Date: Sat, 14 Feb 1998 11:11:54 -0000 From: "Steven Fletcher (Shellnet IRC administrator)" <ircadmin@shellnet.co.uk> To: "IBS / Andre Oppermann" <andre@pipeline.ch> Cc: <freebsd-isp@FreeBSD.ORG> Subject: RE: RADIUS for BSDi running under FreeBSD Message-ID: <98021411094149200@mailhost.shellnet.co.uk> In-Reply-To: <34E4A171.4EC6840C@pipeline.ch>
next in thread | previous in thread | raw e-mail | index | archive | help
> -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of IBS / Andre Oppermann > Sent: 13 February 1998 19:39 > To: Steven Fletcher (Shellnet IRC administrator) > Cc: freebsd-isp@FreeBSD.ORG > Subject: Re: RADIUS for BSDi running under FreeBSD > > > Steven Fletcher (Shellnet IRC administrator) wrote: > > > > Dear gurus..... > > > > I am trying swap all of my dial up users over to a RADIUS authentication > > system so that we no longer need to have 150 users on our Windows NT box > > I did the same some weeks ago with some boxes, much better now. > Oh, thank you thank you thank you ! Now - radius authenticates the user and we can browse from the Dial up client, but 2 questions remain; here is a log of what I mean: ============================================================================ ===================== bash# /etc/radiusd -x Sat Feb 14 10:56:58 1998: [207] /etc/radiusd: Livingston RADIUS 2.0.1 97/5/22 NDBM NOSHADOW PASSCHANGE bsdi flat_users Sat Feb 14 10:56:58 1998: [207] using udp port 1645 for RADIUS Sat Feb 14 10:56:58 1998: [207] using udp port 1646 for RADIUS accounting Sat Feb 14 10:56:58 1998: [207] updated client cache with 1 clients Sat Feb 14 10:57:04 1998: [208] radrecv: Request from host <NT IP> code=4, id=1, length=26 Sat Feb 14 10:57:04 1998: [208] Acct-Status-Type = 7 Sat Feb 14 10:57:04 1998: [208] Sending Accounting-Response for id 1 to <NT domain name> (<NT IP>) Sat Feb 14 10:58:44 1998: [207] radrecv: Request from host <NT IP> code=1, id=2, length=63 Sat Feb 14 10:58:44 1998: [207] User-Name = "dud" Sat Feb 14 10:58:44 1998: [207] Password = "\371\345\273\033\347=\205\306\267c\262\270\241\333D\251" Sat Feb 14 10:58:44 1998: [207] NAS-Port = 0 Sat Feb 14 10:58:44 1998: [207] Framed-Protocol = PPP Sat Feb 14 10:58:44 1998: [207] received unknown attribute 32 * OK; Is attribute 32 NAS-Identifier, and considering there seemed to be no problems with connecting, and that the Win 95 Dial up client could web browse, do I need to add it to the dictionary ? Sat Feb 14 10:58:44 1998: [210] Sending Accept of id 2 to <NT domain> (<NT IP>) Sat Feb 14 10:58:44 1998: [210] Service-Type = Framed-User Sat Feb 14 10:58:44 1998: [210] Framed-Protocol = PPP Sat Feb 14 10:58:45 1998: [208] radrecv: Request from host <NT IP> code=4, id=3, length=58 Sat Feb 14 10:58:45 1998: [208] Acct-Status-Type = Start Sat Feb 14 10:58:45 1998: [208] Acct-Session-Id = "22669" Sat Feb 14 10:58:45 1998: [208] User-Name = "dud" Sat Feb 14 10:58:45 1998: [208] NAS-Port = 0 Sat Feb 14 10:58:45 1998: [208] received unknown attribute 32 * Again; do I need to add attribute 32 ? Sat Feb 14 10:58:45 1998: [208] Framed-Protocol = PPP Sat Feb 14 10:58:45 1998: [208] accounting: client <Nt domian> sent accounting-request with invalid request authenticator * What is an invalid request authenticator ? Sat Feb 14 10:58:45 1998: [208] Sending Accounting-Response for id 3 to <NT domain> (<NT IP>) Sat Feb 14 10:59:20 1998: [208] radrecv: Request from host <NT IP> code=4, id=4, length=58 Sat Feb 14 10:59:20 1998: [208] Acct-Status-Type = Stop Sat Feb 14 10:59:20 1998: [208] Acct-Session-Id = "22669" Sat Feb 14 10:59:20 1998: [208] User-Name = "dud" Sat Feb 14 10:59:20 1998: [208] NAS-Port = 0 Sat Feb 14 10:59:20 1998: [208] received unknown attribute 32 * Again, 32 :) Sat Feb 14 10:59:20 1998: [208] Framed-Protocol = PPP Sat Feb 14 10:59:20 1998: [208] accounting: client <NT domain> sent accounting-request with invalid request authenticator * Again, invalid request authenticator ? Sat Feb 14 10:59:20 1998: [208] Sending Accounting-Response for id 4 to <NT domain> (<NT domain>) ============================================================================ ===================== It seems to me that these are trivial errors, but as I am not quite sure yet what they mean. I would be extremely grateful to anyone who could provide any help here. On another branch - Can Radius (or does it already) manage to stop multiple logins ? Thanks for your time and your marvelous help, Steven Fletcher - Shellnet. steven@shellnet.co.uk To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?98021411094149200>