RE: dialup admin replacement
what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Enforcement rules after EAP authentication
Hi, I'm new to freeradius (and also to radius) and I've sucessfully setup EAP/TTLS authentication (thanks for this great project). Now I need to be able to do enforcement rules on my firewall per user basis (not only for authorization, but also for measurement). Is there a way to get the client MAC address from the radius server right after the EAP authentication fase? If not, how could I achieve this level of control? Thanks for you attention, Tacio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
Please download it from here http://www.issa.ps/dialup_admin/stat.tar.gz Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Johnno Sent: Sunday, July 25, 2004 3:07 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I download this and had a look see.. but the rar file coming up and says unknown method so the file can't be unpacked.. Can you use other method ie.. zip, gz, tar etc.. Many Thanks.. - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 5:18 PM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to resolve following scenario: two groups of clients accessing wifi AP ++
On Fri, 2004-07-23 at 17:54, Alan DeKok wrote: Zdenek Pizl [EMAIL PROTECTED] wrote: I don't know exactly what do I need to search, the optimal version how to distinguish between groups of EAP/TLS and MAC users would be: [0-9a-fA-F]{6}-[0-9a-fA-F]{6} Auth-Type := Local DEFAULT Auth-Type := EAP But there is no posibility to use regexp in users file, isn't it? Why do you say that? I have tried the regexp above, it did not work, therefore I said that. BTW - it was a question ... Maybe there is different style of regexp ?? z.p. Alan DeKok. -- Zdenek Pizl Systinet Corporation Vinohradska 190 130 00 Praha 3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
Amin wrote: May I join development team of dailup_admin. I wish not to be a competitor (as I am going to develop AAAadmin) but contributor to dailup_admin also. i wish you can tell me more of this dmin off the list? i can be a beta tester or something more than that, how can i be of help with this project? //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous Login Problem
my guess is stop request packet has not been received nor acknowledged on portmaster. are you using NTRadping?if yes, try changing NAS port. //milver Hello, im using freeradius-1.0.0-pre3 and postgresql as database backend.I got this error when implemeting Simultaneous Use. Just reading docs( Simultaneous Use) and here's my radgroupcheck... Sun Jul 25 22:42:50 2004 : Error: Discarding duplicate request from client portmaster:1026 - ID: 50 due to unfinished requestSun Jul 25 22:42:53 2004 : Error: Discarding duplicate request from client portmaster:1026 - ID: 50 due to unfinished requestSun Jul 25 22:42:56 2004 : Error: Discarding duplicate request from client portmaster:1026 - ID: 50 due to unfinished requestSun Jul 25 22:42:57 2004 : Error: Check-TS: timeout waiting for checkrad
Re: dialup admin replacement
I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
ok I will - Original Message - From: Milver S. Nisay [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:33 AM Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin ) Amin wrote: May I join development team of dailup_admin. I wish not to be a competitor (as I am going to develop AAAadmin) but contributor to dailup_admin also. i wish you can tell me more of this dmin off the list? i can be a beta tester or something more than that, how can i be of help with this project? //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
Ok no problem Go to login2.php Commet line 32 // $passwd = da_encrypt($passwd,$enc_passwd); If this not work try this Commet line 31, and 32 // $passwd = $FF_valPassword; // $passwd = da_encrypt($passwd,$enc_passwd); And change line 34 From if (!strcmp($passwd,$enc_passwd)){ To if (!strcmp($FF_valPassword,$enc_passwd)){ That's all Regards Issa rabba -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup_admin (was Re: New Opensource project-AAAadmin )
I want to know where I can find more about the AAAadmin priject -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Amit Gupta Sent: Monday, July 26, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin ) ok I will - Original Message - From: Milver S. Nisay [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:33 AM Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin ) Amin wrote: May I join development team of dailup_admin. I wish not to be a competitor (as I am going to develop AAAadmin) but contributor to dailup_admin also. i wish you can tell me more of this dmin off the list? i can be a beta tester or something more than that, how can i be of help with this project? //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
On Sat, 24 Jul 2004, sarky wrote: Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. You are actually describing the functionality of dialupadmin? Why are you asking for a replacement instead of just adding this capability to dialupadmin? Anyway, after i 've finished with my security audit of dialupadmin i 'll add that functionality. If you care you can use it. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sqlcounter versus rlm_counter
On Mon, 26 Jul 2004, Shannon Sariman wrote: Hi Fellow FreeRadius Users, I have freeradius-0.9.3 configured with MySQL and experimental modules on a Linux RH 9.0 machine. I've been pulling my hair out trying to get a definite working solution with rlm_sqlcounter to restrict dialup user accounts to prescribed dial-up online access times. For example, 2 hours per user per day and disconnection after 2 hours is up. I tried changing sql instances like sqlcca3 to sql in my sqlcounter.conf to see if it would make any difference but still to no avail. I even had problems trying to compile (rmpbuild) the latest pre-release of version 1.0 of FreeRadius on my Linux RH 9.0 box and resorted back to using ver 0.9.3. I've noticed while searching previous archives of the freeradius mailing lists that there is another counter called rlm_counter but which works with the users file. Can I use this rlm_counter to work with my current setup of FreeRadius and MySQL? How can I do this if possible? Where did you find that it works with the users file? What do you mean by that exactly? rlm_counter keeps it's own database (in GDBM file) while configuration can be in the users file or in a db (sql/ldap). By configuration i mean per user limits. Keeping data in a gdbm file actually makes rlm_counter faster than sql in installations where many rows of accounting are kept for each user. rlm_counter is a stable module while rlm_sqlcounter is an experimental module without a maintainer (as far as i know). Keep that in mind. Any help or hint is much appreciated. Regards, Shannon - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
On Mon, 26 Jul 2004, Amit Gupta wrote: May I join development team of dailup_admin. I wish not to be a competitor (as I am going to develop AAAadmin) but contributor to dailup_admin also. There's no special elite development team which you need to join. You either send in patches or not. Simple as that. Amit Gupta sourceforge_id: amit_gupta - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 24, 2004 8:44 AM Subject: dialup_admin (was Re: New Opensource project-AAAadmin ) Gary McKinney [EMAIL PROTECTED] wrote: I realize dialup_admin is in the radiusd CVS - I would have thought it would have been at least a separate CVS to make allowing others to work with it directly and not mess with the radiusd CVS - but I suppose it works the way it is... The intent is to distribute it as part of the server, so that people can use it to administer the server. I would think things like Realm configurations, SQL configurations, LDAP configurations, SNMP configurations and so one would be a nice addition to the system. That's probably a longer-term work item. Once Kostas finds time to put a web page on freeradius.org about the project, I expect to see a LOT more interest in it, and a lot more patches. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.725 / Virus Database: 480 - Release Date: 7/19/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: pap + md5
Hello! I solved this problem: I changed encryption_scheme from `md5' to `crypt'. ;-} -- Best regards, Sergei Koveshnikov. Hi, im also using freeradius-1.0.0-pre3 + Postgres + pap + md5 without any problem. Im using DIALUP_ADMIN to create user with md5 password. - Original Message - From: Sergei Koveshnikov [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, July 23, 2004 4:44 PM Subject: pap + md5 Hello to everyone! I'm trying to use MAX6000 + freeradius-1.0.0-pre3 + Postgres + pap + md5 encryption for users passwords in the DB. But I've got auth error: = auth: Failed to validate the user. Login incorrect (rlm_pap: Configured MD5 password has incorrect length): [testuser/password] = Why User-Password = 'plain text password' in 'rad_recv' log ? Does radius decrypt password for debus purpouse before puts it on the screen? Any ideas? Thank you! radiusd.conf: modules { pap { encryption_scheme = md5 } } authorize { auth_log files sql } authenticate { authtype MD5 { pap } } radiusd logs: rad_recv: Access-Request packet from host 192.168.0.1:1026, id=145, length=173 User-Name = testuser User-Password = password NAS-IP-Address = 192.168.0.1 NAS-Port = 20214 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = 8048232 Ascend-Calling-Id-Type-Of-Num = Unknown Ascend-Calling-Id-Number-Plan = Unknown Ascend-Calling-Id-Presentatn = Allowed Ascend-Calling-Id-Screening = Network-Provided Acct-Session-Id = 429965508 Ascend-Data-Rate = 31200 Ascend-Xmit-Rate = 33600 skip some lines... rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module sql returns ok for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type MD5 auth: type MD5 Processing the authenticate section of radiusd.conf modcall: entering group authtype for request 0 rlm_pap: login attempt by testuser with password password rlm_pap: Using password $1$L8If2hAa$Oy91qkyF8lkWClyBi1I.u0 for user testuser authentication. rlm_pap: Using MD5 encryption. rlm_pap: Configured MD5 password has incorrect length modcall[authenticate]: module pap returns reject for request 0 modcall: group authtype returns reject for request 0 auth: Failed to validate the user. Login incorrect (rlm_pap: Configured MD5 password has incorrect length): [testuser/password] (from client max2 port 20214 cli 8048232) Delaying request 0 for 1 seconds Finished request 0 -- Best regards, Sergei Koveshnikov. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Thats great!!! Now just to add some functionality for a per month basis and bandwidth usage info. My users are charged on usage not time. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 6:33 AM Subject: RE: dialup admin replacement Ok no problem Go to login2.php Commet line 32 // $passwd = da_encrypt($passwd,$enc_passwd); If this not work try this Commet line 31, and 32 // $passwd = $FF_valPassword; // $passwd = da_encrypt($passwd,$enc_passwd); And change line 34 From if (!strcmp($passwd,$enc_passwd)){ To if (!strcmp($FF_valPassword,$enc_passwd)){ That's all Regards Issa rabba -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
Ok, I will make another template for your uses, and you can change to that template -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 2:58 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Thats great!!! Now just to add some functionality for a per month basis and bandwidth usage info. My users are charged on usage not time. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 6:33 AM Subject: RE: dialup admin replacement Ok no problem Go to login2.php Commet line 32 // $passwd = da_encrypt($passwd,$enc_passwd); If this not work try this Commet line 31, and 32 // $passwd = $FF_valPassword; // $passwd = da_encrypt($passwd,$enc_passwd); And change line 34 From if (!strcmp($passwd,$enc_passwd)){ To if (!strcmp($FF_valPassword,$enc_passwd)){ That's all Regards Issa rabba -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See
RE: dialup admin replacement
I face this problem before, it was Cisco IOS bug, and they fix the it, I think you have to update your IOS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 3:36 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Anyone know how to get dialup_admin to check a poptop NAS to see if users are still connected or not. If a user disconnects by unplugging his wireless card or by loosing signal to the wireless node they remain connected even though there pc has thrown them out. This causes multiple connections and long connection durations with no bandwidth info. Perhaps there is a way to check every hour or so if the user is connected or not? base-nas.albanywireless.co.nz Network Access Server 2 users connected 3 free lines # user ip address caller id name duration 1 icepick 219.88.249.83 - Barry Murphy 104:32:29 2 casper 219.88.249.85 - - 83:25:39 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 8:13 AM Subject: RE: dialup admin replacement Ok, I will make another template for your uses, and you can change to that template -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 2:58 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Thats great!!! Now just to add some functionality for a per month basis and bandwidth usage info. My users are charged on usage not time. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 6:33 AM Subject: RE: dialup admin replacement Ok no problem Go to login2.php Commet line 32 // $passwd = da_encrypt($passwd,$enc_passwd); If this not work try this Commet line 31, and 32 // $passwd = $FF_valPassword; // $passwd = da_encrypt($passwd,$enc_passwd); And change line 34 From if (!strcmp($passwd,$enc_passwd)){ To if (!strcmp($FF_valPassword,$enc_passwd)){ That's all Regards Issa rabba -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL
Re: dialup admin replacement
My problem is the poptop pptp server (with debian's ppp) is acting as the NAS server for my wireless clients, so there is no IOS to update. Not many people tend to be using pptp with radius and can answer this question. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 8:47 AM Subject: RE: dialup admin replacement I face this problem before, it was Cisco IOS bug, and they fix the it, I think you have to update your IOS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 3:36 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Anyone know how to get dialup_admin to check a poptop NAS to see if users are still connected or not. If a user disconnects by unplugging his wireless card or by loosing signal to the wireless node they remain connected even though there pc has thrown them out. This causes multiple connections and long connection durations with no bandwidth info. Perhaps there is a way to check every hour or so if the user is connected or not? base-nas.albanywireless.co.nz Network Access Server 2 users connected 3 free lines # user ip address caller id name duration 1 icepick 219.88.249.83 - Barry Murphy 104:32:29 2 casper 219.88.249.85 - - 83:25:39 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 8:13 AM Subject: RE: dialup admin replacement Ok, I will make another template for your uses, and you can change to that template -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 2:58 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Thats great!!! Now just to add some functionality for a per month basis and bandwidth usage info. My users are charged on usage not time. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 6:33 AM Subject: RE: dialup admin replacement Ok no problem Go to login2.php Commet line 32 // $passwd = da_encrypt($passwd,$enc_passwd); If this not work try this Commet line 31, and 32 // $passwd = $FF_valPassword; // $passwd = da_encrypt($passwd,$enc_passwd); And change line 34 From if (!strcmp($passwd,$enc_passwd)){ To if (!strcmp($FF_valPassword,$enc_passwd)){ That's all Regards Issa rabba -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup
Re: dialup_admin functional changes
On Mon, 26 Jul 2004, Gary McKinney wrote: Kostas, One thing I have noticed in going through the preceived user intuitiveness ( is that a word?) of the dialup_admin program is the links contained in the different pages displayed tend to blend into the background and unless a person using the program either moves the mouse over the link(s) or is aware of the links on the page the user will miss them completely... Case in point: The User Statistics page displays the usernames in the second column of the user statistics table. Since the link=black and alink=black in the body tag the links are not apparent (blend into the background of normal text) to the user of the dialup_admin program. Would it not be better to have the link, alink and vlink definitions in the style.css file so they could be set as by the user of the program to differentiate the links from normal text? This change (and I see the link, vlink definitions are contained within the different php files in the body tag) would help to differentiate the links on the pages from the normal text display (more intuitive that the link(s) exist)... That's a nice idea. It will go in CVS. Since i 've already done a lot of security changes to the php files, they 'll all go in at the same. Thanks for the suggestion, if you can find any other place where style sheets can help i 'll be glad to hear it. Just a suggestion... gm... --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Appending a realm to a username based on the NAS ip address
Hello all, Im a newbie to Freeradius and Im trying to find out how to append a realm to a username if one has not been submitted based on a particular IP address of a NAS during authentication. We are presently adding a previously existing domain to authenticate on our radius server but most of the user did not enter a domain during authentication. Is there anyway for m to do this??? Sherwin
Acct-Unique-Session-Id and exec
Hello, I am running freeradius 0.9.3. I need to run an external program after stop record arrives. I pass %{Acct-Unique-Session-Id}, %{User-Name} and %{Calling-Station-Id} to this external program. according to this username and callingnumber it does some calculations and should update radacct table for this acctuniquesessionid. The problem is that often my external program receives uniquesessionid which is not found in radacct. As noted in config, exec is called after sql so it should be there but... Is there any obvious reason for this? Now I decided to use Acct-Session-Id instead and since then I have no problems. Any suggestions? my config: ... modules { realm RealM { format = suffix delimiter = @ } preprocess { with_cisco_vsa_hack = yes } files { usersfile = ${confdir}/users } exec setprice { wait = no program = /usr/local/radius/share/epw %{Acct-Status-Type} %{User-Name} %{Acct-Session-Id} %{Calling-Station-Id} input_pairs = request } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id } $INCLUDE ${confdir}/sql.conf } ... preacct { preprocess } accounting { acct_unique sql setprice detail } Best Regards, -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
On Mon, Jul 26, 2004 at 10:56:47PM +1200, Barry Murphy wrote: My problem is the poptop pptp server (with debian's ppp) is acting as the NAS server for my wireless clients, so there is no IOS to update. Not many people tend to be using pptp with radius and can answer this question. Barry Hi Barry, Can you tell me how would you like to check if users are still on-line? Namely, I have similar situation (dbian woody) in which ppp hangs so it looks like user is still on-line but it is not. Regards, Ivo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin functional changes
I think development of AAAadmin has kicked discussion on what dialup admin lacks and what need to be improved - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 4:25 AM Subject: Re: dialup_admin functional changes On Mon, 26 Jul 2004, Gary McKinney wrote: Kostas, One thing I have noticed in going through the preceived user intuitiveness ( is that a word?) of the dialup_admin program is the links contained in the different pages displayed tend to blend into the background and unless a person using the program either moves the mouse over the link(s) or is aware of the links on the page the user will miss them completely... Case in point: The User Statistics page displays the usernames in the second column of the user statistics table. Since the link=black and alink=black in the body tag the links are not apparent (blend into the background of normal text) to the user of the dialup_admin program. Would it not be better to have the link, alink and vlink definitions in the style.css file so they could be set as by the user of the program to differentiate the links from normal text? This change (and I see the link, vlink definitions are contained within the different php files in the body tag) would help to differentiate the links on the pages from the normal text display (more intuitive that the link(s) exist)... That's a nice idea. It will go in CVS. Since i 've already done a lot of security changes to the php files, they 'll all go in at the same. Thanks for the suggestion, if you can find any other place where style sheets can help i 'll be glad to hear it. Just a suggestion... gm... --- [This E-mail scanned for viruses by Declude Ant-Virus Scanner] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
redhat spec file problem?
I'm trying to build an rpm on fedora core 1 with the included redhat spec file but not having much luck. I had to make symlink from /usr/include/com_err.h - /usr/include/et/com_err.h to get the kerberos stuff to compile. I also modified the header to include the prerelease portion: Name: freeradius Version: 1.0.0 Release: pre3 License: GPL Group: Networking/Daemons Packager: FreeRADIUS.org Source0: %{name}-%{version}-%{release}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root I have gotten to the point where it compiles but dies when it tries to package the RPM: Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/freeradius-1.0.0-pre3-root error: Installed (but unpackaged) file(s) found: /usr/share/doc/freeradius-1.0.0-pre3/Autz-Type /usr/share/doc/freeradius-1.0.0-pre3/DIFFS /usr/share/doc/freeradius-1.0.0-pre3/MACOSX /usr/share/doc/freeradius-1.0.0-pre3/OS2 /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema /usr/share/doc/freeradius-1.0.0-pre3/README /usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use (snip) RPM build errors: Installed (but unpackaged) file(s) found: /usr/share/doc/freeradius-1.0.0-pre3/Autz-Type /usr/share/doc/freeradius-1.0.0-pre3/DIFFS /usr/share/doc/freeradius-1.0.0-pre3/MACOSX /usr/share/doc/freeradius-1.0.0-pre3/OS2 /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema /usr/share/doc/freeradius-1.0.0-pre3/README /usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use (snip) I am not very good with spec files. I did try changing the doc line in the files section to %doc doc/* but that didn't work either. Thanks dave -- Dave Weis [EMAIL PROTECTED] http://www.internetsolver.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
MD5 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:05 AM Subject: RE: dialup admin replacement what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
I am using md5 which is the default in radius.conf - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:12 PM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dialup admin replacement
Ok, when save the password at the database what interface you use, do send the password to the encrypt function do you send a salt with the password? If yes what is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Monday, July 26, 2004 5:39 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement MD5 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:05 AM Subject: RE: dialup admin replacement what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Actualy I care i dont know about the rest, but i have been using freeradius/dialup-admin for a while and development just seem to have stoped on dialup-admin, hence i was loosing hope. Sarky Thanx On Mon, 26 Jul 2004 11:48:05 +0300 (EEST), Kostas Kalevras wrote: On Sat, 24 Jul 2004, sarky wrote: Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. You are actually describing the functionality of dialupadmin? Why are you asking for a replacement instead of just adding this capability to dialupadmin? Anyway, after i 've finished with my security audit of dialupadmin i 'll add that functionality. If you care you can use it. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas KalevrasNetwork Operations Center [EMAIL PROTECTED]National Technical University of Athens, Greece Work Phone:+30 210 7721861 'Go back to the shadow'Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Is Release 1.0.0 available?
just curious ..., what's a toddler? ;-) congrulations from me to :) regards On Mon, 2004-07-26 at 14:15 +0100, Graeme Hinchliffe wrote: On Thu, 2004-07-22 at 22:25, Alan DeKok wrote: David [EMAIL PROTECTED] wrote: I saw on the list last week that 1.0.0 was just about ready and I have seen some other posts referring to 1.0.0 , is 1.0.0 ready for download yet? No. I was going to release it last Friday, but my wife released Baby 1.0 first. That took priority, oddly enough. Give me a few days to sleep... congratulations!, welcome to the world of parenting and sleepless nights of stress :) enjoy your few days of sleep (if you get them) you may not be getting any more for a while :) Congratulations... (I have both baby 2.0 and Toddler 1.0 at home :) ) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to resolve following scenario: two groups of clients accessing wifi AP ++
On Mon, 2004-07-26 at 09:14, Zdenek Pizl wrote: On Fri, 2004-07-23 at 17:54, Alan DeKok wrote: Zdenek Pizl [EMAIL PROTECTED] wrote: I don't know exactly what do I need to search, the optimal version how to distinguish between groups of EAP/TLS and MAC users would be: [0-9a-fA-F]{6}-[0-9a-fA-F]{6} Auth-Type := Local DEFAULT Auth-Type := EAP But there is no posibility to use regexp in users file, isn't it? Why do you say that? Sorry, it works, my mistake. DEFAULT User-Name =~ ^[A-Z]{1}.* [A-Z]{1}.* -- Zdenek Pizl Systinet Corporation Vinohradska 190 130 00 Praha 3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
On Mon, 26 Jul 2004, sarky wrote: Actualy I care i dont know about the rest, but i have been using freeradius/dialup-admin for a while and development just seem to have stoped on dialup-admin, hence i was loosing hope. 1. It never stoped. Have you looked in the Changelog, or in the dialupadmin CVS? 2. I don't remember ever seeing an email asking for such a feature like the one you asked. Sarky Thanx On Mon, 26 Jul 2004 11:48:05 +0300 (EEST), Kostas Kalevras wrote: On Sat, 24 Jul 2004, sarky wrote: Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. You are actually describing the functionality of dialupadmin? Why are you asking for a replacement instead of just adding this capability to dialupadmin? Anyway, after i 've finished with my security audit of dialupadmin i 'll add that functionality. If you care you can use it. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas KalevrasNetwork Operations Center [EMAIL PROTECTED]National Technical University of Athens, Greece Work Phone:+30 210 7721861 'Go back to the shadow'Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
I think poptop is able to disconnect the user automatically when the session is lost. - Original Message - From: Barry Murphy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:56 PM Subject: Re: dialup admin replacement My problem is the poptop pptp server (with debian's ppp) is acting as the NAS server for my wireless clients, so there is no IOS to update. Not many people tend to be using pptp with radius and can answer this question. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 8:47 AM Subject: RE: dialup admin replacement I face this problem before, it was Cisco IOS bug, and they fix the it, I think you have to update your IOS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 3:36 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Anyone know how to get dialup_admin to check a poptop NAS to see if users are still connected or not. If a user disconnects by unplugging his wireless card or by loosing signal to the wireless node they remain connected even though there pc has thrown them out. This causes multiple connections and long connection durations with no bandwidth info. Perhaps there is a way to check every hour or so if the user is connected or not? base-nas.albanywireless.co.nz Network Access Server 2 users connected 3 free lines # user ip address caller id name duration 1 icepick 219.88.249.83 - Barry Murphy 104:32:29 2 casper 219.88.249.85 - - 83:25:39 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 8:13 AM Subject: RE: dialup admin replacement Ok, I will make another template for your uses, and you can change to that template -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 2:58 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Thats great!!! Now just to add some functionality for a per month basis and bandwidth usage info. My users are charged on usage not time. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 6:33 AM Subject: RE: dialup admin replacement Ok no problem Go to login2.php Commet line 32 // $passwd = da_encrypt($passwd,$enc_passwd); If this not work try this Commet line 31, and 32 // $passwd = $FF_valPassword; // $passwd = da_encrypt($passwd,$enc_passwd); And change line 34 From if (!strcmp($passwd,$enc_passwd)){ To if (!strcmp($FF_valPassword,$enc_passwd)){ That's all Regards Issa rabba -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change
Re: Is Release 1.0.0 available?
On Mon, 2004-07-26 at 14:25, Raimund Sacherer wrote: just curious ..., what's a toddler? ;-) :) a more mobile/noisey/destructive/stressful version of a baby :) -- - Graeme Hinchliffe (BSc) Core Internet Systems Designer Zen Internet (http://www.zen.co.uk/) ICQ 3842605 (link) Direct: 0845 058 9074 Main : 0845 058 9000 Fax : 0845 058 9005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Exec-Program-Wait attributes not included in Access-Accept
Hi, I have freeradius 0.9.3 running with Postgresql database backend. The only thing the radius checks is the password and then executes an external script if authentication is ok. The section in the users file is: DEFAULT Auth-Type = Local Exec-Program-Wait = /opt/radius1/bin/auth.pl Everything runs fine, except the attributes output by the script (attr = value seperated by newlines) are not added to the reply as you can see in this debugging output: auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: '/opt/radius1/bin/auth.pl' Exec-Program: /opt/radius1/bin/auth.pl Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program: returned: 0 Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22) Sending Access-Accept of id 112 to 192.168.250.105:32780 Finished request 0 Going to the next request Any idea what might be wrong? Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Acct-Unique-Session-Id and exec
Might be caused by acct packets for the same sessions coming from different IP addresses, which causes Client-IP-Address to have a different value. - Original Message - From: George Chelidze [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 1:37 PM Subject: Acct-Unique-Session-Id and exec Hello, I am running freeradius 0.9.3. I need to run an external program after stop record arrives. I pass %{Acct-Unique-Session-Id}, %{User-Name} and %{Calling-Station-Id} to this external program. according to this username and callingnumber it does some calculations and should update radacct table for this acctuniquesessionid. The problem is that often my external program receives uniquesessionid which is not found in radacct. As noted in config, exec is called after sql so it should be there but... Is there any obvious reason for this? Now I decided to use Acct-Session-Id instead and since then I have no problems. Any suggestions? my config: ... modules { realm RealM { format = suffix delimiter = @ } preprocess { with_cisco_vsa_hack = yes } files { usersfile = ${confdir}/users } exec setprice { wait = no program = /usr/local/radius/share/epw %{Acct-Status-Type} %{User-Name} %{Acct-Session-Id} %{Calling-Station-Id} input_pairs = request } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } detail auth_log { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { key = User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port-Id } $INCLUDE ${confdir}/sql.conf } ... preacct { preprocess } accounting { acct_unique sql setprice detail } Best Regards, -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait attributes not included in Access-Accept
On Mon, Jul 26, 2004 at 03:58:37PM +0200, Thor Spruyt wrote: I have freeradius 0.9.3 running with Postgresql database backend. The only thing the radius checks is the password and then executes an external script if authentication is ok. The section in the users file is: DEFAULT Auth-Type = Local Exec-Program-Wait = /opt/radius1/bin/auth.pl Everything runs fine, except the attributes output by the script (attr = value seperated by newlines) are not added to the reply as you can see in this debugging output: auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: '/opt/radius1/bin/auth.pl' Exec-Program: /opt/radius1/bin/auth.pl Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program: returned: 0 Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22) Sending Access-Accept of id 112 to 192.168.250.105:32780 Finished request 0 Going to the next request Any idea what might be wrong? Hmm. I'd suggest outputting the attributes on seperate lines... I'd also suggest moving to rlm_exec, which is less bug-prone as far as we know. ^_^ -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: x99_rlm.c error
Follow-up: FreeRADIUS 1.0.0-pre2 seems to compile and install correctly -Original Message- From: Willey Kurt D Sent: Friday, July 23, 2004 4:03 PM To: [EMAIL PROTECTED] Subject: x99_rlm.c error Can anyone shed some light on this error?? Fedora Core 2, FreeRADIUS 1.0.0-pre3 # CC=/usr/local/gcc-3.4.0/bin/gcc ./configure --prefix=/usr/local/radiusd --with-ldap --with-rlm-ldap-lib-dir=/usr/local/ldap/lib --with-rlm-ldap-include-dir=/usr/local/ldap/include/ --with-openssl-includes=/usr/local/ssl/include/ --with-openssl-libraries=/usr/local/ssl/lib/ # make snip Making static dynamic in rlm_unix... gmake[6]: Entering directory `/root/freeradius-1.0.0-pre3/src/modules/rlm_unix' /root/freeradius-1.0.0-pre3/libtool --mode=link ld \ -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I/usr/local/ssl/include -Wall -D_GNU_SOURCE -DNDEBUG -I../../include rlm_unix.o cache.o compat.o -o rlm_unix.a ar cru rlm_unix.a rlm_unix.o cache.o compat.o ranlib rlm_unix.a gmake[6]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules/rlm_unix' Making static dynamic in rlm_x99_token... gmake[6]: Entering directory `/root/freeradius-1.0.0-pre3/src/modules/rlm_x99_token' /usr/local/gcc-3.4.0/bin/gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -I/usr/local/ssl/include -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -DX99_MODULE_NAME=\rlm_x99_token\ -I/usr/local/ssl/include -DFREERADIUS -c x99_rlm.c -o x99_rlm.o x99_rlm.c: In function `x99_token_authenticate': x99_rlm.c:550: error: label at end of compound statement gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/root/freeradius-1.0.0-pre3/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/freeradius-1.0.0-pre3/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/root/freeradius-1.0.0-pre3/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/freeradius-1.0.0-pre3' make: *** [all] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with huntgroups file in freeradius-1.0.0-pre3
Hi, We are experiencing problems using the huntgroups file with freeradius-1.0.0-pre3. Please note that the NAS-IP-Address is the same for both huntgroups ie 217.15.97.19. Using different NAS-IP-Addresses works fine Huntgroups file is as follows :- streamgamers NAS-IP-Address == 217.15.97.19 Group == users, Group == tech gaming NAS-IP-Address == 217.15.97.19 Group == gamers, Group == users, Group == tech Users file is as follows :- DEFAULT Auth-Type := System, Hint == gamestream, Huntgroup-Name == gaming, Service-Type == Framed-User Service-Type = Framed-User, Framed-Protocol = PPP, DEFAULT Auth-Type := System, Hint == stream, Huntgroup-Name == streamgamers, Service-Type == Framed-User Service-Type = Framed-User, Framed-Protocol = PPP, Hints file is as follows :- DEFAULT Suffix == @stream, Strip-User-Name = Yes Hint = stream DEFAULT Suffix == @gamestream, Strip-User-Name = Yes Hint = gamestream The problem we have is the following :- Imagine 2 users john1 in group gamers peter1 in group tech we require john1 to obtain access using only the @gamestream realm if [EMAIL PROTECTED] tries to connect he is denied access stating the following error :- Mon Jul 26 10:39:24 2004 : Auth: No huntgroup access: [john1] If [EMAIL PROTECTED] tries to connect he is denied access If [EMAIL PROTECTED] tries to connect he is allowed access If [EMAIL PROTECTED] tries to connect he is allowed access Now if we modify the huntgroups file as follows putting the gaming huntgorup first (the one with more groups):- gaming NAS-IP-Address == 217.15.97.19 Group == gamers, Group == users, Group == tech streamgamers NAS-IP-Address == 217.15.97.19 Group == users, Group == tech And try the users again :- we require john1 to obtain access using only the @gamestream realm if [EMAIL PROTECTED] tries to connect he is allowed access If [EMAIL PROTECTED] tries to connect he is allowed access (which is not required) If [EMAIL PROTECTED] tries to connect he is allowed access If [EMAIL PROTECTED] tries to connect he is allowed access This means that for some reason only the first list of groups is matching Can you help us out. If you require further details just ask. Thanks for your time! Regards, David Mifsud Network Engineer DataStream Ltd. Office Direct: 2567 7230 Office General: 2567 7000 URL: http://www.datastream.com.mt/ This Email is confidential and intended solely for the use of the individual to whom it is addressed. Any views or opinions represented are solely those of the author and do not necessarily represent those of Datastream Ltd. If you are not the intended recipient, be advised that you have received this e-mail in error and that any use, dissemination, forwarding,printing or copying of this Email is strictly prohibited. Please notify the sender immediately by e-mail if you have received this e-mail by mistake or call +356 21482000 and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or free of errors as information could be intercepted, corrupted, lost, destroyed, delayed or incomplete, and/or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of Email Transmission.
Re: dialup admin replacement
maybe a fault of mine for not going through the logs, when i look at patches or release i always see it the same so i assumed that it is not active. but now i know and as for an email asking for features never did cause of the above reason but now i know. Sarky On Mon, 26 Jul 2004 16:28:54 +0300 (EEST), Kostas Kalevras wrote: On Mon, 26 Jul 2004, sarky wrote: Actualy I care i dont know about the rest, but i have been using freeradius/dialup-admin for a while and development just seem to have stoped on dialup-admin, hence i was loosing hope. 1. It never stoped. Have you looked in the Changelog, or in the dialupadmin CVS? 2. I don't remember ever seeing an email asking for such a feature like the one you asked. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to distinguih between MAC an 802.1x auth requests
Hallo, We are using Orinoco AP600 accesspoint. This AP can do Radius MAC Access control and EAP/802.1x Auth control. The question is how have I configure the FreeRadius server to distinguish between these two options. I am not able to get it work. I am trying to distinguish these two cases in according to User-Name, because there is a difference in it (a mac address in the first case and the defined user name from X.509 cet in the second one). But I am not successful :( hints file: *** DEFAULT User-Name =~ ^[A-Z]{1}.* [A-Z]{1}.* Auth-Type := EAP, Hint := EAP DEFAULT User-Name =~ ^[0-9a-f]{12}$ Auth-Type := Local, User-Password := MACADDRESS, Hint := WEP users file: DEFAULT Hint == WEP, Auth-Type := Local Framed-IP-Address = 255.255.255.255, Framed-IP-Netmask = 255.255.255.0, DEFAULT Hint == EAP, Auth-Type := EAP Framed-IP-Address = 255.255.255.255, Framed-IP-Netmask = 255.255.255.0, Doe anybody resolve similar scenario? Thanks in advance. z.p. -- Zdenek Pizl Systinet Corporation Vinohradska 190 130 00 Praha 3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Enforcement rules after EAP authentication
I haven't noticed it before. The AP sends the MAC in the Calling Station ID. Tacio On Monday 26 July 2004 08:11, Tacio Santos wrote: Hi, I'm new to freeradius (and also to radius) and I've sucessfully setup EAP/TTLS authentication (thanks for this great project). Now I need to be able to do enforcement rules on my firewall per user basis (not only for authorization, but also for measurement). Is there a way to get the client MAC address from the radius server right after the EAP authentication fase? If not, how could I achieve this level of control? Thanks for you attention, Tacio - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait attributes not included in Access-Accept
Got it... The script has to output ,\n after each pair like so: Acct-Interim-Interval = 600, Idle-Timeout = 3600, Session-Timeout = 171454526 Regards, Thor. - Original Message - From: Paul Hampson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 4:16 PM Subject: Re: Exec-Program-Wait attributes not included in Access-Accept On Mon, Jul 26, 2004 at 03:58:37PM +0200, Thor Spruyt wrote: I have freeradius 0.9.3 running with Postgresql database backend. The only thing the radius checks is the password and then executes an external script if authentication is ok. The section in the users file is: DEFAULT Auth-Type = Local Exec-Program-Wait = /opt/radius1/bin/auth.pl Everything runs fine, except the attributes output by the script (attr = value seperated by newlines) are not added to the reply as you can see in this debugging output: auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: '/opt/radius1/bin/auth.pl' Exec-Program: /opt/radius1/bin/auth.pl Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program: returned: 0 Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22) Sending Access-Accept of id 112 to 192.168.250.105:32780 Finished request 0 Going to the next request Any idea what might be wrong? Hmm. I'd suggest outputting the attributes on seperate lines... I'd also suggest moving to rlm_exec, which is less bug-prone as far as we know. ^_^ -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Hi Barry, Would it not be better to contact the maintainer of the pppd for the Debian distribution and ask him/her why pppd is not sending the stop accounting packet to the radius server when a connection is dropped (for whatever reason) That would fix the problem the way it should be corrected instead of bandaiding it Gary N. McKinney -- Original Message -- From: Barry Murphy [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] Date: Mon, 26 Jul 2004 22:35:54 +1200 Anyone know how to get dialup_admin to check a poptop NAS to see if users are still connected or not. If a user disconnects by unplugging his wireless card or by loosing signal to the wireless node they remain connected even though there pc has thrown them out. This causes multiple connections and long connection durations with no bandwidth info. Perhaps there is a way to check every hour or so if the user is connected or not? base-nas.albanywireless.co.nz Network Access Server 2 users connected 3 free lines # user ip address caller id name duration 1 icepick 219.88.249.83 - Barry Murphy 104:32:29 2 casper 219.88.249.85 - - 83:25:39 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 8:13 AM Subject: RE: dialup admin replacement Ok, I will make another template for your uses, and you can change to that template -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 2:58 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Thats great!!! Now just to add some functionality for a per month basis and bandwidth usage info. My users are charged on usage not time. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 6:33 AM Subject: RE: dialup admin replacement Ok no problem Go to login2.php Commet line 32 // $passwd = da_encrypt($passwd,$enc_passwd); If this not work try this Commet line 31, and 32 // $passwd = $FF_valPassword; // $passwd = da_encrypt($passwd,$enc_passwd); And change line 34 From if (!strcmp($passwd,$enc_passwd)){ To if (!strcmp($FF_valPassword,$enc_passwd)){ That's all Regards Issa rabba -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our
Checking SubjectAltName instead of CN
Title: Checking SubjectAltName instead of CN I've setup freeradius to authenticate users via EAP-TLS. To enforce security I'd like to check the username contained in the client certificate. Is there a way to do it based on the SubjectAltName instead of the CN? The eap.conf knows only the CN based option: check_cert_cn = %{User-Name} The SubjectAltName in my certificates contains an email address and is more easily to handle. Regards, Thomas -- Thomas Kraemmer
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
issa rabba' [EMAIL PROTECTED] wrote: I want to know where I can find more about the AAAadmin priject The AAAadmin project is NOT part of FreeRADIUS. Everyone, stop posting AAAadmin questions to this list. It should have its own list, hosted elsewhere. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using multi-valued string LDAP attributes for user lockout in freeradius-1.x
On Fri, 23 Jul 2004, Daniel Epstein wrote: Greetings all, We run a freeradius-0.9.3 installation handling authentications for a number of different NASs on our campus. The RADIUS servers are using an openldap directory as the primary user credentials store. For a number of reasons, we designed our LDAP schema such that authorization for services is indicated by one or more values set in a multi-valued string attribute of the user object. This is as opposed to using group membership or a series of discrete boolean or string attributes for authorization to each service type. It should also be noted that the RADIUS server does not bind to LDAP in the context of a privileged account, but with the credentials supplied by the NAS client. When we initially deployed this infrastructure three years ago, we found that the rlm_ldap module was not able to query a multi-valued attribute for authorization using the 'access-attr' option. Following suggestions from this list, we instead extended the 'filter' value to cause the authentication to fail if a particular string appears in the access attribute. We have the following configuration: - radiusd.conf - ldap ldap-vpn { ... filter = ((uid=%u)(!(ucPriv=novpn))) ... } ldap ldap-modem { ... filter = ((uid=%u)(!(ucPriv=nomodem))) ... } ldap ldap-soup { ... filter = ((uid=%u)(!(ucPriv=nosoup))) ... } ... authenticate { Auth-Type aldap-vpn { ldap-vpn } Auth-Type aldap-modem { ldap-modem } Auth-Type aldap-soup { ldap-soup } } authorize { preprocess files Autz-Type zldap-vpn { ldap-vpn } Autz-Type zldap-modem { ldap-modem } Autz-Type zldap-soup { ldap-soup } } ... - huntgroups.conf - vpn NAS-IP-Address == x.x.x.x vpn NAS-IP-Address == x.x.x.x vpn NAS-IP-Address == x.x.x.x modem NAS-IP-Address == x.x.x.x modem NAS-IP-Address == x.x.x.x modem NAS-IP-Address == x.x.x.x soup NAS-IP-Address == x.x.x.x - users - DEFAULT Huntgroup-Name == vpn, Auth-Type := aldap-vpn, Autz-Type := zldap-vpn DEFAULT Huntgroup-Name == modem, Auth-Type := aldap-modem, Autz-Type := zldap-modem DEFAULT Huntgroup-Name == soup, Auth-Type := aldap-soup, Autz-Type := zldap-soup While this works for us in terms of allowing and denying access appropriately, it is not optimal in that it does not allow us to log or return to the NAS the proper reason for authentication failure (because we are bundling authorization with authentication). We're now in the middle of a redesign of the RADIUS infrastructure (including possible plans to test and deploy version 1.0.0 when released). I was wondering if there is now a better way to approach this problem under the current version. I've looked at the checkval module, but this seems to really work in the opposite direction, checking values from the NAS, not from the auth store, but I confess I don't understand it entirely. Any help or suggestions would be appreciated. Cheers, Dan -- You may like the way we did it using the ldap-group option. That way you don't have to define different ldap instances to use. The documentation is located at http://doris.cc/radius. It is a little outdated in versions, but should work with 1.0 and newer openldap versions. I will get around to updating that documentation for 1.0 one of these days, although not much will be different. That doc is also located in the doc directory in recent versions (doc/ldap_howto.txt). -Dusty Doris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
issa rabba' [EMAIL PROTECTED] wrote... ( 1-2 sentences, followed by reams of quoted material. ) Can people PLEASE edit their posts, to NOT include all of the previous messages in a thread? If you need to see the older messages, read the archives. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy server knows password
Hi, I have a homeserver and a proxyserver running on the same machine, but on different ports and different compilations (so they're actually independant of each other). When I run the homeserver with -X, it prints out the User-Password attribute of the Access-Request packet, which I think is normal. But when I run the proxyserver with -X, it also prints out the User-Password attribute of the Access-Request packet... I don't want anyone to see my users' passwords! Is there any reason why the proxy server sees the password? Is there any way to prevent this from happening on the homeserver? Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: redhat spec file problem?
Hi, i've changed the spec for the same reason. You can try it (see attachment), but you must tar the freeradius sources in directory ..-1.0.0, not - ..-1.0.0-pre3. Cheers, Simeon Penev Dave Weis wrote: I'm trying to build an rpm on fedora core 1 with the included redhat spec file but not having much luck. I had to make symlink from /usr/include/com_err.h - /usr/include/et/com_err.h to get the kerberos stuff to compile. I also modified the header to include the prerelease portion: Name: freeradius Version: 1.0.0 Release: pre3 License: GPL Group: Networking/Daemons Packager: FreeRADIUS.org Source0: %{name}-%{version}-%{release}.tar.gz BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root I have gotten to the point where it compiles but dies when it tries to package the RPM: Checking for unpackaged file(s): /usr/lib/rpm/check-files /var/tmp/freeradius-1.0.0-pre3-root error: Installed (but unpackaged) file(s) found: /usr/share/doc/freeradius-1.0.0-pre3/Autz-Type /usr/share/doc/freeradius-1.0.0-pre3/DIFFS /usr/share/doc/freeradius-1.0.0-pre3/MACOSX /usr/share/doc/freeradius-1.0.0-pre3/OS2 /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema /usr/share/doc/freeradius-1.0.0-pre3/README /usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use (snip) RPM build errors: Installed (but unpackaged) file(s) found: /usr/share/doc/freeradius-1.0.0-pre3/Autz-Type /usr/share/doc/freeradius-1.0.0-pre3/DIFFS /usr/share/doc/freeradius-1.0.0-pre3/MACOSX /usr/share/doc/freeradius-1.0.0-pre3/OS2 /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAP.schema /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-LDAPv3.schema /usr/share/doc/freeradius-1.0.0-pre3/RADIUS-SQL.schema /usr/share/doc/freeradius-1.0.0-pre3/README /usr/share/doc/freeradius-1.0.0-pre3/Simultaneous-Use (snip) I am not very good with spec files. I did try changing the doc line in the files section to %doc doc/* but that didn't work either. Thanks dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy server knows password
On Mon, 26 Jul 2004, Thor Spruyt wrote: Hi, I have a homeserver and a proxyserver running on the same machine, but on different ports and different compilations (so they're actually independant of each other). When I run the homeserver with -X, it prints out the User-Password attribute of the Access-Request packet, which I think is normal. But when I run the proxyserver with -X, it also prints out the User-Password attribute of the Access-Request packet... I don't want anyone to see my users' passwords! Is there any reason why the proxy server sees the password? You 're using PAP as the authentication protocol Is there any way to prevent this from happening on the homeserver? Use EAP-TTLS-PAP,MS-CHAP,CHAP as authentication protocol. That's something the client decides though. Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: redhat spec file problem?
i've changed the spec for the same reason. You can try it (see attachment), interesting ... where ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Proxy server knows password
- Original Message - From: Kostas Kalevras [EMAIL PROTECTED] On Mon, 26 Jul 2004, Thor Spruyt wrote: Is there any way to prevent this from happening on the homeserver? Use EAP-TTLS-PAP,MS-CHAP,CHAP as authentication protocol. That's something the client decides though. In radiusd.conf on the homeserver I only have authenticate { Auth-Type CHAP { chap } } I understand that it's up to the NAS, but I would expect that the homeserver denies PAP requests if it's not defined in radiusd.conf, so that the NAS has to be configured to use CHAP? Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: redhat spec file problem?
marco wrote: i've changed the spec for the same reason. You can try it (see attachment), interesting ... where ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Here it is: Summary: High-performance and highly configurable RADIUS server URL: http://www.freeradius.org/ Name: freeradius Version: 1.0.0 Release: pre3 License: GPL Group: Networking/Daemons Packager: FreeRADIUS.org Source0: %{name}-%{version}.tar.gz Prereq: /sbin/chkconfig BuildPreReq: libtool # FIXME: snmpwalk, snmpget and rusers POSSIBLY needed by checkrad Provides: radiusd Conflicts: cistron-radius BuildRoot: %{_tmppath}/%{name}-root %description The FreeRADIUS Server Project is a high-performance and highly configurable GPL'd RADIUS server. It is somewhat similar to the Livingston 2.0 RADIUS server, but has many more features, and is much more configurable. %prep %setup %build CFLAGS=$RPM_OPT_FLAGS \ %configure --prefix=%{_prefix} \ --localstatedir=%{_localstatedir} \ --sysconfdir=%{_sysconfdir} \ --mandir=%{_mandir} \ --without-rlm-krb5 \ --with-experimental-modules make %install [ $RPM_BUILD_ROOT != / ] rm -rf $RPM_BUILD_ROOT mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,rc.d/init.d} make install R=$RPM_BUILD_ROOT RADDB=$RPM_BUILD_ROOT/etc/raddb # set radiusd as default user/group perl -i -pe 's/^#user =.*$/user = radiusd/' $RADDB/radiusd.conf perl -i -pe 's/^#group =.*$/group = radiusd/' $RADDB/radiusd.conf # shadow password file MUST be defined on Linux perl -i -pe 's/#shadow =/shadow =/' $RADDB/radiusd.conf # remove unneeded stuff rm -f $RPM_BUILD_ROOT%{_mandir}/man8/builddbm.8 rm -f $RPM_BUILD_ROOT%{_prefix}/sbin/rc.radiusd cd redhat install -m 755 rc.radiusd-redhat $RPM_BUILD_ROOT/etc/rc.d/init.d/radiusd install -m 644 radiusd-logrotate $RPM_BUILD_ROOT/etc/logrotate.d/radiusd install -m 644 radiusd-pam $RPM_BUILD_ROOT/etc/pam.d/radius cd .. %pre /usr/sbin/useradd -c radiusd user -r -s /bin/false -u 95 -d / radiusd 2/dev/null || : %preun if [ $1 = 0 ]; then /sbin/service radiusd stop /dev/null 21 /sbin/chkconfig --del radiusd fi %post /sbin/ldconfig /sbin/chkconfig --add radiusd # Done here to avoid messing up existing installations for i in radius/radutmp radius/radwtmp radius/radius.log # radius/radwatch.log radius/checkrad.log do touch /var/log/$i chown radiusd:radiusd /var/log/$i chmod 600 /var/log/$i done %postun if [ $1 -ge 1 ]; then /sbin/service radiusd condrestart /dev/null 21 fi if [ $1 = 0 ]; then /usr/sbin/userdel radiusd /dev/null 21 || : fi /sbin/ldconfig %clean [ $RPM_BUILD_ROOT != / ] rm -rf $RPM_BUILD_ROOT %files %defattr(-,root,root) %doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL %config /etc/pam.d/radius %config /etc/logrotate.d/radiusd %config /etc/rc.d/init.d/radiusd %config (noreplace) /etc/raddb/* %{_bindir}/* %{_datadir}/%{name} %{_libdir}/* %{_mandir}/*/* %{_sbindir}/* %attr(0700,radiusd,radiusd) %dir /var/log/radius %attr(0700,radiusd,radiusd) %dir /var/log/radius/radacct %attr(0700,radiusd,radiusd) %dir /var/run/radiusd %changelog * Mon May 31 2004 Paul Hampson - update for 1.0.0 release * Fri May 23 2003 Marko Myllynen - update for 0.9 * Wed Sep 4 2002 Marko Myllynen - fix libtool issues for good * Thu Aug 22 2002 Marko Myllynen - update for 0.7/0.8 * Tue Jun 18 2002 Marko Myllynen - run as radiusd user instead of root - added some options for configure * Thu Jun 6 2002 Marko Myllynen - set noreplace for non-dictionary files in /etc/raddb * Sun May 26 2002 Frank Cusack [EMAIL PROTECTED] - move /var dirs from %%post to %%files * Thu Feb 14 2002 Marko Myllynen - use dir name macros in all configure options - libtool is required only when building the package - misc clean ups * Wed Feb 13 2002 Marko Myllynen - use %%{_mandir} instead of /usr/man - rename %%postin as %%post - clean up name/version * Fri Jan 18 2002 Frank Cusack [EMAIL PROTECTED] - remove (noreplace) for /etc/raddb/* (due to rpm bugs) * Fri Sep 07 2001 Ivan F. Martinez [EMAIL PROTECTED] - changes to make compatible with default config file shipped - adjusts log files are on /var/log/radius instead of /var/log - /etc/raddb changed to config(noreplace) to don't override - user configs * Fri Sep 22 2000 Bruno Lopes F. Cabral [EMAIL PROTECTED] - spec file clear accordling to the libltdl fix and minor updates * Wed Sep 12 2000 Bruno Lopes F. Cabral [EMAIL PROTECTED] - Updated to snapshot-12-Sep-00 * Fri Jun 16 2000 Bruno Lopes F. Cabral [EMAIL PROTECTED] - Initial release - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: redhat spec file problem?
In the %files section I have change # %doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL * for %doc %{_docdir}/freeradius-%{version}*/ Le lun 26/07/2004 13:05, marco a crit : i've changed the spec for the same reason. You can try it (see attachment), interesting ... where ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Daniel Chnard SysAdmin Unix Infoteck Internet 5480, Boul. Jean XXIII Trois-Rivires-Ouest, Qubec Canada G8Z 4A9 Tel: 819-370-3232 Sans Frais: 1-866-853-3232 Fax: 819-370-3624 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
eap-tls resumed handshake code
Hi list, I didn't find the code related to eap-tls resumed handshake. Can you help me please in that? I don't know if it is based on openssl resumed handshake of not. It seems not clear to me. Sincerely, Badra - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
How ever it is done using dialup admin. Not sure will have to look through the code and config files of dialupadmin and see. Not sure where to look. - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 5:47 PM Subject: RE: dialup admin replacement Ok, when save the password at the database what interface you use, do send the password to the encrypt function do you send a salt with the password? If yes what is it? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Monday, July 26, 2004 5:39 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement MD5 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:05 AM Subject: RE: dialup admin replacement what is the is the encrypt password type? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Nick Marino Sent: Sunday, July 25, 2004 4:17 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas? - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:18 AM Subject: RE: dialup admin replacement Ok: Please download this file http://www.issa.ps/dialup_admin/stat.rar Please note that this interface for the mysql database only. Extract the stat.tar and edit Connections/pp.php, change the valuse of the hostname, username, password and database name. Then upload it to websever support PHP. Please contact me if you need any question. Regards, -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Sunday, July 25, 2004 11:20 AM To: [EMAIL PROTECTED] Subject: RE: dialup admin replacement cool if you can send it over to me that will be great. I think the dialup admin author is on this list, you can ask Sarky On Sun, 25 Jul 2004 09:21:21 -0700, issa rabba' wrote: I did some thing like that, but it's not a part of the dialupadmin, it web interface for our customers, I will customize it and send it to you. Or if you know how can we publish it to be part of the dialup admin project. Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of sarky Sent: Saturday, July 24, 2004 10:21 AM To: freeradius- [EMAIL PROTECTED] Subject: dialup admin replacement Hello all, I am looking for a web interface which does what dialup admin does and allows users to access it via there login/password and get all the information they require download limits, what they have downloaded and so on. Anything out there which does that ? Sarky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Exec-Program-Wait attributes not included in Access-Accept
On Jul 26, 2004, at 06:58, Thor Spruyt wrote: Hi, I have freeradius 0.9.3 running with Postgresql database backend. The only thing the radius checks is the password and then executes an external script if authentication is ok. The section in the users file is: DEFAULT Auth-Type = Local Exec-Program-Wait = /opt/radius1/bin/auth.pl Everything runs fine, except the attributes output by the script (attr = value seperated by newlines) are not added to the reply as you can see in this debugging output: auth: type Local auth: user supplied User-Password matches local User-Password radius_xlat: '/opt/radius1/bin/auth.pl' Exec-Program: /opt/radius1/bin/auth.pl Exec-Program output: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program-Wait: plaintext: Acct-Interim-Interval = 600 Idle-Timeout = 3600 Session-Timeout = 171454526 Exec-Program: returned: 0 Login OK: [thor] (from client x port 0 cli 00:30:00:04:A5:22) Sending Access-Accept of id 112 to 192.168.250.105:32780 Finished request 0 Going to the next request Any idea what might be wrong? I have an Exec-Program-Wait and I don't use returns. Here is an example of the script output that works: Session-Timeout = 3600, Framed-IP-Address = 66.81.99.99 There are no returns anywhere in the string. I tried various combinations of things using debug mode to find one that works. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CA web pages
Hi, I am looking for a simple way for my users to go to a web page and fill out a request for a cert and then we (admins) can go to another page, verify the data and sign it. Any ideas on this - of course with openssl integrated with freeradius and SQL... thanks Kat - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mystery of mysql.sock location in FreeRADIUS
You can set the environment variable MYSQL_UNIX_PORT as follows: export MYSQL_UNIX_PORT=/usr/mysql/mysql.sock I'm not sure why the freeradius mysql client doesn't check my.cnf, but I had the same issue and solved as above. Regards, Simon. --- On Monday 26 July 2004 19:54, Masoud Safi wrote: From: Kostas Kalevras [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Mystery of mysql.sock location in FreeRADIUS Date: Sat, 24 Jul 2004 02:27:39 +0300 (EEST) On Thu, 22 Jul 2004, Masoud Safi wrote: Greetings, My radius server which uses MySQL 4.0.18-standard has been running fine for a few months until my /var partition got full. I had to move the data files from /var/lib/mysql to /usr/mysql. After some config changes on the MySQL configs, the MySQL campe up running fine. An ODBC connection which I have had from a Windows box to the MySQL server works fine too. However, FreeRADIUS would not connect to MySQL passing the following erro. - rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql_mysql: Couldn't connect socket to MySQL server [EMAIL PROTECTED]:radius rlm_sql_mysql: Mysql error 'Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)' rlm_sql (sql): Failed to connect DB handle #0 - Obviously, I had to make sure that socket=/usr/mysql/mysql.sock was in the CLIENT portion of my.cnf file. Here is my DB status output: Server version 4.0.18-standard Protocol version10 Connection Localhost via UNIX socket UNIX socket /usr/mysql/mysql.sock Now, I can not figure out where in my system is a reference to '/var/lib/mysql/mysql.socke It is not in radiusd.conf, or sql.conf. Any ideas? If you are sure you 've fixed my.cnf then things should work fine. I would suggest tracing the open() calls of the freeradius to check which my.cnf file is opened by the mysql library used by the sql module. Yes, I am sure I configured the my.cfg correctly and that is why my Windows based ODBC connections work. I also searched my entire HDD for other instances of my.cfg, but I only have one copy. It seams to me that freeradius may be reading the mysql.sock info from somewhere else, but don't know where? As far as tracing the open() calls of freeradius, is there anything else I need to do, other than running radiusd -X? _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Mystery of mysql.sock location in FreeRADIUS
Now, I can not figure out where in my system is a reference to '/var/lib/mysql/mysql.socke It is not in radiusd.conf, or sql.conf. Any ideas? well if you cant still find answers, you can try creating a soft link FROM /var (where the sock file is being created) TO /usr (where you want it to be), its not the proper mysql solution but its an approach that works! //milver - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: redhat spec file problem?
I had the same problem (and some others) with the redhat spec file, and here is what I did to fix it... these are diffs to the 1.0.0pre3 spec file in the redhat directory. matt diff freeradius.spec.orig freeradius.spec 5c5 Release: 1 --- Release: pre3 9c9 Source0: %{name}-%{version}.tar.gz --- Source0: %{name}-%{version}-%{release}.tar.gz 24c24 %setup --- %setup -n %{name}-%{version}-%{release} 34d33 --with-system-libtool \ 67a67,68 rm -rf $RPM_BUILD_ROOT/usr/share/doc/%{name}-%{version}-%{release} 81a83 chown -R radiusd:radiusd /var/log/radius 103c105 %doc doc/ChangeLog doc/README* todo/ COPYRIGHT INSTALL --- %doc doc/[^C0]* doc/C[^V]* todo/ COPYRIGHT INSTALL - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ntlm_auth
Anyone have a simple smb.conf they are willing to share for a Samba3-ntlm_auth install incorporated with FreeRADIUS?? THANKS!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup admin replacement
Poptop does disconnect the user however the radius server doesnt receive a stop request. Barry - Original Message - From: Thor Spruyt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 1:49 AM Subject: Re: dialup admin replacement I think poptop is able to disconnect the user automatically when the session is lost. - Original Message - From: Barry Murphy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 12:56 PM Subject: Re: dialup admin replacement My problem is the poptop pptp server (with debian's ppp) is acting as the NAS server for my wireless clients, so there is no IOS to update. Not many people tend to be using pptp with radius and can answer this question. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 8:47 AM Subject: RE: dialup admin replacement I face this problem before, it was Cisco IOS bug, and they fix the it, I think you have to update your IOS -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 3:36 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Anyone know how to get dialup_admin to check a poptop NAS to see if users are still connected or not. If a user disconnects by unplugging his wireless card or by loosing signal to the wireless node they remain connected even though there pc has thrown them out. This causes multiple connections and long connection durations with no bandwidth info. Perhaps there is a way to check every hour or so if the user is connected or not? base-nas.albanywireless.co.nz Network Access Server 2 users connected 3 free lines # user ip address caller id name duration 1 icepick 219.88.249.83 - Barry Murphy 104:32:29 2 casper 219.88.249.85 - - 83:25:39 - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 8:13 AM Subject: RE: dialup admin replacement Ok, I will make another template for your uses, and you can change to that template -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 2:58 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Thats great!!! Now just to add some functionality for a per month basis and bandwidth usage info. My users are charged on usage not time. Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 6:33 AM Subject: RE: dialup admin replacement Ok no problem Go to login2.php Commet line 32 // $passwd = da_encrypt($passwd,$enc_passwd); If this not work try this Commet line 31, and 32 // $passwd = $FF_valPassword; // $passwd = da_encrypt($passwd,$enc_passwd); And change line 34 From if (!strcmp($passwd,$enc_passwd)){ To if (!strcmp($FF_valPassword,$enc_passwd)){ That's all Regards Issa rabba -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Monday, July 26, 2004 12:57 AM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement I'm using clear text passwords. Thanks Barry - Original Message - From: issa rabba' [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, July 27, 2004 5:12 AM Subject: RE: dialup admin replacement I used the crypt function because all the password will be saved as crypted password, if not please tell me I will tell you what to change at the login2.php file Regards -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Barry Murphy Sent: Sunday, July 25, 2004 11:48 PM To: [EMAIL PROTECTED] Subject: Re: dialup admin replacement Same here, is there a way to disable the crypt part of things, I can only comment out a little, but still cant get it working. Barry - Original Message - From: Nick Marino [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 11:16 AM Subject: Re: dialup admin replacement I tried it and no matter what username and password I put in it just goes back to the login page. I did configure pp.php to point to my database with the correct username and password and database name. Any ideas?
Re: Freeradius Cisco-AVPair
For those of you (un)lucky enough to be searching for Cisco, PPPoE, RADIUS, static IP addresses, and the like, here's the skinny. 1. Yes, Virginia, you can do static IP address via RADIUS, Cisco 7206, and PPPoE for DSL-type applications. At least as of 12.2(24), and possibly much earlier. 2. The standard radius attributes work: Framed-Protocol = PPP, Framed-IP-Address = X.X.X.X, Framed-IP-Netmask = 255.255.255.255, and the like (including Framed-Compression = Van-Jacobson-TCP-IP). You don't need any of the Cisco-AVPair, at least not for the usual stuff. 3. However, you MUST have this: aaa authorization network default group radius none Or nothing will work. The none is important if you have any non-authorized PPP sessions (like regular serial lines) or you will break all of your non-RADIUS authenticated connections. Apparently, if you just have THIS: aaa authorization network default none you will automatically be authorized for network information, but (here's the kicker) the Cisco will silently ignore the attributes returned by RADIUS because you didn't specify that they come from RADIUS. So it will blithly ignore the return attributes. Hopefully this will save somebody out there more time than I wasted on this, and thus the world will even out. Cheers, David. - On Mon, 19 Jul 2004, David Birnbaum wrote: On Sun, 18 Jul 2004, Kevin Bonner wrote: On Friday 16 July 2004 17:12, David Birnbaum wrote: 1. Cisco doesn't seem to support Framed-Address for PPPoE (if anyone knows different that would be great, because nobody at Cisco knows how to do this. If you can tell me how, stop reading the rest of the message and help me out!) Here are some of the entries we use for our PPPoE connections on a 7505: Cisco-AVPair += ip:addr=1.2.3.1, Cisco-AVPair += ip:route=1.2.3.4 255.255.255.0, Cisco-AVPair += ip:inacl#1=permit ip any 1.2.3.0 0.0.0.255, Try the ip:addr line rather than assigning an addr-pool and post your results. If that doesn't work, the cisco config may need to be tweaked. Kevin, I tried this out. The cisco log still shows: Jul 19 15:51:39: Invalid attribute in radius buffer Jul 19 15:51:39: Unable to dump packet further Obviously Cisco-AVPair is working for other people; could you share you working 7505 config? I think the problem is that the radius packet is not built right or otherwise undecodable, which makes it hard to debug whether the AVPair syntax is right! radiusd -X shows this: Sending Access-Accept of id 185 to X.X.X.X:1645 Cisco-AVPair = ip:addr=Y.Y.Y.Y Service-Type = Framed-User Framed-Protocol = PPP which sure looks good to me David. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to distinguih between MAC an 802.1x auth requests
On Mon, 2004-07-26 at 10:12, Zdenek Pizl wrote: We are using Orinoco AP600 accesspoint. This AP can do Radius MAC Access control and EAP/802.1x Auth control. The question is how have I configure the FreeRadius server to distinguish between these two options. Test for the existance/non-existance of the EAP-Message: DEFAULT Auth-Type := EAP, EAP-Message =* 1, NAS-Port-Type == Wireless-802.11 Cisco-AVPair = ssid=, Session-Timeout = 600, Service-Type = Framed-User That's how I do it on my Cisco 1200's... Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
show_groups.php3
Im tried the latest dev of dialup_admin and i got this warning and it doesnt show groups. Warning: main(../lib/sql_group_info.php3): failed to open stream: No such file or directory in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74Warning: main(): Failed opening '../lib/sql_group_info.php3' for inclusion (include_path='.:/usr/local/share/pear') in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74Could not find any groups thanks very much
Re: show_groups.php3
On Tue, 27 Jul 2004, apellido jr., wilfredo p. wrote: Im tried the latest dev of dialup_admin and i got this warning and it doesnt show groups. Warning: main(../lib/sql_group_info.php3): failed to open stream: No such file or directory in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74 Warning: main(): Failed opening '../lib/sql_group_info.php3' for inclusion (include_path='.:/usr/local/share/pear') in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74 Could not find any groups Oops, Fixed. Thanks thanks very much -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CA web pages
On Mon, 26 Jul 2004 [EMAIL PROTECTED] wrote: Hi, I am looking for a simple way for my users to go to a web page and fill out a request for a cert and then we (admins) can go to another page, verify the data and sign it. Any ideas on this - of course with openssl integrated with freeradius and SQL... That's more or less called www.openca.org. thanks Kat - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disctionary files
Hi, I'm running poptop + freeradius + mysql and trying to work out which dictionary file i'd use. I'm wanting to get some additional info like Disconnect-Cause , tunnel end point etc and don't know if I can use the Ascend dictionary file for this. Any help would be appreciated. Barry
Re: show_groups.php3
Just update show_groups.php3, same error... Warning: main(../lib/$config[general_lib_type]/group_info.php3): failed to open stream: No such file or directory in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74 Warning: main(): Failed opening '../lib/$config[general_lib_type]/group_info.php3' for inclusion (include_path='.:/usr/local/share/pear') in /usr/local/www/data-dist/dialup_admin/htdocs/show_groups.php3 on line 74 Could not find any groups - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin (was Re: New Opensource project-AAAadmin )
find it at http://dmin.sourceforge.net - Original Message - From: "Alan DeKok" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 26, 2004 9:22 AM Subject: Re: dialup_admin (was Re: New Opensource project-AAAadmin ) "issa rabba'" [EMAIL PROTECTED] wrote: I want to know where I can find more about the AAAadmin priject The AAAadmin project is NOT part of FreeRADIUS. Everyone, stop posting AAAadmin questions to this list. It should have its own list, hosted elsewhere. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---Outgoing mail is certified Virus Free.Checked by AVG anti-virus system (http://www.grisoft.com).Version: 6.0.726 / Virus Database: 481 - Release Date: 7/22/2004
Freeradius and CRAM auth.
Hi, I am using the Free-Radius Server (version 0.9.3) currently. I am using the Unix authentication and it is working fine. I want to use the CRAM authentication for my testing purpose. I searched over the net and the mailing lists for any documentation. However, I was not able to get much information. I will be very thankful if you can provide me the details of enabling and using CRAM authentication in FreeRadius. Thanks and Regards, Prasad. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html