How do I restrict daily total usage time for all or a particular user?
How do I restrict daily total usage time for all or a particular user? That means, total usage per day will be limited to say, three hours? Dr. Muhammad Masroor Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting rlm_ldap to install on Solaris 8...
On Thu, Oct 04, 2001 at 08:35:03PM -0400, Jeff Baxter <[EMAIL PROTECTED]> is thought to have said: > > On Thu, 4 Oct 2001 [EMAIL PROTECTED] wrote: > > > Jeff Baxter <[EMAIL PROTECTED]> wrote: > > > It says I need OpenLDAP v2.x SDK libraries. Is this the standard OpenLDAP > > > install? I can't find anything about SDK anywhere on the OpenLDAP site.. > > > > You should download, configure, make, and install the ldap > > libraries. That should be the everything you need for ldap. > > Okay, I've scoured the OpenLDAP site and I don't see how to just dowload > the libraries, or failing that, a way to just compile and install the > libraries. > > Anyone out there got an idea? './configure --disable-slapd --disable-slurpd' looks like it does the job. -- Tabor J. Wells [EMAIL PROTECTED] Fsck It! Just another victim of the ambient morality - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting rlm_ldap to install on Solaris 8...
On Thu, 4 Oct 2001 [EMAIL PROTECTED] wrote: > Jeff Baxter <[EMAIL PROTECTED]> wrote: > > It says I need OpenLDAP v2.x SDK libraries. Is this the standard OpenLDAP > > install? I can't find anything about SDK anywhere on the OpenLDAP site.. > > You should download, configure, make, and install the ldap > libraries. That should be the everything you need for ldap. Okay, I've scoured the OpenLDAP site and I don't see how to just dowload the libraries, or failing that, a way to just compile and install the libraries. Anyone out there got an idea? Jeff Baxter Communications Coordinator Information Systems and Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Getting rlm_ldap to install on Solaris 8...
Jeff Baxter <[EMAIL PROTECTED]> wrote: > It says I need OpenLDAP v2.x SDK libraries. Is this the standard OpenLDAP > install? I can't find anything about SDK anywhere on the OpenLDAP site.. You should download, configure, make, and install the ldap libraries. That should be the everything you need for ldap. > Furthermore, OpenLDAP doesn't seem to actually require OpenSSL, but the > instructions for rlm_ldap say that OpenLDAP depends on OpenSSL, and > (optionally) on Cyrus-SASL libraries. It sometimes does. The rlm_ldap module doesn't really care, and should be able to link to the ldap libraries without SSL, if they don't need SSL. > All I want is to set up a radius server that does simple LDAP > authentication (no SSL necessary), and that's it. What packages do I > actually need? OpenLDAP. If you're having problems, see the 'src/modules/rlm_ldap/config.log' file. It will tell you what's going on. Also, reading the output of the 'configure' script, and 'make' will help, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: External script for Alive packets in sql schema
VISP Systems Administration <[EMAIL PROTECTED]> wrote:
> doc/README lists off 7 of these % vars.. Are there more or a complete list
> somewhere?
src/main/xlat.c
You can also use %{User-Name}, instead of %u. The
%{Attribute-Name} works for all attributes.
> I however; would like to submit a bug. Seems to be the same issue we have
> with XT radius. I can capture $NAS_IP_ADDRESS, but can not get
> $CLIENT_IP_ADDRESS. Which is what I need. Any idea why this var is so
> elusive?
It should be added by rlm_preprocess.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: External script for Alive packets in sql schema
At 01:38 PM 10/4/2001 -0400, you wrote:
>VISP Systems Administration <[EMAIL PROTECTED]> wrote:
> > The question now, since I am used to xtradius is how to pass the args or
> > vars. XT would pass them to the script ie. ($ENV{"User-Name"}), or I
> > could specify them in execparams and pass them along via %u %p etc via
> > command line. So, how do I get them from freeradius?
>
> You can pass then on the command line as '%u', etc. See
>'doc/README' for more information.
doc/README lists off 7 of these % vars.. Are there more or a complete list
somewhere?
> Or, you can use environment variables. From the shell: $USER_NAME.
>
> i.e. Take the attribute name, convert the name to uppercase, convert
>'-' to '_', and use that as the name of the environment variable.
This is perfect! =)
I however; would like to submit a bug. Seems to be the same issue we have
with XT radius. I can capture $NAS_IP_ADDRESS, but can not get
$CLIENT_IP_ADDRESS. Which is what I need. Any idea why this var is so
elusive?
> Alan DeKok.
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Nathan Miller
Visp Systems Administration
Voice: 541-476-5352 ext. 4
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Getting rlm_ldap to install on Solaris 8...
Okay, I've been working on this for literally hours, and am getting quite frustrated. Before I send an e-mail delving into details, let me make sure I'm getting this right. It says I need OpenLDAP v2.x SDK libraries. Is this the standard OpenLDAP install? I can't find anything about SDK anywhere on the OpenLDAP site.. Furthermore, OpenLDAP doesn't seem to actually require OpenSSL, but the instructions for rlm_ldap say that OpenLDAP depends on OpenSSL, and (optionally) on Cyrus-SASL libraries. All I want is to set up a radius server that does simple LDAP authentication (no SSL necessary), and that's it. What packages do I actually need? Thanks.. Jeff Baxter George Washington University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Odd Make fatal error..
At 02:10 PM 10/4/2001 -0400, you wrote: >Solaris 8... > >ld: fatal: library -llber: not found >ld: fatal: library -lldap_r: not found >ld: fatal: File processing errors. No output written to >.libs/rlm_ldap.so.0.0.0 >make[6]: *** [rlm_ldap.la] Error 1 > >Why is it not able to find those libraries? It says in the configure that >it sees them fine, right? run these commands: $ echo $LD_LIBRARY_PATH $ find /usr -name *lber* -print $ find /usr -name *ldap* -print Most likely LD_LIBRARY_PATH isn't set correctly. -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Odd Make fatal error..
Solaris 8... I've installed OpenLdap, and configure works fine.. this is a snippet of it: checking for lber.h... yes checking for ldap.h... yes checking for sasl_encode in -lsasl... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking for ber_init in -llber... yes checking for ldap_initialize in -lldap_r... yes But when I do a make, I get a fatal error in the LDAP module.. /usr/ccs/bin/ld -G -h rlm_ldap.so.0 -o .libs/rlm_ldap.so.0.0.0 rlm_ldap.lo -llber -lldap_r -lnsl -lresolv -lsocket -lrt -lpthread -lrt -lc ld: fatal: library -llber: not found ld: fatal: library -lldap_r: not found ld: fatal: File processing errors. No output written to .libs/rlm_ldap.so.0.0.0 make[6]: *** [rlm_ldap.la] Error 1 Why is it not able to find those libraries? It says in the configure that it sees them fine, right? The only odd thing I've done (perhaps odd?) is that when I installed OpenLDAP, I did a ./configure --enable-slapd=no, since I didn't really need the daemon and I didn't want to install a DBLM backend. Help appreciated... Jeff - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: External script for Alive packets in sql schema
VISP Systems Administration <[EMAIL PROTECTED]> wrote:
> The question now, since I am used to xtradius is how to pass the args or
> vars. XT would pass them to the script ie. ($ENV{"User-Name"}), or I
> could specify them in execparams and pass them along via %u %p etc via
> command line. So, how do I get them from freeradius?
You can pass then on the command line as '%u', etc. See
'doc/README' for more information.
Or, you can use environment variables. From the shell: $USER_NAME.
i.e. Take the attribute name, convert the name to uppercase, convert
'-' to '_', and use that as the name of the environment variable.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: External script for Alive packets in sql schema
At 11:13 AM 10/4/2001 +0600, you wrote:
>Hello!
>
> >> > This is something I would love to see in freeradius also. Can we run
> >> > external scripts for authentication?
> >>
> >> Yes, sort of. Do:
> >>
> >>DEFAULT Auth-Type := Accept, Exec-Program := "/path/to/program %args"
>
> > OK.. I've done this. But by adding the line you mention above it
> > authenticated _everyone_ regardless if the external program exits 1 or 0.
>
>my freeradius works with
>
>
>DEFAULT Auth-Type := System
> Exec-Program-Wait = "/path/to/program",
This works. I've adapted this format with what was recommended earlier,
and have it:
DEFAULT Auth-Type := Accept
Exec-Program-Wait = "/path/to/program",
Doing this doesn't require the accounts to also be in the system passwd
files and they can then only reside in my database.
The question now, since I am used to xtradius is how to pass the args or
vars. XT would pass them to the script ie. ($ENV{"User-Name"}), or I
could specify them in execparams and pass them along via %u %p etc via
command line. So, how do I get them from freeradius?
> .
>
>in users file
>if program returns 1 authentication failed.
>for Start, Stop and Alive packets I have
>=
>DEFAULT Acct-Status-Type == Start
> Exec-Program-Wait = "/path/to/radaccstart"
>
>DEFAULT Acct-Status-Type == Stop
> Exec-Program = "/path/to/radaccstop"
>
>DEFAULT Acct-Status-Type == Alive
> Exec-Program = "/path/to/radacccheck"
>=
>in acct_users file.
>
>All works fine!
>
>
>
>Michael.
>
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Nathan Miller
Visp Systems Administration
Voice: 541-476-5352 ext. 4
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius running on Solaris8?
At 05:45 PM 10/4/2001 +0200, Fabio Mussi wrote: >Hello Folks, >anybody knows if freeradius running on Solaris 8 64 bit compiled? $ uname -a SunOS x 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-Enterprise $ /usr/local/gcc-3.0.1-v9/bin/gcc -v Reading specs from /usr/local/gcc-3.0.1-v9/lib/gcc-lib/sparcv9-sun-solaris2/3.0.1/specs Configured with: ../gcc-3.0.1/configure --prefix=/usr/local/gcc-3.0.1-v9 --enable-languages=c,c++ sparcv9-sun-solaris2 Thread model: posix gcc version 3.0.1 $ echo $CFLAGS -mcpu=v9 -Wa,-xarch=v9a $ file /usr/local/sbin/radiusd /usr/local/sbin/radiusd:ELF 64-bit MSB executable SPARCV9 Version 1, UltraSPARC1 Extensions Required, dynamically linked, stripped $ radiusd -v radiusd: FreeRADIUS Version 0.2, for host sparc-sun-solaris2.8, built on Oct 4 2001 at 11:00:48 So, the answer is, yes. And it defintely rocks the house. :) -Chris -- \\\|||/// \ Chris Parker-Manager, Development Engineering \ ~ ~ / \ WX *is* Wireless!\ [EMAIL PROTECTED] | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Without C we would have 'obol', 'basi', and 'pasal' - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: External script for Alive packets in sql schema
Michael Chernyakhovsky <[EMAIL PROTECTED]> wrote: > my freeradius works with > > > DEFAULT Auth-Type := System > Exec-Program-Wait = "/path/to/program", > . Ah, yes... I should have remembered to read the acct_users file, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius running on Solaris8?
Hello Folks, anybody knows if freeradius running on Solaris 8 64 bit compiled? Thanxs for your help Fabris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank's
It supposed to be just a thank you, but it worked out to be an essay. >Evan Pierce wrote >I would like to say that I whole heartedly agree with your sentiments and if I had a >couple of 1000 dollars lying around I would be more than >prepared to pay for your consulting time, however some of us work for really stingy bosses. You should be happy that you work for the bosses, at least you have a wage avery week, when you start to work for yourself then you will find what stingy means (and longer hours). Two of us here have not seen a profit for a last few months and probably few to go before we see any, yet there is plenty of things to do. But I agree with Alan too, it would be good if someone would pay sometimes. Maybe this is not a place but maybe you could place all those QUESTIONS listed on your site with a search facilities and sell ads of it, you would have lots of visitors and some people would click occasionaly (generating some money) but I am not an expert, this may not work like that, adverttising companies are fussy, I can tell you what we tried with our shop centre.net.au. People ask silly questions (including me) when maybe a search on the web would search through the FAQ returning some answers. Probably you could cut some sily questions like mine I asked > We try to set the Session-Timeout to the diffference > Login-Time = "Wk1200-1700" > somehow it does not work SOMEHOW we removed radutmp and we ware tearing our hair out what is going on? It works. Thanks We have stumbled on the basics of radius and FreeRadius. Not understanding what we need to do with the simple processes we could not progress. This is the main problem when going to the new environment, the simplest problem can be frustrating and I spent few days just reading this list, waiting for the jigsaw pazzle to become clear and the list solved some issues, and some are still to be resolved Thank You Alan for all your help. Somehow i don't think this is the last time i will ask. Bogdan Bednarczyk Melbourne >- Original Message - >From: Evan Pierce <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, October 04, 2001 6:18 PM >Subject: Re: Why radwho core dumped? > >Alan > >I would like to say that I whole heartedly agree with your sentiments and if I had a >couple of 1000 dollars lying around I would be more than >prepared to pay for your consulting time, however some of us work for really stingy bosses. > >Keep up the good work, and the good mails. >Evan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius & Microsoft SQL Database
Hi, all. We're going to use a Linux based Radius that has capability to access & authenticate user profile that is stored in Microsoft SQL database in Windows NT server through ODBC. The reason we do this because we already have the SQL database running and used by other Ms based applications, and we choose Linux based Radius because we think it is much easier to be modified to support our purpose. My question is, do you have any idea on what type of Linux based Radius that might have the capability ? Thanking you in advance. Edy Surya __ Do You Yahoo!? NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month. http://geocities.yahoo.com/ps/info1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Re: authentification problem with oracle
Next, I try the code modifications done by [EMAIL PROTECTED] (subject "can you explain me this behavior?(freeradius+oracle)" in the mailing list) and it s work well. I am not a programmer so i don t understand what really do the modification but it s work. For information, I have compiled my freeradius 0-2 with oracle client 8.1.6 in a linux box (kernel 2.2.14-5.0) , and my database is oracle 8.1.7 server enterprise edition on an AIX4.3.3. It may help someone who has the same problem. Thank's for everybody [EMAIL PROTECTED] wrote: >[EMAIL PROTECTED] wrote: >> When i start the radiusd program, it connects well to the oracle database. >> But, when i try a connection with a radius client, i am rejected. > > OK... other people appear to have Oracle working, but I don't run it >myself. > >> Next step, i try to know if the problem is between my radius client >> and my radius server or between my radius server and my database. >> To do this, i had three printf lines to the rlm_sql.c file : > > OK... that's *if* the request succeeded, I guess. > >> The communication seems ok between my client and my radiusd server >> because the requested password look's ok but row[0] who should >> contains the password stored in the database is strange and row[1] >> who should contains "Password" look's the same. > > I'd say that the oracle module is NOT returning anything useful, but >it also isn't returning an error. If it returned an error, then the >SQL code would know to nopt even bother checking the password. > > As it is, it looks like the row[0] and row[1] entries contain random >garbage from memory, and not really the answer from Oracle. > > Alan DeKok. > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accountiong reply attributes
Hello I would like to send attributes in an accounting reply, I have been checking the configutration files but couldn't find anything about it. Does anyone know how??? I'm using the module that generates the Acct-Unique-Session-ID and would like to pass it to the radius client. Perhaps there is a simple sollotion to this... (I'm using freeradius 0.2 whith RH 7.1) Best regards /Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: reverse dns
If you are using bind 8 as the dns server you can use generate, with generate you can create a sequence of records with only one line in the zone file, e.g.: $GENERATE 1-254 ppp-$ A 192.168.0.$ And in the reverse zone: $GENERATE 1-254 $ PTR ppp-$.domain.is. As far as I know this feature is not yet in bind 9.x -- Veigar Freyr - Original Message - From: "Chelsea Carter" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, October 03, 2001 6:07 PM Subject: reverse dns > Im aware that this may be the wrong question for the wrong list, but I was > hoping someone could give me a starting point on how to do reverse dns for > our customers. > > I am using an ascend max with freeradius. I mean, is there a way other than > adding an individual record in dns for each ip address? > > Thanks > > Chel > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Why radwho core dumped?
Alan I would like to say that I whole heartedly agree with your sentiments and if I had a couple of 1000 dollars lying around I would be more than prepared to pay for your consulting time, however some of us work for really stingy bosses. Keep up the good work, and the good mails. Evan >>> [EMAIL PROTECTED] 10/03/01 05:45PM >>> "Serge Maandag" <[EMAIL PROTECTED]> wrote: > First of all I'd like to thank you for the enormous amount of work > you're putting into freeradius. > Not only in programming and bugfixing, but also in replying to questions > and panic mails on the list. > It's good to see a project being so alive for a change. Thanks. > However, I'm getting more and more amazed by the amount of sarcasm you > put into your replies. I can imagine it becomes somewhat tiresome to > answer the same (damn) questions over and over again, but please do keep > in mind: most of us get scared when things go even as far as editing a > makefile or using ldd and the likes. My other choice is to simply delete the emails I find frustrating. That means many questions will NOT get answered. > Fact is: most people are used to things like rpm's or maybe a > (./configure:make:make install) with their eyes closed, expecting > instant success. Yes, I understand. I expect that, even. But I'm continually amazed at the sheer number of questions which are content free. Many of the questions can be summarized as: "Something's wrong, how do I fix it?" I have no good answer for these sort of questions. I've gotten a NUMBER of personal flames, where people tell me not to be such an asshole. I even agree with them, I'm very often rude. I'm even more rude when people don't follow my suggestions for fixing the problem or argue with me about what the fix is. If they knew the answer, why did they ask the question? The problem is, I'm not sure what else to do. I've put a great deal of effort into writing the server, what little documentation exists, and making sure that the debugging messages are helpful. Yet a large number of the questions on the list are a result of people NOT paying attention to the information which is sitting in front of them. By posting their questions, they're hoping that someone ELSE will do the work of thinking for them, for free. That's VERY rude. I've said it before, and I'll say it again. I'm willing to be endlessly polite for anyone willing to pay me contracting fees, to answer their questions. So far, NO ONE has taken me up on it. I think this is like the social situations where it's considered tolerable for someone to behave inappropriately, but it's rude for ANYONE to point out that their behaviour is inappropriate. > I for one never even heard of 'GDB'. Freeradius is great, but it does > suffer a lot from lack of organized docs / pointers to them. That makes > it scary the first time you try to get it to work :) Welcome to the free software world. If you know what you're doing, it works. If you don't know, then you're often SOL, sorry. > Just needed to point that out. Keep up the good work please, I'll try, thanks. I don't want to push people away, I want to push them into learning for themselves, and being independent. It's how I got where I am. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
