[no subject]
Does anyone has script to verify users session status with NAS, Actualy we are facing some missing Accounting information, and we can use radutmp module because we have multi radius servers and data is centralized in DB. Thank; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nas-identifier regex based huntgroups
Hi guys, there are some posts about subj. refering to search mailing list archive. I did that, but not sure what is the best solution for 2.1.10 to solve this case. And of course, I would like to use regex for nas-identifier value. Thanks for your opinions. Regards, Z. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Thanks @Alan DeKok-2 and @Fajar A. Nugraha for your help!
After exchanging few email with centile I noticed that they are unwilling to
change there configuration setting.
So dou to our softswitch (Centile) for voip It is just not so easy buy and
set a new one.
This radius that we have from Ibill (compatible with centile) we would relay
like to replace due to problems with it.
SO finaly Centile (from the start they telling us that the centile works
with freeradius) said that centile is having problems with 3GPP2.
Is there any way to get this working. Where the changes should be made on
freeradius?
Or to ask in a different way is there any way to get this working :) ?
Thanks!!
I have also tried with ACCEPT like @Fajar A. Nugrah said but I got this
problem (finally my phone begun ringing but new problem rise with media):
++[preprocess] returns ok
[acct_unique] WARNING: Attribute NAS-Port was not found in request, unique
ID MAY be inconsistent
[acct_unique] Hashing ',Client-IP-Address = 212.13.228.58,NAS-IP-Address =
212.13.228.58,Acct-Session-Id = 129464837317821,User-Name = 081609000'
[acct_unique] Acct-Unique-Session-ID = d9d5c2ea191e529f.
++[acct_unique] returns ok
[suffix] No '@' in User-Name = 081609000, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
++[files] returns noop
Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail] expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
- /var/log/radius/radacct/212.13.228.58/detail-20110110
[detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands
to /var/log/radius/radacct/212.13.228.58/detail-20110110
[detail] expand: %t - Mon Jan 10 09:32:58 2011
++[detail] returns ok
++[unix] returns noop
[radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp
[radutmp] expand: %{User-Name} - 081609000
rlm_radutmp: No NAS-Port seen. Cannot do anything.
rlm_radumtp: WARNING: checkrad will probably not work!
++[radutmp] returns noop
++[exec] returns noop
[attr_filter.accounting_response] expand: %{User-Name} - 081609000
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
Sending Accounting-Response of id 3 to 212.13.228.58 port 35277
Finished request 4.
Cleaning up request 4 ID 3 with timestamp +13
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 3 ID 66 with timestamp +13
Ready to process requests.
[ Show » ] softnet added a comment - 10/Jan/11 09:53 AM Hello, what about
this issue? I have put 081609000 to Accept in users file to try this way.
The call reach the telefone but another problem appears due to port is not
send in the request of NAS to freeradius. Thanks! ++[mschap] returns noop
++[digest] returns noop [suffix] No '@' in User-Name = 081609000, looking
up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No
EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry
081609000 at line 71 ++[files] returns ok ++[expiration] returns noop
++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting
to PAP ++[pap] returns noop Found Auth-Type = Accept Auth-Type = Accept,
accepting the user
Executing section post-auth from file /etc/raddb/sites-enabled/default +-
entering group post-auth {...} ++[exec] returns noop Sending Access-Accept
of id 66 to 212.13.228.58 port 59985 Finished request 3. Going to the next
request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from
host 212.13.228.58 port 35277, id=3, length=593 User-Name = 081609000
User-Password = v7\265\345 Cisco-Attr-130 =
0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258
Acct-Multi-Session-Id = 1294648373178 Calling-Station-Id = 81609000
Called-Station-Id = 38651357952 Cisco-AVPair =
h323-called-enterprise-id=NexTone h323-remote-address =
h323-remote-address=212.13.249.90 Acct-Session-Id = 129464837317821
h323-conf-id = h323-conf-id=1294648373178 h323-incoming-conf-id =
h323-incoming-conf-id=1294648373178 h323-call-origin =
h323-call-origin=originate h323-call-type = h323-call-type=VOIP
h323-setup-time = h323-setup-time=08:32:53.182 GMT Mon Jan 10 2011
Acct-Multi-Session-Id = 1294648373178 h323-connect-time =
h323-connect-time=08:32:58.924 GMT Mon Jan 10 2011 h323-disconnect-time =
h323-disconnect-time=08:32:58.934 GMT Mon Jan 10 2011
h323-disconnect-cause = h323-disconnect-cause=66 Acct-Status-Type = Stop
Acct-Session-Time = 0 Event-Timestamp = Jan 10 2011 09:32:58 CET #
Executing section preacct from file /etc/raddb/sites-enabled/default +-
entering group preacct {...} ++[preprocess] returns ok [acct_unique]
WARNING: Attribute NAS-Port was not found in request, unique ID MAY be
inconsistent [acct_unique] Hashing ',Client-IP-Address =
212.13.228.58,NAS-IP-Address = 212.13.228.58,Acct-Session-Id =
129464837317821,User-Name = 081609000' [acct_unique]
Acct-Unique-Session-ID = d9d5c2ea191e529f. ++[acct_unique
preprocess module
Hi all. Trying to understand and learn freeradius. For my use, I do not need
the huntgroups or hints files, so I tried taking them out. I renamed the
files from huntgroups to huntgroups.off, and the same for hints. I then
edited module/preprocess to take out references to these two files. However,
when I start up radiusd, it appears that it's STILL looking for the files.
I've gone so far as doing a grep -ir huntgroup *, and every line it comes
back with is commented out. Here's the debug and my modules/preprocess file:
--debug start--
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module preprocess from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups
/usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for module
preprocess
/usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module
preprocess.
/usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section.
--debug end--
--preprocess start--
preprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
--preprocess end--
Anyone have any ideas on where it's getting this configuration from???
Thanks!
--Brian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: preprocess module
It's worth mentioning that if I change ascend_channels_per_line to 32
instead of 23, that change gets recognized.
--Brian
-Original Message-
From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org
[mailto:freeradius-users-bounces+bmccann=andmore@lists.freeradius.org] On
Behalf Of McCann, Brian
Sent: Monday, January 10, 2011 4:45 PM
To: freeradius-users@lists.freeradius.org
Subject: preprocess module
Hi all. Trying to understand and learn freeradius. For my use, I do not need
the huntgroups or hints files, so I tried taking them out. I renamed the
files from huntgroups to huntgroups.off, and the same for hints. I then
edited module/preprocess to take out references to these two files. However,
when I start up radiusd, it appears that it's STILL looking for the files.
I've gone so far as doing a grep -ir huntgroup *, and every line it comes
back with is commented out. Here's the debug and my modules/preprocess file:
--debug start--
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module preprocess from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups
/usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for module
preprocess
/usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module
preprocess.
/usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section.
--debug end--
--preprocess start--
preprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
--preprocess end--
Anyone have any ideas on where it's getting this configuration from???
Thanks!
--Brian
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: preprocess module
Why did you remove the files? Unless they are doing something bad, leave
them alone.
Tim
-Original Message-
From: freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org
[mailto:freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf
Of McCann, Brian
Sent: Monday, January 10, 2011 1:49 PM
To: FreeRadius users mailing list
Subject: RE: preprocess module
It's worth mentioning that if I change ascend_channels_per_line to
32 instead of 23, that change gets recognized.
--Brian
-Original Message-
From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org
[mailto:freeradius-users-
bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of McCann,
Brian
Sent: Monday, January 10, 2011 4:45 PM
To: freeradius-users@lists.freeradius.org
Subject: preprocess module
Hi all. Trying to understand and learn freeradius. For my use, I do
not need the huntgroups or hints files, so I tried taking them out.
I renamed the files from huntgroups to huntgroups.off, and the same
for hints. I then edited module/preprocess to take out references to
these two files. However, when I start up radiusd, it appears that
it's STILL looking for the files. I've gone so far as doing a grep -
ir huntgroup *, and every line it comes back with is commented out.
Here's the debug and my modules/preprocess file:
--debug start--
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module preprocess from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups
/usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for
module preprocess
/usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module
preprocess.
/usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize
section.
--debug end--
--preprocess start--
preprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
--preprocess end--
Anyone have any ideas on where it's getting this configuration from???
Thanks!
--Brian
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: preprocess module
I removed it because it deals with cases I'll never have...ppp, slip, cslip.
No, it's not doing anything bad, but it's not doing anything helpful
either. You're 100% right, I can just put them back. Just trying to
understand why the config file isn't doing what it's told.
--Brian
-Original Message-
From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org
[mailto:freeradius-users-bounces+bmccann=andmore@lists.freeradius.org] On
Behalf Of Tim Sylvester
Sent: Monday, January 10, 2011 5:13 PM
To: 'FreeRadius users mailing list'
Subject: RE: preprocess module
Why did you remove the files? Unless they are doing something bad, leave
them alone.
Tim
-Original Message-
From: freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org
[mailto:freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf
Of McCann, Brian
Sent: Monday, January 10, 2011 1:49 PM
To: FreeRadius users mailing list
Subject: RE: preprocess module
It's worth mentioning that if I change ascend_channels_per_line to
32 instead of 23, that change gets recognized.
--Brian
-Original Message-
From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org
[mailto:freeradius-users-
bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of McCann,
Brian
Sent: Monday, January 10, 2011 4:45 PM
To: freeradius-users@lists.freeradius.org
Subject: preprocess module
Hi all. Trying to understand and learn freeradius. For my use, I do
not need the huntgroups or hints files, so I tried taking them out.
I renamed the files from huntgroups to huntgroups.off, and the same
for hints. I then edited module/preprocess to take out references to
these two files. However, when I start up radiusd, it appears that
it's STILL looking for the files. I've gone so far as doing a grep -
ir huntgroup *, and every line it comes back with is commented out.
Here's the debug and my modules/preprocess file:
--debug start--
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module preprocess from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups
/usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for
module preprocess
/usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module
preprocess.
/usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize
section.
--debug end--
--preprocess start--
preprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
--preprocess end--
Anyone have any ideas on where it's getting this configuration from???
Thanks!
--Brian
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: preprocess module
FR is the most difficult easy thing ever. Generally speaking, unless you
have a REALLY good understanding of how everything is tied together - don't
change ANYTHING you don't absolutely NEED to. I hear what you're saying about
optimizing the config and such, but it's really not worth the little overhead
unless you're handling many thousands requests per second
Feel free to play, just expect to do a LOT of playing before you figure it out
and expect to break lots of stuff along the way! :)
-Original Message-
From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org
[mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On
Behalf Of McCann, Brian
Sent: Monday, January 10, 2011 4:27 PM
To: tim.sylves...@networkradius.com; FreeRadius users mailing list
Subject: RE: preprocess module
I removed it because it deals with cases I'll never have...ppp, slip, cslip.
No, it's not doing anything bad, but it's not doing anything helpful
either. You're 100% right, I can just put them back. Just trying to
understand why the config file isn't doing what it's told.
--Brian
-Original Message-
From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org
[mailto:freeradius-users-bounces+bmccann=andmore@lists.freeradius.org] On
Behalf Of Tim Sylvester
Sent: Monday, January 10, 2011 5:13 PM
To: 'FreeRadius users mailing list'
Subject: RE: preprocess module
Why did you remove the files? Unless they are doing something bad, leave
them alone.
Tim
-Original Message-
From: freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org
[mailto:freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf
Of McCann, Brian
Sent: Monday, January 10, 2011 1:49 PM
To: FreeRadius users mailing list
Subject: RE: preprocess module
It's worth mentioning that if I change ascend_channels_per_line to
32 instead of 23, that change gets recognized.
--Brian
-Original Message-
From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org
[mailto:freeradius-users-
bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of McCann,
Brian
Sent: Monday, January 10, 2011 4:45 PM
To: freeradius-users@lists.freeradius.org
Subject: preprocess module
Hi all. Trying to understand and learn freeradius. For my use, I do
not need the huntgroups or hints files, so I tried taking them out.
I renamed the files from huntgroups to huntgroups.off, and the same
for hints. I then edited module/preprocess to take out references to
these two files. However, when I start up radiusd, it appears that
it's STILL looking for the files. I've gone so far as doing a grep -
ir huntgroup *, and every line it comes back with is commented out.
Here's the debug and my modules/preprocess file:
--debug start--
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module preprocess from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups
/usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for
module preprocess
/usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module
preprocess.
/usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize
section.
--debug end--
--preprocess start--
preprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
--preprocess end--
Anyone have any ideas on where it's getting this configuration from???
Thanks!
--Brian
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
font size=1
div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in
1.0pt 0in'
/div
This email is intended to be reviewed by only the intended recipient
and may contain information that is privileged and/or confidential.
If you are not the intended recipient, you are hereby notified that
any review, use, dissemination, disclosure or copying of this email
and its attachments, if any, is strictly prohibited. If you have
received this
RE: preprocess module
Actually, the configuration files are doing what they were told. Read the
debug output carefully and you will see that you removed the include
statements from module/preprocess but did not change sites-enable/default.
You are better off only changing what needs to be changed for your
configuration. The extra stuff in the configuration does not hurt the
operation or performance of the radius server.
Tim
-Original Message-
From: McCann, Brian [mailto:bmcc...@andmore.com]
Sent: Monday, January 10, 2011 2:27 PM
To: tim.sylves...@networkradius.com; FreeRadius users mailing list
Subject: RE: preprocess module
I removed it because it deals with cases I'll never have...ppp, slip,
cslip. No, it's not doing anything bad, but it's not doing anything
helpful either. You're 100% right, I can just put them back. Just
trying to understand why the config file isn't doing what it's told.
--Brian
-Original Message-
From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org
[mailto:freeradius-users-
bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of Tim
Sylvester
Sent: Monday, January 10, 2011 5:13 PM
To: 'FreeRadius users mailing list'
Subject: RE: preprocess module
Why did you remove the files? Unless they are doing something bad,
leave
them alone.
Tim
-Original Message-
From: freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org
[mailto:freeradius-users-
bounces+tim.sylvester=networkradius@lists.freeradius.org] On
Behalf
Of McCann, Brian
Sent: Monday, January 10, 2011 1:49 PM
To: FreeRadius users mailing list
Subject: RE: preprocess module
It's worth mentioning that if I change ascend_channels_per_line to
32 instead of 23, that change gets recognized.
--Brian
-Original Message-
From: freeradius-users-
bounces+bmccann=andmore@lists.freeradius.org
[mailto:freeradius-users-
bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of
McCann,
Brian
Sent: Monday, January 10, 2011 4:45 PM
To: freeradius-users@lists.freeradius.org
Subject: preprocess module
Hi all. Trying to understand and learn freeradius. For my use, I do
not need the huntgroups or hints files, so I tried taking them
out.
I renamed the files from huntgroups to huntgroups.off, and the
same
for hints. I then edited module/preprocess to take out references
to
these two files. However, when I start up radiusd, it appears that
it's STILL looking for the files. I've gone so far as doing a grep
-
ir huntgroup *, and every line it comes back with is commented out.
Here's the debug and my modules/preprocess file:
--debug start--
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module preprocess from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups
/usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for
module preprocess
/usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module
preprocess.
/usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing
authorize
section.
--debug end--
--preprocess start--
preprocess {
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
--preprocess end--
Anyone have any ideas on where it's getting this configuration
from???
Thanks!
--Brian
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
samba 3.0.33
Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work properly in
samba versions beyond 3.0.30? On samba 3.3.8 I still get the same type of error
I'd get as if I didn't have the xpextensions on my cert (Even though I do.) No
response to access-challenge. If I go back to 3.0.30 it immediately
worksStarting to run into a problem because 3.0.30 won't work will 2008 r2
domain controllers. Again my cert does have the xpextensions. And it does this
to all clients,, not just Microsoft. Here's the end of my debug:
[mschap]expand: --username=%{mschap:User-Name:-None} -
--username=tomtom
[mschap]expand: %{mschap:NT-Domain} - ADS
[mschap]expand: --domain=%{%{mschap:NT-Domain}:-ADS} - --domain=ADS
[mschap] mschap2: d3
[mschap] Creating challenge hash with username: tomtom
[mschap]expand: --challenge=%{mschap:Challenge:-00} -
--challenge=ba19d84bdab789ef
[mschap]expand: --nt-response=%{mschap:NT-Response:-00} -
--nt-response=27a757e4b32c51011216ac7fff78219563fc14af067f3d05
Exec-Program output: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F
Exec-Program-Wait: plaintext: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
[peap] Got tunneled reply code 11
EAP-Message =
0x010c00331a030b002e533d3133453034393739353130383137303633423342413033324339383343383832413937323736
Message-Authenticator = 0x
State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed
[peap] Got tunneled reply RADIUS code 11
EAP-Message =
0x010c00331a030b002e533d3133453034393739353130383137303633423342413033324339383343383832413937323736
Message-Authenticator = 0x
State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 17 to 172.20.4.253 port 32769
EAP-Message =
0x010c005b19001703010050e5f53b91a3b5214c1a0f1ee21b46045f6992732a92d882e4359ed17b1dfffcb69d20d4645caa74a94ea448cd54c76c041c642d05801fa0a4f830247b30f9723884d6fbaa35f6b11398741f833bc68f08
Message-Authenticator = 0x
State = 0xedeb59b2eae740f09f949186981dc8bc
Finished request 10.
Going to the next request
Waking up in 4.7 seconds.
Cleaning up request 3 ID 10 with timestamp +11
Cleaning up request 4 ID 11 with timestamp +11
Cleaning up request 5 ID 12 with timestamp +11
Cleaning up request 6 ID 13 with timestamp +11
Cleaning up request 7 ID 14 with timestamp +11
Cleaning up request 8 ID 15 with timestamp +11
Waking up in 0.1 seconds.
Cleaning up request 9 ID 16 with timestamp +11
Cleaning up request 10 ID 17 with timestamp +11
WARNING: !!
WARNING: !! EAP session for state 0xedeb59b2eae740f0 did not finish!
WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility
WARNING: !!
Thomas E. Casartello, Jr.
Staff Assistant - Wireless/Linux Administrator
Information Technology
Wilson 105A
Westfield State College
(413) 572-8245
Red Hat Certified Technician (RHCT)
Cisco Certified Network Associate (CCNA)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unable to get FreeRADIUS working with MySQL
Hi, I am running FreeRADIUS Version 1.1.3, for host x86_64-redhat-linux-gnu (from the CentOS repositories) and am having problem getting it working with MySQL. The specific error message that I am seeing is: ... rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request ... After testing with the following command: /usr/bin/radtest test_user password 127.0.0.1 1812 sharedsecret It seems like the sql module is set up correctly, because the authorize section returns ok. However, the authentication section does not check the database, but rather uses the DEFAULT user, which has 'Auth-Type' set to 'System'. This returns an error and the request is rejected. How do I get 'rad_check_password' to check the database instead of the looking at the system users? Is there an 'Auth-Type' of 'SQL' which I could use? Thank you Stephen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: samba 3.0.33
On 01/11/2011 02:11 AM, Casartello, Thomas wrote: Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work properly in samba versions beyond 3.0.30? On samba 3.3.8 I still get the Yes. We run the samba3x RHEL RPM, which is a version of 3.3.8 with patches. The specific fix you need is: https://bugzilla.samba.org/show_bug.cgi?id=7568 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unable to get FreeRADIUS working with MySQL
On 01/11/2011 02:54 AM, Stephen Tyers wrote: Hi, I am running FreeRADIUS Version 1.1.3, Upgrade to an newer, supported version of the server. Start with the default configs and a test user in /etc/raddb/users: username Cleartext-Password := password See that this works, move the info into SQL, continue from there making one change at a time and keeping a history of your configs so you can go back when something breaks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: preprocess module
On 01/10/2011 09:45 PM, McCann, Brian wrote:
Hi all. Trying to understand and learn freeradius. For my use, I do not need the huntgroups or hints files, so I
tried taking them out. I renamed the files from huntgroups to huntgroups.off, and the same for hints. I then
edited module/preprocess to take out references to these two files. However, when I start up radiusd, it appears that it's
STILL looking for the files. I've gone so far as doing a grep -ir huntgroup *, and every line it comes back with is commented
out. Here's the debug and my modules/preprocess file:
--debug start--
server { # from file /usr/local/etc/raddb/radiusd.conf
modules {
Module: Checking authenticate {...} for more modules to load
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating module preprocess from file
/usr/local/etc/raddb/modules/preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
These defaults are compiled into the module:
static const CONF_PARSER module_config[] = {
{ huntgroups, PW_TYPE_FILENAME,
offsetof(rlm_preprocess_t,huntgroup_file), NULL,
${raddbdir}/huntgroups },
By commenting out the entry, the defaults are used. If you want the
module to not process the files, either:
1. set the filenames to i.e. empty string
2. empty the files (better)
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unable to get FreeRADIUS working with MySQL
On Tue, Jan 11, 2011 at 2:20 PM, Phil Mayers p.may...@imperial.ac.uk wrote: On 01/11/2011 02:54 AM, Stephen Tyers wrote: Hi, I am running FreeRADIUS Version 1.1.3, Upgrade to an newer, supported version of the server. RHEL/Centos5 has freereadius2 in its repo. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
