[no subject]
Does anyone has script to verify users session status with NAS, Actualy we are facing some missing Accounting information, and we can use radutmp module because we have multi radius servers and data is centralized in DB. Thank; - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
nas-identifier regex based huntgroups
Hi guys, there are some posts about subj. refering to search mailing list archive. I did that, but not sure what is the best solution for 2.1.10 to solve this case. And of course, I would like to use regex for nas-identifier value. Thanks for your opinions. Regards, Z. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Voip database
Thanks @Alan DeKok-2 and @Fajar A. Nugraha for your help! After exchanging few email with centile I noticed that they are unwilling to change there configuration setting. So dou to our softswitch (Centile) for voip It is just not so easy buy and set a new one. This radius that we have from Ibill (compatible with centile) we would relay like to replace due to problems with it. SO finaly Centile (from the start they telling us that the centile works with freeradius) said that centile is having problems with 3GPP2. Is there any way to get this working. Where the changes should be made on freeradius? Or to ask in a different way is there any way to get this working :) ? Thanks!! I have also tried with ACCEPT like @Fajar A. Nugrah said but I got this problem (finally my phone begun ringing but new problem rise with media): ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 212.13.228.58,NAS-IP-Address = 212.13.228.58,Acct-Session-Id = 129464837317821,User-Name = 081609000' [acct_unique] Acct-Unique-Session-ID = d9d5c2ea191e529f. ++[acct_unique] returns ok [suffix] No '@' in User-Name = 081609000, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop ++[files] returns noop Executing section accounting from file /etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d - /var/log/radius/radacct/212.13.228.58/detail-20110110 [detail] /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radius/radacct/212.13.228.58/detail-20110110 [detail] expand: %t - Mon Jan 10 09:32:58 2011 ++[detail] returns ok ++[unix] returns noop [radutmp] expand: /var/log/radius/radutmp - /var/log/radius/radutmp [radutmp] expand: %{User-Name} - 081609000 rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! ++[radutmp] returns noop ++[exec] returns noop [attr_filter.accounting_response] expand: %{User-Name} - 081609000 attr_filter: Matched entry DEFAULT at line 12 ++[attr_filter.accounting_response] returns updated Sending Accounting-Response of id 3 to 212.13.228.58 port 35277 Finished request 4. Cleaning up request 4 ID 3 with timestamp +13 Going to the next request Waking up in 4.9 seconds. Cleaning up request 3 ID 66 with timestamp +13 Ready to process requests. [ Show » ] softnet added a comment - 10/Jan/11 09:53 AM Hello, what about this issue? I have put 081609000 to Accept in users file to try this way. The call reach the telefone but another problem appears due to port is not send in the request of NAS to freeradius. Thanks! ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = 081609000, looking up realm NULL [suffix] No such realm NULL ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [files] users: Matched entry 081609000 at line 71 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING: Auth-Type already set. Not setting to PAP ++[pap] returns noop Found Auth-Type = Accept Auth-Type = Accept, accepting the user Executing section post-auth from file /etc/raddb/sites-enabled/default +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 66 to 212.13.228.58 port 59985 Finished request 3. Going to the next request Waking up in 4.9 seconds. rad_recv: Accounting-Request packet from host 212.13.228.58 port 35277, id=3, length=593 User-Name = 081609000 User-Password = v7\265\345 Cisco-Attr-130 = 0x683332332d63616c6c696e672d656e74657270726973652d69643d656e74504258 Acct-Multi-Session-Id = 1294648373178 Calling-Station-Id = 81609000 Called-Station-Id = 38651357952 Cisco-AVPair = h323-called-enterprise-id=NexTone h323-remote-address = h323-remote-address=212.13.249.90 Acct-Session-Id = 129464837317821 h323-conf-id = h323-conf-id=1294648373178 h323-incoming-conf-id = h323-incoming-conf-id=1294648373178 h323-call-origin = h323-call-origin=originate h323-call-type = h323-call-type=VOIP h323-setup-time = h323-setup-time=08:32:53.182 GMT Mon Jan 10 2011 Acct-Multi-Session-Id = 1294648373178 h323-connect-time = h323-connect-time=08:32:58.924 GMT Mon Jan 10 2011 h323-disconnect-time = h323-disconnect-time=08:32:58.934 GMT Mon Jan 10 2011 h323-disconnect-cause = h323-disconnect-cause=66 Acct-Status-Type = Stop Acct-Session-Time = 0 Event-Timestamp = Jan 10 2011 09:32:58 CET # Executing section preacct from file /etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] WARNING: Attribute NAS-Port was not found in request, unique ID MAY be inconsistent [acct_unique] Hashing ',Client-IP-Address = 212.13.228.58,NAS-IP-Address = 212.13.228.58,Acct-Session-Id = 129464837317821,User-Name = 081609000' [acct_unique] Acct-Unique-Session-ID = d9d5c2ea191e529f. ++[acct_unique
preprocess module
Hi all. Trying to understand and learn freeradius. For my use, I do not need the huntgroups or hints files, so I tried taking them out. I renamed the files from huntgroups to huntgroups.off, and the same for hints. I then edited module/preprocess to take out references to these two files. However, when I start up radiusd, it appears that it's STILL looking for the files. I've gone so far as doing a grep -ir huntgroup *, and every line it comes back with is commented out. Here's the debug and my modules/preprocess file: --debug start-- server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module preprocess from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = /usr/local/etc/raddb/huntgroups hints = /usr/local/etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups /usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for module preprocess /usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module preprocess. /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section. --debug end-- --preprocess start-- preprocess { with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } --preprocess end-- Anyone have any ideas on where it's getting this configuration from??? Thanks! --Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: preprocess module
It's worth mentioning that if I change ascend_channels_per_line to 32 instead of 23, that change gets recognized. --Brian -Original Message- From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org [mailto:freeradius-users-bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 4:45 PM To: freeradius-users@lists.freeradius.org Subject: preprocess module Hi all. Trying to understand and learn freeradius. For my use, I do not need the huntgroups or hints files, so I tried taking them out. I renamed the files from huntgroups to huntgroups.off, and the same for hints. I then edited module/preprocess to take out references to these two files. However, when I start up radiusd, it appears that it's STILL looking for the files. I've gone so far as doing a grep -ir huntgroup *, and every line it comes back with is commented out. Here's the debug and my modules/preprocess file: --debug start-- server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module preprocess from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = /usr/local/etc/raddb/huntgroups hints = /usr/local/etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups /usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for module preprocess /usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module preprocess. /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section. --debug end-- --preprocess start-- preprocess { with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } --preprocess end-- Anyone have any ideas on where it's getting this configuration from??? Thanks! --Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: preprocess module
Why did you remove the files? Unless they are doing something bad, leave them alone. Tim -Original Message- From: freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org [mailto:freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 1:49 PM To: FreeRadius users mailing list Subject: RE: preprocess module It's worth mentioning that if I change ascend_channels_per_line to 32 instead of 23, that change gets recognized. --Brian -Original Message- From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org [mailto:freeradius-users- bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 4:45 PM To: freeradius-users@lists.freeradius.org Subject: preprocess module Hi all. Trying to understand and learn freeradius. For my use, I do not need the huntgroups or hints files, so I tried taking them out. I renamed the files from huntgroups to huntgroups.off, and the same for hints. I then edited module/preprocess to take out references to these two files. However, when I start up radiusd, it appears that it's STILL looking for the files. I've gone so far as doing a grep - ir huntgroup *, and every line it comes back with is commented out. Here's the debug and my modules/preprocess file: --debug start-- server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module preprocess from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = /usr/local/etc/raddb/huntgroups hints = /usr/local/etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups /usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for module preprocess /usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module preprocess. /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section. --debug end-- --preprocess start-- preprocess { with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } --preprocess end-- Anyone have any ideas on where it's getting this configuration from??? Thanks! --Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: preprocess module
I removed it because it deals with cases I'll never have...ppp, slip, cslip. No, it's not doing anything bad, but it's not doing anything helpful either. You're 100% right, I can just put them back. Just trying to understand why the config file isn't doing what it's told. --Brian -Original Message- From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org [mailto:freeradius-users-bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of Tim Sylvester Sent: Monday, January 10, 2011 5:13 PM To: 'FreeRadius users mailing list' Subject: RE: preprocess module Why did you remove the files? Unless they are doing something bad, leave them alone. Tim -Original Message- From: freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org [mailto:freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 1:49 PM To: FreeRadius users mailing list Subject: RE: preprocess module It's worth mentioning that if I change ascend_channels_per_line to 32 instead of 23, that change gets recognized. --Brian -Original Message- From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org [mailto:freeradius-users- bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 4:45 PM To: freeradius-users@lists.freeradius.org Subject: preprocess module Hi all. Trying to understand and learn freeradius. For my use, I do not need the huntgroups or hints files, so I tried taking them out. I renamed the files from huntgroups to huntgroups.off, and the same for hints. I then edited module/preprocess to take out references to these two files. However, when I start up radiusd, it appears that it's STILL looking for the files. I've gone so far as doing a grep - ir huntgroup *, and every line it comes back with is commented out. Here's the debug and my modules/preprocess file: --debug start-- server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module preprocess from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = /usr/local/etc/raddb/huntgroups hints = /usr/local/etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups /usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for module preprocess /usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module preprocess. /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section. --debug end-- --preprocess start-- preprocess { with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } --preprocess end-- Anyone have any ideas on where it's getting this configuration from??? Thanks! --Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: preprocess module
FR is the most difficult easy thing ever. Generally speaking, unless you have a REALLY good understanding of how everything is tied together - don't change ANYTHING you don't absolutely NEED to. I hear what you're saying about optimizing the config and such, but it's really not worth the little overhead unless you're handling many thousands requests per second Feel free to play, just expect to do a LOT of playing before you figure it out and expect to break lots of stuff along the way! :) -Original Message- From: freeradius-users-bounces+ggatten=waddell@lists.freeradius.org [mailto:freeradius-users-bounces+ggatten=waddell@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 4:27 PM To: tim.sylves...@networkradius.com; FreeRadius users mailing list Subject: RE: preprocess module I removed it because it deals with cases I'll never have...ppp, slip, cslip. No, it's not doing anything bad, but it's not doing anything helpful either. You're 100% right, I can just put them back. Just trying to understand why the config file isn't doing what it's told. --Brian -Original Message- From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org [mailto:freeradius-users-bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of Tim Sylvester Sent: Monday, January 10, 2011 5:13 PM To: 'FreeRadius users mailing list' Subject: RE: preprocess module Why did you remove the files? Unless they are doing something bad, leave them alone. Tim -Original Message- From: freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org [mailto:freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 1:49 PM To: FreeRadius users mailing list Subject: RE: preprocess module It's worth mentioning that if I change ascend_channels_per_line to 32 instead of 23, that change gets recognized. --Brian -Original Message- From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org [mailto:freeradius-users- bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 4:45 PM To: freeradius-users@lists.freeradius.org Subject: preprocess module Hi all. Trying to understand and learn freeradius. For my use, I do not need the huntgroups or hints files, so I tried taking them out. I renamed the files from huntgroups to huntgroups.off, and the same for hints. I then edited module/preprocess to take out references to these two files. However, when I start up radiusd, it appears that it's STILL looking for the files. I've gone so far as doing a grep - ir huntgroup *, and every line it comes back with is commented out. Here's the debug and my modules/preprocess file: --debug start-- server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module preprocess from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = /usr/local/etc/raddb/huntgroups hints = /usr/local/etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups /usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for module preprocess /usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module preprocess. /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section. --debug end-- --preprocess start-- preprocess { with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } --preprocess end-- Anyone have any ideas on where it's getting this configuration from??? Thanks! --Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html font size=1 div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in' /div This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this
RE: preprocess module
Actually, the configuration files are doing what they were told. Read the debug output carefully and you will see that you removed the include statements from module/preprocess but did not change sites-enable/default. You are better off only changing what needs to be changed for your configuration. The extra stuff in the configuration does not hurt the operation or performance of the radius server. Tim -Original Message- From: McCann, Brian [mailto:bmcc...@andmore.com] Sent: Monday, January 10, 2011 2:27 PM To: tim.sylves...@networkradius.com; FreeRadius users mailing list Subject: RE: preprocess module I removed it because it deals with cases I'll never have...ppp, slip, cslip. No, it's not doing anything bad, but it's not doing anything helpful either. You're 100% right, I can just put them back. Just trying to understand why the config file isn't doing what it's told. --Brian -Original Message- From: freeradius-users-bounces+bmccann=andmore@lists.freeradius.org [mailto:freeradius-users- bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of Tim Sylvester Sent: Monday, January 10, 2011 5:13 PM To: 'FreeRadius users mailing list' Subject: RE: preprocess module Why did you remove the files? Unless they are doing something bad, leave them alone. Tim -Original Message- From: freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org [mailto:freeradius-users- bounces+tim.sylvester=networkradius@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 1:49 PM To: FreeRadius users mailing list Subject: RE: preprocess module It's worth mentioning that if I change ascend_channels_per_line to 32 instead of 23, that change gets recognized. --Brian -Original Message- From: freeradius-users- bounces+bmccann=andmore@lists.freeradius.org [mailto:freeradius-users- bounces+bmccann=andmore@lists.freeradius.org] On Behalf Of McCann, Brian Sent: Monday, January 10, 2011 4:45 PM To: freeradius-users@lists.freeradius.org Subject: preprocess module Hi all. Trying to understand and learn freeradius. For my use, I do not need the huntgroups or hints files, so I tried taking them out. I renamed the files from huntgroups to huntgroups.off, and the same for hints. I then edited module/preprocess to take out references to these two files. However, when I start up radiusd, it appears that it's STILL looking for the files. I've gone so far as doing a grep - ir huntgroup *, and every line it comes back with is commented out. Here's the debug and my modules/preprocess file: --debug start-- server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module preprocess from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = /usr/local/etc/raddb/huntgroups hints = /usr/local/etc/raddb/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } rlm_preprocess: Error reading /usr/local/etc/raddb/huntgroups /usr/local/etc/raddb/modules/preprocess[13]: Instantiation failed for module preprocess /usr/local/etc/raddb/sites-enabled/default[9]: Failed to load module preprocess. /usr/local/etc/raddb/sites-enabled/default[1]: Errors parsing authorize section. --debug end-- --preprocess start-- preprocess { with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } --preprocess end-- Anyone have any ideas on where it's getting this configuration from??? Thanks! --Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
samba 3.0.33
Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work properly in samba versions beyond 3.0.30? On samba 3.3.8 I still get the same type of error I'd get as if I didn't have the xpextensions on my cert (Even though I do.) No response to access-challenge. If I go back to 3.0.30 it immediately worksStarting to run into a problem because 3.0.30 won't work will 2008 r2 domain controllers. Again my cert does have the xpextensions. And it does this to all clients,, not just Microsoft. Here's the end of my debug: [mschap]expand: --username=%{mschap:User-Name:-None} - --username=tomtom [mschap]expand: %{mschap:NT-Domain} - ADS [mschap]expand: --domain=%{%{mschap:NT-Domain}:-ADS} - --domain=ADS [mschap] mschap2: d3 [mschap] Creating challenge hash with username: tomtom [mschap]expand: --challenge=%{mschap:Challenge:-00} - --challenge=ba19d84bdab789ef [mschap]expand: --nt-response=%{mschap:NT-Response:-00} - --nt-response=27a757e4b32c51011216ac7fff78219563fc14af067f3d05 Exec-Program output: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F Exec-Program-Wait: plaintext: NT_KEY: D988C0C63F2D4C8034172DCBEB7B317F Exec-Program: returned: 0 [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success ++[eap] returns handled } # server inner-tunnel [peap] Got tunneled reply code 11 EAP-Message = 0x010c00331a030b002e533d3133453034393739353130383137303633423342413033324339383343383832413937323736 Message-Authenticator = 0x State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed [peap] Got tunneled reply RADIUS code 11 EAP-Message = 0x010c00331a030b002e533d3133453034393739353130383137303633423342413033324339383343383832413937323736 Message-Authenticator = 0x State = 0x3f8a0cb23e86164f4ea2f66ef66aa4ed [peap] Got tunneled Access-Challenge ++[eap] returns handled Sending Access-Challenge of id 17 to 172.20.4.253 port 32769 EAP-Message = 0x010c005b19001703010050e5f53b91a3b5214c1a0f1ee21b46045f6992732a92d882e4359ed17b1dfffcb69d20d4645caa74a94ea448cd54c76c041c642d05801fa0a4f830247b30f9723884d6fbaa35f6b11398741f833bc68f08 Message-Authenticator = 0x State = 0xedeb59b2eae740f09f949186981dc8bc Finished request 10. Going to the next request Waking up in 4.7 seconds. Cleaning up request 3 ID 10 with timestamp +11 Cleaning up request 4 ID 11 with timestamp +11 Cleaning up request 5 ID 12 with timestamp +11 Cleaning up request 6 ID 13 with timestamp +11 Cleaning up request 7 ID 14 with timestamp +11 Cleaning up request 8 ID 15 with timestamp +11 Waking up in 0.1 seconds. Cleaning up request 9 ID 16 with timestamp +11 Cleaning up request 10 ID 17 with timestamp +11 WARNING: !! WARNING: !! EAP session for state 0xedeb59b2eae740f0 did not finish! WARNING: !! Please read http://wiki.freeradius.org/Certificate_Compatibility WARNING: !! Thomas E. Casartello, Jr. Staff Assistant - Wireless/Linux Administrator Information Technology Wilson 105A Westfield State College (413) 572-8245 Red Hat Certified Technician (RHCT) Cisco Certified Network Associate (CCNA) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unable to get FreeRADIUS working with MySQL
Hi, I am running FreeRADIUS Version 1.1.3, for host x86_64-redhat-linux-gnu (from the CentOS repositories) and am having problem getting it working with MySQL. The specific error message that I am seeing is: ... rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type System auth: type System ERROR: Unknown value specified for Auth-Type. Cannot perform requested action. auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request ... After testing with the following command: /usr/bin/radtest test_user password 127.0.0.1 1812 sharedsecret It seems like the sql module is set up correctly, because the authorize section returns ok. However, the authentication section does not check the database, but rather uses the DEFAULT user, which has 'Auth-Type' set to 'System'. This returns an error and the request is rejected. How do I get 'rad_check_password' to check the database instead of the looking at the system users? Is there an 'Auth-Type' of 'SQL' which I could use? Thank you Stephen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: samba 3.0.33
On 01/11/2011 02:11 AM, Casartello, Thomas wrote: Has anyone gotten freeradius EAP-MSCHAPV2 authentication to work properly in samba versions beyond 3.0.30? On samba 3.3.8 I still get the Yes. We run the samba3x RHEL RPM, which is a version of 3.3.8 with patches. The specific fix you need is: https://bugzilla.samba.org/show_bug.cgi?id=7568 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unable to get FreeRADIUS working with MySQL
On 01/11/2011 02:54 AM, Stephen Tyers wrote: Hi, I am running FreeRADIUS Version 1.1.3, Upgrade to an newer, supported version of the server. Start with the default configs and a test user in /etc/raddb/users: username Cleartext-Password := password See that this works, move the info into SQL, continue from there making one change at a time and keeping a history of your configs so you can go back when something breaks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: preprocess module
On 01/10/2011 09:45 PM, McCann, Brian wrote: Hi all. Trying to understand and learn freeradius. For my use, I do not need the huntgroups or hints files, so I tried taking them out. I renamed the files from huntgroups to huntgroups.off, and the same for hints. I then edited module/preprocess to take out references to these two files. However, when I start up radiusd, it appears that it's STILL looking for the files. I've gone so far as doing a grep -ir huntgroup *, and every line it comes back with is commented out. Here's the debug and my modules/preprocess file: --debug start-- server { # from file /usr/local/etc/raddb/radiusd.conf modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module preprocess from file /usr/local/etc/raddb/modules/preprocess preprocess { huntgroups = /usr/local/etc/raddb/huntgroups hints = /usr/local/etc/raddb/hints These defaults are compiled into the module: static const CONF_PARSER module_config[] = { { huntgroups, PW_TYPE_FILENAME, offsetof(rlm_preprocess_t,huntgroup_file), NULL, ${raddbdir}/huntgroups }, By commenting out the entry, the defaults are used. If you want the module to not process the files, either: 1. set the filenames to i.e. empty string 2. empty the files (better) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unable to get FreeRADIUS working with MySQL
On Tue, Jan 11, 2011 at 2:20 PM, Phil Mayers p.may...@imperial.ac.uk wrote: On 01/11/2011 02:54 AM, Stephen Tyers wrote: Hi, I am running FreeRADIUS Version 1.1.3, Upgrade to an newer, supported version of the server. RHEL/Centos5 has freereadius2 in its repo. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html