Re: Accounting-Request/Accounting-Response question
Tuc at T-B-O-H.NET wrote:
I'm looking into the Accounting-Request packet for
the following :
*** DUMP OF RADIUS PACKET (Net::Radius::Packet=HASH(0x834ac1c))
Code: Accounting-Request
Identifier: 1
Authentic:
\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}\x{0}
That's wrong. It should be signed by the shared secret.
When I get it back, I get :
Code: Accounting-Response
Identifier: 1
Authentic: \x{a}\x{da}\%\x{1f}\x{ff}o\`\x{bf}\(\x{b0}V\x{aa}\x{ba}J;\x{99}
Attributes:
Is there anything that would make this NOT come back like that?
What do you mean?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS and WPA-2 Enterprise
Hi, We are trying to setup WPA2 Enterprise authentication to work with the FreeRadius server. We have configured EAP-PEAP authentication. We have installed all the certificates and corrected the EAP.conf certificate paths. We tried to connect from the supplicant from Windows XP. Windows asked for the login/password and this is the output of the radiusd -X. The user is configured in the users file. We couldn't see any error, however the authentication didn't succeed. i see you have th user in your unix password file - what type of password is stored there? with PEAP, you cannot auth against a plain password. also, you say you 'installed the certificates and corrected the eap.conf certificate paths' - what certs did you install, how did you make them? what was wrong with the paths? why did you not just put the certs in the $raddb/certs directory? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Forcing lowercase User-Name with rlm_perl
On 2008-05-17 02:09, Chris wrote:
I basically want User-Name to be forced to lowercase for the duration
of the request.
I have done the following:
modules {
perl {
module = my_perl_module.pm
}
}
authorize {
preprocess
perl
...
}
Pertinent contents of my_perl_module.pm:
sub authorize {
$RAD_REQUEST{'User-Name'} =~ tr/A-Z/a-z/;
return RLM_MODULE_OK;
}
This seems to do what I want. Is it the correct way to accomplish
this task?
lc EXPR
lc Returns a lowercased version of EXPR. This is the internal
function implementing the \L escape in double-quoted strings.
Respects current LC_CTYPE locale if use locale in force. See
perllocale and perlunicode for more details about locale and
Unicode support.
If EXPR is omitted, uses $_.
Best regards,
Krzysztof Olędzki
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help need with mysql statement in freeradius
Hi all,
After many trial and errors my perl modules is working great. Thanks
IVan, Alan and all of who helped me a lot. Well I am not programmer but
search in google and you guys helped me a lot.
One thing is I am not able to log my custom message of perl modules in
radius.log. Is it possible to show the custom log message in radius.log
sub authorize{
if ( $mac == 1 $RAD_CHECK{'Calling-Station-Id'} eq ){
my $sql2 = $dbh-prepare(INSERT INTO radcheck
(id,username,attribute,op,value)
VALUES('','$RAD_REQUEST{'User-Name'}','Calling
-Station-Id','+=','$RAD_REQUEST{'Calling-Station-Id'}'));
$rowcount = $sql2-execute();
#or die Cannot execute SQL Statement: $DBI::errstr\n;
$RAD_REPLY{'Reply-Message'} = Mac Address Successfully
updated in database $RAD_REQUEST{'Calling-Station-Id'};
return RLM_MODULE_OK;
# Do some logging.
radiusd::radlog(1,rlm_perl:: NEW MAC updated in database.);
}
request (ie. mobile). Same applies to $sql3. Also I would use == instead
of += as the operator there.
I am using += operator because it helps me to store multiple CID in
database and also after using this operator it logs the correct
information in radius.log like why user are being reject. Before I was
using == but it only gives Login incorrect.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help need with mysql statement in freeradius
Put the log line before return.
Ivan Kalik
Kalik Informatika ISP
Dana 17/5/2008, Bishal [EMAIL PROTECTED] piše:
Hi all,
After many trial and errors my perl modules is working great. Thanks
IVan, Alan and all of who helped me a lot. Well I am not programmer but
search in google and you guys helped me a lot.
One thing is I am not able to log my custom message of perl modules in
radius.log. Is it possible to show the custom log message in radius.log
sub authorize{
if ( $mac == 1 $RAD_CHECK{'Calling-Station-Id'} eq ){
my $sql2 = $dbh-prepare(INSERT INTO radcheck
(id,username,attribute,op,value)
VALUES('','$RAD_REQUEST{'User-Name'}','Calling
-Station-Id','+=','$RAD_REQUEST{'Calling-Station-Id'}'));
$rowcount = $sql2-execute();
#or die Cannot execute SQL Statement: $DBI::errstr\n;
$RAD_REPLY{'Reply-Message'} = Mac Address Successfully
updated in database $RAD_REQUEST{'Calling-Station-Id'};
return RLM_MODULE_OK;
# Do some logging.
radiusd::radlog(1,rlm_perl:: NEW MAC updated in database.);
}
request (ie. mobile). Same applies to $sql3. Also I would use == instead
of += as the operator there.
I am using += operator because it helps me to store multiple CID in
database and also after using this operator it logs the correct
information in radius.log like why user are being reject. Before I was
using == but it only gives Login incorrect.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: help need with mysql statement in freeradius
Hi,
$RAD_REPLY{'Reply-Message'} = Mac Address Successfully
updated in database $RAD_REQUEST{'Calling-Station-Id'};
return RLM_MODULE_OK;
# Do some logging.
radiusd::radlog(1,rlm_perl:: NEW MAC updated in database.);
note the order of your code here. you are 'return'ing before you've
donr the radlog bit. ie the radlog will never be hit because
you've already returned from the subroutine. slap the radlog
straight before the return and you'll get the values
in the radius.log
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeRADIUS and WPA-2 Enterprise
William E. Russell wrote: We are trying to setup WPA2 Enterprise authentication to work with the FreeRadius server. We have configured EAP-PEAP authentication. We have installed all the certificates and corrected the EAP.conf certificate paths. We tried to connect from the supplicant from Windows XP. Windows asked for the login/password and this is the output of the radiusd -X. The user is configured in the users file. We couldn't see any error, however the authentication didn't succeed. This problem is because the certificates don't have the magic Windows OID's, OR because the Windows client doesn't have the CA cert in it's list. 1) install freeradius-2.0.4 2) add a username/password 'bob/bob'. See the FAQ. 3) start it as root. Watch it create temporary certificates 4) Use radtest for 'bob/bob' to see if it works. 5) Configure PEAP on the Windows client. 6) un-check validate server certificate on the Windows client 7) point Access point to FreeRADIUS 8) Add access point IP/secret to the server (and re-start) 9) validate that PEAP works, with 'bob/bob' That's most of it. After that, you want *real* certificates. Edit the files in raddb/certs/*cnf, and re-make the certificates. Copy ca.der to your Windows desktop, and double-click on it. This should install the certificate into the root store. If you want to use your own certificates for RADIUS. See raddb/certs/README. You MUST also include the magic Windows OID's. If you don't know what these are, see raddb/certs/* Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Forcing lowercase User-Name with rlm_perl
On May 17, 2008, at 6:31 AM, Krzysztof Olędzki wrote:
On 2008-05-17 02:09, Chris wrote:
I basically want User-Name to be forced to lowercase for the
duration of the request.
I have done the following:
modules {
perl {
module = my_perl_module.pm
}
}
authorize {
preprocess
perl
...
}
Pertinent contents of my_perl_module.pm:
sub authorize {
$RAD_REQUEST{'User-Name'} =~ tr/A-Z/a-z/;
return RLM_MODULE_OK;
}
This seems to do what I want. Is it the correct way to accomplish
this task?
lc EXPR
lc Returns a lowercased version of EXPR. This is the internal
function implementing the \L escape in double-quoted
strings.
Respects current LC_CTYPE locale if use locale in force.
See
perllocale and perlunicode for more details about locale and
Unicode support.
If EXPR is omitted, uses $_.
Thanks. I'll look at lc.
I was actually more concerned about the interfacing with freeradius
than the perl itself.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Turning on sql in accounting - 2 questions
2. Why am I getting 3 rows of data in table radacct for each session? Read the debug log. It's likely that the NAS isn't sending a consistent Acct-Session-Id. I found out why. NAS is sending the Accounting Request packet 3 times to the radius server because the radius server is not acknowledging, even though it receives the packets. Is there any config that I miss out that causes freeradius not to ack? #Firewall is not a problem; I have turned it off. Please advise. -npy - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: FreeRadius users mailing list freeradius-users@lists.freeradius.org Sent: Friday, May 16, 2008 10:12 PM Subject: Re: Turning on sql in accounting - 2 questions NPY wrote: 1. In sites-available/default, I found that 'sql' logging only works in accounting only if I put it in front of 'unix' under the accounting section. Why? Read the debug log. 2. Why am I getting 3 rows of data in table radacct for each session? Read the debug log. It's likely that the NAS isn't sending a consistent Acct-Session-Id. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
