PM3 Authentication.

[larry]

We setup radius this evening on a new server and can authenticate from a
total control 1000 and and cisco 5300 however, CANNOT authenticate from our
pm3 which was authenticating from an older version of Freeradius...

ANY HELP???


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Connecting to Oracle

[Tim McCracken]

On Wed, 9 Oct 2002 19:24:27 +0200
  "Mieczyslaw Maciejewski (EPO)" 
<[EMAIL PROTECTED]> wrote:
>Hi 
>
>I have FreeRadius 0.71 on Solaris 8.
>My database is Oracle 8.1.7
>After starting ./radiusd -X,  I receive the following 
>message:
>
>rlm_sql: Driver rlm_sql_oracle loaded and linked
>rlm_sql: Attempting to connect to [EMAIL PROTECTED]:1521/pmt
>rlm_sql: starting 0
>rlm_sql:  Attempting to connect #0
>Init: Oracle logon failed: 'Error while trying to 
>retrieve text for error ORA-12154 '
>rlm_sql:  Failed to connect DB handle #0
>rlm_sql: starting 1
>rlm_sql: starting 2
>rlm_sql: starting 3
>rlm_sql: starting 4
>
>The database (pmt) is running, the listener also. Oracle 
>client is installed.
>I try to connect as user pmt locally. 
>Could someone help
>
>Thanks
>Robert
>
>
>- 
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html

You have the connect string wrong (atleast per normal 
Oracle syntax) it should be:

username/password@database

If I read your message correctly you named the database 
"pmt", created a user "pmt" with a password of "pmt"?

(I think that will work, but it will be confusing!)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: sql.conf and oracle

[Tim McCracken]

This message indicates two different problems.  First one 
of your oracle message files (.msb) is missing.  SOmetimes 
the oracle installer just doesn't know what all to 
install.

Second the 12154 is "TNS:could not resolve service name".
I haven't been able to cut and paste the text for you, but 
you can get (and you need) the Oracle Error Message book 
which you can download for free at OTN.ORACLE.COM.

Assuming that TNS is set up correctly and you can use 
SQLPLUS OK (you did try that first to verify the 
installation, right?), then I suspect that you need to add 
the service name to the connect string so that the entire 
connect string is something like 'scott/tiger@prodb' or 
however you have defined it in TNS.

While most Oracle apps can use TNS to determine the 
default db to connect to, I have noticed that 
precompiled/oci apps (which free radius is) don't 
necessarily do this.  I am guessing that you have multiple 
configurations in TNS - which you will have if you did not 
delete the example ones that are installed when you 
install the client.

Tim


On Thu, 10 Oct 2002 08:13:49 -0700 (PDT)
  "Adam Joncas" <[EMAIL PROTECTED]> wrote:
>Hello,
>I am having trouble getting freeRadius to connect to 
>oracle.  In sql.conf
>the  'server' is the host name that the oracle database 
>is running on, the
>'login' and 'password' are to log onto the host.  Is 
>'radius_db' the
>radius database name or the global database name?  Is 
>this correct?  Does
>FreeRadius then use the host login name to connect to the 
>database?
>
>The error that I am getting is that logon to the oracle 
>database fails
>with: 'Error while trying to retrieve text for error 
>ORA-12154 ', but I
>can connect using sqlplus and I can see that the TNS 
>listener is running
>correctly for my database.  I have run the netmgr oracle 
>program to setup
>oracle to use radius.  Any help would be appreciated.
>
>Adam Joncas
>
>
>
>
>- 
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cache /etc/passwd, /etc/shadow, and /etc/group

[User for Free Radius mail list]

Kevin,

Thanks this works well.

Thanks again,

Ken Rea



On Thu, 10 Oct 2002, Kevin Bonner wrote:

> In the unix section of radiusd.conf, try the following:
> 
> cache = yes
> password = /path/to/passwd
> shadow = /path/to/passwd
> 
> If your passwd file contains encrypted passwords (i.e. no shadow file), then 
> using the above should allow you to cache the data.  We are currently using 
> this method to allow different realms to have their own passwd files, and 
> just assigning different Auth-Type's depending on the realm.  We'll be moving 
> to SQL auth shortly, but for the time being, this is working quite well for 
> us.
> 
> Kevin
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cache /etc/passwd, /etc/shadow, and /etc/group

[Kevin Bonner]

On Thursday 10 October 2002 13:27, User for Free Radius mail list wrote:
> On Thu, 10 Oct 2002, 3APA3A wrote:
> > passwd  file  doesn't  contain  any passwords or hashes, so it's useless
> > without shadow.
>
> If you do not use shadow passwords it does keep encrypted passwords in the
> passwd file. Check your man pages "man 5 passwd" and you will see the
> second field "Optional encrypted password". This is the way it was long
> before shadow passwords came about. The reason we do not use shadow
> passwords on this server is beyond the scope of this email.
>
> It would be nice to be able to cache this data for quick lookup.
>
> Thanks,
>
> Ken Rea

In the unix section of radiusd.conf, try the following:

cache = yes
password = /path/to/passwd
shadow = /path/to/passwd

If your passwd file contains encrypted passwords (i.e. no shadow file), then 
using the above should allow you to cache the data.  We are currently using 
this method to allow different realms to have their own passwd files, and 
just assigning different Auth-Type's depending on the realm.  We'll be moving 
to SQL auth shortly, but for the time being, this is working quite well for 
us.

Kevin

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cache /etc/passwd, /etc/shadow, and /etc/group

[User for Free Radius mail list]

On Thu, 10 Oct 2002, 3APA3A wrote:

> 
> passwd  file  doesn't  contain  any passwords or hashes, so it's useless
> without shadow.

If you do not use shadow passwords it does keep encrypted passwords in the
passwd file. Check your man pages "man 5 passwd" and you will see the
second field "Optional encrypted password". This is the way it was long
before shadow passwords came about. The reason we do not use shadow
passwords on this server is beyond the scope of this email.

It would be nice to be able to cache this data for quick lookup.

Thanks,

Ken Rea


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Update on O'Reilly RADIUS Book

[Daniel Monjar]

apologies to the list... I meant that to go straight to Jon.

--On Thursday, October 10, 2002 11:37 AM -0400 Daniel Monjar 
<[EMAIL PROTECTED]> wrote:

> I ordered the book through amazon but they say it is not yet avaiable
>
> I'm looking forward to getting my hands on a copy.  when is your talk to
> TriLUG?
>

--
Daniel Monjar
IS Manager, Technical Services
bioMérieux, Inc.
Durham, NC US


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: MySql authentication fails

[Alan DeKok]

"Valakos Yorgos" <[EMAIL PROTECTED]> wrote:
> I have a SuSe Linux 8.0 on Intel system and and 0.7.1 freeradius and
> latest version of MySql . When I try to authenticate a user against my
> passwd and shadow file it works but it doesn't when I try the same with
> users inserted in radius database (radcheck , etc) and auth type = sql

  Don't use Auth-Type := SQL, there's no such thing.

  See the mailing list archives for lots more information.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

MySql authentication fails

[Valakos Yorgos]

Dear friends 


I am totally newbie -yet fascinated - in both the linux and Freeradius
stuff so I beg you to bare with me .

I have a SuSe Linux 8.0 on Intel system and and 0.7.1 freeradius and
latest version of MySql . When I try to authenticate a user against my
passwd and shadow file it works but it doesn't when I try the same with
users inserted in radius database (radcheck , etc) and auth type = sql
.Below is the output of the debugging .Any help ?


_


Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
read_config_files:  reading dictionary
read_config_files:  reading clients
read_config_files:  reading realms
read_config_files:  reading naslist
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_auth = no
 main: log_auth_badpass = yes
 main: log_auth_goodpass = no
 main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 main: debug_level = 0
read_config_files:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System 
 unix: cache = yes
 unix: passwd = "/etc/passwd"
 unix: shadow = "/etc/shadow"
 unix: group = "/etc/group"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
Module: Instantiated unix (unix) 
Module: Loaded MS-CHAP 
 mschap: ignore_password = no
 mschap: use_mppe = yes
 mschap: require_encryption = no
 mschap: require_strong = no
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap) 
Module: Loaded PAP 
 pap: encryption_scheme = "clear"
Module: Instantiated pap (pap) 
Module: Loaded preprocess 
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess) 
Module: Loaded realm 
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix) 
Module: Loaded files 
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: compat = "no"
Module: Instantiated files (files) 
Module: Loaded detail 
 detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail) 
Module: Loaded SQL 
 sql: driver = "rlm_sql_mysql"
 sql: server = "localhost"
 sql: port = ""
 sql: login = "root"
 sql: password = "myrootpasswd"
 sql: radius_db = "radius"
 sql: acct_table = "radacct"
 sql: acct_table2 = "radacct"
 sql: authcheck_table = "radcheck"
 sql: authreply_table = "radreply"
 sql: groupcheck_table = "radgroupcheck"
 sql: groupreply_table = "radgroupreply"
 sql: usergroup_table = "usergroup"
 sql: nas_table = "nas"
 sql: dict_table = "dictionary"
 sql: sqltrace = yes
 sql: sqltracefile = "/usr/local/var/log/radius/sqltrace.sql"
 sql: deletestalesessions = yes
 sql: num_sql_socks = 5
 sql: sql_user_name = "%{User-Name}"
 sql: authorize_check_query = "SELECT id,UserName,Attribute,Value,op
FROM radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value,op
FROM radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
 sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgrou
pcheck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id"
 sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrou
preply.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id"
 sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE
UserName = '%{

Re: Update on O'Reilly RADIUS Book

[Daniel Monjar]

I ordered the book through amazon but they say it is not yet avaiable

I'm looking forward to getting my hands on a copy.  when is your talk to 
TriLUG?

--On Thursday, October 03, 2002 8:22 PM -0400 Jonathan Hassell 
<[EMAIL PROTECTED]> wrote:

> Hello, all
>
> Several of you have recently asked me about the status of the O'Reilly
> book on RADIUS that I wrote, and I thought I might send a short update to
> the list to let you know what's going on.
>
> 1.  I have created a support site for the book at
> http://www.theradiusbook.com.  There's most everything about the book on
> the site: a description of the book, a description of me, the table of
> contents, and a sample chapter (see point 2 below).  I also have a
> mailing list created so readers can discuss the book, offer feedback and
> criticism, and make suggestions for the next revision.  I'll be
> monitoring that mailing list closely.  There are also on the site links
> to buy the book from every major online distributor, and a link to Amazon
> which, if you purchase the book through it, will contribute some money to
> the FreeRADIUS development effort.
>
> 2.  There are now sample chapters posted on the web.  The O'Reilly site
> (http://www.oreilly.com/catalog/RADIUS) has the complete text of Chapter
> 5, "Getting Started with FreeRADIUS," and a portion of Chapter 9, "New
> FreeRADIUS Developments." My site has Chapter 5 posted in a web version
> and a printer-friendly version.  You're welcome to check out each of them.
>
> 3.  My editor wrote me just a few minutes ago and told me he was holding
> a copy of the actual published book in his hand.  Apparently I'm not
> important enough to receive a copy straight from the press, much to my
> chagrin, so I've gone ahead and purchased a copy myself.  So the book
> exists, and it should be arriving to all of the major online retailers
> and some brick-and-mortar stores within the next couple of days.   Thanks
> to all of you who have pre-ordered the book.  You should receive your
> copies very soon.
>
> You're welcome to ask me any questions about the book you like - I can be
> reached at jon at jonathanhassell dot com.
>
> Best wishes to you all.
>
> ---
> Jonathan Hassell
> [EMAIL PROTECTED]
> http://www.theradiusbook.com
>
>
> - List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



--
Daniel Monjar
IS Manager, Technical Services
bioMérieux, Inc.
Durham, NC US


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using Vendor-Specific attributes

[Alan DeKok]

Jukka Lehti <[EMAIL PROTECTED]> wrote:
> I must be probably too stupid or complete blind sice I
> just can't find any info how to use Vendor-Specific
> attributes with radclient and radiusd. I have this
> simple test dictionary:
> 
> VENDOR Testing 1234
> ATTRIBUTE Foo 1 integer Testing
> ATTRIBUTE Bar 2 integer Testing
> 
> How I shall send those with radclient?

  Use them like any other attribute?

> echo
> "User-Name=un,User-Password=pw,Vendor-Specific=1234 |

  Uh, why would you use Vendor-Specific when you wanted attribute
'Foo' or 'Bar'?

> And I couldn't add
> Vendor-Specific attributes to server reply either. Is
> there any examples available, since this didn't work:
> 
> un Auth-Type := Local, User-Password == "pw"
> Reply-Message = "Hello, World!",
> Vendor-Specific = "Testing,Foo=123"

  Of course not.  You just use the attributes "Foo" or "Bar", like
anything else.

  But you DO have to tell the main dictionary file about the new
dictionary you added... did you try 'man 5 dictionary' ??

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cache /etc/passwd, /etc/shadow, and /etc/group

[Alan DeKok]

User for Free Radius mail list <[EMAIL PROTECTED]> wrote:
> In the radiusd.conf file:
> The "Cache" setup does not work if you do not use shadow passwords. If the
> "shadow" line is left at the default value: (ie commented out)

  Yes... your system has shadow passwords, so if you want to cache
them, you've go to read the shadow password file.

  Where, exactly, did you expect the cached passwords to be read from?
Not all systems have fgetpwent()...

> If you say "no" to the "cache" option:
..
> It loads up just fine.

  Of course.  Because it doesn't cache the passwords, it can use
getpwent() to get the password, which is a system call which knows
where the password files are located.

> Is there something I'm missing or is the the default behavior of this
> setup?

  Some knowledge of how Unix systems are set up should help.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using Vendor-Specific attributes

[Max Malzkuhn]

In our case, we have a dictionary with the following entry:

VENDOR  FOO 1234

ATTRIBUTE   FOO-Priv1   octets  FOO


and the users are set up as:

foouser1 Auth-Type := Local, User-Password == "foouser1"
   Service-Type == Login-User,
   FOO-Priv = 0x8007

Obviously using Auth-Type local isn't secure but this is just an 
example.  We use this to test our routers ability to use Radius for 
keeping users and permissions vis a vis the router.  The octet 
0x8007 would allow foouser1 to do specific tasks on the router, etc.

Hope this helps a bit?

Max
On Thursday, October 10, 2002, at 01:10 AM, Jukka Lehti wrote:

> Hi all,
>
> I must be probably too stupid or complete blind sice I
> just can't find any info how to use Vendor-Specific
> attributes with radclient and radiusd. I have this
> simple test dictionary:
>
> VENDOR Testing 1234
> ATTRIBUTE Foo 1 integer Testing
> ATTRIBUTE Bar 2 integer Testing
>
> How I shall send those with radclient?
>
> echo
> "User-Name=un,User-Password=pw,Vendor-Specific=1234 |
> radclient 10.0.0.1 auth secret
>
> doesn't work at all. And I couldn't add
> Vendor-Specific attributes to server reply either. Is
> there any examples available, since this didn't work:
>
> un Auth-Type := Local, User-Password == "pw"
> Reply-Message = "Hello, World!",
> Vendor-Specific = "Testing,Foo=123"
>
>
> Thanks.
>
> __
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

sql.conf and oracle

[Adam Joncas]

Hello,
I am having trouble getting freeRadius to connect to oracle.  In sql.conf
the  'server' is the host name that the oracle database is running on, the
'login' and 'password' are to log onto the host.  Is 'radius_db' the
radius database name or the global database name?  Is this correct?  Does
FreeRadius then use the host login name to connect to the database?

The error that I am getting is that logon to the oracle database fails
with: 'Error while trying to retrieve text for error ORA-12154 ', but I
can connect using sqlplus and I can see that the TNS listener is running
correctly for my database.  I have run the netmgr oracle program to setup
oracle to use radius.  Any help would be appreciated.

Adam Joncas




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ippool problem on 0.7.1.Don't deallocate ip addresses

[Pierluigi Frullani]

Hi all,
 I' m having problem with the Ippool module ( rlm_ippool ).
When authorizing, the module is able to allocate the correct IP address, but
on the account "Stop" does not set the ip free.

relevant part of radiusd.conf
...
...
modules {
...
...
ippool Prova0 {
range-start = 10.128.1.0
range-stop = 10.128.1.3
netmask = 255.255.255.252
cache-size = 800
session-db = ${raddbdir}/db.ippool.0
ip-index = ${raddbdir}/db.ipindex.0
}
...
}
authorize {
...
Prova0
...
}
accounting {
...
Prova0
...
}

users file:
...
steve   Auth-Type := Local, User-Password == "testing", Pool-Name :=
"Prova1"
...

log, from radiusd -X > log says:
...

Module: Instantiated ippool (Prova0)
 ippool: session-db = "/usr/local/freeradius/etc/raddb/db.ippool.1"
 ippool: ip-index = "/usr/local/freeradius/etc/raddb/db.ipindex.1"
 ippool: range-start = 10.128.10.0 IP address [10.128.10.0]
 ippool: range-stop = 10.128.10.3 IP address [10.128.10.3]
 ippool: netmask = 255.255.255.252 IP address [255.255.255.252]
 ippool: cache-size = 800
...
...
  modcall[authorize]: module "files" returns ok
rad_recv: Access-Request packet from host 10.128.255.4:1024, id=78,
length=92
User-Name = "steve"
User-Password = "\r\021\353N\315\021 s\023.8]O\002F\010"
NAS-Port = 1020
Service-Type = Framed-User
Framed-Protocol = PPP
Tunnel-Client-Endpoint:0 = "212.239.118.116"
NAS-IP-Address = 10.128.255.4
NAS-Port-Type = Virtual
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name = "steve"
rlm_realm: No such realm NULL
  modcall[authorize]: module "suffix" returns noop
users: Matched steve at 99
  modcall[authorize]: module "files" returns ok
rlm_ippool: Entering in function authorize
rlm_ippool: Searching for an entry for nas/port: 10.128.255.4/1020
rlm_ippool: num: 1
rlm_ippool: Allocated ip 10.128.10.2 to client on nas 10.128.255.4,port 1020
  modcall[authorize]: module "Prova0" returns ok
...
...
rad_recv: Accounting-Request packet from host 10.128.255.4:1038, id=24,
length=155
User-Name = "steve"
NAS-Port = 1020
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 10.128.10.2
Class = 0x47727570706f526164
Acct-Status-Type = Stop
Acct-Input-Octets = 312
Acct-Output-Octets = 0
Acct-Session-Id = "0C400010"
Acct-Session-Time = 8
Acct-Input-Packets = 3
Acct-Output-Packets = 0
Acct-Terminate-Cause = User-Request
Tunnel-Client-Endpoint:0 = "212.239.118.116"
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = 10.128.255.4
NAS-Port-Type = Virtual
modcall: entering group preacct
  modcall[preacct]: module "preprocess" returns noop
rlm_realm: Looking up realm NULL for User-Name = "steve"
rlm_realm: No such realm NULL
  modcall[preacct]: module "suffix" returns noop
  modcall[preacct]: module "files" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
radius_xlat:
'/usr/local/freeradius/var/log/radius/radacct/10.128.255.4/detail'
rlm_detail:
/usr/local/freeradius/var/log/radius/radacct/%{Client-IP-Address}/detail
expands to /usr/local/freeradius/var/log/radius/radacct/1
0.128.255.4/detail
  modcall[accounting]: module "detail" returns ok
  modcall[accounting]: module "counter" returns ok
radius_xlat:  'steve'
  modcall[accounting]: module "radutmp" returns ok
  modcall[accounting]: module "Prova0" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 24 to 10.128.255.4:1038
Finished request 12
Going to the next request


This problem is driving me crazy.
Have you any idea ?



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Free Domain name registration Site.Limited Chance No banner Advertisement(±¤°í)

[ÀÓ»ó¼ö]

Title: Free Domain name Registration



Hello~
http://name.co.sr  (¹«·áµµ¸ÞÀεî·Ï)Free Domain name Registration
Site. Limited
ChanceEx)  http://home4.searchengineforyou.com/~dvd
   -->   dvd.co.sr
1. Free Domain name registration2. No banner
Advertisement.3. Free Forwarding Service.4. Dynamic IP server(ADSLetc)
Free Register
now !!!http://name.co.sr
¹«·á µµ¸ÞÀÎ µî·Ï Free Domain name registration Site.Limited Chance No
banner Advertisement

º» ¸ÞÀÏÀº Á¤º¸Åë½ÅºÎ ±Ç°í »çÇ׿¡ ÀÇ°Å Á¦¸ñ¿¡
[±¤°í]¶ó Ç¥½ÃµÈ ±¤°í ¸ÞÀÏÀÔ´Ï´Ù.¼ö½Å°ÅºÎ ¹öÆ°À» Ŭ¸¯ÇÏ½Ã¸é ¼ö½Å°ÅºÎ󸮰¡
ÀÌ·ç¾î Áý´Ï´Ù. 




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

checkrad .. pls post radiusd -x output..

[Tim]

Can someone please post a copy of the output from radiusd -X  when a 
simultaneous login is detected, and freeradius runs the checkrad prog ..

I can't get checkrad to work, and just want to know what it should look 
like when it does !!

thx ...





Tim Fraser

*
Relax Internet
Internet Service Provider (dial-up & ADSL) / Web Hosting
www.relax.com.au

*



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP pool problem, please help

[Tim]

Can someone please post a copy of the output from radiusd -X  when a 
simultaneous login is detected, and freeradius runs the checkrad prog ..

thx ...





Tim Fraser

*
Relax Internet
Internet Service Provider (dial-up & ADSL) / Web Hosting
www.relax.com.au

*



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRadius+PostgreSQL connection error on FreeBSD

[Sergey Holod]

On Monday 07 October 2002 21:42, Aleksandar Zhelyazkov wrote:
> There are also some diferences between the sql db schema supplied in
> src/modules/rlm_sql/drivers/rlm_sql_postgres/db_postgres.sql
> and the sql statemetns for accounting_onoff etc in postgresql.conf

Some time ago I've posted here patch for "right" config and schema
don't know maybe , it is in CVS..



-- 
With Best Regards,
Sergey Holod
SAH1-RIPE

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP pool problem, please help

[Andrew Kelaidis]

I have installed the freeRADIUS server and I 'm using the rlm_ippool module. 
Everything works fine until one account-stop packet had been lost. The user 
was log out but the dialup admin interface shows him as online and active in 
finger page. I remove the correct record from the radacct table so the user 
went offline. The problem is that the server had assigned him an ip address 
and when the user is trying to login again, the following error message 
appears:
"The server did not assign an IP Address, error 738"

I know that the ippool module keeps two files (not text files) with 
information about used IP addresses. I think that the "stacked" user can't 
login because the server has already assign him an ipaddress. Is there any 
ways to solve this problem? Please help...

Andrew Kelaidis

_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Using Vendor-Specific attributes

[Jason Lixfeld]

The only VSA's I've ever seen have been accounting packet reply items.
That's just been my experience with them.  Would AV-Pairs do what you
need?

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]] On Behalf Of 
> Jukka Lehti
> Sent: Thursday, October 10, 2002 4:10 AM
> To: [EMAIL PROTECTED]
> Subject: Using Vendor-Specific attributes
> 
> 
> Hi all,
> 
> I must be probably too stupid or complete blind sice I
> just can't find any info how to use Vendor-Specific
> attributes with radclient and radiusd. I have this
> simple test dictionary:
> 
> VENDOR Testing 1234
> ATTRIBUTE Foo 1 integer Testing
> ATTRIBUTE Bar 2 integer Testing
> 
> How I shall send those with radclient?
> 
> echo
> "User-Name=un,User-Password=pw,Vendor-Specific=1234 |
> radclient 10.0.0.1 auth secret
> 
> doesn't work at all. And I couldn't add
> Vendor-Specific attributes to server reply either. Is
> there any examples available, since this didn't work:
> 
> un Auth-Type := Local, User-Password == "pw"
> Reply-Message = "Hello, World!",
> Vendor-Specific = "Testing,Foo=123"
> 
> 
> Thanks.
> 
> __
> Do you Yahoo!?
> Faith Hill - Exclusive Performances, Videos & More
> http://faith.yahoo.com
> 
> - 
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
> 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Connecting to Oracle

[Andrea Gabellini]

from my sql.conf:

driver = "rlm_sql_oracle"
server = "10.10.10.10"
login = "user_name"
password = "password"
radius_db = 
"(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=10.10.10.10)(PORT=1521))(CONNECT_DATA=(SID=your_sid)))"

At 19.24 09/10/02, you wrote:
>Hi
>
>I have FreeRadius 0.71 on Solaris 8.
>My database is Oracle 8.1.7
>After starting ./radiusd -X,  I receive the following message:
>
>rlm_sql: Driver rlm_sql_oracle loaded and linked
>rlm_sql: Attempting to connect to [EMAIL PROTECTED]:1521/pmt
>rlm_sql: starting 0
>rlm_sql:  Attempting to connect #0
>Init: Oracle logon failed: 'Error while trying to retrieve text for error 
>ORA-12154 '
>rlm_sql:  Failed to connect DB handle #0
>rlm_sql: starting 1
>rlm_sql: starting 2
>rlm_sql: starting 3
>rlm_sql: starting 4
>
>The database (pmt) is running, the listener also. Oracle client is installed.
>I try to connect as user pmt locally.
>Could someone help
>
>Thanks
>Robert
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


---
Always remember you're unique, just like everyone else.
---
Ing. Andrea Gabellini
Email: [EMAIL PROTECTED]
Tel: 0549 886111 (Italy)
Tel. +378 0549 886111 (International)

Intelcom San Marino S.p.A.
Strada degli Angariari, 3
47891 Rovereta
Repubblic of San Marino

http://www.omniway.sm  http://www.intelcom.sm


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Free Domain name registration Site.Limited Chance No banner Advertisement(±¤°í)

[ÀÓ»ó¼ö]

Title: Free Domain name Registration



Hello~
http://name.co.sr  Free Domain name Registration
Site. Limited
ChanceEx)  http://home4.searchengineforyou.com/~dvd
   -->   dvd.co.sr
1. Free Domain name registration2. No banner Advertisement.3. Free
Forwarding Service.4. Dynamic IP server(ADSLetc)
Free Register
now !!!http://name.co.sr
¹«·á µµ¸ÞÀÎ µî·Ï Free Domain name registration Site.Limited Chance No
banner Advertisement

º» ¸ÞÀÏÀº Á¤º¸Åë½ÅºÎ ±Ç°í »çÇ׿¡ ÀÇ°Å Á¦¸ñ¿¡
[±¤°í]¶ó Ç¥½ÃµÈ ±¤°í ¸ÞÀÏÀÔ´Ï´Ù.¼ö½Å°ÅºÎ ¹öÆ°À» Ŭ¸¯ÇÏ½Ã¸é ¼ö½Å°ÅºÎ󸮰¡
ÀÌ·ç¾î Áý´Ï´Ù. 




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using Vendor-Specific attributes

[Jukka Lehti]

> Dear Jukka Lehti,
> 
> Foo=ValueOfFoo,Bar=ValueOfBar
> 
> Isn't is what dictionary is for?

Yes, I think so. But still I get:

radclient:Unknown attribute Foo

__
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Using Vendor-Specific attributes

[3APA3A]

Dear Jukka Lehti,

Foo=ValueOfFoo,Bar=ValueOfBar

Isn't is what dictionary is for?

--Thursday, October 10, 2002, 12:10:00 PM, you wrote to 
[EMAIL PROTECTED]:

JL> Hi all,

JL> I must be probably too stupid or complete blind sice I
JL> just can't find any info how to use Vendor-Specific
JL> attributes with radclient and radiusd. I have this
JL> simple test dictionary:

JL> VENDOR Testing 1234
JL> ATTRIBUTE Foo 1 integer Testing
JL> ATTRIBUTE Bar 2 integer Testing

JL> How I shall send those with radclient?

JL> echo
JL> "User-Name=un,User-Password=pw,Vendor-Specific=1234 |
JL> radclient 10.0.0.1 auth secret

JL> doesn't work at all. And I couldn't add
JL> Vendor-Specific attributes to server reply either. Is
JL> there any examples available, since this didn't work:

JL> un Auth-Type := Local, User-Password == "pw"
JL> Reply-Message = "Hello, World!",
JL> Vendor-Specific = "Testing,Foo=123"


JL> Thanks.

JL> __
JL> Do you Yahoo!?
JL> Faith Hill - Exclusive Performances, Videos & More
JL> http://faith.yahoo.com

JL> - 
JL> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
~/ZARAZA
Æàëî ìíå íå ïîíàäîáèòñÿ (Ñ. Ëåì)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Using Vendor-Specific attributes

[Jukka Lehti]

Hi all,

I must be probably too stupid or complete blind sice I
just can't find any info how to use Vendor-Specific
attributes with radclient and radiusd. I have this
simple test dictionary:

VENDOR Testing 1234
ATTRIBUTE Foo 1 integer Testing
ATTRIBUTE Bar 2 integer Testing

How I shall send those with radclient?

echo
"User-Name=un,User-Password=pw,Vendor-Specific=1234 |
radclient 10.0.0.1 auth secret

doesn't work at all. And I couldn't add
Vendor-Specific attributes to server reply either. Is
there any examples available, since this didn't work:

un Auth-Type := Local, User-Password == "pw"
Reply-Message = "Hello, World!",
Vendor-Specific = "Testing,Foo=123"


Thanks.

__
Do you Yahoo!?
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP authentication using Win2000 Professional as the client

[Artur Hecker]

hi

i've read your email already but i had no clue about the problem that's
why i didn't reply so far.

the problem you are talking about seems to be related to the
windows-programming. where is your problem related to the free-radius
server?


greetings,

artur


[EMAIL PROTECTED] wrote:
> 
> Dear Sir:
> 
> Could you please direct this mail to
> Mr "Fernandez, Jorge" and
> Mr "Artur Hecker"?
> 
> Fernandez, Jorge [EMAIL PROTECTED]
> Artur Hecker [EMAIL PROTECTED]
> 
> I am trying to realize the EAP authentication using Win2000 Professional as the 
>client,
> Windows2000 Server as the router, and Linux as the Radius Authenticater.
> 
> Although I tried several ways following the EAP guides in the microsoft SDK, I 
>failed so far.I registered the EAP.DLL following the EAP guides in the microsoft SDK.
> 
> Especially, rasman does call RasEapGetInfo exported by the EAP.dll but it does not 
>call the EapBegin function in the EAP.dll. Maybe the function RasEapInitialize should 
>always be called before any other call, but I could not get what I should do in the 
>function RasEapInitialize.
> 
> All in all, my EAP.DLL did not work as it was supposed to. So I could not begin my 
>job. The typical function prototypes are listed below:
> 
> If it is possible, Could you please tell me how to put my EAP protocal DLL into 
>effect? Thanks a lot!
> 
> Sincerely Yours,
> Wu MingChang
> 09/10/2002
> 
> //
> DWORD APIENTRY
> RasEapGetInfo(
>IN  DWORD dwEapTypeId,
>OUT PPP_EAP_INFO* pInfo
> )
> {
>EapTrace("RasEapGetInfo");
> 
>if (dwEapTypeId != PPP_EAP_PROTOCOL_ID)
>{
>EapTrace("Type ID %d is not supported", dwEapTypeId);
>return(ERROR_NOT_SUPPORTED);
>}
> 
>ZeroMemory(pInfo, sizeof(PPP_EAP_INFO));
> 
>pInfo->dwEapTypeId   = PPP_EAP_PROTOCOL_ID;
>pInfo->RasEapBegin   = EapBegin;
>pInfo->RasEapEnd = EapEnd;
>pInfo->RasEapMakeMessage = EapMakeMessage;
> 
>return(NO_ERROR);
> }
> 
> DWORD APIENTRY
> EapBegin(
>OUT VOID** ppWorkBuf,
>IN  VOID*  pInfo
> )
> {
>PPP_EAP_INPUT* pInput = (PPP_EAP_INPUT*)pInfo;
>EAPCB* pwb;
> 
>EapTrace("EapBegin(%ws)", pInput->pwszIdentity);
>...
>...
>...
>...
> 
>return(NO_ERROR);
> }
> //
> .+-Šwèþ˛±ÊâmïîžË›±Êâmäžzm§ÿðÃëyêÚv+¬¢¸?–+-þë®Èmml==

-- 
Artur Hecker
artur[at]hecker.info

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html