Cannot create more than one certificate
Hi, I try to implement EAP/TLS for network users in company I work. Authentication is works only for one certificate. When I create a second certificate and concatenate with the first certificate using 'cat', both certificates does not work . The error it gives is shown below (error is in the last line), auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 37 rlm_eap: Request found, released from the list rlm_eap: EAP/tls rlm_eap: processing type tls rlm_eap_tls: Authenticate rlm_eap_tls: processing TLS rlm_eap_tls: Length Included eaptls_verify returned 11 (other): before/accept initialization TLS_accept: before/accept initialization rlm_eap_tls: <<< TLS 1.0 Handshake [length 0041], ClientHello TLS_accept: SSLv3 read client hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 004a], ServerHello TLS_accept: SSLv3 write server hello A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0274], Certificate TLS_accept: SSLv3 write certificate A rlm_eap_tls: >>> TLS 1.0 Handshake [length 0078], CertificateRequest TLS_accept: SSLv3 write certificate request A TLS_accept: SSLv3 flush data TLS_accept:error in SSLv3 read client certificate A I hope somebody from the list can help me. Thanks. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: LEAP
Hi, look in /etc/raddb for the ldapattr.map file. That file contains mappings from Radius attributes to the ones in LDAP. There are Reply- and Check Items. Just alter the file so that User-Password maps to userPassword or sambaNTPassword. Regards, Edvin Seferovic -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Luis Daniel Lucio Quiroz Sent: Mittwoch, 01. Juni 2005 01:07 To: freeradius-users@lists.freeradius.org Subject: LEAP Ehlo We are usign Cisco1200 AP for roaming, but AP needs to auth into radius. Because CISCO it must use LEAP. But it fails on this rlm_eap: EAP/leap rlm_eap: processing type leap rlm_eap_leap: No User-Password or NT-Password configured for this user rlm_eap: Handler failed in EAP/leap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 3 EAP with TLS and PEAP works well. LDAP user exists uid: AP-DATI userrPassword: cisco1234 sambaNTPassword: 3B298390489F668CA3C38047C7FE1266 sambaLMPassword: 8BE57A0FA91F460C19F10A933D4868DC How should I fix this? Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LEAP
Luis Daniel Lucio Quiroz <[EMAIL PROTECTED]> wrote: > uid: AP-DATI > userrPassword: cisco1234 > sambaNTPassword: 3B298390489F668CA3C38047C7FE1266 > sambaLMPassword: 8BE57A0FA91F460C19F10A933D4868DC > > How should I fix this? Add the following to ldap.attrmap: checkItem NT-Password sambaNTPassword Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
LEAP
Ehlo We are usign Cisco1200 AP for roaming, but AP needs to auth into radius. Because CISCO it must use LEAP. But it fails on this rlm_eap: EAP/leap rlm_eap: processing type leap rlm_eap_leap: No User-Password or NT-Password configured for this user rlm_eap: Handler failed in EAP/leap rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 3 EAP with TLS and PEAP works well. LDAP user exists uid: AP-DATI userrPassword: cisco1234 sambaNTPassword: 3B298390489F668CA3C38047C7FE1266 sambaLMPassword: 8BE57A0FA91F460C19F10A933D4868DC How should I fix this? Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Please resend this message to Kim Jones'
Seferovic Edvin escreveu: CAN YOU PLEASE TURN OF THIS AUTOMATIC RESPONDER ! OR CAN SOMEONE UNSUBSCRIBE HIS EMAIL ADDRESS FROM THIS LIST! Thank you in advance. Regards, Edvin Seferovic -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kim Sent: Dienstag, 31. Mai 2005 19:38 To: freeradius-users@lists.freeradius.org Subject: Please resend this message to Kim Jones' Please resend this message to Kim Jones' new email address. Thank You. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Thiago Felipe de Andrade Setor de Tecnologia da Informação Centro Universitário de Jaraguá do Sul - UNERJ Fone: (47) 275-8206 "O maior prazer de um homem inteligente é bancar o idiota diante de um idiota que banca o inteligente" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Please resend this message to Kim Jones'
CAN YOU PLEASE TURN OF THIS AUTOMATIC RESPONDER ! OR CAN SOMEONE UNSUBSCRIBE HIS EMAIL ADDRESS FROM THIS LIST! Thank you in advance. Regards, Edvin Seferovic -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kim Sent: Dienstag, 31. Mai 2005 19:38 To: freeradius-users@lists.freeradius.org Subject: Please resend this message to Kim Jones' Please resend this message to Kim Jones' new email address. Thank You. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please resend this message to Kim Jones'
Please resend this message to Kim Jones' new email address. Thank You. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Format of Framed-IPv6-Prefix Attribute
Seema Sirivara <[EMAIL PROTECTED]> wrote: > The attribute is of type octets and hence I cannot > specify the Prefix in standard IPv6 address format.. > (Ex - 3001::1 etc) > > I am using FreeRADIUS Version 0.9.3. Which doesn't support IPv6. Try using 1.0.2. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticating Active Directory users via LDAP
"Pete Flynt" <[EMAIL PROTECTED]> wrote: > I configured the LDAP modules and I am able to access Active directory for > username lookup but the authentication fails because of the password that > cannot be supplied in cleartext. Yup. Ask Microsoft to change it. > How can I solve this issue? > I have read somewhere about how to modify FreeRadius source code in order to > get EAP working with AD. No. Use ntlm_auth. See radiusd.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Forwarding
Maxim Hitrov <[EMAIL PROTECTED]> wrote: > Can i use FreeRadius as intermadiate Radius that will change and forward > Access-Requests params? Yes. You should be able to do this using the "preproxy_users" file: DEFAULT Calling-Station-Id = "%{Framed-IP-Address}" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius + peap + wifi + mac os x
Vittore Zen wrote: I'm using freeradius (+mysql) in a wireless infrastructure with a dozen of linksys WAP54G access point (using AES). Authentication is PEAP with mschapv2. All go right when use Windows clients but no response using Mac Os X clients. Any ideas? Someone says me that MacOsX use a tunnel with md5 nor mschapv2. Note that is server starts with -X no authentication is required from MacOsX client. No it doesn't. It uses MSCHAPv2. You could also take a look at http://vuksan.com/linux/dot1x/wpa-client-config.html#macosx and make sure PEAP is a selected authentication protocol. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 1.0.2 crashes in startup due tls
Mikko Saarinen <[EMAIL PROTECTED]> wrote: > I'm trying to test the PEAP support, but Freeradius 1.0.2 dies when > it loads and configures the tls module. In older version 0.9.3 the > tls works a-ok, but it has no peap support. > > Anyone have idea if this is a known problem and if there is version > in which the peap runs. It's a bug in libtldl. It can't find the libraries on your system, but it lies, and tells FreeRADIUS it can. When FreeRADIUS asks libltdl to use the libraries, it dies. Build the server statically, and it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Certificate creation????
"Andreas Korber" <[EMAIL PROTECTED]> wrote: > What i am doing wrong? The creation of my certificates for EAP/TLS with > CA.all or CA.certs always end with an message like this: It looks like the version of OpenSSL you have is different than the one the script is expecting. At this point, I suggest reading the OpenSSL documentation on how to create certificates. The CA.all & CA.certs scripts will help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic ip, shared secret
[EMAIL PROTECTED] wrote: > i want to allow nas's behind a flatrate to talk > with my freeradius server. > these nas's has dynamis ip's. > has anybody an idea how i could deal with that. > > at the moment i have a client named 0.0.0.0/0 in the clients.conf > file - but that means that every nas have the same shared secret. > better ideas ? Nope. > and could someone tell me if my suggestions about the shared secret are > right. Suggestion, or questions? The use of the shared secret is defined in the RFC's. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: upgrading freeRADIUS
vicky <[EMAIL PROTECTED]> wrote: > What am I missing? If you're not going to use rlm_x99_token, just delete that directory. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to authenticate users against a Windoze AD server with krb5?
Arne =?utf-8?q?G=C3=B6tje?= (=?utf-8?q?=E9=AB=98=E7=9B=9B=E8=8F=AF?=)" <[EMAIL PROTECTED]> wrote: > I'm trying to authenticate users against a Windows AD server using the > krb5 module... but due to missing documentation on how to do this, I'm > stuck. The rlm_krb5 module takes a clear-text password from a RADIUS packet, and uses it to authenticate via kerberos. This may work against AD, but I don't think anyone has tried it. > When I try to get a Kerberos ticket using kinit on the radius machine, > it works. But when I try to use the krb5 module, it always gives me a > Reject... Run the server in debugging mode, and post the output here. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: No detail logs # 2
Radius <[EMAIL PROTECTED]> wrote: > I'm sure I missed a setting or something. We changed providers as well > as our IP address's 4 days ago. Ever Since we did, no detail logs are being > created by FreeRadius 9.3 Everyone can get logged in and realms are working > fine, just no detail log. Any Ideas? If the server isn't logging accounting messages, it's because it's not getting accounting messages. Try 'tcpdump' to see if the server is receiving accounting messages. Odds are, it's not. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Format of Framed-IPv6-Prefix Attribute
Hi, Can anybody please let me know the usage format of Framed-IPv6-Prefix attribute. I need to use in a user file record, but radius does not seem to send out the correct address. The attribute is of type octets and hence I cannot specify the Prefix in standard IPv6 address format.. (Ex - 3001::1 etc) I am using FreeRADIUS Version 0.9.3. Thanks, /Seema __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please resend this message to Kim Jones'
Please resend this message to Kim Jones' new email address. Thank You. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: controlling the auth by CallingStationId
The attribute "Calling-Station-Id" is already defined as a checkItem, you should add it to a user or group profile using the operator ":=" HTH - Original Message - From: "Ernesto Freyre Ramírez" <[EMAIL PROTECTED]> To: Sent: Monday, May 30, 2005 9:48 AM Subject: controlling the auth by CallingStationId > Dear Sirs, please , I hope someone here could to help me, > I wish to control the authentication process by including a check of the > CallingStationId parameter, being some generic features of it, or also all > the value of the same, please some hint aboout where I must to configure > this task? > > Thank you > > Ernesto Freyre Ramírez > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Authenticate against Mac OS X Open Directory
Ekkehard Burkon wrote: did anyone successfully authenticate against a Mac OS X servers Open Directory? I need it for 802.1x/WPA. Are there any docs on the web? OpenDirectory is an OpenLDAP hack so OpenLDAP docs should work. Please check out http://vuksan.com/linux/dot1x/802-1x-LDAP.html and let me know if it works. Vladimir - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authenticate against Mac OS X Open Directory
Hi, did anyone successfully authenticate against a Mac OS X servers Open Directory? I need it for 802.1x/WPA. Are there any docs on the web? Thank you for any help. Ekkehard -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to authenticate users against a Windoze AD server with krb5?
I know what you mean about the lack of documentation for using Kerberos authentication with FreeRadius. I pieced together the correct method using the documentation from the distribution, emails in the archives of this mailing list and trial and error. I am authenticating with the SEAM process on Solaris 10 which is MIT Kerberos V. I installed FreeRadius on a machine running Solaris 9. FreeRadius defaults to using MIT Kerberos V but can be changed to use the Heimdal version instead. I didn't see any documentation that says that you can use an Active Directory for Kerberos authentication. On what operating system is FreeRadius installed? Is there an MIT Kerberos V or Heimdal Kerberos V installation on the same box? Did your compilation successfully build the rlm_krb5 libraries? When you start radiusd with the -X option do you see that it is actually using the rlm_krb5 module? At 03:15 AM 5/31/2005, you wrote: Hi list, I'm trying to authenticate users against a Windows AD server using the krb5 module... but due to missing documentation on how to do this, I'm stuck. When I try to get a Kerberos ticket using kinit on the radius machine, it works. But when I try to use the krb5 module, it always gives me a Reject... Is there anywhere a detailed howto available? Google didn't help me much... :( Cheers Arne -- Arne Götje (高盛華) <[EMAIL PROTECTED]> PGP/GnuPG key: 1024D/685D1E8C Fingerprint: 2056 F6B7 DEA8 B478 311F 1C34 6E9F D06E 685D 1E8C Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Brother Kenneth Arnold System Administrator Information Technology Services Christian Brothers University (901) 321-4333 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: upgrading freeRADIUS
Hi, > I built the code in a "clean" directory so to say. There was nothing in > /opt/freeradius1.0.2/ before I made > #./configure --prefix=/opt/freeradius1.0.2/ > I just reset everything and retried, but still the same compilation > error. Do you have any other suggestions? looks like it cant find the OpenSSL includes. do you have openssl-devel installed? if not, try adding --with-openssl-includes=/usr/include/openssl (or wherever you can find openssl/des.h (try 'locate ssl/des.h' ) ) Alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: time request
Thiago Felipe de Andrade <[EMAIL PROTECTED]> wrote: You'll probably get more help if you post your message to the list in straight text instead of HTML. Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radius + peap + wifi + mac os x
Vittore Zen <[EMAIL PROTECTED]> wrote: > > Hi, > > I'm using freeradius (+mysql) in a wireless infrastructure with a dozen > of linksys WAP54G access point (using AES). > Authentication is PEAP with mschapv2. > All go right when use Windows clients but no response using Mac Os X > clients. > Any ideas? Someone says me that MacOsX use a tunnel with md5 nor mschapv2. > Note that is server starts with -X no authentication is required from > MacOsX client. I have a single Mac OS X client at work, an iBook, and it's working fine with FreeRADIUS 1.0.2 and a NetGear FWAG114 (IIRC). Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
time request
Hi, I'm have a problems with FreeRadius with authentication. If de user login [EMAIL PROTECTED] and password=null, the conection is estabilished, and I have the restrictions groups to access my RAS with freeradius My provider said that the problem is time of request..., Can you help? Tks, Thiago - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authenticating Active Directory users via LDAP
Hello, My network environment looks like the following: WinXP client --- Cisco Switch --- FreeRadius Server --- DC(Active Directory) I am able to authenticate the WinXP client with the local users file and EAP. Now I want FreeRadius to lookup the user credentials in Active Directory. I configured the LDAP modules and I am able to access Active directory for username lookup but the authentication fails because of the password that cannot be supplied in cleartext. The problem is, that I must use EAP because of 802.1X between the switch and the WinXP client. How can I solve this issue? I have read somewhere about how to modify FreeRadius source code in order to get EAP working with AD. I would appreciate a simpler solution. Any suggestion? Here is some output of radiusd: rlm_ldap: - authorize rlm_ldap: performing user authorization for pete radius_xlat: '(sAMAccountName=pete)' radius_xlat: 'cn=Users, dc=testdc' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Users, dc=testdc, with filter (sAMAccountName=pete) rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user pete authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 1 modcall: group authorize returns updated for request 1 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 1 rlm_eap: Request found, released from the list rlm_eap: EAP/md5 rlm_eap: processing type md5 rlm_eap_md5: User-Password is required for EAP-MD5 authentication rlm_eap: Handler failed in EAP/md5 rlm_eap: Failed in EAP select modcall[authenticate]: module "eap" returns invalid for request 1 modcall: group authenticate returns invalid for request 1 auth: Failed to validate the user. Login incorrect: [pete] (from client 192.168.33.44 port 0 cli 00-11-43-5c-77-d6) Delaying request 1 for 1 seconds Finished request 1 Going to the next request Regards, Pete _ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Filter
Hi. Filter here is a usual LDAP filter, you can find some good examples in OpenLDAP documentation or man pages. Or you can check here. http://www.zytrax.com/books/ldap/apa/search.html The complete RFC for this is # 2254. A. José Berenguer wrote: Hello, Anyone can tell me where can I find some instructions about how to configure the "filter=" option in the "module ldap" subsection of radiusd.conf? Thanks a lot! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please resend this message to Kim Jones'
Please resend this message to Kim Jones' new email address. Thank You. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Forwarding
Hello I have a radius server that receives Access-Requests params from another Server (an application). Application sends an value under one param (Framed-IP-Address), but Radius server are configured to read this value in another param (Calling-Station-Id). So, i need to have something intermediate, that receives value of Framed-IP-Address and sends it to Radius server as Calling-Station-Id. Application and Radius server can't be configured to use the same value in the same request param! Can i use FreeRadius as intermadiate Radius that will change and forward Access-Requests params? Give me some examples, and what i need to read for doing this. Thank you Do You Yahoo!? Yahoo! Small Business - Try our new Resources site!- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Filter
Hello, Anyone can tell me where can I find some instructions about how to configure the "filter=" option in the "module ldap" subsection of radiusd.conf? Thanks a lot! -- ** José Berenguer Giménez Área de Comunicaciones-Servicio de Informática UNIVERSIDAD DE ALMERÍA Crta. de Sacramento s/n, 04120 - Almería Tlf.: 950014014 E-mail: [EMAIL PROTECTED] ** smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: upgrading freeRADIUS
Rupak, I built the code in a "clean" directory so to say. There was nothing in /opt/freeradius1.0.2/ before I made #./configure --prefix=/opt/freeradius1.0.2/ I just reset everything and retried, but still the same compilation error. Do you have any other suggestions? Thanks a lot! Vicky Rupak wrote: I also had the same problem.Later on I came to know that I had to again ./configure --prefix=- to another fresh unpacked tarball.Not in the old unpacked tar ball.just again try tar -xvf freeradius-1.0.2.tar and again ./configure then make then again make install. This time try and give another directory in --prefix section.when I had faced this problem I even formatted my box.Thanx that it was an isolated machine. Rupak Hi Stéphane (and all the others of course), Thats is what I was trying to do, configure and install the new version elsewhere but still on the same machine (I'm gonna set the default ports to something else so there will be no conflicts). Now I've downloaded version 1.0.2 and I get a compilation error. I do : #configure --prefix=/opt/freeradius1.0.2 #make and in the end of the compilation output I get this... In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/home/vicky/freeradius-1.0.2/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/vicky/freeradius-1.0.2/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/home/vicky/freeradius-1.0.2' make: *** [all] Error 2 zsh: exit 2 make What am I missing? Cheers Vicky DELORT Stephane wrote: Hello Vicky, Haven't you try to copy your config files and do the upgrade on a test system ? (create an exact replica on another machine and upgrade it) I think it would be useful to post an "howto to upgrade from xxx to yyy" once you've done it. regards, Stéphane -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de vicky Envoyé : mardi 31 mai 2005 11:31 À : FreeRadius users mailing list Objet : upgrading freeRADIUS Hi list subscribers, hi list admins, (again) I'm running a freeRADIUS server version 0.8.1 (I know it is ancient) and I want to upgrade it to the latest version available. I have been trying to find some kind of procedure to upgrading but with no success. Does anyone know how to (in a fairly simple way) safely upgrade? The safetyness is very crucial, I cant risk overwriting my old configuration. The old server is built with #configure --prefix=/opt/freeradius #make #su #make install Thanks to you all in advance and please notice that I'm not that of an expert on RADIUS... Keep up the good work! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: upgrading freeRADIUS
I also had the same problem.Later on I came to know that I had to again ./configure --prefix=- to another fresh unpacked tarball.Not in the old unpacked tar ball.just again try tar -xvf freeradius-1.0.2.tar and again ./configure then make then again make install. This time try and give another directory in --prefix section.when I had faced this problem I even formatted my box.Thanx that it was an isolated machine. Rupak Hi Stéphane (and all the others of course), Thats is what I was trying to do, configure and install the new version elsewhere but still on the same machine (I'm gonna set the default ports to something else so there will be no conflicts). Now I've downloaded version 1.0.2 and I get a compilation error. I do : #configure --prefix=/opt/freeradius1.0.2 #make and in the end of the compilation output I get this... In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/home/vicky/freeradius-1.0.2/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/vicky/freeradius-1.0.2/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/home/vicky/freeradius-1.0.2' make: *** [all] Error 2 zsh: exit 2 make What am I missing? Cheers Vicky DELORT Stephane wrote: >Hello Vicky, > >Haven't you try to copy your config files and do the upgrade on a test system ? >(create an exact replica on another machine and upgrade it) >I think it would be useful to post an "howto to upgrade from xxx to yyy" once you've done it. > >regards, >Stéphane > > > >-Message d'origine- >De : [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] la part de >vicky >Envoyé : mardi 31 mai 2005 11:31 >À : FreeRadius users mailing list >Objet : upgrading freeRADIUS > > >Hi list subscribers, hi list admins, (again) > >I'm running a freeRADIUS server version 0.8.1 (I know it is ancient) and >I want to upgrade it to the latest version available. I have been trying >to find some kind of procedure to upgrading but with no success. Does >anyone know how to (in a fairly simple way) safely upgrade? The >safetyness is very crucial, I cant risk overwriting my old configuration. > >The old server is built with >#configure --prefix=/opt/freeradius >#make >#su >#make install > >Thanks to you all in advance and please notice that I'm not that of an >expert on RADIUS... > >Keep up the good work! > > > -- Vicky El Fhaily Integration Manager TRUSTIVE (France) WTC 2, Les Bouillides 120, Route des Macarons Parc de Sophia Antipolis 06560 Valbonne, France Phone: +33 493 65 25 63 Fax: +33 493 65 21 56 www.trustive.com / www.corp.trustive.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1. (20050527) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please resend this message to Kim Jones'
Please resend this message to Kim Jones' new email address. Thank You. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius+mysql error
I checked bu there is no "mysqld.sock" in /var/run/mysqld. May be because my sql is not started. Because it gives back an error telling that " mysqld dead but subsys locked Rupak Rupak wrote: >Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the >file and found that the value of user= was set to mysql. Where as in the >sql.conf file I pointed out the following >Login = "root" >Password = "password".But I don't know how to configure mysql.Does any one >have a link to a good tutorial.As I am a newbie in the world of mysql > >Hi, > > > >>Thank you for the reply I think I have compiled free radius with mysql >>support because I had installed it --with-experimental-modules.Now if I >>start the sql server by giving the command "mysql -u root -p rootpass >> >> >radius > > >>< db_mysql.sql" then it returns me with the following error >> >>Error 2002: can't connect to local mysql server through socket >>/var/lib/mysql/mysql.sock (111) >> >>What may be the problem.The following is my radius.conf for "authorize and >>accounting section >> >> > >this isnt a FreeRADIUS problem at this point - the above error message is a >straight >'mysql cannot talk to mysql server'. check that > >1) mysql is running >2) mysql is configured to allow your host to talk to it >3) mysql is configured to allow root account to talk to it - and that the >password is correct >4) firewall issues - check that you arent blocking mysql conversations in >some wierd way > >alan >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > >__ NOD32 1. (20050527) Information __ > >This message was checked by NOD32 antivirus system. >http://www.nod32.com > > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > Additionally, if mysql failed to start have a look at /var/log/mysql_error.log or something similar to that. It will tell you the reason... Also something could have screwed your /var/run/mysql/mysqld.sock. For testing u may rename the file and restart mysqld then. It should then create a new socket... cheers Sebastian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: upgrading freeRADIUS
Hi Stéphane (and all the others of course), Thats is what I was trying to do, configure and install the new version elsewhere but still on the same machine (I'm gonna set the default ports to something else so there will be no conflicts). Now I've downloaded version 1.0.2 and I get a compilation error. I do : #configure --prefix=/opt/freeradius1.0.2 #make and in the end of the compilation output I get this... In file included from x99_rlm.c:54: x99.h:26:42: openssl/des.h: No such file or directory gmake[6]: *** [x99_rlm.o] Error 1 gmake[6]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules/rlm_x99_token' gmake[5]: *** [common] Error 1 gmake[5]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules' gmake[4]: *** [all] Error 2 gmake[4]: Leaving directory `/home/vicky/freeradius-1.0.2/src/modules' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/home/vicky/freeradius-1.0.2/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/vicky/freeradius-1.0.2/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/home/vicky/freeradius-1.0.2' make: *** [all] Error 2 zsh: exit 2 make What am I missing? Cheers Vicky DELORT Stephane wrote: Hello Vicky, Haven't you try to copy your config files and do the upgrade on a test system ? (create an exact replica on another machine and upgrade it) I think it would be useful to post an "howto to upgrade from xxx to yyy" once you've done it. regards, Stéphane -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de vicky Envoyé : mardi 31 mai 2005 11:31 À : FreeRadius users mailing list Objet : upgrading freeRADIUS Hi list subscribers, hi list admins, (again) I'm running a freeRADIUS server version 0.8.1 (I know it is ancient) and I want to upgrade it to the latest version available. I have been trying to find some kind of procedure to upgrading but with no success. Does anyone know how to (in a fairly simple way) safely upgrade? The safetyness is very crucial, I cant risk overwriting my old configuration. The old server is built with #configure --prefix=/opt/freeradius #make #su #make install Thanks to you all in advance and please notice that I'm not that of an expert on RADIUS... Keep up the good work! -- Vicky El Fhaily Integration Manager TRUSTIVE (France) WTC 2, Les Bouillides 120, Route des Macarons Parc de Sophia Antipolis 06560 Valbonne, France Phone: +33 493 65 25 63 Fax: +33 493 65 21 56 www.trustive.com / www.corp.trustive.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Fw: Please resend this message to Kim Jones'
Thanks Jim, I've added the offender to my blocked sender list . ;-) Chris - Original Message - From: "Jim Seymour" <[EMAIL PROTECTED]> To: Cc: <[EMAIL PROTECTED]> Sent: Tuesday, May 31, 2005 1:17 PM Subject: Re: Please resend this message to Kim Jones' "Christopher Bootland" <[EMAIL PROTECTED]> wrote: Why is Kim Jones at SimplyNet (?) harvesting addresses on this mailing list? I can't think of a valid reason why a third-party needs to know. Does anybody have any more information? Most likely what's happening is he, or whomever at his old email address, is running lame email software that's auto-responding to traffic from the mailing list. This is, more often than not, the fault of Windows-based malware that doesn't know any better than to auto-respond to "bulk" or "list" precedence messages, or to messages not addressed directly to the recipient. The "X-Mailer: " in his auto-responses suggests this is another such example. The list owner needs to manually remove "[EMAIL PROTECTED]" from the mailing list. Jim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- This message has been scanned for viruses and dangerous content by CyberOne E-Mail Spam and Virus Protection Service, and is believed to be clean from viruses. CyberOne accepts no responsibility for the content of messages in transit through our servers. -- Suspected unsolicited commercial bulk messages (SPAM) have been marked with {Spam?} tag in the subject line enabling you to filter them out by using your mail software's filtering capabilities. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please resend this message to Kim Jones'
Please resend this message to Kim Jones' new email address. Thank You. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+mysql error
Rupak wrote: Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the file and found that the value of user= was set to mysql. Where as in the sql.conf file I pointed out the following Login = "root" Password = "password".But I don't know how to configure mysql.Does any one have a link to a good tutorial.As I am a newbie in the world of mysql Hi, Thank you for the reply I think I have compiled free radius with mysql support because I had installed it --with-experimental-modules.Now if I start the sql server by giving the command "mysql -u root -p rootpass radius < db_mysql.sql" then it returns me with the following error Error 2002: can't connect to local mysql server through socket /var/lib/mysql/mysql.sock (111) What may be the problem.The following is my radius.conf for "authorize and accounting section this isnt a FreeRADIUS problem at this point - the above error message is a straight 'mysql cannot talk to mysql server'. check that 1) mysql is running 2) mysql is configured to allow your host to talk to it 3) mysql is configured to allow root account to talk to it - and that the password is correct 4) firewall issues - check that you arent blocking mysql conversations in some wierd way alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1. (20050527) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Additionally, if mysql failed to start have a look at /var/log/mysql_error.log or something similar to that. It will tell you the reason... Also something could have screwed your /var/run/mysql/mysqld.sock. For testing u may rename the file and restart mysqld then. It should then create a new socket... cheers Sebastian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+mysql error
Rupak wrote: Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the file and found that the value of user= was set to mysql. Where as in the sql.conf file I pointed out the following Login = "root" Password = "password".But I don't know how to configure mysql.Does any one have a link to a good tutorial.As I am a newbie in the world of mysql Hi, Thank you for the reply I think I have compiled free radius with mysql support because I had installed it --with-experimental-modules.Now if I start the sql server by giving the command "mysql -u root -p rootpass radius < db_mysql.sql" then it returns me with the following error Error 2002: can't connect to local mysql server through socket /var/lib/mysql/mysql.sock (111) What may be the problem.The following is my radius.conf for "authorize and accounting section this isnt a FreeRADIUS problem at this point - the above error message is a straight 'mysql cannot talk to mysql server'. check that 1) mysql is running 2) mysql is configured to allow your host to talk to it 3) mysql is configured to allow root account to talk to it - and that the password is correct 4) firewall issues - check that you arent blocking mysql conversations in some wierd way alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1. (20050527) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html usually there is no need to change anythin in my.cnf by default. Per default the mysql user root exists and has *NO* password set! If u want to restrict him to use password or restrict him to hosts u can either use the mysql-set-permission utility or enter the mysql console and use sql like that: grant all privileges on . to root@ identified by ""; wildards at database and tables are allowed. U may use *.* if u want to restrict root for all existing databases! host can be your hostname, or localhost or an ip address. Usually it is a good thing to restrict root to connections from localhost. And do not forget the semicolon at the end of the line :D U should not restrict the privileges of root ;) cheers Sebastian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ldap huntgroups and groups
Continuing with huntgroups and groups. I followed the most recent instructions below. The client uses the default group below. I see the reply message come through in the request But the request gets access accept instead of access reject? > > > # > ### default ldap group does not succeed > > ## > > DEFAULT Auth-Type := Reject > Reply-Message = "sorry you are not allowed to dial in here" > The reply message should go on the second line on this one. Reply message is not a check item. Also, technically, you don't need Simultaneous User, since they are being rejected this session will never be added. Your user was found in a group, however, it should have been rejected since you have fall-though = 1 (yes). It should have fallen through to the default reject line. Note: This is probably not what you want, because all users will be rejected when you fix the Reject line. I would change Fall-Through = no (0), to all your Ldap-Group entries above it. Move the Reply-Message to the second line. DEFAULT Auth-Type := Reject Reply-Message = "You cannot dial in here" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 1.0.2 crashes in startup due tls
Hey, Not sure if this would belong to devel list, but still. I'm trying to test the PEAP support, but Freeradius 1.0.2 dies when it loads and configures the tls module. In older version 0.9.3 the tls works a-ok, but it has no peap support. Anyone have idea if this is a known problem and if there is version in which the peap runs. OpenSSL version: OpenSSL 0.9.7e 25 Oct 2004 Here is the log and stack from running radiusd -X under gdb: (gdb) run -X Starting program: /usr/local/sbin/radiusd -X (no debugging symbols found) [Thread debugging using libthread_db enabled] [New Thread 16384 (LWP 5377)] Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: bind_address = 192.168.1.50 IP address [192.168.1.50] main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "peap" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/foocerts/privkey.pem" tls: certificate_file = "/usr/local/etc/raddb/foocerts/cacert.pem" tls: CA_file = "/usr/local/etc/raddb/foocerts/cacert.pem" tls: private_key_password = "SecretKeyPass77" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/dev/urandom" tls: fragment_size = 1024 tls: include_length = yes rlm_eap_tls: conf N ctx stored rlm_eap: Loaded and initialized type tls Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 16384 (LWP 5377)] 0x400630df in lt_dlsym (handle=0x815e3f0, symbol=0xbfffe970 "rlm_eap_peap") at ltdl.c:3330 3330 lensym = LT_STRLEN (symbol) + LT_STRLEN (handle->loader->sym_prefix) (gdb) bt #0 0x400630df in lt_dlsym (handle=0x815e3f0, symbol=0xbfffe970 "rlm_eap_peap") at ltdl.c:3330 #1 0x402324c7 in eaptype_load (type=0xc, eap_type=12, cs=0xc) at eap.c:114 #2 0x40231aea in eap_instantiate (cs=0x80a7410, instance=0xc) at rlm_eap.c:134 #3 0x080558f3 in find_module_instance () #4 0x08056cd5 in modcall () #5 0x08056e32 in compile_modsingle () #6 0x08055dad in find_module_instance () #7 0x08056144 in setup_modules () #8 0x0804cea0 in main () (gdb) -- Mikko Saarinen [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: upgrading freeRADIUS
Hello Vicky, Haven't you try to copy your config files and do the upgrade on a test system ? (create an exact replica on another machine and upgrade it) I think it would be useful to post an "howto to upgrade from xxx to yyy" once you've done it. regards, Stéphane -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] la part de vicky Envoyé : mardi 31 mai 2005 11:31 À : FreeRadius users mailing list Objet : upgrading freeRADIUS Hi list subscribers, hi list admins, (again) I'm running a freeRADIUS server version 0.8.1 (I know it is ancient) and I want to upgrade it to the latest version available. I have been trying to find some kind of procedure to upgrading but with no success. Does anyone know how to (in a fairly simple way) safely upgrade? The safetyness is very crucial, I cant risk overwriting my old configuration. The old server is built with #configure --prefix=/opt/freeradius #make #su #make install Thanks to you all in advance and please notice that I'm not that of an expert on RADIUS... Keep up the good work! -- Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
upgrading freeRADIUS
Hi list subscribers, hi list admins, (again) I'm running a freeRADIUS server version 0.8.1 (I know it is ancient) and I want to upgrade it to the latest version available. I have been trying to find some kind of procedure to upgrading but with no success. Does anyone know how to (in a fairly simple way) safely upgrade? The safetyness is very crucial, I cant risk overwriting my old configuration. The old server is built with #configure --prefix=/opt/freeradius #make #su #make install Thanks to you all in advance and please notice that I'm not that of an expert on RADIUS... Keep up the good work! -- Vicky - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+mysql error
U dont have to change anything to my.cnf as when u install the new rpm, the cnf file will be automatically adjusted. After succesful installation, run the mysql client. After the successful running, do some changes to sql.conf in raddb as u wish. for tutorial , try mysql website as they got good manual. On 6/1/05, Rupak <[EMAIL PROTECTED]> wrote: > Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the > file and found that the value of user= was set to mysql. Where as in the > sql.conf file I pointed out the following > Login = "root" > Password = "password".But I don't know how to configure mysql.Does any one > have a link to a good tutorial.As I am a newbie in the world of mysql > > Hi, > > > Thank you for the reply I think I have compiled free radius with mysql > > support because I had installed it --with-experimental-modules.Now if I > > start the sql server by giving the command "mysql -u root -p rootpass > radius > > < db_mysql.sql" then it returns me with the following error > > > > Error 2002: can't connect to local mysql server through socket > > /var/lib/mysql/mysql.sock (111) > > > > What may be the problem.The following is my radius.conf for "authorize and > > accounting section > > this isnt a FreeRADIUS problem at this point - the above error message is a > straight > 'mysql cannot talk to mysql server'. check that > > 1) mysql is running > 2) mysql is configured to allow your host to talk to it > 3) mysql is configured to allow root account to talk to it - and that the > password is correct > 4) firewall issues - check that you arent blocking mysql conversations in > some wierd way > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > __ NOD32 1. (20050527) Information __ > > This message was checked by NOD32 antivirus system. > http://www.nod32.com > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kamran Bukhari - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius+mysql error
Ya you must be right. I have'nt configured the file /etc/my.cnf.I saw the file and found that the value of user= was set to mysql. Where as in the sql.conf file I pointed out the following Login = "root" Password = "password".But I don't know how to configure mysql.Does any one have a link to a good tutorial.As I am a newbie in the world of mysql Hi, > Thank you for the reply I think I have compiled free radius with mysql > support because I had installed it --with-experimental-modules.Now if I > start the sql server by giving the command "mysql -u root -p rootpass radius > < db_mysql.sql" then it returns me with the following error > > Error 2002: can't connect to local mysql server through socket > /var/lib/mysql/mysql.sock (111) > > What may be the problem.The following is my radius.conf for "authorize and > accounting section this isnt a FreeRADIUS problem at this point - the above error message is a straight 'mysql cannot talk to mysql server'. check that 1) mysql is running 2) mysql is configured to allow your host to talk to it 3) mysql is configured to allow root account to talk to it - and that the password is correct 4) firewall issues - check that you arent blocking mysql conversations in some wierd way alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1. (20050527) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to authenticate users against a Windoze AD server with krb5?
Hi list, I'm trying to authenticate users against a Windows AD server using the krb5 module... but due to missing documentation on how to do this, I'm stuck. When I try to get a Kerberos ticket using kinit on the radius machine, it works. But when I try to use the krb5 module, it always gives me a Reject... Is there anywhere a detailed howto available? Google didn't help me much... :( Cheers Arne -- Arne Götje (高盛華) <[EMAIL PROTECTED]> PGP/GnuPG key: 1024D/685D1E8C Fingerprint: 2056 F6B7 DEA8 B478 311F 1C34 6E9F D06E 685D 1E8C Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. pgpJlLf1F5uJK.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Please resend this message to Kim Jones'
Please resend this message to Kim Jones' new email address. Thank You. [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+mysql error
Hi, > Thank you for the reply I think I have compiled free radius with mysql > support because I had installed it --with-experimental-modules.Now if I > start the sql server by giving the command "mysql -u root -p rootpass radius > < db_mysql.sql" then it returns me with the following error > > Error 2002: can't connect to local mysql server through socket > /var/lib/mysql/mysql.sock (111) > > What may be the problem.The following is my radius.conf for "authorize and > accounting section this isnt a FreeRADIUS problem at this point - the above error message is a straight 'mysql cannot talk to mysql server'. check that 1) mysql is running 2) mysql is configured to allow your host to talk to it 3) mysql is configured to allow root account to talk to it - and that the password is correct 4) firewall issues - check that you arent blocking mysql conversations in some wierd way alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius+mysql error
Well I have installed the following things of my sql.The things are the following. rpm -q mysql--it is installed rpm -q mysql-server--it is installed rpm -q mysql-devel---it is installed. These packages were installed from redhat9.But when I start the service Service mysqld start/status it says "mysqld dead but subsys locked.what may be the problem?. Try installing the Mysql rpm separately and then check wether ur MySQL is running correctly or not. Try this tweak,hope it will clear the mess. : > > Thank you for the reply I think I have compiled free radius with mysql > support because I had installed it --with-experimental-modules.Now if I > start the sql server by giving the command "mysql -u root -p rootpass radius > < db_mysql.sql" then it returns me with the following error > > Error 2002: can't connect to local mysql server through socket > /var/lib/mysql/mysql.sock (111) > > What may be the problem.The following is my radius.conf for "authorize and > accounting section > > authorize { > preprocess > # counter > # attr_filter > # eap >suffix >sql >files > # mschap > } > > accounting { ># acct_unique >detail > # counter >unix >sql >radutmp > # sradutmp > } > > and I have not commented the default values.Will make any problem?. > > > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the > > search path of your system's ld. > > radiusd.conf[14]: sql: Module instantiation failed. > > Compile freeradius with MySQL support, or alternatively get a RPM which > already > have this support compiled into it. > > -- > Chris. -- Kamran Bukhari - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Certificate creation????
Hi, What i am doing wrong? The creation of my certificates for EAP/TLS with CA.all or CA.certs always end with an message like this: - Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, YOUR name) []:Email Address []: Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []:An optional company name []:Using configuration from /etc/ssl/openssl.cnf ./demoCA/serial: No such file or directory error while loading serial number 3164:error:02001002:system library:fopen:No such file or directory:bss_file.c:276:fopen('./demoCA/serial','r') 3164:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:278: Failed to do sign certificate radius:/usr/local/etc/raddb/certs # So i looked for the serial file. But it dosn´t exist. I think because of an earlier message: CA certificate filename (or enter to create) unknown option -next_serial usage: x509 args -inform arg - input format - default PEM (one of DER, NET or PEM) -outform arg- output format - default PEM (one of DER, NET or PEM) -keyform arg- private key format - default PEM -CAform arg - CA format - default PEM -CAkeyform arg - CA key format - default PEM -in arg - input file - default stdin -out arg- output file - default stdout -passin arg - private key password source -serial - print serial number value -hash - print hash value -subject- print subject DN -issuer - print issuer DN -email - print email address(es) -startdate - notBefore field -enddate- notAfter field -purpose- print out certificate purposes -dates - both Before and After dates -modulus- print the RSA key modulus -pubkey - output the public key -fingerprint- print the certificate fingerprint -alias - output certificate alias -noout - no certificate output -ocspid - print OCSP hash values for the subject name and public key -trustout - output a "trusted" certificate -clrtrust - clear all trusted purposes -clrreject - clear all rejected purposes -addtrust arg - trust certificate for a given purpose -addreject arg - reject certificate for a given purpose -setalias arg - set certificate alias -days arg - How long till expiry of a signed certificate - def 30 days -checkend arg - check whether the cert expires in the next arg seconds exit 1 if so, 0 if not -signkey arg- self sign cert with arg -x509toreq - output a certification request object -req- input is a certificate request, sign and output. -CA arg - set the CA certificate, must be PEM format. -CAkey arg - set the CA key, must be PEM format missing, it is assumed to be in the CA file. -CAcreateserial - create serial number file if it does not exist -CAserial arg - serial file -set_serial - serial number to use -text - print the certificate in text form -C - print out C code forms -md2/-md5/-sha1/-mdc2 - digest to use -extfile- configuration file with X509V3 extensions to add -extensions - section from config file with X509V3 extensions to add -clrext - delete extensions before signing and input certificate -nameopt arg- various certificate name options -engine e - use engine e, possibly a hardware device. -certopt arg- various certificate text options Can anyone help me plaese?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ADSL access server, freeradius and MULTI IP assignement
Hi all. I'm trying to set up a fully operational adsl access router so i mean, I have a cisco 7200 as access server (NAS) and a freeradius. Everythings works fine (dynamic and one static IP assignement) exept for the multi IP assignement (so one starting IP and a netmask). In this case the clients authenticate but the IP is not assigned at all so they can't access Internet. What is the problem? This is my configuration parameters for /etc/raddb/xxx.users file: x Auth-Type := Local,User-Password == "adsl" #not working Framed-IP-Address = x.x.x.x, Framed-IP-Netmask = 255.255.255.248, Fall-Through = Yes, x Auth-Type := Local,User-Password == "adsl" #working well X-Ascend-Assign-IP-Pool = 3, Fall-Through = Yes, x Auth-Type := Local,User-Password == "adsl" #working well Framed-IP-Address = x.x.x.x, Fall-Through = Yes, I'm sorry but I'm not expert at all in freeradius software, I'm a very beginner, can you help me? Many thanks, Dario Maurich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius+mysql error
Try installing the Mysql rpm separately and then check wether ur MySQL is running correctly or not. Try this tweak,hope it will clear the mess. On 6/1/05, Rupak <[EMAIL PROTECTED]> wrote: > > Thank you for the reply I think I have compiled free radius with mysql > support because I had installed it --with-experimental-modules.Now if I > start the sql server by giving the command "mysql -u root -p rootpass radius > < db_mysql.sql" then it returns me with the following error > > Error 2002: can't connect to local mysql server through socket > /var/lib/mysql/mysql.sock (111) > > What may be the problem.The following is my radius.conf for "authorize and > accounting section > > authorize { > preprocess > # counter > # attr_filter > # eap >suffix >sql >files > # mschap > } > > accounting { ># acct_unique >detail > # counter >unix >sql >radutmp > # sradutmp > } > > and I have not commented the default values.Will make any problem?. > > > > > On Mon, May 30, 2005 at 04:23:24PM -0700, Rupak wrote: > > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the > > search path of your system's ld. > > radiusd.conf[14]: sql: Module instantiation failed. > > Compile freeradius with MySQL support, or alternatively get a RPM which > already > have this support compiled into it. > > -- > Chris. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > __ NOD32 1. (20050527) Information __ > > This message was checked by NOD32 antivirus system. > http://www.nod32.com > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kamran Bukhari - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius + peap + wifi + mac os x
Hi, I'm using freeradius (+mysql) in a wireless infrastructure with a dozen of linksys WAP54G access point (using AES). Authentication is PEAP with mschapv2. All go right when use Windows clients but no response using Mac Os X clients. Any ideas? Someone says me that MacOsX use a tunnel with md5 nor mschapv2. Note that is server starts with -X no authentication is required from MacOsX client. thanks in advance v. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Freeradius+mysql error
Thank you for the reply I think I have compiled free radius with mysql support because I had installed it --with-experimental-modules.Now if I start the sql server by giving the command "mysql -u root -p rootpass radius < db_mysql.sql" then it returns me with the following error Error 2002: can't connect to local mysql server through socket /var/lib/mysql/mysql.sock (111) What may be the problem.The following is my radius.conf for "authorize and accounting section authorize { preprocess # counter # attr_filter # eap suffix sql files # mschap } accounting { # acct_unique detail # counter unix sql radutmp # sradutmp } and I have not commented the default values.Will make any problem?. On Mon, May 30, 2005 at 04:23:24PM -0700, Rupak wrote: > rlm_sql (sql): Could not link driver rlm_sql_mysql: file not found > rlm_sql (sql): Make sure it (and all its dependent libraries!) are in the > search path of your system's ld. > radiusd.conf[14]: sql: Module instantiation failed. Compile freeradius with MySQL support, or alternatively get a RPM which already have this support compiled into it. -- Chris. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ NOD32 1. (20050527) Information __ This message was checked by NOD32 antivirus system. http://www.nod32.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html