RE: Multiple Accounting in Radacct
Hi all. Thanks for your reply gunther. Can you explain a bit of what might happen when radius start duplicating/recording/receiving the same user information 3 times in a row and some cases might be more, maximum i got is 7 times in mysql database. what brings u to that solution? Or is there anyone else who got similar problems before? user get connection but recorded until 7 times within 40 seconds! Is this come from NAS or radius server conifguration or MySQL? Thanks to all. Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple Accounting in Radacct
Hi all. My radius server records to mysql database for every single user session for 3 times in three rows. similar records for 1 single user but the different is in mil.sec. What configuration in freeradius might done this? Is this because the NAS or th radius server? Thanks for any help. Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy request problem
Hi all. I'm using FR on FC4 and FC2, MySQL and NTRADPING to test user AAA process. I wanna test user authentication for realm/proxy setup. There are some question: 1. Do i need to place the additional realm/proxy server section after the LOCAL or before it in proxy.conf? 2. I used IPAddrs instead of name.domain.com in there. does it have any effect on the proxying process? 3. is the order of clients in clients.conf matter for proxy setup?eg- localhost first and then the other realm IP (again I used IPAddrs instead of name) 4. What is the actual flow of proxy request in FR if i used MySQL instead of users file? user request->autho module->realm module->proxy.conf->remote poxy server->remote/proxy sql server->response->local server->users 5. how the server diferentiate proxy request from a local request for a user? from current local access server? situation: from NTradping using port 1814 ! sending authentication request with remote server's username, password which stored in remote server's sql. Database. is this possible? 6. When I rcvd this message from local server that suppose to send proxy request to the other realms/proxy: ::Ignoring request from unkwown home server 1a.1b.1c.1d what is the server doing? 7. Should I set 'no' to ignore_null and ignore_default at the suffix setting in radiusd.conf so it can pass the request other type of realm (because i used IP and not setting a name for all the proxy)? Thanks for any reply. Need an Idea to set and test proxy in-lab for now...if documentation available for such test or setup are most welcome. Rgds Do you Yahoo!? With a free 1 GB, there's more in store with Yahoo! Mail.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting With Nocat Failed
Hi all. I'm using Linux RedHat 8, installed with NoCAT authentication server and gateway operating in ONE machine. I'm using Mysql as Accounting server and database. RADIUS server and MySQL server operates within the same machine (but saperate machine from NOCAT). We are using Sun Sparc 5 with solaris 8 for RADIUS and MYSQL server. Configuration in radiusd.conf, sql.conf and clients.conf is checked many time. Seems to be no problem there. this is the connection I tried to explain. || |-| || |sun PC | |linux PC | || | Sol-8 | |RH8 | || |sparc5 | |NoCatAuth| | USER | |RADIUS+ |<--->|+ NoCat |<--->|| |MYSQL | |Gateway | || |Server | | | || || |-| || | | V MYSQL DB When we try to do the Authentication thru Nocat, The user get the Internet Access (from our test). Even the Post-auth table in mysql is filled with information. But for Accounting, the radacct table remains empty even Accounting config is settle earlier. From the debugging mode, It should be fine. My question is regarding the accounting packet. Is it lost? droped? not send by the Gateway/Nocat? How to know that there is a process at least showing that the server trying to received the accounting packet if it's suddenly lost, or the NAS trying to send the accounting packet to the radius? >From the previous setup, the Nocat authentication server is operating within the same machine with radius AAA server. After getting the proper patch setup, Accounting is successfully done, and recorded. But in this setup we are using linux PC for the RADIUS+mysql+NocatAuth server. Does anyone can give a clue why is this happen, base on those who works with Nocat+radius+Mysql Acct'ing, and Radius on Solaris environment before? Thanks in advanced for any help. Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin.crfon
Hi I try to run the script (dialup_admin.cron) to allow auto update the totacct and mtotacct table. But what happen is I still need to run the totacct and mtotacct script manually or the .cron script;daily, to make an update in my database. I disable some script such truncate radacct, clean radacct from executing. Do I miss something to get this auto upodate done? Thanks. __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Manip.pm can't be located??
When I try to run the log_badlogins script (perl log_badlogins) the following output appear: _ [EMAIL PROTECTED] bin]# perl log_badlogins Can't locate Date/Manip.pm in @INC (@INC contains: /usr/local/lib/perl5/5.8.6/i686-linux /usr/local/lib/perl5/5.8.6 /usr/local/lib/perl5/site_perl/5.8.6/i686-linux /usr/local/lib/perl5/site_perl/5.8.6 /usr/local/lib/perl5/site_perl .) at log_badlogins line 15. BEGIN failed--compilation aborted at log_badlogins line 15. Where is the @INC located? Manip.pm is already located at the /Date directory. I'm sure it is there. But what is the @INC and why its contain the path to some directories.What should this directory contain that make it used by the log_badlogin scripts? Please help. thanks in advanced. P/S-My totaccts and mtotaccts run successfully. thank you to any help on that. __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mtotacct+totacct+logbadlogin scripts not running
Hi I try to run mtotacct and totact scripts but these is what i get * DELETE FROM mtotacct WHERE AcctDate = '2005-03-01'; INSERT INTO mtotacct (UserName,AcctDate,ConnNum,ConnTotDuration, ConnMaxDuration,ConnMinDuration,InputOctets,OutputOctets,NASIPAddress) SELECT UserName,'2005-03-01',SUM(ConnNum),SUM(ConnTotDuration), MAX(ConnMaxDuration),MIN(ConnMinDuration),SUM(InputOctets), SUM(OutputOctets),NASIPAddress FROM totacct WHERE AcctDate >= '2005-03-01' AND AcctDate <= '2005-03-08' GROUP BY UserName,NASIPAddress; ERROR 1045: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) __ The user password in admin.conf had been entered as shown: sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: root sql_password: password sql_database: radius Or is there other file where I should specify the mysql password? When I try to run the log_badlogin scripts the following output produced: ### Malformed UTF-8 character (unexpected non-continuation byte 0x78, immediately after start byte 0xf3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488. Malformed UTF-8 character (unexpected non-continuation byte 0x78, immediately after start byte 0xf3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488. Malformed UTF-8 character (unexpected non-continuation byte 0x6c, immediately after start byte 0xfa) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6489. Malformed UTF-8 character (unexpected non-continuation byte 0x6c, immediately after start byte 0xfa) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6489. Malformed UTF-8 character (1 byte, need 3, after start byte 0xe3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6497. Malformed UTF-8 character (unexpected non-continuation byte 0x73, immediately after start byte 0xea) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6501. Could not open file ### What file it couldn't open? Is it Manip.pm?Do I need to restore the Manip.pm or anything else happen here? Is there any other way to run the scripts, allowing them automatically filling tables in the sql database? Appriciate any help. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mtotacct, totacct and badlogin scripts problem
Hi I try to run mtotacct and totact scripts but these is what i get _ DELETE FROM mtotacct WHERE AcctDate = '2005-03-01'; INSERT INTO mtotacct (UserName,AcctDate,ConnNum,ConnTotDuration, ConnMaxDuration,ConnMinDuration,InputOctets,OutputOctets,NASIPAddress) SELECT UserName,'2005-03-01',SUM(ConnNum),SUM(ConnTotDuration), MAX(ConnMaxDuration),MIN(ConnMinDuration),SUM(InputOctets), SUM(OutputOctets),NASIPAddress FROM totacct WHERE AcctDate >= '2005-03-01' AND AcctDate <= '2005-03-08' GROUP BY UserName,NASIPAddress; ERROR 1045: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) __ The user password in admin.conf had been entered as shown: sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: root sql_password: password sql_database: radius Or is there other file where I should specify the mysql password? When I try to run the log_badlogin scripts the following output produced: ### Malformed UTF-8 character (unexpected non-continuation byte 0x78, immediately after start byte 0xf3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488. Malformed UTF-8 character (unexpected non-continuation byte 0x78, immediately after start byte 0xf3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488. Malformed UTF-8 character (unexpected non-continuation byte 0x6c, immediately after start byte 0xfa) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6489. Malformed UTF-8 character (unexpected non-continuation byte 0x6c, immediately after start byte 0xfa) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6489. Malformed UTF-8 character (1 byte, need 3, after start byte 0xe3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6497. Malformed UTF-8 character (unexpected non-continuation byte 0x73, immediately after start byte 0xea) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6501. Could not open file ### What file it couldn't open? Do I need to restore the Manip.pm? Anything else happen here? Appriciate to any help. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password entry in dialup admin
Hi. When I entering the value for some user, with the admin.conf set to crypt, the value inserted in the db are encrypted. So when that new user try to login to the network, he get deny access message. so how can the ecryption can be a help avoiding the data to be exposed,at the same time allowing him to get the network access? How is the crypt,md5,clear in the dialup admin admin.conf file is set when we want the process of sending the data secured at the same time only particular or specified administrator responsible for that user can view and change the password at any time, and still secured? __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup-Admin-badusers, mtotacct & totacct table not filled.
Hi, My problem is at the dialup admin. I'm using NoCat Gateway as the Client and a linux PC's for my FR server. These three tables inside my MySQL db seems not filled. I try to run the log_badlogins scripts but it there is an error saying that sql binary file could not be found. From the admin.conf, the path is correct. The error message state : "..sql binary file not found. make sure $sqlcmd variable points to right location. " How to make the server to use the related scripts and write it in totacct table, mtotacct table and the badusers table? Which other file do I need to change to make the table filled during accounting process? Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius+Nocat
Hi To anyone who tried radius with Nocat gateway. In Nocat, there is a patch called RADIUS.pm that send the details of accounting information to the radius server. how ever, there is a problem where not all attribute that we need came out to the radacct table. Has anyone know how to make the RADIUS.pm patch compliant with RFC 2865, because of the missmatch some where in the codes of RADIUS.pm causing some AVP not available for radius accounting purposes. Thanks. __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC address in Radacct
Hi In my radacct table, under the calling station ID attribute field, I get this value. |CallingStationID | |00:04:75:FC:09:5A| >From what i get in the RFC 2865,this Attribute allows the NAS to send in the Access-Request packet the phone number that the call came from, using Automatic Number Identification (ANI) or similar technology.Is it suppose to be the phone number? Since what appear in my dialup admin accounting table, the attribute field are named callerID, and containing the same value (|00:04:75:FC:09:5A|).Can someone help to clarify me what is the difference between CallerID (in dialup admin) and CallingStationID (in the radacct table of mysql DB)? Another thing is there any ERD or any type of diagram that explain the operation of dialupadmin that I can refer? Thanks to all. __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password entry in dialup admin
Hi guys. When I entering the value for some user, with the admin.conf set to crypt, the value inserted in the db are encrypted. So when that new user try to login to the network, he get deny access message. so how can the ecryption can be a help avoiding the data to be exposed,at the same time allowing him to get the network access? How is the crypt,md5,clear in the dialup admin admin.conf file work? __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attributes Remain Empty in radacct
Hi RH 8 NoCat Gateway+NocatAuthserver on linux FR 1.0.* I have some problems with my accounting data. We let the radius server to write accounting data inside the detail log files. We use RADIUS.pm to add some attributes and get their values on accounting process, and it works but not for all. values like framedipaddress stop/startconnnectioninfo terminatecause NASportType calledstationid are still unavailable both in radacct and detail file. Do we need to enable any scripts through some configuration file to write it in radacct or detail log files? Some of these attr values are available in the other table in radius db (same db for radacct).Can just the value be returned from that table (radreply) as authentication get the return value for the framedIPaddress (eg)? >From the dictionary, some of the attributes have many value, and how is the value being recorded to radacct? Is it automatically detected (intelligently) by dedicated NAS machine (since I used Linux as my RADIUS client-NAS)??Some attributes have no value such as start/stopconnectioninfo, realm and calledstationID. Is this value need to be set in any files or scripts or configuration file? I search but for now can't find where...Help please.. below are the scripts of RADIUS.pm that had being altered. critical value that we try to get is the FramedIPAddress. ++ package NoCat::Accounting::RADIUS; use NoCat::Source; use Authen::Radius; use strict; use vars qw( @ISA @REQUIRED ); @ISA= qw( NoCat::Accounting ); @REQUIRED = qw( RADIUS_Host RADIUS_Secret ); sub radius { my ($self) = @_; unless ($self->{Radius}) { my $r; my $Hosts = $self->{RadiusHostsToUse}; if(! defined($Hosts)) { #This is really the first time through and I need to generate my list of servers $self->{RADIUS_Host} =~ s/,,/,/g; #just to eliminate any blank entries my(@Hosts) = split(/,/,$self->{RADIUS_Host}); if($self->{RADIUS_Order} && $self->{RADIUS_Order}) { #mix em up. my @TmpHosts; my %UsedHosts; for(my $i=0;$i <= $#Hosts; $i++) { my $TmpHost; while(! $TmpHost || ($TmpHost && $UsedHosts{$TmpHost})) { $TmpHost = $Hosts[int(rand($#Hosts + 1))]; last if ! $UsedHosts{$TmpHost}; } $UsedHosts{$TmpHost} = 1; $TmpHosts[$i] = $TmpHost; } @Hosts = @TmpHosts; } $self->{RadiusHostsToUse} = [EMAIL PROTECTED]; #List generated. } if($self->{RadiusHostsToUse}) { #go through servers one by one foreach my $Host (@{$self->{RadiusHostsToUse}}) { my $Secret = $self->{RADIUS_Secret} ? $self->{RADIUS_Secret} : ""; if($Host =~ s/\*(.*)$//) { $Secret = $1; } $self->log( 0, "Connecting to RADIUS server $Host with Timeout " . $self->{RADIUS_TimeOut} ); $r = Authen::Radius->new( Host=> $Host, Secret => $Secret, Timeout => $self->{RADIUS_TimeOut}, Accounting => 1 ); last if $r; #If we have a good connection, we're done $self->log( 0, "Failed to connect to RADIUS server $Host" ); } if ($r) { # This is almost always the case... $self->{Radius} = $r; } else { $self->log( 0, "Can't connect to RADIUS server(s) $self->{RADIUS_Host}" ); } } else { return undef; #no host for them! } } return $self->{Radius}; } sub usenextserver { #If I fail, take the most recent host out and my $self = shift; return unless $self->{RadiusHostsToUse}; #unless I've been through the radius sub above, forget it my @Hosts = @{$self->{RadiusHostsToUse}}; my $popped = shift(@Hosts); #say goodbye to the first one $self->log(0, "popped $popped in usenextserver"); undef($self->{Radius}); #so radius above will get a new one. $self->{RadiusHostsToUse} = [EMAIL PROTECTED]; } sub create_session_id { my $self = shift; return $self->radius->NewSessionID(); } sub start { my ($self, $peer, $stats) = @_; if (! $peer->session_id) { $peer->session_id($self->radius->NewSessionId()); } return $self->accounting({ Name => 1, Value => $peer->user, Type => 'string'}, # User-Name { Name => 4, Value => $self->{GatewayAddr}, Type => 'ipaddr'}, # NAS-IP-Address { Name => 5, Value => $self->{GatewayPort}, Type => 'integer'}, # NAS-Port { Name => 7, Value => '1', Type => 'integer'}, # Framed-Protocol { Name => 8, Type => 'ipaddr' , Value => $peer->id}, # Framed-IP-Address { Name => 31, Value => $peer->id, Type => 'string'}, { Name => 32, Value => $peer->{GatewayAddr}, Type => 'string'}, # Calling-Station-Id
Values in radacct problem
FreeRADIUS 1.0 RH8 NoCat=Radius client Mysql Hi. There are certain attributes such as the FramedIPAddress, AcctTerminateCause,service type etc, are remain empty when accounting session is started and stoped. From what I seek, the RADIUS client is not sending those attributes value.Some of the values suppose to be returned from the sql table containing the user information. By Using radius.pm (some altering done here), in the log files, there are some added attributes successfully return value in detail log file. Although trying to allow some attributes such as mention before, there are still no value appear in the radacct table and the detail file (framedipaddress for now). For Dialupadmin, there are 4 remaining table remain empty, even the accounting session is started. tables are members, baduser, totacct and mtotacct.Is it because the scripts to write the value to sql db isn't running or configuration probs in radius conf or dialup conf? Below are the RADIU.pm file that we used. ___ package NoCat::Accounting::RADIUS; use NoCat::Source; use Authen::Radius; use strict; use vars qw( @ISA @REQUIRED ); @ISA= qw( NoCat::Accounting ); @REQUIRED = qw( RADIUS_Host RADIUS_Secret ); sub radius { my ($self) = @_; unless ($self->{Radius}) { my $r; my $Hosts = $self->{RadiusHostsToUse}; if(! defined($Hosts)) { #This is really the first time through and I need to generate my list of servers $self->{RADIUS_Host} =~ s/,,/,/g; #just to eliminate any blank entries my(@Hosts) = split(/,/,$self->{RADIUS_Host}); if($self->{RADIUS_Order} && $self->{RADIUS_Order}) { #mix em up. my @TmpHosts; my %UsedHosts; for(my $i=0;$i <= $#Hosts; $i++) { my $TmpHost; while(! $TmpHost || ($TmpHost && $UsedHosts{$TmpHost})) { $TmpHost = $Hosts[int(rand($#Hosts + 1))]; last if ! $UsedHosts{$TmpHost}; } $UsedHosts{$TmpHost} = 1; $TmpHosts[$i] = $TmpHost; } @Hosts = @TmpHosts; } $self->{RadiusHostsToUse} = [EMAIL PROTECTED]; #List generated. } if($self->{RadiusHostsToUse}) { #go through servers one by one foreach my $Host (@{$self->{RadiusHostsToUse}}) { my $Secret = $self->{RADIUS_Secret} ? $self->{RADIUS_Secret} : ""; if($Host =~ s/\*(.*)$//) { $Secret = $1; } $self->log( 0, "Connecting to RADIUS server $Host with Timeout " . $self->{RADIUS_TimeOut} ); $r = Authen::Radius->new( Host=> $Host, Secret => $Secret, Timeout => $self->{RADIUS_TimeOut}, Accounting => 1 ); last if $r; #If we have a good connection, we're done $self->log( 0, "Failed to connect to RADIUS server $Host" ); } if ($r) { # This is almost always the case... $self->{Radius} = $r; } else { $self->log( 0, "Can't connect to RADIUS server(s) $self->{RADIUS_Host}" ); } } else { return undef; #no host for them! } } return $self->{Radius}; } sub usenextserver { #If I fail, take the most recent host out and my $self = shift; return unless $self->{RadiusHostsToUse}; #unless I've been through the radius sub above, forget it my @Hosts = @{$self->{RadiusHostsToUse}}; my $popped = shift(@Hosts); #say goodbye to the first one $self->log(0, "popped $popped in usenextserver"); undef($self->{Radius}); #so radius above will get a new one. $self->{RadiusHostsToUse} = [EMAIL PROTECTED]; } sub create_session_id { my $self = shift; return $self->radius->NewSessionID(); } sub start{ my ($self, $peer, $stats) = @_; if(! $peer->session_id) { $peer->session_id($self->radius->NewSessionId()); } return $self->accounting( { Name => 1, Value => $peer->user, Type => 'string'}, #User - Name { Name => 4, Value => $self->{GatewayAddr}, Type => 'ipaddr'}, #NAS-IP-Address { Name => 8, Type => 'ipaddr' , Value => $peer->id}, # Framed-IP-Address { Name => 31, Value => $peer->id, Type => 'string'}, #Calling-Station-Id { Name => 40, Value => '1', Type => 'integer' }, # Acct-Status-Type(Start) { Name => 40, V
freeradius-users@lists.freeradius.org
Thanks Alan. I try to get user authentication using the python testing tools. From what I get, the users from home server (the remote server) were authenticated, but users from the forwarding server failed to get their authentication. in the proxy.conf, the configuration are __ realm 200.200.230.136 { type= radius authhost= 200.200.230.136:1812 accthost= 200.200.230.136:1813 secret = amin} realm NULL { type= radius authhost= 200.200.230.136:1812 accthost= 200.200.230.136:1813 secret = amin} realm DEFAULT { type= radius authhost= 200.200.230.136:1812 accthost= 200.200.230.136:1813 secret = amin} in the debug mode, the messages are: ___ host 200.200.230.135:1163, id=189, length=43 User-Name = "abu" User-Password = "abu" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "abu", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "abu" rlm_realm: Proxying request from user abu to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Preparing to proxy authentication request to realm "NULL" modcall[authorize]: module "suffix" returns updated for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 radius_xlat: 'abu' rlm_sql (sql): sql_set_user escaped user --> 'abu' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'abu' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'abu' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'abu' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'abu' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module "sql" returns ok for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 0 to 200.200.230.136:1812 User-Name = "abu" User-Password = "abu" NAS-IP-Address = 200.200.230.135 Proxy-State = 0x313839 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Reject packet from host 200.200.230.136:1812, id=0, length=25 Proxy-State = 0x313839 Processing the post-proxy section of radiusd.conf modcall: entering group post-proxy for request 0 modcall[post-proxy]: module "eap" returns noop for request 0 modcall: group post-proxy returns noop for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 189 to 200.200.230.135:1163 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 189 with timestamp 41d0f12f Nothing to do. Sleeping until we see a request. _ FR is sending auth request to the Remote Server altough the user is from its own sql database. then rejecting it. Is that what is happening? How can i drive the request to 1st search from its sql db and then proxy the request when theres no record? If any additional info needed, please inform me, I will send it immediately. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realm Problem
Hi... My proxy setup seems to have a problem. I used the NULL realm option for testing purposes. It looks like this realm NULL { type = radius authhost = 200.200.230.136:1812 accthost = 200.200.230.136:1813 secret = amin } when I send User information using Python radius testing tools, the forwarding server send the access request to the remote server, then the remote server sent the access accept back to the forwarding server..but in the forwarding server debug mode it looks like this -- ad_recv: Access-Request packet from host 200.200.230.135:2071, id=197, length=43 User-Name = "omi" User-Password = "omi" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 modcall[authorize]: module "mschap" returns noop for request 1 rlm_realm: No '@' in User-Name = "omi", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "omi" rlm_realm: Proxying request from user omi to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Preparing to proxy authentication request to realm "NULL" modcall[authorize]: module "suffix" returns updated for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 radius_xlat: 'omi' rlm_sql (sql): sql_set_user escaped user --> 'omi' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'omi' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): User omi not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'omi' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'omi' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User omi not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns notfound for request 1 modcall: group authorize returns updated for request 1 Sending Access-Request of id 1 to 200.200.230.136:1812 User-Name = "omi" User-Password = "omi" NAS-IP-Address = 200.200.230.135 Proxy-State = 0x313937 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 200.200.230.135:2071, id=197, length=43 Ignoring duplicate packet from client 200.200.230.135:2071 - ID: 197, due to outstanding proxied request 1. --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 1 to 200.200.230.136:1812 User-Name = "omi" User-Password = "]=\222\006\353\003=q\262]\315\335\302o*\237" NAS-IP-Address = 200.200.230.135 Client-IP-Address = 200.200.230.135 Stripped-User-Name = "omi" Realm = "NULL" Realm = "NULL" Proxy-State = 0x313937 Waking up in 5 seconds... rad_recv: Access-Request packet from host 200.200.230.135:2071, id=197, length=43 Ignoring duplicate packet from client 200.200.230.135:2071 - ID: 197, due to outstanding proxied request 1. --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Re-sending Access-Request of id 1 to 200.200.230.136:1812 User-Name = "omi" User-Password = "]=\222\006\353\003=q\262]\315\335\302o*\237" NAS-IP-Address = 200.200.230.135 Client-IP-Address = 200.200.230.135 Stripped-User-Name = "omi" Realm = "NULL" Realm = "NULL" Proxy-State = 0x313937 Waking up in 5 seconds... --- Walking the entire request list --- Server rejecting request 1. marking authentication server 200.200.230.136:1812 for realm NULL dead Waking up in 0 seconds... --- Walking the entire request list --- Sending Access-Reject of id 197 to 200.200.230.135:2071 Cleaning up request 1 ID 197 with timestamp 41cce718 Nothing to do. Sleeping until we see a request. --- The client as the result dont get any response from the forwarding server. The client of the forwarding server are not being authenticated at all. Why is that happen? I just want to make a simple setup for the realm /proxy function. Can someone guide me how to setup and test the simple configuration? Another thing is, when I try the realm IP {---}, in the debug mode it still looking for the realm NULL, and at the end no proxy request being processed. Do I need to change the ignor
that is what i had done
Thnks DD. OK...it's seems that I'm not good in explaning this.. My setup is user/subscriber-->Client-->Forwarding Server-->Remote Server forwarding IP=200.200.230.132 Remote IP=200.200.230.136 Is Forwarding server now is the client of the remote server? If yes, in The REMOTE SERVER with it CLIENTS.CONF file looks like this... client 200.200.230.132 { secret = amin shortname = 200.200.230.132 login = amin password= amin } So I assumed the packet comes from forwarding server with IP 200.200.230.132---iS iT? AND in the FORWARDING SERVER...Inside the PROXY.CONF file is like this realm 200.200.230.136 { type= radius authhost= radius.200.200.230.136:1812 accthost= radius.200.200.230.136:1813 secret = amin } Is the IP of the authhost and the accthost is the IP of the REMOTE SERVER?Correct me please.. 'radius' before the IP of the remote server indicate what? The type specified above it or is it something else? in REMOTE and Forwarding server both their radiusd.conf, do we need to altered anything if i used the realm as their own IP if I want the proxy / realm works on both way..just the metter of testing this functionallity... And, in the other setup I did put the client IP inside the server's client.conf file ..thats the the basic thingbut still what is strange is it ignored the packet as unknown client..only one client that I define among many other is accepted by it and annother problem occured...the reply/access accept not received by the client. Client seems to hear nothing from the server. Help me again pleaseThank you and merry christmas to anyone celebrating it... __ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius client unknown
This is the debug mode Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded SQL sql: driver = "rlm_sql_mysql" sql: server = "localhost" sql: port = "" sql: login = "radius" sql: password = "radius" sql: radius_db = "radius" sql: acct_table = "radacct" sql: acct_table2 = "radacct" sql: authcheck_table = "radcheck" sql: authreply_table = "radreply" sql: groupcheck_table = "radgroupcheck" sql: groupreply_table = "radgroupreply" sql: usergroup_table = "usergroup" sql: nas_table = "nas" sql: dict_table = "dictionary" sql: sqltrace = no sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql" sql: readclients = no sql: deletestalesessions = yes sql: num_sql_socks = 5 sql: sql_user_name = "%{User-Name}" sql: default_user_profile = "" sql: query_on_not_found = no sql: authorize_check_query = . sql: group_membership_query = "SELECT GroupName FROM usergroup WHERE UserName='%{SQL-User-Name}'" sql: connect_failure_retry_delay = 60 sql: simul_count_query = "" sql: simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" sql: postauth_table = "radpostauth" sql: postauth_query = "INSERT into radpostauth (id, user, pass, reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW())" sql: safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_my
Realm proxy setup probs
I try to setup proxy and realm for freeradius in my forwarding server, in the proxy.conf file, it looks like this: realm 200.200.230.136 { type= radius authhost= radius.200.200.230.136:1812 accthost= radius.200.200.230.136:1813 secret = amin } The IP of the forwarding server is 200.200.230.132 at the remote server, the client.conf looks like this.. client 200.200.230.132 { secret = amin shortname = 200.200.230.132 login = amin password= amin } When i try to run the radiusd -X, at the forwarding server, it stoped at ..reading realm files..host 200.200.230.136 not found then it stoped totally.. can I just put the IP address of the remote server just like that? which part of configuration file that I missed to alter? Another Problem is in one seperate server I run FreeRADIUS. Client.conf are set to listen to client 200.200.230.148 but still in the debug mode the ignore messages appeared receiving from unknown client...200.200.230.148, why is this happen? Or I missed something again? Thanks for your help...really really appreciate it. __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
realm setup problem
I try to setup proxy and realm for freeradius in my forwarding server, in the proxy.conf file, it looks like this: realm 200.200.230.136 { type= radius authhost= radius.200.200.230.136:1812 accthost= radius.200.200.230.136:1813 secret = amin } The IP of the forwarding server is 200.200.230.132 at the remote server, the client.conf looks like this.. client 200.200.230.132 { secret = amin shortname = 200.200.230.132 login = amin password= amin } When i try to run the radiusd -X, at the forwarding server, it stoped at ..reading realm files..host 200.200.230.136 not found then it stoped totally.. can I just put the IP address of the remote server just like that? which part of configuration file that I missed to alter? Another Problem is in one seperate server I run FreeRADIUS. Client.conf are set to listen to client 200.200.230.148 but still in the debug mode the ignore messages appeared receiving from unknown client...200.200.230.148, why is this happen? Or I missed something again? Thanks for your help...really really appreciate it. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sql.conf 'server' field
HI there is something that confused me. In sql.conf. the server field should be any IP of a server running Mysql. Is it? When i try using localhost, the radius running properly (from the debug mode) but when i used the IP addr of which the same mechine i run radius server using localhost, there's an error of attempting ..something about socket...to connect with mysql..but in the other pc I tried, when i change localhost to it's own IP, or other IP which run the mysql server, it seems to be ok. Where could it be wrong? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Scripts for RaDius Accounting packet for billing purposes
Hi. I use RH8 for my FR server. I already connected FR authentication with mysql. It seems that it is OK when I use py-radius to get user authentication from the content of the Mysql db that i created. now I want to try FR accounting where it should be recorded in radacct table in mysql. I try NTradping for Windows mechine as a client. It's seems working. But where can i find a script that generates accounting packets with the attributes that suites the table? Is there anyone who had develop some kind of scripts for accountig purposes maybe? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Missing radius.log file and radacct folder
Hi I'm using users file for authentication.the problem is there are no radius directory inside var directory. so there are no record or information about users. 1. is this directory automatically created when I installed freeradius? 2. What may caused this to happen? Insatllation? Misconfiguration ? Any commented entry that should be uncomment? - I already try to find all radius.log 3. When I run the radius deamon with other option such as -y, there are error messege that i get, which like Fail to create PID ...no such file or directory is this the effect of the missing radius directory that stored user information? or is there other reason on it? 4. Except I mkdir a radius directory and create a radius.log file and radacct directory in it, is there any other way so that the logfile exist (such as run some miss execute file or else) so it can work appropriately with FR server? thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with pidfile
Hi. There's a problem when I try something in radiusd -... failed writing process id to file /usr/local/var/run/radiusd.pid ...no such file or directory... is the file need to be created by ourselves? or is there any misconfiguration or installation problem? how can I make radius server to write its PID when I'm running it? __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Missing radius.log file and radacct folder
Hi I'm using users file for authentication.the problem is there are no radius directory inside var directory. so there are no record or information about users. 1. is this directory automatically created when I installed freeradius? 2. What may caused this to happen? Insatllation? Misconfiguration ? Any commented entry that should be uncomment? - I already try to find all radius.log 3. When I run the radius deamon with other option such as -y, there are error messege that i get, which like Fail to create PID ...no such file or directory is this the effect of the missing radius directory that stored user information? or is there other reason on it? 4. Except I mkdir a radius directory and create a radius.log file and radacct directory in it, is there any other way so that the logfile exist (such as run some miss execute file or else) so it can work appropriately with FR server? __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR installation Probs
Hi, there is a problem when I try to my FR. Can someone show me problem? -- gmake[6]: Entering directory `/home/zaki/freeradius-1.0.0/src/modules/rlm_krb5' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_krb5.c -o rlm_krb5.o rlm_krb5.c:40:21: com_err.h: No such file or directory rlm_krb5.c: In function `verify_krb5_tgt': rlm_krb5.c:105: warning: passing arg 2 of `krb5_kt_read_service_key' discards qualifiers from pointer target type rlm_krb5.c: In function `krb5_auth': rlm_krb5.c:305: warning: implicit declaration of function `krb5_get_in_tkt_with_password' gmake[6]: *** [rlm_krb5.o] Error 1 gmake[6]: Leaving directory `/home/zaki/freeradius-1.0.0/src/modules/rlm_krb5' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/home/zaki/freeradius-1.0.0/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/home/zaki/freeradius-1.0.0/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/home/zaki/freeradius-1.0.0/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/zaki/freeradius-1.0.0/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/home/zaki/freeradius-1.0.0' make: *** [all] Error 2 there's also an error at the end of make install process. then when I tried to run the radius daemon with radiusd -X, it shows command not found!Any extra info please infrom me. Thanks. __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unfilled attributes in radacct mysql
Hi. I already installed NTRadPing in win2k. I'ved tested the accounting, authentication through it. When I checked the radacct table in MYSQL, there are some attributes information unfilled or filled with '0's.Hoe to get those missing information availabale? How to simulate multiple user login at the same time? Is there any scripts available for this kind of test? Can anyone give some tips? Thanks. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to do accounting in Freeradius
Hello. My setup for my testbed is like this: Radius Client(Linux Based PC)->Radius Server->mysql DB Is there any simulation program that create session from multiple user for freeradius? Or, is there a way to make radius server to do accounting with the radacct tables first empty then when the session is created, there will be an information about the user log in to the network (as the attributes defined earlier). Or did I missed something in the middle? What should I do so that the accounting process will use mysql to write the user attributes in the radacct table? Please Help me..Thanx __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users digest, Vol 1 #3714 - 7 msgs
I'm sorry becoze I'm a beginner and delivered u guys this question. I tried to use mysql for my freeradius 0.9.2 after I entered radiusd -X, something like this occur. rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius . . rlm_sql_mysql: Mysql error 'Access denied for user: '[EMAIL PROTECTED]' (Using password: YES)' . . rlm_sql (sql): Failed to connect DB handle #0 rlm_sql (sql): starting 1 rlm_sql (sql): starting 2 rlm_sql (sql): starting 3 rlm_sql (sql): starting 4 rlm_sql (sql): Failed to connect to any SQL server. Module: Instantiated sql (sql) radiusd.conf: "SQL" modules aren't allowed in 'authenticate' sections -- they have no such method. May be I'ved missed somewhere, and if some one notice my mistake please help me. Thank you. --- [EMAIL PROTECTED] wrote: > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, > visit > > http://lists.freeradius.org/mailman/listinfo/freeradius-users > or, via email, send a message with subject or body > 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it > is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > >1. Re: Wireless authentication via LDAP and PEAP > (Jon Stahler) >2. Re: Wireless authentication via LDAP and PEAP > (David Hart) >3. Re: Wireless authentication via LDAP and PEAP > (Alan DeKok) >4. Re: Wireless authentication via LDAP and PEAP > (Jon Stahler) >5. Re: Wireless authentication via LDAP and PEAP > (Alan DeKok) >6. RE: Dual authentication!! (Kirti S. Bajwa) >7. SegFault/missing libssl for EAP/TLS (Robert > Schultz) > > --__--__-- > > Message: 1 > Date: Wed, 08 Sep 2004 15:58:18 -0500 > From: "Jon Stahler" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: Wireless authentication via LDAP and > PEAP > Reply-To: [EMAIL PROTECTED] > > --=__Part1E3E6D7A.0__= > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > > > > Jon Stahler > Manager of Systems Services > Illinois Fire Service Institute > 11 Gerty Drive > Champaign, IL 61820 > (217) 333-2163 > > >>> [EMAIL PROTECTED] 9/8/2004 3:18:45 PM >>> > > "Jon Stahler" <[EMAIL PROTECTED]> wrote: > > I've been trying to setup FreeRadius in order to > authenticate my > > wireless users against my Novell eDirectory via > the built in LDAP > > server. > > > You can't, it's impossible. LDAP doesn't do EAP, > and will never do > >EAP. > > > Instead, put clear-text passwords into LDAP, list > "ldap" in the > >"authorize" section of "radiusd.conf", and let the > server figure it > >out. It WILL work. > > Ok...So explain to me how I get my Access Point to > authenticate against > my eDirectory users. If LDAP won't do it, what > WILL? Why does it > authenticate successfully against my LDAP server and > respond with > authenticate OK if this is not the case? How should > I modify my setup > to do what you are asking. Please use small words > and be patient with > me as I am a new to this. > > Input clear-text passwords into LDAP how exactly? > The passwords come > from eDirectory. I don't directly manage the LDAP > server. It is > automated. Is there a specific attribute I need to > populate with data > from my eDirectory? I can add attributes to the > server if this is > necessary. > > > On the Radius screen, I see that the request is > sent to the LDAP > > server. The EAP module of FreeRadius responds OK > over and over and > over > > again infinitely until I either kill my wireless > connection or the > > server thread. > > There's a lot more detail than that, usually. > Buried somewhere in > that log is the real reason why it's failing. > > > I have only uncommented PEAP and MSCHAPV2 in my > EAP.CONF file. > > In order for PEAP to work, you also need to > configure the tls{} > section of eap.conf. > > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > --=__Part1E3E6D7A.0__= > Content-Type: text/html; charset=ISO-8859-1 > Content-Transfer-Encoding: 8bit > > > > name=GENERATOR> > > > > Jon StahlerManager of Systems > ServicesIllinois Fire Service Institute11 > Gerty DriveChampaign, IL 61820(217) > 333-2163>>> [EMAIL PROTECTED] 9/8/2004 > 3:18:45 PM >>> > "Jon Stahler" > <[EMAIL PROTECTED]> wrote:> I've > been trying to setup FreeRadius in order to > authenticate my> wireless users against my > Novell eDirectory via the built in LDAP> > server.> You can't, it's > impossible. LDAP doesn't do EAP, and will > never do>EAP.> Instead, put > clear-text passwords into LDAP, list "ldap" in > the>"authorize" section of "radiusd.conf", > and let the server figure it>out. It > WILL work. > > > Ok...So explain to me how I get my Access Point > to authenticate against my eDirec
Re: Freeradius-Users digest, Vol 1 #3641 - 13 msgs
Hi. I install py-radius for the use of my radius client authentication purposes. How can I establish communication between the freeradius server with this py-radius? Do I still need to use PAM authentication module? How do I configure it in the clients file? Thanks. __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PAM radius authentication module for redhat8/9/fedora
Hello. I'm zadad. I read about freeRADIUS. I'ved install and try to configure for the server and the client. Is it true from what I understand that, we can use linux based PC as the radius client (for a sample network that i would like to try) when enabling PAM module for radius authentication in the linux? Is there any latest version of PAM module for redhat or fedora? Can anyone show me how or where can I find the way to configure the server and the client step by step (sorry, coz I'm confused when reading the manual) if there's any. Thank you for your help. __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html