RE: Handler failed in EAP/peap
Sorry for the delayed reply. I didn't understand where the problem is. Anyone could be kind to help me??! Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Willey Kurt D Sent: segunda-feira, 16 de Agosto de 2004 14:44 To: [EMAIL PROTECTED] Subject: RE: Handler failed in EAP/peap The error is higher up the debug output -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugo Sousa Sent: Sunday, August 15, 2004 2:06 PM To: [EMAIL PROTECTED] Subject: Handler failed in EAP/peap Hi all, I'm having a problem in the EAP/PEAP part, I think. I'm trying to authorize a Windows XP SP2 on my RADIUS, and the following problem ocurs: What could be the problem? (auth type = TLS). rad_recv: Access-Request packet from host 192.168.2.4:2048, id=0, length=168 User-Name = root NAS-IP-Address = 192.168.2.4 Called-Station-Id = 000f66574649 Calling-Station-Id = 0020ed792d18 NAS-Identifier = 000f66574649 NAS-Port = 12 Framed-MTU = 1400 State = 0x05b373c1c76de7ad819b9f5d89fd2526 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001b7ef3a5621ca382d03693d3be7d598f1c06d06d45d122b26e2300 e2 Message-Authenticator = 0x582cee4856acc3a537c315ea71327ea9 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 8 modcall[authorize]: module preprocess returns ok for request 8 modcall[authorize]: module chap returns noop for request 8 modcall[authorize]: module mschap returns noop for request 8 rlm_realm: No '@' in User-Name = root, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 8 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 8 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 8 modcall: group authorize returns updated for request 8 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 8 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 8 modcall: group authenticate returns invalid for request 8 auth: Failed to validate the user. Delaying request 8 for 1 seconds Finished request 8 Going to the next request Waking up in 6 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.2.4:2048 EAP-Message = 0x04080004 Message-Authenticator = 0x Cleaning up request 8 ID 0 with timestamp 411f48d0 Nothing to do. Sleeping until we see a request. Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
bugreport: freeradius 1.0.0 crash with ippool if module was not built
Hi! I just installed freeradius 1.0.0 on Debian GNU/Linux 3.0 (woody) and I didn't remember to install libgdbm-dev so ippool-module was not built. I didn't notice this, and tried to use ippools. I specified them in the radiusd.conf and the result is that freeradius crashes (segmentation fault) while starting.. Sorry I didn't have time to look at the code.. -- Pasi Kärkkäinen ^ . . Linux /-\ Choice.of.the .Next.Generation. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users digest, Vol 1 #3714 - 7 msgs
I'm sorry becoze I'm a beginner and delivered u guys
this question.
I tried to use mysql for my freeradius 0.9.2
after I entered radiusd -X, something like this occur.
rlm_sql_mysql: Couldn't connect socket to MySQL server
[EMAIL PROTECTED]:radius
.
.
rlm_sql_mysql: Mysql error 'Access denied for user:
'[EMAIL PROTECTED]' (Using password: YES)'
.
.
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
Module: Instantiated sql (sql)
radiusd.conf: SQL modules aren't allowed in
'authenticate' sections -- they have no such method.
May be I'ved missed somewhere, and if some one notice
my mistake please help me. Thank you.
--- [EMAIL PROTECTED]
wrote:
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web,
visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body
'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it
is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: Wireless authentication via LDAP and PEAP
(Jon Stahler)
2. Re: Wireless authentication via LDAP and PEAP
(David Hart)
3. Re: Wireless authentication via LDAP and PEAP
(Alan DeKok)
4. Re: Wireless authentication via LDAP and PEAP
(Jon Stahler)
5. Re: Wireless authentication via LDAP and PEAP
(Alan DeKok)
6. RE: Dual authentication!! (Kirti S. Bajwa)
7. SegFault/missing libssl for EAP/TLS (Robert
Schultz)
--__--__--
Message: 1
Date: Wed, 08 Sep 2004 15:58:18 -0500
From: Jon Stahler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Wireless authentication via LDAP and
PEAP
Reply-To: [EMAIL PROTECTED]
--=__Part1E3E6D7A.0__=
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Jon Stahler
Manager of Systems Services
Illinois Fire Service Institute
11 Gerty Drive
Champaign, IL 61820
(217) 333-2163
[EMAIL PROTECTED] 9/8/2004 3:18:45 PM
Jon Stahler [EMAIL PROTECTED] wrote:
I've been trying to setup FreeRadius in order to
authenticate my
wireless users against my Novell eDirectory via
the built in LDAP
server.
You can't, it's impossible. LDAP doesn't do EAP,
and will never do
EAP.
Instead, put clear-text passwords into LDAP, list
ldap in the
authorize section of radiusd.conf, and let the
server figure it
out. It WILL work.
Ok...So explain to me how I get my Access Point to
authenticate against
my eDirectory users. If LDAP won't do it, what
WILL? Why does it
authenticate successfully against my LDAP server and
respond with
authenticate OK if this is not the case? How should
I modify my setup
to do what you are asking. Please use small words
and be patient with
me as I am a new to this.
Input clear-text passwords into LDAP how exactly?
The passwords come
from eDirectory. I don't directly manage the LDAP
server. It is
automated. Is there a specific attribute I need to
populate with data
from my eDirectory? I can add attributes to the
server if this is
necessary.
On the Radius screen, I see that the request is
sent to the LDAP
server. The EAP module of FreeRadius responds OK
over and over and
over
again infinitely until I either kill my wireless
connection or the
server thread.
There's a lot more detail than that, usually.
Buried somewhere in
that log is the real reason why it's failing.
I have only uncommented PEAP and MSCHAPV2 in my
EAP.CONF file.
In order for PEAP to work, you also need to
configure the tls{}
section of eap.conf.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--=__Part1E3E6D7A.0__=
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
HTMLHEAD
META http-equiv=Content-Type content=text/html;
charset=iso-8859-1
META content=MSHTML 6.00.2900.2180
name=GENERATOR/HEAD
BODY style=MARGIN: 4px 4px 1px; FONT: 10pt
Tahoma
DIVnbsp;/DIV
DIVnbsp;/DIV
DIVJon StahlerBRManager of Systems
ServicesBRIllinois Fire Service InstituteBR11
Gerty DriveBRChampaign, IL 61820BR(217)
333-2163BRBRgt;gt;gt; [EMAIL PROTECTED] 9/8/2004
3:18:45 PM gt;gt;gt;BR/DIV
DIV style=COLOR: #00Jon Stahler
lt;[EMAIL PROTECTED]gt; wrote:BRgt; I've
been trying to setup FreeRadius in order to
authenticate myBRgt; wireless users against my
Novell eDirectory via the built in LDAPBRgt;
server.BRBRgt;nbsp; You can't, it's
impossible.nbsp; LDAP doesn't do EAP, and will
never doBRgt;EAP.BRBRgt;nbsp; Instead, put
clear-text passwords into LDAP, list ldap in
theBRgt;authorize section of radiusd.conf,
and let the server figure itBRgt;out.nbsp; It
Re: SegFault/missing libssl for EAP/TLS
Robert Schultz schrieb: Hello. I am trying to run freeRADIUS 1.0.0 with openssl 0.9.7d. While doing ./configure --with-openssl-libraries=/usr/local/lib --with-openssl-includes= /usr/local/include or ./configure --with-openssl-libraries=/usr/local/openssl/lib --with-openssl-i ncludes=/usr/local/openssl/include CFLAGS=-I/usr/local/openssl/include LDFLAGS=-L/usr/local/openssl/lib -lssl -lcrypto ./configure might work better. HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SegFault/missing libssl for EAP/TLS
From: Stefan Neis Robert Schultz schrieb: Hello. I am trying to run freeRADIUS 1.0.0 with openssl 0.9.7d. While doing ./configure --with-openssl-libraries=/usr/local/lib --with-openssl-includes= /usr/local/include or ./configure --with-openssl-libraries=/usr/local/openssl/lib --with-openssl-i ncludes=/usr/local/openssl/include CFLAGS=-I/usr/local/openssl/include LDFLAGS=-L/usr/local/openssl/lib -lssl -lcrypto ./configure might work better. Still not working. I am a bit confused about the openssl-dirs, as /usr/local/openssl/lib is empty. libssl and libcrypt are both inside /usr/lib, but even when using that path in CFLAGS it doesn't work. What is supposed to be inside the path mentioned in CFLAGS (or --with-openssl-[libraries/includes]? Maybe I can figure out the right path that way... Thank you Robert - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Class attribute
Hello all, I have redefined the 'Class' attribute as a string in the /etc/freeradius/dictionary file so that the predefined attribute (octets) is overridden, adding the following line: ATTRIBUTE Class 25 string However, it seems that this change it is not taken into account and when I receive the RADIUS packet it says: /usr/lib (Unknown Type 779252325) Instead of: Class = whatever_string On the other hand when I edit /usr/share/freeradius/dictionary directly, it works fine. As the configuration file says, I should not edit the /usr/share/freeradius/dictionary file directly, and I should change the /etc/freeradius/dictionary instead. Dos anyone have any idea of what can be wrong?? Thanks in advance. Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bugreport: freeradius 1.0.0 crash with ippool if module was not built
Pasi =?iso-8859-1?Q?K=E4rkk=E4inen?= [EMAIL PROTECTED] wrote: I didn't notice this, and tried to use ippools. I specified them in the radiusd.conf and the result is that freeradius crashes (segmentation fault) while starting.. It's a libltdl thing. Don't worry about it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Class attribute
Lopez, A. [EMAIL PROTECTED] wrote: I have redefined the 'Class' attribute as a string in the /etc/freeradius/dictionary file so that the predefined attribute (octets) is overridden, adding the following line: Why? ATTRIBUTE Class 25 string However, it seems that this change it is not taken into account and when I receive the RADIUS packet it says: /usr/lib (Unknown Type 779252325) I doubt very much that's the exact error message produced by editing the dictionary file. Could you please post the REAL error, from the debug log, or even the whole debug log? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap: Handler failed in EAP/peap
Title: rlm_eap: Handler failed in EAP/peap Hello, I'm trying to authenticate a XP SP2. I'm using, for testing only, the root username and password. And the result is on the bottom. What could be the problem? Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.14:2050, id=0, length=168 User-Name = root NAS-IP-Address = 192.168.2.14 Called-Station-Id = 000f6645db2a Calling-Station-Id = 0020ed792d18 NAS-Identifier = 000f6645db2a NAS-Port = 12 Framed-MTU = 1400 State = 0x9ffc28e6266e915f48a2c65201988172 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001bdc0d980a2faf3b259a1c839845feaee7fa20acda7735f5da62fb21 Message-Authenticator = 0xc1149f0adc27f8d6973700ddb42b51ab Processing the authorize section of radiusd.conf modcall: entering group authorize for request 78 modcall[authorize]: module preprocess returns ok for request 78 modcall[authorize]: module chap returns noop for request 78 modcall[authorize]: module mschap returns noop for request 78 rlm_realm: No '@' in User-Name = root, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = root rlm_realm: Proxying request from user root to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 78 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 78 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 78 modcall: group authorize returns updated for request 78 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 78 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 78 modcall: group authenticate returns invalid for request 78 auth: Failed to validate the user. Delaying request 78 for 1 seconds Finished request 78 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.2.14:2050 EAP-Message = 0x04080004 Message-Authenticator = 0x Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 78 ID 0 with timestamp 413fce87 Nothing to do. Sleeping until we see a request. Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal
Re: rlm_eap: Handler failed in EAP/peap
Try sending the *entire* debug output. You're only sending the part that occurs *after* the *real* error. The true error is happening earlier in the authentication sequence. --Mike On Thu, 2004-09-09 at 08:21, Hugo Sousa wrote: Hello, I'm trying to authenticate a XP SP2. I'm using, for testing only, the root username and password. And the result is on the bottom. What could be the problem? Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.2.14:2050, id=0, length=168 User-Name = root NAS-IP-Address = 192.168.2.14 Called-Station-Id = 000f6645db2a Calling-Station-Id = 0020ed792d18 NAS-Identifier = 000f6645db2a NAS-Port = 12 Framed-MTU = 1400 State = 0x9ffc28e6266e915f48a2c65201988172 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020800261900170301001bdc0d980a2faf3b259a1c839845feaee7fa20acda7735f5da62fb21 Message-Authenticator = 0xc1149f0adc27f8d6973700ddb42b51ab Processing the authorize section of radiusd.conf modcall: entering group authorize for request 78 modcall[authorize]: module preprocess returns ok for request 78 modcall[authorize]: module chap returns noop for request 78 modcall[authorize]: module mschap returns noop for request 78 rlm_realm: No '@' in User-Name = root, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = root rlm_realm: Proxying request from user root to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Authentication realm is LOCAL. modcall[authorize]: module suffix returns noop for request 78 rlm_eap: EAP packet type response id 8 length 38 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 78 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 78 modcall: group authorize returns updated for request 78 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 78 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TLV response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure, rejecting. rlm_eap: Handler failed in EAP/peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 78 modcall: group authenticate returns invalid for request 78 auth: Failed to validate the user. Delaying request 78 for 1 seconds Finished request 78 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 0 to 192.168.2.14:2050 EAP-Message = 0x04080004 Message-Authenticator = 0x Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 78 ID 0 with timestamp 413fce87 Nothing to do. Sleeping until we see a request. Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radutmp is not written
Alan, The server writes data to radutmp ONLY if it receives accounting packets. Check that the server is receiving accounting packets... checked it and found, that the firewall blocked port 1813... Didn't know that. Now the radutmp-file ist maintained very well. One more question, as radutmp is now available: As I wrote, I want to limit the number of logins for a particular client In the file 'users', I added the following entry: [...] foo User-Password == bar, Simultaneous-Use := 1 Port-Limit = 1 [...] Dialin via two separate connections, the second one will not be allowed (Simultaneous-Use := 1). Works fine and reliable, exactly what I want. But if I'm using Multilink PPP, then in 9 of 10 cases I'm still allowed to use both channels - and that's not want I want. I searched and found the parameter Port-Limit, but it seems, that it this doesn't have any effect. I still can use both ISDN-channels for dialin. Did I made a mistake or where else do I have to look? Thanks. Markus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_eap: Handler failed in EAP/peap
Any ideia now? Here is the full log. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: authtype = MS-CHAP mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = tls eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: certificate_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: CA_file = /usr/local/etc/raddb/certs/demoCA/cacert.pem tls: private_key_password = whatever tls: dh_file = /usr/local/etc/raddb/certs/dh tls: random_file = /usr/local/etc/raddb/certs/random tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = (null) rlm_eap: Loaded and initialized type tls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = /usr/local/etc/raddb/users files: acctusersfile = /usr/local/etc/raddb/acct_users files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded Acct-Unique-Session-Id acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port Module:
Re: Bug in valuepair.c paircmp?
Mitchell, Michael [EMAIL PROTECTED] wrote:
However, in valuepair.c we have:
regmatch_t rxmatch[9];
compare =3D regexec(reg, (char *)auth_item-strvalue,
16, rxmatch, 0);
Ie nmatch is 16, but the size of the pmatch array is only 9.
This causes a bus error in the call to regfree() when I try to match a
regular expression is users.
Fixed, thanks.
Is this a peculiar problem to Solaris 9, or have others had this issue?
It's a general problem that no one else has seen yet.
I also notice that this code has changed since 0.9.3.
The %{0}, %{1}, etc. are new.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool and NAS-Port missing in access-request
[EMAIL PROTECTED] wrote: I understand there is quite a lot of Radius Clients (i.e. NAS) sending some other standard Radius attributes instead of the NAS-Port in Access Request. So, why not implement this feature en significantly expand the application area of this powerfull Radius Server ? Feel free to supply a patch. If not, it looks like the feature won't be added. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_eap: Handler failed in EAP/peap
rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Your problem lies in the error messages above. You need to specify either a plain-text User-Password or an NT-Password for the user in the users file. -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_eap: Handler failed in EAP/peap
How can I do that in the users file? The root user is a Linux user. Btw... How can I redirect the users from a REALM to an LDAP server? Regards Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Griego Sent: quinta-feira, 9 de Setembro de 2004 16:03 To: [EMAIL PROTECTED] Subject: RE: rlm_eap: Handler failed in EAP/peap rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Your problem lies in the error messages above. You need to specify either a plain-text User-Password or an NT-Password for the user in the users file. -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool and NAS-Port missing in access-request
Well, this exactly what I'd like to do: to build a one and to get it working... But I need some help from developers. So who wants cooperate ? Any help/hints are welcome Thanks Victor -Oorspronkelijk bericht- Van: Alan DeKok [mailto:[EMAIL PROTECTED] Verzonden: donderdag 9 september 2004 16:42 Aan: [EMAIL PROTECTED] Onderwerp: Re: rlm_ippool and NAS-Port missing in access-request [EMAIL PROTECTED] wrote: I understand there is quite a lot of Radius Clients (i.e. NAS) sending some other standard Radius attributes instead of the NAS-Port in Access Request. So, why not implement this feature en significantly expand the application area of this powerfull Radius Server ? Feel free to supply a patch. If not, it looks like the feature won't be added. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_eap: Handler failed in EAP/peap
Hi Hugo, You *can't* use SYSTEM passwords to authenticate using MS-CHAPv2. MS-CHAPv2 requires the AAA server to be able to obtain the clear text password (from a local file or some other source) or a password in NT-Password format. If it cannot get them, then it is unable to check that performing the hash function results in the same data as was supplied in the password from the NAS. Therefore, you cannot use root as the username unless you also have a root user defined within the users file with a locally defined clear text password. Better to simply create a test user with a clear text password. Regards, Guy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Hugo Sousa Sent: 09 September 2004 16:08 To: [EMAIL PROTECTED] Subject: RE: rlm_eap: Handler failed in EAP/peap How can I do that in the users file? The root user is a Linux user. Btw... How can I redirect the users from a REALM to an LDAP server? Regards Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Griego Sent: quinta-feira, 9 de Setembro de 2004 16:03 To: [EMAIL PROTECTED] Subject: RE: rlm_eap: Handler failed in EAP/peap rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for root with NT-Password rlm_mschap: FAILED: No NT/LM-Password. Cannot perform authentication. rlm_mschap: FAILED: MS-CHAP2-Response is incorrect Your problem lies in the error messages above. You need to specify either a plain-text User-Password or an NT-Password for the user in the users file. -- --Mike --- Michael Griego Wireless LAN Project Manager The University of Texas at Dallas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP
Title: LDAP Hi, I have an Active Directory (LDAP) domain called office.systems.pt . How can I configure FR to validate users against this Windows 2000 AD Server? Can you show me all the configs that I have to make on the .conf files? I'm trying to do this from scratch but it's very difficult for a first time user of FR ... Regards, Hugo Sousa SysAdmin / NetworkAdmin http://www.netsystems.pt Portugal
Re: rlm_ippool and NAS-Port missing in access-request
[EMAIL PROTECTED] wrote: Well, this exactly what I'd like to do: to build a one and to get it working... But I need some help from developers. So who wants cooperate ? Any help/hints are welcome http://lists.cistron.nl/pipermail/freeradius-users/2004-June/032911.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Web Interface -- radius.cgi
I've searched the archives and didn't find much on web interfaces. We're trying to move from IC-Radius to FreeRadius. We looked at DialupAdmin and didn't think the interface would work well with our front office staff. Does anyone use IC-Radius radius.cgi to maintain the mysql users database and accounting?? If so do you have a copy that you modified? Thanks Marco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Web Interface -- radius.cgi
On Thu, 9 Sep 2004, Marco C. Coelho wrote: I've searched the archives and didn't find much on web interfaces. We're trying to move from IC-Radius to FreeRadius. We looked at DialupAdmin and didn't think the interface would work well with our front office staff. Could you explain why you don't think it can work well? dialupadmin was designed for and is being used by helpdesks. Does anyone use IC-Radius radius.cgi to maintain the mysql users database and accounting?? If so do you have a copy that you modified? Thanks Marco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SegFault/missing libssl for EAP/TLS
Robert Schultz [EMAIL PROTECTED] wrote: I am a bit confused about the openssl-dirs, as /usr/local/openssl/lib is empty. Then you probably don't have the right version of OpenSSL installed. What is supposed to be inside the path mentioned in CFLAGS (or --with-openssl-[libraries/includes]? Maybe I can figure out the right path that way... It's the path where ssh.h exists. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radutmp is not written
[EMAIL PROTECTED] wrote: But if I'm using Multilink PPP, then in 9 of 10 cases I'm still allowed to use both channels - and that's not want I want. That's multilink, and logically only 1 session. I searched and found the parameter Port-Limit, but it seems, that it this doesn't have any effect. I'd say your NAS has problems, then. You may also be able to detect multilink logins via attributes in the Access-Request packet, check that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LDAP (continued...)
Title: LDAP (continued...)
My Windows 2000 domain is office.netsystems.pt. The user I'm using is administrator.
Is this wrong?
ldap {
server = 192.168.2.1
identity = cn=administrator,dc=office,dc=netsystems,dc=pt
password = password
basedn = dc=office,dc=netsystems,dc=PT
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
()
}
Something is wrong because I'm getting:
rlm_ldap: LDAP login failed: check identity, password settings in ldap section of radiusd.conf
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns fail for request 0
What should I change to correct this problem?
Thanks.
Regards,
Hugo Sousa
Re: LDAP (continued...)
viva,
On Thu, 9 Sep 2004 19:06:22 +0100
Hugo Sousa [EMAIL PROTECTED] wrote:
My Windows 2000 domain is office.netsystems.pt. The user I'm using is
administrator.
Is this wrong?
ldap {
server = 192.168.2.1
identity = cn=administrator,dc=office,dc=netsystems,dc=pt
password = password
if you are using password, try to use just password without
basedn = dc=office,dc=netsystems,dc=PT
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
(
)
}
Something is wrong because I'm getting:
rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns fail for request 0
What should I change to correct this problem?
Thanks.
Regards,
Hugo Sousa
pgpBXeJJyXz7z.pgp
Description: PGP signature
Re: Web Interface -- radius.cgi
Kostas Kalevras wrote: On Thu, 9 Sep 2004, Marco C. Coelho wrote: I've searched the archives and didn't find much on web interfaces. We're trying to move from IC-Radius to FreeRadius. We looked at DialupAdmin and didn't think the interface would work well with our front office staff. Could you explain why you don't think it can work well? dialupadmin was designed for and is being used by helpdesks. ** Believe it or not, it is too detailed. A simple front end helps to minimize our front end staff errors. We also like to limit users to different levels of access. Login one way and all you can do is add users. Log in another way, and you can also delete users. Yet another level allows access to Groups. When we had wide open access (as radius.cgi does by default), we were put out of service twice by someone deleting a group instead of removing the group from the user. It was still much better than editing a flat file. We will eventually (this year I hope) integrate our business database with the sql server. This will solve most issues. Marco Does anyone use IC-Radius radius.cgi to maintain the mysql users database and accounting?? If so do you have a copy that you modified? Thanks Marco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP (continued...)
I'm using the Domain ADMINISTRATOR account, so it should have access to everything.
I think the problem is in one of this lines:
identity = cn=administrator,dc=office,dc=netsystems,dc=pt
password = password
basedn = dc=office,dc=netsystems,dc=PT
Is the syntax incorrect? My domain is called office.netsystems.pt.
-Original Message-
From: [EMAIL PROTECTED] on behalf of Dustin Doris
Sent: Thu 9/9/2004 7:40 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: LDAP (continued...)
My Windows 2000 domain is office.netsystems.pt. The user I'm using is
administrator.
Does this user actually exist in your ldap directory with that password?
You will need to find a user that exists in your AD that has read access
to the part of the tree your users are in.
Is this wrong?
ldap {
server = 192.168.2.1
identity = cn=administrator,dc=office,dc=netsystems,dc=pt
password = password
basedn = dc=office,dc=netsystems,dc=PT
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
(.)
}
Something is wrong because I'm getting:
rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns fail for request 0
What should I change to correct this problem?
Thanks.
Regards,
Hugo Sousa
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
winmail.dat
radiusd only starting a single instance?
OS: Debian Linux 3.0
Freeradius version: snapshot-20040506 snapshot-20040909
For some reason, radiusd has decided to run in a single instance,
instead of starting multiple servers.
Here is the relevant thread-pool configuration from radiusd.conf:
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 5
max_spare_servers = 10
max_requests_per_server = 0
}
I've never touched this configuration, so this must be the default.
And my ps ax output:
26028 ?S 0:00 /usr/local/sbin/radiusd -d /etc/raddb
15096 ?S 0:00 /usr/local/sbin/radiusd -d /etc/raddb.global
This only shows single instances of the two installations I have.
Running the server normally before today resulted in the correct number
of servers starting up (5).
Are there any other settings within radiusd.conf that are relevant to
the number of
servers started?
Thanks,
James
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cant Get Called Number
Hi Every,
I have a problem with getting called number
Here is my radius debug log
Acct-Session-Id = 0006AFF5
Calling-Station-Id = 5357879878
Called-Station-Id = 35
h323-setup-time = h323-setup-time=*09:20:26.801 UTC Thu Apr 11
2002
h323-gw-id = h323-gw-id=Ankara.
h323-conf-id = h323-conf-id=31AAF1CC 4C6411D6 B9600011 20312620
h323-call-origin = h323-call-origin=originate
h323-call-type = h323-call-type=VoIP
Cisco-AVPair = h323-incoming-conf-id=31AAF1CC 4C6411D6 B9600011
20312620
Cisco-AVPair = subscriber=RegularLine
Cisco-AVPair = session-protocol=cisco
Cisco-AVPair = gw-rxd-cdn=ton:2,npi:1,#:5922112925
I cant get called number (5922112925 )
Here is my sql.conf accounting queries
These are standart queries
accounting_onoff_query = UPDATE ${acct_table1} SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDela
y = %{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S'
accounting_update_query = UPDATE ${acct_table1} SET FramedIPAddress
= '%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-
Address}' AND AcctStopTime = 0
accounting_start_query = INSERT into ${acct_table1} (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, Acct
Authentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctSto
pDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', '%S', '0', '0', '%{Acct-Authentic}', '%{Connect-I
nfo}', '', '0', '0', '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
'%{Service-Type}', '%{Framed-Protocol}', '%{Framed-IP-Address}',
'%{Acct-Delay-Time}', '0')
accounting_start_query_alt = UPDATE ${acct_table1} SET
AcctStartTime = '%S', AcctStartDelay = '%{Acct-Delay-Time}',
ConnectInfo_start = '%{Connect-Info}' WHERE AcctSessionId =
'%{Acct-Session-Id}'
AND UserName = '%{SQL-User-Name}' AND NASIPAddress = '%{NAS-IP-Address}' AND
AcctStopTime = 0
accounting_stop_query = UPDATE ${acct_table2} SET AcctStopTime =
'%S', AcctSessionTime = '%{Acct-Session-Time}', AcctInputOctets =
'%{Acct-Input-Octets}', AcctOutputOctets = '%{Acct-Output-Octets}',
AcctTerminateCause = '%{Acct-Terminate-Cause}', AcctStopDelay =
'%{Acct-Delay-Time}', ConnectInfo_stop = '%{Connect-Info}' WHERE
AcctSessionId = '%{Acct-Session-Id}' AND UserName = '%{SQL-User-Name}' AND
NA
SIPAddress = '%{NAS-IP-Address}' AND AcctStopTime = 0
accounting_stop_query_alt = INSERT into ${acct_table2} (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, A
cctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets,
AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause,
ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, Acct
StopDelay) values('', '%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', '%{NAS-Port}',
'%{NAS-Port-Type}', DATE_SUB('%S',INTERVAL (%{Acct-Session-Time:-0
} + %{Acct-Delay-Time:-0}) SECOND), '%S', '%{Acct-Session-Time}',
'%{Acct-Authentic}', '', '%{Connect-Info}', '%{Acct-Input-Octets}',
'%{Acct-Output-Octets}', '%{Called-Station-Id}', '%{Calling-Station-Id}',
'%{Acct-Terminate-Cause}', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '0', '%{Acct-Delay-Time}')
I tried to get called number from Cisco-AVPair attribute
with
, '%{Cisco-AVPair}', '%{Calling-Station-Id}',
And
%{gw-rxd-cdn=ton:2,npi:1,#:}, '%{Calling-Station-Id}',
But i cant get called number
Anyone have a idea for this problem
Thanks for all helps
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP (continued...)
On Thu, 9 Sep 2004, sousa.hugo wrote:
I'm using the Domain ADMINISTRATOR account, so it should have access to everything.
I think the problem is in one of this lines:
identity = cn=administrator,dc=office,dc=netsystems,dc=pt
password = password
basedn = dc=office,dc=netsystems,dc=PT
Yes that is where the problem is.
Is the syntax incorrect? My domain is called office.netsystems.pt.
The syntax is correct. However, are you sure that is the correct info for
that user? Do you have access to an ldap browser on that machine that
will show the tree for you?
-Original Message-
From: [EMAIL PROTECTED] on behalf of Dustin Doris
Sent: Thu 9/9/2004 7:40 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: LDAP (continued...)
My Windows 2000 domain is office.netsystems.pt. The user I'm using is
administrator.
Does this user actually exist in your ldap directory with that password?
You will need to find a user that exists in your AD that has read access
to the part of the tree your users are in.
Is this wrong?
ldap {
server = 192.168.2.1
identity = cn=administrator,dc=office,dc=netsystems,dc=pt
password = password
basedn = dc=office,dc=netsystems,dc=PT
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
(.)
}
Something is wrong because I'm getting:
rlm_ldap: LDAP login failed: check identity, password settings in ldap
section of radiusd.conf
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns fail for request 0
What should I change to correct this problem?
Thanks.
Regards,
Hugo Sousa
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LDAP (continued...)
I don't have an LDAP browser.
It's a simple Windows 2000 Server with AD installed.
How can I install the LDAP browser so that my FR works? Please give me an ideia :-)
-Original Message-
From: [EMAIL PROTECTED] on behalf of Dustin Doris
Sent: Fri 9/10/2004 1:27 AM
To: [EMAIL PROTECTED]
Cc:
Subject: RE: LDAP (continued...)
On Thu, 9 Sep 2004, sousa.hugo wrote:
I'm using the Domain ADMINISTRATOR account, so it should have access to
everything.
I think the problem is in one of this lines:
identity = cn=administrator,dc=office,dc=netsystems,dc=pt
password = password
basedn = dc=office,dc=netsystems,dc=PT
Yes that is where the problem is.
Is the syntax incorrect? My domain is called office.netsystems.pt.
The syntax is correct. However, are you sure that is the correct info for
that user? Do you have access to an ldap browser on that machine that
will show the tree for you?
-Original Message-
From: [EMAIL PROTECTED] on behalf of Dustin Doris
Sent: Thu 9/9/2004 7:40 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: LDAP (continued...)
My Windows 2000 domain is office.netsystems.pt. The user I'm using
is
administrator.
Does this user actually exist in your ldap directory with that
password?
You will need to find a user that exists in your AD that has read
access
to the part of the tree your users are in.
Is this wrong?
ldap {
server = 192.168.2.1
identity =
cn=administrator,dc=office,dc=netsystems,dc=pt
password = password
basedn = dc=office,dc=netsystems,dc=PT
filter = (uid=%{Stripped-User-Name:-%{User-Name}})
# base_filter = (objectclass=radiusprofile)
(.)
}
Something is wrong because I'm getting:
rlm_ldap: LDAP login failed: check identity, password settings in
ldap
section of radiusd.conf
rlm_ldap: (re)connection attempt failed
rlm_ldap: search failed
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap returns fail for request 0
What should I change to correct this problem?
Thanks.
Regards,
Hugo Sousa
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
winmail.dat
Re: rlm_ippool and NAS-Port missing in access-request
I can live without it. Already. -- Alexander Alan DeKok wrote: [EMAIL PROTECTED] wrote: Well, this exactly what I'd like to do: to build a one and to get it working... But I need some help from developers. So who wants cooperate ? Any help/hints are welcome http://lists.cistron.nl/pipermail/freeradius-users/2004-June/032911.html Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
