radutmp file problem with simultanous problem

2007-04-02 Thread satish patel 
Dear guys

   I have very strange problem i am useing freeradius with 
mssql database and it is working fine since 1 month without error but last week 
my radius server power switch off or due to any power reson my radius machine 
would shutdown now when it come back i run radwtmp there is list of users and 
when i goes or telnet on cisco NAS there is no one users and after it i check 
radius log i saw the max 1 login error means multiple users login problem so 
what is the problem i know the problem but this is not a way caz it caz happend 
any time then i delete /var/log/radius/radutmp file then again users able to 
login this is the simultaneous login problem i know caz checkrad first check 
radutmp and then check in to NAS i know logic behind this but this is not a 
proper solution then how can i resolve it is there any method to adovide this 
problem..


$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   

-
 Here’s a new way to find what you're looking for - Yahoo! Answers - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: more than one AVP from LDAP with same name is it possible ?

2007-04-02 Thread Bodin Bruno 
Kostas Kalevras a écrit :
> O/H Bodin Bruno έγραψε:
>   
>> Hello,
>>
>> My problem is about Radius reply. With user file it's possible to reply 
>> some AVPs with same name like that :
>> My-AVP += "name:robert",
>> My-AVP += "age:38",
>> My-AVP += "country:fr"
>>
>> most important it's possible to do that :
>>  Sip-AVP+= "username:%{User-Name}"
>>
>> But how it's possible to do  something like that with ldap attribute ?
>> because I use this :
>> replyItemMy-AVP   username_radius
>>
>> but that work only one time, because when I do :
>> replyItemMy-AVP   username_radius
>> replyItemMy-AVP   age_radius
>>
>> it's only return the last attribute content ( 38, the age of Robert ).
>> And when I type this :
>> replyItemMy-AVP   username_radius,age_radius
>>
>> that return nothing ...
>>  Too bad, return 2 AVPs should be better :(
>>
>> there is any method to do this ? could it be a new feature ?
>>
>> thank for help
>>
>> - 
>> List info/subscribe/unsubscribe? See 
>> http://www.freeradius.org/list/users.html
>>   
>> 
> You can include the operator in the ldap attribute value. You can also 
> set the operator (from the default = for reply items) for an attribute 
> in the ldap.attrmap (i m not sure if it's only available in the cvs).
>
>
> First solution:
> ldap.attrmap:
> replyItem My-AVP ldap_my_avp
> In the ldap entry you can do:
>
> ldap_my_avp: += "name:robert"
> ldap_my_avp: += "age:38"
>
> Second solution:
> ldap.attrmap:
> replyItam My-AVP ldap_my_avp +=
>
> ldap entry:
> ldap_my_avp: "name:robert"
> ldap_my_avp: "age:38"
>
> Hope this helps
>
>
> --
> Kostas Kalevras
> Network Operations Center - National Technical University of Athens
> http://kkalev.wordpress.com
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
first method seam to work perfectly !!
Really thank !!
Have a nice week !!!
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Radius Packet Simulator

2007-04-02 Thread khursheed Ahmed 
2
> User-Name = "blarg"
> User-Password = "blarg"
> NAS-IP-Address = xx
> NAS-Port = 111
>rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145, length=180
> Ascend-Data-Filter = "ip in forward tcp est"
> Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24 0"
> Ascend-Data-Filter = "ip in drop tcp dstport = 25"
> Ascend-Data-Filter = "ip in forward 0"
>
>
>Ranner, Frank MR wrote:
> > Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
> > xx.xx.xx.0/24", to append to
> > a multi-valued list.
> >
> > FR
> >
> >
> >> -Original Message-
> >> From:
> >> [EMAIL PROTECTED]
> >> eradius.org
> >> [mailto:[EMAIL PROTECTED]
> >> ists.freeradius.org] On Behalf Of Shawn Mitchell
> >> Sent: Monday, 2 April 2007 07:45
> >> To: FreeRadius users mailing list
> >> Subject: Re: Attributes
> >>
> >> Ok, here's what I'm doing:
> >>
> >> DEFAULT Client-IP-Address == xx.xx.xx.xx
> >> Ascend-Data-Filter = "ip in forward tcp est",
> >> Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> >> Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> >> Ascend-Data-Filter = "ip in forward",
> >> Fall-Through = Yes
> >>
> >> I turned on logging of reply's, but all I'm seeing it send is:
> >>
> >> Sun Apr  1 16:31:21 2007
> >> Ascend-Data-Filter = "ip in forward tcp est"
> >>
> >> I put this into the 'users' file btw.
> >>
> >>
> >>
> >> Alan DeKok wrote:
> >>
> >>> Shawn Mitchell wrote:
> >>>
> >>>
> >>>> Where can I say "If client is 'x', then also send these
> >>>>
> >> attributes to
> >>
> >>>> users being authenticated..."?
> >>>>
> >>>>
> >>>   In the "users" file.
> >>>
> >>> DEFAULT Client-IP-Address == 1.2.3.4
> >>>   Reply-Message = "You're coming from 1.2.3.4"
> >>>
> >>>   Alan DeKok.
> >>> --
> >>>   http://deployingradius.com   - The web site of the book
> >>>   http://deployingradius.com/blog/ - The blog
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >>>
> >>>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >>
> >
> > -
> > List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
> >
>
>
>
>--
>
>Message: 6
>Date: Mon, 2 Apr 2007 03:03:25 +
>From: Aren Chua <[EMAIL PROTECTED]>
>Subject: RE: Anyone using dd-wrt for AP?
>To: FreeRadius users mailing list
>   
>Message-ID: <[EMAIL PROTECTED]>
>Content-Type: text/plain; charset="iso-8859-1"
>
>
>Ian Truelsen
>
>you can try the hotspot(chillispot) under DD-WRT firmware to configure your 
>AP to authenticate against the radius server.
>Regards,
>Aren Chua> Date: Sun, 1 Apr 2007 10:16:25 +0200> From: 
>[EMAIL PROTECTED]> To: freeradius-users@lists.freeradius.org> 
>Subject: Re: Anyone using dd-wrt for AP?> > Ian Truelsen wrote:> >> > 
>Hopefully that is not the case. The freeradius server is on an external> > 
>machine. I am trying to get the AP to authenticate against that server,> > 
>but I am having trouble sorting out how to get it to do this.> > There 
>should be a RADIUS server configuration. But you'll have to> enable 802.1x 
>authentication, too.> > Alan DeKok.> --> http://deployingradius.com - The 
>web site of the book> http://deployingradius.com/blog/ - The blog> - > List 
>info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>_
>Your friends are close to you.?Keep them that way.
>http://spaces.live.com/signup.aspx
>-- next part --
>An HTML attachment was scrubbed...
>URL: 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5e13df6d/attachment-0001.html
>
>--
>
>Mess

Re : Anyone using dd-wrt for AP?

2007-04-02 Thread Eshun Benjamin 
The settings below will help: 
SETUP
Internet connection: IP on WAN

Under Optional Settings
Host Name: MyWireless (Name of your client-AP)
Domain Name: yourdomain.com (Your own domain)
MTU: Auto

Under Network Setup
Router
Local IP: 192.168.1.1
Subnet: 255.255.255.0
Gateway: 0.0.0.0

DHCP
DHCP Server: enabled




WIRELESS
Under Basic settings;
Wireless mode: AP
wireless Network Mode: Mixed
Wireless Network Name: MyWireless (Name of your client-AP)
Wireless Channel: 11-2.462GHz
Wireless SSID Broadcast: enable

Sensitivity Range: 2000

Under Radius
MAC Radius Client: enable
MAC format : aabbcc-ddeeff
Radius Server Address: your radius server IP
Radius Server port: 1812
MUU:
Password format: shared key
Radius shared secret: the secret of your cliet (AP) 

Wireless Security
Security Mode: WPA Radius
WPA Algorithms: TKIP+AES
Radius Server Address: Your radius server IP
Radius Server port: 1812
WPA shared key: the secret of your cliet (AP)
key renewal interval: 3600


ADMINISTRATION
management
Routing: enable
802.1x : enable
 

Make sure you have your client(AP) information in radius: client.conf ( AP IP , 
MyWireless, Shared Key)
configure eap.conf and radius.conf as well.

All the best.



==

Benjamin K. Eshun

- Message d'origine 
De : Ian Truelsen <[EMAIL PROTECTED]>
À : FreeRadius users mailing list 
Envoyé le : Dimanche, 1 Avril 2007, 3h56mn 39s
Objet : Anyone using dd-wrt for AP?

I am trying to set up dd-wrt to use freeradius for authentication with
EAP-TLS, however, I have run into a problem: there doesn't seem to be an
option under the WPA encryption system for entering the freeradius
secret. If anyone has got this working, can you let me know the where
and how? The dd-wrt forums have been pretty silent on the issue.
-- 
Ian Truelsen
s/v Sting
Email: [EMAIL PROTECTED]
AIM: ihtruelsen
MSN: [EMAIL PROTECTED]
Google Talk: [EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html











___ 
Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! 
Profitez des connaissances, des opinions et des expériences des internautes sur 
Yahoo! Questions/Réponses 
http://fr.answers.yahoo.com- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius Packet Simulator

2007-04-02 Thread Jan Mulders 
blarg blarg localhost 111 testing123
>
>Sending Access-Request of id 145 to 127.0.0.1:1812
> User-Name = "blarg"
> User-Password = "blarg"
> NAS-IP-Address = xx
> NAS-Port = 111
>rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145,
length=180
> Ascend-Data-Filter = "ip in forward tcp est"
> Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24 0"
> Ascend-Data-Filter = "ip in drop tcp dstport = 25"
> Ascend-Data-Filter = "ip in forward 0"
>
>
>Ranner, Frank MR wrote:
> > Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
> > xx.xx.xx.0/24", to append to
> > a multi-valued list.
> >
> > FR
> >
> >
> >> -Original Message-
> >> From:
> >> [EMAIL PROTECTED]
> >> eradius.org
> >> [mailto:[EMAIL PROTECTED]
> >> ists.freeradius.org] On Behalf Of Shawn Mitchell
> >> Sent: Monday, 2 April 2007 07:45
> >> To: FreeRadius users mailing list
> >> Subject: Re: Attributes
> >>
> >> Ok, here's what I'm doing:
> >>
> >> DEFAULT Client-IP-Address == xx.xx.xx.xx
> >> Ascend-Data-Filter = "ip in forward tcp est",
> >> Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> >> Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> >> Ascend-Data-Filter = "ip in forward",
> >> Fall-Through = Yes
> >>
> >> I turned on logging of reply's, but all I'm seeing it send is:
> >>
> >> Sun Apr  1 16:31:21 2007
> >> Ascend-Data-Filter = "ip in forward tcp est"
> >>
> >> I put this into the 'users' file btw.
> >>
> >>
> >>
> >> Alan DeKok wrote:
> >>
> >>> Shawn Mitchell wrote:
> >>>
> >>>
> >>>> Where can I say "If client is 'x', then also send these
> >>>>
> >> attributes to
> >>
> >>>> users being authenticated..."?
> >>>>
> >>>>
> >>>   In the "users" file.
> >>>
> >>> DEFAULT Client-IP-Address == 1.2.3.4
> >>>   Reply-Message = "You're coming from 1.2.3.4"
> >>>
> >>>   Alan DeKok.
> >>> --
> >>>   http://deployingradius.com   - The web site of the book
> >>>   http://deployingradius.com/blog/ - The blog
> >>> -
> >>> List info/subscribe/unsubscribe? See
> >>> http://www.freeradius.org/list/users.html
> >>>
> >>>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >>
> >
> > -
> > List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
> >
>
>
>
>--
>
>Message: 6
>Date: Mon, 2 Apr 2007 03:03:25 +
>From: Aren Chua <[EMAIL PROTECTED]>
>Subject: RE: Anyone using dd-wrt for AP?
>To: FreeRadius users mailing list
>   
>Message-ID: <[EMAIL PROTECTED]>
>Content-Type: text/plain; charset="iso-8859-1"
>
>
>Ian Truelsen
>
>you can try the hotspot(chillispot) under DD-WRT firmware to configure
your
>AP to authenticate against the radius server.
>Regards,
>Aren Chua> Date: Sun, 1 Apr 2007 10:16:25 +0200> From:
>[EMAIL PROTECTED]> To: freeradius-users@lists.freeradius.org>
>Subject: Re: Anyone using dd-wrt for AP?> > Ian Truelsen wrote:> >> >
>Hopefully that is not the case. The freeradius server is on an external>
>
>machine. I am trying to get the AP to authenticate against that server,>
>
>but I am having trouble sorting out how to get it to do this.> > There
>should be a RADIUS server configuration. But you'll have to> enable
802.1x
>authentication, too.> > Alan DeKok.> --> http://deployingradius.com - The
>web site of the book> http://deployingradius.com/blog/ - The blog> - >
List
>info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>_
>Your friends are close to you.?Keep them that way.
>http://spaces.live.com/signup.aspx
>-- next part --
>An HTML attachment was scrubbed...
>URL:
>
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5e

packet of disconnect

2007-04-02 Thread satish patel 
I have problem of disconnecting  user from radius or NAS so i am useind 
radclient command to disconnect users i have cisco NAS 3600 VPDN configuration 
it is supported packet of disconnect but problem is when i send disconnect 
request from my NAS i got error session not mached

[EMAIL PROTECTED] tmp]# cat packet.txt
User-Name=mlpm322
Acct-Session-Id=F034


[EMAIL PROTECTED] tmp]# cat packet.txt | radclient -x 192.168.1.1:1700 
disconnect tulip786
Sending Disconnect-Request of id 161 to 192.168.1.1 port 1700
User-Name = "mlpm322"
Acct-Session-Id = "F034"
rad_recv: Disconnect-NAK packet from host 192.168.1.1:1700, id=161, length=41
Reply-Message = "No Matching Session"


i got this error ??? so what is this why i got this error session not mached 
??? i am find users session id from radwho -i command 

can you explain me why this happend ???




$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   

-
 Here’s a new way to find what you're looking for - Yahoo! Answers - 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Sqlcounter Max-Octets doesn't reset

2007-04-02 Thread Sigfrido 
Hi all,

freeradius 1.1.0 on Ubuntu Dapper

all's going but the counter below is not resetting:

sqlcounter volumelimitcounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctOutputOctets) FROM radacct where 
UserName ='%{%k}'"
}


I would like to reset, everyday at 00:00, the Max-Octets (in radcheck table) to 
0 but it seems not working. I tried also the "hourly" reset, with same results.
Any idea ? It's a bug or what ?

TIA
 

 

 --

 Email.it, the professional e-mail, gratis per te: http://www.email.it/f

 

 Sponsor:

 Problemi di Liquiditÿ? Con Logos Finanziaria 30.000 ÿ in 24 ore a dipendenti e 
lavoratori autonomi con rimborsi fino a 120 mesi clicca qui

* 

 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2907&d=2-4

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radutmp file problem with simultanous problem

2007-04-02 Thread Alan Dekok 
satish patel wrote:
>   I have very strange problem i am useing freeradius 
> with mssql database and it is working fine since 1 month without error 
> but last week my radius server power switch off or due to any power 
> reson my radius machine would shutdown now when it come back i run 
> radwtmp there is list of users and when i goes or telnet on cisco NAS 
> there is no one users

   Yes.  FreeRADIUS only knows what the NAS sends it.  If the NAS never 
tells FreeRADIUS that it rebooted, the server has no way of knowing that 
there are no users still on the NAS.

> and after it i check radius log i saw the max 1 
> login error means multiple users login problem so what is the problem i 
> know the problem but this is not a way caz it caz happend any time then 
> i delete /var/log/radius/radutmp file

   "man radzap".

> then again users able to login 
> this is the simultaneous login problem i know caz checkrad first check 
> radutmp and then check in to NAS i know logic behind this but this is 
> not a proper solution then how can i resolve it is there any method to 
> adovide this problem..

   checkrad *should* work if you have configured it.  And it doesn't 
work the way you think.

   If "radutmp" says that the user isn't logged in, he is allowed in.

   Otherwise, "checkrad" is run to ask the NAS if the user is logged in.

   If the user isn't logged in, then the entry in "radutmp" is deleted, 
and the user is allowed in.

   Alan DeKok.
--
   http://deployingradius.com   - The web site of the book
   http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Freeradius-Users Digest, Vol 24, Issue 5

2007-04-02 Thread khursheed Ahmed 
NAS-IP-Address = xx
> > > NAS-Port = 111
> > >rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=145,
> > length=180
> > > Ascend-Data-Filter = "ip in forward tcp est"
> > > Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24 0"
> > > Ascend-Data-Filter = "ip in drop tcp dstport = 25"
> > > Ascend-Data-Filter = "ip in forward 0"
> > >
> > >
> > >Ranner, Frank MR wrote:
> > > > Use the += operator, eg Ascend-Data-Filter += "ip in forward dstip
> > > > xx.xx.xx.0/24", to append to
> > > > a multi-valued list.
> > > >
> > > > FR
> > > >
> > > >
> > > >> -Original Message-
> > > >> From:
> > > >> [EMAIL PROTECTED]
> > > >> eradius.org
> > > >> [mailto:[EMAIL PROTECTED]
> > > >> ists.freeradius.org] On Behalf Of Shawn Mitchell
> > > >> Sent: Monday, 2 April 2007 07:45
> > > >> To: FreeRadius users mailing list
> > > >> Subject: Re: Attributes
> > > >>
> > > >> Ok, here's what I'm doing:
> > > >>
> > > >> DEFAULT Client-IP-Address == xx.xx.xx.xx
> > > >> Ascend-Data-Filter = "ip in forward tcp est",
> > > >> Ascend-Data-Filter = "ip in forward dstip xx.xx.xx.0/24",
> > > >> Ascend-Data-Filter = "ip in drop tcp dstport = 25",
> > > >> Ascend-Data-Filter = "ip in forward",
> > > >> Fall-Through = Yes
> > > >>
> > > >> I turned on logging of reply's, but all I'm seeing it send is:
> > > >>
> > > >> Sun Apr  1 16:31:21 2007
> > > >> Ascend-Data-Filter = "ip in forward tcp est"
> > > >>
> > > >> I put this into the 'users' file btw.
> > > >>
> > > >>
> > > >>
> > > >> Alan DeKok wrote:
> > > >>
> > > >>> Shawn Mitchell wrote:
> > > >>>
> > > >>>
> > > >>>> Where can I say "If client is 'x', then also send these
> > > >>>>
> > > >> attributes to
> > > >>
> > > >>>> users being authenticated..."?
> > > >>>>
> > > >>>>
> > > >>>   In the "users" file.
> > > >>>
> > > >>> DEFAULT Client-IP-Address == 1.2.3.4
> > > >>>   Reply-Message = "You're coming from 1.2.3.4"
> > > >>>
> > > >>>   Alan DeKok.
> > > >>> --
> > > >>>   http://deployingradius.com   - The web site of the book
> > > >>>   http://deployingradius.com/blog/ - The blog
> > > >>> -
> > > >>> List info/subscribe/unsubscribe? See
> > > >>> http://www.freeradius.org/list/users.html
> > > >>>
> > > >>>
> > > >> -
> > > >> List info/subscribe/unsubscribe? See
> > > >> http://www.freeradius.org/list/users.html
> > > >>
> > > >>
> > > >
> > > > -
> > > > List info/subscribe/unsubscribe? See
> > >http://www.freeradius.org/list/users.html
> > > >
> > >
> > >
> > >
> > >--
> > >
> > >Message: 6
> > >Date: Mon, 2 Apr 2007 03:03:25 +
> > >From: Aren Chua <[EMAIL PROTECTED]>
> > >Subject: RE: Anyone using dd-wrt for AP?
> > >To: FreeRadius users mailing list
> > >   
> > >Message-ID: <[EMAIL PROTECTED]>
> > >Content-Type: text/plain; charset="iso-8859-1"
> > >
> > >
> > >Ian Truelsen
> > >
> > >you can try the hotspot(chillispot) under DD-WRT firmware to configure
> > your
> > >AP to authenticate against the radius server.
> > >Regards,
> > >Aren Chua> Date: Sun, 1 Apr 2007 10:16:25 +0200> From:
> > >[EMAIL PROTECTED]> To: freeradius-users@lists.freeradius.org>
> > >Subject: Re: Anyone using dd-wrt for AP?> > Ian Truelsen wrote:> >> >
> > >Hopefully that is not the case. The freeradius server is on an 
>external>
> > >
> > >machine. I am trying to get the AP to authenticate against that 
>server,>
> > >
> > >but I am having trouble sorting out how to get it to do this.> > There
> > >should be a RADIUS server configuration. But you'll have to> enable
> > 802.1x
> > >authentication, too.> > Alan DeKok.> --> http://deployingradius.com - 
>The
> > >web site of the book> http://deployingradius.com/blog/ - The blog> - >
> > List
> > >info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
> > >_
> > >Your friends are close to you.?Keep them that way.
> > >http://spaces.live.com/signup.aspx
> > >-- next part --
> > >An HTML attachment was scrubbed...
> > >URL:
> > >
> > 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5e13df6d/attachment-0001.html
> > >
> > >--
> > >
> > >Message: 7
> > >Date: Sun, 1 Apr 2007 22:59:20 -0700 (PDT)
> > >From: awaneesh kumar <[EMAIL PROTECTED]>
> > >Subject: EAP-AKA patch for Freeradius 1.1.2
> > >To: freeradius-users@lists.freeradius.org
> > >Message-ID: <[EMAIL PROTECTED]>
> > >Content-Type: text/plain; charset="iso-8859-1"
> > >
> > >Hi All,
> > >
> > >   I have downloaded patch from
> > >http://bugs.freeradius.org/show_bug.cgi?id=386.
> > >   I have succesfully applied patch to Freeradius1.1.2. Few questions i
> > >have..
> > >
> > >   a) Does patch supports optional identity privacy support, optional
> > >result indications, and an optional fast re-authentication procedure.
> > >
> > >   b)   After receiving EAP-Request/AKA-Challenge from server, client
> > >should calculate AT_MAC and compares with the received one. If it 
>matches
> > >it should send back the EAP-Response/AKA-Challenge with AT_RES and new
> > >AT_MAC.
> > >   As per section 10.8 of RFC 4187, AT_RES should be encoded as 
>follows.
> > >
> > >   The value field of this attribute begins with the 2-byte
> > > RES Length,which identifies the exact length of 
>the
> > >RES in bits.  The RES length is followed by the AKA RES parameter.
> > >According to [TS33.105], the length of the AKA RES can vary between 32
> > and
> > >128 bits.  Because the length of the AT_RES attribute must be a
> > >multiple of 4 bytes, the sender pads the RES with zero bits
>where
> > >necessary
> > >
> > >   Trace below is packet from client to server:-
> > >
> > >   0x0242003017010305d0d0d0d0d0d0d0d0d0d0d0d0d0d0d0d00b0500
> > >000d6eb3a8082c9d2c0a031505b7a0fac0
> > >
> > >   c)   As per section 3 (Figure 2) from RFC 4187, if server is unable 
>to
> > >authenticate client if AT_MAC or AT_RES is incorrect, it should back 
>the
> > >EAP-Request/AKA-Notification to client and client should respond back
> > with
> > >EAP-Response/AKA-Notification. Then only server should send back EAP
> > result
> > >as Failure. But Freeradius1.1.2 sends back the EAP Result (FAILURE) 
>with
> > >Access-Reject. How ever success scenarion works perfectly.
> > >
> > >   d) After receiving AKA-Challenge from Radius server, does patch
> > supports
> > >the checking of Sequence No from AUTN parameter?
> > >
> > >   Do we have any latest patch to support EAP-AKA?
> > >
> > >   Thanks
> > >
> > >
> > >
> > >
> > >
> > >
> > >-
> > >Sucker-punch spam with award-winning protection.
> > >  Try the free Yahoo! Mail Beta.
> > >-- next part --
> > >An HTML attachment was scrubbed...
> > >URL:
> > >
> > 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070401/1708475c/attachment.html
> > >
> > >--
> > >
> > >-
> > >List info/subscribe/unsubscribe? See
> > >http://www.freeradius.org/list/users.html
> > >
> > >
> > >End of Freeradius-Users Digest, Vol 24, Issue 3
> > >***
> >
> > _
> > Express yourself instantly with MSN Messenger! Download today it's FREE!
> > http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>-- next part --
>An HTML attachment was scrubbed...
>URL: 
>https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070402/5b0b22be/attachment.html
>
>--
>
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
>
>
>End of Freeradius-Users Digest, Vol 24, Issue 5
>***

_
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Users Digest, Vol 24, Issue 5

2007-04-02 Thread Jan Mulders 

Radtest is designed to send RADIUS packets. If you take a look at the
manpage you will see that it is based on a small utility that sends raw
RADIUS packets, and contains code for retransmission, display of variables,
and other things.

What do you mean, "AVPs"? If you're referring to the draft EAP protocol
using Diameter, then I have no knowledge of how to send these. You may want
to try reading the manpage for radtest, or reading the documentation for
radcheck.

Jan
On 02/04/07, khursheed Ahmed <[EMAIL PROTECTED]> wrote:



Hi Jan

like Radtest, But radtest is used for the test of Radius installation
Could it will give me AVPs of
Radius so that may  I convert them for Diameter packets

thnx

>From: [EMAIL PROTECTED]
>Reply-To: freeradius-users@lists.freeradius.org
>To: freeradius-users@lists.freeradius.org
>Subject: Freeradius-Users Digest, Vol 24, Issue 5
>Date: Mon, 02 Apr 2007 11:15:13 +0200
>
>Send Freeradius-Users mailing list submissions to
>   freeradius-users@lists.freeradius.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>   http://lists.freeradius.org/mailman/listinfo/freeradius-users
>or, via email, send a message with subject or body 'help' to
>   [EMAIL PROTECTED]
>
>You can reach the person managing the list at
>   [EMAIL PROTECTED]
>
[snip]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

modules' instantiation failing (files)

2007-04-02 Thread Pedro Figueiredo 
hi all,

i need to send different lns configuration in a round-robin fashion.  
in order to do this, i added the following to modules:

 files rra {
 userfile = ${confdir}/users.rr1
 acctusersfile = ${confdir}/acct_users
 preproxy_usersfile = ${confdir}/preproxy_users
 compat = no
 }
 files rrb {
 userfile = ${confdir}/users.rr2
 acctusersfile = ${confdir}/acct_users
 preproxy_usersfile = ${confdir}/preproxy_users
 compat = no
 }

and then in authorize:

 redundant-load-balance {
 rra
 rrb
 ok = 1
 }

freeradius is picking the right module, alternating between them on  
each request. the problem is in the instantiation of the modules,  
where i'm getting the following:

Module: Instantiated files (rra)
files: usersfile = "/etc/freeradius-dev/users"
files: acctusersfile = "/etc/freeradius-dev/acct_users"
files: preproxy_usersfile = "/etc/freeradius-dev/preproxy_users"
files: compat = "no"
Module: Instantiated files (rrb)
files: usersfile = "/etc/freeradius-dev/users"
files: acctusersfile = "/etc/freeradius-dev/acct_users"
files: preproxy_usersfile = "/etc/freeradius-dev/preproxy_users"
files: compat = "no"

as you can see, it's not reading the files i told it to read.  
confirmed with strace, just to be on the safe side:

write(1, "Module: Instantiated files (rra)"..., 34Module:  
Instantiated files (rra)) = 34
write(1, " files: usersfile = \"/etc/freera"..., 48 files: usersfile  
= "/etc/freeradius-dev/users") = 48
write(1, " files: acctusersfile = \"/etc/fr"..., 57 files:  
acctusersfile = "/etc/freeradius-dev/acct_users") = 57
write(1, " files: preproxy_usersfile = \"/e"..., 66 files:  
preproxy_usersfile = "/etc/freeradius-dev/preproxy_users") = 66
write(1, " files: compat = \"no\"\n", 22 files: compat = "no") = 22
open("/etc/freeradius-dev/users", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0640, st_size=1880, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,  
0) = 0x2a973c3000
read(6, "# Simplify the Tunneling rules t"..., 4096) = 1880
read(6, "", 4096)   = 0
read(6, "", 4096)   = 0
close(6)= 0
munmap(0x2a973c3000, 4096)  = 0
open("/etc/freeradius-dev/acct_users", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0640, st_size=532, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,  
0) = 0x2a973c3000
read(6, "#\n#\t$Id: acct_users,v 1.4 2003/0"..., 4096) = 532
read(6, "", 4096)   = 0
read(6, "", 4096)   = 0
close(6)= 0
munmap(0x2a973c3000, 4096)  = 0
open("/etc/freeradius-dev/preproxy_users", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0640, st_size=1039, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,  
0) = 0x2a973c3000
read(6, "#\n#  Configuration file for the "..., 4096) = 1039
read(6, "", 4096)   = 0
close(6)= 0
munmap(0x2a973c3000, 4096)  = 0
write(1, "Module: Instantiated files (rrb)"..., 34Module:  
Instantiated files (rrb)) = 34
write(1, " files: usersfile = \"/etc/freera"..., 48 files: usersfile  
= "/etc/freeradius-dev/users") = 48
write(1, " files: acctusersfile = \"/etc/fr"..., 57 files:  
acctusersfile = "/etc/freeradius-dev/acct_users") = 57
write(1, " files: preproxy_usersfile = \"/e"..., 66 files:  
preproxy_usersfile = "/etc/freeradius-dev/preproxy_users") = 66
write(1, " files: compat = \"no\"\n", 22 files: compat = "no") = 22
open("/etc/freeradius-dev/users", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0640, st_size=1880, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,  
0) = 0x2a973c3000
read(6, "# Simplify the Tunneling rules t"..., 4096) = 1880
read(6, "", 4096)   = 0
read(6, "", 4096)   = 0
close(6)= 0
munmap(0x2a973c3000, 4096)  = 0
open("/etc/freeradius-dev/acct_users", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0640, st_size=532, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,  
0) = 0x2a973c3000
read(6, "#\n#\t$Id: acct_users,v 1.4 2003/0"..., 4096) = 532
read(6, "", 4096)   = 0
read(6, "", 4096)   = 0
close(6)= 0
munmap(0x2a973c3000, 4096)  = 0
open("/etc/freeradius-dev/preproxy_users", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0640, st_size=1039, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,  
0) = 0x2a973c3000
read(6, "#\n#  Configuration file for the "..., 4096) = 1039
read(6, "", 4096)   = 0
close(

Freeradius Checkrad Redback

2007-04-02 Thread ahissi jean-françois 
Hello,

I'am facing a Simultaneous-Use problem.

We are ISP and we have adsl subscribers.
The aaa is a freeradius 1.1.3 server
and the NAS is a REDBACK  SMS.

The Simultaneous-Use  don't  work!

We want plan to use checkrad but
there is no snmp script for redback!
The telnet options is  not  good  i think because  we have  18000  
subscribers.

Please help me with a  snmp  script  for  redback  or  with  an  other  
solution 
for Simultaneous-Use.

Thinks!

Jan Mulders a écrit :
>
> Radtest is designed to send RADIUS packets. If you take a look at the 
> manpage you will see that it is based on a small utility that sends 
> raw RADIUS packets, and contains code for retransmission, display of 
> variables, and other things.
>
> What do you mean, "AVPs"? If you're referring to the draft EAP 
> protocol using Diameter, then I have no knowledge of how to send 
> these. You may want to try reading the manpage for radtest, or reading 
> the documentation for radcheck.
>
> Jan
> On 02/04/07, *khursheed Ahmed* <[EMAIL PROTECTED] 
> > wrote:
>
>
> Hi Jan
>
> like Radtest, But radtest is used for the test of Radius installation
> Could it will give me AVPs of
> Radius so that may  I convert them for Diameter packets
>
> thnx
>
> >From: [EMAIL PROTECTED]
> 
> >Reply-To: freeradius-users@lists.freeradius.org
> 
> >To: freeradius-users@lists.freeradius.org
> 
> >Subject: Freeradius-Users Digest, Vol 24, Issue 5
> >Date: Mon, 02 Apr 2007 11:15:13 +0200
> >
> >Send Freeradius-Users mailing list submissions to
> >   freeradius-users@lists.freeradius.org
> 
> >
> >To subscribe or unsubscribe via the World Wide Web, visit
> >   http://lists.freeradius.org/mailman/listinfo/freeradius-users
> >or, via email, send a message with subject or body 'help' to
> >   [EMAIL PROTECTED]
> 
> >
> >You can reach the person managing the list at
> >   [EMAIL PROTECTED]
> 
> >
> [snip]
>
>
> 
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: modules' instantiation failing (files)

2007-04-02 Thread Alan DeKok 
Pedro Figueiredo wrote:
> i need to send different lns configuration in a round-robin fashion.  
> in order to do this, i added the following to modules:
> 
>  files rra {
>  userfile = ${confdir}/users.rr1

  It's "usersfile", with an "s".  "users" + "file".

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius Packet Simulator

2007-04-02 Thread Ryan Kramer 

jradius is about the best i've found.


On 4/2/07, khursheed Ahmed <[EMAIL PROTECTED]> wrote:




Hi All

   I need a RADIUS Packet simulator, which could simulate RADIUS packet
for
me,
If is there any Plz tell me,
As I needed it bcz I m developing a Translation Agent which could
translate
(convert)
RADIS packet in to Diameter Packet.

Is there any Idea Plz help me


Khursheed Ahmed QAU



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: modules' instantiation failing (files)

2007-04-02 Thread Pedro Figueiredo 
On 2 Apr 2007, at 13:38, Alan DeKok wrote:
> Pedro Figueiredo wrote:
>> i need to send different lns configuration in a round-robin fashion.
>> in order to do this, i added the following to modules:
>>
>>  files rra {
>>  userfile = ${confdir}/users.rr1
>
>   It's "usersfile", with an "s".  "users" + "file".
>
>   Alan DeKok.


oh. now i'm as red as a big red nose (although, in my defense, 1  
other people looked into this as well and also couldn't spot it).

one suggestion for the future, though: can freeradius complain when  
it finds an unknown keyword?

thank you very much for your help.

pedro
--
This email and any attachments may be confidential and/or legally privileged. 
If you have received this e-mail and you are not a named addressee, please 
inform the sender of this email by sending a return email to the address above 
and then delete the e-mail and your response from your system. If you are not a 
named addressee you must not use, disclose, distribute, copy, print or rely on 
this e-mail. Any views or opinions presented are solely those of the author. 
Any statements made, or intentions expressed in this communication may not 
necessarily reflect the view of Easynet. No content herein will bind Easynet or 
any associated company unless confirmed by the execution of a formal contract 
by Easynet. Any figures or amounts given in this email are quotations only and 
are subject to change. Although Easynet routinely screens for viruses, 
addressees should scan this e-mail and any attachments for viruses. Easynet 
makes no representation or warranty as to the absence of virus!
 es in this e-mail or any attachments. Please note that to ensure regulatory 
compliance and for the protection of our customers and business, we may monitor 
and read e-mails sent to and from our server(s). 

Easynet Limited a company incorporated and existing under the laws of England 
and Wales, with company number 2954343 and having its registered office at 
44-46 Whitfield Street London, W1T 2RJ.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: modules' instantiation failing (files)

2007-04-02 Thread Alan DeKok 
Pedro Figueiredo wrote:
> one suggestion for the future, though: can freeradius complain when  
> it finds an unknown keyword?

  As always, patches are welcome.

  But part of the issue is philosophy: The configuration file format is
very forgiving, which avoids a lot of problems.  Occasionally it can be
too forgiving, but the problem is usually a caused by re-typing things,
rather than doing a "cut & paste" of configuration.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Badusers?

2007-04-02 Thread Internet-Wifi Operador 

Hi, 2 simple question.
Freeradius, know or do something with badusers file?
What is the idea of badusers file?
Thanks.
Fabián

_
Mortgage refinance is hot 1) Rates near 30-yr lows 2) Good credit get 
intro-rate 4.625%* 
https://www2.nextag.com/goto.jsp?product=10035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2a5f&s=4056&p=5117&disc=y&vers=743


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Sqlcounter Max-Octets doesn't reset

2007-04-02 Thread Internet-Wifi Operador 

Hi, take a look to sqlcounter dailycounter.
I think, you need modify your query, to get that you want.



Fabián






From: "Sigfrido" <[EMAIL PROTECTED]>
Reply-To: FreeRadius users mailing list 


To: 
Subject: Sqlcounter Max-Octets doesn't reset
Date: Mon, 2 Apr 2007 11:54:58 +0200

Hi all,

freeradius 1.1.0 on Ubuntu Dapper

all's going but the counter below is not resetting:

sqlcounter volumelimitcounter {
counter-name = Total-Max-Octets
check-name = Max-Octets
reply-name = ChilliSpot-Max-Total-Octets
sqlmod-inst = sql
key = User-Name
reset = daily
query = "SELECT SUM(AcctOutputOctets) FROM radacct 
where UserName ='%{%k}'"

}


I would like to reset, everyday at 00:00, the Max-Octets (in radcheck 
table) to 0 but it seems not working. I tried also the "hourly" reset, with 
same results.

Any idea ? It's a bug or what ?

TIA




 --

 Email.it, the professional e-mail, gratis per te: http://www.email.it/f



 Sponsor:

 Problemi di Liquiditÿ? Con Logos Finanziaria 30.000 ÿ in 24 ore a 
dipendenti e lavoratori autonomi con rimborsi fino a 120 mesi clicca qui


*

 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=2907&d=2-4





-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


_
5.5%* 30 year fixed mortgage rate. Good credit refinance. Up to 5 free 
quotes - *Terms 
https://www2.nextag.com/goto.jsp?product=10035&url=%2fst.jsp&tm=y&search=mortgage_text_links_88_h2a5d&s=4056&p=5117&disc=y&vers=910


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: modules' instantiation failing (files)

2007-04-02 Thread Pedro Figueiredo 

On 2 Apr 2007, at 14:51, Pedro Figueiredo wrote:

> On 2 Apr 2007, at 13:38, Alan DeKok wrote:
>> Pedro Figueiredo wrote:
>>> i need to send different lns configuration in a round-robin fashion.
>>> in order to do this, i added the following to modules:
>>>
>>>  files rra {
>>>  userfile = ${confdir}/users.rr1
>>
>>   It's "usersfile", with an "s".  "users" + "file".
>>
>>   Alan DeKok.
>
>
> oh. now i'm as red as a big red nose (although, in my defense, 1
> other people looked into this as well and also couldn't spot it).

ok, there's something really weird going on now. this is my config:

 files {
 usersfile = ${confdir}/users
 acctusersfile = ${confdir}/acct_users
 preproxy_usersfile = ${confdir}/preproxy_users

 #  If you want to use the old Cistron 'users' file
 #  with FreeRADIUS, you should change the next line
 #  to 'compat = cistron'.  You can the copy your  
'users'
 #  file from Cistron.
 compat = no
 }


 files wcpefiles {
 usersfile = ${confdir}/wcpeusers
 acctusersfile = ${confdir}/acct_users
 compat = no
 }

 files rra {
 usersfile = ${confdir}/users.rr1
 acctusersfile = ${confdir}/acct_users
 preproxy_usersfile = ${confdir}/preproxy_users
 compat = no
 }

 files rrb {
 usersfile = ${confdir}/users.rr2
 acctusersfile = ${confdir}/acct_users
 preproxy_usersfile = ${confdir}/preproxy_users
 compat = no
 }

and here's what's happening:

Module: Loaded files
files: usersfile = "/etc/freeradius-dev/users"
files: acctusersfile = "/etc/freeradius-dev/acct_users"
files: preproxy_usersfile = "/etc/freeradius-dev/preproxy_users"
files: compat = "no"
Module: Instantiated files (files)
files: usersfile = "/etc/freeradius-dev/users.rr1"
files: acctusersfile = "/etc/freeradius-dev/acct_users"
files: preproxy_usersfile = "/etc/freeradius-dev/preproxy_users"
files: compat = "no"
Module: Instantiated files (rra)
files: usersfile = "/etc/freeradius-dev/users.rr2"
files: acctusersfile = "/etc/freeradius-dev/acct_users"
files: preproxy_usersfile = "/etc/freeradius-dev/preproxy_users"
files: compat = "no"
Module: Instantiated files (rrb)
files: usersfile = "/etc/freeradius-dev/wcpeusers"
files: acctusersfile = "/etc/freeradius-dev/acct_users"
files: preproxy_usersfile = "/etc/freeradius-dev/preproxy_users"
files: compat = "no"
Module: Instantiated files (wcpefiles)

as you can see, it's off by one. any suggestions or ideas on why it's  
doing this?

cheers,

pedro
This email and any attachments may be confidential and/or legally privileged. 
If you have received this e-mail and you are not a named addressee, please 
inform the sender of this email by sending a return email to the address above 
and then delete the e-mail and your response from your system. If you are not a 
named addressee you must not use, disclose, distribute, copy, print or rely on 
this e-mail. Any views or opinions presented are solely those of the author. 
Any statements made, or intentions expressed in this communication may not 
necessarily reflect the view of Easynet. No content herein will bind Easynet or 
any associated company unless confirmed by the execution of a formal contract 
by Easynet. Any figures or amounts given in this email are quotations only and 
are subject to change. Although Easynet routinely screens for viruses, 
addressees should scan this e-mail and any attachments for viruses. Easynet 
makes no representation or warranty as to the absence of virus!
 es in this e-mail or any attachments. Please note that to ensure regulatory 
compliance and for the protection of our customers and business, we may monitor 
and read e-mails sent to and from our server(s). 

Easynet Limited a company incorporated and existing under the laws of England 
and Wales, with company number 2954343 and having its registered office at 
44-46 Whitfield Street London, W1T 2RJ.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: modules' instantiation failing (files)

2007-04-02 Thread Alan DeKok 
Pedro Figueiredo wrote:
> as you can see, it's off by one. any suggestions or ideas on why it's  
> doing this?

  It's not off by one.  Read it again.

  It prints out the configuration items BEFORE it prints out that it
successfully instantiated the module.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Badusers?

2007-04-02 Thread Alan DeKok 
Internet-Wifi Operador wrote:
> Hi, 2 simple question.
> Freeradius, know or do something with badusers file?
> What is the idea of badusers file?

  No idea.  What's a "badusers" file?

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radius accounting and syslog

2007-04-02 Thread Archie Holland 
I'm preparing to transition from NavisRadius to FreeRadius.  NavisRadius 
allowed me to log stop/start events via syslog.  Is there any _EASY_ way to 
emulate this behavior in FreeRadius?

-- 
= The Net That Works! 
Archie Hollandhttp://www.blue.net   1(270)735-3553
Bluegrass Network LLC  1(270)765-6361, ext6220
Senior Systems Administrator   Fax: 1(270)737-0580
= The AdminBlue Team =
Archie Holland  Mitzi ReynoldsDouglas Lamb
Tommy ChismCheryl Ruckriegel  Keith Corbin
= mailto:[EMAIL PROTECTED] ==
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Badusers?

2007-04-02 Thread Internet-Wifi Operador 


Ok, thanks verry, verry much!!!
This file come with phpdialupadmin, and others control panels for freeradius 
and I don't understand what they do whith that.

Thanks Alan.
I trying to do something to admin Freeradius with mySQL, so I'm looking 
every possibilities

Thanks again

Fabián






From: Alan DeKok <[EMAIL PROTECTED]>
Reply-To: FreeRadius users mailing list 


To: FreeRadius users mailing list 
Subject: Re: Badusers?
Date: Mon, 02 Apr 2007 17:40:37 +0200

Internet-Wifi Operador wrote:
> Hi, 2 simple question.
> Freeradius, know or do something with badusers file?
> What is the idea of badusers file?

  No idea.  What's a "badusers" file?

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


_
Get a FREE Web site, company branded e-mail and more from Microsoft Office 
Live! http://clk.atdmt.com/MRT/go/mcrssaub0050001411mrt/direct/01/


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: passing Calling-Station-ID

2007-04-02 Thread Alan DeKok 
Adil Azmi Bikarbass wrote:
> Do i need to create a whole DB for only one filed that i will pass from 
> one NAS to another?

  You have to store the data somewhere.

> Knowing that my Freeradius is running on Solaris 10 which DB you suggest 
> to use?

  Postgres works.  Recent versions of OpenLDAP are very fast, too.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Badusers?

2007-04-02 Thread Internet-Wifi Operador 
another thing, I'm waiting to k'now the new version because, I guess the new 
version have a new file named dictionary, and I'm watting to know how it 
work. I think thiis file is a verry good idea.


Fabián






From: Alan DeKok <[EMAIL PROTECTED]>
Reply-To: FreeRadius users mailing list 


To: FreeRadius users mailing list 
Subject: Re: Badusers?
Date: Mon, 02 Apr 2007 17:40:37 +0200

Internet-Wifi Operador wrote:
> Hi, 2 simple question.
> Freeradius, know or do something with badusers file?
> What is the idea of badusers file?

  No idea.  What's a "badusers" file?

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


_
i'm making a difference. Make every IM count for the cause of your choice. 
Join Now. 
http://clk.atdmt.com/MSN/go/msnnkwme008001msn/direct/01/?href=http://im.live.com/messenger/im/home/?source=hmtagline


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

HUP in freeradius-1.1.5 + CVS results in process death.

2007-04-02 Thread Arran Cudbard-Bell 
I know theres a bug report for this already,
but when I HUP the process freeradius doesn't die in the same place.

I get..

Mon Apr  2 18:10:16 2007 : Info: rlm_sql_mysql: Starting connect to 
MySQL server for #3
Mon Apr  2 18:10:16 2007 : Info: rlm_sql_mysql: Starting connect to 
MySQL server for #4
Mon Apr  2 18:10:16 2007 : Info: rlm_eap_tls: Loading the certificate 
file as a chain
Mon Apr  2 18:10:16 2007 : Error: rlm_eap: SSL error error:0906D06C:PEM 
routines:PEM_read_bio:no start line
Mon Apr  2 18:10:16 2007 : Error: rlm_eap_tls: Error reading certificate 
file
Mon Apr  2 18:10:16 2007 : Error: rlm_eap: Failed to initialize type tls
Mon Apr  2 18:10:16 2007 : Error: radiusd.conf[10]: eap: Module 
instantiation failed.
Mon Apr  2 18:10:16 2007 : Error: radiusd.conf[1925] Unknown module "eap".
Mon Apr  2 18:10:16 2007 : Error: radiusd.conf[1873] Failed to parse 
authenticate section.


TLS configured:
  tls: rsa_key_exchange = no
  tls: dh_key_exchange = yes
  tls: rsa_key_length = 512
  tls: dh_key_length = 512
  tls: verify_depth = 0
  tls: CA_path = "(null)"
  tls: pem_file_type = yes
  tls: private_key_file = 
"/usr/local/freeradius-1.1.5_nas/etc/raddb/certs/radius.sussex.ac.uk.key"
  tls: certificate_file = 
"/usr/local/freeradius-1.1.5_nas/etc/raddb/certs/radius.sussex.ac.uk.crt"
  tls: CA_file = 
"/usr/local/freeradius-1.1.5_nas/etc/raddb/certs/demoCA/cacert.pem"
  tls: private_key_password = "(null)"
  tls: dh_file = "/usr/local/freeradius-1.1.5_nas/etc/raddb/certs/dh"
  tls: random_file = "/dev/urandom"
  tls: fragment_size = 1024
  tls: include_length = yes
  tls: check_crl = no
  tls: check_cert_cn = "(null)"
  tls: cipher_list = "(null)"
  tls: check_cert_issuer = "(null)"
rlm_eap_tls: Loading the certificate file as a chain

Doesn't look like the same bug, anyone else had this ?

-- 
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication Authorisation & Accounting Officer
Infrastructure Services | ENG1 FF08
EXT:3900
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

OS X 10.4 server install

2007-04-02 Thread Glen Page 

I am new to FreeRadius.

I have downloaded and installed FreeRadius on my 10.4 server machine  
and now need some pointers on getting it working.
I downloaded the Radius installer (FreeRadius for OS X) from  
StellarRADIUS and ran the installer.


Now I need pointers for where to go next. The machine that I have  
installed FreeRadius on is my OpenDirectory (LDAP) master. My hope is  
to be able to get FreeRadius to authenticate users against the LDAP  
so that I can control who uses our wireless network.


TIA for the help,

Glen Page
Technology Systems Administrator
ThetNet

Well It looks like an ID10T Error

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: HUP in freeradius-1.1.5 + CVS results in process death.

2007-04-02 Thread Alan DeKok 
Arran Cudbard-Bell wrote:
> I know theres a bug report for this already,
> but when I HUP the process freeradius doesn't die in the same place.

  If it's an issue due to incorrectly free'd memory, the crashes will be
random.

  There may be a fix in 1.1.6, but I'm not sure.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius accounting and syslog

2007-04-02 Thread Alan DeKok 
Archie Holland wrote:
> I'm preparing to transition from NavisRadius to FreeRadius.
> NavisRadius allowed me to log stop/start events via syslog.
> Is there any _EASY_ way to emulate this behavior in FreeRadius?

  Run a Perl script, and have it write to syslog.

  There is a syslog module for the server on bugs.freeradius.org, but
last time I looked at it, I decided not to add it in...

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: OS X 10.4 server install

2007-04-02 Thread Alan DeKok 
Glen Page wrote:
> I am new to FreeRadius. 
> 
> I have downloaded and installed FreeRadius on my 10.4 server machine and
> now need some pointers on getting it working.
> I downloaded the Radius installer (FreeRadius for OS X) from
> StellarRADIUS and ran the installer.
> 
> Now I need pointers for where to go next. The machine that I have
> installed FreeRadius on is my OpenDirectory (LDAP) master. My hope is to
> be able to get FreeRadius to authenticate users against the LDAP so that
> I can control who uses our wireless network.

  Then you don't want to authenticate users against LDAP.

http://deployingradius.com/documents/protocols/oracles.html

  You want FreeRADIUS to read the clear-text passwords from LDAP, and
then do the authentication itself.  Remember, LDAP is a database, not an
authentication server.  FreeRADIUS is an authentication server, not a
database.

  The O'Reilly OpenLDAP book has a good chapter on getting LDAP working
with FreeRADIUS.  I recommend reading it.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

error on start up

2007-04-02 Thread Jackson Jerry-NPC637 
Hello - 

 

I hope I haven't missed something obvious, but am having trouble getting
radius to start

after installing/configure/make...running Fedora core 5.  

 

Note - I'm not an Linux expert, so bear with me.

 

This is the error - 

 

[EMAIL PROTECTED] freeradius-1.1.5]# radiusd -X

Starting - reading configuration files ...

reread_config:  reading radiusd.conf

Config:   including file: /usr/local/etc/raddb/proxy.conf

Config:   including file: /usr/local/etc/raddb/clients.conf

Config:   including file: /usr/local/etc/raddb/snmp.conf

Config:   including file: /usr/local/etc/raddb/eap.conf

Config:   including file: /usr/local/etc/raddb/sql.conf

 main: prefix = "/usr/local"

 main: localstatedir = "/usr/local/var"

 main: logdir = "/usr/local/var/log/radius"

 main: libdir = "/usr/local/lib"

 main: radacctdir = "/usr/local/var/log/radius/radacct"

 main: hostname_lookups = no

 main: max_request_time = 30

 main: cleanup_delay = 5

 main: max_requests = 1024

 main: delete_blocked_requests = 0

 main: port = 0

 main: allow_core_dumps = no

 main: log_stripped_names = no

 main: log_file = "/usr/local/var/log/radius/radius.log"

 main: log_auth = no

 main: log_auth_badpass = no

 main: log_auth_goodpass = no

 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"

 main: user = "(null)"

 main: group = "(null)"

 main: usercollide = no

 main: lower_user = "no"

 main: lower_pass = "no"

 main: nospace_user = "no"

 main: nospace_pass = "no"

 main: checkrad = "/usr/local/sbin/checkrad"

 main: proxy_requests = yes

 proxy: retry_delay = 5

 proxy: retry_count = 3

 proxy: synchronous = no

 proxy: default_fallback = yes

 proxy: dead_time = 120

 proxy: post_proxy_authorize = no

 proxy: wake_all_if_all_dead = no

 security: max_attributes = 200

 security: reject_delay = 1

 security: status_server = no

 main: debug_level = 0

read_config_files:  reading dictionary

read_config_files:  reading naslist

Using deprecated naslist file.  Support for this will go away soon.

read_config_files:  reading clients

read_config_files:  reading realms

radiusd:  entering modules setup

Module: Library search path is /usr/local/lib

*** glibc detected *** radiusd: double free or corruption (fasttop):
0x08b30140 ***

=== Backtrace: =

/lib/libc.so.6[0x8d6f18]

/lib/libc.so.6(__libc_free+0x79)[0x8da41d]

/usr/local/lib/libltdl.so.3[0x5736bb]

/usr/local/lib/libltdl.so.3(lt_dlopenext+0xbe)[0x57404e]

radiusd(find_module_instance+0x317)[0xf571a7]

radiusd(setup_modules+0x1d8)[0xf57758]

radiusd(main+0x45c)[0xf5ad8c]

/lib/libc.so.6(__libc_start_main+0xdc)[0x8887e4]

radiusd[0xf4ecd1]

=== Memory map: 

00111000-00123000 r-xp  fd:00 976235 /usr/lib/libz.so.1.2.3

00123000-00124000 rwxp 00011000 fd:00 976235 /usr/lib/libz.so.1.2.3

00124000-00127000 r-xp  fd:00 976261
/usr/lib/libkrb5support.so.0.0

00127000-00128000 rwxp 2000 fd:00 976261
/usr/lib/libkrb5support.so.0.0

0016d000-0017e000 r-xp  fd:00 18515580   /lib/libnsl-2.4.so

0017e000-0017f000 r-xp 0001 fd:00 18515580   /lib/libnsl-2.4.so

0017f000-0018 rwxp 00011000 fd:00 18515580   /lib/libnsl-2.4.so

0018-00182000 rwxp 0018 00:00 0

001d3000-001d4000 r-xp 001d3000 00:00 0  [vdso]

002e1000-002f6000 r-xp  fd:00 959556
/usr/local/lib/libradius-1.1.5.so

002f6000-002f7000 rwxp 00014000 fd:00 959556
/usr/local/lib/libradius-1.1.5.so

002f7000-002f8000 rwxp 002f7000 00:00 0

00345000-00347000 r-xp  fd:00 18515584   /lib/libcom_err.so.2.1

00347000-00348000 rwxp 1000 fd:00 18515584   /lib/libcom_err.so.2.1

0037a000-0037c000 r-xp  fd:00 976373
/usr/local/lib/rlm_exec-1.1.5.so

0037c000-0037d000 rwxp 1000 fd:00 976373
/usr/local/lib/rlm_exec-1.1.5.so

003fe000-0040 r-xp  fd:00 18515576   /lib/libdl-2.4.so

0040-00401000 r-xp 1000 fd:00 18515576   /lib/libdl-2.4.so

00401000-00402000 rwxp 2000 fd:00 18515576   /lib/libdl-2.4.so

00455000-0046d000 r-xp  fd:00 976264
/usr/lib/libgssapi_krb5.so.2.2

0046d000-0046e000 rwxp 00017000 fd:00 976264
/usr/lib/libgssapi_krb5.so.2.2

004d6000-004db000 r-xp  fd:00 18515589   /lib/libcrypt-2.4.so

004db000-004dc000 r-xp 4000 fd:00 18515589   /lib/libcrypt-2.4.so

004dc000-004dd000 rwxp 5000 fd:00 18515589   /lib/libcrypt-2.4.so

004dd000-00504000 rwxp 004dd000 00:00 0

0057-00575000 r-xp  fd:00 955078
/usr/local/lib/libltdl.so.3.1.4

00575000-00576000 rwxp 4000 fd:00 955078
/usr/local/lib/libltdl.so.3.1.4

005c9000-005e2000 r-xp  fd:00 18515573   /lib/ld-2.4.so

005e2000-005e3000 r-xp 00018000 fd:00 18515573   /lib/ld-2.4.so

005e3000-005e4000 rwxp 00019000 fd:00 18515573   /lib/ld-2.4.so

006f9000-0073a000 r-xp  fd:00 18515586   /lib/libssl.so.0.9.8a

0073a000-0073e000 rwxp 0004 fd:00 18515586   /lib/libssl.so.0.9.8a

0073e000-0085d000 r-xp  fd:00 18515585
/lib/libcrypto.so.0.9.8a

0085d000-0087 rwxp 0011e00

MS client issues

2007-04-02 Thread joe vieira 
Hey,
Weird question:

I am running freeradius 1.1.5, with samba 3.0.24.  configured using 
EAP-PEAP, works, when I use a windows XP client and DO NOT do 
"automatically connect with my domain login name and password", it works 
like a charm.  However when i DO configure it to "auto login" it fails 
miserably...the domain comes across fine, and ntlm_auth seems okay, it 
just fails to provide to correct --nt-response.  if anyone has a hint 
please let me know.
here is my debug output for the failure.

Exec-Program output: Logon failure (0xc06d)
Exec-Program-Wait: plaintext: Logon failure (0xc06d)
Exec-Program: returned: 1
  rlm_mschap: External script failed.
  rlm_mschap: FAILED: MS-CHAP2-Response is incorrect

Joe

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius-Users Digest, Vol 24, Issue 10

2007-04-02 Thread Arran Cudbard-Bell 

> Message: 2
> Date: Mon, 02 Apr 2007 20:20:47 +0200
> From: Alan DeKok <[EMAIL PROTECTED]>
> Subject: Re: HUP in freeradius-1.1.5 + CVS results in process death.
> To: FreeRadius users mailing list
>   
> Message-ID: <[EMAIL PROTECTED]>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Arran Cudbard-Bell wrote:
>   
>> I know theres a bug report for this already,
>> but when I HUP the process freeradius doesn't die in the same place.
>> 
>
>   If it's an issue due to incorrectly free'd memory, the crashes will be
> random.
>
>   There may be a fix in 1.1.6, but I'm not sure.
>
>   Alan DeKok.
> --
>   http://deployingradius.com   - The web site of the book
>   http://deployingradius.com/blog/ - The blog
>   
Looks more like a bug in rlm_tls . Dies every time on HUP, deffinatly 
not random...
Just wondered if anyone else had this error, to check it's not something 
weird in how i've set up the eap-tls module.

Incidently whats the best route into contributing to freeRADIUS . I've 
never contributed to an opensource project before
but as contributing to freeRADIUS and my day to day job seem to mesh 
together quite well , seems like a useful thing to do :)

I've got pretty extensive knowledge of PHP & MySQL and am currently 
learning C (I'm basically a web programmer leaning towards the less 
fluffy languages :) ).
Oh also had subversion experience but not CVS (which is the other way 
round to most people) .

Thanks,
Arran
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Freeradius+OpenLDAP+SAMBA+Windows Domain Logon.

2007-04-02 Thread joe vieira 

Sérgio Kojima wrote:
> Hello all.
>
> My freeradius1.1.5 is configured to work with openldap and samba PDC, 
> resume, it works fine when i login with username/password/domain, but 
> this user already logon one time on domain, that is, the user is on 
> cache in this windows machine (XP and W2kPRO).
>
> When i try with a  username/password/the same domain that never logon 
> in this machine, or do not have cache in windows, return a message 
> error that do not have controler domain.
>
> What can i do to resolve? The windows XP and 2k can`t logon this way 
> with switchs-802.1x ?
what version of samba are you using, samba needs to be able to do 
machine authentication for this to work...i just got it working myself 
(after some headache)  i think you need samba 3.0.21 or higher..

Joe
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Re : Anyone using dd-wrt for AP?

2007-04-02 Thread Ian Truelsen 
On Mon, 2007-04-02 at 08:40 +, Eshun Benjamin wrote:
> The settings below will help: 
snip
> 
> Make sure you have your client(AP) information in radius: client.conf
> ( AP IP , MyWireless, Shared Key)
> configure eap.conf and radius.conf as well.
> 
> All the best.

Thanks, but I am still having some problems. 

I have the settings as you sent me, set up in the router. I have set
both the radius secret on the radius section of the router setup and the
WPA secret in the security section of the router as the same, namely:
testing456.

Now, I have this in my clients.conf:
client 192.168.1.115/24 {
nastype = other
secret  = testing456
shortname   = dd-wrt
}

However, when I try to connect using this router, I get the following
from the output of radiusd -X:

Ready to process requests.
rad_recv: Access-Request packet from host 192.168.3.115:3078, id=0,
length=137
Received packet from 192.168.3.115 with invalid Message-Authenticator!
(Shared secret is incorrect.) Dropping packet without response.
Finished request 0

I am sure that I am doing something basic wrong, but I can't see it.
Hopefully, some other eyes will spot the problem. Let me know if you
need any more information.
-- 
Ian Truelsen
s/v Sting
Email: [EMAIL PROTECTED]
AIM: ihtruelsen
MSN: [EMAIL PROTECTED]
Google Talk: [EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Re : Anyone using dd-wrt for AP?

2007-04-02 Thread Alan DeKok 
Ian Truelsen wrote:

> Now, I have this in my clients.conf:
> client 192.168.1.115/24 {
> nastype = other
> secret  = testing456
> shortname   = dd-wrt
> }
> 
> However, when I try to connect using this router, I get the following
> from the output of radiusd -X:
> 
> Ready to process requests.
> rad_recv: Access-Request packet from host 192.168.3.115:3078, id=0,
> length=137

  You posted the client configuration for 192.168.1.X, and are sending a
request from 192.168.3.X.  Look in "clients.conf" for a section defining
client 192.168.3.X.

> Received packet from 192.168.3.115 with invalid Message-Authenticator!
> (Shared secret is incorrect.) Dropping packet without response.
> Finished request 0

  That's definitive.  The shared secret is wrong.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: passing Calling-Station-ID

2007-04-02 Thread Peter Nixon 
On Mon 02 Apr 2007, Alan DeKok wrote:
> Adil Azmi Bikarbass wrote:
> > Do i need to create a whole DB for only one filed that i will pass from
> > one NAS to another?
>
>   You have to store the data somewhere.
>
> > Knowing that my Freeradius is running on Solaris 10 which DB you suggest
> > to use?
>
>   Postgres works.  Recent versions of OpenLDAP are very fast, too.

Yep. I recommend Postgres for this type of thing. OpenLDAP is very fast (much 
faster than Postgres) for reads, but very slow (slower than postgres) for 
writes. Given that this sounds like a 50/50 app, go with Postgres.

Cheers

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radius accounting and syslog

2007-04-02 Thread Peter Nixon 
On Mon 02 Apr 2007, Archie Holland wrote:
> I'm preparing to transition from NavisRadius to FreeRadius.  NavisRadius
> allowed me to log stop/start events via syslog.  Is there any _EASY_ way
> to emulate this behavior in FreeRadius?

rlm_acctlog in cvs head...

-- 

Peter Nixon
http://www.peternixon.net/
PGP Key: http://www.peternixon.net/public.asc
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html