Re: using md5/crypt from /etc/shadow
On Wed, Jul 16, 2003 at 11:17:21AM -0700, Bryan Koschmann - GKT wrote: > So, first off, can freeradius authenticate from mysql using md5 (while the > client sends cleartext - using pm3s)? If so, can I mix the two types, > crypt and md5, or do they HAVE to be in md5? A glibc2 based systems crypt can do md5 passwords. Please check man crypt if it can do. If not, rlm_pap can do md5. There should be also some mails in the lists archive which describe who crypt & md5 can be used. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
user_admin
freeradius-users we know that in the user_admin of dialupadmin the admin can edit user every attrb.My problem is I want to make the user_admin chage ,when user wants to in user_admin he should input his username and passwd ,after that he only can change his info、passwd etc. Can you do me a favour to change the user_admin do? alantu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ldap whitespace patch
Alan,
I don't know if this is something you want to include but I thought I
would mail it to you in case you do want it.
This patch causes the rlm_ldap module to reject usernames that have
whitespace in them. This was causing me a lot of grief because ldap was
accepting usernames with whitespace causing the NAS to send accounting
messages with white space. This white space caused the Simultaneous-Use
code to break and it also caused a lot of accounting headaches.
There was also one case there a user was authenticated with more than 30
chars of whitespace which broke accounting when the rlm_postgres module
when to put that username in a varchar(20) column.
BTW, I can barely hack my way around c so hopefully there isn't anything
wrong with my code.
schu
diff -urN rlm_ldap/rlm_ldap.c rlm_ldap.patched/rlm_ldap.c
--- rlm_ldap/rlm_ldap.c Wed Jul 16 14:22:41 2003
+++ rlm_ldap.patched/rlm_ldap.c Wed Jul 16 14:09:09 2003
@@ -148,6 +148,8 @@
#include "modules.h"
#include "rad_assert.h"
+#include
+
#define MAX_FILTER_STR_LEN 1024
#define TIMELIMIT 5
@@ -1002,6 +1004,8 @@
charmodule_fmsg[MAX_STRING_LEN];
LDAP_CONN *conn;
int conn_id = -1;
+ regex_t re;
+ char*pattern = "[[:space:]]";
DEBUG("rlm_ldap: - authorize");
@@ -1020,6 +1024,17 @@
radlog(L_ERR, "rlm_ldap: zero length username not permitted\n");
return RLM_MODULE_INVALID;
}
+
+ /*
+* Check for valid input whitespace in names is not permitted
+*/
+ regcomp(&re, pattern, REG_EXTENDED|REG_NOSUB);
+ if (regexec(&re, request->username->strvalue, (size_t) 0, NULL, 0) != 1) {
+ radlog(L_ERR, "rlm_ldap: whitespace in username not permitted\n");
+ return RLM_MODULE_INVALID;
+ }
+ regfree(&re);
+
DEBUG("rlm_ldap: performing user authorization for %s",
request->username->strvalue);
Re: freeradius debian dependencies
>Kirt Runolfson <[EMAIL PROTECTED]> wrote: >> I really don't want these x packages installed on my radius server. >> Since I don't intend to use odbc, how can I remove the dependency on >> libiodbc2? Or is my best bet some other method? >Alan DeKok wrote: > Don't configure the sql module to use iodbc, and it won't be linked >against. Thank you for the response Alan. I tried using the --without-rlm_sql configure option in the debian/rules script, but that broke the package build. A previous thread mentioned breaking off the rlm stuff into Yet Another debian package. There are cons to this, but I think in this case, the pros out weigh the cons. As it is now, just installing freeradius wants to install 17.5 MB worth of packages on a woody server and pulls all sorts of X packages: The following NEW packages will be installed: freeradius libfreetype6 libglib1.2 libgtk1.2 libgtk1.2-common libiodbc2 libltdl3 libsnmp-base libsnmp4.2 xfree86-common xlibs 0 packages upgraded, 11 newly installed, 0 to remove and 0 not upgraded. Need to get 6590kB of archives. After unpacking 17.6MB will be used. One other option might be to compile sid's libiodbc2 for woody as well, since it does not have the x dependencies. Please cc me in any response as I am not on the list yet. -Kirt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius debian dependencies
Kirt Runolfson <[EMAIL PROTECTED]> wrote: > I really don't want these x packages installed on my radius server. > Since I don't intend to use odbc, how can I remove the dependency on > libiodbc2? Or is my best bet some other method? Don't configure the sql module to use iodbc, and it won't be linked against. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius debian dependencies
I just got through compiling freeradius-0.9.0-pre3.tar.gz on Debian woody. One of the things that it depends on is libiodbc2. This in turn depends on libglib1.2 (>= 1.2.0), libgtk1.2 (>= 1.2.10-4), xlibs (>> 4.1.0) I really don't want these x packages installed on my radius server. Since I don't intend to use odbc, how can I remove the dependency on libiodbc2? Or is my best bet some other method? Thank you, Kirt Runolfson Interlink Advantage - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Accounting Packets with zero session length
I got this message when I define Simultaneous-use=1 in Freeradius 0.8 and the user connect still connected and connect again in the same radius The radius allow him to connect twice how can I block the users to connect twice? Sorry for my english Frederico On Tue, 2003-07-15 at 08:35, Rob Hartzenberg wrote: > Hi again, > > > > > > > > > > Tue Jul 15 10:28:49 2003 : Error: rlm_sql: Stop packet with zero session > > > length. (user '[EMAIL PROTECTED]', nas '155.239.xx.xxx') > > > > > > > > > Any ideas on how to get around this? > > > > change > > #define CISCO_ACCOUNTING_HACK > > to > > #undef CISCO_ACCOUNTING_HACK > > > > in src/modules/rlm_sql/conf.h > > > > If you grep for it in rlm_sql.c you will see that this thing is > > responsible for dropping them. > > > > Oliver. > > The question that comes to mind now, is that surely this only occurs on the > actual logging of the packet to the sql db. > Will dropping this in rlm_sql affect the radutmp file at all? > > basically, I need to decide if this is what is causing the "stale" users > syndrome or not. > > -TIA > -Rob > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Frederico Terra Boechat [EMAIL PROTECTED] Administrador de Redes Mar Internet Provider www.mar.com.br - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
using md5/crypt from /etc/shadow
Hello, I'm trying to setup freeradius on a new server (have been using cistron on my older server). I am planning on using mysql for all authentication, however I am curious about something. Currently we authenticate most users from the passwd file (shadow). Because of the way they were added, some passwords are in crypt, others in md5. So, first off, can freeradius authenticate from mysql using md5 (while the client sends cleartext - using pm3s)? If so, can I mix the two types, crypt and md5, or do they HAVE to be in md5? Thanks, Bryan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dictionary for Nortel's Passport 8000 products
hi, i'd like to know who to contact to request additional dictionary to be added in the next release of freeradius. i have a dictionary for Nortel's Passport 8000 products for freeradius. thank you.
Re: dictionary for Nortel's Passport 8000 products
submit it to the list On Wed, 2003-07-16 at 13:01, lunar dee wrote: > hi, > i'd like to know who to contact to request additional dictionary to be > added in the next release of freeradius. > i have a dictionary for Nortel's Passport 8000 products for > freeradius. > thank you. > > > -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dictionary for Nortel's Passport 8000 products
hi, i'd like to know who to contact to request additional dictionary to be added in the next release of freeradius. i have a dictionary for Nortel's Passport 8000 products for freeradius. thank you.
RE: Handling of the 'Class' attribute
> -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > Alan DeKok > Sent: Wednesday, July 16, 2003 7:31 AM > To: [EMAIL PROTECTED] > Subject: Re: Handling of the 'Class' attribute > > > "Alex Chen" <[EMAIL PROTECTED]> wrote: > > Because the client app. takes the output from 'radclient' directly, > > the 'Class' value always starts with '0x' prefix and following by > > the hex numbers representation of the octets. When it sends it back > > to the server, it is no the same raw data as the one stored in DB > > (in its binary form). > > Then the client APP is wrong. > > Is it a FreeRADIUS-based app? If so, then it should work, and you > need to say *exactly* how you're using the Class attribute, including > REAL examples. > > If it's not based on the FreeRADIUS code, then why are you > complaining to the FreeRADIUS list that your client app is broken? > There's nothing we can do to fix it. > I am not asking for any fix in the radius server or client. I am just pointing out my observation and see what I can do to get the result I need. > Write a dumb "perl" script which converts the hex "0x41..." to a > string, and pass that string back to the broken client app. > That is what I want to hear. I indicated in my previous mail saying exactly that. I said 'something' has to do the conversion from this '0x41' hex string spit out by 'radclient' back to the original octets so they can be send back to the server. Maybe I did not read it right, but the impression I got from the mail exchange was that I should not do anything at all and just pass the string printed out by 'radclient' right back to the server. > > The server works. The code is correct. It Does The Right Thing. > I do not dispute that at all. It is the interpretation of the output printed out by 'radclient' that caused my confusion. Anyway, I think we had enough discussion on this and should let it rest. Case closed. > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ipaddress do not work with dialupadmin
freeradius-users HI ALL In the dialupadmin web ,when make a new user ,you can define the user ipaddress and netmask .when i make ,but it does not work .can everybody tell me how to make ? alantu [EMAIL PROTECTED] 2003-07-16 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Handling of the 'Class' attribute
> From: Alex Chen > Sent: Wednesday, 16 July 2003 10:26 AM > Because the client app. takes the output from 'radclient' directly, > the 'Class' value always starts with '0x' prefix and following by the hex > numbers representation of the octets. When it sends it back to the > server, it is no the same raw data as the one stored in DB (in its binary form). What it gets back is exactly the raw data stored in binary form, or at least the raw data given in binary form to FreeRADIUS by your database. The problem is that you've not got anything to tell your database to present the raw data it got back as ASCII data. The default thing to do with raw data into a string column in mySQL is to present the data as an ASCII string representing the raw data. eg if you give 0x41424344 to mySQL to put into a string column, it will treat it as "0x41424344" which as far as FreeRADIUS is concerned is a different value entirely. In short, if FreeRADIUS immediately inserted what it got from mySQL, mySQL would not contain the same value it got. And as far as I can think at this late hour, that's correct behaviour. The exceptional case is when the string starts with 0x, in which case FreeRADIUS interprets it not as a series of bytes, but a string representation of those bytes. And so when it gives it back to mySQL, mySQL ends up with the same thing it started with. I'd suggest that the DB schema should use a different type for Class, except that a string is the most sensible given the variable length of the value stored... > The questions is how I handle this? Store the octets in your DB in the form 0xnnn. That way the presentation forms you get back match those you sent. OR Massage your INSERT/UPDATE queries (Using a stored procedure, I expect) to transform the raw data it receives from FreeRADIUS into the characters whose ASCII values they hold. I don't guarantee this is possible though. :-) The only way the attribute will actually be changed is if you put "'s around it, as Alan pointed out earlier, when you put the data back into radclient from your local client code. If you want to verify or disprove the idea that the data is being mangled, get tcpdump, an RFC, and look at the packets going back and forth. If you're still stuck, try capturing both directions of a single conversation with radclient (using tee?), and post 'em to the list, just in case you've found a bug. (Although having just read the relevant code, I doubt it.) Given the simplicity of radclient.c, wouldn't it be easier to make your software talk Radius through libradius than trying to talk 'text' with radclient? (Only a thought...) -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.8.1 , src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c
Eeeek. I have no idea what you have done here :-) try using the latest Prerelease version from: ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.0-pre3.tar.gz Let us know how you go.. Peter On Wed, 16 Jul 2003 04:53 pm, Ali Gunduz wrote: > Sorry if this is reported before... > > I'm having these errors while compiling 0.8.1 with postgresql support. > > # > sql_postgresql.c:115:31: missing terminating " character > sql_postgresql.c: In function `sql_check_error': > sql_postgresql.c:116: error: parse error before "s" > sql_postgresql.c:116:22: missing terminating " character > sql_postgresql.c:129:31: missing terminating " character > sql_postgresql.c:130: error: parse error before "s" > sql_postgresql.c:130:11: missing terminating " character > sql_postgresql.c: In function `sql_query': > sql_postgresql.c:227: warning: implicit declaration of function > `sql_store_result' > sql_postgresql.c:228: warning: implicit declaration of function > `sql_num_fields' > sql_postgresql.c: At top level: > sql_postgresql.c:257: warning: `sql_store_result' was declared > implicitly `extern' and later `static' > sql_postgresql.c:227: warning: previous declaration of > `sql_store_result' > sql_postgresql.c:274: warning: `sql_num_fields' was declared implicitly > `extern' and later `static' > sql_postgresql.c:228: warning: previous declaration of `sql_num_fields' > make[10]: *** [sql_postgresql.o] Error 1 > #--- > > > Mentioned file is: > src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c > > Line 115 of this file is: > radlog(L_DBG, "rlm_sql_postgresql: Postgresql > check_error: > s, returning SQL_DOWN", PQresStatus(error)); > > (there's a newline at the end of first line.. Above code segment is > actually two lines in sql_postgresql.c) > > Guess it'd be: > radlog(L_DBG, "rlm_sql_postgresql: Postgresql > check_error: %s, returning SQL_DOWN", PQresStatus(error)); > > > > The same mistake exists on line 128 too... > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.8.1 , src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c
"Ali Gunduz" <[EMAIL PROTECTED]> wrote: > I'm having these errors while compiling 0.8.1 with postgresql support. It's a bug in 0.8.1, which is fixed in 0.9.0. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migration from Steel Belted Radius to FreeRadius
Jim Watts <[EMAIL PROTECTED]> wrote: > Currently, my company is migrating all core services from NT4.0 to > Linux/FreeBSD ;) I wonder why... > The next component on my hit list is to replace Steel Belted Radius with > freeRadius. That's nice to hear. Though I know Funk SBR runs on Solaris, and maybe Linux, too. (Not that I'm suggesting you stick with it.) > Question, has anyone attempted this before and got any suggestions ? Of > particular interest is reading the steel belted radius export file *.rif, > and being able to convert it to appropriate freeRadius conf, db files. I haven't heard of anyone doing exactly that, and I don't know what the format of the .rif files is, so I can't say much, sorry. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compilation problems...
Edouard Correia <[EMAIL PROTECTED]> wrote: > I Tried to compile the latest free radius release (0.9.0 pre3) > on my BSDI box with no success, using the configuration line: > CFLAGS="-O2" ./configure --without-threads > > First I get : > gcc -O2 -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c radiusd.c > radiusd.c: In function `main': > radiusd.c:309: structure has no member named `sa_sigaction' I'll fix it in the CVS snapshot, and 0.9.0 (when it's finally done) will also have the fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configure / make problem on suse 8.0
[EMAIL PROTECTED] wrote: > Using freeradius 0.9.0-pre3.=20 > > After a ./configure and a make I get the following errors : > > -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall = ^^ There's supposed to be a program name there. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling freeradius with rlm_sql_sybase
"Paul Hampson" <[EMAIL PROTECTED]> wrote: > and the following patch to sql_sybase.c (Broken whitespace, but it > should be obvious what to change.) which I suspect is only needed > for gcc 3.2+. Added, thanks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Handling of the 'Class' attribute
"Alex Chen" <[EMAIL PROTECTED]> wrote: > Because the client app. takes the output from 'radclient' directly, > the 'Class' value always starts with '0x' prefix and following by > the hex numbers representation of the octets. When it sends it back > to the server, it is no the same raw data as the one stored in DB > (in its binary form). Then the client APP is wrong. Is it a FreeRADIUS-based app? If so, then it should work, and you need to say *exactly* how you're using the Class attribute, including REAL examples. If it's not based on the FreeRADIUS code, then why are you complaining to the FreeRADIUS list that your client app is broken? There's nothing we can do to fix it. Write a dumb "perl" script which converts the hex "0x41..." to a string, and pass that string back to the broken client app. The server works. The code is correct. It Does The Right Thing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LEAP + LDAP
On Wed, 16 Jul 2003, idriss.mamodaly wrote: [K] > Is it also impossible, with FreeRADIUS 0.8.1 ? > Thank you for answering my question. AFAIK you have to switch to other EAP type. Something that supports LDAP. I'm trying EAP-TLS ... but certificates are not painless :] Bye, Luca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Migration from Steel Belted Radius to FreeRadius
On Wed, 16 Jul 2003 04:46 pm, Jim Watts wrote: > Currently, my company is migrating all core services from NT4.0 to > Linux/FreeBSD ;) Nice :-) > The next component on my hit list is to replace Steel Belted Radius with > freeRadius. Welcome to the club :-) > Question, has anyone attempted this before and got any suggestions ? Of > particular interest is reading the steel belted radius export file *.rif, > and being able to convert it to appropriate freeRadius conf, db files. I haven't I am sorry, although maybe someone else on the list has. We will certainly try to help you with any problems you come against though. Maybe you can write a migration howto... :-) -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Replicator - PostgreSQL for DB backend
On Wed, 16 Jul 2003 03:54 pm, Bernie, CTA wrote: > Hi Peter, > > We use a modified (well hacked) version of PostgreSQL Replicator > and have experienced no significant problem. > > These were our primary DBMS replication requirements: > > 1. We needed a solution to operate securely within our > distributed data environment > 100 physical locations, and > 10,000 virtual datamarts. > > 2. We needed a replication topology that was scalable and > reliable with no single-point-of-failure, as present in most > DBMS Replication topologies. (Another reason why MySQL was not > attractive, as at the time only master-slave replication was > supported) > > 3. We required the ability to do asynchronous queries. > > 4. We required the metadata catalog and file replica catalog to > be distributed yet appear virtually centralized. > > 5. Since we were creating a virtual metadata catalog and a > unique autonomous security monitoring and incident handling > system, access to all of the source code was required. > > After looking at a few others DBBALANCER > http://dbbalancer.sourceforge.net/ we picked PostgreSQL > Replicator http://pgreplicator.sourceforge.net/ and made a few > customized changes to the source to accommodate our unique > security monitoring and incident handling system. > > I am now in the early stages of planning a complete design of > our own PostgreSQL BDMS replicating technology featuring our > autonomous security monitoring and incident handling method. I > am not sure if the project will be a public or private. I for one would love it to be public :-) -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LEAP + LDAP
Hello folks, I am working on a 802.11b network for a company. I try to make FreeRADIUS working with a LDAP user database, using Cisco LEAP authentication method. It doesn't work. Few months ago, i tried with Cisco Secure ACS 3.1 RADIUS server and it didn't work, too. The Cisco ACS documentation mentionned that, LEAP authentication with an LDAP userdatabase, is impossible. Is it also impossible, with FreeRADIUS 0.8.1 ? Thank you for answering my question. Greetings. Idriss MAMODALY Email1 : [EMAIL PROTECTED] Email2 : [EMAIL PROTECTED] P.S. : Excuse my english mistakes, i am french. Accédez au courrier électronique de La Poste : www.laposte.net ; 3615 LAPOSTENET (0,34/mn) ; tél : 08 92 68 13 50 (0,34/mn) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem whith Session-Timeout
> How can I specify "Session-Timeout" parameter passed to NAS server > every time a user is connecting to NAS? in users: USERNAME Auth-Type := Local, User-Password == "PASSWORD" Session-Timeout = ?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Replicator - PostgreSQL for DB backend
On 16 Jul 2003 at 8:54, Sean wrote: > On Wed, 16 Jul 2003, Bernie, CTA wrote: > > > > We use a modified (well hacked) version of PostgreSQL > > Replicator and have experienced no significant problem. > > > Just out of curiosity, I am wondering why postgres looked like a > better solution than an ldap based solution. LDAP is supposed to > be scalable and replicable, and designed for mostly read-only > data which to me is what you were looking for. > > > Don't get me wrong, I can also see where replicable postgres > stuff would be nice and I would be interested in it for another > project (that quite possibly will never get off the gorund), but > the first read through your requirements seemed like it was > screaming ldap =) > > Well, for starters we could not tolerate the security vulnerabilities found in certain LDAP implementations, which if exploited could result in denial-of-service attacks and unauthorized privileged access. Furthermore, I believe that the overhead involved implementing and maintaining an LDAP solution cannot be justified when considering security, performance and economics. - - Bernie Chief Technology Architect Chief Security Officer [EMAIL PROTECTED] Euclidean Systems, Inc. *** // "There is no expedient to which a man will not go //to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> *** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
0.8.1 , src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c
Sorry if this is reported before... I'm having these errors while compiling 0.8.1 with postgresql support. # sql_postgresql.c:115:31: missing terminating " character sql_postgresql.c: In function `sql_check_error': sql_postgresql.c:116: error: parse error before "s" sql_postgresql.c:116:22: missing terminating " character sql_postgresql.c:129:31: missing terminating " character sql_postgresql.c:130: error: parse error before "s" sql_postgresql.c:130:11: missing terminating " character sql_postgresql.c: In function `sql_query': sql_postgresql.c:227: warning: implicit declaration of function `sql_store_result' sql_postgresql.c:228: warning: implicit declaration of function `sql_num_fields' sql_postgresql.c: At top level: sql_postgresql.c:257: warning: `sql_store_result' was declared implicitly `extern' and later `static' sql_postgresql.c:227: warning: previous declaration of `sql_store_result' sql_postgresql.c:274: warning: `sql_num_fields' was declared implicitly `extern' and later `static' sql_postgresql.c:228: warning: previous declaration of `sql_num_fields' make[10]: *** [sql_postgresql.o] Error 1 #--- Mentioned file is: src/modules/rlm_sql/drivers/rlm_sql_postgresql/sql_postgresql.c Line 115 of this file is: radlog(L_DBG, "rlm_sql_postgresql: Postgresql check_error: s, returning SQL_DOWN", PQresStatus(error)); (there's a newline at the end of first line.. Above code segment is actually two lines in sql_postgresql.c) Guess it'd be: radlog(L_DBG, "rlm_sql_postgresql: Postgresql check_error: %s, returning SQL_DOWN", PQresStatus(error)); The same mistake exists on line 128 too... - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Migration from Steel Belted Radius to FreeRadius
Currently, my company is migrating all core services from NT4.0 to Linux/FreeBSD ;) The next component on my hit list is to replace Steel Belted Radius with freeRadius. Question, has anyone attempted this before and got any suggestions ? Of particular interest is reading the steel belted radius export file *.rif, and being able to convert it to appropriate freeRadius conf, db files. Thanks Jim Watts - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Replicator - PostgreSQL for DB backend
On Wed, 16 Jul 2003, Bernie, CTA wrote: > > We use a modified (well hacked) version of PostgreSQL Replicator > and have experienced no significant problem. Just out of curiosity, I am wondering why postgres looked like a better solution than an ldap based solution. LDAP is supposed to be scalable and replicable, and designed for mostly read-only data which to me is what you were looking for. Don't get me wrong, I can also see where replicable postgres stuff would be nice and I would be interested in it for another project (that quite possibly will never get off the gorund), but the first read through your requirements seemed like it was screaming ldap =) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem whith Session-Timeout
How can I specify "Session-Timeout" parameter passed to NAS server every time a user is connecting to NAS? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
unsuscribe
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multi linking...
On Wed, 2003-07-16 at 15:01, Chris Knipe wrote: > Lo everyone, > > Very basic, can a PPTP VPN tunnel be multi-linked? I've done that with linux : create 10 gre tunnels use eql to aggregate the tunnels create a PPTP VPN on the eql. Hope this help BR, -- Eric Leblond <[EMAIL PROTECTED]> Alphalink - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multi linking...
Chris Knipe wrote: Lo everyone, Very basic, can a PPTP VPN tunnel be multi-linked? A bit more details, say you have 10 x 128k dialup connections established to 5 different ISPs. Can 10 VPNs be established to one VPN Server (More than likely a Cisco VPN Concentrator), and in doing so send one "virtual stream" of 1280k over the 10 dialup connections to the end-user (Let's say theoretically, it's not possible to multi-link the individual dialup accounts). I know this is a off-topic, but any information will be well received... have a look to: - TEQL - equalizer - iptables additional patches Christian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
multi linking...
Lo everyone, Very basic, can a PPTP VPN tunnel be multi-linked? A bit more details, say you have 10 x 128k dialup connections established to 5 different ISPs. Can 10 VPNs be established to one VPN Server (More than likely a Cisco VPN Concentrator), and in doing so send one "virtual stream" of 1280k over the 10 dialup connections to the end-user (Let's say theoretically, it's not possible to multi-link the individual dialup accounts). I know this is a off-topic, but any information will be well received... Ty -- me - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Replicator - PostgreSQL for DB backend
Hi Peter, We use a modified (well hacked) version of PostgreSQL Replicator and have experienced no significant problem. These were our primary DBMS replication requirements: 1. We needed a solution to operate securely within our distributed data environment > 100 physical locations, and 10,000 virtual datamarts. 2. We needed a replication topology that was scalable and reliable with no single-point-of-failure, as present in most DBMS Replication topologies. (Another reason why MySQL was not attractive, as at the time only master-slave replication was supported) 3. We required the ability to do asynchronous queries. 4. We required the metadata catalog and file replica catalog to be distributed yet appear virtually centralized. 5. Since we were creating a virtual metadata catalog and a unique autonomous security monitoring and incident handling system, access to all of the source code was required. After looking at a few others DBBALANCER http://dbbalancer.sourceforge.net/ we picked PostgreSQL Replicator http://pgreplicator.sourceforge.net/ and made a few customized changes to the source to accommodate our unique security monitoring and incident handling system. I am now in the early stages of planning a complete design of our own PostgreSQL BDMS replicating technology featuring our autonomous security monitoring and incident handling method. I am not sure if the project will be a public or private. On 14 Jul 2003 at 16:44, Peter Nixon wrote: > On Mon, 14 Jul 2003 04:24 pm, Bernie, CTA wrote: > > On 14 Jul 2003 at 10:30, Peter Nixon wrote: > > > Hi List > > > > > > I would like to take a quick straw poll. > > > > > > a) If you use a Database backend for FreeRadius which one do > > > you use? > > > > We are an BSDi / Open BSD environment>>> > > > > Accounting - Redundant Postgres DB > > == to other DBMS such as MySQL, Oracle its: > > 1. No license fee > > 2. Less Security Vulnerabilities > > 3. Easier to replacate > > 4. Lends to a Decentralized / Virtually Centralized DBMS > > topology, which is better for security applications > > 5. Better Transaction Processing Performance > > 6. Less overhead > > 7. Control of source > > 8. Scales well > > 9. Faster > > Yep. No arguements from me on these :-) For general purpose DB > work Postgres pretty much walks all over the competition when you > take all these factors into account. I can only imagine needing > to pay for a commercial DB if I was handling Terabytes of data. > (Postgres happily handles many gigabytes of data per table for me > currently) > > Do you mind telling me what replication system you use (Postgres > has several) and how you find it? Are there any gotchas/problems? > (I currently run my DBs standalone as I simply don't have the > reliability issues with postgres that used to force me to > replicate/cluster my MySQL boxes..) > > TIA > > -- > - - Bernie Chief Technology Architect Chief Security Officer [EMAIL PROTECTED] Euclidean Systems, Inc. *** // "There is no expedient to which a man will not go //to avoid the pure labor of honest thinking." // Honest thought, the real business capital. // Observe> Think> Plan> Think> Do> Think> *** - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ip address
how can the radius send the ip address to te router cisco and, cisco router can receive and attribuate this address? example : radius must send the ip address 0.0.0.0 the router receive this address and attributate 0.0.0.0 at the user who was identificate - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RES: UNKNOWN NAS
I did the upgrade and finish my problem. Thanks Alan and Vincent. Ricardo. -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Alan DeKok Enviada em: segunda-feira, 14 de julho de 2003 12:09 Para: [EMAIL PROTECTED] Assunto: Re: UNKNOWN NAS "Ricardo Batista" <[EMAIL PROTECTED]> wrote: > > Hi, I have a problem using Freeradius 0.5. Yuck. Did you try upgrading? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compilation problems...
Hi all,
I don't know what's the bug reporting process so I decide to notify it
on this ML.
I compile and run free radius 0.8.1 on BSDI4 for 3 months with no
problem but some crashes occured however.
I Tried to compile the latest free radius release (0.9.0 pre3)
on my BSDI box with no success, using the configuration line:
CFLAGS="-O2" ./configure --without-threads
First I get :
gcc -O2 -Wall -D_GNU_SOURCE -DNDEBUG -I../include -c radiusd.c
radiusd.c: In function `main':
radiusd.c:309: structure has no member named `sa_sigaction'
radiusd.c: At top level:
radiusd.c:106: warning: `got_child' defined but not used
radiusd.c:117: warning: `needs_child_cleanup' defined but not used
So I made the following changes:
309c309
< act.sa_handler = NULL;
---
> act.sa_sigaction = NULL;
2213a2214
> act.sa_sigaction = NULL;
Then I got
radiusd.o: In function `main':
radiusd.o(.text+0xd00): undefined reference to `total_active_threads'
Since I disable Threads, this change is needed
845d844
< #if HAVE_PTHREAD_H
848,850d846
< #else
< if (max_wait >= 5) {
< #endif
It compiles fine right now
Thanks.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius 0.9.0pre3 SuSE 8.2 rpms
I have built 0.9.0pre3 SuSE 8.2 rpms. they are available from: http://www.peternixon.net/files/freeradius/ If anyone feels like testing these, that would be great. Anyone with versions of SuSE older than 8.2 (or versions of 8.2 that are not as updated as my workstation) can download freeradius-0.9.0pre3-0.src.rpm and rebuild it if the binary rpms fail due to dependencies on your system. Anyone not running SuSE, if you have some time we would appreciate your help in downloading and compiling ftp://ftp.freeradius.org/pub/radius/freeradius-0.9.0-pre3.tar.gz We should have the final 0.9.0 release out sometime next week, so please get any bug reports into us asap. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl bug
On Wed, 2003-07-16 at 09:45, Boian Jordanov wrote:
> On _ 2003-07-01 at 20:20, Manuel Sousa wrote:
> > Hi all,
> >
> > I just tried the latest CVS (couple of hours ago) version and found a
> > bug when using 2 instances of the module.
>
> There is a patch against latest CVS that should fix it. Enjoy.
First of all thanks for your work,
I've applied the patch (against pre3 and it went in ok), but i still
have the same problem. Bellow i send some logs.
Another thing i've come upon is that i wanted to change the
request->simul_count from within the perl script (using a perl script in
the session phase) and wonder if it is possible. For now i did a crude
patch to modules.c where if i return USERLOCK it considers the case
where it there are already more users logged in than there should.
I'm willing to test others scripts/patches so if you want to you may
either send me a email or to the list and i'll try it.
Again thanks,
Manuel Sousa
=LOG=
(both have func_accounting = accounting)
Using perl at 0x81162a0
rlm_perl: rlm_perl:: PERL2
modcall[accounting]: module "perl1" returns ok
radius_xlat: 'night'
( perl1 => func_accounting = accounting ; perl2 => func_accounting =
accounting2 )
Using perl at 0x81162a0
rlm_perl: perl_embed:: module = /servicos/freeradius/sbin/perl1.pl ,
func = accounting exit status= Global symbol "$stdin" requires explicit
package name. Global symbol "$stdout" requires explicit package name.
Global symbol "$stderr" requires explicit package name. Undefined
subroutine &main::accounting called.
modcall[accounting]: module "perl1" returns reject
modcall: group group returns reject
Using perl at 0x8120288
rlm_perl: rlm_perl:: PERL2
modcall[accounting]: module "perl2" returns ok
=END LOG=
=SCRIPT=
perl1
sub accounting{
&radiusd::radlog(1,"rlm_perl:: PERL1");
return RLM_MODULE_OK;
}
perl2
sub accounting{ # Later sub accounting2
&radiusd::radlog(1,"rlm_perl:: PERL2");
return RLM_MODULE_OK;
}
=END SCRIPT=
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dialup_admin user_admin.php3
On Tue, 15 Jul 2003, alantu wrote: > freeradius-users > > In the dialup_admin gui ,if anyone want to edit the user,he only need to input > the user name and do it. > I find that in the user edit file "user_admin.php3" only need the username without > username passwd. > Do anyone know how to chage when someone wants to edit user he should input the > username and the user passwd? > i am fool with php It's a little bit complicated. In any case dialupadmin is an interface for admins. You are not supposed to provide the user password to make changes. > > Thanks > alantu > [EMAIL PROTECTED] > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: configure / make problem on suse 8.0
From: [EMAIL PROTECTED] Sent: Wednesday, 16 July 2003 7:34 PM > Using freeradius 0.9.0-pre3. > After a ./configure and a make I get the following errors : > -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS \ > -Wall -D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I../include dict.o \ > print.o radius.o valuepair.o token.o misc.o log.o filters.o \ > missing.o md4.o md5.o sha1.o hmac.o snprintf.o isaac.o smbdes.o \ > crypt.o -o libradius.a > gmake[4]: /usr/local/httpd/htdocs/freeradius: Command not found > gmake[4]: *** [libradius.a] Error 127 > gmake[4]: Leaving directory `/usr/local/httpd/htdocs/freeradius > 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src/lib' > gmake[3]: *** [common] Error 1 > gmake[3]: Leaving directory `/usr/local/httpd/htdocs/freeradius > 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src' > gmake[2]: *** [all] Error 2 > gmake[2]: Leaving directory `/usr/local/httpd/htdocs/freeradius > 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src' > gmake[1]: *** [common] Error 1 > gmake[1]: Leaving directory `/usr/local/httpd/htdocs/freeradius > 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3' > make: *** [all] Error 2 > Is this still a problem with the version or my system or me ? It _looks_ like it's falling over the space in your path... However, the relevant part of the command has been trimmed from just off the top... (The first line above is part of the arguments to the command) The whole make output would prolly help narrow it down, but I don't think it's a bug in FreeRADIUS per se, unless some of the makefile scripts make unfortunate assumptions about file naming. -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configure / make problem on suse 8.0
Hi There Using freeradius 0.9.0-pre3. After a ./configure and a make I get the following errors : -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I../include dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o missing.o md4.o md5.o sha1.o hmac.o snprintf.o isaac.o smbdes.o crypt.o -o libradius.agmake[4]: /usr/local/httpd/htdocs/freeradius: Command not foundgmake[4]: *** [libradius.a] Error 127gmake[4]: Leaving directory `/usr/local/httpd/htdocs/freeradius 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src/lib'gmake[3]: *** [common] Error 1gmake[3]: Leaving directory `/usr/local/httpd/htdocs/freeradius 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src'gmake[2]: *** [all] Error 2gmake[2]: Leaving directory `/usr/local/httpd/htdocs/freeradius 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3/src'gmake[1]: *** [common] Error 1gmake[1]: Leaving directory `/usr/local/httpd/htdocs/freeradius 0.9.0-pre3/freeradius/freeradius-0.9.0-pre3'make: *** [all] Error 2 Is this still a problem with the version or my system or me ? Thanks Barry
Re: rlm_counter compile/configure problem / Solaris8
Hello Peter, > A similar problem exists in the kerberos module. > I expect we will have these issues sorted out for version 1.0 (or ever > version 0.9.1) > > Send me a patch that works and I will test it :-) Here is the patch for rlm_counter/configure.in . I retested it with freeradius-0.9.0-pre3. # Copy patch to src/modules/rlm_counter and cd to directory. patch < freeradius-rlm_counter.patch # I don't know how the freeradius build process works. But somewhen before shipping # you must recreate the configure script. For example, with current autoconf: autoconf -I ../../.. With this patch I see while doing ./configure checking for gdbm.h... no checking for gdbm_open in -lgdbm... yes checking for gdbm_fdesc... no configure: WARNING: silently not building rlm_counter. configure: WARNING: FAILURE: rlm_counter requires: gdbm.h. configure: creating ./config.status config.status: creating Makefile config.status: creating config.h config.status: config.h is unchanged And while doing make: make[6]: Entering directory `/home/chris/freeradius-0.9.0-pre1/src/modules/rlm_c ounter' make[6]: Nothing to be done for `static'. make[6]: Nothing to be done for `dynamic'. make[6]: Leaving directory `/home/chris/freeradius-0.9.0-pre1/src/modules/rlm_counter' Looks good for me. I know there are a lot more "configure" related problems in current freeradius. You mentioned you wanted to sort them out, so here is my list: rlm_ippool Needs gdbm.h rlm_ldap Needs ldap.h from OpenLDAP. Solaris ldap.h fails to meet the requirements. The configure script should check for OpenLDAP specialities like LDAPS_PORT , LDAP_OPT_X_TLS_HARD , LDAP_OPT_NETWORK_TIMEOUT , LDAP_OPT_X_TLS . rlm_eap Needs ltdl.h rlm_sql Needs ltdl.h Bye, Christian -- cityweb DSL start ab monatlich 3,49 Euro *** http://www.cityweb.de/dsl *** Sekundenschneller Seitenaufbau, Downloads, Videos und vieles mehr. Mit Cityweb-DSL wird der Blick auf die Uhr beim Surfen überflüssig! freeradius-rlm_counter.patch Description: Binary data
Re: rlm_perl bug
On _ 2003-07-01 at 20:20, Manuel Sousa wrote:
> Hi all,
>
> I just tried the latest CVS (couple of hours ago) version and found a
> bug when using 2 instances of the module.
There is a patch against latest CVS that should fix it. Enjoy.
--
Best Regards,
Boian Jordanov
SNE
Orbitel - the Internet Company
tel. +359 2 937 07 23
Index: rlm_perl.c
===
RCS file: /source/radiusd/src/modules/rlm_perl/rlm_perl.c,v
retrieving revision 1.11
diff -u -r1.11 rlm_perl.c
--- rlm_perl.c 25 Jun 2003 21:37:57 - 1.11
+++ rlm_perl.c 16 Jul 2003 08:35:55 -
@@ -12,7 +12,7 @@
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
@@ -40,10 +40,6 @@
#undef INADDR_ANY
#endif
-#ifdef INADDR_NONE
-#undef INADDR_NONE
-#endif
-
#include
#include
#include
@@ -52,118 +48,122 @@
static const char rcsid[] = "$Id: rlm_perl.c,v 1.11 2003/06/25 21:37:57 aland Exp $";
+#ifdef USE_ITHREADS
+
+/*
+ * Pool of Perl's clones (genetically cloned) ;)
+ *
+ */
+typedef struct pool_handle {
+struct pool_handle *next;
+struct pool_handle *prev;
+enum {busy, idle} status;
+unsigned intrequest_count;
+PerlInterpreter *clone;
+} POOL_HANDLE;
+
+typedef struct PERL_POOL {
+POOL_HANDLE *head;
+POOL_HANDLE *tail;
+
+int current_clones;
+int active_clones;
+int max_clones;
+int start_clones;
+int min_spare_clones;
+int max_spare_clones;
+int max_request_per_clone;
+int cleanup_delay;
+perl_mutex mutex;
+time_t time_when_last_added;
+} PERL_POOL;
+
+#endif
/*
- * Define a structure for our module configuration.
+ * Define a structure for our module configuration.
*
- * These variables do not need to be in a structure, but it's
- * a lot cleaner to do so, and a pointer to the structure can
- * be used as the instance handle.
+ * These variables do not need to be in a structure, but it's
+ * a lot cleaner to do so, and a pointer to the structure can
+ * be used as the instance handle.
*/
typedef struct perl_inst {
- /* Name of the perl module */
- char *module;
-
- /* Name of the functions for each module method */
- char *func_authorize;
- char *func_authenticate;
- char *func_accounting;
- char *func_start_accounting;
- char *func_stop_accounting;
- char *func_preacct;
- char *func_checksimul;
- char *func_detach;
- char *func_xlat;
- char *xlat_name;
- char *perl_flags;
+/* Name of the perl module */
+char*module;
+
+/* Name of the functions for each module method */
+char*func_authorize;
+char*func_authenticate;
+char*func_accounting;
+char*func_start_accounting;
+char*func_stop_accounting;
+char*func_preacct;
+char*func_checksimul;
+char*func_detach;
+char*func_xlat;
+char*xlat_name;
+char*perl_flags;
+PerlInterpreter *perl;
+#ifdef USE_ITHREADS
+PERL_POOL *perl_pool;
+#endif
} PERL_INST;
/*
- * A mapping of configuration file names to internal variables.
+ * A mapping of configuration file names to internal variables.
*
- * Note that the string is dynamically allocated, so it MUST
- * be freed. When the configuration file parse re-reads the string,
- * it free's the old one, and strdup's the new one, placing the pointer
- * to the strdup'd string into 'config.string'. This gets around
- * buffer over-flows.
+ * Note that the string is dynamically allocated, so it MUST
+ * be freed. When the configuration file parse re-reads the string,
+ * it free's the old one, and strdup's the new one, placing the pointer
+ * to the strdup'd string into 'config.string'. This gets around
+ * buffer over-flows.
*/
static CONF_PARSER module_config[] = {
- { "module", PW_TYPE_STRING_PTR,
- offsetof(PERL_INST,module), NULL, "module"},
- { "func_authorize", PW_TYPE_STRING_PTR,
- offsetof(PERL_INST,func_authorize), NULL, "authorize"},
- { "func_authenticate", PW_TYPE_STRING_PTR,
- offsetof(PERL_INST,func_authenticate), NULL, "authenticate"},
- { "func_accounting", PW_TYPE_STRING_PTR,
- offsetof(PERL_INST,func_accounting), NULL, "accounting"},
- { "func_preacct", PW_TYPE_STRING_PTR,
- offsetof(PERL_INST,func_preacct), NULL, "preacct"},
- { "func_checksimul", PW_TYPE_ST
Re: Compiling freeradius with rlm_sql_sybase
> I just tried it then, and the libct in Debian (0.61) built with the > following Makefile segment (although I've made slight changes to the build > system, but these should be OK) > > TARGET = rlm_sql_sybase > SRCS = sql_sybase.c > RLM_SQL_CFLAGS = $(INCLTDL) > RLM_SQL_LIBS = -lnsl -lct It connects to my mssql server! Great ! I didn't use your patch on sql_sybase.c, just modified the Makefile. Do you know if it's possible to run stored procedures on mssql from freeradius ? Mvh, Regards, Eivind Ravndal NetPower Int - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Compiling freeradius with rlm_sql_sybase
> From: Paul Hampson
> Sent: Wednesday, 16 July 2003 5:41 PM
> > From: Eivind Ravndal
> > Sent: Wednesday, 16 July 2003 5:10 PM
>
> > > From: "Alan DeKok" <[EMAIL PROTECTED]>
> > > To: <[EMAIL PROTECTED]>
>
> > > > Anybody successfully compiled freeradius with rlm_sql_sybase ?
> > > > I think there's something wrong with my Makefile
> > > > /freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_sybase/Makefile
>
> > > Did you try reading it? It says you've got to edit it by hand to
> > > get it to work.
>
> > I've read it, but I don't know what to change. So I was hoping someone
> > who've compiled it successfully would paste me their MakeFile so I could get
> > some ideas. I am pretty sure this line is the one which is wrong:
> > ---
> > RLM_SQL_LIBS
> > = -L/opt/sybase/OCS-12_0/lib -ltcl -lcomn -lintl -lnsl -ldl -lm -lcs -lct
> > ---
> > When I comment out this line, it compiles and installs just fine, but it
> > will not run since there's missing some libs.
> I was going to have a play with that post-0.9, to see if I could integrate
> it into the rest of the build system... But I don't use sybase so it would
> be a mainly academic exercise.
I just tried it then, and the libct in Debian (0.61) built with the
following Makefile segment (although I've made slight changes to the build
system, but these should be OK)
TARGET = rlm_sql_sybase
SRCS = sql_sybase.c
RLM_SQL_CFLAGS = $(INCLTDL)
RLM_SQL_LIBS = -lnsl -lct
and the following patch to sql_sybase.c (Broken whitespace, but it should be obvious
what
to change.) which I suspect is only needed for gcc 3.2+. Still a ton of warnings
though,
mainly prototype issues from which many of the sql drivers suffer.
---
/home/tbble/frcvs/branch_0_9/src/modules/rlm_sql/drivers/rlm_sql_sybase/sql_sybase.c
2002-07-30 00:59:13.0 +1000
+++ sql_sybase.c2003-07-16 17:48:52.0 +1000
@@ -344,7 +344,7 @@
if ((results_ret = ct_results(sybase_sock->command, &result_type)) ==
CS_SUCCEED) {
if (result_type != CS_CMD_SUCCEED) {
if (result_type == CS_ROW_RESULT) {
- radlog(L_ERR,"rlm_sql_sybase(sql_query): sql_query
processed a query returning rows.
+ radlog(L_ERR,"rlm_sql_sybase(sql_query): sql_query
processed a query returning rows.\
Use sql_select_query instead!");
}
radlog(L_ERR,"rlm_sql_sybase(sql_query): Result failure or
unexpected result type from query\n%s",
This was against 0.9.0-pre2, BTW. I doubt it's different in CVS HEAD, or pre3.
--
=
Paul "TBBle" Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]
This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
-
Random signature generator 3.0 by Paul "TBBle" Hampson
=
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Compiling freeradius with rlm_sql_sybase
> From: Eivind Ravndal > Sent: Wednesday, 16 July 2003 5:10 PM > > From: "Alan DeKok" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > > Anybody successfully compiled freeradius with rlm_sql_sybase ? > > > I think there's something wrong with my Makefile > > > /freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_sybase/Makefile > > Did you try reading it? It says you've got to edit it by hand to > > get it to work. > I've read it, but I don't know what to change. So I was hoping someone > who've compiled it successfully would paste me their MakeFile so I could get > some ideas. I am pretty sure this line is the one which is wrong: > --- > RLM_SQL_LIBS > = -L/opt/sybase/OCS-12_0/lib -ltcl -lcomn -lintl -lnsl -ldl -lm -lcs -lct > --- > When I comment out this line, it compiles and installs just fine, but it > will not run since there's missing some libs. Assuming you're using libct to compile it, try changing the /opt/sybase/OCS-12_0/lib to the directory where libct.so is on your system. You're also going to have to make the /opt/sybase/OCS-12_0/include on the previous instead be the directory that ctpublic.h lives in. (These two steps should be unneccessary if your libct.so lives in /usr/lib and your ctpublic.h lives in /usr/include, eg. freetds-dev package in Debian, and presumably the equivalent pacakges in other Linux distributions) Then make the TARGET line be TARGET = rlm_sql_sybase Then run make in that directory, and see if it works... Otherwise, maybe the libct you've got installed came with some documentation? I was going to have a play with that post-0.9, to see if I could integrate it into the rest of the build system... But I don't use sybase so it would be a mainly academic exercise. -- = Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul "TBBle" Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: bugfix for src/modules/rlm_x99_token
On Tue, Jul 08, 2003 at 03:54:57PM +0200, Steffen Ullrich wrote:
>
> os: linux
> version: freeradius-0.8.1
>
> in async mode, when the authorize code gets the reply with the challenge
> in the state it returns successfully but does not set the Auth-Type,
> so that the authenticate code (which checks the response against the
> challenge) will not be executed. The following patch should fix this.
Try this instead (please let me know if this works for you, ASAP
if you can, so that this can get into 0.9):
Index: x99_rlm.c
===
RCS file: /source/radiusd/src/modules/rlm_x99_token/x99_rlm.c,v
retrieving revision 1.37
diff -u -r1.37 x99_rlm.c
--- x99_rlm.c 13 Nov 2002 04:21:59 - 1.37
+++ x99_rlm.c 16 Jul 2003 07:21:08 -
@@ -306,6 +306,9 @@
/* The State attribute will be present if this is a response. */
if (pairfind(request->packet->vps, PW_STATE) != NULL) {
DEBUG("rlm_x99_token: autz: Found response to access challenge");
+ if (!auth_type_found)
+ pairadd(&request->config_items,
+ pairmake("Auth-Type", inst->name, T_OP_EQ));
return RLM_MODULE_OK;
}
@@ -440,10 +443,9 @@
request->reply->code = PW_ACCESS_CHALLENGE;
DEBUG("rlm_x99_token: Sending Access-Challenge.");
-/* TODO: support config-specific auth-type */
if (!auth_type_found)
pairadd(&request->config_items,
- pairmake("Auth-Type", "x99_token", T_OP_EQ));
+ pairmake("Auth-Type", inst->name, T_OP_EQ));
return RLM_MODULE_HANDLED;
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Compiling freeradius with rlm_sql_sybase
- Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 15, 2003 6:06 PM Subject: Re: Compiling freeradius with rlm_sql_sybase > > Anybody successfully compiled freeradius with rlm_sql_sybase ? > > I think there's something wrong with my Makefile > > /freeradius-0.8.1/src/modules/rlm_sql/drivers/rlm_sql_sybase/Makefile > > Did you try reading it? It says you've got to edit it by hand to > get it to work. Yes, I've read it, but I don't know what to change. So I was hoping someone who've compiled it successfully would paste me their MakeFile so I could get some ideas. I am pretty sure this line is the one which is wrong: --- RLM_SQL_LIBS = -L/opt/sybase/OCS-12_0/lib -ltcl -lcomn -lintl -lnsl -ldl -lm -lcs -lct --- When I comment out this line, it compiles and installs just fine, but it will not run since there's missing some libs. Mvh, Regards, Eivind Ravndal NetPower Int - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
