Re: radwho not working
Clint Petty wrote: > Hi Alan, > > Well I discovered a way to display a list of all active users without having > to implement FreeRadius accounting, which BTW is not as straight forward as > it should be. > > I was able to display all active users through my StrongSwan server, with the > simple following command: > > # strongswan leases > > FreeRadius should be so easy! RADIUS does a LOT more than strongswan. And yes, basic RADIUS really is easy. A large part of the difficulties are due to bad client implementations. No one wants to blame the client, so everyone blames FreeRADIUS. I've learned to deal with it, but that doesn't mean I have to like it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho not working
On 7 Oct 2013, at 22:39, Clint Petty wrote: > Hi Alan, > > Well I discovered a way to display a list of all active users without having > to implement FreeRadius accounting, which BTW is not as straight forward as > it should be. > > I was able to display all active users through my StrongSwan server, with the > simple following command: > > # strongswan leases > > FreeRadius should be so easy! It is if you understand SQL, and don't insist on using arcane decade old modules and utilities. -Arran Arran Cudbard-Bell FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho not working
Hi Alan, Well I discovered a way to display a list of all active users without having to implement FreeRadius accounting, which BTW is not as straight forward as it should be. I was able to display all active users through my StrongSwan server, with the simple following command: # strongswan leases FreeRadius should be so easy! Thanks, Clint -Original Message- From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org [mailto:freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Thursday, October 03, 2013 3:10 PM To: FreeRadius users mailing list Subject: Re: radwho not working Clint Petty wrote: > I am not blaming, I am just wanting to get the radwho command to work. That is *entirely* the wrong attitude. There is no "just get it to work". There *are* multiple pieces involved, each of which has to be verified. I'm trying to convince you to use a methodical approach. If you read "man radwho", you'll see it uses accounting packets. That should indicate that you'll need to enable accounting. But you didn't do that. You were told to run the server in debugging mode, and you did once... but not the next time. The less you do yourself, and the more difficult you make it to help you, the less we're inclined to help. *THAT* is the goal of many of my responses. > I have now turned on accounting info to be sent from the StrongSwan server > to the FreeRadius server. For I can see the accounting info in > /var/log/radius/radacct//detail-20131003 file. Which isn't the radutmp file, is it? Again, "man radwho" says it reads the radutmp file. Again, your process should be something like this: - "man radwho" says it needs the radutmp file. - is the radutmp module enabled? - if enabled, is it doing anything? - where is the file? - is it being modified? > However I am still getting the same results with the radwho command, showing > just the titles, with no connections? You other message indicates that the module is being used, and is returning "ok". Does the "radwho" command print anything after the "radutmp" module returns "ok" ? It should. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho not working
Hi Clint,
On Thu, Oct 03, 2013 at 09:53:57PM +, Clint Petty wrote:
...
> [detail] expand: %t -> Thu Oct 3 21:45:27 2013
> ++[detail] returns ok
> ++[unix] returns ok
> [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
> [radutmp] expand: %{User-Name} -> test
> ++[radutmp] returns ok
> ++[exec] returns noop
>From that, have you tried the following?
radwho -F /var/log/radius/radutmp
See also radwho(1).
Matthew
--
Matthew Newton, Ph.D.
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho not working
Clint Petty wrote: > I am not blaming, I am just wanting to get the radwho command to work. That is *entirely* the wrong attitude. There is no "just get it to work". There *are* multiple pieces involved, each of which has to be verified. I'm trying to convince you to use a methodical approach. If you read "man radwho", you'll see it uses accounting packets. That should indicate that you'll need to enable accounting. But you didn't do that. You were told to run the server in debugging mode, and you did once... but not the next time. The less you do yourself, and the more difficult you make it to help you, the less we're inclined to help. *THAT* is the goal of many of my responses. > I have now turned on accounting info to be sent from the StrongSwan server > to the FreeRadius server. For I can see the accounting info in > /var/log/radius/radacct//detail-20131003 file. Which isn't the radutmp file, is it? Again, "man radwho" says it reads the radutmp file. Again, your process should be something like this: - "man radwho" says it needs the radutmp file. - is the radutmp module enabled? - if enabled, is it doing anything? - where is the file? - is it being modified? > However I am still getting the same results with the radwho command, showing > just the titles, with no connections? You other message indicates that the module is being used, and is returning "ok". Does the "radwho" command print anything after the "radutmp" module returns "ok" ? It should. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho not working
tory...
[ldap] userPassword -> User-Password == "password"
[ldap] userPassword -> Password-With-Header == "password"
[ldap] sambaNtPassword -> NT-Password ==
0x3842423544393331433146303430343833393537393933353042383233443243
[ldap] looking for reply items in directory...
[ldap] user test authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring
Password-With-Header
[pap] Normalizing NT-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
!!!
!!!Replacing User-Password in config items with Cleartext-Password. !!!
!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns ok
Login OK: [test] (from client localhost port 61 cli xx.xx.xx.150[29608])
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 94 to xx.xx.xx.79 port 50925
EAP-Message = 0x03010004
Message-Authenticator = 0x
User-Name = "test"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host xx.xx.xx.79 port 48595, id=95,
length=136
Acct-Status-Type = Start
Acct-Session-Id = "1380824273-61"
NAS-Port-Type = Virtual
Service-Type = Framed-User
NAS-Port = 61
NAS-Port-Id = "ios"
NAS-IP-Address = xx.xx.xx.79
Called-Station-Id = "xx.xx.xx.79[4500]"
Calling-Station-Id = "xx.xx.xx.150[29608]"
User-Name = "test"
Framed-IP-Address = xx.xx.xx.1
NAS-Identifier = "strongSwan"
# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 61,Client-IP-Address =
xx.xx.xx.79,NAS-IP-Address = xx.xx.xx.79,Acct-Session-Id =
"1380824273-61",User-Name = "test"'
[acct_unique] Acct-Unique-Session-ID = "145df3492fbbdbec".
++[acct_unique] returns ok
[suffix] No '@' in User-Name = "test", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]expand: %{Packet-Src-IP-Address} -> xx.xx.xx.79
[detail]expand:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/radius/radacct/xx.xx.xx.79/detail-20131003
[detail]
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/radius/radacct/xx.xx.xx.79/detail-20131003
[detail]expand: %t -> Thu Oct 3 21:45:27 2013
++[detail] returns ok
++[unix] returns ok
[radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp] expand: %{User-Name} -> test
++[radutmp] returns ok
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 95 to xx.xx.xx.79 port 48595
Finished request 2.
Cleaning up request 2 ID 95 with timestamp +9
Going to the next request
Waking up in 4.8 seconds.
Cleaning up request 0 ID 93 with timestamp +9
Cleaning up request 1 ID 94 with timestamp +9
Ready to process requests.
-Original Message-
From: freeradius-users-bounces+cpetty=company@lists.freeradius.org
[mailto:freeradius-users-bounces+cpetty=company@lists.freeradius.org] On
Behalf Of a.l.m.bu...@lboro.ac.uk
Sent: Thursday, October 03, 2013 2:17 PM
To: FreeRadius users mailing list
Subject: Re: radwho not working
Hi,
> I am not blaming, I am just wanting to get the radwho command to work. I
> have now turned on accounting info to be sent from the StrongSwan server to
> the FreeRadius server. For I can see the accounting info in
> /var/log/radius/radacct//detail-20131003 file. However I am
> still getting the same results with the radwho command, showing just the
> titles, with no connections?
same reponse - output of "radiusd -X" please
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho not working
Hi, > I am not blaming, I am just wanting to get the radwho command to work. I > have now turned on accounting info to be sent from the StrongSwan server to > the FreeRadius server. For I can see the accounting info in > /var/log/radius/radacct//detail-20131003 file. However I am > still getting the same results with the radwho command, showing just the > titles, with no connections? same reponse - output of "radiusd -X" please alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho not working
Hi Alan, I am not blaming, I am just wanting to get the radwho command to work. I have now turned on accounting info to be sent from the StrongSwan server to the FreeRadius server. For I can see the accounting info in /var/log/radius/radacct//detail-20131003 file. However I am still getting the same results with the radwho command, showing just the titles, with no connections? -Original Message- From: freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org [mailto:freeradius-users-bounces+cpetty=luthresearch@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Thursday, October 03, 2013 10:53 AM To: FreeRadius users mailing list Subject: Re: radwho not working cpetty wrote: > Below is the results from radiusd -X (debug mode), while logging in: > > rad_recv: Access-Request packet from host xx.xx.xx.79 port 40379, id=79, > length=138 The radwho file logs *accounting* packets. That is an *authentication* packet. You're blaming FreeRADIUS because the NAS never sends an Accounting-Request. Go fix the NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho not working
Clint Petty wrote: > Below is the results from radiusd -X (debug mode), while logging in: > > rad_recv: Access-Request packet from host xx.xx.xx.79 port 40379, id=79, > length=138 The radwho file logs *accounting* packets. That is an *authentication* packet. You're blaming FreeRADIUS because the NAS never sends an Accounting-Request. Go fix the NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radwho not working
ord -> User-Password == "password"
[ldap] userPassword -> Password-With-Header == "password"
[ldap] sambaNtPassword -> NT-Password == 0x38424235443
[ldap] looking for reply items in directory...
[ldap] user test authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Config already contains "known good" password. Ignoring
Password-With-Header
[pap] Normalizing NT-Password from hex encoding
[pap] WARNING: Auth-Type already set. Not setting to PAP
++[pap] returns noop
Found Auth-Type = EAP
!!!
!!!Replacing User-Password in config items with Cleartext-Password. !!!
!!!
!!! Please update your configuration so that the "known good" !!!
!!! clear text password is in Cleartext-Password, and not in User-Password. !!!
!!!
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/md5
[eap] processing type md5
[eap] Freeing handler
++[eap] returns ok
Login OK: [test] (from client localhost port 53 cli xx.xx.xx.150[32055])
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 80 to xx.xx.xx.79 port 40379
EAP-Message = 0x03010004
Message-Authenticator = 0x
User-Name = "test"
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 79 with timestamp +20
Cleaning up request 1 ID 80 with timestamp +20
Ready to process requests.
-Original Message-
From: freeradius-users-bounces+me=company@lists.freeradius.org
[mailto:freeradius-users-bounces+me=company@lists.freeradius.org] On Behalf
Of a.l.m.bu...@lboro.ac.uk
Sent: Thursday, October 03, 2013 1:32 AM
To: FreeRadius users mailing list
Subject: Re: radwho not working
Hi,
> I would like to display the active Radius connections. When I run radwho I
> get the following results (showing nothing but the titles) even though I know
> I have an active connection:
using the utmp/wtmp modules? what does your FreeRADIUS debug show when
someone logging in?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho not working
Hi, > I would like to display the active Radius connections. When I run radwho I > get the following results (showing nothing but the titles) even though I know > I have an active connection: using the utmp/wtmp modules? what does your FreeRADIUS debug show when someone logging in? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho not working
I would like to display the active Radius connections. When I run radwho I get the following results (showing nothing but the titles) even though I know I have an active connection: # radwho Login Name What TTY When FromLocation # - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
