Log the IP client after a successful login
Hi, Is it possible lo to log the IP address of the client after a successfull auth/login? Something like that: Tue Jul 5 17:18:46 2011 : Auth: Login OK: [elo...@irta.es/via Auth-Type = EAP] (from client WLC_SSCC port 1 cli B8-C7-5D-E4-A3-6B) *$IPADDRESS* Thanks in advance. -- View this message in context: http://freeradius.1045715.n5.nabble.com/Log-the-IP-client-after-a-successful-login-tp4556157p4556157.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IIS authentication with FREERADIUS !
The 'client' refuses to use Linux to share there media ftp server because of some of there own reasons. They insist to stick on IIS. So again I am asking for help , is there any way IIS can get authentication from freeradius server. there is a utility called RADIIS which does the job, but its expensive (400$) . any other workaround ? Regards, SYED JAHANZAIB Date: Mon, 4 Jul 2011 09:14:40 +0100 From: a.l.m.bu...@lboro.ac.uk To: freeradius-users@lists.freeradius.org Subject: Re: IIS authentication with FREERADIUS ! Hi, Personally I'd just dump IIS and use something like linux+proftpd instead: http://www.proftpd.org/docs/contrib/mod_radius.html I was going to say the same thing - use the Linux/BSD box with FTP as the access layer - no trouble with the RADIUS integration then alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 2.1.10 with Oracle support under Fedora 14
Hi all, As I said, here is the step by step when using Oracle Instant Client 11 : 1. Decompress the tar file. 2. In src/modules/rlm_sql/drivers/rlm_sql_oracle : 2.1. Do autoconf 2.2 .and then ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/lib/oracle/11.2/client64 2.3. then make and you should have a .libs directory with a file rlm_sql_oracle-2.1.11.so 3. cp .libs/ rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/ 4. ln -s /usr/lib64/freeradius/rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/rlm_sql_oracle.so http://rlm_sql_oracle-2.1.11.so/ 5.1 in /etc/raddb cnfigure sql.conf 5.2 radiusd.conf(uncomment $INCLUDE sql.conf) 5.3 site-available/default uncomment linewith sql in the wanted section 5.4 from the decopressed archive cp -r raddb/sql/oracle /etc/raddb/sql/ 6. Be sure that environnement variables for the user who launch radiusd to have export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib and export ORACLE_HOME=/usr/include/oracle/11.2/client64 6.1 if not put it in the /etc/init.d/radiusd file 7. Launch freeradius (radiusd -X for debug and if ok service radiusd start) Hope this will help other people and at least to correct the bug of the 2.1.11 release installation procedure. Thanks all 2011/7/6 Fajar A. Nugraha l...@fajar.net On Tue, Jul 5, 2011 at 10:02 PM, Aurélien Lafranchise aurelien_lafranch...@snype.org wrote: I putted rlm_sql_oracle-2.1.11.so in /usr/lib64/freeradius/ and create the symbolic link on /usr/lib64/freeradius/rlm_sql_oracle.so but : Could not link driver rlm_sql_oracle: file not found Make sure it (and all its dependent libraries!) are in the search path of your system's ld. /etc/raddb/sql.conf[22]: Instantiation failed for module sql /etc/raddb/sites-enabled/default[393]: Failed to load module sql. /etc/raddb/sites-enabled/default[360]: Errors parsing accounting section. Could it be because I compile a 2.1.11 version and putted the rlm_sql_oracle-2.1.11.so on a 2.1.10 ? That's why I said earlier it's better to rebuild the RPM with modified SPEC file. One of the reasons was to avoid version and location mess. John posted an additional link earlier with more useful information. If you want to mix RPM and self-compiled module, better use it from the same version, as there might be some incompatible changes between versions. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 2.1.10 with Oracle support under Fedora 14
Why don't you add it to the wiki ;) -Arran On Jul 6, 2011, at 10:59 AM, Aurélien Lafranchise wrote: Hi all, As I said, here is the step by step when using Oracle Instant Client 11 : 1. Decompress the tar file. 2. In src/modules/rlm_sql/drivers/rlm_sql_oracle : 2.1. Do autoconf 2.2 .and then ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/lib/oracle/11.2/client64 2.3. then make and you should have a .libs directory with a file rlm_sql_oracle-2.1.11.so 3. cp .libs/ rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/ 4. ln -s /usr/lib64/freeradius/rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/rlm_sql_oracle.so 5.1 in /etc/raddb cnfigure sql.conf 5.2 radiusd.conf(uncomment $INCLUDE sql.conf) 5.3 site-available/default uncomment linewith sql in the wanted section 5.4 from the decopressed archive cp -r raddb/sql/oracle /etc/raddb/sql/ 6. Be sure that environnement variables for the user who launch radiusd to have export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib and export ORACLE_HOME=/usr/include/oracle/11.2/client64 6.1 if not put it in the /etc/init.d/radiusd file 7. Launch freeradius (radiusd -X for debug and if ok service radiusd start) Hope this will help other people and at least to correct the bug of the 2.1.11 release installation procedure. Thanks all 2011/7/6 Fajar A. Nugraha l...@fajar.net On Tue, Jul 5, 2011 at 10:02 PM, Aurélien Lafranchise aurelien_lafranch...@snype.org wrote: I putted rlm_sql_oracle-2.1.11.so in /usr/lib64/freeradius/ and create the symbolic link on /usr/lib64/freeradius/rlm_sql_oracle.so but : Could not link driver rlm_sql_oracle: file not found Make sure it (and all its dependent libraries!) are in the search path of your system's ld. /etc/raddb/sql.conf[22]: Instantiation failed for module sql /etc/raddb/sites-enabled/default[393]: Failed to load module sql. /etc/raddb/sites-enabled/default[360]: Errors parsing accounting section. Could it be because I compile a 2.1.11 version and putted the rlm_sql_oracle-2.1.11.so on a 2.1.10 ? That's why I said earlier it's better to rebuild the RPM with modified SPEC file. One of the reasons was to avoid version and location mess. John posted an additional link earlier with more useful information. If you want to mix RPM and self-compiled module, better use it from the same version, as there might be some incompatible changes between versions. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IIS authentication with FREERADIUS !
On Wed, Jul 6, 2011 at 3:56 PM, JAHANZAIB SYED aaca...@hotmail.com wrote: The 'client' refuses to use Linux to share there media ftp server because of some of there own reasons. They insist to stick on IIS. So again I am asking for help , is there any way IIS can get authentication from freeradius server. there is a utility called RADIIS which does the job, but its expensive (400$) . any other workaround ? You're missing the point. This is freeradius list, not microsoft/IIS list. If IIS can use radius protocol (with any radius server) for authentication, then you should be able to integrate it with freeradius. If it uses some custom specific radius attribute, then maybe we'll be able to help you to add that custom attribute to the dictionary. But the problem is you're asking whether IIS supports radius. I don't know. I don't use IIS. And judging from the (lack of) response you get, nobody on this list knows (or care) either. So again, my suggestion is ask microsoft or IIS list -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IIS authentication with FREERADIUS !
I have asked several times on MS IIS forums as well as with some Microsoft experts, but no one seems to know about this. So finally I guess I have to drop this idea of IIS integration with free-radius and move on to some other methods, including using Linux or moving ftp behind MT DMZ. Thanks for the help :) Date: Wed, 6 Jul 2011 02:20:11 -0700 From: ml-node+4556268-1289557026-226...@n5.nabble.com To: aaca...@hotmail.com Subject: Re: IIS authentication with FREERADIUS ! On Wed, Jul 6, 2011 at 3:56 PM, JAHANZAIB SYED [hidden email] wrote: The 'client' refuses to use Linux to share there media ftp server because of some of there own reasons. They insist to stick on IIS. So again I am asking for help , is there any way IIS can get authentication from freeradius server. there is a utility called RADIIS which does the job, but its expensive (400$) . any other workaround ? You're missing the point. This is freeradius list, not microsoft/IIS list. If IIS can use radius protocol (with any radius server) for authentication, then you should be able to integrate it with freeradius. If it uses some custom specific radius attribute, then maybe we'll be able to help you to add that custom attribute to the dictionary. But the problem is you're asking whether IIS supports radius. I don't know. I don't use IIS. And judging from the (lack of) response you get, nobody on this list knows (or care) either. So again, my suggestion is ask microsoft or IIS list -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/IIS-authentication-with-FREERADIUS-tp4549165p4556268.html To unsubscribe from IIS authentication with FREERADIUS !, click here. -- View this message in context: http://freeradius.1045715.n5.nabble.com/IIS-authentication-with-FREERADIUS-tp4549165p4556281.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 2.1.10 with Oracle support under Fedora 14
I am a newbie to FreeRadius, I prefer some kind of validation/authorization before. 2011/7/6 Arran Cudbard-Bell a.cudba...@freeradius.org Why don't you add it to the wiki ;) -Arran On Jul 6, 2011, at 10:59 AM, Aurélien Lafranchise wrote: Hi all, As I said, here is the step by step when using Oracle Instant Client 11 : 1. Decompress the tar file. 2. In src/modules/rlm_sql/drivers/rlm_sql_oracle : 2.1. Do autoconf 2.2 .and then ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/lib/oracle/11.2/client64 2.3. then make and you should have a .libs directory with a file rlm_sql_oracle-2.1.11.so 3. cp .libs/ rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/ 4. ln -s /usr/lib64/freeradius/rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/rlm_sql_oracle.so http://rlm_sql_oracle-2.1.11.so/ 5.1 in /etc/raddb cnfigure sql.conf 5.2 radiusd.conf(uncomment $INCLUDE sql.conf) 5.3 site-available/default uncomment linewith sql in the wanted section 5.4 from the decopressed archive cp -r raddb/sql/oracle /etc/raddb/sql/ 6. Be sure that environnement variables for the user who launch radiusd to have export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib and export ORACLE_HOME=/usr/include/oracle/11.2/client64 6.1 if not put it in the /etc/init.d/radiusd file 7. Launch freeradius (radiusd -X for debug and if ok service radiusd start) Hope this will help other people and at least to correct the bug of the 2.1.11 release installation procedure. Thanks all 2011/7/6 Fajar A. Nugraha l...@fajar.net On Tue, Jul 5, 2011 at 10:02 PM, Aurélien Lafranchise aurelien_lafranch...@snype.org wrote: I putted rlm_sql_oracle-2.1.11.so in /usr/lib64/freeradius/ and create the symbolic link on /usr/lib64/freeradius/rlm_sql_oracle.so but : Could not link driver rlm_sql_oracle: file not found Make sure it (and all its dependent libraries!) are in the search path of your system's ld. /etc/raddb/sql.conf[22]: Instantiation failed for module sql /etc/raddb/sites-enabled/default[393]: Failed to load module sql. /etc/raddb/sites-enabled/default[360]: Errors parsing accounting section. Could it be because I compile a 2.1.11 version and putted the rlm_sql_oracle-2.1.11.so on a 2.1.10 ? That's why I said earlier it's better to rebuild the RPM with modified SPEC file. One of the reasons was to avoid version and location mess. John posted an additional link earlier with more useful information. If you want to mix RPM and self-compiled module, better use it from the same version, as there might be some incompatible changes between versions. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 2.1.10 with Oracle support under Fedora 14
On Wed, Jul 6, 2011 at 4:39 PM, Aurélien Lafranchise aurelien_lafranch...@snype.org wrote: I am a newbie to FreeRadius, I prefer some kind of validation/authorization before. Wiki is basically a collaborative tool. I agree with Arran, just add it to the wiki. If someone else finds a wrong info somewhere, or finds that some workarounds are no longer needed, they can always edit your post later. -- Fajar 2011/7/6 Arran Cudbard-Bell a.cudba...@freeradius.org Why don't you add it to the wiki ;) -Arran On Jul 6, 2011, at 10:59 AM, Aurélien Lafranchise wrote: Hi all, As I said, here is the step by step when using Oracle Instant Client 11 : 1. Decompress the tar file. 2. In src/modules/rlm_sql/drivers/rlm_sql_oracle : 2.1. Do autoconf 2.2 .and then ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/lib/oracle/11.2/client64 2.3. then make and you should have a .libs directory with a file rlm_sql_oracle-2.1.11.so 3. cp .libs/ rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/ 4. ln -s /usr/lib64/freeradius/rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/rlm_sql_oracle.so 5.1 in /etc/raddb cnfigure sql.conf 5.2 radiusd.conf(uncomment $INCLUDE sql.conf) 5.3 site-available/default uncomment linewith sql in the wanted section 5.4 from the decopressed archive cp -r raddb/sql/oracle /etc/raddb/sql/ 6. Be sure that environnement variables for the user who launch radiusd to have export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib and export ORACLE_HOME=/usr/include/oracle/11.2/client64 6.1 if not put it in the /etc/init.d/radiusd file 7. Launch freeradius (radiusd -X for debug and if ok service radiusd start) Hope this will help other people and at least to correct the bug of the 2.1.11 release installation procedure. Thanks all - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius 2.0.5 simple configuration fail
Hi everyone, I'm currently trying to set a Freeradius 2.0.5 on a synology NAS which I installed via ipkg. I would like to authenticate the wifi users throught a netgear WG103 '802.1x enabled'. So i've just modified the users file to add a 'rad' user : rad Cleartext-Password := rad And added in clients.conf : client 10.1.1.16 { secret = ap_pass shortname = ap } I configured the ap according to these settings. Everything works fine when using radtest, but when trying to authenticate with the ap, i get the debug output that I put in attached file. I suppose the problem comes from : auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. I search the Internet a whole day to fix this error without making the radius working... Do you have any idea ? thanks debug Description: Binary data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Log the IP client after a successful login
Hi, Is it possible lo to log the IP address of the client after a successfull auth/login? Something like that: Tue Jul 5 17:18:46 2011 : Auth: Login OK: [elo...@irta.es/via Auth-Type = EAP] (from client WLC_SSCC port 1 cli B8-C7-5D-E4-A3-6B) *$IPADDRESS* Login has worked - so 802.1X is overand the client is then put onto the WAN/LAN to then get DHCP - so how propose putting the IP address into the Login okay message? or is this for PPP where the FreeRADIUS could assign the IP address? if DHCP etc then you need to tie the DHCPACK to the MAC in your RADIUS info - accounting packets generally have this. check your NAS for accounting options alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IIS authentication with FREERADIUS !
JAHANZAIB SYED aaca...@hotmail.com writes: The 'client' refuses to use Linux to share there media ftp server because of some of there own reasons. They insist to stick on IIS. So again I am asking for help , is there any way IIS can get authentication from freeradius server. there is a utility called RADIIS which does the job, but its expensive (400$) . any other workaround ? I really don't see the problem with that. If they expect the IIS solution to be cheap and work out-of-the-box, then their expectations need serious adjustments. My advice to you is to not try to plaster over the facts. You'll only end up with the blame for all the problems *their choice* resulted in. USD 400 cannot be expensive in Microsoft-land. It's about 2 client licenses for a Windows Small Business Server. If you run a business based entirely on Microsoft software, your licensing fees alone will probably be around USD 1000 *per employee* just to get a basic setup (server, desktop-OS, office suite). If they are unhappy with the costs, then there are alternatives. If they don't want the alternatives, then ask in some Microsoft forum instead. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Next Pool option
On Tue, Jul 5, 2011 at 3:35 PM, Antonio Maciá ama...@sedesc.es wrote: Hi! Im running the 2.1.11 version and I would like to know how to configure next-pool options in the ippool file in order to get a ip from a secondary pool when the first pool is starved. Lets say I have two pools, 172.16.1.0/24 and 192.168.10.0/24 and I want that as soon as the 172.16.1.0 range is empty, the Radius start giving addresses form the 192.168.10.0 pool. Is it possible? Unlang is your friend. The key point is when a pool exhaust its ip address range, it will return notfound. So you can have something like this in modues/ippool-test: ippool ippool-test1 { range-start = 192.168.1.1 range-stop = 192.168.1.254 netmask = 255.255.255.0 cache-size = 256 session-db = ${db_dir}/db.ippool-test1 ip-index = ${db_dir}/db.ipindex-test1 override = no maximum-timeout = 0 } pool ippool-test2 { range-start = 192.168.2.1 range-stop = 192.168.2.254 netmask = 255.255.255.0 cache-size = 256 session-db = ${db_dir}/db.ippool-test2 ip-index = ${db_dir}/db.ipindex-test2 override = no maximum-timeout = 0 } ... and something like this on users (or db, wherever your users data is) testuser Cleartext-Password := testpass, Pool-Name := redundant-pool ... and something this in post-auth if (%{control:Pool-Name} == redundant-pool) { update control { Pool-Name := ippool-test1 } ippool-test1 if (notfound) { update control { Pool-Name := ippool-test2 } ippool-test2 } } -- Fajar Hi Fajar, I have configured the code in the post-auth section. When the first pool is exhausted it tries to give from the secondary, but although there are free ips it fails. I tried changing the order of the pools, putting the secondary pool first and it gives addresses correctly, so this pool is well configured. Here is the output: +++[basic_pool] returns notfound +++? If (notfound) ? Evaluating (notfound) - TRUE +++- entering if (notfound) {...} [control] returns notfound [basic_pool2] No available ip addresses in pool [basic_pool2] returns notfound +++- if (notfound) returns notfound ++- if(%{control:Pool-Name} == redundant_pool) returns notfound Any idea? List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 2.1.10 with Oracle support under Fedora 14
On Wed, Jul 6, 2011 at 4:44 PM, Fajar A. Nugraha l...@fajar.net wrote: On Wed, Jul 6, 2011 at 4:39 PM, Aurélien Lafranchise aurelien_lafranch...@snype.org wrote: I am a newbie to FreeRadius, I prefer some kind of validation/authorization before. Wiki is basically a collaborative tool. I agree with Arran, just add it to the wiki. If someone else finds a wrong info somewhere, or finds that some workarounds are no longer needed, they can always edit your post later. -- Fajar 2011/7/6 Arran Cudbard-Bell a.cudba...@freeradius.org Why don't you add it to the wiki ;) -Arran On Jul 6, 2011, at 10:59 AM, Aurélien Lafranchise wrote: Hi all, As I said, here is the step by step when using Oracle Instant Client 11 : ... and if you're going to add it to the wiki, I think it'd be better to add get the source for your respective freeradius version. (e.g. if you're currently using 2.1.10, then get the source of that). 1. Decompress the tar file. 2. In src/modules/rlm_sql/drivers/rlm_sql_oracle : 2.1. Do autoconf 2.2 .and then ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/lib/oracle/11.2/client64 2.3. then make and you should have a .libs directory with a file rlm_sql_oracle-2.1.11.so 3. cp .libs/ rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/ 4. ln -s /usr/lib64/freeradius/rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/rlm_sql_oracle.so the directory .libs should have both rlm_sql_oracle-2.1.11.so and rlm_sql_oracle.so, so it's easier to just use cp -a to copy both. 5.1 in /etc/raddb cnfigure sql.conf 5.2 radiusd.conf(uncomment $INCLUDE sql.conf) 5.3 site-available/default uncomment linewith sql in the wanted section 5.4 from the decopressed archive cp -r raddb/sql/oracle /etc/raddb/sql/ 6. Be sure that environnement variables for the user who launch radiusd to have export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib and export you SHOULD be able to edit configure.in, edit the line that says ORACLE_LIBDIR_SWITCH=-L${oracle_lib_dir} and change it to ORACLE_LIBDIR_SWITCH=-L${oracle_lib_dir} -R${oracle_lib_dir} with that, it should be able to find the needed libraries without the need for LD_LIBRARY_PATH. Of course you need to rerun autoconf, configure and friends. ORACLE_HOME=/usr/include/oracle/11.2/client64 I really hate having to set environment variables :) Have you tested using easy connect syntax (i.e. host[:port][/service_name]) for radius_db? You should be able to connect without having to set ORACLE_HOME -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRadius 2.1.10 with Oracle support under Fedora 14
Added a cleaned up version here: http://wiki.freeradius.org/Rlm_sql_oracle Aurélien, edit the page to credit yourself somewhere if you want... -Arran On Jul 6, 2011, at 11:44 AM, Fajar A. Nugraha wrote: On Wed, Jul 6, 2011 at 4:39 PM, Aurélien Lafranchise aurelien_lafranch...@snype.org wrote: I am a newbie to FreeRadius, I prefer some kind of validation/authorization before. Wiki is basically a collaborative tool. I agree with Arran, just add it to the wiki. If someone else finds a wrong info somewhere, or finds that some workarounds are no longer needed, they can always edit your post later. -- Fajar 2011/7/6 Arran Cudbard-Bell a.cudba...@freeradius.org Why don't you add it to the wiki ;) -Arran On Jul 6, 2011, at 10:59 AM, Aurélien Lafranchise wrote: Hi all, As I said, here is the step by step when using Oracle Instant Client 11 : 1. Decompress the tar file. 2. In src/modules/rlm_sql/drivers/rlm_sql_oracle : 2.1. Do autoconf 2.2 .and then ./configure --with-oracle-lib-dir=/usr/lib/oracle/11.2/client64/lib --with-oracle-include-dir=/usr/lib/oracle/11.2/client64 2.3. then make and you should have a .libs directory with a file rlm_sql_oracle-2.1.11.so 3. cp .libs/ rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/ 4. ln -s /usr/lib64/freeradius/rlm_sql_oracle-2.1.11.so /usr/lib64/freeradius/rlm_sql_oracle.so 5.1 in /etc/raddb cnfigure sql.conf 5.2 radiusd.conf(uncomment $INCLUDE sql.conf) 5.3 site-available/default uncomment linewith sql in the wanted section 5.4 from the decopressed archive cp -r raddb/sql/oracle /etc/raddb/sql/ 6. Be sure that environnement variables for the user who launch radiusd to have export LD_LIBRARY_PATH=/usr/lib/oracle/11.2/client64/lib and export ORACLE_HOME=/usr/include/oracle/11.2/client64 6.1 if not put it in the /etc/init.d/radiusd file 7. Launch freeradius (radiusd -X for debug and if ok service radiusd start) Hope this will help other people and at least to correct the bug of the 2.1.11 release installation procedure. Thanks all - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Arran Cudbard-Bell a.cudba...@freeradius.org RADIUS - Half the complexity of Diameter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Next Pool option
On Wed, Jul 6, 2011 at 5:33 PM, Antonio Maciá ama...@sedesc.es wrote: Hi Fajar, I have configured the code in the post-auth section. When the first pool is exhausted it tries to give from the secondary, but although there are free ips it fails. I tried changing the order of the pools, putting the secondary pool first and it gives addresses correctly, so this pool is well configured. Here is the output: +++[basic_pool] returns notfound +++? If (notfound) ? Evaluating (notfound) - TRUE +++- entering if (notfound) {...} [control] returns notfound [basic_pool2] No available ip addresses in pool [basic_pool2] returns notfound +++- if (notfound) returns notfound ++- if(%{control:Pool-Name} == redundant_pool) returns notfound Any idea? ( shrug ) it works on my test. Start with pasting the complete radiusd -X output. It should be able to show any configuration error. From the limited lines that you post it should be very clear [basic_pool2] No available ip addresses in pool ... then again it might be a bug in the code, in which case testing the latest version (I'd recommend using v2.1.x branch from git, which is what I currently use) should be useful. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Macbook Freeradius connection issue
Hi, We use FreeRadius 2.1.9. It works fine, but Macbook user can't connect. I have to activate only TTLS and PEAP in WLAN settings (802.1x) on the macbook, then it works. Do exist any other possibility for MAC user? PLZ help :) Lionne Stangier Lionne-Jeremias Stangier Praktikant system engineer allesklar.com AG turmcenter ? am turm 40 d- 53721 siegburg e-mail: lionne.stang...@meinestadt.de fax: +49 (0) 2241-9253-66 www.allesklar.com www.meinestadt.de - das portal für alle städte deutschlands www.meinestadt.de/mobil - mobile apps von meinestadt.de www.allesklar.de - deutschlands umfangreichster webkatalog www.datingcafe.de ? die testsieger-singlebörse http://blog.meinestadt.de ? der blog von meinestadt.de allesklar.com AG | siegburg | AG siegburg HRB 7031 vorstand: dr. manfred stegger (vors.), peter bettin vorsitzender des aufsichtsrats: dr. herbert groeger - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.0.5 simple configuration fail
Hi, I'm currently trying to set a Freeradius 2.0.5 on a synology NAS which I installed via ipkg. I would like to authenticate the wifi users throught a netgear WG103 '802.1x enabled'. So i've just modified the users file to add a 'rad' user : rad Cleartext-Password := rad And added in clients.conf : client 10.1.1.16 { secret = ap_pass shortname = ap } I configured the ap according to these settings. Everything works fine when using radtest, but when trying to authenticate with the ap, i get the debug output that I put in attached file. firstly, 2.0.5 is hideously old - and very very buggy. 2.1.x should be a minimum. can you get your package folk to upgrade their FreeRADIUS package? secondly, change your default eap type in the eap.conf to peap - you seem to have md5 which means a lot of NAK junk - this streamlines EAP. you cant do md5 with wireless. I suppose the problem comes from : auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. from a quick look i'd say things should be okay - make the EAP change and see if the AP plays nicely alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Macbook Freeradius connection issue
Hi, We use FreeRadius 2.1.9. It works fine, but Macbook user can't connect. I have to activate only TTLS and PEAP in WLAN settings (802.1x) on the macbook, then it works. Do exist any other possibility for MAC user? by default, OSX has a lot of EAP types enabled...and will try to use them all , in-orderwhich means a lot of junk EAP attempts - which your FR will reject if it doesnt know - and may confuse the AP/NAS - certainly if you dont allow FreeRADIUS to handle unknown EAP types. if you only support PEAP and TTLS then ensure that your clients are configured correctly. recommend using either the enterprise deployment tool (profile configuration generation tool), an OSX config script, well documented instructions or an 802.1X tool such as XpressConnect from cloudpath. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Macbook Freeradius connection issue
Hi, thanks for the fast answer. certainly if you dont allow FreeRADIUS to handle unknown EAP types. Can you configure FR to handle unknown EAP types? lionne - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius 2.0.5 simple configuration fail
Thank you for your quick answer. I just change to peap in the eap.conf but i still have the same error. Maybe i'll send an email to the maintener of the paquet. I also tried to compile the last version of FreeRadius from sources but i was running into a lot of bugs... - Mail Original - De: Alan Buxey a.l.m.bu...@lboro.ac.uk À: FreeRadius users mailing list freeradius-users@lists.freeradius.org Envoyé: Mercredi 6 Juillet 2011 13h22:55 GMT +01:00 Amsterdam / Berlin / Berne / Rome / Stockholm / Vienne Objet: Re: Freeradius 2.0.5 simple configuration fail Hi, I'm currently trying to set a Freeradius 2.0.5 on a synology NAS which I installed via ipkg. I would like to authenticate the wifi users throught a netgear WG103 '802.1x enabled'. So i've just modified the users file to add a 'rad' user : rad Cleartext-Password := rad And added in clients.conf : client 10.1.1.16 { secret = ap_pass shortname = ap } I configured the ap according to these settings. Everything works fine when using radtest, but when trying to authenticate with the ap, i get the debug output that I put in attached file. firstly, 2.0.5 is hideously old - and very very buggy. 2.1.x should be a minimum. can you get your package folk to upgrade their FreeRADIUS package? secondly, change your default eap type in the eap.conf to peap - you seem to have md5 which means a lot of NAK junk - this streamlines EAP. you cant do md5 with wireless. I suppose the problem comes from : auth: No authenticate method (Auth-Type) configuration found for the request: Rejecting the user auth: Failed to validate the user. from a quick look i'd say things should be okay - make the EAP change and see if the AP plays nicely alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Macbook Freeradius connection issue
Hi, certainly if you dont allow FreeRADIUS to handle unknown EAP types. Can you configure FR to handle unknown EAP types? ignore_unknown_eap_types = no but as the docs clearly state, if its not handled in another module then the request will still get rejected alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Macbook Freeradius connection issue
ignore_unknown_eap_types = no but as the docs clearly state, if its not handled in another module then the request will still get rejected Thanks, Ok. I need to configure the Mac client or install a 802.1x tool. No other way ... hmm ... ok. lionne - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Macbook Freeradius connection issue
Hi, Ok. I need to configure the Mac client or install a 802.1x tool. No other way ... hmm ... ok. umm, the client is set to try all the EAP methods under the sun - starting off with FAST , then LEAP, then PEAP etc well, theres nothing a server can do to change that - its totally client related - now, if your AP/NAS has some other thing like EAP fail limit etc then those initial requests and NAKs stack up - it might not even be getting the chance to do what you want. its a bit like saying my client is set to a static IP address, how do you configure the DHCP server to fix that? ;-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
AW: Macbook Freeradius connection issue
its a bit like saying my client is set to a static IP address, how do you configure the DHCP server to fix that? ;-) Hehe :D Yes ok Thank you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth-Type fail
Ok, I found the problem. The problem was the operator in radcheck I put '==' instead of ':='... Sorry for the inconvenience. Bastien Semene Administrateur Réseau Système Cyanide Studio - FRANCE Le 06/07/2011 15:26, Bastien Semene a écrit : Hi list, I have problem authenticating users against (My)SQL. Freeradius is running on a FreeBSD 8.0-STABLE and is on version 2.1.10. It is a fresh install that I made work with the default file authentication. When I connect the SQL backend, it doesn't work. I followed the instructions on the FreeRADIUS wiki : http://wiki.freeradius.org/SQl_HOWTO The SQL module is correctly loaded and it returns an OK during authentication. The queries are well formed and the results should be ok What I don't understand is why sql module returns OK, and the authentication is rejected. In my mind, an OK from the SQL module at this step means it has authenticated the user. Am I misunderstanding ? The debug output and relevant configuration directives are below. P.S. : 10.1.8.4 is the IP of the server, I'm running radtest commands from this host (I can't use 127.0.0.1 because of how network currently works in jails on FreeBSD). Here is the output of the radtest command : # radtest bsemene test 10.1.8.4 0 password for jail client Sending Access-Request of id 214 to 10.1.8.4 port 1812 User-Name = bsemene User-Password = test NAS-IP-Address = 10.1.8.4 NAS-Port = 0 rad_recv: Access-Reject packet from host 10.1.8.4 port 1812, id=214, length=20 H -- If you think experts are expensive, wait to see what amateurs will cost you -- Bastien Semene Administrateur Réseau Système Cyanide Studio - FRANCE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: use_tunnel_reply not working in EAP-PEAP (Proxied as plain MSCHAPv2) in eap.conf
Nitin Bhardwaj wrote: Hi, Please edit your posts. It's not nice to go through hundreds of lines of garbage in order to read the *real* content of the message. Found out that this works perfectly fine in freeradius 3.0.0 (master git branch). That's nice to know. Can anyone please suggest which patches I need to back-port to 2.1.11 to make this work in 2.1.x branch too ? You can't. The code is *completely* different. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Make the server certificate from Thawte
Hello. I want to use the certificate from Thawte. First of all I tried to use free SSL certificate from Thawte. I received 3 certificates in PEM-format: my Thawte trial SSL certificate, Thawte Trial Secure Server Intermediate CA and Thawte Test CA Root certificate in format: -BEGIN CERTIFICATE- text here -END CERTIFICATE- I made .pem files from them with no new line in end of file. The eap.conf is: private_key_password = (is empty because no password in certificates) private_key_file = ${certdir}/trialThawte.pem certificate_file = ${certdir}/trialThawteCA.pem radiusd -X rlm_eap: SSL error error:0906D06C:PEM routines:PEM_read_bio:no start line rlm_eap_tls: Error reading private key file /etc/raddb/certs/trialThawte.pem rlm_eap: Failed to initialize type tls Tried to make .pem by following commands (use server.key, server.csr were inputted to make Thawte certificate; server.crt is received Thawte certificate): openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -passin pass:1234 -passout pass:1234 unable to load private key 139734217189032:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:467: 139734217189032:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:476: openssl pkcs12 -in server.crt -out server.pem -passin pass:12345 -passout pass:12345 140259536533160:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 140259536533160:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=PKCS12 I confused that: 1. no passwords in received Thawte certificates 2. Root CA and Web Server CA 3. different pem format is used in RADIUS and is received from Thawte What algorithm should be used to make valid to FreeRADIUS pem certificate files from these Thawte certificates? FreeRADIUS Version 2.1.7, for host x86_64-pc-linux-gnu -- Best Regards, Shildyakov Alexey Vladimirovich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Make the server certificate from Thawte
Hi, I want to use the certificate from Thawte. First of all I tried to use free SSL certificate from Thawte. I received 3 certificates in PEM-format: my Thawte trial SSL certificate, Thawte Trial Secure Server Intermediate CA and Thawte Test CA Root certificate in format: -BEGIN CERTIFICATE- text here -END CERTIFICATE- I made .pem files from them with no new line in end of file. The eap.conf is: private_key_password = (is empty because no password in certificates) private_key_file = ${certdir}/trialThawte.pem certificate_file = ${certdir}/trialThawteCA.pem nope. for private key you need your private key - the one that you made before making the CSR for thawte for certificate file you need the trialThawte file then for CA file you need a file that contains the Server Intermediate CA and Thawte Test CA Root concatenated together 1. no passwords in received Thawte certificates if you use passwords for the private key then you will have one 3. different pem format is used in RADIUS and is received from Thawte no. FR uses PEM quite happily alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Make the server certificate from Thawte
nope. for private key you need your private key - the one that you made before making the CSR for thawte Yes. Thank you. I was confused because in default FreeRADIUS has ${raddbdir}/certs/cert-srv.pem value here. for certificate file you need the trialThawte file then for CA file you need a file that contains the Server Intermediate CA and Thawte Test CA Root concatenated together if you use passwords for the private key then you will have one Yes. It's true. Summing up, what the algorithm to configure certificate from Trusted CA: 1. cd /etc/raddb/certs 2. openssl genrsa –des3 –out server.key 2048. Remember the passphrase, you have been entered. 3. openssl req –new –key server.key –out server.csr. Write suitable X.509 attributes. 4. Upload server.csr to your CA (Thawte, Verisign, GeoTrust) 5. Receive SSL certificate, Secure Server Intermediate CA and CA Root certificate from Trusted CA. 6. Write received SSL certificate to file server.pem 7. Write received Secure Server Intermediate CA and CA Root certificates concatenated together to file ca.pem 8. Set the eap.conf tls section: certdir = ${confdir}/certs cadir = ${confdir}/certs private_key_password = passphrase_you_entered_while_creating_server.key private_key_file = ${certdir}/server.key CA_file = ${cadir}/ca.pem Is it possible to add this instruction to certs/README to avoid this topic emerge again? -- Best Regards, Shildyakov Alexey Vladimirovich - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql: NUMERIC VALUE OUT OF RANGE error
I too am experiencing this issue with FreeRadius 2.1.10 and Postgres. /rlm_sql_postgresql: query affected rows = 0 [sql] expand: %{NAS-Port} - 2153775120 [sql] expand: %{Acct-Delay-Time} - 0 [sql] expand: %{Acct-Session-Time} - 301 [sql] expand: %{Acct-Input-Gigawords} - 0 [sql] expand: %{Acct-Input-Octets} - 14189 [sql] expand: %{Acct-Output-Gigawords} - 0 [sql] expand: %{Acct-Output-Octets} - 31036 [sql] expand: INSERT INTO radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctSessionTime, AcctAuthentic, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, ServiceType, FramedProtocol, FramedIPAddress, XAscendSessionSvrKey) VALUES('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', NULLIF('%{Realm}', ''), '%{NAS-IP-Address}', %{%{NAS-Port}:-NULL}::integer, '%{NAS-Port-Type}', ('%S'::timestamp - '%{%{Acct-Delay-Time}:-0}'::interval - '%{%{Acct-Session-Time}:-0}'::interval), '%{Acct-Session-Time}', '%{Acct-Authentic}', (('%{%{Acct-Input-Gigawords}:-0}'::bigint 32) + '%{%{Acct-Input-Octets}:-0}'::bigint), (('%{%{Acct-Output-Gigawords}:-0}'::bigint 32) + '%{%{Acct-Output-Octets}:-0}'::bigint), '%{Called-Station-Id}', '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', NULLIF('%{Framed-IP-Address}', '')::inet, '%{X-Ascend-Session-Svr-Key}') - INSERT INTO radacct rlm_sql_postgresql: Status: PGRES_FATAL_ERROR rlm_sql_postgresql: Error integer out of range rlm_sql_postgresql: Postgresql Fatal Error: [22003: NUMERIC VALUE OUT OF RANGE] Occurred!! [sql] Couldn't insert SQL accounting ALIVE record - ERROR: integer out of range rlm_sql (sql): Released sql socket id: 2 / I cannot figure out how to modify the query that is executed for this, I modified /etc/freeradius/sql.conf with addtional section: / accounting_update_query_alt = INSERT into ${acct_table1} \ (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, \ AcctSessionTime, AcctAuthentic, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, \ ServiceType, FramedProtocol, FramedIPAddress, XAscendSessionSvrKey) \ values('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}', '%{SQL-User-Name}', '%{Realm}', '%{NAS-IP-Address}', \ ('%{NAS-Port}'::bigint, '%{NAS-Port-Type}'), ('%S'::timestamp - '%{Acct-Delay-Time:-0}'::interval - '%{Acct-Session-Time:-0}'::interval), \ '%{Acct-Session-Time}', '%{Acct-Authentic}', \ (('%{Acct-Input-Gigawords:-0}'::bigint 32) + '%{Acct-Input-Octets:-0}'::bigint), \ (('%{Acct-Output-Gigawords:-0}'::bigint 32) + '%{Acct-Output-Octets:-0}'::bigint), '%{Called-Station-Id}', \ '%{Calling-Station-Id}', '%{Service-Type}', '%{Framed-Protocol}', \ NULLIF('%{Framed-IP-Address}', '')::inet, '%{X-Ascend-Session-Svr-Key}') / as well as start/stop sections but it had no effect on the query run by FreeRadius. How am I able to fix this issue ? Thanks, Andrew -- View this message in context: http://freeradius.1045715.n5.nabble.com/rlm-sql-NUMERIC-VALUE-OUT-OF-RANGE-error-tp2776043p4559678.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql: NUMERIC VALUE OUT OF RANGE error
On Thu, Jul 7, 2011 at 10:09 AM, ahthrift andyonf...@gmail.com wrote: I too am experiencing this issue with FreeRadius 2.1.10 and Postgres. I cannot figure out how to modify the query that is executed for this, I Did you read the file sql.conf? ## # # Configuration for the SQL module # # The database schemas and queries are located in subdirectories: # # sql/DB/schema.sql Schema # sql/DB/dialup.conf Basic dialup (including policy) queries # sql/DB/counter.conf counter # sql/DB/ippool.conf IP Pools in SQL # sql/DB/ippool.sql schema for IP pools. # # Where DB is mysql, mssql, oracle, or postgresql. # so if you're using the default setup it should be in sql/postgresql/dialup.conf modified /etc/freeradius/sql.conf with addtional section: / accounting_update_query_alt = INSERT into ${acct_table1} \ Look at dialup.conf, and change the part that matches the offending query (it should be accounting_start_query) -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_sql: NUMERIC VALUE OUT OF RANGE error
Thanks Fajar, I actually figured this out 10 minutes after posting to the list, blue text on black terminal window :( Thanks for your response. Regards, Andrew On 7/07/2011 3:52 p.m., Fajar A. Nugraha wrote: On Thu, Jul 7, 2011 at 10:09 AM, ahthriftandyonf...@gmail.com wrote: I too am experiencing this issue with FreeRadius 2.1.10 and Postgres. I cannot figure out how to modify the query that is executed for this, I Did you read the file sql.conf? ## # # Configuration for the SQL module # # The database schemas and queries are located in subdirectories: # # sql/DB/schema.sql Schema # sql/DB/dialup.conf Basic dialup (including policy) queries # sql/DB/counter.conf counter # sql/DB/ippool.conf IP Pools in SQL # sql/DB/ippool.sql schema for IP pools. # # Where DB is mysql, mssql, oracle, or postgresql. # so if you're using the default setup it should be in sql/postgresql/dialup.conf modified /etc/freeradius/sql.conf with addtional section: / accounting_update_query_alt = INSERT into ${acct_table1} \ Look at dialup.conf, and change the part that matches the offending query (it should be accounting_start_query) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Running external programs
Hi, all. We have some legacy software that ran under XTradius (xtradius.sourceforge.net). The important thing was to execute an external program for every auth accounting request. Now I need to recreate all that on another server, and I must use the same legacy billing software. Unfortunately one can no longer build the old XTradius on modern FreeBSDs, apparently it has some variable linkage problems. Can that simple task be done in FreeRADIUS instead? Can it be configured to call an external program (Auth-Type External in XTradius)? Thanks! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Welcome to the Freeradius-Users mailing list
Hi, I am very new to radius server and installed “freeradius-1.1.2-sol10-sparc-local”. While starting the server I am seeing the below error message. I did not modify any configuration file. Just running the radius after installation. Please help me in solving this issue. I tried the freeradius-1.1.7-sol10-sparc-local , I got the same error. bash-3.00# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Segmentation Fault (core dumped) Thanks Simbu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Welcome to the Freeradius-Users mailing list
This doesn't specifically address your problem, but you should use a more recent version of FreeRADIUS. Try downloading FreeRADIUS 2.1.10 or 2.1.11 from www.freeradius.org. ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.10.tar.bz2 ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.1.11.tar.bz2 Tim From: freeradius-users-bounces+tim.sylvester=networkradius@lists.freeradius.or g [mailto:freeradius-users-bounces+tim.sylvester=networkradius.com@lists.freer adius.org] On Behalf Of silambarasan sundar Sent: Wednesday, July 06, 2011 10:34 PM To: freeradius-users@lists.freeradius.org Subject: Re: Welcome to the Freeradius-Users mailing list Hi, I am very new to radius server and installed freeradius-1.1.2-sol10-sparc-local. While starting the server I am seeing the below error message. I did not modify any configuration file. Just running the radius after installation. Please help me in solving this issue. I tried the freeradius-1.1.7-sol10-sparc-local , I got the same error. bash-3.00# radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = /usr/local main: localstatedir = /usr/local/var main: logdir = /usr/local/var/log/radius main: libdir = /usr/local/lib main: radacctdir = /usr/local/var/log/radius/radacct main: hostname_lookups = no main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /usr/local/var/log/radius/radius.log main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = /usr/local/var/run/radiusd/radiusd.pid main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/local/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Segmentation Fault (core dumped) Thanks Simbu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html