dumb question :)
I have dumb, but very interesting to me question. I'vre read http://www.frontios.com/freeradius.html and did everything following to that instruction (what concerns sql authorization). In that example table radgroupcheck is empty. What should be there? :-/ I thought that filling radgroupreply with valid replies was enough :-\ -- cron-ripe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS and libtool
Hi! While trying to create a NetBSD package of FreeRADIUS 0.4 I noticed that the source files are not compiled right with libtool. Are there any plans to libtoolify the sources, i.e. compile and link all files like this: ${LIBTOOL} --mode=compile ${CC} ${CFLAGS} -c filename.c ${LIBTOOL} --mode=link ${CC} -o ${LIBRADIUS:.a=.la} ${OBJS:.o=.lo} \ -rpath ${PREFIX}/lib -version-info ${MAJOR}:${MINOR} Right now e.g. src/lib/Makefile isn't compiled properly. I'm going to take a look at this, although the priority is very low. Please let me know if someone is already working on this issue. Martti --- Martti Kuparinen [EMAIL PROTECTED] NetBSD - No media hype http://www.iki.fi/~kuparine/http://www.netbsd.org/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More documentation about xtradius
Hi I am setting up radius for a first time and I chose xtradius Pls can someone tell me where to find more documentation becouse i've set it up, it uses mysql to auth users but i want to find out more things - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration, Counter and Reset Value
power jessie [EMAIL PROTECTED] wrote: Are there any ways I can do these in freeradius (0.4)? 1. 'Expiration' will be set based on firt login date. i.e. an account will expired 90 days after first usage. How do you know when the user is first logging in? How do you authenticate them? You can run a shell program when a request is seen. That shell program can set up any per-user configuration you desire. 2. User-defined reset value in the counter module. i.e. reset = 14 # counter will reset to zero after 14 days reset = 60 # resets after two months A *per-user* reset? That's not supported now, but it should be possible with source code patches. Also, can i have another the same counter module but with a different reset value? i.e. Yes, but they will use two different counters, and two different databases. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS and libtool
Martti Kuparinen [EMAIL PROTECTED] wrote: While trying to create a NetBSD package of FreeRADIUS 0.4 I noticed that the source files are not compiled right with libtool. I'm not sure that libtool *ever* compiles anything right, but that's another story. Are there any plans to libtoolify the sources, i.e. compile and link all files like this: ${LIBTOOL} --mode=compile ${CC} ${CFLAGS} -c filename.c ${LIBTOOL} --mode=link ${CC} -o ${LIBRADIUS:.a=.la} ${OBJS:.o=.lo} \ -rpath ${PREFIX}/lib -version-info ${MAJOR}:${MINOR} Right now e.g. src/lib/Makefile isn't compiled properly. Uh... what do you mean by that? The 'libradius.a' archive should be created fine, using standard system tools. There isn't a *requirement* to use libtool, that I know of. libtool *can* help in some places. In others, it can't. I'm going to take a look at this, although the priority is very low. Please let me know if someone is already working on this issue. shrug If it's important, and if it makes a big difference, send a patch to the list. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Expiration, Counter and Reset Value
On Wed, 19 Dec 2001, power jessie wrote: Are there any ways I can do these in freeradius (0.4)? 1. 'Expiration' will be set based on firt login date. i.e. an account will expired 90 days after first usage. Expiration = FirstLoginDate + 90 Days I don't think so. Expiration is a check item which could be stored in an ldap/mysql database. The user is responsible of changing the value. You could just run an exec-program on login that will update the expiration attribute to the correct value. 2. User-defined reset value in the counter module. i.e. reset = 14 # counter will reset to zero after 14 days reset = 60 # resets after two months Well, you can't do that. Wait a minute. I 've just commited a change to rlm_counter. You can now do the following: reset = 14 #reset after 14 days reset = 3w #reset after 3 weeks Also, can i have another the same counter module but with a different reset value? i.e. counter { ... reset = daily ... } counter2 { ... reset = monthly ... } Yes you can: counter weekly{ reset = weekly } counter monthly{ reset = monthly } authorize{ weekly monthly } -- kkalev Hope you'll be more patient to my newbie questions =) Thanks again guys for your support! yo! jessie Feliz Navidad! --- Don't Panic! This mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.309 / Virus Database: 170 - Release Date: 12/17/2001 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql: Pairs do not match
Who can tell me what does 'rlm_sql: Pairs do not match' mean? please... --- query: SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,r adgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'steve' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = Service-Type = Framed-User Service-Type = Framed-User Framed-Protocol = PPP Service-Type = Framed-User Framed-Protocol = PPP Framed-Address = 255.255.255.254 Service-Type = Framed-User Framed-Protocol = PPP Framed-Address = 255.255.255.254 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Framed-Address = 255.255.255.254 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Service-Type = Framed-User Framed-Protocol = PPP Framed-Address = 255.255.255.254 Framed-Compression = Van-Jacobson-TCP-IP Framed-MTU = 1500 Fall-Through = Yes rlm_sql: Released sql socket id: 4 rlm_sql: Pairs do not match [steve] Sending Access-Reject of id 137 to 127.0.0.1:2083 -- cron - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ldap lib/includes
Hello- I'm working on compiling freeradius 0.4 here, and specifically rlm_ldap. I'm using configure with --with-rlm-ldap-lib-dir=/usr/local/lib --with-rlm-ldap-include-dir=/usr/local/include. However it doesn't seem like configure is actually using those options. In src/modules/rlm_ldap: config.status: # ./configure --sysconfdir=/home/radius/etc --localstatedir=/home/radius/etc --disable-ltdl-install --without-snmp --with-r lm_ldap=yes --with-logdir=/home/radius/logs --with-rlm-krb5-lib-dir=/usr/local/lib --with-rlm-krb5-include-dir=/usr/local/in clude --with-rlm-ldap-lib-dir=/usr/local/lib --with-rlm-ldap-include-dir=/usr/local/include --enable-ltdl-install=no --cache -file=../../.././config.cache --srcdir=. config.log: configure:1534: gcc -o conftest -D_REENTRANT -Wall -D_GNU_SOURCE -DNDEBUG conftest.c -lresolv -lnsl -lresolv -lpthrea d -lpthread -lpthread -lsasl -lcrypto -lssl -llber -lldap_r 15 /usr/local/lib/libldap_r.a(open.o): In function `ldap_create': /usr/obj/local/openldap/012/libraries/libldap_r/open.c:134: undefined reference to `ber_memcalloc' /usr/obj/local/openldap/012/libraries/libldap_r/open.c:149: undefined reference to `ber_strdup' /usr/obj/local/openldap/012/libraries/libldap_r/open.c:151: undefined reference to `ber_strdup' ... and thus won't build the LDAP module. Is there something obviously wrong with this config? Thanks, -Kevin --- Kevin C. Miller [EMAIL PROTECTED] Network Group Carnegie Mellon University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ldap lib/includes
It appears that the problem here is actually because -llber appears before -lldap_r on the link link, thus the symbols in ldap_r that require lber are not defined. I changed freeradius-0.4/aclocal.m4: line 928: LIBS=-l$1 $LIBS -l$1 line 938: LIBS= -L$try -l$1 $old_LIBS and after running autoconf in src/modules/rlm_ldap, it built nicely. -Kevin --On Wednesday, December 19, 2001 2:14 PM -0500 Kevin C. Miller [EMAIL PROTECTED] wrote: Hello- I'm working on compiling freeradius 0.4 here, and specifically rlm_ldap. I'm using configure with --with-rlm-ldap-lib-dir=/usr/local/lib --with-rlm-ldap-include-dir=/usr/local/include. However it doesn't seem like configure is actually using those options. In src/modules/rlm_ldap: config.status: # ./configure --sysconfdir=/home/radius/etc # --localstatedir=/home/radius/etc --disable-ltdl-install --without-snmp # --with-r lm_ldap=yes --with-logdir=/home/radius/logs --with-rlm-krb5-lib-dir=/usr/local/lib --with-rlm-krb5-include-dir=/usr/local/in clude --with-rlm-ldap-lib-dir=/usr/local/lib --with-rlm-ldap-include-dir=/usr/local/include --enable-ltdl-install=no --cache -file=../../.././config.cache --srcdir=. config.log: configure:1534: gcc -o conftest -D_REENTRANT -Wall -D_GNU_SOURCE -DNDEBUG conftest.c -lresolv -lnsl -lresolv -lpthrea d -lpthread -lpthread -lsasl -lcrypto -lssl -llber -lldap_r 15 /usr/local/lib/libldap_r.a(open.o): In function `ldap_create': /usr/obj/local/openldap/012/libraries/libldap_r/open.c:134: undefined reference to `ber_memcalloc' /usr/obj/local/openldap/012/libraries/libldap_r/open.c:149: undefined reference to `ber_strdup' /usr/obj/local/openldap/012/libraries/libldap_r/open.c:151: undefined reference to `ber_strdup' ... and thus won't build the LDAP module. Is there something obviously wrong with this config? Thanks, -Kevin --- Kevin C. Miller [EMAIL PROTECTED] Network Group Carnegie Mellon University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Kevin C. Miller [EMAIL PROTECTED] Network Group Carnegie Mellon University - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf and Useable Variables
What I am trying to do is this. groupmembership_filter = (loginName=%u)(nasAccess=%{Huntgroup-Name}) %{Huntgroup-Name} does not get expanded to be the configued Huntgroup though. Run it in debugging mode. See where/when rlm_preprocess adds in the huntgroup name. If it isn't added, then it can't be used. Don't quite get what you mean. This is what my debug for the preeproccess module sayes. Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) This is in my /etc/raddb/huntgroups MAINLINE NAS-IP-Address == 10.10.10.10 It doesn't seem to expand, but I am unsure if its cause I am using the wrong name and if its supported. If its not supported, is it possible to add, I don't mind doing the code for it, but just want to make sure its possible before tearing into the code. - Si Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] WARNING: Excessive alcohol may lead you to believe people are laughing WITH you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radiusd.conf and Useable Variables
Ignore this :) I thought about it and now understand what you ment. There is a very useful list in xlat.c for alot of variables that can be used though. Would be very handy to have on the faq or something. - Si What I am trying to do is this. groupmembership_filter = (loginName=%u)(nasAccess=%{Huntgroup-Name}) %{Huntgroup-Name} does not get expanded to be the configued Huntgroup though. Run it in debugging mode. See where/when rlm_preprocess adds in the huntgroup name. If it isn't added, then it can't be used. Don't quite get what you mean. This is what my debug for the preeproccess module sayes. Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) This is in my /etc/raddb/huntgroups MAINLINE NAS-IP-Address == 10.10.10.10 It doesn't seem to expand, but I am unsure if its cause I am using the wrong name and if its supported. If its not supported, is it possible to add, I don't mind doing the code for it, but just want to make sure its possible before tearing into the code. - Si Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] WARNING: Excessive alcohol may lead you to believe people are laughing WITH you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Simon Allard (Senior Tool Monkey) IHUG Ph (09) 358-5067 Email: [EMAIL PROTECTED] WARNING: Excessive alcohol may lead you to believe people are laughing WITH you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
auth by /etc/passwd
How can I have freeradius (or cistron 1.6.5) do a check on /etc/passwd for the shell type? For Example: I need users of shell type /usr/bin/ppp to be able to auth via radius but NOT: /sbin/noservice Any ideas? BTW - Livingston 2.1 does this. --Eli Chancey --NetlinkIP Sysadmin - www.netlinkip.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRADIUS how to support Oracle SQL authentication
I want the FreeRADIUS support Oracle SQL authentication. My FreeRADIUS is running on RedHat 7.2 and Oracle SQL server is running on Solaris7 for SPARC. How can I realize it? Thanks. â²Ø§~ì¹»®Þþéì¹»®ÞI硶Úÿ0~·§bºÊ+ùb²ßî±êìÙ¥
Cannot compile FreeRADIUS 3.0
I downloaded FreeRADIUS 3.0,and intall it under RedHat 7.2, 1)#./configure ---Everything is OK. 2) [root@LSRV1 freeradius-0.3]# make gmake[1]: Entering directory `/root/freeradius-0.3' Making all in libltdl... gmake[2]: Entering directory `/root/freeradius-0.3/libltdl' gmake[2]: Nothing to be done for `all'. gmake[2]: Leaving directory `/root/freeradius-0.3/libltdl' Making all in src... gmake[2]: Entering directory `/root/freeradius-0.3/src' gmake[3]: Entering directory `/root/freeradius-0.3/src' Making all in lib... gmake[4]: Entering directory `/root/freeradius-0.3/src/lib' gcc -g -O2 -D_REENTRANT -Wall -D_GNU_SOURCE -DNDEBUG -D_LIBRADIUS -I../include -c dict.c /tmp/cca1KeWL.s: Assembler messages: /tmp/cca1KeWL.s:510: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:510: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:510: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:650: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:650: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:650: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:654: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:654: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:654: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:771: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:771: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:771: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:775: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:775: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:775: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:956: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:956: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:956: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:963: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:963: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:963: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1101: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1101: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1101: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1105: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1105: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1105: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1112: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1112: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1112: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1119: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1119: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1119: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1124: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1124: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1124: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1128: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1128: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1128: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1139: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1139: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1139: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1143: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1143: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1143: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1148: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1148: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1148: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1152: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1152: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1152: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1155: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1155: Warning: Unrecognized .section attribute: want a,w,x /tmp/cca1KeWL.s:1155: Error: Rest of line ignored. First ignored character is `,'. /tmp/cca1KeWL.s:1165: Warning: