Re: Changing User Profile after depletion of set Volume
Thanks Phil, What am looking at is this, 1. User is assigned a profile with 2GB 2. Once profile of 2GB is depleted, he is assigned another profile of say 100MB 3. Once that one is depleted he is assigned another profile. Eric M On Tuesday, October 8, 2013 7:59 PM, Phil Mayers wrote: On 08/10/13 17:40, Mulindwa wrote: > Dear pple, > I have looked for this and failed to get it, i have users with set > volume limits and they get knocked off once they hit the limit, however > ; i want to have this taken to the next level, i.e once the limit is > hit, the user's profile be changed and they can only get to certain > website /URL/IPs . > > How can i achieve this? 1. See if your NAS supports these features - filter by URL/IP. If it doesn't, you can't do anything. 2. If the NAS supports the features, see how you can trigger them on a user or session. It's possible you can apply the filters with a CoA packet, in which case you could generate the CoA directly inside FreeRADIUS - see the examples that come with the server. 3. If you have to trigger the features some other way (poke via CLI, SNMP, HTTP/REST/SOAP API) then write a script to apply the filter to the session and use the FreeRADIUS "exec" module to trigger it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Changing User Profile after depletion of set Volume
Dear pple, I have looked for this and failed to get it, i have users with set volume limits and they get knocked off once they hit the limit, however ; i want to have this taken to the next level, i.e once the limit is hit, the user's profile be changed and they can only get to certain website /URL/IPs . How can i achieve this? Eric M- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius radcheck change
Hi A.L.M, Am using pppoe. Eric M From: "a.l.m.bu...@lboro.ac.uk" To: Mulindwa ; FreeRadius users mailing list Sent: Tuesday, June 25, 2013 9:31 PM Subject: Re: Freeradius radcheck change Hi, > Am trying to have my users' credentials or attributes change say a when a > user hits their expiry date, their profile drops to one that does not > expire but can only get to a certain page, requesting them to renew their > account, Some kind of redirection, but after account has expired. > How best can i achieve this? depends ont he kit and technology being usedwith 802.1X you could bump them onto a VLAN thats got a captive portal... with captive portal systems you can use one of thr WiSPr attributes to define the captive page (or whatever attribute the docs for your kit tells you to use). alan- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius radcheck change
Dear All, Am trying to have my users' credentials or attributes change say a when a user hits their expiry date, their profile drops to one that does not expire but can only get to a certain page, requesting them to renew their account, Some kind of redirection, but after account has expired. How best can i achieve this? Rgds EM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Service Provisioning Using AAA (FreeRadius)
There is something called Daloradius which works with Freeradius Eric M From: Russell Mike To: FreeRadius users mailing list Sent: Tuesday, May 28, 2013 3:20 PM Subject: Service Provisioning Using AAA (FreeRadius) Dear FreeRadius Gurus Greetings, I work with an ISP, i have been asked to research about "service provisioning using AAA". I am NOT very new to FreeRadius. Have implemented and managing central CoovaChilli hotspot solution where we run more than 35 hotspots across the city using CoovaChilli + Freeradius. Currently, We do manually connection / disconnection. If a customer did not pay until 31st, somebody manually disconnect the link. And manually connect when customer comes to pay. i am somehow not clear with the idea, how that would work and where to start from. I am looking for advice from those have already setup such system. Any kind of help would be highly appreciated. i am further willing to study, if i know which direction to move on. Someone please help Thanks / Regards --RM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 3gpp with Freeradius
Hi there , For some reason am not getting the callingstation-ID for my users who are using 3gpp, could be missing something in the config, i have done some reading and all my settings seem fine. This is how my accounting looks and am missing a key feature which is the calling station ID Wed Apr 10 12:39:06 2013 Acct-Multi-Session-Id = "53bf18f2" Acct-Link-Count = 1 Event-Timestamp = "Apr 10 2013 12:38:50 EAT" Framed-IP-Address = y.y.y.y Acct-Session-Id = "c48653bf18f2" NAS-IP-Address = 196.0.0.133 Framed-Protocol = GPRS-PDP-Context Acct-Authentic = RADIUS Called-Station-Id = "broadband" NAS-Identifier = "GGSN9811" Acct-Delay-Time = 0 User-Name = "eric@3g" NAS-Port-Type = Virtual Service-Type = Framed-User Acct-Status-Type = Start 3GPP-IMSI = "6411101051238450" 3GPP-Charging-ID = 1405032690 3GPP-PDP-Type = 0 3GPP-Charging-Gateway-Address = x.x.x.x 3GPP-GPRS-Negotiated-QoS-profile = "99-23421f9196404074f74040" 3GPP-SGSN-Address = 196.0.0.129 3GPP-GGSN-Address = 196.0.0.134 3GPP-IMSI-MCC-MNC = "64111" 3GPP-GGSN-MCC-MNC = "64111" 3GPP-NSAPI = "5" 3GPP-Selection-Mode = "0" 3GPP-Charging-Characteristics = "0800" 3GPP-SGSN-MCC-MNC = "64111" 3GPP-Attr-26 = 0x00 Acct-Unique-Session-Id = "ae61f0992e7b5eaa" Timestamp = 1365586746 Request-Authenticator = Verified- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Hi, Am happy to say that i managed to have this work, tested and double tested and it works fine, However now the challenge i have to ensure that all my users at a domain say @ut3 are resquested to fullfil all the parameters on this 1st line, How do i ensure this one? eric@ut3 Cleartext-Password := "eric", Simultaneous-Use := 1, Mac-Addr == "00-24-d2-28-4f-39" Service-Type = Framed-User, Qos-Policy-Policing = broadband_128_policing, Qos-Policy-Metering = broadband_128_metering, Framed-Protocol = PPP, Ip_Address_Pool_Name = pool_128, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Fall-Through = 0 Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Monday, April 8, 2013 5:21 PM Subject: Re: MAC Address Auth Mulindwa wrote: > I have read and read, and i have not seen where thr reply list or check > list is $ man unlang Read doc/rlm_sql I have no idea which files you're reading. But it's clear you're *not* reading the documentation that comes with the server. Don't google for random pages on the net. Read the documentation. Read the Wiki. 99% of questions are answered there. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Great, thanx Alan Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Monday, April 8, 2013 5:21 PM Subject: Re: MAC Address Auth Mulindwa wrote: > I have read and read, and i have not seen where thr reply list or check > list is $ man unlang Read doc/rlm_sql I have no idea which files you're reading. But it's clear you're *not* reading the documentation that comes with the server. Don't google for random pages on the net. Read the documentation. Read the Wiki. 99% of questions are answered there. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
I have read and read, and i have not seen where thr reply list or check list is Eric M From: Marinko Tarlać To: freeradius-users@lists.freeradius.org Sent: Monday, April 8, 2013 5:02 PM Subject: Re: MAC Address Auth Do you plan to read anything or you think we're here in a chat room, waiting for your questions (the same questions every day...) ? On 8.4.2013 15:32, Mulindwa wrote: Thanks Matthew, > >Sorry to askm but where is the reply list and where is the check list? > > > > >Eric M > > >____ > From: Matthew Newton >To: Mulindwa ; FreeRadius users mailing list > >Sent: Monday, April 8, 2013 4:16 PM >Subject: Re: MAC Address Auth > >On Mon, Apr 08, 2013 at 04:18:54AM -0700, Mulindwa wrote: >> I want user eric@ut3 with this Mac Address to log in, and if >> the MAC address is different he will not be granted access. > >Move the Mac-Addr attribute from the reply list to the check list, >and make it a check operator (==) not assignment (=): > >eric@ut3 Cleartext-Password := "eric", Simultaneous-Use := 1, Mac-Addr == 02-1B-9E-D3-0B-F0 > Service-Type = Framed-User, > Qos-Policy-Policing = broadband_128_policing, > Qos-Policy-Metering = broadband_128_metering, > Framed-Protocol = PPP, > Ip_Address_Pool_Name = pool_128, > Framed-Address = 255.255.255.254, > Framed-Netmask = 255.255.255.255, > Fall-Through = 0 > >Matthew > > >-- >Matthew Newton, Ph.D. > >Systems Specialist, Infrastructure Services, >I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom > >For IT help contact helpdesk extn. 2253, > > > > > >- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Thanks Matthew, Sorry to askm but where is the reply list and where is the check list? Eric M From: Matthew Newton To: Mulindwa ; FreeRadius users mailing list Sent: Monday, April 8, 2013 4:16 PM Subject: Re: MAC Address Auth On Mon, Apr 08, 2013 at 04:18:54AM -0700, Mulindwa wrote: > I want user eric@ut3 with this Mac Address to log in, and if > the MAC address is different he will not be granted access. Move the Mac-Addr attribute from the reply list to the check list, and make it a check operator (==) not assignment (=): eric@ut3 Cleartext-Password := "eric", Simultaneous-Use := 1, Mac-Addr == 02-1B-9E-D3-0B-F0 Service-Type = Framed-User, Qos-Policy-Policing = broadband_128_policing, Qos-Policy-Metering = broadband_128_metering, Framed-Protocol = PPP, Ip_Address_Pool_Name = pool_128, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Fall-Through = 0 Matthew -- Matthew Newton, Ph.D. Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Hi good pple, have been reading on how to enforce the attribute of Mac-Addr and i have not seen it anywhere. Has anyone done it before, please help throw some light on how i can achieve this. I want user eric@ut3 with this Mac Address to log in , and if the MAC address is different he will not be granted access. eric@ut3 Cleartext-Password := "eric", Simultaneous-Use := 1 Mac-Addr = 02-1B-9E-D3-0B-F0, Service-Type = Framed-User, Qos-Policy-Policing = broadband_128_policing, Qos-Policy-Metering = broadband_128_metering, Framed-Protocol = PPP, Ip_Address_Pool_Name = pool_128, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Fall-Through = 0 Eric M ____ From: Mulindwa To: FreeRadius users mailing list Sent: Friday, April 5, 2013 9:07 AM Subject: Re: MAC Address Auth Thanks Mattias, I get an error saying; Unknown attribute "Attr-2352-145" This is how i have it setup user20001@ut3 Password = "006060", Simultaneous-Use = 1 Attr-2352-145 = "5c-7d-5e-3f-d0-f7", Service-Type = Framed-User, Qos_Policy_Policing = broadband_128_policing, Qos_Policy_Metering = broadband_128_metering, Framed-Protocol = PPP, Ip_Address_Pool_Name = pool_128, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Fall-Through = 0 Eric M From: Matthias Nagel To: freeradius-users@lists.freeradius.org Sent: Thursday, April 4, 2013 5:41 PM Subject: Re: MAC Address Auth Hello, add the correct check item to your user database. In the case below (User-Name = user2000@ut3) you should have the check item Attr-2352-145 == "5c-7d-5e-3f-d0-f7" for this speicifc user in your user database. Then you repeat this for every user/mac-address pair you want. Best regards, Matthias Am Donnerstag 04 April 2013, 07:25:55 schrieb Mulindwa: > Great, i have run the debug and i did get the attribute required. > If i want to full fill the two conditions i.e username/passwd and Mac Address > = Attr-2352-145 > > How would i need to twick my radiusd.conf file to achieve this? > > > > > User-Name = "user2000@ut3" > CHAP-Password = "cccddd'" > CHAP-Challenge = "" > Service-Type = Framed-User > Framed-Protocol = PPP > NAS-Identifier = "UT-BRAS-EDGE" > NAS-IP-Address = x.x.x.x > NAS-Port = 855649483 > NAS_Real_Port = 855638816 > NAS-Port-Type = Virtual > Attr-87 = "3/3 vlan-id 800 pppoe 11467" > Medium_Type = 11 > Attr-2352-145 = "5c-7d-5e-3f-d0-f7" MAC Address > Attr-2352-98 = "3" > Attr-2352-112 = "6.2.1.9" > Acct-Session-Id = "020268008FC9-515D8419" > > > Eric M > > > > From: Mulindwa > To: Alan DeKok ; FreeRadius users mailing list > > Sent: Thursday, April 4, 2013 4:58 PM > Subject: Re: MAC Address Auth > > > Thanks Alan, > > Let me do so. > > > Eric M > > > > From: Alan DeKok > To: Mulindwa ; FreeRadius users mailing list > > Sent: Thursday, April 4, 2013 4:47 PM > Subject: Re: MAC Address Auth > > Mulindwa wrote: > > Hi All, > > > > Have been trying to authenticate my ADSL users using Mac Address Auth, > > however i have failed even after going through the documentation. > > > > I want to authenticate with the highlighted, anyone done this and can help? > > It's been done. > > > This is how the accounting file looks; > > If you're trying to debug authentication, it helps to look at > *authentication* traffic, and not *accounting* data. > > And run the server in debugging mode as suggested in the FAQ, "man" > page, web pages, and daily on this list. > > Honestly, there is NO excuse for refusing to do this. > > Alan DeKok. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Matthias Nagel Willy-Andreas-Allee 1, Zimmer 506 76131 Karlsruhe Telefon: +49-721-8695-1506 Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Thanks Mattias, I get an error saying; Unknown attribute "Attr-2352-145" This is how i have it setup user20001@ut3 Password = "006060", Simultaneous-Use = 1 Attr-2352-145 = "5c-7d-5e-3f-d0-f7", Service-Type = Framed-User, Qos_Policy_Policing = broadband_128_policing, Qos_Policy_Metering = broadband_128_metering, Framed-Protocol = PPP, Ip_Address_Pool_Name = pool_128, Framed-Address = 255.255.255.254, Framed-Netmask = 255.255.255.255, Fall-Through = 0 Eric M From: Matthias Nagel To: freeradius-users@lists.freeradius.org Sent: Thursday, April 4, 2013 5:41 PM Subject: Re: MAC Address Auth Hello, add the correct check item to your user database. In the case below (User-Name = user2000@ut3) you should have the check item Attr-2352-145 == "5c-7d-5e-3f-d0-f7" for this speicifc user in your user database. Then you repeat this for every user/mac-address pair you want. Best regards, Matthias Am Donnerstag 04 April 2013, 07:25:55 schrieb Mulindwa: > Great, i have run the debug and i did get the attribute required. > If i want to full fill the two conditions i.e username/passwd and Mac Address > = Attr-2352-145 > > How would i need to twick my radiusd.conf file to achieve this? > > > > > User-Name = "user2000@ut3" > CHAP-Password = "cccddd'" > CHAP-Challenge = "" > Service-Type = Framed-User > Framed-Protocol = PPP > NAS-Identifier = "UT-BRAS-EDGE" > NAS-IP-Address = x.x.x.x > NAS-Port = 855649483 > NAS_Real_Port = 855638816 > NAS-Port-Type = Virtual > Attr-87 = "3/3 vlan-id 800 pppoe 11467" > Medium_Type = 11 > Attr-2352-145 = "5c-7d-5e-3f-d0-f7" MAC Address > Attr-2352-98 = "3" > Attr-2352-112 = "6.2.1.9" > Acct-Session-Id = "020268008FC9-515D8419" > > > Eric M > > > > From: Mulindwa > To: Alan DeKok ; FreeRadius users mailing list > > Sent: Thursday, April 4, 2013 4:58 PM > Subject: Re: MAC Address Auth > > > Thanks Alan, > > Let me do so. > > > Eric M > > > > From: Alan DeKok > To: Mulindwa ; FreeRadius users mailing list > > Sent: Thursday, April 4, 2013 4:47 PM > Subject: Re: MAC Address Auth > > Mulindwa wrote: > > Hi All, > > > > Have been trying to authenticate my ADSL users using Mac Address Auth, > > however i have failed even after going through the documentation. > > > > I want to authenticate with the highlighted, anyone done this and can help? > > It's been done. > > > This is how the accounting file looks; > > If you're trying to debug authentication, it helps to look at > *authentication* traffic, and not *accounting* data. > > And run the server in debugging mode as suggested in the FAQ, "man" > page, web pages, and daily on this list. > > Honestly, there is NO excuse for refusing to do this. > > Alan DeKok. > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Matthias Nagel Willy-Andreas-Allee 1, Zimmer 506 76131 Karlsruhe Telefon: +49-721-8695-1506 Mobil: +49-151-15998774 e-Mail: matthias.h.na...@gmail.com ICQ: 499797758 Skype: nagmat84 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Great, i have run the debug and i did get the attribute required. If i want to full fill the two conditions i.e username/passwd and Mac Address = Attr-2352-145 How would i need to twick my radiusd.conf file to achieve this? User-Name = "user2000@ut3" CHAP-Password = "cccddd'" CHAP-Challenge = "" Service-Type = Framed-User Framed-Protocol = PPP NAS-Identifier = "UT-BRAS-EDGE" NAS-IP-Address = x.x.x.x NAS-Port = 855649483 NAS_Real_Port = 855638816 NAS-Port-Type = Virtual Attr-87 = "3/3 vlan-id 800 pppoe 11467" Medium_Type = 11 Attr-2352-145 = "5c-7d-5e-3f-d0-f7" MAC Address Attr-2352-98 = "3" Attr-2352-112 = "6.2.1.9" Acct-Session-Id = "020268008FC9-515D8419" Eric M From: Mulindwa To: Alan DeKok ; FreeRadius users mailing list Sent: Thursday, April 4, 2013 4:58 PM Subject: Re: MAC Address Auth Thanks Alan, Let me do so. Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Thursday, April 4, 2013 4:47 PM Subject: Re: MAC Address Auth Mulindwa wrote: > Hi All, > > Have been trying to authenticate my ADSL users using Mac Address Auth, > however i have failed even after going through the documentation. > > I want to authenticate with the highlighted, anyone done this and can help? It's been done. > This is how the accounting file looks; If you're trying to debug authentication, it helps to look at *authentication* traffic, and not *accounting* data. And run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list. Honestly, there is NO excuse for refusing to do this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Thanks Alan, Let me do so. Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Thursday, April 4, 2013 4:47 PM Subject: Re: MAC Address Auth Mulindwa wrote: > Hi All, > > Have been trying to authenticate my ADSL users using Mac Address Auth, > however i have failed even after going through the documentation. > > I want to authenticate with the highlighted, anyone done this and can help? It's been done. > This is how the accounting file looks; If you're trying to debug authentication, it helps to look at *authentication* traffic, and not *accounting* data. And run the server in debugging mode as suggested in the FAQ, "man" page, web pages, and daily on this list. Honestly, there is NO excuse for refusing to do this. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MAC Address Auth
Hi All, Have been trying to authenticate my ADSL users using Mac Address Auth, however i have failed even after going through the documentation. I want to authenticate with the highlighted, anyone done this and can help? Thanx This is how the accounting file looks; User-Name = "user2000@ut3" Acct-Status-Type = Interim-Update Acct-Session-Id = "02026800C44B-515D1107" Service-Type = Framed-User Framed-Protocol = PPP Acct-Update-Reason = AAA_LOAD_ACCT_PERIODIC NAS-Identifier = "UT-BRAS-EDGE" NAS-IP-Address = x.x.x.x NAS-Port = 855648779 NAS-Real-Port = 855638316 NAS-Port-Type = Virtual NAS-Port-Id = "3/3 vlan-id 300 pppoe 10763" Medium-Type = DSL Mac-Addr = "b4-82-fe-ed-2c-7c" Platform-Type = 3 OS-Version = "6.2.1.9" Acct-Authentic = RADIUS Ip-Address-Pool-Name = "pool_256" Port-Limit = 1 Client-DNS-Pri = x.x.x.x Client-DNS-Sec = x.x.x.x Framed-IP-Address = 10.40.141.152 Acct-Session-Time = 27601 Acct-Input-Packets = 2756 Acct-Output-Packets = 2973 Acct-Input-Octets = 94115 Acct-Output-Octets = 106491 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets-64 = 0x0ac4 Acct-Output-Packets-64 = 0x0b9d Acct-Input-Octets-64 = 0x00016fa3 Acct-Output-Octets-64 = 0x00019ffb Acct-Mcast-In-Packets = 0 Acct-Mcast-Out-Packets = 221 Acct-Mcast-In-Octets = 0 Acct-Mcast-Out-Octets = 12818 Acct-Mcast-In-Packets-64 = 0x Acct-Mcast-Out-Packets-64 = 0x00dd Acct-Mcast-In-Octets-64 = 0x Acct-Mcast-Out-Octets-64 = 0x3212 Qos-Policy-Metering = "broadband_256_metering" Qos-Policy-Policing = "broadband_256_policing" NAT-Policy-Name = "NAT_POLICY1" Event-Timestamp = "Apr 4 2013 16:15:05 EAT" Acct-Unique-Session-Id = "4f2a5dc771fd3034" Timestamp = 1365082454 Request-Authenticator = Verified Eric M - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: SQL Counter for Expiration Attribute - Prepaid Cards
Hi there,
You can use the frontend tool called daloradius, it will sort you out in what
you are trying to achieve, it uses freeradius as the back end.
--
On Tue, Jan 1, 2013 12:01 PM MSK Prabhpal S. Mavi wrote:
>
>Dear List Members,
>
>i have working setup of FreeRadius 2x (freeradius-2.1.12-4.el6_3.x86_64)
>including "rlm_sqlcounter" (Max-Daily-Session). User are logged off
>alright when "Max Session Timeout" is reached. But users can re login to
>gain access. The username and passwords are for hotspot. We do not want
>the username and password to work again once it has been used.
>
>For example: prepaid voucher (MySQL username & password) has 1 hour
>access. User should be able to use sum of one hour, either continuously
>once they are logged in or in parts (30min today & 30min tomorrow so on)
>username & password must never work for more than 1 hour to access our
>network. i am bit confuse attribute to use, i would grateful if someone
>can advice the correct attribute to use for the purpose.
>
>Thanks
>
>
>Hi Members,
>
>
>after working for four days still unable to make it work. Alan Buxey
>advised me to implemented "Expiration" Attribute. Expiration works just
>fine. If i specify any date (01 Sep 2013). But i am working to expire
>username after certain amount of time, such as one hour (not one hour
>after first log in) sum of one hour internet used either by one time login
>or multiple logins (30Min morning & 30min afternoon etc..).
>
>i understand i would need sql_counter to achieve. I am trying but not
>working. my configuration.
>
>1.) Created Counter:
>
>sqlcounter expiration {
> count-attribute = "Acct-Session-Time"
> counter-name = "Max-Allowed-Session"
> check-name = "Expiration"
> sqlmod-inst = "sql"
> key = "User-Name"
> reset = "never"
> query = "SELECT IFNULL(TIME_TO_SEC(TIMEDIFF(NOW(),
>MIN(AcctStartTime))),0) FROM radacct WHERE
>UserName='${key}' ORDER BY AcctStartTime LIMIT 1;"
>
>
>2.) Added in radiusd.conf
>
>
>instantiate {
>expiration
>}
>
>
>3.) Added under auth section:
>
>
>authorize {
>expiration
>}
>
>
>When we expire account with expiration attribute which kind of value can
>we define to the attribute so that account gets expire after 1 hour of
>internet use (using sql counter). Date format is working alright (01 Sep
>2013).
>
>
>Thanks everyone for attending to this material.
>
>
>
>
>
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Volume based with Free radius
Dear Members, I would like to create an account that is based on Volume consumption, how would i do this with free Radius Say i create a user and when they say hit 2GB or xGB they are disconnected irrespective of the Qos i have provisioned them Rgds EM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax Account
Was wondering if there is anyone on this forum who is using WASN9770 and are using Freeradius, am sure they would be more than happy to direct me in the right direction. But if there are none, am sure i will have no response, otherwise thanks Alan Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Thursday, March 15, 2012 2:44 PM Subject: Re: Wimax Account Mulindwa wrote: > Anyone worked with WASN9770 , how did you setup the wimax account? Ask the vendor how their product works. This isn't a FreeRADIUS question. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax Account
Hi there, Anyone worked with WASN9770 , how did you setup the wimax account? I want to setup an account with such a profile. say username password 512K bandwidth bi-direction Always on username2 password 512Kbps bandwidth bi-direction Only connects at night How would i achieve this? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
Thanks Lliya,
Have done so but still client not able to connected.
Eric M
From: Iliya Peregoudov
To: Mulindwa ; FreeRadius users mailing list
Sent: Tuesday, March 6, 2012 3:42 PM
Subject: Re: Wimax with Free radius
> +- entering group authenticate {...}
> [eap] EAP Identity
> [eap] processing type md5
> rlm_eap_md5: Issuing Challenge
> ++[eap] returns handled
> Sending Access-Challenge of id 249 to 196.0.4.18 port 1812
You're still have EAP-MD5 as default EAP method.
Look thoroughly into eap.conf. There is default_eap_type setting in eap {...}
section. This is default outer EAP method. You should set it to ttls. There is
default_eap_type setting in ttls {...} subsection of eap {...} section. This is
default inner EAP method for EAP-TTLS. You should set it to gtc.
Restart freeradius after the change. You should see something like this when
processing first Access-Request:
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
Thanks Alan, The answer i did see which stated that you can not have Wimax users with no authentication. However i have not seen the instructions of how to setup a wimax account or having wimax work with freeradius, i have followed all instruction enabling the rlm_wimax and anything to do with wimax, however am still havinga challenge and this is why i need help from the list of people that have done it and it has worked for them, i do not want to waste your precious time. Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Tuesday, March 6, 2012 2:59 PM Subject: Re: Wimax with Free radius Mulindwa wrote: > I have actually changed the my eap.conf file and have it with > default_eap_type = ttls > > However still wimax client cannot connect even when i have enabled > password for him, what could i be doing wrong? You're not follow instructions. If you don't read the answers on this list, you have no business posting questions here. The list policy says that if you keep this up, you will be unsubscribed and banned. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
Thanks Alan, I have actually changed the my eap.conf file and have it with default_eap_type = ttls However still wimax client cannot connect even when i have enabled password for him, what could i be doing wrong? Thanks for your support Alan Eric M From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Tuesday, March 6, 2012 2:38 PM Subject: Re: Wimax with Free radius Mulindwa wrote: > am still having a challenge and seeking your guidance, i have this > account in my users file as shown below; > > However, client still can not connect and this is the log below, what > could be the issue? The debug output is the same, so the problem is the same. This question was already asked and answered. Go look in your email history for the answer. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
Hi Fajar and Alan,
am still having a challenge and seeking your guidance, i have this account in
my users file as shown below;
reporter@utmax Cleartext-Password := "atom"
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Fall-Through = 0
However, client still can not connect and this is the log below, what could be
the issue?
rad_recv: Access-Request packet from host 196.0.4.18 port 1812, id=249,
length=189
User-Name = "reporter@utmax"
NAS-IP-Address = 192.168.224.70
Calling-Station-Id = "0c4c39b782dd"
NAS-Identifier = "WASN9770"
Event-Timestamp = "Mar 6 2012 14:33:06 EAT"
EAP-Message = 0x02010013017265706f727465724075746d6178
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-BS-Id = 0x303030303038303366633230
WiMAX-GMT-Timezone-offset = 10800
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 3
Service-Type = Framed-User
Message-Authenticator = 0xc547707138b93ae18c61dc60ebd63974
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120306
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120306
[auth_log] expand: %t -> Tue Mar 6 14:18:26 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
++[wimax] returns ok
[suffix] Looking up realm "utmax" for User-Name = "reporter@utmax"
[suffix] Found realm "utmax"
[suffix] Adding Realm = "utmax"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 19
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry reporter@utmax at line 134
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 249 to 196.0.4.18 port 1812
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 255.255.255.254
Framed-Netmask = 255.255.255.255
EAP-Message = 0x0102001604105bb61822dad6bbb70866f6e6fd6800b5
Message-Authenticator = 0x
State = 0xdfea5fdcdfe85b2a10496a6255f7cdae
Finished request 33
Eric M
From: Fajar A. Nugraha
To: FreeRadius users mailing list
Sent: Tuesday, March 6, 2012 1:10 PM
Subject: Re: Wimax with Free radius
On Tue, Mar 6, 2012 at 4:11 PM, Alan DeKok wrote:
> Mulindwa wrote:
>> So far looks good only that users are not authenticating yet.
>
> You cannot set "Auth-Type := Accept" for WiMAX connections. It won't
> work. It's impossible.
>
Ooops. My bad.
Wiki updated.
--
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius crash during EAP-TTLS authentication
Hi Thomas, How did manage to configure Freeradius with Huawei NAS, its a big challenge to me, have still failed. Eric M From: Thomas Fagart To: freeradius-users@lists.freeradius.org Sent: Tuesday, March 6, 2012 12:19 PM Subject: Freeradius crash during EAP-TTLS authentication Hello, Since more than a year we're doing EAP-TTLS to authenticate Wimax Users on Alcatel and Huawei NASes. Last week we've migrate Motorola authentication on freeradius. (no more radiator :-) ). But then we've experienced freeradius crash. Informations : Software : Freeradius 2.1.12 OS : Freebsd8.0p4 64bits Users : Huawei = 500 users -> 0,5 requests per second Alcatel = 1500 users -> 2 requests per second Motorola = 8000 users -> 5 requests per second The crash usually happen when home servers (ISP radius) does not respond, then the radius load goes up to 50/60 requests per second and after 40/50 minutes the radius crash. Logs : Tue Mar 6 00:40:17 2012 : Info: [eap_moto] Request found, released from the list Tue Mar 6 00:40:17 2012 : Info: [eap_moto] EAP/ttls Tue Mar 6 00:40:17 2012 : Info: [eap_moto] processing type ttls Tue Mar 6 00:40:17 2012 : Info: [ttls] Authenticate Tue Mar 6 00:40:17 2012 : Info: [ttls] processing EAP-TLS Tue Mar 6 00:40:17 2012 : Info: [ttls] eaptls_verify returned 7 Tue Mar 6 00:40:17 2012 : Info: [ttls] Done initial handshake Tue Mar 6 00:40:17 2012 : Info: [ttls] (other): before/accept initialization Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: before/accept initialization Tue Mar 6 00:40:17 2012 : Info: [ttls] <<< TLS 1.0 Handshake [length 0053], ClientHello Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 read client hello A Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 002a], ServerHello Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write server hello A Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 0b56], Certificate Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write certificate A Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 018d], ServerKeyExchange Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write key exchange A Tue Mar 6 00:40:17 2012 : Info: [ttls] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 write server done A Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: SSLv3 flush data Tue Mar 6 00:40:17 2012 : Info: [ttls] TLS_accept: Need to read more data: SSLv3 read client certificate A Tue Mar 6 00:40:17 2012 : Debug: In SSL Handshake Phase Tue Mar 6 00:40:17 2012 : Debug: In SSL Accept mode Tbash: [65774: 2 (255)] tcsetattr: Interrupted system call Killed: 9 It seems this is more related to SSL issue ? Could you confirm this idea is correct ? I can compile the radius in gdb to get more information if this is usefull. Thanks Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
Dear All, I also have this info, do i need to have it in my free radius? Server Root CA Cert. Info /C=US/O=WiMAX Forum(R)/CN=WiMAX Forum(R) Server Root - CA1 Device Cert. Info /C=TW/O=MitraStar Technology/OU=WiMAX Forum(R) Devices/CN=0C4C39b7830b WiMAX Series Eric M From: Fajar A. Nugraha To: Mulindwa ; FreeRadius users mailing list Sent: Tuesday, March 6, 2012 10:35 AM Subject: Re: Wimax with Free radius On Tue, Mar 6, 2012 at 2:28 PM, Mulindwa wrote: > Hi there, > > How can i use my free radius to authenticate users of a certain realm with > them using any password Start by reading http://wiki.freeradius.org/FAQ#How+do+I+permit+access+to+any+user+regardless+of+password%3F -- Fajar- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
Fajar,
So far looks good only that users are not authenticating yet.
Please see the log i have;
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
Login OK: [cccl@utmax/] (from client Wimax port 0 cli
6416f0010cbf)
# Executing section post-auth from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[reply_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/196.0.4.18/reply-detail-20120306
[reply_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/196.0.4.18/reply-detail-20120306
[reply_log] expand: %t -> Tue Mar 6 12:23:04 2012
++[reply_log] returns ok
[sql_log] Processing sql_log_postauth
[sql_log] expand: %{User-Name} -> cccl@utmax
[sql_log] expand: %{%{User-Name}:-DEFAULT} -> cccl@utmax
[sql_log] sql_set_user escaped user --> 'cccl@utmax'
[sql_log] WARNING: Deprecated conditional expansion ":-". See "man unlang" for
details
[sql_log] ... expanding second conditional
[sql_log] expand: Chap-Password -> Chap-Password
[sql_log] expand: INSERT INTO radpostauth (username,
pass, reply, authdate) VALUES ('%{User-Name}',
'%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', '%S');
-> INSERT INTO radpostauth (username, pass, reply,
authdate) VALUES ('cccl@utmax',
'Chap-Password', 'Access-Accept', '2012-03-06 12:23:04');
[sql_log] expand: /usr/local/var/log/radius/radacct/sql-relay ->
/usr/local/var/log/radius/radacct/sql-relay
++[sql_log] returns ok
++[exec] returns noop
expand: %{User-Name} -> cccl@utmax
++[request] returns noop
expand: %{EAP-MSK} ->
++[reply] returns noop
[wimax] No EAP-MSK or EAP-EMSK. Cannot create WiMAX keys. i wonder what this
error means
++[wimax] returns noop
Sending Access-Accept of id 16 to 196.0.4.18 port 1812
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 255.255.255.254
Framed-Netmask = 255.255.255.255
WiMAX-FA-RK-Key = 0x00
WiMAX-MSK = 0x
The entry i have in my users's file is this
DEFAULT Auth-Type :=Accept
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 255.255.255.254,
Framed-Netmask = 255.255.255.255,
Fall-Through = 0
Eric M
From: Fajar A. Nugraha
To: Mulindwa
Cc: FreeRadius users mailing list
Sent: Tuesday, March 6, 2012 11:22 AM
Subject: Re: Wimax with Free radius
On Tue, Mar 6, 2012 at 3:16 PM, Mulindwa wrote:
> Thanks Fajar,
> My users are using EAP-TTLS, is there a possibility to have them connect
> without a password
See http://wiki.freeradius.org/Protocol%20Compatibility
or to be specific, just the paragraph under the table :)
--
Fajar-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
Thanks Fajar, My users are using EAP-TTLS, is there a possibility to have them connect without a password Eric M From: Fajar A. Nugraha To: Mulindwa ; FreeRadius users mailing list Sent: Tuesday, March 6, 2012 10:35 AM Subject: Re: Wimax with Free radius On Tue, Mar 6, 2012 at 2:28 PM, Mulindwa wrote: > Hi there, > > How can i use my free radius to authenticate users of a certain realm with > them using any password Start by reading http://wiki.freeradius.org/FAQ#How+do+I+permit+access+to+any+user+regardless+of+password%3F -- Fajar- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
Hi there, How can i use my free radius to authenticate users of a certain realm with them using any password EM - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
34 ID 180 with timestamp +262 Sending delayed reject for request 4404 Sending Access-Reject of id 250 to 196.0.4.18 port 10002 Message-Authenticator = 0x EAP-Message = 0x04010004 Eric M ____ From: Alan DeKok To: Mulindwa ; FreeRadius users mailing list Sent: Monday, March 5, 2012 2:28 PM Subject: Re: Wimax with Free radius Mulindwa wrote: > Hallo there, i have an issue with my wimax setup, am trying to have my > users authenticate using the wonderful freeradius but still failing. > > Am suing WASN9970 and using freeradius 2.1.12, > > When i turn on radius using radius-X, this is what i get, and client > never authenticates > someone please come to my rescue The NAS isn't seeing the response from the RADIUS server. This isn't a RADIUS issue. It's that your network is broken. Alan DeKok.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Wimax with Free radius
I have it enabled
Eric M
From: David Peterson
To: freeradius-users@lists.freeradius.org
Sent: Monday, March 5, 2012 2:46 PM
Subject: RE: Wimax with Free radius
Did you enable the WiMax module?
David
From:freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org
[mailto:freeradius-users-bounces+davidp=wirelessconnections@lists.freeradius.org]
On Behalf Of Mulindwa
Sent: Monday, March 05, 2012 6:16 AM
To: freeradius-users@lists.freeradius.org
Subject: RE: Wimax with Free radius
Hallo there, i have an issue with my wimax setup, am trying to have my users
authenticate using the wonderful freeradius but still failing.
Am suing WASN9970 and using freeradius 2.1.12,
When i turn on radius using radius-X, this is what i get, and client never
authenticates
someone please come to my rescue
istening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 196.0.4.18 port 1812, id=250,
length=187
User-Name = "gulucdp@utmax"
NAS-IP-Address = 192.168.224.70
Calling-Station-Id = "6416f00100e1"
NAS-Identifier = "WASN9770"
Event-Timestamp = "Mar 5 2012 09:14:53 EAT"
EAP-Message = 0x020100120167756c756364704075746d6178
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-BS-Id = 0x303030303038316235393030
WiMAX-GMT-Timezone-offset = 10800
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 3
Service-Type = Framed-User
Message-Authenticator = 0x143b601c01eca1d4595511b0a81c0d78
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120305
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120305
[auth_log] expand: %t -> Mon Mar 5 08:59:56 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
++[wimax] returns ok
[suffix] Looking up realm "utmax" for User-Name = "gulucdp@utmax"
[suffix] Found realm "utmax"
[suffix] Adding Realm = "utmax"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 18
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 125
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 250 to 196.0.4.18 port 1812
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 255.255.255.254
Framed-Netmask = 255.255.255.255
EAP-Message = 0x0102001604101bd377e252fa3b4f59a9210cb6a3fdfb
Message-Authenticator = 0x
State = 0x0dc4c5bf0dc6c1ff885e3d68e8e55b4e
Finished request 0.
Eric M
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Wimax with Free radius
Hallo there, i have an issue with my wimax setup, am trying to have my users
authenticate using the wonderful freeradius but still failing.
Am suing WASN9970 and using freeradius 2.1.12,
When i turn on radius using radius-X, this is what i get, and client never
authenticates
someone please come to my rescue
istening on authentication address 127.0.0.1 port 18120 as server inner-tunnel
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 196.0.4.18 port 1812, id=250,
length=187
User-Name = "gulucdp@utmax"
NAS-IP-Address = 192.168.224.70
Calling-Station-Id = "6416f00100e1"
NAS-Identifier = "WASN9770"
Event-Timestamp = "Mar 5 2012 09:14:53 EAT"
EAP-Message = 0x020100120167756c756364704075746d6178
WiMAX-Release = "1.1"
WiMAX-Accounting-Capabilities = Flow-Based
WiMAX-BS-Id = 0x303030303038316235393030
WiMAX-GMT-Timezone-offset = 10800
NAS-Port-Type = Wireless-802.16
WiMAX-Available-In-Client = 3
Service-Type = Framed-User
Message-Authenticator = 0x143b601c01eca1d4595511b0a81c0d78
# Executing section authorize from file
/usr/local/etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120305
[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/196.0.4.18/auth-detail-20120305
[auth_log] expand: %t -> Mon Mar 5 08:59:56 2012
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
++[digest] returns noop
++[wimax] returns ok
[suffix] Looking up realm "utmax" for User-Name = "gulucdp@utmax"
[suffix] Found realm "utmax"
[suffix] Adding Realm = "utmax"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 1 length 18
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 125
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = EAP
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type md5
rlm_eap_md5: Issuing Challenge
++[eap] returns handled
Sending Access-Challenge of id 250 to 196.0.4.18 port 1812
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 255.255.255.254
Framed-Netmask = 255.255.255.255
EAP-Message = 0x0102001604101bd377e252fa3b4f59a9210cb6a3fdfb
Message-Authenticator = 0x
State = 0x0dc4c5bf0dc6c1ff885e3d68e8e55b4e
Finished request 0.
Eric M-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
