Wireless EAP-TLS Login from Notebook with User and PASSWORD
Hey there, I’ve setup a freeradius Server and am using EAP-TLS, and would need some help from you. The users file contains the username and the password beeing allowed to connect after TLS Connection has been established, and this is working on an android phone with no problems so far. One can setup the -CA Cert -User Cert -Login Name and -Password But I dont’t have an option to enter a password when I try to connect from the notebook, running Windows7. Is there an add on tool one can use to deliver the password as well, or do I have to drop the user-pass auth from ttls completely? FR is V2 EAP is set to allow TLS only Users file contains cleartext passwort auth (used from ttls, which has been used before) Thanks in advance and best regards Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wireless EAP-TLS Login from Notebook with User and PASSWORD
On 11/07/2012 08:33 AM, sierramailp...@gmx.de wrote: Hey there, I’ve setup a freeradius Server and am using EAP-TLS, and would need some help from you. The users file contains the username and the password beeing allowed to connect after TLS Connection has been established, and this is working on an android phone with no problems so far. One can setup the -CA Cert -User Cert -Login Name and -Password But I dont’t have an option to enter a password when I try to connect from the notebook, running Windows7. EAP-TLS doesn't *use* a username/password. Just the client cert. If you want passwords, you want PEAP or TTLS. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Coa problem
Hello,
I have a problem with originate-coa
I want to send coa to mikrotik to change bandwith
But if I do that I get the folowing error:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Aborted (core dumped)
I'm using freeradius version 3.0 (I have tried it with radius version 2.1.10,
error was slightly different go a segmentation fault)
here is the code within sites-enables/default
update coa {
User-Name = %{User-Name}
Acct-Session-Id = %{Acct-Session-Id}
NAS-IP-Address = %{NAS-IP-Address}
Framed-IP-Address = %{Framed-IP-Address}
Mikrotik-Rate-Limit = 256K/256K
}
This is send from accounting {
I put originate-coa in the sites-enabled
and I have made the folowing config:
home_server mikrotik-test-coa {
type = coa
#
# Note that a home server of type coa MUST be a real NAS,
# with an ipaddr or ipv6addr. It CANNOT point to a virtual
# server.
#
ipaddr = 192.168.8.97
port = 3799
# This secret SHOULD NOT be the same as the shared
# secret in a client section.
secret = same as in clients.conf, because in the NAS it is the same
# CoA specific parameters. See raddb/proxy.conf for details.
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
server originate-coa.mikrotik {
pre-proxy {
#update proxy-request {
#NAS-IP-Address = 127.0.0.1
#}
ok
}
#
# Handle the responses here.
#
post-proxy {
switch %{proxy-reply:Packet-Type} {
case CoA-ACK {
ok
}
case CoA-NAK {
# the NAS didn't like the CoA request
ok
}
case Disconnect-ACK {
ok
}
case Disconnect-NAK {
# the NAS didn't like the Disconnect request
ok
}
# Invalid packet type. This shouldn't happen.
case {
fail
}
}
#
# These methods are run when there is NO response
# to the request.
#
Post-Proxy-Type Fail-CoA {
ok
}
Post-Proxy-Type Fail-Disconnect {
ok
}
}
}
I have tried many many different settings in originate-coa
when I use radclient I can send a coa with succes.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM authentication failed
Didn't you make another fix afterward regarding AT_IDENTITY (commit cfd61d24b99022eb613054bbf7e0da4fa3af1bde)? Not the patch from Microsoft. I know I have to patch the 2.2.0 source in our RPMs with this commit otherwise it fails ;) On 2012-11-06, at 10:15 AM, Alan DeKok wrote: Phil Mayers wrote: Was that after 2.2.0 was released? No, before. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
On 7 Nov 2012, at 11:25, Mixmasterontour PureDJ mixmasteront...@hotmail.com
wrote:
Hello,
I have a problem with originate-coa
I want to send coa to mikrotik to change bandwith
But if I do that I get the folowing error:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Aborted (core dumped)
Can haz backtrace plz? Or that core dump file if you know where it went...
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No EAP Start, assuming it's an on-going EAP conversation
Maybe is that Samba bug?
The one that makes it apparently work:
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
but the client refuses to go on?
I can't search the archive right now, but I think it would be useful to
know the Samba version.
2012/11/7 Matthew Newton m...@leicester.ac.uk
On Tue, Nov 06, 2012 at 10:59:45PM -, dvmp wrote:
[mschap]expand: --nt-response=%{mschap:NT-Response:-00} -
--nt-response=3213a667f5405fe084a9e7291e326e0f0c68ce28482c998a
Exec-Program output: NT_KEY: 56F8FF72C1E6DB98E25A86F7E98A3C53
Exec-Program-Wait: plaintext: NT_KEY: 56F8FF72C1E6DB98E25A86F7E98A3C53
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
OK, mschap seems to succeed.
} # server inner-tunnel
[peap] Got tunneled reply code 11
...
[peap] Got tunneled Access-Challenge
++[eap] returns handled
Sending Access-Challenge of id 173 to ip_AP_cisco port 1645
EAP-Message =
0x0109005b190017030100505317a8177c77666155012c3211bf6b1c09ef17d29e1bb1fdcf91
ae82bf7dc5baae0e670350b67151aefb6bc5e1f18861cd55c6cdb04a829d8d59349be4ae0f68
a1ccd3f6714ea7a663b7c98ff3904cf9
Message-Authenticator = 0x
State = 0x2bebcbfd2de2d2392b8b84ab35544cf2
Finished request 386.
Going to the next request
Waking up in 4.9 seconds.
Client is sent the access challenge for the user's device with the mschap
success.
rad_recv: Access-Request packet from host ip_AP_cisco port 1645, id=174,
length=167
User-Name = DOMAIN\\userADaccount
Framed-MTU = 1400
Called-Station-Id = 003a.994b.fd40
Calling-Station-Id = e02a.8255.86ba
Service-Type = Login-User
Message-Authenticator = 0xbfbafd91f0c8db0b664454958ff46920
EAP-Message =
0x020200190153554d4f4c434f4d50414c5c5343313031383536
User's device sends back an EAP Identity
[eap] EAP packet type response id 2 length 25
[eap] No EAP Start, assuming it's an on-going EAP conversation
Which is why this isn't picked up as part of the previous PEAP
conversation, so the client isn't sent an Access-Accept
...
Exec-Program: returned: 0
[mschap] adding MS-CHAPv2 MPPE keys
++[mschap] returns ok
MSCHAP Success
++[eap] returns handled
} # server inner-tunnel
...
++[eap] returns handled
Sending Access-Challenge of id 180 to ip_AP_cisco port 1645
EAP-Message =
0x0109005b190017030100502f79f75d930239412dc6c2abfbbed6c6930ef8ed21bedee2d972
9a2a1c987a285ddfd23ef4379fa1e6bf44ffa1eb1d08f8a24c50606ba462b9cbdf8c68923e52
72a032112af4c2f1af939b470d00b30b
Message-Authenticator = 0x
State = 0xf9273f5cff2e268144e0f611590a6390
Finished request 393.
Going to the next request
Waking up in 2.4 seconds.
...
repeat of last time.
The client has given up (that much is certain), so check EAP logs
on the client. If it's Windows, you probably don't stand much of a
chance of getting much useful (easy to read) logs. Check things
like certificates expiring (but it doesn't sound like this).
But first I'd restart winbind and see if it all works again. Then
check your domain join (net ads testjoin or similar). I've seen
similar before when everything individually worked OK, but the
clients didn't like something that was sent back. [0] I think
something has broken with the domain join, or winbind - it isn't
at all obvious, but the client doesn't like it. You could also try
re-joining the server to the domain.
Oh, and you want to upgrade FreeRADIUS to 2.2.0; there's a
security vulnerability in anything older.
Cheers
Matthew
[0]
http://notes.asd.me.uk/2011/01/11/freeradius-and-ntlm_auth-reminder-from-a-silent-failure/
--
Matthew Newton, Ph.D. m...@le.ac.uk
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Alberto Martínez Setién
Servicio Informático
Universidad de Deusto
Avda. de las Universidades, 24
48007 - Bilbao (SPAIN)
Phone: +34 - 94 413 90 00 Ext 2684
Fax:+34 - 94 413 91 01
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-SIM authentication failed
Hi guys,
Thanks for your help.
After reading your suggestions, i installed a new version of FreeRADIUS
(FreeRADIUS 2.2.1).
I haven't worked with the the patch yet (i'm going to do that later) but, just
to show what i got with the new version 2.2.1 and changing the content of the
simtriplets.dat
1. case : simtriplets.dat looks like following (imsi,rand,sres,kc) (3 different
rand...)
19017653,0123456789abcdef0123456789abcdef,0227bc86,44168f1de9259000
19017653,0123456789abcdef0123456789abcde0,725bb218,25903c082654b400
19017653,0123456789abcdef0123456789abcd18,ed404256,bc871da6ae8edc00
19017653,0123456789abcdef0123456789abcd88,6695bd6e,58788a55e9052000
i got the same failure than before: after sending the 2nd access challenge, the
server is waiting for the 3rd access request and doesn't get anything --
authentication failed
.
.
.
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.10.212 port 38803, id=29,
length=238
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = 19017653
NAS-Port-Id = ap_hotspot
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = 822e
Acct-Multi-Session-Id =
00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E
Calling-Station-Id = A8-7E-33-3E-9C-5B
Called-Station-Id = 00-0C-42-64-41-9D:YANN
EAP-Message = 0x020100150131393031373030303030303030363533
Message-Authenticator = 0xcf4e5f6429686cc260b16bd23d82489f
NAS-Identifier = MT_Yann
NAS-IP-Address = 192.168.10.212
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = 19017653, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 1 length 21
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type sim
[eap] Underlying EAP-Type set EAP ID to 108
++[eap] returns handled
Sending Access-Challenge of id 29 to 192.168.10.212 port 38803
EAP-Message = 0x016c0014120a0f020002000111010100
Message-Authenticator = 0x
State = 0x870e2a6987623891aa6e49c2b1bcc9b6
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 192.168.10.212 port 50478, id=30,
length=287
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = 19017653
State = 0x870e2a6987623891aa6e49c2b1bcc9b6
NAS-Port-Id = ap_hotspot
NAS-Port-Type = Wireless-802.11
Acct-Session-Id = 822e
Acct-Multi-Session-Id =
00-0C-42-64-41-9D-A8-7E-33-3E-9C-5B-82-20-00-00-00-00-00-0E
Calling-Station-Id = A8-7E-33-3E-9C-5B
Called-Station-Id = 00-0C-42-64-41-9D:YANN
EAP-Message =
0x026c0034120a0705c27cfb1cfa7a257c9c89796e49bca230100100010e05001031393031373030303030303030363533
Message-Authenticator = 0xc691af8b618d9da88f9e289557530f6f
NAS-Identifier = MT_Yann
NAS-IP-Address = 192.168.10.212
# Executing section authorize from file /etc/freeradius/sites-enabled/default
+- entering group authorize {...}
rlm_sim_files: authorized user/imsi 19017653
rlm_sim_files: Adding EAP-Type: eap-sim
++[sim_files] returns ok
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
[suffix] No '@' in User-Name = 19017653, looking up realm NULL
[suffix] No such realm NULL
++[suffix] returns noop
[eap] EAP packet type response id 108 length 52
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No known good password found for the user. Authentication may
fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/sim
[eap] processing type sim
+++ EAP-sim decoded packet:
Service-Type = Framed-User
Framed-MTU = 1400
User-Name = 19017653
State = 0x870e2a6987623891aa6e49c2b1bcc9b6
NAS-Port-Id = ap_hotspot
Dynamic Home Server For Sending CoA
Hi, I have problem with Home servers for sending CoA packets. This service works fine, but i have clients in sql (rml_sql). When NAS are in sql, home servers for configuring coa must be in sql too. But now they are stationary in text file defined. Is there some way how to change this ? Or I overlook some configuration options or functionality ? Stanislav Lorenc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
The core dump was off, now when I enable the coredumps radiusd won't dump
anymore.
Every other program dumps with SEGV signal, but radiusd won't
So I don't know how te get a dump.
now it aborts with:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Aborted
Thanks in advance
From: mixmasteront...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: Coa problem
Date: Wed, 7 Nov 2012 12:25:48 +0100
Hello,
I have a problem with originate-coa
I want to send coa to mikrotik to change bandwith
But if I do that I get the folowing error:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Aborted (core dumped)
I'm using freeradius version 3.0 (I have tried it with radius version 2.1.10,
error was slightly different go a segmentation fault)
here is the code within sites-enables/default
update coa {
User-Name = %{User-Name}
Acct-Session-Id = %{Acct-Session-Id}
NAS-IP-Address = %{NAS-IP-Address}
Framed-IP-Address = %{Framed-IP-Address}
Mikrotik-Rate-Limit = 256K/256K
}
This is send from accounting {
I put originate-coa in the sites-enabled
and I have made the folowing config:
home_server mikrotik-test-coa {
type = coa
#
# Note that a home server of type coa MUST be a real NAS,
# with an ipaddr or ipv6addr. It CANNOT point to a virtual
# server.
#
ipaddr = 192.168.8.97
port = 3799
# This secret SHOULD NOT be the same as the shared
# secret in a client section.
secret = same as in clients.conf, because in the NAS it is the same
# CoA specific parameters. See raddb/proxy.conf for details.
coa {
irt = 2
mrt = 16
mrc = 5
mrd = 30
}
}
server originate-coa.mikrotik {
pre-proxy {
#update proxy-request {
#NAS-IP-Address = 127.0.0.1
#}
ok
}
#
# Handle the responses here.
#
post-proxy {
switch %{proxy-reply:Packet-Type} {
case CoA-ACK {
ok
}
case CoA-NAK {
# the NAS didn't like the CoA request
ok
}
case Disconnect-ACK {
ok
}
case Disconnect-NAK {
# the NAS didn't like the Disconnect request
ok
}
# Invalid packet type. This shouldn't happen.
case {
fail
}
}
#
# These methods are run when there is NO response
# to the request.
#
Post-Proxy-Type Fail-CoA {
ok
}
Post-Proxy-Type Fail-Disconnect {
ok
}
}
}
I have tried many many different settings in originate-coa
when I use radclient I can send a coa with succes.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Home Server For Sending CoA
On 7 Nov 2012, at 13:52, Stanislav Lorenc stanislav.lor...@cernovice.net wrote: Hi, I have problem with Home servers for sending CoA packets. This service works fine, but i have clients in sql (rml_sql). When NAS are in sql, home servers for configuring coa must be in sql too. But now they are stationary in text file defined. Is there some way how to change this ? Or I overlook some configuration options or functionality ? No, dynamic home servers are not currently supported. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
Mixmasterontour PureDJ wrote:
The core dump was off, now when I enable the coredumps radiusd won't
dump anymore.
Every other program dumps with SEGV signal, but radiusd won't
So I don't know how te get a dump.
now it aborts with:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Aborted
I've pushed a fix. It should not have been an assert.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cannot Authenticate Local User
Hi,
I am new to using FreeRadius and I need help trying to authenticate a
local user account using FreeRadius. I have installed FreeRadius
2.1.12 on Centos 6.3 I have created a local user with the
following details:
Username : rtest
Password :rtest
When I use the radtest rtest rtest localhost 0 testing123 I receive a
Access-Reject packet
Output:
--
[root@localhost Downloads]# radtest rtest rtest localhost 0 testing123
Sending Access-Request of id 24 to 127.0.0.1 port 1812
User-Name = rtest
User-Password = rtest
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
Message-Authenticator = 0x
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=24, length=20
---
I am using the default configuration as below:
Output :
---
[root@localhost raddb]# radiusd -X
FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on
Jun 22 2012 at 11:10:43
Copyright (C) 1999-2009 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License v2.
Starting - reading configuration files ...
including configuration file /etc/raddb/radiusd.conf
including configuration file /etc/raddb/proxy.conf
including configuration file /etc/raddb/clients.conf
including files in directory /etc/raddb/modules/
including configuration file /etc/raddb/modules/mac2ip
including configuration file /etc/raddb/modules/dynamic_clients
including configuration file /etc/raddb/modules/checkval
including configuration file /etc/raddb/modules/smsotp
including configuration file /etc/raddb/modules/rediswho
including configuration file /etc/raddb/modules/realm
including configuration file /etc/raddb/modules/policy
including configuration file /etc/raddb/modules/ippool
including configuration file /etc/raddb/modules/wimax
including configuration file /etc/raddb/modules/logintime
including configuration file /etc/raddb/modules/replicate
including configuration file /etc/raddb/modules/radutmp
including configuration file /etc/raddb/modules/preprocess
including configuration file /etc/raddb/modules/mschap
including configuration file /etc/raddb/modules/ntlm_auth
including configuration file /etc/raddb/modules/digest
including configuration file /etc/raddb/modules/echo
including configuration file /etc/raddb/modules/perl
including configuration file /etc/raddb/modules/pap
including configuration file /etc/raddb/modules/exec
including configuration file /etc/raddb/modules/always
including configuration file /etc/raddb/modules/redis
including configuration file /etc/raddb/modules/counter
including configuration file /etc/raddb/modules/attr_filter
including configuration file /etc/raddb/modules/sradutmp
including configuration file /etc/raddb/modules/linelog
including configuration file /etc/raddb/modules/inner-eap
including configuration file /etc/raddb/modules/expiration
including configuration file /etc/raddb/modules/passwd
including configuration file /etc/raddb/modules/etc_group
including configuration file /etc/raddb/modules/detail.example.com
including configuration file /etc/raddb/modules/detail.log
including configuration file /etc/raddb/modules/mac2vlan
including configuration file /etc/raddb/modules/otp
including configuration file /etc/raddb/modules/opendirectory
including configuration file /etc/raddb/modules/smbpasswd
including configuration file /etc/raddb/modules/acct_unique
including configuration file /etc/raddb/modules/detail
including configuration file /etc/raddb/modules/chap
including configuration file /etc/raddb/modules/expr
including configuration file /etc/raddb/modules/cui
including configuration file /etc/raddb/modules/attr_rewrite
including configuration file /etc/raddb/modules/soh
including configuration file /etc/raddb/modules/files
including configuration file /etc/raddb/modules/unix
including configuration file /etc/raddb/modules/pam
including configuration file /etc/raddb/modules/sql_log
including configuration file /etc/raddb/modules/sqlcounter_expire_on_login
including configuration file /etc/raddb/eap.conf
including configuration file /etc/raddb/policy.conf
including files in directory /etc/raddb/sites-enabled/
including configuration file /etc/raddb/sites-enabled/control-socket
including configuration file /etc/raddb/sites-enabled/inner-tunnel
including configuration file /etc/raddb/sites-enabled/default
main {
user = radiusd
group = radiusd
allow_core_dumps = no
}
including dictionary file /etc/raddb/dictionary
RE: Coa problem
Small update.
I have run radiusd -X in gdb
And get this as result:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Program received signal SIGABRT, Aborted.
0x76b97425 in raise () from /lib/x86_64-linux-gnu/libc.so.6
Hope this give some ideas?
Subject: Re: Coa problem
From: a.cudba...@freeradius.org
Date: Wed, 7 Nov 2012 12:00:14 +
To: freeradius-users@lists.freeradius.org
On 7 Nov 2012, at 11:25, Mixmasterontour PureDJ mixmasteront...@hotmail.com
wrote:
Hello,
I have a problem with originate-coa
I want to send coa to mikrotik to change bandwith
But if I do that I get the folowing error:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Aborted (core dumped)
Can haz backtrace plz? Or that core dump file if you know where it went...
-Arran
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
Thanks,
This is much better, it won't crash anymore.
It doesn't work yet, but now I have something to search for.
I get this error, maybe someone knows where to look for
(1) update coa {
(1) WARNING: List 'coa' doesn't exist for this packet
(1) } # update coa = invalid
As what I can make of it, it's not allowed to use coa here, but I could use a
coa update in accounting { .. } can I?
Date: Wed, 7 Nov 2012 09:14:59 -0500
From: al...@deployingradius.com
To: freeradius-users@lists.freeradius.org
Subject: Re: Coa problem
Mixmasterontour PureDJ wrote:
The core dump was off, now when I enable the coredumps radiusd won't
dump anymore.
Every other program dumps with SEGV signal, but radiusd won't
So I don't know how te get a dump.
now it aborts with:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Aborted
I've pushed a fix. It should not have been an assert.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mysql, Accounting and DialupAdmin
Hi Folks I succeeded to get my set up running with FR 2.2.0 and Mysql, e.g. I can connect through a ZyXEL NWA 3160 using credentials in the MySQL database using a M$ Windows 7 client. Everything is still quite raw and blurry to me. Could someone point me to the right dos for the following? 1) I had to enter cleartext password into the mysql database, apparently other formats were not accepted 2) I could see login and logout information, but no data usage, e.g. dowload and upload sizes appear to be zeroes. mysql select username,acctstarttime,acctstoptime,acctoutputoctets,acctoutputoctets from radacct; +--+-+-+--+--+ | username | acctstarttime | acctstoptime| acctoutputoctets | acctoutputoctets | +--+-+-+--+--+ | test | 2012-11-07 15:09:47 | 2012-11-07 15:15:48 | 0 |0 | | test | 2012-11-07 15:15:48 | 2012-11-07 15:25:02 | 0 |0 | | test | 2012-11-07 15:25:32 | 2012-11-07 15:41:52 | 0 |0 | +--+-+-+--+--+ Thanks for hints Erich Titl smime.p7s Description: S/MIME Kryptografische Unterschrift - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
I have been searching, but to be honest, I have no clue what I'm doing wrong
here.
Tried some different sections (authenticate, preact etc.) but all give the same
warning.
what do I do wrong?
From: mixmasteront...@hotmail.com
To: freeradius-users@lists.freeradius.org
Subject: RE: Coa problem
Date: Wed, 7 Nov 2012 15:35:44 +0100
Thanks,
This is much better, it won't crash anymore.
It doesn't work yet, but now I have something to search for.
I get this error, maybe someone knows where to look for
(1) update coa {
(1) WARNING: List 'coa' doesn't exist for this packet
(1) } # update coa = invalid
As what I can make of it, it's not allowed to use coa here, but I could use a
coa update in accounting { .. } can I?
Date: Wed, 7 Nov 2012 09:14:59 -0500
From: al...@deployingradius.com
To: freeradius-users@lists.freeradius.org
Subject: Re: Coa problem
Mixmasterontour PureDJ wrote:
The core dump was off, now when I enable the coredumps radiusd won't
dump anymore.
Every other program dumps with SEGV signal, but radiusd won't
So I don't know how te get a dump.
now it aborts with:
(0)update coa {
ASSERT FAILED evaluate.c[1154]: output_vps
Aborted
I've pushed a fix. It should not have been an assert.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cannot Authenticate Local User
On Wed, Nov 07, 2012 at 04:16:23PM +0200, Manjith Gajadhar wrote: I am new to using FreeRadius and I need help trying to authenticate a local user account using FreeRadius. I have installed FreeRadius 2.1.12 on Centos 6.3 I have created a local user with the following details: Created a 'local user' how? Added an entry to the users file? (In which case, did you add it to the top?) --- [root@localhost raddb]# radiusd -X FreeRADIUS Version 2.1.12, for host i386-redhat-linux-gnu, built on Jun 22 2012 at 11:10:43 ... Listening on accounting address * port 1813 Listening on command file /var/run/radiusd/radiusd.sock Listening on authentication address 127.0.0.1 port 18120 as server inner-tunnel Listening on proxy address * port 1814 Ready to process requests. You've missed the rest of the log off that contains the actual authentication attempt, so we can't see what's broken. Try again with rtestCleartext-Password := rtest at the top of the users file. Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
Mixmasterontour PureDJ wrote: I have been searching, but to be honest, I have no clue what I'm doing wrong here. Tried some different sections (authenticate, preact etc.) but all give the same warning. what do I do wrong? Nothing. I'll see if I can push a fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
Nothing. I'll see if I can push a fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Thanks! If I could assist with something, let me know.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
Mixmasterontour PureDJ wrote: I have been searching, but to be honest, I have no clue what I'm doing wrong here. Tried some different sections (authenticate, preact etc.) but all give the same warning. I've pushed a fix. Please test it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
I've pushed a fix. Please test it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks Alan,
I've run the test..
It passes the the output_vps test, however I get a segmentation fault
(0) expand: %{User-Name} - Groen
(0) expand: %{Acct-Session-Id} - 80e1
(0) expand: %{NAS-IP-Address} - 192.168.8.97
(0) expand: %{Framed-IP-Address} - 10.0.1.199
Segmentation fault
Strange thing is that in my update coa I have those variables but also
Mikrotik-Rate-Limit = 256K/256K you won't see in the output.
But when I comment out the line Mikrotik-Rate-Limit = 256K/256K I get the
same output and result (segmentation fault)
This is the update coa code:
update coa {
User-Name = %{User-Name}
Acct-Session-Id = %{Acct-Session-Id}
NAS-IP-Address = %{NAS-IP-Address}
Framed-IP-Address = %{Framed-IP-Address}
Mikrotik-Rate-Limit = 256K/256K
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
I've pushed a fix. Please test it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Some extra info from gdb, I don't know if this is usefull:
(gdb) exec-file /usr/local/sbin/radiusd -X
(gdb) r
Starting program: /usr/local/sbin/radiusd -f
[Thread debugging using libthread_db enabled]
Using host libthread_db library /lib/x86_64-linux-gnu/libthread_db.so.1.
[New Thread 0x7307e700 (LWP 10291)]
[Thread 0x7307e700 (LWP 10291) exited]
[New Thread 0x7307e700 (LWP 10292)]
[New Thread 0x7173e700 (LWP 10293)]
[New Thread 0x70f3d700 (LWP 10294)]
[New Thread 0x7fffebfff700 (LWP 10295)]
[New Thread 0x7fffeb7fe700 (LWP 10296)]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffebfff700 (LWP 10295)]
0x0044d747 in ?? ()
(gdb) info threads
Id Target Id Frame
7Thread 0x7fffeb7fe700 (LWP 10296) radiusd 0x7778afd0 in
sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0
* 6Thread 0x7fffebfff700 (LWP 10295) radiusd 0x0044d747 in ?? ()
5Thread 0x70f3d700 (LWP 10294) radiusd 0x7778afd0 in
sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0
4Thread 0x7173e700 (LWP 10293) radiusd 0x7778afd0 in
sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0
3Thread 0x7307e700 (LWP 10292) radiusd 0x7778afd0 in
sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0
1Thread 0x77fef700 (LWP 10288) radiusd 0x76c4e023 in select
() from /lib/x86_64-linux-gnu/libc.so.6
(gdb) bt
#0 0x0044d747 in ?? ()
#1 0x7fffebffdc90 in ?? ()
#2 0x0087d300 in ?? ()
#3 0x in ?? ()
(gdb) thread apply all bt full
Thread 7 (Thread 0x7fffeb7fe700 (LWP 10296)):
#0 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1 0x0043599a in ?? ()
No symbol table info available.
#2 0x in ?? ()
No symbol table info available.
Thread 6 (Thread 0x7fffebfff700 (LWP 10295)):
#0 0x0044d747 in ?? ()
No symbol table info available.
#1 0x7fffebffdc90 in ?? ()
No symbol table info available.
#2 0x0087d300 in ?? ()
No symbol table info available.
#3 0x in ?? ()
No symbol table info available.
Thread 5 (Thread 0x70f3d700 (LWP 10294)):
#0 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1 0x0043599a in ?? ()
No symbol table info available.
#2 0x in ?? ()
No symbol table info available.
Thread 4 (Thread 0x7173e700 (LWP 10293)):
#0 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1 0x0043599a in ?? ()
No symbol table info available.
#2 0x in ?? ()
No symbol table info available.
Thread 3 (Thread 0x7307e700 (LWP 10292)):
#0 0x7778afd0 in sem_wait () from /lib/x86_64-linux-gnu/libpthread.so.0
No symbol table info available.
#1 0x0043599a in ?? ()
No symbol table info available.
#2 0x0004 in ?? ()
No symbol table info available.
#3 0x0089bcc0 in ?? ()
No symbol table info available.
#4 0x7287e000 in ?? ()
No symbol table info available.
#5 0x0089bcc0 in ?? ()
No symbol table info available.
#6 0x in ?? ()
No symbol table info available.
---Type return to continue, or q return to quit---
Thread 1 (Thread 0x77fef700 (LWP 10288)):
#0 0x76c4e023 in select () from /lib/x86_64-linux-gnu/libc.so.6
No symbol table info available.
#1 0x77bc4c3d in fr_event_loop (el=0x882aa0) at event.c:391
i = 5
rcode = 1
maxfd = 17
when = {tv_sec = 0, tv_usec = 328971}
wake = 0x7fffe4d0
read_fds = {fds_bits = {253952, 0 repeats 15 times}}
master_fds = {fds_bits = {253952, 0 repeats 15 times}}
#2 0x0044654f in ?? ()
No symbol table info available.
#3 0x7fffe610 in ?? ()
No symbol table info available.
#4 0x0042f3c7 in ?? ()
No symbol table info available.
#5 0x7fffe6f8 in ?? ()
No symbol table info available.
#6 0x00022800 in ?? ()
No symbol table info available.
#7 0x0042f6ae in ?? ()
No symbol table info available.
#8 0x in ?? ()
No symbol table info available.
Hope this helps a bit
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Coa problem
Mixmasterontour PureDJ wrote:
I've run the test..
It passes the the output_vps test, however I get a segmentation fault
(0) expand: %{User-Name} - Groen
(0) expand: %{Acct-Session-Id} - 80e1
(0) expand: %{NAS-IP-Address} - 192.168.8.97
(0) expand: %{Framed-IP-Address} - 10.0.1.199
Segmentation fault
Well, that's a typo. I've pushed another fix.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ntlm_auth child domain
Hi,
Just to update I was able to do what I intended to :
Here what I did,
In the authenticate of inner-tunnel and default
I added this:
Auth-Type MS-CHAP {
group {
mschap {
reject = 1
ok = return
}
mschap_tata {
reject = 1
ok = return
}
mschap_toto {
ok = return
}
}
}
And in mschap module I added:
Mschap {
with_ntdomain_hack = yes
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key
--username=%{%{Stripped-User-Name}:-%{%{User-Name}:-None}}
--domain=%{%{mschap:NT-Domain}:-%{Realm}}
--challenge=%{%{mschap:Challenge}:-00}
--nt-response=%{%{mschap:NT-Response}:-00}
}
mschap mschap_tata {
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name}
--domain=%{%{mschap:NT-Domain}:-tata} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
}
mschap mschap_toto {
ntlm_auth = /usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name}
--domain=%{%{mschap:NT-Domain}:-toto} --challenge=%{mschap:Challenge:-00}
--nt-response=%{mschap:NT-Response:-00}
}
Also added in proxy.conf
Realm tata {
}
Realm toto {
}
With this I was able to do what I wanted,
I am able to permit users from both domain whether they write their user like
tata\username, toto\username or just username
I was also able to to peap authentification by just using the documentation,
Now I’m looking at LDAP to check the group membership of user and only permit
certain group and /or send attribute to those group.
Thank you
Yannick Ménard
--
Ce courriel a �t� filtr� par ModusGate et Webshield afin de le
certifier comme l�gitime et exempt de virus.-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql, Accounting and DialupAdmin
On Wed, Nov 7, 2012 at 10:16 PM, Erich Titl erich.t...@think.ch wrote: Hi Folks I succeeded to get my set up running with FR 2.2.0 and Mysql, e.g. I can connect through a ZyXEL NWA 3160 using credentials in the MySQL database using a M$ Windows 7 client. Everything is still quite raw and blurry to me. Could someone point me to the right dos for the following? 1) I had to enter cleartext password into the mysql database, apparently other formats were not accepted Because you use Windows client, which defaults to EAP-MSCHAPv2. See http://deployingradius.com/documents/protocols/compatibility.html If your main concern is I don't want to store cleartext password in db, you should be able to use NT-Password. Search the list archive, there's a recent thread about this. 2) I could see login and logout information, but no data usage, e.g. dowload and upload sizes appear to be zeroes. Some NAS (e.g. AP's flashed with dd-wrt) simply doesn't send accounting packets. Blame your NAS :P ... or to be more acccurate, look at your NAS documentation (or ask the vendor) how to get it to send accounting packets. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No EAP Start, assuming it's an on-going EAP conversation
Sending tunneled request EAP-Message = 0x0208004f1a0208004a319afcbf0d90146863dcce62e55cbf6b263213a6 67f5405fe084a9e7291e326e0f0c68ce28482c998a0053554d4f4c434f4d50414c5c53433130 31383536 FreeRADIUS-Proxied-To = 127.0.0.1 User-Name = DOMAIN\\userADaccount State = 0xc282d9b6c28ac325c2d75d655a3b20bb EAP-Message parsed: 02 Code = 2 (EAP-Response) 08 Identifier = 8 00 4f Length = 79 1a Type = 26 (EAP-MSCHAPv2) 02 Opcode = 2 (Response) 08MS-CHAP-v2-Id = 8 00 4a MS-Length = 74 31 Value-Size = 49 9a fc bf 0d 90 14 Peer-Challenge 68 63 dc ce 62 e5 5c bf 6b 26 00 00 00 00 00 00 Reserved 00 00 32 13 a6 67 f5 40 5f e0 84 a9 e7 29 1e 32 NT-Response 6e 0f 0c 68 ce 28 48 2c 99 8a 00Flags = 0 53 55 4d 4f 4c 43 4f 4d 50 41 4c 5c 53 43 31 30 31 38 35 36 Name = SUMOLCOMPAL\SC101856 [peap] Got tunneled reply code 11 EAP-Message = 0x010900331a0308002e533d443646424543334344343334373542443835343334333432 3745313831384243414639333030 Message-Authenticator = 0x State = 0xc282d9b6c38bc325c2d75d655a3b20bb EAP-Message parsed: 01 Code = 1 (EAP-Request) 09 Identifier = 9 00 33 Length = 51 1a Type = 26 (EAP-MSCHAPv2) 03 Opcode = 2 (Succes) 08MS-CHAP-v2-Id = 8 00 2e MS-Length = 46 53 3d 44 36 46 42 45 43 33 43 43 33 34 34 33 34 37 35 42 44 38 35 34 33 34 33 34 32 37 45 31 38 31 38 42 43 41 46 39 33 30 30 Message = S=D6FBEC3CC3443475BD854343427E1818BCAF9300 MSCHAPv2 is a mutual authentication protocol. Supplicant has interrupted authentication process just after it receive EAP-MSCHAPv2 Success request packet. It means that Success request packet was not calculated using proper user password. In other words user password available at supplicant and at authentication server does not match. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-SIM authentication failed
I have the same problem with Nokia E51 handset. EAP-SIM authentication interrupted by Nokia supplicant. Unfortunately there is no useful diagnostic on the handset. On other hand EAP-SIM authentication succeeds when I use wpa_supplicant on Windows using smart card reader with the same SIM card I've used with Nokia handset. Unfortunately I have neither iPhone nor Windows-based handset to test EAP-SIM against. Yann R. Moupinda wrote: i got the same failure than before: after sending the 2nd access challenge, the server is waiting for the 3rd access request and doesn't get anything -- authentication failed - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql, Accounting and DialupAdmin
Hi Fajar on 08.11.2012 03:35, Fajar A. Nugraha wrote: On Wed, Nov 7, 2012 at 10:16 PM, Erich Titl erich.t...@think.ch wrote: Hi Folks I succeeded to get my set up running with FR 2.2.0 and Mysql, e.g. I can connect through a ZyXEL NWA 3160 using credentials in the MySQL database using a M$ Windows 7 client. Everything is still quite raw and blurry to me. Could someone point me to the right dos for the following? 1) I had to enter cleartext password into the mysql database, apparently other formats were not accepted Because you use Windows client, which defaults to EAP-MSCHAPv2. See http://deployingradius.com/documents/protocols/compatibility.html If your main concern is I don't want to store cleartext password in db, you should be able to use NT-Password. Search the list archive, there's a recent thread about this. Thanks, I read that URL, actually that one guided me to enter a Cleartext Password at all. mysql select * from radcheck; ++--+++--+ | id | username | attribute | op | value | ++--+++--+ | 1 | test | MD5-Password | := | 81dc9bdb52d04dc20036dbd8313ed055 | | 2 | test | NT-Password| := | 7CE21F17C0AEE7FB9CEBA532D0546AD6 | | 3 | test | Cleartext-Password | := | 1234 | ++--+++--+ 2) I could see login and logout information, but no data usage, e.g. dowload and upload sizes appear to be zeroes. Some NAS (e.g. AP's flashed with dd-wrt) simply doesn't send accounting packets. Blame your NAS :P :-( Do you have a recommendation for AP's that pass this information? ... or to be more acccurate, look at your NAS documentation (or ask the vendor) how to get it to send accounting packets. It is a ZyXEL, so basically a black box, even to the local vendor. Thanks Erich smime.p7s Description: S/MIME Kryptografische Unterschrift - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql, Accounting and DialupAdmin
On Thu, Nov 8, 2012 at 2:08 PM, Erich Titl erich.t...@think.ch wrote: Thanks, I read that URL, actually that one guided me to enter a Cleartext Password at all. See the column labeled NT hash? mysql select * from radcheck; ++--+++--+ | id | username | attribute | op | value | ++--+++--+ | 1 | test | MD5-Password | := | 81dc9bdb52d04dc20036dbd8313ed055 | | 2 | test | NT-Password| := | 7CE21F17C0AEE7FB9CEBA532D0546AD6 | | 3 | test | Cleartext-Password | := | 1234 | ++--+++--+ IIRC only one of them will be used. I suggest you dop MD5 (since it's useless for your purpose) and Cleartext (you don't want that, right?) and verify you use the correct NT-Password (use smbencrypt if you haven't already done so) 2) I could see login and logout information, but no data usage, e.g. dowload and upload sizes appear to be zeroes. Some NAS (e.g. AP's flashed with dd-wrt) simply doesn't send accounting packets. Blame your NAS :P :-( Do you have a recommendation for AP's that pass this information? Nope. Sorry. Try looking at the archives, I think Cisco boxes sends them. As an alternative, if you're fine with captive-portal setup, chillispot sends accounting packets just fine. ... or to be more acccurate, look at your NAS documentation (or ask the vendor) how to get it to send accounting packets. It is a ZyXEL, so basically a black box, even to the local vendor. Then blame the vendor. Seriously. Why would you want to use something that even the local vendor can't support? -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Coa problem
Well, that's a typo. I've pushed another fix.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Perfect, it's working now!
Thanks
one other small thing:
in freeradius-server/raddb/sql/mysql/dialup.conf there is an error
in
accounting {
interim-update {
the insert sql is not correct (value count is incorrect)
was:
query = \
INSERT INTO ${acct_table1} \
(${...column_list}) \
VALUES \
('%{Acct-Session-Id}', \
'%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', \
'%{NAS-IP-Address}', \
'%{NAS-Port}', \
'%{NAS-Port-Type}', \
FROM_UNIXTIME(%{integer:Event-Timestamp} - \
%{%{Acct-Session-Time}:-0}), \
FROM_UNIXTIME(%{integer:Event-Timestamp}), \
'%{Acct-Session-Time}', \
'%{Acct-Authentic}', '', \
'%{%{Acct-Input-Gigawords}:-0}'
32 | \
'%{%{Acct-Input-Octets}:-0}', \
'%{%{Acct-Output-Gigawords}:-0}' 32 | \
'%{%{Acct-Output-Octets}:-0}', \
'%{Called-Station-Id}', \
'%{Calling-Station-Id}', \
'%{Service-Type}', \
'%{Framed-Protocol}', \
'%{Framed-IP-Address}')
}
should be:
query = \
INSERT INTO ${acct_table1} \
(${...column_list}) \
VALUES \
('%{Acct-Session-Id}', \
'%{Acct-Unique-Session-Id}', \
'%{SQL-User-Name}', \
'%{Realm}', \
'%{NAS-IP-Address}', \
'%{NAS-Port}', \
'%{NAS-Port-Type}', \
FROM_UNIXTIME(%{integer:Event-Timestamp} - \
%{%{Acct-Session-Time}:-0}), \
FROM_UNIXTIME(%{integer:Event-Timestamp}), \
NULL, \
'%{Acct-Session-Time}', \
'%{Acct-Authentic}', '', '', \
'%{%{Acct-Input-Gigawords}:-0}'
32 | \
'%{%{Acct-Input-Octets}:-0}', \
'%{%{Acct-Output-Gigawords}:-0}' 32 | \
'%{%{Acct-Output-Octets}:-0}', \
'%{Called-Station-Id}', \
'%{Calling-Station-Id}', \
'', \
'%{Service-Type}', \
'%{Framed-Protocol}', \
'%{Framed-IP-Address}')
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mysql, Accounting and DialupAdmin
Hi Fajar on 08.11.2012 08:16, Fajar A. Nugraha wrote: ... IIRC only one of them will be used. I suggest you dop MD5 (since it's useless for your purpose) and Cleartext (you don't want that, right?) and verify you use the correct NT-Password (use smbencrypt if you haven't already done so) Yes, it appears that authentication using NT-Password hash works fine for M$. What would be the least common setting in a multi vendor environment. I guess, OSX, for example, is using a different protocol. 2) I could see login and logout information, but no data usage, e.g. dowload and upload sizes appear to be zeroes. ... It is a ZyXEL, so basically a black box, even to the local vendor. Then blame the vendor. Seriously. Why would you want to use something that even the local vendor can't support? I am in an evaluation phase and this is a vendor with widespread acceptance here. Finding such a weakness is important as we will probably drop the product then. Unfortunately not everyone is really comfortable with open source products. This is just the kind of reality the vendors try to lock us in. Thanks Erich smime.p7s Description: S/MIME Kryptografische Unterschrift - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: No EAP Start, assuming it's an on-going EAP conversation
Maybe is that Samba bug? The one that makes it apparently work: [mschap] adding MS-CHAPv2 MPPE keys ++[mschap] returns ok MSCHAP Success but the client refuses to go on? I can't search the archive right now, but I think it would be useful to know the Samba version. Hello Alberto #smbd -V Version 3.4.0 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
