date:20061102


Hi all,

I am trying to install dialup admin. I followed HOWTO located in doc/
directory. I created all tables in radius database using provided .sql
files in sql/ dir. Now i have 4 tables in radius database: badusers,
mtotacct, totacct, userinfo.

When I connect to dialup admin and try to create new user, it gives me
following error:

Database query failed: Table 'radius.radcheck' doesn't exist
(after bunch of error messages that some queries and inserts are not valid).

I am not good with databases, but AFAIK this means that there is no
radcheck table in radius database. Also, if i understand admin.conf
properly, there is part that sayst following:

sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
sql_groupcheck_table: radgroupcheck
sql_groupreply_table: radgroupreply
sql_usergroup_table: usergroup
sql_total_accounting_table: totacct
sql_nas_table: nas

Also lot of tables mentioned here do not exist.

Did I missed something or ?

TIA
Dusan
http://dj-dule.blogspot.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Database query failed: Table 'radius.radcheck' doesn't exist

2006-11-02 Thread Vasea Marii

radcheck is one of the most important tables in freeradius if working with mysql! Is the table where users username, passwors and other data is stored for authenticating users when they are connecting!find! In you freeradius distribution find mysql.sql file and create the tables that are missing! By the way dialup-admin has a lot of bugs! You'll have a lot of work:)try phpmyprepaid!Dusan Djordjevic Liste [EMAIL PROTECTED] wrote: Hi all,I am trying to install dialup admin. I followed HOWTO located in doc/directory. I created all tables in radius database using provided .sqlfiles in sql/ dir. Now i have 4 tables in radius database: badusers,mtotacct, totacct, userinfo.When I connect to dialup admin and try to create new user, it gives mefollowing error:Database query failed: Table
'radius.radcheck' doesn't exist(after bunch of error messages that some queries and inserts are not valid).I am not good with databases, but AFAIK this means that there is noradcheck table in radius database. Also, if i understand admin.confproperly, there is part that sayst following:sql_database: radiussql_accounting_table: radacctsql_badusers_table: baduserssql_check_table: radchecksql_reply_table: radreplysql_user_info_table: userinfosql_groupcheck_table: radgroupchecksql_groupreply_table: radgroupreplysql_usergroup_table: usergroupsql_total_accounting_table: totacctsql_nas_table: nasAlso lot of tables mentioned here do not exist.Did I missed something or ?TIADusanhttp://dj-dule.blogspot.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Get your email and see which of your friends are online - Right on the new Yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Database query failed: Table 'radius.radcheck' doesn't exist

Please note that you have to use the .sql files provided for the freeradiues server and for dialupadminOn 11/2/06, Dusan Djordjevic Liste 
[EMAIL PROTECTED] wrote:Hi all,I am trying to install dialup admin. I followed HOWTO located in doc/
directory. I created all tables in radius database using provided .sqlfiles in sql/ dir. Now i have 4 tables in radius database: badusers,mtotacct, totacct, userinfo.When I connect to dialup admin and try to create new user, it gives me
following error:Database query failed: Table 'radius.radcheck' doesn't exist(after bunch of error messages that some queries and inserts are not valid).I am not good with databases, but AFAIK this means that there is no
radcheck table in radius database. Also, if i understand admin.confproperly, there is part that sayst following:sql_database: radiussql_accounting_table: radacctsql_badusers_table: baduserssql_check_table: radcheck
sql_reply_table: radreplysql_user_info_table: userinfosql_groupcheck_table: radgroupchecksql_groupreply_table: radgroupreplysql_usergroup_table: usergroupsql_total_accounting_table: totacctsql_nas_table: nas
Also lot of tables mentioned here do not exist.Did I missed something or ?TIADusanhttp://dj-dule.blogspot.com-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-- With Regards Ali Jawad
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Database query failed: Table 'radius.radcheck' doesn't exist

Well Ive tried dialupadmin..apart from the fact that it might be
troubleling to set up...it worked just fine for me..I used it to
authenicate ISP clients through pppoe..and to Dusan..as Vasea
said...find the .sql file containing the tables for freeradius and
import them using phpmyadmin or the mysql shell.On 11/2/06, Vasea Marii [EMAIL PROTECTED] wrote:
radcheck is one of the most important tables in freeradius if working
with mysql! Is the table where users username, passwors and other data
is stored for authenticating users when they are connecting!find!
In you freeradius distribution find mysql.sql file and create the
tables that are missing! By the way dialup-admin has a lot of bugs!
You'll have a lot of work:)try phpmyprepaid!Dusan Djordjevic Liste [EMAIL PROTECTED]
 wrote: Hi all,I am trying to install dialup admin. I followed HOWTO located in doc/
directory. I created all tables in radius database using provided .sqlfiles in sql/ dir. Now i have 4 tables in radius database: badusers,mtotacct, totacct, userinfo.When I connect to dialup admin and try to create new user, it gives me
following error:Database query failed: Table
 'radius.radcheck' doesn't exist(after bunch of error messages that some queries and inserts are not valid).I am not good with databases, but AFAIK this means that there is noradcheck table in radius database. Also, if i understand 
admin.confproperly, there is part that sayst following:sql_database: radiussql_accounting_table: radacctsql_badusers_table: baduserssql_check_table: radchecksql_reply_table: radreplysql_user_info_table: userinfo
sql_groupcheck_table: radgroupchecksql_groupreply_table: radgroupreplysql_usergroup_table: usergroupsql_total_accounting_table: totacctsql_nas_table: nasAlso lot of tables mentioned here do not exist.
Did I missed something or ?TIADusanhttp://dj-dule.blogspot.com- List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html
 

Get your email and see which of your friends are online - Right on the 
 new Yahoo.com

-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- With Regards Ali Jawad
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Database query failed: Table 'radius.radcheck' doesn't exist

2006-11-02 Thread John Longland

Title: RE: Database query failed: Table 'radius.radcheck' doesn't exist





Dusan


1. I assume you did run the db_sql_mysql.sql script to create the database schema ??
This will create the majority of the schema. 


2. Did you run the sql-scripts in /usr/local/dialup_admin/sql ?
They are executed in a similar fashion.


Note: In my case , I got error messages when executing some of these scripts.
What I did was to remove the DEFAULT '0' from the scripts that failed.


You execute a script as follows:


First you log into mysql :
mysql -uroot -ppassword


Then you create the database:
CREATE DATABASE radius;


Then execute the script:
mysql -uroot -prootpassword radius  db_sql_mysql.sql


Hope this helps


John


-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of Dusan Djordjevic Liste
Sent: 02 November 2006 12:06
To: freeradius-users@lists.freeradius.org
Subject: Database query failed: Table 'radius.radcheck' doesn't exist



Hi all,


I am trying to install dialup admin. I followed HOWTO located in doc/
directory. I created all tables in radius database using provided .sql
files in sql/ dir. Now i have 4 tables in radius database: badusers,
mtotacct, totacct, userinfo.


When I connect to dialup admin and try to create new user, it gives me
following error:


Database query failed: Table 'radius.radcheck' doesn't exist
(after bunch of error messages that some queries and inserts are not valid).


I am not good with databases, but AFAIK this means that there is no
radcheck table in radius database. Also, if i understand admin.conf
properly, there is part that sayst following:


sql_database: radius
sql_accounting_table: radacct
sql_badusers_table: badusers
sql_check_table: radcheck
sql_reply_table: radreply
sql_user_info_table: userinfo
sql_groupcheck_table: radgroupcheck
sql_groupreply_table: radgroupreply
sql_usergroup_table: usergroup
sql_total_accounting_table: totacct
sql_nas_table: nas


Also lot of tables mentioned here do not exist.


Did I missed something or ?


TIA
Dusan
http://dj-dule.blogspot.com



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FR-1.1.3 on solaris10 strange things

2006-11-02 Thread Alexander Serkin


Hi.
We have strange behaviour on sparc solaris 10 server with fr-1.1.3 
installed:
without any visible reason the radiusd process goes to almost 100% CPU 
usage for 3-5 minutes. Then it comes back to normal state again (less 
than 1% CPU).
Visually the 100% CPU load does not impact the system funcionality - 
there are no problems with authentication/accounting processing.
The server is not hard loaded - there are not more than 2-3 requests per 
second on it.


prstat output reports:

PID USERNAME  SIZE   RSS STATE  PRI NICE  TIME  CPU PROCESS/NLWP
757 radius 93M   10M run 400   0:56:05  99% radiusd/18

and prstat -vm :

PID USERNAME USR SYS TRP TFL DFL LCK SLP LAT VCX ICX SCL SIG PROCESS/NLWP
757 radius   4.5 1.1 0.0 0.0 0.0  93 0.2 1.6  65 315 .24   0 radiusd/18

has anybody seen this? What can be the reason?

Previously it was run on Netra-1120 with solaris 9, the subject appeared 
after moving to netra-240 Sol10:

5.10 Generic sun4u sparc SUNW,Netra-240

--
Alexander
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Database query failed: Table 'radius.radcheck' doesn't exist


Vasea Marii wrote:

radcheck is one of the most important tables in freeradius if working with 
mysql! Is the table where users username, passwors and other data is stored for 
authenticating users when they are connecting!find!
 In you freeradius distribution find mysql.sql file and create the tables that 
are missing! By the way dialup-admin has a lot of bugs! You'll have a lot of 
work:)try  phpmyprepaid!


Thank you very much for response.

I will check phpmyprepaid.

btw. I am trying to sort out solution for VoIP termination, that is why 
I need radius. Can someone recommend me good software for that. It 
should work on Red Hat Enterprise Linux and support freeradius.


TIA

Dusan
http://dj-dule.blogspot.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Limit access to internet by mac using freeradius

Hi Ive got a micro ISP with 50 clients running on pppoe and freeradius
for authenication, each client has a username and password. When a
customer dials through his winbox to create pppoe connection the pppoe
server on the server loads radius.so to do the authenication. What I
want to do now is the following...
I want to authenicate based on mac address and i do not want to use
pppoe anymore..so everybody plugging in a network cable into my switch
will have immediate internet access only if I have registered his mac
address for him previously, otherwise everybody plugging his network
cable into my swithces will have access to my internet connection. I
mean I need something like the mac address filtering used in squid
...where only registered mac address are allowed through the proxy..any
hints suggestions and/or tutorials are welcome.-- With Regards Ali Jawad
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Database query failed: Table 'radius.radcheck' doesn't exist


Ali Jawad wrote:
Well Ive tried dialupadmin..apart from the fact that it might be 
troubleling
to set up...it worked just fine for me..I used it to authenicate ISP 
clients


OK, thanks for advice, I will give it a try.


through pppoe..and to Dusan..as Vasea said...find the .sql file containing
the tables for freeradius and import them using phpmyadmin or the mysql
shell.


Yes, I located it in source and applied it. It seems that everything 
works now. At least I do not have error message any more.


Thank you.

Dusan
http://dj-dule.blogspot.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)

2006-11-02 Thread benodilo

Hi,

My freeradius work fine (freeradius in server 1 + Mysql in server 2). But i have
errors in my logs(see bottom LOGS 1) and all solutions i try don't solve this.
I have :
-Increase the number of sql connections to 10 -- num_sql_socks = 10
-Increase the time to wait before cleaning up a reply -- cleanup_delay = 8
-Verify if the index are in the good collums(charte_valide is as custom for a
php application)  :
Requete:
EXPLAIN SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username =
'ben' AND charte_valide = 'o' ORDER BY id
Result :
++-+--+--++--+-+---+--+-+
| id | select_type | table| type | possible_keys  | key  |
key_len | ref   | rows | Extra   |
++-+--+--++--+-+---+--+-+
|  1 | SIMPLE  | radcheck | ref  | UserName,charte_valide | UserName | 66   
  | const |1 | Using where; Using filesort |
++-+--+--++--+-+---+--+-+

The NAS is a ISA SERVER and the students use a navigator without tab so isa
server send too much querys to freeradius (see bottom LOGS 2)... And I don't
see à otion in ISA server for caching the querys.

What can i try more ?
I have only one Nas in this time and i have used all ideas.
I will add more NAs in the future so this little problem can will be a big
problem...


Your solutions are welcomes !


Best regards.


LOGS 1:


[EMAIL PROTECTED] ~]# cat /var/log/radius/radius.log | grep DB

Wed Nov  1 15:04:59 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Wed Nov  1 19:28:27 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Wed Nov  1 19:28:27 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Wed Nov  1 20:56:27 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Wed Nov  1 20:56:27 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 00:08:01 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 00:08:01 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 02:01:29 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 09:30:32 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 09:30:40 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 09:30:40 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 11:01:09 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 11:01:09 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0
Thu Nov  2 11:02:53 2006 : Info: rlm_sql (sql): There are no DB handles to use!
skipped 0, tried to connect 0






LOGS 2 :


Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1238761472)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1238827008)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1238919533)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1238958080)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239023616)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239089152)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239154688)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239220224)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239416832)
Thu Nov  2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239482368)
Thu Nov  2 11:56:48 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239678976)
Thu Nov  2 11:56:48 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239744512)
Thu Nov  2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239860756)
Thu Nov  2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239906816)
Thu Nov  2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1239941120)
Thu Nov  2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1240006656)
Thu Nov  2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2
 port 1240072192)
- 
List info/subscribe/unsubscribe? See

Two sql queries in counter module

2006-11-02 Thread Bishal


Hello all

 Is it possible to make two queries in sql counter module? like


sqlcounter noresetcounter {
driver = rlm_sqlcounter
counter-name = Max-All-Session-Time
check-name = Max-All-Session
sqlmod-inst = sql
key = User-Name
reset = never
query1=SELECT activedate from radacct where
username='%{%k}'
query = SELECT SUM(AcctSessionTime) FROM
radacct WHERE UserName='%{%k}' AND ActiveDate='$query1'
}

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Database query failed: Table 'radius.radcheck' doesn't exist


1. I assume you did run the db_sql_mysql.sql  script to create the database
schema ??
This will create the majority of the schema. 


2. Did you run the sql-scripts in /usr/local/dialup_admin/sql ?
They are executed in a similar fashion.

Note: In my case , I got error messages when executing some of these
scripts.
What I did was to remove the DEFAULT '0' from the scripts that failed.

You execute a script as follows:

First you log into mysql :
mysql -uroot -ppassword

Then you create the database:
CREATE DATABASE radius;

Then execute the script:
mysql -uroot -prootpassword radius  db_sql_mysql.sql

Hope this helps


I did exactly the same and it helped me. Thank you for very good answer.

Dusan
http://dj-dule.blogspot.com
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Database query failed: Table 'radius.radcheck' doesn't exist

Dear Dusan..
Please note before you proceed to phpmyprepaid that the error is msot
propably related to your freeradius installation not your dialupadmin
installation. Check John's response concerning that matter.On 11/2/06, Dusan Djordjevic Liste [EMAIL PROTECTED]
 wrote:Vasea Marii wrote:
radcheck is one of the most important tables in freeradius if working
with mysql! Is the table where users username, passwors and other data
is stored for authenticating users when they are connecting!find!In
you freeradius distribution find mysql.sql file and create the tables
that are missing! By the way dialup-admin has a lot of bugs! You'll
have a lot of work:)tryphpmyprepaid!Thank you very much for response.I will check phpmyprepaid.btw. I am trying to sort out solution for VoIP termination, that is whyI need radius. Can someone recommend me good software for that. It
should work on Red Hat Enterprise Linux and support freeradius.TIADusanhttp://dj-dule.blogspot.com-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-- With Regards Ali Jawad
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius hangs

2006-11-02 Thread Karthik R

Karthik R [EMAIL PROTECTED] wrote: When I was observing the radius log, i was typing correct username and
 password sometime it says access was denied because username\password invalid on the domain. I didnt see anything going wrong in the log message but i didnt understand why i got the above error message.
 bash3.0#radiusd -X -AWhich doesn't show that access denied message, and doesn't showthe server hanging.I don't understand why posting this debug log would help solve the
problem. It does NOT show the problem, and therefore is NOT useful.Alan DeKok

Alan,

Sorry i missed this part. I mean when i try to connect to remote vpn gateway using MS-VPN dialer interface, on the dialer interface i get this error message ie. access was denied because username\passwordinvalid on the domain. But when i checked the radius log i didnt find anything weird as attached before. Sometimes it hangs in btwauthentication process, so i couldnt caputre the data of it and helpless here.


can you help me now...


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RadSec

2006-11-02 Thread Manuel Sánchez Cuenca


Hello all,

is RadSec implemented in FreeRadius? or it is planned to be done?

Thanks in advance.

--
-
Manuel Sanchez Cuenca
Departamento de Ingenieria de la Informacion y las Comunicaciones
Facultad de Informatica. Universidad de Murcia
Campus de Espinardo - 30080 Murcia (SPAIN)
Tel.: +34-968-364644Fax: +34-968-364151
email: [EMAIL PROTECTED]  |  [EMAIL PROTECTED]
url: http://libra.inf.um.es/~lolo

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeRADIUS on Solaris 10 - x86

2006-11-02 Thread Michael Messner

hey freeRADIUS users,

 next step ... testing freeRADIUS on a Solaris 10 box and I'm completely
new to solaris! :-(
I've started with the configure again but there are so much things missing:

aclocal
autoconf
autoheader
locate
libgdbm
sys/security.h
sys/prctl.h
prot.h
sia.h
siad.h
krb5.h
gawk
mawk
ar
ramlib
strip
argz.h
libldap
dl.h
dld.h
mach-o/dyld.h
gdbm.h
pam/pam_appl.h
oci.h
sql.h

Where can I get all these things, do I need everything?

We are trying to get freeradius working with 802.1x authentication to
Microsoft Active directory with LDAP-groups and huntgroups:

users-example:

DEFAULT LDAP-Group == CN=adminrole,CN=users,DC=isalab,DC=local,
Huntgroup-Name == enterasys, Realm == ISALAB.local
Filter-ID == Enterasys:version=1:mgmt=su:policy=adminrole,
Reply-Message = Welcome %{Stripped-User-Name:-%{User-Name:-None}} in 
the
%{Realm} - Domain, there are no restrictions for you in this network,
Fall-Through = No


I hope someone can help me a bit to find the right way!

thanks mIke


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeRADIUS on Solaris 10 - x86

2006-11-02 Thread Stieven . Struyf


did you install only the solaris core system?
if so you probably need to install some additional
packages.an important directory is /usr/ccs, maybe you need to add it to
your path.
check that SUNWbtool is installed. 
another one are the kerberos packages(SUNWkrbu and/or
SUNWkrbr)
The sun solaris package list can be usefull for you:
http://docs.sun.com/app/docs/doc/817-0545/6mgbberid?a=view


[EMAIL PROTECTED]
wrote on 11/02/2006 03:24:13 PM:

 hey freeRADIUS users,
 
 next step ... testing freeRADIUS on a Solaris 10 box and I'm
completely
 new to solaris! :-(
 I've started with the configure again but there are so much things
missing:
 
 aclocal
 autoconf
 autoheader
 locate
 libgdbm
 sys/security.h
 sys/prctl.h
 prot.h
 sia.h
 siad.h
 krb5.h
 gawk
 mawk
 ar
 ramlib
 strip
 argz.h
 libldap
 dl.h
 dld.h
 mach-o/dyld.h
 gdbm.h
 pam/pam_appl.h
 oci.h
 sql.h
 
 Where can I get all these things, do I need everything?
 
 We are trying to get freeradius working with 802.1x authentication
to
 Microsoft Active directory with LDAP-groups and huntgroups:
 
 users-example:
 
 DEFAULT  LDAP-Group == CN=adminrole,CN=users,DC=isalab,DC=local,
 Huntgroup-Name == enterasys, Realm == ISALAB.local
  Filter-ID == Enterasys:version=1:mgmt=su:policy=adminrole,
  Reply-Message = Welcome %{Stripped-User-Name:-%{User-Name:-None}}
in the
 %{Realm} - Domain, there are no restrictions for you in this network,
  Fall-Through = No
 
 
 I hope someone can help me a bit to find the right way!
 
 thanks mIke
 
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Limit access to internet by mac using freeradius

Ali Jawad [EMAIL PROTECTED] wrote:
 I want to authenicate based on mac address and i do not want to use pppoe
 anymore..so everybody plugging in a network cable into my switch will have
 immediate internet access only if I have registered his mac address for him

  See the switch documentation for how to do port-based authentication
using MAC addresses.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Two sql queries in counter module

Bishal [EMAIL PROTECTED] wrote:
  Is it possible to make two queries in sql counter module? like

  No.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeRADIUS on Solaris 10 - x86

Michael Messner [EMAIL PROTECTED] wrote:
 I've started with the configure again but there are so much things missing:
...

  Very little of that matters.  Did the configure process exit with an
error?  That's all that matters.

  The whole purpose of configure is to discover what you have on your
system.  You won't have everything on your system, so of course it
won't find all sort of things.

  Put /usr/ccs/bin in your path, and there shouldn't be a problem.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Limit access to internet by mac using freeradius

Dear Alan, thanks for your suggestion however the setup is rather small
at 50 users and the switch is not managable..Iam a CCNA nothing
special about that and I wish I had the means to apply the setup on
managable switch using port security however I still care about the
accounting features of radius even if the managable switch was a
feasible solution.On 11/2/06, Alan DeKok [EMAIL PROTECTED] wrote:
Ali Jawad [EMAIL PROTECTED] wrote: I want to authenicate based on mac address and i do not want to use pppoe anymore..so everybody plugging in a network cable into my switch will have
 immediate internet access only if I have registered his mac address for himSee the switch documentation for how to do port-based authenticationusing MAC addresses.Alan DeKok.--
http://deployingradius.com - The web site of the bookhttp://deployingradius.com/blog/ - The blog-List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html-- With Regards Ali Jawad
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RADIUS MAC Authentication

Van Der Westhuizen, Eldridge \(Mr\) \(Summerstrand Campus North\)
[EMAIL PROTECTED] wrote:
 Question: Is it possible to see which mac addresses/usernames got
 access-reject messages? 

  Yes.  It should be in radius.log.

 I did take my mac out of the list and couldn't
 connect, but didn't get any messages in the radpostauth table.  

  That's a table for reading, not for writing.

 Also, i'm not getting any accounting in the accounting table.

  Ask the NAS why it's not sending accounting packets.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius hangs

Karthik R [EMAIL PROTECTED] wrote:
 Sorry i missed this part. I mean when i try to connect to remote vpn gateway
 using MS-VPN dialer interface, on the dialer interface i get this error
 message ie. access was denied because username\password
 invalid on the domain.

  Does the RADIUS server return Access-Accept for that session?  You
still haven't said...

  If the RADIUS server returns Access-Accept, then the problem is that
the NAS (or vpn gateway) doesn't like the response.  Go read its
documentation to see why.

 But when i checked the radius log i didnt find
 anything weird as attached before. Sometimes it hangs in btw authentication
 process, so i couldnt caputre the data of it and helpless here.

  Again, *specifics* matter.  it hangs in btw authentication...
WHAT hangs? FreeRADIUS?  The client?  The NAS?

  I don't understand why you're so resistant to describing your
problem as anything other than it hangs..

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: RadSec

=?ISO-8859-1?Q?Manuel_S=E1nchez_Cuenca?= [EMAIL PROTECTED] wrote:
 is RadSec implemented in FreeRadius? or it is planned to be done?

  It's not implemented in FreeRADIUS.  It may be done in 2.0, if
someone is willing to do the work, or motivate others to do the work.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Limit access to internet by mac using freeradius

Ali Jawad [EMAIL PROTECTED] wrote:
 Dear Alan, thanks for your suggestion however the setup is rather small at
 50 users and the switch is not managable..

  Then you can't do MAC authentication.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Limit access to internet by mac using freeradius

2006-11-02 Thread Zoltan Ori

On Thursday 02 November 2006 05:43, Ali Jawad wrote:
 I need something like
 the mac address filtering used in squid ...where only registered mac
 address are allowed through the proxy..any hints suggestions and/or
 tutorials are welcome.

Use your DHCP server for that.

Zoltan Ori

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius hangs

Karthik R [EMAIL PROTECTED] wrote:
 yes, the RADIUS server returned Access-accept for the session requested from
 NAS. But it again receives the access-request from NAS and sending duplicate
 reply.

  If you had said this at the start, and posted the debug log, you
would have solved the problem a long time ago.

  This is even in the FAQ:

http://wiki.freeradius.org/FAQ#The_NAS_seems_to_ignore_the_reply_of_the_radius_server

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Dialup authentication says it works, but doesn't.

2006-11-02 Thread Ernie Dunbar

We have a Cisco AS5300 for our dialup pool. It is able to log into our new
FreeRadius server and make authentication requests, but users are not able
to authenticate.

It's very strange, because FreeRadius produces logs like this:

Thu Nov  2 11:06:24 2006 : Auth: Login OK: [XX/XX] (from client
dialup port 8)

But the client gets Error 691: Your username or password are incorrect.

I can tell that it's authenticating properly, because when a user gets
their password wrong, I see this instead:

Thu Nov  2 11:02:20 2006 : Auth: Login incorrect: [user1/somepass] (from
client dialup port 13)
Thu Nov  2 11:02:20 2006 : Auth: Login incorrect: [user1/somepass] (from
client dialup port 13)

We're using FreeRadius' mysql support for authentication, and I'm
absolutely positive that part is working fine. It even creates accounting
data in the database.

Something else that might be interesting is what happens when I try to set
up a user in /etc/freeradius/users. The relevent stanza in the users file
is this:

foobar  Auth-Type := Local, User-Password == asdf1234
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Netmask = 255.255.255.0,
Framed-Routing = Broadcast-Listen,
Framed-Filter-Id = std.ppp,
Framed-MTU = 1500,
Framed-Compression = Van-Jacobsen-TCP-IP,
Fall-Through = No

The logs FreeRadius produces say this:

Thu Nov  2 12:09:09 2006 : Auth: Login incorrect (No password configured
for the user): [foobar/asdf1234] (from client dialup port 85)
Thu Nov  2 12:09:09 2006 : Auth: Login incorrect: [foobar/asdf1234] (from
client dialup port 85)
Thu Nov  2 12:09:09 2006 : Auth: Login incorrect (No password configured
for the user): [foobar/asdf1234] (from client dialup port 85)
Thu Nov  2 12:09:09 2006 : Auth: Login incorrect: [foobar/asdf1234] (from
client dialup port 85)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius hangs

2006-11-02 Thread Karthik R

Alan,

yes,the RADIUS server returned Access-accept for the session requested from NAS. But it again receives the access-request from NAS and sending duplicate reply. Does it mean NAS unable to process theresponse receivedfrom Freeradius.Below is the reponse snap where i see access-accept and access-request happened several time at same instant.On the NAS end, its pretty plain configuration (configured radius ip and secret passwd) and no logging is available. The NAS documentation doesnt talk aboutradius error codes. 

Sending Access-Accept of id 219 to 192.168.0.1 port 4754 MS-CHAP2-Success = 0x9f533d4144303343353841384530373345413237304530304341364531383431433344383938383938  MS-MPPE-Recv-Key = 0xdc882e2dfa10109679e37fe4bafba95d
 MS-MPPE-Send-Key = 0xf3e3e6a91f2d6e4b64b8b2e5add4bdad MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 Finished request 12Going to the next request

--- Walking the entire request list ---Waking up in 6 seconds...rad_recv: Access-Request packet from host 192.168.0.1:4754 , id=219, length=151Sending duplicate reply to client dlink:4754 - ID: 219
Re-sending Access-Accept of id 219 to 192.168.0.1 port 4754Waking up in 6 seconds...rad_recv: Access-Request packet from host 192.168.0.1:4754
, id=219, length=151Sending duplicate reply to client dlink:4754 - ID: 219Re-sending Access-Accept of id 219 to 192.168.0.1 port 4754 Waking up in 6 seconds...
so when i have thislog message at radius srv end,at the client dialer interfacei get thiserror message asaccess was denied because username\password invalid on the domain. But am sure the logon credentials are correct.

Also freeradius servicehangs sometime during authentication process whileprocessing request which camefrom NAS box.

sorry about vague reply.

Kartthik
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Need help setting up FreeRadius using PEAP/MSChapV2

2006-11-02 Thread Graham, Robert

A year ago I tried to set up 802.1x on our network using PEAP/MSChapV2 without 
any luck, but wanted to try again so here I am.  I followed the document 
titled, FreeRADIUS Active Directory Integration HOWTO on the FreeRadius Wiki 
site and I am still not able to authenicate against AD.  I hope someone out 
there can provide some assistance and HELP me out.  I have included the debug 
out below.  Any help would GREATLY be appreciated...

[EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -XA
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/eap.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = /usr/local
 main: localstatedir = /usr/local/var
 main: logdir = /usr/local/var/log/radius
 main: libdir = /usr/local/lib
 main: radacctdir = /usr/local/var/log/radius/radacct
 main: hostname_lookups = no
 main: snmp = no
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_file = /usr/local/var/log/radius/radius.log
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = /usr/local/var/run/radiusd/radiusd.pid
 main: user = (null)
 main: group = (null)
 main: usercollide = no
 main: lower_user = no
 main: lower_pass = no
 main: nospace_user = no
 main: nospace_pass = no
 main: checkrad = /usr/local/sbin/checkrad
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 proxy: post_proxy_authorize = no
 proxy: wake_all_if_all_dead = no
 security: max_attributes = 200
 security: reject_delay = 1
 security: status_server = no
 main: debug_level = 0
read_config_files:  reading dictionary
read_config_files:  reading naslist
Using deprecated naslist file.  Support for this will go away soon.
read_config_files:  reading clients
read_config_files:  reading realms
radiusd:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
 exec: wait = yes
 exec: program = (null)
 exec: input_pairs = request
 exec: output_pairs = (null)
 exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
 pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: with_ntdomain_hack = yes
 mschap: passwd = (null)
 mschap: ntlm_auth = /usr/bin/ntlm_auth --request-nt-key 
--domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} 
--challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}
Module: Instantiated mschap (mschap)
Module: Loaded System
 unix: cache = no
 unix: passwd = (null)
 unix: shadow = (null)
 unix: group = (null)
 unix: radwtmp = /usr/local/var/log/radius/radwtmp
 unix: usegroup = no
 unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = peap
 eap: timer_expire = 60
 eap: ignore_unknown_eap_types = no
 eap: cisco_accounting_username_bug = no
 tls: rsa_key_exchange = no
 tls: dh_key_exchange = yes
 tls: rsa_key_length = 512
 tls: dh_key_length = 512
 tls: verify_depth = 0
 tls: CA_path = (null)
 tls: pem_file_type = yes
 tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem
 tls: certificate_file = /usr/local/etc/raddb/certs/cert-srv.pem
 tls: CA_file = /usr/local/etc/raddb/certs/demoCA/cacert.pem
 tls: private_key_password = whatever
 tls: dh_file = /usr/local/etc/raddb/certs/dh
 tls: random_file = /dev/urandom
 tls: fragment_size = 1024
 tls: include_length = yes
 tls: check_crl = no
 tls: check_cert_cn = (null)
 tls: cipher_list = (null)
 tls: check_cert_issuer = (null)
rlm_eap_tls: Loading the certificate file as a chain
rlm_eap: Loaded and initialized type tls
 peap: default_eap_type = mschapv2
 peap: copy_request_to_tunnel = no
 peap: use_tunneled_reply = no
 peap: proxy_tunneled_request_as_eap = yes
rlm_eap: Loaded and initialized type peap
 mschapv2: with_ntdomain_hack = no
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
 preprocess: hints = /usr/local/etc/raddb/hints
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
 preprocess: with_alvarion_vsa_hack = no
Module: Instantiated preprocess

LDAP + AD username length

2006-11-02 Thread duckeo


Is it possible to trim down the length of the username used to query
AD with ldap?

For names longer than 20 characters I am getting rlm_ldap: object not
found or got ambiguous search result returned.

Thanks
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Need help setting up FreeRadius using PEAP/MSChapV2