From: "Burton, Steven" <[EMAIL PROTECTED]>
>I'd seen that. What I was trying to do (unsuccessfully 'cos I'm ignorant) was to try to find out what triggers ntlm_auth to run. Is there something in another file that sets this up?
Your authorise and authenticate sections define what modules are called. Ergo, if you don't have a LDAP call in both, it doesn't do the authorise (can the user dial up?) or authenicate (are the credentials right).
I've got a sanitised set on config I can send you, you don't need to do all that "nt_hack" skull hackery, mine is working pretty much OK out of the box with 2 config changes.
Stephen Walsh
[EMAIL PROTECTED]
Client Support Officer (Technology)
Australian Catholic University (Limited)
PO Box 256, Dickson ACT 2602
Phone: +61 2 6209 1133
Fax: +61 2 6209 1179
Mobile: +61 419 496796
+++++++++++++++++++++++++++++++++++++++++++++++++
CRICOS Registration: 00004G, 00112C, 00873F, 00885B
ABN 15 050 192 660
+++++++++++++++++++++++++++++++++++++++++++++++++
[EMAIL PROTECTED] Sent by: [EMAIL PROTECTED] 12/04/2006 10:30 AM ZE2 Please respond to [email protected] |
To |
[email protected] |
cc |
||
bcc |
||
Subject |
Freeradius-Users Digest, Vol 12, Issue 49 | |
Send Freeradius-Users mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
- 1. group definitions in users file (ho)
2. Help, Chap problem ([EMAIL PROTECTED])
3. Re: group definitions in users file (Alan DeKok)
4. Regarding VLAN (radhika putty)
5. pam_radius_auth token user (Josh Restivo)
6. RE: How do I set up simple AD integration? (Burton, Steven)
7. different gateway for different users (Felice.pizzurro)
8. Accessing REQUEST structure data outside FreeRADIUS module
(Nicolas Castel)
9. Accessing REQUEST structure data outside FreeRADIUS module
- (Nicolas Castel)
Message: 1
Date: Tue, 11 Apr 2006 21:56:57 +0200
From: "ho" <[EMAIL PROTECTED]>
Subject: group definitions in users file
To: "FreeRadius users mailing list"
<[email protected]>
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; format=flowed; charset="iso-8859-1";
reply-type=original
Hi folks,
my environment:
I do AAA with freeradius as a radius-proxy in combination with ms-ias (only
for the passwords ;-) )for cisco asa 5540-box, which is similar to a cisco
pix firewall.
in the future we have many, many entries for users with the same
Cisco-AVPairs
USER1 Proxy-To-Realm := IAS
Service-Type = Framed-User,
Framed-Protocoll = PPP,
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq domain",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq domain",
Cisco-AVPair += "ip:inacl# = permit tcp any host A.B.C.D eq 264",
Cisco-AVPair += "ip:inacl# = permit tcp any host A.B.C.D eq 443",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq isakmp",
Cisco-AVPair += "ip:inacl# = permit udp any host A.B.C.D eq 2746",
Cisco-AVPair += "ip:inacl# = permit esp any host A.B.C.D",
Cisco-AVPair += "ip:inacl# = deny tcp any any",
Cisco-AVPair += "ip:inacl# = deny udp any any",
Fall-Through = 0
Is it possible to group the User entries and than give them the special
profile with the AVPairs?
If not, what could be another good workaround for this problem?
thanks
marco
------------------------------
Message: 2
Date: Tue, 11 Apr 2006 16:06:07 -0400
From: [EMAIL PROTECTED]
Subject: Help, Chap problem
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="ISO-8859-15"
Hello:
I have this problem, i get this message in the log:
"Tue Apr 11 14:43:18 2006 : Auth: Login incorrect (rlm_chap: Clear text
password not available): [adexus/<CHAP-Password>] (from client 3com port
268443649 cli 0010-a484-6e7a)"
I set the users file as follow:
adexus Auth-Type := CHAP, User-Password == "adexus"
i configure the windows 2000 802.1x client how:
EAP type: MD5 challenge
Any idea
Saludos
Francisco Lagos
------------------------------
Message: 3
Date: Tue, 11 Apr 2006 16:46:15 -0400
From: "Alan DeKok" <[EMAIL PROTECTED]>
Subject: Re: group definitions in users file
To: FreeRadius users mailing list
<[email protected]>
Message-ID: <[EMAIL PROTECTED]>
"ho" <[EMAIL PROTECTED]> wrote:
> Is it possible to group the User entries and than give them the special
> profile with the AVPairs?
Yes. You can use Unix groups for this, or create your own groups.
See "man rlm_passwd" for an example of creating groups.
- Alan DeKok.
Message: 4
Date: Tue, 11 Apr 2006 20:57:53 -0700 (PDT)
From: radhika putty <[EMAIL PROTECTED]>
Subject: Regarding VLAN
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Hi
- I tried sending tunneling attributes from Radius server and it shows sending those tunneling attributes.. But the access point doesnt seem to understand it anyway. I had configured both the access point and the switch for this.. What can be the problem
Yahoo! Messenger with Voice. PC-to-Phone calls for ridiculously low rates.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://list.xs4all.nl/pipermail/freeradius-users/attachments/20060411/c9140c84/attachment-0001.html
------------------------------
Message: 5
Date: Wed, 12 Apr 2006 00:05:52 -0500
From: Josh Restivo <[EMAIL PROTECTED]>
Subject: pam_radius_auth token user
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
This question appears in various forums time and time again though I've yet to
discover a solution for it under linux. It *must* be a common issue....
The need exists to map users who are successfully authenticated via
pam_radius_auth and who do not have a local account to a default 'token
user'. FreeBSD's radius/pam module has a simple and obvious 'template_user'
directive that suits this precise purpose well. Linux pam_radius_auth lacks
this feature.
Deploying centralized authentication only to require that all other user info
be manually configured on each and every device anyway doesn't make any
sense. Nor should it involve a full-blown and often unwieldy NIS (or similar)
infrastructure to function. Surely I'm overlooking something.
------------------------------
Message: 6
Date: Wed, 12 Apr 2006 08:46:12 +0100
From: "Burton, Steven" <[EMAIL PROTECTED]>
Subject: RE: How do I set up simple AD integration?
To: "FreeRadius users mailing list"
<[email protected]>
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
> -----Original Message-----
> From:
> [EMAIL PROTECTED]
> ists.freer
> adius.org
> [mailto:freeradius-users-bounces+sburton=shepherd-construction
> [EMAIL PROTECTED]
> ts.freeradius.org]On Behalf Of King, Michael
> Sent: 11 April 2006 16:34
> To: FreeRadius users mailing list
> Subject: RE: How do I set up simple AD integration?
>
>
> You would still need with_ntdomain_hack = yes
>
> But that isn't your actual problem.
>
> It never called ntlm_auth
>
I'd seen that. What I was trying to do (unsuccessfully 'cos I'm ignorant) was to try to find out what triggers ntlm_auth to run. Is there something in another file that sets this up?
Steve.
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
------------------------------
Message: 7
Date: Wed, 12 Apr 2006 10:00:06 +0200
From: "Felice.pizzurro" <[EMAIL PROTECTED]>
Subject: different gateway for different users
To: [email protected]
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="iso-8859-1"
Hi,
I have freeradius AAA server with mysql.
I have 3 gateway, is possible to assign (statically at this time) different
gataway at different users?
thanks,
Felice
--
Computers are like air conditioners: they stop work properly when you open
Windows...
--
Email.it, the professional e-mail, gratis per te: http://www.email.it/f
Sponsor:
America, Africa, Australia, Asia...con Email Phone Card chiami ovunque
spendendo meno di una telefonata interurbana
Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2688&d=20060412
------------------------------
Message: 8
Date: Wed, 12 Apr 2006 10:12:41 +0200
From: "Nicolas Castel" <[EMAIL PROTECTED]>
Subject: Accessing REQUEST structure data outside FreeRADIUS module
To: [email protected]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Hello and thanks for replies
I'm using FreeRADIUS v1.1.0. I'm developping some modules and I try to
access auth_req structure (REQUEST) data from an external function (out of
my module) and it fails. All works fine when accessing this data from the
module itself but when i call an external function with the address of
REQUEST, it doesn't work.
Code which works
/***********************************************************************/
static int wcp_lt_vms_authorize(void *pt_instance, REQUEST *pt_request) {
VALUE_PAIR *lpt_value_pair = NULL;
...
if ((lpt_value_pair = pairfind(pt_request->packet->vps, PW_USER_NAME)) ==
NULL ) {
WCP_DEBUG("User-Name not found !");
} else {
- WCP_DEBUG("RADIUS attribute name %s, value: [%s]",
lpt_value_pair->name,
}
...
}
/***********************************************************************/
This works fine, when the server receive a request
Tue Apr 11 16:05:03 2006 : wcp_lt_vms_authorize: RADIUS attribute name
User-Name, value: [330001]
The problem comes when doing the same thing but by calling a function.
/***********************************************************************/
static int wcp_lt_vms_authorize(void *pt_instance, REQUEST *pt_request) {
...
lib_com_filter_traffic(pt_request);
...
}
/***********************************************************************/
and in anotherfile, lib_com.c
int lib_com_filter_traffic(REQUEST *pt_request) {
VALUE_PAIR *lpt_value_pair = NULL;
...
if ((lpt_value_pair = pairfind(pt_request->packet->vps, PW_USER_NAME)) ==
NULL ) {
WCP_DEBUG("User-Name not found !");
} else {
- WCP_DEBUG("RADIUS attribute name %s, value: [%s]",
lpt_value_pair->name,
}
/***********************************************************************/
This doesn't work. when receiving one request, FreeRADIUS takes a lot of
processor time and then the server crashes.
Tue Apr 11 17:00:30 2006 : Error: WARNING: Unresponsive child (id 3) for
request 0
I don't understand why all works when accessing REQUEST data inside the
module and not in the lib function. It's like the lib can't accessed to this
memory.
Any help would be appreciated.
------------------------------
Message: 9
Date: Wed, 12 Apr 2006 10:22:13 +0200
From: "Nicolas Castel" <[EMAIL PROTECTED]>
Subject: Accessing REQUEST structure data outside FreeRADIUS module
To: [email protected]
Message-ID:
<[EMAIL PROTECTED]>
Content-Type: text/plain; charset=ISO-8859-1
Hello and thanks for replies
I'm using FreeRADIUS v1.1.0. I'm developping some modules and I try to
access auth_req structure (REQUEST) data from an external function (out of
my module) and it fails. All works fine when accessing this data from the
module itself but when i call an external function with the address of
REQUEST, it doesn't work.
Code which works
/***********************************************************************/
static int wcp_lt_vms_authorize(void *pt_instance, REQUEST *pt_request) {
VALUE_PAIR *lpt_value_pair = NULL;
...
if ((lpt_value_pair = pairfind(pt_request->packet->vps, PW_USER_NAME)) ==
NULL ) {
WCP_DEBUG("User-Name not found !");
} else {
WCP_DEBUG("RADIUS attribute name %s, value: [%s]",
- lpt_value_pair->name,
lpt_value_pair->strvalue);
...
}
/***********************************************************************/
This works fine, when the server receive a request
Tue Apr 11 16:05:03 2006 : wcp_lt_vms_authorize: RADIUS attribute name
User-Name, value: [330001]
The problem comes when doing the same thing but by calling a function.
/***********************************************************************/
static int wcp_lt_vms_authorize(void *pt_instance, REQUEST *pt_request) {
...
lib_com_filter_traffic(pt_request);
...
}
/***********************************************************************/
and in anotherfile, lib_com.c
int lib_com_filter_traffic(REQUEST *pt_request) {
VALUE_PAIR *lpt_value_pair = NULL;
...
if ((lpt_value_pair = pairfind(pt_request->packet->vps, PW_USER_NAME)) ==
NULL ) {
WCP_DEBUG("User-Name not found !");
} else {
WCP_DEBUG("RADIUS attribute name %s, value: [%s]",
- lpt_value_pair->name,
lpt_value_pair->strvalue);
/***********************************************************************/
This doesn't work. when receiving one request, FreeRADIUS takes a lot of
processor time and then the server crashes.
Tue Apr 11 17:00:30 2006 : Error: WARNING: Unresponsive child (id 3) for
request 0
I don't understand why all works when accessing REQUEST data inside the
module and not in the lib function. It's like the lib can't accessed to this
memory.
Any help would be appreciated.
------------------------------
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest, Vol 12, Issue 49
************************************************
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
