> 3) acctterminatecause - What are the possible values here? In my
> table, I can see "User-Request" and "Session-Timeout". In the link I
> mentioned in my previous post uses "User-Reset". This is the part I am
> not sure on what is the appropriate value to use in this field.
Found in http://freer
Hi All,
When Radius gets acctterminatecause = "Nas Error" packets having
Acct-session-time field = 0, user "" .i see an an error in Raidus log
*Mon Aug 17 05:46:04 2009 : Error: rlm_sql (sql) in sql_accounting: stop
packet with zero session length. [user '', nas 'xx.xx.xx.xx']*
how to count it as
2009/8/18 Alan DeKok :
> Don't use the pipe. Use ntlm_auth as configured in the mschap module,
> without any extra changes.
Oh, sorry.
I tried to get some about ntlm_auth output and forgot to remove changes.
I delete pipe but it did't remove problem.
-
List info/subscribe/unsubscribe? See http
> sees? How do I update a user's acctstoptime when the NAS doesn't have a
> session for that user, but the DB shows as "NULL" (i.e. freeradius believes
> the user is live)?
>
It is called stale session. I am also trying to solve the same. I just
discussed this topic few days back. Check the list
Anton Brinyov wrote:
> 2009/8/17 Alan Buxey
>> whoa! you are piping the output via tee to a log file - therefore
>> the code isnt getting the return value - hence the badness.
>
> How can I get return value?
Don't use the pipe. Use ntlm_auth as configured in the mschap module,
without any ext
I've had FR 2.1.6 running on a FreeBSD 7.2 test server for some time now. When
I applied the rlm_mschap / rlm_eap_mschap patch I worked on over the weekend
(which is working great btw - I will upload it shortly), I now get the
following error on FR startup:
Can't load '/usr/local/lib/perl5/5.8
Hi Everyone,
I'm using SQL for Simultaneous Use checking. It works in that if someone
tries to auth when they're already logged in, they're rejected. However,
sometimes the acct stop packet never makes it to freeradius (for whatever
reason) when the user logs off. This leaves the "acctstoptime"
2009/8/17 Alan Buxey
> whoa! you are piping the output via tee to a log file - therefore
> the code isnt getting the return value - hence the badness.
How can I get return value?
2009/8/17 Garber, Neal :
> Try removing the single double quote (“) just before the last right curly
> brace (“}”) at
It looks like I might have figured it out, I had commented out the line I had
added that I actually needed. I wasn't telling Radius where to look in LDAP
for the password field.
I can get my windows XP laptops to connect without a problem, still having a
bit of a problem with the Mac laptops s
Le Monday 17 August 2009 16:48:35 Irina, vous avez écrit :
> Hello,
>
> I need to allow a block of 8 IP addresses in 'nasname' column in NAS table.
> Can I use
>
> xx.xx.xx.112/29
>
> Thank you for your help in advance
>
> Kindest Regards,
> Irina
> ===
No !
/29 give not
Hello,
We need to allow a block of 8 IP addresses in 'nasname' column in NAS table.
Can I use
xx.xx.xx.112/29
Thank you for your help in advance
Kindest Regards,
Irina
===-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hello,
I need to allow a block of 8 IP addresses in 'nasname' column in NAS table.
Can I use
xx.xx.xx.112/29
Thank you for your help in advance
Kindest Regards,
Irina
===-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
vol...@ufamts.ru wrote:
> Alan DeKok wrote:
>
>> What do you mean "duplicate records"?
>>
>> Alan DeKok.
>>
>
> If home server does not respond, FR does not respond too -> NAS repeats
> request -> FR writes request data to SQL again.
>
> So we got two problems:
> 1) repeating requests
> 2)
>I tried to use aythentication via Active Directory domain.
>FreeRadius 2.1.6 return error:
Try removing the single double quote (") just before the last right curly brace
("}") at the bottom of the mschap file
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> Why? That is NOT necessary. All of the documentation and all of the
> examples and many of the messages on this list say DO NOT SET AUTH-TYPE.
> Especially Auth-Type := Local. That configuration has been NOT
> recommended for many years now. Many, many, years.
Yes, you are so right!
R
hi,
whoa! you are piping the output via tee to a log file - therefore
the code isnt getting the return value - hence the badness.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Eric Bourkland wrote:
> No Cleartext-Password configured. Cannot create LM-Password
> No Cleartext-Password configured. Cannot create NT-Password
> Told to do MS-CHAPv2 for test.user with NT-Password
> FAILED: No NT/LM-Password. Cannot perform authentication.
> FAILED: MS-CHAP2-Response is incorr
mikoi wrote:
>> Why is the Auth-Type := Accept in there?
>
> Yes, you are right. This was the cause.
>
> Removed the line from radgroupcheck and added Auth-Type := LOCAL
Why? That is NOT necessary. All of the documentation and all of the
examples and many of the messages on this list say D
> So... what are the contents of the NT-Password attribute?
In the LDAP data store? is it a hashed (MD4) format which should be able to be
read doing MS-CHAP. I know, I know clear text, but with my current set up
Zimbra with OpenLdap it does not let you do complete clear text. I integrated
> Why is the Auth-Type := Accept in there?
Yes, you are right. This was the cause.
Removed the line from radgroupcheck and added Auth-Type := LOCAL to radcheck
instead and that did the trick. Thanks.
For users that are proxied to the backend RADIUS-server i need Auth-Type :=
Accept otherwise i
Sergey Korobkov wrote:
> Using version from GIT.
> When DHCP-Message-Type = 0 the server must not sending reply.
> But in this code set DHCP-Message-Type value from 0 to 1024 and reply sending
> to client.
Fixed, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradiu
mikoi wrote:
> The problem:
> When logging in with the user with Cleartext-Password all passwords are
> accepted.
Because that's what you told it to do.
> mysql> select * from radgroupcheck;
> ++---+++-+
> | id | groupname | attribute | op | val
Ok, I got a hint. I was mistaken, it was doing the mess for '\n' and
for '\t' also in accounting but I find from where it comes.
In my default/post-auth I had :
update reply{
Tunnel-Type = 13
Tunnel-Medium-Type = 6
# I use the real ID for setting the vlan nu
Using version from GIT.
When DHCP-Message-Type = 0 the server must not sending reply.
But in this code set DHCP-Message-Type value from 0 to 1024 and reply sending
to client.
src/main/dhcpd.c
...
vp = pairfind(request->reply->vps, DHCP2ATTR(53)); /*
DHCP-Message-Type */
if (vp) {
Hi All,
getting the following errors in the radius log:
Mon Aug 17 05:45:38 2009 : Error: rlm_radutmp: Logout for NAS Default NAS
Entry port 1239, but no Login record
Mon Aug 17 05:45:38 2009 : Error: rlm_radutmp: Logout for NAS Default NAS
Entry port 712, but no Login record
Mon Aug 17 05:45:38 2
25 matches
Mail list logo