Hi Everybody,
I am getting this error while trying to run the freeradius, pls help me to get
this resolved.
The error is,
radiusd: Instantiating modules
instantiate {
/usr/local/etc/raddb/modules/exec[24]: Invalid version in module 'rlm_exec'
Errors initializing modules
Thanks
Yagnesh Dave wrote:
I am getting this error while trying to run the freeradius, pls help me
to get this resolved.
The error is,
radiusd: Instantiating modules
instantiate {
/usr/local/etc/raddb/modules/exec[24]: Invalid version in module 'rlm_exec'
Errors initializing modules
@lists.freeradius.o
rg] On Behalf Of Alan Buxey
Sent: Thursday, December 03, 2009 1:22 AM
To: FreeRadius users mailing list
Subject: Re: Error in Installing Freeradius
Hi,
I'm trying to install freeradius (Version 2.1.7.: tar.bz2), on
suse_sles-11-0-0.001 and following the procedure below, I ran
Alan,
I googled one error, I got about 300 RPMs. Please take a look at the
attachment of the error log, and kindly, let me know what libraries I should
use to what Linux. I'm using suse 11.0 novell enterprise server.
Rgrds,
Alex
-Original Message-
From: freeradius-users-bounces
Alex Bahoor alexbah...@sbcglobal.net writes:
I'm curios, I loaded a fully blown about 5 gig OS, why did it not come with
all that is needed?
Because all *everyone* is going to need is considerably more than that.
E.g., if you are going to download a complete Debian stable for amd64,
that's
Hi,
I'm trying to install freeradius (Version 2.1.7.: tar.bz2), on
suse_sles-11-0-0.001 and following the procedure below, I ran into the
following errors:
Sh: apxs2-prefork: command not found
Error: failed build dependencies:
Db-dvel is needed by freeradius-server-2.1.7-0.i586
And the list goes
Hi Everyone,
I was trying to set-up mysql for logging the accounting logs for the users. I
followed the instruction on http://www.frontios.com/freeradius.html and also on
http://wiki.freeradius.org/SQL_HOWTO. The I tried to run the FreeRadius server.
It did not start and was giving this error
On Mon, Nov 30, 2009 at 09:20:32AM -, Yagnesh Dave wrote:
including configuration file /usr/local/etc/raddb/sites-enabled/nohup.out
/usr/local/etc/raddb/sites-enabled/nohup.out[1]: Expecting section start
brace '{' after FreeRADIUS Version
Errors reading /usr/local/etc/raddb/radiusd.conf
this error as given below,
###
including configuration file /usr/local/etc/raddb/sites-enabled/default
including configuration file /usr/local/etc/raddb/sites-enabled/inner-tunnel
including configuration file /usr/local/etc/raddb/sites
Hi,
Thanks for the quick answer. I removed nohup.out and its not throwing that
error. But now it is throwing this error. It would be great if you can point
out the solution.
###
bash-3.00# tail nohup.out
simul_verify_query = SELECT radacctid
Hi,
Hi,
Thanks for the quick answer. I removed nohup.out and its not throwing that
error. But now it is throwing this error. It would be great if you can point
out the solution.
did you build FreeRADIUS from source yourself? if so, you built it without
mysql support - maybe because
that the readme say.
Well I tried to runt the bootstrap command and got an error saying that it has
problems making the Cert Request.
Here down below is the output from the bootstrap command.
How do I fix this, have I done something that I shouldnt have done?
Best regards/ Peter Carlstedt
r
Hi, folks.
I'm trying to authenticate in a freeradius server, installed on a Debian
5.0 lenny x86_64. The freeradius version is 2.0.4
That is the message logged in my radius.log :
Fri Nov 27 11:52:13 2009 : Error: rlm_radutmp: Logout for NAS cisco6500
port 0, but no Login record
And my
That is the message logged in my radius.log :
Fri Nov 27 11:52:13 2009 : Error: rlm_radutmp: Logout for NAS cisco6500
port 0, but no Login record
Accounting start packet got lost. Or your NAS is sending same port number
for all users.
Ivan Kalik
-
List info/subscribe/unsubscribe? See http
Paulo
http://www.pop-sp.rnp.br
f...@rnp 1015-8902
t...@kalik.net escreveu:
That is the message logged in my radius.log :
Fri Nov 27 11:52:13 2009 : Error: rlm_radutmp: Logout for NAS cisco6500
port 0, but no Login record
Accounting start packet got lost. Or your NAS is sending same port
But actually I'm worried if anything else is wrong in my configuration.
So, I just figure out where is. Maybe in my aaa model at Cisco router.
Since you got to accounting - authentication must be working. What is
there to worry about?
Ivan Kalik
-
List info/subscribe/unsubscribe? See
Ivan, the thing is:
At the freeradius side I have:
clients.conf file
client 10.0.0.1 {
secret = teste123
shortname = cisco6500
nastype = cisco
}
users file
user Cleartext-Password := teste123
Service-Type = NAS-Prompt-User
And my questions are: How can I be sure where freeradius is
authenticating in? /passwd or users file ?
Debug will tell you. Why have them both enabled if you want just one?
Ivan Kalik
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ivan, could you post an excerpt from debug where he is telling me that?
--
Wagner Pereira
PoP-SP/RNP - Ponto de Presença da RNP em São Paulo
CCE/USP - Centro de Computação Eletrônica da Universidade de São Paulo
http://www.pop-sp.rnp.br
f...@rnp 1015-8902
t...@kalik.net escreveu:
And my
Ivan, could you post an excerpt from debug where he is telling me that?
No. It's your machine, not mine. You post the debug and we will tell you
which password store is used.
Ivan Kalik
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ivan, could you post an excerpt from debug where he is telling me that?
No. It's your machine, not mine. You post the debug and we will tell you
which password store is used.
Ivan Kalik
You bet! Here it is.
server1:~# freeradius -X
FreeRADIUS Version 2.0.4, for host
Ivan, could you post an excerpt from debug where he is telling me that?
rad_recv: Access-Request packet from host 10.0.0.1 port 21645, id=210,
length=81
NAS-IP-Address = 10.0.0.1
NAS-Port = 1
NAS-Port-Type = Virtual
User-Name = recover
All,
We are running Freeradius 2.1.7, some of our clients aren't properly
configured, and we sometimes see errors like this in /var/log/radius.log:
Mon Nov 2 16:23:04 2009 : Error: TLS Alert read:fatal:unknown CA
Mon Nov 2 16:23:04 2009 : Error: TLS_accept:failed in SSLv3 read
client
Subject: RE: Ldap search and AD operations error
Leighton,
Try using ldapsearch in verbose mode (and debug mode) to get
more info from AD.
ldapsearch -v -h AD Server -D cn=account to bind dc=ad,
dc=hud, dc=ac, dc=uk -w password -x -b dc=ad, dc=hud,
dc=ac, dc=uk
(sAMAccountName
i get this message
Info: rlm_sql (sql): received Acct On/Off packet
--
Att.
Alisson F. Gonçalves
Sistemas de Informação - UFGD
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi,
i get this message
Info: rlm_sql (sql): received Acct On/Off packet
??? your FR server received an accounting packet and
your system is configured to use sql in the accounting
section - whats the error?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
thanks for the information,
i tougth that was a error beacause I never got this message
thank you
2009/10/13 Alan Buxey a.l.m.bu...@lboro.ac.uk
Hi,
i get this message
Info: rlm_sql (sql): received Acct On/Off packet
??? your FR server received an accounting packet and
your system
Hi,
Our radius-server timeout is high enough: 4 minutes. Once again: I
suppose that what freeradius thinks of as Received conflicting packet
... are rather a bit delayed packets normally treated as Discarding
conflicting packet ..., i.e. they arrive at freeradius in maybe 1.01+
Alan Buxey wrote:
Hi,
Our radius-server timeout is high enough: 4 minutes. Once again: I
suppose that what freeradius thinks of as Received conflicting packet
... are rather a bit delayed packets normally treated as Discarding
conflicting packet ..., i.e. they arrive at freeradius in
Our radius-server timeout is high enough: 4 minutes. Once again: I
suppose that what freeradius thinks of as Received conflicting packet
... are rather a bit delayed packets normally treated as Discarding
conflicting packet ..., i.e. they arrive at freeradius in maybe 1.01+
second after the
Ivan Kalik wrote:
Our radius-server timeout is high enough: 4 minutes. Once again: I
suppose that what freeradius thinks of as Received conflicting packet
... are rather a bit delayed packets normally treated as Discarding
conflicting packet ..., i.e. they arrive at freeradius in maybe 1.01+
rihad wrote:
Trying for the third time:
Do you have any intention of reading the messages here?
there are many, many requests of the
Discarding conflicting packet kind, which for one reason or another
are dupped by our Cisco NASes in under one second (see the code). And
there are many,
Alan DeKok wrote:
rihad wrote:
Trying for the third time:
Do you have any intention of reading the messages here?
there are many, many requests of the
Discarding conflicting packet kind, which for one reason or another
are dupped by our Cisco NASes in under one second (see the code). And
rihad wrote:
Oh yeah? Isn't Cisco 7260 good enough for you?
Q: Hi, I have a RADIUS server that is slower than a 386, and a NAS that
violates the RADIUS protocol. What should I do?
A: Fix the server and the NAS.
Q: You bastards! How dare you tell me my equipment is broken!
While this
Alan DeKok wrote:
rihad wrote:
Oh yeah? Isn't Cisco 7260 good enough for you?
Q: Hi, I have a RADIUS server that is slower than a 386, and a NAS that
violates the RADIUS protocol. What should I do?
A: Fix the server and the NAS.
Q: You bastards! How dare you tell me my equipment is
rihad wrote:
Being 100% correct protocol-wise means nothing, if the software can't
fit well into an environment.
So you agree that the NAS is broken.
Just a recent example off the top of my
head: dnscache. Its security and DNS protocol support are astonishing.
But due to it being unable
Being 100% correct protocol-wise means nothing, if the software can't
fit well into an environment.
Exactly. The only problem being your inability to comprehend that
freeradius is not faulty but it is your perl script that can't cope. If
you are unwilling to alter it in order to speed things up
Ivan Kalik wrote:
Being 100% correct protocol-wise means nothing, if the software can't
fit well into an environment.
Exactly. The only problem being your inability to comprehend that
freeradius is not faulty but it is your perl script that can't cope.
Why do you not understand that even if I
rihad wrote:
Ivan Kalik wrote:
Exactly. The only problem being your inability to comprehend that
freeradius is not faulty but it is your perl script that can't cope.
Why do you not understand that even if I put sleep 1 right before
finishing a request in my auth/acct Perl scripts, meaning
Hi,
finishing a request in my auth/acct Perl scripts, meaning each request
would take at least 1 second to process, freeradius shouldn't care! It
okay...you have a daemon listening on port 1812 ... how many threads
or radiusd processes are you running - because , for example, if you have
Rihad,
Take your NAS, and throw it in the garbage. Buy a real NAS that
implements RADIUS.
Oh yeah? Isn't Cisco 7260 good enough for you?
Hmmm ... A few months ago I was working on a project with a Cisco 72XX
terminating PPoE connections from DSL modems. I was using custom SQL code
Hi, all,
Sometimes when there are too many requests from a NAS, like right after
rebooting it and thus breaking current sessions, etc., freeradius 2.1.3
under FreeBSD begins loggin many many lines like this after the NAS
re-sends unanswered packets:
Error: Received conflicting packet from
rihad wrote:
Sometimes when there are too many requests from a NAS, like right after
rebooting it and thus breaking current sessions, etc., freeradius 2.1.3
under FreeBSD begins loggin many many lines like this after the NAS
re-sends unanswered packets:
Error: Received conflicting packet
FreeRADIUS to spend more time processing useless requests
will only make the problem worse.
Please look at the line marked with ^^^ - it's where the error is logged
and the current request is aborted, unless it was caught earlier by
Discarding conflicting packet, in which case the _new_ duplicate
rihad wrote:
Absurd. The Dell PowerEdge 2950 w/ 2 quad-cores cannot itself without
human intervention survive the NAS attack exactly due to having to
give up on hundreds of requests per second
Your dual quad-core box can't handle hundreds of packets a second?
Wow... your Perl script is
in such a situation would be - well -
stupid and a waste of time. NAS will just ignore that reply - it gave up
on that request already.
Fixing FreeRADIUS to spend more time processing useless requests
will only make the problem worse.
Please look at the line marked with ^^^ - it's where the error is
logged
Ivan Kalik wrote:
That is, not many (if any) of our Receved ... lines are due to what
could be considered a NAS timeout, and they should be treated like
Discarding ..., that is, the new request should be dropped.
No, NAS qouldn't wait on your script to finish so it gave up and has tried
again
in dc=ad, dc=hud, dc=ac, dc=uk, with filter
(sAMAccountName=mytestusername)
rlm_ldap: ldap_search() failed: Operations error
rlm_ldap::ldap_groupcmp: search failed
That's bad.
Has anyone got latest information on what causes this or how to fix it. I
have a workaround but it's not ideal.
I
=networkradius@lists.freeradius.org
[mailto:freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf
Of Leighton Man
Sent: Tuesday, October 06, 2009 8:50 AM
To: 'FreeRadius users mailing list'
Subject: Ldap search and AD operations error
Hi All
on Solaris doing lookups against Active Directory.
I get, in the debug:
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=ad, dc=hud, dc=ac, dc=uk, with filter
(sAMAccountName=mytestusername)
rlm_ldap: ldap_search() failed: Operations error
rlm_ldap::ldap_groupcmp: search failed
Has
Hello Alan,
On Mon, Sep 28, 2009 at 11:24 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
are you doing authentication and accounting via MySQL? did you perform
a benchmark of the RADIUS server + MySQL (eg with dumb temp accounts)
to check what the loading could be? in my experience,
Hello Alan,
On Tue, Sep 29, 2009 at 12:35 AM, Alan DeKok al...@deployingradius.com wrote:
What does that mean? You kick all of the users off, and then allow
them back on?
Just bypass the router and the RADIUS servers to go straight to the Internet.
Well... if the MySQL server can't
Hello Ivan,
On Tue, Sep 29, 2009 at 3:14 AM, Ivan Kalik t...@kalik.net wrote:
Try using buffered-sql virtual server to separate accounting from
authentication. At busy time accounting will lag behind but it will catch
up when rush passes.
Noted. I will check this out then.
Thank you.
Hello all,
I am continuously getting this error message on my
/var/log/radius/radius.log file:
Mon Sep 28 18:26:55 2009 : Error: WARNING: Unresponsive child (id
1094719808) for request 24026 (in component accounting module
rlm_exec)
In effect, I got a timeout on account start and stop which
Hi,
Hello all,
I am continuously getting this error message on my
/var/log/radius/radius.log file:
Mon Sep 28 18:26:55 2009 : Error: WARNING: Unresponsive child (id
1094719808) for request 24026 (in component accounting module
rlm_exec)
In effect, I got a timeout on account start
I am continuously getting this error message on my
/var/log/radius/radius.log file:
Mon Sep 28 18:26:55 2009 : Error: WARNING: Unresponsive child (id
1094719808) for request 24026 (in component accounting module
rlm_exec)
Your perl script isn't working.
Ivan Kalik
Kalik Informatika ISP
Hello Alan and all,
On Mon, Sep 28, 2009 at 6:43 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
this sort of message means that the child process is taking
ages to do what is asked of it. in this case, its accounting and
the accounting config is trying to run some external executable which
Hi,
Previously, this has been working smoothly. Then we changed some
configurations on the following devices which currently we are now
too many changes made at the same time.
- Retry Count from 3 to 10
- Timeout from 3 to 10
so the router now hits the RADIUS 10 times insteda of 3
but has
Hello Alan and all,
On Mon, Sep 28, 2009 at 10:30 PM, Alan Buxey a.l.m.bu...@lboro.ac.uk wrote:
so the router now hits the RADIUS 10 times insteda of 3
but has more casuallnes in timeout
Basically:
Retry Count is the maximum number of times that the router retransmits
a RADIUS packet to the
Hi,
Retry Count is the maximum number of times that the router retransmits
a RADIUS packet to the RADIUS server. In this case, this has been
increased from 3 times to 10 times.
Timeout is the interval (in seconds) before the router retransmits a
RADIUS packet to the RADIUS server. In this
muffin sk wrote:
Basically, the number of subscribers increased. If we do a maintenance
window where we swing back and forth the traffic to the router,
What does that mean? You kick all of the users off, and then allow
them back on?
all
the subscribers will hit the router which eventually
Basically, the number of subscribers increased. If we do a maintenance
window where we swing back and forth the traffic to the router, all
the subscribers will hit the router which eventually push all the
RADIUS Requests to the RADIUS server in one shot and on which the
MySQL backend is
Hi,
I decided to install free radius 2.1.6-2 to test it and then to upgrade
my existing versions in my servers. I configured my free radius to use ldap.
When I tried to authenticate from the new radius it gave me the following
message from radius -X.
Replacing User-Password in config items
I decided to install free radius 2.1.6-2 to test it and then to upgrade
my existing versions in my servers. I configured my free radius to use
ldap.
When I tried to authenticate from the new radius it gave me the following
message from radius -X.
Replacing User-Password in config items
Thanks Ivan for your reply. Here is the ldap configuration section:
ldap {
server = x.x.x.x
identity = cn=username
password = password
basedn = ou=email,o=data,c=eg
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
password_header = {CRYPT}
ldap_connections_number = 100
timeout = 15
timelimit =
wessam seleem wrote:
...
[pap] login attempt with password 123456
[pap] Using clear text password ^%$%$%JGjgjg(%%^njahjahs
Your shared secret is wrong. Fix it.
See the FAQ for more details.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
what I can see that Radius couldn't encrypt clear text password. For example
when I send the password in clear text like 123456 it rejects me but when
I send it encrypted like ^%$%$%JGjgjg(%%^njahjahs I was able to login
without any problems. Note that I changed my real password and its
encryption
what I can see that Radius couldn't encrypt clear text password. For
example
when I send the password in clear text like 123456 it rejects me but
when
I send it encrypted like ^%$%$%JGjgjg(%%^njahjahs I was able to login
without any problems. Note that I changed my real password and its
09/24/2009 04:12 PM, wessam seleem::
Note that I changed my real password
and its encryption to secure my data.
By the way, As far as I know (And I might know nothing),
encryption _is_ because guessing the password from it's encrypted
hash is _not_ possible.
--
Architecte Informatique
I have implemented Free Radius Server
SUSE 9.3 Prof and using mysql database with Perle JETSTREAM 4000 RAS
device. My problem is that when I try to connect a user through modem
in windows XP client machine its occure a error 691 but radius log
authenticate
Dear freeradius-users,
I have implemented Free Radius Server
SUSE 9.3 Prof and using mysql database with Perle JETSTREAM 4000 RAS
device. My problem is that when I try to connect a user through modem
in windows XP client machine its occure a error 691 but radius
Hello,
I've been using FreeRadius for quite some time now, but after a recent
update (to 2.0.4, debian lenny variant) all users in a certain group
have stopped authenticating properly, with the above error -- even
though as far as I can tell the password transmitted (and logged) is
identical
I've been using FreeRadius for quite some time now, but after a recent
update (to 2.0.4, debian lenny variant) all users in a certain group
have stopped authenticating properly, with the above error -- even
though as far as I can tell the password transmitted (and logged) is
identical
On Fri, 2009-08-28 at 11:26 +0100, Ivan Kalik wrote:
Remove forcing of Auth-Type Local. Let the server set the auth type.
That resulted in a different error message:
++[sql] returns ok
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type PAP
+- entering group PAP
On Fri, 2009-08-28 at 11:51 +0100, Ivan Kalik wrote:
On Fri, 2009-08-28 at 11:26 +0100, Ivan Kalik wrote:
1. You are using 1.x queries in a 2.x server. Fix that.
2. That user was found as system user as well and unix module is enabled.
You likely have different password in /etc/passwd. Make
list
Subject: Re: LDAP MSCHAP error
Larry Ross wrote:
Hmm interesting, how were you able to divine that that is how we are storing
the has values...
C programming 101.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe
Larry Ross wrote:
LOL, K. Just found it interesting that with so little data you were able to
devine our schema. The problem here is our LDAP tree will not or cannot
change (political reasons... Long story sucks for me, but as they say wish in
one hand and poop in the other, get back to
To: FreeRadius users mailing list
Subject: Re: LDAP MSCHAP error
Larry Ross wrote:
LOL, K. Just found it interesting that with so little data you were able to
devine our schema. The problem here is our LDAP tree will not or cannot
change (political reasons... Long story sucks for me, but as they say
, 2009 11:03 AM
To: FreeRadius users mailing list
Subject: Re: LDAP MSCHAP error
Larry Ross wrote:
LOL, K. Just found it interesting that with so little data you were able to
devine our schema. The problem here is our LDAP tree will not or cannot
change (political reasons... Long story sucks
Also any ideas as to how I may insert the variable from perl would be
nice.
Read rlm_perl documentation.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Larry Ross wrote:
Hmm interesting, how were you able to divine that that is how we are storing
the has values...
C programming 101.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I don't want to receive any email form freeradius-users@lists.freeradius.org .
plss
--- On Fri, 8/21/09, Alan DeKok al...@deployingradius.com wrote:
From: Alan DeKok al...@deployingradius.com
Subject: Re: LDAP MSCHAP error
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Larry Ross wrote:
It appears though that there may be a bug in the string copy function of
the rlm_ldap function (or whatever is responsible for copying the
attributes from LDAP to Server core for MSCHAP challenge compare) We
noticed the truncation upon 00 and 3d in the NT-Password hash (so
Sent: Thursday, August 20, 2009 11:59 PM
To: FreeRadius users mailing list
Subject: Re: LDAP MSCHAP error
Larry Ross wrote:
It appears though that there may be a bug in the string copy function of
the rlm_ldap function (or whatever is responsible for copying the
attributes from LDAP to Server core
I am experiencing the following oddness I am hoping someone can shed some light
on...
We are using FR 2.X and LDAP for MSCHAPv2 authentication. We are storing the
NT-Password Hash within LDAP, utilizing ldap.attrmap to map our LDAP variable
to NT-Password
So when an MSCHAPv2 based Auth comes
(not just the one I'm worrying about).
I've checked the FAQ and wiki, and haven't had any luck. I've googled
for the error, and the hits I get related to source code files, which
don't help. I've also looked in the freeradius docs that come with the
binaries/source, etc.
Is it not possible
Adam Bultman wrote:
I have an existing proxy realm like this:
realm proxydomain.com {
type= radius
authhost= x.x.x.x:1812
accthost= x.x.x.x:1813
In version 2, you should use the home_server directive. See
raddb/proxy.conf. This *is*
review, retransmission, dissemination, copy or other use of, or taking of
any action in reliance upon this information by persons or entities other than
the intended recipient is prohibited. If you received this message in error,
please notify the sender immediately by e-mail, facsimile
Danie J. Steenkamp wrote:
Alan DeKok wrote:
It's not processing the accounting section for some reason. Are you
sure it's loading the right file?
Sorry, I though I installed 2.1.6. It is 2.1.1.
I am not sure if the right files loads, to me it looks like it. I have
copied what radiusd -X
Michael Bryant wrote:
unlang? set a variable to the value of MS-CHAP-Error and then set the
Reply-Message
to be some text with that variable in it.
Unfortunately, this sends it back in the next packet, which is an
Access-Challenge, not in the final Access-Reject.
Sending Reply-Message
On 14/08/2009 07:51, Alan DeKok wrote:
Michael Bryant wrote:
unlang? set a variable to the value of MS-CHAP-Error and then set the
Reply-Message
to be some text with that variable in it.
Unfortunately, this sends it back in the next packet, which is an
Access-Challenge, not in the final
Depends on the NAS. But yeah, doing this breaks things. The best thing you
can do is log the error in the post-auth section.
In V1 of FR, the rlm_mschap module used to create a Module-Failure-Message
request attribute containing the output of ntlm_auth, if ntlm_auth failed
(rlm_ldap does
Hi,
I am facing problem while making freeradius-server-2.1.6 on RHEL5.3, however
I am able to successfully build and install the freeradius-server-2.1.6 on
RHEL4.0.
Following are the error logs I am getting while building freeradius server
on RHEL5.3.
[r...@vmware freeradius-server
is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = \nE=691 R=1
EAP-Message = 0x040a0004
Message-Authenticator
Hi, I have loaded Freeradius 2.1.6 on a Centos 5.3 server with Mysql.
The server is responding perfectly to any Authentication.
From a Windows XP it connects, verifies the username, password
Calling-Station-ID. It then immediately disconnects with Error 734: The
PPP link control protocol
Authentication.
From a Windows XP it connects, verifies the username, password
Calling-Station-ID. It then immediately disconnects with Error 734: The
PPP link control protocol was terminated. In the log on the Radius
server it shows that the connection was OK:
Thu Aug 13 09:40:39 2009 : Auth: Login OK
Hi, that is the problem, there is no error message in the radius.log file.
I have run the server mostly in debug mode to try and capture the error without
success.
I have now replicated the error with the server running in normal mode and
below is the output to the log file:
Thu Aug 13 19:16:08
Danie J. Steenkamp wrote:
Hi, I have loaded Freeradius 2.1.6 on a Centos 5.3 server with Mysql.
The server is responding perfectly to any Authentication.
From a Windows XP it connects, verifies the username, password
Calling-Station-ID. It then immediately disconnects with Error 734: The
PPP
-Response is incorrect
++[mschap] returns reject
[eap] Freeing handler
++[eap] returns reject
Failed to authenticate the user.
} # server inner-tunnel
[peap] Got tunneled reply code 3
MS-CHAP-Error = \nE=691 R=1
EAP-Message = 0x040a0004
Message-Authenticator
unlang? set a variable to the value of MS-CHAP-Error and then set the
Reply-Message
to be some text with that variable in it.
Unfortunately, this sends it back in the next packet, which is an
Access-Challenge, not in the final Access-Reject.
Also, for some strange reason, the post-auth
901 - 1000 of 2734 matches
Mail list logo