Re: Accounting-Request/Accounting-Response question
Tuc at T-B-O-H.NET wrote: I'm looking into the Accounting-Request packet for the following : *** DUMP OF RADIUS PACKET (Net::Radius::Packet=HASH(0x834ac1c)) Code: Accounting-Request Identifier: 1 Authentic: \x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0} That's wrong. It should be signed by the shared secret. When I get it back, I get : Code: Accounting-Response Identifier: 1 Authentic: \x{a}\x{da}\%\x{1f}\x{ff}o\`\x{bf}\(\x{b0}V\x{aa}\x{ba}J;\x{99} Attributes: Is there anything that would make this NOT come back like that? What do you mean? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS and WPA-2 Enterprise
Hi, We are trying to setup WPA2 Enterprise authentication to work with the FreeRadius server. We have configured EAP-PEAP authentication. We have installed all the certificates and corrected the EAP.conf certificate paths. We tried to connect from the supplicant from Windows XP. Windows asked for the login/password and this is the output of the radiusd -X. The user is configured in the users file. We couldn't see any error, however the authentication didn't succeed. i see you have th user in your unix password file - what type of password is stored there? with PEAP, you cannot auth against a plain password. also, you say you 'installed the certificates and corrected the eap.conf certificate paths' - what certs did you install, how did you make them? what was wrong with the paths? why did you not just put the certs in the $raddb/certs directory? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Forcing lowercase User-Name with rlm_perl
On 2008-05-17 02:09, Chris wrote: I basically want User-Name to be forced to lowercase for the duration of the request. I have done the following: modules { perl { module = my_perl_module.pm } } authorize { preprocess perl ... } Pertinent contents of my_perl_module.pm: sub authorize { $RAD_REQUEST{'User-Name'} =~ tr/A-Z/a-z/; return RLM_MODULE_OK; } This seems to do what I want. Is it the correct way to accomplish this task? lc EXPR lc Returns a lowercased version of EXPR. This is the internal function implementing the \L escape in double-quoted strings. Respects current LC_CTYPE locale if use locale in force. See perllocale and perlunicode for more details about locale and Unicode support. If EXPR is omitted, uses $_. Best regards, Krzysztof Olędzki - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help need with mysql statement in freeradius
Hi all, After many trial and errors my perl modules is working great. Thanks IVan, Alan and all of who helped me a lot. Well I am not programmer but search in google and you guys helped me a lot. One thing is I am not able to log my custom message of perl modules in radius.log. Is it possible to show the custom log message in radius.log sub authorize{ if ( $mac == 1 $RAD_CHECK{'Calling-Station-Id'} eq ){ my $sql2 = $dbh-prepare(INSERT INTO radcheck (id,username,attribute,op,value) VALUES('','$RAD_REQUEST{'User-Name'}','Calling -Station-Id','+=','$RAD_REQUEST{'Calling-Station-Id'}')); $rowcount = $sql2-execute(); #or die Cannot execute SQL Statement: $DBI::errstr\n; $RAD_REPLY{'Reply-Message'} = Mac Address Successfully updated in database $RAD_REQUEST{'Calling-Station-Id'}; return RLM_MODULE_OK; # Do some logging. radiusd::radlog(1,rlm_perl:: NEW MAC updated in database.); } request (ie. mobile). Same applies to $sql3. Also I would use == instead of += as the operator there. I am using += operator because it helps me to store multiple CID in database and also after using this operator it logs the correct information in radius.log like why user are being reject. Before I was using == but it only gives Login incorrect. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help need with mysql statement in freeradius
Put the log line before return. Ivan Kalik Kalik Informatika ISP Dana 17/5/2008, Bishal [EMAIL PROTECTED] piše: Hi all, After many trial and errors my perl modules is working great. Thanks IVan, Alan and all of who helped me a lot. Well I am not programmer but search in google and you guys helped me a lot. One thing is I am not able to log my custom message of perl modules in radius.log. Is it possible to show the custom log message in radius.log sub authorize{ if ( $mac == 1 $RAD_CHECK{'Calling-Station-Id'} eq ){ my $sql2 = $dbh-prepare(INSERT INTO radcheck (id,username,attribute,op,value) VALUES('','$RAD_REQUEST{'User-Name'}','Calling -Station-Id','+=','$RAD_REQUEST{'Calling-Station-Id'}')); $rowcount = $sql2-execute(); #or die Cannot execute SQL Statement: $DBI::errstr\n; $RAD_REPLY{'Reply-Message'} = Mac Address Successfully updated in database $RAD_REQUEST{'Calling-Station-Id'}; return RLM_MODULE_OK; # Do some logging. radiusd::radlog(1,rlm_perl:: NEW MAC updated in database.); } request (ie. mobile). Same applies to $sql3. Also I would use == instead of += as the operator there. I am using += operator because it helps me to store multiple CID in database and also after using this operator it logs the correct information in radius.log like why user are being reject. Before I was using == but it only gives Login incorrect. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help need with mysql statement in freeradius
Hi, $RAD_REPLY{'Reply-Message'} = Mac Address Successfully updated in database $RAD_REQUEST{'Calling-Station-Id'}; return RLM_MODULE_OK; # Do some logging. radiusd::radlog(1,rlm_perl:: NEW MAC updated in database.); note the order of your code here. you are 'return'ing before you've donr the radlog bit. ie the radlog will never be hit because you've already returned from the subroutine. slap the radlog straight before the return and you'll get the values in the radius.log alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS and WPA-2 Enterprise
William E. Russell wrote: We are trying to setup WPA2 Enterprise authentication to work with the FreeRadius server. We have configured EAP-PEAP authentication. We have installed all the certificates and corrected the EAP.conf certificate paths. We tried to connect from the supplicant from Windows XP. Windows asked for the login/password and this is the output of the radiusd -X. The user is configured in the users file. We couldn't see any error, however the authentication didn't succeed. This problem is because the certificates don't have the magic Windows OID's, OR because the Windows client doesn't have the CA cert in it's list. 1) install freeradius-2.0.4 2) add a username/password 'bob/bob'. See the FAQ. 3) start it as root. Watch it create temporary certificates 4) Use radtest for 'bob/bob' to see if it works. 5) Configure PEAP on the Windows client. 6) un-check validate server certificate on the Windows client 7) point Access point to FreeRADIUS 8) Add access point IP/secret to the server (and re-start) 9) validate that PEAP works, with 'bob/bob' That's most of it. After that, you want *real* certificates. Edit the files in raddb/certs/*cnf, and re-make the certificates. Copy ca.der to your Windows desktop, and double-click on it. This should install the certificate into the root store. If you want to use your own certificates for RADIUS. See raddb/certs/README. You MUST also include the magic Windows OID's. If you don't know what these are, see raddb/certs/* Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Forcing lowercase User-Name with rlm_perl
On May 17, 2008, at 6:31 AM, Krzysztof Olędzki wrote: On 2008-05-17 02:09, Chris wrote: I basically want User-Name to be forced to lowercase for the duration of the request. I have done the following: modules { perl { module = my_perl_module.pm } } authorize { preprocess perl ... } Pertinent contents of my_perl_module.pm: sub authorize { $RAD_REQUEST{'User-Name'} =~ tr/A-Z/a-z/; return RLM_MODULE_OK; } This seems to do what I want. Is it the correct way to accomplish this task? lc EXPR lc Returns a lowercased version of EXPR. This is the internal function implementing the \L escape in double-quoted strings. Respects current LC_CTYPE locale if use locale in force. See perllocale and perlunicode for more details about locale and Unicode support. If EXPR is omitted, uses $_. Thanks. I'll look at lc. I was actually more concerned about the interfacing with freeradius than the perl itself. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Turning on sql in accounting - 2 questions
2. Why am I getting 3 rows of data in table radacct for each session? Read the debug log. It's likely that the NAS isn't sending a consistent Acct-Session-Id. I found out why. NAS is sending the Accounting Request packet 3 times to the radius server because the radius server is not acknowledging, even though it receives the packets. Is there any config that I miss out that causes freeradius not to ack? #Firewall is not a problem; I have turned it off. Please advise. -npy - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Friday, May 16, 2008 10:12 PM Subject: Re: Turning on sql in accounting - 2 questions NPY wrote: 1. In sites-available/default, I found that 'sql' logging only works in accounting only if I put it in front of 'unix' under the accounting section. Why? Read the debug log. 2. Why am I getting 3 rows of data in table radacct for each session? Read the debug log. It's likely that the NAS isn't sending a consistent Acct-Session-Id. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html