authentetication with mysql and NAS type= other
Dear All, i installed FR v 2.1.2 and mysql 5.1.55. user database is in mysql DB. 1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working. 2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file. what can be a problem? thanks. -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... Sent from the FreeRadius - User mailing list archive at Nabble.com.
tolik_shavlovsky@mail.ru wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok.
here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <ml-node+s1045715n5055831h52@n5.nabble.com>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... Sent from the FreeRadius - User mailing list archive at Nabble.com.
The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org] On Behalf Of tolik_shavlovsky@mail.ru Sent: Wednesday, December 07, 2011 10:05 AM To: freeradius-users@lists.freeradius.org Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5055921&i=0> >: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[2]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055921.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com.
[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli )======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <ml-node+s1045715n5055966h37@n5.nabble.com>: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[2]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... Sent from the FreeRadius - User mailing list archive at Nabble.com.
On Wed, Dec 7, 2011 at 11:02 PM, tolik_shavlovsky@mail.ru <tolik_shavlovsky@mail.ru> wrote:
SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id
SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority
What do you get when you execute those two queries in mysql directly?
[sql] User KeepAliveUserNameAndPassword not found
the sql module says the user is not found. It doesn't lie.
======================================= login and password are correct!
And how did you know that? Did you setup the tables correctly? Hint: execute those two queries above. -- Fajar
Hi, mysql> use freeradius; Database changed mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 1 | user | Password | == | user | | 3 | test@wimax.com | Cleartext-Password | := | test | | 5 | test1@wimax.com | Cleartext-Password | := | test | | 10 | user | Simultaneous-Use | := | 1 | | 8 | test@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data | | 9 | test1@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data | +----+-----------------+--------------------+----+------------------+ user is for WiFi test and tes1 is for WimAX. all usernames are authenticated for WiFi. Wimax cannot. I don't know why it uses username = 'KeepAliveUserNameAndPassword', like in the debug?? when i used users file in FR with the same usernames, it was ok. I really use same usernames for auth in my Wimax CPEs. 07 декабря 2011, 20:17 от "Fajar A. Nugraha" <list@fajar.net>:
On Wed, Dec 7, 2011 at 11:02 PM, tolik_shavlovsky@mail.ru <tolik_shavlovsky@mail.ru> wrote:
SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id
SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority
What do you get when you execute those two queries in mysql directly?
[sql] User KeepAliveUserNameAndPassword not found
the sql module says the user is not found. It doesn't lie.
======================================= login and password are correct!
And how did you know that? Did you setup the tables correctly? Hint: execute those two queries above.
-- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
2011/12/8 Толик Шавловский <tolik_shavlovsky@mail.ru>:
Hi,
mysql> use freeradius; Database changed mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 1 | user | Password | == | user | | 3 | test@wimax.com | Cleartext-Password | := | test | | 5 | test1@wimax.com | Cleartext-Password | := | test | | 10 | user | Simultaneous-Use | := | 1 | | 8 | test@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data | | 9 | test1@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data | +----+-----------------+--------------------+----+------------------+
There's no user called 'KeepAliveUserNameAndPassword'
Wimax cannot. I don't know why it uses username = 'KeepAliveUserNameAndPassword', like in the debug??
Because the NAS sends it. If you think it shouldn't, examine the NAS config. Or ask the NAS vendor. The log doesn't lie. Did you ACTUALLY test authentication with a client connecting to the NAS? Or did you just start up FR in debug mode and hope there would be a packet from the NAS? -- Fajar
Толик Шавловский wrote:
Hi,
mysql> use freeradius; Database changed mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 1 | user | Password | == | user |
Change that to "Cleartext-Password" and ":=", like the other entries.
all usernames are authenticated for WiFi.
Wimax cannot.
Post the debug output for WiMAX. Honestly, I don't see why *anyone* needs to be told this. Alan DeKok.
oh, sorry.... but that username could be authenticated) mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 11 | user | Cleartext-Password | := | user | | 3 | test@wimax.com | Cleartext-Password | := | test | | 5 | test1@wimax.com | Cleartext-Password | := | test | | 10 | user | Simultaneous-Use | := | 1 | | 8 | test@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data | | 9 | test1@wimax.com | Framed-Filter-Id | := | SP=data:MSF=data | +----+-----------------+--------------------+----+------------------+ 08 декабря 2011, 11:51 от "Alan DeKok-2 [via FreeRadius]" <ml-node+s1045715n5057987h88@n5.nabble.com>: Толик Шавловский wrote:
Hi,
mysql> use freeradius; Database changed mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 1 | user | Password | == | user |
Change that to "Cleartext-Password" and ":=", like the other entries.
all usernames are authenticated for WiFi.
Wimax cannot.
Post the debug output for WiMAX. Honestly, I don't see why *anyone* needs to be told this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Hi, regarding Semulteneous-Use issue: I use cisco NAS, usernames 'user' ============ ad_recv: Accounting-Request packet from host 10.169.33.11 port 1646, id=85, length=323 Acct-Session-Id = "00003306" Called-Station-Id = "0013.1a08.9340" Calling-Station-Id = "0013.e8f4.3f0d" Cisco-AVPair = "ssid=HAYATT" Cisco-AVPair = "vlan-id=55" Cisco-AVPair = "nas-location=unspecified" Cisco-AVPair = "auth-algo-type=eap-peap" User-Name = "user" Acct-Authentic = RADIUS Cisco-AVPair = "connect-progress=Call Up" Acct-Session-Time = 1 Acct-Input-Octets = 284 Acct-Output-Octets = 485 Acct-Input-Packets = 5 Acct-Output-Packets = 6 Acct-Terminate-Cause = Lost-Carrier Cisco-AVPair = "disc-cause-ext=No Reason" Acct-Status-Type = Stop NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "13257" NAS-Port = 13257 Service-Type = Framed-User NAS-IP-Address = 10.169.33.11 Acct-Delay-Time = 15 # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 13257,Client-IP-Address = 10.169.33.11,NAS-IP-Address = 10.169.33.11,Acct-Session-Id = "00003306",User-Name = "user"' [acct_unique] Acct-Unique-Session-ID = "f879723bff47e643". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.169.33.11/detail-20111207 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.169.33.11/detail-20111207 [detail] expand: %t -> Wed Dec 7 10:17:11 2011 ++[detail] returns ok ++[unix] returns fail Finished request 83. Cleaning up request 83 ID 85 with timestamp +189 Going to the next request Waking up in 4.8 seconds. rad_recv: Accounting-Request packet from host 10.169.33.11 port 1646, id=86, length=224 Acct-Session-Id = "00003308" Called-Station-Id = "0013.1a08.9340" Calling-Station-Id = "0013.e8f4.3f0d" Cisco-AVPair = "ssid=HAYATT" Cisco-AVPair = "vlan-id=55" Cisco-AVPair = "nas-location=unspecified" User-Name = "user" Cisco-AVPair = "connect-progress=Call Up" Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "13258" NAS-Port = 13258 Service-Type = Framed-User NAS-IP-Address = 10.169.33.11 Acct-Delay-Time = 15 # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 13258,Client-IP-Address = 10.169.33.11,NAS-IP-Address = 10.169.33.11,Acct-Session-Id = "00003308",User-Name = "user"' [acct_unique] Acct-Unique-Session-ID = "45341f9e68e705da". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.169.33.11/detail-20111207 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.169.33.11/detail-20111207 [detail] expand: %t -> Wed Dec 7 10:17:11 2011 ++[detail] returns ok ++[unix] returns fail Finished request 84. Cleaning up request 84 ID 86 with timestamp +189 Going to the next request Waking up in 4.3 seconds. Cleaning up request 82 ID 226 with timestamp +188 Ready to process requests. rad_recv: Accounting-Request packet from host 10.169.33.11 port 1646, id=87, length=323 Acct-Session-Id = "00003308" Called-Station-Id = "0013.1a08.9340" Calling-Station-Id = "0013.e8f4.3f0d" Cisco-AVPair = "ssid=HAYATT" Cisco-AVPair = "vlan-id=55" Cisco-AVPair = "nas-location=unspecified" Cisco-AVPair = "auth-algo-type=eap-peap" User-Name = "user" Acct-Authentic = RADIUS Cisco-AVPair = "connect-progress=Call Up" Acct-Session-Time = 41 Acct-Input-Octets = 310 Acct-Output-Octets = 509 Acct-Input-Packets = 6 Acct-Output-Packets = 7 Acct-Terminate-Cause = Lost-Carrier Cisco-AVPair = "disc-cause-ext=No Reason" Acct-Status-Type = Stop NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "13258" NAS-Port = 13258 Service-Type = Framed-User NAS-IP-Address = 10.169.33.11 Acct-Delay-Time = 0 # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 13258,Client-IP-Address = 10.169.33.11,NAS-IP-Address = 10.169.33.11,Acct-Session-Id = "00003308",User-Name = "user"' [acct_unique] Acct-Unique-Session-ID = "45341f9e68e705da". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.169.33.11/detail-20111207 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.169.33.11/detail-20111207 [detail] expand: %t -> Wed Dec 7 10:17:36 2011 ++[detail] returns ok ++[unix] returns fail Finished request 85. Cleaning up request 85 ID 87 with timestamp +214 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.169.33.11 port 1646, id=88, length=323 Acct-Session-Id = "00003308" Called-Station-Id = "0013.1a08.9340" Calling-Station-Id = "0013.e8f4.3f0d" Cisco-AVPair = "ssid=HAYATT" Cisco-AVPair = "vlan-id=55" Cisco-AVPair = "nas-location=unspecified" Cisco-AVPair = "auth-algo-type=eap-peap" User-Name = "user" Acct-Authentic = RADIUS Cisco-AVPair = "connect-progress=Call Up" Acct-Session-Time = 41 Acct-Input-Octets = 310 Acct-Output-Octets = 509 Acct-Input-Packets = 6 Acct-Output-Packets = 7 Acct-Terminate-Cause = Lost-Carrier Cisco-AVPair = "disc-cause-ext=No Reason" Acct-Status-Type = Stop NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "13258" NAS-Port = 13258 Service-Type = Framed-User NAS-IP-Address = 10.169.33.11 Acct-Delay-Time = 5 # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 13258,Client-IP-Address = 10.169.33.11,NAS-IP-Address = 10.169.33.11,Acct-Session-Id = "00003308",User-Name = "user"' [acct_unique] Acct-Unique-Session-ID = "45341f9e68e705da". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.169.33.11/detail-20111207 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.169.33.11/detail-20111207 [detail] expand: %t -> Wed Dec 7 10:17:41 2011 ++[detail] returns ok ++[unix] returns fail Finished request 86. Cleaning up request 86 ID 88 with timestamp +219 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.169.33.11 port 1646, id=89, length=323 Acct-Session-Id = "00003308" Called-Station-Id = "0013.1a08.9340" Calling-Station-Id = "0013.e8f4.3f0d" Cisco-AVPair = "ssid=HAYATT" Cisco-AVPair = "vlan-id=55" Cisco-AVPair = "nas-location=unspecified" Cisco-AVPair = "auth-algo-type=eap-peap" User-Name = "user" Acct-Authentic = RADIUS Cisco-AVPair = "connect-progress=Call Up" Acct-Session-Time = 41 Acct-Input-Octets = 310 Acct-Output-Octets = 509 Acct-Input-Packets = 6 Acct-Output-Packets = 7 Acct-Terminate-Cause = Lost-Carrier Cisco-AVPair = "disc-cause-ext=No Reason" Acct-Status-Type = Stop NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "13258" NAS-Port = 13258 Service-Type = Framed-User NAS-IP-Address = 10.169.33.11 Acct-Delay-Time = 10 # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 13258,Client-IP-Address = 10.169.33.11,NAS-IP-Address = 10.169.33.11,Acct-Session-Id = "00003308",User-Name = "user"' [acct_unique] Acct-Unique-Session-ID = "45341f9e68e705da". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.169.33.11/detail-20111207 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.169.33.11/detail-20111207 [detail] expand: %t -> Wed Dec 7 10:17:46 2011 ++[detail] returns ok ++[unix] returns fail Finished request 87. Cleaning up request 87 ID 89 with timestamp +224 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.169.33.11 port 1646, id=90, length=323 Acct-Session-Id = "00003308" Called-Station-Id = "0013.1a08.9340" Calling-Station-Id = "0013.e8f4.3f0d" Cisco-AVPair = "ssid=HAYATT" Cisco-AVPair = "vlan-id=55" Cisco-AVPair = "nas-location=unspecified" Cisco-AVPair = "auth-algo-type=eap-peap" User-Name = "user" Acct-Authentic = RADIUS Cisco-AVPair = "connect-progress=Call Up" Acct-Session-Time = 41 Acct-Input-Octets = 310 Acct-Output-Octets = 509 Acct-Input-Packets = 6 Acct-Output-Packets = 7 Acct-Terminate-Cause = Lost-Carrier Cisco-AVPair = "disc-cause-ext=No Reason" Acct-Status-Type = Stop NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "13258" NAS-Port = 13258 Service-Type = Framed-User NAS-IP-Address = 10.169.33.11 Acct-Delay-Time = 15 # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 13258,Client-IP-Address = 10.169.33.11,NAS-IP-Address = 10.169.33.11,Acct-Session-Id = "00003308",User-Name = "user"' [acct_unique] Acct-Unique-Session-ID = "45341f9e68e705da". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "user", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.169.33.11/detail-20111207 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.169.33.11/detail-20111207 [detail] expand: %t -> Wed Dec 7 10:17:51 2011 ++[detail] returns ok ++[unix] returns fail Finished request 88. Cleaning up request 88 ID 90 with timestamp +229 Going to the next request Ready to process requests. =========================== simulteneous-use not working(( mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 11 | user | Cleartext-Password | := | user | | 3 | [hidden email] | Cleartext-Password | := | test | | 5 | [hidden email] | Cleartext-Password | := | test | | 10 | user | Simultaneous-Use | := | 1 | | 8 | [hidden email] | Framed-Filter-Id | := | SP=data:MSF=data | | 9 | [hidden email] | Framed-Filter-Id | := | SP=data:MSF=data | +----+-----------------+--------------------+----+------------------+ 08 декабря 2011, 11:59 от "tolik_shavlovsky@mail.ru" <tolik_shavlovsky@mail.ru>: oh, sorry.... but that username could be authenticated) mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 11 | user | Cleartext-Password | := | user | | 3 | [hidden email] | Cleartext-Password | := | test | | 5 | [hidden email] | Cleartext-Password | := | test | | 10 | user | Simultaneous-Use | := | 1 | | 8 | [hidden email] | Framed-Filter-Id | := | SP=data:MSF=data | | 9 | [hidden email] | Framed-Filter-Id | := | SP=data:MSF=data | +----+-----------------+--------------------+----+------------------+ 08 декабря 2011, 11:51 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: Толик Шавловский wrote:
Hi,
mysql> use freeradius; Database changed mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 1 | user | Password | == | user |
Change that to "Cleartext-Password" and ":=", like the other entries.
all usernames are authenticated for WiFi.
Wimax cannot.
Post the debug output for WiMAX. Honestly, I don't see why *anyone* needs to be told this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[2]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hey Alan, I responded off list by accident but his real problem is that his Framed-Filter-Id is not formatted properly for his NAS. David From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org] On Behalf Of tolik_shavlovsky@mail.ru Sent: Thursday, December 08, 2011 2:58 AM To: freeradius-users@lists.freeradius.org Subject: Re[2]: authentetication with mysql and NAS type= other oh, sorry.... but that username could be authenticated) mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 11 | user | Cleartext-Password | := | user | | 3 | [hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5058005&i=0> | Cleartext-Password | := | test | | 5 | [hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5058005&i=1> | Cleartext-Password | := | test | | 10 | user | Simultaneous-Use | := | 1 | | 8 | [hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5058005&i=2> | Framed-Filter-Id | := | SP=data:MSF=data | | 9 | [hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5058005&i=3> | Framed-Filter-Id | := | SP=data:MSF=data | +----+-----------------+--------------------+----+------------------+ 08 декабря 2011, 11:51 от "Alan DeKok-2 [via FreeRadius]" <[hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5058005&i=4> >: Толик Шавловский wrote:
Hi,
mysql> use freeradius; Database changed mysql> select * from radcheck; +----+-----------------+--------------------+----+------------------+ | id | username | attribute | op | value | +----+-----------------+--------------------+----+------------------+ | 1 | user | Password | == | user |
Change that to "Cleartext-Password" and ":=", like the other entries.
all usernames are authenticated for WiFi.
Wimax cannot.
Post the debug output for WiMAX. Honestly, I don't see why *anyone* needs to be told this. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[2]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5058005.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com.
I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like david@wimax.com David From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org] On Behalf Of tolik_shavlovsky@mail.ru Sent: Wednesday, December 07, 2011 11:03 AM To: freeradius-users@lists.freeradius.org Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) ======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5056103&i=0> >: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[2]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055921.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[4]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5056103.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com.
David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like 97697696@wimax.com So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <ml-node+s1045715n5056216h87@n5.nabble.com>: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) ======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[2]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[4]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified. The 4-Motion product is fully WiMax certified as you point out. WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel. If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication. David From: freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org [mailto:freeradius-users-bounces+david.peterson=acc-corp.net@lists.freeradius.org] On Behalf Of tolik_shavlovsky@mail.ru Sent: Thursday, December 08, 2011 2:34 AM To: freeradius-users@lists.freeradius.org Subject: Re[6]: authentetication with mysql and NAS type= other David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5057918&i=0> So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <[hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5057918&i=1> >: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) ======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[2]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055921.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[4]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5056103.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[6]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5057918.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com.
how can i see inner-tunnel portion? from debug? so, u didn't answer, how did u know it was extreme?) 08 декабря 2011, 16:20 от "David Peterson-19 [via FreeRadius]" <ml-node+s1045715n5058598h29@n5.nabble.com>: Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified. The 4-Motion product is fully WiMax certified as you point out. WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel. If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Thursday, December 08, 2011 2:34 AM To: [hidden email] Subject: Re[6]: authentetication with mysql and NAS type= other David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email] So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) ======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[2]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[4]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[6]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... Sent from the FreeRadius - User mailing list archive at Nabble.com.
I am a certified Alvarion CASS trainer. I know the product by heart. David From: freeradius-users-bounces+davidp=wirelessconnections.net@lists.freeradius.org [mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freeradius.org] On Behalf Of tolik_shavlovsky@mail.ru Sent: Thursday, December 08, 2011 4:11 PM To: freeradius-users@lists.freeradius.org Subject: Re[8]: authentetication with mysql and NAS type= other how can i see inner-tunnel portion? from debug? so, u didn't answer, how did u know it was extreme?) 08 декабря 2011, 16:20 от "David Peterson-19 [via FreeRadius]" <[hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5060105&i=0> >: Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified. The 4-Motion product is fully WiMax certified as you point out. WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel. If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Thursday, December 08, 2011 2:34 AM To: [hidden email] Subject: Re[6]: authentetication with mysql and NAS type= other David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email] So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) ======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[2]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055921.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[4]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5056103.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[6]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5057918.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[8]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5060105.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com.
Really))) can u open the secret, what is the difference between extreme and 4M requests? 09 декабря 2011, 01:44 от "David Peterson-19 [via FreeRadius]" <ml-node+s1045715n5060170h61@n5.nabble.com>: I am a certified Alvarion CASS trainer. I know the product by heart. David From: freeradius-users-bounces+davidp=[hidden email] [mailto:freeradius-users-bounces+davidp=[hidden email]] On Behalf Of [hidden email] Sent: Thursday, December 08, 2011 4:11 PM To: [hidden email] Subject: Re[8]: authentetication with mysql and NAS type= other how can i see inner-tunnel portion? from debug? so, u didn't answer, how did u know it was extreme?) 08 декабря 2011, 16:20 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified. The 4-Motion product is fully WiMax certified as you point out. WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel. If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Thursday, December 08, 2011 2:34 AM To: [hidden email] Subject: Re[6]: authentetication with mysql and NAS type= other David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email] So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) ======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[2]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[4]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[6]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML ---------------------------------------------------------------------- View this message in context: Re[8]: authentetication with mysql and NAS type= other Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ---------------------------------------------------------------------- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... Sent from the FreeRadius - User mailing list archive at Nabble.com.
Sure, send me an email off list as this conversation is not appropriate for the list. davidp@wirelessconnections.net David From: freeradius-users-bounces+davidp=wirelessconnections.net@lists.freeradius.org [mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freeradius.org] On Behalf Of tolik_shavlovsky@mail.ru Sent: Friday, December 09, 2011 2:46 AM To: freeradius-users@lists.freeradius.org Subject: Re[10]: authentetication with mysql and NAS type= other Really))) can u open the secret, what is the difference between extreme and 4M requests? 09 декабря 2011, 01:44 от "David Peterson-19 [via FreeRadius]" <[hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5060945&i=0> >: I am a certified Alvarion CASS trainer. I know the product by heart. David From: freeradius-users-bounces+davidp=[hidden email] [mailto:freeradius-users-bounces+davidp=[hidden email]] On Behalf Of [hidden email] Sent: Thursday, December 08, 2011 4:11 PM To: [hidden email] Subject: Re[8]: authentetication with mysql and NAS type= other how can i see inner-tunnel portion? from debug? so, u didn't answer, how did u know it was extreme?) 08 декабря 2011, 16:20 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified. The 4-Motion product is fully WiMax certified as you point out. WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel. If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Thursday, December 08, 2011 2:34 AM To: [hidden email] Subject: Re[6]: authentetication with mysql and NAS type= other David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email] So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) ======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[2]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055921.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[4]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5056103.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[6]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5057918.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[8]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5060105.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[10]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5060945.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com.
Yes you can see the inner-tunnel by running: Radius-server> radiusd –Xxx David From: freeradius-users-bounces+davidp=wirelessconnections.net@lists.freeradius.org [mailto:freeradius-users-bounces+davidp=wirelessconnections.net@lists.freeradius.org] On Behalf Of tolik_shavlovsky@mail.ru Sent: Thursday, December 08, 2011 4:11 PM To: freeradius-users@lists.freeradius.org Subject: Re[8]: authentetication with mysql and NAS type= other how can i see inner-tunnel portion? from debug? so, u didn't answer, how did u know it was extreme?) 08 декабря 2011, 16:20 от "David Peterson-19 [via FreeRadius]" <[hidden email] <http://e.mail.ru/user/SendEmail.jtp?type=node&node=5060105&i=0> >: Actually the 5.x GHz Extreme product is a fully 16e protocol, just not WiMax certified. The 4-Motion product is fully WiMax certified as you point out. WiMax as a protocol uses EAP-TTLS/TLS and does not send the username in the outer tunnel. If you watch the debug you will see the username unencrypted in the inner-tunnel portion of the authentication. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Thursday, December 08, 2011 2:34 AM To: [hidden email] Subject: Re[6]: authentetication with mysql and NAS type= other David, usually Alvarion WIMAX 802.16 is 4M products. Extreme is 802.16 standard but for nonWiMAX band = 5 GHz. All Alvarion hexes username, like [hidden email] So, you just gess it was Extreme?)) 07 декабря 2011, 20:33 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: I know it’s Extreme because we sell Alvarion WiMax for all of North America J Keepaliveusernameandpassword is a generic request coming from the BTS which can either be accepted or denied. Either response is fine. The Extreme uses EAP-TTLS as does all WiMax so the username should be something like [hidden email] David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 11:03 AM To: [hidden email] Subject: Re[4]: authentetication with mysql and NAS type= other [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:57:06 2011 ++[detail] returns ok ++[unix] returns fail Finished request 247. Cleaning up request 247 ID 56 with timestamp +1802 Going to the next request Ready to process requests. rad_recv: Access-Request packet from host 10.152.98.23 port 49154, id=177, length=181 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Message-Authenticator = 0x892bc16577cd6753b2a7e0c0a3499523 Acct-Session-Id = "KeepAliveSessionId" User-Password = "KeepAliveUserNameAndPassword" # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default +- entering group authorize {...} ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop ++[digest] returns noop [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop [sql] expand: %{User-Name} -> KeepAliveUserNameAndPassword [sql] sql_set_user escaped user --> 'KeepAliveUserNameAndPassword' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'KeepAliveUserNameAndPassword' ORDER BY priority rlm_sql (sql): Released sql socket id: 3 [sql] User KeepAliveUserNameAndPassword not found ++[sql] returns notfound ++[expiration] returns noop ++[logintime] returns noop [pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. ++[pap] returns noop ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Login incorrect: [KeepAliveUserNameAndPassword/KeepAliveUserNameAndPassword] (from client 10.152.98.23/16 port 0 cli ) ======================================= login and password are correct! ow did you jnow that its extreme& by NAS identifirer? 07 декабря 2011, 19:16 от "David Peterson-19 [via FreeRadius]" <[hidden email]>: The only requests I see are User-Name = "KeepAliveUserNameAndPassword" This is just a keep-alive packet all Alvarion Extreme base stations send out. I do not see the CPE attempting to authenticate. David From: freeradius-users-bounces+david.peterson=[hidden email] [mailto:freeradius-users-bounces+david.peterson=[hidden email]] On Behalf Of [hidden email] Sent: Wednesday, December 07, 2011 10:05 AM To: [hidden email] Subject: Re[2]: authentetication with mysql and NAS type= other here is debug: ad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:07 2011 ++[detail] returns ok ++[unix] returns fail Finished request 98. Cleaning up request 98 ID 10 with timestamp +570 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=10, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 16:59:12 2011 ++[detail] returns ok ++[unix] returns fail Finished request 99. Cleaning up request 99 ID 10 with timestamp +575 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:17 2011 ++[detail] returns ok ++[unix] returns fail Finished request 100. Cleaning up request 100 ID 11 with timestamp +640 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:22 2011 ++[detail] returns ok ++[unix] returns fail Finished request 101. Cleaning up request 101 ID 11 with timestamp +645 Going to the next request Ready to process requests. rad_recv: Accounting-Request packet from host 10.152.98.23 port 49157, id=11, length=135 User-Name = "KeepAliveUserNameAndPassword" NAS-IP-Address = 10.152.98.23 NAS-Port-Type = Wireless-802.16 NAS-Port = 0 Calling-Station-Id = "\000\000\000\000\000" NAS-Identifier = "000000001137128000" WiMAX-GMT-Timezone-offset = 0 Acct-Status-Type = Stop Acct-Session-Id = "KeepAliveSessionId" # Executing section preacct from file /usr/local/etc/raddb/sites-enabled/default +- entering group preacct {...} ++[preprocess] returns ok [acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address = 10.152.98.23,NAS-IP-Address = 10.152.98.23,Acct-Session-Id = "KeepAliveSessionId",User-Name = "KeepAliveUserNameAndPassword"' [acct_unique] Acct-Unique-Session-ID = "d83a716ff7f93aa5". ++[acct_unique] returns ok [suffix] No '@' in User-Name = "KeepAliveUserNameAndPassword", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop ++[files] returns noop # Executing section accounting from file /usr/local/etc/raddb/sites-enabled/default +- entering group accounting {...} [detail] expand: /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d -> /var/log/radacct/10.152.98.23/detail-20111206 [detail] /var/log/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /var/log/radacct/10.152.98.23/detail-20111206 [detail] expand: %t -> Tue Dec 6 17:00:27 2011 ++[detail] returns ok ++[unix] returns fail Finished request 102. Cleaning up request 102 ID 11 with timestamp +650 Going to the next request Ready to process requests. 07 декабря 2011, 18:37 от "Alan DeKok-2 [via FreeRadius]" <[hidden email]>: [hidden email] wrote:
1. I was lucky to auth Wifi users via cisco AP (NAS type cisco). but Simulteneous-Use is not working.
See the FAQ for "it doesn't work"
2. my wimax users (vendor Alvarion) cannot authenticate. Althou, i can authenticate them from users file.
Without the debug log, it's impossible to know.
what can be a problem?
You didn't follow the existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[2]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5055921.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[4]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5056103.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[6]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5057918.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html _____ If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-... To unsubscribe from authentetication with mysql and NAS type= other, click here. <http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.InstantMailNamespace&breadcrumbs=instant+emails%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml> NAML _____ View this message in context: Re[8]: authentetication with mysql and NAS type= other <http://freeradius.1045715.n5.nabble.com/authentetication-with-mysql-and-NAS-type-other-tp5055689p5060105.html> Sent from the FreeRadius - User mailing list archive <http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html> at Nabble.com.
participants (5)
-
Alan DeKok -
David Peterson -
Fajar A. Nugraha -
tolik_shavlovsky@mail.ru -
Толик Шавловский