RE: Multiple Accounting in Radacct
Hi all. Thanks for your reply gunther. Can you explain a bit of what might happen when radius start duplicating/recording/receiving the same user information 3 times in a row and some cases might be more, maximum i got is 7 times in mysql database. what brings u to that solution? Or is there anyone else who got similar problems before? user get connection but recorded until 7 times within 40 seconds! Is this come from NAS or radius server conifguration or MySQL? Thanks to all. Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1/min.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple Accounting in Radacct
Hi all. My radius server records to mysql database for every single user session for 3 times in three rows. similar records for 1 single user but the different is in mil.sec. What configuration in freeradius might done this? Is this because the NAS or th radius server? Thanks for any help. Blab-away for as little as 1ยข/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy request problem
Hi all. I'm using FR on FC4 and FC2, MySQL and NTRADPING to test user AAA process. I wanna test user authentication for realm/proxy setup. There are some question: 1. Do i need to place the additional realm/proxy server section after the LOCAL or before it in proxy.conf? 2. I used IPAddrs instead of name.domain.com in there. does it have any effect on the proxying process? 3. is the order of clients in clients.conf matter for proxy setup?eg- localhost first and then the other realm IP (again I used IPAddrs instead of name) 4. What is the actual flow of proxy request in FR if i used MySQL instead of users file? user request-autho module-realm module-proxy.conf-remote poxy server-remote/proxy sql server-response-local server-users 5. how the server diferentiate proxy request from a local request for a user? from current local access server? situation: from NTradping using port 1814 ! sending authentication request with remote server's username, password which stored in remote server's sql. Database. is this possible? 6. When I rcvd this message from local server that suppose to send proxy request to the other realms/proxy: ::Ignoring request from unkwown home server 1a.1b.1c.1d what is the server doing? 7. Should I set 'no' to ignore_null and ignore_default at the suffix setting in radiusd.conf so it can pass the request other type of realm (because i used IP and not setting a name for all the proxy)? Thanks for any reply. Need an Idea to set and test proxy in-lab for now...if documentation available for such test or setup are most welcome. Rgds Do you Yahoo!? With a free 1 GB, there's more in store with Yahoo! Mail.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting With Nocat Failed
Hi all. I'm using Linux RedHat 8, installed with NoCAT authentication server and gateway operating in ONE machine. I'm using Mysql as Accounting server and database. RADIUS server and MySQL server operates within the same machine (but saperate machine from NOCAT). We are using Sun Sparc 5 with solaris 8 for RADIUS and MYSQL server. Configuration in radiusd.conf, sql.conf and clients.conf is checked many time. Seems to be no problem there. this is the connection I tried to explain. || |-| || |sun PC | |linux PC | || | Sol-8 | |RH8 | || |sparc5 | |NoCatAuth| | USER | |RADIUS+ |---|+ NoCat |---|| |MYSQL | |Gateway | || |Server | | | || || |-| || | | V MYSQL DB When we try to do the Authentication thru Nocat, The user get the Internet Access (from our test). Even the Post-auth table in mysql is filled with information. But for Accounting, the radacct table remains empty even Accounting config is settle earlier. From the debugging mode, It should be fine. My question is regarding the accounting packet. Is it lost? droped? not send by the Gateway/Nocat? How to know that there is a process at least showing that the server trying to received the accounting packet if it's suddenly lost, or the NAS trying to send the accounting packet to the radius? From the previous setup, the Nocat authentication server is operating within the same machine with radius AAA server. After getting the proper patch setup, Accounting is successfully done, and recorded. But in this setup we are using linux PC for the RADIUS+mysql+NocatAuth server. Does anyone can give a clue why is this happen, base on those who works with Nocat+radius+Mysql Acct'ing, and Radius on Solaris environment before? Thanks in advanced for any help. Discover Yahoo! Get on-the-go sports scores, stock quotes, news and more. Check it out! http://discover.yahoo.com/mobile.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin.crfon
Hi I try to run the script (dialup_admin.cron) to allow auto update the totacct and mtotacct table. But what happen is I still need to run the totacct and mtotacct script manually or the .cron script;daily, to make an update in my database. I disable some script such truncate radacct, clean radacct from executing. Do I miss something to get this auto upodate done? Thanks. __ Do you Yahoo!? Yahoo! Small Business - Try our new resources site! http://smallbusiness.yahoo.com/resources/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Manip.pm can't be located??
When I try to run the log_badlogins script (perl log_badlogins) the following output appear: _ [EMAIL PROTECTED] bin]# perl log_badlogins Can't locate Date/Manip.pm in @INC (@INC contains: /usr/local/lib/perl5/5.8.6/i686-linux /usr/local/lib/perl5/5.8.6 /usr/local/lib/perl5/site_perl/5.8.6/i686-linux /usr/local/lib/perl5/site_perl/5.8.6 /usr/local/lib/perl5/site_perl .) at log_badlogins line 15. BEGIN failed--compilation aborted at log_badlogins line 15. Where is the @INC located? Manip.pm is already located at the /Date directory. I'm sure it is there. But what is the @INC and why its contain the path to some directories.What should this directory contain that make it used by the log_badlogin scripts? Please help. thanks in advanced. P/S-My totaccts and mtotaccts run successfully. thank you to any help on that. __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mtotacct, totacct and badlogin scripts problem
Hi I try to run mtotacct and totact scripts but these is what i get _ DELETE FROM mtotacct WHERE AcctDate = '2005-03-01'; INSERT INTO mtotacct (UserName,AcctDate,ConnNum,ConnTotDuration, ConnMaxDuration,ConnMinDuration,InputOctets,OutputOctets,NASIPAddress) SELECT UserName,'2005-03-01',SUM(ConnNum),SUM(ConnTotDuration), MAX(ConnMaxDuration),MIN(ConnMinDuration),SUM(InputOctets), SUM(OutputOctets),NASIPAddress FROM totacct WHERE AcctDate = '2005-03-01' AND AcctDate = '2005-03-08' GROUP BY UserName,NASIPAddress; ERROR 1045: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) __ The user password in admin.conf had been entered as shown: sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: root sql_password: password sql_database: radius Or is there other file where I should specify the mysql password? When I try to run the log_badlogin scripts the following output produced: ### Malformed UTF-8 character (unexpected non-continuation byte 0x78, immediately after start byte 0xf3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488. Malformed UTF-8 character (unexpected non-continuation byte 0x78, immediately after start byte 0xf3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488. Malformed UTF-8 character (unexpected non-continuation byte 0x6c, immediately after start byte 0xfa) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6489. Malformed UTF-8 character (unexpected non-continuation byte 0x6c, immediately after start byte 0xfa) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6489. Malformed UTF-8 character (1 byte, need 3, after start byte 0xe3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6497. Malformed UTF-8 character (unexpected non-continuation byte 0x73, immediately after start byte 0xea) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6501. Could not open file ### What file it couldn't open? Do I need to restore the Manip.pm? Anything else happen here? Appriciate to any help. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Mtotacct+totacct+logbadlogin scripts not running
Hi I try to run mtotacct and totact scripts but these is what i get * DELETE FROM mtotacct WHERE AcctDate = '2005-03-01'; INSERT INTO mtotacct (UserName,AcctDate,ConnNum,ConnTotDuration, ConnMaxDuration,ConnMinDuration,InputOctets,OutputOctets,NASIPAddress) SELECT UserName,'2005-03-01',SUM(ConnNum),SUM(ConnTotDuration), MAX(ConnMaxDuration),MIN(ConnMinDuration),SUM(InputOctets), SUM(OutputOctets),NASIPAddress FROM totacct WHERE AcctDate = '2005-03-01' AND AcctDate = '2005-03-08' GROUP BY UserName,NASIPAddress; ERROR 1045: Access denied for user: '[EMAIL PROTECTED]' (Using password: NO) __ The user password in admin.conf had been entered as shown: sql_type: mysql sql_server: localhost sql_port: 3306 sql_username: root sql_password: password sql_database: radius Or is there other file where I should specify the mysql password? When I try to run the log_badlogin scripts the following output produced: ### Malformed UTF-8 character (unexpected non-continuation byte 0x78, immediately after start byte 0xf3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488. Malformed UTF-8 character (unexpected non-continuation byte 0x78, immediately after start byte 0xf3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6488. Malformed UTF-8 character (unexpected non-continuation byte 0x6c, immediately after start byte 0xfa) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6489. Malformed UTF-8 character (unexpected non-continuation byte 0x6c, immediately after start byte 0xfa) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6489. Malformed UTF-8 character (1 byte, need 3, after start byte 0xe3) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6497. Malformed UTF-8 character (unexpected non-continuation byte 0x73, immediately after start byte 0xea) at /usr/lib/perl5/vendor_perl/5.8.0/Date/Manip.pm line 6501. Could not open file ### What file it couldn't open? Is it Manip.pm?Do I need to restore the Manip.pm or anything else happen here? Is there any other way to run the scripts, allowing them automatically filling tables in the sql database? Appriciate any help. Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password entry in dialup admin
Hi. When I entering the value for some user, with the admin.conf set to crypt, the value inserted in the db are encrypted. So when that new user try to login to the network, he get deny access message. so how can the ecryption can be a help avoiding the data to be exposed,at the same time allowing him to get the network access? How is the crypt,md5,clear in the dialup admin admin.conf file is set when we want the process of sending the data secured at the same time only particular or specified administrator responsible for that user can view and change the password at any time, and still secured? __ Celebrate Yahoo!'s 10th Birthday! Yahoo! Netrospective: 100 Moments of the Web http://birthday.yahoo.com/netrospective/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup-Admin-badusers, mtotacct totacct table not filled.
Hi, My problem is at the dialup admin. I'm using NoCat Gateway as the Client and a linux PC's for my FR server. These three tables inside my MySQL db seems not filled. I try to run the log_badlogins scripts but it there is an error saying that sql binary file could not be found. From the admin.conf, the path is correct. The error message state : ..sql binary file not found. make sure $sqlcmd variable points to right location. How to make the server to use the related scripts and write it in totacct table, mtotacct table and the badusers table? Which other file do I need to change to make the table filled during accounting process? Thanks. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MAC address in Radacct
Hi In my radacct table, under the calling station ID attribute field, I get this value. |CallingStationID | |00:04:75:FC:09:5A| From what i get in the RFC 2865,this Attribute allows the NAS to send in the Access-Request packet the phone number that the call came from, using Automatic Number Identification (ANI) or similar technology.Is it suppose to be the phone number? Since what appear in my dialup admin accounting table, the attribute field are named callerID, and containing the same value (|00:04:75:FC:09:5A|).Can someone help to clarify me what is the difference between CallerID (in dialup admin) and CallingStationID (in the radacct table of mysql DB)? Another thing is there any ERD or any type of diagram that explain the operation of dialupadmin that I can refer? Thanks to all. __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius+Nocat
Hi To anyone who tried radius with Nocat gateway. In Nocat, there is a patch called RADIUS.pm that send the details of accounting information to the radius server. how ever, there is a problem where not all attribute that we need came out to the radacct table. Has anyone know how to make the RADIUS.pm patch compliant with RFC 2865, because of the missmatch some where in the codes of RADIUS.pm causing some AVP not available for radius accounting purposes. Thanks. __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Password entry in dialup admin
Hi guys. When I entering the value for some user, with the admin.conf set to crypt, the value inserted in the db are encrypted. So when that new user try to login to the network, he get deny access message. so how can the ecryption can be a help avoiding the data to be exposed,at the same time allowing him to get the network access? How is the crypt,md5,clear in the dialup admin admin.conf file work? __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Attributes Remain Empty in radacct
Hi
RH 8
NoCat Gateway+NocatAuthserver on linux
FR 1.0.*
I have some problems with my accounting data. We let
the radius server to write accounting data inside the
detail log files. We use RADIUS.pm to add some
attributes and get their values on accounting process,
and it works but not for all. values like
framedipaddress
stop/startconnnectioninfo
terminatecause
NASportType
calledstationid
are still unavailable both in radacct and detail file.
Do we need to enable any scripts through some
configuration file to write it in radacct or detail
log files?
Some of these attr values are available in the other
table in radius db (same db for radacct).Can just the
value be returned from that table (radreply) as
authentication get the return value for the
framedIPaddress (eg)?
From the dictionary, some of the attributes have many
value, and how is the value being recorded to radacct?
Is it automatically detected (intelligently) by
dedicated NAS machine (since I used Linux as my RADIUS
client-NAS)??Some attributes have no value such as
start/stopconnectioninfo, realm and calledstationID.
Is this value need to be set in any files or scripts
or configuration file? I search but for now can't find
where...Help please..
below are the scripts of RADIUS.pm that had being
altered. critical value that we try to get is the
FramedIPAddress.
++
package NoCat::Accounting::RADIUS;
use NoCat::Source;
use Authen::Radius;
use strict;
use vars qw( @ISA @REQUIRED );
@ISA= qw( NoCat::Accounting );
@REQUIRED = qw(
RADIUS_Host RADIUS_Secret
);
sub radius {
my ($self) = @_;
unless ($self-{Radius}) {
my $r;
my $Hosts = $self-{RadiusHostsToUse};
if(! defined($Hosts)) { #This is really the first
time through
and I need to generate my list of servers
$self-{RADIUS_Host} =~ s/,,/,/g; #just to
eliminate any blank entries
my(@Hosts) = split(/,/,$self-{RADIUS_Host});
if($self-{RADIUS_Order}
$self-{RADIUS_Order}) { #mix em up.
my @TmpHosts;
my %UsedHosts;
for(my $i=0;$i = $#Hosts; $i++) {
my $TmpHost;
while(! $TmpHost || ($TmpHost
$UsedHosts{$TmpHost})) {
$TmpHost = $Hosts[int(rand($#Hosts + 1))];
last if ! $UsedHosts{$TmpHost};
}
$UsedHosts{$TmpHost} = 1;
$TmpHosts[$i] = $TmpHost;
}
@Hosts = @TmpHosts;
}
$self-{RadiusHostsToUse} = [EMAIL PROTECTED]; #List
generated.
}
if($self-{RadiusHostsToUse}) { #go through
servers one by one
foreach my $Host (@{$self-{RadiusHostsToUse}})
{
my $Secret = $self-{RADIUS_Secret} ?
$self-{RADIUS_Secret} : ;
if($Host =~ s/\*(.*)$//) {
$Secret = $1;
}
$self-log( 0, Connecting to RADIUS server
$Host with Timeout
. $self-{RADIUS_TimeOut} );
$r = Authen::Radius-new(
Host= $Host,
Secret = $Secret,
Timeout =
$self-{RADIUS_TimeOut},
Accounting = 1
);
last if $r; #If we have a good connection,
we're done
$self-log( 0, Failed to connect to RADIUS
server $Host );
}
if ($r) { # This is almost always the case...
$self-{Radius} = $r;
} else {
$self-log( 0, Can't connect to RADIUS
server(s)
$self-{RADIUS_Host} );
}
} else {
return undef; #no host for them!
}
}
return $self-{Radius};
}
sub usenextserver { #If I fail, take the most recent
host out and
my $self = shift;
return unless $self-{RadiusHostsToUse}; #unless
I've been
through the radius sub above, forget it
my @Hosts = @{$self-{RadiusHostsToUse}};
my $popped = shift(@Hosts); #say goodbye to the
first one
$self-log(0, popped $popped in usenextserver);
undef($self-{Radius}); #so radius above will get
a new one.
$self-{RadiusHostsToUse} = [EMAIL PROTECTED];
}
sub create_session_id {
my $self = shift;
return $self-radius-NewSessionID();
}
sub start {
my ($self, $peer, $stats) = @_;
if (! $peer-session_id)
{
$peer-session_id($self-radius-NewSessionId());
}
return $self-accounting({ Name = 1, Value =
$peer-user, Type
= 'string'}, # User-Name
{ Name = 4, Value =
$self-{GatewayAddr}, Type = 'ipaddr'},
# NAS-IP-Address
{ Name = 5, Value =
$self-{GatewayPort}, Type = 'integer'},
# NAS-Port
{ Name = 7, Value = '1', Type =
'integer'}, #
Framed-Protocol
{ Name = 8, Type = 'ipaddr' , Value
= $peer-id},
# Framed-IP-Address
{ Name = 31, Value = $peer-id, Type
= 'string'},
{ Name = 32, Value =
$peer-{GatewayAddr}, Type = 'string'},
#
Calling-Station-Id
{ Name = 40, Value = '1', Type =
'integer'},
Values in radacct problem
FreeRADIUS 1.0
RH8
NoCat=Radius client
Mysql
Hi.
There are certain attributes such as the
FramedIPAddress, AcctTerminateCause,service type etc,
are remain empty when accounting session is started
and stoped. From what I seek, the RADIUS client is not
sending those attributes value.Some of the values
suppose to be returned from the sql table containing
the user information.
By Using radius.pm (some altering done here), in the
log files, there are some added attributes
successfully return value in detail log file. Although
trying to allow some attributes such as mention
before, there are still no value appear in the radacct
table and the detail file (framedipaddress for now).
For Dialupadmin, there are 4 remaining table remain
empty, even the accounting session is started. tables
are members, baduser, totacct and mtotacct.Is it
because the scripts to write the value to sql db isn't
running or configuration probs in radius conf or
dialup conf?
Below are the RADIU.pm file that we used.
___
package NoCat::Accounting::RADIUS;
use NoCat::Source;
use Authen::Radius;
use strict;
use vars qw( @ISA @REQUIRED );
@ISA= qw( NoCat::Accounting );
@REQUIRED = qw(
RADIUS_Host RADIUS_Secret
);
sub radius {
my ($self) = @_;
unless ($self-{Radius}) {
my $r;
my $Hosts = $self-{RadiusHostsToUse};
if(! defined($Hosts)) { #This is really the first
time through and I need to generate my list of servers
$self-{RADIUS_Host} =~ s/,,/,/g; #just to
eliminate any blank entries
my(@Hosts) = split(/,/,$self-{RADIUS_Host});
if($self-{RADIUS_Order}
$self-{RADIUS_Order}) { #mix em up.
my @TmpHosts;
my %UsedHosts;
for(my $i=0;$i = $#Hosts; $i++) {
my $TmpHost;
while(! $TmpHost || ($TmpHost
$UsedHosts{$TmpHost})) {
$TmpHost = $Hosts[int(rand($#Hosts + 1))];
last if ! $UsedHosts{$TmpHost};
}
$UsedHosts{$TmpHost} = 1;
$TmpHosts[$i] = $TmpHost;
}
@Hosts = @TmpHosts;
}
$self-{RadiusHostsToUse} = [EMAIL PROTECTED]; #List
generated.
}
if($self-{RadiusHostsToUse}) { #go through
servers one by one
foreach my $Host
(@{$self-{RadiusHostsToUse}}) {
my $Secret = $self-{RADIUS_Secret} ?
$self-{RADIUS_Secret} : ;
if($Host =~ s/\*(.*)$//) {
$Secret = $1;
}
$self-log( 0, Connecting to RADIUS server
$Host with Timeout . $self-{RADIUS_TimeOut} );
$r = Authen::Radius-new(
Host= $Host,
Secret = $Secret,
Timeout =
$self-{RADIUS_TimeOut},
Accounting = 1
);
last if $r; #If we have a good connection,
we're done
$self-log( 0, Failed to connect to RADIUS
server $Host );
}
if ($r) { # This is almost always the case...
$self-{Radius} = $r;
} else {
$self-log( 0, Can't connect to RADIUS
server(s) $self-{RADIUS_Host} );
}
} else {
return undef; #no host for them!
}
}
return $self-{Radius};
}
sub usenextserver { #If I fail, take the most recent
host out and
my $self = shift;
return unless $self-{RadiusHostsToUse}; #unless
I've been through the radius sub above, forget it
my @Hosts = @{$self-{RadiusHostsToUse}};
my $popped = shift(@Hosts); #say goodbye to the
first one
$self-log(0, popped $popped in usenextserver);
undef($self-{Radius}); #so radius above will get
a new one.
$self-{RadiusHostsToUse} = [EMAIL PROTECTED];
}
sub create_session_id {
my $self = shift;
return $self-radius-NewSessionID();
}
sub start{
my ($self, $peer, $stats) = @_;
if(! $peer-session_id)
{
$peer-session_id($self-radius-NewSessionId());
}
return $self-accounting(
{ Name = 1, Value = $peer-user,
Type = 'string'},
#User - Name
{ Name = 4, Value =
$self-{GatewayAddr}, Type
= 'ipaddr'},
#NAS-IP-Address
{ Name = 8, Type = 'ipaddr' , Value
=
$peer-id},
# Framed-IP-Address
{ Name = 31, Value = $peer-id, Type
=
'string'},
#Calling-Station-Id
{ Name = 40, Value = '1', Type =
'integer' },
# Acct-Status-Type(Start)
{ Name = 40, Value = '7', Type
= 'integer' },
RealmproxyHelp??
Thanks Alan.
I try to get user authentication using the python
testing tools. From what I get, the users from home
server (the remote server) were authenticated, but
users from the forwarding server failed to get their
authentication. in the proxy.conf, the configuration
are
__
realm 200.200.230.136 {
type= radius
authhost= 200.200.230.136:1812
accthost= 200.200.230.136:1813
secret = amin}
realm NULL {
type= radius
authhost= 200.200.230.136:1812
accthost= 200.200.230.136:1813
secret = amin}
realm DEFAULT {
type= radius
authhost= 200.200.230.136:1812
accthost= 200.200.230.136:1813
secret = amin}
in the debug mode, the messages are:
___
host 200.200.230.135:1163, id=189, length=43
User-Name = abu
User-Password = abu
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok
for request 0
modcall[authorize]: module chap returns noop for
request 0
modcall[authorize]: module mschap returns noop for
request 0
rlm_realm: No '@' in User-Name = abu, looking up
realm NULL
rlm_realm: Found realm NULL
rlm_realm: Adding Stripped-User-Name = abu
rlm_realm: Proxying request from user abu to realm
NULL
rlm_realm: Adding Realm = NULL
rlm_realm: Preparing to proxy authentication
request to realm NULL
modcall[authorize]: module suffix returns updated
for request 0
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for
request 0
radius_xlat: 'abu'
rlm_sql (sql): sql_set_user escaped user -- 'abu'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = 'abu' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username
= 'abu' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = 'abu' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username
= 'abu' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module sql returns ok for
request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 0 to 200.200.230.136:1812
User-Name = abu
User-Password = abu
NAS-IP-Address = 200.200.230.135
Proxy-State = 0x313839
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Reject packet from host
200.200.230.136:1812, id=0, length=25
Proxy-State = 0x313839
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
modcall[post-proxy]: module eap returns noop for
request 0
modcall: group post-proxy returns noop for request 0
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 189 to
200.200.230.135:1163
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 189 with timestamp 41d0f12f
Nothing to do. Sleeping until we see a request.
_
FR is sending auth request to the Remote Server
altough the user is from its own sql database. then
rejecting it. Is that what is happening? How can i
drive the request to 1st search from its sql db and
then proxy the request when theres no record?
If any additional info needed, please inform me, I
will send it immediately.
Thanks.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Realm Problem
Hi...
My proxy setup seems to have a problem. I used the
NULL realm option for testing purposes. It looks like
this
realm NULL {
type = radius
authhost = 200.200.230.136:1812
accthost = 200.200.230.136:1813
secret = amin
}
when I send User information using Python radius
testing tools, the forwarding server send the access
request to the remote server, then the remote server
sent the access accept back to the forwarding
server..but in the forwarding server debug mode it
looks like this
--
ad_recv: Access-Request packet from host
200.200.230.135:2071, id=197, length=43
User-Name = omi
User-Password = omi
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module preprocess returns ok
for request 1
modcall[authorize]: module chap returns noop for
request 1
modcall[authorize]: module mschap returns noop for
request 1
rlm_realm: No '@' in User-Name = omi, looking up
realm NULL
rlm_realm: Found realm NULL
rlm_realm: Adding Stripped-User-Name = omi
rlm_realm: Proxying request from user omi to realm
NULL
rlm_realm: Adding Realm = NULL
rlm_realm: Preparing to proxy authentication
request to realm NULL
modcall[authorize]: module suffix returns updated
for request 1
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module eap returns noop for
request 1
radius_xlat: 'omi'
rlm_sql (sql): sql_set_user escaped user -- 'omi'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = 'omi' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): User omi not found in radcheck
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username
= 'omi' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username
= 'omi' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): User omi not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module sql returns notfound
for request 1
modcall: group authorize returns updated for request 1
Sending Access-Request of id 1 to 200.200.230.136:1812
User-Name = omi
User-Password = omi
NAS-IP-Address = 200.200.230.135
Proxy-State = 0x313937
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host
200.200.230.135:2071, id=197, length=43
Ignoring duplicate packet from client
200.200.230.135:2071 - ID: 197, due to outstanding
proxied request 1.
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Re-sending Access-Request of id 1 to
200.200.230.136:1812
User-Name = omi
User-Password =
]=\222\006\353\003=q\262]\315\335\302o*\237
NAS-IP-Address = 200.200.230.135
Client-IP-Address = 200.200.230.135
Stripped-User-Name = omi
Realm = NULL
Realm = NULL
Proxy-State = 0x313937
Waking up in 5 seconds...
rad_recv: Access-Request packet from host
200.200.230.135:2071, id=197, length=43
Ignoring duplicate packet from client
200.200.230.135:2071 - ID: 197, due to outstanding
proxied request 1.
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Re-sending Access-Request of id 1 to
200.200.230.136:1812
User-Name = omi
User-Password =
]=\222\006\353\003=q\262]\315\335\302o*\237
NAS-IP-Address = 200.200.230.135
Client-IP-Address = 200.200.230.135
Stripped-User-Name = omi
Realm = NULL
Realm = NULL
Proxy-State = 0x313937
Waking up in 5 seconds...
--- Walking the entire request list ---
Server rejecting request 1.
marking authentication server 200.200.230.136:1812 for
realm NULL dead
Waking up in 0 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 197 to
200.200.230.135:2071
Cleaning up request 1 ID 197 with timestamp 41cce718
Nothing to do. Sleeping until we see a request.
---
The client as the result dont get any response from
the forwarding server. The client of the forwarding
server are not being authenticated at all. Why is that
happen? I just want to make a simple setup for the
realm /proxy function. Can someone guide me how to
setup and test the simple configuration? Another thing
is, when I try the realm IP {---}, in the debug mode
it still looking for the realm NULL, and at the end no
proxy request being processed. Do I need to change the
ignore null in radiusd.conf? I confused about how the
Realm proxy setup probs
I try to setup proxy and realm for freeradius
in my forwarding server, in the proxy.conf file, it
looks like this:
realm 200.200.230.136 {
type= radius
authhost= radius.200.200.230.136:1812
accthost= radius.200.200.230.136:1813
secret = amin
}
The IP of the forwarding server is 200.200.230.132
at the remote server, the client.conf looks like
this..
client 200.200.230.132 {
secret = amin
shortname = 200.200.230.132
login = amin
password= amin
}
When i try to run the radiusd -X, at the forwarding
server, it stoped at ..reading realm
files..host 200.200.230.136 not found
then it stoped totally..
can I just put the IP address of the remote server
just like that? which part of configuration file that
I missed to alter?
Another Problem is in one seperate server I run
FreeRADIUS. Client.conf are set to listen to client
200.200.230.148
but still in the debug mode the ignore messages
appeared receiving from unknown
client...200.200.230.148, why is this happen? Or I
missed something again?
Thanks for your help...really really appreciate it.
__
Do you Yahoo!?
Meet the all-new My Yahoo! - Try it today!
http://my.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius client unknown
This is the debug mode
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file:
/usr/local/etc/raddb/proxy.conf
Config: including file:
/usr/local/etc/raddb/clients.conf
Config: including file:
/usr/local/etc/raddb/snmp.conf
Config: including file:
/usr/local/etc/raddb/eap.conf
Config: including file:
/usr/local/etc/raddb/sql.conf
main: prefix = /usr/local
main: localstatedir = /usr/local/var
main: logdir = /usr/local/var/log/radius
main: libdir = /usr/local/lib
main: radacctdir =
/usr/local/var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file =
/usr/local/var/log/radius/radius.log
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile =
/usr/local/var/run/radiusd/radiusd.pid
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/local/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
Using deprecated naslist file. Support for this will
go away soon.
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded exec
exec: wait = yes
exec: program = (null)
exec: input_pairs = request
exec: output_pairs = (null)
exec: packet_type = (null)
rlm_exec: Wait=yes but no output defined. Did you mean
output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: with_ntdomain_hack = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
mschap: ntlm_auth = (null)
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups =
/usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
realm: ignore_default = no
realm: ignore_null = no
Module: Instantiated realm (suffix)
Module: Loaded SQL
sql: driver = rlm_sql_mysql
sql: server = localhost
sql: port =
sql: login = radius
sql: password = radius
sql: radius_db = radius
sql: acct_table = radacct
sql: acct_table2 = radacct
sql: authcheck_table = radcheck
sql: authreply_table = radreply
sql: groupcheck_table = radgroupcheck
sql: groupreply_table = radgroupreply
sql: usergroup_table = usergroup
sql: nas_table = nas
sql: dict_table = dictionary
sql: sqltrace = no
sql: sqltracefile =
/usr/local/var/log/radius/sqltrace.sql
sql: readclients = no
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
sql: query_on_not_found = no
sql: authorize_check_query =
.
sql: group_membership_query = SELECT GroupName FROM
usergroup WHERE UserName='%{SQL-User-Name}'
sql: connect_failure_retry_delay = 60
sql: simul_count_query =
sql: simul_verify_query = SELECT RadAcctId,
AcctSessionId, UserName, NASIPAddress, NASPortId,
FramedIPAddress, CallingStationId, FramedProtocol FROM
radacct WHERE UserName='%{SQL-User-Name}' AND
AcctStopTime = 0
sql: postauth_table = radpostauth
sql: postauth_query = INSERT into radpostauth (id,
user, pass, reply, date) values ('', '%{User-Name}',
'%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())
sql: safe-characters =
@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_:
/
rlm_sql (sql): Driver rlm_sql_mysql (module
rlm_sql_mysql) loaded and linked
rlm_sql (sql): Attempting to connect to
[EMAIL PROTECTED]:/radius
rlm_sql (sql): starting 0
rlm_sql (sql): Attempting to connect rlm_sql_mysql #0
rlm_sql_mysql: Starting connect to MySQL server for #0
rlm_sql (sql): Connected new DB handle, #0
rlm_sql (sql): starting 1
rlm_sql (sql): Attempting to connect rlm_sql_mysql #1
rlm_sql_mysql: Starting connect to MySQL server for #1
rlm_sql (sql): Connected new DB
that is what i had done
Thnks DD.
OK...it's seems that I'm not good in explaning this..
My setup is
user/subscriber--Client--Forwarding Server--Remote
Server
forwarding IP=200.200.230.132
Remote IP=200.200.230.136
Is Forwarding server now is the client of the remote
server?
If yes, in The REMOTE SERVER with it CLIENTS.CONF file
looks like this...
client 200.200.230.132 {
secret = amin
shortname = 200.200.230.132
login = amin
password= amin
}
So I assumed the packet comes from forwarding server
with IP 200.200.230.132---iS iT?
AND in the FORWARDING SERVER...Inside the PROXY.CONF
file is like this
realm 200.200.230.136 {
type= radius
authhost= radius.200.200.230.136:1812
accthost= radius.200.200.230.136:1813
secret = amin
}
Is the IP of the authhost and the accthost is the IP
of the REMOTE SERVER?Correct me please..
'radius' before the IP of the remote server indicate
what? The type specified above it or is it something
else?
in REMOTE and Forwarding server both their
radiusd.conf, do we need to altered anything if i used
the realm as their own IP if I want the proxy / realm
works on both way..just the metter of testing this
functionallity...
And, in the other setup I did put the client IP inside
the server's client.conf file ..thats the the basic
thingbut still what is strange is it ignored the
packet as unknown client..only one client that I
define among many other is accepted by it and annother
problem occured...the reply/access accept not received
by the client. Client seems to hear nothing from the
server.
Help me again pleaseThank you and merry christmas
to anyone celebrating it...
__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
realm setup problem
I try to setup proxy and realm for freeradius
in my forwarding server, in the proxy.conf file, it
looks like this:
realm 200.200.230.136 {
type= radius
authhost= radius.200.200.230.136:1812
accthost= radius.200.200.230.136:1813
secret = amin
}
The IP of the forwarding server is 200.200.230.132
at the remote server, the client.conf looks like
this..
client 200.200.230.132 {
secret = amin
shortname = 200.200.230.132
login = amin
password= amin
}
When i try to run the radiusd -X, at the forwarding
server, it stoped at ..reading realm
files..host 200.200.230.136 not found
then it stoped totally..
can I just put the IP address of the remote server
just like that? which part of configuration file that
I missed to alter?
Another Problem is in one seperate server I run
FreeRADIUS. Client.conf are set to listen to client
200.200.230.148
but still in the debug mode the ignore messages
appeared receiving from unknown
client...200.200.230.148, why is this happen? Or I
missed something again?
Thanks for your help...really really appreciate it.
__
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Scripts for RaDius Accounting packet for billing purposes
Hi. I use RH8 for my FR server. I already connected FR authentication with mysql. It seems that it is OK when I use py-radius to get user authentication from the content of the Mysql db that i created. now I want to try FR accounting where it should be recorded in radacct table in mysql. I try NTradping for Windows mechine as a client. It's seems working. But where can i find a script that generates accounting packets with the attributes that suites the table? Is there anyone who had develop some kind of scripts for accountig purposes maybe? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sql.conf 'server' field
HI there is something that confused me. In sql.conf. the server field should be any IP of a server running Mysql. Is it? When i try using localhost, the radius running properly (from the debug mode) but when i used the IP addr of which the same mechine i run radius server using localhost, there's an error of attempting ..something about socket...to connect with mysql..but in the other pc I tried, when i change localhost to it's own IP, or other IP which run the mysql server, it seems to be ok. Where could it be wrong? __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Missing radius.log file and radacct folder
Hi I'm using users file for authentication.the problem is there are no radius directory inside var directory. so there are no record or information about users. 1. is this directory automatically created when I installed freeradius? 2. What may caused this to happen? Insatllation? Misconfiguration ? Any commented entry that should be uncomment? - I already try to find all radius.log 3. When I run the radius deamon with other option such as -y, there are error messege that i get, which like Fail to create PID ...no such file or directory is this the effect of the missing radius directory that stored user information? or is there other reason on it? 4. Except I mkdir a radius directory and create a radius.log file and radacct directory in it, is there any other way so that the logfile exist (such as run some miss execute file or else) so it can work appropriately with FR server? __ Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. http://info.mail.yahoo.com/mail_250 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with pidfile
Hi. There's a problem when I try something in radiusd -... failed writing process id to file /usr/local/var/run/radiusd.pid ...no such file or directory... is the file need to be created by ourselves? or is there any misconfiguration or installation problem? how can I make radius server to write its PID when I'm running it? __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Missing radius.log file and radacct folder
Hi I'm using users file for authentication.the problem is there are no radius directory inside var directory. so there are no record or information about users. 1. is this directory automatically created when I installed freeradius? 2. What may caused this to happen? Insatllation? Misconfiguration ? Any commented entry that should be uncomment? - I already try to find all radius.log 3. When I run the radius deamon with other option such as -y, there are error messege that i get, which like Fail to create PID ...no such file or directory is this the effect of the missing radius directory that stored user information? or is there other reason on it? 4. Except I mkdir a radius directory and create a radius.log file and radacct directory in it, is there any other way so that the logfile exist (such as run some miss execute file or else) so it can work appropriately with FR server? thanks __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Unfilled attributes in radacct mysql
Hi. I already installed NTRadPing in win2k. I'ved tested the accounting, authentication through it. When I checked the radacct table in MYSQL, there are some attributes information unfilled or filled with '0's.Hoe to get those missing information availabale? How to simulate multiple user login at the same time? Is there any scripts available for this kind of test? Can anyone give some tips? Thanks. ___ Do you Yahoo!? Declare Yourself - Register online to vote today! http://vote.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to do accounting in Freeradius
Hello. My setup for my testbed is like this: Radius Client(Linux Based PC)-Radius Server-mysql DB Is there any simulation program that create session from multiple user for freeradius? Or, is there a way to make radius server to do accounting with the radacct tables first empty then when the session is created, there will be an information about the user log in to the network (as the attributes defined earlier). Or did I missed something in the middle? What should I do so that the accounting process will use mysql to write the user attributes in the radacct table? Please Help me..Thanx __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius-Users digest, Vol 1 #3714 - 7 msgs
I'm sorry becoze I'm a beginner and delivered u guys
this question.
I tried to use mysql for my freeradius 0.9.2
after I entered radiusd -X, something like this occur.
rlm_sql_mysql: Couldn't connect socket to MySQL server
[EMAIL PROTECTED]:radius
.
.
rlm_sql_mysql: Mysql error 'Access denied for user:
'[EMAIL PROTECTED]' (Using password: YES)'
.
.
rlm_sql (sql): Failed to connect DB handle #0
rlm_sql (sql): starting 1
rlm_sql (sql): starting 2
rlm_sql (sql): starting 3
rlm_sql (sql): starting 4
rlm_sql (sql): Failed to connect to any SQL server.
Module: Instantiated sql (sql)
radiusd.conf: SQL modules aren't allowed in
'authenticate' sections -- they have no such method.
May be I'ved missed somewhere, and if some one notice
my mistake please help me. Thank you.
--- [EMAIL PROTECTED]
wrote:
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web,
visit
http://lists.freeradius.org/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body
'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it
is more specific
than Re: Contents of Freeradius-Users digest...
Today's Topics:
1. Re: Wireless authentication via LDAP and PEAP
(Jon Stahler)
2. Re: Wireless authentication via LDAP and PEAP
(David Hart)
3. Re: Wireless authentication via LDAP and PEAP
(Alan DeKok)
4. Re: Wireless authentication via LDAP and PEAP
(Jon Stahler)
5. Re: Wireless authentication via LDAP and PEAP
(Alan DeKok)
6. RE: Dual authentication!! (Kirti S. Bajwa)
7. SegFault/missing libssl for EAP/TLS (Robert
Schultz)
--__--__--
Message: 1
Date: Wed, 08 Sep 2004 15:58:18 -0500
From: Jon Stahler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Wireless authentication via LDAP and
PEAP
Reply-To: [EMAIL PROTECTED]
--=__Part1E3E6D7A.0__=
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Jon Stahler
Manager of Systems Services
Illinois Fire Service Institute
11 Gerty Drive
Champaign, IL 61820
(217) 333-2163
[EMAIL PROTECTED] 9/8/2004 3:18:45 PM
Jon Stahler [EMAIL PROTECTED] wrote:
I've been trying to setup FreeRadius in order to
authenticate my
wireless users against my Novell eDirectory via
the built in LDAP
server.
You can't, it's impossible. LDAP doesn't do EAP,
and will never do
EAP.
Instead, put clear-text passwords into LDAP, list
ldap in the
authorize section of radiusd.conf, and let the
server figure it
out. It WILL work.
Ok...So explain to me how I get my Access Point to
authenticate against
my eDirectory users. If LDAP won't do it, what
WILL? Why does it
authenticate successfully against my LDAP server and
respond with
authenticate OK if this is not the case? How should
I modify my setup
to do what you are asking. Please use small words
and be patient with
me as I am a new to this.
Input clear-text passwords into LDAP how exactly?
The passwords come
from eDirectory. I don't directly manage the LDAP
server. It is
automated. Is there a specific attribute I need to
populate with data
from my eDirectory? I can add attributes to the
server if this is
necessary.
On the Radius screen, I see that the request is
sent to the LDAP
server. The EAP module of FreeRadius responds OK
over and over and
over
again infinitely until I either kill my wireless
connection or the
server thread.
There's a lot more detail than that, usually.
Buried somewhere in
that log is the real reason why it's failing.
I have only uncommented PEAP and MSCHAPV2 in my
EAP.CONF file.
In order for PEAP to work, you also need to
configure the tls{}
section of eap.conf.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--=__Part1E3E6D7A.0__=
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
HTMLHEAD
META http-equiv=Content-Type content=text/html;
charset=iso-8859-1
META content=MSHTML 6.00.2900.2180
name=GENERATOR/HEAD
BODY style=MARGIN: 4px 4px 1px; FONT: 10pt
Tahoma
DIVnbsp;/DIV
DIVnbsp;/DIV
DIVJon StahlerBRManager of Systems
ServicesBRIllinois Fire Service InstituteBR11
Gerty DriveBRChampaign, IL 61820BR(217)
333-2163BRBRgt;gt;gt; [EMAIL PROTECTED] 9/8/2004
3:18:45 PM gt;gt;gt;BR/DIV
DIV style=COLOR: #00Jon Stahler
lt;[EMAIL PROTECTED]gt; wrote:BRgt; I've
been trying to setup FreeRadius in order to
authenticate myBRgt; wireless users against my
Novell eDirectory via the built in LDAPBRgt;
server.BRBRgt;nbsp; You can't, it's
impossible.nbsp; LDAP doesn't do EAP, and will
never doBRgt;EAP.BRBRgt;nbsp; Instead, put
clear-text passwords into LDAP, list ldap in
theBRgt;authorize section of radiusd.conf,
and let the server figure itBRgt;out.nbsp; It
