Re: FreeBSD woes!
Duh, I had to CREATE the database 1st, sorry for the silly post been a LONG day and I forgot this step! Thanks for all the help Doh. I guess it helps if I check my e-mail before firing off a reply. Apologies for the rather redundant post!!! Anyway, no problem -- I remember when similar errors with Postgres drove me nuts until I realized it was ldconfig's problem. Well, it's almost midnight here and I've been trying to convince myself to work on something productive. So far it hasn't happened... ~Benjamin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD woes!
On Mon, Jun 16, 2003 at 09:27:16PM -0500, Jeff Thompson - World Net Technical Support wrote: Module: Loaded SQL rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. error on startup I did install the rlm_sql_mysql driver in /home/jefft/freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_mysql and it reports all the files were installed in 'usr/local/lib' You haven't by chance tried to mix an 0.8.1 driver with a non-0.8.1 radiusd? This works up to 0.8.1, but as of CVS a couple of weeks ago, radiusd won't load an older mysql driver. On Tue, Jun 17, 2003 at 12:29:45AM -0500, Jeff wrote: Well I got the sql module to load! I went into the ports collection (freeradius.7) after installing mysql4, and built it from source there If that's freeradius-0.7 you really shouldn't run that, it has known problems. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD woes!
- Original Message - From: Frank Cusack [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 1:51 AM Subject: Re: FreeBSD woes! On Mon, Jun 16, 2003 at 09:27:16PM -0500, Jeff Thompson - World Net Technical Support wrote: Module: Loaded SQL rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. error on startup I did install the rlm_sql_mysql driver in /home/jefft/freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_mysql and it reports all the files were installed in 'usr/local/lib' You haven't by chance tried to mix an 0.8.1 driver with a non-0.8.1 radiusd? This works up to 0.8.1, but as of CVS a couple of weeks ago, radiusd won't load an older mysql driver. To test this theory, I redid an install of freeradius 0.8.1, from freeradius.org. When starting up freeradius-I get the sql module error again. I am using the driver that was unpacked in the source tarball... On Tue, Jun 17, 2003 at 12:29:45AM -0500, Jeff wrote: Well I got the sql module to load! I went into the ports collection (freeradius.7) after installing mysql4, and built it from source there If that's freeradius-0.7 you really shouldn't run that, it has known problems. It works for me now! I will gladly uphgrade from 0.7-but I cannot to 0.8.1-because it will not work with freeBSD, maybe this is a bug? Because I install 0.7 and it works! /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD woes!
Did you use the --with-lib-path and --with-include-path when you ran the configure script? On Tuesday, Jun 17, 2003, at 03:27 Europe/London, Jeff Thompson - World Net Technical Support wrote: I have spent almost ALL DAY trying to get this to work. I have trolled the archives, and checked my ldconfig settings, but nothing seems to work. I am getting the COMMON : Module: Loaded SQL rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. error on startup I did install the rlm_sql_mysql driver in /home/jefft/freeradius-0.8.1/src/modules/rlm_sql/drivers/ rlm_sql_mysql and it reports all the files were installed in 'usr/local/lib' I added this path-along with /usr/local/lib/mysql to my profile-still nothing. What I am thinking is that I am missing the development headers for mysql. I have searched high and low on the net-but can only find rpm releases of these headres, I'm on FreeBSD and cannot get the rpms to install. I have reached the end of what I know to do-can someone guide me in the right direction? Im so confused and frustarted! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius demo
Hello again! I have read the rfcs and some other articles, but I still have an comprehension problem! Following situation: 1. Company with 1000 users in different systems (unix/ads) 2. Dial-in possibility over some ISDN Routers (they are the radius clients) 3. One radius server in background how does the radius server know about the users? I made some experience (not much at all) with Cisco ACS, and I think that acs is acting as a kind of proxy like this: nas (radclient) acs (radserver) and acs (radclient) w2ksrv (radsrv) ? -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl cause fall out to core
Hi. I have a problem with rlm_perl on version 0.8.1 (under FreeBSD 5.1 Release).
After starting radiusd with -xyz I've got segmentation fault.
What I do wrong?
experimental.conf:
perl {
module = /usr/local/etc/raddb/example.pl
func_accounting = accounting
func_authentication = authenticate
func_preacct = preacct
func_checksimul = checksimul
func_xlat = xlat
}
radiusd.conf:
[...]
modules {
chap {
authtype = CHAP
}
mschap {
authtype = MS-CHAP
use_mppe = no
require_encryption = no
require_strong = no
}
$INCLUDE ${confdir}/experimental.conf
}
authorize {
perl
chap
mschap
}
authenticate {
authtype FUFLO {
chap
mschap
}
}
[...]
users:
DEFAULT Auth-Type := FUFLO
Fall-Through = Yes
gdb output, configs, scripts is available at http://null.pp.ru/fuck
--
Sincerely,
Dennis
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can freeradius be migrate to Microsoft Windows?
Hi, all I don't want to need another PC or Server to run it. Sorry. Maybe it's a silly question. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can freeradius be migrate to Microsoft Windows?
Have a look at the CYGWIN file that comes with FreeRADIUS. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 17 June 2003 12:34 To: [EMAIL PROTECTED] Subject: Can freeradius be migrate to Microsoft Windows? Hi, all I don't want to need another PC or Server to run it. Sorry. Maybe it's a silly question. Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- This email, and any files transmitted with it, is copyright and may contain confidential information. The contents are intended for the use of the addressee(s) only. Unauthorized use may be unlawful. If you receive this email by mistake, please advise sender immediately. The views of the author may not necessarily constitute the views of Telco Electronics Limited. Nothing in this mail shall bind Telco Electronics Limited in any contract or obligation. Telco Electronics Limited 6-8 Oxford Court Brackley Northants NN13 7XY Tel 07000 701999 Fax 07000 701777 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Trying to debug rlm_ippool..
Hello all: I'm debugging rlm_ippool, trying to catch the bug that causes ips to disappear.. Any hints or experience sharing would be appreciated. Cheers, Jonathan. -- Jonathan Ruano kobalt at pobox dot com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius demo
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 4:26 AM To: [EMAIL PROTECTED] Subject: Re: freeradius demo Hello again! I have read the rfcs and some other articles, but I still have an comprehension problem! Following situation: 1. Company with 1000 users in different systems (unix/ads) 2. Dial-in possibility over some ISDN Routers (they are the radius clients) 3. One radius server in background how does the radius server know about the users? I made some experience (not FreeRadius supports a bunch of different user databases, from the original users' files to most anything you want using various modules. much at all) with Cisco ACS, and I think that acs is acting as a kind of proxy like this: nas (radclient) acs (radserver) and acs (radclient) w2ksrv (radsrv) ? -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
disctionary files
Hi all. Where is the place in source files where dictionary files is reading ? I want to make some patch to freeradius source for reading dictionary files from SQL database. -- Ruslan mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and openldap
Hi all, I'd like to know where I could find a good doc on the RADIUS-LDAPv3.schema to know exactly the fields' signification. I filled the field radiusPrompt in openldap with 'hello' but when an user authenticate himself he doesn't see any prompt. I'd like to know too, which free client do you use on linux, with its advantages and disavantages, if possible. I've difficulties to made them well-work on this platform. (I tried Xsupplicant and Aegis -trial beta version-) Finally I'd like to know if it's possible to join a file in the freeradius response to the client, to be stored on the client machine or to open a web page on the client screen thanks Freeradius. Thanks in advance. Your help will be well-appreciated. SylvainDo You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Testez le nouveau Yahoo! Mail
rlm_acct_unique possible bug
Hi, all I've been using freeradius and noticed that sometimes the Acct-Unique-Session-ID gave me different values for the same inputs. A partial output of radiusd -X is: rlm_acct_unique: Hashing 'Acct-Session-Id = 3EEF21621014,User-Name = noc' rlm_acct_unique: Acct-Unique-Session-ID = 889e46aba4217ad4. rlm_acct_unique: Hashing 'Acct-Session-Id = 3EEF21631014,User-Name = noc' rlm_acct_unique: Acct-Unique-Session-ID = 6836c775ae8a6c48. Wonder if anyone else experienced the same problem. I'm using freeradius-0.8.1. Thanks in advance, Manuel Sousa - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disctionary files
On Tue, Jun 17, 2003 at 04:50:32PM +0400, [EMAIL PROTECTED] wrote: Where is the place in source files where dictionary files is reading ? I want to make some patch to freeradius source for reading dictionary files from SQL database. look out for dict_init and you will find it. rlm_sql would be the place to add this feature. just a wild guess... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and openldap
They are radius attributes, check out http://www.freeradius.org/rfc/rfc2865.html Read the RFC, it will tell you about those attributes as well as explain what radius does. On Tue, 17 Jun 2003, [iso-8859-1] Sylvain MASNADA wrote: Hi all, I'd like to know where I could find a good doc on the RADIUS-LDAPv3.schema to know exactly the fields' signification. I filled the field radiusPrompt in openldap with 'hello' but when an user authenticate himself he doesn't see any prompt. I'd like to know too, which free client do you use on linux, with its advantages and disavantages, if possible. I've difficulties to made them well-work on this platform. (I tried Xsupplicant and Aegis -trial beta version-) Finally I'd like to know if it's possible to join a file in the freeradius response to the client, to be stored on the client machine or to open a web page on the client screen thanks Freeradius. Thanks in advance. Your help will be well-appreciated. Sylvain - Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Testez le nouveau Yahoo! Mail - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_acct_unique possible bug
At 02:24 PM 6/17/2003 +0100, Manuel Sousa wrote: Hi, all I've been using freeradius and noticed that sometimes the Acct-Unique-Session-ID gave me different values for the same inputs. A partial output of radiusd -X is: rlm_acct_unique: Hashing 'Acct-Session-Id = 3EEF21621014,User-Name = noc' rlm_acct_unique: Acct-Unique-Session-ID = 889e46aba4217ad4. rlm_acct_unique: Hashing 'Acct-Session-Id = 3EEF21631014,User-Name = noc' rlm_acct_unique: Acct-Unique-Session-ID = 6836c775ae8a6c48. Wonder if anyone else experienced the same problem. I'm using freeradius-0.8.1. Look closer at the Acct-Session-Id, particulary the 8th position. Your first line has a '2', your second line has a '3'. They are not the same, hence the hash result is not the same. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
pap authenticator field in module perl ?
Hello there, i am running freeradius-snapshot-20030429 with the perl module. i can do chap authentication by the perl module, as i can grab both the challenge and the password submitted by the nas (the client)via the radius attributes. (CHAP-Challenge and CHAP-Password) but i miss the equivalent attribute when dealing with pap. i dumped the rad_request and the rad_check as well but i did not see anything looking like a 16 bytes key in a pap authenticate-request packet. after looking to doc/variables.txt i also tried to use the environment variable %V but this remains empty. could someone point me to some hints ? thank you for your help tias - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_acct_unique possible bug
Really didn't notice that, happened couple of times, wonder why pppd sends 2 acct-starts and sometimes with different session IDs. Sorry to report this as it ain't a bug then, and thanks for the fast reply. Manuel Sousa On Tue, 2003-06-17 at 14:54, Chris Parker wrote: At 02:24 PM 6/17/2003 +0100, Manuel Sousa wrote: Hi, all I've been using freeradius and noticed that sometimes the Acct-Unique-Session-ID gave me different values for the same inputs. A partial output of radiusd -X is: rlm_acct_unique: Hashing 'Acct-Session-Id = 3EEF21621014,User-Name = noc' rlm_acct_unique: Acct-Unique-Session-ID = 889e46aba4217ad4. rlm_acct_unique: Hashing 'Acct-Session-Id = 3EEF21631014,User-Name = noc' rlm_acct_unique: Acct-Unique-Session-ID = 6836c775ae8a6c48. Wonder if anyone else experienced the same problem. I'm using freeradius-0.8.1. Look closer at the Acct-Session-Id, particulary the 8th position. Your first line has a '2', your second line has a '3'. They are not the same, hence the hash result is not the same. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
for test ...
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius demo
OK, but how do i configure freeradius to query a windows 2000 server for user information? Hello again! I have read the rfcs and some other articles, but I still have an comprehension problem! Following situation: 1. Company with 1000 users in different systems (unix/ads) 2. Dial-in possibility over some ISDN Routers (they are the radius clients) 3. One radius server in background how does the radius server know about the users? I made some experience (not FreeRadius supports a bunch of different user databases, from the original users' files to most anything you want using various modules. much at all) with Cisco ACS, and I think that acs is acting as a kind of proxy like this: nas (radclient) acs (radserver) and acs (radclient) w2ksrv (radsrv) -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: disctionary files
Where is dictionary stored in memory while freeradius daemon running ? What module is reading dictionary files ? -- Best regards, Ruslan mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeBSD woes!
It works for me now! I will gladly uphgrade from 0.7-but I cannot to 0.8.1-because it will not work with freeBSD, maybe this is a bug? Because I install 0.7 and it works! Strange... I'm using FreeRADIUS 0.8.1 on FreeBSD 4.7. I got it to work with both MySQL 4.0.13 and PostgreSQL 7.3.3 without any issues. *shrugs* Either way, I seriously doubt it's a bug with FreeRADIUS. If for some strange reason it didn't like FreeBSD, I'd probably be having problems by now ;-) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: disctionary files
On Tue, Jun 17, 2003 at 06:43:15PM +0400, [EMAIL PROTECTED] wrote: Where is dictionary stored in memory while freeradius daemon running ? What module is reading dictionary files ? you want to write some patch for freeradius... so I think it makes sense that you just look at the source to do it. what sense does it make that we tell you all the stuff? to implement it you still need to look... to 1: yes, it seems so. to 2: none. you did not grep for dict_init, as I told you. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ScanMail Message: To Recipient Match eManager setting and take action.
eManager Notification * The following mail was blocked since it contains sensitive content. [snip] Content filter has detected an e-mail that contains profanity *** End of message * Oh my word! If you say something bad, the e-mail police *DO* come after you!!! *grins* - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
DNS Servers
I have a Cisco 3640 which uses freeradius for authentication. When a ppp session is established with the cisco no DNS servers are currently set on the client. I have tried adding a Cisco-AVPair=ip:dns-servers=10.35.8.38 entry to the radgroupreply table (I am using mysql with freeradius). I have also tried many variants on the AVPair (like using a * instead of the second equals) but I cannot get the cisco to give the client DNS servers. The client is windows XP. The relevant part of the cisco config is below: aaa new-model aaa authentication login default group radius enable aaa authentication login linmethod group radius enable aaa authentication login vtymethod group radius enable aaa authentication login conmethod group radius enable aaa authentication ppp default if-needed group radius local aaa authorization exec default if-authenticated aaa authorization network default if-authenticated aaa authorization reverse-access default none aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius enable secret removed radius-server host 10.35.8.38 auth-port 1812 acct-port 1813 radius-server host 10.35.8.40 auth-port 1812 acct-port 1813 radius-server timeout 4 radius-server key removed Any help would be greatly appriciated. Tim Saunders - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Missing rlm sql mysql
List, I know this thread is about dead, but I wanted to correct some things. On Monday 16 June 2003 11:35, [EMAIL PROTECTED] wrote: Hi Michael, The rlm_sql_mysql file is for building the mysql database. Under the /freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_mysql directory you will find the configure file. Just run this script by entering ./configure and it will create your mysql database for you. rlm_sql is a module that freeradius uses to interact with databases. rlm_sql_mysql is a module that rlm_sql uses to interact with a mysql database. Running configure builds that module for you, it does not build the database. The database must by built by you, by hand! The tricky part is the fact that you must have the mysql development libraries installed on your system before these modules will build. The file ~/freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_mysql/db_mysql.sql is the file you pass into mysql to create the tables in the database for you. However, you must have created the database itself prior to trying to create the tables. If you look the the first few lines of db_mysql.sql you will see this: # db_mysql.sql rlm_sql - FreeRADIUS SQL Module # # # # Database schema for MySQL rlm_sql module# # # # To load:# # mysql -uroot -prootpass radius db_mysql.sql # This is assuming that you create a database called radius by hand before you run the above mysql command. The mysql libraries are kept in /usr/lib/mysql. The database is kept in /var/lib/mysql. Here you will find a directory for mysql and the mysql.sock driver file. If you create a new database, it will be stored in this directory under the database name. These above paths may be correct on your system, but different linux distributions and other OS's can have different paths. I don't want to sound like an a$$, I just wanted to make some clarifications. Hope this helps! Nick Kenneth L. Miller Information Technology Specialist CENWP-IM-C Portland, Oregon (503) 808-5056 -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: freeradius demo
Best practices for configuring freeradius: 1. Read the FAQs and the archives 2. Read and follow the book. It works! then, if you have problems: Best practices for finding resolution to problems: 1. Read debug statements completely. 2. Read the FAQs and the archives 3. Browse your config files. Best regards for your success. Tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 10:32 AM To: [EMAIL PROTECTED] Subject: RE: freeradius demo OK, but how do i configure freeradius to query a windows 2000 server for user information? Hello again! I have read the rfcs and some other articles, but I still have an comprehension problem! Following situation: 1. Company with 1000 users in different systems (unix/ads) 2. Dial-in possibility over some ISDN Routers (they are the radius clients) 3. One radius server in background how does the radius server know about the users? I made some experience (not FreeRadius supports a bunch of different user databases, from the original users' files to most anything you want using various modules. much at all) with Cisco ACS, and I think that acs is acting as a kind of proxy like this: nas (radclient) - acs (radserver) and acs (radclient) - w2ksrv (radsrv) -- +++ GMX - Mail, Messaging more http://www.gmx.net +++ Bitte lächeln! Fotogalerie online mit GMX ohne eigene Homepage! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Missing rlm sql mysql
I don't want to sound like an a$$, I just wanted to make some clarifications. Hope this helps! Nick No, you're not sounding anything close to that, Nick :-) I think you're pretty much speaking for the rest of us. The difference is that the rest of us either missed the post or couldn't be bothered correcting it... And just to support your point, I've got MySQL installed in /db/mysql (incidentally, Postgres' data is stored in /db/pgsql ...). I just like to have my databases in a separate partition altogether... ~Benjamin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Proxy by the DNIS help
I have read all of the archived posts about this subject and I can't seem to get this to work. Any advice would be greatly appreciated. What I need to have happen is for radius to proxy to another radius server (one of our customers) based on the DNIS regardless of realm. Some of our customers (which are ISP's) have multiple realms going to the same radius server. They would like to have us proxy to them based on where the call is coming from (i.e. the number assignments we give them). I don't want to have to add those realms to our radius server, just the DNIS numbers. If the DNIS is not found then I need for the radius server to use the realm to proxy. I have gotten proxy to work fine using the realm (In the proxy.conf file) but am unable to get proxy by DNIS to work. I am using freeradius-0.8.1 on Redhat 8.0. The RAS is a Cisco 5800 with a 7206 for the brain. I know it is sending the Called-Station-Id in the request: rad_recv: Accounting-Request packet from host 209.163.108.19:1646, id=211, length=244 Acct-Session-Id = 018C Framed-Protocol = PPP Framed-IP-Address = xxx.xxx.xxx.xxx X-Ascend-Connect-Progress = 60 X-Ascend-PreSession-Time = 5 X-Ascend-Xmit-Rate = 45333 X-Ascend-Data-Rate = 12000 Acct-Session-Time = 33 Connect-Info = 45333/12000 V90/V42bis/LAPM Acct-Input-Octets = 43872 Acct-Output-Octets = 140 X-Ascend-Pre-Input-Octets = 115 X-Ascend-Pre-Output-Octets = 89 Acct-Input-Packets = 133 Acct-Output-Packets = 7 X-Ascend-Pre-Input-Packets = 4 X-Ascend-Pre-Output-Packets = 4 Acct-Terminate-Cause = User-Request X-Ascend-Disconnect-Cause = 45 Acct-Authentic = RADIUS User-Name = [EMAIL PROTECTED] Acct-Status-Type = Stop NAS-Port = 27 NAS-Port-Type = Async Calling-Station-Id = async Called-Station-Id = 8145550010 Service-Type = Framed-User NAS-IP-Address = xxx.xxx.xxx.xxx Acct-Delay-Time = 0 I have done the default install using the ./configure options to put the files into the /etc/raddb directory. I have changed nothing except adding my test realms to the proxy.conf file, adding the necessary servers to the clients.conf file, and adding the following to the users file: DEFAULTCalled-Station-Id == 8145550010, Proxy-To-Realm := realm.net Fall-Through = No There is a realm.net entry in the proxy.conf file but again, I don't want to add a realm there as I want it to proxy using the DNIS. I know this is quite a big question but I would greatly appreciate any help all of you could find the time to give. Thanks in advance - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
error with mysql
today i add more client to my system and when i have 70 simultaneos users acounting with radius, i have this in logs. All sockets are being used! Please increase the maximum number of sockets! what i need to do ??? thnanks for all. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: DNS Servers
This would be a function of the same server/pool that is issuing your ip addresses to your client. If you want to be very specific per client then you can use the Ascend attributes to force the DNS servers. -Original Message- From: Tim Saunders [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 11:50 AM To: [EMAIL PROTECTED] Subject: DNS Servers I have a Cisco 3640 which uses freeradius for authentication. When a ppp session is established with the cisco no DNS servers are currently set on the client. I have tried adding a Cisco-AVPair=ip:dns-servers=10.35.8.38 entry to the radgroupreply table (I am using mysql with freeradius). I have also tried many variants on the AVPair (like using a * instead of the second equals) but I cannot get the cisco to give the client DNS servers. The client is windows XP. The relevant part of the cisco config is below: aaa new-model aaa authentication login default group radius enable aaa authentication login linmethod group radius enable aaa authentication login vtymethod group radius enable aaa authentication login conmethod group radius enable aaa authentication ppp default if-needed group radius local aaa authorization exec default if-authenticated aaa authorization network default if-authenticated aaa authorization reverse-access default none aaa accounting exec default start-stop group radius aaa accounting network default start-stop group radius enable secret removed radius-server host 10.35.8.38 auth-port 1812 acct-port 1813 radius-server host 10.35.8.40 auth-port 1812 acct-port 1813 radius-server timeout 4 radius-server key removed Any help would be greatly appriciated. Tim Saunders - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: rlm_acct_unique possible bug
Hi!
Really didn't notice that, happened couple of times, wonder why pppd
sends 2 acct-starts and sometimes with different session IDs.
Sorry to report this as it ain't a bug then, and thanks for the fast
reply.
Yes, problem in pppd's radius plug-in.
Acct-Session-Id generated as
strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id));
in radius_acct_start() function.
rc_mksid defined in pppd-source-root/pppd/plugins/radius/radiusclient/lib/util.c as
rc_mksid (void)
{
static char buf[14];
sprintf (buf, %08lX%04X, (unsigned long int) time (NULL), (unsigned int) get
pid ());
}
i.e. when radius server don't answer to Acct-Start request pppd
repeat it and generate another request Acct-Start, i.e. execute
radius_acct_start() one more.
so, i think, it's right to move line
strncpy(rstate.session_id, rc_mksid(), sizeof(rstate.session_id));
from radius_acct_start() function to radius_init(), so rc_mksid()
will called once.
Mike.
On Tue, 2003-06-17 at 14:54, Chris Parker wrote:
At 02:24 PM 6/17/2003 +0100, Manuel Sousa wrote:
Hi, all
I've been using freeradius and noticed that sometimes the
Acct-Unique-Session-ID gave me different values for the same inputs.
A partial output of radiusd -X is:
rlm_acct_unique: Hashing 'Acct-Session-Id = 3EEF21621014,User-Name =
noc'
rlm_acct_unique: Acct-Unique-Session-ID = 889e46aba4217ad4.
rlm_acct_unique: Hashing 'Acct-Session-Id = 3EEF21631014,User-Name =
noc'
rlm_acct_unique: Acct-Unique-Session-ID = 6836c775ae8a6c48.
Wonder if anyone else experienced the same problem. I'm using
freeradius-0.8.1.
Look closer at the Acct-Session-Id, particulary the 8th position. Your
first line has a '2', your second line has a '3'. They are not the same,
hence the hash result is not the same.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: DNS Servers
Hi Tim,
Try adding the following to your CISCO.
ip name-server XXX.XXX.XXX.XXX (ip of your dns server)
or
async-bootp dns-server XXX.XXX.XXX.XXX (ip of your dns server)
I use both, but on different NAS boxes that do different
types of service.
Mike
P.S.
check out this clip from another message...
Start Clip
In ancient days, we implemented support for the RFC-1877
IPCP DNS server option by taking the addresses from the
ip name-server values. We never documented this however;
our first documented support of RFC-1877 was via
async-bootp {dns-server|nbns-server}.
For a time both async-bootp and ip name-server worked
to supply DNS server addresses, with the former taking precedence.
Recently ip name-server stopped working for this function.
I'm not sure when - maybe at the time when ppp ipcp dns-server
was implemented? We discussed this issue a bit internally
recently, and decided that, since we never documented this
use of ip name-server, we're better off with it not being
used for IPCP.
So: use async-bootp or ppp ipcp to configure your
RFC-1877 DNS addresses ... but if you're using ip name-server
for this with some older IOS, you should be aware that this is apt
to stop working when you upgrade.
As far as Chip's query about which is more efficient of the two
supported methods ... both are quite efficient, no need to worry
there. I guess I'd use async-bootp since it's global, unless
I had to specify different values on a per-interface basis, in
which case I'd use ppp ipcp.
I should mention while I'm at it that there are OTHER ways to
get the DNS/WINS addresses into IPCP: you can proxy them from a
(possibly local) DHCP server, or you can get them from AAA.
Have fun,
Aaron
---
Chip,
I couldn't find any good references, but I'm pretty sure the 'ip
name-server' would NOT work for your dialup users...it seems related to
'ip domain-lookup' and the 'ip domain-name' commands, both of which are
for local name resolution only. The only commands I've used to hand out
addresses to dialup users are the 'async-bootp' and 'ppp ipcp' commands.
If you had conflicting definitions, like:
!
async-bootp dns-server 1.1.1.1
!
interface dialer 1
ppp ipcp dns-server 2.2.2.2
I'm pretty sure the most specific command would take precedence, like,
if you landed on dialer 1, you'd get 2.2.2.2 for dns, but if you landed
on dialer 3, for example, you'd get the globally configured option...
Eric
-Original Message-
From: Chip Old [mailto:[EMAIL PROTECTED]
Sent: Wednesday, September 04, 2002 7:38 PM
To: CISCO-NAS
Subject: Re: Question on Dynamic DNS
On Wed, 4 Sep 2002, Aaron Leonard wrote:
I don't think that ppp ipcp dns was around back then, but you can
use the global command async-bootp dns-server X.X.X.X Y.Y.Y.Y to
accomplish the same thing. This will allow PPP clients to learn their
DNS servers from you via IPCP negotiations (assuming that they support
this.)
If I remember correctly, in the absense of async-bootp dns-server
X.X.X.X, doesn't the NAS use the ip name-server X.X.X.X statement (if
present)?
If both are present, which is used during the IPCP negotiations?
--
Chip Old (Francis E. Old) E-Mail: [EMAIL PROTECTED]
Manager, BCPL Network Services Phone: 410-887-6180
Manager, BCPL.NET Internet Services FAX: 410-887-2091
320 York Road
Towson, MD 21204 USA
-End Clip--
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tim Saunders
Sent: Tuesday, June 17, 2003 10:50 AM
To: [EMAIL PROTECTED]
Subject: DNS Servers
I have a Cisco 3640 which uses freeradius for authentication. When a ppp
session is established with the cisco no DNS servers are currently set
on the client. I have tried adding a
Cisco-AVPair=ip:dns-servers=10.35.8.38 entry to the radgroupreply table
(I am using mysql with freeradius). I have also tried many variants on
the AVPair (like using a * instead of the second equals) but I cannot
get the cisco to give the client DNS servers.
The client is windows XP.
The relevant part of the cisco config is below:
aaa new-model
aaa authentication login default group radius enable
aaa authentication login linmethod group radius enable
aaa authentication login vtymethod group radius enable
aaa authentication login conmethod group radius enable
aaa authentication ppp default if-needed group radius local
aaa authorization exec default if-authenticated
aaa authorization network default if-authenticated
aaa authorization reverse-access default none
aaa accounting exec default start-stop group radius
aaa accounting network default start-stop group radius
enable secret removed
radius-server host 10.35.8.38 auth-port 1812 acct-port 1813
radius-server host 10.35.8.40 auth-port 1812 acct-port 1813
radius-server timeout 4
radius-server key
Re: rlm_perl cause fall out to core
Hi. I have a problem with rlm_perl on version 0.8.1 (under FreeBSD 5.1 Release). After starting radiusd with -xyz I've got segmentation fault. What I do wrong? I confirm the problem. My radiusd (latest snapshot) works fine until it got -HUP signal. After kill -HUP it works until first request or next -HUP signal. without rlm_perl all looks stable. linux 2.4.20-SMP, slackware 9.0. perl, v5.8.0 built for i386-linux. Mike. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
attr_rewrite troubles
Freeradius version 0.8.1
FreeBSD version 4.8
I am trying to rewrite the User-Name attribute using
attr_rewrite add_realm {
attribute = User-Name
searchin = packet
searchfor = ^[a-z0-9_\-]+$
replacewith = @domain
ignore_case = yes
max_matches = 1
new_attribute = no
append = yes
}
and then placing the module call within the
accounting {
acct_unique
add_realm
detail
# counter
unix# wtmp file
radutmp
# sradutmp
}
This sort of works, but what the detail file contains is as follows
Tue Jun 17 14:57:54 2003
Acct-Session-Id = EB32
User-Name = username
NAS-IP-Address = 10.10.10.1
NAS-Port = 0
NAS-Port-Type = Async
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 10.10.10.2
Acct-Delay-Time = 0
Client-IP-Address = 10.10.10.1
Stripped-User-Name = [EMAIL PROTECTED]
Realm = NULL
Acct-Unique-Session-Id = e44b1b3600511703
Timestamp = 1055887074
It modifies the Stripped-User-Name and not the User-Name attribute which
is what I am after. Any suggestions would be most helpful, thank you.
--
Sean Peterson
System Administrator
ABC Communications, Valley Internet Division
[EMAIL PROTECTED] 250.770.1384
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: how to deny access based on realm
Hi Chris, Thanks for the tip. Good call, I didnt have a DEFAULT realm. I added one, and if it matches, it seems Realm is set to DEFAULT rather than whatever the realm was. This is probably not a problem. If I have realms I explicitly need to reject, I'll add a separate entry for each to proxy.conf, then add a line to users to catch it like I had below. That appears to work. Another plan would be to use DEFAULT to catch illegal realms. This would require an entry for each good realm in proxy.conf so it won't match DEFAULT. It seems strange to fill up proxy.conf with local realms, but I guess that behavior can be configured whichever way makes life easier for the operators. Are there any guidelines I should be aware of for how or whether to use proxy.conf for local realms? Dave Chris Parker wrote: At 01:51 PM 6/13/2003 -0500, Dave Mason wrote: Hi, I checked the FAQ and comments in the users file, and thought I had this, but I gave it a shot and it didnt work. I need to reject any user who tries to authenticate from a particular realm, then if it's OK use EAP. I added this to the users file: --- DEFAULT Realm == badrealm.com, Auth-Type := Reject Reply-Message = This realm is not supported. DEFAULT Auth-Type := EAP I'm going to take a stab in the dark and guess that you don't have a DEFAULT realm configured. I would suggest you add a DEFAULT realm entry to process it locally. The Realm attribute is not added unless if matches a realm ( and *everything* not otherwise defined will match DEFAULT ). Alternatively, you could define 'badrealm' in your config in lieu of a DEFAULT entry if you didn't want to create the DEFAULT for other reasons. -Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
MySQL database error
After spending most of the day yesterday fooling with freeradius0.8.1-I isntalled 0.7 and got it to load the sql module with no problems! Howver, when trying to authenticate it using an SQL database entry I get the following: Wed Jun 18 02:25:33 2003 : Error: rlm_sql_authorize: database query error Logged into my radius.log. I can authenticate fine using the 'users' file, but not using the sql database. I looked around the net and found others who had this problem solved it by upgrading to .8 or .8.1-but I have tried both and cannot get either one to load the sql module correctly Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin w/ postgre..
Hello Lister... any one has successfully deploy dialup_admin w/ postgre backend. I have problems when deploy it: 1. I tried many times and when i create a user using dialup_admin there is a message say Could not connect to SQL database. FYI I have set the postgre to listen to TCP socket (with -i options). I set the user,password,host=localhost,table etc. The message always show up. 2. I cannot use the sql command in /sql dir into postgre. Aways error. any one has the right sql command for postgre? Regards Maurice Quasarmail.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius MIBS
Did anyone in that list have the Freeradius MIBS working under Solaris 2.8? If yes, please help. Regards Yasser Ahmed Hosny - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
This was covered all yesterday, but here is the output of radiusd -x when compiled using the source tarball from freeradius.org using ./configure --with-raddbdir=/etc/raddb --with-logdir=/var/log/radius: [MOCKINGBIRD.ROOT][/home/jefft/freeradius-0.8.1]# radiusd -x Starting - reading configuration files ... Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded SQL rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[14]: sql: Module instantiation failed. I go to the ports collection provided with FreeBSD (/usr/ports/net/freeradius/work/freeradius-0.7) and run the SAME configure line: ./configure --with-raddbdir=/etc/raddb --with-logdir=/var/log/radius It builds, installs and loads the sql module with no problem: [MOCKINGBIRD.ROOT][/usr/ports/net/freeradius/work/freeradius-0.7]# radiusd -x Starting - reading configuration files ... Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded SQL rlm_sql: Driver rlm_sql_mysql loaded and linked rlm_sql: Attempting to connect to [EMAIL PROTECTED]:/radius rlm_sql: starting 0 rlm_sql: Attempting to connect #0 rlm_sql: Starting connect to MySQL server for #0 rlm_sql: Connected new DB handle, #0 rlm_sql: starting 1 rlm_sql: Attempting to connect #1 rlm_sql: Starting connect to MySQL server for #1 rlm_sql: Connected new DB handle, #1 rlm_sql: starting 2 rlm_sql: Attempting to connect #2 rlm_sql: Starting connect to MySQL server for #2 rlm_sql: Connected new DB handle, #2 rlm_sql: starting 3 rlm_sql: Attempting to connect #3 rlm_sql: Starting connect to MySQL server for #3 rlm_sql: Connected new DB handle, #3 rlm_sql: starting 4 rlm_sql: Attempting to connect #4 rlm_sql: Starting connect to MySQL server for #4 rlm_sql: Connected new DB handle, #4 Module: Instantiated sql (sql) Module: Loaded files [/etc/raddb/users]:80 Cistron compatibility checks for entry steve ... [/etc/raddb/users]:150 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/users]:169 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/users]:181 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/users]:188 Cistron compatibility checks for entry DEFAULT ... [/etc/raddb/users]:195 Cistron compatibility checks for entry DEFAULT ... Module: Instantiated files (files) Module: Loaded realm Module: Instantiated realm (suffix) Module: Loaded radutmp Module: Instantiated radutmp (radutmp) Initializing the thread pool... Listening on IP address *, ports 1645/udp and 1646/udp. Ready to process requests. I have tried all of the ./configure switches to try and get .8 or .8.1 to load the rlm_sql_mysql module-but it will not. I KNOW this module is installing, but when radiusd goes to start it crashes. I REALLY need to get this working with mysql, but cannot make heads or tails of the problems I am having... On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
On Tue, Jun 17, 2003 at 10:16:55PM -0500, Jeff Thompson - World Net Technical Support wrote: This was covered all yesterday, but here is the output of radiusd -x when See below On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) You missed that last part. Actually, just the 'strace -e open' equivalent. Just plain strace would be too noisy. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
[MOCKINGBIRD.ROOT][/home/jefft]# strace -e open radiusd open(/usr/local/lib/libradius-0.7.so, O_RDONLY) = 3 open(/var/run/ld-elf.so.hints, O_RDONLY) = 3 open(/usr/lib/libcrypt.so.2, O_RDONLY) = 3 open(/usr/lib/libcipher.so.2, O_RDONLY) = 3 open(/usr/local/lib/libltdl.so.4, O_RDONLY) = 3 open(/usr/lib/libc_r.so.4, O_RDONLY) = 3 open(/usr/lib/libc.so.4, O_RDONLY)= 3 open(/etc/localtime, O_RDONLY)= 5 Wed Jun 18 05:42:12 2003 : Info: Starting - reading configuration files ... open(/etc/raddb/radiusd.conf, O_RDONLY) = 5 open(/etc/raddb/proxy.conf, O_RDONLY) = 6 open(/etc/raddb/clients.conf, O_RDONLY) = 6 open(/etc/raddb/snmp.conf, O_RDONLY) = 6 open(/etc/raddb/sql.conf, O_RDONLY) = 6 open(/etc/raddb/dictionary, O_RDONLY) = 5 open(/etc/raddb/dictionary.compat, O_RDONLY) = 6 open(/etc/raddb/dictionary.acc, O_RDONLY) = 6 open(/etc/raddb/dictionary.ascend, O_RDONLY) = 6 open(/etc/raddb/dictionary.bay, O_RDONLY) = 6 open(/etc/raddb/dictionary.cisco, O_RDONLY) = 6 open(/etc/raddb/dictionary.cisco.vpn3000, O_RDONLY) = 6 open(/etc/raddb/dictionary.cisco.vpn5000, O_RDONLY) = 6 open(/etc/raddb/dictionary.cisco.bbsm, O_RDONLY) = 6 open(/etc/raddb/dictionary.colubris, O_RDONLY) = 6 open(/etc/raddb/dictionary.livingston, O_RDONLY) = 6 open(/etc/raddb/dictionary.microsoft, O_RDONLY) = 6 open(/etc/raddb/dictionary.nomadix, O_RDONLY) = 6 open(/etc/raddb/dictionary.quintum, O_RDONLY) = 6 open(/etc/raddb/dictionary.redback, O_RDONLY) = 6 open(/etc/raddb/dictionary.shasta, O_RDONLY) = 6 open(/etc/raddb/dictionary.shiva, O_RDONLY) = 6 open(/etc/raddb/dictionary.tunnel, O_RDONLY) = 6 open(/etc/raddb/dictionary.usr, O_RDONLY) = 6 open(/etc/raddb/dictionary.versanet, O_RDONLY) = 6 open(/etc/raddb/dictionary.erx, O_RDONLY) = 6 open(/etc/raddb/dictionary.freeradius, O_RDONLY) = 6 open(/etc/raddb/dictionary.alcatel, O_RDONLY) = 6 open(/etc/raddb/dictionary.juniper, O_RDONLY) = 6 open(/etc/raddb/dictionary.alteon, O_RDONLY) = 6 open(/etc/raddb/clients, O_RDONLY)= 5 open(/etc/raddb/realms, O_RDONLY) = 5 open(/etc/raddb/naslist, O_RDONLY)= 5 open(/etc/resolv.conf, O_RDONLY) = 6 open(/etc/host.conf, O_RDONLY)= 6 open(/etc/hosts, O_RDONLY)= 6 open(/usr/local/lib/rlm_mschap.la, O_RDONLY) = 5 open(/usr/local/lib/rlm_mschap.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_mschap-0.7.so, O_RDONLY) = 5 open(/usr/local/lib/rlm_preprocess.la, O_RDONLY) = 5 open(/usr/local/lib/rlm_preprocess.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_preprocess-0.7.so, O_RDONLY) = 5 open(/etc/raddb/huntgroups, O_RDONLY) = 5 open(/etc/raddb/hints, O_RDONLY) = 5 open(/usr/local/lib/rlm_chap.la, O_RDONLY) = 5 open(/usr/local/lib/rlm_chap.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_chap-0.7.so, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql.la, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql-0.7.so, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql_mysql.la, O_RDONLY) = 5 open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/rlm_sql_mysql.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql_mysql.so.0, O_RDONLY) = 5 open(/usr/lib/libmysqlclient.so.10, O_RDONLY) = 5 open(/usr/lib/libz.so.2, O_RDONLY)= 5 open(/usr/lib/libm.so.2, O_RDONLY)= 5 open(/var/log/radius/radius.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 5 open(/var/log/radius/radius.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 5 open(/var/log/radius/radius.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 5 open(/etc/services, O_RDONLY) = 5 open(/usr/local/share/mysql/charsets/Index, O_RDONLY) = 6 open(/var/log/radius/radius.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 6 open(/var/log/radius/radius.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 7 open(/var/log/radius/radius.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 8 open(/var/log/radius/radius.log, O_WRONLY|O_APPEND|O_CREAT, 0666) = 9 open(/usr/local/lib/rlm_files.la, O_RDONLY) = 10 open(/usr/local/lib/rlm_files.a, O_RDONLY) = 10 open(/usr/local/lib/rlm_files-0.7.so, O_RDONLY) = 10 open(/etc/raddb/users, O_RDONLY) = 10 open(/etc/raddb/acct_users, O_RDONLY) = 10
Re: MySQL database error
And here's some more output, this is my buffer after trying to login to my NAS using the 'jefft' account I created in mysql database 'radius' rad_recv: Access-Request packet from host 204.57.72.47:1026, id=19, length=57 User-Name = jefft User-Password = \207C\017J\366\353\253\221\231Z8\370)M\377\336 NAS-IP-Address = 204.57.72.47 NAS-Port = 99 rlm_chap: Could not find proper Chap-Password attribute in request rlm_sql: Reserving sql socket id: 2 query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jefft' ORDER BY id query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id query: MYSQL check_error: 1065 received rlm_sql_authorize: database query error rlm_sql: Released sql socket id: 2 rad_recv: Access-Request packet from host 204.57.72.47:1026, id=19, length=57 Sending Access-Reject of id 19 to 204.57.72.47:1026 rad_recv: Access-Request packet from host 204.57.72.47:1026, id=20, length=57 User-Name = jefft User-Password = \345\253q\320\006\243\271\222)\314\246\326x\250\357\242 NAS-IP-Address = 204.57.72.47 NAS-Port = 99 rlm_chap: Could not find proper Chap-Password attribute in request rlm_sql: Reserving sql socket id: 1 query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jefft' ORDER BY id query: SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id query: SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'jefft' ORDER BY id query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'jefft' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id query: MYSQL check_error: 1065 received rlm_sql_authorize: database query error rlm_sql: Released sql socket id: 1 rad_recv: Access-Request packet from host 204.57.72.47:1026, id=20, length=57 Sending Access-Reject of id 20 to 204.57.72.47:1026 - Original Message - From: Frank Cusack [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, June 17, 2003 10:35 PM Subject: Re: MySQL database error On Tue, Jun 17, 2003 at 10:16:55PM -0500, Jeff Thompson - World Net Technical Support wrote: This was covered all yesterday, but here is the output of radiusd -x when See below On Tue, Jun 17, 2003 at 07:30:57PM -0500, Jeff Thompson - World Net Technical Support wrote: Can someone give me some ideas here? 0.7 is the only version I can get to work on FreeBSD, but would like to use .8.1 if it would load the mysql modules. Anyone? It'd be good if you could post the radiusd -X intermingled with strace output. (Whatever the strace equiv is on FreeBSD.) You missed that last part. Actually, just the 'strace -e open' equivalent. Just plain strace would be too noisy. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
On Tue, Jun 17, 2003 at 10:40:57PM -0500, Jeff wrote: [MOCKINGBIRD.ROOT][/home/jefft]# strace -e open radiusd really should have done radiusd -X, but still the info here is good: open(/usr/local/lib/libradius-0.7.so, O_RDONLY) = 3 first of all, this is freeradius 0.7, not 0.8.1 or CVS (CVS will say 0.8.1 as well) ... open(/usr/local/lib/rlm_sql.la, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql-0.7.so, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql_mysql.la, O_RDONLY) = 5 open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) Can you show me the contents of /usr/local/lib/rlm_sql_mysql.la ? (It's a text file) open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(libz.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/local/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(/usr/lib/libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) open(libmysqlclient.la, O_RDONLY) = -1 ENOENT (No such file or directory) So the problem should be clear ... the mysql lib either cannot be found, or the runtime linker is not configured properly, or the library path is not encoded into the rlm_sql_mysql library properly. open(/usr/local/lib/rlm_sql_mysql.a, O_RDONLY) = 5 open(/usr/local/lib/rlm_sql_mysql.so.0, O_RDONLY) = 5 This is not a versioned library; an indicator that this is not the CVS freeradiusd. (But we already knew that.) open(/usr/lib/libmysqlclient.so.10, O_RDONLY) = 5 open(/usr/lib/libz.so.2, O_RDONLY)= 5 So here, you can see libz was found. It's hard to tell exactly from this trace, but it's likely that this one is found because the system libmysqlclient is correct while the freeradius module is incorrect (regarding the library path). You'll need to post 0.8.1 results (or preferrably CVS) for me to go further. I'm not interested in looking at 0.7 issues. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: MySQL database error
Ok I installed version 0.8.1, but I still see the
open(/usr/local/lib/libradius-0.7.so, O_RDONLY) = 3
line. This would indicate-as you said that the linker is not working
correctly? Or looking in the wrong place?
Here is the output from radiusd -X (running version 0.8.1):
[MOCKINGBIRD.ROOT][/home/jefft/freeradius-0.8.1]# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
Config: including file: /etc/raddb/sql.conf
main: prefix = /usr/local/
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/local//lib:/usr/local/lib
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 1645
main: allow_core_dumps = no
main: log_stripped_names = yes
main: log_file = /var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = no
main: pidfile = /var/run/radiusd/radiusd.pid
main: user = radius
main: group = radius
main: usercollide = no
main: lower_user = after
main: lower_pass = no
main: nospace_user = before
main: nospace_pass = before
main: checkrad = /usr/local//sbin/checkrad
main: proxy_requests = no
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: servers_per_realm = 15
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/local/lib:/usr/local/lib
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded MS-CHAP
mschap: ignore_password = no
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded SQL
sql: driver = rlm_sql_mysql
sql: server = localhost
sql: port =
sql: login = root
sql: password = password
sql: radius_db = radius
sql: acct_table = radacct
sql: acct_table2 = radacct
sql: authcheck_table = radcheck
sql: authreply_table = radreply
sql: groupcheck_table = radgroupcheck
sql: groupreply_table = radgroupreply
sql: usergroup_table = usergroup
sql: nas_table = nas
sql: dict_table = dictionary
sql: sqltrace = yes
sql: sqltracefile = /var/log/radius/sqltrace.sql
sql: deletestalesessions = yes
sql: num_sql_socks = 5
sql: sql_user_name = %{User-Name}
sql: default_user_profile =
sql: query_on_not_found = no
sql: authorize_check_query = SELECT id,UserName,Attribute,Value,op FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id
sql: authorize_reply_query = SELECT id,UserName,Attribute,Value,op FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id
sql: authorize_group_check_query = SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
sql: authorize_group_reply_query = SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '%{SQL-User-Name}' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
sql: accounting_onoff_query = UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay =
%{Acct-Delay-Time} WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '%{NAS-IP-Address}' AND AcctStartTime = '%S'
sql: accounting_update_query = UPDATE radacct SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND
UserName = '%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStopTime = 0
sql: accounting_start_query = INSERT into radacct (RadAcctId,
AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId,
NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic,
ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets,
