date:20020606


Thanks and sorry for my poor English. I found solution.
It's part of Cisco.log file for whole profile in users:

1w0d: As75 PPP: Phase is AUTHENTICATING, by this end
1w0d: As75 EVT: Packet [14] 0 0x62EEDDBC
1w0d: As75 PAP: I AUTH-REQ id 1 len 19 from "ptest"
1w0d: As75 PAP: Authenticating peer ptest
1w0d: As75 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As75 EVT: Hook [14] 1 0x0
1w0d: As75 PPP: Phase is AUTHENTICATING, Unauthenticated User
1w0d: As75 PPP: Sent PAP LOGIN Request to AAA
1w0d: RADIUS/ENCODE: Attribute has no value set for AAA attribute clid
1w0d: RADIUS/ENCODE(0063): Unsupported AAA attribute parent-interface
1w0d: RADIUS/ENCODE(0063): Unsupported AAA attribute
parent-interface-type
1w0d: RADIUS/ENCODE(0063): acct_session_id: 149
1w0d: RADIUS(0063): sending
1w0d: RADIUS: Send to unknown id 93 xxx.xxx.xxx.xxx:1812, Access-Request,
len 78
1w0d: RADIUS:  authenticator 3C 6E 15 C7 FA D1 9B 3F - 4D 65 BB A4 70 E0 40
23
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  User-Name   [1]   6   "ptest"
1w0d: RADIUS:  User-Password   [2]   18  *
1w0d: RADIUS:  Called-Station-Id   [30]  4   "39"
1w0d: RADIUS:  NAS-Port[5]   6   75
1w0d: RADIUS:  NAS-Port-Type   [61]  6   Async [0]
1w0d: RADIUS:  Service-Type[6]   6   Framed[2]
1w0d: RADIUS:  NAS-IP-Address  [4]   6   xxx.xxx.xxx.xxx
1w0d: RADIUS: Received from id 93 xxx.xxx.xxx.xxx:1812, Access-Accept, len
102
1w0d: RADIUS:  authenticator 24 2F EC 98 08 3E C9 C6 - 46 C3 D0 66 63 53 98
7E
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  Framed-Compression  [13]  6   VJ TCP/IP Header Compressi[1]
1w0d: RADIUS:  Idle-Timeout[28]  6   600
1w0d: RADIUS:  Vendor, Cisco   [26]  26
1w0d: RADIUS:   Cisco AVpair   [1]   20  "ip:addr-pool=cloud"
1w0d: RADIUS:  Vendor, Cisco   [26]  38
1w0d: RADIUS:   Cisco AVpair   [1]   32
"lcp:callback-dialstring=1234567"
1w0d: RADIUS: Received from id 63
1w0d: As75 PPP: Received LOGIN Response from AAA = PASS
1w0d: As75 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As75 EVT: Hook [14] 1 0x0
1w0d: As75 PPP: Phase is AUTHENTICATING, Authenticated User
1w0d: As75 PAP: O AUTH-ACK id 1 len 5
1w0d: As75 MCB: User ptest  Callback Number - Server 1234567
1w0d: Async75 PPP: O MCB Request(1) id 10 len 7
1w0d: Async75 MCB: O  1  A  0  7  3  3  0
1w0d: As75 MCB: O Request Id 10 Callback Type Server-Num delay 0
1w0d: As75 PPP: Phase is CBCP
1w0d: As75 EVT: Restart CP [14] 0 0x62C8599C
1w0d: As75 EVT: Packet [14] 0 0x62EEDAE8
1w0d: Async75 PPP: I MCB Response(2) id 10 len 7
1w0d: Async75 MCB: I  2  A  0  7  3  3  F
1w0d: As75 MCB: Received response
1w0d: As75 MCB: Response CBK-Server-Num 3 3 15
1w0d: Async75 PPP: O MCB Ack(3) id 11 len 7
1w0d: Async75 MCB: O  3  B  0  7  3  3  F
1w0d: As75 MCB: O Ack Id 11 Callback Type Server-Num delay 15
1w0d: As75 MCB: Negotiated MCB with peer
1w0d: As75 EVT: Packet [14] 1 0x62EEE090
1w0d: As75 LCP: I TERMREQ [Open] id 2 len 4
1w0d: As75 LCP: O TERMACK [Open] id 2 len 4
1w0d: As75 MCB: Peer terminating the link
1w0d: As75 MCB: Link terminated by peer, Callback Needed
1w0d: As75 MCB: Initiate Callback for ^->o`gWD at 1234567 using Async DDR
1w0d: As75 PPP: Phase is TERMINATING

1w0d: As75 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
1w0d: As75 AAA/AUTHOR/IPCP: Says use pool cloud
1w0d: As75 AAA/AUTHOR/IPCP: Pool returned xxx.xxx.xxx.xxx
1w0d: As75 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want
xxx.xxx.xxx.xxx


It's part of Cisco.log file for divided profile in users and usrpass:

1w0d: As76 PPP: Phase is AUTHENTICATING, by this end
1w0d: As76 EVT: Packet [14] 0 0x62EF1C94
1w0d: As76 PAP: I AUTH-REQ id 1 len 15 from "ptest"
1w0d: As76 PAP: Authenticating peer ptest
1w0d: As76 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As76 EVT: Hook [14] 1 0x0
1w0d: As76 PPP: Phase is AUTHENTICATING, Unauthenticated User
1w0d: As76 PPP: Sent PAP LOGIN Request to AAA
1w0d: RADIUS/ENCODE: Attribute has no value set for AAA attribute clid
1w0d: RADIUS/ENCODE(0065): Unsupported AAA attribute parent-interface
1w0d: RADIUS/ENCODE(0065): Unsupported AAA attribute
parent-interface-type
1w0d: RADIUS/ENCODE(0065): acct_session_id: 152
1w0d: RADIUS(0065): sending
1w0d: RADIUS: Send to unknown id 95 xxx.xxx.xxx.xxx:1812, Access-Request,
len 79
1w0d: RADIUS:  authenticator 5A F0 C8 E1 49 94 87 E3 - 0F ED 52 11 EF E0 64
D6
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  User-Name   [1]   7   "ptest"
1w0d: RADIUS:  User-Password   [2]   18  *
1w0d: RADIUS:  Called-Station-Id   [30]  4   "39"
1w0d: RADIUS:  NAS-Port[5]   6   76
1w0d: RADIUS:  NAS-Port-Type   [61]  6   Async [0]
1w0d: RADIUS:  Service-Type[6]   6   Framed[2]
1w0d: RADIUS:  NAS-IP-Address

Its testing, sorry


test



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)


testing



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Strat errors

2002-06-06 Thread dendy


On Thu, Jun 06, 2002 at 01:04:32PM -0400, Russell Premont wrote:
> I am trying to start radius and get the following error
> 
> ld.so.1: ./radiusd: fatal: libltdl.so.0: open failed: No such file or
> directory
> Killed
> 
> My environment is set to:
> 
> PATH=/usr/bin:/usr/sbin:/usr/ucb:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin
> :/usr/local/lib:/usr/lib
> SHELL=/sbin/sh
You should set LD_LIBRARY_PATH to colon separated list of directories, where your
library is located.

-- 
Denis Tatarskikh [UdSU/MF] [UdSU/IC]mailto:[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

(no subject)


Thanks and sorry for my poor English. I found solution.
It's part of Cisco.log file for whole profile in users:

1w0d: As75 PPP: Phase is AUTHENTICATING, by this end
1w0d: As75 EVT: Packet [14] 0 0x62EEDDBC
1w0d: As75 PAP: I AUTH-REQ id 1 len 19 from "ptest"
1w0d: As75 PAP: Authenticating peer ptest
1w0d: As75 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As75 EVT: Hook [14] 1 0x0
1w0d: As75 PPP: Phase is AUTHENTICATING, Unauthenticated User
1w0d: As75 PPP: Sent PAP LOGIN Request to AAA
1w0d: RADIUS/ENCODE: Attribute has no value set for AAA attribute clid
1w0d: RADIUS/ENCODE(0063): Unsupported AAA attribute parent-interface
1w0d: RADIUS/ENCODE(0063): Unsupported AAA attribute
parent-interface-type
1w0d: RADIUS/ENCODE(0063): acct_session_id: 149
1w0d: RADIUS(0063): sending
1w0d: RADIUS: Send to unknown id 93 xxx.xxx.xxx.xxx:1812, Access-Request,
len 78
1w0d: RADIUS:  authenticator 3C 6E 15 C7 FA D1 9B 3F - 4D 65 BB A4 70 E0 40
23
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  User-Name   [1]   6   "ptest"
1w0d: RADIUS:  User-Password   [2]   18  *
1w0d: RADIUS:  Called-Station-Id   [30]  4   "39"
1w0d: RADIUS:  NAS-Port[5]   6   75
1w0d: RADIUS:  NAS-Port-Type   [61]  6   Async [0]
1w0d: RADIUS:  Service-Type[6]   6   Framed[2]
1w0d: RADIUS:  NAS-IP-Address  [4]   6   xxx.xxx.xxx.xxx
1w0d: RADIUS: Received from id 93 xxx.xxx.xxx.xxx:1812, Access-Accept, len
102
1w0d: RADIUS:  authenticator 24 2F EC 98 08 3E C9 C6 - 46 C3 D0 66 63 53 98
7E
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  Framed-Compression  [13]  6   VJ TCP/IP Header Compressi[1]
1w0d: RADIUS:  Idle-Timeout[28]  6   600
1w0d: RADIUS:  Vendor, Cisco   [26]  26
1w0d: RADIUS:   Cisco AVpair   [1]   20  "ip:addr-pool=cloud"
1w0d: RADIUS:  Vendor, Cisco   [26]  38
1w0d: RADIUS:   Cisco AVpair   [1]   32
"lcp:callback-dialstring=1234567"
1w0d: RADIUS: Received from id 63
1w0d: As75 PPP: Received LOGIN Response from AAA = PASS
1w0d: As75 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As75 EVT: Hook [14] 1 0x0
1w0d: As75 PPP: Phase is AUTHENTICATING, Authenticated User
1w0d: As75 PAP: O AUTH-ACK id 1 len 5
1w0d: As75 MCB: User ptest  Callback Number - Server 1234567
1w0d: Async75 PPP: O MCB Request(1) id 10 len 7
1w0d: Async75 MCB: O  1  A  0  7  3  3  0
1w0d: As75 MCB: O Request Id 10 Callback Type Server-Num delay 0
1w0d: As75 PPP: Phase is CBCP
1w0d: As75 EVT: Restart CP [14] 0 0x62C8599C
1w0d: As75 EVT: Packet [14] 0 0x62EEDAE8
1w0d: Async75 PPP: I MCB Response(2) id 10 len 7
1w0d: Async75 MCB: I  2  A  0  7  3  3  F
1w0d: As75 MCB: Received response
1w0d: As75 MCB: Response CBK-Server-Num 3 3 15
1w0d: Async75 PPP: O MCB Ack(3) id 11 len 7
1w0d: Async75 MCB: O  3  B  0  7  3  3  F
1w0d: As75 MCB: O Ack Id 11 Callback Type Server-Num delay 15
1w0d: As75 MCB: Negotiated MCB with peer
1w0d: As75 EVT: Packet [14] 1 0x62EEE090
1w0d: As75 LCP: I TERMREQ [Open] id 2 len 4
1w0d: As75 LCP: O TERMACK [Open] id 2 len 4
1w0d: As75 MCB: Peer terminating the link
1w0d: As75 MCB: Link terminated by peer, Callback Needed
1w0d: As75 MCB: Initiate Callback for ^->o`gWD at 1234567 using Async DDR
1w0d: As75 PPP: Phase is TERMINATING

1w0d: As75 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
1w0d: As75 AAA/AUTHOR/IPCP: Says use pool cloud
1w0d: As75 AAA/AUTHOR/IPCP: Pool returned xxx.xxx.xxx.xxx
1w0d: As75 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want
xxx.xxx.xxx.xxx


It's part of Cisco.log file for divided profile in users and usrpass:

1w0d: As76 PPP: Phase is AUTHENTICATING, by this end
1w0d: As76 EVT: Packet [14] 0 0x62EF1C94
1w0d: As76 PAP: I AUTH-REQ id 1 len 15 from "ptest"
1w0d: As76 PAP: Authenticating peer ptest
1w0d: As76 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As76 EVT: Hook [14] 1 0x0
1w0d: As76 PPP: Phase is AUTHENTICATING, Unauthenticated User
1w0d: As76 PPP: Sent PAP LOGIN Request to AAA
1w0d: RADIUS/ENCODE: Attribute has no value set for AAA attribute clid
1w0d: RADIUS/ENCODE(0065): Unsupported AAA attribute parent-interface
1w0d: RADIUS/ENCODE(0065): Unsupported AAA attribute
parent-interface-type
1w0d: RADIUS/ENCODE(0065): acct_session_id: 152
1w0d: RADIUS(0065): sending
1w0d: RADIUS: Send to unknown id 95 xxx.xxx.xxx.xxx:1812, Access-Request,
len 79
1w0d: RADIUS:  authenticator 5A F0 C8 E1 49 94 87 E3 - 0F ED 52 11 EF E0 64
D6
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  User-Name   [1]   7   "ptest"
1w0d: RADIUS:  User-Password   [2]   18  *
1w0d: RADIUS:  Called-Station-Id   [30]  4   "39"
1w0d: RADIUS:  NAS-Port[5]   6   76
1w0d: RADIUS:  NAS-Port-Type   [61]  6   Async [0]
1w0d: RADIUS:  Service-Type[6]   6   Framed[2]
1w0d: RADIUS:  NAS-IP-Address

Proxy-To-Realm FreeRadius 0.5

2002-06-06 Thread agp933


Is there any detail doc about how to config Proxy-To-Realm ?
I think the doc "proxy" is not enough to understand everying relate to radius proxy 
funtion in FreeRadius. 

May I know How to config my FR 0.5 act as check users file before do proxy?

How to config suffix or prefix proxy the radius packet?
Eg, I use my FR as front-end to proxy the packet to two back-end radius (server:BackA, 
BackB).I use prefix BA/ or BB/. When I got [EMAIL PROTECTED]
I will proxy to BackA, I got [EMAIL PROTECTED] I will proxy to BackB .
Ëbú?²æìr¸{û§²æìr¸y'Ûiÿü0ÁúÞz¶ë(®åËºÇ«²f

(no subject)


Thanks and sorry for my poor English. I found solution.
It's part of Cisco.log file for whole profile in users:

1w0d: As75 PPP: Phase is AUTHENTICATING, by this end
1w0d: As75 EVT: Packet [14] 0 0x62EEDDBC
1w0d: As75 PAP: I AUTH-REQ id 1 len 19 from "ptest"
1w0d: As75 PAP: Authenticating peer ptest
1w0d: As75 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As75 EVT: Hook [14] 1 0x0
1w0d: As75 PPP: Phase is AUTHENTICATING, Unauthenticated User
1w0d: As75 PPP: Sent PAP LOGIN Request to AAA
1w0d: RADIUS/ENCODE: Attribute has no value set for AAA attribute clid
1w0d: RADIUS/ENCODE(0063): Unsupported AAA attribute parent-interface
1w0d: RADIUS/ENCODE(0063): Unsupported AAA attribute
parent-interface-type
1w0d: RADIUS/ENCODE(0063): acct_session_id: 149
1w0d: RADIUS(0063): sending
1w0d: RADIUS: Send to unknown id 93 xxx.xxx.xxx.xxx:1812, Access-Request,
len 78
1w0d: RADIUS:  authenticator 3C 6E 15 C7 FA D1 9B 3F - 4D 65 BB A4 70 E0 40
23
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  User-Name   [1]   6   "ptest"
1w0d: RADIUS:  User-Password   [2]   18  *
1w0d: RADIUS:  Called-Station-Id   [30]  4   "39"
1w0d: RADIUS:  NAS-Port[5]   6   75
1w0d: RADIUS:  NAS-Port-Type   [61]  6   Async [0]
1w0d: RADIUS:  Service-Type[6]   6   Framed[2]
1w0d: RADIUS:  NAS-IP-Address  [4]   6   xxx.xxx.xxx.xxx
1w0d: RADIUS: Received from id 93 xxx.xxx.xxx.xxx:1812, Access-Accept, len
102
1w0d: RADIUS:  authenticator 24 2F EC 98 08 3E C9 C6 - 46 C3 D0 66 63 53 98
7E
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  Framed-Compression  [13]  6   VJ TCP/IP Header Compressi[1]
1w0d: RADIUS:  Idle-Timeout[28]  6   600
1w0d: RADIUS:  Vendor, Cisco   [26]  26
1w0d: RADIUS:   Cisco AVpair   [1]   20  "ip:addr-pool=cloud"
1w0d: RADIUS:  Vendor, Cisco   [26]  38
1w0d: RADIUS:   Cisco AVpair   [1]   32
"lcp:callback-dialstring=1234567"
1w0d: RADIUS: Received from id 63
1w0d: As75 PPP: Received LOGIN Response from AAA = PASS
1w0d: As75 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As75 EVT: Hook [14] 1 0x0
1w0d: As75 PPP: Phase is AUTHENTICATING, Authenticated User
1w0d: As75 PAP: O AUTH-ACK id 1 len 5
1w0d: As75 MCB: User ptest  Callback Number - Server 1234567
1w0d: Async75 PPP: O MCB Request(1) id 10 len 7
1w0d: Async75 MCB: O  1  A  0  7  3  3  0
1w0d: As75 MCB: O Request Id 10 Callback Type Server-Num delay 0
1w0d: As75 PPP: Phase is CBCP
1w0d: As75 EVT: Restart CP [14] 0 0x62C8599C
1w0d: As75 EVT: Packet [14] 0 0x62EEDAE8
1w0d: Async75 PPP: I MCB Response(2) id 10 len 7
1w0d: Async75 MCB: I  2  A  0  7  3  3  F
1w0d: As75 MCB: Received response
1w0d: As75 MCB: Response CBK-Server-Num 3 3 15
1w0d: Async75 PPP: O MCB Ack(3) id 11 len 7
1w0d: Async75 MCB: O  3  B  0  7  3  3  F
1w0d: As75 MCB: O Ack Id 11 Callback Type Server-Num delay 15
1w0d: As75 MCB: Negotiated MCB with peer
1w0d: As75 EVT: Packet [14] 1 0x62EEE090
1w0d: As75 LCP: I TERMREQ [Open] id 2 len 4
1w0d: As75 LCP: O TERMACK [Open] id 2 len 4
1w0d: As75 MCB: Peer terminating the link
1w0d: As75 MCB: Link terminated by peer, Callback Needed
1w0d: As75 MCB: Initiate Callback for ^->o`gWD at 1234567 using Async DDR
1w0d: As75 PPP: Phase is TERMINATING

1w0d: As75 AAA/AUTHOR/IPCP: Start.  Her address 0.0.0.0, we want 0.0.0.0
1w0d: As75 AAA/AUTHOR/IPCP: Says use pool cloud
1w0d: As75 AAA/AUTHOR/IPCP: Pool returned xxx.xxx.xxx.xxx
1w0d: As75 AAA/AUTHOR/IPCP: Done.  Her address 0.0.0.0, we want
xxx.xxx.xxx.xxx


It's part of Cisco.log file for divided profile in users and usrpass:

1w0d: As76 PPP: Phase is AUTHENTICATING, by this end
1w0d: As76 EVT: Packet [14] 0 0x62EF1C94
1w0d: As76 PAP: I AUTH-REQ id 1 len 15 from "ptest"
1w0d: As76 PAP: Authenticating peer ptest
1w0d: As76 PPP: Phase is FORWARDING, Attempting Forward
1w0d: As76 EVT: Hook [14] 1 0x0
1w0d: As76 PPP: Phase is AUTHENTICATING, Unauthenticated User
1w0d: As76 PPP: Sent PAP LOGIN Request to AAA
1w0d: RADIUS/ENCODE: Attribute has no value set for AAA attribute clid
1w0d: RADIUS/ENCODE(0065): Unsupported AAA attribute parent-interface
1w0d: RADIUS/ENCODE(0065): Unsupported AAA attribute
parent-interface-type
1w0d: RADIUS/ENCODE(0065): acct_session_id: 152
1w0d: RADIUS(0065): sending
1w0d: RADIUS: Send to unknown id 95 xxx.xxx.xxx.xxx:1812, Access-Request,
len 79
1w0d: RADIUS:  authenticator 5A F0 C8 E1 49 94 87 E3 - 0F ED 52 11 EF E0 64
D6
1w0d: RADIUS:  Framed-Protocol [7]   6   PPP   [1]
1w0d: RADIUS:  User-Name   [1]   7   "ptest"
1w0d: RADIUS:  User-Password   [2]   18  *
1w0d: RADIUS:  Called-Station-Id   [30]  4   "39"
1w0d: RADIUS:  NAS-Port[5]   6   76
1w0d: RADIUS:  NAS-Port-Type   [61]  6   Async [0]
1w0d: RADIUS:  Service-Type[6]   6   Framed[2]
1w0d: RADIUS:  NAS-IP-Address

Binary for SCO OpenServer 5.0.5?

2002-06-06 Thread Daniel Brunt


Does anyone have a Freeradius binary compiled for SCO OpenServer 5.0.5?

Thanks,
Dan.

Daniel Brunt
[EMAIL PROTECTED]
LCS Logic Computer Services Inc.
ph: 604-299-1231 fax: 604-299-7675



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Logging of Framed-IP-Address

2002-06-06 Thread Philipp Specht


> > I need to log the Framed-IP-Address attribute. Where can I enable to log
> > it in non-debugging mode?
> > In -x mode I can see it in my logs, but to many other things I don't
> > need to know as well.
> Use Exec-Program-Wait on acct_user with -f parameter.

I'm sorry for not telling you all of my setup:

I don't get any accounting packets from the NASes. The NASes forward their
packets to another RADIUS server not under my control and this server
forwards only the auth packets to my server. And it attaches a hint which ip
address will be given to the user, if I will state an auth ok.

If I'm totally wrong and your suggestion works with my setup, please excuse
my ignorance... :)

Philipp


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Solving the problem


Hello,

I have a FreeBSD-4.3-RELEASE with freeradius-0.5.
It was authenticanting only when I execututed "radiusd -X".
I've tested it with user/group: root/wheel, nobody/nogroup
and radius/radius and with all of them happened the same
problem.

So, I edited the radiusd.c in freeradius-0.5/src/main
and looked for the flags for -X parameters and figured out
the parameter "spawn_flags = FALSE" to be seted when
radiusd is executed without any parameters.

It has solved this problem but my question is:
Could this variable seted as normal mode cause some problem?

Thank's a lot,
Ronan

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

core dumps in rlm_detail & rlm_sql_postgresql

2002-06-06 Thread Alex L. Demidov


Running FreeRadius-0.5 under FreeBSD 4.4 with authentication with PAM,
accounting to PostgreSQL and users definitions in files. NAS is old
Livingston PortMaster 3 with 30 async ports. And having radiusd core 
dumps a dozen times a day. Today me compiled radiusd with -g options
and have following backtrace:

( Also, I have seen radiusd core dumped in sql_close in
rlm_sql_postgresql.so, but, sigh, that core been overwrite with rlm_detail. )

#0  0x28330dd0 in detail_accounting (instance=0x8093c40,
request=0xa864700)
at rlm_detail.c:173
#1  0x805845d in call_modsingle (component=3, sp=0x8097f40,
request=0xa864700, 
default_result=7) at modcall.c:205
#2  0x80586c1 in modcall (component=3, c=0x8097f40, request=0xa864700)
at modcall.c:288
#3  0x80584cb in call_modgroup (component=3, g=0x8097f00,
request=0xa864700, 
default_result=7) at modcall.c:227
#4  0x8058656 in modcall (component=3, c=0x8097f00, request=0xa864700)
at modcall.c:281
#5  0x8057b0b in indexed_modcall (comp=3, idx=0, request=0xa864700) at
modules.c:456
#6  0x8057ff6 in module_accounting (request=0xa864700) at modules.c:657
#7  0x8050528 in rad_accounting (request=0xa864700) at acct.c:65
#8  0x804ddb9 in rad_respond (request=0xa864700, fun=0x80504d0
)
at radiusd.c:1524
#9  0x805af38 in request_handler_thread (arg=0xa872340) at threads.c:172
#10 0x280a0ecf in _thread_start () from /usr/lib/libc_r.so.4
#11 0x0 in ?? ()

(gdb) list
168 } else {
169 /* Post a timestamp */
170 fputs(ctime_r(&request->timestamp, buffer), outfp);
171
172 /* Write each attribute/value to the log file */
173 pair = request->packet->vps;
174 while (pair) {
175 if (pair->attribute != PW_PASSWORD) {
176 fputs("\t", outfp);
177 vp_print(outfp, pair);
(gdb) print request
$1 = (REQUEST *) 0xa864700
(gdb) print request->packet
$2 = (RADIUS_PACKET *) 0x0

-- 
Alex L. Demidov (ALD9-RIPE)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

duplicate sessions

2002-06-06 Thread Eric


Hello

I use FreeBSD-4.5, FreeRadius-0.5, MySQL-3.23.xx.
The information of sessions of users is inserted into database of
MySQL (accounting).
At start of session 4 recordings are consistently inserted into a
database with different values of field AcctStartDelay (0,5,10,15).
What it is necessary to configure FreeRadius that one recording
was inserted only?

-- 
Best regards,
 Eric  mailto:[EMAIL PROTECTED]



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

InternetSeer Free Activation Confirmation

2002-06-06 Thread Mike Dever

Title: Congratulations. Your Web Site is Registered

Dear InternetSeer,

Starting today, your site's connectivity will be tested every hour, seven days
a week. You will begin to receive the following benefits from InternetSeer:

A weekly performance report on your monitored Web page.

Featuring valuable services to help you grow your business.

Alerts when your Web page is not available.

Click here to automatically login to your account. You can easily add more URL's to monitor or make changes to your account.

For your records, your login name and password are below:

Your FREE Web site monitoring service is now activated.

InternetSeer has arranged to offer you the following FREE Rewards. This is our way of saying thank you for doing business with us. Please take advantage of one or more of these great Registration Rewards.

Get your Complimentary One Year Subscription to Forbes Magazine!
Your complimentary one-year subscription to Forbes magazine is available now!
That's 12 issues! Best of all there's NO PURCHASE NECESSARY and there's NO
CREDIT CARD REQUIRED to accept your complimentary subscription.

30-Day FREE Trial of Web-Based Intranet
Is your business communicating and collaborating effectively? Get an online
calendar, as well as tools for document and project management. Easily read and
send email remotely. Take a 30-Day FREE Trial of the InternetSeer Web-based
intranet service today.

FREE Do-It-Yourself Email Marketing Solution! (60-Day Free Trial)
Constant Contact provides a simple interface to add your unique message and the
"Email Marketing Manager" does the rest! They provide you with dozens of
professional templates, creates the HTML, AOL & text versions, hosts and manages
your list, and even tracks your results.

FREE- 250 premium custom color business cards (an $85 value)
Get 250 premium custom color business cards (an $85 value) Choose from over 30
templates, personal, business, corporate, high impact.

Thank you and welcome to InternetSeer. Please let others know about our Service.

Mike Dever
CEO

Re: libiodbc in non-typical place

2002-06-06 Thread Steve Langasek


On Thu, Jun 06, 2002 at 10:36:44AM -0400, Alan DeKok wrote:
> vic ismakaev <[EMAIL PROTECTED]> wrote:
> > Thanks for configue script. It works fine.But I have one question -
> > why You use an "-lodbc"?
> > iODBC.org libs have a name libiodbc*.so(a,la).
> > May be change "-lodbc" to "-liodbc"?

>   Ok.  I thought that the previous tests had used -lodbc, but it's not
> a problem to fix it.  Look for it in the CVS snapshot tonight.

unixodbc uses libodbc as its name, iodbc uses libiodbc.

Steve Langasek
postmodern programmer



msg06309/pgp0.pgp
Description: PGP signature

Debugging in daemon mode.

2002-06-06 Thread Franklin Trumpy


Running FreeRADIUS 0.5, on FreeBSD 4.5-STABLE from Wednesday March 6...

I've been running into some obnoxious proxy issues and thought it would be
very useful to run FreeRADIUS is debug mode (-xx) for a few days to see if
I can get any additional useful information.

On April 17 2002, there was described a process to run FreeRADIUS in full
debug mode with SQL traces while still having the server run in the
background with all the data going to /var/log/radius.log. The process was
to add the line:

debug_level = 0

to raddb/radiusd.conf, start the server in daemon mode, and then edit the
line to:

debug_level = 3

and kill -HUP the server.

I've tried this, and it didn't seem to work. /var/log/radius.log
noted the -HUP that was sent, and then didn't print anything else.

Are there any caveats involved in doing this that I'm not aware of and am
thus overlooking? I realize the log will probably grow to massive
porportions quickly, which is why I had only planned on doing it for a few
days. Thanks.

Franklin

--
Franklin Trumpy, NFA, MNGS, GSc | Say not, "I have found the truth,"
UNIX Systems Administrator  | but rather, "I have found a truth."
Lighthouse Communications   | 
[EMAIL PROTECTED] | Say not, "I have found the path of the soul."
(515)244-1115   | Say rather, "I have met the soul walking
(888)953-3278   |   upon my path."
http://www.lh.net   |
| -Kahlil Gibran, _The Prophet_, 1923
|


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Logging of Framed-IP-Address


Use Exec-Program-Wait on acct_user with -f parameter.

Ronan

On Thu, 06 Jun 2002 19:03:52 +0200
Philipp Specht <[EMAIL PROTECTED]> wrote:

> Hi!
> 
> I need to log the Framed-IP-Address attribute. Where can I enable to log 
> it in non-debugging mode?
> In -x mode I can see it in my logs, but to many other things I don't 
> need to know as well.
> 
> 
> I'm using Version 0.5.
> 
> Thx,
> Philipp
> 
> 
> Logfile in -x mode:
> [...]
> 2002-06-06 18:55:51 rad_recv: Access-Request packet from host [...]
> 2002-06-06 18:55:51   User-Name = [...]
> 2002-06-06 18:55:51   User-Password = [...]
> 2002-06-06 18:55:51   NAS-IP-Address = [...]
> 2002-06-06 18:55:51   NAS-Port = 1376387201
> 2002-06-06 18:55:51   Service-Type = Framed-User
> 2002-06-06 18:55:51   Framed-Protocol = PPP
> 2002-06-06 18:55:51   Framed-IP-Address = [...]
> [...]
> 2002-06-06 18:55:51 Login OK: [...]
> 2002-06-06 18:55:51 Sending Access-Accept of id 29 to [...]
> [...]
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radwatch

2002-06-06 Thread Gonzalez, Pedro


Has anyone modified radwatch and rc.radius to run correctly in solaris 2.8?

Thanks
Pedro

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Error accessing lists.cistron.nl

2002-06-06 Thread Kathy Phillips

Title: InternetSeer Web Site Notification





			
	
	
		
		
		
		SUBJECT: Error accessing lists.cistron.nl
		
		On Thu Jun 06, 2002 at 02:12:44 PM EDT we were unable to reach your web site:
		http://lists.cistron.nl/pipermail/freeradius-users/2001-December/003846.html
		due to the following error: 404 Not Found
		
		As recommended by the Robot Guidelines, this email is to explain our system and to 
		let you know about the problem we encountered accessing your site.
		
		InternetSeer is the largest FREE web site monitoring company in the world, 
		monitoring over 1.1 million web sites worldwide every hour.

		The error listed above was initially detected by our primary site monitor 
		in Philadelphia, Pa. then verified by our secondary site monitor located 
		in Los Angeles, Ca.

		If you would like to receive alerts as soon as we detect an error accessing your site, 
		click here for instant signup. Remember, our service is free.

		As part of your free web site monitoring, you'll receive immediate notifications
		when we encounter problems accessing your web site and weekly performance reports.
		
		There is no need to cancel because InternetSeer will never contact you 
		again at this email address: [EMAIL PROTECTED] If you have other email addresses that you 
		would like excluded from any potential future contact 
		click here 
		to have those email addresses excluded from our system.
			
		InternetSeer does not store or publish the content of your pages, but rather uses 
		availability and link information for our research.Click 
		here to learn more about InternetSeer.
		
		Sincerely,
		
		Kathy Phillips
		Connectivity Analyst
		InternetSeer
		Website Monitoring Service
		
		As stated above, there is no need to cancel since YOU WILL NEVER be contacted again at 
		[EMAIL PROTECTED], but you may click here, for a removal confirmation from our website or
		simply reply to this message with the word "cancel" in the subject line.
		##[EMAIL PROTECTED]##
		SRC="41

Re: Re[2]: Urgent!!! USR Accounting


> tcpdump -x -X -vv -s 250 dst host 192.168.100.10 and dst port 1646
...

  Decoding that, I get this for the RADIUS packet

bytes  data
-  
2  040ecode, ID
4  005flength
20 a71e 658b ceae 7a51 0858 a700 1b52 9381
26 0106 7465 7374
32 0406 c0a8 6465
38 2806  0002
52 2c0f 7465 7374 3132 3634 3738 3336 32
58 2906  
64 2d06  0001
70 0606  0006
76 0f06  
82 1006  f562
88 0e06 c0a8 6401
96 2e06  001c

  So the packet says it's length 0x5f (95), but there are really 96
bytes of data in it.

  And it gets worse.  The UDP header says:

src port   066d  
dst port   066e(radius accounting)
packet lenth   006d
checksum   43a9

  Including the RADIUS packet and 8 bytes of UDP header, the UDP
packet length SHOULD be hex 0x67 (if you believe the broken RADIUS
packet).  Instead, it's 7 bytes longer.  Looking at the packet, there
IS 7 bytes of garbage at the end of it.

  The RADIUS implementation on your NAS is completely broken.

>  I understand that it's naive approach, but I do not yet understand
>  freeradius internals, so would you be so kind to explain me
>  possible consequnces from that approach and possible decision to
>  that. Thanks in advance

  Breaking the server to accept packets from a broken NAS isn't the
best solution.  I would recommend against making those changes, as
there may be security issues.


  As for the NAS, I would suggest throwing it out, and buying a real
one.  If you can't do that, forward your previous message and this
reply to their technical support people, and demand that they fix the
problem.  If they don't, ask for your money back.

  The NAS is sold as implementing RADIUS.  It doesn't.  That makes it
a broken product, and you should be able to return it.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Strat errors

2002-06-06 Thread Russell Premont


I am trying to start radius and get the following error

ld.so.1: ./radiusd: fatal: libltdl.so.0: open failed: No such file or
directory
Killed

My environment is set to:

PATH=/usr/bin:/usr/sbin:/usr/ucb:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin
:/usr/local/lib:/usr/lib
SHELL=/sbin/sh


ld.so.1 is in /usr/lib
libltdl.so.0 is in /usr/local/lib

Thanks for help

Russell Premont


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Compare IP-Adresses with '!=' (BUG?)

2002-06-06 Thread Marco Steinacher


Hello

I'm trying to reach to following goal:
User in the group 'testgroup' must not be able to connect to the NAS 
with IP '1.2.3.4'.

To do that I added a record to the table radgroupcheck (I'm using MySQL 
for authorisazion):

GroupName: 'testgroup'
Attribute: 'NAS-IP-Address'
Value: '1.2.3.4'
Op:'!='

But this does not work because the values were compared with the 
operator '==', although the operator '!=' was recognized (NO message 
'Invalid operator for item NAS-IP-Address: reverting to '=='' occurs).
So id doesn't matter if I set Op='==' or Op='!='.


Is this a bug?
Does anybody see how I could work around that?
Does anybody know another solution for the goal specified at the top?

Thanks for listening!
Marco
-- 
WebSource Internet Services - www.websource.ch
Kontakt/PGP-Keys: www.websource.ch/kontakt
PGP: 0x0B431D6B - 0BCA FD08 2859 FF1A 4B42 29BD DD91 3A67 0B43 1D6B


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Uninstalling freeradius


Hello,

Would anyone know how to uninstall freeradius-0.5?
I've tried make uninstall, make deinstall but insn't worked

I also read the Makefile file and didn't see any word
to uninstall it.

Thank's
Ronan

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Logging of Framed-IP-Address

2002-06-06 Thread Philipp Specht


Hi!

I need to log the Framed-IP-Address attribute. Where can I enable to log 
it in non-debugging mode?
In -x mode I can see it in my logs, but to many other things I don't 
need to know as well.


I'm using Version 0.5.

Thx,
Philipp


Logfile in -x mode:
[...]
2002-06-06 18:55:51 rad_recv: Access-Request packet from host [...]
2002-06-06 18:55:51   User-Name = [...]
2002-06-06 18:55:51   User-Password = [...]
2002-06-06 18:55:51   NAS-IP-Address = [...]
2002-06-06 18:55:51   NAS-Port = 1376387201
2002-06-06 18:55:51   Service-Type = Framed-User
2002-06-06 18:55:51   Framed-Protocol = PPP
2002-06-06 18:55:51   Framed-IP-Address = [...]
[...]
2002-06-06 18:55:51 Login OK: [...]
2002-06-06 18:55:51 Sending Access-Accept of id 29 to [...]
[...]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with callback


"Andrey Nikulin" <[EMAIL PROTECTED]> wrote:
> When alI profile in the users, everything works fine ( I send
> Cisco-AVPair = "lcp:callback-dialstring=1234567")
> Then I made file usrpass.

  Ok...

> after that authentication fails

  Nope.  The log message you posted didn't show any authentication
failures.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Assertion failed in radiusd.c, line 2540


"Stefan Immel" <[EMAIL PROTECTED]> wrote:
> Finaly got the actual snapshot running but now I got the following error =
> message:
> 
> Assertion failed in radiusd.c, line 2540

  In the cvs version I have, I see no assertion at line 2540.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Bugfix patch auth.c


Josh Wilsdon <[EMAIL PROTECTED]> wrote:
> I found a bug in auth.c where the return value of crypt() is
> not checked before being used in strcmp().  This caused a segfault
> on my setup, as crypt() had errors and returned NULL causing radiusd
> to segfault.  I have attached a quick patch which fixes this problem,
> but it could be done better.

  Ok, I've tweaked your patch and applied it, thanks.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: RFC2868 Tunnel attributes?

2002-06-06 Thread Chris Parker


At 05:00 PM 6/5/2002 -0700, Mansey, Jon wrote:
>These are tagged attributes.
>
>You need to add a :1 to the end of the attribute names to force tag #1.
>
>Eg
>
>Tunnel-Type:1
>
>I think there is a special meaning for tag #0, not sure what it is though,
>look in the rfc.

It means that tags are not used, so there is no 'grouping' of attributes
by tag.

-Chris
--
\\\|||///  \  StarNet Inc.  \ Chris Parker
\ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: libiodbc in non-typical place

vic ismakaev <[EMAIL PROTECTED]> wrote:
> Thanks for configue script. It works fine.But I have one question -
> why You use an "-lodbc"?
> iODBC.org libs have a name libiodbc*.so(a,la).
> May be change "-lodbc" to "-liodbc"?

  Ok.  I thought that the previous tests had used -lodbc, but it's not
a problem to fix it.  Look for it in the CVS snapshot tonight.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: SQL and configuration files

"Giovanni P. Tirloni" <[EMAIL PROTECTED]> wrote:
>  Except for radiusd.conf and sql.conf, could I have all the other 
>  configurations within the MySQL database to ease management ?

  Not right now.

  The dictionary files don't change, so you don't have to manage them.

  Putting the 'clients.conf' file into SQL might be nice, but that
work hasn't been done yet.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius crazy


I've read all the documentation that gives with freeradius-0.5
and FAQ of freeradius.org but I didn't find the answer, yet... :-/

Thank's
Ronan

On Thu, 6 Jun 2002 09:33:24 -0300
Ronan Lucio <[EMAIL PROTECTED]> wrote:

> Hi Chris,
> 
> I tried set radiud with the user/group: root/wheel, nobody/nogroup
> and radius/radius but none of them worked fine... :-/
> 
> I thing weird that in another two server it's working with exactly
> the same files, except master.passwd and group file, but the uid/gid
> for root/wheel is the same.
> 
> Do you have any idea?
> Do you know what user/group should I user on FreeBSD systems?
> 
> Thank you very much,
> Ronan
> 
> On Wed, 05 Jun 2002 15:32:54 -0500
> Chris Parker <[EMAIL PROTECTED]> wrote:
> 
> > At 04:59 PM 6/5/2002 -0300, Ronan Lucio wrote:
> > >Hi All,
> > >
> > >I needed to compile freeradius with the option --with-snmp=no
> > >to make it work.
> > >
> > >Now, I have a realy weird situation.
> > >I use freeradius-0.5 with FreeBSD-4.3-RELEASE.
> > >So, I added a Born shell script in rc.d dir to start radiusd
> > >on startup. It just call /usr/local/sbin/radiusd.
> > >
> > >The problem is that the users don't authenticate, so, I kill
> > >radiusd process and execute radiusd -X and the user start
> > >authenticating.
> > >Ctrl-C and start radiusd, the users don't authenticate.
> > >Kill radiusd and start radiusd -X, the user authnticate perfectly... :-/
> > >
> > >I have no ideia about what can make this happen.
> > >Does anyone of you would have any idea about it?
> > 
> > http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg04154.html
> > 
> > -Chris
> > --
> > \\\|||///  \  StarNet Inc.  \ Chris Parker
> > \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
> > | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
> > oOo---(_)---oOo--\--
> >\ Wholesale Internet Services - http://www.megapop.net
> > 
> > 
> > 
> > - 
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> > 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius crazy


Hi Chris,

I tried set radiud with the user/group: root/wheel, nobody/nogroup
and radius/radius but none of them worked fine... :-/

I thing weird that in another two server it's working with exactly
the same files, except master.passwd and group file, but the uid/gid
for root/wheel is the same.

Do you have any idea?
Do you know what user/group should I user on FreeBSD systems?

Thank you very much,
Ronan

On Wed, 05 Jun 2002 15:32:54 -0500
Chris Parker <[EMAIL PROTECTED]> wrote:

> At 04:59 PM 6/5/2002 -0300, Ronan Lucio wrote:
> >Hi All,
> >
> >I needed to compile freeradius with the option --with-snmp=no
> >to make it work.
> >
> >Now, I have a realy weird situation.
> >I use freeradius-0.5 with FreeBSD-4.3-RELEASE.
> >So, I added a Born shell script in rc.d dir to start radiusd
> >on startup. It just call /usr/local/sbin/radiusd.
> >
> >The problem is that the users don't authenticate, so, I kill
> >radiusd process and execute radiusd -X and the user start
> >authenticating.
> >Ctrl-C and start radiusd, the users don't authenticate.
> >Kill radiusd and start radiusd -X, the user authnticate perfectly... :-/
> >
> >I have no ideia about what can make this happen.
> >Does anyone of you would have any idea about it?
> 
> http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg04154.html
> 
> -Chris
> --
> \\\|||///  \  StarNet Inc.  \ Chris Parker
> \ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
> | @   @ |\   http://www.starnetwx.net \  (847) 963-0116
> oOo---(_)---oOo--\--
>\ Wholesale Internet Services - http://www.megapop.net
> 
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeRadius and Alteon

2002-06-06 Thread PINTO Tiago Costa


I have a radius server (freeRadius) and a Alteon for load balancing. I want
the Alteon authentication to be with radius. I've configured the Alteon but
what happens is, when i try to login at the alteon:

Enter radius username: user
Enter radius password: 
RADIUS server timeout.
user: Sorry

and, at the radius server (log):

Wed Jun  5 14:59:15 2002 : Auth: Login OK: [user] (from nas UNKNOWN-NAS port
0)
Wed Jun  5 14:59:18 2002 : Auth: Login OK: [user] (from nas UNKNOWN-NAS port
0)
Wed Jun  5 14:59:21 2002 : Auth: Login OK: [user] (from nas UNKNOWN-NAS port
0)

So, my conclusion is that the radius server validates the username/password,
but the alteon doesn't recognize the answer. Is that a wrong configuration
of the radius server, or the alteon..? I've checked alteon and everything
seems to be allright.. (the radius server is working ok, because i'm using
it to authenticate switches from Bay Networks, aka Nortel..)

Can you help me with this?

Thanks!

Tiago Pinto

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with callback