close connection
hi.I'm a new user with freeradius.i'm using it to authenticate clients in a Wlan, it work great, but I need to disconnect a user that have finished his available broswing time.(i use a prepaid cards)how can i do? I saw in wiki.freeradius.org the radiusKick at ftp://ftp.nmo.net/pub/radkill/radkill-latest.tar.gzbut i cannot download it, and probably it is obsolete (written in 2000).can anybody help me?best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DynaLoader loading problem
Looks to me like the version of Dynaloader.so that rlm_perl is using is newer than the version of Dynaloader.pm thats in the path. Dynaloader.pm comes as part of perl, so there must be a version on your hard disk somewhere either not in the path or coming in lower down your path list than the one being used. Try temporarily moving /usr/libdata/perl/5.00503/DynaLoader.pm out of the way to a backup directory, or failing that searching your hard disk for instances of DynaLoader.pm and modifying @INC to include that search path at the top of your script would be a place to start. FreeBSD 4.11 FreeRADIUS 1.0.4 I've installed rlm_perl in 1.0.4 version since it's not by default installed.. and trying to add perl script to add attribute during authorization and while restart:- NOTE: newtimeout2.pl - using original example.pl with added one sub routine line 30 as reported is line with use Data::Dumper; DynaLoader object version 1.04 does not match $DynaLoader::VERSION 1.03 at /usr/libdata/perl/5.00503/DynaLoader.pm line 80. BEGIN failed--compilation aborted at /usr/local/etc/raddb/newtimeout2.pl line 30. rlm_perl: perl_parse failed: /usr/local/etc/raddb/newtimeout2.pl not found or has syntax errors. radiusd.conf[1643]: myperl: Module instantiation failed. # I've recently upgraded perl to 5.8.2 from 5.00503 Freeradius been installed during old perl. But although I've recompiled again radius 1.0.4 with new perl environment.. Still received above error.. --haizam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool error
I have a doubt, it's possibile use ippool with LDAP (CHAP authentication)?Have someone ideas about this error? I'm not able to find documentation or other about this.Thanks in advance. Giusy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: proxy request when ldap authentication is enable
Im sorry, i missed out the debug long in my previous mail.Please find the logs given below.rad_recv: Access-Request packet from host 127.0.0.1:30504, id=8, length=295 User-Name = anonymous Called-Station-Id = 00-A0-F8-BF-E9-BC:ssid1 Calling-Station-Id = 00-0F-3D-E9-A6-54 NAS-Port = 1 NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 NAS-IP-Address = 127.0.0.1 NAS-Identifier = switch VSA-1 = ssid1 ASA-2 = 1 NAS-Port-Id = WLAN1 Connect-Info = CONNECT 54Mbps 802.11a State = 0x7202552d433833273413b6683dd14790 EAP-Message = 0x0205004f15800045170301004073b0056431239ce2d8e9dff10e30ac509c6189763cbcc5d2f0a254fc338a827b5c7322e66c46ebbddf16bb5a0d807a31b3bdd103188ded50ea2e25578a88d6de Message-Authenticator = 0xebdc63168f0f7b03694605ba31129085 Processing the authorize section of radiusd.confmodcall: entering group authorize for request 4 modcall[authorize]: module preprocess returns ok for request 4 modcall[authorize]: module chap returns noop for request 4 modcall[authorize]: module mschap returns noop for request 4 rlm_realm: No '/' in User-Name = anonymous, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix_oblic returns noop for request 4 rlm_realm: No '/' in User-Name = anonymous, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module prefix_oblic returns noop for request 4 rlm_realm: No '@' in User-Name = anonymous, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix_at returns noop for request 4 rlm_realm: No '@' in User-Name = anonymous, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module prefix_at returns noop for request 4 rlm_realm: No '%' in User-Name = anonymous, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix_percent returns noop for request 4 rlm_realm: No '%' in User-Name = anonymous, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module prefix_percent returns noop for request 4 users: Matched entry anonymous at line 2 modcall[authorize]: module files returns ok for request 4 rlm_eap: EAP packet type response id 5 length 79 rlm_eap: No EAP Start, astestuserng it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 4 modcall: leaving group authorize (returns updated) for request 4 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAPWarning: Found 2 auth-types on request for user 'anonymous' auth: type EAP Processing the authenticate section of radiusd.confmodcall: entering group authenticate for request 4 rlm_eap: Request found, released from the list rlm_eap: EAP/ttls rlm_eap: processing type ttls rlm_eap_ttls: Authenticate rlm_eap_tls: processing TLSrlm_eap_tls: Length Included eaptls_verify returned 11 eaptls_process returned 7 rlm_eap_ttls: Session established. Proceeding to decode tunneled attributes. Processing the authorize section of radiusd.confmodcall: entering group authorize for request 4 modcall[authorize]: module preprocess returns ok for request 4 modcall[authorize]: module chap returns noop for request 4 modcall[authorize]: module mschap returns noop for request 4 rlm_realm: No '/' in User-Name = [EMAIL PROTECTED], looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix_oblic returns noop for request 4 rlm_realm: No '/' in User-Name = [EMAIL PROTECTED], looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module prefix_oblic returns noop for request 4 rlm_realm: Looking up realm domain.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm domain.com rlm_realm: Proxying request from user testuser to realm domain.com rlm_realm: Adding Realm = domain.com rlm_realm: Preparing to proxy authentication request to realm domain.com modcall[authorize]: module suffix_at returns updated for request 4 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module prefix_at returns noop for request 4 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module suffix_percent returns noop for request 4 rlm_realm: Request already proxied. Ignoring. modcall[authorize]: module prefix_percent returns noop for request 4 radius_xlat: 'group2'rlm_ldap: Entering ldap_groupcmp()radius_xlat: 'o=domain,c=india'radius_xlat: '(uid=[EMAIL PROTECTED])'rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0rlm_ldap: attempting LDAP reconnectionrlm_ldap: (re)connect to 1.1.1.3:389, authentication 0rlm_ldap: bind as cn=Manager,o=domain,c=India/secret to 1.1.1.3:389rlm_ldap: cn=Manager,o=domain,c=India bind to 1.1.1.3:389 failed: Can't contact LDAP serverrlm_ldap: (re)connection attempt failedrlm_ldap::ldap_groupcmp: search failed rlm_ldap: ldap_release_conn: Release Id: 0radius_xlat: '1234'rlm_ldap: Entering ldap_groupcmp()radius_xlat: 'o=domain,c=india'radius_xlat: '(uid=[EMAIL PROTECTED] )'rlm_ldap: ldap_get_conn: Checking Id: 0rlm_ldap: ldap_get_conn: Got
closing connection
hi.I'm a new user with freeradius.i'm using it to authenticate clients in a Wlan, it work great, but I need to disconnect a user that have finished his available broswing time.(i use a prepaid cards)how can i do? in the code there are some rows to deny the authentication if a guest consume his daily time, how I can enebled it? is enabled by default? I saw in wiki.freeradius.org the radiusKick at ftp://ftp.nmo.net/pub/radkill/radkill-latest.tar.gzbut i cannot download it, and probably it is obsolete (written in 2000).can anybody help me?best regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
enabling daily counter to deny authentication
how can I do that? and how can I operate to counter for deny any request if a thresold is met? (not only for a day, but forever) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
enabling daily counter to deny authentication
how can I do that? and how can I operate to counter for deny any request if a thresold is met? (not only for a day, but forever) . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
What attribute for password change?
I don't know that password change. what attribute ? Help me pleaes! ☞ 실시간 메일 알림! 이제 U2에서~ 악성코드 무료 치료 기능, SMS 100건 무료 제공! ☜ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: What attribute for password change?
Hi, I don't know that password change. what attribute ? RADIUS is for *verifying* passwords, not for changing them. If you want to change them, create an administration interface for your authentication backend. If you happen to be using mySQL as a backend, have a look at dialup_admin. Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpsq6kuydYU0.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ippool error
Yes its possible. However you will have to store passwords in clear text format onto the ldap. De: freeradius-users-bounces+s.can[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Giuseppina Venezia Envoyé: lundi 31 juillet 2006 12:13 À: FreeRadius users mailing list Objet: Re: ippool error I have a doubt, it's possibile use ippool with LDAP (CHAP authentication)? Have someone ideas about this error? I'm not able to find documentation or other about this. Thanks in advance. Giusy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool error
On 7/31/06, Sebastien Cantos [EMAIL PROTECTED] wrote: Yes it's possible. However you will have to store passwords in clear text format onto the ldap. Ldap works fine. The authentication works, the only thing that doesn't works is ip pool assignment. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ippool error
Ive something like this in the user file: DEFAULT Service-Type == Framed-User, Pool-Name := main_pool Framed-Protocol = PPP, Framed-MTU = 1500, Idle-Timeout = 300 Then make sure you have a reference to your pool in the postauth section of radiusd.conf : post-auth { # Get an address from the IP Pool. main_pool And also a reference of it in the accounting section (just to make sure an IP will be cleared from the pool when an accounting STOP packet is received). accounting { .. main_pool . Regards, Sebastien. De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Giuseppina Venezia Envoyé: lundi 31 juillet 2006 14:31 À: FreeRadius users mailing list Objet: Re: ippool error On 7/31/06, Sebastien Cantos [EMAIL PROTECTED] wrote: Yes it's possible. However you will have to store passwords in clear text format onto the ldap. Ldap works fine. The authentication works, the only thing that doesn't works is ip pool assignment. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool error
On 7/31/06, Sebastien Cantos [EMAIL PROTECTED] wrote: I've something like this in the user file: That's Ok Then make sure you have a reference to your pool in the postauth section of radiusd.conf :Yes. And also a reference of it in the accounting section (just to make sure an IP will be cleared from the pool when an accounting STOP packet is received). accounting { ….. main_pool ….I haven't this. Noy, I've added the name of my pool in accounting section and i have this error in adding to that one before: Mon Jul 31 16:11:45 2006 : Debug: Processing the accounting section of radiusd.confMon Jul 31 16:11:45 2006 : Debug: modcall: entering group accounting for request 1Mon Jul 31 16:11:45 2006 : Debug: modsingle[accounting]: calling studenti (rlm_ippool) for request 1 Mon Jul 31 16:11:45 2006 : Debug: rlm_ippool: This is not an Accounting-Stop. Return NOOP.Mon Jul 31 16:11:45 2006 : Debug: modsingle[accounting]: returned from studenti (rlm_ippool) for request 1Mon Jul 31 16:11:45 2006 : Debug: modcall[accounting]: module studenti returns noop for request 1 Regards,Thanks. Giusy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ippool error
Can you paste the part of the logs dealing with postauth? The IP assignment should be done in postauth and it adds the Framed-IP-Address in the auth response. Also, can you paste the part of your radiusd.conf where you define the ip pool please ? De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Giuseppina Venezia Envoyé: lundi 31 juillet 2006 16:26 À: FreeRadius users mailing list Objet: Re: ippool error On 7/31/06, Sebastien Cantos [EMAIL PROTECTED] wrote: I've something like this in the user file: That's Ok Then make sure you have a reference to your pool in the postauth section of radiusd.conf : Yes. And also a reference of it in the accounting section (just to make sure an IP will be cleared from the pool when an accounting STOP packet is received). accounting { .. main_pool . I haven't this. Noy, I've added the name of my pool in accounting section and i have this error in adding to that one before: Mon Jul 31 16:11:45 2006 : Debug: Processing the accounting section of radiusd.conf Mon Jul 31 16:11:45 2006 : Debug: modcall: entering group accounting for request 1 Mon Jul 31 16:11:45 2006 : Debug: modsingle[accounting]: calling studenti (rlm_ippool) for request 1 Mon Jul 31 16:11:45 2006 : Debug: rlm_ippool: This is not an Accounting-Stop. Return NOOP. Mon Jul 31 16:11:45 2006 : Debug: modsingle[accounting]: returned from studenti (rlm_ippool) for request 1 Mon Jul 31 16:11:45 2006 : Debug: modcall[accounting]: module studenti returns noop for request 1 Regards, Thanks. Giusy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool error
Giuseppina Venezia wrote: On 7/28/06, *Phil Mayers* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: If the ippool module is saying Pool-Name is not found, then these entries must not be matching. Run FreeRadius under debugging with the -X argument, and watch for the bit where it processes the authorize section - see what entries are matched in the files module. The authorize section works well: I'll repeat myself: Run FreeRadius under debugging with the -X argument, and watch for the bit where it processes the authorize section - see what entries are matched in the files module. The logs you have given are NOT debugging output. What does your radiusd.conf look like? I'll repeat myself - you are NOT setting the Pool-Name attribute. Set it, and it will work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius on Fedora Core 4
Hi All I have installed rpm freeradius-1.0.4-1.FC4.1 on Fedora core 4, however I have the following problems, whe I use radtest for test my server radtestkiko kako99 localhost 1812 testing123Sending Access-Request of id 215 to 127.0.0.1:1812 User-Name = vlal User-Password = vita99 NAS-IP-Address = smtp.cablenet.com.ni NAS-Port = 1812rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=215, length=20 All my user are of my system (/etc/passwd and /etc/shadow), I need to enable radius for dialuo users. I am testing the radius server with [EMAIL PROTECTED] raddb]# radiusd -X -AStarting - reading configuration files ...reread_config: reading radiusd.confConfig: including file: /etc/raddb/proxy.confConfig: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.confConfig: including file: /etc/raddb/sql.confmain: prefix = /usrmain: localstatedir = /varmain: logdir = /var/log/radius main: libdir = /usr/libmain: radacctdir = /var/log/radius/radacctmain: hostname_lookups = nomain: max_request_time = 30main: cleanup_delay = 5main: max_requests = 1024 main: delete_blocked_requests = 0main: port = 0main: allow_core_dumps = nomain: log_stripped_names = nomain: log_file = /var/log/radius/radius.logmain: log_auth = nomain: log_auth_badpass = no main: log_auth_goodpass = nomain: pidfile = /var/run/radiusd/radiusd.pid main: user = radiusdmain: group = radiusdmain: usercollide = nomain: lower_user = no main: lower_pass = nomain: nospace_user = nomain: nospace_pass = nomain: checkrad = /usr/sbin/checkradmain: proxy_requests = yesproxy: retry_delay = 5 proxy: retry_count = 3proxy: synchronous = noproxy: default_fallback = yesproxy: dead_time = 120proxy: post_proxy_authorize = yesproxy: wake_all_if_all_dead = nosecurity: max_attributes = 200 security: reject_delay = 1security: status_server = nomain: debug_level = 0read_config_files: reading dictionaryread_config_files: reading naslistUsing deprecated naslist file. Support for this will go away soon. read_config_files: reading clientsread_config_files: reading realmsradiusd: entering modules setupModule: Library search path is /usr/libModule: Loaded System unix: cache = nounix: passwd = /etc/passwd unix: shadow = (null)unix: group = /etc/groupunix: radwtmp = /var/log/radius/radwtmpunix: usegroup = nounix: cache_reload = 600Module: Instantiated unix (unix) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroupspreprocess: hints = /etc/raddb/hintspreprocess: with_ascend_hack = nopreprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = nopreprocess: with_specialix_jetstream_hack = nopreprocess: with_cisco_vsa_hack = noModule: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @realm: ignore_default = norealm: ignore_null = noModule: Instantiated realm (suffix) Module: Loaded files files: usersfile = /etc/raddb/usersfiles: acctusersfile = /etc/raddb/acct_users files: preproxy_usersfile = /etc/raddb/preproxy_usersfiles: compat = noModule: Instantiated files (files) Module: Loaded detail detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail detail: detailperm = 384detail: dirperm = 493detail: locking = noModule: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /var/log/radius/radutmpradutmp: username = %{User-Name} radutmp: case_sensitive = yesradutmp: check_with_nas = yesradutmp: perm = 384radutmp: callerid = yesModule: Instantiated radutmp (radutmp) Listening on authentication *:1812Listening on accounting *:1813 Listening on proxy *:1814Ready to process requests. I need you suggestions. Regards. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Undelivered Mail Returned to Sender
Mail Delivery System wrote: This is the Postfix program at host wavetail.420.am. I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below. For further assistance, please send mail to postmaster If you do so, please include this problem report. You can delete your own text from the attached returned message. The Postfix program [EMAIL PROTECTED]: host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message content rejected, UBE, id=02941-03 (in reply to end of DATA command) Reporting-MTA: dns; wavetail.420.am X-Postfix-Queue-ID: 0CC3BFC817B X-Postfix-Sender: rfc822; [EMAIL PROTECTED] Arrival-Date: Sun, 30 Jul 2006 22:07:43 -0700 (PDT) Final-Recipient: rfc822; [EMAIL PROTECTED] Action: failed Status: 5.0.0 Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message content rejected, UBE, id=02941-03 (in reply to end of DATA command) Subject: New From: Dave [EMAIL PROTECTED] Date: Mon, 31 Jul 2006 01:05:23 -0400 To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Received: from 206-248-144-82.dsl.teksavvy.com (206-248-144-82.dsl.teksavvy.com [206.248.144.82]) by wavetail.420.am (Postfix) with ESMTP id 0CC3BFC817B for [EMAIL PROTECTED]; Sun, 30 Jul 2006 22:07:43 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by 206-248-144-82.dsl.teksavvy.com (Postfix) with ESMTP id 7E7921CF7D0 for [EMAIL PROTECTED]; Mon, 31 Jul 2006 00:15:46 -0400 (EDT) Received: from 206-248-144-82.dsl.teksavvy.com ([127.0.0.1]) by localhost (206-248-144-82.dsl.teksavvy.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20791-16 for [EMAIL PROTECTED]; Mon, 31 Jul 2006 00:15:46 -0400 (EDT) Received: from [192.168.1.150] (206-248-139-111.dsl.teksavvy.com [206.248.139.111]) by 206-248-144-82.dsl.teksavvy.com (Postfix) with ESMTP id DBF361CF1C4 for [EMAIL PROTECTED]; Mon, 31 Jul 2006 00:15:45 -0400 (EDT) Message-ID: [EMAIL PROTECTED] User-Agent: Thunderbird 1.5.0.2 (X11/20060504) MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at dsl.teksavvy.com X-Spam-Status: No, score=-1.147 tagged_above=-100 required=3 tests=[ALL_TRUSTED=-1.44, AWL=0.293] X-Spam-Score: -1.147 New - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
making sqlcounter working
can anybody help me? i cannot make it runing - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool error
On 7/31/06, Phil Mayers [EMAIL PROTECTED] wrote: The logs you have given are NOT debugging output.[EMAIL PROTECTED]:/usr/local/etc/raddb# radiusd -X -A [1] 16321Starting - reading configuration files ..Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:1039, id=0, length=216 User-Name = arccas CHAP-Challenge = 0xf606250a5f23241fb1b9d9109af1a082 CHAP-Password = 0x00c66b772cfa0368bcf45f5e2945903846 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = 00-02-D7-BF-A0-98 Called-Station-Id = 00-50-BF-E3-E8-2A NAS-Identifier = nas01 Acct-Session-Id = 44ce1d930001 NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Message-Authenticator = 0x4e30008639133c8110c2088e9d90 WISPr-Logoff-URL = "" href="http://192.168.182.1:3990/logoff">http://192.168.182.1:3990/logoff Processing the authorize section of radiusd.confmodcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module chap returns ok for request 0rlm_ldap: - authorizerlm_ldap: performing user authorization for arccasradius_xlat: '(uid=arccas)'radius_xlat: 'ou=statistica,dc=xxx,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0rlm_ldap: ldap_get_conn: Got Id: 0rlm_ldap: attempting LDAP reconnectionrlm_ldap: (re)connect to localhost:389, authentication 0rlm_ldap: bind as cn=Manager,dc=xxx,dc=it/PASSWORD to localhost:389 rlm_ldap: waiting for bind result ...rlm_ldap: Bind was successfulrlm_ldap: performing search in ou=statistica,dc=xxx,dc=it, with filter (uid=arccas)rlm_ldap: checking if remote access for arccas is allowed by userPassword rlm_ldap: Added password a in check itemsrlm_ldap: looking for check items in directory...rlm_ldap: Adding radiusGroupName as Ldap-Group, value student op=21rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-D7-BF-A0-98 op=21 rlm_ldap: Adding userPassword as User-Password, value a op=21rlm_ldap: looking for reply items in directory...rlm_ldap: user arccas authorized to use remote accessrlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module ldap returns ok for request 0rlm_checkval: Item Name: Calling-Station-Id, Value: 00-02-D7-BF-A0-98rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-D7-BF-A0-98 modcall[authorize]: module checkval returns ok for request 0modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type CHAPauth: type CHAP Processing the authenticate section of radiusd.confmodcall: entering group CHAP for request 0 rlm_chap: login attempt by arccas with CHAP password rlm_chap: Using clear text password a for user arccas authentication. rlm_chap: chap user arccas authenticated succesfully modcall[authenticate]: module chap returns ok for request 0modcall: leaving group CHAP (returns ok) for request 0 Processing the post-auth section of radiusd.confmodcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module studenti returns noop for request 0modcall: leaving group post-auth (returns noop) for request 0Sending Access-Accept of id 0 to 127.0.0.1 port 1039Finished request 0Going to the next request--- Walking the entire request list ---Waking up in 6 seconds...rad_recv: Accounting-Request packet from host 127.0.0.1:1037, id=0, length=131 Acct-Status-Type = Start User-Name = arccas Calling-Station-Id = 00-02-D7-BF-A0-98 Called-Station-Id = 00-50-BF-E3-E8-2A NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = 0001 NAS-IP-Address = 0.0.0.0 NAS-Identifier = nas01 Framed-IP-Address = 192.168.182.3 Acct-Session-Id = 44ce1d930001 Processing the preacct section of radiusd.confmodcall: entering group preacct for request 1 modcall[preacct]: module preprocess returns noop for request 1rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = 44ce1d930001,User-Name = arccas'rlm_acct_unique: Acct-Unique-Session-ID = 6b0287a8c4334b7b. modcall[preacct]: module acct_unique returns ok for request 1 rlm_realm: No '@' in User-Name = arccas, looking up realm NULL rlm_realm: No such realm NULL modcall[preacct]: module suffix returns noop for request 1modcall: leaving group preacct (returns ok) for request 1 Processing the accounting section of radiusd.confmodcall: entering group accounting for request 1rlm_ippool: This is not an Accounting-Stop. Return NOOP. modcall[accounting]: module studenti returns noop for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060731'rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060731 modcall[accounting]: module detail returns ok for request 1 modcall[accounting]: module unix returns ok for request 1radius_xlat: '/u
make install R=... and integrated libtool problem (and sollution)
I've tried to make an ArchLinux package of freeradius 1.1.2, but although the compile would go fine and compile all the modules, when I would do 'make install R=/tmp/pkg-fr' it would not install any of the *.so files for the modules in /usr/lib/freeradius. I've noticed in the output of make install that when libtool tries to relink the libraries it looks for libradius.so in /usr/lib/freeradius and not in /tmp/pkg-fr/usr/lib/freeradius/. The sollution for me was to use the system installed libtool (1.5.22 in ArchLinux) instead of the freeradius internal libtool (version 1.4.2) Maybe the freeradius source needs to update the included libtool? -- damjan | дамјан This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address, it's a Jabber ID --^ :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: make install R=... and integrated libtool problem (and sollution)
Damjan [EMAIL PROTECTED] wrote: Maybe the freeradius source needs to update the included libtool? See the CVS head, and the branch_1_1 tag. Version 1.1.3 will contain the fixes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-1.1.2 install question on Solaris 10 (SPARC)
I am trying to install freeradius-1.1.2 on Solaris 10. I noticed that it requires to have open ssl installed on the system, and the Solaris 10 that I am working on has already installed open SSL as follows : /usr/local/ssl/lib# ls -altotal 11884drwxr-xr-x 4 root bin 512 Apr 21 09:01 .drwxr-xr-x 10 root root 512 Apr 21 09:01 ..drwxr-xr-x 2 root bin 512 Apr 21 09:01 engines -rw-r--r-- 1 root bin 2235224 Oct 15 2005 libcrypto.alrwxrwxrwx 1 root root 18 Apr 21 09:01 libcrypto.so - libcrypto.so.0.9.8-r-xr-xr-x 1 root bin 1333832 Oct 15 2005 libcrypto.so.0.9.7-r-xr-xr-x 1 root bin 1529352 Oct 15 2005 libcrypto.so.0.9.8-rw-r--r-- 1 root bin 389692 Oct 15 2005 libssl.alrwxrwxrwx 1 root root 15 Apr 21 09:01 libssl.so - libssl.so.0.9.8-r-xr-xr-x 1 root bin 234036 Oct 15 2005 libssl.so.0.9.7-r-xr-xr-x 1 root bin 291900 Oct 15 2005 libssl.so.0.9.8drwxr-xr-x 2 root bin 512 Apr 21 09:01 pkgconfig Also initiatially when I did ./configure - it was giving me error that the PATH was not set for gcc, cc etc. I set the path as follows : export PATH=$PATH:/usr/local/bin and then I attempetd to do make as follows : # makemake[1]: Entering directory `/export/home/lab/freeradius-1.1.2'Making all in libltdl...make[2]: Entering directory `/export/home/lab/freeradius-1.1.2/libltdl'/bin/sh ./libtool --mode=compile gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.cmkdir .libsgcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -fPIC -DPIC -o .libs/ltdl.loltdl.c: In function `lt_dlopenext':ltdl.c :2926: warning: unused variable `file_found'gcc -DHAVE_CONFIG_H -I. -I. -I. -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -c ltdl.c -o ltdl.o /dev/null 21mv -f .libs/ltdl.lo ltdl.lo/bin/sh ./libtool --mode=link gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -o libltdl.la -rpath /usr/local/lib -no-undefined -version-info 4:0:1 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthreadrm -fr .libs/libltdl.la .libs/libltdl.* .libs/libltdl.*/usr/ccs/bin/ld -G -z defs -h libltdl.so.3 -o .libs/libltdl.so.3.1.0 ltdl.lo -ldl -lnsl -lresolv -lsocket -lposix4 -lpthread -lc (cd .libs rm -f libltdl.so.3 ln -s libltdl.so.3.1.0 libltdl.so.3)(cd .libs rm -f libltdl.so ln -s libltdl.so.3.1.0 libltdl.so)ar cru .libs/libltdl.a ltdl.o ./libtool: ar: not found make[2]: *** [libltdl.la] Error 1make[2]: Leaving directory `/export/home/lab/freeradius-1.1.2/libltdl'make[1]: *** [common] Error 2make[1]: Leaving directory `/export/home/lab/freeradius- 1.1.2'make: *** [all] Error 2 I dont have any clue what that might be.. Can anybody help me figure out the problem ? Thanks Rafi -- Rafiqul Ahsan630-717-1698(h)2120 Periwinkle Ln 630-689-1457(h)Naperville, IL 60540847-812-6176(c) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool error
Giuseppina Venezia [EMAIL PROTECTED] wrote: rlm_ippool: Could not find Pool-Name attribute. As has been said many times, you are not setting the Pool-Name attribute. users ... DEFAULT Huntgroup-Name == studenti, Ldap-Group == student, Pool-Name:=studenti Which is OK, except for the fact that the debug log shows the server isn't reading the users file. And the radiusd.conf pieces you posted don't include the authorize section. You deleted files from authorize, and are still trying to use the users file. Please don't break the server configuration. The default configuration is there for a purpose: it works. It's frustrating to see the number of people who go out of their way to break the server, and then wonder why it doesn't work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius on Fedora Core 4
Vida Luz Arista [EMAIL PROTECTED] wrote: I have installed rpm freeradius-1.0.4-1.FC4.1 on Fedora core 4, however I have the following problems, whe I use radtest for test my server radtest kiko kako99 localhost 1812 testing123 Sending Access-Request of id 215 to 127.0.0.1:1812 User-Name = vlal User-Password = vita99 NAS-IP-Address = smtp.cablenet.com.ni NAS-Port = 1812 rad_recv: Access-Reject packet from host 127.0.0.1:1812, id=215, length=20 Ok... I am testing the radius server with [EMAIL PROTECTED] raddb]# radiusd -X -A Starting - reading configuration files ... ... Ready to process requests. I need you suggestions. Post a debug log which shows the server receiving a packet? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
noob with some questions
Hi All, I've been setting up my College's first FreeRadius server and I've been having a hard time wrapping my brain around the config with the documentation that is available. If you'll bear with me here through this super long post, I'll go into more depth. What I'm trying to do: I want to configure FreeRadius to Authorize a user against an LDAP directory based on IF that user has the following values: edupersonprimaryaffiliation: STAFF AND psadminarea: BUSINESS - SMEAL COLLEGE OR edupersonprimaryaffiliation: Faculty AND psadminarea: BUSINESS - SMEAL COLLEGE If the user's values don't match either of these two condition, they are rejected. If they match either, then they are authenticated agains a kerberos server. I've got the basic configuration working in that FreeRadius will go out to the LDAP directory (right now it just seems to check if the attribute exists but does not make a judgement on it) and then it will go out to the Kerberos server and Authenticate. I want to now add the conditions I stated above but I'm a bit lost this point. At first I thought that this was something the CheckValue module should handle, then I thought maybe it should just be a part of the filter in the LDAP module, then I thought about maybe the values need to be in the dictionary files. At this point, it became apparent that I simply don't understand how FreeRadius handles itself. It is not apparent to me how or where FreeRadius makes its decisions on conditional values. This is where I hope some of you can help. I really like FreeRadius in that it is obviously a quality product, but as it is with the documentation and my lack of Radius experience, I just can't seem to get at the last piece of this puzzle. Right now, I have the following settings (with debug output further down) radiusd.conf, LDAP module: ldap { server = "ldap.psu.edu" # identity = "cn=admin,o=My Org,c=UA" # password = mypass basedn = "dc=psu,dc=edu" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" # base_filter = "(objectclass=radiusprofile)" # set this to 'yes' to use TLS encrypted connections # to the LDAP database by using the StartTLS extended # operation. # The StartTLS operation is supposed to be used with normal # ldap connections instead of using ldaps (port 689) connections start_tls = no # tls_cacertfile = /path/to/cacert.pem # tls_cacertdir = /path/to/ca/dir/ # tls_certfile = /path/to/radius.crt # tls_keyfile = /path/to/radius.key # tls_randfile = /path/to/rnd # tls_require_cert = "demand" # default_profile = "cn=radprofile,ou=dialup,o=My Org,c=UA" # profile_attribute = "radiusProfileDn" access_attr = "psadminarea" # Mapping of RADIUS dictionary attributes to LDAP # directory attributes. dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_connections_number = 5 # # NOTICE: The password_header directive is NOT case insensitive # # password_header = "{clear}" # # Set: # password_attribute = nspmPassword # # to get the user's password from a Novell eDirectory # backend. This will work *only if* freeRADIUS is # configured to build with --with-edir option. # # # The server can usually figure this out on its own, and pull # the correct User-Password or NT-Password from the database. # # Note that NT-Passwords MUST be stored as a 32-digit hex # string, and MUST start off with "0x", such as: # # 0x000102030405060708090a0b0c0d0e0f # # Without the leading "0x", NT-Passwords will not work. # This goes for NT-Passwords stored in SQL, too. # # password_attribute = userPassword # # Un-comment the following to disable Novell eDirectory account # policy check and intruder detection. This will work *only if* # FreeRADIUS is configured to build with --with-edir option. # # edir_account_policy_check=no # # groupname_attribute = cn # groupmembership_filter = "(|((objectClass=GroupOfNames)(member=%{Ldap-UserDn}))((objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" # groupmembership_attribute = radiusGroupName timeout = 4 timelimit = 3 net_timeout = 1 # compare_check_items = yes # do_xlat = yes # access_attr_used_for_allow = yes # # By default, if the packet contains a User-Password, # and no other module is configured to handle the # authentication, the LDAP module sets itself to do # LDAP bind for authentication. # # You can disable this behavior by setting the following # configuration entry to "no". # # allowed values: {no, yes} # set_auth_type = yes } In the file dictionary: ATTRIBUTE Is_Smeal_Member 3998 string ATTRIBUTE Is_Smeal_Fac_Staff_Member 3999 stringModule: Loaded preprocess preprocess: huntgroups = "/etc/freeradius/huntgroups" preprocess: hints = "/etc/freeradius/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module:
Re: ippool error
at: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060731' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060731 modcall[accounting]: module detail returns ok for request 1 modcall[accounting]: module unix returns ok for request 1radius_xlat: '/usr/local/var/log/radius/radutmp'radius_xlat: 'arccas' modcall[accounting]: module radutmp returns ok for request 1 modcall: leaving group accounting (returns ok) for request 1Sending Accounting-Response of id 0 to 127.0.0.1 port 1051Finished request 1Going to the next requestCleaning up request 1 ID 0 with timestamp 44ce4b99 Waking up in 6 seconds...--- Walking the entire request list ---Cleaning up request 0 ID 0 with timestamp 44ce4b99Nothing to do. Sleeping until we see a request.radius,conf authorize { preprocess chap files ldap checkval}-Thanks in advance.Giusy - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RedHat RPM's
I'm just confirming, As per the FAQ, there are no (Official) Redhat RPM's at the moment. The best way to install on Red Hat Enterprise Linux ES release 4 (Nahant) is to install from source? I'm setting up a new server (and redhat is a new distro for me) and I'd like to start off on the right foot. Michael King - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RedHat RPM's
well after all there is two ways you can go along: - install from source which will require you to fullfill all dependencies and install the neccessary header (i.e. -devel packages) - go find some inofficial rpm, prolly rpmseek.com or something like that will help you with this. Infofficial just means that those are NOT from the freeradius maintainers nor are they maintained by them. This needn't mean that those are bad. They mostly do fine. I even installed some redhat rpm on suse with success :) And if it don't work indeed then it is easy to get rid of it again :) So I suppose for a newbie this wiould be the easier way cheers Sebastian King, Michael wrote: I'm just confirming, As per the FAQ, there are no (Official) Redhat RPM's at the moment. The best way to install on Red Hat Enterprise Linux ES release 4 (Nahant) is to install from source? I'm setting up a new server (and redhat is a new distro for me) and I'd like to start off on the right foot. Michael King - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SNMP traps
On Sunday 30 July 2006 02:02, [EMAIL PROTECTED] wrote: Hi, thanxs Alen Can u give some more details for this.From where can i find that.And how freeradius supports SNMP Rgds Darshak FreeRADIUS doesn't support SNMP traps. It does support SMUX, which allows you to then query for information via SNMP. See snmp.conf for the ucd-snmp SMUX example. The RADIUS MIBS can be found in the mibs directory or you can use the actual OIDs in your SNMP queries. If you run into problems, include the versions of the SNMP and FreeRADIUS software you're using, as well as any relevant config lines and debug mode output. Kevin Bonner pgpsBpQN8WQua.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool error
Giuseppina Venezia [EMAIL PROTECTED] wrote: Thank you, Alan. Now, I have decommented files, it reads users but give the same error. I'll paste the log and the authorize configuration of radius.conf: ... Ready to process requests. rad_recv: Access-Request packet from host 192.168.1.96:2061, id=1, length= 69 Ignoring request from unknown client 192.168.1.96:2061 That's a problem. Please fix that, AND post logs from ONE CLIENT only. Posting logs that include packets from multiple clients makes it impossible to figure out the problem. rad_check_password: Found Auth-Type LDAP auth: type Local You're kidding, right? If this is really what's going on, then you spent a LOT of effort to break the default configuration. users: Matched entry DEFAULT at line 152 So... what's on line 152? Go read it. rlm_ippool: Could not find Pool-Name attribute. Probably because the entry setting the Pool-Name isn't on line 152. Honestly, you're going through enormous amounts of effort to get this working. Almost all of that effort is wasted, because you've ALSO spent enormous amounts of effort breaking the default configuration. Please start with the default configuration. What you're using now is so completely broken that it's simply too difficult to fix it. Then, configure the IP pool module. Change NOTHING else in the default configuration. Then, add a users file entry setting the pool name, and a password for a test user. See the FAQ. Then test it. Get THAT to work, and then start working on LDAP, and everything else. Again, please stop trying so hard to break the default configuration. It's clear you're not familiar with the way the server works, and that's OK. But it means that you SHOULD NOT be making massive edits to the default config, as you've been doing. It's causing nothing but problems. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Preprocessing Acct Message
Hi, I have freeradius 1.1.2 and postgres 7.4.11.In Acct message, one of the VSA is MSI-Diff-Charge-Container (our own attribute), whose value is a long hex string: 02060004 I would like to parse this value and insert the parsed values into the database. What is the best way to achieve this? Thanks, Khoa - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool error
On 7/31/06, Alan DeKok [EMAIL PROTECTED] wrote: Then, add a users file entry setting the pool name, and a passwordfor a test user.See the FAQ.Then test it.Get THAT to work, andthen start working on LDAP, and everything else. Ok. Again, please stop trying so hard to break the defaultconfiguration.It's clear you're not familiar with the way the server works, and that's OK.But it means that you SHOULD NOT be makingmassive edits to the default config, as you've been doing.It'scausing nothing but problems.It's true. I'll make all. Rally, thanks a lot. Alan DeKok.--http://deployingradius.com - The web site of the bookhttp://deployingradius.com/blog/ - The blog-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius in Fedora (Folder Redhat)
Hello everybody,I had been installed freeradius in Fedora using the tutorial of freeradius home page. I would like to know if necessary use the files in the directory redhat? If it is necessary, what I need to do? The no instruction files in that folder.I using EAP/PEAP.I am trying to configure freeradius to authenticate 802.11g users.Thank you for any information, Everton Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. Registre seu aparelho agora!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html