unsubscribe
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Solved.
Debugging with SQL is piece-meal, and an early problem will obscure later ones.
1. I had a reply item FreeRADIUS did not understand (but this only
gets logged when all else runs clean).
2. I had a check item that is likely wrong (and would appreciate an
answer on this). I had
?
Thank you
- Andrew Long
Here are the queries for the user's auth request:
[sql] sql_set_user escaped user -- 'memwg150412'
rlm_sql (sql): Reserving sql socket id: 1
[sql] expand:
SELECT id, username, attribute, value, op FROM radcheck WHERE username
= '%{SQL-User-Name}' ORDER BY id -
SELECT id
Run the queries manually, and try to sort it out.
Alan DeKok.
Thank you. Just in case, I tested a build of 2.1.12 now avail through
the stock repos on a CentOS 5.8 VM. It's working correctly, so I'm
confident I can get there (an upgrade, to boot) without much too
difficulty.
- Andrew
-
On Thu, Apr 5, 2012 at 12:04 PM, Andrew Long furs...@gmail.com wrote:
In case you missed it, the debug from latest test is a couple messages
previous (our messages crossed). I have looked through it and with my
limited knowledge see nothing exceptional except that processing stops
I am trying to implement two of the Nomadix VSA's, Nomadix-BW-Up and
Nomadix-BW-Down. They are included in the dictionary.nomadix that
shipped with my installed version, 2.1.8 running on CentOS.
OK.
I am using a MySQL backend and have tried adding the attributes in
radgroupreply (for user
Platfrom: CentOS 5.8
FreeRADIUS: 2.1.8
Backend: MySQL
I am unable to get FreeRadius to reply with attributes assigned in the
radgroupreply table for some groups. When the same attributes are
assigned in radreply, the server sends them as expected. Adding a
Fall-Through entry for the user in
For reference, here is a debug from another account's auth request
which successfully processes radgroupreply and sends the pairs from
that table. The attributes are different here because the NAS is
different and I don't want to confuse it by assigning another vendor's
attributes. I did
Did you set read_groups = yes in sql.conf?
What about the comments just above that configuration?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It was commented out! Given the comments, though, do you have any idea
why it would still have
I should have said...
There is also the oddity that even though the line was commented
previously, groups were being processed as I would see in the reply
packets pairs that existed only in radgroupreply. JUST NOT THE ONES I WANT.
-
List info/subscribe/unsubscribe? See
OK, the test from an actual client behind the Nomadix fails even after
un-commenting read_groups = yes and restarting, still no group
attributes passed in reply.
This debug is rather lengthy as I thought you might want to see some
of the earlier loading (though I snipped some).
What should I
I think we crossed each other across the water...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
In case you missed it, the debug from latest test is a couple messages
previous (our messages crossed). I have looked through it and with my
limited knowledge see nothing exceptional except that processing stops
with radgroupcheck and never moves to radgroupreply. Have you any
ideas?
- Andrew
-
as I'm working under a deadline.
Thank you,
Andrew Long
EscapeWire Solutions
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I am trying to implement two of the Nomadix VSA's, Nomadix-BW-Up and
Nomadix-BW-Down. They are included in the dictionary.nomadix that
shipped with my installed version, 2.1.8 running on CentOS.
I am using a MySQL backend and have tried adding the attributes in
radgroupreply (for user group)
So, to try and re-phrase my question at this point: Why would
freeradius stop processing after radusergroup and radgroupcheck,
without ever doing the query on radgroupreply to see if there are
items there?
The user is a member of only one group, and this is the only
user/group relationship I see
Thank you for any help.
- Andrew Long
Here is the existing dictionary...
# FILE: /usr/share/freeradius/dictionary.nomadix
# -*- text -*-
#
# Version: $Id$
#
VENDOR Nomadix 3309
#
BEGIN-VENDORNomadix
ATTRIBUTE Nomadix-Bw-Up
So, the question is, will the following entry in /etc/raddb/dictionary
correctly add the new attributes? I have not entered the types yet,
waiting on the OEM for some clarification.
Developer at OEM reported perfectly safe to add the attributes to the
existing site-wide dictionary.nomadix file
understand the list is not support for Colubris, but I hope someone
with more experience can tell me how I might be misinterpreting the
instructions.
Thank you.
Andrew Long
FreeRADIUS Ver. 2.1.3
Backend: MySQL
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm back again trying to build the latest into rpm for our CentOS 5.x servers.
I have edited the spec file so
Name: freeradius
and repacked the tgz so it is freeradius-2.1.3.tar.gz
but I get
[al...@host SPECS]$ rpmbuild -ba --nobuild freeradius.spec
Processing files: freeradius-2.1.3-0
error:
Please ignore...
tried again a few minutes later and it works perfectly.
- Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
reply off-list if you like.
- Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
After a clean rpmbuild of 2.0.3, radiusd -X yielded some errors
processing files in /etc/raddb. I ran strace and found permission
denied on relevant files. The rpm installed files in this dir with
ownership root.root, so naturally radiusd cannot read them. Is it
preferable to allow read access to
Change this line:
%{_datadir}/%{name}
to:
%{_datadir}/freeradius
The spec file *should* then work with the
freeradius-server-2.0.3.tar.gz file, subject to the _incdir comments below.
On Cent, this means change _incdir to _includedir in freeradius.spec.
And now the rpmbuild does
CentOS 4.6 (final)
per instructions I received when rpmbuilding 2.0.1, I added %_incdir
/usr/include to my .rpmmacros file. I was unsure whether or not the
dir in the tgz still needed renaming to freeradius-2.0.3 so I left it
as is. Now, I get the following error returned after running rpmbuild
RPM build errors:
File not found:
/var/tmp/freeradius-server-root/usr/share/freeradius-server
[EMAIL PROTECTED] SPECS]$ ls /var/tmp/freeradius-server-root/usr/share/
doc freeradius man
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RPM build errors:
File not found:
/var/tmp/freeradius-server-root/usr/share/freeradius-server
[EMAIL PROTECTED] SPECS]$ ls /var/tmp/freeradius-server-root/usr/share/
doc freeradius man
freeradius is freeradius-server - so change the rpmbuild accordingly.
Can you
if this is, indeed, what gets extracted, then edit the .spec file accordingly
nano SPEC/freeradius.spec
-- change --
Name: freeradius-server TO
Name: freeradius
save changes
cd ../SOURCES
tar xzf freeradius-server-2.0.3.tar.gz
rm freeradius-server-2.0.3.tar.gz
mv freeradius-server-2.0.3
if this is, indeed, what gets extracted, then edit the .spec file
accordingly
nano SPEC/freeradius.spec
-- change --
Name: freeradius-server TO
Name: freeradius
save changes
cd ../SOURCES
tar xzf freeradius-server-2.0.3.tar.gz
rm freeradius-server-2.0.3.tar.gz
mv
A brief second test indicates I probably goofed my update query; I
just tried again on 1.1.7 and it worked. Good thing I'm not in charge
of financial records.
- Andrew
On Feb 1, 2008 2:22 AM, Ivan Kalik [EMAIL PROTECTED] wrote:
Any idea why making the same change ( to attribute
in number...
Ivan, thank you.
Also, kudos to all developers for making the debug output so much more precise!
- Andrew Long
EWS Solutions
2008/1/31 Ivan Kalik [EMAIL PROTECTED]:
OK, you replaced the operator. Why didn't you replace User-Password with
Cleartext-Password as debug so clearly
Any idea why making the same change ( to attribute 'Cleartext-Password
and op ':=')
on 1.1.7 would lead to failed authentications?
Same sql setup, chap.
as is, using attitribute 'password' or 'User-Password' (both work) and op '=='.
Andrew
On Jan 31, 2008 8:07 AM, Ivan Kalik [EMAIL PROTECTED]
I expected to see some traffic too soon, now it's coming...
but where are the accounting queries?
Andrew
On Jan 30, 2008 8:52 AM, Andrew Long [EMAIL PROTECTED] wrote:
I've just installed 2.0.1 on CentOS 5 with MySQL 5.x. I can get the
clients to authenticate and I see accounting requests come
expiration
logintime
noresetcounter
dailycounter
monthlycounter
daypasscounter
pap}
authenticate {
pap
chap
mschap}
Thanks muchly,
Andrew Long
EWS
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
id 160 -- access-accept id 160.
None of this is in users file; we pass the info from sql.
Andrew
EWS Solutions
===
On Jan 30, 2008 5:21 PM, Kevin Bonner [EMAIL PROTECTED] wrote:
On Wednesday 30 January 2008 15:31:51 Andrew Long wrote:
If I
anywhere in the provided sql.conf ??
Thank You.
Andrew Long
EWS Solutions
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
file. =)
Joe Vieira
UNIX Systems Administrator
Clark University - ITS
Andrew Long wrote:
Well, not so lucky after all. Looks like the build get 99% completed
and we get an error:
+ RADDB=/var/tmp/freeradius-root/etc/raddb
+ perl -i -pe 's/^#user =.*$/user = radiusd/'
/var/tmp
is also
freeradius-server) to freeradius-2.0.1... then zip it all back up and
run your spec again and it will work.
Joe Vieira
UNIX Systems Administrator
Clark University - ITS
Andrew Long wrote:
Hello:
I am trying to build the rpm for 2.0.1 on CentOS 5. The first oddity
Bingo!
Thank You.
- Andrew
On Jan 28, 2008 8:55 AM, Joe Vieira [EMAIL PROTECTED] wrote:
you'll need to either rename everything in the spec file to be
freeradius-server
or just open the tar.gz rename the directory INSIDE IT (which is also
freeradius-server) to freeradius-2.0.1... then zip
Hello:
I am trying to build the rpm for 2.0.1 on CentOS 5. The first oddity
is that the source now comes as freeradius-server-2.0.1.tar.gz;
starting the rpmbuild with $ rpmbuild -bb freeradius.spec yields an
error that SOURCES/freeradius-2.0.1.tar.gz does not exist. I tried
renaming
From users file:
# Test Entries
along Cleartext-Password := testing
Thanks for any help...
- Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Also, for the users file:
...
users: Matched entry DEFAULT at line 153
users: Matched entry along at line 218
Go look at those entries, and read man users. It should
be clear why the server is behaving as it is.
Also, the FAQ says how to put an entry in the users file
User-Password instead.
I am wondering if the last line is supposed to read, use
Cleartext-Password instead.
Regards,
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
Regards,
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 6/20/07, Tomas Hoger [EMAIL PROTECTED] wrote:
On 6/20/07, Andrew Long [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] SPECS]# rpmbuild -bb freeradius.spec
error: Failed build dependencies:
libtool-ltdl-devel is needed by freeradius-1.1.6-0.i386
On Cent 4.4 there is no libtool
Is it permissable to use a hostname in clients.conf, as for
a host using dyndns?
Regards,
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Dennis Skinner
Sent: Wednesday, June 20, 2007 3:37 PM
To: FreeRadius users mailing list
Subject: Re: 1.1.6 name resolution
Andrew Long wrote:
Is it permissable to use
ftp://ftp.freeradius.org/pub/radius/freeradius-1.1.5.tar.gz
I am getting an error that the dir or file does not exist...
Am I right that 2.0 is not available and/or not considered stable yet?
Regards,
Andrew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--- [EMAIL PROTECTED] wrote: ---
You tried building from CVS lately ;)
I was under the impression that a CVS build would not be recommended for
a production server. Am I wrong?
Andrew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-Original Message-
From:
[EMAIL PROTECTED]
.org
[mailto:[EMAIL PROTECTED]
eeradius.org] On Behalf Of Arran Cudbard-Bell
Sent: Friday, June 15, 2007 4:30 PM
To: FreeRadius users mailing list
Subject: Re: download latest version: link broken?
Andrew Long wrote:
--- [EMAIL
I use Nagios and NRPE to monitor my servers. With this you can check
any number of things, including the db connections, slow queries, radius,
cpu time, memory, any number of ports, etc... Provides
a web interface and full reporting, including notifications by email,
text message... It works
I am getting slow response time from the server for authentication requests
(chap/mschap) that eventually fail (users submitting wrong password). The
problem is that the NAS is sending about 3 requests before getting a response.
By the time the deny arrives, it is out of order and the NAS logs
NAS are Colubris cn3200; they are periodically logging events like the
following:
warning iprulesmgr Received unexpected RADIUS packet (id='56') from
RADIUS Server (ip-address='65.xxx.xxx.x',port='1812')
I have run a capture on the interface (server) and see that the packet with
I am sorry to have bothered everyone with the message; I had forgotten I was
subbed from this address when I left the office.
Regards,
Andrew Long
IT Manager
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I'm working on it... my email is not cooperating right now.
Regards,
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of the request items.
---END QUOTE
Regards,
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Now we're taking a step back because I tried changing the
username on
the NAS and in the SQL and can no longer authenticate with
:( NTRADPING.
Why use ntradping? Use radclient.
I will in the future, but I'm in mid-stream here...
And you're using CHAP... which is why it doesn't
Change the attribute name to Cleartext-Password, and the
operator
to :=.
I have about 20 other NAS's using this identical configuration and
they all authenticate...
They're not using CHAP.
Each and every one is using CHAP. Promise.
ANdrew
-
List
to radgroupreply, as there is nothing configured
there).
Regards,
Andrew Long
** CONFIDENTIALITY NOTICE **
NOTICE: This e-mail message and all attachments transmitted with it may contain
legally
privileged and confidential information intended solely for the use of the
addressee
I think I got it, I can now authenticate with ntradping, but I get an
attribute dump:
unknown vendor 8744, size xx='' repeated many times...
Is this because I am impersonating the NAS from a laptop? ie., should
clear up when the NAS is actually authenticating or does this point to
another
{
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
--
Regards,
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks to help from many folks here, tonight I got one property up and
running on our new server. THANK YOU!
Now, another question. When I start radius with radiusd or
/usr/local/sbin/radiusd, I get a brief message reading configuration
file...; then, doing ps aux | grep radiusd returns nothing
I have the server running and can now authenticate remotely and
records are correctly added to radacct. Part of our setup requires the
rlm_sqlcounter module. I inserted the $INCLUDE line and the output
tells me it is loading. However, I read in rlm_sqlcounter doc that you
must ./configure
It decouples the RADIUS server from your SQL server. Think of your
car. If the axle was welded to the frame, you would feel it as you
drove over every pebble. The shocks decouple the axle from the rest of
the car, so you can drive over potholes at speed, and only feel small bumps.
I hope you will keep this thread updated with your progress. We use
many proxim devices and I'd be interested to follow...
Andrew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
with the permissions and
user/group setup for Cent.
--Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
consider making themselves available via telephone or
chat for a tutelage, great; If $ is required, we can discuss that.
Please email off-list if you would consider.
--
Regards,
Andrew Long
Network Support Specialist
EscapeWire Solutions, LLC
617 Dingens Street
Buffalo, NY 14206
Office: (716) 893
,hawthorn_web
Finished request 0
--
Regards,
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
Invalid operator for item Suffix: reverting to '=='
How can I tell what operator/suffix
Long wrote:
How do you recommend I proceed when the A-V pair in question
(Service-Type:Administrative-user) no longer exists in 1.1.0?
The 1.1.0 dictionary only defines about 5 internal service types...
Did you look for it in ALL of the dictionaries? The 1.1.x version
re-arranged the
Can you clarify:
In 0.9.3 (/usr/local/raddb/dictionary):
VALUE Service-TypeAdministrative-User 6
In 1.1.0 (usr/local/share/freeradius/dictionary.rfc2865):
VALUE Service-TypeAdministrative-User 6
And this represents data from tables on BOTH servers:
mysql
Am I correct in thinking that an update to the tables (replacing
Administrative with Administrative-User) ought to fix this?
Yes.
Now I still get:
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
Invalid operator for item Suffix: reverting
authenticating to the old server, no errors result
and all A-V pairs are sent along...
Any hints?
Andrew
--
Regards,
Andrew Long
Network Support Specialist
EscapeWire Solutions, LLC
617 Dingens Street
Buffalo, NY 14206
Office: (716) 893-4984
Mobile: (716) 830-5169
Fax: (716) 891-4288
box?
--
Regards,
Andrew Long
Network Support Specialist
EscapeWire Solutions, LLC
617 Dingens Street
Buffalo, NY 14206
Office: (716) 893-4984
Mobile: (716) 830-5169
Fax: (716) 891-4288
Web: http://www.escapewire.com
E-mail: [EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http
with the running server - will it be just the
install paths, or is there more?
-Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for allowed ip addresses of clients.
Am I missing something? I see no mention of the nas table in the
rlm_sql docs. Thanks in advance for all help.
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
was not being sent by
freeradius. In my case, it was due to the users not being listed in
the usergroups table. The session-timeout was in radgroupreply...
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
...
DELETE FROM radius.usergroup WHERE GroupName = 'aroma'
THEN...
INSERT INTO radius.usergroup (UserName, CreationDate, GroupName)
VALUES ('username0001', (CURRENT_DATE), 'aroma');
repeated for all 500 usernames...
I think this should work, as all the usernames in use are stored in
Andrew Long [EMAIL PROTECTED] wrote:
I tried Session-Timeout but it doesn't seem to do the job.
So... is it being sent back to the NAS? If it is, then the NAS is
ignoring it. Go ask your NAS manufacturer for a refund, or for a
firmware upgrade that implements RADIUS.
Alan DeKok
Andrew Long [EMAIL PROTECTED] wrote:
I tried Session-Timeout but it doesn't seem to do the job.
So... is it being sent back to the NAS? If it is, then the NAS is
ignoring it. Go ask your NAS manufacturer for a refund, or for a
firmware upgrade that implements RADIUS.
Alan DeKok
On Thursday 09 November 2006 11:00, Andrew Long wrote:
Here is the output from radiusd -X regarding the answer to an
auth-request from one of the properties where I changed
session-timeout to 1800. It does not look to me like the
session-timeout attribute is being sent... any suggestions
On Thursday 09 November 2006 11:34, Andrew Long wrote:
also ran
SELECT
`usergroup`.`UserName`,
`usergroup`.`creationdate`,
`usergroup`.`GroupName`
from usergroup
where username = '4aroma70370';
and that also comes up null...
Does it make sense that radius is not recognizing
Andrew Long [EMAIL PROTECTED] wrote:
I need to boot users at one property after a specified time period.
We have adjusted the max-daily-session to 1800 (30 minutes),
but users still seem to be staying on. Can someone point me in the
right direction. The NAS is a Colubris cn3000.
Why use
-age. I am
pretty new to this, so any detail is most appreciated.
--
Regards,
Andrew Long
EscapeWire Solutions, LLC
617 Dingens Street
Buffalo, NY 14206
Office: (716) 893-4984
Mobile: (716) 830-5169
Fax: (716) 891-4288
Web: http://www.escapewire.com
E-mail: [EMAIL PROTECTED]
-
List info
Andrew Long [EMAIL PROTECTED] wrote:
I need to boot users at one property after a specified time period.
We have adjusted the max-daily-session to 1800 (30 minutes),
but users still seem to be staying on. Can someone point me in the
right direction. The NAS is a Colubris cn3000.
Why use
On Sun, 2006-10-22 at 10:56 -0400, Alan DeKok wrote:
Andrew Long [EMAIL PROTECTED] wrote:
Well, I'm on the way to building my first freeradius server and have one
remaining configure error. Can anyone tell me about this one, how to fix
it and will it break anything?
...
Below
Well, I'm on the way to building my first freeradius server and have one
remaining configure error. Can anyone tell me about this one, how to fix
it and will it break anything?
Test build is being done on Ubuntu 6.06 dapper.
Below is the config.log
--Andrew
configure:750: checking for gcc
I installed the binary for
SUSE 10.1 and dialupadmin. When I open index.html in the dialupadmin
htdocs dir, firefox wants to open/save the buttons.php. Am I missing
some required support for php?
--
Regards,
Andrew Long
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
, without re-compiling?
--
Regards,
Andrew Long
Network Support Specialist
EscapeWire Solutions, LLC
617 Dingens Street
Buffalo, NY 14206
Office: (716) 893-4984
Mobile: (716) 830-5169
Fax: (716) 891-4288
Web: http://www.escapewire.com
E-mail: [EMAIL PROTECTED]
Friday, September 29, 2006, 4:58:38 PM
As I have inherited the system and am very new to radius, I have no
idea which modules are currently installed. How can I determine?
In reading over the configure/install docs, I so far see nothing about
modules. Where can I get info on modules?
--
Regards,
Andrew Long
On Mon 02 Oct 2006 17
90 matches
Mail list logo