RE: dialup admin replacement
what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Enforcement rules after EAP authentication
Hi, I'm new to freeradius (and also to radius) and I've sucessfully setup EAP/TTLS authentication (thanks for this great project). Now I need to be able to do enforcement rules on my firewall per user basis (not only for authorization, but also for measurement). Is there a way to get the client MAC address from the radius server right after the EAP authentication fase? If not, how could I achieve this level of control? Thanks for you attention, Tacio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
Please download it from here http://www.issa.ps/dialup_admin/stat.tar.gz Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johnno Sent: Sunday, July 25, 2004 3:07 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I download this and had a look see.. but the rar file coming up and says unknown method so the file can't be unpacked.. Can you use other method ie.. zip, gz, tar etc.. Many Thanks.. - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 5:18 PM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to resolve following scenario: two groups of clients accessing wifi AP ++
On Fri, 2004-07-23 at 17:54, Alan DeKok wrote:
Zdenek Pizl [EMAIL PROTECTED] wrote:
I don't know exactly what do I need to search, the optimal version how
to distinguish between groups of EAP/TLS and MAC users would be:
[0-9a-fA-F]{6}-[0-9a-fA-F]{6} Auth-Type := Local
DEFAULT Auth-Type := EAP
But there is no posibility to use regexp in users file, isn't it?
Why do you say that?
I have tried the regexp above, it did not work, therefore I said that.
BTW - it was a question ...
Maybe there is different style of regexp ??
z.p.
Alan DeKok.
--
Zdenek Pizl
Systinet Corporation
Vinohradska 190
130 00 Praha 3
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
Amin wrote: May I join development team of dailup_admin. I wish not to be a competitor (as I am going to develop AAAadmin) but contributor to dailup_admin also. i wish you can tell me more of this dmin off the list? i can be a beta tester or something more than that, how can i be of help with this project? //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous Login Problem
my guess is stop request packet has not been received nor acknowledged on portmaster. are you using NTRadping?if yes, try changing NAS port. //milver Hello, im using freeradius-1.0.0-pre3 and postgresql as database backend.I got this error when implemeting Simultaneous Use. Just reading docs( Simultaneous Use) and here's my radgroupcheck... Sun Jul 25 22:42:50 2004 : Error: Discarding duplicate request from client portmaster:1026 - ID: 50 due to unfinished requestSun Jul 25 22:42:53 2004 : Error: Discarding duplicate request from client portmaster:1026 - ID: 50 due to unfinished requestSun Jul 25 22:42:56 2004 : Error: Discarding duplicate request from client portmaster:1026 - ID: 50 due to unfinished requestSun Jul 25 22:42:57 2004 : Error: Check-TS: timeout waiting for checkrad
Re: dialup admin replacement
I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
ok I will - Original Message - From: Milver S. Nisay [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:33 AM Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin ) Amin wrote: May I join development team of dailup_admin. I wish not to be a competitor (as I am going to develop AAAadmin) but contributor to dailup_admin also. i wish you can tell me more of this dmin off the list? i can be a beta tester or something more than that, how can i be of help with this project? //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
Ok no problem
Go to login2.php
Commet line 32
// $passwd = da_encrypt($passwd,$enc_passwd);
If this not work try this
Commet line 31, and 32
// $passwd = $FF_valPassword;
// $passwd = da_encrypt($passwd,$enc_passwd);
And change line 34
From
if (!strcmp($passwd,$enc_passwd)){
To
if (!strcmp($FF_valPassword,$enc_passwd)){
That's all
Regards
Issa rabba
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
I'm using clear text passwords.
Thanks
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement
I used the crypt function because all the password will be saved as
crypted
password, if not please tell me I will tell you what to change at the
login2.php file
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I can only
comment out a little, but still cant get it working.
Barry
- Original Message -
From: Nick Marino [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement
I tried it and no matter what username and password I put in it just
goes
back to the login page.
I did configure pp.php to point to my database with the correct username
and
password and database name.
Any ideas?
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:18 AM
Subject: RE: dialup admin replacement
Ok:
Please download this file http://www.issa.ps/dialup_admin/stat.rar
Please note that this interface for the mysql database only.
Extract the stat.tar and edit Connections/pp.php, change the valuse of
the
hostname, username, password and database name.
Then upload it to websever support PHP.
Please contact me if you need any question.
Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
sarky
Sent: Sunday, July 25, 2004 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: dialup admin replacement
cool if you can send it over to me that will be great.
I think the dialup admin author is on this list, you can ask
Sarky
On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
I did some thing like that, but it's not a part of the dialupadmin,
it
web interface for our customers, I will customize it and send it to
you. Or if you know how can we publish it to be part of the dialup
admin project.
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
[EMAIL PROTECTED] Subject: dialup admin replacement
Hello all,
I am looking for a web interface which does what dialup admin does
and
allows users to access it via there login/password and get all the
information they require download limits, what they have downloaded
and so on.
Anything out there which does that ?
Sarky
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup_admin (was Re: New Opensource project-AAAadmin )
I want to know where I can find more about the AAAadmin priject -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit Gupta Sent: Monday, July 26, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin ) ok I will - Original Message - From: Milver S. Nisay [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:33 AM Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin ) Amin wrote: May I join development team of dailup_admin. I wish not to be a competitor (as I am going to develop AAAadmin) but contributor to dailup_admin also. i wish you can tell me more of this dmin off the list? i can be a beta tester or something more than that, how can i be of help with this project? //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
On Sat, 24 Jul 2004, sarky wrote: Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. You are actually describing the functionality of dialupadmin? Why are you asking for a replacement instead of just adding this capability to dialupadmin? Anyway, after i 've finished with my security audit of dialupadmin i 'll add that functionality. If you care you can use it. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter versus rlm_counter
On Mon, 26 Jul 2004, Shannon Sariman wrote: Hi Fellow FreeRadius Users, I have freeradius-0.9.3 configured with MySQL and experimental modules on a Linux RH 9.0 machine. I've been pulling my hair out trying to get a definite working solution with rlm_sqlcounter to restrict dialup user accounts to prescribed dial-up online access times. For example, 2 hours per user per day and disconnection after 2 hours is up. I tried changing sql instances like sqlcca3 to sql in my sqlcounter.conf to see if it would make any difference but still to no avail. I even had problems trying to compile (rmpbuild) the latest pre-release of version 1.0 of FreeRadius on my Linux RH 9.0 box and resorted back to using ver 0.9.3. I've noticed while searching previous archives of the freeradius mailing lists that there is another counter called rlm_counter but which works with the users file. Can I use this rlm_counter to work with my current setup of FreeRadius and MySQL? How can I do this if possible? Where did you find that it works with the users file? What do you mean by that exactly? rlm_counter keeps it's own database (in GDBM file) while configuration can be in the users file or in a db (sql/ldap). By configuration i mean per user limits. Keeping data in a gdbm file actually makes rlm_counter faster than sql in installations where many rows of accounting are kept for each user. rlm_counter is a stable module while rlm_sqlcounter is an experimental module without a maintainer (as far as i know). Keep that in mind. Any help or hint is much appreciated. Regards, Shannon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
On Mon, 26 Jul 2004, Amit Gupta wrote: May I join development team of dailup_admin. I wish not to be a competitor (as I am going to develop AAAadmin) but contributor to dailup_admin also. There's no special elite development team which you need to join. You either send in patches or not. Simple as that. Amit Gupta sourceforge_id: amit_gupta - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 24, 2004 8:44 AM Subject: dialup_admin (was Re: New Opensource project-AAAadmin ) Gary McKinney [EMAIL PROTECTED] wrote: I realize dialup_admin is in the radiusd CVS - I would have thought it would have been at least a separate CVS to make allowing others to work with it directly and not mess with the radiusd CVS - but I suppose it works the way it is... The intent is to distribute it as part of the server, so that people can use it to administer the server. I would think things like Realm configurations, SQL configurations, LDAP configurations, SNMP configurations and so one would be a nice addition to the system. That's probably a longer-term work item. Once Kostas finds time to put a web page on freeradius.org about the project, I expect to see a LOT more interest in it, and a lot more patches. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pap + md5
Hello!
I solved this problem: I changed encryption_scheme from `md5' to `crypt'. ;-}
--
Best regards,
Sergei Koveshnikov.
Hi, im also using freeradius-1.0.0-pre3 + Postgres + pap + md5 without any
problem. Im using DIALUP_ADMIN to create user with md5 password.
- Original Message -
From: Sergei Koveshnikov [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, July 23, 2004 4:44 PM
Subject: pap + md5
Hello to everyone!
I'm trying to use MAX6000 + freeradius-1.0.0-pre3 + Postgres + pap + md5
encryption for users passwords in the DB.
But I've got auth error:
=
auth: Failed to validate the user.
Login incorrect (rlm_pap: Configured MD5 password has incorrect length):
[testuser/password]
=
Why User-Password = 'plain text password' in 'rad_recv' log ?
Does radius decrypt password for debus purpouse before puts it on the
screen?
Any ideas?
Thank you!
radiusd.conf:
modules {
pap {
encryption_scheme = md5
}
}
authorize {
auth_log
files
sql
}
authenticate {
authtype MD5 {
pap
}
}
radiusd logs:
rad_recv: Access-Request packet from host 192.168.0.1:1026, id=145,
length=173
User-Name = testuser
User-Password = password
NAS-IP-Address = 192.168.0.1
NAS-Port = 20214
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = 8048232
Ascend-Calling-Id-Type-Of-Num = Unknown
Ascend-Calling-Id-Number-Plan = Unknown
Ascend-Calling-Id-Presentatn = Allowed
Ascend-Calling-Id-Screening = Network-Provided
Acct-Session-Id = 429965508
Ascend-Data-Rate = 31200
Ascend-Xmit-Rate = 33600
skip some lines...
rlm_sql (sql): Released sql socket id: 3
modcall[authorize]: module sql returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type MD5
auth: type MD5
Processing the authenticate section of radiusd.conf
modcall: entering group authtype for request 0
rlm_pap: login attempt by testuser with password password
rlm_pap: Using password $1$L8If2hAa$Oy91qkyF8lkWClyBi1I.u0 for user
testuser
authentication.
rlm_pap: Using MD5 encryption.
rlm_pap: Configured MD5 password has incorrect length
modcall[authenticate]: module pap returns reject for request 0
modcall: group authtype returns reject for request 0
auth: Failed to validate the user.
Login incorrect (rlm_pap: Configured MD5 password has incorrect length):
[testuser/password] (from client max2 port 20214 cli 8048232)
Delaying request 0 for 1 seconds
Finished request 0
--
Best regards,
Sergei Koveshnikov.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Thats great!!!
Now just to add some functionality for a per month basis and bandwidth usage
info.
My users are charged on usage not time.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement
Ok no problem
Go to login2.php
Commet line 32
// $passwd = da_encrypt($passwd,$enc_passwd);
If this not work try this
Commet line 31, and 32
// $passwd = $FF_valPassword;
// $passwd = da_encrypt($passwd,$enc_passwd);
And change line 34
From
if (!strcmp($passwd,$enc_passwd)){
To
if (!strcmp($FF_valPassword,$enc_passwd)){
That's all
Regards
Issa rabba
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
I'm using clear text passwords.
Thanks
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement
I used the crypt function because all the password will be saved as
crypted
password, if not please tell me I will tell you what to change at the
login2.php file
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I can
only
comment out a little, but still cant get it working.
Barry
- Original Message -
From: Nick Marino [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement
I tried it and no matter what username and password I put in it just
goes
back to the login page.
I did configure pp.php to point to my database with the correct
username
and
password and database name.
Any ideas?
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:18 AM
Subject: RE: dialup admin replacement
Ok:
Please download this file http://www.issa.ps/dialup_admin/stat.rar
Please note that this interface for the mysql database only.
Extract the stat.tar and edit Connections/pp.php, change the valuse
of
the
hostname, username, password and database name.
Then upload it to websever support PHP.
Please contact me if you need any question.
Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
sarky
Sent: Sunday, July 25, 2004 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: dialup admin replacement
cool if you can send it over to me that will be great.
I think the dialup admin author is on this list, you can ask
Sarky
On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
I did some thing like that, but it's not a part of the
dialupadmin,
it
web interface for our customers, I will customize it and send it
to
you. Or if you know how can we publish it to be part of the dialup
admin project.
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
[EMAIL PROTECTED] Subject: dialup admin replacement
Hello all,
I am looking for a web interface which does what dialup admin does
and
allows users to access it via there login/password and get all the
information they require download limits, what they have
downloaded
and so on.
Anything out there which does that ?
Sarky
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
Ok, I will make another template for your uses, and you can change to that
template
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 2:58 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Thats great!!!
Now just to add some functionality for a per month basis and bandwidth usage
info.
My users are charged on usage not time.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement
Ok no problem
Go to login2.php
Commet line 32
// $passwd = da_encrypt($passwd,$enc_passwd);
If this not work try this
Commet line 31, and 32
// $passwd = $FF_valPassword;
// $passwd = da_encrypt($passwd,$enc_passwd);
And change line 34
From
if (!strcmp($passwd,$enc_passwd)){
To
if (!strcmp($FF_valPassword,$enc_passwd)){
That's all
Regards
Issa rabba
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
I'm using clear text passwords.
Thanks
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement
I used the crypt function because all the password will be saved as
crypted
password, if not please tell me I will tell you what to change at the
login2.php file
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I can
only
comment out a little, but still cant get it working.
Barry
- Original Message -
From: Nick Marino [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement
I tried it and no matter what username and password I put in it just
goes
back to the login page.
I did configure pp.php to point to my database with the correct
username
and
password and database name.
Any ideas?
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:18 AM
Subject: RE: dialup admin replacement
Ok:
Please download this file http://www.issa.ps/dialup_admin/stat.rar
Please note that this interface for the mysql database only.
Extract the stat.tar and edit Connections/pp.php, change the valuse
of
the
hostname, username, password and database name.
Then upload it to websever support PHP.
Please contact me if you need any question.
Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
sarky
Sent: Sunday, July 25, 2004 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: dialup admin replacement
cool if you can send it over to me that will be great.
I think the dialup admin author is on this list, you can ask
Sarky
On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
I did some thing like that, but it's not a part of the
dialupadmin,
it
web interface for our customers, I will customize it and send it
to
you. Or if you know how can we publish it to be part of the dialup
admin project.
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius-
[EMAIL PROTECTED] Subject: dialup admin replacement
Hello all,
I am looking for a web interface which does what dialup admin does
and
allows users to access it via there login/password and get all the
information they require download limits, what they have
downloaded
and so on.
Anything out there which does that ?
Sarky
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
RE: dialup admin replacement
I face this problem before, it was Cisco IOS bug, and they fix the it, I
think you have to update your IOS
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 3:36 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Anyone know how to get dialup_admin to check a poptop NAS to see if users
are still connected or not. If a user disconnects by unplugging his wireless
card or by loosing signal to the wireless node they remain connected even
though there pc has thrown them out. This causes multiple connections and
long connection durations with no bandwidth info. Perhaps there is a way to
check every hour or so if the user is connected or not?
base-nas.albanywireless.co.nz
Network Access Server 2 users connected 3 free lines
# user ip address caller id name duration
1 icepick 219.88.249.83 - Barry Murphy 104:32:29
2 casper 219.88.249.85 - - 83:25:39
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:13 AM
Subject: RE: dialup admin replacement
Ok, I will make another template for your uses, and you can change to that
template
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 2:58 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Thats great!!!
Now just to add some functionality for a per month basis and bandwidth
usage
info.
My users are charged on usage not time.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement
Ok no problem
Go to login2.php
Commet line 32
// $passwd = da_encrypt($passwd,$enc_passwd);
If this not work try this
Commet line 31, and 32
// $passwd = $FF_valPassword;
// $passwd = da_encrypt($passwd,$enc_passwd);
And change line 34
From
if (!strcmp($passwd,$enc_passwd)){
To
if (!strcmp($FF_valPassword,$enc_passwd)){
That's all
Regards
Issa rabba
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
I'm using clear text passwords.
Thanks
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement
I used the crypt function because all the password will be saved as
crypted
password, if not please tell me I will tell you what to change at the
login2.php file
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I can
only
comment out a little, but still cant get it working.
Barry
- Original Message -
From: Nick Marino [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement
I tried it and no matter what username and password I put in it just
goes
back to the login page.
I did configure pp.php to point to my database with the correct
username
and
password and database name.
Any ideas?
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:18 AM
Subject: RE: dialup admin replacement
Ok:
Please download this file http://www.issa.ps/dialup_admin/stat.rar
Please note that this interface for the mysql database only.
Extract the stat.tar and edit Connections/pp.php, change the
valuse
of
the
hostname, username, password and database name.
Then upload it to websever support PHP.
Please contact me if you need any question.
Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
sarky
Sent: Sunday, July 25, 2004 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: dialup admin replacement
cool if you can send it over to me that will be great.
I think the dialup admin author is on this list, you can ask
Sarky
On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
I did some thing like that, but it's not a part of the
dialupadmin,
it
web interface for our customers, I will customize it and send it
to
you. Or if you know how can we publish it to be part of the
dialup
admin project.
Regards
-Original Message-
From: [EMAIL
Re: dialup admin replacement
My problem is the poptop pptp server (with debian's ppp) is acting as the
NAS server for my wireless clients, so there is no IOS to update. Not many
people tend to be using pptp with radius and can answer this question.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:47 AM
Subject: RE: dialup admin replacement
I face this problem before, it was Cisco IOS bug, and they fix the it, I
think you have to update your IOS
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 3:36 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Anyone know how to get dialup_admin to check a poptop NAS to see if users
are still connected or not. If a user disconnects by unplugging his
wireless
card or by loosing signal to the wireless node they remain connected even
though there pc has thrown them out. This causes multiple connections and
long connection durations with no bandwidth info. Perhaps there is a way
to
check every hour or so if the user is connected or not?
base-nas.albanywireless.co.nz
Network Access Server 2 users connected 3 free lines
# user ip address caller id name duration
1 icepick 219.88.249.83 - Barry Murphy 104:32:29
2 casper 219.88.249.85 - - 83:25:39
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:13 AM
Subject: RE: dialup admin replacement
Ok, I will make another template for your uses, and you can change to
that
template
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 2:58 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Thats great!!!
Now just to add some functionality for a per month basis and bandwidth
usage
info.
My users are charged on usage not time.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement
Ok no problem
Go to login2.php
Commet line 32
// $passwd = da_encrypt($passwd,$enc_passwd);
If this not work try this
Commet line 31, and 32
// $passwd = $FF_valPassword;
// $passwd = da_encrypt($passwd,$enc_passwd);
And change line 34
From
if (!strcmp($passwd,$enc_passwd)){
To
if (!strcmp($FF_valPassword,$enc_passwd)){
That's all
Regards
Issa rabba
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
I'm using clear text passwords.
Thanks
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement
I used the crypt function because all the password will be saved as
crypted
password, if not please tell me I will tell you what to change at
the
login2.php file
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I can
only
comment out a little, but still cant get it working.
Barry
- Original Message -
From: Nick Marino [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement
I tried it and no matter what username and password I put in it
just
goes
back to the login page.
I did configure pp.php to point to my database with the correct
username
and
password and database name.
Any ideas?
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:18 AM
Subject: RE: dialup admin replacement
Ok:
Please download this file
http://www.issa.ps/dialup_admin/stat.rar
Please note that this interface for the mysql database only.
Extract the stat.tar and edit Connections/pp.php, change the
valuse
of
the
hostname, username, password and database name.
Then upload it to websever support PHP.
Please contact me if you need any question.
Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of
sarky
Sent: Sunday, July 25, 2004 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: dialup
Re: dialup_admin functional changes
On Mon, 26 Jul 2004, Gary McKinney wrote: Kostas, One thing I have noticed in going through the preceived user intuitiveness ( is that a word?) of the dialup_admin program is the links contained in the different pages displayed tend to blend into the background and unless a person using the program either moves the mouse over the link(s) or is aware of the links on the page the user will miss them completely... Case in point: The User Statistics page displays the usernames in the second column of the user statistics table. Since the link=black and alink=black in the body tag the links are not apparent (blend into the background of normal text) to the user of the dialup_admin program. Would it not be better to have the link, alink and vlink definitions in the style.css file so they could be set as by the user of the program to differentiate the links from normal text? This change (and I see the link, vlink definitions are contained within the different php files in the body tag) would help to differentiate the links on the pages from the normal text display (more intuitive that the link(s) exist)... That's a nice idea. It will go in CVS. Since i 've already done a lot of security changes to the php files, they 'll all go in at the same. Thanks for the suggestion, if you can find any other place where style sheets can help i 'll be glad to hear it. Just a suggestion... gm... --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Appending a realm to a username based on the NAS ip address
Hello all, Im a newbie to Freeradius and Im trying to find out how to append a realm to a username if one has not been submitted based on a particular IP address of a NAS during authentication. We are presently adding a previously existing domain to authenticate on our radius server but most of the user did not enter a domain during authentication. Is there anyway for m to do this??? Sherwin
Acct-Unique-Session-Id and exec
Hello,
I am running freeradius 0.9.3. I need to run an external program after
stop record arrives. I pass %{Acct-Unique-Session-Id}, %{User-Name} and
%{Calling-Station-Id} to this external program. according to this
username and callingnumber it does some calculations and should update
radacct table for this acctuniquesessionid. The problem is that often my
external program receives uniquesessionid which is not found in radacct.
As noted in config, exec is called after sql so it should be there
but... Is there any obvious reason for this? Now I decided to use
Acct-Session-Id instead and since then I have no problems. Any suggestions?
my config:
...
modules {
realm RealM {
format = suffix
delimiter = @
}
preprocess {
with_cisco_vsa_hack = yes
}
files {
usersfile = ${confdir}/users
}
exec setprice {
wait = no
program = /usr/local/radius/share/epw %{Acct-Status-Type}
%{User-Name} %{Acct-Session-Id} %{Calling-Station-Id}
input_pairs = request
}
detail {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
detail auth_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id
}
$INCLUDE ${confdir}/sql.conf
}
...
preacct {
preprocess
}
accounting {
acct_unique
sql
setprice
detail
}
Best Regards,
--
George Chelidze
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
On Mon, Jul 26, 2004 at 10:56:47PM +1200, Barry Murphy wrote: My problem is the poptop pptp server (with debian's ppp) is acting as the NAS server for my wireless clients, so there is no IOS to update. Not many people tend to be using pptp with radius and can answer this question. Barry Hi Barry, Can you tell me how would you like to check if users are still on-line? Namely, I have similar situation (dbian woody) in which ppp hangs so it looks like user is still on-line but it is not. Regards, Ivo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin functional changes
I think development of AAAadmin has kicked discussion on what dialup admin lacks and what need to be improved - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 4:25 AM Subject: Re: dialup_admin functional changes On Mon, 26 Jul 2004, Gary McKinney wrote: Kostas, One thing I have noticed in going through the preceived user intuitiveness ( is that a word?) of the dialup_admin program is the links contained in the different pages displayed tend to blend into the background and unless a person using the program either moves the mouse over the link(s) or is aware of the links on the page the user will miss them completely... Case in point: The User Statistics page displays the usernames in the second column of the user statistics table. Since the link=black and alink=black in the body tag the links are not apparent (blend into the background of normal text) to the user of the dialup_admin program. Would it not be better to have the link, alink and vlink definitions in the style.css file so they could be set as by the user of the program to differentiate the links from normal text? This change (and I see the link, vlink definitions are contained within the different php files in the body tag) would help to differentiate the links on the pages from the normal text display (more intuitive that the link(s) exist)... That's a nice idea. It will go in CVS. Since i 've already done a lot of security changes to the php files, they 'll all go in at the same. Thanks for the suggestion, if you can find any other place where style sheets can help i 'll be glad to hear it. Just a suggestion... gm... --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
redhat spec file problem?
I'm trying to build an rpm on fedora core 1 with the included redhat spec
file but not having much luck. I had to make symlink from
/usr/include/com_err.h - /usr/include/et/com_err.h to get the kerberos
stuff to compile. I also modified the header to include the prerelease
portion:
Name: freeradius
Version: 1.0.0
Release: pre3
License: GPL
Group: Networking/Daemons
Packager: FreeRADIUS.org
Source0: %{name}-%{version}-%{release}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
I have gotten to the point where it compiles but dies when it tries to
package the RPM:
Checking for unpackaged file(s): /usr/lib/rpm/check-files
/var/tmp/freeradius-1.0.0-pre3-root
error: Installed (but unpackaged) file(s) found:
/usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
/usr/share/doc/freeradius-1.0.0-pre3/DIFFS
/usr/share/doc/freeradius-1.0.0-pre3/MACOSX
/usr/share/doc/freeradius-1.0.0-pre3/OS2
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
/usr/share/doc/freeradius-1.0.0-pre3/README
/usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
/usr/share/doc/freeradius-1.0.0-pre3/DIFFS
/usr/share/doc/freeradius-1.0.0-pre3/MACOSX
/usr/share/doc/freeradius-1.0.0-pre3/OS2
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
/usr/share/doc/freeradius-1.0.0-pre3/README
/usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)
I am not very good with spec files. I did try changing the doc line in the
files section to
%doc doc/*
but that didn't work either.
Thanks
dave
--
Dave Weis
[EMAIL PROTECTED]
http://www.internetsolver.com/
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
MD5 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:05 AM Subject: RE: dialup admin replacement what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
I am using md5 which is the default in radius.conf - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:12 PM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
Ok, when save the password at the database what interface you use, do send the password to the encrypt function do you send a salt with the password? If yes what is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Monday, July 26, 2004 5:39 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement MD5 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:05 AM Subject: RE: dialup admin replacement what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Actualy I care i dont know about the rest, but i have been using freeradius/dialup-admin for a while and development just seem to have stoped on dialup-admin, hence i was loosing hope. Sarky Thanx On Mon, 26 Jul 2004 11:48:05 +0300 (EEST), Kostas Kalevras wrote: On Sat, 24 Jul 2004, sarky wrote: Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. You are actually describing the functionality of dialupadmin? Why are you asking for a replacement instead of just adding this capability to dialupadmin? Anyway, after i 've finished with my security audit of dialupadmin i 'll add that functionality. If you care you can use it. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas KalevrasNetwork Operations Center [EMAIL PROTECTED]National Technical University of Athens, Greece Work Phone:+30 210 7721861 'Go back to the shadow'Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is Release 1.0.0 available?
just curious ..., what's a toddler? ;-) congrulations from me to :) regards On Mon, 2004-07-26 at 14:15 +0100, Graeme Hinchliffe wrote: On Thu, 2004-07-22 at 22:25, Alan DeKok wrote: David [EMAIL PROTECTED] wrote: I saw on the list last week that 1.0.0 was just about ready and I have seen some other posts referring to 1.0.0 , is 1.0.0 ready for download yet? No. I was going to release it last Friday, but my wife released Baby 1.0 first. That took priority, oddly enough. Give me a few days to sleep... congratulations!, welcome to the world of parenting and sleepless nights of stress :) enjoy your few days of sleep (if you get them) you may not be getting any more for a while :) Congratulations... (I have both baby 2.0 and Toddler 1.0 at home :) ) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to resolve following scenario: two groups of clients accessing wifi AP ++
On Mon, 2004-07-26 at 09:14, Zdenek Pizl wrote:
On Fri, 2004-07-23 at 17:54, Alan DeKok wrote:
Zdenek Pizl [EMAIL PROTECTED] wrote:
I don't know exactly what do I need to search, the optimal version how
to distinguish between groups of EAP/TLS and MAC users would be:
[0-9a-fA-F]{6}-[0-9a-fA-F]{6} Auth-Type := Local
DEFAULT Auth-Type := EAP
But there is no posibility to use regexp in users file, isn't it?
Why do you say that?
Sorry, it works, my mistake.
DEFAULT User-Name =~ ^[A-Z]{1}.* [A-Z]{1}.*
--
Zdenek Pizl
Systinet Corporation
Vinohradska 190
130 00 Praha 3
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
On Mon, 26 Jul 2004, sarky wrote: Actualy I care i dont know about the rest, but i have been using freeradius/dialup-admin for a while and development just seem to have stoped on dialup-admin, hence i was loosing hope. 1. It never stoped. Have you looked in the Changelog, or in the dialupadmin CVS? 2. I don't remember ever seeing an email asking for such a feature like the one you asked. Sarky Thanx On Mon, 26 Jul 2004 11:48:05 +0300 (EEST), Kostas Kalevras wrote: On Sat, 24 Jul 2004, sarky wrote: Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. You are actually describing the functionality of dialupadmin? Why are you asking for a replacement instead of just adding this capability to dialupadmin? Anyway, after i 've finished with my security audit of dialupadmin i 'll add that functionality. If you care you can use it. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas KalevrasNetwork Operations Center [EMAIL PROTECTED]National Technical University of Athens, Greece Work Phone:+30 210 7721861 'Go back to the shadow'Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
I think poptop is able to disconnect the user automatically when the session
is lost.
- Original Message -
From: Barry Murphy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:56 PM
Subject: Re: dialup admin replacement
My problem is the poptop pptp server (with debian's ppp) is acting as the
NAS server for my wireless clients, so there is no IOS to update. Not many
people tend to be using pptp with radius and can answer this question.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:47 AM
Subject: RE: dialup admin replacement
I face this problem before, it was Cisco IOS bug, and they fix the it, I
think you have to update your IOS
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 3:36 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Anyone know how to get dialup_admin to check a poptop NAS to see if
users
are still connected or not. If a user disconnects by unplugging his
wireless
card or by loosing signal to the wireless node they remain connected
even
though there pc has thrown them out. This causes multiple connections
and
long connection durations with no bandwidth info. Perhaps there is a way
to
check every hour or so if the user is connected or not?
base-nas.albanywireless.co.nz
Network Access Server 2 users connected 3 free lines
# user ip address caller id name duration
1 icepick 219.88.249.83 - Barry Murphy 104:32:29
2 casper 219.88.249.85 - - 83:25:39
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:13 AM
Subject: RE: dialup admin replacement
Ok, I will make another template for your uses, and you can change to
that
template
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Monday, July 26, 2004 2:58 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Thats great!!!
Now just to add some functionality for a per month basis and bandwidth
usage
info.
My users are charged on usage not time.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement
Ok no problem
Go to login2.php
Commet line 32
// $passwd = da_encrypt($passwd,$enc_passwd);
If this not work try this
Commet line 31, and 32
// $passwd = $FF_valPassword;
// $passwd = da_encrypt($passwd,$enc_passwd);
And change line 34
From
if (!strcmp($passwd,$enc_passwd)){
To
if (!strcmp($FF_valPassword,$enc_passwd)){
That's all
Regards
Issa rabba
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
I'm using clear text passwords.
Thanks
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement
I used the crypt function because all the password will be saved
as
crypted
password, if not please tell me I will tell you what to change at
the
login2.php file
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I
can
only
comment out a little, but still cant get it working.
Barry
- Original Message -
From: Nick Marino [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement
I tried it and no matter what username and password I put in it
just
goes
back to the login page.
I did configure pp.php to point to my database with the correct
username
and
password and database name.
Any ideas?
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:18 AM
Subject: RE: dialup admin replacement
Ok:
Please download this file
http://www.issa.ps/dialup_admin/stat.rar
Please note that this interface for the mysql database only.
Extract the stat.tar and edit Connections/pp.php, change
Re: Is Release 1.0.0 available?
On Mon, 2004-07-26 at 14:25, Raimund Sacherer wrote: just curious ..., what's a toddler? ;-) :) a more mobile/noisey/destructive/stressful version of a baby :) -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Exec-Program-Wait attributes not included in Access-Accept
Hi, I have freeradius 0.9.3 running with Postgresql database backend. The only thing the radius checks is the password and then executes an external script if authentication is ok. The section in the users file is: DEFAULT Auth-Type = Local Exec-Program-Wait = /opt/radius1/bin/auth.pl Everything runs fine, except the attributes output by the script (attr = value seperated by newlines) are not added to the reply as you can see in this debugging output: auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: '/opt/radius1/bin/auth.pl' Exec-Program: /opt/radius1/bin/auth.pl Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program: returned: 0 Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22) Sending Access-Accept of id 112 to 192.168.250.105:32780 Finished request 0 Going to the next request Any idea what might be wrong? Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Unique-Session-Id and exec
Might be caused by acct packets for the same sessions coming from different
IP addresses, which causes Client-IP-Address to have a different value.
- Original Message -
From: George Chelidze [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 1:37 PM
Subject: Acct-Unique-Session-Id and exec
Hello,
I am running freeradius 0.9.3. I need to run an external program after
stop record arrives. I pass %{Acct-Unique-Session-Id}, %{User-Name} and
%{Calling-Station-Id} to this external program. according to this
username and callingnumber it does some calculations and should update
radacct table for this acctuniquesessionid. The problem is that often my
external program receives uniquesessionid which is not found in radacct.
As noted in config, exec is called after sql so it should be there
but... Is there any obvious reason for this? Now I decided to use
Acct-Session-Id instead and since then I have no problems. Any
suggestions?
my config:
...
modules {
realm RealM {
format = suffix
delimiter = @
}
preprocess {
with_cisco_vsa_hack = yes
}
files {
usersfile = ${confdir}/users
}
exec setprice {
wait = no
program = /usr/local/radius/share/epw %{Acct-Status-Type}
%{User-Name} %{Acct-Session-Id} %{Calling-Station-Id}
input_pairs = request
}
detail {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
detail auth_log {
detailfile =
${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
detailperm = 0600
}
acct_unique {
key = User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NAS-Port-Id
}
$INCLUDE ${confdir}/sql.conf
}
...
preacct {
preprocess
}
accounting {
acct_unique
sql
setprice
detail
}
Best Regards,
--
George Chelidze
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait attributes not included in Access-Accept
On Mon, Jul 26, 2004 at 03:58:37PM +0200, Thor Spruyt wrote: I have freeradius 0.9.3 running with Postgresql database backend. The only thing the radius checks is the password and then executes an external script if authentication is ok. The section in the users file is: DEFAULT Auth-Type = Local Exec-Program-Wait = /opt/radius1/bin/auth.pl Everything runs fine, except the attributes output by the script (attr = value seperated by newlines) are not added to the reply as you can see in this debugging output: auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: '/opt/radius1/bin/auth.pl' Exec-Program: /opt/radius1/bin/auth.pl Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program: returned: 0 Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22) Sending Access-Accept of id 112 to 192.168.250.105:32780 Finished request 0 Going to the next request Any idea what might be wrong? Hmm. I'd suggest outputting the attributes on seperate lines... I'd also suggest moving to rlm_exec, which is less bug-prone as far as we know. ^_^ -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: x99_rlm.c error
Follow-up: FreeRADIUS 1.0.0-pre2 seems to compile and install correctly -Original Message- From: Willey Kurt D Sent: Friday, July 23, 2004 4:03 PM To: [EMAIL PROTECTED] Subject: x99_rlm.c error Can anyone shed some light on this error?? Fedora Core 2, FreeRADIUS 1.0.0-pre3 # CC=/usr/local/gcc-3.4.0/bin/gcc ./configure --prefix=/usr/local/radiusd --with-ldap --with-rlm-ldap-lib-dir=/usr/local/ldap/lib --with-rlm-ldap-include-dir=/usr/local/ldap/include/ --with-openssl-includes=/usr/local/ssl/include/ --with-openssl-libraries=/usr/local/ssl/lib/ # make snip Making static dynamic in rlm_unix... gmake[6]: Entering directory `/root/freeradius-1.0.0-pre3/src/modules/rlm_unix' /root/freeradius-1.0.0-pre3/libtool --mode=link ld \ -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I/usr/local/ssl/include -Wall -D_GNU_SOURCE -DNDEBUG -I../../include rlm_unix.o cache.o compat.o -o rlm_unix.a ar cru rlm_unix.a rlm_unix.o cache.o compat.o ranlib rlm_unix.a gmake[6]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules/rlm_unix' Making static dynamic in rlm_x99_token... gmake[6]: Entering directory `/root/freeradius-1.0.0-pre3/src/modules/rlm_x99_token' /usr/local/gcc-3.4.0/bin/gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I/usr/local/ssl/include -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -DX99_MODULE_NAME=\rlm_x99_token\ -I/usr/local/ssl/include -DFREERADIUS -c x99_rlm.c -o x99_rlm.o x99_rlm.c: In function `x99_token_authenticate': x99_rlm.c:550: error: label at end of compound statement gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/freeradius-1.0.0-pre3/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/root/freeradius-1.0.0-pre3/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/freeradius-1.0.0-pre3' make: *** [all] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with huntgroups file in freeradius-1.0.0-pre3
Hi, We are experiencing problems using the huntgroups file with freeradius-1.0.0-pre3. Please note that the NAS-IP-Address is the same for both huntgroups ie 217.15.97.19. Using different NAS-IP-Addresses works fine Huntgroups file is as follows :- streamgamers NAS-IP-Address == 217.15.97.19 Group == users, Group == tech gaming NAS-IP-Address == 217.15.97.19 Group == gamers, Group == users, Group == tech Users file is as follows :- DEFAULT Auth-Type := System, Hint == gamestream, Huntgroup-Name == gaming, Service-Type == Framed-User Service-Type = Framed-User, Framed-Protocol = PPP, DEFAULT Auth-Type := System, Hint == stream, Huntgroup-Name == streamgamers, Service-Type == Framed-User Service-Type = Framed-User, Framed-Protocol = PPP, Hints file is as follows :- DEFAULT Suffix == @stream, Strip-User-Name = Yes Hint = stream DEFAULT Suffix == @gamestream, Strip-User-Name = Yes Hint = gamestream The problem we have is the following :- Imagine 2 users john1 in group gamers peter1 in group tech we require john1 to obtain access using only the @gamestream realm if [EMAIL PROTECTED] tries to connect he is denied access stating the following error :- Mon Jul 26 10:39:24 2004 : Auth: No huntgroup access: [john1] If [EMAIL PROTECTED] tries to connect he is denied access If [EMAIL PROTECTED] tries to connect he is allowed access If [EMAIL PROTECTED] tries to connect he is allowed access Now if we modify the huntgroups file as follows putting the gaming huntgorup first (the one with more groups):- gaming NAS-IP-Address == 217.15.97.19 Group == gamers, Group == users, Group == tech streamgamers NAS-IP-Address == 217.15.97.19 Group == users, Group == tech And try the users again :- we require john1 to obtain access using only the @gamestream realm if [EMAIL PROTECTED] tries to connect he is allowed access If [EMAIL PROTECTED] tries to connect he is allowed access (which is not required) If [EMAIL PROTECTED] tries to connect he is allowed access If [EMAIL PROTECTED] tries to connect he is allowed access This means that for some reason only the first list of groups is matching Can you help us out. If you require further details just ask. Thanks for your time! Regards, David Mifsud Network Engineer DataStream Ltd. Office Direct: 2567 7230 Office General: 2567 7000 URL: http://www.datastream.com.mt/ This Email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions represented are solely those of the author and do not necessarily represent those of Datastream Ltd. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding,printing or copying of this Email is strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake or call +356 21482000 and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or free of errors as information could be intercepted, corrupted, lost, destroyed, delayed or incomplete, and/or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of Email Transmission.
Re: dialup admin replacement
maybe a fault of mine for not going through the logs, when i look at patches or release i always see it the same so i assumed that it is not active. but now i know and as for an email asking for features never did cause of the above reason but now i know. Sarky On Mon, 26 Jul 2004 16:28:54 +0300 (EEST), Kostas Kalevras wrote: On Mon, 26 Jul 2004, sarky wrote: Actualy I care i dont know about the rest, but i have been using freeradius/dialup-admin for a while and development just seem to have stoped on dialup-admin, hence i was loosing hope. 1. It never stoped. Have you looked in the Changelog, or in the dialupadmin CVS? 2. I don't remember ever seeing an email asking for such a feature like the one you asked. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to distinguih between MAC an 802.1x auth requests
Hallo,
We are using Orinoco AP600 accesspoint. This AP can do Radius MAC
Access control and EAP/802.1x Auth control.
The question is how have I configure the FreeRadius server to
distinguish between these two options.
I am not able to get it work. I am trying to distinguish these two cases
in according to User-Name, because there is a difference in it (a mac
address in the first case and the defined user name from X.509 cet in
the second one). But I am not successful :(
hints file:
***
DEFAULT User-Name =~ ^[A-Z]{1}.* [A-Z]{1}.*
Auth-Type := EAP,
Hint := EAP
DEFAULT User-Name =~ ^[0-9a-f]{12}$
Auth-Type := Local,
User-Password := MACADDRESS,
Hint := WEP
users file:
DEFAULT Hint == WEP, Auth-Type := Local
Framed-IP-Address = 255.255.255.255,
Framed-IP-Netmask = 255.255.255.0,
DEFAULT Hint == EAP, Auth-Type := EAP
Framed-IP-Address = 255.255.255.255,
Framed-IP-Netmask = 255.255.255.0,
Doe anybody resolve similar scenario? Thanks in advance. z.p.
--
Zdenek Pizl
Systinet Corporation
Vinohradska 190
130 00 Praha 3
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Enforcement rules after EAP authentication
I haven't noticed it before. The AP sends the MAC in the Calling Station ID. Tacio On Monday 26 July 2004 08:11, Tacio Santos wrote: Hi, I'm new to freeradius (and also to radius) and I've sucessfully setup EAP/TTLS authentication (thanks for this great project). Now I need to be able to do enforcement rules on my firewall per user basis (not only for authorization, but also for measurement). Is there a way to get the client MAC address from the radius server right after the EAP authentication fase? If not, how could I achieve this level of control? Thanks for you attention, Tacio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait attributes not included in Access-Accept
Got it... The script has to output ,\n after each pair like so: Acct-Interim-Interval = 600, Idle-Timeout = 3600, Session-Timeout = 171454526 Regards, Thor. - Original Message - From: Paul Hampson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 4:16 PM Subject: Re: Exec-Program-Wait attributes not included in Access-Accept On Mon, Jul 26, 2004 at 03:58:37PM +0200, Thor Spruyt wrote: I have freeradius 0.9.3 running with Postgresql database backend. The only thing the radius checks is the password and then executes an external script if authentication is ok. The section in the users file is: DEFAULT Auth-Type = Local Exec-Program-Wait = /opt/radius1/bin/auth.pl Everything runs fine, except the attributes output by the script (attr = value seperated by newlines) are not added to the reply as you can see in this debugging output: auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: '/opt/radius1/bin/auth.pl' Exec-Program: /opt/radius1/bin/auth.pl Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program: returned: 0 Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22) Sending Access-Accept of id 112 to 192.168.250.105:32780 Finished request 0 Going to the next request Any idea what might be wrong? Hmm. I'd suggest outputting the attributes on seperate lines... I'd also suggest moving to rlm_exec, which is less bug-prone as far as we know. ^_^ -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Hi Barry,
Would it not be better to contact the maintainer of the pppd for the Debian
distribution and ask him/her why pppd is not sending the stop accounting packet to the
radius server when a connection is dropped (for whatever reason) That would fix
the problem the way it should be corrected instead of bandaiding it
Gary N. McKinney
-- Original Message --
From: Barry Murphy [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Mon, 26 Jul 2004 22:35:54 +1200
Anyone know how to get dialup_admin to check a poptop NAS to see if users
are still connected or not. If a user disconnects by unplugging his wireless
card or by loosing signal to the wireless node they remain connected even
though there pc has thrown them out. This causes multiple connections and
long connection durations with no bandwidth info. Perhaps there is a way to
check every hour or so if the user is connected or not?
base-nas.albanywireless.co.nz
Network Access Server 2 users connected 3 free lines
# user ip address caller id name duration
1 icepick 219.88.249.83 - Barry Murphy 104:32:29
2 casper 219.88.249.85 - - 83:25:39
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:13 AM
Subject: RE: dialup admin replacement
Ok, I will make another template for your uses, and you can change to that
template
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 2:58 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Thats great!!!
Now just to add some functionality for a per month basis and bandwidth
usage
info.
My users are charged on usage not time.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement
Ok no problem
Go to login2.php
Commet line 32
// $passwd = da_encrypt($passwd,$enc_passwd);
If this not work try this
Commet line 31, and 32
// $passwd = $FF_valPassword;
// $passwd = da_encrypt($passwd,$enc_passwd);
And change line 34
From
if (!strcmp($passwd,$enc_passwd)){
To
if (!strcmp($FF_valPassword,$enc_passwd)){
That's all
Regards
Issa rabba
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
I'm using clear text passwords.
Thanks
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement
I used the crypt function because all the password will be saved as
crypted
password, if not please tell me I will tell you what to change at the
login2.php file
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I can
only
comment out a little, but still cant get it working.
Barry
- Original Message -
From: Nick Marino [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement
I tried it and no matter what username and password I put in it just
goes
back to the login page.
I did configure pp.php to point to my database with the correct
username
and
password and database name.
Any ideas?
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:18 AM
Subject: RE: dialup admin replacement
Ok:
Please download this file http://www.issa.ps/dialup_admin/stat.rar
Please note that this interface for the mysql database only.
Extract the stat.tar and edit Connections/pp.php, change the
valuse
of
the
hostname, username, password and database name.
Then upload it to websever support PHP.
Please contact me if you need any question.
Regards,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
sarky
Sent: Sunday, July 25, 2004 11:20 AM
To: [EMAIL PROTECTED]
Subject: RE: dialup admin replacement
cool if you can send it over to me that will be great.
I think the dialup admin author is on this list, you can ask
Sarky
On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote:
I did some thing like that, but it's not a part of the
dialupadmin,
it
web interface for our
Checking SubjectAltName instead of CN
Title: Checking SubjectAltName instead of CN
I've setup freeradius to authenticate users via EAP-TLS. To enforce security I'd like
to check the username contained in the client certificate. Is there a way to do it
based on the SubjectAltName instead of the CN?
The eap.conf knows only the CN based option:
check_cert_cn = %{User-Name}
The SubjectAltName in my certificates contains an email address and is more easily
to handle.
Regards,
Thomas
--
Thomas Kraemmer
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
issa rabba' [EMAIL PROTECTED] wrote: I want to know where I can find more about the AAAadmin priject The AAAadmin project is NOT part of FreeRADIUS. Everyone, stop posting AAAadmin questions to this list. It should have its own list, hosted elsewhere. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using multi-valued string LDAP attributes for user lockout in freeradius-1.x
On Fri, 23 Jul 2004, Daniel Epstein wrote:
Greetings all,
We run a freeradius-0.9.3 installation handling authentications for a
number of different NASs on our campus. The RADIUS servers are using
an openldap directory as the primary user credentials store. For a
number of reasons, we designed our LDAP schema such that authorization
for services is indicated by one or more values set in a multi-valued
string attribute of the user object. This is as opposed to using group
membership or a series of discrete boolean or string attributes for
authorization to each service type. It should also be noted that the
RADIUS server does not bind to LDAP in the context of a privileged
account, but with the credentials supplied by the NAS client.
When we initially deployed this infrastructure three years ago, we
found that the rlm_ldap module was not able to query a multi-valued
attribute for authorization using the 'access-attr' option. Following
suggestions from this list, we instead extended the 'filter' value to
cause the authentication to fail if a particular string appears in the
access attribute. We have the following configuration:
- radiusd.conf -
ldap ldap-vpn {
...
filter = ((uid=%u)(!(ucPriv=novpn)))
...
}
ldap ldap-modem {
...
filter = ((uid=%u)(!(ucPriv=nomodem)))
...
}
ldap ldap-soup {
...
filter = ((uid=%u)(!(ucPriv=nosoup)))
...
}
...
authenticate {
Auth-Type aldap-vpn {
ldap-vpn
}
Auth-Type aldap-modem {
ldap-modem
}
Auth-Type aldap-soup {
ldap-soup
}
}
authorize {
preprocess
files
Autz-Type zldap-vpn {
ldap-vpn
}
Autz-Type zldap-modem {
ldap-modem
}
Autz-Type zldap-soup {
ldap-soup
}
}
...
- huntgroups.conf -
vpn NAS-IP-Address == x.x.x.x
vpn NAS-IP-Address == x.x.x.x
vpn NAS-IP-Address == x.x.x.x
modem NAS-IP-Address == x.x.x.x
modem NAS-IP-Address == x.x.x.x
modem NAS-IP-Address == x.x.x.x
soup NAS-IP-Address == x.x.x.x
- users -
DEFAULT Huntgroup-Name == vpn,
Auth-Type := aldap-vpn,
Autz-Type := zldap-vpn
DEFAULT Huntgroup-Name == modem,
Auth-Type := aldap-modem,
Autz-Type := zldap-modem
DEFAULT Huntgroup-Name == soup,
Auth-Type := aldap-soup,
Autz-Type := zldap-soup
While this works for us in terms of allowing and denying access
appropriately, it is not optimal in that it does not allow us to log or
return to the NAS the proper reason for authentication failure (because
we are bundling authorization with authentication). We're now in the
middle of a redesign of the RADIUS infrastructure (including possible
plans to test and deploy version 1.0.0 when released). I was wondering
if there is now a better way to approach this problem under the current
version. I've looked at the checkval module, but this seems to really
work in the opposite direction, checking values from the NAS, not from
the auth store, but I confess I don't understand it entirely. Any help
or suggestions would be appreciated.
Cheers,
Dan
--
You may like the way we did it using the ldap-group option. That way you
don't have to define different ldap instances to use.
The documentation is located at http://doris.cc/radius. It is a little
outdated in versions, but should work with 1.0 and newer openldap
versions. I will get around to updating that documentation for 1.0 one of
these days, although not much will be different.
That doc is also located in the doc directory in recent versions
(doc/ldap_howto.txt).
-Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
issa rabba' [EMAIL PROTECTED] wrote... ( 1-2 sentences, followed by reams of quoted material. ) Can people PLEASE edit their posts, to NOT include all of the previous messages in a thread? If you need to see the older messages, read the archives. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy server knows password
Hi, I have a homeserver and a proxyserver running on the same machine, but on different ports and different compilations (so they're actually independant of each other). When I run the homeserver with -X, it prints out the User-Password attribute of the Access-Request packet, which I think is normal. But when I run the proxyserver with -X, it also prints out the User-Password attribute of the Access-Request packet... I don't want anyone to see my users' passwords! Is there any reason why the proxy server sees the password? Is there any way to prevent this from happening on the homeserver? Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: redhat spec file problem?
Hi,
i've changed the spec for the same reason. You can try it (see
attachment), but you must tar the freeradius sources in directory
..-1.0.0, not - ..-1.0.0-pre3.
Cheers,
Simeon Penev
Dave Weis wrote:
I'm trying to build an rpm on fedora core 1 with the included redhat
spec file but not having much luck. I had to make symlink from
/usr/include/com_err.h - /usr/include/et/com_err.h to get the
kerberos stuff to compile. I also modified the header to include the
prerelease portion:
Name: freeradius
Version: 1.0.0
Release: pre3
License: GPL
Group: Networking/Daemons
Packager: FreeRADIUS.org
Source0: %{name}-%{version}-%{release}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
I have gotten to the point where it compiles but dies when it tries to
package the RPM:
Checking for unpackaged file(s): /usr/lib/rpm/check-files
/var/tmp/freeradius-1.0.0-pre3-root
error: Installed (but unpackaged) file(s) found:
/usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
/usr/share/doc/freeradius-1.0.0-pre3/DIFFS
/usr/share/doc/freeradius-1.0.0-pre3/MACOSX
/usr/share/doc/freeradius-1.0.0-pre3/OS2
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
/usr/share/doc/freeradius-1.0.0-pre3/README
/usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)
RPM build errors:
Installed (but unpackaged) file(s) found:
/usr/share/doc/freeradius-1.0.0-pre3/Autz-Type
/usr/share/doc/freeradius-1.0.0-pre3/DIFFS
/usr/share/doc/freeradius-1.0.0-pre3/MACOSX
/usr/share/doc/freeradius-1.0.0-pre3/OS2
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema
/usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema
/usr/share/doc/freeradius-1.0.0-pre3/README
/usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use
(snip)
I am not very good with spec files. I did try changing the doc line in
the files section to
%doc doc/*
but that didn't work either.
Thanks
dave
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy server knows password
On Mon, 26 Jul 2004, Thor Spruyt wrote: Hi, I have a homeserver and a proxyserver running on the same machine, but on different ports and different compilations (so they're actually independant of each other). When I run the homeserver with -X, it prints out the User-Password attribute of the Access-Request packet, which I think is normal. But when I run the proxyserver with -X, it also prints out the User-Password attribute of the Access-Request packet... I don't want anyone to see my users' passwords! Is there any reason why the proxy server sees the password? You 're using PAP as the authentication protocol Is there any way to prevent this from happening on the homeserver? Use EAP-TTLS-PAP,MS-CHAP,CHAP as authentication protocol. That's something the client decides though. Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: redhat spec file problem?
i've changed the spec for the same reason. You can try it (see attachment), interesting ... where ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy server knows password
- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
On Mon, 26 Jul 2004, Thor Spruyt wrote:
Is there any way to prevent this from happening on the homeserver?
Use EAP-TTLS-PAP,MS-CHAP,CHAP as authentication protocol. That's something
the
client decides though.
In radiusd.conf on the homeserver I only have
authenticate {
Auth-Type CHAP {
chap
}
}
I understand that it's up to the NAS, but I would expect that the homeserver
denies PAP requests if it's not defined in radiusd.conf, so that the NAS has
to be configured to use CHAP?
Thor.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: redhat spec file problem?
marco wrote:
i've changed the spec for the same reason. You can try it (see
attachment),
interesting ... where ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Here it is:
Summary: High-performance and highly configurable RADIUS server
URL: http://www.freeradius.org/
Name: freeradius
Version: 1.0.0
Release: pre3
License: GPL
Group: Networking/Daemons
Packager: FreeRADIUS.org
Source0: %{name}-%{version}.tar.gz
Prereq: /sbin/chkconfig
BuildPreReq: libtool
# FIXME: snmpwalk, snmpget and rusers POSSIBLY needed by checkrad
Provides: radiusd
Conflicts: cistron-radius
BuildRoot: %{_tmppath}/%{name}-root
%description
The FreeRADIUS Server Project is a high-performance and highly
configurable GPL'd RADIUS server. It is somewhat similar to the
Livingston 2.0 RADIUS server, but has many more features, and is much
more configurable.
%prep
%setup
%build
CFLAGS=$RPM_OPT_FLAGS \
%configure --prefix=%{_prefix} \
--localstatedir=%{_localstatedir} \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--without-rlm-krb5 \
--with-experimental-modules
make
%install
[ $RPM_BUILD_ROOT != / ] rm -rf $RPM_BUILD_ROOT
mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,rc.d/init.d}
make install R=$RPM_BUILD_ROOT
RADDB=$RPM_BUILD_ROOT/etc/raddb
# set radiusd as default user/group
perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf
perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf
# shadow password file MUST be defined on Linux
perl -i -pe 's/#shadow =/shadow =/' $RADDB/radiusd.conf
# remove unneeded stuff
rm -f $RPM_BUILD_ROOT%{_mandir}/man8/builddbm.8
rm -f $RPM_BUILD_ROOT%{_prefix}/sbin/rc.radiusd
cd redhat
install -m 755 rc.radiusd-redhat $RPM_BUILD_ROOT/etc/rc.d/init.d/radiusd
install -m 644 radiusd-logrotate $RPM_BUILD_ROOT/etc/logrotate.d/radiusd
install -m 644 radiusd-pam $RPM_BUILD_ROOT/etc/pam.d/radius
cd ..
%pre
/usr/sbin/useradd -c radiusd user -r -s /bin/false -u 95 -d / radiusd
2/dev/null || :
%preun
if [ $1 = 0 ]; then
/sbin/service radiusd stop /dev/null 21
/sbin/chkconfig --del radiusd
fi
%post
/sbin/ldconfig
/sbin/chkconfig --add radiusd
# Done here to avoid messing up existing installations
for i in radius/radutmp radius/radwtmp radius/radius.log #
radius/radwatch.log radius/checkrad.log
do
touch /var/log/$i
chown radiusd:radiusd /var/log/$i
chmod 600 /var/log/$i
done
%postun
if [ $1 -ge 1 ]; then
/sbin/service radiusd condrestart /dev/null 21
fi
if [ $1 = 0 ]; then
/usr/sbin/userdel radiusd /dev/null 21 || :
fi
/sbin/ldconfig
%clean
[ $RPM_BUILD_ROOT != / ] rm -rf $RPM_BUILD_ROOT
%files
%defattr(-,root,root)
%doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL
%config /etc/pam.d/radius
%config /etc/logrotate.d/radiusd
%config /etc/rc.d/init.d/radiusd
%config (noreplace) /etc/raddb/*
%{_bindir}/*
%{_datadir}/%{name}
%{_libdir}/*
%{_mandir}/*/*
%{_sbindir}/*
%attr(0700,radiusd,radiusd) %dir /var/log/radius
%attr(0700,radiusd,radiusd) %dir /var/log/radius/radacct
%attr(0700,radiusd,radiusd) %dir /var/run/radiusd
%changelog
* Mon May 31 2004 Paul Hampson
- update for 1.0.0 release
* Fri May 23 2003 Marko Myllynen
- update for 0.9
* Wed Sep 4 2002 Marko Myllynen
- fix libtool issues for good
* Thu Aug 22 2002 Marko Myllynen
- update for 0.7/0.8
* Tue Jun 18 2002 Marko Myllynen
- run as radiusd user instead of root
- added some options for configure
* Thu Jun 6 2002 Marko Myllynen
- set noreplace for non-dictionary files in /etc/raddb
* Sun May 26 2002 Frank Cusack [EMAIL PROTECTED]
- move /var dirs from %%post to %%files
* Thu Feb 14 2002 Marko Myllynen
- use dir name macros in all configure options
- libtool is required only when building the package
- misc clean ups
* Wed Feb 13 2002 Marko Myllynen
- use %%{_mandir} instead of /usr/man
- rename %%postin as %%post
- clean up name/version
* Fri Jan 18 2002 Frank Cusack [EMAIL PROTECTED]
- remove (noreplace) for /etc/raddb/* (due to rpm bugs)
* Fri Sep 07 2001 Ivan F. Martinez [EMAIL PROTECTED]
- changes to make compatible with default config file shipped
- adjusts log files are on /var/log/radius instead of /var/log
- /etc/raddb changed to config(noreplace) to don't override
- user configs
* Fri Sep 22 2000 Bruno Lopes F. Cabral [EMAIL PROTECTED]
- spec file clear accordling to the libltdl fix and minor updates
* Wed Sep 12 2000 Bruno Lopes F. Cabral [EMAIL PROTECTED]
- Updated to snapshot-12-Sep-00
* Fri Jun 16 2000 Bruno Lopes F. Cabral [EMAIL PROTECTED]
- Initial release
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: redhat spec file problem?
In the %files section I have change
# %doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL *
for
%doc %{_docdir}/freeradius-%{version}*/
Le lun 26/07/2004 13:05, marco a crit :
i've changed the spec for the same reason. You can try it (see
attachment),
interesting ... where ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Daniel Chnard
SysAdmin Unix
Infoteck Internet
5480, Boul. Jean XXIII
Trois-Rivires-Ouest, Qubec
Canada
G8Z 4A9
Tel: 819-370-3232
Sans Frais: 1-866-853-3232
Fax: 819-370-3624
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap-tls resumed handshake code
Hi list, I didn't find the code related to eap-tls resumed handshake. Can you help me please in that? I don't know if it is based on openssl resumed handshake of not. It seems not clear to me. Sincerely, Badra - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
How ever it is done using dialup admin. Not sure will have to look through the code and config files of dialupadmin and see. Not sure where to look. - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 5:47 PM Subject: RE: dialup admin replacement Ok, when save the password at the database what interface you use, do send the password to the encrypt function do you send a salt with the password? If yes what is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Monday, July 26, 2004 5:39 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement MD5 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:05 AM Subject: RE: dialup admin replacement what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait attributes not included in Access-Accept
On Jul 26, 2004, at 06:58, Thor Spruyt wrote: Hi, I have freeradius 0.9.3 running with Postgresql database backend. The only thing the radius checks is the password and then executes an external script if authentication is ok. The section in the users file is: DEFAULT Auth-Type = Local Exec-Program-Wait = /opt/radius1/bin/auth.pl Everything runs fine, except the attributes output by the script (attr = value seperated by newlines) are not added to the reply as you can see in this debugging output: auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: '/opt/radius1/bin/auth.pl' Exec-Program: /opt/radius1/bin/auth.pl Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program: returned: 0 Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22) Sending Access-Accept of id 112 to 192.168.250.105:32780 Finished request 0 Going to the next request Any idea what might be wrong? I have an Exec-Program-Wait and I don't use returns. Here is an example of the script output that works: Session-Timeout = 3600, Framed-IP-Address = 66.81.99.99 There are no returns anywhere in the string. I tried various combinations of things using debug mode to find one that works. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CA web pages
Hi, I am looking for a simple way for my users to go to a web page and fill out a request for a cert and then we (admins) can go to another page, verify the data and sign it. Any ideas on this - of course with openssl integrated with freeradius and SQL... thanks Kat - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mystery of mysql.sock location in FreeRADIUS
You can set the environment variable MYSQL_UNIX_PORT as follows: export MYSQL_UNIX_PORT=/usr/mysql/mysql.sock I'm not sure why the freeradius mysql client doesn't check my.cnf, but I had the same issue and solved as above. Regards, Simon. --- On Monday 26 July 2004 19:54, Masoud Safi wrote: From: Kostas Kalevras [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Mystery of mysql.sock location in FreeRADIUS Date: Sat, 24 Jul 2004 02:27:39 +0300 (EEST) On Thu, 22 Jul 2004, Masoud Safi wrote: Greetings, My radius server which uses MySQL 4.0.18-standard has been running fine for a few months until my /var partition got full. I had to move the data files from /var/lib/mysql to /usr/mysql. After some config changes on the MySQL configs, the MySQL campe up running fine. An ODBC connection which I have had from a Windows box to the MySQL server works fine too. However, FreeRADIUS would not connect to MySQL passing the following erro. - rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)' rlm_sql (sql): Failed to connect DB handle #0 - Obviously, I had to make sure that socket=/usr/mysql/mysql.sock was in the CLIENT portion of my.cnf file. Here is my DB status output: Server version 4.0.18-standard Protocol version10 Connection Localhost via UNIX socket UNIX socket /usr/mysql/mysql.sock Now, I can not figure out where in my system is a reference to '/var/lib/mysql/mysql.socke It is not in radiusd.conf, or sql.conf. Any ideas? If you are sure you 've fixed my.cnf then things should work fine. I would suggest tracing the open() calls of the freeradius to check which my.cnf file is opened by the mysql library used by the sql module. Yes, I am sure I configured the my.cfg correctly and that is why my Windows based ODBC connections work. I also searched my entire HDD for other instances of my.cfg, but I only have one copy. It seams to me that freeradius may be reading the mysql.sock info from somewhere else, but don't know where? As far as tracing the open() calls of freeradius, is there anything else I need to do, other than running radiusd -X? _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mystery of mysql.sock location in FreeRADIUS
Now, I can not figure out where in my system is a reference to '/var/lib/mysql/mysql.socke It is not in radiusd.conf, or sql.conf. Any ideas? well if you cant still find answers, you can try creating a soft link FROM /var (where the sock file is being created) TO /usr (where you want it to be), its not the proper mysql solution but its an approach that works! //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: redhat spec file problem?
I had the same problem (and some others) with the redhat spec file,
and here is what I did to fix it... these are diffs to the 1.0.0pre3
spec file in the redhat directory.
matt
diff freeradius.spec.orig freeradius.spec
5c5
Release: 1
---
Release: pre3
9c9
Source0: %{name}-%{version}.tar.gz
---
Source0: %{name}-%{version}-%{release}.tar.gz
24c24
%setup
---
%setup -n %{name}-%{version}-%{release}
34d33
--with-system-libtool \
67a67,68
rm -rf $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}-%{release}
81a83
chown -R radiusd:radiusd /var/log/radius
103c105
%doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL
---
%doc doc/[^C0]* doc/C[^V]* todo/ COPYRIGHT INSTALL
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ntlm_auth
Anyone have a simple smb.conf they are willing to share for a Samba3-ntlm_auth install incorporated with FreeRADIUS?? THANKS!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Poptop does disconnect the user however the radius server doesnt receive a
stop request.
Barry
- Original Message -
From: Thor Spruyt [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 1:49 AM
Subject: Re: dialup admin replacement
I think poptop is able to disconnect the user automatically when the
session
is lost.
- Original Message -
From: Barry Murphy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 12:56 PM
Subject: Re: dialup admin replacement
My problem is the poptop pptp server (with debian's ppp) is acting as
the
NAS server for my wireless clients, so there is no IOS to update. Not
many
people tend to be using pptp with radius and can answer this question.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:47 AM
Subject: RE: dialup admin replacement
I face this problem before, it was Cisco IOS bug, and they fix the it,
I
think you have to update your IOS
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Monday, July 26, 2004 3:36 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Anyone know how to get dialup_admin to check a poptop NAS to see if
users
are still connected or not. If a user disconnects by unplugging his
wireless
card or by loosing signal to the wireless node they remain connected
even
though there pc has thrown them out. This causes multiple connections
and
long connection durations with no bandwidth info. Perhaps there is a
way
to
check every hour or so if the user is connected or not?
base-nas.albanywireless.co.nz
Network Access Server 2 users connected 3 free lines
# user ip address caller id name duration
1 icepick 219.88.249.83 - Barry Murphy 104:32:29
2 casper 219.88.249.85 - - 83:25:39
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 8:13 AM
Subject: RE: dialup admin replacement
Ok, I will make another template for your uses, and you can change
to
that
template
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Monday, July 26, 2004 2:58 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Thats great!!!
Now just to add some functionality for a per month basis and
bandwidth
usage
info.
My users are charged on usage not time.
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 6:33 AM
Subject: RE: dialup admin replacement
Ok no problem
Go to login2.php
Commet line 32
// $passwd = da_encrypt($passwd,$enc_passwd);
If this not work try this
Commet line 31, and 32
// $passwd = $FF_valPassword;
// $passwd = da_encrypt($passwd,$enc_passwd);
And change line 34
From
if (!strcmp($passwd,$enc_passwd)){
To
if (!strcmp($FF_valPassword,$enc_passwd)){
That's all
Regards
Issa rabba
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Barry
Murphy
Sent: Monday, July 26, 2004 12:57 AM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
I'm using clear text passwords.
Thanks
Barry
- Original Message -
From: issa rabba' [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, July 27, 2004 5:12 AM
Subject: RE: dialup admin replacement
I used the crypt function because all the password will be saved
as
crypted
password, if not please tell me I will tell you what to change
at
the
login2.php file
Regards
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf
Of
Barry
Murphy
Sent: Sunday, July 25, 2004 11:48 PM
To: [EMAIL PROTECTED]
Subject: Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I
can
only
comment out a little, but still cant get it working.
Barry
- Original Message -
From: Nick Marino [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, July 26, 2004 11:16 AM
Subject: Re: dialup admin replacement
I tried it and no matter what username and password I put in
it
just
goes
back to the login page.
I did configure pp.php to point to my database with the
correct
username
and
password and database name.
Any ideas?
Re: Freeradius Cisco-AVPair
For those of you (un)lucky enough to be searching for Cisco, PPPoE, RADIUS, static IP addresses, and the like, here's the skinny. 1. Yes, Virginia, you can do static IP address via RADIUS, Cisco 7206, and PPPoE for DSL-type applications. At least as of 12.2(24), and possibly much earlier. 2. The standard radius attributes work: Framed-Protocol = PPP, Framed-IP-Address = X.X.X.X, Framed-IP-Netmask = 255.255.255.255, and the like (including Framed-Compression = Van-Jacobson-TCP-IP). You don't need any of the Cisco-AVPair, at least not for the usual stuff. 3. However, you MUST have this: aaa authorization network default group radius none Or nothing will work. The none is important if you have any non-authorized PPP sessions (like regular serial lines) or you will break all of your non-RADIUS authenticated connections. Apparently, if you just have THIS: aaa authorization network default none you will automatically be authorized for network information, but (here's the kicker) the Cisco will silently ignore the attributes returned by RADIUS because you didn't specify that they come from RADIUS. So it will blithly ignore the return attributes. Hopefully this will save somebody out there more time than I wasted on this, and thus the world will even out. Cheers, David. - On Mon, 19 Jul 2004, David Birnbaum wrote: On Sun, 18 Jul 2004, Kevin Bonner wrote: On Friday 16 July 2004 17:12, David Birnbaum wrote: 1. Cisco doesn't seem to support Framed-Address for PPPoE (if anyone knows different that would be great, because nobody at Cisco knows how to do this. If you can tell me how, stop reading the rest of the message and help me out!) Here are some of the entries we use for our PPPoE connections on a 7505: Cisco-AVPair += ip:addr=1.2.3.1, Cisco-AVPair += ip:route=1.2.3.4 255.255.255.0, Cisco-AVPair += ip:inacl#1=permit ip any 1.2.3.0 0.0.0.255, Try the ip:addr line rather than assigning an addr-pool and post your results. If that doesn't work, the cisco config may need to be tweaked. Kevin, I tried this out. The cisco log still shows: Jul 19 15:51:39: Invalid attribute in radius buffer Jul 19 15:51:39: Unable to dump packet further Obviously Cisco-AVPair is working for other people; could you share you working 7505 config? I think the problem is that the radius packet is not built right or otherwise undecodable, which makes it hard to debug whether the AVPair syntax is right! radiusd -X shows this: Sending Access-Accept of id 185 to X.X.X.X:1645 Cisco-AVPair = ip:addr=Y.Y.Y.Y Service-Type = Framed-User Framed-Protocol = PPP which sure looks good to me David. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to distinguih between MAC an 802.1x auth requests
On Mon, 2004-07-26 at 10:12, Zdenek Pizl wrote: We are using Orinoco AP600 accesspoint. This AP can do Radius MAC Access control and EAP/802.1x Auth control. The question is how have I configure the FreeRadius server to distinguish between these two options. Test for the existance/non-existance of the EAP-Message: DEFAULT Auth-Type := EAP, EAP-Message =* 1, NAS-Port-Type == Wireless-802.11 Cisco-AVPair = ssid=, Session-Timeout = 600, Service-Type = Framed-User That's how I do it on my Cisco 1200's... Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
show_groups.php3
Im tried the latest dev of dialup_admin and i got this warning and it doesnt show groups. Warning: main(../lib/sql_group_info.php3): failed to open stream: No such file or directory in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74Warning: main(): Failed opening '../lib/sql_group_info.php3' for inclusion (include_path='.:/usr/local/share/pear') in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74Could not find any groups thanks very much
Re: show_groups.php3
On Tue, 27 Jul 2004, apellido jr., wilfredo p. wrote: Im tried the latest dev of dialup_admin and i got this warning and it doesnt show groups. Warning: main(../lib/sql_group_info.php3): failed to open stream: No such file or directory in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74 Warning: main(): Failed opening '../lib/sql_group_info.php3' for inclusion (include_path='.:/usr/local/share/pear') in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74 Could not find any groups Oops, Fixed. Thanks thanks very much -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CA web pages
On Mon, 26 Jul 2004 [EMAIL PROTECTED] wrote: Hi, I am looking for a simple way for my users to go to a web page and fill out a request for a cert and then we (admins) can go to another page, verify the data and sign it. Any ideas on this - of course with openssl integrated with freeradius and SQL... That's more or less called www.openca.org. thanks Kat - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disctionary files
Hi, I'm running poptop + freeradius + mysql and trying to work out which dictionary file i'd use. I'm wanting to get some additional info like Disconnect-Cause , tunnel end point etc and don't know if I can use the Ascend dictionary file for this. Any help would be appreciated. Barry
Re: show_groups.php3
Just update show_groups.php3, same error... Warning: main(../lib/$config[general_lib_type]/group_info.php3): failed to open stream: No such file or directory in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74 Warning: main(): Failed opening '../lib/$config[general_lib_type]/group_info.php3' for inclusion (include_path='.:/usr/local/share/pear') in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74 Could not find any groups - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
find it at http://dmin.sourceforge.net - Original Message - From: "Alan DeKok" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 9:22 AM Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin ) "issa rabba'" [EMAIL PROTECTED] wrote: I want to know where I can find more about the AAAadmin priject The AAAadmin project is NOT part of FreeRADIUS. Everyone, stop posting AAAadmin questions to this list. It should have its own list, hosted elsewhere. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---Outgoing mail is certified Virus Free.Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004
Freeradius and CRAM auth.
Hi, I am using the Free-Radius Server (version 0.9.3) currently. I am using the Unix authentication and it is working fine. I want to use the CRAM authentication for my testing purpose. I searched over the net and the mailing lists for any documentation. However, I was not able to get much information. I will be very thankful if you can provide me the details of enabling and using CRAM authentication in FreeRadius. Thanks and Regards, Prasad. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
