Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons...
Hi all,
Doing some trials with freeradius 2.x with the intention of moving from
1.1.7
I have an odd problem with mikrotik nas.
An account with download limit will not enforce the limit on the first
logon but will on subsequent logons.
On the first logon, no limit is imposed in mikrotik and the account can
use unlimited traffic. If I log off then log on again, the limit is
enforced... (I have checked in winbox and the limit bytes in column is
not populated on first logon).
It is taking me a while to get use to v2 of freeradius.
Tks
Setup details below:
User account has attribute Mikrotik-Xmit-Limit := 10471200 in radcheck
Do I need to have something in radreply as this is where the shaping is
done?
In: sql/mysql/counter.conf
sqlcounter downloadbytecounter {
counter-name = Mikrotik-Xmit-Limit
check-name = Mikrotik-Xmit-Limit
reply-name = Mikrotik-Xmit-Limit
sqlmod-inst = sql
key = User-Name
reset = never
query = SELECT SUM(acctoutputoctets) FROM radacct WHERE
username='%{%k}'
}
In sites-available/default
authorize {
downloadbytecounter
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mikrotik-Xmit-Limit - Not enforced on first logon but is on subsequent logons...
Sorry, forgot to mention it is a routeros hotspot setup. Ok I have added “Mikrotik-Xmit-Limit” for the account to radreply as well and can confirm the download megabyte limit is now enforced on first logon. Is this the best way to do it? Am I doing something wrong? Tks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Stale Sessions
Thanks for the reply. However, these are Internet customers coming from DSL or Dial up. I assume the Cisco and portmasters are sending unique session IDs. I will try creating a session timeout of 2 days, then create a script for updating the accounting stop time. Thanks all. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, April 11, 2008 12:40 PM To: FreeRadius users mailing list Subject: Re: Stale Sessions Hi, No one has any ideas or suggestions? If I can solve this issue I will have a 'perfect' freeradius installation. And FYI I upgraded my server to a dual core 2BG of RAM and still the same issue resides. radutmp issueS? what are you using to make sessions unique? perhaps they are not unique enough. also, some NASs do have issues with sending this sort of thing properly. most posts on this topic have, historically, stated that if you have a session time-out of eg 1 hour, then just run a script which will close any session that has not bene updated for at least an hour - because ,logically, that session is now dead and gone. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Stale Sessions
No one has any ideas or suggestions? If I can solve this issue I will have a 'perfect' freeradius installation. And FYI I upgraded my server to a dual core 2BG of RAM and still the same issue resides. Thanks, Shane From: Shane McKinley Sent: Tuesday, April 08, 2008 11:17 AM To: 'freeradius-users@lists.freeradius.org' Subject: Stale Sessions I have searched and searched, read the archives, etc. I feel that I may have a unique problem and just missing a piece of the puzzle. I have been running freeradius with a mysql database for over a year now. It is very stable and I am generally pleased. I have been having stale session issues on every one of my NASes. They range from Cisco 7200, Cisco 2600, and Livingston Portmasters. They all have stale sessions in the mysql database that never recieve a stop time. I am almost certain there are no network issues because it seems that start packets are never lost or update packets either. This is the aaa config on my Ciscos: aaa new-model ! ! aaa authentication login default local group radius aaa authentication login telnet line aaa authentication ppp default if-needed local group radius aaa authorization network default local group radius aaa authorization network iemcdslauth group radius local aaa accounting delay-start aaa accounting update newinfo aaa accounting network default start-stop group radius aaa session-id common ! radius-server attribute nas-port format d radius-server host X.X.X.X auth-port 1645 acct-port 1646 radius-server key 7 XXX So the question is, why are my NASs not sending stop packets, or why is the freeradius server not processing the stop packets? Is this a common problem? Feel free to also point me to some documents that may be of assistance. Maybe I don't have enough resources to process the commands? I have about 1500 users. This is my setup: openSuSE 10.2 Freeradius 1.1.13 MySQL 5.0.26 128MB RAM Pentium III Thanks for any help, Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stale Sessions
I have searched and searched, read the archives, etc. I feel that I may have a unique problem and just missing a piece of the puzzle. I have been running freeradius with a mysql database for over a year now. It is very stable and I am generally pleased. I have been having stale session issues on every one of my NASes. They range from Cisco 7200, Cisco 2600, and Livingston Portmasters. They all have stale sessions in the mysql database that never recieve a stop time. I am almost certain there are no network issues because it seems that start packets are never lost or update packets either. This is the aaa config on my Ciscos: aaa new-model ! ! aaa authentication login default local group radius aaa authentication login telnet line aaa authentication ppp default if-needed local group radius aaa authorization network default local group radius aaa authorization network iemcdslauth group radius local aaa accounting delay-start aaa accounting update newinfo aaa accounting network default start-stop group radius aaa session-id common ! radius-server attribute nas-port format d radius-server host X.X.X.X auth-port 1645 acct-port 1646 radius-server key 7 XXX So the question is, why are my NASs not sending stop packets, or why is the freeradius server not processing the stop packets? Is this a common problem? Feel free to also point me to some documents that may be of assistance. Maybe I don't have enough resources to process the commands? I have about 1500 users. This is my setup: openSuSE 10.2 Freeradius 1.1.13 MySQL 5.0.26 128MB RAM Pentium III Thanks for any help, Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type = System not working
Alan DeKok wrote:
Shane [EMAIL PROTECTED] wrote:
Read radiusd.conf, and look for /etc/passwd. Odds are that you
enabled caching of /etc/passw. There's a reason it's not enabled by
default, it doesn't work on FreeBSD. Which is explicitly documented.
No, that isn't the cause as I have the following in radiusd.conf:
...
unix {
# allowed values: {no, yes}
cache = no
OK...
# This is required for some systems, like FreeBSD,
# and Mac OSX.
passwd = /etc/passwd
Those should be commented out.
Maybe radiusd doesn't have permission to call getpwent()? See the
comments around the unix module in radiusd.conf.
Alan DeKok.
Thanks Alan. The lines:
passwd = /etc/passwd
shadow = /etc/shadow
group = /etc/group
should be commented out for FreeBSD even though in radiusd.conf the
comment directly above states This is required for some systems, like
FreeBSD, and Mac OS
I missed the comment previous to this one which totally changes the
meaning of the quoted comment above. Maybe that blank line should be
removed between such comments to help some other newbie avoid similar
problems.
Thanks again,
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type = System not working
Alan DeKok wrote:
Maillists [EMAIL PROTECTED] wrote:
but I know 100% that the password is correct. What appears to be
happening (determined from hours of frustrating testing) is Freeradius
(rlm_unix) is looking for the users passwords in the /etc/passwd file
but my /etc/passwd file doesn't contain any passwords:
test:*:1003:1003:Test User:/home/test:/bin/sh
my /etc/master.passwd file does:
test:$1$RlHYm4Ca$QhlYcYV7BqIjTF.UQ4pTX/:1003:1003::0:0:Test
User:/home/test:/bin/sh
Read radiusd.conf, and look for /etc/passwd. Odds are that you
enabled caching of /etc/passw. There's a reason it's not enabled by
default, it doesn't work on FreeBSD. Which is explicitly documented.
Alan DeKok.
No, that isn't the cause as I have the following in radiusd.conf:
# Unix /etc/passwd style authentication
#
unix {
# allowed values: {no, yes}
cache = no
# Reload the cache every 600 seconds (10mins). 0 to
# disable.
cache_reload = 600
# This is required for some systems, like FreeBSD,
# and Mac OSX.
passwd = /etc/passwd
shadow = /etc/master.passwd
group = /etc/group
#
radwtmp = ${logdir}/radwtmp
}
I'm assuming the cache_reload=600 doesn't matter as it the cache was
disabled earlier in the code. Any other things I should check to get
Auth-Type = System working?
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Thanks Alan
Or buy the coders a beer :-) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] dius.org] On Behalf Of Sean Sent: Tuesday, 14 February 2006 5:13 AM To: freeradius-users@lists.freeradius.org Subject: Thanks Alan On Mon, 2006-02-13 at 19:58 +0100, [EMAIL PROTECTED] wrote: Phil Mayers [EMAIL PROTECTED] wrote: Alan, in case anyone hasn't said it recently - you do an excellent job maintaining this project under difficult conditions. You have my and I suspect many other peoples sincere gratitude, and I can only hope it's as rewarding for you as it is helpful for us. Thanks. FreeRADIUS is being used as part of the core product in at least 3 startups I know of, and possibly as many as 5. It's at the point now where it's getting me more professional attention than my other work activities. Alan DeKok. Alan, I'd like to add my thanks also. FreeRadius is at the core of swarmhotspots.com and I'm amazed at the help and support that is available from you and the open source community. The best way to show your appreciation is to contribute something back. Regards, Sean http://swarmhotspots.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: return ALL the AVPs for a username that belongs multiple groups
Lenir wrote: Can anyone please help me with this? Thanks, Lenir Just a thought. Create a 3rd group with the attributes you need? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Lenir Sent: Wednesday, November 02, 2005 7:34 PM To: 'FreeRadius users mailing list' Subject: RE: return ALL the AVPs for a username that belongs multiple groups Here's the rest of my config. Notice, that username 3000 belongs to group Dialin and Dialin2. The user can register fine, however in this case the Access-Accept packet only returns the AVPs related to group Dialin (I'm guessing is because it's the first one that it matches). mysql select * from radcheck; ++--+---++--+ | id | UserName | Attribute | op | Value| ++--+---++--+ | 1 | Jhassell | Password | == | changeme | | 2 | Rneis| Password | == | changeme | | 3 | 1000 | Password | == | 1000 | | 4 | 2000 | Password | == | 2000 | | 5 | 3000 | Password | == | 3000 | ++--+---++--+ 5 rows in set (0.00 sec) mysql select * from radreply; Empty set (0.00 sec) mysql select * from usergroup; ++--++ | id | UserName | GroupName | ++--++ | 1 | Jhassell | Dialin | | 2 | Rneis| Staticdial | | 3 | 1000 | Dialin | | 4 | 2000 | Dialin | | 5 | 3000 | Dialin | | 6 | 3000 | Dialin2| ++--++ 6 rows in set (0.00 sec) mysql select * from radgroupcheck; Empty set (0.00 sec) mysql select * from radgroupreply; ++---+---++--+-- ---+ | id | GroupName | Attribute | op | Value| prio | ++---+---++--+-- + | 1 | Dialin| Reply-Message | = | Authenticated by group Dialin | 0 | | 2 | Dialin2 | SIP-AVP | = | Cust-AVP:feat_2 | 0 | | 3 | Dialin| SIP-AVP | = | Cust-AVP:feat_1 | 0 | ++---+---++--+-- + 3 rows in set (0.00 sec) mysql select * from radpostauth; Empty set (0.00 sec) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Friday, October 28, 2005 1:34 PM To: FreeRadius users mailing list Subject: Re: return ALL the AVPs for a username that belongs multiple groups Lenir [EMAIL PROTECTED] wrote: Radius replies with the AVPs of the first group that it matches that the user belongs to. Instead of returning all the AVPs for all the groups that the user belongs to. The example you posted didn't include groups or reply AVP's. So I guess the question is, can a user belong to multiple groups? If so, how can radius reply with all the AVPs that correspond to ALL the groups that the user belongs to? Yes, and you configure the server to do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RHEL v3 and rlm_eap linking problems
Freeradius 1.0.5 is being installed on a RHEL v3 AMD86_64 box. Freeradius is configured to install and operate within my directory space. Compilation went fine (under my username). But when I tried installing from my account, errors were seen from libtool for some of the modules (rlm_eap) and the server couldn't find some module files. I destroyed the installation directory tree and changed to root then reinstalled. Everything installed (and worked) fine. After comparing the two install logs, I found that when installed as root, the installer used the libtool from the freeradius package. But when installed from my account, the installer used the system libtool (and many issues occurred due to this). More odd is that the libtool command contained a full path specification - so it wasn't due to account PATH differences. Is this a known issue or is it expected for some reason? Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Grab caller id and insert into radcheck how to
Jonathan De Graeve wrote:
You should use: IF NOT EXISTS
Thanks Jonathan, I did some more testing today and came up with
something that works for us...
Shane
Hi all,
I an attempting to add an additional attribute upon the first login for
user accounts and I am a bit lost.
The way I am testing this is with postauth query.
postauth_query = INSERT into ${authcheck_table} (id, UserName,
Attribute, op, value) values('', '%{SQL-User-Name}',
'Calling-Station-Id', '==', '%{Calling-Station-Id}' )
This works great but it adds a new record every time the user
successfully authenticates. Not a problem really but there are also
users I don't need to lock to a caller id.
I tried using postauth_query = UPDATE in various ways but I just can't
get my head around it.
If I manually create an entry in radcheck for a user with the attribute
Calling-Station-Id and a NULL value, then the user can't login
obviously.
Does anybody have any ideas how to have this attribute somehow
dynamically created when the user first logs in if they are a member of
a group and ultimately not create it if the record already exists?
Any ideas or pointers greatly appreciated.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Grab caller id and insert into radcheck how to
Hi all,
I an attempting to add an additional attribute upon the first login for
user accounts and I am a bit lost.
The way I am testing this is with postauth query.
postauth_query = INSERT into ${authcheck_table} (id, UserName,
Attribute, op, value) values('', '%{SQL-User-Name}',
'Calling-Station-Id', '==', '%{Calling-Station-Id}' )
This works great but it adds a new record every time the user
successfully authenticates. Not a problem really but there are also
users I don't need to lock to a caller id.
I tried using postauth_query = UPDATE in various ways but I just can't
get my head around it.
If I manually create an entry in radcheck for a user with the attribute
Calling-Station-Id and a NULL value, then the user can't login
obviously.
Does anybody have any ideas how to have this attribute somehow
dynamically created when the user first logs in if they are a member of
a group and ultimately not create it if the record already exists?
Any ideas or pointers greatly appreciated.
Thanks
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Control user logins by NAS
That did the trick.Thanks Christian
Shane
Christian Meutes wrote:
Create a group in your sql database, then assign the the users to this group and
give the group a check-item.
insert into radgroupcheck (GroupName,Attribute,op, Value) values
('your_group_name',NAS-IP-Address','==','ip_address');
If you want that a group can itself successfully authenticate through connect
from more than one nas, i think you have to define all nas's with a negated
operator '!=' from that the group/user is NOT allowed to connect/authenticate.
Hi all,
How can I control what groups can authenticate on what nas.
I would like to create a batch of users and assign those users to only
sucessfully login from a particular nas (or list of nas's)
I have freeradius 1.04 and use sql for the user/password combinations
Group 30 mins
Simultanious Use := 1
Idle Timeout = 600
Max All Sessions := 1800
It is a wireless hotspot setup.
Do I need to use huntgroups or can I add an attribute to the group?
Thanks in advance
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Control user logins by NAS
Hi all, How can I control what groups can authenticate on what nas. I would like to create a batch of users and assign those users to only sucessfully login from a particular nas (or list of nas's) I have freeradius 1.04 and use sql for the user/password combinations Group 30 mins Simultanious Use := 1 Idle Timeout = 600 Max All Sessions := 1800 It is a wireless hotspot setup. Do I need to use huntgroups or can I add an attribute to the group? Thanks in advance Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius + chillispot + PDA
yuniva wati wrote: I have some problem, can we use freeradius and chillispot as a login window show at PDA?? because that i know, freeradius use at personal computer or notebook. thanks This is a chillispot related question so you are going to have to modify the login page to be PDA friendly. (not sure if it is already) The PDA doesn't know (or care) about what the radius backend is. Regards Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can Calling-Station-Id be proxied
Hi, Does freeradius proxy the Calling-Station-Id ? I am sending a realm to another radius server that will record the mac address of the users computer. Effectivly locking the user login to the mac address. It seems the Calling-Station-Id is not proxied to the main server. *** Sending Access-Request of id 4 to 127.0.0.1:1820 User-Name = test User-Password = test NAS-IP-Address = 10.0.0.100 Proxy-State = 0x33 *** Is ther a way to send additional details with the proxy request? Thanks - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Chillispot FreeRadius
I don't understand, Chilli is running on a WRT54G AP under DD-WRT and directing users to the login. What sends the Radius requests Chilli or the CGI script? The chilli daemon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attach mac address to username
Joachim Bloche wrote:
Would your suggestion be automatic or would I need to manually add the
attribute.
I think you can do it automatically, provided your NAS sends
Calling-Station-Id with the authentication request. In this case you
may rewrite the post-auth request to add the row in radcheck (see
sql.conf). But I'm quite new to freeradius, and there may be 2 issues
: I'm not sure wether it's possible to use an INSERT in post-auth, and
I'm not sure wether the NAS will send the calling-station-id with the
authentication-request (but if it doesn't, there will be no
solution...). Anyway, this will be easy to check, but I have no radius
server for the week-end.
If this doesn't work, then you'll have to use a trigger or any other
mean, in order to insert the row in radcheck when the first accounting
start for this user occurs. This would be less convenient, but still
not very complicated.
Joachim
Ok I don't know how to do it.
Am I after something like this and where do I call it in sql.conf
INSERT into ${authcheck_table} (id, UserName, Attribute, op, value)
values('', '%{SQL-User-Name}', 'Calling-Session-Id', '==',
'%{Called-Station-Id}')
Thanks
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: session id used in checkrad
Richard Cotrina wrote:
When using Simultaneous-Use, after the session database (either
radutmp or sql) is checked, what is the session id value used by
checkrad ? Is it the value from Acct-Session-Id ?
I'm using sql to check Simultaneous-Use, and the radacct table only has a
column called AcctSessionId which refers to Acct-Session-Id attribute.
The trouble I'm having is that my NAS session id is different from
Acct-Session-Id logged by accounting, and that cause checkrad to not work
correctly.
I'm using a Cisco NAS, with Login-User sessions, which Session IDs can
be seen using show aaa sessions command. They have not the same values
stored in freeradius accounting in the attr Acct-Session-Id.
Any ideas on what could be wrong ?
Richard Cotrina
Doesn't it just look for AcctStopTime = 0 and know the user is still
logged in? (or no account stop packets have been received)
In sql.conf
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How are you guys able to get this working?
Are there compile options to include libs for mysql connectivity? I ask because when I compile again.. I still am missing that file. Perhaps it's time to just compleatly reinstall the OS - make sure that I am back to square one. -Blake- You could try ./configure --with-experimental-modules make make install - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Webmin Module
Me wrote: I almost hate to post this because in my searches I have seen this question posted many times, just haven't really seen an answer. So, here goes.. Is there a Webmin module for FreeRadius? If not, is there a list of GUIS somewhere for FreeRadius? Thanks! -- Private Label Wholesale Internet Access! http://www.YourOwnISP.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Give dialup_admin a try. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attach mac address to username
Joachim Bloche wrote:
eg: would I have to add the table.
radcheck
id - - - - - - - - 4567
UserName - - user1
Attribute - - - Calling-Session-Id
op - - - - - - - :=
Value - - - - - 000bcdfxxx
I think this example is OK, but the op which should be '==' (':='
always matches and sets a freeradius parameter, I don't think that's
what we're looking for).
I seem to get these parameters mixed up all the time. must read doc's
again
Looking at radacct, I am receiving CallingStationID which appears to
be the mac of the connecting client.
You're right, it is Calling-Station-Id, not session... apologizes.
Would your suggestion be automatic or would I need to manually add the
attribute.
I think you can do it automatically, provided your NAS sends
Calling-Station-Id with the authentication request. In this case you
may rewrite the post-auth request to add the row in radcheck (see
sql.conf). But I'm quite new to freeradius, and there may be 2 issues
: I'm not sure wether it's possible to use an INSERT in post-auth, and
I'm not sure wether the NAS will send the calling-station-id with the
authentication-request (but if it doesn't, there will be no
solution...). Anyway, this will be easy to check, but I have no radius
server for the week-end.
If this doesn't work, then you'll have to use a trigger or any other
mean, in order to insert the row in radcheck when the first accounting
start for this user occurs. This would be less convenient, but still
not very complicated.
Joachim
I will perform some tests this week and see if I can nut this one out.
Thanks again for your help Joachim
Shane
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Attach mac address to username
Is there a way to dynamically attach the mac of the users pc to the username who has logged in? This way I can stop people sharing the same username/password combination on different pc's. Using the post-auth requests, you can add a Calling-Session-Id for the concerned user in the radcheck table, only if doesn't already have one. This way, and provided your NAS sends this attribute with each authentication request, only the user with correct MAC address will be authorized. Regards, Joachim Thanks for the reply Loachim, Would your suggestion be automatic or would I need to manually add the attribute. eg: would I have to add the table. radcheck id - - - - - - - - 4567 UserName - - user1 Attribute - - - Calling-Session-Id op - - - - - - - := Value - - - - - 000bcdfxxx Looking at radacct, I am receiving CallingStationID which appears to be the mac of the connecting client. Would this be a way to check if the user has logged in before and see if the mac address is the same as the original login? Then deny if username/mac combination is not the same. This would offer the self management I am hoping to achieve. Thanks Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attach mac address to username
I have built a small hotspot at a hotel and have sucessfully found out all I needed by STF STW so far. I must be using the wrong search phrases as I haven't come accross anything like what I am trying to do. Currently using freeradius 1.0.1 with chillispot on my nas with the following attributes in the mysql database. Simultaneous-Use Max-All-Session Idle-Timeout I would like to provide username/password combinations that allow 24 hour access only to the original mac address that sucessfully logged in. Is there a way to dynamically attach the mac of the users pc to the username who has logged in? This way I can stop people sharing the same username/password combination on different pc's. Is thas possible? Thanks Shane - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
basic failure from intital install. doesnt make sense
All,
I
have just installed Free-Radius for my first time as a previous FUNK user and I
am having stupid errors when testing initial authentication. Here is hat is
happeneing: Any help is greatly appreciated. The end goal is to use this with a
Redback SE BRAS. Thanks in advance.
-
installed Free Radius and had no
errors. I run radiusd Ayx:
[EMAIL PROTECTED]
bin]# ps -ef | grep radiusd
root
7083 9621 0 10:06 pts/2 00:00:00 radiusd Ayx
-
Used /usr/local/bin/radtest and I
get :
./radtest REDBACK passwd localhost:1812 1812 testing123
Sending Access-Request of id 192 to 127.0.0.1:1812
User-Name =
REDBACK
User-Password =
passwd
NAS-IP-Address =
yuengling.netops.talk.com
NAS-Port = 1812
Re-sending Access-Request of id 192 to 127.0.0.1:1812
User-Name =
REDBACK
User-Password =
j\355\222!\370\032R\n\031\233L\354\247\345\311q
NAS-IP-Address =
yuengling.netops.talk.com
NAS-Port = 1812
rad_recv: Access-Reject packet from host 127.0.0.1:1812,
id=192, length=20
#snippet from users ##
REDBACK Auth-Type := Local, User-Password ==
passwd
PVC-Encapsulation-Type = Route-1483
snippet from
clients.config
client 127.0.0.1 {
#
# The
shared secret use to encrypt and sign packets between
# the NAS
and FreeRADIUS. You MUST change this secret from the
# default,
otherwise it's not a secret any more!
#
# The
secret can be any string, up to 32 characters in length.
#
secret = testing123
#
# The short
name is used as an alias for the fully qualified
# domain
name, or the IP address.
#
shortname = localhost
}
###
Shane Gingell
Manager of IP Engineering
Talk America Inc.
Desk: 703-391-7545
Cell: 703-856-7606
--
Internal Virus Database is out-of-date.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.5.5 - Release Date: 3/1/2005
