Re: radwho and radtest
Please do the rest of us a favor and configure your mail client to use the correct data type when attaching files. Your log file came through as: Content-Type: application/octet-stream Which means mail clients think this is binary data and won't display it nor do they even know they can open a text editor on it. The Content-Type should have been text. -- John Dennis jden...@redhat.com Looking to carve out IT costs? www.redhat.com/carveoutcosts/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
attached is the complete debug log Try using Calling-Station-Id instead of NAS-Port for accounting. Alter (raddb/modules/)acct_unique to use Calling-Station-Id. And use sql for session and accounting. It's quicker and queries can be configured to use Calling-Station-Id instead of NAS-Port. Ivan Kalik Date: Wed, 9 Dec 2009 23:28:49 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org I get this when I login to the firewall It would help if you wouldn't edit the debug. Post the whole thing request + processing (both for authentication and accounting). Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho and radtest
hi, I installed FreeRADIUS Version 2.1.7 from the RPM package that is included with Fedora core 12. The server starts without errors and authentication is working fine. The problem I am having is with the radwatch displays no output and radtest fails. output of the radtest - [r...@dia ~]# radtest rsa hello localhost 1812 testing123 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 radclient: no response from server for ID 42 socket 3 [r...@dia ~]# output of radwho - [r...@dia raddb]# radwho Login Name What TTY When FromLocation [r...@dia raddb]# [r...@dia ~]# radwatch A radiusd process already exists [r...@dia ~]# I have also attached the output of radiusd -X any help would be greatly appreciated _ Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:092009FreeRADIUS Version 2.1.7, for host i386-redhat-linux-gnu, built on Sep 16 2009 at 08:28:14 Copyright (C) 1999-2009 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/raddb/radiusd.conf including configuration file /etc/raddb/proxy.conf including configuration file /etc/raddb/clients.conf including files in directory /etc/raddb/modules/ including configuration file /etc/raddb/modules/pam including configuration file /etc/raddb/modules/policy including configuration file /etc/raddb/modules/radutmp including configuration file /etc/raddb/modules/smbpasswd including configuration file /etc/raddb/modules/mac2vlan including configuration file /etc/raddb/modules/sql_log including configuration file /etc/raddb/modules/linelog including configuration file /etc/raddb/modules/perl including configuration file /etc/raddb/modules/smsotp including configuration file /etc/raddb/modules/inner-eap including configuration file /etc/raddb/modules/detail including configuration file /etc/raddb/modules/sradutmp including configuration file /etc/raddb/modules/cui including configuration file /etc/raddb/modules/exec including configuration file /etc/raddb/modules/counter including configuration file /etc/raddb/modules/echo including configuration file /etc/raddb/modules/wimax including configuration file /etc/raddb/modules/files including configuration file /etc/raddb/modules/always including configuration file /etc/raddb/modules/detail.log including configuration file /etc/raddb/modules/detail.example.com including configuration file /etc/raddb/modules/realm including configuration file /etc/raddb/modules/otp including configuration file /etc/raddb/modules/mschap including configuration file /etc/raddb/modules/etc_group including configuration file /etc/raddb/modules/acct_unique including configuration file /etc/raddb/modules/expiration including configuration file /etc/raddb/modules/preprocess including configuration file /etc/raddb/modules/checkval including configuration file /etc/raddb/modules/attr_rewrite including configuration file /etc/raddb/modules/chap including configuration file /etc/raddb/modules/mac2ip including configuration file /etc/raddb/modules/ippool including configuration file /etc/raddb/modules/logintime including configuration file /etc/raddb/modules/expr including configuration file /etc/raddb/modules/pap including configuration file /etc/raddb/modules/passwd including configuration file /etc/raddb/modules/attr_filter including configuration file /etc/raddb/modules/sqlcounter_expire_on_login including configuration file /etc/raddb/modules/unix including configuration file /etc/raddb/modules/digest including configuration file /etc/raddb/eap.conf including configuration file /etc/raddb/policy.conf including files in directory /etc/raddb/sites-enabled/ including configuration file /etc/raddb/sites-enabled/inner-tunnel including configuration file /etc/raddb/sites-enabled/default including configuration file /etc/raddb/sites-enabled/control-socket group = radiusd user = radiusd including dictionary file /etc/raddb/dictionary main { prefix = /usr localstatedir = /var logdir =
RE: radwho and radtest
thank you alan for the quick reply. It worked just fine. Now I am still facing the problem with the radwho and radlast. Any idea Regards, Ramzi Date: Wed, 9 Dec 2009 20:00:29 + From: a.l.m.bu...@lboro.ac.uk To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org Subject: Re: radwho and radtest ihi, accoridng to your output, it looks like localhost is mapping to ::1 which is the local box IPv6 address (like 127.0.0.1 is in IPv4 world) by default, FreeRADIUS wont be listing to IPv6 interface...if you configure it so that it is then this will work - otherwise change you command to eg radtest rsa hello 127.0.0.1 1812 testing123 or change your hosts file so that localhost maps to 127.0.0.1 first! alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Keep your friends updated—even when you’re not signed in. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho and radtest
A copy of the relevant parts of your users and clients config files would be great. If no body's logged in, it's fine if you see nothing on the radwho output On Wednesday 09 December 2009 12:41:48 pm Ramzi Abdallah wrote: hi, I installed FreeRADIUS Version 2.1.7 from the RPM package that is included with Fedora core 12. The server starts without errors and authentication is working fine. The problem I am having is with the radwatch displays no output and radtest fails. output of the radtest - [r...@dia ~]# radtest rsa hello localhost 1812 testing123 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 radclient: no response from server for ID 42 socket 3 [r...@dia ~]# output of radwho - [r...@dia raddb]# radwho Login Name What TTY When FromLocation [r...@dia raddb]# [r...@dia ~]# radwatch A radiusd process already exists [r...@dia ~]# I have also attached the output of radiusd -X any help would be greatly appreciated _ Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/s ocial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:0920 09 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
Thank you gera, attached are copies for the users and clients.conf config files. Normally when I run radwho and radlast I am authenticated with user rsa so I should at least see my login :) Regards, Ramzi To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org Subject: Re: radwho and radtest From: g...@gera.me Date: Wed, 9 Dec 2009 13:09:57 -0700 A copy of the relevant parts of your users and clients config files would be great. If no body's logged in, it's fine if you see nothing on the radwho output On Wednesday 09 December 2009 12:41:48 pm Ramzi Abdallah wrote: hi, I installed FreeRADIUS Version 2.1.7 from the RPM package that is included with Fedora core 12. The server starts without errors and authentication is working fine. The problem I am having is with the radwatch displays no output and radtest fails. output of the radtest - [r...@dia ~]# radtest rsa hello localhost 1812 testing123 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 Sending Access-Request of id 42 to ::1 port 1812 User-Name = rsa User-Password = hello NAS-IP-Address = 127.0.0.1 NAS-Port = 1812 radclient: no response from server for ID 42 socket 3 [r...@dia ~]# output of radwho - [r...@dia raddb]# radwho Login Name What TTY When FromLocation [r...@dia raddb]# [r...@dia ~]# radwatch A radiusd process already exists [r...@dia ~]# I have also attached the output of radiusd -X any help would be greatly appreciated _ Windows Live Hotmail: Your friends can get your Facebook updates, right from Hotmail®. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/s ocial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_4:0920 09 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Friends get your Flickr, Yelp, and Digg updates when they e-mail you. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_3:092010# # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = Your account has been disabled. # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULTGroup == disabled, Auth-Type := Reject # Reply-Message = Your account has been disabled. # # rsa Cleartext-Password := hello Reply-Message = Hello, %{User-Name} # # # This is a complete entry for steve. Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Cleartext-Password := testing # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = std.ppp, # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #John Doe Cleartext-Password := hello # Reply-Message = Hello, %{User-Name} # # Dial user back and telnet to the default host for that port # #DegCleartext-Password := ge55ged # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = 9,5551212, # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user dialbk has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host timeshare1. # #dialbk Cleartext-Password := callme # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = 9,1-800-555-1212 # # user swilson will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file
Re: radwho and radtest
hi, got accounting details sent from NAS? why dont you run in debug mode when you are doing the tests? you can then see what is going on...and why things arent being recorded. what method of session tracking are you using? radutmp etc - check your config for the session information. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
thank you alan for the quick reply. It worked just fine. Now I am still facing the problem with the radwho and radlast. Any idea Yes, you have sent an authentication request. No accounting. So there is nothing for radwho to show. It displays accounting information. In case you weren't aware, radius server doesn't generate accounting information. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
thanks Ivan, when I run in debug mode I get the bellow errors ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 193.188.129.17,NAS-IP-Address = 193.188.129.17,Acct-Session-Id = 00550003,User-Name = rsa' [acct_unique] Acct-Unique-Session-ID = cc3ac6adce99a1dd. ++[acct_unique] returns ok [suffix] No '@' in User-Name = rsa, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop [radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp [radutmp] expand: %{User-Name} - rsa rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! ++[radutmp] returns noop Date: Wed, 9 Dec 2009 21:32:55 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org thank you alan for the quick reply. It worked just fine. Now I am still facing the problem with the radwho and radlast. Any idea Yes, you have sent an authentication request. No accounting. So there is nothing for radwho to show. It displays accounting information. In case you weren't aware, radius server doesn't generate accounting information. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent ... rlm_radutmp: No NAS-Port seen. Cannot do anything. Nothing misterious in those messages. NAS is not sending NAS-Port and radutmp needs it to work. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
great, then I have to contact the fortinet guys to see why this is happening Date: Wed, 9 Dec 2009 22:08:56 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent ... rlm_radutmp: No NAS-Port seen. Cannot do anything. Nothing misterious in those messages. NAS is not sending NAS-Port and radutmp needs it to work. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho and radtest
Maybe I'm missing something, but is this shown while you do use the radtest command? If so, then it's normal that you get nothing on radwho. If you get nothing on radwho when using the NAS (and you didn't went so far from the default freeradius configuration), then indeed you still need to configure it to send accounting data to radius. On Wednesday 09 December 2009 02:58:13 pm Ramzi Abdallah wrote: thanks Ivan, when I run in debug mode I get the bellow errors ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 193.188.129.17,NAS-IP-Address = 193.188.129.17,Acct-Session-Id = 00550003,User-Name = rsa' [acct_unique] Acct-Unique-Session-ID = cc3ac6adce99a1dd. ++[acct_unique] returns ok [suffix] No '@' in User-Name = rsa, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop [radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp [radutmp] expand: %{User-Name} - rsa rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! ++[radutmp] returns noop Date: Wed, 9 Dec 2009 21:32:55 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org thank you alan for the quick reply. It worked just fine. Now I am still facing the problem with the radwho and radlast. Any idea Yes, you have sent an authentication request. No accounting. So there is nothing for radwho to show. It displays accounting information. In case you weren't aware, radius server doesn't generate accounting information. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so cial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:09201 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
I get this when I login to the firewall To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org Subject: Re: radwho and radtest From: g...@gera.me Date: Wed, 9 Dec 2009 15:28:30 -0700 Maybe I'm missing something, but is this shown while you do use the radtest command? If so, then it's normal that you get nothing on radwho. If you get nothing on radwho when using the NAS (and you didn't went so far from the default freeradius configuration), then indeed you still need to configure it to send accounting data to radius. On Wednesday 09 December 2009 02:58:13 pm Ramzi Abdallah wrote: thanks Ivan, when I run in debug mode I get the bellow errors ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 193.188.129.17,NAS-IP-Address = 193.188.129.17,Acct-Session-Id = 00550003,User-Name = rsa' [acct_unique] Acct-Unique-Session-ID = cc3ac6adce99a1dd. ++[acct_unique] returns ok [suffix] No '@' in User-Name = rsa, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop [radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp [radutmp] expand: %{User-Name} - rsa rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! ++[radutmp] returns noop Date: Wed, 9 Dec 2009 21:32:55 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org thank you alan for the quick reply. It worked just fine. Now I am still facing the problem with the radwho and radlast. Any idea Yes, you have sent an authentication request. No accounting. So there is nothing for radwho to show. It displays accounting information. In case you weren't aware, radius server doesn't generate accounting information. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/so cial-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:09201 0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
I get this when I login to the firewall It would help if you wouldn't edit the debug. Post the whole thing request + processing (both for authentication and accounting). Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho and radtest
hello Ivan attached is the complete debug log Date: Wed, 9 Dec 2009 23:28:49 + Subject: RE: radwho and radtest From: t...@kalik.net To: rabdal...@pobox.com; freeradius-users@lists.freeradius.org I get this when I login to the firewall It would help if you wouldn't edit the debug. Post the whole thing request + processing (both for authentication and accounting). Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _ Windows Live: Keep your friends up to date with what you do online. http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010 putty.log Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html