MAIL ESSENTIALS SENDER NOTIFICATION
The following message:
TO: [EMAIL PROTECTED]
FROM: [EMAIL PROTECTED]
DATE: Thu, 05 Sep 2002 17:50:03 +0200
Subject: Freeradius-Users digest, Vol 1 #1033 - 1 msg
has been held for later review by the administrator by Mail Essentials for the
following reason(s):
Body contains word(s)/phrase(s) 'XXX'
Mail essentials
--- Begin Message ---
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Mail Delivery Status Notification (Postmaster)
--__--__--
Message: 1
From: Postmaster <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Mail Delivery Status Notification
boundary="----_=_NextPart_1"
Date: 5 Sep 2002 08:48:54 -0700
Reply-To: [EMAIL PROTECTED]
--- End Message ---
MAIL ESSENTIALS SENDER NOTIFICATION
The following message:
TO: [EMAIL PROTECTED]
FROM: [EMAIL PROTECTED]
DATE: Thu, 05 Sep 2002 17:48:04 +0200
Subject: Freeradius-Users digest, Vol 1 #1032 - 1 msg
has been held for later review by the administrator by Mail Essentials for the
following reason(s):
Body contains word(s)/phrase(s) 'XXX'
Mail essentials
--- Begin Message ---
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Mail Delivery Status Notification (Postmaster)
-- __--__--
Message: 1
From: Postmaster <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Mail Delivery Status Notification
boundary="----_=_NextPart_1"
Date: 5 Sep 2002 08:46:48 -0700
Reply-To: [EMAIL PROTECTED]
--- End Message ---
MAIL ESSENTIALS SENDER NOTIFICATION
The following message:
TO: [EMAIL PROTECTED]
FROM: [EMAIL PROTECTED]
DATE: Thu, 05 Sep 2002 17:46:03 +0200
Subject: Freeradius-Users digest, Vol 1 #1031 - 1 msg
has been held for later review by the administrator by Mail Essentials for the
following reason(s):
Body contains word(s)/phrase(s) 'XXX'
Mail essentials
--- Begin Message ---
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Mail Delivery Status Notification (Postmaster)
-- __--__--
Message: 1
From: Postmaster <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Mail Delivery Status Notification
boundary="----_=_NextPart_1"
Date: 5 Sep 2002 08:44:42 -0700
Reply-To: [EMAIL PROTECTED]
--- End Message ---
MAIL ESSENTIALS SENDER NOTIFICATION
The following message:
TO: [EMAIL PROTECTED]
FROM: [EMAIL PROTECTED]
DATE: Thu, 05 Sep 2002 17:44:02 +0200
Subject: Freeradius-Users digest, Vol 1 #1030 - 1 msg
has been held for later review by the administrator by Mail Essentials for the
following reason(s):
Body contains word(s)/phrase(s) 'XXX'
Mail essentials
--- Begin Message ---
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Mail Delivery Status Notification (Postmaster)
-- __--__--
Message: 1
From: Postmaster <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Mail Delivery Status Notification
boundary="----_=_NextPart_1"
Date: 5 Sep 2002 08:42:51 -0700
Reply-To: [EMAIL PROTECTED]
--- End Message ---
MAIL ESSENTIALS SENDER NOTIFICATION
The following message:
TO: [EMAIL PROTECTED]
FROM: [EMAIL PROTECTED]
DATE: Thu, 05 Sep 2002 17:42:03 +0200
Subject: Freeradius-Users digest, Vol 1 #1029 - 2 msgs
has been held for later review by the administrator by Mail Essentials for the
following reason(s):
Body contains word(s)/phrase(s) 'XXX'
Mail essentials
--- Begin Message ---
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Mail Delivery Status Notification (Postmaster)
2. Re: suggestions about attributes (Kostas Kalevras)
-- __--__--
Message: 1
From: Postmaster <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Mail Delivery Status Notification
boundary="----_=_NextPart_1"
Date: 5 Sep 2002 08:12:51 -0700
Reply-To: [EMAIL PROTECTED]
--- End Message ---
MAIL ESSENTIALS SENDER NOTIFICATION
The following message:
TO: [EMAIL PROTECTED]
FROM: [EMAIL PROTECTED]
DATE: Thu, 05 Sep 2002 17:12:03 +0200
Subject: Freeradius-Users digest, Vol 1 #1028 - 17 msgs
has been held for later review by the administrator by Mail Essentials for the
following reason(s):
Body contains word(s)/phrase(s) 'XXX'
Mail essentials
--- Begin Message ---
Send Freeradius-Users mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.cistron.nl/mailman/listinfo/freeradius-users
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Freeradius-Users digest..."
Today's Topics:
1. Re: sqlcounter question (Do-Risika RAFIEFERANTSIARONJY)
2. Pool-Name attribute (Ador Dauz)
3. Re: Pool-Name attribute (Kostas Kalevras)
4. RH 6.2 & Freeradius-0.7 (Joeffrey Betita)
5. Prepaid calling card script (Raymond Chen)
6. Re: Prepaid calling card script (Mattt)
7. Re: RH 6.2 & Freeradius-0.7 ([EMAIL PROTECTED])
8. mysql - list of NAS (Dolfini Danilo)
9. Re: mysql modules (=?iso-8859-1?q?ho=20k?=)
10. Mysql auth query (Mozzi)
11. Problems to use as proxy (Wolfgang Bremer)
12. Radius Packet Construction (Sheldon Fougere)
13. RE: Cannot find a Domain attribute ?? (Deramus, Chris)
14. Re: Exec-Program-Wait Abnormal exit - 0.7/Snapshot (Alan DeKok)
15. Re: Problems to use as proxy (Alan DeKok)
16. Re: Radius Packet Construction (Alan DeKok)
17. Re: RedHat 7.3 as Radius Client (Alan DeKok)
-- __--__--
Message: 1
Date: Thu, 05 Sep 2002 08:53:53 +0300
From: Do-Risika RAFIEFERANTSIARONJY <[EMAIL PROTECTED]>
Organization: Simicro Internet
To: [EMAIL PROTECTED]
Subject: Re: sqlcounter question
Reply-To: [EMAIL PROTECTED]
alienoid wrote:
> Hello freeradius-users,
hi,
> RH7.2 + freeradius-0.6 + Oracle
>
> I've compiled freeradius with --with-experimantal-modules and set up
> it with sql auth/acct.
>
> In radiusd.conf wrote:
>
> sqlcounter hourlycounter {
> counter-name = SQL_Max_Hour_Session_Timeout
> check-name = SQL_Max_Hour
> sqlmod_inst = sql
> key = User-Name
> query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE
> username='%{%k}'"
> reset = none
> }
may be 'reset = never',
if not, didn't you forget to put hourlycounter in the authorization
section ?
> I did so (tried to convert) with table radcheck:
> test User-Password xxxx :=
> test SQL_Max_Hour 36000 >
> test Auth-Type Reject :=
i think the operator should be ':=' instead of '>' ...
cheers,
@+
--
DouRiX \\\|///
___ \\ - - // ____ ___ __
| _ oOOo_@ @_oOOo| _ \(_) \/ /
| | | |/ _(_) | | | |_| ) |\ /
| |_| | (_) | |_| | _ <| |/ \
|____/ \___/ \_Ooooo| \_\_/_/\_\
f u cn rd ths u r usng unx
ooooO ) /
( ) (_/
\ (
\_)
[Never be afraid to try something new. Remember, amateurs built the
ark,
and professionals built the Titanic.]
-- __--__--
Message: 2
charset="iso-8859-1"
From: Ador Dauz <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Pool-Name attribute
Date: Thu, 5 Sep 2002 15:14:41 +0800
Reply-To: [EMAIL PROTECTED]
hello all,
I'm look a documentation about Pool-Name attribute.
is any one can give me a site or document where
i can read..
Thanks
--ador
-- __--__--
Message: 3
Date: Thu, 5 Sep 2002 10:21:18 +0300 (EEST)
From: Kostas Kalevras <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Pool-Name attribute
Reply-To: [EMAIL PROTECTED]
On Thu, 5 Sep 2002, Ador Dauz wrote:
> hello all,
>
> I'm look a documentation about Pool-Name attribute.
> is any one can give me a site or document where
> i can read..
>
> Thanks
> --ador
It contains the name of the ippool module instance which should handle the
request. That way you can assign different pools to different classes of users.
The Pool-Name should always be set for the ipppool module to work.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf
-- __--__--
Message: 4
From: "Joeffrey Betita" <[EMAIL PROTECTED]>
To: "Freeradius-Users" <[EMAIL PROTECTED]>
Subject: RH 6.2 & Freeradius-0.7
Date: Thu, 5 Sep 2002 16:52:49 +0800
charset="iso-8859-1"
Reply-To: [EMAIL PROTECTED]
Freeradius is now running on my RH6.2 but when i try to dialup my login
name did not appear on the radius.log
pls. help me. thank you very much
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.384 / Virus Database: 216 - Release Date: 8/21/2002
-- __--__--
Message: 5
From: "Raymond Chen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Prepaid calling card script
Date: Thu, 5 Sep 2002 17:28:34 +0800
charset="US-ASCII"
Reply-To: [EMAIL PROTECTED]
Dear All,
Does anyone have the Prepaid calling card script run as
exec-program-wait? Please one copy to us.
Your help is greatly appreciated.
Raymond
-- __--__--
Message: 6
Subject: Re: Prepaid calling card script
From: Mattt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Date: 05 Sep 2002 19:41:11 +1000
Reply-To: [EMAIL PROTECTED]
On Thu, 2002-09-05 at 19:28, Raymond Chen wrote:
> Dear All,
>
> Does anyone have the Prepaid calling card script run as
> exec-program-wait? Please one copy to us.
>
I have this weird desire to laugh uncontrollably about now... yeah, I'm
a little crazy... and probably a nerd too...
(I think it's Australian for geek...)
--
Cheers,
Mattt icq : 117539757
Network and Tech Dood www : http://www.pulse.nq4u.net
[EMAIL PROTECTED] jabber: [EMAIL PROTECTED]
What's got four legs and an arm? A happy Pit Bull...
-- __--__--
Message: 7
Date: Thu, 5 Sep 2002 18:13:26 +0800 (PHT)
From: <[EMAIL PROTECTED]>
To: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
Subject: Re: RH 6.2 & Freeradius-0.7
Reply-To: [EMAIL PROTECTED]
hello,
>
> Freeradius is now running on my RH6.2 but when i try to dialup my login
> name did not appear on the radius.log
you need to turn on logging for authentication requests on radiusd.conf
don't forget to restart radiusd after editing the conf file.
regards,
Ron
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.384 / Virus Database: 216 - Release Date: 8/21/2002
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-- __--__--
Message: 8
Date: Thu, 05 Sep 2002 13:51:09 +0200
From: Dolfini Danilo <[EMAIL PROTECTED]>
Subject: mysql - list of NAS
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Hello,
I'm using freeradius-0.6 with mysql and I have a big problem.
I can define users ('radcheck' table) and group ('usergroup' table). I =
can also define a single NAS with the attribute 'NAS-IP-Address' in the =
'radgroupcheck' table but I can't define a list of NAS associated with a =
group of users.
Another question: how can I configure clients in mysql without using the =
'clients.conf' file?
Can someone help me to resolve these problems?
Thanks in advance.
Ragards,
---------------------------------------------
Danilo Dolfini
Telecom Italia Lab - (RI/NS/C)
Via G. Reiss Romoli, 274
10148 Torino - ITALY
Phone #: +39 11 2287076
IP phone #: +39 11 2282674
http://www.telecomitalialab.com
e-mail: [EMAIL PROTECTED]
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
CONFIDENTIALITY NOTICE
This message and its attachments are addressed solely to the persons
above and may contain confidential information. If you have received
the message in error, be informed that any use of the content hereof
is prohibited. Please return it immediately to the sender and delete
the message. Should you have any questions, please contact us by
replying to [EMAIL PROTECTED] Thank you
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
-- __--__--
Message: 9
Date: Thu, 5 Sep 2002 20:31:30 +0800 (CST)
From: =?iso-8859-1?q?ho=20k?= <[EMAIL PROTECTED]>
Subject: Re: mysql modules
To: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Hi
After creating the link inside the directory of
/usr/local/mysql/include
#ln -s ../include mysql,
then
#./configure
--with-mysql-include-dir=/usr/local/mysql/include
I got the warning as:
configuring in ./drivers/rlm_sql_mysql
running /bin/sh ./configure
--with-mysql-include-dir=/usr/local/mysql/include -
-cache-file=../.././config.cache --srcdir=.
loading cache ../.././config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc ) works... yes
checking whether the C compiler (gcc ) is a
cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking how to run the C preprocessor... (cached) gcc
-E
checking for compress in -lz... no
checking for mysql/mysql.h... yes
checking for mysql_init in -lmysqlclient... no
configure: warning: mysql libraries not found. Use
--with-mysql-lib-dir=<path>.
configure: warning: sql submodule 'mysql' disabled
updating cache ../.././config.cache
creating ./config.status
creating Makefile
Anyoue can give me the solution, if MySql binary
package is installed in default path /usr/local/mysql
and my OS is solaris2.7 with gcc 3.2
Regards
K
--- Ador Dauz <[EMAIL PROTECTED]> wrote: > On
Thursday 05 September 2002 06:52, you wrote:
> > :-)
> > :
> > > It *is* using the path you give it. That's
> not the problem.
> >
> > well, it does add "mysql" to it.
> >
> > > The problem is that the MySQL header files are
> *normally* in
> > > <mysql/mysql.h>, as evidenced by the fact that
> this issue hasn't been
> > > a problem for at least the past year. So if
> you're running into a
> > > problem, it's because the mysql header files on
> your system are in a
> > > different place than 90% of other peoples
> systems.
>
> I started using the freeradius last July and I have
> same problem with you.
> It found the lib but not the include directory so
> the headers not found. To
> work arround with these... I created a link named
> mysql inside in the
> directory of include. I'm inside the directory of
> /usr/local/mysql/include
> then I do this command, ln -s ../include mysql
> these only work with this
> option
> --with-mysql-include-dir=/usr/local/mysql/include
> or create a link
> inside
> the directory of your mysql name mysql link to
> include directory but your
> option look like these...
> --with-mysql-include-dir=/usr/local/mysql
>
> To test if work do it first inside the mysql module
> directory the configure
> command.
> I'm not a programmer so please dont ask me about the
> that module, Im still
> a student learning system administration.. I really
> admire all the programmer
> who build the freeradius program.
>
> Thanks
> ador
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
_______________________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk
-- __--__--
Message: 10
Date: Thu, 05 Sep 2002 14:36:23 +0200
From: Mozzi <[EMAIL PROTECTED]>
To: Radius <[EMAIL PROTECTED]>
Subject: Mysql auth query
Reply-To: [EMAIL PROTECTED]
Hallo all
Need to ask a Mysql auth question
I added another field to my radcheck table 'status'
mysql> desc radcheck
-> ;
+-----------+-------------+------+-----+----------+----------------+
| Field | Type | Null | Key | Default | Extra |
+-----------+-------------+------+-----+----------+----------------+
| id | int(10) | | PRI | NULL | auto_increment |
| UserName | varchar(30) | | MUL | | |
| Attribute | varchar(30) | | | Password | |
| Value | varchar(40) | YES | | NULL | |
| status | varchar(16) | | | active | |
| op | char(2) | | | := | |
+-----------+-------------+------+-----+----------+----------------+
6 rows in set (0.00 sec)
Now I modified the query to look like below
authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
${authcheck_table} WHERE Username = '%{SQL-User-Name}' AND status =
^^^^^^^^^^^^^
'active' ORDER BY id"
^^^^^^^
But it isn't working.
Anybody have any ideas ?
Tnx
Mozzi
-- __--__--
Message: 11
Date: Thu, 05 Sep 2002 14:42:23 +0200
From: Wolfgang Bremer <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Problems to use as proxy
boundary="------------E434BA79110CA4B73CA2CD45"
Reply-To: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
--------------E434BA79110CA4B73CA2CD45
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hi,
I'm trying to configure the freeradius (Version 0.5) to proxy requests
to a remote server.
I'm getting a message 'No request found for proxy reply from server XXX'
Has anybody got the same problem?
Here is some debug output:
Server#/usr/local/sbin/radiusd -x
Starting - reading configuration files ...
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
Module: Instantiated realm (suffix)
Module: Loaded files
Module: Instantiated files (files)
Module: Loaded detail
Module: Instantiated detail (detail)
Module: Loaded radutmp
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:4079, id=163,
length=71
User-Name = "[EMAIL PROTECTED]"
User-Password = "o\264FU\260\n\317\346l\2134?\037F\272\214"
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = "1"
rlm_chap: Could not find proper Chap-Password attribute in request
Sending Access-Request of id 1 to 192.1.1.1:1812
User-Name = "radiustest"
User-Password =
"\215\022\360`\241t\227\203\344\3067\r\260\250z;"
NAS-IP-Address = 255.255.255.255
NAS-Port-Id = "1"
Proxy-State = "163"
rad_recv: Access-Accept packet from host 192.1.1.1:1812, id=1, length=37
No request found for proxy reply from server Radius2 - ID 1
The Server Radius2 just loggs a successfull login
regards
Wolfgang Bremer
--------------E434BA79110CA4B73CA2CD45
Content-Type: text/x-vcard; charset=us-ascii;
name="Wolfgang_Bremer.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Wolfgang Bremer
Content-Disposition: attachment;
filename="Wolfgang_Bremer.vcf"
begin:vcard
n:Bremer;Wolfgang
tel;work:+49 21 02 90 58 56
x-mozilla-html:TRUE
adr:;;;;;;
version:2.1
email;internet:[EMAIL PROTECTED]
fn:Wolfgang Bremer
end:vcard
--------------E434BA79110CA4B73CA2CD45--
-- __--__--
Message: 12
From: "Sheldon Fougere" <[EMAIL PROTECTED]>
To: "Freeradius-Users" <[EMAIL PROTECTED]>
Subject: Radius Packet Construction
Date: Thu, 5 Sep 2002 11:27:31 -0300
charset="iso-8859-1"
Reply-To: [EMAIL PROTECTED]
Hi,
When creating Radius packets, does it matter what order the attribute value
pairs are in? Does Freeradius care what order the attributes are in?
My example is I'm creating an Authentication Packet, is it ok to put
NAS-Port-Type before the NAS-IP-Address?
Thanks,
Sheldon
-- __--__--
Message: 13
From: "Deramus, Chris" <[EMAIL PROTECTED]>
To: "'[EMAIL PROTECTED]'"
<[EMAIL PROTECTED]>
Subject: RE: Cannot find a Domain attribute ??
Date: Thu, 5 Sep 2002 10:43:45 -0400
boundary="----_=_NextPart_001_01C254EA.A33EFD90"
Reply-To: [EMAIL PROTECTED]
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_001_01C254EA.A33EFD90
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: 7bit
To all,
I'm definately getting somewhere with this, I appreciate your input. I
thoroughly read the documentation and am close. I set my Mysql table up like
this for user chris.deramus
22 chris.deramus Vendor-Specific Microsoft ==
23 chris.deramus MS-CHAP-Domain test.my.gov ==
Then when running FreeRADIUS in debugging mode, I get this with an incoming
request. As you can see in bold, it's passing the MS-CHAP-Domain in the
Access Accept, however it doesn't seem to be passing to my client laptop.
Maybe it's a problem with my MySQL table, maybe its a problem with how I
have MS-CHAP loaded in radiusd.conf
rlm_sql: Released sql socket id: 8
modcall[authorize]: module "sql" returns ok
rlm_counter: Entering module authorize code
rlm_counter: Could not find Check item value pair
modcall[authorize]: module "counter" returns noop
users: Matched DEFAULT at 141
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type PAP
auth: type "PAP"
modcall: entering group authtype
rlm_pap: login attempt by "chris.deramus" with password xxxxxxx
rlm_pap: Using password 690d96285de94b9e7138e3d9d687ce3e for user
chris.deramus authentication.
rlm_pap: Using MD5 encryption.
rlm_pap: User authenticated succesfully
modcall[authenticate]: module "pap" returns ok
modcall: group authtype returns ok
Login OK: [chris.deramus/xxxxxxxx] (from client 192.168.0.2 port 1008)
Sending Access-Accept of id 2 to 192.168.0.2:1026
Framed-IP-Address = 192.168.1.20
Vendor-Specific = 0x4d6963726f736f6674
MS-CHAP-Domain = "test.my.gov"
I bolded the sections that I found to be of interest, I'm assuming the
returned noop means that the module isn't loaded, or isn't doing anything? I
have the MS-CHAP module loaded in the authorization section, should it be
loaded in a different section of radiusd.conf ?
Thanks for the help and patience.
Chris
-----Original Message-----
From: Alan DeKok [ <mailto:[EMAIL PROTECTED]> mailto:[EMAIL PROTECTED]]
Sent: Monday, July 22, 2002 9:58 AM
To: [EMAIL PROTECTED]
Subject: Re: Cannot find a Domain attribute ??
"Deramus, Chris" <[EMAIL PROTECTED]> wrote:
> Sorry for the confusion, I meant I have to return that Domain attribute to
> the NAS, we have different program offices with resources on different
> domains.
You can return the MS-CHAP-Domain domain attribute in the
Access-Accept.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
<http://www.freeradius.org/list/users.html>
http://www.freeradius.org/list/users.html
------_=_NextPart_001_01C254EA.A33EFD90
Content-Type: text/html;
charset=us-ascii
Content-Transfer-Encoding: 7bit
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
<TITLE></TITLE>
<META content="MSHTML 5.50.4919.2200" name=GENERATOR></HEAD>
<BODY>
<P><FONT size=2><FONT face=Tahoma>To all,<BR><BR>I'm definately getting
somewhere with this, I appreciate your input. I thoroughly read the
documentation and am close. I set my Mysql table up like this for user
chris.deramus<BR><BR>22 chris.deramus
Vendor-Specific
Microsoft == <BR>23 chris.deramus
MS-CHAP-Domain test.my.gov
== <BR><BR>Then when running FreeRADIUS in debugging mode, I get this with
an incoming request. As you can see in bold, it's passing the MS-CHAP-Domain in
the Access Accept, however it doesn't seem to be passing to my client laptop.
Maybe it's a problem with my MySQL table, maybe its a problem with how I have
MS-CHAP loaded in radiusd.conf<BR><BR>rlm_sql: Released sql socket id:
8<BR> modcall[authorize]: module "sql" returns ok<BR>rlm_counter: Entering
module authorize code<BR>rlm_counter: Could not find Check item value
pair<BR> modcall[authorize]: module "counter" returns
noop<BR> users: Matched DEFAULT at 141<BR>
modcall[authorize]: module "files" returns ok<BR> </FONT><FONT
face=Tahoma><STRONG>modcall[authorize]: module "mschap" returns
noop<BR></STRONG>modcall: group authorize returns ok<BR>
rad_check_password: Found Auth-Type PAP<BR>auth: type "PAP"<BR>modcall:
entering group authtype<BR>rlm_pap: login attempt by "chris.deramus" with
password xxxxxxx<BR>rlm_pap: Using password 690d96285de94b9e7138e3d9d687ce3e for
user chris.deramus authentication.<BR>rlm_pap: Using MD5 encryption.<BR>rlm_pap:
User authenticated succesfully<BR> modcall[authenticate]: module "pap"
returns ok<BR>modcall: group authtype returns ok<BR>Login OK:
[chris.deramus/xxxxxxxx] (from client 192.168.0.2 port 1008)<BR>Sending
Access-Accept of id 2 to
192.168.0.2:1026<BR> Framed-IP-Address
= 192.168.1.20<BR> Vendor-Specific =
0x4d6963726f736f6674<BR><STRONG>
MS-CHAP-Domain = "test.my.gov"</STRONG></FONT></FONT></P>
<DIV><FONT face=Tahoma color=#0000ff size=2>I bolded the sections that I found
to be of interest, I'm assuming the returned noop means that the module isn't
loaded, or isn't doing anything? I have the MS-CHAP module loaded in the
authorization section, should it be loaded in a different section of
radiusd.conf ?</FONT></DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2>Thanks for the help and
patience.</FONT></DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2></FONT> </DIV>
<DIV><FONT face=Tahoma color=#0000ff size=2>Chris</FONT></DIV>
<P><BR><BR><FONT size=2>-----Original Message-----<BR>From: Alan DeKok
[</FONT><A href="mailto:[EMAIL PROTECTED]";><FONT
size=2>mailto:[EMAIL PROTECTED]</FONT></A><FONT size=2>]<BR>Sent: Monday, July 22,
2002 9:58 AM<BR>To: [EMAIL PROTECTED]<BR>Subject: Re: Cannot
find a Domain attribute ??<BR><BR><BR>"Deramus, Chris"
<[EMAIL PROTECTED]> wrote:<BR>> Sorry for the confusion, I meant
I have to return that Domain attribute to<BR>> the NAS, we have different
program offices with resources on different<BR>> domains.<BR><BR> You
can return the MS-CHAP-Domain domain attribute in
the<BR>Access-Accept.<BR><BR> Alan DeKok.<BR><BR><BR>-<BR>List
info/subscribe/unsubscribe? See </FONT><A target=_blank
href="http://www.freeradius.org/list/users.html";><FONT
size=2>http://www.freeradius.org/list/users.html</FONT></A><BR></P></BODY></HTML>
------_=_NextPart_001_01C254EA.A33EFD90--
-- __--__--
Message: 14
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Exec-Program-Wait Abnormal exit - 0.7/Snapshot
<000d01c25482$392d31a0$fa07ee3f@laptop1>
Date: Thu, 05 Sep 2002 10:58:24 -0400
Reply-To: [EMAIL PROTECTED]
"Dave" <[EMAIL PROTECTED]> wrote:
> Is Exec-Program-Wait still broken?
In 0.7 it didn't work in debugging mode. That was fixed a while
ago, and I did exhaustive testing to make sure it worked.
> I have tried 0.7 as well as Snapshot dated 09-04-2002 and while 0.7
> continues to run after an Abnormal exit, the Snapshot build dies
> immediately...but when entering "group authorize" and apparently not getting
> to Exec-Program-Wait.
Then the problem with the snapshot is not Exec-Program-Wait.
Alan DeKok.
-- __--__--
Message: 15
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Problems to use as proxy
<[EMAIL PROTECTED]>
Date: Thu, 05 Sep 2002 11:04:17 -0400
Reply-To: [EMAIL PROTECTED]
Wolfgang Bremer <[EMAIL PROTECTED]> wrote:
> I'm trying to configure the freeradius (Version 0.5) to proxy requests
> to a remote server.
Please don't post problems or bug reports with old versions of the
server. There are MANY bugs fixed in newer releases, see:
http://www.freeradius.org/radiusd/doc/ChangeLog
If you can reproduce the problem with 0.7, then you might want to
try the latest CVS snapshot.
If you can't reproduce the problem with 0.7, then the problem was
found and solved months ago.
Alan DeKok.
-- __--__--
Message: 16
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Radius Packet Construction
<[EMAIL PROTECTED]>
Date: Thu, 05 Sep 2002 11:06:13 -0400
Reply-To: [EMAIL PROTECTED]
"Sheldon Fougere" <[EMAIL PROTECTED]> wrote:
> When creating Radius packets, does it matter what order the attribute value
> pairs are in? Does Freeradius care what order the attributes are in?
No, and no.
The main time order is important is when proxying packets. The
Proxy-State attributes can't be modified en-route, and their order
can't change.
> My example is I'm creating an Authentication Packet, is it ok to put
> NAS-Port-Type before the NAS-IP-Address?
Yes.
Alan DeKok.
-- __--__--
Message: 17
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: RedHat 7.3 as Radius Client
<[EMAIL PROTECTED]>
Date: Thu, 05 Sep 2002 11:10:02 -0400
Reply-To: [EMAIL PROTECTED]
[EMAIL PROTECTED] wrote:
> However, it still respects my /etc/passwd password as well. When I
> tried to change the sufficient to required like the rest of the
> entries, no login worked for me.
That's because PAM needs the authorization credentials, which are
usually found in /etc/passwd.
The latest CVS snapshot of the pam module includes a dummy setcred
function, which allows things like PPPd to do PAM authentication.
That's because PPPd often doesn't need login credentials, it just
wants to give people net access.
> Can someone shed a little more light on the best way to make RADIUS my only
> login *IF* the radius server is available, then it could fall back to the
> local account for CONSOLE access if needed.
Any program which needs the console MUST get the uid/gid/etc
credentials. The PAM radius module CANNOT supply those, so what you
want is impossible.
Alan DeKok.
-- __--__--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
End of Freeradius-Users Digest-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--- End Message ---
