Table radacct is empty
Hi, I've installed freeradius 1.1.1 on a Debian Sarge distribution, and the connection works fine with my wireless windows XP client but I have a problem to get information into radacct table in my mysql database. Does anyone get solution for this ? Rq : I use a Dlink-DWL-2000AP+ as Acces Point Regards, Vincent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Load-balance and Auth-Type
Hi all
I have this scenario: 2 radius servers must point to 2 ldap servers with a
load-balancing and fault-tolerant configuration.
I tried to implement this on one of the radius servers this way:
modules {
ldap ldap1 {
...
authtype = ldap #added later but seems not to work
}
ldap ldap2 {
...
authtype = ldap #added later but seems not to work
}
}
authorize {
preprocess
load-balance { # between two redundant sections below
redundant {
ldap1
ldap2
}
redundant {
ldap2
ldap1
}
}
}
authenticate {
Auth-Type LDAP {
load-balance { # between two redundant sections
below
redundant {
ldap1
ldap2
}
redundant {
ldap2
ldap1
}
}
}
but if i try to authenticate a user i see this in debug:
rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX:25702, id=169,
length=77
User-Name = XX
User-Password = XX
NAS-IP-Address = XXX.XXX.XXX.XXX
NAS-Identifier = login
NAS-Port = 24677
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall: entering load-balance group for request 0
modcall: entering group redundant for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for XXX
radius_xlat: '(uid=XXX)'
radius_xlat: 'dc=XXX,dc=XX'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to XXX.XXX.XXX.XXX:389, authentication 0
rlm_ldap: bind as / to XXX.XXX.XXX.XXX:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=XXX,dc=XX, with filter (uid=XXX)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusServiceType as Service-Type, value Shell-User op=11
rlm_ldap: extracted attribute Cisco-AVPair from generic item
cisco-avpair=shell:priv-lvl=15
rlm_ldap: user futhwo authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module ldap1 returns ok for request 0
modcall: leaving group redundant (returns ok) for request 0
modcall: load-balance group returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 169 to XXX.XXX.XXX.XXX port 25702
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 169 with timestamp 44212404
Nothing to do. Sleeping until we see a request.
If i keep only 1 module,call it simply ldap and give up on load balancing
everything works ok. How can i resolv this issue?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on 1.0.5)
Hello All, I've seen many topics about that problem but no one of them has solved my problem. I'm trying to upgrade my 1.0.5 Freeradius server to 1.1.1 on my Solaris 8 system but it fails to find mysql libs. On the same server, I use the same configure scripts options: ./configure --localstatedir=/var --with-logdir=/var/log/radius/log --with-radacctdir=/var/log/radius/radacct --with-mysql-lib-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc/l- ib --with-mysql-include-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-spa- rc/include --with-mysql-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc It works for 1.0.5 but not for 1.1.1 (and also KO for 1.1.0): configuring in ./drivers/rlm_sql_mysql running /bin/sh ./configure --localstatedir=/var --with-logdir=/var/log/radius/log --with-radacctdir=/var/log/radius/radacct --with-mysql-lib-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc/l- ib --with-mysql-include-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-spa- rc/include --with-mysql-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc --enable-ltdl-install --cache-file=../../../../.././config.cache --srcdir=. loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for mysql_config... (cached) no checking for pthread_create in -lpthread... (cached) yes checking for mysql_init in -lmysqlclient_r... no configure: warning: mysql libraries not found. Use --with-mysql-lib-dir=path. checking for mysql/mysql.h... yes configure: warning: sql submodule 'mysql' disabled creating ./config.status creating Makefile creating config.h config.h is unchanged Best regards -- Disclaimer Ce message ainsi que les eventuelles pieces jointes constituent une correspondance privee et confidentielle a l'attention exclusive du destinataire designe ci-dessus. Si vous n'etes pas le destinataire du present message ou une personne susceptible de pouvoir le lui delivrer, il vous est signifie que toute divulgation, distribution ou copie de cette transmission est strictement interdite. Si vous avez recu ce message par erreur, nous vous remercions d'en informer l'expediteur par telephone ou de lui retourner le present message, puis d'effacer immediatement ce message de votre systeme. *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Want to use 2 different authentication-methods
I use freeradius 1.0.5 for a special NAS I want to use 2 user databases. requests from nas-special should first verified per sql If and only if sql does not verify the user try pam. In users I have: # new DEFAULT NAS-IP-Address == special, Autz-Type := SQL Idle-Timeout = 3600, Session-Timeout= 7200, Fall-Through = yes end new begin old config: works DEFAULT Auth-Type = Pam Service-Type = Framed-User, Nomadix-Bw-Up = 128, Fall-Through = yes ### end old config ### begin new config # pam-authentified users from ssg get Ainternet-attribute DEFAULT NAS-IP-Address == special Service-Type = Framed-User, Idle-Timeout = 3600, Session-Timeout= 7200, Cisco-Account-Info += KW0, Fall-Through = yes ### end new config But with this users who are verified by sql are also checked against pam. Do you have some tips? Output from radiusd -X: rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns ok for request 0 modcall: group Autz-Type returns ok for request 0 rad_check_password: Found Auth-Type Pam auth: type PAM Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 pam_pass: using pamauth string radius for pam.conf lookup pam_pass: function pam_authenticate FAILED for test. Reason: Permission denied modcall[authenticate]: module pam returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Grüße Hans-Peter Fuchs Hans-Peter Fuchs - RZKR, Zimmer 20 Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK Universität zu Köln - Tel: 0221-470-6972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Table radacct is empty
Did u authorize SQL in accounting section? -Original Message- From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of Vincent MARGUERIE Sent: Wednesday, March 22, 2006 4:14 AM To: freeradius Subject: Table radacct is empty Hi, I've installed freeradius 1.1.1 on a Debian Sarge distribution, and the connection works fine with my wireless windows XP client but I have a problem to get information into radacct table in my mysql database. Does anyone get solution for this ? Rq : I use a Dlink-DWL-2000AP+ as Acces Point Regards, Vincent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on1.0.5)
I've Installed Generic Static Developer RPMs and then compiled FreeRadius, and works fine... -Original Message- From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of Philippe JOYEZ Sent: Wednesday, March 22, 2006 9:09 AM To: freeradius-users@lists.freeradius.org Subject: Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on1.0.5) Hello All, I've seen many topics about that problem but no one of them has solved my problem. I'm trying to upgrade my 1.0.5 Freeradius server to 1.1.1 on my Solaris 8 system but it fails to find mysql libs. On the same server, I use the same configure scripts options: ./configure --localstatedir=/var --with-logdir=/var/log/radius/log --with-radacctdir=/var/log/radius/radacct --with-mysql-lib-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc/l- ib --with-mysql-include-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-spa- rc/include --with-mysql-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc It works for 1.0.5 but not for 1.1.1 (and also KO for 1.1.0): configuring in ./drivers/rlm_sql_mysql running /bin/sh ./configure --localstatedir=/var --with-logdir=/var/log/radius/log --with-radacctdir=/var/log/radius/radacct --with-mysql-lib-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc/l- ib --with-mysql-include-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-spa- rc/include --with-mysql-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc --enable-ltdl-install --cache-file=../../../../.././config.cache --srcdir=. loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for mysql_config... (cached) no checking for pthread_create in -lpthread... (cached) yes checking for mysql_init in -lmysqlclient_r... no configure: warning: mysql libraries not found. Use --with-mysql-lib-dir=path. checking for mysql/mysql.h... yes configure: warning: sql submodule 'mysql' disabled creating ./config.status creating Makefile creating config.h config.h is unchanged Best regards -- Disclaimer Ce message ainsi que les eventuelles pieces jointes constituent une correspondance privee et confidentielle a l'attention exclusive du destinataire designe ci-dessus. Si vous n'etes pas le destinataire du present message ou une personne susceptible de pouvoir le lui delivrer, il vous est signifie que toute divulgation, distribution ou copie de cette transmission est strictement interdite. Si vous avez recu ce message par erreur, nous vous remercions d'en informer l'expediteur par telephone ou de lui retourner le present message, puis d'effacer immediatement ce message de votre systeme. *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Doubt regarding sql.conf
Hello guys I am trying to modify the query for authorization in sql.conf file. I will let you know what I exactly want I want to authenticate users based on the CLID and the remote ip address. The problem is that the remote address has to be searched from a set of ips. I will give you a example Suppose that we have a user 9204 and the call for this particular user has to come from a set of ips like 222.223.33.24 or 33.44.334.44 and many more. the user will be authenticated only when the ani is 9204 and the ip is either of these only. But I am not sure how to modify the query or is there something else That I need to do.. Vignesh [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on 1.0.5)
Philippe JOYEZ [EMAIL PROTECTED] wrote: I'm trying to upgrade my 1.0.5 Freeradius server to 1.1.1 on my Solaris 8 system but it fails to find mysql libs. On the same server, I use the same configure scripts options: Use: $ LIBS=-lm -lz ./configure Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hello guys This is Vignesh here. I have just started with RADIUS. We are planning to build a VoIP billing system using Free RADIUS and Oracle as the backend and using CISCO IPIP gateway . We were planning to implement both postpaid and prepaid scenario. I believe most of you must be doing the same thing. So far we were working on PostPaid Solution. There some problems that we are facing 1. we are using triggers to do the accounting of the call. i.e. calculating the rates etc for that particular call. There many users who can call from either using gateway or using soft phones, hard phones etc. the problem is that while accounting using the trigger, there is no single column from where we can identify the user. The user can be accounted based on his ani or his remote gateway. Also we want multi leg accounting. 2. also we would like to know how we can build a prepaid solution. What are the changes that needs to be done for doing the same. Vignesh [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on1.0.5)
It works for 1.0.5 but not for 1.1.1 (and also KO for 1.1.0): [...] checking for mysql_init in -lmysqlclient_r... no configure: warning: mysql libraries not found. Use --with-mysql-lib-dir=path. checking for mysql/mysql.h... yes I had the same problem yesterday. You have to recompile mysql with --enable-thread-safe-client Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap_tls sometimes fails to read files after HUP
Hi I have just upgraded to FreeRADIUS 1.1.1 after previously using the 1.0.1 RedHat package. At first startup it works fine but sometimes when the server receives a HUP signal (we do this every 15 mins) to re-read the config files I am getting the following errors :- Wed Mar 22 16:48:45 2006 : Info: Reloading configuration files. Wed Mar 22 16:48:47 2006 : Info: rlm_eap_tls: Loading the certificate file as a chain Wed Mar 22 16:48:47 2006 : Error: rlm_eap_tls: Error reading certificate file Wed Mar 22 16:48:47 2006 : Error: rlm_eap: Failed to initialize type tls Wed Mar 22 16:48:47 2006 : Error: radiusd.conf[9]: eap: Module instantiation failed. Wed Mar 22 16:48:47 2006 : Error: radiusd.conf[1719] Unknown module eap. Wed Mar 22 16:48:47 2006 : Error: radiusd.conf[1666] Failed to parse authenticate section. At this point I have to restart. As I said this only happens sometimes, at other times it is successful and I just get this :- Wed Mar 22 16:47:36 2006 : Info: Reloading configuration files. Wed Mar 22 16:47:36 2006 : Info: rlm_eap_tls: Loading the certificate file as a chain Wed Mar 22 16:47:37 2006 : Info: Ready to process requests. Could someone advise how to go about debugging this problem? Thanks Ben Thompson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
user not found in freeradius users file
hello all , i've got a vpn server which make authentication to a freeradius server. the user someone is authenticated (file users of freeradius) when tested locally via radtest, but not when the request comes from nas box in first case , the user is found in file users of freeradius at line 227 , and in the second case the same user isn't found in file. instead, the user is searched in system (/etc/passwd). why the user isn't found in file users of freeradius ? thanks . [EMAIL PROTECTED] raddb]# radtest someone thepass localhost 0 secret Sending Access-Request of id 161 to 127.0.0.1 port 1812 User-Name = someone User-Password = thepass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Request packet from host 127.0.0.1:35045, id=161, length=59 User-Name = someone User-Password = thepass NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module chap returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 1 rlm_realm: No '@' in User-Name = someone, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry someone at line 227 modcall[authorize]: module files returns ok for request 1 modcall[authorize]: module mschap returns noop for request 1 modcall: leaving group authorize (returns ok) for request 1 rad_check_password: Found *Auth-Type Local* auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [someone/thepass] (from client localhost port 0) Sending Access-Accept of id 161 to 127.0.0.1 port 35045 == [EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host 192.168.10.1:1025, id=181, length=156 User-Name = someone User-Password = thepass NAS-Port = 546 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = 191.254.137._ Calling-Station-Id = 66.147.66.24_ Tunnel-Client-Endpoint:0 = 66.147.66.24_ NAS-IP-Address = 192.168.10.1 NAS-Port-Type = Virtual Cisco-AVPair = ip:source-ip=66.147.66.24_ Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module preprocess returns ok for request 2 modcall[authorize]: module chap returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 2 rlm_realm: No '@' in User-Name = someone, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 users: Matched entry DEFAULT at line 183 modcall[authorize]: module files returns ok for request 2 modcall[authorize]: module mschap returns noop for request 2 modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found *Auth-Type System* auth: type System Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 modcall[authenticate]: module unix returns notfound for request 2 modcall: leaving group authenticate (returns notfound) for request 2 auth: *Failed *to validate the user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
request object pointer offset
I am having some difficulty accessing the data in the request object inside
my module. It seems the pointers are offset ...
inside the authenticate method of my module
...
DEBUG (MYMODULE: request-config_items-name = %s,
request-config_items-name);
DEBUG (MYMODULE: request-config_items-strvalue = %s,
request-config_items-strvalue);
if (!request-username)
{
DEBUG (MYMODULE: no username found\n);
}
else
{
DEBUG (MYMODULE: request-username-strvalue = %s\n,
request-username-strvalue);
}
if (!request-password)
{
DEBUG (MYMODULE: no password found\n);
}
else
{
DEBUG (MYMODULE: request-password-strvalue = %s\n,
request-password-strvalue);
}
DEBUG (MYMODULE: request-number = %d\n, request-number);
return RLM_MODULE_REJECT;
...
and this is the output i get from radiusd -X
...
auth: type mymodule
Processing the authenticate section of radiusd.conf
modcall: entering group mymodule for request 0
MYMODULE: request-config_items-name = User-Name
MYMODULE: request-config_items-strvalue = testuser
MYMODULE: request-username-strvalue = test
MYMODULE: no password found
MYMODULE: request-number = 0
modcall[authenticate]: module mymodule returns reject for request 0
modcall: leaving group mymodule (returns reject) for request 0
auth: Failed to validate the user.
...
As you can see, the config_items VP* points to the User-name VP and the
username VP* points to the password and the password VB* is NULL. Any ideas
?
--
View this message in context:
http://www.nabble.com/request-object-pointer-offset-t1325410.html#a3537076
Sent from the FreeRadius - User forum at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user not found in freeradius users file
Bertrand Poulet [EMAIL PROTECTED] wrote: why the user isn't found in file users of freeradius ? Since you didn't post the users file entries, my suggestion is to: a) read the debug log to see the line numbers from the users file b) look at those entries by hand, to see why the packet matched or didn't. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load-balance and Auth-Type
Evil I_Am [EMAIL PROTECTED] wrote:
I have this scenario: 2 radius servers must point to 2 ldap servers with a
load-balancing and fault-tolerant configuration.
As of 1.1.0, you can do reduntant-load-balance. See
doc/configurable_failover. That makes the configuration a little
easier.
authenticate {
Auth-Type LDAP {
I'd suggest just listing ldap1 and ldap2. The authorization
stage does most of the work, so load balancing is more important
there. And as of 1.1.0, the modules will cause themselves to be
selected in the authenticate section, too. So you leverage the
authorize load balancing to do authentication load balancing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic module installation
jasonatx0001 [EMAIL PROTECTED] wrote: Is it possible to dynamically install a new module ? i.e. configure/make/install radius then compile a new module seperately and move its .so to the lib directory ? Yes. That's the intent behind the design. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: request object pointer offset
jasonatx0001 [EMAIL PROTECTED] wrote: I am having some difficulty accessing the data in the request object inside my module. It seems the pointers are offset ... Look at the definition of the REQUEST structure in src/include/radiusd.h. Why would all of the entries be offset by one entry? And notice you're using DEBUG macros... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Questions about FreeRadius proxy
Dovelet wrote:
Hi Phil Mayers,
Thank you of your reply. Do you mean the append the following into the
radius.conf or other files? I cannot start the radiusd after I append them
into the radius.conf file. Sorry, I am really new in FreeRadius. Thanks.
The entries listed are partial config fragments. Certainly appending
them won't work. You need to open up the radiusd.conf and go to the
section specified and merge them in:
# many
# lines
# of
# config
modules {
# some
# stuff
# here
# already
# ADD THIS
passwd userValid {
file = /etc/raddb/validusers
format = *User-Name:~Group
}
# probably some more stuff as well
}
authorize {
preprocess
# other
# modules
# ADD THIS
userValid
# users must come after
users
# maybe more modules
}
# rest
# of
# config
# file
The config file is quite liberally commented - if you spend some time
reading the default config, it should be quite obvious.
HTH
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic module installation
Thanks. Thats what I thought ... just wanted to make sure. -- View this message in context: http://www.nabble.com/dynamic-module-installation-t1325486.html#a3539698 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Frank Büttner wrote: Did you edit freeradius.spec ? yes. here the config part: %configure \ 103 --disable-static \ Don't use the --disable-static option, it's the cause of the message radeapclient.o: No such file or directory -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Want to use 2 different authentication-methods
On Wed, 2006-22-03 at 15:15 +0100, Hans-Peter Fuchs wrote: I use freeradius 1.0.5 for a special NAS I want to use 2 user databases. requests from nas-special should first verified per sql If and only if sql does not verify the user try pam. In users I have: # new DEFAULT NAS-IP-Address == special, Autz-Type := SQL Idle-Timeout = 3600, Session-Timeout= 7200, Fall-Through = yes end new begin old config: works DEFAULT Auth-Type = Pam Have you tried : DEFAULT NAS-IP-Address != special, Auth-Type = Pam ... Service-Type = Framed-User, Nomadix-Bw-Up = 128, Fall-Through = yes ### end old config ### begin new config # pam-authentified users from ssg get Ainternet-attribute DEFAULT NAS-IP-Address == special Service-Type = Framed-User, Idle-Timeout = 3600, Session-Timeout= 7200, Cisco-Account-Info += KW0, Fall-Through = yes ### end new config But with this users who are verified by sql are also checked against pam. Do you have some tips? Output from radiusd -X: rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns ok for request 0 modcall: group Autz-Type returns ok for request 0 rad_check_password: Found Auth-Type Pam auth: type PAM Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 pam_pass: using pamauth string radius for pam.conf lookup pam_pass: function pam_authenticate FAILED for test. Reason: Permission denied modcall[authenticate]: module pam returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Grüße Hans-Peter Fuchs Hans-Peter Fuchs - RZKR, Zimmer 20 Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK Universität zu Köln - Tel: 0221-470-6972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Nicolas Baradakis schrieb: Frank Büttner wrote: Did you edit freeradius.spec ? yes. here the config part: %configure \ 103 --disable-static \ Don't use the --disable-static option, it's the cause of the message radeapclient.o: No such file or directory Ok now compiling works, but at make install I get another error: /home/frank/RPM/BUILD/freeradius-1.1.1/install-sh -c -c .libs/libradius.lai /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/libradius.la /home/frank/RPM/BUILD/freeradius-1.1.1/install-sh -c -c .libs/libradius.a /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/libradius.a ranlib /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/libradius.a chmod 644 /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/libradius.a libtool: install: warning: remember to run `libtool --finish /usr/lib' rm -f /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la; ln -s libradius.la /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la ln: creating symbolic link `/var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la' to `libradius.la': No such file or directory smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Replicate Accounting Records
I am running FreeRadius version 0.9.3 and need to determine the method for replicating an accounting record and forwarding it to a secondary accounting server. I am also not clear on how to specify the secondary accounting server in order to accomplish this. I am only interested in receiving the start/stop packets no other updates are required. Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Replicate Accounting Records
Tye Lougheed [EMAIL PROTECTED] wrote: I am running FreeRadius version 0.9.3 Upgrade: http://www.freeradius.org/security.html and need to determine the method for replicating an accounting record and forwarding it to a secondary accounting server. I am also not clear on how to specify the secondary accounting server in order to accomplish this. See radrelay. If it's not in 0.9.3 (I don't recall), it's in the most recent version. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authentication with LDAP
fvt3 [EMAIL PROTECTED] wrote: How do you hide password that is sent to LDAP so it will not show up in the log and in debug mode ..Thanks in advance I don't think the LDAP password is logged normally. But it *is* printed out in debugging mode, nad that won't change. Printout out what the server is doing is the whole point of debugging mode. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Table radacct is empty
Hi,
Yes, SQL is ok to query in accounting section. Here is a part of my
radiusd.conf :
# The rlm_sql_log module appends the SQL queries in a log
# file which is read later by the radsqlrelay program.
#
# This module only performs the dynamic expansion of the
# variables found in the SQL statements. No operation is
# executed on the database server. (this could be done
# later by an external program) That means the module is
# useful only with non-SELECT statements.
#
# See rlm_sql_log(5) manpage.
#
sql_log {
path = ${radacctdir}/sql-relay
acct_table = radacct
postauth_table = radpostauth
Start = INSERT INTO ${acct_table} (AcctSessionId, UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '%S', '0', '0', '');
Stop = INSERT INTO ${acct_table} (AcctSessionId, UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \
'%{Acct-Terminate-Cause}');
Alive = INSERT INTO ${acct_table} (AcctSessionId, UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');
Post-Auth = INSERT INTO ${postauth_table} \
(user, pass, reply, date) VALUES\
('%{User-Name}', '%{User-Password:-Chap-Password}', \
'%{reply:Packet-Type}', '%S');
}
..
..
$INCLUDE ${confdir}/sql.conf
..
..
authorize {
sql
...
...
accounting {
sql
sql_log
session
sql
post-auth {
sql
sql_log
Moreover, the information are written in a file (sql-relay) which (is I have
understand correctly) is used by the radsqlrelay binary to put the information
in database.
The fact is that for the post-auth part, it works bacause i get all the information of
the post authorisation in the radpostauth table. But in this sql-relay file,
there's only information about post-auth...nothing about accounting !!
The strange thing is that there's some informations about accounting in others file
auth-detail and reply-detail, but not in sql format.
some lines of the files :
sql-relay
INSERT INTO radpostauth (user, pass, reply,
date) VALUES('joseph', 'Chap-Password',
'Access-Accept', '2006-03-21 15:28:48');
-
reply-detail
Packet-Type = Access-Accept
Wed Mar 22 18:04:18 2006
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1
Framed-Compression = Van-Jacobson-TCP-IP
Service-Type = Login-User
Session-Timeout = 1000
Idle-Timeout = 500
Port-Limit = 10
Reply-Message = Bye Mr Joseph !
MS-MPPE-Recv-Key =
0x315cddbc0724d537fdb446a4fc50756d12cc3b005e452caeafe6e867a8a273da
MS-MPPE-Send-Key =
0x99246dc1071a72f26b069f36cf13c4c865705471f3dbd0dfa1515615affd3004
EAP-Message = 0x03090004
Message-Authenticator = 0x
User-Name = joseph
--
auth-detail
Packet-Type = Access-Request
Wed Mar 22 17:46:52 2006
User-Name = joseph
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-Identifier =
default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000
Calling-Station-Id = 00-12-f0-4f-19-26
EAP-Message = 0x0201000b016a6f73657068
NAS-IP-Address = 192.168.0.50
Message-Authenticator = 0x3796599b7cebc6895c6a57f7444cccfc
Client-IP-Address = 192.168.0.50
---
Best regards,
Vincent
--
Message: 3
Date: Wed, 22 Mar 2006 09:17:08 -0500
From: Alex M [EMAIL PROTECTED]
Subject: RE: Table radacct is empty
To: 'FreeRadius users mailing list'
freeradius-users@lists.freeradius.org
Message-ID: [EMAIL PROTECTED]
Content-Type: text/plain; charset=us-ascii
Did u authorize SQL in accounting section?
-Original Message-
From:
[EMAIL PROTECTED]
.org
Tagged Vlans
Hi All,Does Free Radius support tagging of VLAN's Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ignoring request from unknown client *.*.*.* 2244
I have configured FreeRadius to use Mysql.It seemed Mysql works well when I input Radiusd -X. However when I use NtRadPing to test,I always get the following error: rad_recv: Access-Request packet from host 202.117.15.164:2244, id=0, length=43Ignoring request from unknown client 202.117.15.164:2244 --- Walking the entire request list --- I insert items into the table 'nas' int the 'radius' databaselike : +++---+---+---++---+---+| id | nasname | shortname | type | ports | secret | community | description |+++---+---+---++---+---+ | 1 | 202.117.15.164 | liv1 | other | NULL | testing123 | NULL | RADIUS Client |+++---+---+---++---+---+ But it doesn't work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Hi, The makefile in src/lib creates the lib directory before it installs anything in it. I have no idea why building an RPM would result in things happening in the reverse order. It doesn't only happen when building an RPM. I installed from the tarball and the same thing happened. It worked when I manually created lib/ after the first failed attempt und tried it a second time (SuSE 8.2). Nicolas Baradakis sent me a patched Makefile, I will try that soon and report back if it fixes the issue. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
That is not possible, because I use rpmbuild. I it only possible to patch the sources. But what have changed?? 1.1.0 will work without any problems!!! Nicolas Baradakis schrieb: Frank Büttner wrote: Ok now compiling works, but at make install I get another error: ln -s libradius.la /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la ln: creating symbolic link `/var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la' to `libradius.la': No such file or directory Now it's the same error as posted yesterday by someone else. I don't know exactly how to fix the bug because I've no problem to build a Debian package. Could you please try if the following patch fixes the problem? Index: src/lib/Makefile === RCS file: /source/radiusd/src/lib/Makefile,v retrieving revision 1.20.4.3 diff -u -r1.20.4.3 Makefile --- src/lib/Makefile 10 Feb 2006 19:47:04 - 1.20.4.3 +++ src/lib/Makefile 21 Mar 2006 17:19:21 - @@ -48,6 +48,6 @@ rm -rf .libs install: all - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir) + $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir)/$(TARGET).la rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la Index: src/modules/rlm_eap/libeap/Makefile === RCS file: /source/radiusd/src/modules/rlm_eap/libeap/Makefile,v retrieving revision 1.1.4.2 diff -u -r1.1.4.2 Makefile --- src/modules/rlm_eap/libeap/Makefile 10 Feb 2006 19:47:09 - 1.1.4.2 +++ src/modules/rlm_eap/libeap/Makefile 21 Mar 2006 17:19:21 - @@ -38,6 +38,6 @@ rm -rf .libs install: all - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir) + $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir)/$(TARGET).la rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
On Thu, Mar 23, 2006 at 08:19:19AM +0100, Stefan Winter wrote: Hi, The makefile in src/lib creates the lib directory before it installs anything in it. I have no idea why building an RPM would result in things happening in the reverse order. Indeed the installation fails (I used --prefix in configure) and I compiled from sources without trying to make a package of any sort. By searching I found the following patch: Index: Makefile === RCS file: /source/radiusd/src/lib/Makefile,v retrieving revision 1.28 diff -u -r1.28 Makefile --- Makefile 22 Jan 2006 21:46:35 - 1.28 +++ Makefile 6 Mar 2006 17:51:34 - -48,6 +48,6 rm -rf .libs install: all - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir) + $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir)/$(TARGET).la rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la This solved the issue. It doesn't only happen when building an RPM. I installed from the tarball and the same thing happened. It worked when I manually created lib/ after the first failed attempt und tried it a second time (SuSE 8.2). Nicolas Baradakis sent me a patched Makefile, I will try that soon and report back if it fixes the issue. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Rιseau Tιlιinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
