[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Freeradius-Users Digest, Vol 128, Issue 64
From: <dahili.network () gmail ! com>
Date: 2015-12-22 20:17:08
Message-ID: 3601A2FBE58F40EBBB8A227CB9A76A6C () pc
[Download RAW message or body]
Dear friends,
i read message from
http://lists.freeradius.org/pipermail/freeradius-users/2013-January/064662.html
so i know many people are experianced with freeradius
please let me know if you are available to write custom config file for me?
i use FreeRadius + MySQL + Radius Manager (DMA-Soft)
ppoe user that created in RM for example test@test.com succesfuly loged in
to MikroTik nas
with radius offered ip pool or radius offered statik ip
when users service expired
as a user there is no way to know if is fault or service expired
what i need
regexp user *@test.com
regexp get ip from sql ip pool named "expired"
ip pool from mysql "expired"
gateway 1.1.1.1 (this will open status page from our server)
update reply {
DHCP-Domain-Name-Server = 8.8.8.8
DHCP-Domain-Name-Server += 8.8.4.4
DHCP-Subnet-Mask = 255.255.255.255
DHCP-Router-Address = 1.1.1.1
DHCP-IP-Address-Lease-Time = 7200
DHCP-DHCP-Server-Identifier = 1.1.1.1
}
my best regards
oguz
----- Original Message -----
From: <freeradius-users-request@lists.freeradius.org>
To: <freeradius-users@lists.freeradius.org>
Sent: Tuesday, December 22, 2015 6:13 PM
Subject: Freeradius-Users Digest, Vol 128, Issue 64
> Send Freeradius-Users mailing list submissions to
> freeradius-users@lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> freeradius-users-request@lists.freeradius.org
>
> You can reach the person managing the list at
> freeradius-users-owner@lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
> 1. Re: Freeradius + LDAP - WARNING: No "known good" password was
> found in LDAP (Anirudh Malhotra)
> 2. Re: Freeradius + LDAP - WARNING: No "known good" password was
> found in LDAP (Kermes - -)
> 3. Proxy server rejects/failed auth request (srithar jeevadurai)
> 4. Re: Problem with handshake (Mario Guerri Maglia)
> 5. Re: Compilation error (Alan DeKok)
> 6. Re: Problem with handshake (Alan DeKok)
> 7. Re: Proxy server rejects/failed auth request (srithar jeevadurai)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 22 Dec 2015 17:10:31 +0530
> From: Anirudh Malhotra <amalhotra.sp-dl@nkn.in>
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Subject: Re: Freeradius + LDAP - WARNING: No "known good" password was
> found in LDAP
> Message-ID: <567936AF.8040003@nkn.in>
> Content-Type: text/plain; CHARSET=US-ASCII; format=flowed
>
> Hi,
>
> Your LDAP is returning ok
>
> So the only problem is
> unhash
> Auth-Type LDAP {
> ldap
> }
>
> from authenticate section and check.
>
> BR,
> Anirudh Malhotra
>
> On Monday 21 December 2015 07:30 PM, Alan DeKok wrote:
>> On Dec 21, 2015, at 3:38 AM, Kermes - - <kermes@gmx.es> wrote:
>>> I need some help with my freeradius + LDAP configuration, I'm stuck
>>> with a "WARNING: No "known good" password was found in LDAP" message,
>>> and I don't know how to continue with the debugging of this problem.
>> The user isn't found in LDAP. The debug output shows that, including
>> the LDAP query.
>>
>>> First, versions:
>>> freeradius-ldap-2.2.6-6.el6_7.x86_64
>>> freeradius-2.2.6-6.el6_7.x86_64
>>>
>>> This is the output from "radiusd -X":
>> The debug output is from "radiusd -Xx", which adds timestamps... and
>> makes the output more difficult to read. Please use just "radiusd -X".
>>> Mon Dec 21 08:14:30 2015 : Debug: [ldap] performing search in
>>> ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local with
>>> filter
>>> (uid=test)
>>> Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for check items in
>>> directory...
>>> Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for reply items in
>>> directory...
>> And nothing was found.
>>
>> What happens when you use that LDAP search string in an LDAP client
>> utility?
>>
>> Test it with an LDAP client. Once you get the search string correct,
>> fix the FreeRADIUS query to use the correct search string.
>>
>>> basedn =
>>> "ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local"
>>> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
>> One or both of those is wrong for your LDAP system.
>>
>> I don't know what the *right* query is, because I don't know your how
>> LDAP system is set up.
>>
>> Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
>
>
> ------------------------------
>
> Message: 2
> Date: Tue, 22 Dec 2015 15:03:52 +0100
> From: "Kermes - -" <kermes@gmx.es>
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Freeradius + LDAP - WARNING: No "known good" password was
> found in LDAP
> Message-ID:
> <trinity-c224afb0-39a9-48d3-b0ac-f8cc5577644e-1450793032362@3capp-mailcom-bs05>
>
> Content-Type: text/plain; charset="UTF-8"
>
> Hi Anirudh,
>
> that was exactly my problem, the authenticate section!
>
> Thanks a lot!
> BR
>
> Enviar: martes 22 de diciembre de 2015 a las 12:40
> De: "Anirudh Malhotra" <amalhotra.sp-dl@nkn.in>
> Para: "FreeRadius users mailing list"
> <freeradius-users@lists.freeradius.org>
> Asunto: Re: Freeradius + LDAP - WARNING: No "known good" password was
> found in LDAP
> Hi,
> Your LDAP is returning ok
> So the only problem is
> unhash
> Auth-Type LDAP {
> ldap
> }
> from authenticate section and check.
> BR,
> Anirudh Malhotra
> On Monday 21 December 2015 07:30 PM, Alan DeKok wrote:
> > On Dec 21, 2015, at 3:38 AM, Kermes - - <kermes@gmx.es> wrote:
> >> I need some help with my freeradius + LDAP configuration, I'm stuck
> >> with a "WARNING: No "known good" password was found in LDAP"
> message,
> >> and I don't know how to continue with the debugging of this problem.
> > The user isn't found in LDAP. The debug output shows that, including
> the LDAP query.
> >
> >> First, versions:
> >> freeradius-ldap-2.2.6-6.el6_7.x86_64
> >> freeradius-2.2.6-6.el6_7.x86_64
> >>
> >> This is the output from "radiusd -X":
> > The debug output is from "radiusd -Xx", which adds timestamps... and
> makes the output more difficult to read. Please use just "radiusd -X".
> >> Mon Dec 21 08:14:30 2015 : Debug: [ldap] performing search in
> >> ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local with
> filter
> >> (uid=test)
> >> Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for check items in
> >> directory...
> >> Mon Dec 21 08:14:30 2015 : Info: [ldap] looking for reply items in
> >> directory...
> > And nothing was found.
> >
> > What happens when you use that LDAP search string in an LDAP client
> utility?
> >
> > Test it with an LDAP client. Once you get the search string correct,
> fix the FreeRADIUS query to use the correct search string.
> >
> >> basedn =
> >> "ou=users,cn=secdb,cn=data,ou=ALL,ou=infra,dc=infra,dc=local"
> >> filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
> > One or both of those is wrong for your LDAP system.
> >
> > I don't know what the *right* query is, because I don't know your how
> LDAP system is set up.
> >
> > Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> [1]http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See
> [2]http://www.freeradius.org/list/users.html
>
> References
>
> 1. http://www.freeradius.org/list/users.html
> 2. http://www.freeradius.org/list/users.html
>
>
> ------------------------------
>
> Message: 3
> Date: Tue, 22 Dec 2015 19:53:48 +0530
> From: srithar jeevadurai <srijeevadurai1@gmail.com>
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Subject: Proxy server rejects/failed auth request
> Message-ID:
> <CAC5rx4xtLWJcytnjhfxeVXzxm2DnvmVLEq6rYs==12nyFA4BAg@mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Hi Friends,
>
> I have created the proxy setup ready and made configuration changes as per
> my knowledge.
>
> While trying to send request from NAS simulator, it is giving below error
> message in radius.log
>
> *Tue Dec 22 19:36:46 2015 : Auth: Login incorrect: [asdf@company.com
> <asdf@company.com>] (from client 234.224.654.123 port 16679 cli
> 355545455)*
>
>
> config file Users has below difference compare to installation file users.
> Can you please help me to fix the same?
>
>
>
> < DEFAULT Service-Type == Framed-User, Framed-Protocol == 7
> < Framed-IP-Netmask = 255.255.255.255,
> < MS-Primary-DNS-Server == 195.68.0.1,
> < MS-Secondary-DNS-Server == 195.68.0.2,
> < Service-Type == Framed-User,
> < Framed-Protocol == 7,
> < Fall-Through == no
>
> One more request, I could not find any connection between proxy radius and
> home server radius, Is the connection only happen when it is required?
> i.e.
> while sending request from proxy to home server.
>
>
>
> --
> Regards,
> Srithar Durairaj
> Alternate Mail I.D: srijeevadurai1@yahoo.co.in
> Mobile: +919886251852
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 22 Dec 2015 12:41:55 -0300
> From: Mario Guerri Maglia <mario.guerri@seciu.edu.uy>
> To: freeradius-users@lists.freeradius.org
> Subject: Re: Problem with handshake
> Message-ID: <56796F43.1000901@seciu.edu.uy>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> Hi,
>
> sadly the hints you gave me didn't work.
> First of all I must say I'm a new user of FreeRadius, so I'll try to
> give a detailed explanation of my problem.
>
> In the begining the radius was functioning ok, the authentication was
> ok, it consulted the LDAP and if the user was right, the user could
> connect to the Wi-Fi. We had few defined users and for many weeks nobody
> connected to it.
>
> After that we tried to connect again and this error message appeared:
>
> Tue Nov 17 11:26:04 2015 : Error: TLS Alert read:fatal:handshake failure
> Tue Nov 17 11:26:04 2015 : Error: TLS_accept: failed in SSLv3 read
> client certificate A
> Tue Nov 17 11:26:04 2015 : Error: rlm_eap: SSL error error:14094410:SSL
> routines:SSL3_READ_BYTES:sslv3 alert handshake failure
> Tue Nov 17 11:26:04 2015 : Error: SSL: SSL_read failed inside of TLS
> (-1), TLS session fails.
> Tue Nov 17 11:26:04 2015 : Auth: Login incorrect (TLS Alert
> read:fatal:handshake failure): [mguerri] (from client AP_RAU_red_2 port
> 8 cli CC-AF-78-2B-9F-65) Usuario Rechazado
>
>
> So now the users can't connect, more precisely some devices can't
> connect. For example some notebooks with Ubuntu 14.04 and newer mobile
> phones with android. But on the other hand some older movile phones with
> android can connect to the Wi-Fi, the user is validated.
>
> Previously to write to the list I found in the Internet the problem was
> related to the size of the certification and the solution was to
> generate cerfication of 2048 size. Because ours were of 1024. I changed
> it the size to 2048 and after that I did these:
>
> openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out
> cacert.pem
>
> openssl req -new -keyout radius.key -out radius.seciu.edu.uy.csr -days
> 3650
>
> openssl ca -policy policy_anything -out radius.seciu.edu.uy.crt
> -extensions xpserver_ext -extfile xpextensions -infiles
> radius.seciu.edu.uy.csr
>
> openssl x509 -inform PEM -outform DER -in cacert.pem -out ca.der
>
> openssl dhparam -check -text -5 512 -out dh
>
> dd if=/dev/urandom of=random count=2
>
>
> But it didn't function, the message is the same.
>
> I did what you told me to do, I passed cacert.pem, radius.key and
> radius.seciu.edu.uy.crt to the client. But I got the same error message.
> I don't realize what am I doing wrong...
>
> Hope you can help me, thanks in advance
>
>
> Mario
>
>
>
> ------------------------------
>
> Message: 5
> Date: Tue, 22 Dec 2015 10:42:47 -0500
> From: Alan DeKok <aland@deployingradius.com>
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Subject: Re: Compilation error
> Message-ID: <FD5AC9BB-0D65-46DA-AD54-81EFFEFF918D@deployingradius.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Dec 22, 2015, at 4:27 AM, srithar jeevadurai <srijeevadurai1@gmail.com>
> wrote:
>> I am getting below error message while compiling freeRadius.
>
> Use a recent version of OpenSSL.
>
> Alan DeKok.
>
>
>
>
> ------------------------------
>
> Message: 6
> Date: Tue, 22 Dec 2015 10:46:16 -0500
> From: Alan DeKok <aland@deployingradius.com>
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Subject: Re: Problem with handshake
> Message-ID: <B0DDD21F-20B2-4925-8363-D332753993C8@deployingradius.com>
> Content-Type: text/plain; charset=us-ascii
>
> On Dec 22, 2015, at 10:41 AM, Mario Guerri Maglia
> <mario.guerri@seciu.edu.uy> wrote:
>> sadly the hints you gave me didn't work.
>
> Did you follow the instructions?
>
> If so, *which step* failed? Simply saying "it didn't work" is unhelpful.
>
>> First of all I must say I'm a new user of FreeRadius, so I'll try to give
>> a detailed explanation of my problem.
>
> That's good. But I pointed you to detailed documentation which says how
> to get this to work. Did you follow it?
>
>> In the begining the radius was functioning ok, the authentication was ok,
>> it consulted the LDAP and if the user was right, the user could connect
>> to the Wi-Fi. We had few defined users and for many weeks nobody
>> connected to it.
>>
>> After that we tried to connect again and this error message appeared:
>
> Which you already said. There's no need to post it again.
>
>> Previously to write to the list I found in the Internet the problem was
>> related to the size of the certification and the solution was to generate
>> cerfication of 2048 size. Because ours were of 1024. I changed it the
>> size to 2048 and after that I did these:
>
> The directory raddb/certs contains configuration files and scripts which
> create new certificates. Did you use them?
>
> Apparently not.
>
>> But it didn't function, the message is the same.
>
> Running server-side OpenSSL scripts doesn't change the client
> configuration.
>
>> I did what you told me to do, I passed cacert.pem, radius.key and
>> radius.seciu.edu.uy.crt to the client. But I got the same error message.
>> I don't realize what am I doing wrong...
>
> You need to follow the instructions *exactly*. And if something goes
> wrong, say *which* step is going wrong.
>
> Alan DeKok.
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Tue, 22 Dec 2015 21:43:15 +0530
> From: srithar jeevadurai <srijeevadurai1@gmail.com>
> To: FreeRadius users mailing list
> <freeradius-users@lists.freeradius.org>
> Subject: Re: Proxy server rejects/failed auth request
> Message-ID:
> <CAC5rx4xDxQb7jGC0Gt1pWFtb0HQJZ21O_LmUygV5pcs_Nj8Q3w@mail.gmail.com>
> Content-Type: text/plain; charset=UTF-8
>
> Hi Team,
>
> Do we need to keep listen config as below for proxy server?
>
> File: radiusd.conf
>
> -- auth proxy
> listen {
> ipaddr = 234.223.454.556
> port = 1812
> type = proxy
> }
>
> --account proxy
> listen {
> ipaddr = 234.223.454.556
> port = 1813
> type = proxy
> }
>
>
>
>
> On Tue, Dec 22, 2015 at 7:53 PM, srithar jeevadurai <
> srijeevadurai1@gmail.com> wrote:
>
>> Hi Friends,
>>
>> I have created the proxy setup ready and made configuration changes as
>> per
>> my knowledge.
>>
>> While trying to send request from NAS simulator, it is giving below error
>> message in radius.log
>>
>> *Tue Dec 22 19:36:46 2015 : Auth: Login incorrect: [asdf@company.com
>> <asdf@company.com>] (from client 234.224.654.123 port 16679 cli
>> 355545455)*
>>
>>
>> config file Users has below difference compare to installation file
>> users.
>> Can you please help me to fix the same?
>>
>>
>>
>> < DEFAULT Service-Type == Framed-User, Framed-Protocol == 7
>> < Framed-IP-Netmask = 255.255.255.255,
>> < MS-Primary-DNS-Server == 195.68.0.1,
>> < MS-Secondary-DNS-Server == 195.68.0.2,
>> < Service-Type == Framed-User,
>> < Framed-Protocol == 7,
>> < Fall-Through == no
>>
>> One more request, I could not find any connection between proxy radius
>> and
>> home server radius, Is the connection only happen when it is required?
>> i.e.
>> while sending request from proxy to home server.
>>
>>
>>
>> --
>> Regards,
>> Srithar Durairaj
>> Alternate Mail I.D: srijeevadurai1@yahoo.co.in
>> Mobile: +919886251852
>>
>>
>>
>
>
> --
> Regards,
> Srithar Durairaj
> Alternate Mail I.D: srijeevadurai1@yahoo.co.in
> Mobile: +919886251852
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
> ------------------------------
>
> End of Freeradius-Users Digest, Vol 128, Issue 64
> *************************************************
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic