Re: auth acct same port
Hi, Can you listen for both auth and acct packets on the same port? No. thanks, i had already read all the RFC's. I was only asking because I'm using an Airmatrix (linux based) WAP. And it sends auth and acct packets to the same port. It's a bit broken. write a simple source code modification. One of the early packet parsing checks is whether the ports match or not. Take away that check and it should work. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP check attributes
Hallo, thanks for your answers. It's not in the conf files. Read the debug output. It's in LDAP. Ok, the problem in the log file is this: rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=create-net,dc=org, with filter (uid=vlan3) rlm_ldap: Added password vlan3 in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusCiscoAVPair as Cisco-AVPair, value ssid=VLAN3 op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: Adding radiusTunnelType as Tunnel-Type, value VLAN op=11 rlm_ldap: Adding radiusTunnelPrivateGroupId as Tunnel-Private-Group-Id, value 3 op=11 rlm_ldap: Adding radiusTunnelMediumType as Tunnel-Medium-Type, value IEEE-802 op=11 Invalid operator for item EAP-Type: reverting to '==' rlm_ldap: Pairs do not match. Rejecting user. rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns reject for request 5 modcall: leaving group authorize (returns reject) for request 5 Invalid user (rlm_ldap: Pairs do not match): [vlan3/no User-Password attribute] (from client cn-radius port 276 cli 000c.f135.f1ba) PEAP: Tunneled authentication was rejected. rlm_eap_peap: FAILURE but in the ldap.attrmap I added to the original file only: checkItemCisco-AVPairradiusCiscoAVPair and replyItemTunnel-Medium-TyperadiusTunnelMediumType replyItemTunnel-Private-Group-IdradiusTunnelPrivateGroupId replyItemTunnel-TyperadiusTunnelType my user in LDAP directory has the following attributes: # vlan3, people, create-net.org dn: sn=vlan3,ou=people,dc=create-net,dc=org objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: radiusprofile radiusTunnelPrivateGroupId: 3 radiusCiscoAVPair: ssid=VLAN3 sn: vlan3 uid: vlan3 radiusTunnelMediumType: IEEE-802 radiusTunnelType: VLAN cn: vlan3 userPassword:: dmxhbjM= I haven't an EAP-Type entry and I don't understand where freeradius finds this attribute Bye Antonio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.1.0 with rp-pppoe 3.8 pppoe-server
How do I check is PPPoE sending the attribute to FreeRADIUS? Below is the freeradius in debug mode: - rad_recv: Access-Request packet from host 127.0.0.1:32793, id=32, length=88 Service-Type = Framed-User Framed-Protocol = PPP User-Name = guest User-Password = guest Calling-Station-Id = 00:04:E2:48:7E:D8 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = guest, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 radius_xlat: 'guest' rlm_sql (sql): sql_set_user escaped user -- 'guest' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'guest' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'guest' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'guest' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'guest' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns ok for request 0 rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module noresetcounter returns noop for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password Processing the session section of radiusd.conf modcall: entering group session for request 0 radius_xlat: 'guest' rlm_sql (sql): sql_set_user escaped user -- 'guest' radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='guest' AND AcctStopTime = 0' rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 modcall[session]: module sql returns ok for request 0 modcall: leaving group session (returns ok) for request 0 Login OK: [guest/guest] (from client localhost port 0 cli 00:04:E2:48:7E:D8) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_sql (sql): Processing sql_postauth radius_xlat: 'guest' rlm_sql (sql): sql_set_user escaped user -- 'guest' radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'guest', 'guest', 'Access-Accept', NOW())' rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('', 'guest', 'guest', 'Access-Accept', NOW()) rlm_sql (sql): Reserving sql socket id: 1 rlm_sql (sql): Released sql socket id: 1 modcall[post-auth]: module sql returns ok for request 0 modcall: leaving group post-auth (returns ok) for request 0 Sending Access-Accept of id 32 to 127.0.0.1 port 32793 Framed-Protocol = PPP Framed-Routing = Broadcast-Listen Framed-Compression = Van-Jacobson-TCP-IP RP-Upstream-Speed-Limit = 64 RP-Downstream-Speed-Limit = 64 Service-Type = Framed-User Framed-MTU = 1500 Idle-Timeout = 60 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:32793, id=33, length=116 Acct-Session-Id = 446BD2061D7D00 User-Name = guest Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 00:04:E2:48:7E:D8 Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 10.38.1.7 NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Acct-Delay-Time = 0 Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module preprocess returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 0,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = 446BD2061D7D00,User-Name = guest' rlm_acct_unique: Acct-Unique-Session-ID = 0df05a425b9215fd. modcall[preacct]: module acct_unique returns ok for request 1 rlm_realm: No '@' in User-Name = guest, looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop for request 1 modcall: leaving group preacct (returns ok) for request 1 Processing the accounting section
Send map name to NAS
Hi everybody is it possible to send the name of the map that the NAS has to use in order to connect vpn client ?? I'm using a cisco router (1811) as vpn concentrator and freeradius 1.1.0-1.1 I saw attributs like Cisco-AVPair=ipsec:addr-pool=pool-name in order to say what pool is used but i would like know if a such config is possible for vpn map... thanks in advance begin:vcard fn:Pierre LEONARD n:LEONARD;Pierre org:Debian Etch - Testing ;Linux user email;internet:[EMAIL PROTECTED] title:Student - Network Telecoms version:2.1 end:vcard - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd run time problem
Do --with-mysql Make sure the rlm_sql libs appear in the lib dir of the dir you installed it in. Chris Carver Network Engineer Abul Monsur Mannan wrote: Tahnk you for your responce. I've Mysql Devel,server and client installed. I did like this-- ./configur --with -mysql as said in OnLamp:http://www.onlamp.com/pub/a/onlamp/excerpt/radius_5/index1.html Thank You again. On 5/22/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi, When I execute at root - #radiusd -X the following error message is returned. radiusd.conf[14]: sql: Module instantiation failed. radiusd.conf[1798] Unknown module sql. radiusd.conf[1727] Failed to parse authorize section. your config file is asking to load the SQL module but you dont have the SQL support compiled in. how did you install FreeRADIUS? via a package, or from source? if from source, did you note the errors thrown open by the ./configure step? to have SQL support you'd need the SQL development environment installed. if you dont need SQL, simply comment it out of your config file. I've done all the steps that stated on Onlamp's webpage. its best to state the full URL in these cases too. OnLAMP has many many many tutorials Could you pls help me out and guide me with full linux command? the way you called FreeRADIUS is fine...for debugging alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: auth acct same port
Stephan, Thanks you very much. Because this OS is proprietary, I may be forced to do that. For now I am trying to work with the vendor to change acct and auth packets. -Jason Ellison The trouble with being punctual is that nobody's there to appreciate it. -- Franklin P. Jones On Mon, 22 May 2006, Stefan Winter wrote: Hi, Can you listen for both auth and acct packets on the same port? No. thanks, i had already read all the RFC's. I was only asking because I'm using an Airmatrix (linux based) WAP. And it sends auth and acct packets to the same port. It's a bit broken. write a simple source code modification. One of the early packet parsing checks is whether the ports match or not. Take away that check and it should work. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.1.0 with rp-pppoe 3.8 pppoe-server
I have a Red Hat 9.0 system with the following software: - ppp 2.4.4b1 rp-pppoe 3.8 freeradius 1.1.0 I saw the following in /usr/local/share/freeradius/dictionary.roaringpenguin RP-Upstream-Speed-Limit RP-Downstream-Speed-Limit I did perform a download speed test and the download speed is not correct. I can't get 128kbits but I get the full speed of 1Mbps, why? rp-pppoe + pppd don't support those Radius attributes. to limit the user you'll need to create an /etc/ppp/ip-up script that will parse /var/run/radattr.ppp0 for those attributes, and then you can apply tc rules to limit the traffic. -- damjan | дамјан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address, it's a Jabber ID --^ :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 1.1.0 with rp-pppoe 3.8 pppoe-server
root linux [EMAIL PROTECTED] wrote: How do I check is PPPoE sending the attribute to FreeRADIUS? You read the debug log? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
make error message - please help !
Am getting this below error message when i ran the 'make' command and i configured it using the below command. ./configure --enable-slapd=no -enable-slurpd=no --with-threads=no --with-openssl-includes=/usr/local/openssl/include --with-openssl-libraries=/usr/local/openssl/lib Can someone help me how to resolve this issue, aint find anything interesting on net. have installed krb lib and develop rpm but even that too didnt work. Please help me !!! make makefrmay21-1.log In file included from eap_peap.h:25, from rlm_eap_peap.c:24: ../../libeap/eap_tls.h:138: syntax error before SSL ../../libeap/eap_tls.h:138: warning: no semicolon at end of struct or union ../../libeap/eap_tls.h:141: syntax error before '*' token ../../libeap/eap_tls.h:141: warning: type defaults to `int' in declaration of `into_ssl' ../../libeap/eap_tls.h:141: warning: data definition has no type or storage class ../../libeap/eap_tls.h:142: syntax error before '*' token ../../libeap/eap_tls.h:142: warning: type defaults to `int' in declaration of `from_ssl' ../../libeap/eap_tls.h:142: warning: data definition has no type or storage class ../../libeap/eap_tls.h:172: syntax error before '}' token ../../libeap/eap_tls.h:172: warning: type defaults to `int' in declaration of `tls_session_t' ../../libeap/eap_tls.h:172: warning: data definition has no type or storage class ../../libeap/eap_tls.h:182: syntax error before tls_session_t ../../libeap/eap_tls.h:186: syntax error before SSL ../../libeap/eap_tls.h:188: syntax error before '*' token ../../libeap/eap_tls.h:371: syntax error before SSL_CTX ../../libeap/eap_tls.h:371: warning: no semicolon at end of struct or union ../../libeap/eap_tls.h:372: warning: type defaults to `int' in declaration of `eap_tls_t' ../../libeap/eap_tls.h:372: warning: data definition has no type or storage class ../../libeap/eap_tls.h:383: warning: type defaults to `int' in declaration of `SSL' ../../libeap/eap_tls.h:383: syntax error before '*' token ../../libeap/eap_tls.h:384: syntax error before X509_STORE_CTX ../../libeap/eap_tls.h:386: syntax error before SSL ../../libeap/eap_tls.h:387: syntax error before '*' token ../../libeap/eap_tls.h:387: syntax error before '*' token ../../libeap/eap_tls.h:387: warning: type defaults to `int' in declaration of `cbtls_rsa' ../../libeap/eap_tls.h:387: warning: data definition has no type or storage class ../../libeap/eap_tls.h:390: syntax error before '*' token ../../libeap/eap_tls.h:390: syntax error before '*' token ../../libeap/eap_tls.h:390: warning: type defaults to `int' in declaration of `eaptls_new_session' ../../libeap/eap_tls.h:390: warning: data definition has no type or storage class ../../libeap/eap_tls.h:391: syntax error before '*' token ../../libeap/eap_tls.h:392: syntax error before '*' token ../../libeap/eap_tls.h:393: syntax error before '*' token ../../libeap/eap_tls.h:397: syntax error before '*' token ../../libeap/eap_tls.h:398: syntax error before '*' token In file included from rlm_eap_peap.c:24: eap_peap.h:52:2: invalid preprocessing directive #int rlm_eap_peap.c: In function `eappeap_authenticate': rlm_eap_peap.c:165: `tls_session' undeclared (first use in this function) rlm_eap_peap.c:165: (Each undeclared identifier is reported only once rlm_eap_peap.c:165: for each function it appears in.) rlm_eap_peap.c:165: syntax error before ')' token rlm_eap_peap.c:242: warning: implicit declaration of function `eappeap_process' gmake[9]: *** [rlm_eap_peap.lo] Error 1 gmake[8]: *** [common] Error 2 gmake[7]: *** [all] Error 2 gmake[6]: *** [common] Error 2 gmake[5]: *** [common] Error 2 gmake[4]: *** [all] Error 2 gmake[3]: *** [common] Error 2 gmake[2]: *** [all] Error 2 gmake[1]: *** [common] Error 2 make: *** [all] Error 2 -- ___ Search for businesses by name, location, or phone number. -Lycos Yellow Pages http://r.lycos.com/r/yp_emailfooter/http://yellowpages.lycos.com/default.asp?SRC=lycos10 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: make error message - please help !
Kartthik Raghunathan [EMAIL PROTECTED] wrote: In file included from eap_peap.h:25, from rlm_eap_peap.c:24: ../../libeap/eap_tls.h:138: syntax error before SSL ../../libeap/eap_tls.h:138: warning: no semicolon at end of struct or union You don't have the OpenSSL header files installed. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP check attributes
Antonio Matera [EMAIL PROTECTED] wrote: I haven't an EAP-Type entry and I don't understand where freeradius finds this attribute Neither do I. But the message isn't produced in the default configuration, even when LDAP is enabled. It's something you've changed in your configuration. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html