callback on mysql
Hi All, I'm new to freeradius and this forum. so excuse me if i'm asking an already asked question. I have search the archive regarding callback on mysql but it is no avail. My problem is setting callback user in mysql database. I have set the attibute in radreply to service-type and the value is callback-login-user but it is failed. I also tried setting attibute in radreply to cisco_avpair and the value is lcp:callback-dialstring=7946234 but it is failed also. Am I setting the wrong field or anything? My NAS Is cisco and the other non-callback user that I creted is login OK. Is there someone who can give me a lead/pointer ? If there's anymore data that I should provide just let me know Any help greatly appriciate. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_eap_ttls linking error
On Thu, Jun 03, 2004 at 05:36:39PM -0700, Matthew Albright wrote: I'm attempting to compile freeradius-1.0.0-pre1, and I'm having problems building rlm_eap_ttls. I've narrowed it down to the linking stage, and libtool translating ./../rlm_eap_tls/rlm_eap_tls.la into -lrlm_eap_tls when it is passed to gcc. The linker can't find this lib, and croaks. If I simply delete the rlm_eap_tls.la part from the libtool command, the command finishes without errors, but I suspect that when I actually try to run any ttls stuff, it'll probably die with a load error. I'm doing this on a RedHat 8.0 box, underneath an rpmbuild command, if that matters. I don't think it does, cause the rpm gets built successfully, but it's missing the rlm_eap_ttls libraries. This is bug 75 in the FreeRADIUS bugzilla at bugs.freeradius.org. Removing the rlm_eap_ttls.la from the Makefile should work, unless you're using an upstream CVS version of libltdl. You'll hit a similar problem with rlm_eap_peap, too, with the same solution. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: setting several aaa authentication login methods
Another thing you may want to look into is using your console port on the router incase of radius inavailabilty. If you still want to be able to use radius auth on the console if it is availible you need the 'secret' command aaa console it doesn't list it in the command lists, if you type it it will enable your authentication models on the console port.. be careful, you CAN lock yourself out of therouter, hence why it is a hidden command. Graeme On Thu, 3 Jun 2004 12:34:26 -0500 Eric [EMAIL PROTECTED] wrote: Thanks a lot this really works ! Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Graeme Hinchliffe Sent: Thursday, June 03, 2004 8:09 AM To: [EMAIL PROTECTED] Subject: Re: setting several aaa authentication login methods That setting aaa default group radius local enable should work or try aaa default group radius enable when you try to auth via radius, if this fails and you get a 2nd password prompt but no username prompt.. enter your enable password here. thats how it worked for us when we enabled this on our Cisco's Graeme On Thu, 3 Jun 2004 07:39:46 -0500 Eric [EMAIL PROTECTED] wrote: I was wondering if it is possible in a CISCO switch to set more than one authentication methods using the following command : ( aaa authentication enable default group radius local enable ). While the LDAP authentication using the radius server works, the local authentication ( root password ) does not seem to be enabled ( Authentication Failed ). How would I set both authentications. The idea is through the radius server have the LDAP server to authenticate users but be able also to use the local Authentication ( rootpassword). Thanks Eric Echeverri -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Newbie
Hi, How can I use 802.1x port authentication scheme with free radius and linux. Specifically if I want to use EAP-md5 and PAP. I have setup a switch and freeradius server. but don't understand what to do on my computer, so that it can communicate with switch. Do I need something additional to my linux computer.Because when I connect to switch it never asksto authenticate my linux computer.How the port authentication works with linux. setup looks like. freeradius server-switchLinux computer thanks. Riz.__Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: callback on mysql
On Fri, 4 Jun 2004 15:32:43 -0700 Yanurul Anwar [EMAIL PROTECTED] wrote: Hi All, I'm new to freeradius and this forum. so excuse me if i'm asking an already asked question. I have search the archive regarding callback on mysql but it is no avail. My problem is setting callback user in mysql database. I have set the attibute in radreply to service-type and the value is callback-login-user but it is failed. I also tried setting attibute in radreply to cisco_avpair and thevalue is lcp:callback-dialstring=7946234 but it is failed also. Am I setting the wrong field or anything? My NAS Is cisco and the other non-callback user that I creted is login OK. Is there someone who can give me a lead/pointer ? If there's anymore data that I should provide just let me know Any help greatly appriciate. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html hi, i tested avpairs for some time ago, and as far as i know this test works with following setting: radreply: - Cisco-AVPair(Attribute) = lcp:interface-config#2= ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx(Value) regards, christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius rfc2882 ?
Hi somebody can tell me that whether or not rfc1882 implemented in freeradius0.9.2 or later realease? i have to write a radius client sending a request to my freeradius server for changing the user's password stored in the backend database. thx. described as the following:(rfc2882) 5.1. Password Change Remotely requested password change operations were described and proposed, but rejected by the working group. None the less, the feature is still deployed in a number of products. Message types: - Password Request - Password Ack or Reject - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Newbie
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Am Freitag, 4. Juni 2004 11:15 schrieb Cool Man: Hi, How can I use 802.1x port authentication scheme with free radius and linux. Specifically if I want to use EAP-md5 and PAP. I have setup a switch and freeradius server. but don't understand what to do on my computer, so that it can communicate with switch. Do I need something additional to my linux computer. Because when I connect to switch it never asks to authenticate my linux computer. How the port authentication works with linux. setup looks like. freeradius server-switchLinux computer thanks. Riz. 1) What Switch? Is it able to do authentication? 2) users.conf: testuser Auth-Type := EAP, User-Password == test 3) Google for EAP and freeradius. - -- Dr. Michael Schwartzkopff MultiNET Services GmbH Bretonischer Ring 7 85630 Grasbrunn Tel: (+49 89) 456 911 - 0 Fax: (+49 89) 456 911 - 21 mob: (+49 174) 343 28 75 PGP Fingerprint: F919 3919 FF 12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAwD94qndXpO3Yl5sRAv3TAKDcj1LPztsE+wVoGZF1zQ7O0SJQeQCggpch x16SVXG4ugaASQOQ6C/y20k= =QfRl -END PGP SIGNATURE- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP/TLS - rlm_ippool: Could not find Pool-Name attribute.
Hi all, I am trying to connect our SMC2804WBR wireless routes to the freeradius 1.0.0pre1 (RedHat 9 Linux) and to get connected from WinXP station throuhg 802.1x EAP TLS connection. The result of my tries is in the subject ... I've defined the in the config files following: file users: --- DEFAULT Pool-Name := systinetpool Fall-Through = yes file radiusd.conf: -- ippool systinetpool { range-start = 192.168.3.1 range-stop = 192.168.3.254 netmask=255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes maximum-timeout = 60 } post-auth { systinetpool } file clients.conf: -- client 10.0.0.202/32 { secret = test shortname = SMC nastype = other } The result is bellow, shortly - it sent Access-Accept to 10.0.0.202 (the SMC wireless router/AP) but did not find Pool-Name attribute. Where and how can i define it instead of in users file ? What did I configure wrong? Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 5 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Received EAP-TLS ACK message eaptls_verify returned 3 eaptls_process returned 3 rlm_eap: Freeing handler modcall[authenticate]: module eap returns ok for request 5 modcall: group authenticate returns ok for request 5 Login OK: [Zdenek Pizl/no User-Password attribute] (from client SMC port 29) Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 5 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module systinetpool returns noop for request 5 modcall: group post-auth returns noop for request 5 Sending Access-Accept of id 47 to 10.0.0.202:1066 MS-MPPE-Recv-Key = 0x8c0fd0aef8f64035c63eed70234116753d74356dcd8cadc084c21bfb4ccac2f7 MS-MPPE-Send-Key = 0x6cf0a5279334ce2b09ee9e5f1380103297f6691dca1c46c1857715e3237c960c EAP-Message = 0x032f0004 Message-Authenticator = 0x User-Name = Zdenek Pizl Finished request 5 -- Zdenek Pizl Systinet Corporation Vinohradska 190 130 00 Praha 3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
traffic shaping to limit radius request spikes, comments?
i wonder if anyone has experience in this or comments ... in a test environment, we note that rare spikes of very high request rates seem to knock out the radius servers for a short period while they recover. an immediate solution that comes to mind is to use traffic shaping (such as ALTQ) to smooth off the peaks in request traffic. that is, for normal request rates no traffic shaping occurs, but for higher request rates, the peaks are smoothed out before they reach the servers. this is more a preventative measure until the cause of the server knock-out is found. has anyone done this - or have comments as to the usefulness of this method. tariq - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with accounting
Hi, my name is George. I have a problem with accounting. If accounting is turn off on AP, then the radius is working. If I turn on the accounting on AP, after authentication few seconds the AP brakes the connection. I don't know why do this. Maybe I should set some attributes for the users? I'm using the MySQL database for user authorization, and accounting to. -- technik :-) ICQ: 270532579 AIM: gyuriszabo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? -- Best regards, Alexandermailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with accounting
Excuse me for the last mail. Here is the log file from radacct directory. Hello Szab, Friday, June 4, 2004, 1:56:02 PM, you wrote: SG I have a problem with accounting. If accounting is turn off on AP, then the SG radius is working. If I turn on the accounting on AP, after authentication SG few seconds the AP brakes the connection. I don't know why do this. Maybe I SG should set some attributes for the users? SG I'm using the MySQL database for user authorization, and accounting to. What is in logs? -- technik :-) ICQ: 270532579 AIM: gyuriszabo Thu Jun 3 18:46:10 2004 User-Name = 00300d16f0bf NAS-IP-Address = 192.168.1.4 Called-Station-Id = 00-30-0D-16-F0-BF NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Accounting-On Acct-Session-Id = 4801 Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 893d160ff71e755c Timestamp = 1086281170 Thu Jun 3 18:47:02 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = 4802 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:46:57 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 5033f95c272a4be2 Timestamp = 1086281222 Thu Jun 3 18:49:41 2004 User-Name = 00300d16f0bf NAS-IP-Address = 192.168.1.4 Called-Station-Id = 00-30-0D-16-F0-BF NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Accounting-On Acct-Session-Id = E801 Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 22f70d0dda995ce4 Timestamp = 1086281381 Thu Jun 3 18:51:32 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = E802 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:51:27 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 6be6b3e61780aa29 Timestamp = 1086281492 Thu Jun 3 18:52:10 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 1 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Stop Acct-Input-Octets = 1750 Acct-Output-Octets = 0 Acct-Session-Id = E802 Acct-Session-Time = 37 Acct-Input-Packets = 5 Acct-Output-Packets = 0 Acct-Terminate-Cause = Supplicant-Restart Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:52:04 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 6be6b3e61780aa29 Timestamp = 1086281530 Thu Jun 3 18:52:11 2004 User-Name = fredf NAS-IP-Address = 192.168.1.4 NAS-Port = 2 Service-Type = Framed-User Framed-IP-Address = 0.0.0.0 Framed-MTU = 1400 Called-Station-Id = 00-30-0D-16-F0-BF Calling-Station-Id = 00-50-FC-F2-8C-24 NAS-Identifier = MMC-1500AP(H) Acct-Status-Type = Start Acct-Delay-Time = 0 Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Session-Id = E803 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Event-Timestamp = Jun 4 2004 03:52:05 CEST NAS-Port-Type = Ethernet Connect-Info = CONNECT 10Mbps Ethernet Client-IP-Address = 193.226.233.43 Acct-Unique-Session-Id = 9f2c8e1e22b17b10 Timestamp = 1086281531 Thu Jun 3 18:52:18 2004 User-Name = fredf NAS-IP-Address =
Xsupplicant prob
Hi, when I try to run xsupplicant Nussnb56:~/xsupplicant # xsupplicant -i eth0 Error: No globals defined. There was a problem with the config file. We cannot continue. What is the problem here. What should the xsupplicant have. The version is xsupplicant-0.8.tar.gz. Thx. Riz __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius on MACOSX
Hi all ! I'm new to the radius world, and I have found that freeradius is most suited for our needs. I've successfully configured and compiled the distro (1.0.0-pre1) uner Mac OS X Server 10.3.x using the doc/MACOSX and http://www.frontios.com/freeradius.html instructions to get it to work with mysql. All of this is working properly when I run it in debug mode (-X). But when I try to run the in default daemon mode (ie. no options), I get : Error: FATAL: Failed to initialize semaphore: Function not implemented In my log. I've found reference to libsem in the mailing list, I've installed the library found in the contrib ftp directory. But after re-compiling the distro, it's still the same. How do I make freeradius to compile with libsem ? Or how do I correct this ? Thanks for any help. Nicolas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius 0.9.3 and AIX 5
That might have been me, I needed quite some basic functionality so I kept removing offending modules until it worked. Basicaly libtool didn't work at all. So everything that uses shared stuff won't work either. I only managed to get a static version working. (This was only done as an aside). I didn't upgrade from the working version I got then. It was that much trouble that if we need to upgrade it will probably move to open or free BSD. kind regards, Nico Baggus -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thor Mitchell Sent: Thursday, June 03, 2004 20:35 To: [EMAIL PROTECTED] Subject: Freeradius 0.9.3 and AIX 5 i've read through the mailing list archives and have seen at least one person trying to get this software to work under AIX. i didn't see a resolution to that though, and am having some problems of my own. here are two different configures and first runs, has anyone had success with this OS? #oslevel -r 5200-03 # uname -a AIX osgtest06 2 5 000D4F0D4C00 # gcc --version gcc (GCC) 3.2 # ./configure --prefix=/usr/local --disable-ltdl-install --localstatedir=/var --sysconfdir=/etc --with-rlm-krb5-lib-dir=/usr/local/krb5/lib --with-rlm-krb5-include-dir=/usr/local/krb5/ include --enable-shared --disable-static ... # radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/local/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients Using deprecated clients file. Support for this will go away soon. read_config_files: reading realms Using deprecated realms file. Support for this will go away soon. radiusd: entering modules setup Module: Library search path is /usr/local/lib radiusd.conf[1186] Failed to link to module 'rlm_expr': No such file or directory # ./configure --prefix=/usr/local --disable-ltdl-install --localstatedir=/var --sysconfdir=/etc --with-rlm-krb5-lib-dir=/usr/local/krb5/lib --with-rlm-krb5-include-dir=/usr/local/krb5/ include --disable-shared --enable-static # radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/local/lib main: radacctdir = /var/log/radius/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading
Re: ippool problem
On Thu, 3 Jun 2004, Marco Marques wrote: Hi All , i am trying to setup radius to work with ip pools , when i start radius in debug mode i dont see any error. Output : Module: Loaded IPPOOL ippool: session-db = /usr/local/etc/raddb/db.ippool ippool: ip-index = /usr/local/etc/raddb/db.ipindex ippool: range-start = 192.168.1.1 IP address [192.168.1.1] ippool: range-stop = 192.168.3.254 IP address [192.168.3.254] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 800 ippool: override = no Module: Instantiated ippool (main_pool) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. the error comes when i try to authenticate gives me this error : auth: user supplied User-Password matches local User-Password modcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. Fix the above. The comments in radiusd.conf should be more than enough. modcall[post-auth]: module main_pool returns noop for request 0 modcall: group post-auth returns noop for request 0 how can i solve this problem?? other question that i have is how to setup the users file to use a speciic pool? Best regards Marco -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
On Thu, 3 Jun 2004, apellido jr., wilfredo p. wrote: Hello is their any plan to include in dialup_admin, a feature which the USER can check his/her account, edit his/her information and change password authenticated via his/her username/password in Freeradius (using MYSQL). In general dialupadmin is mostly designed for radius admins, not the end users. There's user_state.php3 which can be used to build a page with account information for each user. I would prefer something completely separate for end user interface. Also user information is somewhat critical (you want to be sure that username aaa belongs to Alice Wonderland, not someone else). -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin
thanks kostas :) i will look for user_state.php3 as reference. On Thu, 3 Jun 2004, apellido jr., wilfredo p. wrote: Hello is their any plan to include in dialup_admin, a feature which the USER can check his/her account, edit his/her information and change password authenticated via his/her username/password in Freeradius (using MYSQL). In general dialupadmin is mostly designed for radius admins, not the end users. There's user_state.php3 which can be used to build a page with account information for each user. I would prefer something completely separate for end user interface. Also user information is somewhat critical (you want to be sure that username aaa belongs to Alice Wonderland, not someone else). -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radtest problem
Hi List, please I am facingthe following problem: when I attempt to use the radtest tool withe args.: radtest [EMAIL PROTECTED] wilma 172.16.10.5:1645 123 MYSECRET I have the message: radclient:failed to get value I am working withFreeBSD 4.9, freeradius 0.93 Please, could some one to have some hint about this issue? thank you in advance Ernesto Freyre.
Re: rlm_eap_ttls linking error
Great, thanks... I'll try that, and let you know if it works when I get all the TLS cert stuff figured out. matt On Fri, 4 Jun 2004 18:11:46 +1000, Paul Hampson [EMAIL PROTECTED] wrote: On Thu, Jun 03, 2004 at 05:36:39PM -0700, Matthew Albright wrote: I'm attempting to compile freeradius-1.0.0-pre1, and I'm having problems building rlm_eap_ttls. I've narrowed it down to the linking stage, and libtool translating ./../rlm_eap_tls/rlm_eap_tls.la into -lrlm_eap_tls when it is passed to gcc. The linker can't find this lib, and croaks. If I simply delete the rlm_eap_tls.la part from the libtool command, the command finishes without errors, but I suspect that when I actually try to run any ttls stuff, it'll probably die with a load error. I'm doing this on a RedHat 8.0 box, underneath an rpmbuild command, if that matters. I don't think it does, cause the rpm gets built successfully, but it's missing the rlm_eap_ttls libraries. This is bug 75 in the FreeRADIUS bugzilla at bugs.freeradius.org. Removing the rlm_eap_ttls.la from the Makefile should work, unless you're using an upstream CVS version of libltdl. You'll hit a similar problem with rlm_eap_peap, too, with the same solution. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: fail-over configration
Thanks for your reply. Alan. You showed the follow process. 1.Checking users file If the User-Name is not found, go to Checking SQL(Mysql) DataBase. Check the Calling-Station-Id. if the Calling-Station-Id is correct, continue to authenticate if the Calling-Station-Id is incorrect,reject the user. 2.Checking SQL(Mysql) DataBase. If the User-Name is not found, reject the user. Check the Calling-Station-Id. if the Calling-Station-Id is correct, continue to authenticate if the Calling-Station-Id is incorrect,reject the user. In authenticate, check the User-password. If correct, the user is authenticated. if the User-Password is incorrect,reject the user Then, I have a question. What means, the User-Name is not found? I thought the User-Name value in resquest is not found in users file. But the freeradius does not operate such. It looks like follow. case 1 (this case is OK(found!)) User-Name(value) in Users file equals User-Name(value) in Access-Request. and User-Password(value) in Users file equals User-Password(value) in Access-Request. and Calling-Station-Id(value) in Users file equals Calling-Station-Id(value) in Access-Request. case 2 (this case is not found) User-Name(value) in Users file equals User-Name(value) in Access-Request. and User-Password(value) in Users file do not equal User-Password(value) in Access-Request. and Calling-Station-Id(value) in Users file equals Calling-Station-Id(value) in Access-Request. case 3 (this case is not found) User-Name(value) in Users file equals User-Name(value) in Access-Request. and User-Password(value) in Users file equals User-Password(value) in Access-Request. and Calling-Station-Id(value) in Users file do not equal Calling-Station-Id(value) in Access-Request. case 4 (this case is not found) User-Name(value) in Users file equals User-Name(value) in Access-Request. and User-Password(value) in Users file do not equal User-Password(value) in Access-Request. and Calling-Station-Id(value) in Users file do not equal Calling-Station-Id(value) in Access-Request. Does The User-Name is not found mean what all the radius attributes that should be compared are matched?, not only the User-Name value does not matched? IF that is right, does checking the User-Password in authenticate always succeed? -- Access-Request: User-Name = testusr User-Password = usrpass00 NAS-Port = 1 NAS-IP-Address = 192.168.100.20 Framed-Protocol = PPP Service-Type = Framed-User NAS-Port-Type = ISDN Calling-Station-Id = 0123456789 -- Users file: testusr Auth-Type := Local, User-Password == usrpass, Calling-Station-Id ==0123456789 User-Service = Framed-User , Framed-Protocol = PPP , Framed-IP-Address = 10.0.0.1 , Framed-IP-Netmask = 255.255.255.255 , Ascend-Idle-Limit = 600 , Ascend-Data-Filter = ip in forward dstip 10.0.1.0/24 , Ascend-Data-Filter += ip in forward dstip 172.16.1.0/24 , Ascend-Data-Filter += ip in drop dstip 0.0.0.0 , Ascend-Data-Filter += ip out forward sorry for my poor english regards -- baffy200y [EMAIL PROTECTED] __ Do You Yahoo!? http://bb.yahoo.co.jp/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool problem
On Fri, 2004-06-04 at 15:29, Kostas Kalevras wrote: the error comes when i try to authenticate gives me this error : auth: user supplied User-Password matches local User-Password modcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. Fix the above. The comments in radiusd.conf should be more than enough. I am in similar troubles, and the comment (do you mean: # Example: # radiusd.conf: ippool students { [...] } # users file : DEFAULT Group == students, Pool-Name := students ?) does not help/work ... What else should I do? z.p. modcall[post-auth]: module main_pool returns noop for request 0 modcall: group post-auth returns noop for request 0 how can i solve this problem?? other question that i have is how to setup the users file to use a speciic pool? Best regards Marco -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Zdenek Pizl Systinet Corporation Vinohradska 190 130 00 Praha 3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radtest problem
Ernesto, send your mail in plain text, then you'll probably get a response :) - Original Message - From: Ernesto Freyre To: [EMAIL PROTECTED] Sent: Friday, June 04, 2004 12:39 PM Subject: radtest problem Hi List, please I am facingthe following problem: when I attempt to use the radtest tool withe args.: radtest [EMAIL PROTECTED] wilma 172.16.10.5:1645 123 MYSECRET I have the message: radclient:failed to get value I am working withFreeBSD 4.9, freeradius 0.93 Please, could some one to have some hint about this issue? thank you in advance Ernesto Freyre.
Re: Freeradius-Users digest, Vol 1 #3304 - 13 msgs
Hello Kostas, where can i find rlm_ipool revision 1.3.. with 1.3 i will can work with two differents pools? Thank you Send Freeradius-Users mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.freeradius.org/mailman/listinfo/freeradius- users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. MD4 fix for bigendian systems in 1.0.0-pre1 (Paul Hampson) 2. Re: Fail-Over (Kostas Kalevras) 3. Re: FreeRADIUS 1.0.0-pre1 released (Damjan) 4. Calculating Remaining Time for Session-Timeout (Rick Smith) 5. Re: Calculating Remaining Time for Session-Timeout (Keith Yoder) 6. Re: Calculating Remaining Time for Session-Timeout (Kostas Kalevras) 7. Re: Help adding users (Fr=?iso-8859-1?Q?=E9d=E9ric_EVRARD?=) 8. RE: Calculating Remaining Time for Session-Timeout (Rick Smith) 9. Re: Calculating Remaining Time for Session-Timeout (Keith Yoder) 10. Re: LDAP Authentication (MS Windows AD) ([EMAIL PROTECTED]) 11. Re: Help in using EAP (Fr=?iso-8859-1?Q? =E9d=E9ric_EVRARD?=) 12. Re: Help with Counter module (Jean-Marie GUILLEMOT) 13. Re: Latest freeradius and NPTL fail (Michael Griego) --__--__-- Message: 1 Date: Tue, 1 Jun 2004 21:00:52 +1000 To: [EMAIL PROTECTED] Subject: MD4 fix for bigendian systems in 1.0.0-pre1 From: [EMAIL PROTECTED] (Paul Hampson) Reply-To: [EMAIL PROTECTED] Sorry, I just discovered a problem that didn't show up on initial testing. Luckily it showed up on my PPC machine. If you're building on a big-endian machine, compilation will fail on md4.c due to missing definition of htole32. Or at least it does on Linux. Here's the patch, already comitted to CVS and will be in -pre2. Index: md4.c === RCS file: /source/radiusd/src/lib/md4.c,v retrieving revision 1.5 diff -r1.5 md4.c 36a37,39 * Add htole32 define from http://www.squid-cache.org/mail-archive/squid- dev/200307/0130.html * (The bswap32 definition in the patch.) *This is only used on BIG_ENDIAN systems, so we can always swap the bits. 68a72,77 #define htole32(x) \ (uint32_t)x) 0xff00) 24) | \ uint32_t)x) 0x00ff) 8) | \ uint32_t)x) 0xff00) 8) | \ uint32_t)x) 0x00ff) 24)) I'm test-building it now, but I'm confident it'll work. The only risk is if we're clashing with an existing definition... -- Paul TBBle Hampson, on an alternate email client. --__--__-- Message: 2 Date: Tue, 1 Jun 2004 14:26:40 +0300 (EEST) From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Fail-Over Reply-To: [EMAIL PROTECTED] On Mon, 31 May 2004, Alan DeKok wrote: Juan [EMAIL PROTECTED] wrote: i have read configurable_failover for three times but i can not do that freeradius failover with ippool. I have two pools that i want to use then for all my users. I need that freradius start to asign IPs from the second Pool whe the first is full. I do not known what i must read to do it. It looks like it's a problem with the IP pool module... Try using the latest version of the ippool module (revision 1.31). That one should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf --__--__-- Message: 3 Date: Tue, 1 Jun 2004 13:39:13 +0200 From: Damjan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: FreeRADIUS 1.0.0-pre1 released Reply-To: [EMAIL PROTECTED] 3. Is there a way to put the rlm_ modules in /usr/lib/freeradius whil= e the main libraries stay in {prefix}/lib? =20 Which main libraries? Well, I was under impression that libradius.so and perhaps libeap.so could be used by other programs as well ... I guess I was wrong... compiling with: ./configure --with-experimental-modules -- prefix=3D/usr \ --sysconfdir=3D/etc --localstatedir=3D/var --libdir=3D/usr/lib/freeradi= us now. Thanks. --=20 damjan | =D0=B4=D0=B0=D0=BC=D1=98=D0=B0=D0=BD This is my jabber ID -- [EMAIL PROTECTED] -- not my mail address!!! --__--__-- Message: 4 Subject: Calculating Remaining Time for Session- Timeout Date: Tue, 1 Jun 2004 07:56:16 -0400 From: Rick Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] OK, I have several Mikrotik based hotspots out there. They auth users via RADIUS. I'm
Newb: Sanity Check Please
I'm relatively new to the concept of a RADIUS server as a whole, but I've spent the last couple days reading up on it and I think I'm getting a decent grasp of the concept. I was hoping you folks wouldn't mind just looking over what I'm planning to do and let me know of any holes in my understanding. Also, If you know where I could find documentation that is applicable, I'd greatly appreciate it. :-) Here's the idea. I have a Cisco PIX 515 firewall that I want to run VPN on. VPN clients should authenticate to the FreeRADIUS server which will check our 2K Active Directory for correct username and password. If the VPN client provides a username and password in AD, they will be allowed to connect. I understand that I'll need to use the LDAP module to connect to AD and that instead of uid, I'll need to use the attribute SamAccountName. Is there a wiki for FreeRADIUS that I could pop information up on as I get this figured out so that others could follow? Documentation is one of my major ways of trying to give back to the OSS community. I've been searching the archives and they are good, but I find it difficult to glean exactly what I'm looking for sometimes. JSR/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user.cdb support?
Christian Reeves [EMAIL PROTECTED] wrote: I am looking into new RADIUS options to get away from a custom variatyion of Livingston. Does FreeRadius support using a cdb file for auth? If so, is it a module that must be installed? No, sorry. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius rfc2882 ?
nsinit [EMAIL PROTECTED] wrote: somebody can tell me that whether or not rfc1882 implemented in freeradius0.9.2 or later realease? No. 5.1. Password Change Remotely requested password change operations were described and proposed, but rejected by the working group. That means there is no standard to implement. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Xsupplicant prob
Cool Man [EMAIL PROTECTED] wrote: Hi, when I try to run xsupplicant I suggest asking that question on the xsupplicant list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ippool usage
Hi list, here I am here again, now I would want to ask you if it's possible to have many ippool entries in the radiusd.conf file , and how this must be invoked from the post-auth and accounting sections, such as says at the radiusd.conf : Should be added in post-auth and accounting sections Can I set some thing such as: ippool pool_estatico { range-start = 200.31.97.10 range-stop = 200.31.97.13 netmask = 255.255.255.0 cache-size = 14 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } ippool pool_dinamico { range-start = 200.31.97.14 range-stop = 200.31.99.240 netmask = 255.255.255.0 cache-size = 689 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } post-auth { pool_estatico pool_dinamico } accounting { acct_unique detail unix# wtmp file sql radutmp # Return an address to the IP Pool when we see a stop record. pool_dinamico pool_estatico } are there some bad thing? Thank you for your help!!! Ernesto Freyre Ramírez. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap_tls: Received unexpected tunneled data after successful handshake.
Hello, Sorry to disturb you, but i would like to know wether you have succeded in resilving this problem : rlm_eap_tls: Received unexpected tunneled data after successful handshake. rlm_eap: Handler failed in EAP/tls rlm_eap: Failed in EAP select modcall[authenticate]: module eap returns invalid for request 13 modcall: group authenticate returns invalid for request 13 auth: Failed to validate the user. If yes, can you please tell me how you did ? Thousand thanks _ MSN Search, le moteur de recherche qui pense comme vous ! http://search.msn.fr/worldwide.asp - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can't Install from directory w/ spaces
I just installed freeradius-snapshot-20040604 and found that the make command won't finish up if the system is configured inside a path with spaces in the name. Not a big deal as it didn't take long to move it to a directory that didn't have spaces in the name, but might be a little gotcha. I think this cropped up when it was doing something in the lib directory, but I can't confirm that as I didn't think to record it. Sorry. JSR/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: radtest problem
Looked fine to me (although I dont have a good answer to the question) Ernesto, try running radiusd in debug mode (-X) in another session, and watching the output for hints when you run radtest. Rob From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thor Spruyt Sent: Friday, June 04, 2004 12:13 PM To: [EMAIL PROTECTED] Subject: Re: radtest problem Ernesto, send your mail in plain text, then you'll probably get a response :) - Original Message - From: Ernesto Freyre To: [EMAIL PROTECTED] Sent: Friday, June 04, 2004 12:39 PM Subject: radtest problem Hi List, please I am facingthe following problem: when I attempt to use the radtest tool withe args.: radtest [EMAIL PROTECTED] wilma 172.16.10.5:1645 123 MYSECRET I have the message: radclient:failed to get value I am working withFreeBSD 4.9, freeradius 0.93 Please, could some one to have some hint about this issue? thank you in advance Ernesto Freyre.
Re: Can't Install from directory w/ spaces
Alan DeKok wrote: Chris Ross [EMAIL PROTECTED] wrote: It may be a common UNIX problem, but it's not like UNIX prevents you from handling it. [EMAIL PROTECTED] aland]$ mkdir hello there [EMAIL PROTECTED] aland]$ cd hello\ there/ [EMAIL PROTECTED] hello there]$ FOO=`pwd` [EMAIL PROTECTED] hello there]$ cd .. cd $FOO bash: cd: /home/aland/hello: No such file or directory Unix doesn't make it easy, either. That depends on your shell. Those commands work just fine in zsh. In bash (or any other bourne shell) you can cd $FOO to work around that problem. I mean, you're using an itentifier. It's just because it is legal without quotes that noone uses them by habit. I tend to when shell programming, cause it's just safer and never wrong. (*shrug*) But, you're right, UNIX doesn't make it easy. Not as hard as having backslashes in directory names, but... :-) - Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Can't Install from directory w/ spaces
Slightly off topic (Freeradius that is): Unix is User Friendly - It's just picky about it's Friends! Something an old unix guru told me once - long, long ago Gary N. McKinney Network Administrator Computer Services Dept. Brevard County Library System -- Original Message -- From: Chris Ross [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Fri, 04 Jun 2004 14:25:35 -0400 Alan DeKok wrote: Chris Ross [EMAIL PROTECTED] wrote: It may be a common UNIX problem, but it's not like UNIX prevents you from handling it. [EMAIL PROTECTED] aland]$ mkdir hello there [EMAIL PROTECTED] aland]$ cd hello\ there/ [EMAIL PROTECTED] hello there]$ FOO=`pwd` [EMAIL PROTECTED] hello there]$ cd .. cd $FOO bash: cd: /home/aland/hello: No such file or directory Unix doesn't make it easy, either. That depends on your shell. Those commands work just fine in zsh. In bash (or any other bourne shell) you can cd $FOO to work around that problem. I mean, you're using an itentifier. It's just because it is legal without quotes that noone uses them by habit. I tend to when shell programming, cause it's just safer and never wrong. (*shrug*) But, you're right, UNIX doesn't make it easy. Not as hard as having backslashes in directory names, but... :-) - Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] Sent via the KillerWebMail system at mail.brev.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authorization not working w/ Cisco
I am having trouble with exec authorization when I telnet to a Cisco 2500 router which is configured for AAA against my FreeRADIUS box (version 1.0.0-pre0). With the following configuration on my router: aaa new-model aaa authentication login vty-in group radius local aaa authentication login console-in group radius local aaa authentication enable default group radius enable aaa authentication ppp default group radius local aaa accounting exec default start-stop group radius aaa accounting commands 15 default start-stop group radius aaa accounting network default start-stop group radius aaa accounting connection default start-stop group radius aaa authorization exec default group radius local I have the following problem: $ telnet toprouter Trying 172.20.1.10... Connected to toprouter.localdomain (172.20.1.10). Escape character is '^]'. Username: topruser Password: % Authorization failed. Connection closed by foreign host. `debug aaa authorization` shows: TopRouter# 01:10:33: AAA: parse name=tty19 idb type=-1 tty=-1 01:10:33: AAA: name=tty19 flags=0x11 type=5 shelf=0 slot=0 adapter=0 port=19 channel=0 01:10:33: AAA/MEMORY: create_user (0x652E90) user='' ruser='' port='tty19' rem_addr='172.20.1.200' authen_type=ASCII service=LOGIN priv=1 initial_task_id='0' 01:10:41: tty19 AAA/AUTHOR/EXEC (1475418648): Port='tty19' list='' service=EXEC 01:10:41: AAA/AUTHOR/EXEC: tty19 (1475418648) user='topruser' 01:10:41: tty19 AAA/AUTHOR/EXEC (1475418648): send AV service=shell 01:10:41: tty19 AAA/AUTHOR/EXEC (1475418648): send AV cmd* 01:10:41: tty19 AAA/AUTHOR/EXEC (1475418648): found list default 01:10:41: tty19 AAA/AUTHOR/EXEC (1475418648): Method=radius (radius) 01:10:41: AAA/AUTHOR (1475418648): Post authorization status = FAIL 01:10:41: AAA/AUTHOR/EXEC: Authorization FAILED 01:10:43: AAA/MEMORY: free_user (0x652E90) user='topruser' ruser='' port='tty19' rem_addr='172.20.1.200' authen_type=ASCII service =LOGIN priv=1 And the debug output from freeradius daemon shows: rad_recv: Access-Request packet from host 172.20.1.10:1645, id=49, length=80 NAS-IP-Address = 172.20.1.10 NAS-Port = 19 NAS-Port-Type = Virtual User-Name = topruser Calling-Station-Id = 172.20.1.200 User-Password = t1e2s3t4 modcall: entering group authorize for request 49 modcall[authorize]: module preprocess returns ok for request 49 modcall[authorize]: module chap returns noop for request 49 modcall[authorize]: module mschap returns noop for request 49 rlm_realm: No '@' in User-Name = topruser, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 49 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 49 users: Matched DEFAULT at 164 modcall[authorize]: module files returns ok for request 49 modcall: group authorize returns ok for request 49 rad_check_password: Found Auth-Type System auth: type System modcall: entering group authenticate for request 49 modcall[authenticate]: module unix returns ok for request 49 modcall: group authenticate returns ok for request 49 Sending Access-Accept of id 49 to 172.20.1.10:1645 Finished request 49 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... If I remove the aaa authorization exec default group radius local entry on the router, I can get in fine. I should note that authentication works A-OK with my freeradius box. Its the authorization that is giving me issues. I looked on the net and newsgroups for this issue, and also a few people have had the same problem with other versions of freeradius and Cisco IOS, no clear resolution was given. Thanks! --john - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authorization not working w/ Cisco
If I remove the aaa authorization exec default group radius local entry on the router, I can get in fine. I should note that authentication works A-OK with my freeradius box. Its the authorization that is giving me issues. this happens to be cisco related question and be directed to cisco search link anyway, this works for me, have u tried this before since its authorization issue accdg to you. aaa authorization exec default local aaa authorization network default local group radius here is the link to look for it if it didnt work for you http://www.cisco.com/pcgi-bin/search/search.pl?searchPhrase=route-cachenv=S earch+All+cisco.com%23%23cisco.comnv=Technical+Support+%26+documentation%23 %23cisco.com%23TSDlanguage=encountry=USaccessLevel=GuestsiteToSearch=cis co.com u can - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can I use usegroup = option in unix module configuration?
Hello. Can I use usegroup = option in unix module configuration in radiusd.conf? That option is not in sample radiusd.conf. Is it not recommended to use that option? or is anything wrong with using that option? regards. -- baffy200y [EMAIL PROTECTED] __ Do You Yahoo!? http://bb.yahoo.co.jp/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
About Log authentication requests to the log file in radiusd.conf
Hello. We have log_auth and log_auth_badpass,log_auth_goodpass section like this. -- radiusd.conf -- # Log authentication requests to the log file. # # allowed values: {no, yes} # log_auth = yes # Log passwords with the authentication requests. # log_auth_badpass - logs password if it's rejected # log_auth_goodpass - logs password if it's correct # # allowed values: {no, yes} # log_auth_badpass = yes log_auth_goodpass = no -- radiusd.conf -- Now I define user in users file. -- users file -- testusr Auth-Type := Local, User-Password == usrpass, Calling-Station-Id == 0123456789 User-Service = Framed-User , Framed-Protocol = PPP , Framed-IP-Address = 10.0.0.1 , . . -- users file -- And send a access request packet from radius client. -- users file -- User-Name = usrtest User-Password = usrpass NAS-Port = 1 NAS-IP-Address = 192.168.100.20 Framed-Protocol = PPP Service-Type = Framed-User NAS-Port-Type = ISDN Calling-Station-Id = 0123456780 -- users file -- In this case, User-Password is correct and Calling-Station-Id is incorrect. The freeradius logs follow. Sat Jun 5 11:33:25 2004 : Auth: Login incorrect: [usrtest/usrpass] (from client bryan port 1 cli 0123456780) The password is shown by the log file for password not be incorrect. It is the Calling-Station-Id that it is incorrect. I think that we just know what is not incorrect in the log file Is it difficult? gegards -- baffy200y [EMAIL PROTECTED] __ Do You Yahoo!? http://bb.yahoo.co.jp/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html