hi guys, my radiusd server does not write /var/log/radutmp but accounting logs works perfectly fine. Please tell me why? where did i go wrong? please help. On Thu, 6 Sep 2001 [EMAIL PROTECTED] wrote: > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cistron.nl/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. Problems with Solaris 8 and Cisco IOS 12.x (Randall Badilla) > 2. 128bit Proxy-State Attribute ([EMAIL PROTECTED]) > 3. RE: Problems with Solaris 8 and Cisco IOS 12.x (Steven Burrill) > 4. Re: 128bit Proxy-State Attribute (Chris Parker) > 5. Re: Problems with Solaris 8 and Cisco IOS 12.x (Chris Parker) > 6. Re: trying to understand module counter? (Chris Parker) > 7. FreeRadius/LDAP/Netware 5.1 ([EMAIL PROTECTED]) > 8. Re: AW: AW: MS-CHAP Password (Chris Parker) > 9. garbage dirs in radacct (Mohsen Moeeni) > 10. Re: garbage dirs in radacct (Chris Parker) > 11. Re: 128bit Proxy-State Attribute (VISP Systems Administration) > 12. Re: 128bit Proxy-State Attribute (Joe Modjeski) > 13. Change to parsing of DEFAULT between 0.2 and current (Spike Ilacqua) > 14. freeradiusd and BSDI (Spike Ilacqua) > 15. about freeradius0.2 and oracle 8.1.7 (sunny) > > --__--__-- > > Message: 1 > Date: Wed, 5 Sep 2001 12:07:44 -0600 (CST) > From: "Randall Badilla" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Problems with Solaris 8 and Cisco IOS 12.x > Reply-To: [EMAIL PROTECTED] > > Hi all > I'm having a weird problem, I just compiled version 0.2 of freeradius. > fill the users , radiusd.conf and other files. > On our NAS we setuped the radius server.... until that all is fine. > But when we dialed-in neither unix users or file users can log on to NAS. > The term mon on the cisco revealed a failed decrypt message. Whe switched > from CHAP to PAP without success. > > Can anybody give me some ligth.? > > PD: I'm using a Sparc Machine with solaris 8, and our NAS has IOS 12.X. > > > > > --__--__-- > > Message: 2 > Date: Wed, 5 Sep 2001 11:20:00 -0700 (MST) > Subject: 128bit Proxy-State Attribute > From: <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > > Hello all, > > I am curious if anyone has tested freeradius with a 128bit proxy attribute. > Our upstream proxy requires us to be able to take and respond to the radius > requests with a 128bit proxy-state attribute. > > Currently we are using Cistron 1.6.4 and this hasn't had any problems but I > thier techs have told me that any earlier versions of Cistron code was not > able to handle thier proxy-state attribute. > > Joe Modjeski > Systems Administrator > CommSpeed > [EMAIL PROTECTED] > > > > > --__--__-- > > Message: 3 > From: "Steven Burrill" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: RE: Problems with Solaris 8 and Cisco IOS 12.x > Date: Wed, 5 Sep 2001 12:15:37 -0600 > charset="US-ASCII" > Reply-To: [EMAIL PROTECTED] > > What is your config for AAA on the IOS? > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of Randall > Badilla > Sent: Wednesday, September 05, 2001 12:08 PM > To: [EMAIL PROTECTED] > Subject: Problems with Solaris 8 and Cisco IOS 12.x > > > Hi all > I'm having a weird problem, I just compiled version 0.2 of freeradius. > fill the users , radiusd.conf and other files. > On our NAS we setuped the radius server.... until that all is fine. > But when we dialed-in neither unix users or file users can log on to NAS. > The term mon on the cisco revealed a failed decrypt message. Whe switched > from CHAP to PAP without success. > > Can anybody give me some ligth.? > > PD: I'm using a Sparc Machine with solaris 8, and our NAS has IOS 12.X. > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > --__--__-- > > Message: 4 > Date: Wed, 05 Sep 2001 13:28:09 -0500 > To: [EMAIL PROTECTED] > From: Chris Parker <[EMAIL PROTECTED]> > Subject: Re: 128bit Proxy-State Attribute > t> > Reply-To: [EMAIL PROTECTED] > > At 11:20 AM 9/5/2001 -0700, [EMAIL PROTECTED] wrote: > >Hello all, > > > >I am curious if anyone has tested freeradius with a 128bit proxy attribute. > > Our upstream proxy requires us to be able to take and respond to the radius > >requests with a 128bit proxy-state attribute. > > > >Currently we are using Cistron 1.6.4 and this hasn't had any problems but I > >thier techs have told me that any earlier versions of Cistron code was not > >able to handle thier proxy-state attribute. > > I know that some older radius servers mangle the Proxy-State attribute > in violation of the RFC ( *cough*MERIT*cough* ), but you should find that > FreeRADIUS conforms to the RFC explicitly in returning the Proxy-State > attribute unmolested. > > If Cistron 1.6.4 is safe, I very strongly suspect that FreeRADIUS will > be safe as well. > > Of course, the only way to be 100% sure is to test it. Your upstream > should be able to direct a test to a test installation on your network. > > -Chris > > > >Joe Modjeski > >Systems Administrator > >CommSpeed > >[EMAIL PROTECTED] > > > > > > > >- > >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > -- > \\\|||/// \ Chris Parker - Manager, Development Engineering > \ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED] > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\------------------------------------------------------ > \ Without C we would have 'obol', 'basi', and 'pasal' > > > > --__--__-- > > Message: 5 > Date: Wed, 05 Sep 2001 13:30:52 -0500 > To: [EMAIL PROTECTED] > From: Chris Parker <[EMAIL PROTECTED]> > Subject: Re: Problems with Solaris 8 and Cisco IOS 12.x > Reply-To: [EMAIL PROTECTED] > > At 12:07 PM 9/5/2001 -0600, you wrote: > >Hi all > >I'm having a weird problem, I just compiled version 0.2 of freeradius. > >fill the users , radiusd.conf and other files. > >On our NAS we setuped the radius server.... until that all is fine. > >But when we dialed-in neither unix users or file users can log on to NAS. > >The term mon on the cisco revealed a failed decrypt message. Whe switched > >from CHAP to PAP without success. > > > >Can anybody give me some ligth.? > > What shows in the NAS error logs *exactly*. Also, what does the > radius server show in the debug output? > > Please quote error message *exactly* as they are displayed, as otherwise > it is not possible to provide much assistance. > > Off the top of my head, based on your vague description, I'd suggest > checking the shared secret and reading the 'doc/cisco' file. > > -Chris > -- > \\\|||/// \ Chris Parker - Manager, Development Engineering > \ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED] > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\------------------------------------------------------ > \ Without C we would have 'obol', 'basi', and 'pasal' > > > > --__--__-- > > Message: 6 > Date: Wed, 05 Sep 2001 13:38:01 -0500 > To: [EMAIL PROTECTED] > From: Chris Parker <[EMAIL PROTECTED]> > Subject: Re: trying to understand module counter? > Reply-To: [EMAIL PROTECTED] > > At 01:18 PM 9/5/2001 +0200, you wrote: > > >Hi all > > > >We can do this in radiusd.conf > > > >DEFAULT Daily-Session-Time > 3600, Auth-Type = Reject > > Actually, you put the DEFAULT into the 'users' file, but I think you > knew that. > > >What are the keywords that are supported? > > What do you mean by this? Can you expand your question? There are > examples and an explanation in the comments for this module in the > 'radiusd.conf' file. > > >Can we do DEFAULT Total-Session-Time > 3600, Auth-Type = Reject? > > Yes, please read the docs, it tells you what you can change in the > 'radiusd.conf' file. > > You would want something similar to: > > counter { > filename = ${raddbdir}/db.counter > key = User-Name > count-attribute = Acct-Session-Time > reset = monthly > counter-name = Daily-Session-Time > check-name = Total-Session-Time > allowed-servicetype = Framed-User > cache-size = 5000 > } > > Give it a try, and test it, don't be afraid to change values. > > -Chris > -- > \\\|||/// \ Chris Parker - Manager, Development Engineering > \ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED] > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\------------------------------------------------------ > \ Without C we would have 'obol', 'basi', and 'pasal' > > > > --__--__-- > > Message: 7 > To: [EMAIL PROTECTED] > Subject: FreeRadius/LDAP/Netware 5.1 > From: [EMAIL PROTECTED] > Date: Wed, 5 Sep 2001 13:41:48 -0500 > Reply-To: [EMAIL PROTECTED] > > Has anyone had any success getting FreeRadius 0.2 to use LDAP against NDS > for authentication? Any hints, comments, suggestions, or config examples > would be excellent. I have spend about a week messing with this with no > success and I am at my wits end. > > Thanks, > Mark Capelle - CNE5, CNE4, A+ > Network Administrator > [EMAIL PROTECTED] > > > --__--__-- > > Message: 8 > Date: Wed, 05 Sep 2001 13:43:18 -0500 > To: [EMAIL PROTECTED] > From: Chris Parker <[EMAIL PROTECTED]> > Subject: Re: AW: AW: MS-CHAP Password > ch> > Reply-To: [EMAIL PROTECTED] > > At 12:36 PM 9/5/2001 +0200, Stoll, Simon wrote: > > >Hi Chris > > > >I tried to change Auth-Type to MS-CHAP > > > >result: > > > >/opt/radius/etc/raddb/users[81]: Parse error (check) for entry uad318: > >Unknown value MS-CHAP for attribute Auth-Type > >Errors reading /opt/radius/etc/raddb/users > >radiusd.conf[506]: files: Module instantiation failed. > > > >can you help how to install this module in the radiusd.conf? > > As mentioned previously, you will probably also need to add this to the > 'authenticate' section of the radiusd.conf file: > > # Decide whether the supplied auth info is sufficient for access. > authenticate { > #pam > mschap > unix > ... > } > > -Chris > -- > \\\|||/// \ Chris Parker - Manager, Development Engineering > \ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED] > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\------------------------------------------------------ > \ Without C we would have 'obol', 'basi', and 'pasal' > > > > --__--__-- > > Message: 9 > Date: Thu, 6 Sep 2001 00:33:24 +0430 (IRST) > From: Mohsen Moeeni <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: garbage dirs in radacct > Reply-To: [EMAIL PROTECTED] > > My radius uses the default configuration for the location > of detail logs: > > radacctdir = ${logdir}/radacct > detailfile = ${radacctdir}/%{Client-IP-Address}/detail > > when i saw my radacctdir, surprisingly i found out that there > are many directories there that are not my clients: > > [root@arian radacct]# ls > 0.176.45.64 160.100.183.11 240.81.183.11 64.175.45.64 8.175.45.64 > 120.68.183.11 xxx.225.40.14 48.114.183.11 72.101.183.11 > 128.113.183.11 200.104.183.11 56.63.183.11 72.175.45.64 > > none of the above except the one starting with xxx, isn't my client. > it seems something like a memory leak or bug. there is a details file > in any of the above dirs that contains 1 or more radius log entiries for > our users. the interesting point is that the entries > in these detail files, all contain correct information about the > nas ip address. that's becuase clients and nases are diffrent things. > i'm using freeradius 0.2 on RH 7.1 but i had the same > problem with 0.1 on RH 6.1. > > i know that a quick and dirty solution is to hard code my client's ip > address in radius.conf. that may work for me 'cause i have just one > client. but i dont know what to do if i decided to add more clients. > is there any other variable that i can use instead of %{Client-IP-Address} > in my radius.conf > > Best regards > M. Moeeni, > Scince and Ars Org. > > > > > --__--__-- > > Message: 10 > Date: Wed, 05 Sep 2001 15:01:20 -0500 > To: [EMAIL PROTECTED] > From: Chris Parker <[EMAIL PROTECTED]> > Subject: Re: garbage dirs in radacct > .ir> > Reply-To: [EMAIL PROTECTED] > > At 12:33 AM 9/6/2001 +0430, you wrote: > >My radius uses the default configuration for the location > >of detail logs: > > > > radacctdir = ${logdir}/radacct > > detailfile = ${radacctdir}/%{Client-IP-Address}/detail > > > >when i saw my radacctdir, surprisingly i found out that there > >are many directories there that are not my clients: > > > >[root@arian radacct]# ls > >0.176.45.64 160.100.183.11 240.81.183.11 64.175.45.64 8.175.45.64 > >120.68.183.11 xxx.225.40.14 48.114.183.11 72.101.183.11 > >128.113.183.11 200.104.183.11 56.63.183.11 72.175.45.64 > > > >none of the above except the one starting with xxx, isn't my client. > >it seems something like a memory leak or bug. there is a details file > >in any of the above dirs that contains 1 or more radius log entiries for > >our users. the interesting point is that the entries > >in these detail files, all contain correct information about the > >nas ip address. that's becuase clients and nases are diffrent things. > >i'm using freeradius 0.2 on RH 7.1 but i had the same > >problem with 0.1 on RH 6.1. > > > >i know that a quick and dirty solution is to hard code my client's ip > >address in radius.conf. that may work for me 'cause i have just one > >client. but i dont know what to do if i decided to add more clients. > >is there any other variable that i can use instead of %{Client-IP-Address} > >in my radius.conf > > Client is the server that sent you the request. You probably want > to use NAS-IP-Address if you want the records stored based on the > originating NAS. > > Surprisingly enough, this exact fact is mentioned in the config file > right where you are talking about hardcoding: > > detail { > # Note that we do NOT use NAS-IP-Address here, as that > # attribute MAY BE from the originating NAS, and NOT > # from the proxy which actually sent us the request. > # The Client-IP-Address attribute is ALWAYS the address > # of the client which sent us the request. > # > detailfile = /usr/local/var/%{Client-IP-Address}/detail > detailperm = 0600 > } > > -Chris > -- > \\\|||/// \ Chris Parker - Manager, Development Engineering > \ ~ ~ / \ WX *is* Wireless! \ [EMAIL PROTECTED] > | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 > oOo---(_)---oOo--\------------------------------------------------------ > \ Without C we would have 'obol', 'basi', and 'pasal' > > > > --__--__-- > > Message: 11 > Date: Wed, 05 Sep 2001 15:24:47 -0700 > To: [EMAIL PROTECTED] > From: VISP Systems Administration <[EMAIL PROTECTED]> > Subject: Re: 128bit Proxy-State Attribute > Reply-To: [EMAIL PROTECTED] > > At 01:28 PM 9/5/2001 -0500, you wrote: > >At 11:20 AM 9/5/2001 -0700, [EMAIL PROTECTED] wrote: > >>Hello all, > >> > >>I am curious if anyone has tested freeradius with a 128bit proxy attribute. > >> Our upstream proxy requires us to be able to take and respond to the radius > >>requests with a 128bit proxy-state attribute. > >> > >>Currently we are using Cistron 1.6.4 and this hasn't had any problems but I > >>thier techs have told me that any earlier versions of Cistron code was not > >>able to handle thier proxy-state attribute. > > > >I know that some older radius servers mangle the Proxy-State attribute > >in violation of the RFC ( *cough*MERIT*cough* ), but you should find that > >FreeRADIUS conforms to the RFC explicitly in returning the Proxy-State > >attribute unmolested. > > > >If Cistron 1.6.4 is safe, I very strongly suspect that FreeRADIUS will > >be safe as well. > > > >Of course, the only way to be 100% sure is to test it. Your upstream > >should be able to direct a test to a test installation on your network. > > > I have tested freeradius with the new Proxy-State that was introduced also > in Cistron 1.6.4. It works perfectly. > > > ---------------------------------- > Nathan Miller > Visp Systems Administration > Voice: 541-476-5352 ext. 4 > > > > --__--__-- > > Message: 12 > Date: Wed, 5 Sep 2001 17:35:37 -0700 (MST) > Subject: Re: 128bit Proxy-State Attribute > From: "Joe Modjeski" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > > > At 01:28 PM 9/5/2001 -0500, you wrote: > >>At 11:20 AM 9/5/2001 -0700, [EMAIL PROTECTED] wrote: > >>>Hello all, > >>> > >>>I am curious if anyone has tested freeradius with a 128bit proxy > >>>attribute. > >>> Our upstream proxy requires us to be able to take and respond to the > >>> radius > >>>requests with a 128bit proxy-state attribute. > >>> > >>>Currently we are using Cistron 1.6.4 and this hasn't had any problems > >>>but I thier techs have told me that any earlier versions of Cistron > >>>code was not able to handle thier proxy-state attribute. > >> > >>I know that some older radius servers mangle the Proxy-State attribute > >>in violation of the RFC ( *cough*MERIT*cough* ), but you should find > >>that FreeRADIUS conforms to the RFC explicitly in returning the > >>Proxy-State attribute unmolested. > >> > >>If Cistron 1.6.4 is safe, I very strongly suspect that FreeRADIUS will > >>be safe as well. > >> > >>Of course, the only way to be 100% sure is to test it. Your upstream > >>should be able to direct a test to a test installation on your network. > > > > > > I have tested freeradius with the new Proxy-State that was introduced > > also in Cistron 1.6.4. It works perfectly. > > > > > > ---------------------------------- > > Nathan Miller > > Visp Systems Administration > > Voice: 541-476-5352 ext. 4 > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > For anyone else that is curious, yes freeradius supports 128bit Proxy-State > Attributes. > > <begin snip from debug> > > Login OK: [<FUDGED>] (from nas eli port 1083 cli 5204453487) > Sending Access-Accept of id 57 to 208.186.172.162:1645 > Service-Type = Framed-User > Framed-Protocol = PPP > Proxy-State = > 0x42535032636563696c2e656c692e6e65742f463243463343413233344638314437 > 30394231423232383038443836464632433732343846333843433534453534324238 > 39343344313936433132334232413134394445343636374335344535343942353946 > 39374444354337344542363942423632314239393443353439353239314341323241 > 334639413334434333453932314242324630374134 > > <end snip from debug> > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
