Re: Password Problem
I Do not understand how to set this up for chillispot. How do I tell the server the passwords are crypted? And if I shouldn't use CHAP, what should I use, and how do I change it? I can't seem to get my head wrapped around the man at the minute. Sorry for being a noob, but this is my first adventure with any kind of radius... Speaking as another noob, I have just got Chillispot running on a WRT54G accessing Freeradius and MySQL. Everything is fairly default, but some things to check :- 1. In the MySQL database do you have the Attribute set to Password and not something else, for example 11 usernamehere PASSWORD == passwordhere 2. In Freeradius users file DEFAULT Auth-Type := Local 3. This bit of your debug suggests a formatting issue :- rlm_realm: No '@' in User-Name = DieselPower, looking up realm NULL rlm_realm: No such realm NULL 4. A succesful output from my FreeRADIUS responding to a Chillispot request is below (I commented out some of the group checking stuff while debugging so there are some non-relevant errors below. HTH) Phil - Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 10.0.0.30:2053, id=0, length=215 User-Name = scary CHAP-Challenge = )`\0350\2457`\247\345F3JZ\n\215\270 CHAP-Password = 0x002f73a3f12fbe98bfc3f9dacdf3743ebc NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.6 Calling-Station-Id = 00-11-50-14-FF-73 Called-Station-Id = 00-16-B6-18-4C-14 NAS-Identifier = nas01 Acct-Session-Id = 386e3c48 NAS-Port-Type = Wireless-802.11 NAS-Port = 0 Message-Authenticator = 0xdd47eea55b9dd9461970ca8444f074c8 Attr-925499395 = http://192.168.182.1:3990/logoff; modcall: entering group authorize modcall[authorize]: module preprocess returns ok modcall[authorize]: module suffix returns ok radius_xlat: 'scary' sql_escape in: 'scary' sql_escape out: 'scary' sql_set_user: escaped user -- 'scary' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'scary' ORDER BY id' rlm_sql: Reserving sql socket id: 4 radius_xlat: '' MYSQL Error: Cannot get result MYSQL Error: Query was empty rlm_sql_getvpdata: database query error radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'scary' ORDER BY id' radius_xlat: '' MYSQL Error: Cannot get result MYSQL Error: Query was empty rlm_sql_getvpdata: database query error radius_xlat: 'SELECT Value,Attribute FROM radcheck WHERE UserName = 'scary' AND ( Attribute = 'User-Password' OR Attribute = 'Password' OR Attribute = 'Crypt-Password' ) ORDER BY Attribute DESC' rlm_sql: Released sql socket id: 4 modcall[authorize]: module sql returns ok users: Matched DEFAULT at 152 modcall[authorize]: module files returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied CHAP-Password matches local User-Password Sending Access-Accept of id 0 to 10.0.0.30:2053 Finished request 17 Going to the next request - a bit to do, I got it working first and learned about it, so will move to the current version whenI rebuild it properly. it does at least authenticate :-) I found dialupadmin to cause more problems than solutions the first time, so I went for pHpMyAdmin to put values into the tables, I'm aware that some of them are blank and generating warnings. Phil -- View this message in context: http://www.nabble.com/Password--Problem-tf1975280.html#a5647072 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR-1.1.2 dies with error
Alan DeKok пишет: It's probably because your DB is slow. See the logs for messages about unresponsive child. The code path to the assertion is taken only when the request has been marked done, but there is still a child thread blocked, and working on it. Either fix the DB, or delete the assertion. But if you delete the assertion, odds are that something else will go wrong elsewhere. Do you mean just comment out line 1012 in request_list.c ? I think i'll try this first because speeding up DB is not a trivial task by now. Thanks for the hints, -- Sincerely Yours, Alexander - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
NAS-ID missing in 1.1.2?
Has this attribute been intentionally left out of 1.1.2? In my 1.1.1 build it works as a user attribute in the users file. But in 1.1.2, it complains about not finding it. It is not listed in any dictionary in 1.1.1 or 1.1.2 so I would assume it was internal to the server itself. Fri Aug 4 06:22:51 2006 : Error: /etc/raddb/users[20]: Parse error (reply) for entry tester3: Unknown attribute NAS-ID Fri Aug 4 06:22:51 2006 : Error: Errors reading /etc/raddb/users Fri Aug 4 06:22:51 2006 : Error: radiusd.conf[1047]: files: Module instantiation failed. Fri Aug 4 06:22:51 2006 : Error: radiusd.conf[1791] Unknown module files. Fri Aug 4 06:22:51 2006 : Error: radiusd.conf[1727] Failed to parse authorize section. Thank you, Drew Dupont -- -- Drew S. Dupont [EMAIL PROTECTED] AIM: NetWhizOne FWD #: 271144 YIM: dsdupont -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TTLS + LDAP + PAP with encrypted password
Hi all, I've been trying to get over this configuration but without any success. I'm using freeradius-1.1.1.First I had this working with eap-tls and peap for authentication and ldap for authorization, it was working quite well. As I have to integrate this configuration with an ldap that has encrypted passwords I decide to change authtype to pap over eap-ttls after watching Protocol and Password Compatibility in Alan's site.
The authorization part of ldap does the following:A user will be authorized to use remote access if he is in the ldap and depending on the access policy defined if he belongs to a white or blacklist.After being authorized within the authorize section the user find these lines:
users_branch eapuser-branch is the users file I use that has entries by the form (and nothing else ): DEFAULT ldap11-Ldap-Group == Local
Tunnel-Type=VLAN,Tunnel-Medium-Type=6, Tunnel-Private-Group-Id=Local, Fall-Through = NoThis, as I said, was working right.
Now the only things I've added to radiusd.conf ismodules { ( I've commented any other type like chap, mschap, peap, leap... only the onse listed here are set ) ldap-modules-stuff
pap { encryption_scheme = sha1 } eap { default_eap_type = ttls ... gtc {
auth_type = PAP # I've test without configuring gtc too and setting default_eap_type in ttls to md5 and commenting it out } tls {
my old configuration that works} ttls { default_eap_type = gtc copy_request_to_tunnel = yes
use_tunneled_reply = yes } } }authorize { ... ldap stuff
user_branch eap }authenticate { Auth-Type PAP { pap } eap
} Then in the logs I can see that ( I don't put them because they are nearly endless ): The user is authorized and the password is got from the ldap (rlm_ldap: Adding userPassword as User-Password, value {sha}rur+4yJuecpmc8vxS/8wAyAMNHM= op=21)
. rad_check_password: Found Auth-Type EAP auth: type EAP ... The eap-ttls tunnel is ok
.. And after matching the group Local in my users-file: auth: type Local auth: user supplied User-Password does NOT match local User-Password
auth: Failed to validate the user. Access-rejectWhen I try this with clear-text passwords it works quite well but I don't know if it is working the way I want or not (with pap), because neither with encrypted nor with clear-text I can't see in the logs a reference to rlm_pap or gtc...
I imagine I'm doing something wrong but can't figure out what it is.I've googled on the internet and in the mailing list but I don't make any progress with what I've found. So any comments are welcome
Thanks
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + OpenLDAP - user password problem
Thanks to you too. I noticed some people feel offended by my attitude, so let me apologize - i don't mean to be a smartass, and i definetly don't have any doubts in your knowledge, but i'm a young computer engineer (first months of work) and when things get hard for me i can get a little pushy while trying to solve them. Now i configured radius to use EAP-PEAP and i tought i have only 1 step left to take - make OpenLDAP use NT hash passwords (already know how to do that), but damn, that no dialup access attribute error strikes again with radtest:( If even radtest doesn't get through (though it doesn't use eap) there is no chance a real client would, eh? And i ask again - is it normal, that i don't get access-accept with radtest without setting auth-type to ldap and can i simply ignore that(i get that dialup access attribute error), or should i get access-accept with radtest without setting auth-type to ldap? That's what i wanted to know in one of my previous posts. -- View this message in context: http://www.nabble.com/Freeradius-%2B-OpenLDAP---user-password-problem-tf2014904.html#a5649743 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
monitoring freeradius with snmp
Hi,
I have a requirement to monitor freeradius with snmp.
According to the freeradius web site and other sources I've done the
following...
1. compiled freeradius with the '--with-snmp' option
2. modified the freeradius snmp.conf file to include
smux_password = verysecret
2. modified the radiusd.conf file with
snmp = yes
$INCLUDE ${confdir}/snmp.conf
3. modified the net-snmp snmpd.conf file to include
smuxpeer .1.3.6.1.4.1.3317.1.3.1 verysecret
4. started the radiusd and snmpd daemons.
When I do an 'snmpwalk -v1 -c public localhost system' I get the
'system' info from the MIB (as expected).
When I walk enterprises.3317 I get nothing.
I didn't actually expect to get much as I have a huge gap in my
knowledge which is the smux. I'm not sure how it works or how I
implement it successfully.
Has anyone implemented an smux or monitoring freeradius with snmp.
If you have, It would be great if you would impart with any knowledge
you may have so I can sort this out.
Thanks for your time
Regards
Andy
--
perl -e print qq^bIG VeRN ! ^^qq^#'#Yv#=D+ ^
This e-mail is private and may be confidential and is for the intended
recipient only. If misdirected, please notify us by telephone and confirm that
it has been deleted from your system and any copies destroyed. If you are not
the intended recipient you are strictly prohibited from using, printing,
copying, distributing or disseminating this e-mail or any information contained
in it. We use reasonable endeavours to virus scan all e-mails leaving the
Company but no warranty is given that this e-mail and any attachments are virus
free. You should undertake your own virus checking. The right to monitor
e-mail communications through our network is reserved by us.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: NAS-ID missing in 1.1.2?
Drew S. Dupont [EMAIL PROTECTED] wrote: Has this attribute been intentionally left out of 1.1.2? In my 1.1.1 build it works as a user attribute in the users file. But in 1.1.2, it complains about not finding it. Prior to 1.1.2, unknown attributes in the users file were silently ignored. This caused all sorts of problems with people who thought the attribute should work because it was there, but mis-spelled. As of 1.1.2, it complains about unknown attributes. This lets you know that a name is mis-spelled, and that your configuration isn't doing what you think it's doing. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + OpenLDAP - user password problem
Stuckzor [EMAIL PROTECTED] wrote: Now i configured radius to use EAP-PEAP and i tought i have only 1 step left to take - make OpenLDAP use NT hash passwords (already know how to do that), but damn, that no dialup access attribute error strikes again with radtest:( From the ldap section of radiusd.conf: access_attr = dialupAccess Comment that out, and it won't check for dial-up access permissions. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access to wiki?
Hello, Is there a problem with the freeradius wiki (http://wiki.freeradius.org)? I am trying to sort out a problem and came across a reference to the wiki page. However my browser just sits there when trying to access the page. I can resolve the DNS name and ping it; just not access it. Thanks, John. -- --- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: noob with some questions
P. K. [EMAIL PROTECTED] wrote: This thread has already dragged out beyond reason but I feel since I'm being attacked I should defend myself. You posted two messages, and didn't get much response. You then posted an insulting message about how people here sucked, how the documentation sucked, how the software sucked, and how you were going to buy a commercial product. Go buy it. Please. It's obvious no one here can help you. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Auth-Type:Local password change problem.
Auth-Type : Local users file consist user_name / password. this file modify? how to change password ? ☞ 실시간 메일 알림! 이제 U2에서~ 악성코드 무료 치료 기능, SMS 100건 무료 제공! ☜ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: noob with some questions
What a poor attitude and even more, Free support is dedicated by those with Free time. Think twice before bitching about someones work when they have already posted the how to and know how to do it. If you don't understand it that is fine and pay someone for the service. I have no problem with that. I'm trying to get you to understand how this community works. If you feel like you are personally being attacked that is own aptitude of how you are seeing things. Don't get upset if someone tells you go re-read something. They are simply trying to get the LIGHT BULB effect to go off in your head. IT IS LIKE POSTING A GIANT BILLBOARD WITH ANSWERS TO THE TEST ON IT except you don't know how to apply it. There are three reasons why people won't do something. 1.) They don't know how. 2.) They don't why they should do it. 3.) They don't care. You fall into category 3. Have a nice day. Eric Hilden CyberCrime Investigation Colorado Technical University P. K. wrote: This thread has already dragged out beyond reason but I feel since I'm being attacked I should defend myself. #1) I know how to read. #2) First Alan claimed that I and my University wanted something for nothing. Free #3) Then you come along and claim I'm an idiot for being willing to pay for support. I don't know where you work chief but here where I work, I have other things to do than spend countless hours reading out of date man pages and listserve archives with no responses or brilliant answers like go read the faq. I spend two weeks trying to wrap my head around this software and I asked a simple question which only ONE person was kind enough to respond to.Obviously neither you nor Alan could be bothered to read or reply to my first email but you all seem to have time to respond to this one. It really makes me wonder if either of you have ever attended University. I have interns work for me every semester. I answer the same question over and over and I never use that excuse to be an asshole. You see, where it might be an old question to me, it's a new one to that student. I'm glad our faculty don't have your attitude our we'd be out of business. After all, these kids have the text book the documentation is there so why do these lazy kids need us to answer their dumb questions when they answer is right in their hand. I belong to several auto forums and we welcome new people all the time. Some with experience some without. Some are too lazy to search and some just don't know what to ask yet. Either way none are treated like I've been treated here. This I know something you don't know and therefore I'm great and you're dumb attitude disgusts me. This is the last response I'll give on this topic. And since you were kind enough to curse at me, I'll reply: G.F.Y. If you don't know what it means Goggle it or perhaps check the faq's. Your a smart guy. Figure it out. Spend countless hours on it if you have to. Apparently you have the time. I'll go unsubscribe now. Thanks for the warm welcome, assholes. --Paul Paul Kuchinski Network Administrator Smeal College of Business Administration Penn State University email: [EMAIL PROTECTED] phone: (814)865-0366 fax: (814)865-1845 Eric Hilden wrote: Sorry to jump in here, but I feel like I have to defend something I believe in now. I haven't read this entire thing, but I can say I have seen this a hundred times. If you cannot read or clearly understand the topic in the extensive documentation provided. Then you need to find someone else who knows Unix or BSD. There is no way anyone is going to give you a simple answer. The FreeBSD/Unix/Linux community provides vast amounts of documentation, research, and help. First look for your answer by going through old mailing lists, type in errors you are receiving in google, or other easy troubleshooting tips. But don't expect to say I can't get it to work and tell me how to make it work. I will admit I am a complete FreeBSD/Unix noob, but I have spent countless hours now playing with the operating system, pulling my hair out, and ready to blow it up. But that frustrating process is the knowledge base I develop in knowing how a particular program works. As far as paying someone or a commercial product. Go for it. 1000% mark up on something that is already free. If you do not have the time, patience, or know how, then by all means this is your best solution. 99% of the companies go look at licensing agreements. You will see a lot of it documents back to what is already Open Source and Free. PS. As an end note it is just as fucking stupid as I post Message of Days for employees that never read it and always ask what are we doing. I can't answer 100's of the same question everyday. That is why the DOCUMENTATION is very well written generally, and lots of time goes into it. Hell you can figure out Unix by just installing the MAN pages and taking the time to play with the commands; then I see you
Re: Auth-Type:Local password change problem.
Are you using the local user password from the operating system on the freeradius server? I think you need to change the Unix/Linux/BSD password for that user on the box.I thought that Auth-Type : File was the one that used the users file. Other more knowledgeable users may correct me.regards,Lin RichardsonOn 8/4/06, 나종현 [EMAIL PROTECTED] wrote: Auth-Type : Local users file consist user_name / password. this file modify? how to change password ? ☞ 실시간 메일 알림! 이제 U2에서~ 악성코드 무료 치료 기능, SMS 100건 무료 제공! ☜ -List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius function
Hello All,Is there a succinct way to describe how freeradius processes requests? sort of a high level overview?Like: The radiusd daemon is running and receives a valid requestIt parses out attributes passed in with the request ... and then...That is the point where I'd like some clarification... what files does it parse as it continues, etc...?Any takers? If this is documented somewhere and I missed it, I apologize. Regards,Lin Richardson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius function
Lin Richardson [EMAIL PROTECTED] wrote: Is there a succinct way to describe how freeradius processes requests? sort of a high level overview? doc/aaa.txt is about as good as it gets. That is the point where I'd like some clarification... what files does it parse as it continues, etc...? Everything is driven off of radiusd.conf. The authorize section is run from top to bottom, and then one subsection of authenticate is run. Alan DeKok. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Problem
PhilT [EMAIL PROTECTED] wrote: 1. In the MySQL database do you have the Attribute set to Password and not something else, for example 11 usernamehere PASSWORD == passwordhere 2. In Freeradius users file DEFAULT Auth-Type := Local NO. Do NOT SET THAT. It's NOT NECESSARY. That point has been repeated again and again on this list. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FR-1.1.2 dies with error
Alexander Serkin [EMAIL PROTECTED] wrote: Do you mean just comment out line 1012 in request_list.c ? Yes. I think i'll try this first because speeding up DB is not a trivial task by now. But it's the real source of the problem... Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TTLS + LDAP + PAP with encrypted password
wekz [EMAIL PROTECTED] wrote:
The user is authorized and the password is got from the
ldap (rlm_ldap: Adding userPassword as User-Password, value
{sha}rur+4yJuecpmc8vxS/8wAyAMNHM= op=21)
In 1.1.x, you have to configure the ldap module to know about the
{sha} password header. See the ldap section of modules.
And after matching the group Local in my users-file:
auth: type Local
auth: user supplied User-Password does NOT
match local User-Password
auth: Failed to validate the user.
Unfortunately, this is one of the few cases where you probably have
to set Auth-Type = PAP. Note that this is ONLY a 1.1.x limitation.
The CVS head, and therefore 2.0 has that fixed.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More documentation on Auth-Type
Duane Cox [EMAIL PROTECTED] wrote:
Alan, great job putting the new book together.
And you haven't seen the rest of the content... As an example, I've
got 10 pages describing how dictionaries work, and how to create them.
At this rate, the book will be 400 pages long.
I am using rlm_sql for user database lookup, and it works when the user is
found, but how do I define a catch all for users not
found in the db so that the server knows to reject them...
doc/configurable_failover
In the authorize section, where you have the sql module listed,
change the 1-line entry of sql to:
sql {
notfound = reject
}
And you're done.
debug output
Server rejecting request 2 due to failure to be told how to respond.
WARNING: You did not configure the server to accept, or reject the user.
Double-check Auth-Type.
That works, too, but generates lots of warning messages. It's
better to tell the server explicitely what to do.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
Andy Ford [EMAIL PROTECTED] wrote:
1. compiled freeradius with the '--with-snmp' option
Did the configure process find the SNMP information it needed?
Does src/include/autoconf.h have a line like:
#define WITH_SNMP 1
?
2. modified the radiusd.conf file with
snmp = yes
$INCLUDE ${confdir}/snmp.conf
When the server starts, does it say anything about connecting to
SMUX peer?
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Problem
Alan DeKok wrote: PhilT [EMAIL PROTECTED] wrote: 1. In the MySQL database do you have the Attribute set to Password and not something else, for example 11 usernamehere PASSWORD == passwordhere 2. In Freeradius users file DEFAULT Auth-Type := Local NO. Do NOT SET THAT. It's NOT NECESSARY. That point has been repeated again and again on this list. So many times in fact that I reckon you should add a config item that has to be set to a particular value: yes_i_understand_auth_type_and_am_prepared_to_accept_the = consequences /irony - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Problem
Phil Mayers [EMAIL PROTECTED] wrote: So many times in fact that I reckon you should add a config item that has to be set to a particular value: yes_i_understand_auth_type_and_am_prepared_to_accept_the = consequences g Or, in 2.0, simply re-name it to something else, and don't include a definition for Auth-Type at all. That's *horribly* unfriendly to people, but it's a thought. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: monitoring freeradius with snmp
On Friday 04 August 2006 09:59, Andy Ford wrote: 4. started the radiusd and snmpd daemons. Sounds good so far. When you run in debug mode, does the SMUX registration work properly? You should see something similar to this: SMUX connect try 1 SMUX open oid: 1.3.6.1.4.1.3317.1.3.1 SMUX open progname: radiusd SMUX open password: somesecretpass SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 SMUX register priority: -1 SMUX register operation: 1 SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 SMUX register priority: -1 SMUX register operation: 1 When I walk enterprises.3317 I get nothing. The mibs directory has loadable files so that you can use pretty names (radiusAuthServIdent) instead of OIDs in your queries. If you're just looking for confirmation that FR+SNMP is working, you can run: $ snmpwalk -v1 -c public localhost mib-2.67.1.1.1.1.1.0 RADIUS-AUTH-SERVER-MIB::radiusAuthServIdent.0 = STRING: FreeRADIUS Version 1.1.2, for host , built on Jul 6 2006 at 12:59:53 Kevin Bonner pgpzU6PQm5KJc.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
read_groups in cvs
I've got mssql.conf read_groups = yes but the rlm_sql module does not process the groups. The user is found in radcheck and the check items (password) does match... and I do NOT have Fall-Through = yes in the radreply ... as per docs... (3d) 3. Group processing then begins if any of the following conditions are met: a. The user IS NOT found in radcheck b. The user IS found in radcheck, but the check items don't match c. The user IS found in radcheck, the check items DO match AND Fall-Through is set in the radreply table d. The user IS found in radcheck, the check items DO match AND the read_groups directive is set to 'yes' Am I doing something wrong here? If I have Fall-Through = yes then everything works as per docs (3c) But 3d does not say that Fall-Through has to be yes Alan? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: More documentation on Auth-Type
Kevin Bonner [EMAIL PROTECTED] wrote: Looks great! The compatibility matrix is pretty handy as well. Thanks. Little touches like that help a lot. One thing I didn't see mentioned on the auth type page is the heavily used Auth-Type := Local. Was that consciously omitted, or are you still adding content to that page? I'm adding content... check back soon! But as for Auth-Type := Local, I didn't even think to address it, because I never use it, and don't think there's any need for it. What kind of discussion do you think is necessary? Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Password Problem
Alan DeKok wrote: Lawrence Shafer [EMAIL PROTECTED] wrote: I think it is not chillispot, because I can change the password in dialupadmin, and then check password (in dialupadmin) and it says NO It is wrong. How can I change the system to clear-text passwords? Or does it sound like a MySQL problem? It sounds like dialupadmin is configured to store crypt'd passwords. Change that, and then delete re-enter all of the passwords. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Cool!! That fixed the problem in dialupadmin! Thanks! But now it is trying to use auth: type System instead of sql when I try to log in through chillispots web interface. So off to more problem chasing! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
