Re: Login incorrect- RAS autentication
Why did you send this three times? It's normal for the TNT line to try and download configuration settings via radius unless you have turned it off. I don't remember the name of the setting but it's listed in the documentation and google can find it. On Tue, 15 Nov 2005, Danny Zenzano wrote: hi, I am trying to make work an RAS(lucent-max6000) with the freeRADIUS,I configure the MAX6000, and the radius obtains an authentication order from the RAS, but as result I obtain a login error message. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: add a realm to a User-Name if no realm
Lewis Bergman wrote:
I wasn't quite specific enough on my post. The NULL match in the realm
module would probably work for the no realm at all situation.
I was hoping to look for a specific %{NAS-Identifier} and based on that
AND the fact that a user does not have an @ in the username, add the
realm.
I did something a bit similar, we are operating the NAS for another ISP
that doesn't use the realm in their usernames. I put this in the users
file to force it to be proxied:
DEFAULT Called-Station-Id == 515XXX, Proxy-To-Realm := otherisp
You should be able to do something similar.
dave
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy/Not Proxy based on dialed number?
I have a MAX TNT that will be doing dialin service. Is it possible to selectively proxy based on the DNIS? My user accounts are stored in a postgres database that I have working fine for PPPoA termination already. Thanks for any help dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
postgresql problem/question
I'm trying to use postgresql to store my radius data. I have most of it
working except for a stored procedure to return the static
routing/addressing information for a login. It tries to work but I don't
get the correct output in radtest.
select * from generate_radreply('[EMAIL PROTECTED]');
id | username | attribute | op |
value
+--+---++
104032 | [EMAIL PROTECTED] | Framed-IP-Address | := | 1.2.3.4
When I run radtest:
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=59, length=56
Framed-IP-Address = 255.255.255.255
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = Broadcast-Listen
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
The other reply items come from radgroupreply. When I run radiusd -X I see
this in the logs:
modcall[post-auth]: module sql returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Accept of id 59 to 127.0.0.1:57298
Framed-IP-Address BARE-WORD :=
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = Broadcast-Listen
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 0
Any ideas why my data is not making it back?
Thanks
dave
--
Dave Weis
[EMAIL PROTECTED]
http://www.internetsolver.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql problem/question
Alan DeKok wrote:
Dave Weis [EMAIL PROTECTED] wrote:
The other reply items come from radgroupreply. When I run radiusd -X I see
this in the logs:
modcall[post-auth]: module sql returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Accept of id 59 to 127.0.0.1:57298
Framed-IP-Address BARE-WORD :=
It looks like the SQL module is giving the wrong value to the
create attribute function. From looking as your example, your data
doesn't match the schema FreeRADIUS expects.
select * from generate_radreply('[EMAIL PROTECTED]');
id | username | attribute | op |
value
That should be ... attribute value op
See the SQL schema included with the server.
I'm looking at db_postgresql.sql and see this:
CREATE TABLE radreply (
id SERIAL PRIMARY KEY,
UserNameVARCHAR(30) DEFAULT '' NOT NULL,
Attribute VARCHAR(30),
op VARCHAR(2) NOT NULL DEFAULT '=',
Value VARCHAR(40)
);
which is what I used for the layout. It looks the same in db_mysql.sql also.
Is it position sensitive or does it use column names?
Thanks
dave
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: postgresql problem/question
Alan DeKok [EMAIL PROTECTED] said: Dave Weis [EMAIL PROTECTED] wrote: which is what I used for the layout. It looks the same in db_mysql.sql also. Is it position sensitive or does it use column names? Hmm... The queries in SQL.conf select id, username, attribute, value, op. So it should work, unless you edited the queries. But the problem is still that the op field from SQL is being into the value for the attribute, and vice-versa. Fix that, and the problem will go away. I changed the format of the records that I was returning to match what you described and it seems to be working. Thanks dave -- Dave Weis Internet Solver, Inc http://www.internetsolver.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Oracle bug report
On Fri, 3 Sep 2004, Kostas Zorbadelos wrote: OK, it seems bugs.freeradius.org is experiencing problems. I submit the bug here with the corresponding debugging outputs. When the problems are restored, I will submit it in bugs also... Short Description: Freeradius crashes upon oracle errors in accounting queries Way to reproduce: Run radiusd -X and from a shell for ((i=0;$i30; i=$i+1)); do radclient -d ~/freeradius/BUILD/etc/raddb/ -f testacct localhost acct testing123; sleep 2; done testacct file: User-Name = kzorbatest Acct-Session-Id = 123456789009876543211234567890ABCDEFGHI NAS-IP-Address = 62.103.3.155 Acct-Status-Type = Start (very big Acct-Session-Id will cause oracle error (ORA-01401: inserted value too large for column) That is because the session ID column is declared as a 32 character varchar. You are putting 39 characters into it. If the spec defines a maximum length of 32 characters, then you have too long of a session ID, or the column isn't large enough. dave -- Dave Weis [EMAIL PROTECTED] http://www.internetsolver.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
redhat spec file problem?
I'm trying to build an rpm on fedora core 1 with the included redhat spec
file but not having much luck. I had to make symlink from
/usr/include/com_err.h - /usr/include/et/com_err.h to get the kerberos
stuff to compile. I also modified the header to include the prerelease
portion:
Name: freeradius
Version: 1.0.0
Release: pre3
License: GPL
Group: Networking/Daemons
Packager: FreeRADIUS.org
Source0: %{name}-%{version}-%{release}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
I have gotten to the point where it compiles but dies when it tries to
package the RPM:
Checking for unpackaged file(s): /usr/lib/rpm/check-files
/var/tmp/freeradius-1.0.0-pre3-root
error: Installed (but unpackaged) file(s) found:
/usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
/usr/share/doc/freeradius-1.0.0-pre3/DIFFS
/usr/share/doc/freeradius-1.0.0-pre3/MACOSX
/usr/share/doc/freeradius-1.0.0-pre3/OS2
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
/usr/share/doc/freeradius-1.0.0-pre3/README
/usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
/usr/share/doc/freeradius-1.0.0-pre3/DIFFS
/usr/share/doc/freeradius-1.0.0-pre3/MACOSX
/usr/share/doc/freeradius-1.0.0-pre3/OS2
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
/usr/share/doc/freeradius-1.0.0-pre3/README
/usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)
I am not very good with spec files. I did try changing the doc line in the
files section to
%doc doc/*
but that didn't work either.
Thanks
dave
--
Dave Weis
[EMAIL PROTECTED]
http://www.internetsolver.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
