QASIM RAO wrote:
hi,
i want to create log file for every hour i use radius.
now it is
log_file = ${logdir}/radius.log
i want like this
log_file = ${logdir}/radius-%Y%m%d:%H.log
That isn't supported. You'll have to find another way of doing that.
Alan DeKok.
-
List info/subscribe
Doug Hardie wrote:
I was going to fix the modules pages, but my account no longer works. Id
used to be wa6vvv.
Those accounts were deleted about a year ago. The Wiki moved to a new
machine, and was upgraded substantially.
You'll need to use github or openid.
Alan DeKok.
-
List info
checkrad script is not
being called on in this case.
Neither can I. You didn't provide enough information.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
on September 10.
Upgrade to that, and all known issues will be fixed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
a favorite page, and go from there.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
of the tunnel.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to post messages. You
CANNOT use nabble.
If you click on the FreeRADIUS link at the top left of the page, it
takes you to the main nabble page for FreeRADIUS. That page has BIG
BOLD TEXT saying that the archive is read-only.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
so often?
It's your system. You caused this to happen.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
receives packets. So
no, you didn't do all of the necessary things.
Is the server receiving accounting packets?
What does radiusd -X say?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tony Peña wrote:
but last lines
/etc/freeradius/sites-available/infomed[428]: Failed to load module sql.
Edit that line, and delete the references to sql.
in other archive old mail i see write into authorize section.
redundant sql {
That's wrong. Just use redundant {
Alan DeKok
.
Are you sure nothing else changed on the RADIUS server?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-available? It
contains *extensive* documentation and examples.
rlm_perl: RAD_REPLY: FreeRADIUS-Client-Shortname = Internal
You didn't read the documentation. Go do that.
This is WELL DOCUMENTED.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
on this list, it helps to read the
answers.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
raddb/modules/files
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
keep
seeing the following in the logs:
rlm_radutmp: Logout entry for NAS wireless controller name port 13 has
wrong ID
Buy a NAS that works.
Or, if you're not using radlast, just delete all references to
radutmp from the config.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
.
Again, if you're not using radlast, just delete radutmp.
Why try to understand a problem when you can make it go away forever?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
in the crappy hardware.
FreeRADIUS already has a number of hacks to work around partially
broken systems. They should generally work, and they may even work for you.
But you really need to toss your hardware in the garbage. It's crap.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
here is not the people on this list.
They have explained many, many, times how to fix the problems.
The problem is someone else needs to run your RADIUS server for you.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
virtual server 2
The server will have a different IP on each VLAN. You can configure
different virtual servers per listen section. See
raddb/sites-available/README
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Zakrocki, Robert wrote:
Our freeradius setup works perfect with Aerohive hardware but
unfortunately it doesn't work with Nortel.
As always, see the FAQ for it doesn't work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
=
Alc-SLA-Prof-Str =
If you read the REST of the debug log, you'll see the it printing out
the expansion.
hint: if reply:Alc-Subsc-Prof-Str doesn't exist, the expansion results
in an empty string.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-existing template for a postpaid configuration.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to do it?
They do not know for sure but told me about centralbase.
sn_rulebase and centralbase are NOT common RADIUS terms. We know
nothing about them. Asking questions about them is pointless.
The person who told you about those terms knows what they mean. Go
ask him.
Alan DeKok
. I read that it can be a memory allocation
issue, but just wanted to confirm.
malloc is memory allocation.
Also, I would like to know what could be done to solve this problem?
Make sure that the system has enough RAM and CPU to do RADIUS. Don't
run jobs which use all RAM and CPU.
Alan
a complicated system.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
That is not going to happen. It's a bad fix.
The correct fix is to use the SQL indexes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
]: request-magic == REQUEST_MAGIC
Which means that the request has been deleted, but is still in the
queue. That's not supposed to happen...
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
al so wrote:
Is there an advantage of using non-blocking IO in the RADIUS client
implementation?
This list is about FreeRADIUS. It is not a support group for writing
your own RADIUS implementation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
to set up cross-domain trusts from on DC to another.
Am I going about this all the wrong way? Is this a known limitation in
Samba? Is there something about ntlm_auth that always references
/etc/samba/smb.conf, regardless of the -s option?
Ask the Samba people how Samba works.
Alan DeKok
.
If they don't like such questions, point out that the people on this
list have written most of the recent RADIUS specifications.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
:50 PM, al so volks...@gmail.com
mailto:volks...@gmail.com wrote:
just go eat some shit
On Fri, Aug 24, 2012 at 12:49 PM, Alan DeKok
al...@deployingradius.com mailto:al...@deployingradius.com wrote:
al so wrote:
looks like you need to find some decent job
directories.
So freeradius definitely not getting a handle on those files that looks
to me more like a system issue that a radius.
I am running this freeradius on a virtual server OpenSUSE 12.1 using
KVM/Qemu.
Did anybody came across of issue like that??
No idea.
Alan DeKok.
-
List
is not
allowed to run it (as a deamon)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for that, too.
Go read it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
I used diff to confirm that the config files are exactly the same on
both servers.
I will provide radiusd -X logs as soon as i get the chance.
And read them before posting. Please. Odds are that the problem is
trivially solvable by reading the logs.
Alan DeKok/
-
List info/subscribe
Ilaria De Marinis wrote:
authorize{
dailycounter
if (Auth-Type == Reject) { #I tried also if(!ok) or
if (reject)
That doesn't work. If the module returns reject, then the
authorize section stops immediately. You can't catch a reject.
Alan DeKok.
-
List info
here. The server reads this file. It either
(a) reads all of it, along with include lines. Or (b), it gets a
parse error, and doesn't read it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Check the usual suspects. MS-CHAP realms, etc.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
enough useless output?
The problem here is NOT that something changed. The problem is that
YOU are REFUSING to find out what changed. YOU are REFUSING to use
simple debugging methods to track down what changed.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
= good
black = white
}
Note that *will* work! %{client:black} will return the string white.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
it is via some severe re-architecting of the server
internals.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
definitions.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
David Aldwinckle wrote:
Hi,
On my dev server I have 2.2 and on my prod server I have 2.1.12. The
behaviour is the same on both.
Any feedback on this?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to relevant documentation.
What happened? What changed? You've been careful to avoid saying that.
Hi, stuff used to work. Then I tried 2.1.12, and now stuff doesn't
work. Why?
How do you expect anyone to be able to answer that?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
possible, and probably only ~200 lines of code. But I don't
really see much benefit for the wider audience.
I'd suggest writing a module which does nothing more than register a
paw_packet xlat callback. That way it will be easy to integrate into
any new release of the server.
Alan DeKok.
-
List
?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
?
There's no module to do this. There are very few reasons to do this,
IMHO.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Jonas Fornander wrote:
The only thing I changed in the users file was when I added the user at the
end.
$ man users
The file is processed top to bottom. See the FAQ for an example of
how to configure a user.
BTW, I really appreciate your help, Alan.
It's what I do.
Alan DeKok
it does.
Is my choices to either comment out the DEFAULT entries or add the usernames
to the top of the file?
That's the idea.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
file:
3108396...@netwood.net Cleartext-Password := testing123
Any advice is greatly appreciated.
Well... it wasn't found in the users file.
It's impossible to know what really happened, because you helpfully
deleted all of the useful information from the debug log.
Alan DeKok.
-
List info
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Arvind Gupta wrote:
I am not getting any idea that why I am getting access reject
(PW_ACCESS_REJECT) error.
Then you're not looking at the debug output.
Run the server in debugging mode, as suggested in the man page, FAQ,
web page, README, and daily on this list.
Alan DeKok.
-
List info
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
section does, don't edit it. You
will break the server.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
be careful with terminology.
Was thinking there may be a to setup virtual servers which listen on
different server IPs somehow?
Read the dynamic_clients documentation. That is how you deal with
clients which are not pre-configured.
That is the only way it can be done.
Alan DeKok.
-
List
. These policies determine which
databases are used, whether or not to proxy the request, what goes in
the reply, etc.
That's how RADIUS works. I have no idea what you are trying to do.
From what little I understand, it's much more complicated than necessary.
Alan DeKok.
-
List info/subscribe
?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
. Otherwise, is there an easy way
to distinguish realm in the global post-proxy section?
It's in the Realm attribute?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
do I
need to add and where?
You need to read raddb/sites-available/inner-tunnel. You should look
for EAP-TLS in the inner tunnel, and reject it.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
It's a quad core system with a bit better connectivity. Let me know
if there are any issues.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
the configuration to log tons of data. This generally
isn't useful, or necessary. Fix that, or edit the SQL module to allow
more than 2K of data in the expansion.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Aurélien Lafranchise wrote:
Could you be more precise on where to increase the 2K limit ?
All over the place in rlm_sql.c and sql.c.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
making a backup of this table and truncating it. As
it's not possible for us to wait so long to alter the table engine (We
don't have backup yet).
That's a problem.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, of course. I also fixed a few issues with
the SQL module. It should no longer reference uninitialized variables.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
layer of email forwarding. That makes
it difficult to track down the offending party.
Whoever did this needs to fix it NOW.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stefan Winter wrote:
Hi,
Anyway, adding an example would still be nice :-)
Submit a patch, or edit the wiki? :D
Here goes a unified diff - took the statement from sql/mysql/dialup.conf.
Looks good to me, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Matthew Newton wrote:
Just noticed, this fix needs cherry-picking from master into
v2.1.x:
Done, thanks.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
to authenticate the key scheme in FreeRADIUS?
Sure, send a patch. :)
Or does anybody know if that is possible in Cisco's ACS?
Ask Cisco.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
List of online users contains the list of users who are online.
Setting something on the user info page doesn't work. Because user
information is not online users.
The NAS needs to send accounting packets. Once that happens, the
online users should be updated.
Alan DeKok.
-
List info
this strange crashes?
The SMD5 password is probably in a weird format.
If you need any further info please let me know.
A copy of the SMD5 password.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
times. Yet you only looked at the debug output
for one authentication.
Look at BOTH ends of the RADIUS conversation.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Stefan Winter wrote:
It's running only since a few minutes, so hard to make a long-term
prediction, but at least there's no immediate problem in sight.
Thanks. I'll try to get the release out this week. (finally)
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org
. The recent policy has been
to warn people. If their behavior continues, they get banned.
That is EXPLICITLY my position.
I'm trying to make you understand that, and clearly failing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
output.
The answer is in the debug output. If you can read English, it is
obvious.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
will need to send the
server a HUP signal.
So far the NAS authenticates successfully with 5-10 attempts before
changes made get to synchronize with the NAS.
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
George Innocent wrote:
when I start the radius server using radiusd -x I got the same error.
Unable to open file /usr/local/etc/raddb/radiusd.con: Permission Denied
Errors reading /usr/local/etc/raddb/radiusd.conf
Please tell me how to solve the problem ?
Buy a book.
Alan DeKok.
-
List
not all there yet, but a loss of DB connectivity means that
the SQL module can quickly return fail.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem.
We're not here to help you with that.
Buy a book. Read it. Return when you know how to administer Unix systems.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
, wrong, and will create problems.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
simple.
P.S. You directed me to FAQ, but I can't understand how to achieve that,
even after read FAQ. I'm a kind of newbie to FR. I explained my scenario
in hopes I made myself understood.
Longer explanations are better.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
Andrei Petru Mura wrote:
Yes, I know. But that's exact the behavior that I want to get from FR.
How to make it working like that?
Do what I said in my last message. You deleted that part of my reply.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
Klaus Klein wrote:
Am 04.08.2012 18:51, schrieb Alan DeKok:
Implying that FreeRADIUS doesn't protect access is rude.
Don't you think you're jumping the gun a bit?
No.
Where did you get this from, why are you implying something like this
and how rude is that?
I'm stating my opinion
?
Yes, it is possible. See raddb/sites-available/dhcp. This is documented.
Do you have a more specific question?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
lscrlstld wrote:
'%{NAS-Port-Type}', FROM_UNIXTIME(%{Event-Timestamp}),
Well, that's wrong. That was fixed ~2 weeks ago. I also said it
should be %{integer:Event-Timestamp}
Please grab an updated copy of the dialup.conf file.
Alan DeKok.
-
List info/subscribe/unsubscribe
port.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Christopher Manigan wrote:
Do you have any suggestions on how we might troubleshoot that end of it?
You've eliminated the problems I suggested. I have nothing more to
suggest.
Either your understanding of the problem is wrong, or the problem
doesn't exist. Fix one.
Alan DeKok.
-
List
Asif Iqbal wrote:
Does mod_auth_radius module allow multiple entries of AddRadiusAuth
entries with Apache 2.x httpd.conf ?
It doesn't, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configuration.
I am sorry if I have not put in the correct data but if you let me know
I will try and put it right and adhere to your rules.
You haven't said what's going wrong.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
.
It's definitely a client problem.
Would it help
if freeradius ignores the EAP-NAK packets? Any help appreciated!
That wouldn't help.
My suggestion is to do a re-install on the client. Other Windows 7
machines don't behave this way.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
why the master branch uses %{integer:Event-Timestamp},
which causes the timestamp to be printed as a Unix 32-bit number.
Is it a dependency of OS setup? How this variable (Event-Timestamp) is
generated?
The default config should work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
still takes place.
Because if you read the raddb/sites-available/default, the eap
module is run during authorization.
I think in that case the behavior contradicts the 'Request Processing'
described in aaa.rst.gz
No.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http
.
Stop it, or you will be unsubscribed and banned.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Andrei Petru Mura wrote:
Although I saw some similar questions on forum, I didn't see a clear
response to it.
*The question is: *Is there a way to force user be rejected if it does
not match check conditions for the group that belongs to?
See the FAQ.
Alan DeKok.
-
List info/subscribe
, patches are welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
George Innocent wrote:
I have checked on previous forums to this issue amended but still
finds errors on debug
Thanks to assist
We're trying. You're not.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
miss something?
That's how EAP-TLS works.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
anyone on the client side to tamper with the
identity entry, and thereby avoiding restrictions (e.g. Login-Time) for
that client?
That's what check_cert_cn is for. This is documented.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
901 - 1000 of 14295 matches
Mail list logo