Re: radwho and radtest
Please do the rest of us a favor and configure your mail client to use the correct data type when attaching files. Your log file came through as: Content-Type: application/octet-stream Which means mail clients think this is binary data and won't display it nor do they even know they can open a text editor on it. The Content-Type should have been text. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
attached is the complete debug log Try using Calling-Station-Id instead of NAS-Port for accounting. Alter (raddb/modules/)acct_unique to use Calling-Station-Id. And use sql for session and accounting. It's quicker and queries can be configured to use Calling-Station-Id instead of NAS-Port. Ivan Kalik Date: Wed, 9 Dec 2009 23:28:49 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org I get this when I login to the firewall It would help if you wouldn't edit the debug. Post the whole thing request + processing (both for authentication and accounting). Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
thank you alan for the quick reply. It worked just fine. Now I am still facing the problem with the radwho and radlast. Any idea Regards, Ramzi Date: Wed, 9 Dec 2009 20:00:29 + From: a.l.m.bu...@lboro.ac.uk To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org Subject: Re: radwho and radtest ihi, accoridng to your output, it looks like localhost is mapping to ::1 which is the local box IPv6 address (like 127.0.0.1 is in IPv4 world) by default, FreeRADIUS wont be listing to IPv6 interface...if you configure it so that it is then this will work - otherwise change you command to eg radtest rsa hello 127.0.0.1 1812 testing123 or change your hosts file so that localhost maps to 127.0.0.1 first! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Keep your friends updated—even when you’re not signed in. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho and radtest
A copy of the relevant parts of your users and clients config files would be great. If no body's logged in, it's fine if you see nothing on the radwho output On Wednesday 09 December 2009 12:41:48 pm Ramzi Abdallah wrote: hi, I installed FreeRADIUS Version 2.1.7 from the RPM package that is included with Fedora core 12. The server starts without errors and authentication is working fine. The problem I am having is with the radwatch displays no output and radtest fails. output of the radtest - [r...@dia ~]# radtest rsa hello localhost 1812 testing123 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 radclient: no response from server for ID 42 socket 3 [r...@dia ~]# output of radwho - [r...@dia raddb]# radwho Login Name What TTY When FromLocation [r...@dia raddb]# [r...@dia ~]# radwatch A radiusd process already exists [r...@dia ~]# I have also attached the output of radiusd -X any help would be greatly appreciated _ Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/s ocial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:0920 09 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
Thank you gera, attached are copies for the users and clients.conf config
files. Normally when I run radwho and radlast I am authenticated with user rsa
so I should at least see my login :)
Regards,
Ramzi
To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
Subject: Re: radwho and radtest
From: g...@gera.me
Date: Wed, 9 Dec 2009 13:09:57 -0700
A copy of the relevant parts of your users and clients config files would be
great.
If no body's logged in, it's fine if you see nothing on the radwho output
On Wednesday 09 December 2009 12:41:48 pm Ramzi Abdallah wrote:
hi,
I installed FreeRADIUS Version 2.1.7 from the RPM package that is included
with Fedora core 12. The server starts without errors and authentication
is working fine. The problem I am having is with the radwatch displays no
output and radtest fails.
output of the radtest
-
[r...@dia ~]# radtest rsa hello localhost 1812 testing123
Sending Access-Request of id 42 to ::1 port 1812
User-Name = rsa
User-Password = hello
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Sending Access-Request of id 42 to ::1 port 1812
User-Name = rsa
User-Password = hello
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
Sending Access-Request of id 42 to ::1 port 1812
User-Name = rsa
User-Password = hello
NAS-IP-Address = 127.0.0.1
NAS-Port = 1812
radclient: no response from server for ID 42 socket 3
[r...@dia ~]#
output of radwho
-
[r...@dia raddb]# radwho
Login Name What TTY When FromLocation
[r...@dia raddb]#
[r...@dia ~]# radwatch
A radiusd process already exists
[r...@dia ~]#
I have also attached the output of radiusd -X
any help would be greatly appreciated
_
Windows Live Hotmail: Your friends can get your Facebook updates, right
from Hotmail®.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/s
ocial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:0920
09
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_
Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail
you.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010#
# Deny access for a specific user. Note that this entry MUST
# be before any other 'Auth-Type' attribute which results in the user
# being authenticated.
#
# Note that there is NO 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#lameuser Auth-Type := Reject
# Reply-Message = Your account has been disabled.
#
# Deny access for a group of users.
#
# Note that there is NO 'Fall-Through' attribute, so the user will not
# be given any additional resources.
#
#DEFAULTGroup == disabled, Auth-Type := Reject
# Reply-Message = Your account has been disabled.
#
#
rsa Cleartext-Password := hello
Reply-Message = Hello, %{User-Name}
#
#
# This is a complete entry for steve. Note that there is no Fall-Through
# entry so that no DEFAULT entry will be used, and the user will NOT
# get any attributes in addition to the ones listed here.
#
#steve Cleartext-Password := testing
# Service-Type = Framed-User,
# Framed-Protocol = PPP,
# Framed-IP-Address = 172.16.3.33,
# Framed-IP-Netmask = 255.255.255.0,
# Framed-Routing = Broadcast-Listen,
# Framed-Filter-Id = std.ppp,
# Framed-MTU = 1500,
# Framed-Compression = Van-Jacobsen-TCP-IP
#
# This is an entry for a user with a space in their name.
# Note the double quotes surrounding the name.
#
#John Doe Cleartext-Password := hello
# Reply-Message = Hello, %{User-Name}
#
# Dial user back and telnet to the default host for that port
#
#DegCleartext-Password := ge55ged
# Service-Type = Callback-Login-User,
# Login-IP-Host = 0.0.0.0,
# Callback-Number = 9,5551212,
# Login-Service = Telnet,
# Login-TCP-Port = Telnet
#
# Another complete entry. After the user dialbk has logged in, the
# connection will be broken and the user will be dialed back after which
# he will get a connection to the host timeshare1.
#
#dialbk Cleartext-Password := callme
# Service-Type = Callback-Login-User,
# Login-IP-Host = timeshare1,
# Login-Service = PortMaster,
# Callback-Number = 9,1-800-555-1212
#
# user swilson will only get a static IP number if he logs in with
# a framed protocol on a terminal server in Alphen (see the huntgroups file
Re: radwho and radtest
hi, got accounting details sent from NAS? why dont you run in debug mode when you are doing the tests? you can then see what is going on...and why things arent being recorded. what method of session tracking are you using? radutmp etc - check your config for the session information. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
thank you alan for the quick reply. It worked just fine. Now I am still facing the problem with the radwho and radlast. Any idea Yes, you have sent an authentication request. No accounting. So there is nothing for radwho to show. It displays accounting information. In case you weren't aware, radius server doesn't generate accounting information. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
thanks Ivan, when I run in debug mode I get the bellow errors
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID
MAY be inconsistent
[acct_unique] Hashing ',Client-IP-Address = 193.188.129.17,NAS-IP-Address =
193.188.129.17,Acct-Session-Id = 00550003,User-Name = rsa'
[acct_unique] Acct-Unique-Session-ID = cc3ac6adce99a1dd.
++[acct_unique] returns ok
[suffix] No '@' in User-Name = rsa, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
++[files] returns noop
[radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp
[radutmp] expand: %{User-Name} - rsa
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
Date: Wed, 9 Dec 2009 21:32:55 +
Subject: RE: radwho and radtest
From: t...@kalik.net
To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
thank you alan for the quick reply. It worked just fine. Now I am still
facing the problem with the radwho and radlast. Any idea
Yes, you have sent an authentication request. No accounting. So there is
nothing for radwho to show. It displays accounting information. In case
you weren't aware, radius server doesn't generate accounting information.
Ivan Kalik
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent ... rlm_radutmp: No NAS-Port seen. Cannot do anything. Nothing misterious in those messages. NAS is not sending NAS-Port and radutmp needs it to work. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
great, then I have to contact the fortinet guys to see why this is happening Date: Wed, 9 Dec 2009 22:08:56 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent ... rlm_radutmp: No NAS-Port seen. Cannot do anything. Nothing misterious in those messages. NAS is not sending NAS-Port and radutmp needs it to work. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho and radtest
Maybe I'm missing something, but is this shown while you do use the radtest
command? If so, then it's normal that you get nothing on radwho.
If you get nothing on radwho when using the NAS (and you didn't went so far
from the default freeradius configuration), then indeed you still need to
configure it to send accounting data to radius.
On Wednesday 09 December 2009 02:58:13 pm Ramzi Abdallah wrote:
thanks Ivan, when I run in debug mode I get the bellow errors
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique
ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address =
193.188.129.17,NAS-IP-Address = 193.188.129.17,Acct-Session-Id =
00550003,User-Name = rsa' [acct_unique] Acct-Unique-Session-ID =
cc3ac6adce99a1dd.
++[acct_unique] returns ok
[suffix] No '@' in User-Name = rsa, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
++[files] returns noop
[radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp
[radutmp] expand: %{User-Name} - rsa
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
Date: Wed, 9 Dec 2009 21:32:55 +
Subject: RE: radwho and radtest
From: t...@kalik.net
To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
thank you alan for the quick reply. It worked just fine. Now I am still
facing the problem with the radwho and radlast. Any idea
Yes, you have sent an authentication request. No accounting. So there is
nothing for radwho to show. It displays accounting information. In case
you weren't aware, radius server doesn't generate accounting information.
Ivan Kalik
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
_
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so
cial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:09201
0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
I get this when I login to the firewall
To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
Subject: Re: radwho and radtest
From: g...@gera.me
Date: Wed, 9 Dec 2009 15:28:30 -0700
Maybe I'm missing something, but is this shown while you do use the radtest
command? If so, then it's normal that you get nothing on radwho.
If you get nothing on radwho when using the NAS (and you didn't went so far
from the default freeradius configuration), then indeed you still need to
configure it to send accounting data to radius.
On Wednesday 09 December 2009 02:58:13 pm Ramzi Abdallah wrote:
thanks Ivan, when I run in debug mode I get the bellow errors
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique
ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address =
193.188.129.17,NAS-IP-Address = 193.188.129.17,Acct-Session-Id =
00550003,User-Name = rsa' [acct_unique] Acct-Unique-Session-ID =
cc3ac6adce99a1dd.
++[acct_unique] returns ok
[suffix] No '@' in User-Name = rsa, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
++[files] returns noop
[radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp
[radutmp] expand: %{User-Name} - rsa
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
Date: Wed, 9 Dec 2009 21:32:55 +
Subject: RE: radwho and radtest
From: t...@kalik.net
To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org
thank you alan for the quick reply. It worked just fine. Now I am still
facing the problem with the radwho and radlast. Any idea
Yes, you have sent an authentication request. No accounting. So there is
nothing for radwho to show. It displays accounting information. In case
you weren't aware, radius server doesn't generate accounting information.
Ivan Kalik
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
_
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so
cial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:09201
0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
_
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
I get this when I login to the firewall It would help if you wouldn't edit the debug. Post the whole thing request + processing (both for authentication and accounting). Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
hello Ivan attached is the complete debug log Date: Wed, 9 Dec 2009 23:28:49 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org I get this when I login to the firewall It would help if you wouldn't edit the debug. Post the whole thing request + processing (both for authentication and accounting). Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010 putty.log Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
