Auth type change when it called through asterisk.
Hi, I successfully done my authentication and authorization with the perl and digest with mix mode, and it reply access accept packets from the radius server. But when i tried to call through asterisk, the server again try to authenticate again and rejected. The auth type is turned into local again though i put perl and digest. How the auth type will be into perl and digest when I called through asterisk. *This is the output log after the server authenticate a user: * rad_recv: Access-Request packet from host 192.168.1.227 port 32958, id=215, length=259 User-Name = [EMAIL PROTECTED] Digest-Attributes = \n\005100 Digest-Attributes = \001\017192.168.1.227 Digest-Attributes = \002*4832e5db308756e206b4536810ea3e70cf300c66 Digest-Attributes = \004\023sip:192.168.1.227 Digest-Attributes = \003\nREGISTER Digest-Response = 805279e87b5ef1a7bc640350165079ff Service-Type = SIP Sip-URI-User = 100 Cisco-AVPair = call-id= [EMAIL PROTECTED] NAS-IP-Address = 127.0.0.1 NAS-Port = 5060 +- entering group authorize ++[preprocess] returns ok perl_pool: item 0x98c2a88 asigned new request. Handled so far: 1 found interpetator at address 0x98c2a88 rlm_perl: Added pair Digest-Response = 805279e87b5ef1a7bc640350165079ff rlm_perl: Added pair Service-Type = SIP rlm_perl: Added pair Cisco-AVPair = call-id= [EMAIL PROTECTED] rlm_perl: Added pair User-Name = [EMAIL PROTECTED] rlm_perl: Added pair Sip-URI-User = 100 rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair NAS-Port = 5060 rlm_perl: Added pair Digest-Attributes = \n\005100 rlm_perl: Added pair Digest-Attributes = \001\017192.168.1.227 rlm_perl: Added pair Digest-Attributes = \002*4832e5db308756e206b4536810ea3e70cf300c66 rlm_perl: Added pair Digest-Attributes = \004\023sip:192.168.1.227 rlm_perl: Added pair Digest-Attributes = \003\nREGISTER rlm_perl: Added pair Cleartext-Password = 100 perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x98c2a88 ++[perl] returns ok rlm_digest: Adding Auth-Type = DIGEST ++[digest] returns ok rlm_realm: Looking up realm 192.168.1.227 for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm 192.168.1.227 ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[files] returns noop ++[expiration] returns noop ++[logintime] returns noop rad_check_password: Found Auth-Type DIGEST auth: type digest +- entering group authenticate rlm_digest: Converting Digest-Attributes to something sane... Digest-User-Name = 100 Digest-Realm = 192.168.1.227 Digest-Nonce = 4832e5db308756e206b4536810ea3e70cf300c66 Digest-URI = sip:192.168.1.227 Digest-Method = REGISTER A1 = 100:192.168.1.227:100 A2 = REGISTER:sip:192.168.1.227 H(A1) = fc0ea6eaea4a4b50ad280e803f4bd6a2 H(A2) = fbf27b090821dd0f71c0a0dda09e5e8e KD = fc0ea6eaea4a4b50ad280e803f4bd6a2:4832e5db308756e206b4536810ea3e70cf300c66:fbf27b090821dd0f71c0a0dda09e5e8e EXPECTED 805279e87b5ef1a7bc640350165079ff RECEIVED 805279e87b5ef1a7bc640350165079ff ++[digest] returns ok Login OK: [EMAIL PROTECTED]/via Auth-Type = DIGEST] (from client 192.168.1.227 port 5060) +- entering group post-auth perl_pool: item 0x9997960 asigned new request. Handled so far: 1 found interpetator at address 0x9997960 rlm_perl: Added pair Digest-User-Name = 100 rlm_perl: Added pair Digest-Response = 805279e87b5ef1a7bc640350165079ff rlm_perl: Added pair Service-Type = SIP rlm_perl: Added pair Digest-URI = sip:192.168.1.227 rlm_perl: Added pair Digest-Realm = 192.168.1.227 rlm_perl: Added pair Cisco-AVPair = call-id= [EMAIL PROTECTED] rlm_perl: Added pair Digest-Method = REGISTER rlm_perl: Added pair User-Name = [EMAIL PROTECTED] rlm_perl: Added pair Sip-URI-User = 100 rlm_perl: Added pair Digest-Nonce = 4832e5db308756e206b4536810ea3e70cf300c66 rlm_perl: Added pair NAS-IP-Address = 127.0.0.1 rlm_perl: Added pair NAS-Port = 5060 rlm_perl: Added pair Digest-Attributes = \n\005100 rlm_perl: Added pair Digest-Attributes = \001\017192.168.1.227 rlm_perl: Added pair Digest-Attributes = \002*4832e5db308756e206b4536810ea3e70cf300c66 rlm_perl: Added pair Digest-Attributes = \004\023sip:192.168.1.227 rlm_perl: Added pair Digest-Attributes = \003\nREGISTER rlm_perl: Added pair Cleartext-Password = 100 rlm_perl: Added pair Auth-Type = digest perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x9997960 ++[perl] returns ok Sending Access-Accept of id 215 to 192.168.1.227 port 32958 Finished request 1. Going to the next request Waking up in 4.9 seconds. Cleaning up request 0 ID 214 with timestamp +5 Cleaning up request 1 ID 215 with timestamp +5 Ready to process requests. *This is the output log after the server reject a user when it is call through asterisk *rad_recv: Access-Request packet from host 192.168.1.227 port 33036, id=222, length=104 Called-Station-Id = 200 Calling-Station-Id = 100 User-Name =
Re: How to activate the accounting sub section in perl script
add perl to the accouting section in whatever virtual server you are
running,
enable the accouting part in the perl config (in experimental.conf) and
ensure you have an accounting subroutine in your perl module
alan
Hi,
I am a new user in freeradius and this is my first time that I am
configuring freeradius. As advice by Alan I've done all the possible steps
to activate the accounting section.
These are the things I've changes
1. I've added an entry perl to the accounting sub section on default file.
2. Entry included of perl { } in module { } sub section in radiusd.conf.
3. And I already had an accounting sub module in my perl script.
Unfortunately I didn't found any execution of my queries
(start_accounting_query and stop_accounting_query),
please tell me the simplest way of how to test my accounting queries to make
it work. or please provide me the simplest accounting query to check the
accounting module if possible.
*here is the log output when it runs in debug mode*
FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on May 7 2008
at 16:45:53
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
shortname = localhost
nastype = other
}
client 192.168.1.227 {
require_message_authenticator = no
secret = johnson
}
radiusd: Loading Realms and Home Servers
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = /usr/local/etc/raddb/myperltemp.pl
func_authorize = authorize
func_authenticate = authenticate
func_accounting = accounting
func_preacct = preacct
func_checksimul = checksimul
func_detach = detach
func_xlat = xlat
func_pre_proxy = pre_proxy
func_post_proxy = post_proxy
func_post_auth = post_auth
}
perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
}
Module: Linked to module rlm_digest
Module: Instantiating digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_eap
How to activate the accounting sub section in perl script
hi, I am doing my AAA in perl script for radius 2.0.3, can anybody please tell how do I activate my accounting subsection in my perl program, I didn't find any execution of my queries in the accounting sub section in my perl script. With Regards, Johnson Elangbam - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you kalik
hi kalik,
After a long pause, I've successfully done my authorization of
my radius server by using digest and perl authentication in mixed mode, as
per your advice I put the digest entry first before the perl authentication
in the default file, and after that I've put a line of perl code
RAD_CHECK{'Cleartext-Password'} = $mypassword, where the password is fetch
from the database. And finally the server starts reading the cleartext
password and starts calculating the md5 encryption and sucessfully
authorized a user.
Lastly, I thank to all the members of this forum who are dedicated here to
help solving the complex problem in a complicated environment, especially
Evan Kalik who is much envolved, regarding my problems of not getting my
digest attributes.
Thanking you for your valuable time and consideration.
With Regards,
Johnson Elangbam
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce'.
You are (again) sending a request without Digest-Attributes. Try sending
one with them.
Ivan Kalik
Kalik Informatika ISP
hi,
I check all the clients attributes and start sending the Digest
attributes.. now the problem is I can't get those attributes in my perl code
by accessing using RAD_REQUEST or RAD_CHECK, so that I can calculate my ha1,
ha2 for md5 encryption.
Please help.
Output log file when run in debug mode by using radiusd -X
rad_recv: Access-Request packet from host 192.168.1.227 port 32817, id=222,
length=262
User-Name = [EMAIL PROTECTED]
Digest-Attributes = \n\006john
Digest-Attributes = \001\017192.168.1.227
Digest-Attributes = \002*48281f56caacb6aa62fc3bb31ec98146efeaae15
Digest-Attributes = \004\023sip:192.168.1.227
Digest-Attributes = \003\nREGISTER
Digest-Response = 9ae01536efc46358e61f2fe362552af4
Service-Type = SIP
Sip-URI-User = john
Cisco-AVPair = call-id=
[EMAIL PROTECTED]
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x8d08568 asigned new request. Handled so far: 1
found interpetator at address 0x8d08568
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = 9ae01536efc46358e61f2fe362552af4
rlm_perl: RAD_REQUEST: Service-Type = SIP
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: Sip-URI-User = john
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x8df353c)
rlm_perl: ###
rlm_perl: Added pair Digest-Response = 9ae01536efc46358e61f2fe362552af4
rlm_perl: Added pair Service-Type = SIP
rlm_perl: Added pair Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: Added pair User-Name = [EMAIL PROTECTED]
rlm_perl: Added pair Sip-URI-User = john
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair Digest-Attributes = \n\006john
rlm_perl: Added pair Digest-Attributes = \001\017192.168.1.227
rlm_perl: Added pair Digest-Attributes =
\002*48281f56caacb6aa62fc3bb31ec98146efeaae15
rlm_perl: Added pair Digest-Attributes = \004\023sip:192.168.1.227
rlm_perl: Added pair Digest-Attributes = \003\nREGISTER
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x8d08568
++[perl] returns ok
rlm_digest: Adding Auth-Type = DIGEST
++[digest] returns ok
rlm_realm: Looking up realm 192.168.1.227 for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm 192.168.1.227
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rad_check_password: Found Auth-Type DIGEST
auth: type digest
+- entering group authenticate
rlm_digest: Cleartext-Password or Digest-HA1 is required for authentication.
++[digest] returns invalid
auth: Failed to validate the user.
Login incorrect: [EMAIL PROTECTED]/via Auth-Type = DIGEST] (from client
192.168.1.227 port 5060)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.227 port 32818, id=223,
length=262
User-Name = [EMAIL PROTECTED]
Digest-Attributes = \n\006john
Digest-Attributes = \001\017192.168.1.227
Digest-Attributes = \002*48281f56caacb6aa62fc3bb31ec98146efeaae15
Digest-Attributes = \004\023sip:192.168.1.227
Digest-Attributes = \003\nREGISTER
Digest-Response = 9ae01536efc46358e61f2fe362552af4
Service-Type = SIP
Sip-URI-User = john
Cisco-AVPair = call-id=
[EMAIL PROTECTED]
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x8e67348 asigned new request. Handled so far: 1
found interpetator at address 0x8e67348
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = 9ae01536efc46358e61f2fe362552af4
rlm_perl: RAD_REQUEST: Service-Type = SIP
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: Sip-URI-User = john
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x8efce0c)
rlm_perl: ###
rlm_perl: Added pair Digest-Response =
Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
hi,
I am using freeradius 2.0.3 with radiusclient-ng 0.5.6. I need to used
the following attributes
Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri',
'Digest-Nonce', 'Digest-Response' into my perl code, to do my md5
calculation, unfortunately I can't get any of the values except
Digest-Response,
hopefully i've tried all the alternatives that is posted by Ivan Kalik
earlier.
1. I've uncommented all the digest entries in sites-enabled/default file and
I've uncommented out all the perl entries from the
default.
2. I've tried accessing the digest attributes in my perl code by using
RAD_CHECK as well as RAD_CHECK.
But it doesn't work.
can anybody please tell me that is it possible to call the digest attributes
in the perl code. If it is possible, please show me the way how to call
these attributes('Digest-User-name', 'Digest-Realm', 'Digest-Method',
'Digest-Uri', 'Digest-Nonce', 'Digest-Response'.
Or will it be the problem of not getting the digest attributes by the
incompatible dictionaries of radius client and radius server.
Please help,I am really confused where is the problem.
Thanks for your valuable time.
*Here is the output files when running in debug mode before authenticate a
user*
FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on May 7 2008
at 16:45:53
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
shortname = localhost
nastype = other
}
client 192.168.1.227 {
require_message_authenticator = no
secret = johnson
shortname = mynetwork
nastype = other
}
radiusd: Loading Realms and Home Servers
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_digest
Module: Instantiating digest
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = /usr/local/etc/raddb/myperltemp.pl
func_authorize = authorize
func_authenticate = authenticate
func_accounting = accounting
func_preacct = preacct
func_checksimul = checksimul
func_detach = detach
func_xlat = xlat
func_pre_proxy = pre_proxy
func_post_proxy = post_proxy
func_post_auth = post_auth
}
perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack =
Re:Re Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
Good. Now you are getting Digest-Attributes. Now uncomment digest entry
in authorize section of default or whatever virtual server is processing
this.
Hi Kalik,
As per your instruction I've uncommented all the digest entry
in authorize and authenticate section in the sites-enabled/default file,
unfortunately I still didn't get the values of these attributes in my perl
code to authenticate. I am confusing what should I emphasized, please help.
*I am submitting the complete radius log when it run in debug mode before
authenticate a user here*
FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on Apr 9 2008
at 21:42:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
shortname = localhost
nastype = other
}
client 192.168.1.227 {
require_message_authenticator = no
secret = johnson
}
radiusd: Loading Realms and Home Servers
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = /usr/local/etc/raddb/myperltemp.pl
func_authorize = authorize
func_authenticate = authenticate
func_accounting = accounting
func_preacct = preacct
func_checksimul = checksimul
func_detach = detach
func_xlat = xlat
func_pre_proxy = pre_proxy
func_post_proxy = post_proxy
func_post_auth = post_auth
}
perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
}
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = auto
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_digest
Module: Instantiating digest
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating
Re:Re Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
You are asking your questions on a wrong list. There is nothing you can
do on a radius server in order to get those attributes if radius client
is not sending Digest-Attributes. Direct your question to SER server
support.
hi Kalik,
After I've done some changes in dictionary of radius server I
can see the output sending digest attributes from the client, but still i
didn't get the values at the radius server. Is it the problem of my
configuration of radius server or it may be some other client configuration.
Please advice, sorry for posting the same question again.
Please tell me the possible problems of not getting these values:
'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri',
'Digest-Nonce', 'Digest-Response'
here is the full output when I run in debug mode
rad_recv: Access-Request packet from host 192.168.1.227 port 33093, id=86,
length=271
User-Name = [EMAIL PROTECTED]
Digest-Attributes = 0x0a096a6f686e736f6e
Digest-Attributes = 0x010f3139322e3136382e312e323237
Digest-Attributes =
0x022a34383166353136663737396231653364366365313331653738656462346265393931356634386439
Digest-Attributes = 0x04137369703a3139322e3136382e312e323237
Digest-Attributes = 0x030a5245474953544552
Digest-Response = b8f4759b0c4462aaa56edd1794da872a
Service-Type = Sip-Session
Sip-Uri-User = johnson
Cisco-AVPair = call-id=
[EMAIL PROTECTED]
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x89260f0 asigned new request. Handled so far: 1
found interpetator at address 0x89260f0
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = b8f4759b0c4462aaa56edd1794da872a
rlm_perl: RAD_REQUEST: Service-Type = Sip-Session
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: Sip-Uri-User = johnson
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x89dd638)
rlm_perl: ###
rlm_perl: Added pair Digest-Response = b8f4759b0c4462aaa56edd1794da872a
rlm_perl: Added pair Service-Type = Sip-Session
rlm_perl: Added pair Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: Added pair User-Name = [EMAIL PROTECTED]
rlm_perl: Added pair Sip-Uri-User = johnson
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair Digest-Attributes = 0x0a096a6f686e736f6e
rlm_perl: Added pair Digest-Attributes = 0x010f3139322e3136382e312e323237
rlm_perl: Added pair Digest-Attributes =
0x022a34383166353136663737396231653364366365313331653738656462346265393931356634386439
rlm_perl: Added pair Digest-Attributes =
0x04137369703a3139322e3136382e312e323237
rlm_perl: Added pair Digest-Attributes = 0x030a5245474953544552
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x89260f0
++[perl] returns reject
Invalid user: [EMAIL PROTECTED]/no User-Password attribute] (from
client 192.168.1.227 port 5060)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 2 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.227 port 33094, id=87,
length=271
User-Name = [EMAIL PROTECTED]
Digest-Attributes = 0x0a096a6f686e736f6e
Digest-Attributes = 0x010f3139322e3136382e312e323237
Digest-Attributes =
0x022a34383166353136663737396231653364366365313331653738656462346265393931356634386439
Digest-Attributes = 0x04137369703a3139322e3136382e312e323237
Digest-Attributes = 0x030a5245474953544552
Digest-Response = b8f4759b0c4462aaa56edd1794da872a
Service-Type = Sip-Session
Sip-Uri-User = johnson
Cisco-AVPair = call-id=
[EMAIL PROTECTED]
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x8a20548 asigned new request. Handled so far: 1
found interpetator at address 0x8a20548
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = b8f4759b0c4462aaa56edd1794da872a
rlm_perl: RAD_REQUEST: Service-Type = Sip-Session
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: Sip-Uri-User = johnson
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: Digest-Attributes = ARRAY(0x8ab7bd0)
rlm_perl:
Re:Re Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
Your radius client is not sending Digest-Attributes. It's sending Ascend
VSAs. Read your NAS documentation how to set up digest authentication if
you want that.
hi Kalik,
I am really sorry to post again the same question, as per your
instruction I have check all the clients configurations radiusclient.conf
as well as SER configuration ser.cfg, I've uncommented all the modules
that will particularly help to do digest authentication in ser.cfg, but
still the problem of not getting the values of digest attributes exist, I am
using radiusclient 0.5.6 and SER 0.9.6, will it be the problem for
incompatible of versions between the radius server and the radius clients or
SER. Please tell me the possible problems of not getting these values:
'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri',
'Digest-Nonce', 'Digest-Response'
And please tell me the things that I should change in radius server
configuration to get these digest attributes.
for the information I've mentioning the debug when run in radiusd -X
rad_recv: Access-Request packet from host 192.168.1.227 port 33526, id=92,
length=252
User-Name = [EMAIL PROTECTED]
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret =
0x3438316339313763326231623731373133343937623838636165613864326437326534653832
X-Ascend-IP-Pool-Definition = sip:192.168.1.227
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = call-id=
[EMAIL PROTECTED]
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x9f48768 asigned new request. Handled so far: 1
found interpetator at address 0x9f48768
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
0x3438316339313763326231623731373133343937623838636165613864326437326534653832
rlm_perl: RAD_REQUEST: X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: X-Ascend-Netware-timeout = 1785686126
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 1785686126
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: ###
rlm_perl: Added pair Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
rlm_perl: Added pair X-Ascend-Receive-Secret =
0x3438316339313763326231623731373133343937623838636165613864326437326534653832
rlm_perl: Added pair X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: Added pair Service-Type = IAPP-Register
rlm_perl: Added pair X-Ascend-Netware-timeout = 1785686126
rlm_perl: Added pair Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: Added pair User-Name = [EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-PW-Lifetime = 1785686126
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x9f48768
++[perl] returns reject
Invalid user: [EMAIL PROTECTED]/no User-Password attribute] (from client
192.168.1.227 port 5060)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.227 port 33528, id=93,
length=252
User-Name = [EMAIL PROTECTED]
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret =
0x3438316339313763326231623731373133343937623838636165613864326437326534653832
X-Ascend-IP-Pool-Definition = sip:192.168.1.227
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = 6d1bf8eacbbddb82a606811f7e5c76ae
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = call-id=
[EMAIL PROTECTED]
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0xa183d50 asigned new request. Handled so far: 1
found
Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
No, there is a digest module in default radiusd.conf that should decode
the attributes. Post radiusd -X for request with Digest-Attributes.
Those attributes you want are not in the request - have you tried
$RAD_CHECK.
hi Kalik,
I've tried $RAD_CHECK but still i didn't get the values of
these attributes
'Digest-User-name',
'Digest-Realm',
'Digest-Method',
'Digest-Uri',
'Digest-Nonce',
'Digest-Response',
I've found a digest module in radiusd.conf but actually don't have any idea
how to handle the module. Please tell me how to get the value of these
attributes.
Here is the full output when the radius is run in debugging mode:
[EMAIL PROTECTED] raddb]# radiusd -X
FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on Apr 9 2008
at 21:42:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
shortname = localhost
nastype = other
}
client 192.168.1.227 {
require_message_authenticator = no
secret = johnson
}
radiusd: Loading Realms and Home Servers
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = /usr/local/etc/raddb/myperltemp.pl
func_authorize = authorize
func_authenticate = authenticate
func_accounting = accounting
func_preacct = preacct
func_checksimul = checksimul
func_detach = detach
func_xlat = xlat
func_pre_proxy = pre_proxy
func_post_proxy = post_proxy
func_post_auth = post_auth
}
perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module:
Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
Send a request with Digest-Attributes.
hi Kalik,
I've tried to called using Digest-Attributes in my perl code
like this
$dUserName= $RAD_REQUEST{'Digest-User-Name'};
$dRealm= $RAD_REQUEST{'Digest-Realm'};
$dMethod = $RAD_REQUEST{'Digest-Method'};
$dUri= $RAD_REQUEST{'Digest-URI'};
$dNonce=$RAD_REQUEST{'Digest-Nonce'};
$dResponse=$RAD_REQUEST{'Digest-Response'};
but still it doesn't get the values..except 'Digest-Response'
May it be the problem from the radius client, or is it the problem in my
perl code.
I can't rectify the problem, I am confusing where should I emphasized
Here is the new output when it is run in radiusd -X after rejecting da
user.
rad_recv: Access-Request packet from host 192.168.1.227 port 32847, id=182,
length=252
User-Name = [EMAIL PROTECTED]
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret =
0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
X-Ascend-IP-Pool-Definition = sip:192.168.1.227
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = 1e926599fa0777bef89010421e3e1c41
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = call-id=
[EMAIL PROTECTED]
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x9ede730 asigned new request. Handled so far: 1
found interpetator at address 0x9ede730
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = 1e926599fa0777bef89010421e3e1c41
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
rlm_perl: RAD_REQUEST: X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: RAD_REQUEST: Service-Type = IAPP-Register
rlm_perl: RAD_REQUEST: X-Ascend-Netware-timeout = 1785686126
rlm_perl: RAD_REQUEST: Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: RAD_REQUEST: User-Name = [EMAIL PROTECTED]
rlm_perl: RAD_REQUEST: X-Ascend-PW-Lifetime = 1785686126
rlm_perl: RAD_REQUEST: NAS-Port = 5060
rlm_perl: RAD_REQUEST: NAS-IP-Address = 127.0.0.1
rlm_perl: RAD_REQUEST: X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: ###
rlm_perl: Added pair Digest-Response = 1e926599fa0777bef89010421e3e1c41
rlm_perl: Added pair X-Ascend-Receive-Secret =
0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
rlm_perl: Added pair X-Ascend-IPX-Peer-Mode = 0x5245474953544552
rlm_perl: Added pair Service-Type = IAPP-Register
rlm_perl: Added pair X-Ascend-Netware-timeout = 1785686126
rlm_perl: Added pair Cisco-AVPair = call-id=
[EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-IP-Pool-Definition = sip:192.168.1.227
rlm_perl: Added pair User-Name = [EMAIL PROTECTED]
rlm_perl: Added pair X-Ascend-PW-Lifetime = 1785686126
rlm_perl: Added pair NAS-Port = 5060
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
rlm_perl: Added pair Reply-Message = Incorrect Password
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x9ede730
++[perl] returns reject
Invalid user: [EMAIL PROTECTED]/no User-Password attribute] (from client
192.168.1.227 port 5060)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Request packet from host 192.168.1.227 port 32848, id=183,
length=252
User-Name = [EMAIL PROTECTED]
X-Ascend-Netware-timeout = 1785686126
X-Ascend-Send-Secret = 0x3139322e3136382e312e323237
X-Ascend-Receive-Secret =
0x34383161663338653534346236663063383862343865393864346639313036626264363230306536
X-Ascend-IP-Pool-Definition = sip:192.168.1.227
X-Ascend-IPX-Peer-Mode = 0x5245474953544552
Digest-Response = 1e926599fa0777bef89010421e3e1c41
Service-Type = IAPP-Register
X-Ascend-PW-Lifetime = 1785686126
Cisco-AVPair = call-id=
[EMAIL PROTECTED]
NAS-IP-Address = 127.0.0.1
NAS-Port = 5060
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0xa119d28 asigned new request. Handled so far: 1
found interpetator at address 0xa119d28
rlm_perl: ###
rlm_perl: RAD_REQUEST: Digest-Response = 1e926599fa0777bef89010421e3e1c41
rlm_perl: RAD_REQUEST: X-Ascend-Receive-Secret =
Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
hi,
I am using free Radius 2.0.3. I m configured my AAA through rlm_perl. I
need to do the authorization by using the following attributes.
Digest-Realm
Digest-Method
Digest-Uri
Digest-Nonce
Digest-Nonce
Digest-Response
Unfortunately i did not get any value from these attributes when i called
using $RAD_REQUEST. Please tell me any idea to get these values.
Here is the piece of output when the radius is run in debugging mode:
[EMAIL PROTECTED] raddb]# radiusd -X
FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on Apr 9 2008
at 21:42:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
shortname = localhost
nastype = other
}
client 192.168.1.227 {
require_message_authenticator = no
secret = johnson
}
radiusd: Loading Realms and Home Servers
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = /usr/local/etc/raddb/myperltemp.pl
func_authorize = authorize
func_authenticate = authenticate
func_accounting = accounting
func_preacct = preacct
func_checksimul = checksimul
func_detach = detach
func_xlat = xlat
func_pre_proxy = pre_proxy
func_post_proxy = post_proxy
func_post_auth = post_auth
}
perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = Password:
auth_type = PAP
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange = no
Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
That's a pap request. Send a request with Digest-Attributes and you will
get digest attributes.
hi,
As advice by Ivan Kalik, I've tried sending the request with
Digest-Attributes, unfortunately i didn't get any values from these
attributes:
'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri',
'Digest-Nonce', 'Digest-Response'.
here is the piece of perl code that i have used to access the values
$dUserName= $RAD_REQUEST{'Digest-User-Name'};
$dRealm= $RAD_REQUEST{'Digest-Realm'};
$dMethod = $RAD_REQUEST{'Digest-Method'};
$dUri= $RAD_REQUEST{'Digest-URI'};
$dNonce=$RAD_REQUEST{'Digest-Nonce'};
$dResponse=$RAD_REQUEST{'Digest-Response'};
I've used md5 algorithm in my perl script, is there anything to be done in
the eap.conf or in radius.conf ?
Regards,
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
No, there is a digest module in default radiusd.conf that should decode
the attributes. Post radiusd -X for request with Digest-Attributes.
Those attributes you want are not in the request - have you tried
$RAD_CHECK.
hi Kalik,
I've tried $RAD_CHECK but it doesn't work, I've found a digest
module in radiusd.conf but actually don't have any idea how to handle the
module.
Here is the full output when the radius is run in debugging mode:
[EMAIL PROTECTED] raddb]# radiusd -X
FreeRADIUS Version 2.0.3, for host i686-pc-linux-gnu, built on Apr 9 2008
at 21:42:16
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
shortname = localhost
nastype = other
}
client 192.168.1.227 {
require_message_authenticator = no
secret = johnson
}
radiusd: Loading Realms and Home Servers
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = /usr/local/etc/raddb/myperltemp.pl
func_authorize = authorize
func_authenticate = authenticate
func_accounting = accounting
func_preacct = preacct
func_checksimul = checksimul
func_detach = detach
func_xlat = xlat
func_pre_proxy = pre_proxy
func_post_proxy = post_proxy
func_post_auth = post_auth
}
perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module rlm_realm
Module: Instantiating suffix
realm suffix {
format = suffix
delimiter = @
ignore_default = no
ignore_null = no
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to sub-module rlm_eap_gtc
Module: Instantiating eap-gtc
gtc {
challenge = Password:
auth_type = PAP
}
Module: Linked to sub-module rlm_eap_tls
Module: Instantiating eap-tls
tls {
rsa_key_exchange
Can't get the value of 'Digest-User-name', 'Digest-Realm', 'Digest-Method', 'Digest-Uri', 'Digest-Nonce', 'Digest-Response'
hi,
I am using free Radius 2.0.3. I m configured my AAA through rlm_perl. I
need to do the authorization by using the following attributes.
Digest-Realm
Digest-Method
Digest-Uri
Digest-Nonce
Digest-Nonce
Digest-Response
Unfortunately i did not get any value from these attributes when i called
using $RAD_REQUEST. Please tell me any idea to get these values.
Here is the piece of authorization code that i've used.
sub authorize
{
my $nasuser1;
my $nasuser;
my $naspass;
my $dUserName;
my $dRealm;
my $dMethod;
my $dUri;
my $dNonce;
my $nameindex;
my $dResponse;
$nasuser = $RAD_REQUEST{'User-Name'};
$naspass = $RAD_REQUEST{'User-Password'};
$dUserName= $RAD_REQUEST{'Digest-User-Name'};
$dRealm= $RAD_REQUEST{'Digest-Realm'};
$dMethod = $RAD_REQUEST{'Digest-Method'};
$dUri= $RAD_REQUEST{'Digest-URI'};
$dNonce=$RAD_REQUEST{'Digest-Nonce'};
$dResponse=$RAD_REQUEST{'Digest-Response'};
my $dPassword;
my $ha1;
my $ha2;
my $a1;
my $a2;
my $a;
my $sqltest;
my $sthtest;
my $user = user;
my $password = password;
my
$dbhtest=DBI-connect('dbi:ODBC:MSSQLDSN',$user,$password,{PrintError=0,RaiseError=0});
my $dbh = DBI- connect('dbi:ODBC:MSSQLDSN', $user, $password, {PrintError
=0, RaiseError =0});
my $sql = qq/select * from testing where UserName = '$nasuser'/;
my $sth=$dbh-prepare($sql);
if($dbh)
{
$sth-execute();
if(my $row = $sth-fetchrow_hashref)
{
#password from database against the username
$dPassword=$row-{UserPassword};
$a1=$dUserName.':'.$dRealm.':'.$dPassword;
#first part of the hash calculated.
$ha1=md5($a1);
$a2=$dMethod.':'.$dUri;
#second part of the hash calculated.
$ha2=md5($a2);
#final string to be hashed.
$a=$ha1.':'.$dNonce.':'.$ha2;
#final response to be checked with the digest-response
$a=md5($a);
if($a eq $dResponse)
{
$RAD_REPLY{'Reply-Message'} = Accepting Users;
return RLM_MODULE_OK;
}
else
{
$RAD_REPLY{'Reply-Message'} = Incorrect Password;
return RLM_MODULE_REJECT;
}
}#End of row fetch
else
{
$RAD_REPLY{'Reply-Message'} = Incorrect Username;
#$RAD_REPLY{'Reply-Message'} = $nasuser;
return RLM_MODULE_REJECT;
}#End of else
}#end of if database connection
else
{
$RAD_REPLY{'Reply-Message'} = Cannot connect to database;
}
}#End of authorization subsection
With Regards
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do i change the NAS ip address
hi, I've been configuring free radius 2.0.3, I've configured almost all the files and run successfully for the testing purpose from the localhost by using the radtest, now I need to implement my radius in the real invironment by putting the NAS ip address, currently my NAS ip address is displayed as 127.0.0.1, I need to change this ip address. Please anybody tell how to change the NAS ip address. Thanks and Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unable to authenticate with rlm_perl
hi,
I am trying to used the rlm_perl for authentication, I've found reading
all the perl modules, but wouldn't able to handle the username from the
client. For the testing purpose I've put this simple script in the perl
program
if ($RAD_REQUEST{'User-Name'} eq john)
{
$RAD_REPLY{'A message'} = Accepting John;
return RLM_MODULE_OK;
}
else
{
$RAD_REPLY{'A message'} = Rececting users;
return RLM_MODULE_REJECT;
}
unfortunately everytime i try to authenticate the user john regardless of
the password, the server rejects all the time
here is the piece of output after rejecting the users
rad_recv: Access-Request packet from host 127.0.0.1 port 32866, id=177,
length=56
User-Name = john
User-Password = password
NAS-IP-Address = 127.0.0.1
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
perl_pool: item 0x9e63c98 asigned new request. Handled so far: 1
found interpetator at address 0x9e63c98
rlm_perl: Added pair User-Name = john
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x9e63c98
++[perl] returns ok
rlm_realm: No '@' in User-Name = john, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
users: Matched entry DEFAULT at line 203
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No known good password found for the user.
Authentication may fail because of this.
++[pap] returns noop
rad_check_password: Found Auth-Type Perl
auth: type Perl
+- entering group Perl
perl_pool: item 0xa08e5d8 asigned new request. Handled so far: 1
found interpetator at address 0xa08e5d8
1,bill,Cleartext-Password,bill,:=
Use of uninitialized value in string eq at
/usr/local/etc/raddb/example.pmline 126.
rlm_perl: Added pair User-Name = john
rlm_perl: Added pair User-Password = password
rlm_perl: Added pair NAS-IP-Address = 127.0.0.1
rlm_perl: Added pair NAS-Port = 0
rlm_perl: Added pair Auth-Type = Perl
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0xa08e5d8
++[perl] returns reject
auth: Failed to validate the user.
Login incorrect: [john/password] (from client localhost port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - john
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 177 to 127.0.0.1 port 32866
Waking up in 4.9 seconds.
Cleaning up request 0 ID 177 with timestamp +10
Ready to process requests.
Regards,
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with authentication with rlm_perl
hi,
I am using free Radius 2.0. I want to try to authenticate with the perl
module, I've done all the necessary configurations in sites-enabled/default
directory and in radiusd.conf and it reads my perl script when running my
radius, unfortunately my radius server rejects all the time no matter what
i've put the return value rlm_module_ok in my perl script. Please tell me is
there any other things what i've to do to authenticate the username from
perl module.
Here is the output after running the radius server in debugging mode
FreeRADIUS Version 2.0.2, for host i686-pc-linux-gnu, built on Feb 25 2008
at 09:51:36
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = testing123
nastype = other
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = testing123
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = status-server
ping_check = none
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_perl
Module: Instantiating perl
perl {
module = /usr/local/etc/raddb/example.pm
func_authorize = authorize
func_authenticate = authenticate
func_accounting = accounting
func_preacct = preacct
func_checksimul = checksimul
func_detach = detach
func_xlat = xlat
func_pre_proxy = pre_proxy
func_post_proxy = post_proxy
func_post_auth = post_auth
}
perl {
max_clones = 32
start_clones = 32
min_spare_clones = 0
max_spare_clones = 32
cleanup_delay = 5
max_request_per_clone = 0
}
Module: Checking authorize {...} for more modules to load
Module: Linked to module rlm_preprocess
Module: Instantiating preprocess
preprocess {
huntgroups = /usr/local/etc/raddb/huntgroups
hints = /usr/local/etc/raddb/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain_hack = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
with_alvarion_vsa_hack = no
}
Module: Linked to module
Problems with using Customize table schema
hi,
I've been asking for the same questions from the past few days about
using my customized table schema and executing stored procedures in Ms Sql
2000 with free radius server 2.0, but I didn't find the exact solution till
now. I've tried all the alternatives that is replied in the Maling list by
Ivan Kalik, Alan Dekok and some other guys, unfortunately my requirements
doesn't match their replies. I am stating the problem here, I appreciate
any kind of advice.
1. Using my customized table of my own in Ms Sql 2000 rather than the
default (ie radcheck) with free radius 2 through Perl script.
2. Executing stored procedures of Ms Sql 2000 through Perl script.
I've put perl in the authorization section in the sites-enabled/default
directory
I've put Auth-Type perl
{
perl
}
in the authenticate section
And I've put a section of perl module in the modules section in the
radiusd.conf,
the radiusd -X works fine and reads all the perl module while running the
radius in debugging mode, My confusion is that how do I fetch the username
and the password from my own customized table which contains only username
and password and authenticate through perl script. Secondly how do I execute
the stored procedures written in Ms Sql 2000 through perl script.
Thanks and Regards
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with using Customize table schema
HI,
As advice by Ivan Kalik I've add a table and put username and password
only, but still the problem is there, and the output is like this. Please
let me know how to used the customized table.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 32791, id=197,
length=57
User-Name = david
User-Password = david
NAS-IP-Address = 192.168.1.227
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
rlm_realm: No '@' in User-Name = david, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
expand: %{User-Name} - david
rlm_sql (sql): sql_set_user escaped user -- 'david'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT usernames,passwords FROM userpass WHERE usernames =
'%{SQL-User-Name}' - SELECT usernames,passwords FROM userpass WHERE
usernames = 'david'
query: SELECT usernames,passwords FROM userpass WHERE usernames = 'david'
rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row.
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
++[sql] returns fail
Invalid user: [david/david] (from client localhost port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - david
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 197 to 127.0.0.1 port 32791
Waking up in 4.9 seconds.
Cleaning up request 0 ID 197 with timestamp +86
Ready to process requests.
Regards
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with using Customize table schema
hi, The only thing I want to do is to used my customize table schema of my own. I am confused whether I used the sql.conf or the perl module.Pleaseadvice which i should used. And if i used the perl module, please tell me how should I write the connection parameters and the sql queries for connecting to the Ms Sql. And if i used the sql.conf please tell me how to used my own customized table which contain only username and password. With Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problems with using Customize table schema
hi, I am using Free radius 2.0 and Ms Sql 2000.I need to used my own customised table schema rather than the default table which comes along with the radius server in schema.conf. To do so is it necessary to connect through rlm_perl and deactivate the sql module in the sites-enabled/default. If I am using perl script do I have to specify all the parameters that is specified in the dialup.conf. I mean do I have to specify all the database connection parameters in the perl, or is there any other means like as we do in the sql.conf. Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
how to disabled rlm_sql module
hi, Do i need to disabled rlm_sql module if I am using perl script to fetch data from the database. If so then how do i disabled the rlm_sql module. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fetching username and password through perl script
hi, I am using free radius 2 along with Ms Sql 2000, I need to authenticate with perl script using my own table schema which contains only username and password. How do I read username and password from these customize table using perl script. With Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do I used my customized table in.
hi,
I am using free radius server 2.0 and Ms Sql 2000, I want to used my
customized tables which contains only username and password.I've tried
modyfying the query in dialup.conf, but it doesn't work. Please tell me the
solution.
here is the piece of output after rejecting the user that is stored in the
database
rad_recv: Access-Request packet from host 127.0.0.1 port 32807, id=226,
length=56
User-Name = John
User-Password = 1
NAS-IP-Address = 192.168.2.227
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = John, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} - John
rlm_sql (sql): sql_set_user escaped user -- 'John'
rlm_sql (sql): Reserving sql socket id: 3
expand: SELECT UserName,Value FROM checking WHERE Username =
'%{SQL-User-Name}' - SELECT UserName,Value FROM checking WHERE Username =
'John'
query: SELECT UserName,Value FROM checking WHERE Username = 'John'
rlm_sql_getvpdata: database query error
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 3
++[sql] returns fail
Invalid user: [John/1] (from client localhost port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - John
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 1 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 1
Sending Access-Reject of id 226 to 127.0.0.1 port 32807
Waking up in 4.9 seconds.
Cleaning up request 1 ID 226 with timestamp +17
Ready to process requests.
Regards
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How do I used my customized table in Ms Sql through perl script
hi, I am using free radius server 2.0 and Ms Sql 2000, I want to used my customized tables which contains only username and password.I used to authenticate using perl script. Can I write SQL queries inside the perl script to fetch the data from the table rather than from the dialup.conf for Ms Sql so that i can used my customize table. Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need to authenticate with Perl
Hi,
I am trying to use authentication using Perl script, I've included a
section of Perl in radiusd.conf which specifies the path of the Perl script,
and I've included a section like
Auth-Type Perl { perl }in the /sites-enabled/default file. I need to
implement the stored procedures of MsSql in Perl script so that i can call
the stored procedures through perl. Please help me how to implement it.With
Regards
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Need to customized the table schema.
hi,
I am using free radius 2 with MS Sql 2000. I want to make a database
schema of my own to store only username and password in MS Sql. I would like
to modify the query so that the radius server reads only this information
from my customized table.I've tryied modyfying sql queries from
dialup.confto read from my table but it doesn't work. Please help.
Here is the piece of output of the radius server after rejecting the
username and the password.
rad_recv: Access-Request packet from host 127.0.0.1 port 32835, id=208,
length=56
User-Name = John
User-Password = 1
NAS-IP-Address = 192.168.2.227
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
rlm_realm: No '@' in User-Name = John, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
++[files] returns noop
expand: %{User-Name} - John
rlm_sql (sql): sql_set_user escaped user -- 'John'
rlm_sql (sql): Reserving sql socket id: 4
expand: SELECT name,value FROM checking WHERE name =
'%{SQL-User-Name}' - SELECT name,value FROM checking WHERE name = 'John'
query: SELECT name,value FROM checking WHERE name = 'John'
rlm_sql: The 'Attribute' field is empty or NULL, skipping the entire row.
rlm_sql (sql): Error getting data from database
rlm_sql (sql): SQL query error; rejecting user
rlm_sql (sql): Released sql socket id: 4
++[sql] returns fail
Invalid user: [John/1] (from client localhost port 0)
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - John
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 208 to 127.0.0.1 port 32835
Waking up in 4.9 seconds.
Cleaning up request 0 ID 208 with timestamp +17
Ready to process requests.
With Regards
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Setting up a new database schema
Hi, I am trying to make a new database schema in Ms Sql in order to read the user name and password only, how do I change the SQL queries in the coniguration files, i've change in the dialup.conf of mssql directory. Is there any configuration file to change so that it can be read only from my customize table.. Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unable to connect to data source
hi,
I am trying to connect Ms SQL with free radius, I've configure all the
related packages like freeTDS and unixodbc , and both of the package work
well when I test using tsql and isql. But when I try to link with free
radius, the following errors shows.Please tell what might be the proble for
the following errors.
rlm_sql (sql): Driver rlm_sql_unixodbc (module rlm_sql_unixodbc) loaded and
linked
rlm_sql (sql): Attempting to connect to [EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_unixodbc #0
rlm_sql_unixodbc: SQL down 08001 [unixODBC][FreeTDS][SQL Server]Unable to
connect to data source
rlm_sql_unixodbc: Connection failed
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating acct_unique
With Regards
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Could not link driver rlm_sql_mysql.so
hi, I couldn't be able to link the driver of mysql 5 with free radius 2.0.2due to this file rlm_sql_mysql.so. I couldn't locate this file in my entire system. I've gone througe all the faq's, but it doesn't work. the error's still there. The errors look like this. rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[124]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[34]: Errors parsing authorize section. With Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql_mysql.so where do I locate this file and its associated files for CentOS to run freeRadius and MySQL
Hi, I am trying to build a radius with free radius 2.0.0 using MySql 4.1.2and I am getting the following errors rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[124]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[34]: Errors parsing authorize section. where do I locate this file With Regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Could not link driver rlm_sql_mysql
Hi Alan, Thanks for helping me in configuring my freeradius with mysql. I've uncommented the sql in the file /usr/local/etc/raddb/sites-enabled/default . And now I've seen message trying to commucinate with mysql. But still there is a problem of not getting the mysql driver. I am using MySql 4.1.2. Please suggest to work out. Here is the piece of output emphasizing the errors. rlm_sql (sql): Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. /usr/local/etc/raddb/sql.conf[22]: Instantiation failed for module sql /usr/local/etc/raddb/sites-enabled/default[123]: Failed to find module sql. /usr/local/etc/raddb/sites-enabled/default[33]: Errors parsing authorize section. With Regards, Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
conneting to mysql
hi, In order to connect to mysql what are the necessary configuration files to be changed. regards, Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
help in basic configuration in connection mysql with freeradius
hi,
I am trying to use mysql database with free radius 2.0.0 for the first
time. I am using centOS 4.5 and mysql 4.1.2.The authentication works fine if
I am using the unix username and password. I modified some configurations
in radiusd.conf and sql.conf but it doesn't work. Please tell me the most
basic steps to configure freeradius with mysql.
Here is the log file while running in debugging mode:
[EMAIL PROTECTED] ~]# radiusd -X
FreeRADIUS Version 2.0.0, for host i686-pc-linux-gnu, built on Jan 29 2008
at 12:25:11
Copyright (C) 1999-2008 The FreeRADIUS server project and contributors.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file /usr/local/etc/raddb/radiusd.conf
including configuration file /usr/local/etc/raddb/proxy.conf
including configuration file /usr/local/etc/raddb/clients.conf
including configuration file /usr/local/etc/raddb/snmp.conf
including configuration file /usr/local/etc/raddb/eap.conf
including configuration file /usr/local/etc/raddb/sql.conf
including configuration file /usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file /usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file /usr/local/etc/raddb/policy.conf
including files in directory /usr/local/etc/raddb/sites-enabled/
including configuration file /usr/local/etc/raddb/sites-enabled/default
including dictionary file /usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir = /usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile = /usr/local/var/run/radiusd/radiusd.pid
user = root
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = no
log {
syslog_facility = daemon
stripped_names = no
file = /usr/local/var/log/radius/radius.log
auth = yes
auth_badpass = yes
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = johnson123
nastype = other
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = johnson123
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = status-server
ping_check = none
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = auto
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = NULL
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = md5
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
}
Module: Linked to sub-module rlm_eap_md5
Module: Instantiating eap-md5
Module: Linked to sub-module rlm_eap_leap
Module: Instantiating eap-leap
Module: Linked to
need help in using mySql for freeRadius server.
hi, I am a new user in free radius with mysql, i've configure all the necessary .config files (viz., sql.conf and radiusd.conf) of the free radius for connecting to the mysql, but i wouldn't be able to connect to mysql database. Please tell me how to check that my free radius server is already connected to mysql and when i used the Unix username and password it receives access-accept packets. I've tried http://wiki.freeradius.org/SQL_HOWTO also but the instructions given there is slightly different from the one I am using. I am using free radius 2.0.0. Please help me in configuring this to connect to mysql. with regards Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need help in using mySql for freeRadius server.
hi,
I am a new user in free radius with mysql, i've configure all the
necessary .config files (viz., sql.conf and radiusd.conf) of the free radius
for connecting to the mysql, but i wouldn't be able to connect to mysql
database. Please tell me how to check that my free radius server is already
connected to mysql and when i used the Unix username and password it
receives access-accept packets.
I've tried http://wiki.freeradius.org/SQL_HOWTO also but the instructions
given there is slightly different from the one I am using. I am using free
radius 2.0.0.
Please help me in configuring this to connect to mysql.
the debug log display like this
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 32771, id=218,
length=56
User-Name = john
User-Password = radpass
NAS-IP-Address = 192.168.1.227
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[unix] returns updated
rlm_realm: No '@' in User-Name = john, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type PAP
+- entering group PAP
rlm_pap: login attempt with password radpass
rlm_pap: Using CRYPT encryption.
rlm_pap: Passwords don't match
++[pap] returns reject
auth: Failed to validate the user.
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - john
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 218 to 127.0.0.1 port 32771
Waking up in 4.9 seconds.
Cleaning up request 0 ID 218 with timestamp +34
Ready to process requests.
with regards
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need help in using mySql for freeRadius server.
hi,
I am a new user in free radius with mysql, i've configure all the
necessary .config files (viz., sql.conf and radiusd.conf) of the free radius
for connecting to the mysql, but i wouldn't be able to connect to mysql
database. Please tell me how to check that my free radius server is already
connected to mysql and when i used the Unix username and password it
receives access-accept packets.
I've tried http://wiki.freeradius.org/SQL_HOWTO also but the instructions
given there is slightly different from the one I am using. I am using free
radius 2.0.0.
Please help me in configuring this to connect to mysql.
Debug of the server startup display like this
[EMAIL PROTECTED] etc]# radiusd -X
FreeRADIUS Version 2.0.0, for host
i686-pc-linux-gnu, built on Jan 29 2008 at
12:25:11
Copyright (C) 1999-2008 The FreeRADIUS server
project and contributors.
There is NO warranty; not even for
MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
You may redistribute copies of FreeRADIUS under
the terms of the
GNU General Public License.
Starting - reading configuration files ...
including configuration file
/usr/local/etc/raddb/radiusd.conf
including configuration file
/usr/local/etc/raddb/proxy.conf
including configuration file
/usr/local/etc/raddb/clients.conf
including configuration file
/usr/local/etc/raddb/snmp.conf
including configuration file
/usr/local/etc/raddb/eap.conf
including configuration file
/usr/local/etc/raddb/sql.conf
including configuration file
/usr/local/etc/raddb/sql/mysql/dialup.conf
including configuration file
/usr/local/etc/raddb/sql/mysql/counter.conf
including configuration file
/usr/local/etc/raddb/policy.conf
including files in directory
/usr/local/etc/raddb/sites-enabled/
including configuration file
/usr/local/etc/raddb/sites-enabled/default
including dictionary file
/usr/local/etc/raddb/dictionary
main {
prefix = /usr/local
localstatedir = /usr/local/var
logdir = /usr/local/var/log/radius
libdir = /usr/local/lib
radacctdir =
/usr/local/var/log/radius/radacct
hostname_lookups = no
max_request_time = 30
cleanup_delay = 5
max_requests = 1024
allow_core_dumps = no
pidfile =
/usr/local/var/run/radiusd/radiusd.pid
checkrad = /usr/local/sbin/checkrad
debug_level = 0
proxy_requests = yes
log {
syslog_facility = daemon
stripped_names = no
file =
/usr/local/var/log/radius/radius.log
auth = no
auth_badpass = no
auth_goodpass = no
}
security {
max_attributes = 200
reject_delay = 1
status_server = yes
}
}
client localhost {
ipaddr = 127.0.0.1
require_message_authenticator = no
secret = johnson123
nastype = other
}
radiusd: Loading Realms and Home Servers
proxy server {
retry_delay = 5
retry_count = 3
default_fallback = no
dead_time = 120
wake_all_if_all_dead = no
}
home_server localhost {
ipaddr = 127.0.0.1
port = 1812
type = auth
secret = johnson123
response_window = 20
max_outstanding = 65536
zombie_period = 40
status_check = status-server
ping_check = none
ping_interval = 30
check_interval = 30
num_answers_to_alive = 3
num_pings_to_alive = 3
revive_interval = 120
status_check_timeout = 4
}
home_server_pool my_auth_failover {
type = fail-over
home_server = localhost
}
realm example.com {
auth_pool = my_auth_failover
}
realm LOCAL {
}
radiusd: Instantiating modules
instantiate {
Module: Linked to module rlm_exec
Module: Instantiating exec
exec {
wait = yes
input_pairs = request
shell_escape = yes
}
Module: Linked to module rlm_expr
Module: Instantiating expr
Module: Linked to module rlm_expiration
Module: Instantiating expiration
expiration {
reply-message = Password Has Expired
}
Module: Linked to module rlm_logintime
Module: Instantiating logintime
logintime {
reply-message = You are calling
outside your allowed timespan
minimum-timeout = 60
}
}
radiusd: Loading Virtual Servers
server {
modules {
Module: Checking authenticate {...} for more
modules to load
Module: Linked to module rlm_pap
Module: Instantiating pap
pap {
encryption_scheme = auto
auto_header = no
}
Module: Linked to module rlm_chap
Module: Instantiating chap
Module: Linked to module rlm_mschap
Module: Instantiating mschap
mschap {
use_mppe = yes
require_encryption = no
require_strong = no
with_ntdomain_hack = no
}
Module: Linked to module rlm_unix
Module: Instantiating unix
unix {
radwtmp = NULL
}
Module: Linked to module rlm_eap
Module: Instantiating eap
eap {
default_eap_type = md5
timer_expire = 60
How to connect to mySql
hi, I am a new user in free radius server, i wanted to keep the username/password in mySql database. I've read almost all the radiusd.conffile to make through, but it doesn't help, please help me to configure to connect the database to make it work. Thanks, with regards, Elangbam Johnson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
need help in using free radius
Hi,
When I first run the free Radius using the command
radtest test test localhost 0 testing123 i found the following errors.
Please help
rad_recv: Access-Request packet from host 127.0.0.1 port 32775, id=80,
length=56
User-Name = test
User-Password = test
NAS-IP-Address = 192.168.1.227
NAS-Port = 0
+- entering group authorize
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
++[unix] returns notfound
rlm_realm: No '@' in User-Name = test, looking up realm NULL
rlm_realm: No such realm NULL
++[suffix] returns noop
rlm_eap: No EAP-Message, not doing EAP
++[eap] returns noop
++[files] returns noop
++[expiration] returns noop
++[logintime] returns noop
rlm_pap: WARNING! No known good password found for the user. Authentication
m ay fail because of this.
++[pap] returns noop
auth: No authenticate method (Auth-Type) configuration found for the
request: Re jecting the user
auth: Failed to validate the user.
Found Post-Auth-Type Reject
+- entering group REJECT
expand: %{User-Name} - test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 80 to 127.0.0.1 port 32775
Waking up in 4.9 seconds.
Cleaning up request 0 ID 80 with timestamp +31
Ready to process requests.
With Regards,
Elangbam Johnson
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
