Re: bitrary dynamic Nas-Port
Dear Peter, after many debug i find that NASA not even send Calling-Station-Id so now i have access in that NAS which is Cisco router 72006 VXR but it's not send unique NAS or Calling-Station-Id so can you pleas give example of how the configuration in router have to be sorry as i am not Cisco expert. or can i use value that not depend in what nas send for example just username which is unique. thanks - Be a PS3 game guru. Get your game face on with the latest PS3 news and previews at Yahoo! Games.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bitrary dynamic Nas-Port
On Thu 08 Mar 2007 10:38, MSamir wrote: Dear Peter, after many debug i find that NASA not even send Calling-Station-Id so now i have access in that NAS which is Cisco router 72006 VXR but it's not send unique NAS or Calling-Station-Id so can you pleas give example of how the configuration in router have to be sorry as i am not Cisco expert. or can i use value that not depend in what nas send for example just username which is unique. Yes. As you can clearly see in sqlippool.conf: ## Attribute which should be considered unique per NAS ## Using NAS-Port gives behaviour similar to rlm_ippool. Calling-Station-Id is for NAS that send fixed NAS-Port pool-key = %{NAS-Port} # pool-key = %{Calling-Station-Id} There is also further documentation in the wiki.. Cheers -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Q perl-interface documentation?
Jochen Schäfer wrote: could you please explain how to obtain the radius variables? As I said: src/modules/rlm_perl/example.pl This is documented. Please read the documentation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SIP/RADIUS/Kerberos authentication
John T. Guthrie wrote: I am trying to set up an Asterisk SIP server. I would like this server to be able to authenticate against our RADIUS server. However, the RADIUS server authenticates against our Kerberos server by default. Is there any way to make this work given that most SIP clients seem to use the digest authentication method? No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius User session is open but user not login
Thanks for ans means u say simultaneous-use not useing from SQL and use radcheck in session module but when i user radcheck my simultaneous-use not working users can login multiple can u exaplain me where i chenge in configuration file i am useing freeradius + mssql # Session database, used for checking Simultaneous-Use. Either the radutmp # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { #radutmp # # See Simultaneous Use Checking Querie in sql.conf sql } my NAS type is other not cisco caz when i set it cisco use can login multiple time... can u give me brife idea [EMAIL PROTECTED] wrote: If you don't need those stale entries just delete them. If you have them because users logged off while your servers were down then you can close them seting values in AcctStopTime (and AcctSessionTime if you want to do accounting with them). Once you clean this up it shouldn't happen any more. You should ste nastype to cisco and checkrad will delete all stale entries if it finds them when checking Simultaneous-Use. Ivan Kalik Kalik Informatika ISP Dana 7/3/2007, satish patel pi¹e: Dear I have faceing this problem since log time i have cisco VPDN and user login on cisco and authenticate from freeradius-1.1.4 i have configure simultenous-use attribute for multilogin privention but some time when user session open in radius databases ( i am useing MSSQL ) then user try for login and he / she got error regarding already login and authentication deny also i have set Idle-Timeout = 600 but still face same problem how to crear opened session in mssql database ??? $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Here#65533;s a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
OATH Support?
Hi, is there OATH Support in freeradius to use tokens like http://www.aladdin.com/etoken/otp.asp?lid=eToken_OTPlpos=products_menu#NG-OTP ? Are there any other supported OTP tokens? I read somewhere that Cryptocard is supported; but i never could get it to work nor find the tools to extract the DES key from the *.tok file Regards, Andreas _ Find the coolest online games @ http://xtramsn.co.nz/gaming - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius doesn't start up correct
Hi, #ps aux | grep radiusd root 17622 89.6 0.0 4388 2248 pts/1R+ 02:38 0:02 radiusd # netstat -nlp udp 1580 0 0.0.0.0:18120.0.0.0:*7579/radiusd udp0 0 0.0.0.0:18130.0.0.0:*7579/radiusd That Local IP 0.0.0.0 can't be a good sign, right?! No, that's fine. [...] Thanks, didn't know that. But then I really not understand why it does not answer to any requests. Process is running but no responses to radiustest and no entries in the log. Problem ist it runs on UDP so I can't just try with telnet. Actually: /etc/services does define it should also run on 1812/TCP, and radiusd.conf says port = 0 so it really should do as /etc/services says, but it doesn't: no TCP. Little experiment: deleting the line radiusd1812/udp in /etc/services and setting port = 1812/tcp in radiusd.conf and starting by giving definitely the right config dir: # radiusd -d /usr/local/etc/raddb and... - still: netstat -nlp: udp 0 0 0.0.0.0:18120.0.0.0:* 16289/radiusd Now how on earth ist this possible? Could it be radtest tries only on tcp? Please tell me: When you start radiusd, is it supposed to display more than this: # radiusd Thu Mar 8 15:17:28 2007 : Info: Starting - reading configuration files ... or is this all I should get? Is there some other possibility how I could test it wether it's running correctly? Thank you so much for all your help, jan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius simultenoues-use error
Dear all i fedup from this problem i dont know how to resolve it no one help me out from this problem i have freradius-1.1.4 + MSSQL setup user databases and accouting done by mssql and my NAS is cisco router with VPDN configuration but i have faceing some problem since last week suposse one user login in to cisco router and he/she accouting start on MSSQL server i am useting simultenouse-use feature in SQL example radacct tables User AcctStartTimeAcctStopTime abc 08/03/2007:01:30 1/1/1900 Now user can access internet and anything everything going fine but after when i stop radiusd proccess and start it my user disconnected and he/she try for login in to cisco VPDN he/she got error access deny and i got some log multiple user login Thu Mar 8 20:12:05 2007 : Auth: Multiple logins (max 1) : [mlpm484/CHAP-Password] (from client cisco port 974) Thu Mar 8 20:12:08 2007 : Auth: Multiple logins (max 1) : [mlpm629/CHAP-Password] (from client cisco port ) Thu Mar 8 20:12:10 2007 : Auth: Multiple logins (max 1) : [mlpm484/CHAP-Password] (from client cisco port 460) Thu Mar 8 20:12:14 2007 : Auth: Multiple logins (max 1) : SomeThing like this it means in MSSQL AcctStopTime there is i still user login means that entry is not still clear thats why i got error 'Multiple logins (max 1)' in my client.conf file NAStype is other caz when i user cisco nastype my Simulteneous-use not working ?? so i thing this detail enough for help plz tell me right suggesstion if i am wrong $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radiusd can't close user open session in sql
dear all i have some problem i have configured simulteneous-use attributes in sql but some time network disconnect or any problem user got disconnect but his session still open in sql databases so that next time when he try he got error your are still login means simulteneous-use attribute not allow to that user this is my problem caz i am wireless ISP and i have many time network problem so user disconnect accidently so is there any feature which is clear last session in SQL database ??? $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Heres a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius simultenoues-use error
# SNMP CONFIGURATION # # Snmp configuration is only valid if SNMP support was enabled # at compile time. # # To enable SNMP querying of the server, set the value of the # 'snmp' attribute to 'yes' # snmp= no $INCLUDE ${confdir}/snmp.conf This is in radius.conf. Change snmp = yes and checkrad should work with nastype set to cisco. If you want to get rid of all stale sessions delete them with SQL oneliner like: delete from radacct where AcctStopTime=0 AcctStartTime '2007-3-8' (this is MySQL - MSSQL syntax might be slightly different) This will delete all open sessions up to today. Ivan Kalik Kalik Informatika ISP Dana 8/3/2007, satish patel [EMAIL PROTECTED] piše: Dear all i fedup from this problem i dont know how to resolve it no one help me out from this problem i have freradius-1.1.4 + MSSQL setup user databases and accouting done by mssql and my NAS is cisco router with VPDN configuration but i have faceing some problem since last week suposse one user login in to cisco router and he/she accouting start on MSSQL server i am useting simultenouse-use feature in SQL example radacct tables User AcctStartTimeAcctStopTime abc 08/03/2007:01:30 1/1/1900 Now user can access internet and anything everything going fine but after when i stop radiusd proccess and start it my user disconnected and he/she try for login in to cisco VPDN he/she got error access deny and i got some log multiple user login Thu Mar 8 20:12:05 2007 : Auth: Multiple logins (max 1) : [mlpm484/CHAP-Password] (from client cisco port 974) Thu Mar 8 20:12:08 2007 : Auth: Multiple logins (max 1) : [mlpm629/CHAP-Password] (from client cisco port ) Thu Mar 8 20:12:10 2007 : Auth: Multiple logins (max 1) : [mlpm484/CHAP-Password] (from client cisco port 460) Thu Mar 8 20:12:14 2007 : Auth: Multiple logins (max 1) : SomeThing like this it means in MSSQL AcctStopTime there is i still user login means that entry is not still clear thats why i got error 'Multiple logins (max 1)' in my client.conf file NAStype is other caz when i user cisco nastype my Simulteneous-use not working ?? so i thing this detail enough for help plz tell me right suggesstion if i am wrong $ cat ~/satish/url.txt System administrator ( Data Center ) please visit this site http://linux.tulipit.com - Here#65533;s a new way to find what you're looking for - Yahoo! Answers - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simple EAP flow support!
Hi Mike/Josh, Thanks for your replies. Please see my responses below. On 3/8/07, Michael Griego [EMAIL PROTECTED] wrote: Why exactly do you want to do this instead of using standardized EAP- TLS? Ok I will check if i can use EAP-TLS. You'll have to write your own code upates to FreeRADIUS, and I know of *no* supplicants that will operate in this fashion. Seems like a lot more trouble than using what's already there, especially when you get into situations like where the certificate won't fit into one EAPOL packet, which is constrained by the MTU. Say if i use EAP-TLS then is the NAS supposed to store the certificate of the supplicant. I think the certificate must alway come from the supplicant. But then if we have a problem with the MTU, then supplicant stored certificates cannot be used with EAP-TLS. --Mike On Mar 7, 2007, at 12:53 PM, Diameter K wrote: Hi All, I want to configure free-radius to handle a simple EAP described below. 1. Radius receives a IDENTITY message. The IDENTITY message contains a encrypted certificate. 2. The server decrypts and validates the Certificate and send out a EAP-Success or EAP-Failure. Is there any way i can configure freeradius to achieve this flow or would i have to modify the code. As i understand the standard flows are much more complicated(with challenge), which i dont want. Thanks Regards, Shiv - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius simultenoues-use error
satish patel wrote: User AcctStartTimeAcctStopTime abc 08/03/2007:01:30 1/1/1900 Now user can access internet and anything everything going fine but after when i stop radiusd proccess and start it my user disconnected and he/she try for login in to cisco VPDN he/she got error access deny and i got some log multiple user login Thu Mar 8 20:12:05 2007 : Auth: Multiple logins (max 1) : Looks like the problem isn't FreeRADIUS. The problem is that your NAS is not sending (or FR is not hearing) the stop packets for various reasons. You may need to write a cronjob that runs every minute that looks at your DB to find open connections and then polls your NAS to verify that info and update the DB with stop times if the session is gone. FreeRADIUS is doing exactly what you told it to do. Now go make the rest of your system behave or fudge it as I have described. -- Dennis Skinner Systems Administrator BlueFrog Internet http://www.bluefrog.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bitrary dynamic Nas-Port
On Thu 08 Mar 2007 18:46, MSamir wrote: is that mean that i can use pool-key = %{User-Name} If you wish.. Yes.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bitrary dynamic Nas-Port
is that mean that i can use pool-key = %{User-Name} - Bored stiff? Loosen up... Download and play hundreds of games for free on Yahoo! Games.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simple EAP flow support!
Diameter K wrote: Say if i use EAP-TLS then is the NAS supposed to store the certificate of the supplicant. No. I think the certificate must alway come from the supplicant. But then if we have a problem with the MTU, then supplicant stored certificates cannot be used with EAP-TLS. No. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
password in debug mode
Hi, is there a mean not te see passwords in freeradius debug mode (radiusd -X) ? thanks Thomas- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
802.1x-radius VLAN assignment
Hello! I am working on implementing freeradius with an aruba Wifi controller connected to freeradius, which then talks to AD. (The linux box is on the AD domain) Anyway, we need to pull the vlan identifier through from an AD group, but it appears FreeRadius does not pull that through the request field. Anyone have any thoughts? We know this is possible through the Microsoft radius solution, but are having a tough time of it without using that instead. Thanks! Ryan Kramer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 802.1x-radius VLAN assignment
Attribute Mapping ( attr.map file ) - AFAIK ! Regards, E:S _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Ryan Kramer Sent: Donnerstag, 08. März 2007 23:07 To: freeradius-users@lists.freeradius.org Subject: 802.1x-radius VLAN assignment Hello! I am working on implementing freeradius with an aruba Wifi controller connected to freeradius, which then talks to AD. (The linux box is on the AD domain) Anyway, we need to pull the vlan identifier through from an AD group, but it appears FreeRadius does not pull that through the request field. Anyone have any thoughts? We know this is possible through the Microsoft radius solution, but are having a tough time of it without using that instead. Thanks! Ryan Kramer - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: password in debug mode
Hi, is there a mean not te see passwords in freeradius debug mode (radiusd -X) ? modify the source code. debug mode is supposed to be just that, a full and complete debug so you can see what is going wrong. in normal mode you can change the config and SQL commands to stop the logging and recording of passwords. in debug mode you need to verify everything.. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
max-daily-session
Hi all, I am using Freeradius + Chillispot + Mysql in a hotel wifi and it's working very fine. I have set per user Max-Daily-Session with sql_counter and it works. Now they ask me another situation: the hotel has various workstations that everybody can use. I need to set a low Max-Daily-Session (1 hour) when a user log trough these workstation, and set Max-Daily-Session = 24 hours when user use it's own notepad. so: can I override per user Max-Daily-Session when request come from a certain CallingStationId? what I tried is to use query on sql_counter but it seems there is no variables with CallingStationId, something like: query = SELECT (SUM(AcctSessionTime) + ((WORKSTATIONID = $CallingStationId) * 82800) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime FROM_UNIXTIME('%b') Any idea? Thank's in advance. -- Pierluigi Di Lorenzo ePrometeus s.r.l - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius and vlan assignment
Hello! I am working on implementing *freeradius* with a cisco 3750 switch connected to *freeradius*, which then talks to AD. (The linux box is on the AD domain) Anyway, we try to make vlan assignment by using the 'users' file . We create a user named 'test' on my AD server , and we created this section in the file users : testAuth-Type := MS-CHAP Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = 2 The user is correctly authenticated by AD , but he is put in the default vlan ( id 1 ) and not in the vlan defined in the file 'users' ( id 2 ) . By the way, readind the radiusd output , i think that freeradius does not read my users file...i didn't see int he log anything about the Tunnel-Type or Tunnel-Private-Group-Id informations Anyone have any thoughts? Regards Bruno Message-Authenticator = 0xa309657e84ce8131d67aa64d9a491059 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_realm: No '@' in User-Name = CSB\test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched entry DEFAULT at line 165 users: Matched entry DEFAULT at line 184 modcall[authorize]: module files returns ok for request 6 rlm_eap: EAP packet type response id 6 length 90 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type MS-CHAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'CSB\test' auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CSB\test PEAP: Adding old state with 86 79 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_realm: No '@' in User-Name = CSB\test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched entry DEFAULT at line 165 modcall[authorize]: module files returns ok for request 6 rlm_eap: EAP packet type response id 6 length 67 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type MS-CHAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'CSB\test' auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 9a radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=CSB --username=test --challenge=0529c10bac22a3fa --nt-response=4b1e21679b85263858da26874073491971a58f8bfc024456' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=CSB --username=test --challenge=0529c10bac22a3fa --nt-response=4b1e21679b85263858da26874073491971a58f8bfc024456 Exec-Program output: NT_KEY: 2066656E05C22F3A995AD9ECFED913D6 Exec-Program-Wait: plaintext: NT_KEY: 2066656E05C22F3A995AD9ECFED913D6 Exec-Program: returned: 0 rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module mschap returns ok for request 6 modcall: group Auth-Type returns ok for request 6 MSCHAP Success modcall[authenticate]: module eap
RE: Freeradius and vlan assignment
http://wiki.freeradius.org/Operators Hint += for Tunnel-Type ! Regards, E:S _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Bruno Mardirossian Sent: Freitag, 09. März 2007 03:49 To: freeradius-users@lists.freeradius.org Subject: Freeradius and vlan assignment Hello! I am working on implementing freeradius with a cisco 3750 switch connected to freeradius , which then talks to AD. (The linux box is on the AD domain) Anyway, we try to make vlan assignment by using the 'users' file . We create a user named 'test' on my AD server , and we created this section in the file users : testAuth-Type := MS-CHAP Tunnel-Type = 13, Tunnel-Medium-Type = 6, Tunnel-Private-Group-Id = 2 The user is correctly authenticated by AD , but he is put in the default vlan ( id 1 ) and not in the vlan defined in the file 'users' ( id 2 ) . By the way, readind the radiusd output , i think that freeradius does not read my users file...i didn't see int he log anything about the Tunnel-Type or Tunnel-Private-Group-Id informations Anyone have any thoughts? Regards Bruno Message-Authenticator = 0xa309657e84ce8131d67aa64d9a491059 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_realm: No '@' in User-Name = CSB\test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched entry DEFAULT at line 165 users: Matched entry DEFAULT at line 184 modcall[authorize]: module files returns ok for request 6 rlm_eap: EAP packet type response id 6 length 90 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type MS-CHAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'CSB\test' auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/peap rlm_eap: processing type peap rlm_eap_peap: Authenticate rlm_eap_tls: processing TLS eaptls_verify returned 7 rlm_eap_tls: Done initial handshake eaptls_process returned 7 rlm_eap_peap: EAPTLS_OK rlm_eap_peap: Session established. Decoding tunneled attributes. rlm_eap_peap: EAP type mschapv2 rlm_eap_peap: Tunneled data is valid. PEAP: Setting User-Name to CSB\test PEAP: Adding old state with 86 79 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 6 modcall[authorize]: module preprocess returns ok for request 6 modcall[authorize]: module chap returns noop for request 6 rlm_realm: No '@' in User-Name = CSB\test, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 6 users: Matched entry DEFAULT at line 165 modcall[authorize]: module files returns ok for request 6 rlm_eap: EAP packet type response id 6 length 67 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 6 modcall[authorize]: module mschap returns noop for request 6 modcall: group authorize returns updated for request 6 rad_check_password: Found Auth-Type MS-CHAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'CSB\test' auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 6 rlm_eap: Request found, released from the list rlm_eap: EAP/mschapv2 rlm_eap: processing type mschapv2 Processing the authenticate section of radiusd.conf modcall: entering group Auth-Type for request 6 rlm_mschap: No User-Password configured. Cannot create LM-Password. rlm_mschap: No User-Password configured. Cannot create NT-Password. rlm_mschap: Told to do MS-CHAPv2 for test with NT-Password radius_xlat: Running registered xlat function of module mschap for string 'NT-Domain' radius_xlat: Running registered xlat function of module mschap for string 'User-Name' radius_xlat: Running registered xlat function of module mschap for string 'Challenge' mschap2: 9a radius_xlat: Running registered xlat function of module mschap for string 'NT-Response' radius_xlat: '/usr/bin/ntlm_auth --request-nt-key --domain=CSB --username=test --challenge=0529c10bac22a3fa --nt-response=4b1e21679b85263858da26874073491971a58f8bfc024456' Exec-Program: /usr/bin/ntlm_auth --request-nt-key --domain=CSB --username=test --challenge=0529c10bac22a3fa
send warning to user when duration left close / nearly to zero
Dear all, Is possible to send a pop up windows with warning to users if the duration left close or nearly to zero. Let say from 3 minutes to zero. I am using rlm_sqlcounter with noresetcounter. TIA PD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html