Hello Kostas, where can i find rlm_ipool revision 1.3.. with 1.3 i will can work with two differents pools?
Thank you > Send Freeradius-Users mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.freeradius.org/mailman/listinfo/freeradius- users > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Freeradius-Users digest..." > > > Today's Topics: > > 1. MD4 fix for bigendian systems in 1.0.0-pre1 (Paul Hampson) > 2. Re: Fail-Over (Kostas Kalevras) > 3. Re: FreeRADIUS 1.0.0-pre1 released (Damjan) > 4. Calculating Remaining Time for Session-Timeout (Rick Smith) 5. > Re: Calculating Remaining Time for Session-Timeout (Keith Yoder) 6. > Re: Calculating Remaining Time for Session-Timeout (Kostas > Kalevras) 7. Re: Help adding users > (Fr=?iso-8859-1?Q?=E9d=E9ric_EVRARD?=) 8. RE: Calculating Remaining > Time for Session-Timeout (Rick Smith) 9. Re: Calculating Remaining > Time for Session-Timeout (Keith Yoder) > 10. Re: LDAP Authentication (MS Windows AD) ([EMAIL PROTECTED]) > 11. Re: Help in using EAP (Fr=?iso-8859-1?Q? =E9d=E9ric_EVRARD?=) 12. > Re: Help with Counter module (Jean-Marie GUILLEMOT) 13. Re: Latest > freeradius and NPTL fail (Michael Griego) > > --__--__-- > > Message: 1 > Date: Tue, 1 Jun 2004 21:00:52 +1000 > To: [EMAIL PROTECTED] > Subject: MD4 fix for bigendian systems in 1.0.0-pre1 > From: [EMAIL PROTECTED] (Paul Hampson) > Reply-To: [EMAIL PROTECTED] > > Sorry, I just discovered a problem that didn't show up > on initial testing. Luckily it showed up on my PPC machine. > > If you're building on a big-endian machine, compilation will > fail on md4.c due to missing definition of htole32. Or at > least it does on Linux. > > Here's the patch, already comitted to CVS and will be in -pre2. > > Index: md4.c > ======================================================== =========== > RCS file: /source/radiusd/src/lib/md4.c,v retrieving revision 1.5 diff > -r1.5 md4.c 36a37,39 > * Add htole32 define from > http://www.squid-cache.org/mail-archive/squid- dev/200307/0130.html > > * (The bswap32 definition in the patch.) > * This is only used on > BIG_ENDIAN systems, so we can always swap the bits. 68a72,77 > #define > htole32(x) \ > (((((uint32_t)x) & 0xff000000) >> 24) | \ > > ((((uint32_t)x) & 0x00ff0000) >> 8) | \ > ((((uint32_t)x) & > 0x0000ff00) << 8) | \ > ((((uint32_t)x) & 0x000000ff) << 24)) > > > I'm test-building it now, but I'm confident it'll work. The only risk > is if we're clashing with an existing definition... > > -- > Paul "TBBle" Hampson, on an alternate email client. > > > --__--__-- > > Message: 2 > Date: Tue, 1 Jun 2004 14:26:40 +0300 (EEST) > From: Kostas Kalevras <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Fail-Over > Reply-To: [EMAIL PROTECTED] > > On Mon, 31 May 2004, Alan DeKok wrote: > > > "Juan" <[EMAIL PROTECTED]> wrote: > > > i have read configurable_failover for three times but i can not do > > > that freeradius failover with ippool. I have two pools that i want > > > to use then for all my users. I need that freradius start to asign > > > IPs from the second Pool whe the first is full. I do not known > > > what i must read to do it. > > > > It looks like it's a problem with the IP pool module... > > Try using the latest version of the ippool module (revision 1.31). > That one should work. > > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf > > > --__--__-- > > Message: 3 > Date: Tue, 1 Jun 2004 13:39:13 +0200 > From: Damjan <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: FreeRADIUS 1.0.0-pre1 released > Reply-To: [EMAIL PROTECTED] > > > > 3. Is there a way to put the rlm_ modules in /usr/lib/freeradius > > > whil= > e > > > the main libraries stay in {prefix}/lib? > >=20 > > Which "main" libraries? > > Well, I was under impression that libradius.so and perhaps libeap.so > could be used by other programs as well ... I guess I was wrong... > > compiling with: > ./configure --with-experimental-modules -- prefix=3D/usr \ > --sysconfdir=3D/etc --localstatedir=3D/var > --libdir=3D/usr/lib/freeradi= > us > now. > > Thanks. > > > --=20 > damjan | =D0=B4=D0=B0=D0=BC=D1=98=D0=B0=D0=BD > This is my jabber ID --> [EMAIL PROTECTED] <-- not my mail > address!!! > > > --__--__-- > > Message: 4 > Subject: Calculating Remaining Time for Session- Timeout > Date: Tue, 1 Jun 2004 07:56:16 -0400 > From: "Rick Smith" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > > OK, I have several Mikrotik based hotspots out there. They auth users > via RADIUS. I'm now running FreeRadius 1.0.0. > > I right now can auth users on them via FreeRadius - works great - and > I'm using MySQL which is even better. > > Only problem is, right now they all get non-expiring sessions when > they paid for half-hour increments :) > > Mikrotik expects "Session-Timeout" back as a clue on when to kick the > user to pay for more time. > > How do I tell FreeRadius that "User x" bought 15 minutes on a hotspot, > and tell Mikrotik to kick him when his time's up ? > > I understand about putting the Session-Timeout value in the radcheck > table - that works. Just need to figure out how to update that > Session-Timeout value every time the user logs in and out .... > > > Thanks, > > Rick=20 > > > --__--__-- > > Message: 5 > Date: Tue, 01 Jun 2004 09:07:19 -0300 > From: Keith Yoder <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Calculating Remaining Time for Session- Timeout > Reply-To: [EMAIL PROTECTED] > > Rick, > > You'll want to use the rlm_sqlcounter module. You can set a > Max-All-Session = 36000 to limit a user to 10 hours of total access > for example. FreeRadius will calculate how much time was used and set > the Session-Timeout attribute automatically. > > Hope that helps, > Keith Yoder > > Rick Smith escreveu: > > >OK, I have several Mikrotik based hotspots out there. They auth > >users via RADIUS. I'm now running FreeRadius 1.0.0. > > > >I right now can auth users on them via FreeRadius - works great - and > >I'm using MySQL which is even better. > > > >Only problem is, right now they all get non-expiring sessions when > >they paid for half-hour increments :) > > > >Mikrotik expects "Session-Timeout" back as a clue on when to kick the > >user to pay for more time. > > > >How do I tell FreeRadius that "User x" bought 15 minutes on a > >hotspot, and tell Mikrotik to kick him when his time's up ? > > > >I understand about putting the Session-Timeout value in the radcheck > >table - that works. Just need to figure out how to update that > >Session-Timeout value every time the user logs in and out .... > > > > > >Thanks, > > > >Rick > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > > > > > > > > --__--__-- > > Message: 6 > Date: Tue, 1 Jun 2004 15:08:09 +0300 (EEST) > From: Kostas Kalevras <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Calculating Remaining Time for Session- Timeout > Reply-To: [EMAIL PROTECTED] > > On Tue, 1 Jun 2004, Rick Smith wrote: > > > > > OK, I have several Mikrotik based hotspots out there. They auth > > users via RADIUS. I'm now running FreeRadius 1.0.0. > > > > I right now can auth users on them via FreeRadius - works great - > > and I'm using MySQL which is even better. > > > > Only problem is, right now they all get non- expiring sessions when > > they paid for half-hour increments :) > > > > Mikrotik expects "Session-Timeout" back as a clue on when to kick > > the user to pay for more time. > > > > How do I tell FreeRadius that "User x" bought 15 minutes on a > > hotspot, and tell Mikrotik to kick him when his time's up ? > > > > I understand about putting the Session-Timeout value in the radcheck > > table - that works. Just need to figure out how to update that > > Session-Timeout value every time the user logs in and out .... > > Check out the rlm_counter module > > > > > > > Thanks, > > > > Rick > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf > > > --__--__-- > > Message: 7 > Date: Tue, 1 Jun 2004 14:11:42 +0200 (CEST) > Subject: Re: Help adding users > From: Fr=?iso-8859-1?Q?=E9d=E9ric_EVRARD?= > <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > > > Hi group > > > > Is there a guide somewhere on how to add users on FreeRADIUS ?? > > > > Im new to linux, and radius, and need a complete HOWTO on how to add > > users. > > Here's many howto for 802.1x/EAP-TLS with WinXP & FreeRADIUS, maybe > you will want to use an other EAP method, but I hope that can help > you. > > http://www.freeradius.org/doc/EAPTLS.pdf > http://www.impossiblereflex.com/8021x/eap-tls- HOWTO.htm > http://www.missl.cs.umd.edu/wireless/eaptls/ > > > > > > Sorry for the basic question in this forum, but im kind of stuck ! > > Because so far i discovered its not only in the etc/raddb/users that > > one would have to add info regarding users, but in several other > > libs. > > > > Hope someone can help this student finishing his final paper on > > userauthentication > > > > Jacob > > > > --__--__-- > > Message: 8 > Subject: RE: Calculating Remaining Time for Session- Timeout > Date: Tue, 1 Jun 2004 08:16:46 -0400 > From: "Rick Smith" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > > > I know the rlm_sqlcounter module is there. > > I just need to find an example on how to set up FreeRadius to use it. > > I'm very familiar with writing sql queries, just not in this > environment. > > Anyone have a sample radiusd.conf and sql.conf for calculating > Session-Timeout's ? > > > -----Original Message----- > > From: Keith Yoder [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, June 01, 2004 8:07 AM > > To: [EMAIL PROTECTED] > > Subject: Re: Calculating Remaining Time for Session- Timeout > >=20 > > Rick, > >=20 > > You'll want to use the rlm_sqlcounter module. You can set a=20 > > Max-All-Session =3D 36000 to limit a user to 10 hours of total=20 > > access for example. FreeRadius will calculate how much time=20 was > > used and set the Session-Timeout attribute automatically. > >=20 > > Hope that helps, > > Keith Yoder > >=20 > > Rick Smith escreveu: > >=20 > > >OK, I have several Mikrotik based hotspots out there. They=20 > > auth users=20 > > >via RADIUS. I'm now running FreeRadius 1.0.0. > > > > > >I right now can auth users on them via FreeRadius - works=20 > > great - and=20 > > >I'm using MySQL which is even better. > > > > > >Only problem is, right now they all get non- expiring=20 > > sessions when they=20 > > >paid for half-hour increments :) > > > > > >Mikrotik expects "Session-Timeout" back as a clue on when to=20 > > kick the=20 > > >user to pay for more time. > > > > > >How do I tell FreeRadius that "User x" bought 15 minutes on=20 > > a hotspot,=20 > > >and tell Mikrotik to kick him when his time's up ? > > > > > >I understand about putting the Session-Timeout value in the > > >radcheck table - that works. Just need to figure out how to > > >update that Session-Timeout value every time the user logs in and > > >out .... > > > > > > > > >Thanks, > > > > > >Rick > > > > > >- > > >List info/subscribe/unsubscribe? See=20 > > >http://www.freeradius.org/list/users.html > > > > > > > > > =20 > > > > >=20 > >=20 > > - > > List info/subscribe/unsubscribe? See=20 > > http://www.freeradius.org/list/users.html > >=20 > > > --__--__-- > > Message: 9 > Date: Tue, 01 Jun 2004 09:30:38 -0300 > From: Keith Yoder <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: Calculating Remaining Time for Session- Timeout > Reply-To: [EMAIL PROTECTED] > > Rick Smith escreveu: > > >I know the rlm_sqlcounter module is there. > > > >I just need to find an example on how to set up FreeRadius to use it. > > > > > /doc/rlm_sqlcounter tells you everything you need to know. > > Keith Yoder > > > --__--__-- > > Message: 10 > Subject: Re: LDAP Authentication (MS Windows AD) > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > Date: Tue, 1 Jun 2004 07:36:32 -0500 > Reply-To: [EMAIL PROTECTED] > > > > > > Bill, > > Is your actual username "User\\, Asteroid"? That does not look > correct to me. I would assume that you are looking for > "CN=User\\,OU=Asteroid"... If the comma is indeed a part of the > username, you may want to try to remove it as commas have a special > meaning in LDAP. Also, make sure that your freeradius machine can > resolve "win-dc.win-dom.ctc.edu". Other than that, your LDAP config > looks fine. > > -Mark > > On Mon, 31 May 2004, Bill Shaver wrote: > > Dusty, > Thanks. I spent some time working at it from the LDAP angle and it > still fails with the ldapsearch. I will do some more reading/research > to get that working first, then if I have problems getting it work > with FreeRADIUS, I will get back with you all. (If you have some good > recommendations on howto's or other references getting OpenLDAP and MS > AD to talk, I would appreciate the suggestions.) > > Thanks for the pointers. > --Bill > > From Dustin Doris on Sat, 29 May 2004 10:40:55 -0400 (EDT) > > Hmmm... Perhaps you should double-check just to make sure. Do you > have access to a machine with openldap on it? You could use the > ldapsearch command to attempt a bind to AD. > > It would look something like this: > > $ ldapsearch -h win-dc.win-dom.ctc.edu -D "CN=User\\, > Asteroid,OU=System > Accounts,OU=CIS,OU=Accounts,DC=WIN- DOM,DC=ctc,DC=edu" -w > whateveryourpasswordis -b "OU=Accounts,DC=WIN- DOM,DC=ctc,DC=edu" > "(SamAccountName=jdummy)" > > -Dusty > > On Fri, 28 May 2004, Bill Shaver wrote: > > > Thanks for the reply. Yes, it is a goofy name, but I am told it does > > have read access on AD (it is in the 'domain user' group). > > > > From: Dustin Doris <[EMAIL PROTECTED]> on Fri, 28 May 2004 > 13:16:20 -0400 > > > > > > Is "CN=User\\, Asteroid,OU=System Accounts..." a valid user with > > > read access to AD? > > > > > > > It seems that this should not be so hard; I am sure I am making > > > > a > stupid > > > > mistake somewhere, but I just don't see it. > > > > > > > > I am attempting to set up freeradius 0.9.3 (redhat) to use > (initially) one > > > > of several Windows 2003 AD for authentication. I am, however, > > > > unable > to > > > > get the first one to work. I have attached what I think are the > relevant > > > > log and configuration sections. The Windows admin is not seeing > > > > any errors in her logs. On the radius side, it seems that > > > > radiusd is not > able to > > > > negotiate a connection that the ldap server will accept. > > > > > > > > Any recommendations would be appreciated. > > > > --Bill > > > > > > > > > > > > --- ldap config from radiusd.conf > > > > > > > > ldap { > > > > server = "win-dc.win-dom.ctc.edu" > > > > port = 636 > > > > identity = "CN=User\\, Asteroid,OU=System > Accounts,OU=CIS,OU=Accounts,DC=WIN-DOM,DC=ctc,DC=edu" > > > > > > ** Is "CN=User\\, Asteroid,OU=System Accounts... a valid user with > > > read access to AD? > > > > > > > password = "****" > > > > start_tls = yes > > > > basedn = "OU=Accounts,DC=WIN- DOM,DC=ctc,DC=edu" > > > > filter = "(SamAccountName=%u)" dictionary_mapping = > > > > ${raddbdir}/ldap.attrmap ldap_connections_number = > > > > 5 timeout = 4 timelimit = 3 net_timeout = 1 > > > > ldap_debug = 0x0028 > > > > } > > <<snipped>> > > > -- __--__-- > > > > CONFIDENTIALITY NOTICE: This e-mail may contain trade secrets or > privileged, undisclosed or otherwise confidential information. If you > have received this e-mail in error, you are hereby notified that any > review, copying or distribution of this message in whole or in part is > strictly prohibited. Please inform the sender immediately and destroy > the original transmittal. Thank you for your cooperation. > > > > --__--__-- > > Message: 11 > Date: Tue, 1 Jun 2004 14:39:34 +0200 (CEST) > Subject: Re: Help in using EAP > From: Fr=?iso-8859-1?Q?=E9d=E9ric_EVRARD?= > <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > > > Hi, > > > > I am using EAP authentication protocol. When I send an access > > request from the NAS to the Radius Server, the server rejects the > > request. Please let me know how to resolve this problem. The log > > messages of the radius server are as follows: > > > > Log Messages: > > > > rad_recv: Access-Request packet from host 192.168.112.90:32810, > > id=0, length=69 Received packet from 192.168.112.90 with invalid > > Message-Authenticator! (Shared secret is incorrect.) > > you have to configure the same shared-secret on authenticator/access > point and freeRADIUS /etc/raddb/clients.conf file. > > Fred. > > > > > > --__--__-- > > Message: 12 > Date: Tue, 01 Jun 2004 14:56:22 +0200 > From: Jean-Marie GUILLEMOT <[EMAIL PROTECTED]> > Subject: Re: Help with Counter module > To: [EMAIL PROTECTED] > Reply-To: [EMAIL PROTECTED] > > > > > rlm_counter: Packet Unique ID = '0d62303b8e51c196' > > > rlm_counter: Could not find Service-Type attribute in the > > request. Returning > > > NOOP. > > > > But rlm_counter cannot find it, since it's not included in > > the accounting stop > > packet. So try commenting out the allowed- servicetype directive. > > > > you were right, it works now. > Thanks a lot for your help, Kostas. > > Jean-Marie > > > --__--__-- > > Message: 13 > Subject: Re: Latest freeradius and NPTL fail > From: Michael Griego <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Date: Tue, 01 Jun 2004 08:31:24 -0500 > Reply-To: [EMAIL PROTECTED] > > Package versions: > kernel-2.4.22-1.2188.nptl > glibc-2.3.2-101.4 > gcc-3.3.2-1 > > The ntlm_auth as used by the rlm_mschap module employs > exec-program-wait. > > --Mike > > > > On Mon, 2004-05-31 at 23:43, Sergei Golod wrote: > > Just exec-program or exec-program-WAIT? What version of libc6 used > > in FC1? > > > > Sergei. > > > > ----- Original Message ----- > > From: "Michael Griego" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Monday, May 31, 2004 10:17 PM > > Subject: Re: Latest freeradius and NPTL fail > > > > > > > RedHat 9 and Fedora Core both use NPTL threading. I've never seen > > > any problems like this, and I use FC1 as my production RADIUS > > > server OS. The only exec-program stuff I've used is the ntlm_auth > > > portion of the mschap module, and I've never had any problems with > > > it. Perhaps it is even Debian-unstable specific? Or perhaps > > > kernel 2.6 specific? > > > > > > --Mike > > > > > > > > > On Mon, 2004-05-31 at 11:05, Alan DeKok wrote: > > > > "Sergei Golod" <[EMAIL PROTECTED]> wrote: > > > > > Latest version of the FR doesn't work under Debian GNU/Linux > > > > > when NPTL used. > > > > > > > > It looks like the NPTL implementation of semaphores has > > > > problems. > > > > > > > > The server uses a number of semaphores internally. From what > > > > I can > > > > see of the debug log, the Exec-Program code is waiting on a > > > > semaphore that never unlocks. The end result is that the server > > > > is locked forever. > > > > > > > > Since this exact code works on NetBSD, FreeBSD, Solaris, > > > > Windows XP > > > > (SFU), and older versions of Linux, I'm inclined to say it's a > > > > NPTL-specific problem. > > > > > > > > Alan DeKok. > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > -- > > --Mike > > ----------------------------------- > Michael Griego > Wireless LAN Project Manager > The University of Texas at Dallas > > > > > > --__--__-- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > End of Freeradius-Users Digest - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html