My guess is the pass to the accounting software fails.
Any ideas?
modcall: entering group Auth-Type for request 7
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module mschap returns ok for request 7
modcall: group Auth-Type returns
Please disregard this message, I have checked /var/log/messages and found
CHAP
gave a Reject message.
- Original Message -
From: keith [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 5:11 PM
Subject: Logs say I am authentication is OK but XP tells me it's not?
My
NAS-IP-Address = 192.168.0.253
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/var/log/radius/radacct/192.168.0.253/auth-detail-20040616'
rlm_detail:
/var/log/radius
-Address = 192.168.0.253
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
radius_xlat:
'/var/log/radius/radacct/192.168.0.253/auth-detail-20040616'
rlm_detail:
/var/log/radius
for request 0
radius_xlat:
'/var/log/radius/radacct/192.168.0.253/auth-detail-20040616'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.0.253/auth-detail-20040616
modcall[authorize]: module auth_log returns ok for request 0
Hello it is possible to define the query parameter
in sqlcounter.conf?
%k =
%b =
I just want to specify the date where the
AcctSessionTime will be compute(SUM).
I'am doing a non-fundamentalist study about Freeradius versus Radiator
(http://www.open.com.au/radiator/), costs not-involved, to see what to
use at work.
I looking for other studys, experiences, papers, opinions, etc.. to
cross notes on advantages and disadvantages of each.
In terms of
At Tue, 15 Jun 2004 11:55:00 -0400,
Alan DeKok wrote:
Please don't CC me on messages. I already read the list, and I
don't need to see the same message twice.
Sorry Alan (replied to all by accident)
I wanted for every username of the form [EMAIL PROTECTED] to add 3 wispr
attributes
Good morning everyone:
I have a quick questions. I was reading the FAQ and i saw the instructions for
rejecting users from authenticating when their account is suspended etc.. but from
what i see, the instructions in the FAQ are for people using the users file for
authentication. I have set my
Sylvain Toe [EMAIL PROTECTED] wrote:
I want my PROXY radius to:
- Send an access-reject when receiving an access-accept from the
REMOTE
radius.
- Send an access-accept when receiving an access-reject from the
REMOTE
radius.
Is it something possible (with freeradius 0.9.3)?
Not really.
On Tue, 15 Jun 2004, Matthew Schumacher wrote:
Alan DeKok wrote:
Gary McKinney [EMAIL PROTECTED] wrote:
From following this thread I am wondering how many transactions a
second can a DB handle successfully perform before the system starts
to lose information???
That depends on the
On Tue, 15 Jun 2004, Matthew Schumacher wrote:
Alan DeKok wrote:
Matthew Schumacher [EMAIL PROTECTED] wrote:
...
http://lists.freeradius.org/pipermail/freeradius-users/2004-June/032678.html
Alan DeKok.
I never saw that and assumed my message never made it... After fighting
Hi,
does freeradius server manage the user groups in its config file ?
Because it's not possible for me to use unix group (/etc/group) ! :(
So, i tested this:
# Autorise certains login
DEFAULT Auth-Type := LDAP, NAS-IP-Address == xxx.xxx.xxx.xxx, User-Name =~
id1|id2|id3|id4
Fall-Through =
Hi, I am a fresh user,
I config the Freeradius 0.93 in my linux box. it can work with the users file
authentication but not with my postgreSQL. How Can I do,
Here is the message, Please help me!
=
rad_recv: Access-Request packet from host 10.0.0.9:32769,
After reading the documentation, it seems that when TTLS or PEAP is used,
there needs to be a text file or database with usernames and passwords in
clear text
...
Currently, what we have is a MSSQL database which has a table of usernames
and passwords hashed using MD5... there is also a procedure
Assuming you are running Linux. You would do rate limiting in the OS.
Check this out:
http://lartc.org/howto/lartc.qdisc.html
Matthew Schumacher wrote:
List,
Is there a way to rate limit radius requests in the freeradius server?
Whenever the router guy kicks a router full of DSL connections
- Original Message -
From: Linda Pagillo [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, June 16, 2004 12:54 PM
Subject: Rejecting Users when using mysql
Good morning everyone:
Good afternoon.
I have a quick questions. I was reading the FAQ and i saw the instructions
for
On Wed, 2004-06-16 at 06:04, [EMAIL PROTECTED] wrote:
rlm_sql: unknown attribute Auth_Type
Here's your problem. Auth_Type is not a valid attribute. Change that
to Auth-Type (dash, not underscore).
--
--Mike
---
Michael Griego
Wireless LAN Project Manager
The
freeradius 0.9.3 .
rad_check_password: Found Auth-Type MS-CHAP
auth: type MS-CHAP
modcall: entering group Auth-Type for request 0
rlm_mschap: No MS-CHAP-Challenge in the request
modcall[authenticate]: module mschap returns reject for request 0
Any pointers appreciated.
Keith
-
List
On Wed, 16 Jun 2004, Robert Yeo wrote:
After reading the documentation, it seems that when TTLS or PEAP is used,
there needs to be a text file or database with usernames and passwords in
clear text
PEAP needs clear text
TTLS depends on the inner authentication mechanism. If you use PAP you
Nuno Miguel Pais Fernandes [EMAIL PROTECTED] wrote:
The problems seems to be here..
...
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
That would appear to be informative.
You didn't tell the server how to authenticate the tunneled
Dale Tan Lee Cheong [EMAIL PROTECTED] wrote:
I set the acct-interim-interval in access-reply as acct-interim-interval
= 300
...
And the NAS doesn't do what you tell it.
Fix the NAS. There's nothing you can do to the server that will
make the NAS send accounting packets.
Alan DeKok.
Kostas Zorbadelos [EMAIL PROTECTED] wrote:
Since the atrr_rewrite module and the preproxy_users are said to be
'experimental' which one would you recommend for use in a production
environment? Is any of this going to go away in 1.0.0 or the future?
I would recommend preproxy_users, simply
Linda Pagillo [EMAIL PROTECTED] wrote:
I have a quick questions. I was reading the FAQ and i saw the
instructions for rejecting users from authenticating when their
account is suspended etc.. but from what i see, the instructions in
the FAQ are for people using the users file for
Kostas Kalevras [EMAIL PROTECTED] wrote:
You don't need to do code changes. Just use configurable failover
with the sql and detail modules.
In 1.0.0, very true. The only problem then comes in having an
external program read the detail file, and add the information to
the database. This
Lionel Gavage [EMAIL PROTECTED] wrote:
does freeradius server manage the user groups in its config file ?
No.
Because it's not possible for me to use unix group (/etc/group) ! :(
Read the man page for rlm_passwd.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
Robert Yeo [EMAIL PROTECTED] wrote:
After reading the documentation, it seems that when TTLS or PEAP is used,
there needs to be a text file or database with usernames and passwords in
clear text
No. TTLS PEAP have tunneled authentication methods. Those
tunneled authentication methods have
keith [EMAIL PROTECTED] wrote:
rad_check_password: Found Auth-Type MS-CHAP
auth: type MS-CHAP
modcall: entering group Auth-Type for request 0
rlm_mschap: No MS-CHAP-Challenge in the request
You set Auth-Type = MS-CHAP. Don't.
Any pointers appreciated.
Read the *rest* of the debug
nsinit [EMAIL PROTECTED] wrote:
You have to put the Value in back-quotes: `%{expr: %{Call-Refrence}`
I have tried it, but it didn't work.
Then you're probably not using 1.0.0-pre*
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Nuno Morgadinho [EMAIL PROTECTED] wrote:
I'am doing a non-fundamentalist study about Freeradius versus Radiator
(http://www.open.com.au/radiator/), costs not-involved, to see what to
use at work.
I looking for other studys, experiences, papers, opinions, etc.. to
cross notes on advantages
Kostas Kalevras wrote:
radrelay will send packets as fast as possible but will slow down if it does not
get responses.
The algorithm:
if (r-retrans_num 20)
r-retrans = now + 70;
else
r-retrans = now + 3 + (3 * r-retrans_num);
so if your db is not
Alan DeKok wrote:
Kostas Kalevras [EMAIL PROTECTED] wrote:
You don't need to do code changes. Just use configurable failover
with the sql and detail modules.
In 1.0.0, very true. The only problem then comes in having an
external program read the detail file, and add the information to
the
Hi All ,
i what to know if its possible to use ippools and
sql??
i mean having a table with the ippools in the sql
database
best regards
Marco Marques
On 6/15/04 7:18 PM, Veerabhushan Hatte at [EMAIL PROTECTED] wrote:
I was going through the mail responses and I am facing some problem for the
same configuration. I have few questions and your help is greatly appreciated.
1. Do I need enable pam authentication to use LDAP?
I don't think so.
Marco Marques [EMAIL PROTECTED] wrote:
i what to know if its possible to use ippools and sql??
i mean having a table with the ippools in the sql database
Why?
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Matthew Schumacher [EMAIL PROTECTED] wrote:
Kostas Kalevras wrote:
radrelay will send packets as fast as possible but will slow down
if it does not get responses.
...
Are you sure? My understanding is that radius replys but finds that it
doesn't have a DB connection handle and drops
I'm running freeradius 1.0.0-pre1 and need to support
Baystack 350's and 450's. Can anyone give me any
useful hints, including what nastype to specify in
clients.conf?
TIA,
Pat Rebert
__
Do you Yahoo!?
New and Improved Yahoo! Mail -
Or does it drop it altogether causing the nas to resend the packet?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Matthew Schumacher wrote:
Or does it drop it altogether causing the nas to resend the packet?
Sorry, I noticed you answered this question just after I sent this post:
For others this missed it and for the archive:
Are you sure? My understanding is that radius replys but finds that
it doesn't
I have a bug prone setup, but here goes:
Solaris 2.9 with:
Freeradius-1.0.0-pre2 and/or Freeradius-0.9.3
unixODBC 2.2.8
freetds 0.62.3
trying to connect to:
MSSQL 7.0 Database via unixODBC
I can use tsql and isql to query the database with the select
statements I've written and I have the exact
Hi Alan
You set Auth-Type = MS-CHAP. Don't.
OK.
Any pointers appreciated.
Read the *rest* of the debug log, including the part where it prints
out the attributes in the Access-Request, and none of them are MS-CHAP.
What Auth Type would I use for the following?
rad_recv:
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] la part de Alan
DeKok
Envoyé : mercredi 16 juin 2004 16:46
À : [EMAIL PROTECTED]
Objet : Re: user groups in freeradius
Lionel Gavage [EMAIL PROTECTED] wrote:
does freeradius server manage the user groups in its config
keith [EMAIL PROTECTED] wrote:
What Auth Type would I use for the following?
Generally, you *don't* set Auth-Type. The server will figure it
out.
rad_recv: Access-Request packet from host 127.0.0.1:32771, id=210, length=54
Service-Type = Framed-User
Framed-Protocol = PPP
Hello!
I have some attributes I want to add to a group of users.
I can define a DEFAULT-entry in the /etc/raddb/users file
and there check for a Group-Attribute. But how do I set this
Attribute? A simple Group = groupname does not work...
I'm sorry if this is a stupid question but I can't
Lionel Gavage [EMAIL PROTECTED] wrote:
Because it's not possible for me to use unix group (/etc/group) ! :(
Read the man page for rlm_passwd.
The different usernames are stored in LDAP and not exist on the level
system.
Perhaps you haven't read my response, or the man page for
Marco Marques [EMAIL PROTECTED] wrote:
i what to know if its possible to use ippools and sql??
i mean having a table with the ippools in the sql database
Why?
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
so i can assing ips from
Read the *rest* of the debug log, including the part where it prints
out the attributes in the Access-Request, and none of them are MS-CHAP.
What Auth Type would I use for the following?
rad_recv: Access-Request packet from host 127.0.0.1:32771, id=210,
length=54
Service-Type =
Hi Alan,
What Auth Type would I use for the following?
Generally, you *don't* set Auth-Type. The server will figure it
out.
OK.
rad_recv: Access-Request packet from host 127.0.0.1:32771, id=210,
length=54
Service-Type = Framed-User
Framed-Protocol = PPP
Does anyone use the tcpserver to serve radiusd?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
keith [EMAIL PROTECTED] wrote:
Using
+chap
-mschap
-mschap-v2 in the pptpd options file causes a failure with CHAP
Then you've done something to break the server.
and changing the Auth-Type to Local.
causes a failure with CHAP.
Of course. I *did* say don't set Auth-Type, did I not?
keith [EMAIL PROTECTED] wrote:
So I believe my current hurdle is getting the information from pppd to
freeradius and I believe this is the best list for that.
No. You're trying to get pppd to send radius requests which contain
certain attributes. There is NOTHING you can do to FreeRADIUS
Hi Alan,
No. You're trying to get pppd to send radius requests which contain
certain attributes. There is NOTHING you can do to FreeRADIUS which
will make pppd send those attributes. Therefore, this list is NOT the
right place to ask how to configure pppd.
Understood, thanks.
Keith
Thanks Mike,
I chance it from Auth_Type To Auth-Type, But now the problem is : auth:
type (null)
Here is the deatail.
Please help me out!
Thanks a lot!
==
Thu Jun 17 11:23:59 2004 : Debug: rlm_sql (sql): sql_set_user escaped
Hi,
just thought about some things to fix some attributes but didn't find
the right glue where to start (probably attr_rewrite).
Using lates 1.0 pre-2,
I have some NAS giving me attributes in either wrong way or not the way
I'd want them ;)
- a Cisco L2TP-LAC saying MAS-Port-Type ISDN (2)
I make a mistak in the radcheck table. set the attribute to Auth-Type
actually it should be Password. I update the table and everything is fine.
Thanks a lot!
Cheers!
nsinit [EMAIL PROTECTED]:
Thu Jun 17 11:23:59 2004 : Debug: rad_check_password: Found Auth-Type
654321
Ok. I can use radrelay. But. I do not understand the reason why the
replicate-to-realm is being removed from server.
There are two operators now wich we have roaming agreements with.
But what will we do if their amount grows to 10, 20?
We'll have to start up to 20 instances of radrelay.
And
56 matches
Mail list logo