RE: radwho and radtest
> attached is the complete debug log Try using Calling-Station-Id instead of NAS-Port for accounting. Alter (raddb/modules/)acct_unique to use Calling-Station-Id. And use sql for session and accounting. It's quicker and queries can be configured to use Calling-Station-Id instead of NAS-Port. Ivan Kalik > > > >> Date: Wed, 9 Dec 2009 23:28:49 + >> Subject: RE: radwho and radtest >> From: t...@kalik.net >> To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org >> >> > >> > I get this when I login to the firewall >> >> It would help if you wouldn't edit the debug. Post the whole thing >> request >> + processing (both for authentication and accounting). >> >> Ivan Kalik >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html > > _ > Windows Live: Keep your friends up to date with what you do online. > http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010- > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho and radtest
Please do the rest of us a favor and configure your mail client to use the correct data type when attaching files. Your log file came through as: Content-Type: application/octet-stream Which means mail clients think this is binary data and won't display it nor do they even know they can open a text editor on it. The Content-Type should have been text. -- John Dennis Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
hello Ivan attached is the complete debug log > Date: Wed, 9 Dec 2009 23:28:49 + > Subject: RE: radwho and radtest > From: t...@kalik.net > To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org > > > > > I get this when I login to the firewall > > It would help if you wouldn't edit the debug. Post the whole thing request > + processing (both for authentication and accounting). > > Ivan Kalik > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010 putty.log Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
> > I get this when I login to the firewall It would help if you wouldn't edit the debug. Post the whole thing request + processing (both for authentication and accounting). Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
I get this when I login to the firewall
> To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
> Subject: Re: radwho and radtest
> From: g...@gera.me
> Date: Wed, 9 Dec 2009 15:28:30 -0700
>
>
> Maybe I'm missing something, but is this shown while you do use the radtest
> command? If so, then it's normal that you get nothing on radwho.
>
> If you get nothing on radwho when using the NAS (and you didn't went so far
> from the default freeradius configuration), then indeed you still need to
> configure it to send accounting data to radius.
>
>
> On Wednesday 09 December 2009 02:58:13 pm Ramzi Abdallah wrote:
> > thanks Ivan, when I run in debug mode I get the bellow errors
> >
> > ++[preprocess] returns ok
> > [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique
> > ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address =
> > 193.188.129.17,NAS-IP-Address = 193.188.129.17,Acct-Session-Id =
> > "00550003",User-Name = "rsa"' [acct_unique] Acct-Unique-Session-ID =
> > "cc3ac6adce99a1dd".
> > ++[acct_unique] returns ok
> > [suffix] No '@' in User-Name = "rsa", looking up realm NULL
> > [suffix] No such realm "NULL"
> > ++[suffix] returns noop
> > ++[files] returns noop
> >
> >
> > [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
> > [radutmp] expand: %{User-Name} -> rsa
> > rlm_radutmp: No NAS-Port seen. Cannot do anything.
> > rlm_radumtp: WARNING: checkrad will probably not work!
> > ++[radutmp] returns noop
> >
> > > Date: Wed, 9 Dec 2009 21:32:55 +
> > > Subject: RE: radwho and radtest
> > > From: t...@kalik.net
> > > To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
> > >
> > > > thank you alan for the quick reply. It worked just fine. Now I am still
> > > > facing the problem with the radwho and radlast. Any idea
> > >
> > > Yes, you have sent an authentication request. No accounting. So there is
> > > nothing for radwho to show. It displays accounting information. In case
> > > you weren't aware, radius server doesn't generate accounting information.
> > >
> > > Ivan Kalik
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> >
> > _
> > Windows Live: Keep your friends up to date with what you do online.
> > http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so
> > cial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:09201
> > 0
> >
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho and radtest
Maybe I'm missing something, but is this shown while you do use the radtest
command? If so, then it's normal that you get nothing on radwho.
If you get nothing on radwho when using the NAS (and you didn't went so far
from the default freeradius configuration), then indeed you still need to
configure it to send accounting data to radius.
On Wednesday 09 December 2009 02:58:13 pm Ramzi Abdallah wrote:
> thanks Ivan, when I run in debug mode I get the bellow errors
>
> ++[preprocess] returns ok
> [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique
> ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address =
> 193.188.129.17,NAS-IP-Address = 193.188.129.17,Acct-Session-Id =
> "00550003",User-Name = "rsa"' [acct_unique] Acct-Unique-Session-ID =
> "cc3ac6adce99a1dd".
> ++[acct_unique] returns ok
> [suffix] No '@' in User-Name = "rsa", looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> ++[files] returns noop
>
>
> [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
> [radutmp] expand: %{User-Name} -> rsa
> rlm_radutmp: No NAS-Port seen. Cannot do anything.
> rlm_radumtp: WARNING: checkrad will probably not work!
> ++[radutmp] returns noop
>
> > Date: Wed, 9 Dec 2009 21:32:55 +
> > Subject: RE: radwho and radtest
> > From: t...@kalik.net
> > To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
> >
> > > thank you alan for the quick reply. It worked just fine. Now I am still
> > > facing the problem with the radwho and radlast. Any idea
> >
> > Yes, you have sent an authentication request. No accounting. So there is
> > nothing for radwho to show. It displays accounting information. In case
> > you weren't aware, radius server doesn't generate accounting information.
> >
> > Ivan Kalik
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> _
> Windows Live: Keep your friends up to date with what you do online.
> http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so
> cial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:09201
> 0
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
great, then I have to contact the fortinet guys to see why this is happening > Date: Wed, 9 Dec 2009 22:08:56 + > Subject: RE: radwho and radtest > From: t...@kalik.net > To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org > > > [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique > > ID MAY be inconsistent > ... > > rlm_radutmp: No NAS-Port seen. Cannot do anything. > > Nothing misterious in those messages. NAS is not sending NAS-Port and > radutmp needs it to work. > > Ivan Kalik > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
> [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique > ID MAY be inconsistent ... > rlm_radutmp: No NAS-Port seen. Cannot do anything. Nothing misterious in those messages. NAS is not sending NAS-Port and radutmp needs it to work. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
thanks Ivan, when I run in debug mode I get the bellow errors
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID
MAY be inconsistent
[acct_unique] Hashing ',Client-IP-Address = 193.188.129.17,NAS-IP-Address =
193.188.129.17,Acct-Session-Id = "00550003",User-Name = "rsa"'
[acct_unique] Acct-Unique-Session-ID = "cc3ac6adce99a1dd".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "rsa", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> rsa
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
> Date: Wed, 9 Dec 2009 21:32:55 +
> Subject: RE: radwho and radtest
> From: t...@kalik.net
> To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
>
> > thank you alan for the quick reply. It worked just fine. Now I am still
> > facing the problem with the radwho and radlast. Any idea
>
> Yes, you have sent an authentication request. No accounting. So there is
> nothing for radwho to show. It displays accounting information. In case
> you weren't aware, radius server doesn't generate accounting information.
>
> Ivan Kalik
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
> thank you alan for the quick reply. It worked just fine. Now I am still > facing the problem with the radwho and radlast. Any idea Yes, you have sent an authentication request. No accounting. So there is nothing for radwho to show. It displays accounting information. In case you weren't aware, radius server doesn't generate accounting information. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho and radtest
hi, got accounting details sent from NAS? why dont you run in debug mode when you are doing the tests? you can then see what is going on...and why things arent being recorded. what method of session tracking are you using? radutmp etc - check your config for the session information. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
Thank you gera, attached are copies for the users and clients.conf config
files. Normally when I run radwho and radlast I am authenticated with user rsa
so I should at least see my login :)
Regards,
Ramzi
> To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
> Subject: Re: radwho and radtest
> From: g...@gera.me
> Date: Wed, 9 Dec 2009 13:09:57 -0700
>
>
> A copy of the relevant parts of your users and clients config files would be
> great.
>
> If no body's logged in, it's fine if you see nothing on the radwho output
>
> On Wednesday 09 December 2009 12:41:48 pm Ramzi Abdallah wrote:
> > hi,
> >
> > I installed FreeRADIUS Version 2.1.7 from the RPM package that is included
> > with Fedora core 12. The server starts without errors and authentication
> > is working fine. The problem I am having is with the radwatch displays no
> > output and radtest fails.
> >
> > output of the radtest
> > -
> > [r...@dia ~]# radtest rsa hello localhost 1812 testing123
> > Sending Access-Request of id 42 to ::1 port 1812
> > User-Name = "rsa"
> > User-Password = "hello"
> > NAS-IP-Address = 127.0.0.1
> > NAS-Port = 1812
> > Sending Access-Request of id 42 to ::1 port 1812
> > User-Name = "rsa"
> > User-Password = "hello"
> > NAS-IP-Address = 127.0.0.1
> > NAS-Port = 1812
> > Sending Access-Request of id 42 to ::1 port 1812
> > User-Name = "rsa"
> > User-Password = "hello"
> > NAS-IP-Address = 127.0.0.1
> > NAS-Port = 1812
> > radclient: no response from server for ID 42 socket 3
> > [r...@dia ~]#
> >
> >
> > output of radwho
> > -
> > [r...@dia raddb]# radwho
> > Login Name What TTY When FromLocation
> > [r...@dia raddb]#
> >
> >
> > [r...@dia ~]# radwatch
> > A radiusd process already exists
> > [r...@dia ~]#
> >
> >
> > I have also attached the output of radiusd -X
> >
> >
> > any help would be greatly appreciated
> >
> >
> >
> >
> > _
> > Windows Live Hotmail: Your friends can get your Facebook updates, right
> > from Hotmail®.
> > http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/s
> > ocial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:0920
> > 09
> >
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail
you.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010#
# Deny access for a specific user. Note that this entry MUST
# be before any other 'Auth-Type' attribute which results in the user
# being authenticated.
#
# Note that there is NO 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#lameuser Auth-Type := Reject
# Reply-Message = "Your account has been disabled."
#
# Deny access for a group of users.
#
# Note that there is NO 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#DEFAULTGroup == "disabled", Auth-Type := Reject
# Reply-Message = "Your account has been disabled."
#
#
rsa Cleartext-Password := "hello"
Reply-Message = "Hello, %{User-Name}"
#
#
# This is a complete entry for "steve". Note that there is no Fall-Through
# entry so that no DEFAULT entry will be used, and the user will NOT
# get any attributes in addition to the ones listed here.
#
#steve Cleartext-Password := "testing"
# Service-Type = Framed-User,
# Framed-Protocol = PPP,
# Framed-IP-Address = 172.16.3.33,
# Framed-IP-Netmask = 255.255.255.0,
# Framed-Routing = Broadcast-Listen,
# Framed-Filter-Id = "std.ppp",
# Framed-MTU = 1500,
# Framed-Compression = Van-Jacobsen-TCP-IP
#
# This is an entry for a user with a space in their name.
# Note the double quotes surrounding the name.
#
#"John Doe" Cleartext-Password := "hello"
# Reply-Message = "Hello, %{User-Name}"
#
# Dial user back and telnet to the default host for that port
#
#Deg
Re: radwho and radtest
A copy of the relevant parts of your users and clients config files would be great. If no body's logged in, it's fine if you see nothing on the radwho output On Wednesday 09 December 2009 12:41:48 pm Ramzi Abdallah wrote: > hi, > > I installed FreeRADIUS Version 2.1.7 from the RPM package that is included > with Fedora core 12. The server starts without errors and authentication > is working fine. The problem I am having is with the radwatch displays no > output and radtest fails. > > output of the radtest > - > [r...@dia ~]# radtest rsa hello localhost 1812 testing123 > Sending Access-Request of id 42 to ::1 port 1812 > User-Name = "rsa" > User-Password = "hello" > NAS-IP-Address = 127.0.0.1 > NAS-Port = 1812 > Sending Access-Request of id 42 to ::1 port 1812 > User-Name = "rsa" > User-Password = "hello" > NAS-IP-Address = 127.0.0.1 > NAS-Port = 1812 > Sending Access-Request of id 42 to ::1 port 1812 > User-Name = "rsa" > User-Password = "hello" > NAS-IP-Address = 127.0.0.1 > NAS-Port = 1812 > radclient: no response from server for ID 42 socket 3 > [r...@dia ~]# > > > output of radwho > - > [r...@dia raddb]# radwho > Login Name What TTY When FromLocation > [r...@dia raddb]# > > > [r...@dia ~]# radwatch > A radiusd process already exists > [r...@dia ~]# > > > I have also attached the output of radiusd -X > > > any help would be greatly appreciated > > > > > _ > Windows Live Hotmail: Your friends can get your Facebook updates, right > from Hotmail®. > http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/s > ocial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:0920 > 09 > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
thank you alan for the quick reply. It worked just fine. Now I am still facing the problem with the radwho and radlast. Any idea Regards, Ramzi > Date: Wed, 9 Dec 2009 20:00:29 + > From: a.l.m.bu...@lboro.ac.uk > To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org > Subject: Re: radwho and radtest > > ihi, > > accoridng to your output, it looks like localhost is mapping to ::1 > > which is the local box IPv6 address (like 127.0.0.1 is in IPv4 world) > > by default, FreeRADIUS wont be listing to IPv6 interface...if you configure > it so that it is then this will work - > > otherwise change you command to eg > > radtest rsa hello 127.0.0.1 1812 testing123 > > > or change your hosts file so that localhost maps to 127.0.0.1 first! > > alan > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Keep your friends updated—even when you’re not signed in. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho and radtest
ihi, accoridng to your output, it looks like localhost is mapping to ::1 which is the local box IPv6 address (like 127.0.0.1 is in IPv4 world) by default, FreeRADIUS wont be listing to IPv6 interface...if you configure it so that it is then this will work - otherwise change you command to eg radtest rsa hello 127.0.0.1 1812 testing123 or change your hosts file so that localhost maps to 127.0.0.1 first! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
