On Thu, Apr 18, 2013 at 11:35 PM, Matthew Newton wrote:
> On Thu, Apr 18, 2013 at 05:52:16PM +1200, Peter Lambrechtsen wrote:
>> When I setup the post-auth policy to send a update disconnect it works fine
>> if the response is an access accept. But if I update the control to acces
On Thu, Apr 18, 2013 at 05:52:16PM +1200, Peter Lambrechtsen wrote:
> When I setup the post-auth policy to send a update disconnect it works fine
> if the response is an access accept. But if I update the control to access
> reject the disconnect module gives me a noop.
As a guess:
The
I think I may be doing something wrong but perhaps it is working as
designed.
When I setup the post-auth policy to send a update disconnect it works fine
if the response is an access accept. But if I update the control to access
reject the disconnect module gives me a noop.
Is this supposed to
thanks
On Mon, Mar 25, 2013 at 4:40 PM, Phil Mayers wrote:
> On 25/03/13 11:16, Mehdi Ravanbakhsh wrote:
>
>> You means that if modules such as SQL module in session section return
>> reject i can not change that to accept and then update some control
>> attribute ?
>>
>
> I don't think so.
>
On 25/03/13 11:16, Mehdi Ravanbakhsh wrote:
You means that if modules such as SQL module in session section return
reject i can not change that to accept and then update some control
attribute ?
I don't think so.
and
can i change sql module ?( i know SQL.conf but in that file i just
can c
PM, Phil Mayers wrote:
> On 03/25/2013 09:14 AM, Mehdi Ravanbakhsh wrote:
>
>> Dear ALL
>>
>> How change Access-Reject output of module with unlang in sites-enable
>> to Access-Accept and do some update control ?
>>
>
> I don't think you can. And as Al
On 03/25/2013 09:14 AM, Mehdi Ravanbakhsh wrote:
Dear ALL
How change Access-Reject output of module with unlang in sites-enable
to Access-Accept and do some update control ?
I don't think you can. And as AlanB says, it probably won't work anyway
- you can't "force&
Hi,
>How change Access-Reject output of module with unlang in sites-enable to
>Access-Accept and do some update control ?
what method? you cant just 'Access-Accept' an EAP method that relies on the
agreement
between client and authentication server for the cipher keys
Dear ALL
How change Access-Reject output of module with unlang in sites-enable to
Access-Accept and do some update control ?
I can not find what is the replay attribute of reject or accept to check
in "If condition" and change them in "update replay".
and Do we have any
On Tue, Feb 5, 2013 at 9:44 PM, Lakshmi Narayana Baliah
wrote:
>
>Hi all,
>
> I want to configure the free radius to return access-reject based on the
> value in stored procedure in oracle database( i have configured oracle
> database to free radius)
>
>
>
On 05/02/13 10:44, Lakshmi Narayana Baliah wrote:
Hi all,
I want to configure the free radius to return access-reject based on the
value in stored procedure in oracle database( i have configured oracle database
to free radius)
How do i do that ??? please help
There are
Hi all,
I want to configure the free radius to return access-reject based on the
value in stored procedure in oracle database( i have configured oracle database
to free radius)
How do i do that ??? please help
Lakshmi narayana | Prod Engineering | Tech Mahindra
#9/7 Hosur Road
Hi again.
Has anyone found a solution to this (always sending Access-Reject to
users not matching any group)?
Thanks!
Pe 15.01.2013 13:37, Bogdan Enache a scris:
> Hi list,
> I have managed to solve the last problem by replacing "Group" with
> "SQL-Group",
Hi list,
I have managed to solve the last problem by replacing "Group" with
"SQL-Group", like so:
DEFAULT SQL-Group == "disabled", Auth-Type := Reject
Reply-Message := "Your account is disabled.",
Fall-Through := No
Now users which are i
:
http://wiki.freeradius.org/guide/faq#How-do-I-deny-access-to-a-specific-user,-or-group-of-users?
What is wrong here?
Note: If I eliminate the Group check requirement the "files" module
matches (and sends Access-Reject), so the file is processed. But clearly
the Group check i
Hi,
Pe 14.01.2013 15:17, a.l.m.bu...@lboro.ac.uk a scris:
Hi,
As you can see, it matches the rule in "users" first, and then the
group named "login" in MySQL. There is no other match.
because thats the order that you have them run in how can the users
file know anything about the groups i
Hi,
> As you can see, it matches the rule in "users" first, and then the
> group named "login" in MySQL. There is no other match.
because thats the order that you have them run in how can the users
file know anything about the groups if you are doing the groups AFTER
the users file? change t
Hello again,
Hi,
Hi,
Is there a way to configure FreeRadius 2.1.10 to send Access-Reject
on users which don't match any of the defined groups?
I tried with:
DEFAULT Group-Name !* "", Auth-Type := Reject
Reply-Message = "Account rejected.&quo
Hi,
> Hi,
> Is there a way to configure FreeRadius 2.1.10 to send Access-Reject
> on users which don't match any of the defined groups?
>
> I tried with:
> DEFAULT Group-Name !* "", Auth-Type := Reject
> Reply-Message = "Account r
Hi,
Is there a way to configure FreeRadius 2.1.10 to send Access-Reject on
users which don't match any of the defined groups?
I tried with:
DEFAULT Group-Name !* "", Auth-Type := Reject
Reply-Message = "Account rejected.",
Fall-T
2012/06/04 15:52:41:686525 :rlm_eap_tls: <<< TLS 1.0
Alert [length 0002], fatal unknown_ca
This means WiMAX supplicant sends TLS Alert message. This is because
supplicant do not trust CA that have issued AAA server certificate.
CA certificate of the CA that have issued AAA server certific
Hi...
just check the mail with subject: *"generating ssl certs in debian squeeze"*
, it may help
Thank You
On 20 October 2012 18:42, Alan DeKok wrote:
> Rathod Subhashchandra wrote:
> > This issue is coming consistently for multiple clients during Network
> Entry.
>
> So read the debug log.
Rathod Subhashchandra wrote:
> This issue is coming consistently for multiple clients during Network Entry.
So read the debug log. It isn't hard.
> 2012/06/04 15:52:41:686559 : TLS_accept:failed in
> SSLv3 read client certificate A
> 2012/06/04 15:52:41:686579 : rlm_eap: SSL error
> err
/04 15:52:41:686650 : ++[eap] returns reject
2012/06/04 15:52:41:686663 : auth: Failed to validate the user.
2012/06/04 15:52:41:686688 : [TX] Access-Reject
To resolve this issue, your timely help will be appreciated.
Thanks !
Rathod.
Notice: The information contained in this e-mail message and/or
Ana Gallardo Gómez wrote:
> I would like to return diferent values of a personal atribute
> (Codigo-Reject) in a Access-Reject. I would like to do this in PEAPv0,
> EAP-TTLS-PAP and EAP-TTLS-MsCHAPv2
>
> With my configuration I can return Codigo-Reject in EAP-TTLS-PAP and
> EAP
Arvind Gupta wrote:
> I am not getting any idea that why I am getting access reject
> (PW_ACCESS_REJECT) error.
Then you're not looking at the debug output.
Run the server in debugging mode, as suggested in the "man" page, FAQ,
web page, README, and daily on this list.
in free-radius client
framework, but getting access reject error. I verified that what user I am
using to authenticate is available in groups which is configured there.
I am not getting any idea that why I am getting access reject
(PW_ACCESS_REJECT) error.
any help in this issue will be very helpful
> server is not responding, it shows a "Radius timeout" message, here is
> > the output of the radius debug:
>
> The timeouts on the NAS are set WAY too low.
>
> > Delaying reject of request 4 for 1 seconds
> > Going to the next request
or 1 seconds
> > Going to the next request
> > Waking up in 0.9 seconds.
> > rad_recv: Access-Request packet from host 192.168.2.100 port 35710,
> > id=86, length=145
> > Waiting to send Access-Reject to client teste port 35710 - ID: 86
>
> i.e. the NAS didn't
put of the radius debug:
The timeouts on the NAS are set WAY too low.
> Delaying reject of request 4 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> rad_recv: Access-Request packet from host 192.168.2.100 port 35710,
> id=86, length=145
> Waiting to send
ting group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> modesto
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 4 for 1 seconds
Harish Mandowara wrote:
> i am connecting network-manager to freeradius server. It showing access
> reject. I am using server.crt which is provided by freeradius it self.
> Please check and reply.
> error paste below
Read it. The CA cert isn't known.
Follow the 4 steps on
Hi all,
i am connecting network-manager to freeradius server. It showing access
reject. I am using server.crt which is provided by freeradius it self.
Please check and reply.
error paste below
rad_recv: Access-Request packet from host 192.168.21.2 port 32768, id=0,
length=153
Cleaning up request
Hi,
> Sending Access-Request of id 13 to 127.0.0.1 port 1812
> User-Name = "usertest"
> NAS-IP-Address = 10.1.1.28
> NAS-Port = 0
> MS-CHAP-Challenge = 0x7effa6d1eaf313a9
> MS-CHAP-Response =
once again, you are looking at trivial client output. look at th
On Mon, 28 Nov 2011 09:59:16 +0700, Fajar A. Nugraha wrote
> Did you know you can use LDAP as backend for FR, thus allowing your
> users to use the same user/password combination whether they're using
> FR or LDAP directly? :D
yes, I'm fully aware of that :)
but the data in OpenLDAP is based on t
812, id=13,
Weird.
I just tested similar thing on my setup (FR-2.1.12), and got
Access-Reject for both pap and mschap :)
> then I change my radcheck table :
> mysql> select * from radcheck;
> ++--++--
thanks Fajar
I've tried :
# radtest -t mschap usertest passtest localhost:1812 0 testing123
Sending Access-Request of id 13 to 127.0.0.1 port 1812
User-Name = "usertest"
NAS-IP-Address = 10.1.1.28
NAS-Port = 0
MS-CHAP-Challenge = 0x7effa6d1eaf313a9
MS-CHAP-R
On Mon, Nov 28, 2011 at 8:29 AM, Bogi Aditya wrote:
> thanks Alan
>
> I found the problem was in the "attribute" field
> where I put "Cleartext-Password" based on the wiki :
> http://wiki.freeradius.org/SQL-HOWTO
The example should be correct. From
http://wiki.freeradius.org/SQL-HOWTO#Populating+
-Name = "usertest"
> > User-Password = "passtest"
> > NAS-IP-Address = 10.1.1.28
> > NAS-Port = 0
> > rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=180,
> > length=20
>
> dont really care about this -
gt; NAS-IP-Address = 10.1.1.28
> NAS-Port = 0
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=180,
> length=20
dont really care about this - the 'radiusd -X' output is what is needed
for this list.
> ++--+++---
Access-Request of id 180 to 127.0.0.1 port 1812
User-Name = "usertest"
User-Password = "passtest"
NAS-IP-Address = 10.1.1.28
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=180,
length=20
these are my table's ent
he timeout actually is), the post-auth section stops and
> returns a Reject packet. Since it stops before attr_filter, it's
> returning a non-RFC-compliant REJECT..
Hmm... you mean an Access-Reject with a bunch of attributes?
> For the short-term, I wrapped the sql calls in post-auth and
7;s
returning a non-RFC-compliant REJECT... i.e. an otherwise valid and
correct Access-Accept packet, but with a Code of 3 (Access-Reject) since
the sql module failed.
For the short-term, I wrapped the sql calls in post-auth and
post-auth-type reject in redundant, followed by "ok", so
thanks a lot my friends
On Mon, Aug 29, 2011 at 8:37 PM, wrote:
> *Delivery is delayed to these recipients or distribution lists:*
>
> t...@velociter.net
>
> Subject: Re: Delivery Delayed: Access-Reject in freeradius
>
> This message has not yet been delivered. Microsoft Excha
Alan DeKok wrote:
>The last few lines contain a *CLEAR* description of the problem, and
>how to solve it.
i can not find the problem and how to solve it (im very amateur)..
Please refer me to main line
Sameh Attia wrote:
>I believe that you placed it after the DEFAULT section. Move it above
g post-auth {...} for more modules to load
> } # modules
> } # server
> radiusd: Opening IP addresses and Ports
> listen {
> type = "auth"
> ipaddr = *
> port = 0
> }
> listen {
> type = "acct"
> ipaddr = *
> port = 0
> }
> listen
saeed1803 wrote:
> Alan DeKok wrote:
>> Where? In which part of the "users" file.
> yes
>
>> Read the debug log you posted. The answer is there.
> I'm amateur, so I can not understand debug log.
> Please explain to me.
The last few lines contain a *CLEAR* description of the problem, and
how t
I believe that you placed it after the DEFAULT section. Move it above
DEFAULT and test again.
Regards
Sameh Attia
--
- Failure is not an option; it is a built-in feature in Windows.
- The two basic principles of system administration:
* For minor problems, reboot
* For major problems, reinstal
d to these recipients or distribution lists:*
>
> t...@velociter.net
>
> Subject: Access-Reject in freeradius
>
> This message has not yet been delivered. Microsoft Exchange will continue
> to try delivering the message on your behalf.
>
> Delivery of this message will be
Alan DeKok wrote:
> Where? In which part of the "users" file.
yes
> Read the debug log you posted. The answer is there.
I'm amateur, so I can not understand debug log.
Please explain to me.
thanks a lot
On Mon, Aug 29, 2011 at 2:52 PM, Alan DeKok wrote:
> saeed1803 wrote:
> > I hope you can
saeed1803 wrote:
> I hope you can help. I am having some problems running with Radius
> Authentication. The radius server is running on a debian server.
> I have added some users:
> test Cleartext-Password := "test"
Where? In which part of the "users" file.
> i can do radtest and ntrping test
ULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[files] users: Matched entry DEFAULT at line 172
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user. Authentication
may fail because of this.
++[pap] returns noop
ERROR: No authenticate method (Auth-Type) found for the request: Rejecting
the user
Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 186 to 127.0.0.1 port 36827
Waking up in 4.9 seconds.
Cleaning up request 0 ID 186 with timestamp +182
Ready to process requests.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 05/24/2011 05:03 PM, Alan Buxey wrote:
so, in inner-tunnel post-auth, set "outer.reply" to be whatever you want..
you can then, in the outer layer, query/check or use that reply.
Unfortunately, outer.reply is an Access-Challenge.
-
List info/subscribe/unsubscribe? See http://www.freeradius
> so, in inner-tunnel post-auth, set "outer.reply"
> to be whatever you want.. you can then, in the
> outer layer, query/check or use that reply.
There's an additional round trip after the failure
which is why Phil said it needs to be saved. I
had a patch to save/restore it; but, it needs
rew
Hi,
> On 24/05/11 15:23, Martin Goldstone wrote:
>
> > Yes, I have this in both the peap stanza and the ttls stanza. This
> > seems to be fine when access is accepted, for example if I set a
> > Reply-Message saying "Welcome" in the post-auth section of the
> > inner-tunnel config, I see this in
On 24/05/11 15:23, Martin Goldstone wrote:
Yes, I have this in both the peap stanza and the ttls stanza. This
seems to be fine when access is accepted, for example if I set a
Reply-Message saying "Welcome" in the post-auth section of the
inner-tunnel config, I see this in the final access-accep
till need to be addressed. The main one is sending a (semi)
>> meaningful reply message when a user is rejected. Unfortunately, I'm
>> having trouble figuring out how to return a Reply-Message from with in
>> the inner tunnel. Well, to be more specific, returning that
>>
hen a user is rejected. Unfortunately, I'm
having trouble figuring out how to return a Reply-Message from with in
the inner tunnel. Well, to be more specific, returning that
Reply-Message within the final Access-Reject.
Do you have this in eap.conf:
eap {
peap {
use_tunne
I'm
having trouble figuring out how to return a Reply-Message from with in
the inner tunnel. Well, to be more specific, returning that
Reply-Message within the final Access-Reject.
So far, I've figured that I can update outer.reply within the inner
tunnel, but this gets sent out in an Acce
You've posted the RADIUS messages. But what about src/dst IP? Have
you verified that the packets you *think* are the same actually match
for src/dst IP, and src/dst port? If not, why not go check? That will
show you WHY the packets are different: they're not the same packet!
You're right
sbcsgjm...@snkmail.com wrote:
> Im confused, the Packet identifier is the same. Can you explain how you
> know this. Thanks, much appreciated!
The packets are different. Go read them.
Find out what is modifying the packet *after* the RADIUS server sends
the reply. Look at the *rest* of the
What is between the radius server and NAS? Something must be, because
it's modifying the packet. Do you have an intermediate proxy server?
No, but the packets are being sent over an OpenVPN tunnel.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-rejects to the NAS but the reply-message seems
to get stripped from the access-reject packet. Ive configured the
reply-message as below in /etc/raddb/sites-enabled/default
Huh? 1.1.3 doesn't have "sites-enabled".
Figure out what you're doing. You won't be able to
On 05/14/2011 11:28 AM, sbcsgjm...@snkmail.com wrote:
Hi,
Using freeradius 1.1.3. Im trying to get freeradius to return a helpful
reply-message in access-rejects to the NAS but the reply-message seems
to get stripped from the access-reject packet. Ive configured the
reply-message as below in
sbcsgjm...@snkmail.com wrote:
> Using freeradius 1.1.3.
Upgrade.
Im trying to get freeradius to return a helpful
> reply-message in access-rejects to the NAS but the reply-message seems
> to get stripped from the access-reject packet. Ive configured the
> reply-message as below i
Hi,
Using freeradius 1.1.3. Im trying to get freeradius to return a helpful
reply-message in access-rejects to the NAS but the reply-message seems
to get stripped from the access-reject packet. Ive configured the
reply-message as below in /etc/raddb/sites-enabled/default
post-auth {
sql
o mysql, I loose the ability to send an Access-Reject based on
huntgroups.
Is that correct?
Thanks,
Gene Titus
The Office of Telecommunication Services
The University of Texas at Austin
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/mysql-huntgroups-Access-Reject-tp33066
ng part. In the post-auth section, I
> have added some SQL logging. I am logging Access-Accept and
> Access-Reject. My problem is that access-rejects are appearing
> scrambeled.. Example:
...
> How can I log the tried username in cleartext?
Find out where the username exists in cleartext
n, I
have added some SQL logging. I am logging Access-Accept and
Access-Reject. My problem is that access-rejects are appearing
scrambeled.. Example:
| 50 | us...@mydomain.tld | |
Access-Accept | 2010-09-10 10:53:36 |
| 51 | =7bam=3d1=7d917341235f4283123a5
kartik dadwal wrote:
> OS: Ubuntu 9.10
> Freeradius 2.1.0 (Installed using synaptic packet manager)
> On the server terminal:
> r...@kartik-laptop:/etc/freeradius# *radiusd -X*
I would suggest reading the debug output. The answer to your question
is in there.
Also, try pasting the debug out
1812
User-Name = "testing"
User-Password = "password"
NAS-IP-Address = 127.0.1.1
NAS-Port = 0
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=248,
length=20
===
On the server terminal:
r...@kartik-la
Hi all!
I need to set up something and I would like your opinion on how to do it.
Freeradius (v2.1.8) asks kerberos/ldap to authenticate and authorize.
What I want to do is if a Radius doesn't find anything (meaning
access-reject) then it asks another Radius located at another host.
Ther
Peter Lambrechtsen wrote:
> Understood, I had just taken examples off the internet about how to
> setup LDAP Auth, which was very misleading by having the Auth-Type being
> set which caused all of my issues in the first place.
And the documentation (web, manual pages, config files) says in many
On Wed, Aug 11, 2010 at 12:40 PM, Alan DeKok wrote:
> Peter Lambrechtsen wrote:
> > I have figured out where my mistake was. I needed to have the users
> > file being used in the authorize section, but I shouldn't have had
> > "Auth-Type := Accept" at the end of each line for the Groups, otherwis
Peter Lambrechtsen wrote:
> I have figured out where my mistake was. I needed to have the users
> file being used in the authorize section, but I shouldn't have had
> "Auth-Type := Accept" at the end of each line for the Groups, otherwise
> if the Auth-Type is set to Accept the authenticate sectio
write a Wiki article for this I am more than happy to do
so.
On Tue, Aug 10, 2010 at 10:18 AM, Peter Lambrechtsen <
plambrecht...@gmail.com> wrote:
> On Mon, Aug 9, 2010 at 6:31 PM, Alan DeKok wrote:
>
>> Peter Lambrechtsen wrote:
>> > Using FreeRadius 2.1.7 and trying to g
On Mon, Aug 9, 2010 at 6:31 PM, Alan DeKok wrote:
> Peter Lambrechtsen wrote:
> > Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
> > access reject however it always seems to return either a noop or ok.
> ..
> > And this is what is i
Peter Lambrechtsen wrote:
> Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
> access reject however it always seems to return either a noop or ok.
..
> And this is what is in my postauth_users file:
>
> DEFAULT Auth-Type := REJECT
> Post-Auth-Typ
y-Message}" == "Reject") -> TRUE
++? if ("%{reply:Reply-Message}" == "Reject") -> TRUE
++- entering if ("%{reply:Reply-Message}" == "Reject") {...}
+++[reject] returns reject
++- if ("%{reply:Reply-Message}" == "Reject") retu
Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
access reject however it always seems to return either a noop or ok.
This is what I get in my radiusd -X trace:
[files] postauth_users: Matched entry DEFAULT at line 30
++[files] returns ok
Sending Access-Accept of id 53 to
{} section of inner-tunnel to copy control attribute from
inner-tunnel to default
2. sql query for radpostauth
3. content of authorize section of file /etc/raddb/sites-available/default
4. radiusd -X debug message for access-reject case
Alan's
Fads Afds wrote:
> I tried to get the error-message of inner-tunnel by running sql query in
> "Post-Auth-Type Reject {} of default. The message field in radpostauth table
> is empty. The query seems cannot access %{inner.control:My-Err-Message}
> attribute.
> My question is: Can sql in
e warning message:
2. sql query for radpostauth
3. content of authorize section of file /etc/raddb/sites-available/default
4. radiusd -X debug message for access-reject case
Alan's reply ---
Fads Afds wrote:
> Hi Fellows,
>
>I hav
ble.
>For access-accept case, sql inside post-auth {} of inner-tunnl is invoked
> and logging message is written to radpostauth table as expected.
>For access-reject cases (username not existed in db, wrong username,
> accumulated session time quota exceeded, etc), Post-Au
t;123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=185, length=20
thakkksss
> Date: Thu, 13 May 2010 13:07:45 +0100
> From: a.l.m.bu...@lboro.ac.uk
> To: freeradius-users@lists.freeradius.org
> Subject
Hi,
> > comment this line out and restart the daemon
> > remove calls to 'unix' from your configuration
> > if you dont want to even think about /etc/passwd
> i commented it like that:
> #DEFAULT Auth-Type = System
> Fall-Through = 1
comment out both lines.the DEFAULT line and the fall-th
> Date: Thu, 13 May 2010 11:01:10 +0100
> From: a.l.m.bu...@lboro.ac.uk
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Access request-access reject
>
> Hi,
>
> > I found in users file that line:
> > DEFAULTAuth-Type = System
>
> comme
Hi,
> I found in users file that line:
> DEFAULTAuth-Type = System
comment this line out and restart the daemon
remove calls to 'unix' from your configuration
if you dont want to even think about /etc/passwd
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.htm
> users: Matched entry DEFAULT at line 153
> > users: Matched entry abc at line 216
> > modcall[authorize]: module "files" returns ok for request 0
> > modcall: leaving group authorize (returns ok) for request 0
> > rlm_pap: Found existing Auth-Type, not changing it.
> > rad_check_password: Found
On 05/12/2010 08:01 PM, dorra aa wrote:
hi can someone help me in that
i add a users :
abc cleartext-password:="123"
It's right there in the debug output
users: Matched entry DEFAULT at line 153
users: Matched entry abc at line 216
modcall[authorize]: module "files" returns ok for request 0
m
User-Password = "123"
NAS-IP-Address = 255.255.255.255
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=48, length=20
and this is the output of deamon:
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:41804, id=48, length=55
> Date: Wed, 5 May 2010 11:08:28 -0400
> From: jden...@redhat.com
> To: freeradius-users@lists.freeradius.org
> Subject: Re: plz help me: access-reject
> CC: a.l.m.bu...@lboro.ac.uk
>
> On 05/05/2010 11:01 AM, Alan Buxey wrote:
> > Hi,
> >
> >>
r-Password = "salut"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=76, length=20
are you SURE you are editing the right users file? you havent got two copies
of FR installed have you ? (eg self-build and RPM) - check t
"salut"
> NAS-IP-Address = 127.0.1.1
> NAS-Port = 1812
> rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=76, length=20
are you SURE you are editing the right users file? you havent got two copies
of FR installed have you ? (eg self-build and RPM) - check t
On 05/05/2010 06:38 AM, dorra aa wrote:
Mr Alan i do it but always the same result:
"The definition of insanity is doing the same thing over and over and
expecting different results. "
-Benjamin Franklin
plz can you give me the steps that i may to do more then that.
plz help me. I am a begin
7.0.1.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=76, length=20
plz can you give me the steps that i may to do more then that.
plz help me. I am a beginner in that
> Date: Wed, 5 May 2010 11:19:29 +0100
> From: a.l.m.bu...@lboro.ac
Hi,
> Hi. im used freeradius 2.1.8. Please can somebody give me an example of
> configuration of files to do na simple test with radiusd -X.
> because i'm testing now a local client and the result is reject. I modify
> onlu users and clients.conf.is that anought?
>
> 1/I add on Users:
>
> "son
23
Sending Access-Request of id 11 to 127.0.0.1 port 1812
User-Name = "sonia"
User-Password = "salut"
NAS-IP-Address = 127.0.1.1
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=11, length=20
3/The result of output radiusd -X is:
Le lundi 03 mai 2010 à 16:58 +0200, Alan DeKok a écrit :
> Fred MAISON wrote:
> > With this setup, access-accept are logged, but access-reject does not
> > seems to be logged.
> >
> > Is this the normal behaviour ?
>
> Yes. See Post-Auth-Type Reject. Th
Fred MAISON wrote:
> With this setup, access-accept are logged, but access-reject does not
> seems to be logged.
>
> Is this the normal behaviour ?
Yes. See Post-Auth-Type Reject. This is documented in the same file:
sites-available/default.
Alan DeKok.
-
List info/subscribe
1 - 100 of 340 matches
Mail list logo
