Re: LDAP with fallback on local authentication?
On Fri, Apr 10, 2009 at 11:51 PM, Alan DeKok wrote: > Justin Steward wrote: > > I want to return some radius reply attributes from an SQL database, > > check the user's password against an openLDAP server > > As I said... LDAP isn't an authentication protocol. > > > (maybe a Windows > > Server running AD at some point in the future), and if possible fall > > back against a password stored in a MySQL database. (Though this > > password may not always be entirely up to date, so it's only for if the > > user either doesn't exist in the directory or the LDAP server is > > temporarily unavailable) > > Why not let FreeRADIUS do authentication, as I suggested? Have the > LDAP module pull the password from LDAP. Then, do MySQL. > > authorize { >... >ldap >if (notfound | fail) { >sql >} >... > } > > That does *exactly* what you suggested above. But the last time I > suggested that solution, you said you *also* wanted to get reply > attributes from MySQL... apparently, even for the users that were found > in LDAP. > > So which is it? > My apologies, I tend to let things slip when I send emails late at night. Yes, I need to also send reply attributes from a MySQL database. The reason for this is that the LDAP server is somewhat out of my control. I can't store values for attributes there. Again, apologies for being unclear. You've mentioned a few times that LDAP is not meant for authentication, however the default config that ships with FreeRADIUS has LDAP in the authentication section. Could you clear that up a little for me please? (or point me to somewhere it's been cleared up before?) ~Justin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-server-2.1.4 make fails
use this : http://www.howtoforge.com/how-to-create-a-freeradius-2.1.1-6-rpm-package-on-centos-5.2 for your version freeradius, I m use this. - Original Message - From: "Thor Spruyt" To: Sent: Friday, April 10, 2009 8:43 PM Subject: freeradius-server-2.1.4 make fails Hi, I'm trying to compile freeradius-server-2.1.4 on CentOS 4.6 32-bit Configure command: ./configure --prefix=/opt/freeradius-2.1.4 --with-mysql --with-postgresql --with-openldap --without-snmp --without-openssl --without-krb5 --without-vmps But make fails: /home/thor/freeradius-server-2.1.4/libtool --mode=compile gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I/home/thor/freeradius-server-2.1.4/src -DHOSTINFO=\"i686-pc-linux-gnu\" -DRADIUSD_VERSION=\"2.1.5\" -DNO_OPENSSL -c listen.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I/home/thor/freeradius-server-2.1.4/src -DHOSTINFO=\"i686-pc-linux-gnu\" -DRADIUSD_VERSION=\"2.1.5\" -DNO_OPENSSL -c listen.c -fPIC -DPIC -o .libs/listen.o listen.c: In function `client_listener_find': listen.c:126: warning: passing arg 1 of pointer to function discards qualifiers from pointer target type listen.c:206: warning: assignment discards qualifiers from pointer target type In file included from listen.c:1053: command.c: In function `command_show_client_config': command.c:845: warning: passing arg 2 of `cf_section2file' discards qualifiers from pointer target type listen.c: In function `listen_init': listen.c:1795: error: `RAD_LISTEN_VQP' undeclared (first use in this function) listen.c:1795: error: (Each undeclared identifier is reported only once listen.c:1795: error: for each function it appears in.) gmake[4]: *** [listen.lo] Error 1 gmake[4]: Leaving directory `/home/thor/freeradius-server-2.1.4/src/main' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/home/thor/freeradius-server-2.1.4/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/thor/freeradius-server-2.1.4/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/home/thor/freeradius-server-2.1.4' make: *** [all] Error 2 Any idea what's going wrong? Regards, Thor Spruyt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Challenge
Alan DeKok wrote: > Do *not* CC me on messages sent to the list. In case you hadn't > noticed, I already read the list. > > And do *not* set "return receipt requested". It's rude, and it causes > me to be biased against people who use it. > Sorry, I will watching for this in the future. > Laszlo Fekete wrote: > ... > >> But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2 >> it fails: >> > > Is there any reason you're not looking at the debugging output of the > server, as suggested in the FAQ, README, INSTALL, "man page", and daily > on this list? > > Alan DeKok. > True, sorry again! And I found the problem, I turned off proxy earlier, because read: "# The server has proxying turned on by default. If your system is NOT # set up to proxy requests to another server, then you can turn proxying # off here. This will save a small amount of resources on the server." When turned on again proxy, succeded the eap-md5 and eap--mschapv2 auth. Thank you, blackluck signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius-server-2.1.4 make fails
hi, fixed in CVS IIRC - for now, enable vmps support and it'll compile alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius-server-2.1.4 make fails
Hi, I'm trying to compile freeradius-server-2.1.4 on CentOS 4.6 32-bit Configure command: ./configure --prefix=/opt/freeradius-2.1.4 --with-mysql --with-postgresql --with-openldap --without-snmp --without-openssl --without-krb5 --without-vmps But make fails: /home/thor/freeradius-server-2.1.4/libtool --mode=compile gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I/home/thor/freeradius-server-2.1.4/src -DHOSTINFO=\"i686-pc-linux-gnu\" -DRADIUSD_VERSION=\"2.1.5\" -DNO_OPENSSL -c listen.c gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I/home/thor/freeradius-server-2.1.4/src -DHOSTINFO=\"i686-pc-linux-gnu\" -DRADIUSD_VERSION=\"2.1.5\" -DNO_OPENSSL -c listen.c -fPIC -DPIC -o .libs/listen.o listen.c: In function `client_listener_find': listen.c:126: warning: passing arg 1 of pointer to function discards qualifiers from pointer target type listen.c:206: warning: assignment discards qualifiers from pointer target type In file included from listen.c:1053: command.c: In function `command_show_client_config': command.c:845: warning: passing arg 2 of `cf_section2file' discards qualifiers from pointer target type listen.c: In function `listen_init': listen.c:1795: error: `RAD_LISTEN_VQP' undeclared (first use in this function) listen.c:1795: error: (Each undeclared identifier is reported only once listen.c:1795: error: for each function it appears in.) gmake[4]: *** [listen.lo] Error 1 gmake[4]: Leaving directory `/home/thor/freeradius-server-2.1.4/src/main' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/home/thor/freeradius-server-2.1.4/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/home/thor/freeradius-server-2.1.4/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/home/thor/freeradius-server-2.1.4' make: *** [all] Error 2 Any idea what's going wrong? Regards, Thor Spruyt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius crashes if can not connect to mysql
Hello, I noticed that..if a network error or another connection problem occurs between freeradius and mysql server, freeradius service just exits... And sure service stops automatically. Is there any way to give a timeout value or retry number for mysql in freeradius configuration that prevents freeradius to exit abnormally in that case.. Thanks.. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Challenge
Do *not* CC me on messages sent to the list. In case you hadn't noticed, I already read the list. And do *not* set "return receipt requested". It's rude, and it causes me to be biased against people who use it. Laszlo Fekete wrote: ... > But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2 > it fails: Is there any reason you're not looking at the debugging output of the server, as suggested in the FAQ, README, INSTALL, "man page", and daily on this list? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Challenge
Hi, > But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2 > it fails: PEAP works but TTLS fails - so, does your eap.conf have ttls configured? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Sending Access-Challenge
Alan DeKok wrote: > Don't use radeapclient. See my web page for instructions on setting > up EAP: > > http://deployingradius.com > I tried the eapol_test from the web page ( http://deployingradius.com/scripts/eapol_test/ ). With Eap-ttls pap/chap/ms-chap said success: RADIUS packet matching with station MS-MPPE-Send-Key (sign) - hexdump(len=32): f6 97 5f 08 83 c3 6f 4d db 4b 85 d9 9a 1b 89 b6 6a 93 3e 49 39 bc 5e 2b fc 43 4f b8 d7 35 c5 2a MS-MPPE-Recv-Key (crypt) - hexdump(len=32): 5d 56 b2 09 50 c8 ae 7d c0 b4 f3 3f e1 92 a0 6c 9b fe c6 51 b5 a9 3a d3 39 38 70 d2 76 c2 8b 73 decapsulated EAP packet (code=3 id=6 len=4) from RADIUS server: EAP Success EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Success EAP: EAP entering state SUCCESS CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully EAPOL: IEEE 802.1X for plaintext connection; no EAPOL-Key frames required WPA: EAPOL processing complete EAPOL: SUPP_PAE entering state AUTHENTICATED EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state SUCCESS EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=1 EAPOL: Successfully fetched key (len=32) PMK from EAPOL - hexdump(len=32): 5d 56 b2 09 50 c8 ae 7d c0 b4 f3 3f e1 92 a0 6c 9b fe c6 51 b5 a9 3a d3 39 38 70 d2 76 c2 8b 73 EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit ENGINE: engine deinit MPPE keys OK: 1 mismatch: 0 SUCCESS But when I try with eap-ttls eap-md5/eap-mschapv2, eap-peap eap-mschapv2 it fails: RADIUS packet matching with station decapsulated EAP packet (code=4 id=8 len=4) from RADIUS server: EAP Failure EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Failure EAP: EAP entering state FAILURE CTRL-EVENT-EAP-FAILURE EAP authentication failed EAPOL: SUPP_PAE entering state HELD EAPOL: SUPP_BE entering state RECEIVE EAPOL: SUPP_BE entering state FAIL EAPOL: SUPP_BE entering state IDLE eapol_sm_cb: success=0 EAPOL: EAP key not available EAP: deinitialize previously used EAP method (25, PEAP) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE If need I put the whole output, or if its easier pls tell where should I search the problem? Thank you: blackluck signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP with fallback on local authentication?
Justin Steward wrote: > I want to return some radius reply attributes from an SQL database, > check the user's password against an openLDAP server As I said... LDAP isn't an authentication protocol. > (maybe a Windows > Server running AD at some point in the future), and if possible fall > back against a password stored in a MySQL database. (Though this > password may not always be entirely up to date, so it's only for if the > user either doesn't exist in the directory or the LDAP server is > temporarily unavailable) Why not let FreeRADIUS do authentication, as I suggested? Have the LDAP module pull the password from LDAP. Then, do MySQL. authorize { ... ldap if (notfound | fail) { sql } ... } That does *exactly* what you suggested above. But the last time I suggested that solution, you said you *also* wanted to get reply attributes from MySQL... apparently, even for the users that were found in LDAP. So which is it? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied set this: [r...@bill ~]# ls -ltr /var/run/radiusd total 4 srw-rw 1 rootradiusd 0 Apr 10 17:26 radiusd.sock -rw-r--r-- 1 radiusd radiusd 6 Apr 10 17:26 radiusd.pid in your file /usr/local/fnmt/var/run/radiusd/radiusd.pid Log file created? - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 4:37 PM Subject: Re: Freeradius server not starting! now its giving like this... [r...@localhost init.d]# /usr/local/fnmt/etc/init.d/radiusd start Starting FreeRADIUS:Fri Apr 10 07:15:32 2009 : Info: Starting - reading configuration files ... radiusd # ps -eaf|grep radiusd root 4412 31100 0 07:15 pts/000:00:00 grep radius No pid created. Why? want is going wrong? 2009/4/10 Волошин Вячеслав [r...@bill etc]# [r...@bill radius]# ls -ltr total 12 drwxr-xr-x 3 radiusd radiusd 4096 Mar 19 16:41 radacct -rw-r- 1 radiusd radiusd 111 Apr 10 15:37 radius.log set this. - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 4:08 PM Subject: Re: Freeradius server not starting! [r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius total 16 drwx-- 2 root root 4096 Apr 28 2007 radacct -rwxr-xr-x 1 root root 8298 Apr 10 06:43 radius.log 2009/4/10 Волошин Вячеслав set pach /usr/local/fnmt/var/log/radius/ group owner "radiusd", and give write and read access for group. check this into user "radiusd". - Original Message - From: Волошин Вячеслав To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:31 PM Subject: Re: Freeradius server not starting! Hmm, what the linux u use? or u use Sun OS? pach /usr/local/fnmt/var/log/radius/radius.log is non-standard, this directory exist? Can u create file in? - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:25 PM Subject: Re: Freeradius server not starting! Already it's in disable state. [r...@localhost raddb]# more /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted 2009/4/10 Волошин Вячеслав Disable SELinux. - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:14 PM Subject: Freeradius server not starting! [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading configuration files ... radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #0) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #1) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #2) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #3) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (r
Re: Freeradius server not starting!
Now i have given the permissions to radiusd directory (usr/local/fnmt/var/run/ > > radiusd/) It's working fine. Thank you all. Regards, Ramesh. On Fri, Apr 10, 2009 at 6:40 PM, wrote: > Hi, > > now its giving like this... > > > > [r...@localhost init.d]# /usr/local/fnmt/etc/init.d/radiusd start > > Starting FreeRADIUS:Fri Apr 10 07:15:32 2009 : Info: Starting - reading > > configuration files ... > > radiusd > > > > # ps -eaf|grep radiusd > > root 4412 31100 0 07:15 pts/000:00:00 grep radius > > > > No pid created. > > > > Why? want is going wrong? > > because of the _other_ error that was in your previous messages: > > (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: > Permission denied) > > make sure that you have a /usr/local/fnmt/var/run/radiusd directory > and that it is writable etc by the 'radiusd' user > > alan > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
Hi, > now its giving like this... > > [r...@localhost init.d]# /usr/local/fnmt/etc/init.d/radiusd start > Starting FreeRADIUS:Fri Apr 10 07:15:32 2009 : Info: Starting - reading > configuration files ... > radiusd > > # ps -eaf|grep radiusd > root 4412 31100 0 07:15 pts/000:00:00 grep radius > > No pid created. > > Why? want is going wrong? because of the _other_ error that was in your previous messages: (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied) make sure that you have a /usr/local/fnmt/var/run/radiusd directory and that it is writable etc by the 'radiusd' user alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
now its giving like this... [r...@localhost init.d]# /usr/local/fnmt/etc/init.d/radiusd start Starting FreeRADIUS:Fri Apr 10 07:15:32 2009 : Info: Starting - reading configuration files ... radiusd # ps -eaf|grep radiusd root 4412 31100 0 07:15 pts/000:00:00 grep radius No pid created. Why? want is going wrong? 2009/4/10 Волошин Вячеслав > [r...@bill etc]# [r...@bill radius]# ls -ltr > total 12 > drwxr-xr-x 3 radiusd radiusd 4096 Mar 19 16:41 radacct > -rw-r- 1 radiusd radiusd 111 Apr 10 15:37 radius.log > set this. > > > - Original Message - > *From:* ramesh p > *To:* FreeRadius users mailing list > *Sent:* Friday, April 10, 2009 4:08 PM > *Subject:* Re: Freeradius server not starting! > > [r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius > total 16 > drwx-- 2 root root 4096 Apr 28 2007 radacct > -rwxr-xr-x 1 root root 8298 Apr 10 06:43 radius.log > > > 2009/4/10 Волошин Вячеслав > >> set pach /usr/local/fnmt/var/log/radius/ group owner "radiusd", and give >> write and read access for group. check this into user "radiusd". >> >> >> - Original Message - >> *From:* Волошин Вячеслав >> *To:* FreeRadius users mailing list >> *Sent:* Friday, April 10, 2009 3:31 PM >> *Subject:* Re: Freeradius server not starting! >> >> Hmm, what the linux u use? or u use Sun OS? >> pach /usr/local/fnmt/var/log/radius/radius.log is non-standard, this >> directory exist? Can u create file in? >> >> - Original Message - >> *From:* ramesh p >> *To:* FreeRadius users mailing list >> *Sent:* Friday, April 10, 2009 3:25 PM >> *Subject:* Re: Freeradius server not starting! >> >> Already it's in disable state. >> [r...@localhost raddb]# more /etc/sysconfig/selinux >> # This file controls the state of SELinux on the system. >> # SELINUX= can take one of these three values: >> # enforcing - SELinux security policy is enforced. >> # permissive - SELinux prints warnings instead of enforcing. >> # disabled - SELinux is fully disabled. >> SELINUX=disabled >> # SELINUXTYPE= type of policy in use. Possible values are: >> # targeted - Only targeted network daemons are protected. >> # strict - Full SELinux protection. >> SELINUXTYPE=targeted >> >> >> 2009/4/10 Волошин Вячеслав >> >>> Disable SELinux. >>> >>> - Original Message - >>> *From:* ramesh p >>> *To:* FreeRadius users mailing list >>> *Sent:* Friday, April 10, 2009 3:14 PM >>> *Subject:* Freeradius server not starting! >>> >>> [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start >>> Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading >>> configuration files ... >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and >>> linked) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #0) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #1) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #2) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #3) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #4) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: >>> Permission denied >>> ) >>> radiusd >>> Please suggest me. >>> >>> Regards, >>> Ramesh. >>> >>> -- >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> -- >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> -- >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > -- > > - > List info/subscribe/unsub
Re: Sending Access-Challenge
Laszlo Fekete wrote: > So I want a radius server to wifi auth with eap-ttls/peap, ldap and not > plain-text passwords. I downloaded 2.1.4 source and create debian > package without modification, do some basic configuration and testing, > radtest from local is fine, but radeapclient eap-md5 testing fail. Don't use radeapclient. See my web page for instructions on setting up EAP: http://deployingradius.com Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
[r...@bill etc]# [r...@bill radius]# ls -ltr total 12 drwxr-xr-x 3 radiusd radiusd 4096 Mar 19 16:41 radacct -rw-r- 1 radiusd radiusd 111 Apr 10 15:37 radius.log set this. - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 4:08 PM Subject: Re: Freeradius server not starting! [r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius total 16 drwx-- 2 root root 4096 Apr 28 2007 radacct -rwxr-xr-x 1 root root 8298 Apr 10 06:43 radius.log 2009/4/10 Волошин Вячеслав set pach /usr/local/fnmt/var/log/radius/ group owner "radiusd", and give write and read access for group. check this into user "radiusd". - Original Message - From: Волошин Вячеслав To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:31 PM Subject: Re: Freeradius server not starting! Hmm, what the linux u use? or u use Sun OS? pach /usr/local/fnmt/var/log/radius/radius.log is non-standard, this directory exist? Can u create file in? - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:25 PM Subject: Re: Freeradius server not starting! Already it's in disable state. [r...@localhost raddb]# more /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted 2009/4/10 Волошин Вячеслав Disable SELinux. - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:14 PM Subject: Freeradius server not starting! [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading configuration files ... radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #0) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #1) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #2) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #3) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #4) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied ) radiusd Please suggest me. Regards, Ramesh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -
Re: Freeradius server not starting!
ls -ltr /usr/local/fnmt/var/log/ drwxr-xr-x 3 nobody root 4096 Jun 15 2007 radius Thanks, Ramesh. 2009/4/10 ramesh p > [r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius > total 16 > drwx-- 2 root root 4096 Apr 28 2007 radacct > -rwxr-xr-x 1 root root 8298 Apr 10 06:43 radius.log > > > > 2009/4/10 Волошин Вячеслав > >> set pach /usr/local/fnmt/var/log/radius/ group owner "radiusd", and give >> write and read access for group. check this into user "radiusd". >> >> >> - Original Message - >> *From:* Волошин Вячеслав >> *To:* FreeRadius users mailing list >> *Sent:* Friday, April 10, 2009 3:31 PM >> *Subject:* Re: Freeradius server not starting! >> >> Hmm, what the linux u use? or u use Sun OS? >> pach /usr/local/fnmt/var/log/radius/radius.log is non-standard, this >> directory exist? Can u create file in? >> >> - Original Message - >> *From:* ramesh p >> *To:* FreeRadius users mailing list >> *Sent:* Friday, April 10, 2009 3:25 PM >> *Subject:* Re: Freeradius server not starting! >> >> Already it's in disable state. >> [r...@localhost raddb]# more /etc/sysconfig/selinux >> # This file controls the state of SELinux on the system. >> # SELINUX= can take one of these three values: >> # enforcing - SELinux security policy is enforced. >> # permissive - SELinux prints warnings instead of enforcing. >> # disabled - SELinux is fully disabled. >> SELINUX=disabled >> # SELINUXTYPE= type of policy in use. Possible values are: >> # targeted - Only targeted network daemons are protected. >> # strict - Full SELinux protection. >> SELINUXTYPE=targeted >> >> >> 2009/4/10 Волошин Вячеслав >> >>> Disable SELinux. >>> >>> - Original Message - >>> *From:* ramesh p >>> *To:* FreeRadius users mailing list >>> *Sent:* Friday, April 10, 2009 3:14 PM >>> *Subject:* Freeradius server not starting! >>> >>> [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start >>> Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading >>> configuration files ... >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and >>> linked) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #0) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #1) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #2) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #3) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (rlm_sql_mysql: Starting connect to MySQL server for #4) >>> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >>> logging: Permission denied >>> (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: >>> Permission denied >>> ) >>> radiusd >>> Please suggest me. >>> >>> Regards, >>> Ramesh. >>> >>> -- >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >>> >>> - >>> List info/subscribe/unsubscribe? See >>> http://www.freeradius.org/list/users.html >>> >> >> -- >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> -- >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
[r...@localhost data]# ls -ltr /usr/local/fnmt/var/log/radius total 16 drwx-- 2 root root 4096 Apr 28 2007 radacct -rwxr-xr-x 1 root root 8298 Apr 10 06:43 radius.log 2009/4/10 Волошин Вячеслав > set pach /usr/local/fnmt/var/log/radius/ group owner "radiusd", and give > write and read access for group. check this into user "radiusd". > > > - Original Message - > *From:* Волошин Вячеслав > *To:* FreeRadius users mailing list > *Sent:* Friday, April 10, 2009 3:31 PM > *Subject:* Re: Freeradius server not starting! > > Hmm, what the linux u use? or u use Sun OS? > pach /usr/local/fnmt/var/log/radius/radius.log is non-standard, this > directory exist? Can u create file in? > > - Original Message - > *From:* ramesh p > *To:* FreeRadius users mailing list > *Sent:* Friday, April 10, 2009 3:25 PM > *Subject:* Re: Freeradius server not starting! > > Already it's in disable state. > [r...@localhost raddb]# more /etc/sysconfig/selinux > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - SELinux is fully disabled. > SELINUX=disabled > # SELINUXTYPE= type of policy in use. Possible values are: > # targeted - Only targeted network daemons are protected. > # strict - Full SELinux protection. > SELINUXTYPE=targeted > > > 2009/4/10 Волошин Вячеслав > >> Disable SELinux. >> >> - Original Message - >> *From:* ramesh p >> *To:* FreeRadius users mailing list >> *Sent:* Friday, April 10, 2009 3:14 PM >> *Subject:* Freeradius server not starting! >> >> [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start >> Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading >> configuration files ... >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and >> linked) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #0) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #1) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #2) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #3) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #4) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: >> Permission denied >> ) >> radiusd >> Please suggest me. >> >> Regards, >> Ramesh. >> >> -- >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > -- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP with fallback on local authentication?
On Fri, Apr 10, 2009 at 7:32 PM, Alan DeKok wrote: > Justin Steward wrote: > > Thanks for the reply. Since SQL modules can't go in authenticate, this > > would have to be in authorize, yes? How then, would I get the reply > > attributes out of the SQL database? Or am I misunderstanding something? > > Maybe you could describe exactly what you want to do. > I want to return some radius reply attributes from an SQL database, check the user's password against an openLDAP server (maybe a Windows Server running AD at some point in the future), and if possible fall back against a password stored in a MySQL database. (Though this password may not always be entirely up to date, so it's only for if the user either doesn't exist in the directory or the LDAP server is temporarily unavailable) ~Justin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
set pach /usr/local/fnmt/var/log/radius/ group owner "radiusd", and give write and read access for group. check this into user "radiusd". - Original Message - From: Волошин Вячеслав To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:31 PM Subject: Re: Freeradius server not starting! Hmm, what the linux u use? or u use Sun OS? pach /usr/local/fnmt/var/log/radius/radius.log is non-standard, this directory exist? Can u create file in? - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:25 PM Subject: Re: Freeradius server not starting! Already it's in disable state. [r...@localhost raddb]# more /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted 2009/4/10 Волошин Вячеслав Disable SELinux. - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:14 PM Subject: Freeradius server not starting! [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading configuration files ... radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #0) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #1) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #2) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #3) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #4) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied ) radiusd Please suggest me. Regards, Ramesh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
Linux localhost.localdomain 2.6.9-42.ELsmp #1 i686 i686 i386 GNU/Linux The file(/usr/local/fnmt/var/log/radius/radius.log) exists. 2009/4/10 Волошин Вячеслав > Hmm, what the linux u use? or u use Sun OS? > pach /usr/local/fnmt/var/log/radius/radius.log is non-standard, this > directory exist? Can u create file in? > > - Original Message - > *From:* ramesh p > *To:* FreeRadius users mailing list > *Sent:* Friday, April 10, 2009 3:25 PM > *Subject:* Re: Freeradius server not starting! > > Already it's in disable state. > [r...@localhost raddb]# more /etc/sysconfig/selinux > # This file controls the state of SELinux on the system. > # SELINUX= can take one of these three values: > # enforcing - SELinux security policy is enforced. > # permissive - SELinux prints warnings instead of enforcing. > # disabled - SELinux is fully disabled. > SELINUX=disabled > # SELINUXTYPE= type of policy in use. Possible values are: > # targeted - Only targeted network daemons are protected. > # strict - Full SELinux protection. > SELINUXTYPE=targeted > > > 2009/4/10 Волошин Вячеслав > >> Disable SELinux. >> >> - Original Message - >> *From:* ramesh p >> *To:* FreeRadius users mailing list >> *Sent:* Friday, April 10, 2009 3:14 PM >> *Subject:* Freeradius server not starting! >> >> [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start >> Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading >> configuration files ... >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and >> linked) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #0) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #1) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #2) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #3) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (rlm_sql_mysql: Starting connect to MySQL server for #4) >> radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for >> logging: Permission denied >> (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: >> Permission denied >> ) >> radiusd >> Please suggest me. >> >> Regards, >> Ramesh. >> >> -- >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > -- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
Hmm, what the linux u use? or u use Sun OS? pach /usr/local/fnmt/var/log/radius/radius.log is non-standard, this directory exist? Can u create file in? - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:25 PM Subject: Re: Freeradius server not starting! Already it's in disable state. [r...@localhost raddb]# more /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted 2009/4/10 Волошин Вячеслав Disable SELinux. - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:14 PM Subject: Freeradius server not starting! [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading configuration files ... radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #0) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #1) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #2) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #3) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #4) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied ) radiusd Please suggest me. Regards, Ramesh. -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
Already it's in disable state. [r...@localhost raddb]# more /etc/sysconfig/selinux # This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled # SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted 2009/4/10 Волошин Вячеслав > Disable SELinux. > > - Original Message - > *From:* ramesh p > *To:* FreeRadius users mailing list > *Sent:* Friday, April 10, 2009 3:14 PM > *Subject:* Freeradius server not starting! > > [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start > Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading > configuration files ... > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and > linked) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #0) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #1) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #2) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #3) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #4) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: > Permission denied > ) > radiusd > Please suggest me. > > Regards, > Ramesh. > > -- > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
Disable SELinux. - Original Message - From: ramesh p To: FreeRadius users mailing list Sent: Friday, April 10, 2009 3:14 PM Subject: Freeradius server not starting! [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading configuration files ... radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #0) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #1) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #2) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #3) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #4) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied ) radiusd Please suggest me. Regards, Ramesh. -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius server not starting!
I'm using radius version 1.1.6 On Fri, Apr 10, 2009 at 4:44 PM, ramesh p wrote: > [r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start > Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading > configuration files ... > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and > linked) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #0) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #1) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #2) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #3) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (rlm_sql_mysql: Starting connect to MySQL server for #4) > radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for > logging: Permission denied > (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: > Permission denied > ) > radiusd > Please suggest me. > > Regards, > Ramesh. > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius server not starting!
[r...@localhost log]# /usr/local/fnmt/etc/init.d/radiusd start Starting FreeRADIUS:Fri Apr 10 05:52:13 2009 : Info: Starting - reading configuration files ... radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_exec: Wait=yes but no output defined. Did you mean output=none?) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql (sql): Attempting to connect to rad...@localhost:/LWT) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #0) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #1) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #2) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #3) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (rlm_sql_mysql: Starting connect to MySQL server for #4) radiusd: Couldn't open /usr/local/fnmt/var/log/radius/radius.log for logging: Permission denied (Failed creating PID file /usr/local/fnmt/var/run/radiusd/radiusd.pid: Permission denied ) radiusd Please suggest me. Regards, Ramesh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Sending Access-Challenge
Hello! I'm new to this list and don't found archive or something where maybe somebody answered my question. So I want a radius server to wifi auth with eap-ttls/peap, ldap and not plain-text passwords. I downloaded 2.1.4 source and create debian package without modification, do some basic configuration and testing, radtest from local is fine, but radeapclient eap-md5 testing fail. I saw this on server side: rad_recv: Access-Request packet from host 127.0.0.1 port 52650, id=76, length=69 User-Name = "steve" NAS-IP-Address = 127.0.0.1 Message-Authenticator = 0xafa8ae1b1aaa6fb0a6cbd0719b507e94 NAS-Port = 0 EAP-Message = 0x02d2000a017374657665 +- entering group authorize {...} ++[preprocess] returns ok [suffix] No '@' in User-Name = "steve", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] EAP packet type response id 210 length 10 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated [files] users: Matched entry steve at line 206 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop [pap] Found existing Auth-Type, not changing it. ++[pap] returns noop Found Auth-Type = EAP +- entering group authenticate {...} [eap] EAP Identity [eap] processing type md5 rlm_eap_md5: Issuing Challenge ++[eap] returns handled Sending Access-Challenge of id 76 to 127.0.0.1 port 52650 Service-Type = Framed-User Framed-Protocol = SLIP Framed-IP-Address = 192.20.126.200 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Framed-Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83 Message-Authenticator = 0x State = 0xae48086bae9b0cd33d7dacc7cd15f18d Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 76 with timestamp +94 Ready to process requests. And this on client side (local): # radeapclient -s -X localhost auth testing123 About to send encoded packet: User-Name = "steve" Cleartext-Password = "testing" NAS-IP-Address = 127.0.0.1 EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = "steve" Message-Authenticator = 0x30 NAS-Port = 0 Received response ID 76, code 11, length = 131 Service-Type = Framed-User Framed-Protocol = SLIP Framed-IP-Address = 192.20.126.200 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83 Message-Authenticator = 0xe65c832fea00201e76a340cc0e38cf37 State = 0xae48086bae9b0cd33d7dacc7cd15f18d <+++ EAP decoded packet: Service-Type = Framed-User Framed-Protocol = SLIP Framed-IP-Address = 192.20.126.200 Framed-IP-Netmask = 255.255.255.0 Framed-Routing = Broadcast-Listen Filter-Id = "std.ppp" Framed-MTU = 1500 Framed-Compression = Van-Jacobson-TCP-IP EAP-Message = 0x01d300160410b7703d97cfb88bff2835ec9a9aedde83 Message-Authenticator = 0xe65c832fea00201e76a340cc0e38cf37 State = 0xae48086bae9b0cd33d7dacc7cd15f18d EAP-Id = 211 EAP-Code = Request EAP-Type-MD5 = 0x10b7703d97cfb88bff2835ec9a9aedde83 +++> About to send encoded packet: User-Name = "steve" Cleartext-Password = "testing" NAS-IP-Address = 127.0.0.1 EAP-Code = Response EAP-Id = 211 Message-Authenticator = 0x NAS-Port = 0 EAP-Type-MD5 = 0x106e2008d8fc099a16335131c045fc6df6 State = 0xae48086bae9b0cd33d7dacc7cd15f18d ^C # cat re.txt User-Name = "steve" Cleartext-Password = "testing" NAS-IP-Address = 127.0.0.1 EAP-Code = Response EAP-Id = 210 EAP-Type-Identity = "steve" Message-Authenticator = 0 NAS-Port = 0 What's wrong with the configuration? Thank you: blackluck signature.asc Description: OpenPGP digital signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: LDAP with fallback on local authentication?
Justin Steward wrote: > Thanks for the reply. Since SQL modules can't go in authenticate, this > would have to be in authorize, yes? How then, would I get the reply > attributes out of the SQL database? Or am I misunderstanding something? Maybe you could describe exactly what you want to do. > I currently have sql in authorize, the users have Auth-Type = LDAP, and > ldap is in the authenticate section. This is authenticating users > against LDAP, and getting the reply attributes from the SQL database. LDAP is not an authentication protocol. I suggest using LDAP servers as a database, if possible. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Trouble with Robust Proxy Accounting
JDL wrote: > In FreeRADIUS 2.x, the radrelay functions have been built into radiusd. That's the intention. > However, I seem to be having problems with data loss. Everything works > fine when the remote accounting server is up. However, when it goes > down, here is what I am seeing. ... > 4) Here is where is gets confusing. It almost seems like radiusd goes > into some sort of loop. After a short period (less than a minute), all > of the files are deleted from the "listen" directory and radiusd goes > into a hyper polling mode (see the bottom of the attached debug file). > This is very different from the normal polling mode which occurs at > appoximatly 1 second intervals. There have been other reports of the same thing. Unfortunately, I've been unable to reproduce this locally. That makes it difficult to find the issue, and to fix it. > All this does not seem to crash the server, however, the accounting data > does appear to be lost which is my greatest concern in this e-mail. > > If anyone sees any problems with my configuration or needs any further > information, please let me know. I am currently using FreeRADIUS 2.1.4. I'll do some more tests before I release the next version of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html