Re: accouting
Larry Brower wrote: rosect...@yahoo.com wrote: I have installed the following two rpms: freeradius-mysql-2.1.3-1.fc9.i386 and freeradius-postgresql-2.1.3-1.fc9.i386on my Fedora machine. However, when I tried to configure sql server by using mysqladmin ..., system says command not found. Do I need to install anything else (and where I can download them) before executing that command? Thanks a lot in advance. Actually installing MySQL might be a good start considering that is what installs mysqladmin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Try this command to start mysql service mysqld start Vu Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diameter roaming
Hi all, Do anyones know why Diameter support faster roaming than RADIUS ? I've read some references but I dont understand. Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Diameter roaming
Alan DeKok wrote: VU VAN HUNG wrote: Do anyones know why Diameter support faster roaming than RADIUS ? It doesn't. I means roaming between 2 client with 1 AAA Server in network (ex: wireless mesh network). Is roaming with Diameter faster than with Radius? I've read some references but I dont understand. Diameter is useful if you have an ISP / phone company with 10 million users, and $5-10 million to spend on a Diameter infrastructure. And even then, it doesn't do authentication or accounting. I'm sure that Diameter do authentication and accounting. Check it out, http://www.ibm.com/developerworks/wireless/library/wi-diameter/ Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: free NAS ?
sunhualing wrote: hostapd as a NAS, authenticator wpa-supplicant as a supplicant On Fri, May 7, 2010 at 1:31 AM, Jeff Voskamp javos...@uwaterloo.ca mailto:javos...@uwaterloo.ca wrote: On 05/06/2010 01:27 PM, John McDonnell wrote: On May 6th, 2010 at 1:09 PM, Randal Carpenter wrote: Try openfiler, at http://www.openfiler.com/, it emulates both SAN and NAS equipment. On Thu, May 6, 2010 at 5:56 AM, VU VAN HUNGvanhung2...@gmail.com mailto:vanhung2...@gmail.com wrote: Hi all, I just wonder that are there any open source software that have same functionalities like Network Access Server ? Because I see that there's Asterisk, which 's like a PBX. Best, Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html There's always FreeNAS as well... http://freenas.org/freenas Wrong NAS - those ones are Network Attached Storage, not Network Access Server. Dang TLA overload. Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hostapd only for authentication, I have tried to google but found nothing. I want to find a free NAS supporting accounting for radius server. Just found this one. Check it out ! https://www.rahunas.org/trac/ Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
free NAS ?
Hi all, I just wonder that are there any open source software that have same functionalities like Network Access Server ? Because I see that there's Asterisk, which 's like a PBX. Best, Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with reading user data in Freeradius with Mysql
Hi all, I got a problem with freeradius and mysql. My freeradius server cannot read data from radcheck table. It notice that No Cleartext-Password's Configured, even if I totally set Attribute field in radcheck table is Cleartext-Password. Could someones help me solve this problem ? Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting packets
Hi all, I'm trying to implement radius accounting. I want to ask how I can know whether accounting packets are sent and received ? Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting packets
And I can't see Accouting-Request and Accounting-Respond. How do I configure freeradius to get Accouting-Request and Accounting-Respond packets when I capture them ? I hope someones will give me some advices. Hung - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting packets
Alan DeKok wrote: VU VAN HUNG wrote: Hi all, I'm trying to implement radius accounting. I want to ask how I can know whether accounting packets are sent and received ? Run the server in debugging mode, as suggested in the FAQ, README, INSTALL, man page If you don't see accounting packets, go fix the NAS so that it sends accounting packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html In my freeradius, accounting listening port is 1813, how do I edit my accounting port in freeradius by configuration ? I'm using Engenius ECB3500 Access Point as NAS. It uses RADIUS port 1812. Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: R: NAS-Identifier and radgroupcheck table
Alan DeKok wrote: Ana Gallardo wrote: DEFAULT Auth-Type := Reject Hmm... that will cause all of the users to be rejected. Delete it. I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and, at the button said: *Note: If you want to reject authentication by default then edit the raddb/users file and add this: * *DEFAULT Auth-Type := Reject That's not necessary. It should be deleted from the page. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dear Ana, Could you tell me your name of NAS device which you are using ? Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problems with queries and user database in mysql and freeradius
Hi all,
I'm trying to manage the users in freeradius with mysql. Users can log
in wireless network successfully but I get 2 problems.
1. Only post-authenticate query's implemented to insert information to
radpostauth table in radius database. Accouting queries for accounting
table in database're not implemented.
2. When I only use sql to manage users, I totally dont configure in
users file of freeradius, users cant login to network.
I hope someones will help me solve these problems.
Here my out put from radiusd -X command:
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141,
length=145
User-Name = hung
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = 00-1E-E5-9B-9A-FE:LCK
Calling-Station-Id = 00-17-C4-8C-2C-C8
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message = 0x02090168756e67
Message-Authenticator = 0x92a2c1dd019f55542bef82c3b6b122b9
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 0 length 9
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry hung at line 91
++[files] returns ok
[sql] expand: %{Stripped-User-Name} -
[sql] expand: %{User-Name} - hung
[sql] expand: %{%{User-Name}:-DEFAULT} - hung
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} - hung
[sql] sql_set_user escaped user -- 'hung'
rlm_sql (sql): Reserving sql socket id: 4
[sql] expand: SELECT id, username, attribute, op, value
FROM radcheck WHERE username = '%{SQL-User-Name}'ORDER
BY id - SELECT id, username, attribute, op, value FROM
radcheck WHERE username = 'hung'ORDER BY id
[sql] expand: SELECT groupname FROM usergroup
WHERE username = '%{SQL-User-Name}' ORDER BY priority -
SELECT groupname FROM usergroup WHERE username =
'hung' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute,op,
Value FROM radgroupcheck WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute,op, Value FROM radgroupcheck
WHERE groupname = 'WLANgroup' ORDER BY id
[sql] User found in group WLANgroup
[sql] expand: SELECT id, groupname, attribute,op,
Value FROM radgroupreply WHERE groupname =
'%{Sql-Group}' ORDER BY id - SELECT id, groupname,
attribute,op, Value FROM radgroupreply
WHERE groupname = 'WLANgroup' ORDER BY id
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
[pap] Found existing Auth-Type, not changing it.
++[pap] returns noop
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 141 to 192.168.0.2 port 1024
EAP-Message = 0x010100061520
Message-Authenticator = 0x
State = 0x09945ffc09954a3c3aef342532c8f473
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141,
length=145
Sending duplicate reply to client localhost port 1024 - ID: 141
Sending Access-Challenge of id 141 to 192.168.0.2 port 1024
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=142,
length=160
User-Name = hung
NAS-IP-Address = 192.168.0.2
NAS-Port = 0
Called-Station-Id = 00-1E-E5-9B-9A-FE:LCK
Calling-Station-Id = 00-17-C4-8C-2C-C8
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message = 0x020100060319
State = 0x09945ffc09954a3c3aef342532c8f473
Message-Authenticator = 0x560713ad902723d908cff078aab76337
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 1 length 6
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[unix] returns notfound
[files] users: Matched entry hung at line 91
++[files] returns ok
[sql] expand: %{Stripped-User-Name} -
[sql] expand: %{User-Name} - hung
[sql] expand: %{%{User-Name}:-DEFAULT} - hung
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} - hung
[sql] sql_set_user escaped user -- 'hung'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, op, value
FROM radcheck WHERE username = '%{SQL-User-Name}'ORDER
BY id - SELECT id, username, attribute, op, value FROM
radcheck WHERE username = 'hung'
Re: rlm_sql error, can't expand User-Password and Chap-Password, help me !
szymon roczniak wrote:
On Thu, Apr 22, 2010 at 05:38:04PM +0700, VU VAN HUNG wrote:
szymon roczniak wrote:
On Thu, Apr 22, 2010 at 04:50:50PM +0700, VU VAN HUNG wrote:
I know, but in the output, I see the following lines:
*sql] expand: %{User-Password} -
[sql] expand: %{Chap-Password} - *
no information about User-Password and Chap-Password, and the query,
I hope I'm not completely wrong here but this is probably because you're using
EAP not PAP or CHAP so these attributes are not set.
which insert into radpostauth, is error. I dont know why. Do you have
any suggests about this problem ?
the query results in an error because the username column in missing (or
misspelled) in the table:
rlm_sql (sql) in sql_postauth: Database query error - Unknown column
'username' in 'field list'*
Thanks szymon for your help.
I edited some columns' name in radius database, so users could connect
to wireless network successfully. But I still dont know how to configure
Radius Server using PAP and CHAP instead of EAP, because I explore my
configuration in radiusd.conf and see nothing wronng. Hope someones
give me suggests about this problem.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Users file or mysql database; radpostauth table
Alan DeKok wrote: David Seira wrote: First of all, I want to put a freeradius to manage a net with about 400~500 users. I don't know which method for manage users choose; users file or mysql database? Whatever makes you happy. I think manage users with a file is faster but the management is worse and mysql database is easily management but I think is slower than other. What do you think about? Which is the best option? For 500 users, the speed of MySQL isn't an issue. Another question is referent a freeradius + mysql. I do a test and save the users passwords with SHA1 in the radcheck table. Then I activated the radpostauth logging table. The problem is in this table (when a user is logged in) the pass is stored in plain-text, without encryption. Is possible to store the pass encrypted with SHA1 in radpostauth table? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Hi everyones, I'm a newbie in Radius. I just want to ask do I have to configure users file if use mysql to manage the users ? Vu Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql error, can't expand User-Password and Chap-Password, help me !
szymon roczniak wrote: In order to have PAP or CHAP working you need your NAS to send either User-Password or CHAP-Password attribute. If you look at your log file again you'll see that both the pap and the chap module return noop, this is because these attributes are not present in the query. I query some information to nas table of radius database, but pap and chap modules still return noop. How do I make NAS send User-Password or CHAP-Password attribute ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql error, can't expand User-Password and Chap-Password, help me !
Hi all,
This is my first post. I'm trying to make a AAA server based on
freeRadius and MySQL. After I configure radius server and run server in
debug mode, I get some problem with rlm_sql about User-Password and
Chap-Password. It seems that the server can't expand User-Password and
Chap-Password. I don't know what's the problem. I hope that someones
will give me advices.
Here's my output from Radiusd -X command.
rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=32,
length=205
Sending duplicate reply to client RDLAB port 1026 - ID: 32
Sending Access-Challenge of id 32 to 192.168.0.6 port 1026
Waking up in 4.6 seconds.
rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=33,
length=205
User-Name = hung
NAS-IP-Address = 192.168.0.6
NAS-Port = 0
Called-Station-Id = 00-02-6F-59-85-C7:RADIUS_TEST
Calling-Station-Id = 00-17-C4-8C-2C-C8
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = CONNECT 11Mbps 802.11b
EAP-Message =
0x020a002b19001703010020abe3291179889948f4ed41e6b8102d58aae4dc0f8400550f1d2d2fe050cc2dcb
State = 0x296e680f21647160f77444525cb5459d
Message-Authenticator = 0xe4889cb8f5e0e5104d92e7d3b13eef2a
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[eap] EAP packet type response id 10 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established. Decoding tunneled attributes.
[peap] Received EAP-TLV response.
[peap] Success
[eap] Freeing handler
++[eap] returns ok
Login OK: [hung] (from client RDLAB port 0 cli 00-17-C4-8C-2C-C8)
+- entering group post-auth {...}
[sql] expand: %{Stripped-User-Name} -
[sql] expand: %{User-Name} - hung
[sql] expand: %{%{User-Name}:-DEFAULT} - hung
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} - hung
[sql] sql_set_user escaped user -- 'hung'
[*sql] expand: %{User-Password} -
[sql] expand: %{Chap-Password} - *
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES
( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'hung', '',
'Access-Accept', '2010-04-21 20:22:27')
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'hung', '',
'Access-Accept', '2010-04-21 20:22:27')
*rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: MYSQL check_error: 1054 received
rlm_sql (sql) in sql_postauth: Database query error - Unknown column
'username' in 'field list'*
rlm_sql (sql): Released sql socket id: 2
++[sql] returns fail
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} - hung
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 9 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=33,
length=205
Waiting to send Access-Reject to client RDLAB port 1026 - ID: 33
Waking up in 0.9 seconds.
Sending delayed reject for request 9
Sending Access-Reject of id 33 to 192.168.0.6 port 1026
EAP-Message = 0x030a0004
Message-Authenticator = 0x
Waking up in 3.6 seconds.
Best,
Vu Hung,
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql error, can't expand User-Password and Chap-Password, help me !
szymon roczniak wrote:
On Thu, Apr 22, 2010 at 04:50:50PM +0700, VU VAN HUNG wrote:
It looks like you have a problem with this INSERT query:
[..]
[sql] expand: INSERT INTO radpostauth
(username, pass, reply, authdate) VALUES
( '%{User-Name}',
'%{%{User-Password}:-%{Chap-Password}}',
'%{reply:Packet-Type}', '%S') - INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'hung', '',
'Access-Accept', '2010-04-21 20:22:27')
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username, pass, reply,
authdate) VALUES (
'hung', '',
'Access-Accept', '2010-04-21 20:22:27')
*rlm_sql (sql): Reserving sql socket id: 2
rlm_sql_mysql: MYSQL check_error: 1054 received
rlm_sql (sql) in sql_postauth: Database query error - Unknown column
'username' in 'field list'*
Everything seems to be fine until you get to this postauth stage so I guess
fixing the query should solve your problem.
I know, but in the output, I see the following lines:
*sql] expand: %{User-Password} -
[sql] expand: %{Chap-Password} - *
no information about User-Password and Chap-Password, and the query,
which insert into radpostauth, is error. I dont know why. Do you have
any suggests about this problem ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
