Hi Every One,
I am new to free radius. It is working fine for me. I
was just wondering how does "detail file
(/usr/local/var/log/radius/radaact/ip/detail)" works in free radius. I mean
does it gives us stats on daily basis or weekly basis, is it written over
daily or weekly or does it keeps the record since the radius is installed? I
have software that imports detail file once a month and make stats out of
it. I was wondering if detail file is getting written over every day if yes
then how will we make monthly stats. I also have downloaded the "radacct"
script from the "related software" which is working pretty well for me, but
this script is also providing me the stats since the day I have installed
the script nothing before that.
Kindly guide me about he working of " detail" file. And yes I installed
demon tools they worked fine for two weeks and then died so I am not using
them anymore but the "Killscript.sh" is working pretty well for me.
regards,
IQ
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, April 05, 2002 11:42 PM
Subject: Freeradius-Users digest, Vol 1 #624 - 8 msgs
> Send Freeradius-Users mailing list submissions to
> [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.cistron.nl/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. how to validate (Takemura Kiyoaki)
> 2. Re: freeradius and mysql (Nicolas)
> 3. Using Radius for Mac Auth. with Wireless Internet. (Stephan Viljoen)
> 4. Authenticate with Windows NT domain (Joga Singh)
> 5. error when using freeradius with mysl authentication (Dirk
Tanneberger)
> 6. Fw: Using Radius for Mac Auth. with Wireless Internet. (Stephan
Viljoen)
> 7. rlm_sql_postgresql problem in FR 0.5+ (Timophey)
> 8. FreeRADIUS and PAM (McNutt, Justin M.)
>
> --__--__--
>
> Message: 1
> Date: Fri, 05 Apr 2002 16:03:15 +0900
> From: Takemura Kiyoaki <[EMAIL PROTECTED]>
> Organization: Kochi University
> To: [EMAIL PROTECTED]
> Subject: how to validate
> Reply-To: [EMAIL PROTECTED]
>
>
> Hi,all.
>
> We are in trouble with seeting up freeradius0.5 on solaris8.
> Every connection became rejected as "invalid password"
> (radius log below)
>
> Fri Apr 5 14:48:30 2002 : Info: Listening on IP address
> 133.97.XXX.XXX ports 1645/udp and 1646/udp.
> Fri Apr 5 14:48:30 2002 : Info: Ready to process requests.
> Fri Apr 5 14:54:53 2002 : Auth: rlm_unix: [takemura]: invalid password
> Fri Apr 5 14:54:58 2002 : Info: Sending duplicate authentication reply
> to client ppp1-gw1:1645 - ID: 124
> Fri Apr 5 14:54:58 2002 : Auth: rlm_unix: [takemura]: invalid password
> Fri Apr 5 14:55:51 2002 : Auth: rlm_unix: [takemura]: invalid password
> Fri Apr 5 14:55:56 2002 : Info: Sending duplicate authentication reply
> to client ppp1-gw1:1645 - ID: 126
>
>
> We use NIS password(no shadow file type).
> This is an output between site radiusd.conf and the original one.
>
> < bind_address = 133.97.XXX.XXX
> ---
> > bind_address = *
> 186c185
> < port = 1645
> ---
> > port = 0
> 334,335c333,334
> < proxy_requests = no
> < # $INCLUDE ${confdir}/proxy.conf
> ---
> > proxy_requests = yes
> > $INCLUDE ${confdir}/proxy.conf
> 437c436
> < cache = no
> ---
> > cache = yes
> 440c439
> < # cache_reload = 600
> ---
> > cache_reload = 600
> 454,456c453,455
> < passwd = /var/nis/passwd
> < # shadow = /etc/shadow
> < group = /var/nis/group
> ---
> > passwd = /etc/passwd
> > # shadow = /etc/shadow
> > group = /etc/group
>
>
>
> Debug mode output is
> /usr/local/sbin/radiusd -xxyz -l stdout
> Starting - reading configuration files ...
> reread_config: reading radiusd.conf
> Config: including file: /usr/local/etc/raddb/clients.conf
> Config: including file: /usr/local/etc/raddb/snmp.conf
> Config: including file: /usr/local/etc/raddb/sql.conf
> main: prefix = "/usr/local"
> main: localstatedir = "/usr/local/var"
> main: logdir = "/usr/local/var/log/radius"
> main: libdir = "/usr/local/lib"
> main: radacctdir = "/usr/local/var/log/radius/radacct"
> main: hostname_lookups = no
> read_config_files: reading dictionary
> read_config_files: reading clients
> read_config_files: reading realms
> read_config_files: reading naslist
> main: max_request_time = 30
> main: cleanup_delay = 5
> main: max_requests = 1024
> main: delete_blocked_requests = 0
> main: port = 1645
> main: allow_core_dumps = no
> main: log_stripped_names = no
> main: log_auth = no
> main: log_auth_badpass = no
> main: log_auth_goodpass = no
> main: pidfile = "/usr/local/var/run/radiusd.pid"
> main: bind_address = 133.97.XXX.XXX IP address [133.97.XXX.XXX]
> main: user = "root"
> main: group = "root"
> main: usercollide = no
> main: lower_user = "no"
> main: lower_pass = "no"
> main: nospace_user = "no"
> main: nospace_pass = "no"
> main: proxy_requests = no
> security: max_attributes = 200
> security: reject_delay = 1
> main: debug_level = 0
> read_config_files: entering modules setup
> Module: Library search path is /usr/local/lib
> Module: Loaded System
> unix: cache = no
> unix: passwd = "/var/nis/passwd"
> unix: shadow = "(null)"
> unix: group = "/var/nis/group"
> unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
> unix: usegroup = no
> unix: cache_reload = 600
> Module: Instantiated unix (unix)
> Module: Loaded preprocess
> preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
> preprocess: hints = "/usr/local/etc/raddb/hints"
> preprocess: with_ascend_hack = no
> preprocess: ascend_channels_per_line = 23
> preprocess: with_ntdomain_hack = no
> preprocess: with_specialix_jetstream_hack = no
> preprocess: with_cisco_vsa_hack = no
> Module: Instantiated preprocess (preprocess)
> Module: Loaded realm
> realm: format = "suffix"
> realm: delimiter = "@"
> Module: Instantiated realm (suffix)
> Module: Loaded files
> files: usersfile = "/usr/local/etc/raddb/users"
> files: acctusersfile = "/usr/local/etc/raddb/acct_users"
> files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded detail
> detail: detailfile =
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/de
> tail"
> detail: detailperm = 384
> detail: dirperm = 493
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
> radutmp: filename = "/usr/local/var/log/radius/radutmp"
> radutmp: username = "%{User-Name}"
> radutmp: perm = 384
> radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Initializing the thread pool...
> thread: start_servers = 5
> thread: max_servers = 32
> thread: min_spare_servers = 3
> thread: max_spare_servers = 10
> thread: max_requests_per_server = 0
> thread: cleanup_delay = 5
> Thread spawned new child 1. Total threads in pool: 1
> Thread spawned new child 2. Total threads in pool: 2
> Thread 1 waiting to be assigned a request
> Thread spawned new child 3. Total threads in pool: 3
> Thread spawned new child 4. Total threads in pool: 4
> Thread spawned new child 5. Total threads in pool: 5
> Listening on IP address 133.97.XXX.XXX, ports 1645/udp and 1646/udp.
> Ready to process requests.
> Thread 2 waiting to be assigned a request
> Thread 3 waiting to be assigned a request
> Thread 4 waiting to be assigned a request
> Thread 5 waiting to be assigned a request
> rad_recv: Access-Request packet from host 133.97.YYY.YYY:1645, id=132,
> length=75
> Thread 1 assigned request 0
> --- Walking the entire request list ---
> Threads: total/active/spare threads = 5/1/4
> Nothing to do. Sleeping until we see a request.
> Thread 1 handling request 0, (1 handled so far)
> NAS-IP-Address = 133.97.YYY.YYY
> NAS-Port = 48
> NAS-Port-Type = Async
> User-Name = "xxxxxx"
> User-Password = "\XXXXXXXXXXXXXXXX"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> modcall: entering group authorize
> modcall[authorize]: module "preprocess" returns ok
> modcall[authorize]: module "suffix" returns ok
> users: Matched DEFAULT at 152
> users: Matched DEFAULT at 171
> users: Matched DEFAULT at 183
> modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok
> rad_check_password: Found Auth-Type System
> auth: type "System"
> modcall: entering group authenticate
> rlm_unix: [xxxxxx]: invalid password
> modcall[authenticate]: module "unix" returns reject
> modcall: group authenticate returns reject
> auth: Failed to validate the user.
> WARNING: Unprintable characters in the password. ? Double-check the
> shared secret on the server and the NAS!
> Delaying request 0 for 1 seconds
> Finished request 0
> Going to the next request
>
>
>
> Of course this password is a correct password!
> If you have any idea, please teach us, thanks.
>
>
> -----
> Kiyoaki Takemura
> Kochi University
>
>
>
> --__--__--
>
> Message: 2
> From: "Nicolas" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Re: freeradius and mysql
> Date: Fri, 5 Apr 2002 11:03:17 +0400
> charset="iso-8859-1"
> Reply-To: [EMAIL PROTECTED]
>
> I have the same problem concerning clients.conf, you should use "clients"
> also, for me it works !
>
> concerning your accounting pb, it's probably the same reason: unknown NAS,
> are you Full-Debugging ?
>
> Nicolas
> ----- Original Message -----
> From: "tywe" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, April 05, 2002 12:21 AM
> Subject: Re: freeradius and mysql
>
>
> > Ya, I don't know much about that file either. I just made an entry that
> > looked about like the default one, and added it below the default one:
> >
> > client 1.2.3.4 {
> > secret = testing123
> > shortname = anyname
> > }
> >
> > And it seemed to work. It's kind of weird though, because the logs show
> the
> > correct shortname sometimes, but then other times, it says UNKNOWN-NAS,
> but
> > still processes the request anyways. Haven't quite nailed down what is
> > causing this yet.
> >
> > And I think my accounting problem (no accounting records) might be due
to
> me
> > using radtest right now. I think I might have to use radclient to
actually
> > see the accounting kick in. Not sure though, but I'll let you know how
it
> > goes.
> >
> > Frank
> >
> > ----- Original Message -----
> > From: "Juan Hernandez" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Thursday, April 04, 2002 2:27 PM
> > Subject: Re: freeradius and mysql
> >
> >
> > > the only problem I am having is I dont understand the clients.conf, is
> > there
> > > a site that explains it, and etc.
> > > ----- Original Message -----
> > > From: "tywe" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
> > > Sent: Thursday, April 04, 2002 9:41 AM
> > > Subject: Re: freeradius and mysql
> > >
> > >
> > > > I guess so, but we can also do it on the list too so that others may
> > > benefit
> > > > in the future?
> > > >
> > > > Anyhow, I mainly just followed the instructions at:
> > > > http://www.frontios.com/freeradius.html
> > > >
> > > > I had to install the MySQL-devel rpm before I did anything. The only
> > thing
> > > I
> > > > had to do different than what it says is that I had to remove "sql"
> from
> > > the
> > > > authenticate section and put it back into the authorize section,
even
> > > though
> > > > the above website said to do the opposite.
> > > >
> > > > The only thing I'm a little stuck on right now is the accounting
> stuff.
> > I
> > > > added sql to the accounting section, but I don't see anything
showing
> up
> > > in
> > > > the mySQL tables, or even anything in the /var/log/radius/radacct
> > folder?
> > > I
> > > > do have all the logging turned on right now, and that is working,
> > because
> > > I
> > > > see a /var/log/radius/radius.log file, but I have no idea why
> accounting
> > > > isn't working. Anyone have any ideas? Let me know what info I should
> > post
> > > to
> > > > help figure this out?
> > > >
> > > > Anyhow, let me know what you are stuck on, and I'll try to help. I'm
> > > > definitely a newbie right now though, so don't be surprised if you
> > already
> > > > know more than me. :)
> > > >
> > > > Frank
> > > >
> > > > ----- Original Message -----
> > > > From: "Juan Hernandez" <[EMAIL PROTECTED]>
> > > > To: <[EMAIL PROTECTED]>
> > > > Sent: Thursday, April 04, 2002 12:10 PM
> > > > Subject: Re: freeradius and mysql
> > > >
> > > >
> > > > > hey could you and I discouse off list what you did with free
radius
> > and
> > > > > mysql?
> > > > > ----- Original Message -----
> > > > > From: "tywe" <[EMAIL PROTECTED]>
> > > > > To: <[EMAIL PROTECTED]>
> > > > > Sent: Thursday, April 04, 2002 12:55 AM
> > > > > Subject: Re: freeradius and mysql
> > > > >
> > > > >
> > > > > > Hi,
> > > > > >
> > > > > > Thanks to all for the help, I now have freeradius and mysql
> working
> > > > > together
> > > > > > quite nicely :)
> > > > > >
> > > > > > My only question: Is it normal to see "Info: Sending duplicate
> > > > > > authentication reply to client" whenever the request is
rejected?
> > > > > Everything
> > > > > > seems to work great, I was just wondering if that duplicate
> message
> > > was
> > > > > > anything to worry about or not.
> > > > > >
> > > > > > Thanks again!
> > > > > >
> > > > > > Frank
> > > > > >
> > > > > > ----- Original Message -----
> > > > > > From: "Nicolas" <[EMAIL PROTECTED]>
> > > > > > To: <[EMAIL PROTECTED]>
> > > > > > Sent: Thursday, April 04, 2002 1:50 AM
> > > > > > Subject: Re: freeradius and mysql
> > > > > >
> > > > > >
> > > > > > > To use Mysql, you'd better have to set the good directories
> during
> > > > > > Building
> > > > > > > process (./configure --with-mysql-lib=/usr/lib ....) then
> compile
> > > and
> > > > > > > install binaries.
> > > > > > >
> > > > > > > After that , take care to validate ld.so.conf with these
> > directories
> > > > in
> > > > > it
> > > > > > > and run ldconfig.
> > > > > > >
> > > > > > > Build your database in mysql (with the sql dump file, grant
> > > privileges
> > > > > to
> > > > > > > your user and fill in sql.conf) fill also clients.conf and
> clients
> > > and
> > > > > > > create a user in users in order to validate radiusd itself,
> after
> > > that
> > > > > > > create entries in radcheck table and test again with mysql.
You
> > > should
> > > > > > tune
> > > > > > > your radiusd.conf to validate the use of sql in auth and acct
> > > chapters
> > > > > > >
> > > > > > > Do some tests (radiusd -X)and come back
> > > > > > >
> > > > > > > Nicolas
> > > > > > > ----- Original Message -----
> > > > > > > From: "tywe" <[EMAIL PROTECTED]>
> > > > > > > To: <[EMAIL PROTECTED]>
> > > > > > > Sent: Thursday, April 04, 2002 5:20 AM
> > > > > > > Subject: Re: freeradius and mysql
> > > > > > >
> > > > > > >
> > > > > > > http://www.frontios.com/freeradius.html
> > > > > > >
> > > > > > > That's the only one I've came across so far. If anyone knows
of
> > > > others,
> > > > > > > please let us know. I'm trying to get this working right now
> too.
> > > > > > >
> > > > > > > Hope that helps!
> > > > > > >
> > > > > > > Frank
> > > > > > >
> > > > > > > ----- Original Message -----
> > > > > > > From: Juan Hernandez
> > > > > > > To: [EMAIL PROTECTED]
> > > > > > > Sent: Wednesday, April 03, 2002 7:37 PM
> > > > > > > Subject: freeradius and mysql
> > > > > > >
> > > > > > >
> > > > > > > I know freeradius has the ability to work with mysql, to
read
> > from
> > > a
> > > > > > mysql
> > > > > > > db, how do I configure it to do this?
> > > > > > > you dont have to tell me, I just need to get to a website
> that
> > > > > explains
> > > > > > > it. thanks for any help
> > > > > > >
> > > > > > > Juan
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > >
> > > > > > > -
> > > > > > > List info/subscribe/unsubscribe? See
> > > > > > http://www.freeradius.org/list/users.html
> > > > > >
> > > > > >
> > > > > >
> > > > > > -
> > > > > > List info/subscribe/unsubscribe? See
> > > > > http://www.freeradius.org/list/users.html
> > > > > >
> > > > >
> > > > >
> > > > > -
> > > > > List info/subscribe/unsubscribe? See
> > > > http://www.freeradius.org/list/users.html
> > > >
> > > >
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> > >
> >
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
>
> --__--__--
>
> Message: 3
> From: "Stephan Viljoen" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Using Radius for Mac Auth. with Wireless Internet.
> Date: Fri, 5 Apr 2002 09:58:01 +0200
> boundary="----=_NextPart_000_000D_01C1DC88.5F3E5CB0"
> Reply-To: [EMAIL PROTECTED]
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_000D_01C1DC88.5F3E5CB0
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Hi , I need to setup radius to authenticate an incomming connection VIA =
> Wireless
> on the incomming PC's Mac Adress. Is there a HOWTO or some documentation =
> laying
> around somewhere? I know how to auth. the incomming NAS but don't have =
> any idea what
> the User details should look like in radius it self.
>
> I'm using freeradius 0.3 with Mysql Authentication.
>
> Kind Regards
> Stephan
>
>
> ------=_NextPart_000_000D_01C1DC88.5F3E5CB0
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Diso-8859-1">
> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2>Hi , I need to setup radius to =
> authenticate an=20
> incomming connection VIA Wireless</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>on the incomming PC's Mac Adress. Is =
> there a HOWTO=20
> or some documentation laying</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>around somewhere? I know how to =
> auth. the=20
> incomming NAS but don't have any idea what</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>the User details should look like in =
> radius it=20
> self.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>I'm using freeradius 0.3 with Mysql=20
> Authentication.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>Kind Regards</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2> Stephan</FONT></DIV>
> <DIV> </DIV></BODY></HTML>
>
> ------=_NextPart_000_000D_01C1DC88.5F3E5CB0--
>
>
>
> --__--__--
>
> Message: 4
> From: "Joga Singh" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Authenticate with Windows NT domain
> Date: Fri, 5 Apr 2002 16:02:58 +0530
> boundary="----=_NextPart_000_002A_01C1DCBB.5B23EA40"
> Reply-To: [EMAIL PROTECTED]
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_002A_01C1DCBB.5B23EA40
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> Hi,
> I am a newbie and trying to useFreeRadius 0.5
> =20
> How can I configure it to authenticate users with Windows NT domain ? I =
> =3D
> can't find any examples.
> =20
> One way I figured would be to use PAM.
> =20
> JS
>
>
> ------=_NextPart_000_002A_01C1DCBB.5B23EA40
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META content=3D"text/html; charset=3Diso-8859-1" =
> http-equiv=3DContent-Type>
> <META content=3D"MSHTML 5.00.2920.0" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2> Hi,<BR> I am a newbie and =
> trying to=20
> useFreeRadius 0.5<BR> <BR> How can I configure it to authenticate =
> users=20
> with Windows NT domain ? I =3D<BR> can't find any =
> examples.<BR> <BR> One=20
> way I figured would be to use PAM.<BR> <BR>=20
> JS<BR></FONT></DIV></BODY></HTML>
>
> ------=_NextPart_000_002A_01C1DCBB.5B23EA40--
>
>
>
> --__--__--
>
> Message: 5
> From: "Dirk Tanneberger" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: error when using freeradius with mysl authentication
> Date: Fri, 5 Apr 2002 12:50:27 +0200
> charset="iso-8859-1"
> Reply-To: [EMAIL PROTECTED]
>
> Hello all,
>
> I have installed freeradius on suse-linux 7.3 .
> I will use freeradius with mysql.
> The configuration is like http://www.frontios.com/freeradius.html .
> When I start the radiusdaemon, then the following error message is in
> radius.log:
> ****************
> Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Driver rlm_sql_mysql loaded and
linked
> Fri Apr 5 10:47:05 2002 : Info: rlm_sql: Attempting to connect to
root@localhost:/radius
> Fri Apr 5 10:47:05 2002 : Error: radiusd.conf: "SQL" modules aren't
allowed in 'authenticate' sections -- they have no such method.
> ****************
>
> Here is a part of my radiusd.conf:
> ****************
> authorize {
> preprocess
> # counter
> # attr_filter
> # eap
> suffix
> sql
> # files
> # mschap
> }
>
> authenticate {
> sql
> # pam
> # unix
> # ldap
> # mschap
> # eap
> }
>
> preacct {
> suffix
> # files
> preprocess
> }
>
> accounting {
> # acct_unique
> detail
> # counter
> unix
> sql
> radutmp
> # sradutmp
> }
>
>
> What is the problem? Can anybody help me?
>
> Thanks for answer.
>
> Dirk Tanneberger
>
>
>
> --__--__--
>
> Message: 6
> From: "Stephan Viljoen" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: Fw: Using Radius for Mac Auth. with Wireless Internet.
> Date: Fri, 5 Apr 2002 15:00:26 +0200
> boundary="----=_NextPart_000_001A_01C1DCB2.9EB2EC60"
> Reply-To: [EMAIL PROTECTED]
>
> This is a multi-part message in MIME format.
>
> ------=_NextPart_000_001A_01C1DCB2.9EB2EC60
> Content-Type: text/plain;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> I'm not sure if this message reached the list , if it did then I'm truly =
> sorry.
>
> Hi , I need to setup radius to authenticate an incomming connection VIA =
> Wireless
> on the incomming PC's Mac Adress. Is there a HOWTO or some documentation =
> laying
> around somewhere? I know how to auth. the incomming NAS but don't have =
> any idea what
> the User details should look like in radius it self.
>
> I'm using freeradius 0.3 with Mysql Authentication.
>
> Kind Regards
> Stephan
>
>
> ------=_NextPart_000_001A_01C1DCB2.9EB2EC60
> Content-Type: text/html;
> charset="iso-8859-1"
> Content-Transfer-Encoding: quoted-printable
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META http-equiv=3DContent-Type content=3D"text/html; =
> charset=3Diso-8859-1">
> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
> <STYLE></STYLE>
> </HEAD>
> <BODY bgColor=3D#ffffff>
> <DIV><FONT face=3DArial size=3D2>I'm not sure if this message reached =
> the list , if=20
> it did then I'm truly sorry.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>Hi , I need to setup radius to =
> authenticate an=20
> incomming connection VIA Wireless</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>on the incomming PC's Mac Adress. Is =
> there a HOWTO=20
> or some documentation laying</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>around somewhere? I know how to =
> auth. the=20
> incomming NAS but don't have any idea what</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2>the User details should look like in =
> radius it=20
> self.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>I'm using freeradius 0.3 with Mysql=20
> Authentication.</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2></FONT> </DIV>
> <DIV><FONT face=3DArial size=3D2>Kind Regards</FONT></DIV>
> <DIV><FONT face=3DArial size=3D2> Stephan</FONT></DIV>
> <DIV> </DIV></BODY></HTML>
>
> ------=_NextPart_000_001A_01C1DCB2.9EB2EC60--
>
>
>
> --__--__--
>
> Message: 7
> From: "Timophey" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Subject: rlm_sql_postgresql problem in FR 0.5+
> Date: Fri, 5 Apr 2002 19:16:42 +0600
> charset="koi8-r"
> Reply-To: [EMAIL PROTECTED]
>
> Hi all.
>
> I faced with a problem on FR 0.5:
>
> when using FR 0.4 I have my a single record for both Start and STOP
> accounting requests.
> Since I have changed to FR 0.5 my accounting records double with stop of
the
> session.
> I use PostgreSQL 7.1 as a DB engine.
> My sql.conf file has two SQL-entries for STOP packet:
accounting_stop_query
> and accounting_stop_query_alt. ( as asked in "manual")
> The description of sql.conf says that accounting_stop_query_alt is called
> when no rows affected during execution of accounting_stop_query.
> But logs say that both queries are run.
>
> here are SQL-queries from sql.conf
>
> accounting_stop_query = "UPDATE ${acct_table1} SET AcctStopTime = '%S',
> AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
> '%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
> AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
> '%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE
> AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
> NASIPAddress = '%{NAS-IP-Address}'"
>
> accounting_stop_query_alt = "INSERT into radacct (AcctSessionId,
> AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType,
> AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
> ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
> CalledStationId, CallingStationId, AcctTerminateCause, ServiceType,
> FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay)
> values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
> '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', CASE WHEN
> '%{NAS-Port-Id}'='' then 0 else '%{NAS-Port-Id}' end, '%{NAS-Port-Type}',
> '2000-01-01 00:00:00', '%S', '%{Acct-Session-Time}', '%{Acct-Authentic}',
> '', '%{Connect-Info}', '%{Acct-Input-Octets}', '%{Acct-Output-Octets}',
> '%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}',
> '%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}', '0',
> '%{Acct-Delay-Time}')"
>
> and here are some logs:
>
> sql_set_user: escaped user --> 'kern'
> radius_xlat: 'UPDATE radacct SET AcctStopTime = '2002-04-05 17:43:29',
> AcctSessionTime = '4969', AcctInputOctets = '5398', AcctOutputOctets =
> '5400', AcctTerminateCause = 'User-Request', AcctStopDelay = '0',
> ConnectInfo_stop = '' WHERE AcctSessionId = '00000037' AND UserName =
'kern'
> AND NASIPAddress = '10.0.0.1''
> rlm_sql: Reserving sql socket id: 4
> query: UPDATE radacct SET AcctStopTime = '2002-04-05 17:43:29',
> AcctSessionTime = '4969', AcctInputOctets = '5398', AcctOutputOctets =
> '5400', AcctTerminateCause = 'User-Request', AcctStopDelay = '0',
> ConnectInfo_stop = '' WHERE AcctSessionId = '00000037' AND UserName =
'kern'
> AND NASIPAddress = '10.0.0.1'
> rlm_postgresql Status: PGRES_COMMAND_OK
> sql_postgresql: affected rows = 1
> radius_xlat: 'INSERT into radacct (AcctSessionId, AcctUniqueId, UserName,
> Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
> AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
> AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
> AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
> AcctStartDelay, AcctStopDelay) values('00000037', '438e097a903ed8eb',
> 'kern', '', '10.0.0.1', CASE WHEN '0'='' then 0 else '0' end, 'Virtual',
> '2000-01-01 00:00:00', '2002-04-05 17:43:29', '4969', 'RADIUS', '', '',
> '5398', '5400', '', '', 'User-Request', 'Framed-User', 'PPP',
> '192.168.10.4', '0', '0')'
> query: INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
> NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
> AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
> AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId,
> AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress,
> AcctStartDelay, AcctStopDelay) values('00000037', '438e097a903ed8eb',
> 'kern', '', '10.0.0.1', CASE WHEN '0'='' then 0 else '0' end, 'Virtual',
> '2000-01-01 00:00:00', '2002-04-05 17:43:29', '4969', 'RADIUS', '', '',
> '5398', '5400', '', '', 'User-Request', 'Framed-User', 'PPP',
> '192.168.10.4', '0', '0')
> rlm_postgresql Status: PGRES_COMMAND_OK
> sql_postgresql: affected rows = 1
>
> As shown, the first query is accounting_stop_query. The amount of affected
> rows is 1, but FR continues with accounting_stop_query_alt.
>
> I have compiled and installed rlm_postgresql module from FR 0.4 and the
> problem disappears. Therefore I decided that the problem is in
> rlm_sql_postgresql.
>
> I have tried several CVSs, but the *probable* bug is still alive.
>
> Thanx,
> Timophey.
>
>
>
>
>
> --__--__--
>
> Message: 8
> charset="iso-8859-1"
> Subject: FreeRADIUS and PAM
> Date: Fri, 5 Apr 2002 07:40:01 -0600
> From: "McNutt, Justin M." <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
>
> Okay, got a new coupla quandaries with FreeRADIUS 0.5 and Linux-PAM =
> 0.75:
>
> 1) FreeRADIUS refuses to authenticate any user who does not have an =
> account on the local workstation. This user, for instance, cannot =
> authenticate:
>
> guestm Auth-Type :=3D Pam
> Service-Type =3D Administrative-User,
> Fall-Through =3D No
>
> Here is /etc/pam.d/radiusd (for reference):
>
> #%PAM-1.0
> auth sufficient /usr/pam/lib/security/pam_krb5.so
> auth required /usr/pam/lib/security/pam_unix.so
>
> Testing with other services (httpd, sshd) shows that Kerberos and =
> pam_krb5.so are working properly. Cistron RADIUS 1.6.4 did not have =
> this problem.
>
> 2) There is some difference between the way FreeRADIUS 0.5 and Cistron =
> RADIUS 1.6.4 respond when there is no user in the raddb/users file to =
> match an authentication request (and there is no default). A BayStack =
> 450 switch will allow you to enable "RADIUS Password Fallback", which =
> means that if RADIUS fails, it will check to see if the user entered the =
> locally-configured password.
>
> With Cistron RADIUS, this works. No matter what user name is used, if I =
> enter the locally-configured password for the switch I can gain access. =
> However with FreeRADIUS 0.5, the BayStack says "Querying RADIUS =
> server..." and waits forever.
>
> I'm going to try to get some packet captures of this to see what's going =
> on in more detail, but I wondered if anyone had any experiences with the =
> BayStacks or had any other ideas that occurred to them immediately that =
> might be useful.
>
> Thanks!
>
> Justin McNutt
> Network Systems Analyst - Expert
> DNPS, Mizzou Telecom
> (573) 882-5183
>
> One IP to rule them all, one IP to find them,
> One IP to bring them all, and in the darkness BIND them,
> In the land of Ether, where the packets fly.
>
>
>
>
>
> --__--__--
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest-
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
