authentication problem
I am currently using freeradius to hotspot service. i have a trouble when authenticate user. For username i used handphone number (example : +65994567), this is based on policy. When i try to login user with that username it was failed. I try to debug, the result is the '+' sign was change to HEXA mode '2B'. I dont have any idea but this. Hope anyone can help me... Thanks, my2 Debug result : cut modcall[authorize]: module auth_log returns ok for request 9 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 9 modcall[authorize]: module mschap returns noop for request 9 rlm_realm: No '@' in User-Name = +123, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 9 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 9 users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok for request 9 radius_xlat: '=2B123' rlm_sql (sql): sql_set_user escaped user -- '=2B123' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '=3D2B123' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): User =2B123 not found in radcheck radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '=3D2B123' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '=3D2B123' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): User =2B123 not found in radgroupcheck rlm_sql (sql): User not found rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns notfound for request 9 modcall: group authorize returns ok for request 9 rad_check_password: Found Auth-Type CHAP auth: type CHAP Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 9 rlm_chap: login attempt by +123 with CHAP password rlm_chap: Could not find clear text password for user +123 modcall[authenticate]: module chap returns invalid for request 9 modcall: group Auth-Type returns invalid for request 9 auth: Failed to validate the user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: i want to add new attributs
Thanks Alan. That's why radrelay sets Acct-Delay-Time, so that the timestamp of the original request can be calculated as received packet time - Acct-Delay-Time I didn't know radrelay could do that. This may sound strange, but does it do this automatically without any intervention, or does it need to be set manually? The reason I ask is that the logged AcctStartTime and AcctStopTime differs (by up to 2mins) on the secondary radius server. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Microsoft SQL 2000 interface
All, Sorry to have to bring up the M word, but that's what we have - Microsoft SQL 2000 interfacing with Platypus and Radiator. I searched the FAQ and archives and found no reference to a Microsoft SQL interface. Can I populate my Microsoft SQL DB with freeRadius? If so, how? Thanks, Cliff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on FreeRADIUS digest authentication with SIP proxy
Thanks Philippe. It works for me as well. I will also let people on serusers and openser-users mailing lists to know. Without your patch, AFATK, the password has to be in clear text form if using RADIUS to do the authentication. Thanks again. On 10/12/05, Philippe Sultan [EMAIL PROTECTED] wrote: Hi, Chen. There is ongoing discussion on this topic : http://lists.freeradius.org/pipermail/freeradius-users/2005-October/047606.html You might also want to check this, for information related to digest authentication with RADIUS and LDAP : http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html Bye, Philippe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Microsoft SQL 2000 interface
Yes it can be done. Do you have freeradius talking to the MSSQL db yet? Duane Cox - Original Message - From: Cliff Hayes [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Wednesday, October 12, 2005 8:56 AM Subject: Microsoft SQL 2000 interface All, Sorry to have to bring up the M word, but that's what we have - Microsoft SQL 2000 interfacing with Platypus and Radiator. I searched the FAQ and archives and found no reference to a Microsoft SQL interface. Can I populate my Microsoft SQL DB with freeRadius? If so, how? Thanks, Cliff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho
Madhvi Gokool [EMAIL PROTECTED] wrote: When first testing the freeradius server, radwho still showed users as connected when infact they had disconnected. If the server doesn't receive an accounting stop message, it doesn't know they've disconnected. I managed to have the server up and running properly but the above entries are causing problems when I restrict Simultaneous use for user steve. What should I do to remove those entries.? Use checkrad, so Simultaneous-Use will double-check those entries. Or, radzap. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: authentication problem
[EMAIL PROTECTED] wrote: I am currently using freeradius to hotspot service. i have a trouble when authenticate user. For username i used handphone number (example : +65994567), this is based on policy. When i try to login user with that username it was failed. I try to debug, the result is the '+' sign was change to HEXA mode '2B'. I dont have any idea but this. Hope anyone can help me... See safe-characters in sql.conf. Certain characters are treated as special by SQL, and escaped. You *don't* want people logging in with usernames like SELECT * from ... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Diameter Server
Ashwin Gobind [EMAIL PROTECTED] wrote: Hi all. Does anyone know of a stable implantation of a Diameter server ? No. There's wire diameter, which was a student project in Taiwan, from what I recall. But there's no real open source diameter server. Why do you need a diameter server? Are there any diameter clients you're using? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on FreeRADIUS digest authentication with SIP proxy
ok Cheng. Note that it should be fixed in the CVS version within a few days, without changing the configuration of rlm_digest. The MD5-Password (present in CVS) fits our need in this case, I will try to bring a fix next week including LDAP password pullout during authorization. Bye, Philippe On 10/12/05, Cheng Zhang [EMAIL PROTECTED] wrote: Thanks Philippe. It works for me as well. I will also let people onserusers and openser-users mailing lists to know. Without your patch, AFATK, the password has to be in clear text form if using RADIUS to dothe authentication.Thanks again.On 10/12/05, Philippe Sultan [EMAIL PROTECTED] wrote: Hi, Chen. There is ongoing discussion on this topic : http://lists.freeradius.org/pipermail/freeradius-users/2005-October/047606.html You might also want to check this, for information related to digest authentication with RADIUS and LDAP : http://www-rocq.inria.fr/who/Philippe.Sultan/Asterisk/asterisk_sip_external_authentication.html Bye, Philippe-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Microsoft SQL 2000 interface
Duane, No, I don't know where to start in that department. I'm in the inquiry stage now. Just trying to find out if it can be done. Is there a HOW-TO file somewhere? I just loaded a box with a fresh copy of Fedora 4 and freeRadius. I've been tasked with replacing Radiator, and freeRadius is the preferred path. This is my first stumbling block. Cliff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Duane Cox Sent: Wednesday, October 12, 2005 9:15 AM To: FreeRadius users mailing list Subject: Re: Microsoft SQL 2000 interface Yes it can be done. Do you have freeradius talking to the MSSQL db yet? Duane Cox - Original Message - From: Cliff Hayes [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Wednesday, October 12, 2005 8:56 AM Subject: Microsoft SQL 2000 interface All, Sorry to have to bring up the M word, but that's what we have - Microsoft SQL 2000 interfacing with Platypus and Radiator. I searched the FAQ and archives and found no reference to a Microsoft SQL interface. Can I populate my Microsoft SQL DB with freeRadius? If so, how? Thanks, Cliff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Microsoft SQL 2000 interface
We are using unixODBC and freetds to connect FreeRADIUS with MS-SQL. Unfortunately I couldn't find the how-to reference at hands. But it is not complicated anyway. May the Google be with you. :-) -- Cheng On 10/12/05 11:19 PM, Cliff Hayes [EMAIL PROTECTED] wrote: Duane, No, I don't know where to start in that department. I'm in the inquiry stage now. Just trying to find out if it can be done. Is there a HOW-TO file somewhere? I just loaded a box with a fresh copy of Fedora 4 and freeRadius. I've been tasked with replacing Radiator, and freeRadius is the preferred path. This is my first stumbling block. Cliff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using MySQL with Freeradius
Hi, I have got Freeradius working on a linux machine. It is authenticating users using a standard flat file in the /etc/raddb/users file. However, I now want to use MySQL to enter all the user criteria for authentication. Can someone help me with the following questions: 1) What is the schema of the MySQL database that has to be created 2) How do I include this database into the /etc/raddb/radiusd.conf file Many thanks in advance, Rgds, Sonesh Patel VC-NET 107-112 Leadenhall Street London EC3A 4AH Tel: 0207 398 3529 Fax: 0207 491 9511 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Microsoft SQL 2000 interface
Cliff Hayes [EMAIL PROTECTED] wrote: No, I don't know where to start in that department. I'm in the inquiry stage now. Just trying to find out if it can be done. Is there a HOW-TO file somewhere? http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/doc/mssql?rev=1.1content-type=text/x-cvsweb-markup I've been tasked with replacing Radiator, and freeRadius is the preferred path. That's good to hear. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [m0n0wall] RE: access for 24 hours after first login? need help
Hi all,
I use postgresql with freeradius 1.0.4 and it's been working well.
Then, The below topic got my attentioe interested and I tried my hand on
this query
sqlcounter validity {
counter-name = All-Hour-Used
check-name = Max-Hour-Used
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT current_timestamp - acctstarttime from
radacct WHERE UserName='%{%k}' LIMIT 1
}
but it only worked well. I tested it for 5 days all seems well.
However, my problem is that I want to set this against secs not hours and
this has not been successful.
I will be glad If someone can point me to a link aside postgresql manual to
accomplish that task.
Thank you
goksie
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of maruna
Sent: Thursday, October 06, 2005 7:50 PM
To: 'FreeRadius users mailing list'
Subject: RE: [m0n0wall] RE: access for 24 hours after first login?
It doesn't work on postgresql v7.4.6 that I tried it on.. however, I used
SELECT now() - AcctStartTime FROM radacct WHERE UserName = '%{%k}'
LIMIT 1;
And its ok
Thank you
goksie
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jonathan
De Graeve
Sent: Thursday, October 06, 2005 3:09 PM
To: Jonathan De Graeve; FreeRadius users mailing list
Cc: [EMAIL PROTECTED]
Subject: RE: [m0n0wall] RE: access for 24 hours after first login?
And here the query in case you don't like seconds ;)
SELECT HOUR(SEC_TO_TIME(UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime))) FROM radacct WHERE UserName = '%{%k}'
LIMIT 1;
Then All-Secs-Passed/Max-Secs-Passed should be
All-Hours-Passed/Max-Hours-Passed and Max-Hours-Passed specified in
Hours instead of seconds
Also note this is for MySQL. Don't know if it also works on oracle and
Postgres
--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
[EMAIL PROTECTED]
-Oorspronkelijk bericht-
Van: Jonathan De Graeve [mailto:[EMAIL PROTECTED]
Verzonden: donderdag 6 oktober 2005 15:51
Aan: FreeRadius users mailing list
CC: [EMAIL PROTECTED]
Onderwerp: [m0n0wall] RE: access for 24 hours after first login?
This is how I do this
Use SQLcounter module
Put this in sqlcounter.conf (expecting that sqlcounter is already
configged in the radiusd.conf)
sqlcounter validity {
counter-name = All-Secs-Passed
check-name = Max-Secs-Passed
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT UNIX_TIMESTAMP() -
UNIX_TIMESTAMP(AcctStartTime) secs_passed_since_start FROM radacct WHERE
UserName = '%{%k}' LIMIT 1
Create in the config dictionary file an attribute of Max-Secs-Passed
For example:
#ATTRIBUTE My-Local-String 3000string
#ATTRIBUTE My-Local-IPAddr 3001ipaddr
#ATTRIBUTE My-Local-Integer3002integer
ATTRIBUTE Max-Secs-Passed 3000 integer
In radiusd.conf:
Authorize {} section:
Put this: validity
The Max-Secs-Passed var is defined in seconds. So if you want a user
only to be able to logon in the first 24hours after his first logon,
Max-Secs-Passed should be set to 86400 (60secs * 60minutes * 24)
Hope this helps the question I think many people will have.
You could use other check or counter-names, its just an example
You also could combine this with volume limits, max total session time
etc...
Kind Regards
--
Jonathan De Graeve
Network/System Administrator
Imelda vzw
Informatica Dienst
015/50.52.98
[EMAIL PROTECTED]
-Oorspronkelijk bericht-
Van: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Namens Markus
Krause
Verzonden: donderdag 6 oktober 2005 12:57
Aan: freeradius-users@lists.freeradius.org
Onderwerp: Re: access for 24 hours after first login?
Zitat von Alan DeKok [EMAIL PROTECTED]:
Markus Krause [EMAIL PROTECTED] wrote:
i set up freeradius succesfully for authentification against pam and
users
file
:-)
Please don't use authentification. It's authentication.
sorry for my poor english, it's not my mother-tongue ...
now i want to enhance the functionality about the following feature:
setting up several predefined (guest) accounts with a generated
username
and
password. this account should be valid from the first time it is
used
(first
login) for 24 hours (or even better until 23:59 that day).
rlm_counter. Set it for 24 hours of access, and reset=never.
i read about this, but does this not mean that the user has an online
time of 24
hours (or whatever i set in Max-All-Session-Time), so he can login until
he has
been active for 24 hours in sum?
thanks in advance for your help!
markus
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Markus Krause email: [EMAIL PROTECTED]
Computing Center
Re: Using MySQL with Freeradius
Hi,
I have got Freeradius working on a linux machine. It is authenticating
users using a standard flat file in the /etc/raddb/users file.
However, I now want to use MySQL to enter all the user criteria for
authentication. Can someone help me with the following questions:
1) What is the schema of the MySQL database that has to be created
radiusd/src/modules/rlm_sql/rlm_sql_mysql/
there is the .sql schema for MySQL
2) How do I include this database into the /etc/raddb/radiusd.conf file
read the docs/rlm_sql file. you need to activate the sql{} parts of code
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Diameter Server
err.. umm.. there is the OpenDiameter project which is more of a tool kit, but you can put together a server from it. A number of people have. http://www.opendiameter.org/ And there are a couple commerical servers; including HP and Interlink Dave. - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Subject: Re: Diameter Server Date: Wed, 12 Oct 2005 10:43:21 -0400 Ashwin Gobind [EMAIL PROTECTED] wrote: Hi all. Does anyone know of a stable implantation of a Diameter server ? No. There's wire diameter, which was a student project in Taiwan, from what I recall. But there's no real open source diameter server. Why do you need a diameter server? Are there any diameter clients you're using? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Diameter Server
David Mitton [EMAIL PROTECTED] wrote: there is the OpenDiameter project which is more of a tool kit, but you can put together a server from it. A number of people have. http://www.opendiameter.org/ Yes, and Wire diameter is a server that's based on OpenDiameter. And there are a couple commerical servers; including HP and Interlink Are there *clients*? I can't think of a widely used diameter client, which makes the server implementations less than useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is there a way to get the responses to ONLY your posting on this mailing list??
Is there a way to get the responses to ONLY your posting on this mailing list?? I looked into various options. Looks like there's a disable Option which will disable all posts to this mailing list. --- Alan DeKok [EMAIL PROTECTED] wrote: David Mitton [EMAIL PROTECTED] wrote: there is the OpenDiameter project which is more of a tool kit, but you can put together a server from it. A number of people have. http://www.opendiameter.org/ Yes, and Wire diameter is a server that's based on OpenDiameter. And there are a couple commerical servers; including HP and Interlink Are there *clients*? I can't think of a widely used diameter client, which makes the server implementations less than useful. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Yahoo! Music Unlimited Access over 1 million songs. Try it free. http://music.yahoo.com/unlimited/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS - FreeBSD - Segmentation fault
Just wondering if you've had any luck? I just installed freeradius 1.0.5 from the ports tree (it was finally updated) on a freebsd 5.4 jail and its starting up for me. I've got to run to a meeting now, but I will be testing it later with actual data. -Dusty - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin - problem with users
On Wed, 12 Oct 2005, Matt Vollmar wrote: Hi, I searched the archives briefly, but I wasn't sure how to even phrase this issue. I have Freeradius authenticating Chillispot through a MySQL DB. One of the features of Chillispot is to authenticate based on MAC address first before checking username. This sends the MAC as Username and a pre-determined password. I have this working fine, but the problem is that Dialup Admin will not accept usernames with dashes in them. Every time I try to edit a user like 00-0E-35-A8-25-9F, it changes the name to 000E35A8259F which of course does not exist. Anyone know of a quick fix for this? If not, I will send some patches for this and a few other problems I found with Dialup Admin. I just hate delving into a project like this when there is the possibility of a fix existing. See conf/config.php3 and preg_replace on the $login variable. Though in the latest version '-' is also accepted. Hope this helps Thanks, Matt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl %RAD_REPLY issue
Hi Folks,
trying to run version 1.0.4 on Debian sarge..
export LD_PRELOAD=/usr/lib/libperl.so.5.8; freeradius -X
(to account for known debian weirdness)
using rlm_perl like so...
sub authorize {
$RAD_REPLY{'Max-Total-Octets'} = xxx600;
log_request_attributes;
log_reply_attributes;
log_check_attributes;
return RLM_MODULE_UPDATED;
}
and getting the following error on STDOUT...
rlm_perl: ERROR: Failed to create pair Max-Total-Octets = 600
googled around, but can't see anything? other attribs in sql
radgroupcheck table are working fine (also using rlm_sql). I took a look
at the source code, but I'm not really a coder, and couldn't follow it
too easily. However, all I can see is that the following is failing in
rlm_perl.c
vpp = pairmake(key, val, T_OP_EQ);
if (vpp != NULL) {
pairadd(vp, vpp);
radlog(L_DBG,
rlm_perl: Added pair %s = %s, key, val);
return 1;
} else {
radlog(L_DBG,
rlm_perl: ERROR: Failed to create pair %s = %
s,
key, val);
}
can anyone point me in the right direction? just going to try version
1.0.5 in the meantime :)
-Thanks Max.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl %RAD_REPLY issue
On Thu, 2005-10-13 at 15:08 +1300, Max Lock wrote: Hi Folks, trying to run version 1.0.4 on Debian sarge.. Nope, fails on 1.0.5 too :( also disregard the 3 x's in the attribute I was trying to pass, was just testing to see if it was an integer vs string type issue... -Cheers Max. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
