Re: "No NAS-Port seen"
On Mon, May 28, 2012 at 1:07 PM, Alan DeKok wrote: > Adam Karajah wrote: > > But i read a post on a forum that suggests using the rlm_sql which is by > > the way much faster as */etc/raddb/sites-enabled/default* file in > > accounting section says. > > What, exactly does that have to do with the missing NAS-Port? > > > is this true ?? can simultaneous-use be activated using sql queries > > rather than radutmp realm.???!!! > > Yes. > > * If the packet has NAS-Port.* OH ... ok got it. > > > > again its very urgent. > > Let me say this very carefully: this is a FREE mailing list. No one > here is paid to help you. Saying it's "urgent" is not helpful. > > hhh ... so sorry didnt mean anything. i just need to solve such issue as soon as i can, and there is no one better than Alan DeKok for help. again thank you very much, got the conclusion of this issue. hope am not annoying. Best Regards Alan. > Alan DeKok > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "No NAS-Port seen"
Adam Karajah wrote: > But i read a post on a forum that suggests using the rlm_sql which is by > the way much faster as */etc/raddb/sites-enabled/default* file in > accounting section says. What, exactly does that have to do with the missing NAS-Port? > is this true ?? can simultaneous-use be activated using sql queries > rather than radutmp realm.???!!! Yes. If the packet has NAS-Port. > again its very urgent. Let me say this very carefully: this is a FREE mailing list. No one here is paid to help you. Saying it's "urgent" is not helpful. Alan DeKok - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "No NAS-Port seen"
Thanks Alan for your reply, But i read a post on a forum that suggests using the rlm_sql which is by the way much faster as */etc/raddb/sites-enabled/default* file in accounting section says. is this true ?? can simultaneous-use be activated using sql queries rather than radutmp realm.???!!! again its very urgent. :). On Mon, May 28, 2012 at 11:44 AM, Alan DeKok wrote: > Adam Karajah wrote: > > I have freeradius installed on CentOS, and i am very interested in > > Simultaneous-use attribute to limit the number of logins per user. > > Anyway my nas seems to not sending NAS-Port attribute to freeradius > > which causes realm radutmp not to work. i looked all over the internet > > but i conuldnt find a solution, please help me to find a workaround to > > solve this problem. > > > > these are the two lines i keep seeing as an output from the debugging > > command radiusd -X : > > > > rlm_radutmp: No NAS-Port seen. Cannot do anything. > > rlm_radumtp: WARNING: checkrad will probably not work! > > Fix your NAS to send NAS-Port. There really is no other choice. > > > its very urgent. > > That's nice. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "No NAS-Port seen"
Adam Karajah wrote: > I have freeradius installed on CentOS, and i am very interested in > Simultaneous-use attribute to limit the number of logins per user. > Anyway my nas seems to not sending NAS-Port attribute to freeradius > which causes realm radutmp not to work. i looked all over the internet > but i conuldnt find a solution, please help me to find a workaround to > solve this problem. > > these are the two lines i keep seeing as an output from the debugging > command radiusd -X : > > rlm_radutmp: No NAS-Port seen. Cannot do anything. > rlm_radumtp: WARNING: checkrad will probably not work! Fix your NAS to send NAS-Port. There really is no other choice. > its very urgent. That's nice. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"No NAS-Port seen"
Dears, I have freeradius installed on CentOS, and i am very interested in Simultaneous-use attribute to limit the number of logins per user. Anyway my nas seems to not sending NAS-Port attribute to freeradius which causes realm radutmp not to work. i looked all over the internet but i conuldnt find a solution, please help me to find a workaround to solve this problem. these are the two lines i keep seeing as an output from the debugging command radiusd -X : rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! its very urgent. thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No NAS Port seen ?
Michael Arndt wrote: > -is the error belwo caused by fault of the NAS > -or a stupid mistake of mine within setup ? > > rlm_radutmp: No NAS-Port seen. Cannot do anything. > rlm_radumtp: WARNING: checkrad will probably not work! The NAS decides what goes into the RADIUS request. > -other attributes are sent correctly If you're not doing Simultaneous-Use checking, this message can be ignored. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No NAS Port seen ?
Hello * -is the error belwo caused by fault of the NAS -or a stupid mistake of mine within setup ? rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! -other attributes are sent correctly -device is a lancom 315-agn TIA Micha - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Update of "No NAS-PORT seen"
> I also got an error which I´ve had before, then Ivan Kalik I think told me > that i need to enable copy_request_to_tunnel = yes. Well I have that > enabled so I can authenticate by peap. But now I get the same error when I > try to authenticate the user which has been created in the MySQL database. > The error I get is: (only mentioning the mschapv2 & mschap response from > the output) Have you enabled sql in inner-tunnel virtual server? If you could be bothered to post the complete debug we would be able to tell you how to fix things. > Also as a side note, the user in the database has a Cleartext-Password := > test-pass. > > I read on the wiki that I should use ":=" and not "==" to do the check of > the password. > > Also I have not set a AUTH-TYPE, i let the server figure it out on its > own. That is all correct. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "No NAS-PORT seen"
> --
>
> Message: 2
> Date: Mon, 23 Nov 2009 15:25:32 +0100
> From: Alan DeKok
> Subject: Re: "No NAS-PORT seen"
> To: FreeRadius users mailing list
>
> Message-ID: <4b0a9b5c.6000...@deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Peter Carlstedt wrote:
> > Well all of that works but from that point and forward it doesnt, I cant
> > get my new user to authenticate towards the radius server and I get from
> > attr_filter that the request matched entry DEFAULT at line 11, which
> > sends a reject message if I have understood it correctly. Also I?ve
> > commented out that the radius server should use the users file to do
> > checks against when someone tries to authenticate, well that dont seem
> > to work because when i try to authenticate towards the radius server
> > with a user in the users file I succeed while i do not succeed when i
> > try to authenticate by using the user that i created in the mysql database.
> >
> > Have I missed something?
>
> It shouldn't be that hard. If you change the configuration, re-start
> the server.
I re-start the server all the time when I change the configuration...so that is
not the case.
I´ve checked if it works with radtest and it does. So in my mind it feels like
i´ve missed something in the peap configuration?
>
> And READ the debug output. There's a lot of text in it, but it
> describes which modules its using, and what it's doing. The ONLY answer
> to configuration problems is in the debug output.
>
> > But something i also noticed is that when i authenticate as the user who
> > is in the users file and have commented out that it should use the users
> > file it gets a message from rlm_radutmp saying "No NAS-Port seen. Cannot
> > do anything."
>
> That only comes from accounting traffic, not from authentication
> traffic. Please do NOT confuse the two.
>
> > Ive installed and made my own build of Freeradius 2.1.7 after i
> > installed mysql client and all those libraries and mysql server. also I
> > installed OpenSSL 0.9.8l before installation of the Freeradius server.
> >
> > Since the log is so big from radiusd -X is there any possibility to save
> > it into a file? And how do i do that?
>
> $ script radius.log
> $ radiusd -X
> (run)
> $ exit
>
> And then look at the file "radius.log"
>
> Alan DeKok.
Ok thanks!
I´ll do that.
Peter Carlstedt
>
>
> --
>
>
> Message: 4
> Date: Mon, 23 Nov 2009 14:53:42 +
> From: Peter Carlstedt
> Subject: Update of "No NAS-PORT seen"
> To:
> Message-ID:
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> Hello again!
>
> I have an update of the problem.
>
>
>
> I also got an error which I?ve had before, then Ivan Kalik I think told me
> that i need to enable copy_request_to_tunnel = yes. Well I have that enabled
> so I can authenticate by peap. But now I get the same error when I try to
> authenticate the user which has been created in the MySQL database. The error
> I get is: (only mentioning the mschapv2 & mschap response from the output)
>
>
>
> "[mschapv2] +- entering group MS-CHAP {...}
>
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
>
> [mschap] No Cleartext-Password configured. Cannot create NT-Password.
>
> [mschap] Told to do MS-CHAPv2 for test-user with NT-Password
>
> [mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
>
> [mschap] FAILED: MS-CHAP2-Response is incorrect
>
> ++[mschap] returns reject
>
>
>
> Also as a side note, the user in the database has a Cleartext-Password :=
> test-pass.
>
> I read on the wiki that I should use ":=" and not "==" to do the check of the
> password.
>
> Also I have not set a AUTH-TYPE, i let the server figure it out on its own.
>
>
>
> Best regards/ Peter
> >
_
Windows Live: Make it easier for your friends to see what you’re up to on
Facebook.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_2:092009-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Update of "No NAS-PORT seen"
Hello again!
I have an update of the problem.
I also got an error which I´ve had before, then Ivan Kalik I think told me that
i need to enable copy_request_to_tunnel = yes. Well I have that enabled so I
can authenticate by peap. But now I get the same error when I try to
authenticate the user which has been created in the MySQL database. The error I
get is: (only mentioning the mschapv2 & mschap response from the output)
"[mschapv2] +- entering group MS-CHAP {...}
[mschap] No Cleartext-Password configured. Cannot create LM-Password.
[mschap] No Cleartext-Password configured. Cannot create NT-Password.
[mschap] Told to do MS-CHAPv2 for test-user with NT-Password
[mschap] FAILED: No NT/LM-Password. Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] returns reject
Also as a side note, the user in the database has a Cleartext-Password :=
test-pass.
I read on the wiki that I should use ":=" and not "==" to do the check of the
password.
Also I have not set a AUTH-TYPE, i let the server figure it out on its own.
Best regards/ Peter
>
> Message: 5
> Date: Mon, 23 Nov 2009 14:03:41 +
> From: Peter Carlstedt
> Subject: "No NAS-PORT seen"
> To:
> Message-ID:
> Content-Type: text/plain; charset="iso-8859-1"
>
>
> Hello everyone!
>
> After some work now I have succesfully got MySQL to work towards the
> Freeradius server or at least I think it does.
>
> But hurm.. I?ve added a user by adding a user in radcheck, ive written
> "insert into radcheck (id, username, attribute, op, value) VALUES (null,
> 'test-user', 'Cleartext-Password', ':=', 'test-pass');
>
> and then I?ve written "select * from radcheck;" which shows the new user.
>
>
>
> Well all of that works but from that point and forward it doesnt, I cant get
> my new user to authenticate towards the radius server and I get from
> attr_filter that the request matched entry DEFAULT at line 11, which sends a
> reject message if I have understood it correctly. Also I?ve commented out
> that the radius server should use the users file to do checks against when
> someone tries to authenticate, well that dont seem to work because when i try
> to authenticate towards the radius server with a user in the users file I
> succeed while i do not succeed when i try to authenticate by using the user
> that i created in the mysql database.
>
>
>
>
>
> Have I missed something?
>
>
>
> But something i also noticed is that when i authenticate as the user who is
> in the users file and have commented out that it should use the users file it
> gets a message from rlm_radutmp saying "No NAS-Port seen. Cannot do anything."
>
>
>
> Have I done something terrible wrong?
>
>
>
> Ive installed and made my own build of Freeradius 2.1.7 after i installed
> mysql client and all those libraries and mysql server. also I installed
> OpenSSL 0.9.8l before installation of the Freeradius server.
>
>
>
> Since the log is so big from radiusd -X is there any possibility to save it
> into a file? And how do i do that?
>
>
>
> Best regards/ Peter Carlstedt
>
>
>
> _
> Windows Live Hotmail: Your friends can get your Facebook updates, right from
> Hotmail?.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009
> -- next part --
> An HTML attachment was scrubbed...
> URL:
> <https://lists.freeradius.org/pipermail/freeradius-users/attachments/20091123/7742bdb9/attachment.html>
>
> --
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 55, Issue 106
> *
_
Windows Live Hotmail: Your friends can get your Facebook updates, right from
Hotmail®.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: "No NAS-PORT seen"
Peter Carlstedt wrote: > Well all of that works but from that point and forward it doesnt, I cant > get my new user to authenticate towards the radius server and I get from > attr_filter that the request matched entry DEFAULT at line 11, which > sends a reject message if I have understood it correctly. Also I´ve > commented out that the radius server should use the users file to do > checks against when someone tries to authenticate, well that dont seem > to work because when i try to authenticate towards the radius server > with a user in the users file I succeed while i do not succeed when i > try to authenticate by using the user that i created in the mysql database. > > Have I missed something? It shouldn't be that hard. If you change the configuration, re-start the server. And READ the debug output. There's a lot of text in it, but it describes which modules its using, and what it's doing. The ONLY answer to configuration problems is in the debug output. > But something i also noticed is that when i authenticate as the user who > is in the users file and have commented out that it should use the users > file it gets a message from rlm_radutmp saying "No NAS-Port seen. Cannot > do anything." That only comes from accounting traffic, not from authentication traffic. Please do NOT confuse the two. > Ive installed and made my own build of Freeradius 2.1.7 after i > installed mysql client and all those libraries and mysql server. also I > installed OpenSSL 0.9.8l before installation of the Freeradius server. > > Since the log is so big from radiusd -X is there any possibility to save > it into a file? And how do i do that? $ script radius.log $ radiusd -X (run) $ exit And then look at the file "radius.log" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
"No NAS-PORT seen"
Hello everyone! After some work now I have succesfully got MySQL to work towards the Freeradius server or at least I think it does. But hurm.. I´ve added a user by adding a user in radcheck, ive written "insert into radcheck (id, username, attribute, op, value) VALUES (null, 'test-user', 'Cleartext-Password', ':=', 'test-pass'); and then I´ve written "select * from radcheck;" which shows the new user. Well all of that works but from that point and forward it doesnt, I cant get my new user to authenticate towards the radius server and I get from attr_filter that the request matched entry DEFAULT at line 11, which sends a reject message if I have understood it correctly. Also I´ve commented out that the radius server should use the users file to do checks against when someone tries to authenticate, well that dont seem to work because when i try to authenticate towards the radius server with a user in the users file I succeed while i do not succeed when i try to authenticate by using the user that i created in the mysql database. Have I missed something? But something i also noticed is that when i authenticate as the user who is in the users file and have commented out that it should use the users file it gets a message from rlm_radutmp saying "No NAS-Port seen. Cannot do anything." Have I done something terrible wrong? Ive installed and made my own build of Freeradius 2.1.7 after i installed mysql client and all those libraries and mysql server. also I installed OpenSSL 0.9.8l before installation of the Freeradius server. Since the log is so big from radiusd -X is there any possibility to save it into a file? And how do i do that? Best regards/ Peter Carlstedt _ Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No NAS-Port seen warning
> There's no such path in /etc/raddb > I'm running version 1.1.3 Upgrade. That version is many years out of date. In 1.1.3 module will be in radiusd.conf. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No NAS-Port seen warning
Hi, > There's no such path in /etc/raddb > I'm running version 1.1.3 if you upgrade to 2.1.7 then there will be such a $PATH and file :-) okay - you need to look in the main radiusd.conf file for where the uniq line is mentioned - however, i cant recall whether you can just slap that new NAS-Port onto the line instead. I think you can but 1.1.x was so long ago. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No NAS-Port seen warning
There's no such path in /etc/raddb I'm running version 1.1.3 2009/10/16 Patric > Robert White wrote: > >> Hey, >> >> Or can I make rlm_acct_unique look for Quintum-NAS-Port instead of just >> NAS-Port? >> > Yup, just update modules/acct_unique > > HTH > Patric > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- Rob White Assistant IT Manager Core Infrastructure & System Development Global Gossip Group Address: 14 Wentworth Avenue, Sydney NSW 2010 Telephone: +61 292 630 460 Fax: +61 292 630 404 Mobile: +61 410 700 733 Email: rwh...@globalgossip.net Skype: robwhite83 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No NAS-Port seen warning
Robert White wrote: Hey, Or can I make rlm_acct_unique look for Quintum-NAS-Port instead of just NAS-Port? Yup, just update modules/acct_unique HTH Patric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No NAS-Port seen warning
Hey, I keep getting a warning message in my Radius setup... WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent This is true enough. But I am sending a slightly different attribute: 'Quintum-NAS-Port'. Do I have control over this 'NAS-Port prefix? Or can I make rlm_acct_unique look for Quintum-NAS-Port instead of just NAS-Port? Any help appreciated. Thanks, Rob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_radutmp: No NAS-Port seen
Markus Krause <[EMAIL PROTECTED]> wrote: > is this really jsut a warning or does it mean the accounting (done for short > term accounts using mysql) will not work? The message you quoted was from the "radutmp" module. The word "mysql" did not appear in it. So... the message has nothing to do with mysql accounting. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_radutmp: No NAS-Port seen
hi all! when running freeradius in debug mode i am finding the following message: + [snipp] rlm_acct_unique: WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [snipp] radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'anonymous' rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! - is this really jsut a warning or does it mean the accounting (done for short term accounts using mysql) will not work? (as reported in another mail i only got accounting entries for user "anonymous" which comes from eap-ttls) thanks in advance for your help! with best regards, markus -- Markus Krause email: [EMAIL PROTECTED] Computing CenterTel.: 089 - 89 40 85 99 Group Lottspeich / Proteomics Fax.: 089 - 89 40 85 98 - This message was sent using https://webmail.biochem.mpg.de If you encounter any problems please report to [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco and No NAS-Port seen (checkrad)
Dusty Doris wrote: radius-server attribute nas-port format X with X being dependant on the type of connections I don't know if this will force it, but perhaps the default type is something that doesn't apply to your type of connection. For PPPoA we use format d, which gives you the slot/mod/port vpi/vci. But there are a few other options, just give it a ? thanks Dusty, i tried all formats (a,b,c,d) and i always recieve NAS-Post = 0 My interface is ISDN, and i see this on the accounting: Cisco-NAS-Port = "ISDN 7/4:D:19" Is there a way to use this attribute instead of NAS-Port? --- thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco and No NAS-Port seen (checkrad)
On Tue, 25 Oct 2005, Miguel wrote: Hi, im having problems implementing simultaneous-use on a cisco AS5400, is the same problem addresses in this thread http://lists.cistron.nl/pipermail/freeradius-users/2005-March/041894.html Ok, i know what the problem is, but how can i instruct the cisco that it must send the NAS-Port attribute?, is this even posible? thanks I think in conf t you can define the radius attribute with something like radius-server attribute nas-port format X with X being dependant on the type of connections I don't know if this will force it, but perhaps the default type is something that doesn't apply to your type of connection. For PPPoA we use format d, which gives you the slot/mod/port vpi/vci. But there are a few other options, just give it a ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco and No NAS-Port seen (checkrad)
Jonathan De Graeve wrote: Depends on the nas. Which nas? Cisco AS5400 --- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Cisco and No NAS-Port seen (checkrad)
>Ok, i know what the problem is, but how can i instruct the cisco that it >must send the NAS-Port attribute?, is this even posible? Depends on the nas. Which nas? J. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco and No NAS-Port seen (checkrad)
Miguel <[EMAIL PROTECTED]> wrote: > Ok, i know what the problem is, but how can i instruct the cisco that it > must send the NAS-Port attribute?, is this even posible? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco and No NAS-Port seen (checkrad)
Hi, im having problems implementing simultaneous-use on a cisco AS5400, is the same problem addresses in this thread http://lists.cistron.nl/pipermail/freeradius-users/2005-March/041894.html Ok, i know what the problem is, but how can i instruct the cisco that it must send the NAS-Port attribute?, is this even posible? thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
