FreeRADIUS ( 2 ) and SNMP - broken pipe error - password not accepted
Hello, I have set up FreeRADIUS ( pre2 ) and activated SNMP ( rebuilt it with --with-snmp ... ). The snmpd is also configured with the smuxpeer and the correct password, but password seems to be rejected. I am using snmpd-5.3.1 on Debian Etch ( AMD64 ). Both passwords are the same. Does anyone have an idea what might be wrong? Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Listening on authentication address 172.19.10.3 port 1812 as server mac-auth Sun Dec 2 09:47:20 2007 : Debug: Listening on accounting address 172.19.10.3 port 1813 as server mac-auth Sun Dec 2 09:47:20 2007 : Debug: Listening on SNMP SMUX with OID .1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX connection closed: 12 Sun Dec 2 09:47:20 2007 : Debug: SMUX connect try 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 09:47:20 2007 : Debug: SMUX open password: rad Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register priority: -1 Sun Dec 2 09:47:20 2007 : Debug: SMUX register operation: 1 Sun Dec 2 09:47:20 2007 : Debug: Ready to process requests. Sun Dec 2 09:47:20 2007 : Debug: SMUX read start Sun Dec 2 09:47:20 2007 : Debug: SMUX read len: 3 Sun Dec 2 09:47:20 2007 : Debug: SMUX message received type: 0 rest len: 1 Sun Dec 2 09:47:20 2007 : Debug: SMUX Unknown type: 0 Sun Dec 2 09:47:20 2007 : Debug: Ready to
Re: FreeRADIUS ( 2 ) and SNMP - broken pipe error - password not accepted
Edvin Seferovic wrote: Hello, I have set up FreeRADIUS ( pre2 ) and activated SNMP ( rebuilt it with --with-snmp ... ). The snmpd is also configured with the smuxpeer and the correct password, but password seems to be rejected. I am using snmpd-5.3.1 on Debian Etch ( AMD64 ). Both passwords are the same. Does anyone have an idea what might be wrong? The SMUX code in src/main doesn't appear to be 64-bit clean. There's a patch from Redhat on bugs.freeradius.org that helps, but apparently it still doesn't work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS ( 2 ) and SNMP - broken pipe error - password not accepted
Edvin Seferovic wrote: Is the patch already in the CVS ? Can you send me the BugID ( can't find it :( ) ? Can you give me a hint what needs to be ajusted ? There is no patch in CVS. If it's not in bugs.freeradius.org, it's in the mailing list archives. As for a fix, the code uses int where it should really be either int32 for protocol packing, or size_t for lengths. Once those changes are made, it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RADIUS SNMP
Dear All, I want to monitor the RADIUS with SNMP. but i need to know exactly what is that OID means ( radiusAccServTotalNoRecords ) i searched and found that it means The number of RADIUS Accounting-Request packets which were received and responded to but not recorded but i can't understand how come that the radius respond to a packet but it is not recorded ?? i'm using mysql as accounting DB regards, Amr Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: 64-bit issues ( SNMP issues )
Hi Alan, thank you ! As you mentioned - net-snmp libraries do have a problem. Although I've found a patch on their mailing list covering this problem for net-snmp 5.3.1 ( I am attaching it ). Nevertheless I cannot get any data... freeradius seems to register just fine : Sun Dec 2 20:17:11 2007 : Debug: SMUX connect try 1 Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX open oid: 1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX open progname: radiusd Sun Dec 2 20:17:11 2007 : Debug: SMUX open password: rad Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.1.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register priority: -1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register operation: 1 Sun Dec 2 20:17:11 2007 : Debug: SMUX SMUX register oid: 1.3.6.1.2.1.67.2.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register priority: -1 Sun Dec 2 20:17:11 2007 : Debug: SMUX register operation: 1 Sun Dec 2 20:17:11 2007 : Debug: Listening on authentication address 172.19.10.3 port 1812 as server mac-auth Sun Dec 2 20:17:11 2007 : Debug: Listening on accounting address 172.19.10.3 port 1813 as server mac-auth Sun Dec 2 20:17:11 2007 : Debug: Listening on SNMP SMUX with OID .1.3.6.1.4.1.11344.1.1.1 Sun Dec 2 20:17:11 2007 : Debug: Ready to process requests. Sun Dec 2 20:17:11 2007 : Debug: SMUX read start Sun Dec 2 20:17:11 2007 : Debug: SMUX read len: 6 Sun Dec 2 20:17:11 2007 : Debug: SMUX message received type: 67 rest len: 4 Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP value: 0 errstat: 0 Sun Dec 2 20:17:11 2007 : Debug: Ready to process requests. Sun Dec 2 20:17:11 2007 : Debug: SMUX read start Sun Dec 2 20:17:11 2007 : Debug: SMUX read len: 6 Sun Dec 2 20:17:11 2007 : Debug: SMUX message received type: 67 rest len: 4 Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP Sun Dec 2 20:17:11 2007 : Debug: SMUX_RRSP value: 0 errstat: 0 Dec 2 20:18:50 sphinx snmpd[17853]: NET-SNMP version 5.3.1 Dec 2 20:19:28 sphinx snmpd[17853]: Connection from UDP: [127.0.0.1]:32784 Dec 2 20:19:41 sphinx snmpd[17853]: [smux_accept] accepted fd 10 from 127.0.0.1:60772 Dec 2 20:19:41 sphinx snmpd[17853]: accepted smux peer: oid SNMPv2-SMI::enterprises.11344.1.1.1, descr radiusd Dec 2 20:19:48 sphinx snmpd[17853]: Connection from UDP: [127.0.0.1]:32784 sphinx:~/software# snmpwalk -v 2c -m /usr/share/snmp/mibs/RADIUS-AUTH-SERVER-MIB.txt -c public 127.0.0.1 radiusAuth RADIUS-AUTH-SERVER-MIB::radiusAuthentication = No more variables left in this MIB View (It is past the end of the MIB tree) Any ideas what might go wrong ? TIA Regards, E:S -Original Message- From: Alan DeKok [mailto:[EMAIL PROTECTED] Sent: Sonntag, 02. Dezember 2007 17:44 To: Edvin Seferovic Subject: 64-bit issues I don't know if the net-snmp libraries are 64-bit clean, either. In any case, I've cleaned up src/main/smux.c. Please try downloading building CVS head. Maybe that will fix it... Alan DeKok. __ NOD32 2697 (20071202) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com net-snmp-5.3.1-smux-password.diff Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login rejected. Error 691.
I installed FreeRadius 1.1.2 on FreeBSD 6.0. I followed the HOWTO from http://tldp.org/HOWTO/8021X-HOWTO/freeradius.html to configure the server. When I ran radtest, it show the message like this: Sending Access-Request of id 153 to 10.1.1.3 port 1645 User-Name = [EMAIL PROTECTED] User-Password = sni NAS-IP-Address = 255.255.255.255 NAS-Port = 1645 rad_recv: Access-Accept packet from host 10.1.1.3:1645, id=153, length=20 or Sending Access-Request of id 153 to 10.1.1.3 port 1645 User-Name = user User-Password = sni NAS-IP-Address = 255.255.255.255 NAS-Port = 1645 rad_recv: Access-Accept packet from host 10.1.1.3:1645, id=153, length=20 The user 'user' already registered inside /etc/password: user:*:1006:1006:user_radius_sisni:/home/user:/usr/sbin/nologin In radius.conf , proxy_request is set to No. And the $INCLUDE ${confdir}/proxy.conf is already commented. But I still got this message: rlm_realm: Proxy reply, or no User-Name. Ignoring. This is the content from huntgroup file: LNS-KPU-SM2 NAS-IP-Address == 10.1.1.0 This is the content from hints file DEFAULT Suffix == @sisni, Strip-User-Name = Yes Hint = sisni, If I tried to dial the Radius from Windows terminal, it always give me an error like this: *Error 691*: Access was denied because the user name and/or password was invalid on the domain Please help me to fix the error. Thank you. -Pungki Here is the last message in /var/log/radacct/10.1.1.0/detail-20071203 Acct-Status-Type = Accounting-On NAS-IP-Address = 10.1.1.0 NAS-Identifier = LNS-KPU-SM2 Acct-Authentic = RADIUS Acct-Session-Id = load:2147484043 Event-Timestamp = Nov 22 2007 10:25:47 WIT Acct-Delay-Time = 957324 Client-IP-Address = 10.1.1.0 Timestamp = 1196662186 Here is the message that show after radiusd -X command. Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /var main: logdir = /var/log main: libdir = /usr/local/lib main: radacctdir = /var/log/radacct main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = (null) exec: input_pairs = request exec: output_pairs = (null) exec: packet_type = (null) rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = (null) mschap: ntlm_auth = (null) Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = /etc/passwd unix: shadow = /etc/shadow unix: group = /etc/group unix: radwtmp = /var/log/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = Password: gtc: auth_type = PAP rlm_eap: Loaded and initialized type gtc mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /usr/local/etc/raddb/huntgroups preprocess: hints = /usr/local/etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess)