxy on 1814/udp. Fri Feb 18 06:26:50 2005 : Info: Ready to process requests. What is cause of this problem ?, and how to fix it ? - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
