----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, February 26, 2002 12:35 PM Subject: Freeradius-Users digest, Vol 1 #531 - 14 msgs
> Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.cistron.nl/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. stripped-user-name woes (Vector) > 2. Re: username's that start with "S" (uppercase) get the S removed (Razathorn) > 3. Logging failed requests (Options -y -z) (Esken, Christian, VP-TS, CE) > 4. Re: Simultaneous-Use (group) problem (Julio Faerman) > 5. Re: stripped-user-name woes (Joe Maimon) > 6. Free PPPoE server (SY Meta) > 7. Muilti Password file! (Connie Liu) > 8. Re[4]: What happened to CHAP? (Darkshot) > 9. Re: stripped-user-name woes (Vector) > 10. RE: Free PPPoE server (Mattias Eriksson) > 11. Re: What happened to CHAP? (Alan DeKok) > 12. Re: stripped-user-name woes (Alan DeKok) > 13. Re: Logging failed requests (Options -y -z) (Alan DeKok) > 14. Re: Muilti Password file! (Alan DeKok) > > --__--__-- > > Message: 1 > From: "Vector" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: stripped-user-name woes > Date: Mon, 25 Feb 2002 23:04:06 -0700 > charset="iso-8859-1" > Reply-To: [EMAIL PROTECTED] > > I posted a whole message about this on Friday or Saturday and had no > response, after running radiusd/rlm_sql module through gdb and seeing what > it actually does, it's starting to make some sense. I'm using freeradius > latest CVS snapshot with MySQL.. Forgive my ignorance. I'm a veteran > programmer but new to radius. > > I have a single entry in radcheck: > id = 1, UserName = testuser, Attribute = Password, Value = testpass, op = > <blank> > > All other tables empty. Justing testuser everything is fine. Using > [EMAIL PROTECTED] fails. Must there be a realm for stripped-user-name > to work properly? I would have thought it would strip everything after and > including the @ symbol even without a realm. Thanks, > > vec > > > > > --__--__-- > > Message: 2 > Date: Tue, 26 Feb 2002 02:06:57 -0600 > From: Razathorn <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: username's that start with "S" (uppercase) get the S removed > Reply-To: [EMAIL PROTECTED] > > ARG.. thou art correct. I never looked at the hints file (it wasn't > enabled in our previous setup and the fresh install that I did aparently > put that in... i had started with a fresh raddb dir). > > Guilty as charged... I just left the preprocess in there since the > #comment seemed to indicate that it was a GoodThing(tm). I had no idea > that there were active defaults in the hints file in a fresh install. > > Thanks for the quick response... I am glad it was something simple like > that. I was afraid for a second I was going to have to go poking around > with gdb looking for ptr math errors in special cases =). > > Wayne Schroeder > > On Mon, Feb 25, 2002 at 08:28:01PM -0500, Tabor J. Wells wrote: > > On Mon, Feb 25, 2002 at 06:21:16PM -0600, > > Razathorn <[EMAIL PROTECTED]> is thought to have said: > > > > > Hello, I work for a startup local to my area. We have been using > > > freeradius for a while with great success and decided to backend > > > freeradius to our backend setup. I wrote a rlm auth module which does > > > this task quite well -- it was based off the rlm_example. The strangest > > > thing has started happening though: usernames that start with a capital > > > S get the capital S chopped off.... ie... Steve turns into teve. The > > > debug output shows a User-Name pair with the correct value in it, but in > > > the debug messages of my module, the value will have the capital S > > > removed. > > > > Look at your hints file. The cap "S" is suspicious. It sounds like you have > > a Prefix rule like the default SLIP rule active. > > > > Tabor > > > > -- > > -------------------------------------------------------------------- > > Tabor J. Wells [EMAIL PROTECTED] > > Fsck It! Just another victim of the ambient morality > > > --__--__-- > > Message: 3 > From: "Esken, Christian, VP-TS, CE" <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" > <[EMAIL PROTECTED]> > Subject: Logging failed requests (Options -y -z) > Date: Tue, 26 Feb 2002 11:47:08 +0100 > Reply-To: [EMAIL PROTECTED] > > Hello, > > where are failed logins logged to? More precisely I mean those logins with > authentication errors. > I start radiusd like this: > > radiusd -yz -d /opt/radius/radius1 -p 1645 > > Giving the options -y and -z I would think auth errors would be logged to > the file radius.log in directory > "logdir" as given in radiusd.conf. But in that file > /opt/radius/var/log/radius.log I only find: > > Mon Feb 25 16:58:40 2002 : Info: Listening on IP address *, ports 1645/udp > and 1646/udp, with proxy on 1647/udp. > Mon Feb 25 16:58:40 2002 : Info: Ready to process requests. > > There are no further entries in radius.log, neither authentication failures > nor authentication successes. > BTW: Request with authentication success do get detail records in > /opt/radius/var/log/radaact/<nas-ip>/detail , > so I am pretty sure my "logdir" is correctly specified in radius.log. > > An idea what is wrong here is appreciated. > > Christian Esken > > > > --------------------------------------------------------- > This Mail has been checked for Viruses > Attention: Encrypted mails can NOT be checked! > > ** > > Diese Mail wurde auf Viren geprueft > Hinweis: Verschluesselte mails koennen NICHT auf Viren geprueft werden! > --------------------------------------------------------- > > > > --__--__-- > > Message: 4 > From: "Julio Faerman" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Subject: Re: Simultaneous-Use (group) problem > Date: Mon, 25 Feb 2002 09:19:55 -0300 > charset="iso-8859-1" > Reply-To: [EMAIL PROTECTED] > > I am having exactly the same problem as below... > Could anyone make it work ????? > > > > Hi, > > > > Trying to restrict a user to only one 'Simultaneous-Use' and I get the > > error in debug :: > > > > rlm_sql: Pairs do not match [testuser] > > modcall[authorize]: module "sql" returns notfound > > modcall: group authorize returns ok > > auth: No Auth-Type configuration for the request, rejecting the user > > auth: Failed to validate the user. > > > > Removing the simultaneous a/v pair allows the user to authenticate again. > > Same thing happens whether or not the attribute is placed in 'radcheck' > > for that user, or 'radgroupcheck' respectively. localhost is running as a > > portslave; so it's not a module problem (i hope). > > > > Any ideas? > > > > ----------------------------------------------------------- > > Michael Pearson | http://www.msi.net.au > > Systems Administrator | [EMAIL PROTECTED] > > | > > Managed Solutions Internet | > > ph: +61 7 3342 6990 | fx: +61 7 3812 1751 > > ----------------------------------------------------------- > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > --__--__-- > > Message: 5 > Date: Tue, 26 Feb 2002 07:27:09 -0500 > From: Joe Maimon <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: stripped-user-name woes > boundary="------------AE5FE8124327C5D0A14227C3" > Reply-To: [EMAIL PROTECTED] > > > --------------AE5FE8124327C5D0A14227C3 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > If you setup a hint for example: > > DEFAULT Suffix = "@somedomain.com"", Strip-User-Name = Yes > Hint = SMDM > > Then there will be a stripped user name > > > And if in your sql.conf you say here: > > > # ^^^ --That doesn't work because someone screwed up decode_attribute() > sql_user_name = "%{Stripped-User-Name}"; > #sql_user_name = "%{User-Name}" > > Then it should work. > > Or you can match up against the full username, putting [EMAIL PROTECTED] in the > radcheck database. > > Or you could change the sql queries in sql.conf to tune for behavior you find more > apropriate. > > I have tried (briefly) to get radcheck to work against Hints to, but I gave up > rather quickly. > > > Vector wrote: > > > I posted a whole message about this on Friday or Saturday and had no > > response, after running radiusd/rlm_sql module through gdb and seeing what > > it actually does, it's starting to make some sense. I'm using freeradius > > latest CVS snapshot with MySQL.. Forgive my ignorance. I'm a veteran > > programmer but new to radius. > > > > I have a single entry in radcheck: > > id = 1, UserName = testuser, Attribute = Password, Value = testpass, op = > > <blank> > > > > All other tables empty. Justing testuser everything is fine. Using > > [EMAIL PROTECTED] fails. Must there be a realm for stripped-user-name > > to work properly? I would have thought it would strip everything after and > > including the @ symbol even without a realm. Thanks, > > > > vec > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > --------------AE5FE8124327C5D0A14227C3 > Content-Type: text/html; charset=us-ascii > Content-Transfer-Encoding: 7bit > > <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> > <html> > If you setup a hint for example: > <p>DEFAULT Suffix = "@somedomain.com"", Strip-User-Name = Yes > <br> Hint = SMDM > <p>Then there will be a stripped user name > <br> > <p>And if in your sql.conf you say here: > <br> > <p> # ^^^ --That doesn't work > because someone screwed up decode_attribute() > <br> sql_user_name = "%{Stripped-User-Name}"; > <br> #sql_user_name = "%{User-Name}"<b></b> > <p>Then it should work. > <p>Or you can match up against the full username, putting [EMAIL PROTECTED] > in the radcheck database. > <p>Or you could change the sql queries in sql.conf to tune for behavior > you find more apropriate. > <p>I have tried (briefly) to get radcheck to work against Hints to, but > I gave up rather quickly. > <br> > <p>Vector wrote: > <blockquote TYPE=CITE>I posted a whole message about this on Friday or > Saturday and had no > <br>response, after running radiusd/rlm_sql module through gdb and seeing > what > <br>it actually does, it's starting to make some sense. I'm using > freeradius > <br>latest CVS snapshot with MySQL.. Forgive my ignorance. > I'm a veteran > <br>programmer but new to radius. > <p>I have a single entry in radcheck: > <br>id = 1, UserName = testuser, Attribute = Password, Value = testpass, > op = > <br><blank> > <p>All other tables empty. Justing testuser everything is fine. > Using > <br>[EMAIL PROTECTED] fails. Must there be a realm for stripped-user-name > <br>to work properly? I would have thought it would strip everything > after and > <br>including the @ symbol even without a realm. Thanks, > <p>vec > <p>- > <br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html";>http://www.freeradius.org/l ist/users.html</a></blockquote> > </html> > > --------------AE5FE8124327C5D0A14227C3-- > > > > --__--__-- > > Message: 6 > Subject: Free PPPoE server > From: SY Meta <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Date: 26 Feb 2002 17:24:06 +0300 > Reply-To: [EMAIL PROTECTED] > > Hi, > > Does anyone of you know one free pppoe server that authenticates against > radius? > > I cannot find a free one. :( > > Cheers, > > Meta > > > > --__--__-- > > Message: 7 > From: "Connie Liu" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Muilti Password file! > Date: Tue, 26 Feb 2002 22:01:58 +0800 > boundary="----=_NextPart_000_0041_01C1BF11.36297380" > Reply-To: [EMAIL PROTECTED] > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0041_01C1BF11.36297380 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Hi All; > I have few password/shadow file for different department, I need to use = > different realm todo the authentication,=20 > E.g. username@marketing will check the file = > "password.marketing" > username@sales will check the file = > "password.sales" > > Note: It is not radius User file, it is standard UNIX password file! > > How can I do that! > > Thanks for help! > Regards! > Connie > > ------=_NextPart_000_0041_01C1BF11.36297380 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; = > charset=3Diso-8859-1"> > <META content=3D"MSHTML 5.50.4912.300" name=3DGENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV><FONT face=3DArial size=3D2>Hi All;</FONT></DIV> > <DIV><FONT face=3DArial size=3D2>I have few password/shadow file for = > different=20 > department, I need to use different realm todo the authentication, = > </FONT></DIV> > <DIV><FONT face=3DArial size=3D2>E.g. <A=20 > href=3D"mailto:username@marketing";>username@marketing</A> will check the = > > file =20 > "password.marketing"</FONT></DIV> > <DIV><FONT face=3DArial size=3D2> <A=20 > href=3D"mailto:username@sales";>username@sales</A> will check the=20 > file &nb= > sp; &nbs= > p; =20 > "password.sales"</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>Note: It is not radius User file, it is = > standard=20 > UNIX password file!</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>How can I do that!</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>Thanks for help!</FONT></DIV> > <DIV><FONT face=3DArial size=3D2>Regards!</FONT></DIV> > <DIV><FONT face=3DArial size=3D2>Connie</FONT></DIV></BODY></HTML> > > ------=_NextPart_000_0041_01C1BF11.36297380-- > > > > --__--__-- > > Message: 8 > Date: Tue, 26 Feb 2002 09:30:51 -0500 > From: Darkshot <[EMAIL PROTECTED]> > Organization: Chudy International > To: Andrew Tait <[EMAIL PROTECTED]> > Subject: Re[4]: What happened to CHAP? > <013501c1be73$05f344f0$[EMAIL PROTECTED]> > <[EMAIL PROTECTED]> > <01bd01c1be80$ecef4680$[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > > > > bob Auth-Type := Local, Password := bob > > Fall-Through = Yes > > I made that change and: > > > Also, once you actually run radtest, there should be more info from > > radiusd -X after: > > rad_recv: Access-Request packet from host 127.0.0.1:32830, id=44, length=52 > User-Name = "bob" > Password = "R4 "P]\000\264\242S(\204\217M\213\371" > NAS-IP-Address = 255.255.255.255 > NAS-Port-Id = "0" > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall: group authorize returns ok > auth: No Auth-Type configuration for the request, rejecting the user > auth: Failed to validate the user. > WARNING: Unprintable characters in the password. ? Double-check the shared se > cret on the server and the NAS! > Sending Access-Reject of id 44 to 127.0.0.1:32830 > Finished request 2 > Going to the next request > > I did check the shared secret and it's what it should be. That error > seems to be misleading- what it looks like to me is that the chap > module isn't there- and sure enough, in radiusd.conf, it ain't. > So where did it go? ;_) > \ > > > > --__--__-- > > Message: 9 > From: "Vector" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: stripped-user-name woes > Date: Tue, 26 Feb 2002 07:48:40 -0700 > boundary="----=_NextPart_000_0115_01C1BE9A.018021A0" > Reply-To: [EMAIL PROTECTED] > > This is a multi-part message in MIME format. > > ------=_NextPart_000_0115_01C1BE9A.018021A0 > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > Thankx much for the reply. Maybe I'm going about this all wrong. I = > would just like 'user' to work as well as '[EMAIL PROTECTED]'=20 > > After working on this for a while, it looked like realms might be the = > answer but that didn't quite take care of it. If I put = > '[EMAIL PROTECTED]' in the db then 'user' will no longer work, right? > > There are going to be lots of realms and I would like to make this = > generic if possible so that I don't need a separate hint to be able to = > strip the realm. It looked like the best way to implement this would be = > with a different group for each realm and then populate realmgroup in = > the database. As far as I can tell though, the rlm_sql module doesn't = > actually use either of the realm tables (yet??). > > Just looking for some guidence as to the 'best' way to do this so I = > don't have a hacked up config of radius. Thnx again for the reply. > > vec > > ----- Original Message -----=20 > From: Joe Maimon=20 > To: [EMAIL PROTECTED]=20 > Sent: Tuesday, February 26, 2002 5:27 AM > Subject: Re: stripped-user-name woes > > > If you setup a hint for example:=20 > DEFAULT Suffix =3D "@somedomain.com"", Strip-User-Name =3D Yes=20 > Hint =3D SMDM=20 > > Then there will be a stripped user name=20 > =20 > > And if in your sql.conf you say here:=20 > =20 > > # ^^^ --That doesn't work because someone screwed up = > decode_attribute()=20 > sql_user_name =3D "%{Stripped-User-Name}";=20 > #sql_user_name =3D "%{User-Name}"=20 > > Then it should work.=20 > > Or you can match up against the full username, putting = > [EMAIL PROTECTED] in the radcheck database.=20 > > Or you could change the sql queries in sql.conf to tune for behavior = > you find more apropriate.=20 > > I have tried (briefly) to get radcheck to work against Hints to, but = > I gave up rather quickly.=20 > =20 > > Vector wrote:=20 > > I posted a whole message about this on Friday or Saturday and had no = > > response, after running radiusd/rlm_sql module through gdb and = > seeing what=20 > it actually does, it's starting to make some sense. I'm using = > freeradius=20 > latest CVS snapshot with MySQL.. Forgive my ignorance. I'm a = > veteran=20 > programmer but new to radius.=20 > I have a single entry in radcheck:=20 > id =3D 1, UserName =3D testuser, Attribute =3D Password, Value =3D = > testpass, op =3D=20 > <blank>=20 > > All other tables empty. Justing testuser everything is fine. Using = > > [EMAIL PROTECTED] fails. Must there be a realm for = > stripped-user-name=20 > to work properly? I would have thought it would strip everything = > after and=20 > including the @ symbol even without a realm. Thanks,=20 > > vec=20 > > -=20 > List info/subscribe/unsubscribe? See = > http://www.freeradius.org/list/users.html > > > ------=_NextPart_000_0115_01C1BE9A.018021A0 > Content-Type: text/html; > charset="iso-8859-1" > Content-Transfer-Encoding: quoted-printable > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > <HTML><HEAD> > <META http-equiv=3DContent-Type content=3D"text/html; = > charset=3Diso-8859-1"> > <META content=3D"MSHTML 5.50.4616.200" name=3DGENERATOR> > <STYLE></STYLE> > </HEAD> > <BODY bgColor=3D#ffffff> > <DIV><FONT face=3DArial size=3D2>Thankx much for the reply. Maybe = > I'm going=20 > about this all wrong. I would just like 'user' to work as well as = > <A=20 > href=3D"mailto:'[EMAIL PROTECTED]'">'[EMAIL PROTECTED]'</A> = > </FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>After working on this for a while, it = > looked like=20 > realms might be the answer but that didn't quite take care of it. = > If I put=20 > <A href=3D"mailto:'[EMAIL PROTECTED]'">'[EMAIL PROTECTED]'</A> in = > the db then=20 > 'user' will no longer work, right?</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>There are going to be lots of realms = > and I would=20 > like to make this generic if possible so that I don't need a separate = > hint to be=20 > able to strip the realm. It looked like the best way to = > implement=20 > this would be with a different group for each realm and then = > populate=20 > realmgroup in the database. As far as I can tell though, the = > rlm_sql=20 > module doesn't actually use either of the realm tables = > (yet??).</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>Just looking for some guidence as to = > the 'best' way=20 > to do this so I don't have a hacked up config of radius. Thnx = > again for=20 > the reply.</FONT></DIV> > <DIV><FONT face=3DArial size=3D2></FONT> </DIV> > <DIV><FONT face=3DArial size=3D2>vec</FONT></DIV> > <DIV> </DIV> > <BLOCKQUOTE dir=3Dltr=20 > style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = > BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> > <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> > <DIV=20 > style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = > black"><B>From:</B>=20 > <A [EMAIL PROTECTED] href=3D"mailto:[EMAIL PROTECTED]";>Joe = > Maimon</A> </DIV> > <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A=20 > [EMAIL PROTECTED]=20 > = > href=3D"mailto:[EMAIL PROTECTED]";>freeradius-users@lists.= > cistron.nl</A>=20 > </DIV> > <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Tuesday, February 26, = > 2002 5:27=20 > AM</DIV> > <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> Re: stripped-user-name = > > woes</DIV> > <DIV><BR></DIV>If you setup a hint for example:=20 > <P>DEFAULT Suffix =3D "@somedomain.com"", Strip-User-Name =3D Yes=20 > <BR> Hint =3D SMDM=20 > <P>Then there will be a stripped user name <BR> =20 > <P>And if in your sql.conf you say here: <BR> =20 > <P> # ^^^ --That doesn't = > work=20 > because someone screwed up decode_attribute()=20 > <BR> sql_user_name =3D=20 > "%{Stripped-User-Name}"; = > <BR> =20 > #sql_user_name =3D "%{User-Name}"<B></B>=20 > <P>Then it should work.=20 > <P>Or you can match up against the full username, putting = > [EMAIL PROTECTED]=20 > in the radcheck database.=20 > <P>Or you could change the sql queries in sql.conf to tune for = > behavior you=20 > find more apropriate.=20 > <P>I have tried (briefly) to get radcheck to work against Hints to, = > but =20 > I gave up rather quickly. <BR> =20 > <P>Vector wrote:=20 > <BLOCKQUOTE TYPE=3D"CITE">I posted a whole message about this on = > Friday or=20 > Saturday and had no <BR>response, after running radiusd/rlm_sql = > module=20 > through gdb and seeing what <BR>it actually does, it's starting to = > make some=20 > sense. I'm using freeradius <BR>latest CVS snapshot with = > MySQL.. =20 > Forgive my ignorance. I'm a veteran <BR>programmer but new to = > radius.=20 > <P>I have a single entry in radcheck: <BR>id =3D 1, UserName =3D = > testuser,=20 > Attribute =3D Password, Value =3D testpass, op =3D <BR><blank> = > > <P>All other tables empty. Justing testuser everything is = > fine. =20 > Using <BR>[EMAIL PROTECTED] fails. Must there be a realm = > for=20 > stripped-user-name <BR>to work properly? I would have thought = > it would=20 > strip everything after and <BR>including the @ symbol even without a = > > realm. Thanks,=20 > <P>vec=20 > <P>- <BR>List info/subscribe/unsubscribe? See <A=20 > = > href=3D"http://www.freeradius.org/list/users.html";>http://www.freeradius.= > org/list/users.html</A></P></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML> > > ------=_NextPart_000_0115_01C1BE9A.018021A0-- > > > > --__--__-- > > Message: 10 > From: Mattias Eriksson <[EMAIL PROTECTED]> > To: "'[EMAIL PROTECTED]'" > <[EMAIL PROTECTED]>, > "'[EMAIL PROTECTED]'" > <[EMAIL PROTECTED]> > Subject: RE: Free PPPoE server > Date: Tue, 26 Feb 2002 15:50:37 +0100 > Reply-To: [EMAIL PROTECTED] > > Hi, > > There is pppoed included with freebsd, and it works with radius (or pppoed > uses ppp, wich I think supports radius). > > Regards, > > Mattias Eriksson > > > -----Original Message----- > > From: SY Meta [mailto: > > Sent: den 26 februari 2002 15:24 > > To: [EMAIL PROTECTED] > > Subject: Free PPPoE server > > > > > > Hi, > > > > Does anyone of you know one free pppoe server that > > authenticates against radius? > > > > I cannot find a free one. :( > > > > Cheers, > > > > Meta > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > --__--__-- > > Message: 11 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: What happened to CHAP? > <[EMAIL PROTECTED]> > Date: Tue, 26 Feb 2002 10:27:51 -0500 > Reply-To: [EMAIL PROTECTED] > > Darkshot <[EMAIL PROTECTED]> wrote: > > In short, I'm using CHAP on Max 4K and 6K boxes and in trying to get > > freeradius to work, I get the: > > > > Auth: rlm_unix: Attribute "Password" is required for authentication. > > Cannot use "CHAP-Password". > > You can't use CHAP on /etc/passwd. See the FAQ. > > > I see in the radiusd.conf that a module is needed, but it looks as if > > it must be created from scratch- > > No. Read the FAQ. > > > Received Access-Reject packet from 127.0.0.1 with invalid signature! > > Your shared secret is wrong. Fix it. > > Alan DeKok. > > > --__--__-- > > Message: 12 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: stripped-user-name woes > <008201c1be8b$6638bad0$[EMAIL PROTECTED]> > Date: Tue, 26 Feb 2002 10:29:09 -0500 > Reply-To: [EMAIL PROTECTED] > > "Vector" <[EMAIL PROTECTED]> wrote: > > All other tables empty. Justing testuser everything is fine. Using > > [EMAIL PROTECTED] fails. Must there be a realm for stripped-user-name > > to work properly? I would have thought it would strip everything after and > > including the @ symbol even without a realm. Thanks, > > Uh, no. You've got to *tell* it to do that. > > Alan DeKok. > > > --__--__-- > > Message: 13 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Logging failed requests (Options -y -z) > <A1192030A824D311AADA00508B2C875D02094570@MACNT12> > Date: Tue, 26 Feb 2002 10:30:27 -0500 > Reply-To: [EMAIL PROTECTED] > > "Esken, Christian, VP-TS, CE" <[EMAIL PROTECTED]> wrote: > > I start radiusd like this: > > > > radiusd -yz -d /opt/radius/radius1 -p 1645 > > > > Giving the options -y and -z I would think auth errors would be logged to > > the file radius.log in directory > > ... > > Don't use command line options other than '-d'. All of the others > can be set in the configuration file. > > So edit the configuration file. It will probably work. > > Alan DeKok. > > > --__--__-- > > Message: 14 > From: "Alan DeKok" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Muilti Password file! > <004401c1bece$3aa2c210$01000001@ibm> > Date: Tue, 26 Feb 2002 10:33:18 -0500 > Reply-To: [EMAIL PROTECTED] > > "Connie Liu" <[EMAIL PROTECTED]> wrote: > > E.g. username@marketing will check the file = > > "password.marketing" > > username@sales will check the file = > > "password.sales" > > > > Note: It is not radius User file, it is standard UNIX password file! > > > > How can I do that! > > Upgrade to the latest CVS snapshot. Configure multiple instance of > the 'unix' module. You can have multiple password files. > > unix sales { > passwd = /etc/passwd.sales > } > > unix marketing { > passwd = /etc/passwd.marketing > } > > > Then list both 'sales' and 'marketing' in the 'authenticate' > section. Set LOCAL realms for '@marketing' and '@sales', and in the > 'users' file, do: > > DEFAULT Realm == "marketing", Auth-Type := marketing > Fall-Through = Yes > > DEFAULT Realm == "sales", Auth-Type := sales > Fall-Through = Yes > > > Alan DeKok. > > > > --__--__-- > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest- > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
