Re: Multiple input_pairs?
Alan DeKok wrote: Patric [EMAIL PROTECTED] wrote: Is it possible to specify multiple input pairs? No. If you want that functionality, use rlm_perl. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks Alan, will read up on rlm_perl Patric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realm and LDAP authentication
Hi,I wanna to authenticate user by LDAP server.But I have two LDAP servers for different group of users.For example, students or staffs, each has different realm name.Students' realm name is @ stud.test and staffs' realm name is @staf.test.Realm (@stud.test) must pass to LDAP server one to authenticate.And realm (@staff.test) must pass to LDAP server two to authenticate.Does freeradius support this scenario ?? And how to do it ??Thanks.Rio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Database query failed: Table 'radius.radcheck' doesn't exist
Hi all, I am trying to install dialup admin. I followed HOWTO located in doc/ directory. I created all tables in radius database using provided .sql files in sql/ dir. Now i have 4 tables in radius database: badusers, mtotacct, totacct, userinfo. When I connect to dialup admin and try to create new user, it gives me following error: Database query failed: Table 'radius.radcheck' doesn't exist (after bunch of error messages that some queries and inserts are not valid). I am not good with databases, but AFAIK this means that there is no radcheck table in radius database. Also, if i understand admin.conf properly, there is part that sayst following: sql_database: radius sql_accounting_table: radacct sql_badusers_table: badusers sql_check_table: radcheck sql_reply_table: radreply sql_user_info_table: userinfo sql_groupcheck_table: radgroupcheck sql_groupreply_table: radgroupreply sql_usergroup_table: usergroup sql_total_accounting_table: totacct sql_nas_table: nas Also lot of tables mentioned here do not exist. Did I missed something or ? TIA Dusan http://dj-dule.blogspot.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database query failed: Table 'radius.radcheck' doesn't exist
radcheck is one of the most important tables in freeradius if working with mysql! Is the table where users username, passwors and other data is stored for authenticating users when they are connecting!find! In you freeradius distribution find mysql.sql file and create the tables that are missing! By the way dialup-admin has a lot of bugs! You'll have a lot of work:)try phpmyprepaid!Dusan Djordjevic Liste [EMAIL PROTECTED] wrote: Hi all,I am trying to install dialup admin. I followed HOWTO located in doc/directory. I created all tables in radius database using provided .sqlfiles in sql/ dir. Now i have 4 tables in radius database: badusers,mtotacct, totacct, userinfo.When I connect to dialup admin and try to create new user, it gives mefollowing error:Database query failed: Table 'radius.radcheck' doesn't exist(after bunch of error messages that some queries and inserts are not valid).I am not good with databases, but AFAIK this means that there is noradcheck table in radius database. Also, if i understand admin.confproperly, there is part that sayst following:sql_database: radiussql_accounting_table: radacctsql_badusers_table: baduserssql_check_table: radchecksql_reply_table: radreplysql_user_info_table: userinfosql_groupcheck_table: radgroupchecksql_groupreply_table: radgroupreplysql_usergroup_table: usergroupsql_total_accounting_table: totacctsql_nas_table: nasAlso lot of tables mentioned here do not exist.Did I missed something or ?TIADusanhttp://dj-dule.blogspot.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Get your email and see which of your friends are online - Right on the new Yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database query failed: Table 'radius.radcheck' doesn't exist
Please note that you have to use the .sql files provided for the freeradiues server and for dialupadminOn 11/2/06, Dusan Djordjevic Liste [EMAIL PROTECTED] wrote:Hi all,I am trying to install dialup admin. I followed HOWTO located in doc/ directory. I created all tables in radius database using provided .sqlfiles in sql/ dir. Now i have 4 tables in radius database: badusers,mtotacct, totacct, userinfo.When I connect to dialup admin and try to create new user, it gives me following error:Database query failed: Table 'radius.radcheck' doesn't exist(after bunch of error messages that some queries and inserts are not valid).I am not good with databases, but AFAIK this means that there is no radcheck table in radius database. Also, if i understand admin.confproperly, there is part that sayst following:sql_database: radiussql_accounting_table: radacctsql_badusers_table: baduserssql_check_table: radcheck sql_reply_table: radreplysql_user_info_table: userinfosql_groupcheck_table: radgroupchecksql_groupreply_table: radgroupreplysql_usergroup_table: usergroupsql_total_accounting_table: totacctsql_nas_table: nas Also lot of tables mentioned here do not exist.Did I missed something or ?TIADusanhttp://dj-dule.blogspot.com-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- With Regards Ali Jawad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database query failed: Table 'radius.radcheck' doesn't exist
Well Ive tried dialupadmin..apart from the fact that it might be troubleling to set up...it worked just fine for me..I used it to authenicate ISP clients through pppoe..and to Dusan..as Vasea said...find the .sql file containing the tables for freeradius and import them using phpmyadmin or the mysql shell.On 11/2/06, Vasea Marii [EMAIL PROTECTED] wrote: radcheck is one of the most important tables in freeradius if working with mysql! Is the table where users username, passwors and other data is stored for authenticating users when they are connecting!find! In you freeradius distribution find mysql.sql file and create the tables that are missing! By the way dialup-admin has a lot of bugs! You'll have a lot of work:)try phpmyprepaid!Dusan Djordjevic Liste [EMAIL PROTECTED] wrote: Hi all,I am trying to install dialup admin. I followed HOWTO located in doc/ directory. I created all tables in radius database using provided .sqlfiles in sql/ dir. Now i have 4 tables in radius database: badusers,mtotacct, totacct, userinfo.When I connect to dialup admin and try to create new user, it gives me following error:Database query failed: Table 'radius.radcheck' doesn't exist(after bunch of error messages that some queries and inserts are not valid).I am not good with databases, but AFAIK this means that there is noradcheck table in radius database. Also, if i understand admin.confproperly, there is part that sayst following:sql_database: radiussql_accounting_table: radacctsql_badusers_table: baduserssql_check_table: radchecksql_reply_table: radreplysql_user_info_table: userinfo sql_groupcheck_table: radgroupchecksql_groupreply_table: radgroupreplysql_usergroup_table: usergroupsql_total_accounting_table: totacctsql_nas_table: nasAlso lot of tables mentioned here do not exist. Did I missed something or ?TIADusanhttp://dj-dule.blogspot.com- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Get your email and see which of your friends are online - Right on the new Yahoo.com -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- With Regards Ali Jawad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Database query failed: Table 'radius.radcheck' doesn't exist
Title: RE: Database query failed: Table 'radius.radcheck' doesn't exist Dusan 1. I assume you did run the db_sql_mysql.sql script to create the database schema ?? This will create the majority of the schema. 2. Did you run the sql-scripts in /usr/local/dialup_admin/sql ? They are executed in a similar fashion. Note: In my case , I got error messages when executing some of these scripts. What I did was to remove the DEFAULT '0' from the scripts that failed. You execute a script as follows: First you log into mysql : mysql -uroot -ppassword Then you create the database: CREATE DATABASE radius; Then execute the script: mysql -uroot -prootpassword radius db_sql_mysql.sql Hope this helps John -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]. org]On Behalf Of Dusan Djordjevic Liste Sent: 02 November 2006 12:06 To: freeradius-users@lists.freeradius.org Subject: Database query failed: Table 'radius.radcheck' doesn't exist Hi all, I am trying to install dialup admin. I followed HOWTO located in doc/ directory. I created all tables in radius database using provided .sql files in sql/ dir. Now i have 4 tables in radius database: badusers, mtotacct, totacct, userinfo. When I connect to dialup admin and try to create new user, it gives me following error: Database query failed: Table 'radius.radcheck' doesn't exist (after bunch of error messages that some queries and inserts are not valid). I am not good with databases, but AFAIK this means that there is no radcheck table in radius database. Also, if i understand admin.conf properly, there is part that sayst following: sql_database: radius sql_accounting_table: radacct sql_badusers_table: badusers sql_check_table: radcheck sql_reply_table: radreply sql_user_info_table: userinfo sql_groupcheck_table: radgroupcheck sql_groupreply_table: radgroupreply sql_usergroup_table: usergroup sql_total_accounting_table: totacct sql_nas_table: nas Also lot of tables mentioned here do not exist. Did I missed something or ? TIA Dusan http://dj-dule.blogspot.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FR-1.1.3 on solaris10 strange things
Hi. We have strange behaviour on sparc solaris 10 server with fr-1.1.3 installed: without any visible reason the radiusd process goes to almost 100% CPU usage for 3-5 minutes. Then it comes back to normal state again (less than 1% CPU). Visually the 100% CPU load does not impact the system funcionality - there are no problems with authentication/accounting processing. The server is not hard loaded - there are not more than 2-3 requests per second on it. prstat output reports: PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP 757 radius 93M 10M run 400 0:56:05 99% radiusd/18 and prstat -vm : PID USERNAME USR SYS TRP TFL DFL LCK SLP LAT VCX ICX SCL SIG PROCESS/NLWP 757 radius 4.5 1.1 0.0 0.0 0.0 93 0.2 1.6 65 315 .24 0 radiusd/18 has anybody seen this? What can be the reason? Previously it was run on Netra-1120 with solaris 9, the subject appeared after moving to netra-240 Sol10: 5.10 Generic sun4u sparc SUNW,Netra-240 -- Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database query failed: Table 'radius.radcheck' doesn't exist
Vasea Marii wrote: radcheck is one of the most important tables in freeradius if working with mysql! Is the table where users username, passwors and other data is stored for authenticating users when they are connecting!find! In you freeradius distribution find mysql.sql file and create the tables that are missing! By the way dialup-admin has a lot of bugs! You'll have a lot of work:)try phpmyprepaid! Thank you very much for response. I will check phpmyprepaid. btw. I am trying to sort out solution for VoIP termination, that is why I need radius. Can someone recommend me good software for that. It should work on Red Hat Enterprise Linux and support freeradius. TIA Dusan http://dj-dule.blogspot.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Limit access to internet by mac using freeradius
Hi Ive got a micro ISP with 50 clients running on pppoe and freeradius for authenication, each client has a username and password. When a customer dials through his winbox to create pppoe connection the pppoe server on the server loads radius.so to do the authenication. What I want to do now is the following... I want to authenicate based on mac address and i do not want to use pppoe anymore..so everybody plugging in a network cable into my switch will have immediate internet access only if I have registered his mac address for him previously, otherwise everybody plugging his network cable into my swithces will have access to my internet connection. I mean I need something like the mac address filtering used in squid ...where only registered mac address are allowed through the proxy..any hints suggestions and/or tutorials are welcome.-- With Regards Ali Jawad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database query failed: Table 'radius.radcheck' doesn't exist
Ali Jawad wrote: Well Ive tried dialupadmin..apart from the fact that it might be troubleling to set up...it worked just fine for me..I used it to authenicate ISP clients OK, thanks for advice, I will give it a try. through pppoe..and to Dusan..as Vasea said...find the .sql file containing the tables for freeradius and import them using phpmyadmin or the mysql shell. Yes, I located it in source and applied it. It seems that everything works now. At least I do not have error message any more. Thank you. Dusan http://dj-dule.blogspot.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hi, My freeradius work fine (freeradius in server 1 + Mysql in server 2). But i have errors in my logs(see bottom LOGS 1) and all solutions i try don't solve this. I have : -Increase the number of sql connections to 10 -- num_sql_socks = 10 -Increase the time to wait before cleaning up a reply -- cleanup_delay = 8 -Verify if the index are in the good collums(charte_valide is as custom for a php application) : Requete: EXPLAIN SELECT id, UserName, Attribute, Value, op FROM radcheck WHERE Username = 'ben' AND charte_valide = 'o' ORDER BY id Result : ++-+--+--++--+-+---+--+-+ | id | select_type | table| type | possible_keys | key | key_len | ref | rows | Extra | ++-+--+--++--+-+---+--+-+ | 1 | SIMPLE | radcheck | ref | UserName,charte_valide | UserName | 66 | const |1 | Using where; Using filesort | ++-+--+--++--+-+---+--+-+ The NAS is a ISA SERVER and the students use a navigator without tab so isa server send too much querys to freeradius (see bottom LOGS 2)... And I don't see à otion in ISA server for caching the querys. What can i try more ? I have only one Nas in this time and i have used all ideas. I will add more NAs in the future so this little problem can will be a big problem... Your solutions are welcomes ! Best regards. LOGS 1: [EMAIL PROTECTED] ~]# cat /var/log/radius/radius.log | grep DB Wed Nov 1 15:04:59 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Wed Nov 1 19:28:27 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Wed Nov 1 19:28:27 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Wed Nov 1 20:56:27 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Wed Nov 1 20:56:27 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 00:08:01 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 00:08:01 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 02:01:29 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 09:30:32 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 09:30:40 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 09:30:40 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 11:01:09 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 11:01:09 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 Thu Nov 2 11:02:53 2006 : Info: rlm_sql (sql): There are no DB handles to use! skipped 0, tried to connect 0 LOGS 2 : Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1238761472) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1238827008) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1238919533) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1238958080) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239023616) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239089152) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239154688) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239220224) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239416832) Thu Nov 2 11:56:47 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239482368) Thu Nov 2 11:56:48 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239678976) Thu Nov 2 11:56:48 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239744512) Thu Nov 2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239860756) Thu Nov 2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239906816) Thu Nov 2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1239941120) Thu Nov 2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1240006656) Thu Nov 2 11:56:49 2006 : Auth: Login OK: [reda.achour] (from client isaserver2 port 1240072192) - List info/subscribe/unsubscribe? See
Two sql queries in counter module
Hello all Is it possible to make two queries in sql counter module? like sqlcounter noresetcounter { driver = rlm_sqlcounter counter-name = Max-All-Session-Time check-name = Max-All-Session sqlmod-inst = sql key = User-Name reset = never query1=SELECT activedate from radacct where username='%{%k}' query = SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND ActiveDate='$query1' } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database query failed: Table 'radius.radcheck' doesn't exist
1. I assume you did run the db_sql_mysql.sql script to create the database schema ?? This will create the majority of the schema. 2. Did you run the sql-scripts in /usr/local/dialup_admin/sql ? They are executed in a similar fashion. Note: In my case , I got error messages when executing some of these scripts. What I did was to remove the DEFAULT '0' from the scripts that failed. You execute a script as follows: First you log into mysql : mysql -uroot -ppassword Then you create the database: CREATE DATABASE radius; Then execute the script: mysql -uroot -prootpassword radius db_sql_mysql.sql Hope this helps I did exactly the same and it helped me. Thank you for very good answer. Dusan http://dj-dule.blogspot.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Database query failed: Table 'radius.radcheck' doesn't exist
Dear Dusan.. Please note before you proceed to phpmyprepaid that the error is msot propably related to your freeradius installation not your dialupadmin installation. Check John's response concerning that matter.On 11/2/06, Dusan Djordjevic Liste [EMAIL PROTECTED] wrote:Vasea Marii wrote: radcheck is one of the most important tables in freeradius if working with mysql! Is the table where users username, passwors and other data is stored for authenticating users when they are connecting!find!In you freeradius distribution find mysql.sql file and create the tables that are missing! By the way dialup-admin has a lot of bugs! You'll have a lot of work:)tryphpmyprepaid!Thank you very much for response.I will check phpmyprepaid.btw. I am trying to sort out solution for VoIP termination, that is whyI need radius. Can someone recommend me good software for that. It should work on Red Hat Enterprise Linux and support freeradius.TIADusanhttp://dj-dule.blogspot.com-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- With Regards Ali Jawad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: When I was observing the radius log, i was typing correct username and password sometime it says access was denied because username\password invalid on the domain. I didnt see anything going wrong in the log message but i didnt understand why i got the above error message. bash3.0#radiusd -X -AWhich doesn't show that access denied message, and doesn't showthe server hanging.I don't understand why posting this debug log would help solve the problem. It does NOT show the problem, and therefore is NOT useful.Alan DeKok Alan, Sorry i missed this part. I mean when i try to connect to remote vpn gateway using MS-VPN dialer interface, on the dialer interface i get this error message ie. access was denied because username\passwordinvalid on the domain. But when i checked the radius log i didnt find anything weird as attached before. Sometimes it hangs in btwauthentication process, so i couldnt caputre the data of it and helpless here. can you help me now... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RadSec
Hello all, is RadSec implemented in FreeRadius? or it is planned to be done? Thanks in advance. -- - Manuel Sanchez Cuenca Departamento de Ingenieria de la Informacion y las Comunicaciones Facultad de Informatica. Universidad de Murcia Campus de Espinardo - 30080 Murcia (SPAIN) Tel.: +34-968-364644Fax: +34-968-364151 email: [EMAIL PROTECTED] | [EMAIL PROTECTED] url: http://libra.inf.um.es/~lolo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeRADIUS on Solaris 10 - x86
hey freeRADIUS users, next step ... testing freeRADIUS on a Solaris 10 box and I'm completely new to solaris! :-( I've started with the configure again but there are so much things missing: aclocal autoconf autoheader locate libgdbm sys/security.h sys/prctl.h prot.h sia.h siad.h krb5.h gawk mawk ar ramlib strip argz.h libldap dl.h dld.h mach-o/dyld.h gdbm.h pam/pam_appl.h oci.h sql.h Where can I get all these things, do I need everything? We are trying to get freeradius working with 802.1x authentication to Microsoft Active directory with LDAP-groups and huntgroups: users-example: DEFAULT LDAP-Group == CN=adminrole,CN=users,DC=isalab,DC=local, Huntgroup-Name == enterasys, Realm == ISALAB.local Filter-ID == Enterasys:version=1:mgmt=su:policy=adminrole, Reply-Message = Welcome %{Stripped-User-Name:-%{User-Name:-None}} in the %{Realm} - Domain, there are no restrictions for you in this network, Fall-Through = No I hope someone can help me a bit to find the right way! thanks mIke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS on Solaris 10 - x86
did you install only the solaris core system? if so you probably need to install some additional packages.an important directory is /usr/ccs, maybe you need to add it to your path. check that SUNWbtool is installed. another one are the kerberos packages(SUNWkrbu and/or SUNWkrbr) The sun solaris package list can be usefull for you: http://docs.sun.com/app/docs/doc/817-0545/6mgbberid?a=view [EMAIL PROTECTED] wrote on 11/02/2006 03:24:13 PM: hey freeRADIUS users, next step ... testing freeRADIUS on a Solaris 10 box and I'm completely new to solaris! :-( I've started with the configure again but there are so much things missing: aclocal autoconf autoheader locate libgdbm sys/security.h sys/prctl.h prot.h sia.h siad.h krb5.h gawk mawk ar ramlib strip argz.h libldap dl.h dld.h mach-o/dyld.h gdbm.h pam/pam_appl.h oci.h sql.h Where can I get all these things, do I need everything? We are trying to get freeradius working with 802.1x authentication to Microsoft Active directory with LDAP-groups and huntgroups: users-example: DEFAULT LDAP-Group == CN=adminrole,CN=users,DC=isalab,DC=local, Huntgroup-Name == enterasys, Realm == ISALAB.local Filter-ID == Enterasys:version=1:mgmt=su:policy=adminrole, Reply-Message = Welcome %{Stripped-User-Name:-%{User-Name:-None}} in the %{Realm} - Domain, there are no restrictions for you in this network, Fall-Through = No I hope someone can help me a bit to find the right way! thanks mIke - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit access to internet by mac using freeradius
Ali Jawad [EMAIL PROTECTED] wrote: I want to authenicate based on mac address and i do not want to use pppoe anymore..so everybody plugging in a network cable into my switch will have immediate internet access only if I have registered his mac address for him See the switch documentation for how to do port-based authentication using MAC addresses. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Two sql queries in counter module
Bishal [EMAIL PROTECTED] wrote: Is it possible to make two queries in sql counter module? like No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS on Solaris 10 - x86
Michael Messner [EMAIL PROTECTED] wrote: I've started with the configure again but there are so much things missing: ... Very little of that matters. Did the configure process exit with an error? That's all that matters. The whole purpose of configure is to discover what you have on your system. You won't have everything on your system, so of course it won't find all sort of things. Put /usr/ccs/bin in your path, and there shouldn't be a problem. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit access to internet by mac using freeradius
Dear Alan, thanks for your suggestion however the setup is rather small at 50 users and the switch is not managable..Iam a CCNA nothing special about that and I wish I had the means to apply the setup on managable switch using port security however I still care about the accounting features of radius even if the managable switch was a feasible solution.On 11/2/06, Alan DeKok [EMAIL PROTECTED] wrote: Ali Jawad [EMAIL PROTECTED] wrote: I want to authenicate based on mac address and i do not want to use pppoe anymore..so everybody plugging in a network cable into my switch will have immediate internet access only if I have registered his mac address for himSee the switch documentation for how to do port-based authenticationusing MAC addresses.Alan DeKok.-- http://deployingradius.com - The web site of the bookhttp://deployingradius.com/blog/ - The blog-List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-- With Regards Ali Jawad - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RADIUS MAC Authentication
Van Der Westhuizen, Eldridge \(Mr\) \(Summerstrand Campus North\) [EMAIL PROTECTED] wrote: Question: Is it possible to see which mac addresses/usernames got access-reject messages? Yes. It should be in radius.log. I did take my mac out of the list and couldn't connect, but didn't get any messages in the radpostauth table. That's a table for reading, not for writing. Also, i'm not getting any accounting in the accounting table. Ask the NAS why it's not sending accounting packets. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: Sorry i missed this part. I mean when i try to connect to remote vpn gateway using MS-VPN dialer interface, on the dialer interface i get this error message ie. access was denied because username\password invalid on the domain. Does the RADIUS server return Access-Accept for that session? You still haven't said... If the RADIUS server returns Access-Accept, then the problem is that the NAS (or vpn gateway) doesn't like the response. Go read its documentation to see why. But when i checked the radius log i didnt find anything weird as attached before. Sometimes it hangs in btw authentication process, so i couldnt caputre the data of it and helpless here. Again, *specifics* matter. it hangs in btw authentication... WHAT hangs? FreeRADIUS? The client? The NAS? I don't understand why you're so resistant to describing your problem as anything other than it hangs.. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RadSec
=?ISO-8859-1?Q?Manuel_S=E1nchez_Cuenca?= [EMAIL PROTECTED] wrote: is RadSec implemented in FreeRadius? or it is planned to be done? It's not implemented in FreeRADIUS. It may be done in 2.0, if someone is willing to do the work, or motivate others to do the work. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit access to internet by mac using freeradius
Ali Jawad [EMAIL PROTECTED] wrote: Dear Alan, thanks for your suggestion however the setup is rather small at 50 users and the switch is not managable.. Then you can't do MAC authentication. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Limit access to internet by mac using freeradius
On Thursday 02 November 2006 05:43, Ali Jawad wrote: I need something like the mac address filtering used in squid ...where only registered mac address are allowed through the proxy..any hints suggestions and/or tutorials are welcome. Use your DHCP server for that. Zoltan Ori - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Karthik R [EMAIL PROTECTED] wrote: yes, the RADIUS server returned Access-accept for the session requested from NAS. But it again receives the access-request from NAS and sending duplicate reply. If you had said this at the start, and posted the debug log, you would have solved the problem a long time ago. This is even in the FAQ: http://wiki.freeradius.org/FAQ#The_NAS_seems_to_ignore_the_reply_of_the_radius_server Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup authentication says it works, but doesn't.
We have a Cisco AS5300 for our dialup pool. It is able to log into our new FreeRadius server and make authentication requests, but users are not able to authenticate. It's very strange, because FreeRadius produces logs like this: Thu Nov 2 11:06:24 2006 : Auth: Login OK: [XX/XX] (from client dialup port 8) But the client gets Error 691: Your username or password are incorrect. I can tell that it's authenticating properly, because when a user gets their password wrong, I see this instead: Thu Nov 2 11:02:20 2006 : Auth: Login incorrect: [user1/somepass] (from client dialup port 13) Thu Nov 2 11:02:20 2006 : Auth: Login incorrect: [user1/somepass] (from client dialup port 13) We're using FreeRadius' mysql support for authentication, and I'm absolutely positive that part is working fine. It even creates accounting data in the database. Something else that might be interesting is what happens when I try to set up a user in /etc/freeradius/users. The relevent stanza in the users file is this: foobar Auth-Type := Local, User-Password == asdf1234 Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Netmask = 255.255.255.0, Framed-Routing = Broadcast-Listen, Framed-Filter-Id = std.ppp, Framed-MTU = 1500, Framed-Compression = Van-Jacobsen-TCP-IP, Fall-Through = No The logs FreeRadius produces say this: Thu Nov 2 12:09:09 2006 : Auth: Login incorrect (No password configured for the user): [foobar/asdf1234] (from client dialup port 85) Thu Nov 2 12:09:09 2006 : Auth: Login incorrect: [foobar/asdf1234] (from client dialup port 85) Thu Nov 2 12:09:09 2006 : Auth: Login incorrect (No password configured for the user): [foobar/asdf1234] (from client dialup port 85) Thu Nov 2 12:09:09 2006 : Auth: Login incorrect: [foobar/asdf1234] (from client dialup port 85) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius hangs
Alan, yes,the RADIUS server returned Access-accept for the session requested from NAS. But it again receives the access-request from NAS and sending duplicate reply. Does it mean NAS unable to process theresponse receivedfrom Freeradius.Below is the reponse snap where i see access-accept and access-request happened several time at same instant.On the NAS end, its pretty plain configuration (configured radius ip and secret passwd) and no logging is available. The NAS documentation doesnt talk aboutradius error codes. Sending Access-Accept of id 219 to 192.168.0.1 port 4754 MS-CHAP2-Success = 0x9f533d4144303343353841384530373345413237304530304341364531383431433344383938383938 MS-MPPE-Recv-Key = 0xdc882e2dfa10109679e37fe4bafba95d MS-MPPE-Send-Key = 0xf3e3e6a91f2d6e4b64b8b2e5add4bdad MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 Finished request 12Going to the next request --- Walking the entire request list ---Waking up in 6 seconds...rad_recv: Access-Request packet from host 192.168.0.1:4754 , id=219, length=151Sending duplicate reply to client dlink:4754 - ID: 219 Re-sending Access-Accept of id 219 to 192.168.0.1 port 4754Waking up in 6 seconds...rad_recv: Access-Request packet from host 192.168.0.1:4754 , id=219, length=151Sending duplicate reply to client dlink:4754 - ID: 219Re-sending Access-Accept of id 219 to 192.168.0.1 port 4754 Waking up in 6 seconds... so when i have thislog message at radius srv end,at the client dialer interfacei get thiserror message asaccess was denied because username\password invalid on the domain. But am sure the logon credentials are correct. Also freeradius servicehangs sometime during authentication process whileprocessing request which camefrom NAS box. sorry about vague reply. Kartthik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help setting up FreeRadius using PEAP/MSChapV2
A year ago I tried to set up 802.1x on our network using PEAP/MSChapV2 without any luck, but wanted to try again so here I am. I followed the document titled, FreeRADIUS Active Directory Integration HOWTO on the FreeRadius Wiki site and I am still not able to authenicate against AD. I hope someone out there can provide some assistance and HELP me out. I have included the debug out below. Any help would GREATLY be appreciated... [EMAIL PROTECTED] raddb]# /usr/local/sbin/radiusd -XA Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = yes mschap: passwd = (null) mschap: ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --domain=%{mschap:NT-Domain} --username=%{mschap:User-Name} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00} Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /usr/local/var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = peap eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = (null) tls: pem_file_type = yes tls: private_key_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: certificate_file = /usr/local/etc/raddb/certs/cert-srv.pem tls: CA_file = /usr/local/etc/raddb/certs/demoCA/cacert.pem tls: private_key_password = whatever tls: dh_file = /usr/local/etc/raddb/certs/dh tls: random_file = /dev/urandom tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = (null) tls: cipher_list = (null) tls: check_cert_issuer = (null) rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls peap: default_eap_type = mschapv2 peap: copy_request_to_tunnel = no peap: use_tunneled_reply = no peap: proxy_tunneled_request_as_eap = yes rlm_eap: Loaded and initialized type peap mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no preprocess: with_alvarion_vsa_hack = no Module: Instantiated preprocess
LDAP + AD username length
Is it possible to trim down the length of the username used to query AD with ldap? For names longer than 20 characters I am getting rlm_ldap: object not found or got ambiguous search result returned. Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help setting up FreeRadius using PEAP/MSChapV2
Graham, Robert [EMAIL PROTECTED] wrote: A year ago I tried to set up 802.1x on our network using PEAP/MSChapV2 without any luck, but wanted to try again so here I am. I followed the document titled, FreeRADIUS Active Directory Integration HOWTO on the FreeRadius Wiki site and I am still not able to authenicate against AD. I hope someone out there can provide some assistance and HELP me out. I have included the debug out below. Any help would GREATLY be appreciated... ... Access-Challenge, with no response from the Windows box: http://wiki.freeradius.org/FAQ#PEAP_Doesn.27t_Work Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeRADIUS on Solaris 10 - x86
-Original Message- Date: Thu, 2 Nov 2006 15:24:13 +0100 (CET) From: Michael Messner [EMAIL PROTECTED] Subject: freeRADIUS on Solaris 10 - x86 To: freeradius-users@lists.freeradius.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 hey freeRADIUS users, next step ... testing freeRADIUS on a Solaris 10 box and I'm completely new to solaris! :-( I've started with the configure again but there are so much things missing: snip... thanks mIke -- Hello Mike, Seeing as you are new to Solaris I'd say you can save yourself a lot of time and hard work by re-installing your x86 server with a standard Linux distribution. Even if you've never touched Linux before most distributions will have all the necessary prerequisites installed and if you choose to do so you won't even need to compile freeradius, you can install the vendor-supplied package for freeradius. Of course, YMMV, but I grew up with Solaris (and enjoyed it) but these days it's just simply a pain to install many free/open source packages on Solaris. Save yourself the trouble and go with Linux. Seeing as you are from Austria I suspect Suse will be your best option as you will probably find most local support around that distribution. Viele grüsse, Johannes - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html