NAS-IP-Address or NAS-Identifier in Access-Request?
Does anyone happen to know if consumer-level Wi-Fi routers typically transmit the NAS-IP-Address or NAS-Identifier (or maybe both) in the Access-Request? Would be great if there was a central place to look up the exact attributes and formats vendors use. Thanks, Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cant Start Radius Server MAC OSX (snow leopard)
DavidS wrote: > /private/etc/raddb/users[220]: Parse error (check) for entry Service-Type: > Invalid octet string "NAS-Prompt-User??? " for attribute name "" > Errors reading /private/etc/raddb/users > /private/etc/raddb/modules/files[7]: Instantiation failed for module "files" > /private/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module > "files". > /private/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize > section. > } > } > > > Any thoughts? $ man users Read the documentation. You've typed random text into the "users" file. This won't work. The format of the users file is documented in the "man" page, in the comments at the top of the file *you edited*, and in the examples in that file. Follow the examples. They work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to setup freeradius for cisco url-redirect?
hi all, how to setup url-redirect with cisco 3550? I tried it with: EAP-MD5,cisco 3550,freeradius 2.1.11, but failed; my users: testuser Cleartext-Password := "testuser" cisco-avpair = "url-redirect=http://10.32.9.41";, cisco-avpair += "url-redirect-acl=redirect_acl" thanks- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Declare a time availability of NASs?
Is there any way to declare a time availability of NASs.such as a Login-Time attribute for NASs? I'd like to globally control when (time of day, time of week) all users can login through a certain wireless access point on my 802.1X network. Thanks, Eric - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cant Start Radius Server MAC OSX (snow leopard)
Thanks Jake Sallee "Hmmm … are you sure you are root?" Despite seeming to me unlikely you were right - (i still hate logging in as root but it was necessary) Thanks Arran Cudbard-Bell "You can sudo to root... sudo -s to get a root shell" thanks for got that. From a bash prompt the output is much better but ends in /private/etc/raddb/users[220]: Parse error (check) for entry Service-Type: Invalid octet string "NAS-Prompt-User??? " for attribute name "" Errors reading /private/etc/raddb/users /private/etc/raddb/modules/files[7]: Instantiation failed for module "files" /private/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module "files". /private/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize section. } } Any thoughts? THANKS AGAIN! -- View this message in context: http://freeradius.1045715.n5.nabble.com/Cant-Start-Radius-Server-MAC-OSX-snow-leopard-tp4699245p4703174.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cant Start Radius Server MAC OSX (snow leopard)
Thanks Alan Buxey and Marius Pesé - definite progress!! Alan - I think you were right to include the " " around the "NAS-Prompt-User” it was not there in my version download from the internet And you were both right about the type of quotation marks “webvpn:user-vpn-group=SLRgroup1” vs "webvpn:user-vpn-group=SLRgroup1" Once I corrected the entry in this way all of the Radius log entries disappeared !!! (Which i assume is a good thing) Again I think this is a big step forwards THANK YOU (and to other for their thoughts) I have not got further in testing but I note that Debugging even after the corrections still says the same regarding the reading of config files server10:~ admin$ radiusd -X FreeRADIUS Version 2.1.3, for host i386-apple-darwin10.0, built on Apr 11 2011 at 17:19:07 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /private/etc/raddb/radiusd.conf Unable to open file "/private/etc/raddb/radiusd.conf": Permission denied Errors reading /private/etc/raddb/radiusd.conf -- View this message in context: http://freeradius.1045715.n5.nabble.com/Cant-Start-Radius-Server-MAC-OSX-snow-leopard-tp4699245p4703138.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius2 Accounting secret
Adrian Hall wrote: > Where do I set the shared secret in freeradius2 config for the > accounting side? By default, the client definitions are global across all socket types. If you want to define different clients for auth/acct, see the "clients" entry in the "listen" section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
Raymond Norton wrote: > Do you mean just enable the module? The module itself says: And then list it in the "authorize" section. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
On Mac OS X Server, configure the "opendirectory" module.
Do you mean just enable the module? The module itself says:
# This module is only used when the server is running on the same
# system as OpenDirectory. The configuration of the module is hard-coded
# by Apple, and cannot be changed here.
#
# There are no configuration entries for this module.
#
opendirectory {
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need help authenticating local users on Apple server
Raymond Norton wrote: > Just installed v 2.1.11 on a mac (OSX 6.3) . Freeradius is working with > clear text passwords and radtest. According to the wiki, I should be > able to authenticate local users accounts without changing anything on > the config. No, it doesn't do that any more. > That's the way I understood it anyway. However, I am > getting "Access-Reject" errors when using local credentials. What > documentation specifically addresses authenticating local users? On Mac OS X Server, configure the "opendirectory" module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need help authenticating local users on Apple server
Just installed v 2.1.11 on a mac (OSX 6.3) . Freeradius is working with clear text passwords and radtest. According to the wiki, I should be able to authenticate local users accounts without changing anything on the config. That's the way I understood it anyway. However, I am getting "Access-Reject" errors when using local credentials. What documentation specifically addresses authenticating local users? Raymond - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using a single row in radreply
On Mon, Aug 15, 2011 at 9:35 PM, denizaydin wrote: > Hi, > > I am new to FreeRadius and trying to migrate from radiator to FreeRadius for > our broadband solution. > > We are using SQL for subscriber aaa. As It'is stated in the documentation > radreply is expecting the return data in form of multiple rows per users > which each one includes one attribute, value and Operator if any reply > attributes is defined for that users. > > The problem is our database is composed of one row per subscriber which > includes multiple reply attributes. > > Like ; > Username iproute inacl outacl > test X Y Z > > But accourding to documentation it should be Like; > > Username Attribute Value Op > test iproute X := > test inacl Y := > test outacl Z := > > how can I change the behavior of the radreply , or is there any other > solution to this. Three options, none of them are "easy": (1) create a new schema, import the data to the new schema and make it freeradius-style. I'm guessing you don't want this. (2) edit FR source code. Not recommended (even assuming that it can be done), as your schema prevents adding other attributes (3) edit the sql query, so that the output becomes what FR expects it to be. You could make use of UNION and possibly stored procedure. Option (3) is probably easiest, assuming you can find someone with enough sql knowledge to help you :) -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Using a single row in radreply
Hi, I am new to FreeRadius and trying to migrate from radiator to FreeRadius for our broadband solution. We are using SQL for subscriber aaa. As It'is stated in the documentation radreply is expecting the return data in form of multiple rows per users which each one includes one attribute, value and Operator if any reply attributes is defined for that users. The problem is our database is composed of one row per subscriber which includes multiple reply attributes. Like ; Username iproute inacl outacl test X Y Z But accourding to documentation it should be Like; Username Attribute Value Op test iprouteX := test inacl Y := test outacl Z := how can I change the behavior of the radreply , or is there any other solution to this. - Deniz AYDIN Senior Network Engineer -- View this message in context: http://freeradius.1045715.n5.nabble.com/Using-a-single-row-in-radreply-tp4701196p4701196.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Clients and ldap threads?
Peter Lambrechtsen wrote: > No arguments here with that... I'll have a read through the RFC's and > escalate to our hardware vendor.. But I don't like my chances :( If they don't follow the RFCs, then all bets are off. Who the heck are these people? > Is there any limit on the file size of the clients.conf and how many > entries? or it will just take as long as it will take and get re-read > each time I HUP the server. I've tested 2.x with 500K clients. It took ~8s to start the server, and the server used ~2G of RAM. But it worked. You could also try using the "dynamic_clients" module. Put the clients into a subdirectory instead of LDAP. That will solve the LDAP load problem. > Many thanks for your insightful answers Alan :) It's what I do... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.7 PEAP mschapv2 invalid parameter
Hi,
> > The problem persists with quoted username (it's Administrator in UTF-8
> > in russian and it looks correct in logs):
>
> Does it work when you run that exact command from the command line?
>
> The error being returned is coming from ntlm_auth. My guess is that
> it's not UTF-8 compatible.
try this ...wrapping the system so it translates
in a higher-priority dirctory, make a new ntlm_auth file:
#!/bin/sh
exec /usr/bin/ntlm_auth | /usr/local/bin/iconverted
and then make the iconverted file:
#!/usr/bin/perl -w
use strict;
use Text::Iconv;
my $conv = Text::Iconv->new("utf-8", "windows-1252");
local $| = 1;
while (<>) {
print $conv->convert($_);
}
of course, you have to have Text:Iconv PERL library installed..and PERL.
but this should pipe things through the conversion to windows 1252 character
set (this i guessing that ntlm_auth has issues.or that the remote
windows server does!)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.7 PEAP mschapv2 invalid parameter
> > Does it work when you run that exact command from the command line? > Yes. It returns NT_KEY. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxying based on a regex (now with more questions)
Jacob Dawson wrote:
> So, according to the docs in proxy.conf and Arran's comment here, the regex
> stuff should work fine…but in 2.1.11, we're not seeing that behavior. Right
> now, requests are only getting proxied properly if it's an exact match on the
> realm name ( realm "hokies" { or realm "w2k.vt.edu" { ), whereas the regex
> realm syntax doesn't seem to be working at all ( realm "~hokies" { or realm
> "~.*w2k\\.vt\\.edu" { aren't matched).
Regex matching works for me...
What does debug mode say?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to refer to default virual server via dynamic clients sql lookup
Hi,
> 2 things doesn't fit. secret and FreeRADIUS-Client-Virtual-Server =
> "something"
umm, yes, its an example to work from. you either use the default
static entries in update control - in which case you need to modify
the secret and server - after all, WE dont know what your NAS shared
secret or virtual-server is going to be called(!) OR you use the
SQL version - edited as required too.
> >> No such virtual server ""
> >> } # server
did you GIVE your default server a name? dont. if you just leave it
as supplied, it will be used. if you edit it and put eg
server default {
blah blah
}
then it gets a name...and will therefore not be used if SQL is not a set value.
however, best practice says dont use unknowns in the SQL table - eg ensure
that the
default value for that column is not NULL (which is will be) but is eg
'default' instead.
and name all your virtual servers :-)
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius 2.1.7 PEAP mschapv2 invalid parameter
Eugene Vihman wrote: > The problem persists with quoted username (it's Administrator in UTF-8 > in russian and it looks correct in logs): Does it work when you run that exact command from the command line? The error being returned is coming from ntlm_auth. My guess is that it's not UTF-8 compatible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to refer to default virual server via dynamic clients sql lookup
Łukasz Kostka wrote: > thx for your reply. any idea when 2.1.12 will be available ? Hopefully before september. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cant Start Radius Server MAC OSX (snow leopard)
On 15 Aug 2011, at 06:31, Doug Hardie wrote: > The root user in OS-X is not easily accessible. Its there, just like in > FreeBSD, but you can't login or su to it normally. You can sudo to root... sudo -s to get a root shell. -Arran > > > On 14 August 2011, at 20:11, Sallee, Stephen (Jake) wrote: > >> Hmmm … are you sure you are root? I am not a MAC guy, but I do know that >> MACs are based off Linux (technically FreeBSD with some Steve Jobs magic on >> top, but who REALLY makes that distinction any more : ). That being the >> case root SHOULD have access to everything, so if as root you are being >> denied access to a file then either the file has become locked somehow (but >> Linux is not supposed to care about that) or you are not REALLY root. Your >> user may be root but it could be missing some privileges that another system >> user has. I have been using Fedora, Ubuntu, CentOS, etc for several years >> and have NEVER had a file deny root access. Root is the holy smack down you >> lay on a file when you want to fiddle with it no-matter-what, file >> permissions be d@mn3d! >> >> Then again, as I said, I am not a MAC guy so Apple could have done something >> special. Perhaps another MAC user here can say… >> >> Jake Sallee >> Godfather of Bandwidth >> System Engineer >> University of Mary Hardin-Baylor >> 900 College St. >> Belton, Texas >> 76513 >> Fone: 254-295-4658 >> Phax: 254-295-4221 >> >> From: freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org >> [mailto:freeradius-users-bounces+jake.sallee=umhb@lists.freeradius.org] >> On Behalf Of Elizabeth Fife >> Sent: Sunday, August 14, 2011 7:02 PM >> To: freeradius-users@lists.freeradius.org >> Subject: RE: Cant Start Radius Server MAC OSX (snow leopard) >> >> Hi Jack >> I am root user >> >> Server Radius Logs Say >> >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql (sql): Driver rlm_sql_sqlite >> (module rlm_sql_sqlite) loaded and linked >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql (sql): Attempting to connect to >> radius@localhost:/radius >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: Opening sqlite database >> /private/etc/raddb/sqlite_radius_client_database for #0 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: sqlite3_open() = 0 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: Opening sqlite database >> /private/etc/raddb/sqlite_radius_client_database for #1 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: sqlite3_open() = 0 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: Opening sqlite database >> /private/etc/raddb/sqlite_radius_client_database for #2 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: sqlite3_open() = 0 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: Opening sqlite database >> /private/etc/raddb/sqlite_radius_client_database for #3 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: sqlite3_open() = 0 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: Opening sqlite database >> /private/etc/raddb/sqlite_radius_client_database for #4 >> Sun Aug 14 16:59:56 2011 : Info: rlm_sql_sqlite: sqlite3_open() = 0 >> Sun Aug 14 16:59:56 2011 : Error: /private/etc/raddb/users[215]: Parse error >> (check) for entry Service-Type: Invalid octet string "NAS-Prompt-User" for >> attribute name "" >> Sun Aug 14 16:59:56 2011 : Error: Errors reading /private/etc/raddb/users >> Sun Aug 14 16:59:56 2011 : Error: /private/etc/raddb/modules/files[7]: >> Instantiation failed for module "files" >> Sun Aug 14 16:59:56 2011 : Error: >> /private/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module >> "files". >> Sun Aug 14 16:59:56 2011 : Error: >> /private/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize >> section. >> Sun Aug 14 16:59:56 2011 : Error: Errors initializing modules >> >> >> radiusd -x says >> >> server10:~ admin$ radiusd -X >> FreeRADIUS Version 2.1.3, for host i386-apple-darwin10.0, built on Apr 11 >> 2011 at 17:19:07 >> Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. >> There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A >> PARTICULAR PURPOSE. >> You may redistribute copies of FreeRADIUS under the terms of the >> GNU General Public License v2. >> Starting - reading configuration files ... >> including configuration file /private/etc/raddb/radiusd.conf >> Unable to open file "/private/etc/raddb/radiusd.conf": Permission denied >> Errors reading /private/etc/raddb/radiusd.conf >> >> DOes that help? >> >> >> >> >>> To: freeradius-users@lists.freeradius.org >> >>> Subject: RE: Cant Start Radius Server MAC OSX (snow leopard) >>> Date: Sun, 14 Aug 2011 22:56:13 + >>> >>> As what user are you attempting to start FreeRADIUS? Most times FR is run >>> as a daemon, so any user that tries to run FR should have permissions to >>> look at FR's files, most time this is root or some other super user. What >>> does radiusd -X say? >>> >>> Jake Sallee >>> Godfather of Bandwi
RE: Cant Start Radius Server MAC OSX (snow leopard)
Hi Alan, David Looks like the type of quote used just might be the issue... “password” is pretty in MS Word, but UNIX prefers "password" Kind regards Marius Pesé Mindspring Computing -Original Message- From: freeradius-users-bounces+marius=mindspring.co...@lists.freeradius.org [mailto:freeradius-users-bounces+marius=mindspring.co...@lists.freeradius.org] On Behalf Of Alan Buxey Sent: Monday, August 15, 2011 10:12 AM To: FreeRadius users mailing list Subject: Re: Cant Start Radius Server MAC OSX (snow leopard) Hi, > Starting - reading configuration files ... > including configuration file /private/etc/raddb/radiusd.conf > Unable to open file "/private/etc/raddb/radiusd.conf": Permission denied > Errors reading /private/etc/raddb/radiusd.conf sometimes its not permissions, but the code reading the configurations files encounters an error - eg when reading radiusd.conf - which pulls in all the files, and the error lies there.. > CHANGES I MADE PRIOR TO GETTING THIS ERROR exactly > Using textwrangler I edited /etc/raddb/users yes. > user1 Cleartext-Password := “password” > Service-Type = NAS-Prompt-User, > cisco-avpair = “webvpn:user-vpn-group=SLRgroup1” ...and then you saw the errors in the debug log regarding this entry - this entry is wrong (or the server cannot read it due to incorrect. maybe user1 Cleartext-Password := “password” Service-Type = "NAS-Prompt-User", cisco-avpair = “webvpn:user-vpn-group=SLRgroup1” ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Questions about status counters
Hi Alan, > The values are taken from the SNMP MIBs for RADIUS. See doc/rfc/ Thanks, that'll do. > You don't need to restart the server to update clients. See > raddb/sites-available/dynamic-clients, and raddb/modules/dynamic_clients I will, thanks for the pointer. > Wait a bit for 2.1.12. I plan to follow all updates by hand, I just need to put together some build infrastructure behind it, Centos 5 ships really old stuff unfortunately. > Alan DeKok. Thanks, tamas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Questions about status counters
Hi, Thanks, this is indeed interesting. Cheers, tamas -Original Message- From: freeradius-users-bounces+tamas.becz=ericsson@lists.freeradius.org [mailto:freeradius-users-bounces+tamas.becz=ericsson@lists.freeradius.org] On Behalf Of Arran Cudbard-Bell Sent: Friday, August 12, 2011 3:14 PM To: FreeRadius users mailing list Subject: Re: Questions about status counters Here might be a start... https://github.com/alandekok/freeradius-server/tree/master/scripts/snmp-proxy -Arran On 12 Aug 2011, at 14:54, Tamás Becz wrote: > Hi, > > I'm trying to collect some statistics about my freeradius servers with > nagios. Before I've been doing this with some perl code digging through the > logs, and doing stats (plus generating gnuplot graphs out etc) but I'd rather > have something more flexible, so I tought I'd put together some small script > for nagios that can query those stats more flexible. Basically I just want to > see successful and unsuccesful logins, maybe home server deads and alives, > nothing really fancy. We are actually just proxying requests so I just need > to see the ammount of logins through us, and the "health" of the service (we > have had trouble with the party doing the real authentication, and high > faliure rate is a good sign I can look for). > > I can set up the status server all right, but I'm a bit stuck with how to > interpret the things I get. I've been through some searching of docs, wiki > and mans, but couldn't get a pointer. > > 1) Is there some documentation on the values I got there? I of course > see dictionary.freeradius, and the names are pretty self-explanatory, > but we all know devil is in the details :) > > 2) If I understand well, then these counters are simply monotonously > increasing values. I can live with that of course, and do the math. I just > like to see if my assumption is correct. > > 3) Also, I see that if the server is restarted, the values are reset to 0. > Can freeradius be told not to do this, but retain the values? Currently we do > restarts on a regular basis now and then, to update a clients.conf file. I > suppose I more or less could handle this, but at least would lose the stats > that happened after the last check, but before the restart. > > 4) I'm I looking at the good direction at all, or should I rather start > reading up how accounting works or something else? > > Really, I'm good with and RTFM as long as you could point me to where > to look :) > > (Oh, I'm using 2.1.10, but plan to update to 2.1.11 in the near future). > > Thanks! > > tamas > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cant Start Radius Server MAC OSX (snow leopard)
Hi, > Starting - reading configuration files ... > including configuration file /private/etc/raddb/radiusd.conf > Unable to open file "/private/etc/raddb/radiusd.conf": Permission denied > Errors reading /private/etc/raddb/radiusd.conf sometimes its not permissions, but the code reading the configurations files encounters an error - eg when reading radiusd.conf - which pulls in all the files, and the error lies there.. > CHANGES I MADE PRIOR TO GETTING THIS ERROR exactly > Using textwrangler I edited /etc/raddb/users yes. > user1 Cleartext-Password := “password” > Service-Type = NAS-Prompt-User, > cisco-avpair = “webvpn:user-vpn-group=SLRgroup1” ...and then you saw the errors in the debug log regarding this entry - this entry is wrong (or the server cannot read it due to incorrect. maybe user1 Cleartext-Password := “password” Service-Type = "NAS-Prompt-User", cisco-avpair = “webvpn:user-vpn-group=SLRgroup1” ? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius2 Accounting secret
Hello, I have configured Freeradius2 with MySQL and also setup DaloRadius. I am using it to authenticate PPPoE requests from a Pfsense firewall box. I have set the shared secret for the Authentication side of things, however I keep getting the following error: Received Accounting-Request packet from client with invalid signature! (Shared secret is incorrect.) Dropping packet without response. Where do I set the shared secret in freeradius2 config for the accounting side? thanks, Regards, Adrian Hall. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cant Start Radius Server MAC OSX (snow leopard)
I really appreciate your thoughts - it seems to me whatever I am admin or root this surely cant be a normal output for debugging. Does it seem likely that you would have to activate a root user level on a mac to run a Radius server? Have others had to do that that you know of? Without root I think I may have made some progress. What I was trying to do was add the following to the file "users" user1 Cleartext-Password := “password” Service-Type = NAS-Prompt-User, cisco-avpair = “webvpn:user-vpn-group=SLRgroup1” Afterwards the Radius logs shows Sun Aug 14 23:46:52 2011 : Error: /private/etc/raddb/users[221]: Parse error (reply) for entry user1: Expected end of line or comma Sun Aug 14 23:46:52 2011 : Error: Errors reading /private/etc/raddb/users Sun Aug 14 23:46:52 2011 : Error: /private/etc/raddb/modules/files[7]: Instantiation failed for module "files" Sun Aug 14 23:46:52 2011 : Error: /private/etc/raddb/sites-enabled/inner-tunnel[111]: Failed to find module "files". Sun Aug 14 23:46:52 2011 : Error: /private/etc/raddb/sites-enabled/inner-tunnel[34]: Errors parsing authorize section. Sun Aug 14 23:46:52 2011 : Error: Errors initializing modules And debuging shows server10:~ admin$ radiusd -X FreeRADIUS Version 2.1.3, for host i386-apple-darwin10.0, built on Apr 11 2011 at 17:19:07 Copyright (C) 1999-2008 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /private/etc/raddb/radiusd.conf Unable to open file "/private/etc/raddb/radiusd.conf": Permission denied Errors reading /private/etc/raddb/radiusd.conf server10:~ admin$ If i take the entry I made out of the users file, the log files show NO errors (the last log line after starting the radius server is) Sun Aug 14 17:48:29 2011 : Info: Ready to process requests. BUT With OR Without my entry to "users" debugging shows the same output (as above) Please help Thanks PS for the mac users who need it in terminal window type: sudo passwd root Enter Password: Changing password for root New password: Verify password: NOTE Setting the root password also enables root login at the same time. I recommend you don't use the root account unless you have to. When I put it back in the Radius logs show -- View this message in context: http://freeradius.1045715.n5.nabble.com/Cant-Start-Radius-Server-MAC-OSX-snow-leopard-tp4699245p4700096.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
