RE: perl scripts
what do you want to achieve with this perl script, freeradius can do the authentication. is this script for management of database? if it is, you can use server side php scripts as well. if its not, does the perl script manipulates user database differently? sorry i think i did not get you well. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debikSent: Saturday, March 11, 2006 2:43 PMTo: FreeRadius users mailing listSubject: Re: perl scripts Yes. But that onother database is not in radius format like: op, value, etc. So I have to write a perl script. - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Saturday, March 11, 2006 11:27 AM Subject: RE: perl scripts From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debikSent: Friday, March 10, 2006 8:41 PMTo: FreeRadius users mailing listSubject: Re: perl scripts I have got onother mysql base and i wont to write perl script to tel the radius server to use the data in that database. do you mean use MySQL for freeradius authentication? - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Friday, March 10, 2006 11:26 AM Subject: RE: perl scripts Could somebody share with some scripts that authorize users in radius. Im trying to write my own script, but i don't find any docs. Could somebody help me. authorize users inradius? freeradius can authorize usersby default. --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: perl scripts
I tried to add new sql1.conf. But when i trie starting te radius server he told me that the database is nit in the Attribute Value. I that onother dsatabase i have got users of my network, and i wont, that teh radius server use that logins which are in that database. Sorry for that HTML, and for my english. - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Sunday, March 12, 2006 10:55 AM Subject: RE: perl scripts what do you want to achieve with this perl script, freeradius can do the authentication. is this script for management of database? if it is, you can use server side php scripts as well. if its not, does the perl script manipulates user database differently? sorry i think i did not get you well. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debikSent: Saturday, March 11, 2006 2:43 PMTo: FreeRadius users mailing listSubject: Re: perl scripts Yes. But that onother database is not in radius format like: op, value, etc. So I have to write a perl script. - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Saturday, March 11, 2006 11:27 AM Subject: RE: perl scripts From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of debikSent: Friday, March 10, 2006 8:41 PMTo: FreeRadius users mailing listSubject: Re: perl scripts I have got onother mysql base and i wont to write perl script to tel the radius server to use the data in that database. do you mean use MySQL for freeradius authentication? - Original Message - From: mnisay To: 'FreeRadius users mailing list' Sent: Friday, March 10, 2006 11:26 AM Subject: RE: perl scripts Could somebody share with some scripts that authorize users in radius. Im trying to write my own script, but i don't find any docs. Could somebody help me. authorize users inradius? freeradius can authorize usersby default. --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/278 - Release Date: 3/9/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --No virus found in this incoming message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 --No virus found in this outgoing message.Checked by AVG Free Edition.Version: 7.1.375 / Virus Database: 268.2.1/279 - Release Date: 3/10/2006 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Backing up Mysql
Hi all i started backing up the db using a crontab job early in the morning which backs up everything, but i have had complains from users who try to logon after the backup process. What is the best way to backup an active database with radiusd waiting for connection? Thank you Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius + Xp Client problem
When i trying connect radius server with wireless over access point i get this error : rad_recv: Access-Request packet from host 10.10.0.10:2048, id=110, length=163 User-Name = ibm NAS-IP-Address = 10.10.0.10 NAS-Port = 0 Called-Station-Id = 00e098be8e15 Calling-Station-Id = 000cf138bb81 NAS-Identifier = Realtek Access Point. 8181 Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x02080169626d Message-Authenticator = 0x8c249d2c90720d71e84717a58070eaae Processing the authorize section of radiusd.conf modcall: entering group authorize for request 15 modcall[authorize]: module preprocess returns ok for request 15 modcall[authorize]: module chap returns noop for request 15 modcall[authorize]: module mschap returns noop for request 15 rlm_realm: No '@' in User-Name = ibm, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 15 rlm_eap: EAP packet type response id 0 length 8 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 15 users: Matched entry ibm at line 80 modcall[authorize]: module files returns ok for request 15 modcall: group authorize returns updated for request 15 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 15 rlm_eap: EAP Identity rlm_eap: processing type md5 rlm_eap_md5: Issuing Challenge modcall[authenticate]: module eap returns handled for request 15 modcall: group authenticate returns handled for request 15 Sending Access-Challenge of id 110 to 10.10.0.10:2048 Reply-Message = Hello, %u EAP-Message = 0x01010016041094b82f52b0da67bfb8de368e6d9bd919 Message-Authenticator = 0x State = 0x4756a5552099f5c02b869e15b923300c Finished request 15 Going to the next request --- Walking the entire request list --- Waking up in 2 seconds... rad_recv: Access-Request packet from host 10.10.0.10:2048, id=111, length=173 User-Name = ibm NAS-IP-Address = 10.10.0.10 NAS-Port = 0 Called-Station-Id = 00e098be8e15 Calling-Station-Id = 000cf138bb81 NAS-Identifier = Realtek Access Point. 8181 NAS-Port-Type = Wireless-802.11 Service-Type = Framed-User Connect-Info = CONNECT 11Mbps 802.11b EAP-Message = 0x020100060319 State = 0x4756a5552099f5c02b869e15b923300c Message-Authenticator = 0x6629ec8f043cf6353e8707d3a5854a4a Processing the authorize section of radiusd.conf modcall: entering group authorize for request 16 modcall[authorize]: module preprocess returns ok for request 16 modcall[authorize]: module chap returns noop for request 16 modcall[authorize]: module mschap returns noop for request 16 rlm_realm: No '@' in User-Name = ibm, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 16 rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 16 users: Matched entry ibm at line 80 modcall[authorize]: module files returns ok for request 16 modcall: group authorize returns updated for request 16 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 16 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: No such EAP type peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 16 modcall: group authenticate returns invalid for request 16 auth: Failed to validate the user. Login incorrect: [ibm/no User-Password attribute] (from client wireless port 0 cli 000cf138bb81) Delaying request 16 for 1 seconds Finished request 16 Going to the next request users file contains : ibm Auth-Type := EAP, User-Password == test Reply-Message = Hello, %u I'm try also Radius Test (Radutils) program connect successful. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Xp Client problem
--On 12 March 2006 07:41 -0800 BoRa [EMAIL PROTECTED] wrote: When i trying connect radius server with wireless over access point i get this error : rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 16 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: No such EAP type peap rlm_eap: Failed in EAP select sounds like your eap.conf file is incorrect or has not been included in from the main radius.conf. Read eap.conf for configuration details. (you have not enabled peap in the file) Regards, James -- James J J Hooper, Information Services University of Bristol -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Xp Client problem
Hi, modcall: entering group authenticate for request 15 rlm_eap: EAP packet type response id 1 length 6 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module eap returns updated for request 16 users: Matched entry ibm at line 80 modcall[authorize]: module files returns ok for request 16 modcall: group authorize returns updated for request 16 rad_check_password: Found Auth-Type EAP auth: type EAP Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 16 rlm_eap: Request found, released from the list rlm_eap: EAP NAK rlm_eap: EAP-NAK asked for EAP-Type/peap rlm_eap: No such EAP type peap rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 16 EAP has failed because the request was PEAP and you havent configured PEAP in your eap.conf. did you want to use PEAP? if so, you'll need to configure it...and supply a valid password in your users file users file contains : ibm Auth-Type := EAP, User-Password == test you obviously havent even read the eap.conf file :-( alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Backing up Mysql
Hi, i started backing up the db using a crontab job early in the morning which backs up everything, but i have had complains from users who try to logon after the backup process. What is the best way to backup an active database with radiusd waiting for connection? are you simply dumping the live database? i'm not exactly sure why they are having issues after the backup. what version of MySQL are you using? I'd suggest you look at having a database replication setup. then you can simply dump the replicated backup...so you have a live and in-sync backup to fall back onto too. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
will this work?
hi everybody, i use debian sarge, madwifi-ng-r1457, hostapd 0.4.8 and
freeradius 1.1, i want to use eap-tls, is there any special configuration or
patch should be applied to any of this programs to get them work? i tried
configurations from madwifi users docs and many tutorials, but nothing works.
simply clients cann't authenticate, always get: Access-Reject.
these are my conf files:
MADWIFI:
modprobe ath_pci autocreate=ap
wlanconfig ath0 create wlandev wifi0 wlanmode ap
ifconfig ath0 up
iwpriv ath0 mode 3
iwconfig ath0 essid MYWLAN
iwconfig ath0 channel 2
iwconfig ath0 bitrate 54M
iwconfig ath0 frag 512
iwconfig ath0 rts 250
iwpriv ath0 ar 1
echo 1 /proc/sys/net/ipv4/ip_forward
/etc/init.d/networking restart
IPTABLES=/sbin/iptables
$IPTABLES -F -t nat
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
/etc/init.d/dhcp stop
/etc/init.d/dhcp start
DHCP:
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.2 192.168.10.30;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.10.255;
default-lease-time 600;
max-lease-time 7200;
}
HOSTAPD:
interface=ath0
driver=madwifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=MYWLAN
macaddr_acl=0
auth_algs=3
ieee8021x=1
eap_message=hello
eapol_key_index_workaround=0
own_ip_addr=127.0.0.1
nas_identifier=www.server.com
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=whatever
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=whatever
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP
wpa_strict_rekey=1
wpa_gmk_rekey=86400
DEFAULT HOSTAPD:
#RUN_DAEMON=yes
RADIUS USERS:
pupis
DEFAULT Auth-Type = System
Fall-Through = 1
here i tried too: DEFAULT Auth-Type = EAP
Fall-Through = 1
each one alone, and together.
RADIUS CLIENTS.CONF:
client 127.0.0.1 {
secret = whatever
shortname = www.server.com
}
RADIUS EAP.CONF:
default_eap_type = tls
tls {
certificate_file = ${raddbdir}/certs/cert-srv.pem
CA_file = ${raddbdir}/certs/demoCA/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = ${raddbdir}/certs/random
}
when i run, get this:
hostapd logs:
Sending RADIUS message to accounting server
RADIUS message: code=4 (Accounting-Request) identifier=0 length=88
Attribute 40 (Acct-Status-Type) length=6
Value: 7
Attribute 45 (Acct-Authentic) length=6
Value: 1
Attribute 4 (NAS-IP-Address) length=6
Value: 127.0.0.1
Attribute 32 (NAS-Identifier) length=14
Value: 'www.server.com'
Attribute 30 (Called-Station-Id) length=30
Value: '00-0F-66-11-C1-97:MYWLAN'
Attribute 49 (Acct-Terminate-Cause) length=6
Value: 11
Next RADIUS client retransmit in 3 seconds
Flushing old station entries
running locally radtest:
radtest pupis whatever localhost 0 whatever
Sending Access-Request of id 178 to 127.0.0.1 port 1812
User-Name = pupis
User-Password = whatever
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=178, length=20
by the way, i cann't run radclient or radeapclient, when use it, don't get any
response.
but now, winxp clients don't detect this wlan as activated with wpa, only wlan
without security, and don't get any ip direction, even i'm using dhcp. if i
don't run radius and hostapd then client do get ip direction and can use wlan.
so, my question again is, what should i do to get eap-tls working?? i heard
that may be this won't work with debian, could it be a possible explanation??
i'm really tired , i tried everything i think, and don't know what more should
do.
thanks in advance for your patience.
___
Halloween Humour: What kind of girl does a mummy go out with?
postmaster.co.uk
http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=154
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: will this work?
Hi, hi everybody, i use debian sarge, madwifi-ng-r1457, hostapd 0.4.8 and freeradius 1.1, i want to use eap-tls, is there any special configuration or patch should be applied to any of this programs to get them work? i tried configurations from madwifi users docs and many tutorials, but nothing works. simply clients cann't authenticate, always get: Access-Reject. these are my conf files: in short, this wont work out o fthe box - as you need OpenSSL for EAP-TLS and freeradius package for debian isnt compiled with SSL due to licence. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PAP Question
Hi I want to use PAP protocol; do I have to set it in Authorization section? Because there is no commented line for PAP while there is every other module included. Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: WiFi Mac address authentication
I'm trying to implement a similar scenario: I am using PEAP, and I
want to check if a given mac is in my database. In my case, the MACs
file looks like this:
0030.0996.CF52:192.168.12.1
I would like to match the first field (MAC) with the NAS
Calling-Station-Id attribute, if this check fails, I would like to
reject that user. Is it doable with rlm_password ? I've tried, but I
cannot figure out which is the right format for my case:
I've tried the following in radiusd.conf:
modules {
(...)
passwd mac-ip {
filename = /etc/raddb/MAC-IP
format = mac-address:Calling-Station-Id
delimiter = :
}
}
(...)
authorize {
preprocess
mac-ip --- I want to Reject the client if that module fails
eap
files
}
But when I run radiusd -X:
rlm_passwd: no field market as key in format: mac-address:Calling-Station-Id
How do I specify that mac-address is a key and Calling-Station-Id a value ?
Thank you,
Roman
On 3/7/06, Alan DeKok [EMAIL PROTECTED] wrote:
Guillaume [EMAIL PROTECTED] wrote:
ok, if i understand the manpage of dictionary rlm_passwd, i have to
add this line in:
##Dictionary file##
ATTRIBUTEmac-address 3001 string
Why? That attribute won't ever appear in a packet.
You have to use an attribute that will appear in a packet.
Other than that, it looks like it should work.
Alan DEKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Wireless Card - user authentication - Freeradius
Hi, I have a Linksys Wireless-G Access Point (WAP54G). I am trying to configure the Access Point in order to have a user authentication by using the MAC address of wireless adapter. So, I installed my freeradius in a linux 9.0 server. My question is: where I have to put the MAC address of wireless adapters??? Into the file ?clients.conf? of my RADIUS server or in the ?users? file?? Do you know the sintaxis? In the other hand, I must to modify the file ?radiusd.conf?? If you have any document concernig this configuration, I'll be glad of any comments or information. Best Regards Octavio RAMIREZ ROJAS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ignoring request from unknown client 1.2.3.4.:****
Having installed Mysql4.0, I recompile Freeradius 1.0.5. It seems Freeradius and Mysql works well when I enter : radiusd -X. However, when I use the 'UserName' and 'Password' in the 'radcheck' table to test , I get the following output from Radius Server: rad_recv: Access-Request packet from host 202.117.49.26:3978, id=12, length=47 Ignoring request from unknown client 202.117.49.26:3978 --- Walking the entire request list --- Any suggestions? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Ignoring request from unknown client 1.2.3.4.:****
This is because you didn not allow your radius to accept request from your client with IP 202.117.49.26. If you are using regular config files you need to edit Clients config, If u are using MySQL you need to set, radiusd.config to read NAS table im MuSQL (look et the end of the config file, I think its a last line) and then add your NAS clients to NAS table im db From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of yao guoxian Sent: Sunday, March 12, 2006 8:49 PM To: freeradius-users@lists.freeradius.org Subject: Ignoring request from unknown client 1.2.3.4.: Having installed Mysql4.0, I recompile Freeradius 1.0.5. It seems Freeradius and Mysql works well when I enter : radiusd -X. However, when I use the 'UserName' and 'Password' in the 'radcheck' table to test , I get the following output from Radius Server: rad_recv: Access-Request packet from host 202.117.49.26:3978, id=12, length=47 Ignoring request from unknown client 202.117.49.26:3978 --- Walking the entire request list --- Any suggestions? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
