my radius.conf file is <br><br><br> # the check-name attribute before any module which sets<br> # it<br># daily<br>}<br><br># Authorization. First preprocess (hints and huntgroups files),<br># then realms, and finally look in the "users" file.<br>#<br># The order of the realm modules will determine the order that<br># we try to find a matching realm.<br>#<br># Make *sure* that 'preprocess' comes before any realm if you<br># need to setup hints for the remote radius server<br>authorize {<br> #<br> # The preprocess module takes care of sanitizing some bizarre<br> # attributes in the request, and turning them into attributes<br> #
which are more standard.<br> #<br> # It takes care of processing the 'raddb/hints' and the<br> # 'raddb/huntgroups' files.<br> #<br> # It also adds the %{Client-IP-Address} attribute to the request.<br> preprocess<br><br> #<br> # If you want to have a log of authentication requests,<br> # un-comment the following line, and the 'detail auth_log'<br> # section, above.<br># auth_log<br><br># attr_filter<br><br>
#<br> # The chap module will set 'Auth-Type := CHAP' if we are<br> # handling a CHAP request and Auth-Type has not already been set<br> chap<br><br> #<br> # If the users are logging in with an MS-CHAP-Challenge<br> # attribute for authentication, the mschap module will find<br> # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'<br> # to the request, which will cause the server to then use<br> # the mschap module for authentication.<br> mschap<br><br>
#<br> # If you have a Cisco SIP server authenticating against<br> # FreeRADIUS, uncomment the following line, and the 'digest'<br> # line in the 'authenticate' section.<br># digest<br><br> #<br> # Look for IPASS style 'realm/', and if not found, look for<br> # '@realm', and decide whether or not to proxy, based on<br> # that.<br># IPASS<br><br> #<br> # If you are using multiple kinds of realms, you probably<br> # want to set "ignore_null =
yes" for all of them.<br> # Otherwise, when the first style of realm doesn't match,<br> # the other styles won't be checked.<br> #<br> suffix<br># ntdomain<br><br> #<br> # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP<br> # authentication.<br> #<br> # It also sets the EAP-Type attribute in the request<br> # attribute list to the EAP type from the packet.<br> eap<br><br>
#<br> # Read the 'users' file<br> files<br><br> #<br> # Look in an SQL database. The schema of the database<br> # is meant to mirror the "users" file.<br> #<br> # See "Authorization Queries" in sql.conf<br> sql<br> noresetcounter<br> dailycounter<br> monthlycounter<br> #<br> # If you are using /etc/smbpasswd, and are also doing<br> # mschap
authentication, the un-comment this line, and<br> # configure the 'etc_smbpasswd' module, above.<br># etc_smbpasswd<br><br> #<br> # The ldap module will set Auth-Type to LDAP if it has not<br> # already been set<br># ldap<br><br> #<br> # Enforce daily limits on time spent logged in.<br># daily<br><br> #<br> # Use the checkval module<br># checkval<br><br> #<br> # As of 1.1.4, you should list "pap"
last in this section.<br> # See "man rlm_pap" for more information.<br> pap<br>}<br><br><br># Authentication.<br>#<br>#<br># This section lists which modules are available for authentication.<br># Note that it does NOT mean 'try each module in order'. It means<br># that a module from the 'authorize' section adds a configuration<br># attribute 'Auth-Type := FOO'. That authentication type is then<br># used to pick the apropriate module from the list below.<br>#<br><br># In general, you SHOULD NOT set the Auth-Type attribute. The server<br># will figure it out on its own, and will do the right thing. The<br># most common side effect of erroneously setting the Auth-Type<br># attribute is that one authentication method will work, but the<br># others will not.<br>#<br># The common reasons to set the
Auth-Type attribute by hand<br># is to either forcibly reject the user, or forcibly accept him.<br>#<br>authenticate {<br> #<br> # PAP authentication, when a back-end database listed<br> # in the 'authorize' section supplies a password. The<br> # password can be clear-text, or encrypted.<br> Auth-Type PAP {<br> pap<br> }<br><br> #<br> # Most people want CHAP authentication<br> # A back-end database listed in the 'authorize'
section<br> # MUST supply a CLEAR TEXT password. Encrypted passwords<br> # won't work.<br> Auth-Type CHAP {<br> chap<br> }<br><br> #<br> # MSCHAP authentication.<br> Auth-Type MS-CHAP {<br> mschap<br> }<br><br> #<br> # If you have a Cisco SIP server authenticating against<br> # FreeRADIUS, uncomment the
following line, and the 'digest'<br> # line in the 'authorize' section.<br># digest<br><br> #<br> # Pluggable Authentication Modules.<br># pam<br><br> #<br> # See 'man getpwent' for information on how the 'unix'<br> # module checks the users password. Note that packets<br> # containing CHAP-Password attributes CANNOT be authenticated<br> # against /etc/passwd! See the FAQ for details.<br> #<br>
unix<br><br> # Uncomment it if you want to use ldap for authentication<br> #<br> # Note that this means "check plain-text password against<br> # the ldap database", which means that EAP won't work,<br> # as it does not supply a plain-text password.<br># Auth-Type LDAP {<br># ldap<br># }<br><br> #<br> # Allow EAP authentication.<br> eap<br>}<br><br><br>#<br># Pre-accounting. Decide which accounting type to use.<br>#<br>preacct {<br>
preprocess<br><br> #<br> # Ensure that we have a semi-unique identifier for every<br> # request, and many NAS boxes are broken.<br> acct_unique<br><br> #<br> # Look for IPASS-style 'realm/', and if not found, look for<br> # '@realm', and decide whether or not to proxy, based on<br> # that.<br> #<br> # Accounting requests are generally proxied to the same<br> # home server as authentication requests.<br>#
IPASS<br> suffix<br># ntdomain<br><br> #<br> # Read the 'acct_users' file<br> files<br>}<br><br>#<br># Accounting. Log the accounting data.<br>#<br>accounting {<br> #<br> # Create a 'detail'ed log of the packets.<br> # Note that accounting requests which are proxied<br> # are also logged in the detail file.<br> detail<br># daily<br><br> # Update the wtmp file<br>
#<br> # If you don't use "radlast", you can delete this line.<br> unix<br><br> #<br> # For Simultaneous-Use tracking.<br> #<br> # Due to packet losses in the network, the data here<br> # may be incorrect. There is little we can do about it.<br> radutmp<br># sradutmp<br><br> # Return an address to the IP Pool when we see a stop record.<br># main_pool<br><br> #<br> # Log traffic to an SQL
database.<br> #<br> # See "Accounting queries" in sql.conf<br> sql<br><br> #<br> # Instead of sending the query to the SQL server,<br> # write it into a log file.<br> #<br># sql_log<br><br> # Cisco VoIP specific bulk accounting<br># pgsql-voip<br><br>}<br><br><br># Session database, used for checking Simultaneous-Use. Either the radutmp<br># or rlm_sql module can handle this.<br># The rlm_sql module is *much* faster<br>session {<br> #radutmp<br><br>
#<br> # See "Simultaneous Use Checking Querie" in sql.conf<br> sql<br>}<br><br><br># Post-Authentication<br># Once we KNOW that the user has been authenticated, there are<br># additional steps we can take.<br>post-auth {<br> # Get an address from the IP Pool.<br># main_pool<br><br> #<br> # If you want to have a log of authentication replies,<br> # un-comment the following line, and the 'detail reply_log'<br> # section, above.<br># reply_log<br><br> #<br> # After authenticating
the user, do another SQL query.<br> #<br> # See "Authentication Logging Queries" in sql.conf<br> sql<br><br> #<br> # Instead of sending the query to the SQL server,<br> # write it into a log file.<br> #<br># sql_log<br><br> #<br> # Un-comment the following if you have set<br> # 'edir_account_policy_check = yes' in the ldap module sub-section of<br> # the 'modules' section.<br>
#<br># ldap<br> #<br> # Access-Reject packets are sent through the REJECT sub-section of the<br> # post-auth section.<br> # Uncomment the following and set the module name to the ldap instance<br> # name if you have set 'edir_account_policy_check = yes' in the ldap<br> # module sub-section of the 'modules' section.<br> #<br># Post-Auth-Type REJECT {<br># insert-module-name-here<br># }<br><br>}<br><br>#<br># When the server decides to proxy a request to a home
server,<br># the proxied request is first passed through the pre-proxy<br># stage. This stage can re-write the request, or decide to<br># cancel the proxy.<br>#<br># Only a few modules currently have this method.<br>#<br>pre-proxy {<br># attr_rewrite<br><br> # Uncomment the following line if you want to change attributes<br> # as defined in the preproxy_users file.<br># files<br><br> # If you want to have a log of packets proxied to a home<br> # server, un-comment the following line, and the<br> # 'detail pre_proxy_log' section, above.<br># pre_proxy_log<br>}<br><br>#<br># When the server
receives a reply to a request it proxied<br># to a home server, the request may be massaged here, in the<br># post-proxy stage.<br>#<br>post-proxy {<br><br> # If you want to have a log of replies from a home server,<br> # un-comment the following line, and the 'detail post_proxy_log'<br> # section, above.<br># post_proxy_log<br><br># attr_rewrite<br><br> # Uncomment the following line if you want to filter replies from<br> # remote proxies based on the rules defined in the 'attrs' file.<br><br># attr_filter<br><br> #<br> # If you
are proxying LEAP, you MUST configure the EAP<br> # module, and you MUST list it here, in the post-proxy<br> # stage.<br> #<br> # You MUST also use the 'nostrip' option in the 'realm'<br> # configuration. Otherwise, the User-Name attribute<br> # in the proxied request will not match the user name<br> # hidden inside of the EAP packet, and the end server will<br> # reject the EAP request.<br> #<br> eap<br>}<br>[root@radius ~]#<br><br><br><br><b><i>tnt@kalik.co.yu</i></b> wrote:<blockquote class="replbq"
style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"> Something to do with Simultaneous-Use. But without config etc. ...<br><br>Ivan Kalik<br>Kalik Informatika ISP<br><br><br>Dana 6/3/2007, "satish patel" <linuxtrap@yahoo.co.in> pi¹e:<br><br>>what is the errror i have useing freeradius + MSSQL<br>><br>><br>>Tue Mar 6 17:22:34 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 761)<br>>Tue Mar 6 17:22:35 2007 : Auth: Multiple logins (max 1) : [mlpm173/<CHAP-Password>] (from client cisco port 528)<br>>Tue Mar 6 17:22:36 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/<CHAP-Password>] (from client cisco port 290)<br>>Tue Mar 6 17:22:37 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 242)<br>>Tue Mar 6 17:22:38 2007 : Auth: Multiple logins (max 1) : [mlpm173/<CHAP-Password>] (from client cisco port 1004)<br>>Tue Mar 6 17:22:38
2007 : Auth: Multiple logins (max 1) : [mlpm268/<CHAP-Password>] (from client cisco port 1101)<br>>Tue Mar 6 17:22:39 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 851)<br>>Tue Mar 6 17:22:39 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/<CHAP-Password>] (from client cisco port 1012)<br>>Tue Mar 6 17:22:41 2007 : Auth: Multiple logins (max 1) : [mlpm173/<CHAP-Password>] (from client cisco port 780)<br>>Tue Mar 6 17:22:41 2007 : Auth: Multiple logins (max 1) : [mlpm268/<CHAP-Password>] (from client cisco port 670)<br>>Tue Mar 6 17:22:42 2007 : Auth: Multiple logins (max 1) : [mlpm629/<CHAP-Password>] (from client cisco port 303)<br>>Tue Mar 6 17:22:43 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 826)<br>>Tue Mar 6 17:22:43 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/<CHAP-Password>] (from client cisco port 964)<br>>Tue Mar
6 17:22:44 2007 : Auth: Multiple logins (max 1) : [mlpm268/<CHAP-Password>] (from client cisco port 690)<br>>Tue Mar 6 17:22:44 2007 : Auth: Multiple logins (max 1) : [mlpm173/<CHAP-Password>] (from client cisco port 147)<br>>Tue Mar 6 17:22:46 2007 : Auth: Multiple logins (max 1) : [mlpm138/<CHAP-Password>] (from client cisco port 150)<br>>Tue Mar 6 17:22:49 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 83)<br>>Tue Mar 6 17:22:50 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/<CHAP-Password>] (from client cisco port 1091)<br>>Tue Mar 6 17:22:51 2007 : Auth: Multiple logins (max 1) : [mlpm268/<CHAP-Password>] (from client cisco port 1002)<br>>Tue Mar 6 17:22:52 2007 : Auth: Multiple logins (max 1) : [mlpm629/<CHAP-Password>] (from client cisco port 1023)<br>>Tue Mar 6 17:22:52 2007 : Auth: Multiple logins (max 1) : [rdoptm/tulip] (from client cisco port 687)<br>>Tue Mar 6 17:22:54
2007 : Auth: Multiple logins (max 1) : [mlpm532/<CHAP-Password>] (from client cisco port 693)<br>>Tue Mar 6 17:22:55 2007 : Auth: Multiple logins (max 1) : [mlpm143/akshaya] (from client cisco port 94)<br>>Tue Mar 6 17:22:59 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/<CHAP-Password>] (from client cisco port 713)<br>>Tue Mar 6 17:23:00 2007 : Auth: Multiple logins (max 1) : [mlpm173/<CHAP-Password>] (from client cisco port 647)<br>>Tue Mar 6 17:23:05 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mlpm138/<CHAP-Password>] (from client cisco port 646)<br>>Tue Mar 6 17:23:05 2007 : Auth: Multiple logins (max 1) : [mlpm143/akshaya] (from client cisco port 958)<br>>Tue Mar 6 17:23:07 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/<CHAP-Password>] (from client cisco port 98)<br>>Tue Mar 6 17:23:09 2007 : Auth: Login incorrect (rlm_chap: Wrong user password):
[mlpm138/<CHAP-Password>] (from client cisco port 600)<br>>Tue Mar 6 17:23:11 2007 : Auth: Multiple logins (max 1) : [mlpm085/<CHAP-Password>] (from client cisco port 894)<br>>Tue Mar 6 17:23:11 2007 : Auth: Login incorrect (rlm_chap: Wrong user password): [mesmedical/<CHAP-Password>] (from client cisco port 7<br>><br>><br>>$ cat ~/satish/url.txt<br>><br>>System administrator ( Data Center )<br>><br>>please visit this site<br>><br>>http://linux.tulipit.com<br>><br>>---------------------------------<br>> Here’s a new way to find what you're looking for - Yahoo! Answers<br>><br><br>- <br>List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html<br></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></CHAP-Password></linuxtrap@yahoo.co.in></blockquote><br><BR><BR>$ cat ~/satish/url.txt<br><br>System administrator ( Data Center )<br><br>please visit this site<br><br>http://linux.tulipit.com <p>
<hr size=1></hr>
Here’s a new way to find what you're looking for - <a href="http://us.rd.yahoo.com/mail/in/yanswers/*http://in.answers.yahoo.com/">Yahoo! Answers</a>