Govardhana K N wrote:
Is the support for this encryption is already present in FreeRadius
1.1.3? If yes, How can I add attibutes to use that encryption algorithm?
$ man dictionary
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[EMAIL PROTECTED] wrote:
Everything is working fine.But the logs are not coming when user
authenticates.
What logs? Accounting?
If so, see the FAQ.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan,
Thanks for the help. I have got how to configure the ecnryption support.
I need one more help, I tried to include microsoft attributes
(MS-MPPE-Send-Key, MS-MPPE-Recv-Key) for which the encryption type is
already set to 2, but the attribute values are not getting encrypted in
Govardhana K N wrote:
I need one more help, I tried to include microsoft attributes
(MS-MPPE-Send-Key, MS-MPPE-Recv-Key) for which the encryption type is
already set to 2, but the attribute values are not getting encrypted in
Access-Accept? how can i slove this problem?
Post the debug log,
Alan,
I followed the following steps for configuring microsoft attributes and
other vendor attributes:
1. created and configured the vendor attributes (MN-HA-MIP4-KEY,
MN-HA-MIP4-SPI) in dictionary.wimax, with option encrypt=2, the
values are getting encrypted.
2. Configured in file users
Dear Alan
I have been using Navis radius.Now i decided to move to free radius.In the
navis radius there is a log file .So it will be shown as \Username\ login ok
or \user login failed due to..\
So these logs will be very helpful for troubleshooting.
In free radius thers is no log
hello
so i have Mera Softswitch with Radius in contact, so the authentification work very will.
the Username is my NAT-IP and the Password is "xpgk" My Question is who i can this Password modified and in witch file is saved ?
Ihave stored in Radius server DB ( Radchek table) .but the NAT need
I have been using Navis radius.Now i decided to move to free radius.In
the navis radius there is a log file .So it will be shown as \Username\
login ok or \user login failed due to..\ So these logs will be very
helpful for troubleshooting.
In free radius thers is no log file is
Message: 6
Date: Fri, 13 Jul 2007 14:25:43 +0200
From: Alan DeKok [EMAIL PROTECTED]
Subject: Re: EAP-TLS authentication (Alan DeKok)
To: FreeRadius users mailing list
freeradius-users@lists.freeradius.org
Hi
Everything is working fine.But the logs are not coming when user
authenticates.
Hello,
Here a access-request packet from a Cisco Router (2621) :
NAS-IP-Address = IP_NAS
NAS-Port = 66
NAS-Port-Type = Virtual
User-Name = MyUserLogin
Calling-Station-Id = IP NAS
User-Password = ry\My\Pass/Wo\rd\Hash\Not\Plain\Text`
Why is my
Hi,
I was trying to configure FreeRadius server with EAP authentication. AS
mentioned in eap.conf, I didn't change the Auth-Type, but I was sending a
EAP message, and Message-Authenticator attributes in Access-Request. When i
tried sending an Access-Request with EAP-Message, I got the following
User-Password = ry\My\Pass/Wo\rd\Hash\Not\Plain\Text`
Why is my password not in plain text ? With other cisco devices (Switch
2960 for example), the User-Password is in plain text.. If I receive a
hashed password, the authentication doesn't work..
Are you sure it's hashed, and not
There is log file. Check your configure log to find out the path you specified
for the log. You can also run in debug mode. radiusd -X
==
Benjamin K. Eshun
- Message d'origine
De : [EMAIL PROTECTED] [EMAIL PROTECTED]
À :
You have misconfigured the Nas-Identifier
govardhana Nas-Identifier == nas, Nas-Port-Type == 15
You haveNAS-Identifier = jrcnas
==
Benjamin K. Eshun
- Message d'origine
De : Govardhana K N [EMAIL PROTECTED]
À : FreeRadius
Osvaldohp wrote:
This is my users file:
mike Auth-Type = System, User-Password == mike
Session-Timeout := 3600,
What i am doing wrong?
You're telling the server to look in /etc/passwd for the users
password, and then also telling it what the users password is.
Don't set
Govardhana K N wrote:
1. created and configured the vendor attributes (MN-HA-MIP4-KEY,
MN-HA-MIP4-SPI) in dictionary.wimax, with option encrypt=2, the
values are getting encrypted.
Can you post that here? I'm not sure the server will understand the
WiMAX attributes, as multiple WiMAX
Hi all.
I'd like some help to configure my Radius
server. My Radius authenticates users from my HotSpot to access the
internet.
I want to limit the uses to access the Internet, i did try Session-Timeout
attribute but don't work so far.
This is my users file:
mike Auth-Type = System,
I changed it but the same error is still coming.
On 7/16/07, Eshun Benjamin [EMAIL PROTECTED] wrote:
You have misconfigured the Nas-Identifier
govardhana Nas-Identifier == nas, Nas-Port-Type == 15
You haveNAS-Identifier = jrcnas
==
Add EAP-Type-Identity to radeapclient attributes.
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, Govardhana K N [EMAIL PROTECTED] piše:
Hi,
I was trying to configure FreeRadius server with EAP authentication. AS
mentioned in eap.conf, I didn't change the Auth-Type, but I was sending a
EAP
NAT (Network Address Translation) or NAS (Network Access Server)?
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, E. abdelghani [EMAIL PROTECTED] piše:
hello
so i have Mera Softswitch with Radius in contact, so the authentification work
very will.
the Username is my NAT-IP and the
N
-- next part --
An HTML attachment was scrubbed...
URL:
https://lists.freeradius.org/pipermail/freeradius-users/attachments/20070716/79e22469/attachment-0001.html
--
Message: 3
Date: Mon, 16 Jul 2007 12:31:27 +0200
From: Stefan
hello Ivan Kalik: hier is the output from radiusd -X :
i worked with Mera Softswitch and freeraduis for authentification!
also who can i modified this User-Password xpgk ?
rad_recv: Access-Request packet from host 192.168.100.211:1912, id=10,
length=696
User-Name = 192.168.100.180
I have put the configuration details inline.
I am using the Radius server for Testing purpose, I want to receive WiMAX
attributes in the Access-Accept, so i have configured those in dictionary
file and users file.
Thanks Regards,
Govardhana K N
On 7/16/07, Alan DeKok [EMAIL PROTECTED] wrote:
Hello all,
I have configured my FreeRadius server to auth my clients over a
MySQL table. The problem is that I do not have any more logs (like wrong
login attempts). The detailed log is been done into a MySQL table named
radacct (and works fine to bloqs simultaneous use) but the
Hi Alan,
What should I be looking for in the eap.conf file?
Thanks,
Brian
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
g] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, July 13, 2007 5:16 PM
To: FreeRadius users mailing list
Subject: Re: Freeradius 1.1.6 and Cisco
The shared secret is the same because I use a radius Proxy and this proxy
forwards the access-request to my radius server. The problem is the password !
With a password in plain text (Check with H3C 2811 and Cisco 2960 equipmnents).
Thanks for your help !
Nicolas.
Selon Stefan Winter [EMAIL
Govardhana K N wrote:
[Govardhana:] I have put the configuration in dictionary.wimax
ATTRIBUTE MSK5
There's rather more than that, I think.
In any case, what's probably happening is that you've edited the
dictionary on the server, but not
Hm, this means the NAS actually sent this garbage/hash. In this case, it would
be enlightening to see the lines in your IOS config that start with
radius-server
not the aaa ones.
Stefan
--
Stefan WINTER
Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de
la Recherche
Here, my radius configuration :
radius-server host RADIUS_IP auth-port 1812 acct-port 1813 key 7 RADUIUS_KEY
radius-server retransmit 1
radius-server timeout 2
Thanks !
Selon Stefan Winter [EMAIL PROTECTED]:
Hm, this means the NAS actually sent this garbage/hash. In this case, it
would
be
Nataniel Klug wrote:
I have configured my FreeRadius server to auth my clients over a
MySQL table. The problem is that I do not have any more logs (like wrong
login attempts). The detailed log is been done into a MySQL table named
radacct (and works fine to bloqs simultaneous use) but
Ivan,
Yes, the controller does have VLAN 157 configured, that is actually the
original client vlan configured before I started testing with vlan tags from
freeradius.
Thanks,
Brian
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
On Mon 16 Jul 2007, [EMAIL PROTECTED] wrote:
The shared secret is the same because I use a radius Proxy and this proxy
forwards the access-request to my radius server. The problem is the
password ! With a password in plain text (Check with H3C 2811 and Cisco
2960 equipmnents).
Then you have
Hi,
What should I be looking for in the eap.conf file?
whether you are tunneling the reply in PEAP and TTLS.
by not providing this list with your config files you arent helping
us to help you.
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
I found a nice paper about freeradius+mysql, so far everything is installed
and working fine. My guestion is which field of my radius database
(db_mysql.sql) i have to put Session-Timeout attribute to limit the use of
the Internet from my HotSpot users?
Perhaps because of this:
main: log_auth = no
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan,
I did not modify this file at all
# Whatever you do, do NOT set 'Auth-Type := EAP'. The server
# is smart enough to figure this out on its own. The most
# common side effect of setting 'Auth-Type := EAP' is that the
# users then cannot use ANY other authentication method.
#
#
**
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat: '/var/log/radius/radacct/**/auth-detail-20070716'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/auth
Session-Timeout is a reply attribute, so it goes into radreply or
radgroupreply table.
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, Osvaldohp [EMAIL PROTECTED] piše:
I found a nice paper about freeradius+mysql, so far everything is installed
and working fine. My guestion is which field of
He is not tunneling the request, just doing MAC auth. Problem is on the
controller. debug aaa on it and see why is VLAN override not working.
You are sure that override is on for that SSID?
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, Brian Ertel [EMAIL PROTECTED] piše:
Alan,
I did not
Hello Alan,
Yes, I know that this kind of log is put in /var/log/radius/radius.log.
The problem is that they are not been logged there. It's a configuration
in radiusd.conf? I could not find this... Can you tell me what tag?
Alan DeKok escreveu:
Nataniel Klug wrote:
I have configured
auth_log
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, Nataniel Klug [EMAIL PROTECTED] piše:
Hello Alan,
Yes, I know that this kind of log is put in /var/log/radius/radius.log.
The problem is that they are not been logged there. It's a configuration
in radiusd.conf? I could not find
Nataniel Klug wrote:
Yes, I know that this kind of log is put in /var/log/radius/radius.log.
The problem is that they are not been logged there.
If the server starts, it prints text to that file. If the file is
empty, the server isn't running as a daemon.
If you're running in debugging
hi freeradius people,
I want to redirect http traffic for some users in a cisco NAS. Is there any
way to do this ?
maybe with some VSA
thanks in advance
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Monday 16 July 2007 08:05:15 Alan DeKok wrote:
Osvaldohp wrote:
This is my users file:
mike Auth-Type = System, User-Password == mike
Session-Timeout := 3600,
What i am doing wrong?
You're telling the server to look in /etc/passwd for the users
password, and then also
On Monday 16 July 2007 09:40:48 Osvaldohp wrote:
I found a nice paper about freeradius+mysql, so far everything is installed
and working fine. My guestion is which field of my radius database
(db_mysql.sql) i have to put Session-Timeout attribute to limit the use of
the Internet from my
I need to log connect speeds from users
At any rate things working fine from our own carrier globalpops to capture
these on the start packet
but Yournetplus for some reason it doesn't work.
I see this info in the update accounting packet so i thought I would modify the
update query but
:) No because with other devices, the proxy works fine !!
I don 't understand why it doesn't work :(
Selon Peter Nixon [EMAIL PROTECTED]:
On Mon 16 Jul 2007, [EMAIL PROTECTED] wrote:
The shared secret is the same because I use a radius Proxy and this proxy
forwards the access-request to
And the errors are?
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, Jeff [EMAIL PROTECTED] piše:
I need to log connect speeds from users
At any rate things working fine from our own carrier globalpops to capture
these on the start packet
but Yournetplus for some reason it doesn't
I have a hotSpot that give access to the internet for my users. I use IPCOP
with advproxy addon like a point controller.
So when a user try to aceess the internet IPCOP (advproxy) ask for a
username and password and then try to authenticate the user in the radius
server.
Everything is great so far
Check then secret in clents.conf on the proxy and Cisco device radius
key. They are not the same then.
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, [EMAIL PROTECTED] [EMAIL PROTECTED] piše:
:) No because with other devices, the proxy works fine !!
I don 't understand why it doesn't work
Help you with what? If you managed to add the password to the check table
what could be the problem in adding Session-Timeout to the reply table?
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, Osvaldohp [EMAIL PROTECTED] piše:
I have a hotSpot that give access to the internet for my users. I
Mon Jul 16 11:23:22 2007 : Error: rlm_sql (sql): Couldn't update SQL accounting
ALIVE record - You have an error in your SQL syntax; check the manual that
corresponds to your MySQL server version for the right syntax to use near
'AscendDataRate = '24000' USRConnectSpeed = ''
Alan DeKok said:
Hugh Messenger wrote:
Does 1.1.7 use the newer %{%{foo}:-0} or the older %{foo:-0} format?
It uses the old format.
OK, the reason I asked was that the sql.conf in the 1.1.7 from the day I
posted that question had the new format, but that appears to have been fixed
in
I'm so sorry ! the Problem was the secret between proxy and the Cisco Device.
Enven if the secret is different, the access-request is forwarded to the radius
server, I didn't know that :(
Thank you very much!!!
Nicolas.
Selon [EMAIL PROTECTED]:
Check then secret in clents.conf on the proxy
Yes, and the AscendDataRate too.
I get the inserts fine on the start packet and the data goes right in as
suppose too.
all works fine this way for our GlobalPOPS and all data shows up and into sql
using this line in the start
---
accounting_start_query = INSERT into ${acct_table1}
Jeff wrote:
Mon Jul 16 11:23:22 2007 : Error: rlm_sql (sql): Couldn't update SQL
accounting ALIVE record - You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near 'AscendDataRate = '24000' USRConnectSpeed =
Check on your AP, client.conf and naslist
==
Benjamin K. Eshun
- Message d'origine
De : Govardhana K N [EMAIL PROTECTED]
À : FreeRadius users mailing list freeradius-users@lists.freeradius.org
Envoyé le : Lundi, 16 Juillet 2007, 13h28mn
On Mon 16 Jul 2007, Hugh Messenger wrote:
Alan DeKok said:
Hugh Messenger wrote:
Does 1.1.7 use the newer %{%{foo}:-0} or the older %{foo:-0} format?
It uses the old format.
OK, the reason I asked was that the sql.conf in the 1.1.7 from the day I
posted that question had the new
Thanks Alan,
I found the solution.
Alan DeKok escreveu:
Nataniel Klug wrote:
Yes, I know that this kind of log is put in /var/log/radius/radius.log.
The problem is that they are not been logged there.
If the server starts, it prints text to that file. If the file is
empty, the
Hello all,
I have a question: when a nas restart without sending client logout
to the freeradius server the clients stay connected in radacct table
(AcctStopTime=0). What can I do to solve this kind of problem? What
could happen is that when a nas reboot my clients keep logged and when
ok heres what i have now
accounting_update_query = UPDATE ${acct_table1} \
SET FramedIPAddress = '%{Framed-IP-Address}', \
AcctSessionTime = '%{Acct-Session-Time}', \
AcctInputOctets = '%{Acct-Input-Octets}', \
AcctOutputOctets = '%{Acct-Output-Octets}' \
Yes. You are missing commas before AscendDataRate and USRConnectSpeed
expressions that you have added to the update query.
Ivan Kalik
Kalik Informatika ISP
Dana 16/7/2007, Dennis Skinner [EMAIL PROTECTED] piše:
Jeff wrote:
Mon Jul 16 11:23:22 2007 : Error: rlm_sql (sql): Couldn't update SQL
If they are getting that message then nastype in clients.conf is set to
other which disables checkrad script and the checks are made only
against the database. Change the nastype to the vendor of your NAS (if
it is supported). Or simply delete all open entries older that the time
your NAS
Jeff wrote:
AcctOutputOctets = '%{Acct-Output-Octets}' \
Need comma on live above. This is a MySQL issue, not a FR issue.
Please read the MySQL docs if you don't understand how to create a valid
query.
--
Dennis Skinner
Systems Administrator
BlueFrog Internet
http://www.bluefrog.com
its not i do not understand its just these stupid bi-focals i have a hard time
seeing.
I overlooked that, sorry for being a blind idiot
_
From: Dennis Skinner [mailto:[EMAIL PROTECTED]
To: FreeRadius users mailing list [mailto:[EMAIL PROTECTED]
Sent: Mon, 16 Jul 2007 13:54:02
On Monday 16 July 2007 12:37:08 Nataniel Klug wrote:
Hello all,
I have a question: when a nas restart without sending client logout
to the freeradius server the clients stay connected in radacct table
(AcctStopTime=0). What can I do to solve this kind of problem? What
could happen is
Hi,
There are a few dictionary files in /freeradius-1.1.6/share/ directory. Some of
the Attributes have 'encrypt' option with values 1 or 2.
I tried putting 'encrypt=2' for an attribute in a packet that was meant to be
proxied on port 1814. But after giving this value, the packet is being sent
[EMAIL PROTECTED] said:
Dana 16/7/2007, Nataniel Klug [EMAIL PROTECTED] piše:
Hello all,
I have a question: when a nas restart without sending client logout
to the freeradius server the clients stay connected in radacct table
(AcctStopTime=0). What can I do to solve this kind of
I don't think things like Mikrotik and Chillispot send such packets.
I've never seen one from our Mikrotik which is rebotted once every week
or two. I've never seen one from our Cisco either but that's because
it hasn't been rebooted in last 18 months ;-)
Ivan Kalik
Kalik informatika ISP
Dana
I just had my first aborted attempt at running 1.1.7 on one of my live
servers.
Main problem is it just refuses to pick up the .
DEFAULT Auth-Type = pam
Fall-Through = 1
. in my users file, which is pretty much my entire users file, the only
other entry is the standard PPP
I seem to recall having this problem when I first ran 1.1.6. The
postauth_query is:
postauth_query = INSERT into ${postauth_table} (id, user, pass,
reply, date) values ('', '%{User-Name}', '%{User-Password:-Chap-Password}',
'%{reply:Packet-Type}', NOW())
. but MySQL barfs about an
Peter . as per your postgres 1.1.7 sqlippool queries, I changed the MySQL
ones to use %{SQL-User-Name} instead of %{User-Name} . only it doesn't seem
to pick up a value, so the UserName is coming up blank in the radippool
table.
Example:
sqlippool_expand: 'UPDATE radippool SET
Hi Nataniel,
If you have a NASty which doesn't send accounting-off when
rebooting, I guess you have three options:
1) use checkrad script to test if the user is indeed logged in.
The NASty should have a way to check for connected users or sessions
by using snmp/telnet/etc.
Gaonkar, Kedar wrote:
There are a few dictionary files in /freeradius-1.1.6/share/ directory.
Some of the Attributes have 'encrypt' option with values 1 or 2.
I tried putting 'encrypt=2' for an attribute in a packet that was meant
to be proxied on port 1814. But after giving this value, the
Kedar,
I have used response becoz, I will be sending a EAP-Identity reponse
packet to the Radius Server. So the code field is not Request it should be
Response.
All,
Thanks for the help. I was able send the EAP message with EAP-Type-Identity
field.
I have got an Access-Challenge response from
Govardhana K N wrote
I have got an Access-Challenge response from the server, and the
Access-Request sent in response to this challenge is failing
(Access-Reject is sent by the server). Below i have given the debug log
from the server,
Are you writing a 802.1x supplicant? It looks like it.
If that is the case, How can I add the WiMAX support in Free Radius? What
are the changes I should make in order to have WiMAX support?
On 7/17/07, Alan DeKok [EMAIL PROTECTED] wrote:
Govardhana K N wrote
I have got an Access-Challenge response from the server, and the
Access-Request sent in
77 matches
Mail list logo
