Re: Error building version 1.1.1
On Thu, Mar 23, 2006 at 08:19:19AM +0100, Stefan Winter wrote: > Hi, > > > The makefile in src/lib creates the lib directory before it installs > > anything in it. I have no idea why building an RPM would result in > > things happening in the reverse order. > Indeed the installation fails (I used --prefix in configure) and I compiled from sources without trying to make a package of any sort. By searching I found the following patch: Index: Makefile === RCS file: /source/radiusd/src/lib/Makefile,v retrieving revision 1.28 diff -u -r1.28 Makefile --- Makefile 22 Jan 2006 21:46:35 - 1.28 +++ Makefile 6 Mar 2006 17:51:34 - -48,6 +48,6 rm -rf .libs install: all - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir) + $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir)/$(TARGET).la rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la This solved the issue. > It doesn't only happen when building an RPM. I installed from the tarball and > the same thing happened. It worked when I manually created lib/ after the > first failed attempt und tried it a second time (SuSE 8.2). > Nicolas Baradakis sent me a patched Makefile, I will try that soon and report > back if it fixes the issue. > > Greetings, > > Stefan Winter > > -- > Stefan WINTER > > Stiftung RESTENA - Rιseau Tιlιinformatique de l'Education Nationale et de > la Recherche > Ingenieur Forschung & Entwicklung > > 6, rue Richard Coudenhove-Kalergi > L-1359 Luxembourg > E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 > http://www.restena.lu Fax: +352 422473 > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Kostas Zorbadelos [EMAIL PROTECTED] contact: kzorba (at) otenet.gr Out there in the darkness, out there in the night out there in the starlight, one soul burns brighter than a thousand suns. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
That is not possible, because I use rpmbuild. I it only possible to patch the sources. But what have changed?? 1.1.0 will work without any problems!!! Nicolas Baradakis schrieb: > Frank Büttner wrote: > >> Ok now compiling works, but at make install I get another error: >> ln -s libradius.la >> /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la >> ln: creating symbolic link >> `/var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la' to >> `libradius.la': No such file or directory > > Now it's the same error as posted yesterday by someone else. I don't > know exactly how to fix the bug because I've no problem to build a > Debian package. > > Could you please try if the following patch fixes the problem? > > Index: src/lib/Makefile > === > RCS file: /source/radiusd/src/lib/Makefile,v > retrieving revision 1.20.4.3 > diff -u -r1.20.4.3 Makefile > --- src/lib/Makefile 10 Feb 2006 19:47:04 - 1.20.4.3 > +++ src/lib/Makefile 21 Mar 2006 17:19:21 - > @@ -48,6 +48,6 @@ > rm -rf .libs > > install: all > - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir) > + $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la > $(R)$(libdir)/$(TARGET).la > rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; > ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la > Index: src/modules/rlm_eap/libeap/Makefile > === > RCS file: /source/radiusd/src/modules/rlm_eap/libeap/Makefile,v > retrieving revision 1.1.4.2 > diff -u -r1.1.4.2 Makefile > --- src/modules/rlm_eap/libeap/Makefile 10 Feb 2006 19:47:09 - > 1.1.4.2 > +++ src/modules/rlm_eap/libeap/Makefile 21 Mar 2006 17:19:21 - > @@ -38,6 +38,6 @@ > rm -rf .libs > > install: all > - $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la $(R)$(libdir) > + $(LIBTOOL) --mode=install $(INSTALL) -c $(TARGET).la > $(R)$(libdir)/$(TARGET).la > rm -f $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la; > ln -s $(TARGET).la $(R)$(libdir)/$(TARGET)-$(RADIUSD_VERSION).la > > smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Hi, > The makefile in src/lib creates the lib directory before it installs > anything in it. I have no idea why building an RPM would result in > things happening in the reverse order. It doesn't only happen when building an RPM. I installed from the tarball and the same thing happened. It worked when I manually created lib/ after the first failed attempt und tried it a second time (SuSE 8.2). Nicolas Baradakis sent me a patched Makefile, I will try that soon and report back if it fixes the issue. Greetings, Stefan Winter -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Ignoring request from unknown client *.*.*.* 2244
I have configured FreeRadius to use Mysql.It seemed Mysql works well when I input "Radiusd -X". However when I use NtRadPing to test,I always get the following error: rad_recv: Access-Request packet from host 202.117.15.164:2244, id=0, length=43Ignoring request from unknown client 202.117.15.164:2244 --- Walking the entire request list --- I insert items into the table 'nas' int the 'radius' database like : +++---+---+---++---+---+| id | nasname | shortname | type | ports | secret | community | description |+++---+---+---++---+---+ | 1 | 202.117.15.164 | liv1 | other | NULL | testing123 | NULL | RADIUS Client |+++---+---+---++---+---+ But it doesn't work. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Tagged Vlans
Hi All, Does Free Radius support tagging of VLAN's Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Table radacct is empty
Hi,
Yes, SQL is ok to query in accounting section. Here is a part of my
radiusd.conf :
# The rlm_sql_log module appends the SQL queries in a log
# file which is read later by the radsqlrelay program.
#
# This module only performs the dynamic expansion of the
# variables found in the SQL statements. No operation is
# executed on the database server. (this could be done
# later by an external program) That means the module is
# useful only with non-"SELECT" statements.
#
# See rlm_sql_log(5) manpage.
#
sql_log {
path = ${radacctdir}/sql-relay
acct_table = "radacct"
postauth_table = "radpostauth"
Start = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '%S', '0', '0', '');"
Stop = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \
'%{Acct-Terminate-Cause}');"
Alive = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
AcctSessionTime, AcctTerminateCause) VALUES \
('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
'%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');"
Post-Auth = "INSERT INTO ${postauth_table} \
(user, pass, reply, date) VALUES\
('%{User-Name}', '%{User-Password:-Chap-Password}', \
'%{reply:Packet-Type}', '%S');"
}
..
..
$INCLUDE ${confdir}/sql.conf
..
..
authorize {
sql
...
...
accounting {
sql
sql_log
session
sql
post-auth {
sql
sql_log
Moreover, the information are written in a file (sql-relay) which (is I have
understand correctly) is used by the radsqlrelay binary to put the information
in database.
The fact is that for the post-auth part, it works bacause i get all the information of
the post authorisation in the "radpostauth" table. But in this sql-relay file,
there's only information about post-auth...nothing about accounting !!
The strange thing is that there's some informations about accounting in others file
"auth-detail" and "reply-detail", but not in sql format.
some lines of the files :
"sql-relay"
INSERT INTO radpostauth (user, pass, reply,
date) VALUES('joseph', 'Chap-Password',
'Access-Accept', '2006-03-21 15:28:48');
-
"reply-detail"
Packet-Type = Access-Accept
Wed Mar 22 18:04:18 2006
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.0
Framed-MTU = 1
Framed-Compression = Van-Jacobson-TCP-IP
Service-Type = Login-User
Session-Timeout = 1000
Idle-Timeout = 500
Port-Limit = 10
Reply-Message = "Bye Mr Joseph !"
MS-MPPE-Recv-Key =
0x315cddbc0724d537fdb446a4fc50756d12cc3b005e452caeafe6e867a8a273da
MS-MPPE-Send-Key =
0x99246dc1071a72f26b069f36cf13c4c865705471f3dbd0dfa1515615affd3004
EAP-Message = 0x03090004
Message-Authenticator = 0x
User-Name = "joseph"
--
"auth-detail"
Packet-Type = Access-Request
Wed Mar 22 17:46:52 2006
User-Name = "joseph"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
NAS-Identifier =
"default\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
Calling-Station-Id = "00-12-f0-4f-19-26"
EAP-Message = 0x0201000b016a6f73657068
NAS-IP-Address = 192.168.0.50
Message-Authenticator = 0x3796599b7cebc6895c6a57f7444cccfc
Client-IP-Address = 192.168.0.50
---
Best regards,
Vincent
--
Message: 3
Date: Wed, 22 Mar 2006 09:17:08 -0500
From: "Alex M" <[EMAIL PROTECTED]>
Subject: RE: Table radacct is empty
To: "'FreeRadius users mailing list'"
Message-ID: <[EMAIL PROTECTED]>
Content-Type: text/plain; charset="us-ascii"
Did u authorize SQL in accounting section?
-Original Message-
From:
[EMAIL PROTECTED]
.
Re: Authentication with LDAP
fvt3 <[EMAIL PROTECTED]> wrote: > How do you hide password that is sent to LDAP so it > will not show up in the log and in debug mode ..Thanks > in advance I don't think the LDAP password is logged normally. But it *is* printed out in debugging mode, nad that won't change. Printout out what the server is doing is the whole point of debugging mode. Alan DEKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Replicate Accounting Records
Tye Lougheed <[EMAIL PROTECTED]> wrote: > I am running FreeRadius version 0.9.3 Upgrade: http://www.freeradius.org/security.html > and need to determine the method for > replicating an accounting record and forwarding it to a secondary accounting > server. I am also not clear on how to specify the secondary accounting > server in order to accomplish this. See radrelay. If it's not in 0.9.3 (I don't recall), it's in the most recent version. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Replicate Accounting Records
I am running FreeRadius version 0.9.3 and need to determine the method for replicating an accounting record and forwarding it to a secondary accounting server. I am also not clear on how to specify the secondary accounting server in order to accomplish this. I am only interested in receiving the start/stop packets no other updates are required. Thanks, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Authentication with LDAP
Question, How do you hide password that is sent to LDAP so it will not show up in the log and in debug mode ..Thanks in advance __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Nicolas Baradakis schrieb: > Frank Büttner wrote: > >>> Did you edit freeradius.spec ? >>> >> yes. >> here the config part: >> >> %configure \ >> 103 --disable-static \ > > Don't use the --disable-static option, it's the cause of the message > "radeapclient.o: No such file or directory" > Ok now compiling works, but at make install I get another error: /home/frank/RPM/BUILD/freeradius-1.1.1/install-sh -c -c .libs/libradius.lai /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/libradius.la /home/frank/RPM/BUILD/freeradius-1.1.1/install-sh -c -c .libs/libradius.a /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/libradius.a ranlib /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/libradius.a chmod 644 /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/libradius.a libtool: install: warning: remember to run `libtool --finish /usr/lib' rm -f /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la; ln -s libradius.la /var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la ln: creating symbolic link `/var/tmp/freeradius-1.1.1-Frank-buildroot/usr/lib/libradius-1.1.1.la' to `libradius.la': No such file or directory smime.p7s Description: S/MIME Cryptographic Signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Want to use 2 different authentication-methods
On Wed, 2006-22-03 at 15:15 +0100, Hans-Peter Fuchs wrote: > I use freeradius 1.0.5 > > for a special NAS I want to use 2 user databases. > > requests from nas-special should first verified per sql > If and only if sql does not verify the user try pam. > > In users I have: > # new > DEFAULT NAS-IP-Address == special, Autz-Type := SQL > Idle-Timeout = 3600, > Session-Timeout= 7200, > Fall-Through = yes > end new > begin old config: works > DEFAULT Auth-Type = Pam Have you tried : DEFAULT NAS-IP-Address != special, Auth-Type = Pam ... > Service-Type = Framed-User, > Nomadix-Bw-Up = 128, > Fall-Through = yes > ### end old config > ### begin new config > # pam-authentified users from ssg get Ainternet-attribute > DEFAULT NAS-IP-Address == special > Service-Type = Framed-User, > Idle-Timeout = 3600, > Session-Timeout= 7200, > Cisco-Account-Info += "KW0", > Fall-Through = yes > ### end new config > > But with this users who are verified by sql are also checked against > pam. Do you have some tips? > > Output from radiusd -X: > > rlm_sql (sql): Released sql socket id: 3 > modcall[authorize]: module "sql" returns ok for request 0 > modcall: group Autz-Type returns ok for request 0 > rad_check_password: Found Auth-Type Pam > auth: type "PAM" > Processing the authenticate section of radiusd.conf > modcall: entering group authenticate for request 0 > pam_pass: using pamauth string for pam.conf lookup > pam_pass: function pam_authenticate FAILED for . Reason: Permission > denied > modcall[authenticate]: module "pam" returns reject for request 0 > modcall: group authenticate returns reject for request 0 > auth: Failed to validate the user. > > > Grüße > > Hans-Peter Fuchs > > > Hans-Peter Fuchs - RZKR, Zimmer 20 > Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK > Universität zu Köln - Tel: 0221-470-6972 > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Version 1.1.1 has been released
On Wed, 2006-22-03 at 08:22 +0100, Stefan Winter wrote: > Hi, > > > I understand that this change is what you want, but there MAY be > > someone depending on the existing behaviour. This change will then > > surely break their current working configuration. They can of course > > fix it by reconfiguring the server, taking this change into > > consideration, but that is NOT the way to do a stable release cycle. > > My explanation was intended only to explain why packet handling gets a tiny > little bit faster. But you are right, there is a very minimal impact: > normal packets (with User-Name) are always passed through hints, this is > unchanged. So, the only new behaviour is that packets without User-Name > attribute are also passed through hints, which indeed is new. > However, it would only break an existing configuration iff someone relies on > the fact that his Accounting-On-Off packets are ignored in the hints run. > I don't want to judge on that, but it sure sounds odd if your configuration > relies on that. > > The patch would add consistency where it wasn't before, which is a very good > thing IMHO. But I also see your concerns. > > Stefan The problem I mentioned, when this was brought up, was that the intention for doing this was to use hints for something it was not meant for. I think it would be better to use hints as a template for a new module that does specifically what you want. If someone wants the functions the new module is designed for, they can configure it in pre-processing or where ever it is required. I don't use hints anymore, but other users who are not privy to the developers list may. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
Frank Büttner wrote: > > Did you edit freeradius.spec ? > > > yes. > here the config part: > > %configure \ > 103 --disable-static \ Don't use the --disable-static option, it's the cause of the message "radeapclient.o: No such file or directory" -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic module installation
Thanks. Thats what I thought ... just wanted to make sure. -- View this message in context: http://www.nabble.com/dynamic-module-installation-t1325486.html#a3539698 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: request object pointer offset
Thanks ... I think I've got it figured out now. Is there any reason to compile without the NDEBUG flag ? -- View this message in context: http://www.nabble.com/request-object-pointer-offset-t1325410.html#a3539679 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Questions about FreeRadius proxy
Dovelet wrote:
Hi Phil Mayers,
Thank you of your reply. Do you mean the append the following into the
radius.conf or other files? I cannot start the radiusd after I append them
into the radius.conf file. Sorry, I am really new in FreeRadius. Thanks.
The entries listed are partial config fragments. Certainly appending
them won't work. You need to open up the radiusd.conf and go to the
section specified and merge them in:
# many
# lines
# of
# config
modules {
# some
# stuff
# here
# already
# ADD THIS
passwd userValid {
file = /etc/raddb/validusers
format = "*User-Name:~Group"
}
# probably some more stuff as well
}
authorize {
preprocess
# other
# modules
# ADD THIS
userValid
# "users" must come after
users
# maybe more modules
}
# rest
# of
# config
# file
The config file is quite liberally commented - if you spend some time
reading the default config, it should be quite obvious.
HTH
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: request object pointer offset
jasonatx0001 <[EMAIL PROTECTED]> wrote: > I am having some difficulty accessing the data in the request object inside > my module. It seems the pointers are offset ... Look at the definition of the REQUEST structure in src/include/radiusd.h. Why would all of the entries be offset by one entry? And notice you're using DEBUG macros... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic module installation
jasonatx0001 <[EMAIL PROTECTED]> wrote: > Is it possible to dynamically install a new module ? i.e. > configure/make/install radius then compile a new module seperately and move > its .so to the lib directory ? Yes. That's the intent behind the design. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Load-balance and Auth-Type
"Evil I_Am" <[EMAIL PROTECTED]> wrote:
> I have this scenario: 2 radius servers must point to 2 ldap servers with a
> load-balancing and fault-tolerant configuration.
As of 1.1.0, you can do "reduntant-load-balance". See
doc/configurable_failover. That makes the configuration a little
easier.
> authenticate {
> Auth-Type LDAP {
I'd suggest just listing "ldap1" and "ldap2". The authorization
stage does most of the work, so load balancing is more important
there. And as of 1.1.0, the modules will cause themselves to be
selected in the "authenticate" section, too. So you leverage the
authorize load balancing to do authentication load balancing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user not found in freeradius "users" file
Bertrand Poulet <[EMAIL PROTECTED]> wrote: > why the user isn't found in file users of freeradius ? Since you didn't post the "users" file entries, my suggestion is to: a) read the debug log to see the line numbers from the "users" file b) look at those entries by hand, to see why the packet matched or didn't. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
request object pointer offset
I am having some difficulty accessing the data in the request object inside
my module. It seems the pointers are offset ...
inside the authenticate method of my module
...
DEBUG ("MYMODULE: request->config_items->name = %s",
request->config_items->name);
DEBUG ("MYMODULE: request->config_items->strvalue = %s",
request->config_items->strvalue);
if (!request->username)
{
DEBUG ("MYMODULE: no username found\n");
}
else
{
DEBUG ("MYMODULE: request->username->strvalue = %s\n",
request->username->strvalue);
}
if (!request->password)
{
DEBUG ("MYMODULE: no password found\n");
}
else
{
DEBUG ("MYMODULE: request->password->strvalue = %s\n",
request->password->strvalue);
}
DEBUG ("MYMODULE: request->number = %d\n", request->number);
return RLM_MODULE_REJECT;
...
and this is the output i get from radiusd -X
...
auth: type "mymodule"
Processing the authenticate section of radiusd.conf
modcall: entering group mymodule for request 0
MYMODULE: request->config_items->name = User-Name
MYMODULE: request->config_items->strvalue = testuser
MYMODULE: request->username->strvalue = test
MYMODULE: no password found
MYMODULE: request->number = 0
modcall[authenticate]: module "mymodule" returns reject for request 0
modcall: leaving group mymodule (returns reject) for request 0
auth: Failed to validate the user.
...
As you can see, the config_items VP* points to the User-name VP and the
username VP* points to the password and the password VB* is NULL. Any ideas
?
--
View this message in context:
http://www.nabble.com/request-object-pointer-offset-t1325410.html#a3537076
Sent from the FreeRadius - User forum at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dynamic module installation
Is it possible to dynamically install a new module ? i.e. configure/make/install radius then compile a new module seperately and move its .so to the lib directory ? -- View this message in context: http://www.nabble.com/dynamic-module-installation-t1325486.html#a3537333 Sent from the FreeRadius - User forum at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
user not found in freeradius "users" file
hello all , i've got a vpn server which make authentication to a freeradius server. the user "someone" is authenticated (file users of freeradius) when tested locally via radtest, but not when the request comes from nas box in first case , the user is found in file users of freeradius at line 227 , and in the second case the same user isn't found in file. instead, the user is searched in system (/etc/passwd). why the user isn't found in file users of freeradius ? thanks . [EMAIL PROTECTED] raddb]# radtest someone thepass localhost 0 secret Sending Access-Request of id 161 to 127.0.0.1 port 1812 User-Name = "someone" User-Password = "thepass" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 rad_recv: Access-Request packet from host 127.0.0.1:35045, id=161, length=59 User-Name = "someone" User-Password = "thepass" NAS-IP-Address = 255.255.255.255 NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 1 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 1 modcall[authorize]: module "chap" returns noop for request 1 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 1 rlm_realm: No '@' in User-Name = "someone", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 1 users: Matched entry DEFAULT at line 152 users: Matched entry someone at line 227 modcall[authorize]: module "files" returns ok for request 1 modcall[authorize]: module "mschap" returns noop for request 1 modcall: leaving group authorize (returns ok) for request 1 rad_check_password: Found *Auth-Type Local* auth: type Local auth: user supplied User-Password matches local User-Password Login OK: [someone/thepass] (from client localhost port 0) Sending Access-Accept of id 161 to 127.0.0.1 port 35045 == [EMAIL PROTECTED] raddb]# rad_recv: Access-Request packet from host 192.168.10.1:1025, id=181, length=156 User-Name = "someone" User-Password = "thepass" NAS-Port = 546 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "191.254.137._" Calling-Station-Id = "66.147.66.24_" Tunnel-Client-Endpoint:0 = "66.147.66.24_" NAS-IP-Address = 192.168.10.1 NAS-Port-Type = Virtual Cisco-AVPair = "ip:source-ip=66.147.66.24_" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' Invalid operator for item Suffix: reverting to '==' modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "chap" returns noop for request 2 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 2 rlm_realm: No '@' in User-Name = "someone", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 users: Matched entry DEFAULT at line 152 users: Matched entry DEFAULT at line 171 users: Matched entry DEFAULT at line 183 modcall[authorize]: module "files" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found *Auth-Type System* auth: type "System" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 2 modcall[authenticate]: module "unix" returns notfound for request 2 modcall: leaving group authenticate (returns notfound) for request 2 auth: *Failed *to validate the user. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_eap_tls sometimes fails to read files after HUP
Hi I have just upgraded to FreeRADIUS 1.1.1 after previously using the 1.0.1 RedHat package. At first startup it works fine but sometimes when the server receives a HUP signal (we do this every 15 mins) to re-read the config files I am getting the following errors :- Wed Mar 22 16:48:45 2006 : Info: Reloading configuration files. Wed Mar 22 16:48:47 2006 : Info: rlm_eap_tls: Loading the certificate file as a chain Wed Mar 22 16:48:47 2006 : Error: rlm_eap_tls: Error reading certificate file Wed Mar 22 16:48:47 2006 : Error: rlm_eap: Failed to initialize type tls Wed Mar 22 16:48:47 2006 : Error: radiusd.conf[9]: eap: Module instantiation failed. Wed Mar 22 16:48:47 2006 : Error: radiusd.conf[1719] Unknown module "eap". Wed Mar 22 16:48:47 2006 : Error: radiusd.conf[1666] Failed to parse authenticate section. At this point I have to restart. As I said this only happens sometimes, at other times it is successful and I just get this :- Wed Mar 22 16:47:36 2006 : Info: Reloading configuration files. Wed Mar 22 16:47:36 2006 : Info: rlm_eap_tls: Loading the certificate file as a chain Wed Mar 22 16:47:37 2006 : Info: Ready to process requests. Could someone advise how to go about debugging this problem? Thanks Ben Thompson - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on1.0.5)
> It works for 1.0.5 but not for 1.1.1 (and also KO for 1.1.0): [...] > checking for mysql_init in -lmysqlclient_r... no > configure: warning: mysql libraries not found. Use > --with-mysql-lib-dir=. > checking for mysql/mysql.h... yes I had the same problem yesterday. You have to recompile mysql with --enable-thread-safe-client Michael - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
Hello guys This is Vignesh here. I have just started with RADIUS. We are planning to build a VoIP billing system using Free RADIUS and Oracle as the backend and using CISCO IPIP gateway . We were planning to implement both postpaid and prepaid scenario. I believe most of you must be doing the same thing. So far we were working on PostPaid Solution. There some problems that we are facing 1. we are using triggers to do the accounting of the call. i.e. calculating the rates etc for that particular call. There many users who can call from either using gateway or using soft phones, hard phones etc. the problem is that while accounting using the trigger, there is no single column from where we can identify the user. The user can be accounted based on his ani or his remote gateway. Also we want multi leg accounting. 2. also we would like to know how we can build a prepaid solution. What are the changes that needs to be done for doing the same. Vignesh [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Error building version 1.1.1
"Sandworm" <[EMAIL PROTECTED]> wrote: > That is what I am seeing. Files are being created in the parent > directory (see below), but the symlink is being attempted from lib > directory which does not exist. The makefile in src/lib creates the lib directory before it installs anything in it. I have no idea why building an RPM would result in things happening in the reverse order. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on 1.0.5)
"Philippe JOYEZ" <[EMAIL PROTECTED]> wrote: > I'm trying to upgrade my 1.0.5 Freeradius server to 1.1.1 on my Solaris > 8 system but it fails to find mysql libs. On the same server, I use the > same configure scripts options: Use: $ LIBS=-lm -lz ./configure Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Doubt regarding sql.conf
Hello guys I am trying to modify the query for authorization in sql.conf file. I will let you know what I exactly want I want to authenticate users based on the CLID and the remote ip address. The problem is that the remote address has to be searched from a set of ips. I will give you a example Suppose that we have a user 9204 and the call for this particular user has to come from a set of ips like 222.223.33.24 or 33.44.334.44 and many more. the user will be authenticated only when the ani is 9204 and the ip is either of these only. But I am not sure how to modify the query or is there something else That I need to do.. Vignesh [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on1.0.5)
I've Installed Generic Static Developer RPMs and then compiled FreeRadius, and works fine... -Original Message- From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of Philippe JOYEZ Sent: Wednesday, March 22, 2006 9:09 AM To: freeradius-users@lists.freeradius.org Subject: Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on1.0.5) Hello All, I've seen many topics about that problem but no one of them has solved my problem. I'm trying to upgrade my 1.0.5 Freeradius server to 1.1.1 on my Solaris 8 system but it fails to find mysql libs. On the same server, I use the same configure scripts options: ./configure --localstatedir=/var --with-logdir=/var/log/radius/log --with-radacctdir=/var/log/radius/radacct --with-mysql-lib-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc/l- ib --with-mysql-include-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-spa- rc/include --with-mysql-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc It works for 1.0.5 but not for 1.1.1 (and also KO for 1.1.0): configuring in ./drivers/rlm_sql_mysql running /bin/sh ./configure --localstatedir=/var --with-logdir=/var/log/radius/log --with-radacctdir=/var/log/radius/radacct --with-mysql-lib-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc/l- ib --with-mysql-include-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-spa- rc/include --with-mysql-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc --enable-ltdl-install --cache-file=../../../../.././config.cache --srcdir=. loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for mysql_config... (cached) no checking for pthread_create in -lpthread... (cached) yes checking for mysql_init in -lmysqlclient_r... no configure: warning: mysql libraries not found. Use --with-mysql-lib-dir=. checking for mysql/mysql.h... yes configure: warning: sql submodule 'mysql' disabled creating ./config.status creating Makefile creating config.h config.h is unchanged Best regards -- Disclaimer Ce message ainsi que les eventuelles pieces jointes constituent une correspondance privee et confidentielle a l'attention exclusive du destinataire designe ci-dessus. Si vous n'etes pas le destinataire du present message ou une personne susceptible de pouvoir le lui delivrer, il vous est signifie que toute divulgation, distribution ou copie de cette transmission est strictement interdite. Si vous avez recu ce message par erreur, nous vous remercions d'en informer l'expediteur par telephone ou de lui retourner le present message, puis d'effacer immediatement ce message de votre systeme. *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Table radacct is empty
Did u authorize SQL in accounting section? -Original Message- From: [EMAIL PROTECTED] .org [mailto:[EMAIL PROTECTED] eeradius.org] On Behalf Of Vincent MARGUERIE Sent: Wednesday, March 22, 2006 4:14 AM To: freeradius Subject: Table radacct is empty Hi, I've installed freeradius 1.1.1 on a Debian Sarge distribution, and the connection works fine with my wireless windows XP client but I have a problem to get information into radacct table in my mysql database. Does anyone get solution for this ? Rq : I use a Dlink-DWL-2000AP+ as Acces Point Regards, Vincent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Want to use 2 different authentication-methods
I use freeradius 1.0.5 for a special NAS I want to use 2 user databases. requests from nas-special should first verified per sql If and only if sql does not verify the user try pam. In users I have: # new DEFAULT NAS-IP-Address == special, Autz-Type := SQL Idle-Timeout = 3600, Session-Timeout= 7200, Fall-Through = yes end new begin old config: works DEFAULT Auth-Type = Pam Service-Type = Framed-User, Nomadix-Bw-Up = 128, Fall-Through = yes ### end old config ### begin new config # pam-authentified users from ssg get Ainternet-attribute DEFAULT NAS-IP-Address == special Service-Type = Framed-User, Idle-Timeout = 3600, Session-Timeout= 7200, Cisco-Account-Info += "KW0", Fall-Through = yes ### end new config But with this users who are verified by sql are also checked against pam. Do you have some tips? Output from radiusd -X: rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns ok for request 0 modcall: group Autz-Type returns ok for request 0 rad_check_password: Found Auth-Type Pam auth: type "PAM" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 pam_pass: using pamauth string for pam.conf lookup pam_pass: function pam_authenticate FAILED for . Reason: Permission denied modcall[authenticate]: module "pam" returns reject for request 0 modcall: group authenticate returns reject for request 0 auth: Failed to validate the user. Grüße Hans-Peter Fuchs Hans-Peter Fuchs - RZKR, Zimmer 20 Zentrum fuer angewandte Informatik - Universitaetsweiter Service RRZK Universität zu Köln - Tel: 0221-470-6972 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Failed Compilation of Freeradius with Mysql since 1.1.0 (Works on 1.0.5)
Hello All, I've seen many topics about that problem but no one of them has solved my problem. I'm trying to upgrade my 1.0.5 Freeradius server to 1.1.1 on my Solaris 8 system but it fails to find mysql libs. On the same server, I use the same configure scripts options: ./configure --localstatedir=/var --with-logdir=/var/log/radius/log --with-radacctdir=/var/log/radius/radacct --with-mysql-lib-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc/l- ib --with-mysql-include-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-spa- rc/include --with-mysql-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc It works for 1.0.5 but not for 1.1.1 (and also KO for 1.1.0): configuring in ./drivers/rlm_sql_mysql running /bin/sh ./configure --localstatedir=/var --with-logdir=/var/log/radius/log --with-radacctdir=/var/log/radius/radacct --with-mysql-lib-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc/l- ib --with-mysql-include-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-spa- rc/include --with-mysql-dir=/usr/local/mysql-standard-4.1.7-sun-solaris2.8-sparc --enable-ltdl-install --cache-file=../../../../.././config.cache --srcdir=. loading cache ../../../../.././config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG ) works... yes checking whether the C compiler (gcc -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -DOPENSSL_NO_KRB5 -Wall -D_GNU_SOURCE -DNDEBUG ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking for mysql_config... (cached) no checking for pthread_create in -lpthread... (cached) yes checking for mysql_init in -lmysqlclient_r... no configure: warning: mysql libraries not found. Use --with-mysql-lib-dir=. checking for mysql/mysql.h... yes configure: warning: sql submodule 'mysql' disabled creating ./config.status creating Makefile creating config.h config.h is unchanged Best regards -- Disclaimer Ce message ainsi que les eventuelles pieces jointes constituent une correspondance privee et confidentielle a l'attention exclusive du destinataire designe ci-dessus. Si vous n'etes pas le destinataire du present message ou une personne susceptible de pouvoir le lui delivrer, il vous est signifie que toute divulgation, distribution ou copie de cette transmission est strictement interdite. Si vous avez recu ce message par erreur, nous vous remercions d'en informer l'expediteur par telephone ou de lui retourner le present message, puis d'effacer immediatement ce message de votre systeme. *** This e-mail and any attachments is a confidential correspondence intended only for use of the individual or entity named above. If you are not the intended recipient or the agent responsible for delivering the message to the intended recipient, you are hereby notified that any disclosure, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by phone or by replying this message, and then delete this message from your system. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Load-balance and Auth-Type
Hi all
I have this scenario: 2 radius servers must point to 2 ldap servers with a
load-balancing and fault-tolerant configuration.
I tried to implement this on one of the radius servers this way:
modules {
ldap ldap1 {
...
authtype = ldap #added later but seems not to work
}
ldap ldap2 {
...
authtype = ldap #added later but seems not to work
}
}
authorize {
preprocess
load-balance { # between two redundant sections below
redundant {
ldap1
ldap2
}
redundant {
ldap2
ldap1
}
}
}
authenticate {
Auth-Type LDAP {
load-balance { # between two redundant sections
below
redundant {
ldap1
ldap2
}
redundant {
ldap2
ldap1
}
}
}
but if i try to authenticate a user i see this in debug:
rad_recv: Access-Request packet from host XXX.XXX.XXX.XXX:25702, id=169,
length=77
User-Name = "XX"
User-Password = "XX"
NAS-IP-Address = XXX.XXX.XXX.XXX
NAS-Identifier = "login"
NAS-Port = 24677
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall: entering load-balance group for request 0
modcall: entering group redundant for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for XXX
radius_xlat: '(uid=XXX)'
radius_xlat: 'dc=XXX,dc=XX'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to XXX.XXX.XXX.XXX:389, authentication 0
rlm_ldap: bind as / to XXX.XXX.XXX.XXX:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in dc=XXX,dc=XX, with filter (uid=XXX)
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: Adding radiusServiceType as Service-Type, value Shell-User & op=11
rlm_ldap: extracted attribute Cisco-AVPair from generic item
cisco-avpair="shell:priv-lvl=15"
rlm_ldap: user futhwo authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap1" returns ok for request 0
modcall: leaving group redundant (returns ok) for request 0
modcall: load-balance group returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
auth: No authenticate method (Auth-Type) configuration found for the
request: Rejecting the user
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 169 to XXX.XXX.XXX.XXX port 25702
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 169 with timestamp 44212404
Nothing to do. Sleeping until we see a request.
If i keep only 1 module,call it simply ldap and give up on load balancing
everything works ok. How can i resolv this issue?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Table radacct is empty
Hi, I've installed freeradius 1.1.1 on a Debian Sarge distribution, and the connection works fine with my wireless windows XP client but I have a problem to get information into radacct table in my mysql database. Does anyone get solution for this ? Rq : I use a Dlink-DWL-2000AP+ as Acces Point Regards, Vincent - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
