Re: accouting
Larry Brower wrote: rosect...@yahoo.com wrote: I have installed the following two rpms: freeradius-mysql-2.1.3-1.fc9.i386 and freeradius-postgresql-2.1.3-1.fc9.i386on my Fedora machine. However, when I tried to configure sql server by using mysqladmin ..., system says command not found. Do I need to install anything else (and where I can download them) before executing that command? Thanks a lot in advance. Actually installing MySQL might be a good start considering that is what installs mysqladmin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Try this command to start mysql service mysqld start Vu Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Diameter roaming
Hi all, Do anyones know why Diameter support faster roaming than RADIUS ? I've read some references but I dont understand. Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Diameter roaming
Alan DeKok wrote: VU VAN HUNG wrote: Do anyones know why Diameter support faster roaming than RADIUS ? It doesn't. I means roaming between 2 client with 1 AAA Server in network (ex: wireless mesh network). Is roaming with Diameter faster than with Radius? I've read some references but I dont understand. Diameter is useful if you have an ISP / phone company with 10 million users, and $5-10 million to spend on a Diameter infrastructure. And even then, it doesn't do authentication or accounting. I'm sure that Diameter do authentication and accounting. Check it out, http://www.ibm.com/developerworks/wireless/library/wi-diameter/ Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: free NAS ?
sunhualing wrote: hostapd as a NAS, authenticator wpa-supplicant as a supplicant On Fri, May 7, 2010 at 1:31 AM, Jeff Voskamp javos...@uwaterloo.ca mailto:javos...@uwaterloo.ca wrote: On 05/06/2010 01:27 PM, John McDonnell wrote: On May 6th, 2010 at 1:09 PM, Randal Carpenter wrote: Try openfiler, at http://www.openfiler.com/, it emulates both SAN and NAS equipment. On Thu, May 6, 2010 at 5:56 AM, VU VAN HUNGvanhung2...@gmail.com mailto:vanhung2...@gmail.com wrote: Hi all, I just wonder that are there any open source software that have same functionalities like Network Access Server ? Because I see that there's Asterisk, which 's like a PBX. Best, Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html There's always FreeNAS as well... http://freenas.org/freenas Wrong NAS - those ones are Network Attached Storage, not Network Access Server. Dang TLA overload. Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hostapd only for authentication, I have tried to google but found nothing. I want to find a free NAS supporting accounting for radius server. Just found this one. Check it out ! https://www.rahunas.org/trac/ Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
free NAS ?
Hi all, I just wonder that are there any open source software that have same functionalities like Network Access Server ? Because I see that there's Asterisk, which 's like a PBX. Best, Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with reading user data in Freeradius with Mysql
Hi all, I got a problem with freeradius and mysql. My freeradius server cannot read data from radcheck table. It notice that No Cleartext-Password's Configured, even if I totally set Attribute field in radcheck table is Cleartext-Password. Could someones help me solve this problem ? Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting packets
Hi all, I'm trying to implement radius accounting. I want to ask how I can know whether accounting packets are sent and received ? Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting packets
And I can't see Accouting-Request and Accounting-Respond. How do I configure freeradius to get Accouting-Request and Accounting-Respond packets when I capture them ? I hope someones will give me some advices. Hung - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: accounting packets
Alan DeKok wrote: VU VAN HUNG wrote: Hi all, I'm trying to implement radius accounting. I want to ask how I can know whether accounting packets are sent and received ? Run the server in debugging mode, as suggested in the FAQ, README, INSTALL, man page If you don't see accounting packets, go fix the NAS so that it sends accounting packets. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html In my freeradius, accounting listening port is 1813, how do I edit my accounting port in freeradius by configuration ? I'm using Engenius ECB3500 Access Point as NAS. It uses RADIUS port 1812. Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: R: NAS-Identifier and radgroupcheck table
Alan DeKok wrote: Ana Gallardo wrote: DEFAULT Auth-Type := Reject Hmm... that will cause all of the users to be rejected. Delete it. I follow this howto http://wiki.freeradius.org/SQL_Huntgroup_HOWTO and, at the button said: *Note: If you want to reject authentication by default then edit the raddb/users file and add this: * *DEFAULT Auth-Type := Reject That's not necessary. It should be deleted from the page. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Dear Ana, Could you tell me your name of NAS device which you are using ? Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problems with queries and user database in mysql and freeradius
Hi all, I'm trying to manage the users in freeradius with mysql. Users can log in wireless network successfully but I get 2 problems. 1. Only post-authenticate query's implemented to insert information to radpostauth table in radius database. Accouting queries for accounting table in database're not implemented. 2. When I only use sql to manage users, I totally dont configure in users file of freeradius, users cant login to network. I hope someones will help me solve these problems. Here my out put from radiusd -X command: rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141, length=145 User-Name = hung NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = 00-1E-E5-9B-9A-FE:LCK Calling-Station-Id = 00-17-C4-8C-2C-C8 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x02090168756e67 Message-Authenticator = 0x92a2c1dd019f55542bef82c3b6b122b9 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 0 length 9 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry hung at line 91 ++[files] returns ok [sql] expand: %{Stripped-User-Name} - [sql] expand: %{User-Name} - hung [sql] expand: %{%{User-Name}:-DEFAULT} - hung [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} - hung [sql] sql_set_user escaped user -- 'hung' rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT id, username, attribute, op, value FROM radcheck WHERE username = '%{SQL-User-Name}'ORDER BY id - SELECT id, username, attribute, op, value FROM radcheck WHERE username = 'hung'ORDER BY id [sql] expand: SELECT groupname FROM usergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority - SELECT groupname FROM usergroup WHERE username = 'hung' ORDER BY priority [sql] expand: SELECT id, groupname, attribute,op, Value FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute,op, Value FROM radgroupcheck WHERE groupname = 'WLANgroup' ORDER BY id [sql] User found in group WLANgroup [sql] expand: SELECT id, groupname, attribute,op, Value FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id - SELECT id, groupname, attribute,op, Value FROM radgroupreply WHERE groupname = 'WLANgroup' ORDER BY id rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 141 to 192.168.0.2 port 1024 EAP-Message = 0x010100061520 Message-Authenticator = 0x State = 0x09945ffc09954a3c3aef342532c8f473 Finished request 0. Going to the next request Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=141, length=145 Sending duplicate reply to client localhost port 1024 - ID: 141 Sending Access-Challenge of id 141 to 192.168.0.2 port 1024 Waking up in 4.9 seconds. rad_recv: Access-Request packet from host 192.168.0.2 port 1024, id=142, length=160 User-Name = hung NAS-IP-Address = 192.168.0.2 NAS-Port = 0 Called-Station-Id = 00-1E-E5-9B-9A-FE:LCK Calling-Station-Id = 00-17-C4-8C-2C-C8 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x020100060319 State = 0x09945ffc09954a3c3aef342532c8f473 Message-Authenticator = 0x560713ad902723d908cff078aab76337 +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 1 length 6 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[unix] returns notfound [files] users: Matched entry hung at line 91 ++[files] returns ok [sql] expand: %{Stripped-User-Name} - [sql] expand: %{User-Name} - hung [sql] expand: %{%{User-Name}:-DEFAULT} - hung [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} - hung [sql] sql_set_user escaped user -- 'hung' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, op, value FROM radcheck WHERE username = '%{SQL-User-Name}'ORDER BY id - SELECT id, username, attribute, op, value FROM radcheck WHERE username = 'hung'
Re: rlm_sql error, can't expand User-Password and Chap-Password, help me !
szymon roczniak wrote: On Thu, Apr 22, 2010 at 05:38:04PM +0700, VU VAN HUNG wrote: szymon roczniak wrote: On Thu, Apr 22, 2010 at 04:50:50PM +0700, VU VAN HUNG wrote: I know, but in the output, I see the following lines: *sql] expand: %{User-Password} - [sql] expand: %{Chap-Password} - * no information about User-Password and Chap-Password, and the query, I hope I'm not completely wrong here but this is probably because you're using EAP not PAP or CHAP so these attributes are not set. which insert into radpostauth, is error. I dont know why. Do you have any suggests about this problem ? the query results in an error because the username column in missing (or misspelled) in the table: rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'field list'* Thanks szymon for your help. I edited some columns' name in radius database, so users could connect to wireless network successfully. But I still dont know how to configure Radius Server using PAP and CHAP instead of EAP, because I explore my configuration in radiusd.conf and see nothing wronng. Hope someones give me suggests about this problem. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Users file or mysql database; radpostauth table
Alan DeKok wrote: David Seira wrote: First of all, I want to put a freeradius to manage a net with about 400~500 users. I don't know which method for manage users choose; users file or mysql database? Whatever makes you happy. I think manage users with a file is faster but the management is worse and mysql database is easily management but I think is slower than other. What do you think about? Which is the best option? For 500 users, the speed of MySQL isn't an issue. Another question is referent a freeradius + mysql. I do a test and save the users passwords with SHA1 in the radcheck table. Then I activated the radpostauth logging table. The problem is in this table (when a user is logged in) the pass is stored in plain-text, without encryption. Is possible to store the pass encrypted with SHA1 in radpostauth table? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Hi everyones, I'm a newbie in Radius. I just want to ask do I have to configure users file if use mysql to manage the users ? Vu Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql error, can't expand User-Password and Chap-Password, help me !
szymon roczniak wrote: In order to have PAP or CHAP working you need your NAS to send either User-Password or CHAP-Password attribute. If you look at your log file again you'll see that both the pap and the chap module return noop, this is because these attributes are not present in the query. I query some information to nas table of radius database, but pap and chap modules still return noop. How do I make NAS send User-Password or CHAP-Password attribute ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql error, can't expand User-Password and Chap-Password, help me !
Hi all, This is my first post. I'm trying to make a AAA server based on freeRadius and MySQL. After I configure radius server and run server in debug mode, I get some problem with rlm_sql about User-Password and Chap-Password. It seems that the server can't expand User-Password and Chap-Password. I don't know what's the problem. I hope that someones will give me advices. Here's my output from Radiusd -X command. rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=32, length=205 Sending duplicate reply to client RDLAB port 1026 - ID: 32 Sending Access-Challenge of id 32 to 192.168.0.6 port 1026 Waking up in 4.6 seconds. rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=33, length=205 User-Name = hung NAS-IP-Address = 192.168.0.6 NAS-Port = 0 Called-Station-Id = 00-02-6F-59-85-C7:RADIUS_TEST Calling-Station-Id = 00-17-C4-8C-2C-C8 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x020a002b19001703010020abe3291179889948f4ed41e6b8102d58aae4dc0f8400550f1d2d2fe050cc2dcb State = 0x296e680f21647160f77444525cb5459d Message-Authenticator = 0xe4889cb8f5e0e5104d92e7d3b13eef2a +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop [eap] EAP packet type response id 10 length 43 [eap] Continuing tunnel setup. ++[eap] returns ok Found Auth-Type = EAP +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Received EAP-TLV response. [peap] Success [eap] Freeing handler ++[eap] returns ok Login OK: [hung] (from client RDLAB port 0 cli 00-17-C4-8C-2C-C8) +- entering group post-auth {...} [sql] expand: %{Stripped-User-Name} - [sql] expand: %{User-Name} - hung [sql] expand: %{%{User-Name}:-DEFAULT} - hung [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} - hung [sql] sql_set_user escaped user -- 'hung' [*sql] expand: %{User-Password} - [sql] expand: %{Chap-Password} - * [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'hung', '', 'Access-Accept', '2010-04-21 20:22:27') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'hung', '', 'Access-Accept', '2010-04-21 20:22:27') *rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_mysql: MYSQL check_error: 1054 received rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'field list'* rlm_sql (sql): Released sql socket id: 2 ++[sql] returns fail Using Post-Auth-Type Reject +- entering group REJECT {...} [attr_filter.access_reject] expand: %{User-Name} - hung attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 9 for 1 seconds Going to the next request Waking up in 0.9 seconds. rad_recv: Access-Request packet from host 192.168.0.6 port 1026, id=33, length=205 Waiting to send Access-Reject to client RDLAB port 1026 - ID: 33 Waking up in 0.9 seconds. Sending delayed reject for request 9 Sending Access-Reject of id 33 to 192.168.0.6 port 1026 EAP-Message = 0x030a0004 Message-Authenticator = 0x Waking up in 3.6 seconds. Best, Vu Hung, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql error, can't expand User-Password and Chap-Password, help me !
szymon roczniak wrote: On Thu, Apr 22, 2010 at 04:50:50PM +0700, VU VAN HUNG wrote: It looks like you have a problem with this INSERT query: [..] [sql] expand: INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( '%{User-Name}', '%{%{User-Password}:-%{Chap-Password}}', '%{reply:Packet-Type}', '%S') - INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'hung', '', 'Access-Accept', '2010-04-21 20:22:27') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, pass, reply, authdate) VALUES ( 'hung', '', 'Access-Accept', '2010-04-21 20:22:27') *rlm_sql (sql): Reserving sql socket id: 2 rlm_sql_mysql: MYSQL check_error: 1054 received rlm_sql (sql) in sql_postauth: Database query error - Unknown column 'username' in 'field list'* Everything seems to be fine until you get to this postauth stage so I guess fixing the query should solve your problem. I know, but in the output, I see the following lines: *sql] expand: %{User-Password} - [sql] expand: %{Chap-Password} - * no information about User-Password and Chap-Password, and the query, which insert into radpostauth, is error. I dont know why. Do you have any suggests about this problem ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html