Syntax Error
Hi, I am using the latest version of freeRadius. The version is 1.1.1. When I try to run the server it gives a lot of syntax error. Kindly let me know how to proceed with the same. Thanks Lakshmi The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s)and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender or [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP check attributes
Hifillter = "((uid=%{Stripped-User-Name:-%{User-Name}})(radiusCiscoAVpair=%{Cisco-AVPair}))"regardsAntonio Matera [EMAIL PROTECTED] a écrit: Hi,thanks for the answer.I forgot my filter line in ldap
module:filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"How I have to insert in this string to add the ssid check? Where I insert the Cisco-AVPair check?Thanks, bye AntonioLudovic Cailleau
Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS SNMP capacities
Hello all, Would it be possible to have some information about FreeRADIUS SNMP capacities. Which version of snmp are supported? What can be done? Which types of trap can be sent to the manager? Which type of info can the manager ask? What are the other features? Is it stable? Any peice of information will be of great help. Best regards, Geoffroy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP check attributes
Hi,
thanks a lot for your answer.
Your solution works fine but I don't understand some things:
1 - If I insert the Cisco-AVPair in the filter and I haven't this
attribute in my ldap user, I can't authenticate it. Is it possible to
check the ssid only if it is in the list of the ldap user attributes?
2 - With this solution the following row in the ldap.attrmap is not
necessary:
checkItem Cisco-AVPairradiusCiscoAVPair
whitout it the filter authentication works.
It is not possible to use the ldap.attrmap file to inser a check item?
In this file I have inserted 3 replyItem:
replyItem Tunnel-Medium-Type radiusTunnelMediumType
replyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupId
replyItem Tunnel-Type radiusTunnelType
if I insert these three attribute in my ldap user they work without
other configuration. Why the checkItem doesn't work?
3 - the last question is a little different: if I insert in the user
file this row:
DEFAULT Auth-Type := LDAP
the authentication doesn't work. It is normal or I have some mistakes in
my configuration?
Thanks a lot
Bye Antonio
on 17/05/2006 9.02 ludovic cailleau said the following:
Hi
fillter =
((uid=%{Stripped-User-Name:-%{User-Name}})(radiusCiscoAVpair=%{Cisco-AVPair}))
regards
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Syntax Error
kindly let us know the error messages if u want us to help you Lakshmi Jayaraman wrote: Hi, I am using the latest version of freeRadius. The version is 1.1.1. When I try to run the server it gives a lot of syntax error. Kindly let me know how to proceed with the same. Thanks Lakshmi The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s)and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender or [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- mfg S.Wild Cronon AG - Technik - +49 941 56 71 23 95 Fon direkt +49 941 59 57 91 64 Fax +49 941 79 77 58 9 SIP +49 941 58 41 03 9 Fon Technik zentral Die Predigt in einer Kirche macht den Blitzableiter auf der selbigen nicht überflüssig! Georg Christoph Lichtenberg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius upgrade
Hello all, I'm new here and freeradius newbye. I have to upgrade from freeradius 1.0.1 to 1.1.1 on red hat linux. Do you have any advice or help ? The default 1.0.1 installation is the same as the new one 1.1.1? I mean does it install file in /usr/local/etc for configuration file, /usr/local/var/log for log files and /usr/local/lib for libraries ? .. then configuration file I suppose won't be changed, right? .. then the procedure is the same as intsllation procedure? thanks Giuseppe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP check attributes
Ok, I dont be clear. The solution that I your given does not use the replyItem Tunnel-Medium-Type, Tunnel-Private-Group-Id, Tunnel-Type. My Ldap base contains attributes SSID for each users. Because my NAS sends its vendor-specific containing the SSID where wants to connect the users. And at each request for authentification, the module authorize (radiusd.conf) call Ldap (with the filter) to compare the `uid' and `SSID'. If the SSID sent by the NAS corresponds at the SSID stored in Ldap: freeradius sends accept, if not it sends a reject. But you want that it is the switch Cisco which redirects the user in such or such SSID according to SSID'S corresponding to the attributes Tunnel-Medium-Type, Tunnel-Private-Group-Id, Tunnel-Type.? I am sorry, but I had not understood this. Wat does it solution wish you?Ludovic CailleauAntonio Matera [EMAIL PROTECTED] a écrit: Hi,thanks a lot for your answer.Your solution works fine but I don't understand some things:1 - If I insert the Cisco-AVPair in the filter and I haven't this attribute in my ldap user, I can't authenticate it. Is it possible to check the ssid only if it is in the list of the ldap user attributes?2 - With this solution the following row in the ldap.attrmap is not necessary:checkItem Cisco-AVPair radiusCiscoAVPairwhitout it the filter authentication works.It is not possible to use the ldap.attrmap file to inser a check item?In this file I have inserted 3 replyItem:replyItem Tunnel-Medium-Type radiusTunnelMediumTypereplyItem Tunnel-Private-Group-Id radiusTunnelPrivateGroupIdreplyItem Tunnel-Type radiusTunnelTypeif I insert these three attribute in my ldap user they work without other configuration. Why the checkItem doesn't work?3 - the last question is a little different: if I insert in the user file this row:DEFAULT Auth-Type := LDAPthe authentication doesn't work. It is normal or I have some mistakes in my configuration?Thanks a lotBye AntonioLudovic Cailleau Faites de Yahoo! votre page d'accueil sur le web pour retrouver directement vos services préférés : vérifiez vos nouveaux mails, lancez vos recherches et suivez l'actualité en temps réel. Cliquez ici.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius proxy
Hello,All! I'm setting up a roaming scheme for wireless clients. All of my NASes terminating on freeradius proxy server. Then, relying on user realm the request sends to one radius server or another. The problem lies on NAS-ID attribute. First radius servers knows all about all of my NASes, but the second radius - mustn't. Is it posible to change NAS-ID attribute to static string (e.g. MY NAS) when request is forwarding to a second radius server? -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: getting Freeradius to recorde login failure, etc
Hi Jeremy,
In order to apply what wants, you should
do the following:
Create a table in the radius
schema (called fails_log) to include three columns: trial_date,
username, password.
Create a function in the
database (called fails). The main statements which you
should write are
fails ( username1 in out char, password1 in char) return char is
v_user char:=;
v_password:=;
begin
select username , value into v_user from radcheck where
attribute=password and username= username1 and
password=password1;
if v_user = then insert into fails_log values (sysdate,username1,password1);
else return v_user;
end if;
end;
Update authorize_ceck_query
module in sql.conf file to be as follows:
authorize_check_query = SELECT id,Username,Attribute,Value,op
FROM ${authcheck_table} WHERE Username =(select fails('%{SQL-User-Name}','%{Use
r-Password}) from dual) ORDER BY
id
That is all. Then you can find all failed
logs inside the new created table fails_log.
Best Regards,
Jamal
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeremy ohara
Sent: Wednesday, May
17, 2006 6:32 AM
To: FreeRadius users mailing list
Subject: Re: getting Freeradius to
recorde login failure, etc
Hithere
i dont want to sound rude, etc but
your not really answering my question. you only answered half of it
what do iwite for the sql
statement, etc
Jeremy
-Original
Message-
From: Duane Cox [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Date: Tue, 16 May 2006 22:28:12 -0500
Subject: Re: getting Freeradius to recorde login failure, etc
post-auth {
#
# If you want to have a log of
authentication replies,
# un-comment the following
line, and the 'detail reply_log'
# section, above.
# reply_log
sql
Post-Auth-Type REJECT {
sql
}
}
- Original Message -
From: Jeremy ohara
To: FreeRadius users mailing list
Sent: Tuesday, May 16,
2006 9:13 PM
Subject: Re: getting
Freeradius to recorde login failure, etc
where and howdo i do it and
what do i write???
jeremy
-Original
Message-
From: Duane Cox [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Date: Tue, 16 May 2006 18:17:26 -0500
Subject: Re: getting Freeradius to recorde login failure, etc
yes, there is a subsection under the
post_auth section for such a thing...
- Original Message -
From: Jeremy ohara
To: FreeRadius users mailing list
Sent: Tuesday, May 16,
2006 3:24 PM
Subject: getting
Freeradius to recorde login failure, etc
hi there
is there a way to get Freeradius
1.0.5 with Mysql to record login-failure, incorrect password or incorrect
username into the mysql table?
i can see its possbile. but when you
login with wrong details it doesnt get to record the login failure, etc. and i
dont knwo what code to use and how to make freeradius to record it
Jeremy
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old viruses.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old viruses.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old viruses.
�-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP check attributes
My Ldap base contains attributes SSID for each users. Because my NAS sends its vendor-specific containing the SSID where wants to connect the users. And at each request for authentification, the module authorize (radiusd.conf) call Ldap (with the filter) to compare the `uid' and `SSID'. If the SSID sent by the NAS corresponds at the SSID stored in Ldap: freeradius sends ‘accept’, if not it sends a ‘reject’. But you want that it is the switch Cisco which redirects the user in such or such SSID according to SSID'S corresponding to the attributes Tunnel-Medium-Type, Tunnel-Private-Group-Id, Tunnel-Type.? My solution is similar to yours, but I haven't SSID attributes for each users. I use the replyItem to redirect the user connection to the correct VLAN. But if the replyItem works, why I can't do a check of one attribute with the checkItem? what is wrong in my configuration? For example, if I use the user file authentication without ldap with this users: test2 Cisco-AVPair == ssid=VLAN2, User-Password == passwd2 Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 2, Tunnel-Type = VLAN test3 User-Password == passwd3 Tunnel-Medium-Type = IEEE-802, Tunnel-Private-Group-Id = 3, Tunnel-Type = VLAN test2 can connect to vlan2 only with ssid=VLAN2. test3 can connect to vlan3 with any ssid. This configuration works ed I want the same using only ldap module without user file. I hope that my explanation is clear. Bye Antonio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: getting Freeradius to recorde login failure, etc
i done all but i'm lost where you have
Create a function in the
database (called “fails”). The main statements which you should write
are
how do ido this?
Jeremy
-Original
Message-From: "Jamal Taweel" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006
12:40:43 +0200Subject: RE: getting Freeradius to recorde login failure,
etc
Hi Jeremy,
In order to apply what wants, you should do the
following:
Create a table in the radius
schema (called “fails_log”) to include three columns: trial_date,
username, password.
Create a function in the
database (called “fails”). The main statements which you should write
are
“
fails ( username1 in out char, password1 in char) return char is
v_user
char:=’’;
v_password:=’’;
begin
select
username , value into v_user from radcheck where
attribute=’password’ and username= username1 and
password=password1;
if
v_user = ‘’ then insert into fails_log values
(sysdate,username1,password1);
else
return v_user;
end
if;
end;
“
Update authorize_ceck_query
module in sql.conf file to be as follows:
authorize_check_query = "SELECT id,Username,Attribute,Value,op FROM
${authcheck_table} WHERE Username =(select
fails('%{SQL-User-Name}','%{Use
r-Password}’) from dual) ORDER BY id"
That is all. Then you can find all failed logs
inside the new created table fails_log.
Best Regards,
Jamal
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jeremy ohara
Sent:
Wednesday, May 17, 2006 6:32
AMTo:
FreeRadius users mailing list
Subject: Re: getting Freeradius to recorde login failure,
etc
Hithere
i dont want to sound rude, etc but your not really
answering my question. you only answered half of it
what do iwite for the sql statement,
etc
Jeremy
-Original
Message-From: "Duane Cox" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Tue, 16
May 2006 22:28:12 -0500Subject: Re: getting Freeradius to recorde login
failure, etc
post-auth {
#
# If you want to have a log
of authentication replies,
# un-comment the following line, and the 'detail reply_log'
# section, above.
# reply_log
sql
Post-Auth-Type REJECT {
sql }}
- Original Message -
From: Jeremy ohara
To:
FreeRadius users mailing
list
Sent:
Tuesday, May 16, 2006
9:13 PM
Subject: Re: getting Freeradius to recorde login failure,
etc
where and howdo i do it and what do i
write???
jeremy
-Original
Message-From: "Duane Cox" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Tue, 16
May 2006 18:17:26 -0500Subject: Re: getting Freeradius to recorde login
failure, etc
yes, there is a subsection under the post_auth
section for such a thing...
- Original Message -
From: Jeremy ohara
To:
FreeRadius users mailing
list
Sent:
Tuesday, May 16, 2006
3:24 PM
Subject: getting Freeradius to recorde login failure,
etc
hi there
is there a way to get Freeradius 1.0.5 with
Mysql to record login-failure, incorrect password or incorrect
username into the mysql table?
i can see its possbile. but when you login with
wrong details it doesnt get to record the login failure, etc. and i dont
knwo what code to use and how to make freeradius to record it
Jeremy
This email has been scanned for Virus by MDaemon AntiVirus part of
MDaemon.Updated daily to keep up-to-date with all new and old
viruses.
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
This email has been scanned for Virus by MDaemon AntiVirus part of
MDaemon.Updated daily to keep up-to-date with all new and old
viruses.
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
This email has been scanned for Virus by MDaemon AntiVirus part of
MDaemon.Updated daily to keep up-to-date with all new and old
viruses.
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old viruses.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need somebody to install freeradius
Hi all, Need somebody to install Freeradius and Dialupadmin (latest stable versions) and their sources on a Linux/Debian server, in order to : - run Freeradius using a MySQL authentication, - run Dialupadmin to generate stats We give you full access to our Linux/Debian server on which : - Apache is installed BUT we're not sure if it is correctly installed nor if the version is the correct one - MySQL is installed BUT we're not sure if it is correctly installed nor if the version is the correct one - php4 is installed BUT we're not sure if it is correctly installed nor if the version is the correct one Tests we will make before acceptance : 1- add the following line in function rlm_sql_authorize of module rlm_sql.c and recompile everything (make , make install) radlog(L_ERR, Start of rlm_sql_authorize function); 2- run radiusd -X in a window 3- run radtest log pas localhost 0 testing123 from another window to check - if the message Start of rlm_sql_authorize function appears in the logs - if user 'log' is accepted (user 'log' has to be present in mysql database) 4- reboot server (shutdown -rf now) and check - if radiusd is running - if user 'log' is accepted with above radtest command - if the message Start of rlm_sql_authorize function appears in radius.log - if dialupadmin is accessible via https://xx.xx.xx.xx/DialupAdmin/ So there are several steps to go through for this project : - check the correct setup of Apache, MySQL , php - install FreeRadius and Dialupadmin 1.0.2-4 - pass the tests described here above Thank's for your proposals Antoine - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: getting Freeradius to recorde login failure, etc
You should write in PL/SQL the following:
CREATE FUNCTION + the statements which they
were sent.
BR,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006
12:17 PM
To: FreeRadius users mailing list
Subject: RE: getting Freeradius to
recorde login failure, etc
Importance: High
i done all but i'm lost where you
have
Create a function in the database (called fails). The main
statements which you should write are
how do ido this?
Jeremy
-Original
Message-
From: Jamal Taweel [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Date: Wed, 17 May 2006 12:40:43 +0200
Subject: RE: getting Freeradius to recorde login failure, etc
Hi
Jeremy,
In order
to apply what wants, you should do the following:
Create a table in the
radius schema (called fails_log) to include three columns: trial_date,
username, password.
Create a function in the database
(called fails). The main statements which you should write are
fails
( username1 in out char, password1 in char) return char is
v_user
char:=;
v_password:=;
begin
select
username , value into v_user from radcheck where attribute=password and
username= username1 and password=password1;
if
v_user = then insert into fails_log values (sysdate,username1,password1);
else
return v_user;
end if;
end;
Update
authorize_ceck_query module in sql.conf file to be as follows:
authorize_check_query
= SELECT id,Username,Attribute,Value,op FROM ${authcheck_table} WHERE
Username =(select fails('%{SQL-User-Name}','%{Use
r-Password})
from dual) ORDER BY id
That is
all. Then you can find all failed logs inside the new created table fails_log.
Best
Regards,
Jamal
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006 6:32
AM
To: FreeRadius users mailing list
Subject: Re: getting Freeradius to
recorde login failure, etc
Hithere
i dont want to sound rude, etc but your not really
answering my question. you only answered half of it
what do iwite for the sql statement, etc
Jeremy
-Original
Message-
From: Duane Cox [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Date: Tue, 16 May 2006 22:28:12 -0500
Subject: Re: getting Freeradius to recorde login failure, etc
post-auth {
#
# If you want to have a log of
authentication replies,
# un-comment the following
line, and the 'detail reply_log'
# section, above.
# reply_log
sql
Post-Auth-Type REJECT {
sql
}
}
- Original Message -
From: Jeremy ohara
To: FreeRadius users mailing list
Sent: Tuesday, May
16, 2006 9:13 PM
Subject: Re: getting
Freeradius to recorde login failure, etc
where and howdo i do it and what do i write???
jeremy
-Original
Message-
From: Duane Cox [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Date: Tue, 16 May 2006 18:17:26 -0500
Subject: Re: getting Freeradius to recorde login failure, etc
yes, there is a subsection under the post_auth
section for such a thing...
- Original Message -
From: Jeremy ohara
To: FreeRadius users mailing list
Sent: Tuesday, May
16, 2006 3:24 PM
Subject: getting
Freeradius to recorde login failure, etc
hi there
is there a way to get Freeradius 1.0.5 with
Mysql to record login-failure, incorrect password or incorrect username
into the mysql table?
i can see its possbile. but when you login with wrong
details it doesnt get to record the login failure, etc. and i dont knwo what
code to use and how to make freeradius to record it
Jeremy
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old viruses.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old viruses.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old
Re: adding field to dialup_admin
On Tue, 16 May 2006, David Antognini wrote: Hi Guys, I want to add the attribute WISPr-Bandwidth-Max-Down to the user edit page in dialup_admin. I added WISPr-Bandwidth-Max-Down to the bottom of the user_edit.attrs file. Then I manually went in and added the attribute into the radreply table and it works fine, and in dialup admin I can see the values, but when I go to edit the values, it doesn't work...Any tips on how to get this working? What do u mean it doesnt work? What exactly did you add in user_edit.attrs? Enable sql_debug to see what's going on in more detail. Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What printer [tested] for FreeRadius + WPA (EAP/TLS) WLAN network?
Hello, I use FreeRadius with WPA (EAP/TLS) in my wireless network. Recently I was asked to select and buy wireless printer (with wireless print server built-in). And here is a problem: Does anybody know what printer supports WPA with EAP/TLS? I'm talking about models tested in WPA EAP/TLS-enabled WLAN network (we have HP DeskJet 5850 but it doesn't work - it's theoretically WPA-compatible, I can install certificates but it doesn't log to network, In WEP-only environment it works great). Regards, Krzysztof Stelmach - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: getting Freeradius to recorde login failure, etc
Yes it is possible. But you should define
a proper data type for the field.
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006 1:09
PM
To: FreeRadius users mailing list
Subject: RE: getting Freeradius to
recorde login failure, etc
Importance: High
i wanted 2 otherfields which
are nasip and callerid
does that sound possible? sorry i'm
not very strong in the sql coding area
Jeremy
-Original
Message-
From: Jamal Taweel [EMAIL PROTECTED]
To: FreeRadius users mailing list freeradius-users@lists.freeradius.org
Date: Wed, 17 May 2006 13:36:59 +0200
Subject: RE: getting Freeradius to recorde login failure, etc
You
should write in PL/SQL the following:
CREATE
FUNCTION + the statements which they were sent.
BR,
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006
12:17 PM
To: FreeRadius users mailing list
Subject: RE: getting Freeradius to
recorde login failure, etc
Importance: High
i done all but i'm lost where you
have
Create a function in the database (called fails). The main
statements which you should write are
how do ido this?
Jeremy
-Original
Message-
From: Jamal Taweel [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Date: Wed, 17 May 2006 12:40:43 +0200
Subject: RE: getting Freeradius to recorde login failure, etc
Hi
Jeremy,
In order
to apply what wants, you should do the following:
Create a table in the
radius schema (called fails_log) to include three columns: trial_date,
username, password.
Create a function in the
database (called fails). The main statements which you should write are
fails
( username1 in out char, password1 in char) return char is
v_user
char:=;
v_password:=;
begin
select
username , value into v_user from radcheck where attribute=password and
username= username1 and password=password1;
if
v_user = then insert into fails_log values (sysdate,username1,password1);
else
return v_user;
end if;
end;
Update authorize_ceck_query module in sql.conf file to be as
follows:
authorize_check_query
= SELECT id,Username,Attribute,Value,op FROM ${authcheck_table} WHERE
Username =(select fails('%{SQL-User-Name}','%{Use
r-Password})
from dual) ORDER BY id
That is
all. Then you can find all failed logs inside the new created table fails_log.
Best
Regards,
Jamal
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006 6:32
AM
To: FreeRadius users mailing list
Subject: Re: getting Freeradius to
recorde login failure, etc
Hithere
i dont want to sound rude, etc but your not really
answering my question. you only answered half of it
what do iwite for the sql statement, etc
Jeremy
-Original
Message-
From: Duane Cox [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Date: Tue, 16 May 2006 22:28:12 -0500
Subject: Re: getting Freeradius to recorde login failure, etc
post-auth {
#
# If you want to have a log of
authentication replies,
# un-comment the following
line, and the 'detail reply_log'
# section, above.
# reply_log
sql
Post-Auth-Type REJECT {
sql
}
}
- Original Message -
From: Jeremy ohara
To: FreeRadius users mailing list
Sent: Tuesday, May
16, 2006 9:13 PM
Subject: Re: getting
Freeradius to recorde login failure, etc
where and howdo i do it and what do i write???
jeremy
-Original
Message-
From: Duane Cox [EMAIL PROTECTED]
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Date: Tue, 16 May 2006 18:17:26 -0500
Subject: Re: getting Freeradius to recorde login failure, etc
yes, there is a subsection under the post_auth
section for such a thing...
- Original Message -
From: Jeremy ohara
To: FreeRadius users mailing list
Sent: Tuesday, May
16, 2006 3:24 PM
Subject: getting
Freeradius to recorde login failure, etc
hi there
is there a way to get Freeradius 1.0.5 with
Mysql to record login-failure, incorrect password or incorrect username
into the mysql table?
i can see its possbile. but when you login with wrong
details it doesnt get to record the login failure, etc. and i dont knwo what
code to use and how to make freeradius to record it
Jeremy
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old viruses.
Re: freeradius upgrade
Hi Giuseppe, In general, you can upgrade straight from one version to the next by doing a configure; make; make install if you used that method to install in the first place (rather than an RPM or other package manager). If you have any custom dictionaries, be sure to backup /usr/local/share/freeradius before doing the make install and then merge your custom entries back into the new dictionaries that will be installed there. Other than that, it should go pretty well. I had no specific issues I can remember going from 1.0.x to 1.1.0. I have had issues compiling 1.1.1 but that should be fixed apparently in 1.1.2. Rgds, Guy On 17/05/06, Giuseppe Parlato [EMAIL PROTECTED] wrote: no one can help me ? Giuseppe - Original Message - From: Giuseppe [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Wednesday, May 17, 2006 11:08 AM Subject: freeradius upgrade Hello all, I'm new here and freeradius newbye. I have to upgrade from freeradius 1.0.1 to 1.1.1 on red hat linux. Do you have any advice or help ? The default 1.0.1 installation is the same as the new one 1.1.1? I mean does it install file in /usr/local/etc for configuration file, /usr/local/var/log for log files and /usr/local/lib for libraries ? .. then configuration file I suppose won't be changed, right? .. then the procedure is the same as intsllation procedure? thanks Giuseppe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius upgrade
thanks, I'll backup dictionaries for sure and then I'll try to upgrade.. Giuseppe - Original Message - From: "Guy Davies" [EMAIL PROTECTED] To: "FreeRadius users mailing list" freeradius-users@lists.freeradius.org Sent: Wednesday, May 17, 2006 2:51 PM Subject: Re: freeradius upgrade Hi Giuseppe, In general, you can upgrade straight from one version to the next by doing a configure; make; make install if you used that method to install in the first place (rather than an RPM or other package manager). If you have any custom dictionaries, be sure to backup /usr/local/share/freeradius before doing the make install and then merge your custom entries back into the new dictionaries that will be installed there. Other than that, it should go pretty well. I had no specific issues I can remember going from 1.0.x to 1.1.0. I have had issues compiling 1.1.1 but that should be fixed apparently in 1.1.2. Rgds, Guy On 17/05/06, Giuseppe Parlato [EMAIL PROTECTED] wrote: no one can help me ? Giuseppe - Original Message - From: "Giuseppe" [EMAIL PROTECTED] To: freeradius-users@lists.freeradius.org Sent: Wednesday, May 17, 2006 11:08 AM Subject: freeradius upgrade Hello all, I'm new here and freeradius newbye. I have to upgrade from freeradius 1.0.1 to 1.1.1 on red hat linux. Do you have any advice or help ? The default 1.0.1 installation is the same as the new one 1.1.1? I mean does it install file in /usr/local/etc for configuration file, /usr/local/var/log for log files and /usr/local/lib for libraries ? .. then configuration file I suppose won't be changed, right? .. then the procedure is the same as intsllation procedure? thanks Giuseppe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.392 / Virus Database: 268.6.0/341 - Release Date: 16/05/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: XP drops first EAP Request !!Verry important for my exam!!!
Has noone any idea about what causes that problem??? -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Krämer Armin Gesendet: Sonntag, 7. Mai 2006 10:29 An: freeradius-users@lists.freeradius.org Betreff: XP drops first EAP Request !!Verry important for my exam!!! Hi, i have here an working environment with freeradius [EMAIL PROTECTED] stable with eap/tls an clinet certifikates and ldap backend. After an long time of experimenting i got MachineCertifikates working basicaly. My problem now ist that when my testing system boots up and halts at the login prompt the machine trys to authenticate a first time with the machine certifikate. This first move end up with handled . When i leave the machine at the login prompt, after 3ß seconds the second authentication request is invoked by XP and this time it is successfull. Verrry strange... I tryed lots of settings at the XP Machine (AuthMode,SupplicantMode) but cant find the mistake. Can someone help me please with this problem? Is there an possiblility if tjhis phenomen is normal to reduce the time of this 30 Seconds (reauthentication period at the xp machine)?? I will append the logs of freeradius of an complete authentication process and a secon log from the xp machine with turned on eapol tracing. Maybe this is helpful.Sorry For that zip File but otherwise the message would be to obig für that mailing list... Greetings Armin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need somebody to install freeradius
Antoine, Am Mittwoch 17 Mai 2006 12:19 schrieb Antoine Cavalié: Need somebody to install Freeradius and Dialupadmin (latest stable versions) and their sources on a Linux/Debian server, in order to : - run Freeradius using a MySQL authentication, - run Dialupadmin to generate stats I am a FreeRADIUS-Expert from Germany. To check my skills: i wrote two Articles for the well-known german computer-magazin C't: http://www.heise.de/kiosk/archiv/ct/04/18/192/ and http://www.heise.de/kiosk/archiv/ct/04/18/198/ I would do the work and the tests for you and give you 7 days free support (online) for an amount of 400 Euro. I could start immediatly. please tell me id your interested. regards Stefan Krecher -- Dipl.-Wirtsch.-Inf. Stefan Krecher Tel. +49(0)4262 918655 Fax +49(0)4262 918656 mobil +49(0)172 3608616, web: www.krecher.com Neulander Str. 17, 27374 Visselhövede - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius core dumps (1.1.1 and 1.1.0)
: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded detail
detail: detailfile =
/var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (auth_log)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded files
files: usersfile = /usr/local/etc/raddb/users
files: acctusersfile = /usr/local/etc/raddb/acct_users
files: preproxy_usersfile = /usr/local/etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded Acct-Unique-Session-Id
acct_unique: key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port
Module: Instantiated acct_unique (acct_unique)
detail: detailfile = /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = /var/log/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 384
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on authentication *:1812
Listening on accounting *:1813
Ready to process requests.
Ready to process requests.
rad_recv: Access-Request packet from host 10.0.1.250:3072, id=0, length=147
User-Name = remy.unix-asp.com
NAS-IP-Address = 10.0.1.250
Called-Station-Id = 0012176fb399
Calling-Station-Id = 0013022105d3
NAS-Identifier = 0012176fb399
NAS-Port = 55
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
EAP-Message = 0x02160172656d792e756e69782d6173702e636f6d
Message-Authenticator = 0x9135364d41356d037feb68e50aa6dfdb
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: '/var/log/radacct/10.0.1.250/auth-detail-20060517'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radacct/10.0.1.250/auth-detail-20060517
modcall[authorize]: module auth_log returns ok for request 0
modcall[authorize]: module chap returns noop for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = remy.unix-asp.com, looking up realm
NULL
rlm_realm: No such realm NULL
modcall[authorize]: module suffix returns noop for request 0
rlm_eap: EAP packet type response id 0 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module eap returns updated for request 0
users: Matched entry DEFAULT at line 152
modcall[authorize]: module files returns ok for request 0
modcall: leaving group authorize (returns updated) for request 0
rad_check_password: Found Auth-Type EAP
auth: type EAP
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: EAP Identity
rlm_eap: processing type tls
rlm_eap_tls: Requiring client certificate
rlm_eap_tls: Initiate
rlm_eap_tls: Start returned 1
modcall[authenticate]: module eap returns handled for request 0
modcall: leaving group authenticate (returns handled) for request 0 Sending
Access-Challenge of id 0 to 10.0.1.250 port 3072
EAP-Message = 0x010100060d20
Message-Authenticator = 0x
State = 0x933d821d84f4d3f02fde047d03d2dc31
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 10.0.1.250:3072, id=0, length=249
User-Name = remy.unix-asp.com
NAS-IP-Address = 10.0.1.250
Called-Station-Id = 0012176fb399
Calling-Station-Id = 0013022105d3
NAS-Identifier = 0012176fb399
NAS-Port = 55
Framed-MTU = 1400
State = 0x933d821d84f4d3f02fde047d03d2dc31
NAS-Port-Type = Wireless-802.11
EAP-Message =
0x0201006a0d800060160301005b01570301446ae7ef6afef97904b3a92cd0b5c520
eb6048d1fc56c35b8973138969b48c143000390038003500160013000a00330032002f00
66000500040065006400630062006000150012000900140011000800030100
Message-Authenticator = 0x42a3af30e27aed7bb431db1cca8666c4
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok for request 1
radius_xlat: '/var/log/radacct/10.0.1.250/auth-detail-20060517'
rlm_detail: /var/log/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radacct/10.0.1.250/auth-detail-20060517
modcall[authorize]: module
RE: getting Freeradius to recorde login failure, etc
i'm confused now. does the function go into the radiusd.conf or in the
database???
cos at the moment there is nothing set in the radiusd.conf
jeremy
-Original
Message-From: "Jeremy ohara" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Thu, 18 May 2006
00:20:31 +1000Subject: RE: getting Freeradius to recorde login failure,
etc
thats easy do it do it in the sql state ment or on the database ro
what?
just want caller id and nas ip
Jeremy
-Original
Message-From: "Jamal Taweel" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006
15:13:50 +0200Subject: RE: getting Freeradius to recorde login failure,
etc
Yes it is possible.
But you should define a proper data type for the field.
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006
1:09 PMTo: FreeRadius
users mailing listSubject:
RE: getting Freeradius to recorde login failure, etcImportance: High
i wanted 2 otherfields
which are nasip and callerid
does that sound possible? sorry
i'm not very strong in the sql coding area
Jeremy
-Original Message-From: "Jamal Taweel"
[EMAIL PROTECTED]To: "FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006
13:36:59 +0200Subject: RE: getting Freeradius to recorde login failure,
etc
You
should write in PL/SQL the following:
CREATE
FUNCTION + the statements which they were sent.
BR,
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006
12:17 PMTo: FreeRadius
users mailing listSubject:
RE: getting Freeradius to recorde login failure, etcImportance: High
i done all but i'm lost where you
have
·
Create a function in the database (called
“fails”). The main statements which you should write are
how do ido this?
Jeremy
-Original
Message-From: "Jamal Taweel" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006
12:40:43 +0200Subject: RE: getting Freeradius to recorde login failure,
etc
Hi
Jeremy,
In
order to apply what wants, you should do the following:
· Create a table in the radius schema (called
“fails_log”) to include three columns: trial_date, username,
password.
· Create a function in the database (called “fails”).
The main statements which you should write are
“
fails ( username1 in out char, password1 in char) return char is
v_user
char:=’’;
v_password:=’’;
begin
select
username , value into v_user from radcheck where
attribute=’password’ and username= username1 and
password=password1;
if
v_user = ‘’ then insert into fails_log values
(sysdate,username1,password1);
else
return v_user;
end
if;
end;
“
·
Update authorize_ceck_query module in sql.conf
file to be as follows:
authorize_check_query = "SELECT id,Username,Attribute,Value,op FROM
${authcheck_table} WHERE Username =(select
fails('%{SQL-User-Name}','%{Use
r-Password}’) from dual) ORDER BY id"
That
is all. Then you can find all failed logs inside the new created table
fails_log.
Best
Regards,
Jamal
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006
6:32 AMTo: FreeRadius
users mailing listSubject:
Re: getting Freeradius to recorde login failure, etc
Hithere
i dont want to sound rude, etc
but your not really answering my question. you only answered half of
it
what do iwite for the sql
statement, etc
Jeremy
-Original
Message-From: "Duane Cox" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Tue, 16 May 2006
22:28:12 -0500Subject: Re: getting Freeradius to recorde login failure,
etc
post-auth {
#
# If you want to have a log
of authentication replies,
# un-comment the following line, and the 'detail reply_log'
# section, above.
# reply_log
sql
Post-Auth-Type REJECT {
sql }}
- Original Message -
From: Jeremy ohara
To:
FreeRadius users mailing
list
Sent:
Tuesday, May 16, 2006 9:13 PM
Subject: Re: getting Freeradius to recorde login failure,
etc
where and howdo i do it and
what do i write???
jeremy
-Original
Message-From: "Duane Cox" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Tue, 16 May 2006
18:17:26 -0500Subject: Re: getting Freeradius to recorde login failure,
etc
yes, there is a subsection under
the post_auth section for such a thing...
- Original Message -
From: Jeremy ohara
To:
FreeRadius users mailing
list
Sent:
Tuesday, May 16, 2006 3:24 PM
Re: getting Freeradius to recorde login failure, etc
Jeremy ohara [EMAIL PROTECTED] wrote: i dont want to sound rude, etc but your not really answering my question. you only answered half of it At some point you *do* have to read the documentation. While people may be kind enough to answer your questions on the list, most of those answers are cut pasted from the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
Jeremy ohara wrote: is there a way to get Freeradius 1.0.5 with Mysql to record login-failure, incorrect password or incorrect username into the mysql table? Please read the FAQ, and look for: How do I log failed login attempts in a SQL database? http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: getting Freeradius to recorde login failure, etc
i have tried the sql functin you have me and it didnt work. failed
tocreate
jeremy
-Original
Message-From: "Jeremy ohara" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Thu, 18 May 2006
00:20:31 +1000Subject: RE: getting Freeradius to recorde login failure,
etc
thats easy do it do it in the sql state ment or on the database ro
what?
just want caller id and nas ip
Jeremy
-Original
Message-From: "Jamal Taweel" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006
15:13:50 +0200Subject: RE: getting Freeradius to recorde login failure,
etc
Yes it is possible.
But you should define a proper data type for the field.
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006
1:09 PMTo: FreeRadius
users mailing listSubject:
RE: getting Freeradius to recorde login failure, etcImportance: High
i wanted 2 otherfields
which are nasip and callerid
does that sound possible? sorry
i'm not very strong in the sql coding area
Jeremy
-Original Message-From: "Jamal Taweel"
[EMAIL PROTECTED]To: "FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006
13:36:59 +0200Subject: RE: getting Freeradius to recorde login failure,
etc
You
should write in PL/SQL the following:
CREATE
FUNCTION + the statements which they were sent.
BR,
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006
12:17 PMTo: FreeRadius
users mailing listSubject:
RE: getting Freeradius to recorde login failure, etcImportance: High
i done all but i'm lost where you
have
·
Create a function in the database (called
“fails”). The main statements which you should write are
how do ido this?
Jeremy
-Original
Message-From: "Jamal Taweel" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006
12:40:43 +0200Subject: RE: getting Freeradius to recorde login failure,
etc
Hi
Jeremy,
In
order to apply what wants, you should do the following:
· Create a table in the radius schema (called
“fails_log”) to include three columns: trial_date, username,
password.
· Create a function in the database (called “fails”).
The main statements which you should write are
“
fails ( username1 in out char, password1 in char) return char is
v_user
char:=’’;
v_password:=’’;
begin
select
username , value into v_user from radcheck where
attribute=’password’ and username= username1 and
password=password1;
if
v_user = ‘’ then insert into fails_log values
(sysdate,username1,password1);
else
return v_user;
end
if;
end;
“
·
Update authorize_ceck_query module in sql.conf
file to be as follows:
authorize_check_query = "SELECT id,Username,Attribute,Value,op FROM
${authcheck_table} WHERE Username =(select
fails('%{SQL-User-Name}','%{Use
r-Password}’) from dual) ORDER BY id"
That
is all. Then you can find all failed logs inside the new created table
fails_log.
Best
Regards,
Jamal
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Jeremy ohara
Sent: Wednesday, May 17, 2006
6:32 AMTo: FreeRadius
users mailing listSubject:
Re: getting Freeradius to recorde login failure, etc
Hithere
i dont want to sound rude, etc
but your not really answering my question. you only answered half of
it
what do iwite for the sql
statement, etc
Jeremy
-Original
Message-From: "Duane Cox" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Tue, 16 May 2006
22:28:12 -0500Subject: Re: getting Freeradius to recorde login failure,
etc
post-auth {
#
# If you want to have a log
of authentication replies,
# un-comment the following line, and the 'detail reply_log'
# section, above.
# reply_log
sql
Post-Auth-Type REJECT {
sql }}
- Original Message -
From: Jeremy ohara
To:
FreeRadius users mailing
list
Sent:
Tuesday, May 16, 2006 9:13 PM
Subject: Re: getting Freeradius to recorde login failure,
etc
where and howdo i do it and
what do i write???
jeremy
-Original
Message-From: "Duane Cox" [EMAIL PROTECTED]To:
"FreeRadius users mailing list"
freeradius-users@lists.freeradius.orgDate: Tue, 16 May 2006
18:17:26 -0500Subject: Re: getting Freeradius to recorde login failure,
etc
yes, there is a subsection under
the post_auth section for such a thing...
- Original Message -
From: Jeremy ohara
To:
FreeRadius users mailing
list
Sent:
Tuesday, May 16, 2006 3:24 PM
Subject: getting Freeradius to recorde login failure,
etc
RE: Radius core dumps (1.1.1 and 1.1.0)
Submitted a bug report #366. Thanks for your help. -Original Message- From: [EMAIL PROTECTED] g [mailto:[EMAIL PROTECTED] adius.org] On Behalf Of Alan DeKok Sent: woensdag 17 mei 2006 16:33 To: FreeRadius users mailing list Subject: Re: Radius core dumps (1.1.1 and 1.1.0) Remy de Ruysscher [EMAIL PROTECTED] wrote: Maybe it's FreeBSD (switched to 6.1 recently and upgraded both the world, kernel and recompiled all packages) I wouldn't be surprised. See doc/bugs for how to deal with core dumps. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html smime.p7s Description: S/MIME cryptographic signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
the whole thing is arleady in the sql.conf. all it logs is the accepted passwords not failed passwords Jeremy -Original Message-From: Nicolas Baradakis [EMAIL PROTECTED]To: FreeRadius users mailing list freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006 16:44:55 +0200Subject: Re: getting Freeradius to recorde login failure, etc Jeremy ohara wrote: is there a way to get Freeradius 1.0.5 with Mysql to record login-failure, incorrect password or incorrect username into the mysql table?Please read the FAQ, and look for: "How do I log failed login attempts in a SQL database?"http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ -- Nicolas Baradakis- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon. Updated daily to keep up-to-date with all new and old viruses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
Jeremy ohara [EMAIL PROTECTED] wrote: there is no sign of any of this in the documentation if you can show me where it shows what and how to do it and code, by all means show me! The documentation does not describe how to configure the server for your particular location, for your local needs. Instead, it describes generally how the server works, and how to configure it. It's up to the local admin to put the pieces together. My suggestion is to hire someone to configure it for you. You can then get them to maintain it, too. If you configure it by copying instructions on this list, you won't understand what the serveris doing, and you won't be able to maintain it in the future. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unstable FreeRadius
George C. Kaplan [EMAIL PROTECTED] wrote:
freeradius 1.1.1, compiled from ports with MIT kerberos support
FreeBSD 5.5-PRERELEASE
I'll file a bug report once my bugzilla password comes through. In the
meantime, suggestions for more detailed troubleshooting here are welcome.
I don't run kerberos myself, so I'm unsure as to how to reproduce
it. Could you attach example krb.conf files, and the krb5{} section
from radiusd.conf?
Or, you could use gdb to attach to the running process. e.g.
$ radiusd ...
$ ps -ef | grep radiusd
$ nice +15 radiusd-pid
reproduce the problem
$ gdb `which radiusd` radiusd-pid
$ thread apply all bt full
$ cont
You may have to do the last two steps a few times to see where the
server is locked.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using ntlm and MS-CHAP authentication on the same server
Bugneac Constantin [EMAIL PROTECTED] wrote: I would like know if it is possible to configure the Freeradius to do authentication based on ntlm for one group of users and MS-Chap for other on the same server. Yes. You can configure ntlm_auth as normal, and then for users with passwords, do something like: user User-Password := password, MS-CHAP-Use-NTLM-Auth = No ... The problem is that I do not want users from one group to get logging in sistem using credintials from other. You can configure it for groups, too: DEFAULTGroup == no-ntlm-auth, MS-CHAP-Use-NTLM-Auth = No ... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius proxy
Denis V. Gudtsov [EMAIL PROTECTED] wrote: The problem lies on NAS-ID attribute. First radius servers knows all about all of my NASes, but the second radius - mustn't. Is it posible to change NAS-ID attribute to static string (e.g. MY NAS) when request is forwarding to a second radius server? See preproxy_users. There's a related example there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP check attributes
Hallo, I do some test on my freeradius. If I set compare_check_items = yes the PEAP seassion fails and I receive this log: rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: Received EAP-TVL response. rlm_eap_peap: Tunneled data is valid. rlm_eap_peap: Had sent TLV failure. User was rejected rejected earlier in this seasion. rlm_eap: Handler failed in EAP/peap whitout it, all works fine. Why with the compare_check_items I have a error on PEAP? Thanks bye Antonio on 17/05/2006 14.11 Mitchell, Michael J said the following: Hi Antonio, ldap: compare_check_items = no You need to set compare_check_items = yes in the ldap module configuration? The default is no. regards, Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
I appreciate the dialogue we have here. I have been interested in doing this as well, and have been tinkering with some code outside of Freeradius to insert logins into a seperate table by reading the radius.log file. I've been doing it this way because I didn't know it was within Freeradius's capabilities. So, I too am interested in hearing the specifics on how this can be done. If someone can point me to the right direction, I would be very appreciative. Perhaps I could even explore it to its fullest and submit some documentation to the developers to include with the software to make things a bit more clear. Thanks in advance, Chris Carver Pennswoods.Net Network Engineer Jeremy ohara wrote: there is no sign of any of this in the documentation if you can show me where it shows what and how to do it and code, by all means show me! Jeremy -Original Message- From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Wed, 17 May 2006 10:33:43 -0400 Subject: Re: getting Freeradius to recorde login failure, etc Jeremy ohara [EMAIL PROTECTED] wrote: i dont want to sound rude, etc but your not really answering my question. you only answered half of it At some point you *do* have to read the documentation. While people may be kind enough to answer your questions on the list, most of those answers are cut pasted from the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon. Updated daily to keep up-to-date with all new and old viruses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Acct-Terminate-Cause
would there be any reason for'%{Acct-Terminate-Cause}' to not
work?
Jeremy
This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon.
Updated daily to keep up-to-date with all new and old viruses.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
Christopher Carver [EMAIL PROTECTED] wrote: So, I too am interested in hearing the specifics on how this can be done. If someone can point me to the right direction, I would be very appreciative. Perhaps I could even explore it to its fullest and submit some documentation to the developers to include with the software to make things a bit more clear. As always, patches are welcome. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More coredumps, FreeBSD 5.4 / FR 1.1.1
Chris Knipe [EMAIL PROTECTED] wrote: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1 (LWP 100079)] 0x282f2677 in memset () from /lib/libc.so.5 (gdb) back #0 0x282f2677 in memset () from /lib/libc.so.5 #1 0x09afc4c0 in ?? () #2 0x286e5cb5 in sql_init_socket (sqlsocket=3D0x70657270, = config=3D0x9d02600)=20 at sql_mysql.c:71 I've seen that before on FreeBSD. I have no idea why it's happening. Maybe try the branch_1_1 code from CVS? Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
it seems to be ok now. just having trouble getting Acct-Terminate-Cause to work its no showing any result when login or pass , etc is wrong jeremy -Original Message-From: Christopher Carver [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.orgDate: Wed, 17 May 2006 12:12:33 -0500Subject: Re: getting Freeradius to recorde login failure, etc Jeremy,You need to make sure mysql (and mysql development headers/libraries) installed on the server and then configure --with-mysql. When you compile you should see the rlm_sql files in the lib dir of freeradius. Watch the configure output and make sure it says that its configuring mysql and not skipping it because it couldn't find the headers or libs.Chris CarverPennswoods.NetNetwork EngineerJeremy ohara wrote: the version of freeradius doesnt not have the rim_sql files Freeradius 1.0.5 -Original Message- From: Nicolas Baradakis [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Date: Wed, 17 May 2006 16:44:55 +0200 Subject: Re: getting Freeradius to recorde login failure, etc Jeremy ohara wrote:is there a way to get Freeradius 1.0.5 with Mysql to record login-failure,incorrect password or incorrect username into the mysql table? Please read the FAQ, and look for: "How do I log failed login attempts in a SQL database?" http://wiki.freeradius.org/index.php/FreeRADIUS_Wiki:FAQ --Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon. Updated daily to keep up-to-date with all new and old viruses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html This email has been scanned for Virus by MDaemon AntiVirus part of MDaemon. Updated daily to keep up-to-date with all new and old viruses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and 2 ldap servers.
Okay, since this isn't easy to piece together from the docs. (and no one
has posted this on the mailing list that i've seen, and i've gotten a
few emails on this as well)
here is how i got freeradius running good failover with 2 ldap servers.
hopefully those who know the system better than me will let me/us (the
list) know if i've done something wrong here.
in the ldap section you'll have:
ldap ldap1 {
server = ip
identity =
...
}
ldap ldap2 {
second server info
}
then in the instantiate section put
ldap1
ldap2
then in authorize you'll have:
redundant {
ldap1
ldap2
}
and in authenticate you'll have:
Auth-Type LDAP {
redundant {
ldap1
ldap2
}
}
that is what worked for me.
now one thing to consider/think about. it appears whichever server is
listed secondly (in instantiate, authorize, and authenticate, will be
hit first) not sure why this is...and it may not be important
--
Terry J Fike Jr
System Administrator
MTA Solutions
907-793-4100
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: getting Freeradius to recorde login failure, etc
Duane Cox [EMAIL PROTECTED] wrote: Alan, Is there any way to have a conditional statement in the post-auth section, something like: if NASIPAddress == '1.1.1.1' then don't process postauth? Not really, no. That would be very useful, but probably hard to do in the current architecture. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More coredumps, FreeBSD 5.4 / FR 1.1.1
Chris Knipe [EMAIL PROTECTED] wrote: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 1 (LWP 100079)] 0x282f2677 in memset () from /lib/libc.so.5 (gdb) back #0 0x282f2677 in memset () from /lib/libc.so.5 #1 0x09afc4c0 in ?? () #2 0x286e5cb5 in sql_init_socket (sqlsocket=3D0x70657270, = config=3D0x9d02600)=20 at sql_mysql.c:71 I've seen that before on FreeBSD. I have no idea why it's happening. Maybe try the branch_1_1 code from CVS? Hi Alan, Don't know if this would help you track it down... I recompiled --without-threads, it seems to have solved the *original* problem. Are threads deemed to be stable yet in 1.1.1? If so, can it be rechecked? What I'm picking up: MySQL 5.0.21, Muli Threaded Perl 5.8.8, Multi Threaded FR 1.1.1, Debug I don't know the order in which these modules load, so you'll sort that out better than me... But... FR with Theads, cores loading rlm_sql_mysql FR without Theads, loads rlm_sql_mysql, BUT, now cores loading rlm_perl I kind of find it strange that it's only with threaded applications that this is happening... I know that FreeBSD *had* issues in the past with threads, but that is long since gone MySQL Multi-Threaded is quite normal on FreeBSD, and Threaded Perl is also pretty stable these days (according to the mailing lists). Could it be that FR maybe has issues with it? Right now, without rlm_perl and FreeRadius in a single-threaded compile, I have no issues... When I change FR to multi-threaded rlm_sql_mysql crash, when FR is single threaded, rlm_perl (because I have a threaded perl compile) cores... The trace for the rlm_perl crash: read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Program received signal SIGSEGV, Segmentation fault. 0x281c3e2d in perl_init () at rlm_perl.c:602 602 PL_perl_destruct_level = 2; (gdb) bt #0 0x281c3e2d in perl_init () at rlm_perl.c:602 #1 0x08052062 in find_module_instance () #2 0x08052414 in setup_modules () #3 0x08054d36 in main () -- Chris. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unstable FreeRadius
George C. Kaplan [EMAIL PROTECTED] wrote: If you've got it set up right, a 'radtest' will time out after several seconds with a Cannot contact any KDC... message in radius.log. If you HUP the radiusd before it times out, that should trigger the lockup. I think I know what's happening. The HUP triggers a tear-down re-start of all modules. If a module is blocked, the data structures pointing to it will be destroyed... One solution would be to go to src/main/modules.c, function setup_modules(). Comment out or delete the call to detach modules(). That will work, but ONLY if the radiusd.conf file doesn't change. If you're HUing the server to get it to re-read the users file, that's OK. If that change fixes it for you, we should look into a better approach to HUPing the server... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
when next release with rlm_sqlippool as stable?
Hi Any ideas? I'm using the current snapshot in the lab, but it's not stable, which of course is an understanding. Cheers, RobertB - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
peap with mysql
To get peap working with a mysql backend do I need to store the LM and NT hashes of the password? I currently have my db setup like this: mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | temptest | User-Password | == | authme | ++--+---+++ 1 row in set (0.00 sec) I would guess I need to add 2 more rows per user with the attributes LM-Password and NT-Password set to the correct hash. Currently it works fine with NTRadPing, but not from the MS Supplicant :( The only reason I ask about the LM and NT Hashes is because I saw some info about that when using openldap. Thanks! -- Chris Liles System Analyst Air2Web, Inc. 1230 Peachtree St. N.E. 12th Floor Atlanta, GA 30309 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: peap with mysql
Chris Liles [EMAIL PROTECTED] wrote: To get peap working with a mysql backend do I need to store the LM and NT hashes of the password? No. I currently have my db setup like this: mysql select * from radcheck; ++--+---+++ | id | UserName | Attribute | op | Value | ++--+---+++ | 1 | temptest | User-Password | == | authme | You should :=, not ==. Currently it works fine with NTRadPing, but not from the MS Supplicant :( Debug mode will tell you why: there's no User-Password in the MS-CHAP request to do == comparisons on. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius 1.1.0 with rp-pppoe 3.8 pppoe-server
I have a Red Hat 9.0 system with the following software: - ppp 2.4.4b1 rp-pppoe 3.8 freeradius 1.1.0 I saw the following in /usr/local/share/freeradius/dictionary.roaringpenguin RP-Upstream-Speed-Limit RP-Downstream-Speed-Limit Below is my MySQL result: - mysql select * from radcheck; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 1 | guest | Password | == | guest | ++--+---++---+ mysql select * from radgroupcheck; ++--+--++---+ | id | GroupName | Attribute | op | Value | ++--+--++---+ | 1 | customer128k | Simultaneous-Use | := | 1 | | 2 | customer128k | Auth-Type | := | Local | ++--+--++---+ mysql select * from radgroupreply; ++--+---++-+--+ | id | GroupName | Attribute | op | Value | prio | ++--+---++-+--+ | 1 | customer128k | Framed-Protocol | = | PPP | 0 | | 2 | customer128k | Framed-Routing | = | Broadcast-Listen | 0 | | 3 | customer128k | Framed-Compression | = | Van-Jacobson-TCP-IP | 0 | | 4 | customer128k | RP-Upstream-Speed-Limit | = | 64 | 0 | | 5 | customer128k | RP-Downstream-Speed-Limit | = | 128 | 0 | | 6 | customer128k | Service-Type | = | Framed-User | 0 | | 7 | customer128k | Framed-MTU | = | 1500 | 0 | ++--+---++-+--+ mysql select * from usergroup; ++--+--+ | id | UserName | GroupName | ++--+--+ | 1 | guest | customer128k | ++--+--+ Below is my ppp options: - require-pap login lcp-echo-interval 10 lcp-echo-failure 2 ms-dns x.y.100.8 ms-dns x.y.100.2 plugin radius.so plugin radattr.so Below is the command I run for pppoe-server: - pppoe-server -I eth1 -k -L 10.3.0.1 -R 10.3.1.1 I configure a PPPoE client connecting in my Windows XP desktop and successfully connect to the PPPoE server. I did perform a download speed test and the download speed is not correct. I can't get 128kbits but I get the full speed of 1Mbps, why? Doest the attribute field below works for FreeRADIUS? RP-Upstream-Speed-Limit RP-Downstream-Speed-Limit Regards, rootlinux __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
