Re: Error binding to port for 0.0.0.0 port 1812

2009-03-24 Thread Anders Holm
No, you haven't stopped radius then. Only one service per port. man lsof if you're not sure which process is holding on to the port. Sent from my iPhone On 24 Mar 2009, at 20:12, Bruno Noronha wrote: Dawgs, I received the following error when starting debug mode or issuing "freeradius re

Re: Redundant Oracle instances

2009-03-03 Thread Anders Holm
Thanks Alan. That confirms my suspicions then. I'll have a dig through the unlang stuff too there. If we do manage to figure out the magic wand waving required to appropriately set a timeout for this, I'll pass on a patch. Thanks again. //anders - List info/subscribe/unsubscribe? See http://www.

Redundant Oracle instances

2009-03-03 Thread Anders Holm
Hi folks. I've got FR 2.1.3 running hooked up to an Oracle instance. While testing failure scenarios I'm finding that the module never fails. I'm testing failures where the server has initially been able to connect to the database and then subsequently the database goes away. I'm testing by doing

Re: Certificate Provisioning for EAP-TLS Networks

2009-02-02 Thread Anders Holm
There are other solutions around as well to distribute and manage client side certificates. Not cheap, but they do exist. //anders - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Some Help Regarding Remote Free Radius Server.

2008-12-31 Thread Anders Holm
pushpraj nimbalkar wrote: On Wed, Dec 31, 2008 at 2:42 PM, Alan DeKok wrote: pushpraj nimbalkar wrote: You have not read full message. I am using rlm_sql and i already added 59.181.96.194 to my nas list. look at below error rlm_sql (sql): Read entry nasname= 59.181.96.194,shortname=AP

Re: 2.1.3 and Solaris 9 compile errors

2008-12-25 Thread Anders Holm
Thanks Anatoly. Hopefully Alan will pick this up Sent from my iPhone On 25 Dec 2008, at 13:21, "Anatoly S. Zimin" wrote: On 10:32 Thu 25 Dec , Anders Holm wrote: Anatoly S. Zimin wrote: Greg Fuller wrote: [snip] $ cd /usr/local/src/freeradius-server-2.1.3/ $ rm -rf s

Re: 2.1.3 and Solaris 9 compile errors

2008-12-25 Thread Anders Holm
Anatoly S. Zimin wrote: Greg Fuller wrote: [snip] $ cd /usr/local/src/freeradius-server-2.1.3/ $ rm -rf src/modules/rlm_perl This is not solution. I am know how resolve this problem. If anyone need this. Please ask me. May be this solution need for developers. I am long time useing FreeRadi

Re: Status counters

2008-12-21 Thread Anders Holm
. There surely is no need to get into a huff about things, is there? //anders Alan DeKok wrote: Anders Holm wrote: Ah, the missing piece emerges. This is probably what I was missing. My frustration is that I explained how it works. Rather than believing that explanation, you start

Re: Status counters

2008-12-21 Thread Anders Holm
Alan DeKok wrote: Anders Holm wrote: Heh. I sure did. Though, I'm thinking slightly differently I suppose.. "How can something be accepted which has not been requested?". That is the definition of how Status-Server works. This definition goes back to 1996 in a n

Re: Status counters

2008-12-20 Thread Anders Holm
Alan DeKok wrote: Anders Holm wrote: So, for Access-Requests we ignore Status-Server packets, but Status-Server packets do increment Access-Accept? Perhaps you didn't see my message or read the names of the counters. One counter counts Access-Requests, and another one counts A

Re: Status counters

2008-12-20 Thread Anders Holm
Alan DeKok wrote: Anders Holm wrote: Looking a tad at the counters and how they get incremented I see the following: Sending Access-Accept of id 20 to 127.0.0.1 port 32772 FreeRADIUS-Total-Access-Requests = 0 FreeRADIUS-Total-Access-Accepts = 36 FreeRADIUS-Total

Re: Status counters

2008-12-19 Thread Anders Holm
Of course, I'm silly enough to expect others know what versions I'm running .. *doh* This is with FreeRADIUS 2.1.1 compiled from source. //anders 2008/12/19 Anders Holm > Hi folks. > > Looking a tad at the counters and how they get incremented I see the > following: >

Status counters

2008-12-19 Thread Anders Holm
Hi folks. Looking a tad at the counters and how they get incremented I see the following: Sending Access-Accept of id 20 to 127.0.0.1 port 32772 FreeRADIUS-Total-Access-Requests = 0 FreeRADIUS-Total-Access-Accepts = 36 FreeRADIUS-Total-Access-Rejects = 0 FreeRADIUS

Re: How to log failed auth attempts?

2008-12-18 Thread Anders Holm
The \'s might be significant. You have those all through the query, up to the point things break. I also wouldn't have a comment in the middle of an SQL statement. Clean it up and it is likely to work. Sent from my iPhone On 19 Dec 2008, at 03:29, "Todd R." wrote: What was the error mes

Re: Duplicate IPs for Radius Clients with different secrets -allow any client IP?

2008-12-17 Thread Anders Holm
t...@kalik.net wrote: What could a hacker do to the server if he can't even get passed returning a correct shared secret? Get the usernames and passwords of your users and gain access to your network at will. Publish them and let anybody use your network. Internet for free. Sounds gr

Re: Duplicate IPs for Radius Clients with different secrets - allow any client IP?

2008-12-17 Thread Anders Holm
Eric Geier wrote: Thank you for the info, David. I think the following is an example of how this could work, which I googled: client 212.37.57.2 { secret = "%{sql:SELECT secret FROM accesspoints WHERE id = %{raw:NAS-Identifier}}" shortname = "just one of our example

Re: Radrelay

2008-12-16 Thread Anders Holm
What is your goal here? To have two different hosts with the same accounting data on them? If so, use a data base backend instead of trying to replicate data yourself. Let the system work for you, not you for the system. Sent from my iPhone On 16 Dec 2008, at 16:07, "lreeves" wrote: I fo

Re: Login incorrect (rlm_ldap: User not found)

2008-11-25 Thread Anders Holm
ldappasswd is unlikely to use the encryption scheme that is expected by PAP (or just about any other module). Use an LDIF file, or some other means to set the data to be what you want it to be, not something you're not sure what it might be. //anders hsuan wrote: Dear all: I have install

Re: No authenticate method (Auth-Type)configuration foundfor therequest: Rejecting the user

2008-11-25 Thread Anders Holm
I'm fairly positive there are pointers in the documentation for your specific LDAP server on how to add data into it. //anders hsuan wrote: Dear ivan: But the search results have shown "># base with scope subtree". If I don't have the new entry "ldapuser", so how can I add the new entries ?

Re: MediaProxy can't Closing expired calls, 404 Requested Dialog not found

2008-11-24 Thread Anders Holm
Talk to the folks who created it perhaps? Sent from my iPhone On 24 Nov 2008, at 08:18, "john li" <[EMAIL PROTECTED]> wrote: Hi, I'm trying to enable MediaProxy to close expired calls but got an error Does anyone have any suggestions? Thanks a lot John here is the log: DBG:mi_datagr

Re: Could not link driver rlm_sql_oracle: libclntsh.so.10.1

2008-11-23 Thread Anders Holm
Your config says you are using Oracle as backend. However the Oracle driver has not been compiled/installed. Sent from my iPhone On 24 Nov 2008, at 03:39, Ilya <[EMAIL PROTECTED]> wrote: hello, i've got Linux 2.6.9-22 and freeRADIUS server v.2.1.1. after installing and configured FreeRADIU

Re: Freeradius 2.0 with Activedirectory Integration Failed

2008-11-09 Thread Anders Holm
You have two errors to fix... This; /usr/local/etc/raddb/users[1]: Parse error (check) for entry DEFAULT: Unknown value ntlm_auth for attribute Auth-Type And this: Errors reading /usr/local/etc/raddb/users /usr/local/etc/raddb/modules/files[7]: Instantiation failed for module "files

Re: sqlcounter returning wrong value?

2008-11-09 Thread Anders Holm
Answers before questions? Novel idea. "limited to 4GB" Sent from my iPhone On 9 Nov 2008, at 14:00, "liran tal" <[EMAIL PROTECTED]> wrote: On Sun, Nov 9, 2008 at 6:00 AM, Venkatesh K <[EMAIL PROTECTED]> wrote: Hi Liran, On Sun, Nov 9, 2008 at 4:16 AM, liran tal <[EMAIL PROTECTED]> wrote:

Re: [Q] Cross-Compiling for PPC : version 1.1.7 same 2.1.1 same

2008-11-03 Thread Anders Holm
The PPC machine has no native compiler? You want to ensure you are dynamically linking you binaries. ./configure --help Sent from my iPhone On 4 Nov 2008, at 04:45, "Young-Whan Kim" <[EMAIL PROTECTED]> wrote: Hi~ I did compile freeradius-1.1.7 and 2.1.1. My build machine is : intel debian 3

Re: exec program, but post-auth

2008-11-03 Thread Anders Holm
Huh? Ivan gave you the answer already. Read it again and then look into what accounting packets are. Sent from my iPhone On 4 Nov 2008, at 02:06, "Alexandre J. Correa - Onda Internet" <[EMAIL PROTECTED] > wrote: auth are working fine... but i need execute one script after auth OK to get

Re: Freeradius-1.0.5_PEAP with EAP-MD5 auth failure

2008-11-03 Thread Anders Holm
This is likely to have been fixed in a newer version. Do you see this with a 2.1.1 installation? //anders Prasad Parab wrote: Hi, Am using freeradius-1.0.5 for PEAP authentication with EAP-MD5. Attached is the log of auth failure wirg the same. Attached also are the configuration files. Kindl

Re: [Q] compiling for ppc.

2008-11-03 Thread Anders Holm
Young-Whan Kim wrote: Hi~~ Happy to meet you. I'm trying to compile for PPC. The version is 1.1.7. Why 1.1.7? Use 2.1.1 if you're going through the trouble of compiling anyway. /opt/mvl4/pro/devkit/ppc/7xx/bin/../lib/gcc/powerpc-montavista-linux/3.4.3/. ./../../../powerpc-montavista-linux/b

Re: Dell 6248 and Dynamic VLAN Assignment

2008-10-31 Thread Anders Holm
Talk to the vendor? Sent from my iPhone On 31 Oct 2008, at 01:20, Luke <[EMAIL PROTECTED]> wrote: Hi :) I'm trying to get dynamic VLAN assignment to work with my Dell 6248, which they officially support as of firmware revision 2.1.0.13. I'm using freeradius version 2.1.1 I think I'm sending

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Anders Holm
This a 64 bit system that also has 32 bit libs? Sent from my iPhone On 29 Oct 2008, at 08:09, Hubert Kupper <[EMAIL PROTECTED]> wrote: Anders Holm schrieb: Did you rebuild from source obtained from freeradius.org or a src.rpm? The RPMs are maintained by Suse. Sent from my iPhone

Re: Hostapd-0.5.5 and freeradius-server-2.1.1

2008-10-29 Thread Anders Holm
We really didn't need to know what the secret *was*... Retype and check for whitespace issues. Sent from my iPhone On 28 Oct 2008, at 10:46, lolo <[EMAIL PROTECTED]> wrote: Le mardi 28 octobre 2008 11:37, [EMAIL PROTECTED] a écrit : Chances are: 99.9% - shared secret is different (retype it

Re: Suse SLES 10SP2 with freeradius 2.x

2008-10-29 Thread Anders Holm
Did you rebuild from source obtained from freeradius.org or a src.rpm? The RPMs are maintained by Suse. Sent from my iPhone On 29 Oct 2008, at 07:01, Hubert Kupper <[EMAIL PROTECTED]> wrote: [EMAIL PROTECTED] schrieb: Hi, I have build the rpm's without errors. Before I had to edit the

Re: Insert billiplan code in radacct table during authenticaiton

2008-10-25 Thread Anders Holm
Would a customers billing plan be determined if they sucessfully authenticate? Wouldn't they all then be in the same plan? Sorry, I just don't see your point. Sent from my iPhone On 25 Oct 2008, at 03:26, Bishal <[EMAIL PROTECTED]> wrote: Hi all, I am using freeradius for AAA of

Re: FreeRadius and MAC OS X Install

2008-10-23 Thread Anders Holm
Do you have a need for the Perl module? If not, disable it. Sent from my iPhone On 22 Oct 2008, at 23:19, Saurabh Bhasin <[EMAIL PROTECTED]> wrote: Folks, I've been trying to compile (using MacPorts 1.600) freeradius on Leopard (10.5.5) and continue to get the following error. I've been a

Re: AW: AW: MAC authentification

2008-10-22 Thread Anders Holm
I'm slightly curoous here. What happens when Script Kiddie then spoofs an appropriate MAC address? You have other mitigating measures in place? Sent from my iPhone On 22 Oct 2008, at 12:12, Arran Cudbard-Bell <[EMAIL PROTECTED] > wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, T

Re: mysql erros

2008-10-21 Thread Anders Holm
The MySQL module died, the connections dropped, got detected and the module restarted to restore connectivity. Which is just what the log says. grep -ri oom /var/log* Any matches finding the Out Of Memory killer and you then have your root cause... Sent from my iPhone On 22 Oct 2008,

Re: EAP bypass

2008-10-20 Thread Anders Holm
Eating humble pie for a day would reset the admins expectations on how to handle customer expectations to a reasonable level I'd think... Sent from my iPhone On 19 Oct 2008, at 18:49, "Danny Paul" <[EMAIL PROTECTED]> wrote: This is impossible. It is *designed* to be impossible. If it was

Re: Newbie question

2008-10-06 Thread Anders Holm
If you want to help develop FreeRADIUS, that's the spot. Otherwise, I'd personally recommend using the .tar.bz2 file that is linked on the front page of http://freeradius.org ... That's the actual release. CVS is probably whatever the folks are working on, which may or may not work. Have some memo

Re: The client does not connect _*_*_*_

2008-10-03 Thread Anders Holm
Again, what's the debug output? Does the client manage to send a RADIUS packet that actually arrives at the server? //anders 2008/10/1 Martin Silvero <[EMAIL PROTECTED]> > sorry > what they say is ... > > > > The access point has an IP 10.0.31.x and is included within > raddb/client.conf

Re: The client does not connect _*_*_*_

2008-09-27 Thread Anders Holm
Que? No Habla Espanol. Habla Ingles?? That, and how to order a beer is roughly the extent of my Spanish. //anders On 26/09/2008 15:53, "Martin Silvero" <[EMAIL PROTECTED]> wrote: > el access point tiena la IP 10.0.31.40 y esta incluida > dentro de raddb/client.conf, olvidem

Re: The client does not connect _*_*_*_

2008-09-26 Thread Anders Holm
You say 10.0.32.x is on a different network than 10.0.42.x? What's your netmasks and your routing table like? What network is your client on and what network is your server on? Can you ping the server (or access it in any way) from the client? This is really more a basic networking question than

Re: specifying back end to proxy on per-user basis

2008-08-22 Thread Anders Holm
An SQL server isn't too hard to set up and get going. Plus any decent scripting language has modules making it dirt simple to manage the user base ... Try it... //Anders Sent from my iPhone On 22 Aug 2008, at 22:23, Greg Woods <[EMAIL PROTECTED]> wrote: On Fri, 2008-08-22 at 22:48 +0200,

Re: performance report?

2008-08-21 Thread Anders Holm
ause we already reached > max reqeusts hammering by our tool and that was same regardless of adding > more clients under multi-threaded enviroment. > > - Original Message > From: Anders Holm <[EMAIL PROTECTED]> > To: FreeRadius users mailing list > Sent: Wedn

Re: performance report?

2008-08-20 Thread Anders Holm
n't assume our traffic was not enough. > > ----- Original Message > From: Anders Holm <[EMAIL PROTECTED]> > To: FreeRadius users mailing list > Sent: Wednesday, August 20, 2008 12:25:19 PM > Subject: Re: performance report? > > Re: performance report? It is not

Re: performance report?

2008-08-20 Thread Anders Holm
It is not likely your actually putting too much strain on the server side. You¹ll need quite a lot of machines hammering the RADIUS server before it¹ll break into a sweat. The client side would have higher CPU utilization then the server side, per request. Comparing one program to another is not e

Re: acct and syslog

2008-07-31 Thread Anders Holm
I'm unsure here why syslog would be a bad idea in the case of FreeRADIUS. However, there is also another option, the SQL logging options... Perhaps those may be handy as well? //anders On 30/07/2008 13:39, "Alan DeKok" <[EMAIL PROTECTED]> wrote: > Mustapha Bouikhif wrote: >> I want to send acct

Re: Re : cert bootstrap bug? (was Re: definitively, I have a problem with eap-tls)

2008-07-26 Thread Anders Holm
> [snip] > > rlm_pap: WARNING! No "known good" password found for the user. Authentication > may fail because of this.//Normal, i am not willing to do > PAP but mschapv2 > > If you¹re not using a module, disable it. All it¹ll do is add latency, > delays and unnecessary log m

Re: ippool with non-contiguous ip ranges

2008-07-26 Thread Anders Holm
Adding additional IP ranges, which are non-contiguous, and at the same time not adding a new ippool, seems to me to be really impossible. Either you have static ranges in-between, or, worse still, you do not own/operate the IPs in-between but someone else does. . . Either you should have a larger

RE: MySQL connection over SSL possible?

2008-06-23 Thread Anders Holm
Sorry for my extremely belated reply (been on vacation so deliberately stayed away from email.. :) ) Yes, connecting to a different port using mysql command line tools did work. Used the exact same settings for host and port etc. so ... I should get the source tree checked out at some stage so I

Re: MySQL connection over SSL possible?

2008-06-12 Thread Anders Holm
2008/6/12 Nicolas Goutte <[EMAIL PROTECTED]>: [snip] For me it has worked since then. I have seen only one of each of your > messages. > > Have a nice day! > Excellent! One problem solved, and on to the next one. To get back on topic a tad then so, and to describe my experience with the SSL sid

Re: MySQL connection over SSL possible?

2008-06-12 Thread Anders Holm
nyone seen this on any more mails after I responded to the initial request to ask me to stop sending dupes? Yes, this is getting quite off topic .. :) //anders 2008/6/12 Alan DeKok <[EMAIL PROTECTED]>: > This is getting off-topic, but... > > Anders Holm wrote: > > > >

Re: MySQL connection over SSL possible?

2008-06-12 Thread Anders Holm
t;[EMAIL PROTECTED]>: > Anders Holm wrote: > > Hitting "Reply All" in most MUAs would do this. The list should be smart > enough to only forward on one copy per recipient ... > > It's not. We get 2 copies of every mail you send to the list. > > > ALL mails

Re: Could not link driver rlm_sql_mysql: rlm_sql_mysql.so

2008-06-12 Thread Anders Holm
You haven't installed the MySQL headers. If you're on Linux, you're likely to need to install a package called something along the lines of mysql-devel. If this isn't an FAQ listed query, it should be .. :) //anders 2008/6/12 Ivan Kalik <[EMAIL PROTECTED]>: > Have you tried reading the FAQ? > >

Re: MySQL connection over SSL possible?

2008-06-11 Thread Anders Holm
(I (and probably not only me) get your messages always twice.) Have a nice day! Am 11.06.2008 um 11:31 schrieb Anders Holm: > "There are other options." > > Yes, I've come up with a few. Would you have others as well? > Suggestions are welcome in all cases .. > >

Re: MySQL connection over SSL possible?

2008-06-11 Thread Anders Holm
y, June 9, 2008 5:57:48 PM GMT +00:00 GMT Britain, Ireland, Portugal Subject: Re: MySQL connection over SSL possible? Anders Holm wrote: > So, that's a "yes" .. :) Yes. > rlm_sql_mysql is the driver, and I'd rather not have my own version running, > but would love

Re: MySQL connection over SSL possible?

2008-06-11 Thread Anders Holm
Indeed, stunnel is one way to go, another might be SSH tunnels, or as another poster mentioned IPSec tunnels. Yes, data integrity and security of the data is vital, along the whole path from backend storage to end device, so this is just one piece of that puzzle ... What I'll do short term is t

Re: MySQL connection over SSL possible?

2008-06-09 Thread Anders Holm
ver SSL possible? No. Driver is sql_mysql.c file in src/modules/rlm_sql/drivers/rlm_sql_mysql/ folder of your distribution. You will need to edit the source file and recompile to have freeradius mysql client ask for a SSL connection. Ivan Kalik Kalik Informatika ISP Dana 9/6/2008, "Anders H

Re: MySQL connection over SSL possible?

2008-06-09 Thread Anders Holm
on over SSL possible? You will probably need to adapt the driver with mysql_ssl_set(): http://dev.mysql.com/doc/refman/5.0/en/mysql-ssl-set.html Ivan Kalik Kalik Informatika ISP Dana 9/6/2008, "Anders Holm" <[EMAIL PROTECTED]> piše: >Hi folks. > >I'm wondering, would

MySQL connection over SSL possible?

2008-06-09 Thread Anders Holm
Hi folks. I'm wondering, would it be possible to encrypt the connection to the backend data store (it being MySQL) using SSL? MySQL would have support for this, but I sppear to not find any documentation for Freeradius on how to set that side up for it .. Any pointers appreciated .. //anders

SQL Statements

2008-06-06 Thread Anders Holm
So, I'm getting closer to my end goal. I have a few questions though regarding SQL statements and what impacts there may be if I go about changing them.. My lovely DBA is telling me the expected traffic figures I have given them may put some interesting load on the DB backend. They'd love for m

RE: "looking" into local db after Realm Default was found

2008-06-02 Thread Anders Holm
You don't have a realm that matches the domain name you're using to authenticate for : dfn.de //anders -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] g] On Behalf Of Hans Bornemann Sent: 02 June 2008 14:31 To: FreeRadius users mailing list Subject: Re: "looking" into

RE: FreeRadius 2.0.4 - problems with LDAP and Sonicwall...

2008-05-30 Thread Anders Holm
No, you've missed out letting the RADIUS server be allowed to talk to your LDAP server ... Or starting it at least .. :) > rlm_ldap: bind to localhost:389 failed: Can't contact LDAP server If they can't talk, I don't think it'll matter much about anything else .. Now, don't take my word for it a

Re: Load testing tool recommendation

2008-05-14 Thread Anders Holm
Curious... It's a fairly beefy Linux box with GigE NIC .. Hmm.. Time to dig into sysctl, and playing with the forking script, as the speedup I'd need would be client side it seems to me. Server has taken what I've thrown at it so far, without batting an eyelid.. //anders - Original Message

Re: Load testing tool recommendation

2008-05-13 Thread Anders Holm
Hmm.. I *am* referencing the radius server with FQDN ... Lemme flip that switch and see what I get to play with ... Good catch .. It's letting me ship some more packets through per second.. no final figures yet, but starting to hit 5k pkts/sec, though the radius server is still not sweating nea

Re: Load testing tool recommendation

2008-05-13 Thread Anders Holm
esting tool recommendation Wireless could be the problem if you have some wireless links between radius server and your NAS. Alan DeKok wrote: > Anders Holm wrote: > >> In my tests, radclient has been /slower/ the radtest processes forked from a >> Perl script. >> >

Re: Load testing tool recommendation

2008-05-10 Thread Anders Holm
//wiki.freeradius.org/Radclient Ivan Kalik Kalik Informatika ISP Dana 9/5/2008, "Anders Holm" <[EMAIL PROTECTED]> piše: >So, I'm building a complete solution, from scratch. > >As such, the business owners have some requirements on how many requests it >should b

Load testing tool recommendation

2008-05-09 Thread Anders Holm
So, I'm building a complete solution, from scratch. As such, the business owners have some requirements on how many requests it should be handle today per second and "some point in the future" as well. Would there be any good load testing tools, or some handy way to figure out how many tps my

Re: rlm_sql_oracle compilation woes

2008-05-09 Thread Anders Holm
PM GMT +00:00 GMT Britain, Ireland, Portugal Subject: Re: rlm_sql_oracle compilation woes Anders Holm wrote: > I'm trying to compile the rlm_sql_oracle module for FreeRadius 2.0.3 > using Oracle 10.2 client. Now, I've tried every suggestion the configure > scripts has thrown

rlm_sql_oracle compilation woes

2008-05-07 Thread Anders Holm
Hi Folks. This is a potential newbie question, though I seem unable to find any answers in the FAQ or in the archives, so ... I'm trying to compile the rlm_sql_oracle module for FreeRadius 2.0.3 using Oracle 10.2 client. Now, I've tried every suggestion the configure scripts has thrown at me