|

»

»

FreeRadius - User

A couple of questions PoPToP+FreeRadius+IAS

View: New views

8 Messages — Rating Filter: Alert me

	A couple of questions PoPToP+FreeRadius+IAS by Marxy :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message My configuration is: [poptop pptpd & pppd]----[freeradius]-----[Microsoft IAS]----[ADS] pptpd is 1.3.3 pppd is 2.4.4 freeradius is 1.1.3 Clients go from internet, make auth via MS IAS, but accounting does freeradius. All seems good. Clients go OK. Auth and accounting seems OK too. But, I have couple of questions 1. Accounting of Calling-station-id returns only first 4 characters of user's IP address. I noticed that if some user enters using his remote IP like 77.122.215.143 the record of his Calling-Station-Id would be Calling-Station-Id = "1.77" which are first 4 symbols of IP address in back order. What's goin' wrong? I suppose that calling-station-id should be whole IP address. 2. Radius does not understand some attributes from client. a) Jan 14 12:37:14 shata pppd[25046]: rc_avpair_gen: received unknown attribute 25 of length 30: 0x333B04270000013700010A00001701C735C490B2116B000000000000014C b) Jan 11 22:29:02 shata pppd[19185]: RADIUS: wrong service type 4 for user21 But I know that these are VALUE Service-Type Dialback-Framed-User 4 and ATTRIBUTE MS-CHAP2-Response 25 octets as they are written in the dictionary file. For the first case users can not login. Radius refuse them by wrong service type. In second case users login OK but I what to know why there is error anyway. What is wrong here? Thank for replies, --- Oleg.
	RE : A couple of questions PoPToP+FreeRadius+IAS by Thibault LE MEUR :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > 2. Radius does not understand some attributes from client. > a) Jan 14 12:37:14 shata pppd[25046]: rc_avpair_gen: received > unknown attribute 25 of length 30: > 0x333B04270000013700010A00001701C735C490B2116B000000000000014C > b) Jan 11 22:29:02 shata pppd[19185]: RADIUS: wrong service > type 4 for user21 > > But I know that these are > > VALUE Service-Type Dialback-Framed-User 4 > > and > > ATTRIBUTE MS-CHAP2-Response 25 octets > > as they are written in the dictionary file. There must be a mistake in your /etc/radiusclient/dictionary file. Check that you use a 'INCLUDE /etc/radiusclient/dictionary.microsoft' line and not a '$INCLUDE /etc/radiusclient/dictionary.microsoft' Check also the permissions ont he dictionary files. HTH, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
	Re: A couple of questions PoPToP+FreeRadius+IAS by Alan DeKok-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Marxy wrote: > 1. Accounting of Calling-station-id returns only first 4 characters of > user's IP address. If that's what the RADIUS client is sending, then the only solution is to fix the client so it sends the correct information. > 2. Radius does not understand some attributes from client. > a) Jan 14 12:37:14 shata pppd[25046]: rc_avpair_gen: received unknown > attribute 25 of length 30: > 0x333B04270000013700010A00001701C735C490B2116B000000000000014C > b) Jan 11 22:29:02 shata pppd[19185]: RADIUS: wrong service type 4 for > user21 The client doesn't understand the response of the server. Again, the only solution is to fix the client. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
	Re: RE : A couple of questions PoPToP+FreeRadius+IAS by Marxy :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message It seems no mistakes in dictionary file. It is standard one from RH distribution. BTW, freeradius use $INCLUDE, not INCLUDE as you advised. With INCLUDE you will see something like ---------------------- Wed Jan 17 14:48:41 2007 : Error: Errors reading dictionary: dict_init: /etc/raddb/dictionary[14] invalid keyword "INCLUDE" ---------------------- Thibault LE MEUR wrote: There must be a mistake in your /etc/radiusclient/dictionary file. Check that you use a 'INCLUDE /etc/radiusclient/dictionary.microsoft' line and not a '$INCLUDE /etc/radiusclient/dictionary.microsoft' Check also the permissions ont he dictionary files.
	Re: A couple of questions PoPToP+FreeRadius+IAS by Marxy :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Alan DeKok-4 wrote: Marxy wrote: > 1. Accounting of Calling-station-id returns only first 4 characters of > user's IP address. If that's what the RADIUS client is sending, then the only solution is to fix the client so it sends the correct information. My radius client is standard radiusclient software. But it seems no settings for that in its /etc/radiusclient/radiusclient.conf Alan DeKok-4 wrote: > 2. Radius does not understand some attributes from client. > a) Jan 14 12:37:14 shata pppd[25046]: rc_avpair_gen: received unknown > attribute 25 of length 30: The client doesn't understand the response of the server. Again, the only solution is to fix the client. Yes. You are quite right. I add missing attributes to radiusclient dictionary file. ATTRIBUTE MS-CHAP2-Response 25 string ATTRIBUTE Acct-Input-Packets 47 integer ATTRIBUTE Acct-Output-Packets 48 integer And this problem has gone. Alan DeKok-4 wrote: > 0x333B04270000013700010A00001701C735C490B2116B000000000000014C > b) Jan 11 22:29:02 shata pppd[19185]: RADIUS: wrong service type 4 for > user21 The line that describes service-type 4 was already in radiusclient dictionary file VALUE Service-Type Callback-Framed-User 4 But it does not help.
	RE : RE : A couple of questions PoPToP+FreeRadius+IAS by Thibault LE MEUR :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > It seems no mistakes in dictionary file. It is standard one > from RH distribution. BTW, freeradius use $INCLUDE, not > INCLUDE as you advised. With INCLUDE you will see something like > ---------------------- > Wed Jan 17 14:48:41 2007 : Error: Errors reading dictionary: > dict_init: /etc/raddb/dictionary[14] invalid keyword "INCLUDE" > ---------------------- I'm talking about the radiusclient library's dictionaries, not the Freeradius ones: the ones that can be found on your PopTop server, not the Freeradius server. Look at the path I worte: it's not /etc/raddb/dictionary, but /etc/radiusclient/dictionnary. The issue here, is that the radiusclient package doesn't come with the necessary dictionaries. So check on you PopTop server that the /etc/radiusclient/dictionary contains an 'INCLUDE' and not '$INCLUDE' for the dictionary.microsoft file. HTH, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
	RE : A couple of questions PoPToP+FreeRadius+IAS by Thibault LE MEUR :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > -----Message d'origine----- > De : > freeradius-users-bounces+thibault.lemeur=supelec.fr@... > radius.org > [mailto:freeradius-users-bounces+thibault.lemeur=supelec.fr@li > sts.freeradius.org] De la part de Marxy > Envoyé : mercredi 17 janvier 2007 14:39 > À : freeradius-users@... > Objet : Re: A couple of questions PoPToP+FreeRadius+IAS > > > > > Alan DeKok-4 wrote: > > > > Marxy wrote: > >> 1. Accounting of Calling-station-id returns only first 4 > characters > >> of user's IP address. > > If that's what the RADIUS client is sending, then the > only solution > > is to fix the client so it sends the correct information. > > > My radius client is standard radiusclient software. > But it seems no settings for that in its > /etc/radiusclient/radiusclient.conf > > > Alan DeKok-4 wrote: > > > >> 2. Radius does not understand some attributes from client. > >> a) Jan 14 12:37:14 shata pppd[25046]: rc_avpair_gen: > received unknown > >> attribute 25 of length 30: > > > > The client doesn't understand the response of the server. Again, > > the only solution is to fix the client. > > > Yes. You are quite right. > I add missing attributes to radiusclient dictionary file. > ATTRIBUTE MS-CHAP2-Response 25 string > ATTRIBUTE Acct-Input-Packets 47 integer > ATTRIBUTE Acct-Output-Packets 48 integer It might not be enough. Could you check this post and give it a try ? http://lists.freeradius.org/pipermail/freeradius-users/2007-January/059299.h tml Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
	Re: RE : A couple of questions PoPToP+FreeRadius+IAS by Marxy :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thibault LE MEUR wrote: > > The client doesn't understand the response of the server. Again, > > the only solution is to fix the client. > > > Yes. You are quite right. > I add missing attributes to radiusclient dictionary file. > ATTRIBUTE MS-CHAP2-Response 25 string > ATTRIBUTE Acct-Input-Packets 47 integer > ATTRIBUTE Acct-Output-Packets 48 integer It might not be enough. It is enough 'cause I had add all microsoft vendor's attributes early. Thanks. I have another unsolved probems.