Jacob S. Barrett | 1 Feb 05:42 2004

RE: RADIUS patch problem

Shubho Biswas said:
> I still can't seem to get this Radius patch from pogozone working.  I'm
> just
> not sure how to start accounting.  Is it automatically started per user?
> And do I have to rebuild both my authserver and gateway or just the
> authserver?

Post your gateway debug logs.  There is probably a clue in there.  It is
usually a configuration problem.  You can also try setting the accounting
method to "File" rather than "RADIUS".  Does it account to the file
correctly?

-Jake

--

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

  email: jbarrett <at> pogozone.com
    web: www.pogozone.com
  voice: 360-676-8772
    fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
         Bellingham, Washington 98225
Dan Clark | 1 Feb 10:16 2004
Picon

problem with sessions timing out and not letting us back in??

Hi Guys,
        Most of my users are having a problem where after they get kicked
out of the network due to poor signal or for whatever reason they find they
cannot get back onto the secure splash screen to log back in??? Any idea
what could be causing this? Also what do most users set their Login Expiry
Time to?
    Also, what does this message in nocat.log mean...
[2004-02-01 21:36:11] Use of uninitialized value in join or string at
/usr/local/nocat/bin/../lib/NoCat.pm line 148.

Kind Regards,

Dan Clark
Network Manager
DunedinWireless
Scarfies.Net Ltd
Jochen Staerk | 1 Feb 11:51 2004
Picon

Re: RE : RE : RE : URGENT : Problem to access to NoCat login page


Hi,

> I've now shut Apache down, however the situation remains unchanged 
> except that http://192.168.0.20/splash.html doesn't work...
>
> http://192.168.0.20:5280/splash.html works when directly requested but 
> no capture occurs and the failures remain the same as before.
>
> Kind of frustrating...

OK do you mind sending me the nocat.conf? When you type in an ip instaed 
of an url, ou don't get redirected either, do you?

bye,
Jochen
Shubho Biswas | 2 Feb 04:18 2004
Picon

RE: RADIUS patch problem

Well, I'm almost there.  I'm trying to add the pogozone radius accounting 
patch to my pebble gateway.  The following links were very useful:

http://lists.nocat.net/pipermail/nocat/2003-June/003294.html
http://lists.nocat.net/pipermail/nocat/2003-July/003416.html

To apply radius accounting patch to pebble gateway:
I reextracted the nocatAuth0.82 source, applied the patch, and built the 
nocat gateway.
Then I scp'd the resulting /usr/local/nocat dir over to my soekris pebble 
box.
scp over bin/initialize.fw and bin/fw-wrap from stock pebble distro over to 
pebble box
on pebble box, rm bin/iptables and /bin/ln -s fw-wrap iptables
on pebble box, rm -Rf pgp and ln -s /rw/usr/local/nocat/pgp pgp

On my server, I rebuilt the nocatauth server with the radius accounting 
patch.

My wireless client's internet browser now gets redirected to the server's 
login page and radius shows me that the user is authenticated.  I even get 
the login_ok.html popup with the logout button.  But I don't get forwarded 
to the original url I'm trying to get to.  It just stops at the Welcome to 
the NoCat network page.  If I try to manually type in a url, I go back to 
the login pg.

pebble's nocat.log shows:
[2004-01-30 21:22:16] Spawning child process 342.
[2004-01-30 21:22:16] Connection to 192.168.89.1 from 192.168.89.10
[2004-01-30 21:22:16] Capturing 192.168.89.10 for 
(Continue reading)

Shubho Biswas | 2 Feb 06:49 2004
Picon

Re: RADIUS patch problem

Oh, and I had to copy the Digest::MD5 files over to my pebble gateway.

----- Original Message -----
From: "Shubho Biswas" <shubhobiswas <at> hotmail.com>
To: <nocat <at> lists.nocat.net>
Sent: Sunday, February 01, 2004 10:18 PM
Subject: RE: [NoCat] RADIUS patch problem

> Well, I'm almost there.  I'm trying to add the pogozone radius accounting
> patch to my pebble gateway.  The following links were very useful:
>
> http://lists.nocat.net/pipermail/nocat/2003-June/003294.html
> http://lists.nocat.net/pipermail/nocat/2003-July/003416.html
>
> To apply radius accounting patch to pebble gateway:
> I reextracted the nocatAuth0.82 source, applied the patch, and built the
> nocat gateway.
> Then I scp'd the resulting /usr/local/nocat dir over to my soekris pebble
> box.
> scp over bin/initialize.fw and bin/fw-wrap from stock pebble distro over
to
> pebble box
> on pebble box, rm bin/iptables and /bin/ln -s fw-wrap iptables
> on pebble box, rm -Rf pgp and ln -s /rw/usr/local/nocat/pgp pgp
>
> On my server, I rebuilt the nocatauth server with the radius accounting
> patch.
>
> My wireless client's internet browser now gets redirected to the server's
> login page and radius shows me that the user is authenticated.  I even get
(Continue reading)

Yann Garcia | 2 Feb 09:50 2004

RE : NoCat digest, Vol 1 #438 - 7 msgs

Hi David,

It seams that I have the same behaviour. When I make the request
http://10.0.3.1 (my wlan0 IP address), the Nocat send the splash HTML
page (I see this in the NoCat's logs but When I click on the login
button, it's failed, see logs below.
What are your Internet Explorer network's options? 

Bye

Yann

Feb  2 09:42:30 m060203 NoCat[2724]: Resetting firewall. 
Feb  2 09:42:30 m060203 NoCat[2724]: Can't fetch network interface list
with ifconfig:  
Feb  2 09:42:30 m060203 NoCat[2724]: Detected InternalDevice 'wlan0' 
Feb  2 09:42:30 m060203 NoCat[2724]: Detected ExternalDevice 'eth0' 
Feb  2 09:42:30 m060203 NoCat[2724]: Detected LocalNetwork '10.0.1.0/24'

Feb  2 09:42:31 m060203 kernel: ip_tables: (C) 2000-2002 Netfilter core
team
Feb  2 09:42:31 m060203 kernel: ip_conntrack version 2.1 (2039 buckets,
16312 max) - 320 bytes per conntrack
Feb  2 09:42:33 m060203 NoCat[2724]: Binding listener socket to  0.0.0.0

Feb  2 09:42:33 m060203 NoCat[2724]: Gateway running on port 5280. 
Feb  2 09:43:36 m060203 dhcpd: ctrace.c(171): trace_write_packet with
null trace type
Feb  2 09:43:36 m060203 dhcpd: DHCPREQUEST for 10.0.3.20 from
00:80:c8:b2:db:fb (ygarcia) via wlan0
(Continue reading)

David Ivory | 2 Feb 17:39 2004

Re: RE : NoCat digest, Vol 1 #438 - 7 msgs

Yann,

You're a little further ahead than me - I don't get my requests 
captured by NoCat at all.

I think I am going to attempt to use the NoCat.net auth server to see 
if there is an issue with the set up when using the Open option.

I use Mac OS X / Safari as my client browser - though I've checked it 
with IE for Mac as well. Can't say that this would be an issue with the 
capture.... though I guess it is one variable I have not checked.

David

On 2 Feb 04, at 4:50 PM, Yann Garcia wrote:

> Hi David,
>
> It seams that I have the same behaviour. When I make the request
> http://10.0.3.1 (my wlan0 IP address), the Nocat send the splash HTML
> page (I see this in the NoCat's logs but When I click on the login
> button, it's failed, see logs below.
> What are your Internet Explorer network's options?
>
> Bye
>
> Yann
>
>
> Feb  2 09:42:30 m060203 NoCat[2724]: Resetting firewall.
(Continue reading)

Jacob S. Barrett | 2 Feb 21:48 2004

RE: RADIUS patch problem

Shubho Biswas said:
> pebble's nocat.log shows:
> [2004-01-30 21:24:46] Can't exec "stats.fw": Permission denied at
> /usr/local/nocat/bin/../lib/NoCat/Firewall.pm line 288.

Check that stats.fw exists fo your firewall type, that is is executable,
and that it is executable by the user that nocat is running as.

> apache's error.log shows:
> [2004-01-30 16:11:32] Use of uninitialized value in concatenation (.) or
> string at ../lib//NoCat/Source/RADIUS.pm line 46, <FILE> line 1.
> [2004-01-30 16:11:32] Connecting to RADIUS server localhost with Timeout

RADIUS_TimeOut is not set in your nocat.conf on the apache server.

> [2004-01-30 16:11:32] no value sent for attribute 4 at
> ../lib//Authen/Radius.pm line 347, <FILE> line 1.

The NAS IP isn't being determined correctly.  This might clear up when you
fix the above errors.  If it doesn't then let me know I will point you to
where you can set this.

-Jake

--

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

  email: jbarrett <at> pogozone.com
(Continue reading)

Shubho Biswas | 2 Feb 23:54 2004
Picon

RE: RADIUS patch problem

Thanks.  I've managed to resolve 2 out of 3 of the problems (see my comments 
below).  But I still don't get forwarded to the url I want after logging in 
on my browser.  (At the bottom of Netscape Navigator I see 
"Resolving:5280..." but the Welcome to the NoCat network page is all I see 
in the browser.  By the way, I changed the server's nocat.conf "RedirectTime 
=  5" to "RedirectTime  5".

My current nocat.log:
[2004-02-02 22:20:11] Spawning child process 1315.
[2004-02-02 22:20:11] Connection to 192.168.89.1 from 192.168.89.10
[2004-02-02 22:20:11] Capturing  192.168.89.10  for http://www.yahoo.com/
[2004-02-02 22:20:11] Notifying parent of Capture on peer 00:04:E2:8F:03:2F
[2004-02-02 22:20:11] Got notification Capture of peer 00:04:E2:8F:03:2F
[2004-02-02 22:20:11] Child process returned 1

error.log:

[2004-02-02 17:35:56] User UNKNOWN from 192.168.1.199 requests form
[2004-02-02 17:36:09] User sbiswas1 from 192.168.1.199 requests form
[2004-02-02 17:36:09] Connecting to RADIUS server localhost with Timeout 5
[2004-02-02 17:36:10] no value sent for attribute 4 at 
../lib//Authen/Radius.pm line 347, <FILE> line 1.
[2004-02-02 17:36:43] User sbiswas1 from 192.168.1.199 requests popup
[2004-02-02 17:36:43] Connecting to RADIUS server localhost with Timeout 5
[2004-02-02 17:36:43] no value sent for attribute 4 at 
../lib//Authen/Radius.pm line 347, <FILE> line 1.
[2004-02-02 17:36:49] User sbiswas1 from 192.168.1.199 requests renew
[2004-02-02 17:36:49] Connecting to RADIUS server localhost with Timeout 5
[2004-02-02 17:36:49] no value sent for attribute 4 at 
../lib//Authen/Radius.pm line 347, <FILE> line 1.
(Continue reading)

Jacob S. Barrett | 3 Feb 00:22 2004

Re: RADIUS patch problem

On Monday 02 February 2004 02:54 pm, Shubho Biswas wrote:
> [2004-02-02 17:46:28] could not parse  at ../lib//NoCat/AuthService.pm line
> 77

Email me your lib/NoCat/AuthService.pm file.

--

-- 
Jacob S. Barrett
Chief Technology Officer
PogoZone LLC

  email: jbarrett <at> pogozone.com
    web: www.pogozone.com
  voice: 360-676-8772
    fax: 360-733-3941
address: 114 W. Magnolia Street Suite 417
         Bellingham, Washington 98225

Gmane