RE: Snmp trap
Title: Snmp trap It wouldnt be hard to write your own script to either a) plug in as a module to execute sending a trap on failure or b) monitor the log file and do the same. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yoram Baruchian Sent: Sunday, May 01, 2005 3:25 AM To: freeradius-users@lists.freeradius.org Subject: Snmp trap Hi Can free radius send an snmp trap to nms (hp/ov or similar) when a user is unauthenticated? BEST REGARDS * Bar Yoram Senior Security Systems Engineer Technical Services Division Tel: 972 (3) 9278472 Mobile: 972 (53) 878472 Fax: 972 (3) 9229218 mailto:[EMAIL PROTECTED] *
Rejecting Request
Rejecting request 86445 due to lack of any response from home server What could be causing this, tell me what to post and I will, I just didnt want to spam the list with all my confs and radiusd X, though Ive looked through debug and nothing makes sense as to what is causing this.
RE: Rejecting Request
These are coming from my central proxy server. But all tests using utilities built into the APX-8000 and ntRadTest all go through successfully to their respective servers and return with the correct Reply. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mitchell, Michael J Sent: Monday, March 14, 2005 9:39 PM To: freeradius-users@lists.freeradius.org Subject: RE: Rejecting Request It appears that your RADIUS server is proxying the request to a home server, which hasn't responded... is this what you're intending? From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anson Rinesmith Sent: Tuesday, 15 March 2005 2:30 PM To: freeradius-users@lists.freeradius.org Subject: Rejecting Request Rejecting request 86445 due to lack of any response from home server What could be causing this, tell me what to post and I will, I just didnt want to spam the list with all my confs and radiusd X, though Ive looked through debug and nothing makes sense as to what is causing this.
RE: What is X-Ascend-Data-Rate Attributes represent?
Xmit is the Upload, and Data-Rate is the Download rates. Just remember, those are given from the Ascend Equipments point of view. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Marendra Nutriaji Sent: Monday, January 10, 2005 8:28 PM To: Freeradius User Subject: What is X-Ascend-Data-Rate Attributes represent? hi all, What is X-Ascend-Data-Rate Attributes represents? does it represent the connection speed of the dial in connection? What's the difference between attribute Ascend-Xmit-Rate ? i hope somebody could help me Thank you Marendra - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius installation problem
I had a similar problem, when I didn't install MySQL before installing FR. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of vamsikv Sent: Wednesday, December 08, 2004 1:20 AM To: [EMAIL PROTECTED] Subject: Freeradius installation problem I have tried to install freeradius version freeradius-snapshot-20040607.tar.gz in two Linux 8.0 versions .I have been able to install in one system but in another system i got error after giving make .Below i am printing just a part of the error message .My doubt is why the problem did not occur with the first machine in which i was able to install even though both were of the same versions. The error message was sql_mysql.c: In function `sql_affected_rows': sql_mysql.c:395: `mysql_sock' undeclared (first use in this function) sql_mysql.c:397: warning: implicit declaration of function `mysql_affected_rows'sql_mysql.c:393: warning: unused parameter `config' gmake[10]: *** [sql_mysql.o] Error 1 gmake[10]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot- 20040607/src/modules/rlm_s ql/drivers/rlm_sql_mysql' gmake[9]: *** [common] Error 1 gmake[8]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot- 20040607/src/modules/rlm_s ql/drivers' gmake[7]: *** [common] Error 1 gmake[7]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot- 20040607/src/modules/rlm_s ql' gmake[6]: *** [static] Error 2 gmake[6]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot- 20040607/src/modules/rlm_s ql' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot-20040607/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot-20040607/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot-20040607/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot-20040607/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/PnacEval/PnacEvalTools/freeradius-snapshot-20040607' make: *** [all] Error 2 Please clarify my doubt and kindly let me know if i am missing something. Thanks Regards, Vamsi ** * This message is proprietary to Future Software Limited (FSL) and is intended solely for the use of the individual to whom it is addressed. It may contain privileged or confidential information and should not be circulated or used for any purpose other than for what it is intended. If you have received this message in error, please notify the originator immediately. If you are not the intended recipient, you are notified that you are strictly prohibited from using, copying, altering, or disclosing the contents of this message. FSL accepts no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus. ** * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Check Multiple Calling-Station-Id in mysql
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Nurul Faizal M.Shukeri Sent: Tuesday, December 07, 2004 4:52 PM To: [EMAIL PROTECTED] Subject: Check Multiple Calling-Station-Id in mysql Hi to all, I'm using freeradius 1.0.1. I'm trying to check multiple calling-station- id store in mysql but return message access-reject. I don't know how and whats the problem is. Anyone plz help me. TQ +++---++---+ | id | UserName | Attribute | op | Value | +++---++---+ | 1 | ultrabalad | User-Password | == | budakbaik | +++---++---+ ++++ | id | UserName | GroupName | ++++ | 1 | ultrabalad | ultrabalad | ++++ +++++--+ | id | GroupName | Attribute | op | Value| +++++--+ | 10 | ultrabalad | Calling-Station-Id | =~ | 00032f042f51 | | 9 | ultrabalad | Calling-Station-Id | =~ | 10032f042f51 | +++++--+ My guess would be here, the Values you have for Calling-Station-Id, do appear to be valid phone numbers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Experience of use
I have it running in a production environment as both actual RADIUS and a PROXY server. 10,000 users and I see no difference from when I had it in a test environment with 10 users. P3 667 w/256Mb RAM. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Neil Craig Sent: Tuesday, December 07, 2004 8:45 AM To: [EMAIL PROTECTED] Subject: Experience of use Hi Can anyone who has Freeradius running in a production environment comment on how stable it is with 100's (1000's?) of users? Do you see a marked degradation of service when lots of people are authenticating and accounting being sent? I have a system set up in a test environment which is running stable but only ever has 5 users connecting :) Thanks Neil - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to add a field to the reply that contains data from the request?
Well, as everyone could have guessed, they talk aboout fields. A summary of the RADIUS data format is shown below. The fields are transmitted from left to right. They then switch to calling them attributes, for no good reason. If you were REALLY comprehending the document, then you would have realized that fields are used to describe parts of an attribute. This is even under the description of ATTRIBUTES! ATTRIBUTE 5.1 USERNAME has 3 fields - Type, Length and String Description This Attribute indicates the name of the user to be authenticated. It is only used in Access-Request packets. A summary of the User-Name Attribute format is shown below. The fields are transmitted from left to right. 0 1 2 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- | Type |Length | String ... +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Type 1 for User-Name. Length = 3 String The String field is one or more octets. The NAS may limit the maximum length of the User-Name but the ability to handle at least 63 octets is recommended. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to add a field to the reply that contains data from the request?
I particularly like this one (at end of 4.3): Attributes The Attribute field is variable in length, and contains a list of zero or more Attributes. !!! Yeah. Are they trying to make a pastiche comedy sketch takeoff of themselves? Section 4 is clearly describing PACKETS, a packet has fields. A field in packet that is transmitted, can be an ATTRIBUTE. True, it is a recursive definition, but this is not a difficult concept. Like an element in an ARRAY containing and ARRAY that has elements. Did you actually read the whole RFC, or just search for the word field and attribute, and go from there? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: How to add a field to the reply that contains data from the request?
If you feel so strongly about changes needing to be made, then why not make an official comment to the RFC and try to make things better? An RFC is, by the way, a Request For Clarification. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Peter T. Breuer Sent: Saturday, December 04, 2004 9:17 PM To: [EMAIL PROTECTED] Subject: Re: How to add a field to the reply that contains data from the request? Also sprach Michael Griego: All I have to say is that your attitude normally determines the response you get. You came in here telling many people who have worked with RADIUS for a long time how the specs are wrong and how you are much No I haven't. I'm sure radius is fine. OTOH I'm quite sure the rfc is probably a load of badly written rubbish, because they normally are. So? Is there something new? Have you read a rfc lately? I certainly haven't! ;) As to telling people? I am giving them the benefit of my judgement and appraisal. I've pointed out the things that are wrong. Now you get to act on it. That's cool. Go with it. better than they. This is a fatally flawed approach when trying to learn something. I'm not trying to learn anything! I would hope I never do. I hate learning anything. I avoid learning anything at all! I do it far too easily, thank you. I haveto work hard to avoid it. That's the point - I am not YOUR slave. I don't do what YOU want me to do. If you want ME to use YOUR tool then YOU must persuade ME to. And you do that by doing what *I* want, not the other way round. Got it? It's a market. You've got competition. I could have used gnu-radius. I could have used others. There has to be something about what YOU have that persuades me to use yours. As it is, I think it's a fine implementation. At least the config is good and comprehensible. Beats gnu-radius there! The weakness is clearly that it's been written by people who apparently don't know any computer science (is that true?), and who also aren't used to writing for others. That said, they've written WELL. They're just handicapped in their otherwise good and thoughtful writing by their own lack of abstract knowledge of what they're doing, so they can't explain themselves properly. That's clearly the fault, as far as I can make out. It's like watching some of those pop-artists who can make up songs but can't explain what they're doing. A musician comes along and says, oh, that's counterpoint, or something. Pling. Explanation. The concepts are lacking. Now, I've been kind enough to point out to you where the problems in the docs are. There's no need to go off the deep end - you just have to fix them. Yousay thanks, because fixing it lowers the market resistence to your tool, and enables you to make further inroads against your competitors. If I were to guess at causes, I would say it looks as though the authors didn't have the linguistic concepts in their heads with which to explain them. In particular, My Pet Theory, which is what it is, is that the authors don't understand the difference between syntax and semantics, so they keep saying VALUE when they mean TERM. Result, confusion. You try explaining grammar to a person who doesn't know that they are speaking a language. There is a difference between a THING and the NAME of a thing. Check out your Lewis Carrol. Does that bring it home? No? Then go learn about it. Now you are simply arguing semantics with people in an No, I'm not. They are. I _am_ a lingusitic semanticist, as you would find if you looked me up. I can't argue about it - I simply say what is right. attempt to save face. RADIUS is truly not a complicated protocol. Why Sure - it looks easy. One packet in, one packet out, as far as I recall (and I only glanced at it). What has that got to do with anything? That's not in my competence to talk about and I've not commented on it. Nor do I care about it. are you arguing over things that truly don't matter in the grand Because they ARE what matters. What I am interested in is the language used to describe the simple (one-action, repeated) state machine that you construct from the description. That's what *I* interface with. I give orders to freeradius. Freeradius understands and does what I mean. To do so, it constructs a state machine and runs it, thus implementing a protocol in conformance with the radius spec. Fine. Freeradius concerns itself with radius. I concern myself with the language needed to talk to freeradius. That's the idea. It doesn't take much to get it right. People have been doing this for nigh on 50 years now folks. Write the language in accordance with what people expect. scheme? You started out by making assumptions based on previous experience that were not correct. No, I have not! Where do you get this from? I am telling you what my expectations are, and my expectaions ARE correct, by definition. Just as my expectation that the steering wheel on a car turns
RE: feature request
I would love to see a feature for logging by either realm, client, or even by CLID. Does the newer FR (.9) having where radius.log can be sent to a DB instead? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Saturday, November 27, 2004 11:14 AM To: [EMAIL PROTECTED] Subject: Re: feature request Edgars [EMAIL PROTECTED] wrote: is it possible somehow to make that for each host there will be separate radius log file? If no - could ir be likea future feature. Sure. It's probably 10 lines of code or so in src/main/log.c It could slow down the server a lot, though. I need this because of very big log file which data i'm using in the web interface. And each time someone wants to see theese logs for certain host, i must go through all the file. The logging certainly could be more configurable. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: how many records in radacct
I have 1,736,884 in my current MySQL table. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alexander Serkin Sent: Monday, November 22, 2004 1:11 PM To: [EMAIL PROTECTED] Subject: how many records in radacct Hello, how many records in radacct table do you manage to keep, guys? I see that radius stops working properly after about 15 accounting records in Oracle (9.2.0.4) database or ~3 in PostgreSQL 7.4.6. After that amount accounting records are not written into table and FR (v1.0.1) claims about no DB handles to use. I see this with Oracle and Postgres. The symptoms are the same on two different Solaris8 machines - Netra1120 with 2x440MHz processors and SunFire V240 with 2x1GHz processors. All recomendations about tuning are met - noatime on partitions with DB, no detail accounting, indexes on the accounting table. I'm fighting with that for a couple of months with no understanding what else could be wrong. Our DBA did some tunings on Oracle table and configuration - with no visible results. PostgreSQL is not tuned - just 'configure,make,make install, initdb, createdb radius,etc'. -- Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Changing the way I proxy
Below is an example of how I run my central freeradius server. It is nothing
but a central point for proxy to other servers. ISP2 ISP3 are customers
that we provide the RAS connections, but send AAA off to them to handle
their customers. I am ISP1 and send my users off to my other freeRADIUS
server. As obvious by my users file, I do handle this all by CLID.
Here is my boggle. We have just purchased ISP2 and need to integrate them
into our RADIUS. We are going to require them to add a domain to their login
([EMAIL PROTECTED]) so that we don't have duplicates to our current users
(their current dialup customers just use a username).
The problem is that ISP2 also does a bit of proxy for a satellite ISP based
on having a domain attached (@sat.newdomain.com). What would I add to my
users file to send any customer with @sat.newdomain.com in the username off
to a different realm, no matter what number they dialed?
*users*
DEFAULT Called-Station-Id == 1234567890, Proxy-To-Realm := isp1
DEFAULT Called-Station-Id == 1230987654, Proxy-To-Realm := isp2
DEFAULT Called-Station-Id == 123000, Proxy-To-Realm := isp2
DEFAULT Called-Station-Id == 1239991234, Proxy-To-Realm := isp3
*proxy.conf*
realm isp1 {
type= radius
authhost= 1.1.1.1:1812
accthost= 1.1.1.1:1813
secret = mydirtylittlesecret
nostrip
}
realm isp2 {
type= radius
authhost= 2.2.2.2:1645
accthost= 2.2.2.2:1646
secret = donttellanyone
}
realm isp3 {
type= radius
authhost= 3.3.3.3:1645
accthost= 3.3.3.3:1646
secret = youdontknow
nostrip
}
Anson Rinesmith
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radius.log question
Most likely, the user did not enter a password to be sent. Thus no User-Password attribute. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Edgars Sent: Wednesday, October 13, 2004 8:08 AM To: [EMAIL PROTECTED] Subject: radius.log question Hello! i can't find out why the following sentance is appearing in the line below - ...no User-Password attribute: Auth: Login OK: [a/no User-Password attribute] (from client uz galda port 12534 cli 1.1.1.2) Edgars - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: MySQL - account logging and other problems
You can't make the radius server just guess when to perform an action or what information to use. If the client isn't sending a accounting information to the server, then I would start there and try to figure out how to get your client sending accounting information, not just authentication information. I don't think the WRV54G will send accounting information. Hi, I have installed freeradius 1.0.1 with mysql and expperimental modules. I have set up mysql database and instruct radius to read users and nas information from mysql and to write accounting logs to mysql; also to log sql traces. I started the server with -X option and test the connection. If I run radtest program it will succesfully autenthicate and it will write some info into radpostauth table and nothing into radacct table. If I run NTRadPing and tell it request type Accounting On/Off the radacct table is updated. A friend tried to logon to radius server with a LinkSys WRV54G router and it also writes only into radpostauth table. Practically it writes to database when user logs on but it doesn't write when user logs off. My guess about this behaviour is that the client doesn't send accountin on/off information to the radius server. Can anyone tell me how could I make freeradius write into radacct table ? Or how could it be instructed to write some informations to the database when user logs off. I am also curious if radius could be instructed to allow specific user from specific nas (something like user X could only came from nas Y and so on) ? Thank you! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: realm + accounting
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Tuesday, October 12, 2004 10:12 AM
To: [EMAIL PROTECTED]
Subject: Re: realm + accounting
marek cervenka [EMAIL PROTECTED] wrote:
i need store acct data on two places when send acct to realm
is this possible or some way like that?
realm serv.com {
type= radius
authhost= radius2.serv.com:1645
accthost= LOCAL, radius2.serv.com:1813
That won't work.
By default, when the server proxies accounting packets, it also logs
them locally.
Alan DeKok.
What if you didn't want the server to log them locally, but still send the
acct info off to the other server?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
realm information in accounting records
Im using a central freeradius/MySQL setup to do
proxying for 3 ISPs. I keep accounting records for each ISP. The problem
is that every record has the Realm set as DEFAULT. I would like to have the
realm reflect the realm it was proxied to.
My SQL statement, in sql.conf looks like this:
accounting_start_query = INSERT into radacct
(., Realm, .) values('., '%{Realm}',
.)
users and acct_users I have lines similar to these:
DEFAULT Called-Station-Id == 555,
Proxy-To-Realm := realm1
DEFAULT Called-Station-Id == 555,
Proxy-To-Realm := realm2
DEFAULT Called-Station-Id == 555,
Proxy-To-Realm := realm3
proxy.conf looks similar to:
realm realm1 {
type = radius
authhost = 1.2.3.4:1645
accthost = 1.2.3.4:1646
secret = ourlittlesecret
}
realm realm2 {
type = radius
authhost = 5.6.7.8:1645
accthost = 5.6.7.8:1646
secret = itsasecret
}
realm realm3 {
type = radius
authhost = 4.3.2.1:1645
accthost = 4.3.2.1:1646
secret = notgonnatellya
nostrip
}
RE: A suggestion
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Graeme Hinchliffe Sent: Monday, August 02, 2004 3:21 AM To: FreeRADIUS list Subject: RE: A suggestion On Fri, 2004-07-30 at 17:53, Anson Rinesmith wrote: That would be okay, if each field had the same number of tokens, after the token that would identify what kind of record it is, not the case. If you use yacc to parse the tokens it would work perfectly. You could specify the standard line header (date etc), then at the point you identify the line, you could also specify what attributes are part of that particular line, so the number of attributes/tokens can be different as long as there is a recognisable relationship. There in lies the problem. At what point can you make that recognizable relationship. Does anyone know where I can find a list of all possible messages output to radius.log? Graeme -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Graeme Hinchliffe Sent: Friday, July 30, 2004 10:41 AM To: FreeRADIUS list Subject: Re: A suggestion On Fri, 2004-07-30 at 15:42, Anson Rinesmith wrote: Fri Jul 30 09:19:26 2004 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius could you not use RegEx to match each portion of the logfile? you could use something like lex/yacc to tokenise and parse the loglines or the whole file, and just return the individual elements you wish to store. This would get around the ':' seperator problem you are having. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: hi every body
I dont understand your problem. If it is reporting 192.168.10.5 as the NAS IP, and you are running NTRadPing from that same server, then it sounds like it is behaving properly. What is the problem, what are you trying to accomplish? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of jassim El-mansori Sent: Monday, August 02, 2004 8:25 AM To: [EMAIL PROTECTED] Subject: hi every body hello guys i have problem in my freeradius configuratin ..I'm not sure is normal or there is some thing wrong going off i have client with IP 192.168.10.5.when i run the command radiusd -X and start using the ping utlity it shows on the freeradius server that the NAS-IP-Address is the same as the client IP (192.168.10.5) as i have the nas and the radius runing on the same machine so.please if any one of u guys know how i can configure the NAS please tell what i need to do thank u all Do you Yahoo!? New and Improved Yahoo! Mail - Send 10MB messages!
A suggestion
To whomever this may concern: I am working on a bit of perl that will take the Log File and insert it into a database in real-time. For future versions of this, it would be great if the records used something unique to split the parts of the entry. This particular record was particularly frustrating: Fri Jul 30 09:19:26 2004 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius If I try to Split on the :, I split on the time as well as at the end on /radius when I don't need to. If I use , not all entries have the information in the same field number: Fri Jul 30 09:19:26 2004 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 This record has one less field before the actual message is given, than the previous record given. Just a thought for the future, if something unique, like | was used. Anson Rinesmith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Linux type NTRadPing?
All, I have a customer that is having trouble authenticating. He is a dialup user that has a Linux system. I usually suggest NTRadPing to my win32 based customers. Does anyone have an alternative to this for Linux? Something independent that does not part of a larger program would be preferred. Anson Rinesmith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: A suggestion
Fri Jul 30 10:56:21 2004 : Info: Ready to process requests. That record gives me a different number of fields, and I meant to paste that one in. Compared to: Fri Jul 30 09:19:26 2004 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Paul Bender Sent: Friday, July 30, 2004 10:04 AM To: [EMAIL PROTECTED] Subject: Re: A suggestion I agree, unique delimiters are good. However, for the example you gave, it looks like you could split using ': '. Anson Rinesmith wrote: To whomever this may concern: I am working on a bit of perl that will take the Log File and insert it into a database in real-time. For future versions of this, it would be great if the records used something unique to split the parts of the entry. This particular record was particularly frustrating: Fri Jul 30 09:19:26 2004 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius If I try to Split on the :, I split on the time as well as at the end on /radius when I don't need to. If I use , not all entries have the information in the same field number: Fri Jul 30 09:19:26 2004 : Info: rlm_sql_mysql: Starting connect to MySQL server for #0 This record has one less field before the actual message is given, than the previous record given. Just a thought for the future, if something unique, like | was used. Anson Rinesmith - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: A suggestion
That would be okay, if each field had the same number of tokens, after the token that would identify what kind of record it is, not the case. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Graeme Hinchliffe Sent: Friday, July 30, 2004 10:41 AM To: FreeRADIUS list Subject: Re: A suggestion On Fri, 2004-07-30 at 15:42, Anson Rinesmith wrote: Fri Jul 30 09:19:26 2004 : Info: rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius could you not use RegEx to match each portion of the logfile? you could use something like lex/yacc to tokenise and parse the loglines or the whole file, and just return the individual elements you wish to store. This would get around the ':' seperator problem you are having. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Linux type NTRadPing?
Nothing is showing up in the logs. That's why I want to know if it's a freeRadius issue, not working right, or if the RAS isn't getting the request to me. NTRadping allows me to quickly isolate the issue. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Milver S. Nisay Sent: Friday, July 30, 2004 10:28 AM To: [EMAIL PROTECTED] Subject: Re: Linux type NTRadPing? All, I have a customer that is having trouble authenticating. He is a dialup user that has a Linux system. I usually suggest NTRadPing to my win32 based customers. Does anyone have an alternative to this for Linux? Something independent that does not part of a larger program would be preferred. i suggest you look at the radius logs whats keeping him from being authenticated., try radiusd -X //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Linux type NTRadPing?
Thanks. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, July 30, 2004 12:18 PM To: [EMAIL PROTECTED] Subject: Re: Linux type NTRadPing? Anson Rinesmith [EMAIL PROTECTED] wrote: Nothing is showing up in the logs. That's why I want to know if it's a freeRadius issue, not working right, or if the RAS isn't getting the = request to me. NTRadping allows me to quickly isolate the issue. What's wrong with radclient? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radreply mysql
For me, in radcheck, I had to use == as my op And in radreply I had to use := -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Tuesday, July 27, 2004 6:04 AM To: [EMAIL PROTECTED] Subject: radreply mysql Hi, I assigned a number of users a static ip address using the dial_admin interface, but for some reason the radreply table doesn't seem to be used. When I look at /var/log/radacc/nas.ip/reply-date it doesnt show anything about the framed-ip. mysql select * from radcheck where Username=icepick; ++--+---++---+ | id | UserName | Attribute | op | Value | ++--+---++---+ | 6 | icepick | User-Password | := | barry | ++--+---++---+ 1 row in set (0.00 sec) mysql select * from radreply where UserName=icepick; ++--+++---+ | id | UserName | Attribute | op | Value | ++--+++---+ | 10 | icepick | Framed-Compression | = | None | | 8 | icepick | Framed-IP-Address | = | 219.88.249.85 | ++--+++---+ Any ideas? Thanks Barry
RE: New Opensource project-AAAadmin
Anywhere I can find some good screen shots along with functionality of dialup admin? -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Rick Smith Sent: Friday, July 23, 2004 8:18 AM To: [EMAIL PROTECTED] Subject: RE: New Opensource project-AAAadmin Yeah, dialupadmin needs some work, but it's good as it is, too. -Original Message- From: Kostas Kalevras [mailto:[EMAIL PROTECTED] Sent: Friday, July 23, 2004 8:46 AM To: [EMAIL PROTECTED] Subject: Re: New Opensource project-AAAadmin On Fri, 23 Jul 2004, Amit Gupta wrote: This solution will be avaible in perl and biferno too. Also more features that I will disclose soon. first let me know ur expectations. WIll you join me??? I really don't see any point in reinventing the wheel. Why not just add the extra features in dialupadmin instead of creating a new one? expectations: dialup_admin/doc/TODO Also see dialup_admin/doc/HELP_WANTED As for joining, sorry I 've already got an interface that suits my needs and is in constant development. The question would be why abandon it for a new one? Amit - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 5:01 AM Subject: Re: New Opensource project-AAAadmin On Fri, 23 Jul 2004, Amit Gupta wrote: Hi friends , I have decided to develop opensource project-AAAadmin. Its URL is dmin.sourceforge.net. I invite you to share your expectations from such solution. I also invite you to join development. What's wrong with dialupadmin? Amit Gupta --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is there a ChangeLog
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, July 22, 2004 10:38 AM To: [EMAIL PROTECTED] Subject: Re: Is there a ChangeLog Anson Rinesmith [EMAIL PROTECTED] wrote: That's my problem, I DON'T know how to tell them apart. Looking at any entry from the radius.log file, I don't know if it for my customers, ISP2 or ISP3. Using the 'cli' won't help as we have overlapping customer bases. So... how do you expect to be able to tell them apart if you had logging straight to SQL? Decide what information you need to distinguish users first, THEN work on how to log it, and where. The only thing that makes sense is to distinguish this by the called number. This information is not in the log file of the version I have. My hope was that the newer versions might have the ability to sort the information or provide more information in the log for me to make that distinction. I'm obviously getting a NO on both cases. Where would be a good place for me to look, if I want to change the code to do what I need? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is there a ChangeLog
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Kostas Kalevras Sent: Thursday, July 22, 2004 11:26 AM To: [EMAIL PROTECTED] Subject: RE: Is there a ChangeLog On Thu, 22 Jul 2004, Anson Rinesmith wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Thursday, July 22, 2004 10:38 AM To: [EMAIL PROTECTED] Subject: Re: Is there a ChangeLog Anson Rinesmith [EMAIL PROTECTED] wrote: That's my problem, I DON'T know how to tell them apart. Looking at any entry from the radius.log file, I don't know if it for my customers, ISP2 or ISP3. Using the 'cli' won't help as we have overlapping customer bases. So... how do you expect to be able to tell them apart if you had logging straight to SQL? Decide what information you need to distinguish users first, THEN work on how to log it, and where. The only thing that makes sense is to distinguish this by the called number. This information is not in the log file of the version I have. My hope was that the newer versions might have the ability to sort the information or provide more information in the log for me to make that distinction. I'm obviously getting a NO on both cases. Where would be a good place for me to look, if I want to change the code to do what I need? Why can't you use the client part of the log? For instance: Auth: Login OK: [username] (from client prometheus port 176 cli cli) client part We are hosting multiple ISP's on the same RAS box. Looking at which client it came from doesn't help. I guess I could take the username and do a lookup into the database to find out whose customer that is. I appreciate everyone's input. I think I have enough ammo to dig in and get this done. I'll be sure to post my results (successful or not) back to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is there a ChangeLog
I think that is what I am going to try first. I guess a perl script that watches the radius.log file is the way to go. My perl is a big rusty, anyone that could get me on the right line, feel free to email me off list. arinesmith at bigrivertelephone.com I'll keep a close eye on my spam filter, so that if you get blocked, I can whitelist it through. Again, thanks to everyone for their responses. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: Thursday, July 22, 2004 2:27 PM To: [EMAIL PROTECTED] Subject: Re: Is there a ChangeLog Anson Rinesmith wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, July 21, 2004 1:23 PM To: [EMAIL PROTECTED] Subject: Re: Is there a ChangeLog Anson Rinesmith [EMAIL PROTECTED] wrote: My biggest issue is that I want to bring in a second and third ISP to use our radius service. I want to present each ISP with their error log, without seeing the other ISPs errors. I am currently at a loss on how to do this. As I said, post-process them. If you can tell the messages apart when putting them into any theoretical DB, you can tell them apart when reading them from radiusd.conf. That's my problem, I DON'T know how to tell them apart. Looking at any entry from the radius.log file, I don't know if it for my customers, ISP2 or ISP3. Using the 'cli' won't help as we have overlapping customer bases. If you are using realms and they are not being stripped, they should appear in the log file. I think that is what I am going to try first. I guess a perl script that watches the radius.log file is the way to go. My perl is a big rusty, anyone that could get me on the right line, feel free to email me off list. arinesmith at bigrivertelephone.com I'll keep a close eye on my spam filter, so that if you get blocked, I can whitelist it through. Again, thanks to everyone for their responses. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Is there a ChangeLog
I would like to find out what new features have been added since my version of FreeRADIUS. I looked but this was the best I found: It is a significant leap in functionality over 0.9.3, and contains too many bug fixes and feature enhancements to list in detail. Im looking specifically for what has changed in error reporting. Any new messages, can it be put to a DB, can it be separated by realm, etc Thanks.
RE: Radius setup
If you can radtest directly to the server, then you need to setup the PIX to do its VPN authentication against the server. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alhagie Puye Sent: Wednesday, July 21, 2004 8:24 AM To: [EMAIL PROTECTED] Subject: Radius setup Hey all, I am new to setting up radius but from what I read, it should be very simple to achieve my goal. I have done a lot of reading from both the web site, /doc directory and the file comments too. This is what I'm trying to do: We have a PIX box and I have a Redhat systems with all the password in /etc/password. I have installed FreeRADIUS on it (latest version). All I would like to accomplish is for VPN clients to use their existing usernames and password in /etc/password to authenticate. I have edited client.conf and put the correct entry for the PIX box. Besides configuring the PIX, am I missing anything on the FreeRADIUS side to make this happen? BTW, radtest works just fine. Thanks in advance, Alhagie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: username's and password
To be sure, just add column headers to your excel sheet before you export it. Just make your headers match your field names. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of sarky Sent: Wednesday, July 21, 2004 11:43 AM To: [EMAIL PROTECTED] Subject: Re: username's and password Thanx for the info, i know where to start from now. just a quick one if i use phpmyadmin how would i be able to tell it for example username how will i be able to tell it which field to enter username in? Thanx once more Sarky On Wed, 21 Jul 2004 17:24:40 +0100, Alain Perry wrote: Le mer 21/07/2004 à 17:08, sarky a écrit : I have an excel sheet with 10,000 username's and password and i am trying to import them into mysql databse, does anyone out there know of a way to do it.. You can save it as a .CSV file (using file-save as...) in excel, and then make a script using your favorite language or use phpmyadmin to import it into mysql. You may also be able to import directly using the MySQL ODBC driver that allows MS Office to exchange data with it IIRC. Hope this helps, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is there a ChangeLog
My biggest issue is that I want to bring in a second and third ISP to use our radius service. I want to present each ISP with their error log, without seeing the other ISPs errors. I am currently at a loss on how to do this. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, July 21, 2004 1:02 PM To: [EMAIL PROTECTED] Subject: Re: Is there a ChangeLog Anson Rinesmith [EMAIL PROTECTED] wrote: Can the /var/log/radiusd.log file be sent to a database instead? Not currently. But you can write a script to post-process radiusd.log, and put it into a DB. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is there a ChangeLog
-Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, July 21, 2004 1:23 PM To: [EMAIL PROTECTED] Subject: Re: Is there a ChangeLog Anson Rinesmith [EMAIL PROTECTED] wrote: My biggest issue is that I want to bring in a second and third ISP to use our radius service. I want to present each ISP with their error log, without seeing the other ISPs errors. I am currently at a loss on how to do this. As I said, post-process them. If you can tell the messages apart when putting them into any theoretical DB, you can tell them apart when reading them from radiusd.conf. That's my problem, I DON'T know how to tell them apart. Looking at any entry from the radius.log file, I don't know if it for my customers, ISP2 or ISP3. Using the 'cli' won't help as we have overlapping customer bases. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Is there a ChangeLog
If you've got some code working for postgre, I'm sure I could port that to work for mysql. I'm willing to do the work, I just don't know where to get the differentiating information from freeradius so I know what ISP that user belongs to. Something based on Called-Station-ID like the users and acct_users file (DEFAULT Called-Station-Id == 1234567890, Proxy-To-Realm := ISP1) would be useful. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: Wednesday, July 21, 2004 1:27 PM To: [EMAIL PROTECTED] Subject: Re: Is there a ChangeLog There was a program written to work with Squid that sent the logs to a database. It used a FIFO for the log file, so squid would write to the FIFO and The program would read from the FIFO. The program would decipher the logs and insert the relevant data into a table. I believe the program was written in Perl and was called squid2mysql or something like that. I think I may have ported it to PostgreSQL, I will see if I have it archived somewhere. I have considered making a rlm_log module but have not had time to delve into it yet. Once such a module exists having the data exported to a DB and file for redundancy, should not be too difficult. For now I will try to find the pipe based stuff, and see what I can do with it. Anson Rinesmith wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Wednesday, July 21, 2004 9:06 AM To: [EMAIL PROTECTED] Subject: Re: Is there a ChangeLog Anson Rinesmith [EMAIL PROTECTED] wrote: I would like to find out what new features have been added since my version of FreeRADIUS. I looked but this was the best I found: It is a significant leap in functionality over 0.9.3, and contains too many bug fixes and feature enhancements to list in detail. Have you tried doc/ChangeLog? I'm looking specifically for what has changed in error reporting. Any new messages, can it be put to a DB, can it be separated by realm, etc. I'm not sure what you mean by that. Can the /var/log/radiusd.log file be sent to a database instead? I have written my own user interface and it would be much simpler if I could show my clients their error logs by querying a table, rather than parsing a file. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html . -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: problems with radius accounting when using mysql
Run radius in debug mode (radiusd -X) and see if you can figure out what is
happening.
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Maqbool Hashim
Sent: Wednesday, June 30, 2004 11:24 AM
To: [EMAIL PROTECTED]
Subject: problems with radius accounting when using mysql
Hi,
I have radius set up to get authentication information from a mysql
database. I want it to log accounting information to the radacct table
in my
mysql database. I have set up the accounting section in my radiusd.conf
file as follows:
accounting {
acct_unique
detail
unix
sql
radutmp
}
However radius is still logging accounting information to the files and
I can't see anything in the radacct table in my database. (I have
rebooted the radius server).
Am I missing a crucial setting here?
Regards,
Maqbool
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: [vchkpw] User ID Password
It would be very easy in the sql.conf what table is looked at, and what the field names are that contain the information you want. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kirti S. Bajwa Sent: Saturday, June 05, 2004 11:06 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: [vchkpw] User ID Password Hello: I am posting this message on freeRADIUS, vpopmail mysql lists. This may get few people upset but please read I am trying to install (on RH9), qmail, vpopmail, mysql, Courier-IMAP, squirrelmail, etc., with backend data on MySQL. On another computer I have installed RH9 freeRADIUS server. vpopmail is used to add UID PW and the data is stored in vpopmail DB in MySQL. Now freeRADIUS also uses UID PW to authenticate and has its own data structure. I like to know if there is a way so that user data is stored in one table in MySQL so vpopmail and freeRADIUS can access the same information?? Thanks in advance. Kirti - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem using Calling-Station-Id-Attribute in radcheck
Maybe your OP needs to be := Just something you could try, before an educated answer happens by. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Stefan Grünbaum Sent: Monday, May 24, 2004 4:21 PM To: [EMAIL PROTECTED] Subject: Problem using Calling-Station-Id-Attribute in radcheck Hello, I´m using Freeradius (May,24,2004) with Mysql and PEAP for Authentication of a Wireless-Lan Client. If I only check Username Password, everything works fine. Now, I want also to check the MAC-Address of this Wireless-Lan Client. Therefore I added the Calling-Station-Id-Attribute to the radcheck table. mysql select * from radcheck; ++--+++--+ | id | UserName | Attribute | op | Value| ++--+++--+ | 1 | canram | User-Password | == | 123123 | | 2 | canram | Calling-Station-Id | == | 000d88522f1f | ++--+++--+ 2 rows in set (0.00 sec) Unfortunatelly, freeradius cannot validate this user anymore. Are there any config-files I have to change? Please see the freeradiusdebug output below. rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, length=125 User-Name = canram NAS-IP-Address = 192.168.200.245 Called-Station-Id = 0006253bdc49 Calling-Station-Id = 000d88522f1f NAS-Identifier = 0006253bdc49 NAS-Port = 34 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020b0163616e72616d Message-Authenticator = 0xfc56758dc0f3401bff35dc7ff7661def Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = canram, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: EAP packet type response id 0 length 11 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 0 modcall[authorize]: module files returns notfound for request 0 radius_xlat: 'canram' rlm_sql (sql): sql_set_user escaped user -- 'canram' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'canram' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 4 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou pcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'canram' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'canram' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou preply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'canram' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql): Released sql socket id: 4 modcall[authorize]: module sql returns ok for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module eap returns handled for request 0 modcall: group authenticate returns handled for request 0 Sending Access-Challenge of id 0 to 192.168.200.245:2048 EAP-Message = 0x0101001604100f6fa9e8b28c56ac8f9621226c76b4ae Message-Authenticator = 0x State = 0xde6114c592a60d68537235ef5398a9b4 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.200.245:2048, id=0, length=138 User-Name = canram NAS-IP-Address = 192.168.200.245 Called-Station-Id = 0006253bdc49 Calling-Station-Id = 000d88522f1f NAS-Identifier = 0006253bdc49 NAS-Port = 34 Framed-MTU = 1400 State = 0xde6114c592a60d68537235ef5398a9b4 NAS-Port-Type = Wireless-802.11 EAP-Message = 0x020100060319 Message-Authenticator = 0xdeaffa0daedbb6a175f225a568170aa8 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 modcall[authorize]: module preprocess returns ok for request 1 modcall[authorize]: module
RE: Looking for Possiblities
It isn't really that hard, the work isn't in the MAX or the FR server. All you have to do is have a group for nopay users. Assign them out of a different IP pool, possibly even a private subnet. Then in the Next hop router, you would have to reroute all web traffic from that subnet to your webpage and block all other traffic. You can do the same, if you want to implement family safe web browsing, users who pay the extra get a different subnet, and get routed differently. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Friday, May 14, 2004 8:35 AM To: [EMAIL PROTECTED] Subject: Re: Looking for Possiblities Well all customers connect via dialup to a Max 6000 unit. - Original Message - From: Graeme Hinchliffe [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 14, 2004 3:12 AM Subject: Re: Looking for Possiblities On Thu, 13 May 2004 21:53:41 -0500 Nick Marino [EMAIL PROTECTED] wrote: What I am looking for is a way to redirect a user to a specific web page on my web server if there account access has been restricted instead of setting for reject and locking them out totally. We are an ISP and need to block users access and redirect them to a specific web page if they have not payed thier bill and the account is on hold till it is resolved. Is there any way to do this using freeradius? I think the assigning them a none standard IP is the best route. On your NASes configure that IP Range to an interface that is connected to a webredirection box and no external access. Perhaps run it through a box with squid so any requests for any page are redirected to the webserver on that box. If you are using something more advanced like Redback SMS's or customers arrive via a tunnel, you could add the necisary attributes to direct them down a different route. -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1.679 (20040318) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: missing radius.log file
I have two radius servers, one stores them in /usr/local/var/log and the other in /var/log Just depends on what version of FR you are using and/or how you set it up in radiusd.conf Try doing a find / -name radius.log that should help you find your log file. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of stenmark Sent: Friday, May 14, 2004 1:38 PM To: [EMAIL PROTECTED] Subject: missing radius.log file (This should be pretty simple) I can not find a radius.log file Is there a setting (maybe in the radiusd.conf) that I missed? What I can find are these log files: /usr/local/var/log/radius/radacct/[IP-ADDRESS]/detail-[DATE] for example: /usr/local/var/log/radius/radacct/127.0.0.1/detail-20040513 Are these log files the same as the radius.log except broken up into dates? Thanks, Evan Stenmark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Dialup Admin, problems with apache (httpd) and php
You probably need to add the extentions .html .htm to your configuration so that apache knows to try and process those as PHP. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Evan Stenmark Sent: Friday, May 14, 2004 1:47 PM To: [EMAIL PROTECTED] Subject: Dialup Admin, problems with apache (httpd) and php Apache (httpd) is not working with php it seems in the httpd.conf I made the DirectoryRoot /usr/local/dialupadmin/htdocs I start the server then access the page and on the right frame, there is Dialup Admin In the left frame, there is only php code ?php ... ? Obviously apache is not set up to work with php right now I am running Redhat 9 and from rpmquery there is httpd-2.0.40-21 php-4.2.2-17 I have looked through many of the posts on the archive and can't find any solutions that are working with my problem I suppose my main question is, how do I get apache working with php to disply dialup admin correctly? Or what is something common that I am missing? I will provide you with more information if you need it Thanks, Evan Stenmark - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Second radius forward
If you have it setup in radiusd.conf to
look for @ to determine realms, then all you need to do is add that information
to users and acct_users.
[EMAIL PROTECTED]
you would set up
realm domain.com {
type = radius
authhost = ipaddressHere:1645
accthost = ipaddressHere:1645
secret = thesecret
}
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of rsrose
Sent: Friday, May 07, 2004 8:01 AM
To:
[EMAIL PROTECTED]
Subject: Re: Second radius forward
How?
Milver S. Nisay wrote:
Hello All,Is it possible to forward an authentication request to another radius server based on the domain in the user name?
yes- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Could not link driver rlm_sql_mysql: file not found
From a previous solution: About freeRADIUS: 1. We suppose that you MySQL installs under /home/mysql 2. ./configure --prefix = /home/radius --with-rlm-sql_mysql-include-dir = /home/mysql/include/myql 3. make make install 4. mkdir /home/radius/src 5. cp /home/freeradius-0.9.3/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sq l /home/radius/src 6.Put /home/radius/lib into /etc/ld.so.conf. About MySQL: 1. Put /home/mysql/lib/mysql into /etc/ld.so.conf. May you succeed. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Milver S. Nisay Sent: Friday, April 30, 2004 2:23 AM To: [EMAIL PROTECTED] Subject: Re: Could not link driver rlm_sql_mysql: file not found Thanks. I already read all of that and i did everything he said to do. I'm happy that i read that because it was the only thing that really helped me to get started with freeradius in general. I followed all of the directions and got the thing running using text file authentication, then i followed his directions for the Mysql part and i got the error: Could not link driver rlm_sql_mysql: file not found.. now i can't get past it no matter what i do. I have tried everything. Thanks again! you need to recompile freeradius with support to rlm_sql module. can you share radiusd -X ? what OS? freeradius version? MySQL version? //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: any NAS with good radius support
An Ascend MAX2000 will handle 1 T1, and has been a very reliable NAS for me in the past. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, April 29, 2004 2:17 AM To: [EMAIL PROTECTED] Subject: any NAS with good radius support Hi all Now, when my NAS is dead (at last:) I need a replacement. Can anyone advise me something not so e as CISCO , but that is able to work reliably and with good RADIUS support ? I need and NAS with approxim. 16 dialup ports(not less), which connects directly to ethernet.(authorization/authent via RADIUS) Best regards, Andrei - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple IP Pools with Ascend APX's
Im using freeRadius with MySQL In radgroupreply, GroupName, Attribute, op, Value, prio I have multiple ISPs logging into one RAS. First ISP needs to class Cs, pools 1 and 2. Second ISP needs 3 Class Cs, pools 3, 4 5. etc.. Therefore I cannot use isp1, X-Ascend-Assign-IP-Pool, :=, 0 Would I have isp1, X-Ascend-Assign-IP-Pool, :=, 1 isp1, X-Ascend-Assign-IP-Pool, +=, 2 isp2, X-Ascend-Assign-IP-Pool, :=, 3 isp2, X-Ascend-Assign-IP-Pool, +=, 4 isp2, X-Ascend-Assign-IP-Pool, +=, 5 etc.
RE: Which is donwload and which is upload
The NAS reports from ITs point of view, so Output, would be what it sends to the remote client. Input would be what it received from the remote client. So Output, would be what the PC downloaded and vice versa. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raymond Sent: Thursday, February 26, 2004 5:07 AM To: [EMAIL PROTECTED] Subject: Which is donwload and which is upload Importance: High Hi, I just did a research for radius accouting table. The result is always accctInputOctets is greater than AcctOutputOctets. What I understand is accctInputOctets is download usage and AcctOutputOctets is upload usage. But, download shouldnt be less than upload. Can anyone explain it for me, please? Best regards, Raymond
RE: What the unit of AcctInputOctets, AcctOutputOctets
Yes, its 8(octal) bits, or 1 byte. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raymond Sent: Thursday, February 26, 2004 1:03 AM To: [EMAIL PROTECTED] Subject: What the unit of AcctInputOctets, AcctOutputOctets Hi Would anyone tell me what is the unit of AcctInputOctets, AcctOutputOctets in table radacct? Is it byte, kbyte, mbyte? Thanks, Raymond
Multiple realms
I have a freeradius server accepting proxy requests for
multiple Called-Station-Ids
I would like the SQL database field realm to
properly reflect what realm it is actually proxying for.
The problem is that if I put Called-Station-Id in the users
file and put the realm information in proxy.conf, I get an infinite loop.
Snippets -
users:
DEFAULT Called-Station-Id == 2345678901,
Proxy-To-Realm := isp1.net
DEFAULT Called-Station-Id == 9991114321,
Proxy-To-Realm := isp2.net
DEFAULT Called-Station-Id == 5554441234,
Proxy-To-Realm := isp2.net
proxy.conf:
realm isp1.net {
type
= radius
authhost
= LOCAL
accthost
= LOCAL
}
realm isp2.net {
type
= radius
authhost
= LOCAL
accthost
= LOCAL
}
If I take this information out of users and proxy.conf, they
authenticate but DEFAULT gets put into the DB.
Any thoughts? Am I doing something wrong, or is this just
something Ill have to live with?
Anson Rinesmith
RE: Multiple realms
I put
DEFAULT Called-Station-Id == 2345678901, Realm := isp1.net
In both users and acct_users
And I still get DEFAULT put in the realm field in my database.
Should this be a REPLY?
DEFAULT Called-Station-Id == 2345678901
Realm := isp1.net
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Alan DeKok
Sent: Monday, February 23, 2004 12:38 PM
To: [EMAIL PROTECTED]
Subject: Re: Multiple realms
Anson Rinesmith [EMAIL PROTECTED] wrote:
I would like the SQL database field realm to properly reflect what
realm it is actually proxying for.
Ok...
The problem is that if I put Called-Station-Id in the users file and put
the realm information in proxy.conf, I get an infinite loop.
Of what?
users:
DEFAULT Called-Station-Id =3D=3D 2345678901, Proxy-To-Realm :=
isp1.net
Which says PROXY THE PACKET, not Set the Realm
Use the Realm attribute to set the Realm.
proxy.conf:
realm isp1.net {
type= radius
authhost = LOCAL
accthost = LOCAL
You're trying to do RADIUS proxying to the local server. I don't
see why.
No, I am accepting a proxy request from another server.
Any thoughts? Am I doing something wrong, or is this just something I'll
have to live with?
Use Realm, and not Proxy-To-Realm.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Multiple realms
', 'DEFAULT', '111.222.333.444', '7', 'Async', '2004-02-23 14:51:16', '0', '0', 'RADIUS', '', '', '0', '0', '2345678901', '99', '', 'Framed-User', 'PPP', '111.222.333.123', '0', '0')' rlm_sql: Reserving sql socket id: 3 rlm_sql: Released sql socket id: 3 modcall[accounting]: module sql returns ok modcall: group accounting returns ok Sending Accounting-Response of id 238 to 209.16.220.24:1814 Proxy-State = 0x3538 Finished request 11 Going to the next request Cleaning up request 11 ID 238 with timestamp 403a67c4 rl_next: returning NULL Waking up in 6 seconds... -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, February 23, 2004 2:46 PM To: [EMAIL PROTECTED] Subject: Re: Multiple realms Anson Rinesmith [EMAIL PROTECTED] wrote: DEFAULT Called-Station-Id == 2345678901, Realm := isp1.net In both users and acct_users And I still get DEFAULT put in the realm field in my database. Then read the debug log to see where the DEFAULT realm is coming from. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius.log
Im getting this type of error for many different users, any idea what this error means? Its always 16 *s followed by some random characters. Wed Feb 18 04:34:14 2004 : Auth: Login incorrect: [ear/q] (from client radiusproxy port 2 cli ) ); Wed Feb 18 04:33:29 2004 : Auth: Login incorrect: [ear/\002] (from client radiusproxy port 2 cli ) ); Wed Feb 18 04:31:49 2004 : Auth: Login incorrect: [ear/_] (from client radiusproxy port 0 cli ) ); Wed Feb 18 04:30:07 2004 : Auth: Login incorrect: [ear/\317] (from client radiusproxy port 0 cli ) ); Wed Feb 18 04:28:24 2004 : Auth: Login incorrect: [ear/\344] (from client radiusproxy port 3 cli ) ); Wed Feb 18 04:19:02 2004 : Auth: Login incorrect: [iluvpear/+] (from client radiusproxy port 0 cli) ); Wed Feb 18 04:17:19 2004 : Auth: Login incorrect: [iluvpear/\340] (from client radiusproxy port 0 cli ); Wed Feb 18 04:15:40 2004 : Auth: Login incorrect: [iluvpear/z] (from client radiusproxy port 0 cli ) ); Wed Feb 18 03:04:10 2004 : Auth: Login incorrect: [billiem/\205] (from client radiusproxy port 6 cli ) ); Wed Feb 18 03:03:20 2004 : Auth: Login incorrect: [billiem/)] (from client radiusproxy port 6 cli ) ); Wed Feb 18 03:02:31 2004 : Auth: Login incorrect: [billiem/\355] (from client radiusproxy port 6 cli ) ); Anson Rinesmith Internet Operations Manager Big River Telephone Company 800-455-1608 x106 573-382-0555 www.bigrivertelephone.com Real People. Real Service. Real Simple. image001.jpg
RE: radius.log rotate?
I found that for now the easiest way for me is to edit newsyslog.conf (FreeBSD 4.6) and add that file in there. Works pretty well so far. -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Guy Fraser Sent: Friday, February 13, 2004 11:33 AM To: [EMAIL PROTECTED] Subject: Re: radius.log rotate? Anson Rinesmith wrote: Does the radius.log file rotate when it gets large? If not, has anyone written a script to do this? Thanks, Anson I have been meaning to look into having the log file dynamically named. I made a patch for Cistron Radius that dynamically named. Example: /var/log/radius/%Y%b%d.log Today's file is : /var/log/radius/2004Feb13.log I will look at this issue, and try to get the patch into CVS. Hopfully the patch will make it into CVS before v1.0. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem installing freeradius+rlm_sql_mysql under freebsd ! Strange!
Please post your results here, as I know I would be interested to know if
this works.
-Original Message-
From: [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] On Behalf Of Guy Fraser
Sent: Wednesday, February 11, 2004 1:35 PM
To: [EMAIL PROTECTED]
Subject: Re: Problem installing freeradius+rlm_sql_mysql under freebsd !
Strange!
Anton Blajev wrote:
Hello all out there,
I'm using FreeBSD as my server machine, I wanted to run radius+mysql
auth for my pptp users.
I got freeradius work just fine, but !
When I've tryed to get it working with mysql I wasn't able :(.
It returnd error freeradius can't load rlm_sql_mysq module.
I've made ls -la in the lib dir, there was rlm_sql.so ponting to
rlm_sql_postgresql.so
I've installed freeradius a lot of times after, with different options
( I'm installing it from /usr/ports , I have the exact version of mysql
server + client).
I'm defining -DWITH_MYSQL_VER=40 as described in the Makefile in
/usr/ports/net/freeradius/Makefile, but nothing!!!
I get the same result every time, freeradius got built witn postgre and
no mysql :(((
Any ideas why's that?
10x in advance!
Change directory to :
/usr/ports/net/freradius
Type these commands as root or use sudo :
make deinstall
make clean
make WITH_MYSQL=yes
make install
You should now have freeradius installed with mysql support.
If you want to build from cvs...
As root :
cvs -d :pserver:[EMAIL PROTECTED]:/source login
{cvs password is : anoncvs}
cvs -d :pserver:[EMAIL PROTECTED]:/source checkout radiusd
cvs -d :pserver:[EMAIL PROTECTED]:/source logout
cd radiusd
./configure --quiet --with-logdir=/var/log --localstatedir=/var \
--disable-ltdl-install --with-ltdl-include=/usr/local/include \
--with-ltdl-lib=/usr/local/lib --with-large-files \
--without-rlm_x99_token
make
make install
I am currently working on a FreeBSD 5.2 machine with FreeRadius from CVS.
You will probably want to make sure your ports tree is up to date before
you build freeradius from ports. The current port should be 0.9.3. I have
built it with MySQL support and it does work.
Hope that helps.
Have a nice day.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy and Realms
I'm using a freeradius server to identify proxies to about 3 other RADIUS servers. One of them happens to be a freeradius server. When it puts the acct information in the DB (on both the proxyied and proxying, it just puts in DEFAULT as the realm, though it got proxyied via realm theisp.com. Where, and on which server, can I set it so that theisp.com gets put into realm in both acctounting DB's? Anson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Passwords
Ive got a working MySQL/freeRadius setup working. However, a possible customer, that wants to switch to us, only has access to unix style encrypted passwords. Is there a way I can put them in as encrypted, but still be able to login with the unencrypted password? Or to decrypt the passwords into cleartext ( I dont think is possible without knowing the key)? Anson Rinesmith
RE: Passwords
Let me rephrase that, it didnt come out at all like I wanted. I want to store a Crypt-Password in the DB, but I would like to have a web based front end that will allow customers to just enter plain text passwords. Is there a simple way to accomplish that? Example: abC6Def is what would be entered in the interface, and what a dialup user would type in. In the DB, I would like Crypt-Password == fd6rkdObsV8yw Sorry for the stupid first mail. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anson Rinesmith Sent: Friday, February 06, 2004 12:35 PM To: [EMAIL PROTECTED] Subject: Passwords Ive got a working MySQL/freeRadius setup working. However, a possible customer, that wants to switch to us, only has access to unix style encrypted passwords. Is there a way I can put them in as encrypted, but still be able to login with the unencrypted password? Or to decrypt the passwords into cleartext ( I dont think is possible without knowing the key)? Anson Rinesmith
RE: radius.log
Alan, Would you be willing to work with me some off the mailing list? -Original Message- From: [EMAIL PROTECTED] [mailto:freeradius- [EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Monday, January 26, 2004 1:17 PM To: [EMAIL PROTECTED] Subject: Re: radius.log Anson Rinesmith [EMAIL PROTECTED] wrote: Can you think of a way to pull certain information from the radius.log file? grep? I proxy to my realms based on Called-Station-ID. Each ISP that would dial into the NAS would like to see their own error log? Anyone tinkered with this successfully, even mildly? Not so far. I would be willing to poke at the code and recompile if necessary, but that is certainly not my forte. It shouldn't be too hard to do. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius.log
Can anyone tell me where the radius.log file is configured? I would like to have a file for each realm.
RE: radius.log
Anson Rinesmith [EMAIL PROTECTED] wrote: Can anyone tell me where the radius.log file is configured? $ grep radius.log /etc/raddb/* I know where the file is I would like to have a file for each realm. That is not currently supported. Can you think of a way to pull certain information from the radius.log file? I proxy to my realms based on Called-Station-ID. Each ISP that would dial into the NAS would like to see their own error log? Anyone tinkered with this successfully, even mildly? I would be willing to poke at the code and recompile if necessary, but that is certainly not my forte. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Mulitple radius.log files
Anson Rinesmith [EMAIL PROTECTED] wrote:
I am trying to set up a scenario with an Ascend NAS. Using freeradius
0.7.0
You really should upgrade.
I agree, but when I used 0.9.3 I got the sql instantiation error.
I was thinking if I put a line in the files {} section of
radiusd.conf, that I could make a separate radius.log file based on
what realm I proxied to or Called-Station-ID.
The server does not support that. I don't know why you would think
that the radiusd.log file is configured in the files module.
Where is it configured?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Module Instantiation Failed
FYI, I know everywhere on www.freeradius.org it claims this is NOT freeradius fault, but I removed 0.9.2 and installed 0.7 and it installed the rlm_sql_mysql.so file and runs sql perfectly. Makes me think there IS something that needs to be looked at in 0.9.2 Just my thoughts. Anson Rinesmith
Mulitple radius.log files
I am trying to set up a scenario with an Ascend NAS. Using freeradius
0.7.0 as a proxy on FreeBSD 5.2, I can successfully test authentication with ntradping.
I use the users file to do proxying based on
Called-Station-ID, sending different dialed numbers to different radius
servers.
I am getting Auth: Login OK and Auth:
Login incorrect messages to my radius.log file.
I was thinking if I put a line in the files {} section of radiusd.conf,
that I could make a separate radius.log file based on what realm I proxied to
or Called-Station-ID.
Ive done some trial and error, but nothing works. Am
I on the right track? Where would I put such a command, or am I just missing
what I should change?
logdir = ${localstatedir}//%{Called-Station-ID}/radius.log
is the most logical think Ive tried.
Anson Rinesmith
RE: Mulitple radius.log files
Okay, did my cut/paste botch that
The most logical thing Ive tried
was in
files {
logdir = ${localstatedir}/log/radius/%{Called-Station-Id}
}
Something similar to whats in
detail {} where the detail file goes in a directory based on the
Client-IP-Address
-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Anson Rinesmith
Sent: Friday, January 16, 2004
3:30 PM
To:
[EMAIL PROTECTED]
Subject: Mulitple radius.log files
I am trying to set up a scenario
with an Ascend NAS. Using freeradius 0.7.0 as a proxy on FreeBSD 5.2, I can
successfully test authentication with ntradping.
I use the users file to do proxying
based on Called-Station-ID, sending different dialed numbers to different
radius servers.
I am getting Auth: Login
OK and Auth: Login incorrect messages to my radius.log
file.
I was thinking if I put a line in
the files {} section of radiusd.conf, that I could make a separate radius.log
file based on what realm I proxied to or Called-Station-ID.
Ive done some trial and
error, but nothing works. Am I on the right track? Where would I put such a
command, or am I just missing what I should change?
logdir =
${localstatedir}//%{Called-Station-ID}/radius.log
is the most logical think Ive
tried.
Anson Rinesmith
RE: Blank username/password
Our users file contains the following DEFAULT entry : You have DEFAUTL Auth-Type := Accept, Called-Station-Id == 1 DEFAULT Called-Station-ID == 9995551234, Auth-Type := Accept Is Closer to what you need in your users file - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Blank username/password
With the supplied line in your users file, could you send me your relevant output from radiusd -X, might help debug your problem. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Adil Bikarbass Sent: Wednesday, January 14, 2004 10:36 AM To: [EMAIL PROTECTED] Subject: RE: Blank username/password I've tried this too but with the same result when the username is not empty it's accepted otherwise it's rejeted, The problem is with empty usernames/passwords, once again i want to grant access based on the Called-Station-Id no matter what the username is (empty username). Any tips? Thanks On Wed, 14 Jan 2004, Anson Rinesmith wrote: Our users file contains the following DEFAULT entry : You have DEFAUTL Auth-Type := Accept, Called-Station-Id == 1 DEFAULT Called-Station-ID == 9995551234, Auth-Type := Accept Is Closer to what you need in your users file - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- |-Adil Bikarbass |-IT Manager |-MTDS S.A. |-tel +212.3.767.4861 |-fax +212.3.767.4863 |-gsm +212.6.139. 4541 |-14, rue 16 novembre |-Rabat, Kingdom of Morocco - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Error Messages
How do I know where it's going? I would LOVE for this to go to my MYSQL database. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 9:00 AM To: [EMAIL PROTECTED] Subject: Re: Error Messages The point is... [snip]... Then this will go to /var/log/radius.log ? Yes. [snip]... not necessarily. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Disabling User
Just set their Auth-Type := Reject, no need to change the password. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Devin Atencio Sent: Wednesday, January 07, 2004 12:11 PM To: [EMAIL PROTECTED] Subject: Disabling User I was wondering if there was an easy way to disable a user so that if they Try to dialup it would deny them access. Currently our method is we just Change the user's password. I have tried to set Simulatenous-Use to 0 but That doesn't appear to work. Any ideas on a good way ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
