dumb question :)

[Igor Chen]

I have dumb, but very interesting to me question.
I'vre read http://www.frontios.com/freeradius.html and did everything
following to that instruction (what concerns sql authorization). In that
example table radgroupcheck is empty.  What should be there? :-/
I thought that filling radgroupreply with valid replies was enough :-\
-- 
cron-ripe


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS and libtool

[Martti Kuparinen]

Hi!

While trying to create a NetBSD package of FreeRADIUS 0.4 I noticed
that the source files are not compiled right with libtool.

Are there any plans to libtoolify the sources, i.e. compile and
link all files like this:

  ${LIBTOOL} --mode=compile ${CC} ${CFLAGS} -c filename.c
  ${LIBTOOL} --mode=link ${CC} -o ${LIBRADIUS:.a=.la} ${OBJS:.o=.lo} \
-rpath ${PREFIX}/lib -version-info ${MAJOR}:${MINOR}

Right now e.g. src/lib/Makefile isn't compiled properly.

I'm going to take a look at this, although the priority is very low.
Please let me know if someone is already working on this issue.

Martti

---
Martti Kuparinen [EMAIL PROTECTED]  NetBSD - No media hype
http://www.iki.fi/~kuparine/http://www.netbsd.org/


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More documentation about xtradius

[Viliana Atanasova]

Hi 
I am setting up radius for a first time and I chose xtradius
Pls can someone tell me where to find more documentation 
becouse i've set it up, it uses mysql to auth users but i want to find out 
more things 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Expiration, Counter and Reset Value

[aland]

power jessie [EMAIL PROTECTED] wrote:
 Are there any ways I can do these in freeradius (0.4)?
 
 1. 'Expiration' will be set based on firt login date.
   i.e. an account will expired 90 days after
   first usage.

  How do you know when the user is first logging in?  How do you
authenticate them?

  You can run a shell program when a request is seen.  That shell
program can set up any per-user configuration you desire.

 2. User-defined reset value in the counter module.
   i.e. reset = 14 # counter will reset to zero after 14 days
reset = 60 # resets after two months

  A *per-user* reset?  That's not supported now, but it should be
possible with source code patches.

 Also, can i have another the same counter module but with a different
   reset value? i.e.

  Yes, but they will use two different counters, and two different
databases.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS and libtool

[aland]

Martti Kuparinen [EMAIL PROTECTED] wrote:
 While trying to create a NetBSD package of FreeRADIUS 0.4 I noticed
 that the source files are not compiled right with libtool.

  I'm not sure that libtool *ever* compiles anything right, but
that's another story.
 
 Are there any plans to libtoolify the sources, i.e. compile and
 link all files like this:
 
   ${LIBTOOL} --mode=compile ${CC} ${CFLAGS} -c filename.c
   ${LIBTOOL} --mode=link ${CC} -o ${LIBRADIUS:.a=.la} ${OBJS:.o=.lo} \
 -rpath ${PREFIX}/lib -version-info ${MAJOR}:${MINOR}
 
 Right now e.g. src/lib/Makefile isn't compiled properly.

  Uh... what do you mean by that?  The 'libradius.a' archive should be
created fine, using standard system tools.  There isn't a
*requirement* to use libtool, that I know of.

  libtool *can* help in some places.  In others, it can't.
 
 I'm going to take a look at this, although the priority is very low.
 Please let me know if someone is already working on this issue.

  shrug  If it's important, and if it makes a big difference, send a
patch to the list.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Expiration, Counter and Reset Value

[Kostas Kalevras]

On Wed, 19 Dec 2001, power jessie wrote:

 
 Are there any ways I can do these in freeradius (0.4)?
 
 1. 'Expiration' will be set based on firt login date.
   i.e. an account will expired 90 days after
   first usage.
 
   Expiration = FirstLoginDate + 90 Days

I don't think so. Expiration is a check item which could be stored in an
ldap/mysql database. The user is responsible of changing the value. You could
just run an exec-program on login that will update the expiration attribute to
the correct value.

 
 2. User-defined reset value in the counter module.
   i.e. reset = 14 # counter will reset to zero after 14 days
reset = 60 # resets after two months

Well, you can't do that.
Wait a minute. I 've just commited a change to rlm_counter. You can now do the
following:

reset = 14 #reset after 14 days
reset = 3w #reset after 3 weeks

 
 Also, can i have another the same counter module but with a different
   reset value? i.e.
   
   counter {
   ...
   reset = daily
   ...
   }
 
   counter2 {
   ...
   reset = monthly
   ...
   }

Yes you can:

counter weekly{
reset = weekly
}
counter monthly{
reset = monthly
}

authorize{
weekly
monthly
}

--
kkalev

 
 Hope you'll be more patient to my newbie questions =)
 Thanks again guys for your support!
 
 yo!
 jessie
 
 Feliz Navidad!
 ---
 Don't Panic! This mail is certified Virus Free.
 Checked by AVG anti-virus system (http://www.grisoft.com).
 Version: 6.0.309 / Virus Database: 170 - Release Date: 12/17/2001
 
 
 - 
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_sql: Pairs do not match

[Igor Chen]

Who can tell me what does 'rlm_sql: Pairs do not match' mean?
please...
---
query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,r
adgroupreply.Value FROM radgroupreply,usergroup WHERE  usergroup.Username =
'steve' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY
radgroupreply.id
rlm_postgresql Status: PGRES_TUPLES_OK
sql_postgresql: affected rows =
Service-Type = Framed-User
Service-Type = Framed-User
Framed-Protocol = PPP
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 255.255.255.254
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 255.255.255.254
Framed-Compression = Van-Jacobson-TCP-IP
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 255.255.255.254
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Address = 255.255.255.254
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
Fall-Through = Yes
rlm_sql: Released sql socket id: 4
rlm_sql: Pairs do not match [steve]
Sending Access-Reject of id 137 to 127.0.0.1:2083

-- 
cron


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_ldap lib/includes

[Kevin C. Miller]

Hello-

I'm working on compiling freeradius 0.4 here, and specifically rlm_ldap. 
I'm using configure with
--with-rlm-ldap-lib-dir=/usr/local/lib 
--with-rlm-ldap-include-dir=/usr/local/include. However it doesn't seem 
like configure is actually using those options.

In src/modules/rlm_ldap:
config.status:
# ./configure  --sysconfdir=/home/radius/etc 
--localstatedir=/home/radius/etc --disable-ltdl-install --without-snmp 
--with-r
lm_ldap=yes --with-logdir=/home/radius/logs 
--with-rlm-krb5-lib-dir=/usr/local/lib 
--with-rlm-krb5-include-dir=/usr/local/in
clude --with-rlm-ldap-lib-dir=/usr/local/lib 
--with-rlm-ldap-include-dir=/usr/local/include --enable-ltdl-install=no 
--cache
-file=../../.././config.cache --srcdir=.

config.log:
configure:1534: gcc -o conftest  -D_REENTRANT -Wall -D_GNU_SOURCE -DNDEBUG 
conftest.c -lresolv -lnsl -lresolv -lpthrea
d  -lpthread -lpthread -lsasl -lcrypto -lssl -llber -lldap_r 15
/usr/local/lib/libldap_r.a(open.o): In function `ldap_create':
/usr/obj/local/openldap/012/libraries/libldap_r/open.c:134: undefined 
reference to `ber_memcalloc'
/usr/obj/local/openldap/012/libraries/libldap_r/open.c:149: undefined 
reference to `ber_strdup'
/usr/obj/local/openldap/012/libraries/libldap_r/open.c:151: undefined 
reference to `ber_strdup'

... and thus won't build the LDAP module. Is there something obviously 
wrong with this config?

Thanks,
-Kevin
---
Kevin C. Miller [EMAIL PROTECTED]
Network Group
Carnegie Mellon University

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: rlm_ldap lib/includes

[Kevin C. Miller]

It appears that the problem here is actually because -llber appears before 
-lldap_r on the link link, thus the symbols in ldap_r that require lber are 
not defined.

I changed freeradius-0.4/aclocal.m4:
line 928:
LIBS=-l$1 $LIBS -l$1

line 938:
LIBS= -L$try -l$1 $old_LIBS

and after running autoconf in src/modules/rlm_ldap, it built nicely.

-Kevin


--On Wednesday, December 19, 2001 2:14 PM -0500 Kevin C. Miller 
[EMAIL PROTECTED] wrote:

 Hello-

 I'm working on compiling freeradius 0.4 here, and specifically rlm_ldap.
 I'm using configure with --with-rlm-ldap-lib-dir=/usr/local/lib
 --with-rlm-ldap-include-dir=/usr/local/include. However it doesn't seem
 like configure is actually using those options.

 In src/modules/rlm_ldap:
 config.status:
# ./configure  --sysconfdir=/home/radius/etc
# --localstatedir=/home/radius/etc --disable-ltdl-install --without-snmp
# --with-r
 lm_ldap=yes --with-logdir=/home/radius/logs
 --with-rlm-krb5-lib-dir=/usr/local/lib
 --with-rlm-krb5-include-dir=/usr/local/in clude
 --with-rlm-ldap-lib-dir=/usr/local/lib
 --with-rlm-ldap-include-dir=/usr/local/include --enable-ltdl-install=no
 --cache -file=../../.././config.cache --srcdir=.

 config.log:
 configure:1534: gcc -o conftest  -D_REENTRANT -Wall -D_GNU_SOURCE
 -DNDEBUG conftest.c -lresolv -lnsl -lresolv -lpthrea d  -lpthread
 -lpthread -lsasl -lcrypto -lssl -llber -lldap_r 15
 /usr/local/lib/libldap_r.a(open.o): In function `ldap_create':
 /usr/obj/local/openldap/012/libraries/libldap_r/open.c:134: undefined
 reference to `ber_memcalloc'
 /usr/obj/local/openldap/012/libraries/libldap_r/open.c:149: undefined
 reference to `ber_strdup'
 /usr/obj/local/openldap/012/libraries/libldap_r/open.c:151: undefined
 reference to `ber_strdup'

 ... and thus won't build the LDAP module. Is there something obviously
 wrong with this config?

 Thanks,
 -Kevin
 ---
 Kevin C. Miller [EMAIL PROTECTED]
 Network Group
 Carnegie Mellon University

 - List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html



---
Kevin C. Miller [EMAIL PROTECTED]
Network Group
Carnegie Mellon University

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radiusd.conf and Useable Variables

[Simon Allard]

  What I am trying to do is this.
 
   groupmembership_filter = (loginName=%u)(nasAccess=%{Huntgroup-Name})
 
  %{Huntgroup-Name} does not get expanded to be the configued Huntgroup
  though.

   Run it in debugging mode.  See where/when rlm_preprocess adds in the
 huntgroup name.

   If it isn't added, then it can't be used.

Don't quite get what you mean.

This is what my debug for the preeproccess module sayes.

Module: Loaded preprocess
 preprocess: huntgroups = /etc/raddb/huntgroups
 preprocess: hints = /etc/raddb/hints
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)


This is in my /etc/raddb/huntgroups

MAINLINE  NAS-IP-Address == 10.10.10.10


It doesn't seem to expand, but I am unsure if its cause I am using the
wrong name and if its supported. If its not supported, is it possible to
add, I don't mind doing the code for it, but just want to make sure its
possible before tearing into the code.

- Si


Simon Allard (Senior Tool Monkey)
IHUG
Ph (09) 358-5067   Email: [EMAIL PROTECTED]

WARNING: Excessive alcohol may lead you to believe people
 are laughing WITH you.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radiusd.conf and Useable Variables

[Simon Allard]

Ignore this :)

I thought about it and now understand what you ment.

There is a very useful list in xlat.c for alot of variables that can be
used though. Would be very handy to have on the faq or something.

- Si



   What I am trying to do is this.
  
groupmembership_filter = (loginName=%u)(nasAccess=%{Huntgroup-Name})
  
   %{Huntgroup-Name} does not get expanded to be the configued Huntgroup
   though.
 
Run it in debugging mode.  See where/when rlm_preprocess adds in the
  huntgroup name.
 
If it isn't added, then it can't be used.

 Don't quite get what you mean.

 This is what my debug for the preeproccess module sayes.

 Module: Loaded preprocess
  preprocess: huntgroups = /etc/raddb/huntgroups
  preprocess: hints = /etc/raddb/hints
  preprocess: with_ascend_hack = no
  preprocess: ascend_channels_per_line = 23
  preprocess: with_ntdomain_hack = no
  preprocess: with_specialix_jetstream_hack = no
  preprocess: with_cisco_vsa_hack = no
 Module: Instantiated preprocess (preprocess)


 This is in my /etc/raddb/huntgroups

 MAINLINE  NAS-IP-Address == 10.10.10.10


 It doesn't seem to expand, but I am unsure if its cause I am using the
 wrong name and if its supported. If its not supported, is it possible to
 add, I don't mind doing the code for it, but just want to make sure its
 possible before tearing into the code.

 - Si


 Simon Allard (Senior Tool Monkey)
 IHUG
 Ph (09) 358-5067   Email: [EMAIL PROTECTED]

 WARNING: Excessive alcohol may lead you to believe people
  are laughing WITH you.


 -
 List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Simon Allard (Senior Tool Monkey)
IHUG
Ph (09) 358-5067   Email: [EMAIL PROTECTED]

WARNING: Excessive alcohol may lead you to believe people
 are laughing WITH you.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

auth by /etc/passwd

[NetlinkIP Sysadmin]

How can I have freeradius (or cistron 1.6.5) do a check on /etc/passwd for the shell
type?

For Example: I need users of shell type /usr/bin/ppp to be able to auth via radius
but NOT:   /sbin/noservice

Any ideas?

BTW - Livingston 2.1 does this.



--Eli Chancey
--NetlinkIP Sysadmin - www.netlinkip.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS how to support Oracle SQL authentication

[Robbie]

I want the FreeRADIUS support Oracle SQL authentication.
My FreeRADIUS is running on RedHat 7.2 and Oracle SQL server is running on Solaris7
for SPARC.
How can I realize it?
Thanks.
â²Ø§~ì¹»®Þþéì¹»®ÞI硶Úÿ0~·ž­§bºÊ+ƒùb²ßî±êì†Ù¥

Cannot compile FreeRADIUS 3.0

[Robbie]

I downloaded FreeRADIUS 3.0,and intall it under RedHat 7.2,
1)#./configure   ---Everything is OK.
2)
[root@LSRV1 freeradius-0.3]# make
gmake[1]: Entering directory `/root/freeradius-0.3'
Making all in libltdl...
gmake[2]: Entering directory `/root/freeradius-0.3/libltdl'
gmake[2]: Nothing to be done for `all'.
gmake[2]: Leaving directory `/root/freeradius-0.3/libltdl'
Making all in src...
gmake[2]: Entering directory `/root/freeradius-0.3/src'
gmake[3]: Entering directory `/root/freeradius-0.3/src'
Making all in lib...
gmake[4]: Entering directory `/root/freeradius-0.3/src/lib'
gcc  -g -O2 -D_REENTRANT -Wall -D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I../include -c 
dict.c
/tmp/cca1KeWL.s: Assembler messages:
/tmp/cca1KeWL.s:510: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:510: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:510: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:650: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:650: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:650: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:654: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:654: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:654: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:771: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:771: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:771: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:775: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:775: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:775: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:956: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:956: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:956: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:963: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:963: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:963: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1101: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1101: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1101: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1105: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1105: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1105: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1112: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1112: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1112: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1119: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1119: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1119: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1124: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1124: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1124: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1128: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1128: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1128: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1139: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1139: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1139: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1143: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1143: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1143: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1148: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1148: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1148: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1152: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1152: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1152: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1155: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1155: Warning: Unrecognized .section attribute: want a,w,x
/tmp/cca1KeWL.s:1155: Error: Rest of line ignored. First ignored character is `,'.
/tmp/cca1KeWL.s:1165: Warning: