RE: Seeking recommendations for Radius implementation

[Solomon Sokolovsky]

Title: Message



ICRADIUS

  
  -Original Message-From: 
  [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED]] On Behalf Of CLEOPHAS 
  TOESent: Thursday, 7 February 2002 6:24 PMTo: 
  [EMAIL PROTECTED]Subject: Seeking recommendations 
  for Radius implementation
  Hi all,
  
   
  Sorry, I am very new to this. I am looking to implement a FREE radius 
  server in our production environment for about 70 users only.
   
  I have a few requirements
   
  1- caching should be supported
  2- I would like to mirror them (Actually by installing two that will sync 
  there DB)
  3- Should run on linux (Redhad 7.2)
  4- Should support MySQL as DB
  5- should be stable enough
  6- support keystroke logging
   
  Can anyone point me to the right product? 
  What processing power do I need? (RAM, CPU)
   
  Does the log file on radius grow very quickly?Sincerely
   
  Bona.Sincerely,Cleophas 
  Toe===Cleophas A. Toe, 
  CISSPSr. Information Security OfficerYodlee, Inc.Cell#: 
  510-858-9700

Seeking recommendations for Radius implementation

[CLEOPHAS TOE]

Hi all,    Sorry, I am very new to this. I am looking to implement a FREE radius server in our production environment for about 70 users only.   I have a few requirements   1- caching should be supported 2- I would like to mirror them (Actually by installing two that will sync there DB) 3- Should run on linux (Redhad 7.2) 4- Should support MySQL as DB 5- should be stable enough 6- support keystroke logging   Can anyone point me to the right product?  What processing power do I need? (RAM, CPU)   Does the log file on radius grow very quickly?Sincerely   Bona.Sincerely,Cleophas Toe===Cleophas A. Toe, CISSPSr. Information Security OfficerYodlee, Inc.Cell#: 510-858-9700

To logout user in accounting

[Serge Kozhenkov]

I  need to terminate session for user in accounting module (rlm_sql or
rlm_radutmp) by different conditions.
I try to send STOP packet from rlm_sql_accounting (in PW_STATUS_ALIVE
section) with session_zap().
But this message("Stop packet with zero session length...") appeared.

I just need to logout user but not with Session-Timeout technique.
What are the ways to do this?

Best regards, KSerge


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Windows XP PPPoE == DoS in disguise

[Neal Rauhauser]

  We've been fighting a weird problem today - our FreeRadius would run
for anywhere from two minutes to two hours, then CPU utilization would
shoot to 100% and no one could log in anywhere on the network.


  After much fruitless fiddling with radiusd by one of the other
engineers I got involved and put tcpdump on the problem. 

  I'm always on users about picking decent passwords - you can imagine
my surprise at discovering one of our windows XP customers presenting a
sixty four *thousand* character password. He has an impressive typing
speed, too, about 124,387 wpm to judge by the number of login requests
coming through. Even more impressive, he appears to be telekinetic,
since he was doing this while out of town :-)


 So, if you've got XP customers running the M$ PPPoE that comes with the
OS, and you're having weird authentication problems, you might want to
get out your favorite sniffer and start digging.



-- 
Neal Rauhauser CCNP, CCDP   phone: 402-951-6390
http://AmericanRelay.comfax  : 402-951-6390
mailto:[EMAIL PROTECTED]  fcc  : k0bsd

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: R: Always on "rlm_sql: Could not link driver rlm_sql_mysql" UPDATE

[Jeremy Brown]

Maurice,

It's possible that your header and lib files aren't in:

/usr/local/mysql/lib
/usr/local/mysql/include

But are indeed in:

/usr/local/mysql/lib/mysql
/usr/local/mysql/include/mysql

If that's the case, I would symlink directly to those dirs:

ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql
ln -s /usr/local/mysql/include/mysql /usr/include/mysql

Jeremy

On Wednesday 06 February 2002 03:10 pm, you wrote:
> Maurice,
>
> Maybe try symlinking those two dirs to commonly looked at places.  Example:
>
> ln -s /usr/local/mysql/include /usr/include/mysql
> ln -s /usr/local/mysql/lib /usr/lib/mysql
>
> Don't know if it will work but you can give it a shot.
>
> Jeremy
>
> On Wednesday 06 February 2002 02:14 pm, you wrote:
> > Hi Alan
> >
> > No good luck.
> > I have the same problem that was posted by Robert Abbate in 14 Nov 2001.
> > Don't find mysql.h., but this library is present in
> > /usr/local/mysql/include.
> > If i go in dir "rlm_sql_mysql" and i launch ./configure., this is the
> > result:
> >
> > bash-2.03#
> > ./configure --disable-shared
> > --with-mysql-include-dir=/usr/local/mysql/inclu de/
> > loading cache ./config.cache
> > checking for gcc... (cached) gcc
> > checking whether the C compiler (gcc  ) works... yes
> > checking whether the C compiler (gcc  ) is a cross-compiler... no
> > checking whether we are using GNU C... (cached) yes
> > checking whether gcc accepts -g... (cached) yes
> > checking how to run the C preprocessor... (cached) gcc -E
> > checking for compress in -lz... (cached) yes
> > checking for mysql/mysql.h... no
> > configure: warning: mysql headers not found.
> >  Use --with-mysql-include-dir=.
> > configure: warning: sql submodule 'mysql' disabled
> > creating ./config.status
> > creating Makefile
> >
> > I have no more ideas !!  Help me
> >
> > > -Messaggio originale-
> > > Da: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]Per conto di Alan DeKok
> > > Inviato: mercoledì 6 febbraio 2002 18.23
> > > A: [EMAIL PROTECTED]
> > > Oggetto: Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql"
> > >
> > > "Maurice Foschiatti" <[EMAIL PROTECTED]> wrote:
> > > >   We have tried to install FreeRadius 0.4 on ur server Sun
> > >
> > > (Solaris 8.0),
> > >
> > > > with MySQL as our RDBM (it is installed on /usr/local/mysql,
> > >
> > > the libraies
> > >
> > > > are on /usr/local/mysql/lib and /usr/local/mysql/include). It
> > >
> > > works on the
> > >
> > > > 'text version', but when we tried to work with mysql it return
> > >
> > > the 'usual
> > >
> > > > error':
> > >
> > >   Do you have the *shared* versions of the mysql libraries installed?
> > >
> > >   If all else fails, do:
> > >
> > > ./configure --disable-shared
> > >
> > >   and you will avoid the problem.
> > >
> > >   Alan DeKok.
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: sample ldif file

[Kostas Kalevras]

On Wed, 6 Feb 2002, Matthew Schumacher wrote:

> Hello all,
>
> I am having trouble getting radius to work with ldap.  I think I have
> the config file setup corretly because I see ldap requests in the debug.
>
> I want to use pap and {crypt} for password encryption and accourding to
> the docs that should work.  But I can't seem to get it working in my
> lab.  Can anyone provide a sample ldif file that I could look at?
>
> I would prefer for radius to bind as the user to get the attributes and
> authenticate.  It seems that this should work if I disable the identity
> option in the ldap module.
>
> Anyway, here are some details if they help:
>
> freeradius 0.4/openldap 2.0.21
>
> Here is how I am starting radius:  radiusd -f -X -y
> Here is how I am testing radius: radtest test test localhost 10 testing123
>
> Here is some debug output:
>
> rad_recv: Access-Request packet from host 127.0.0.1:32773, id=68, length=54
>  User-Name = "test"
>  Password = "y\255\347#\010Q]\346\264\262W\241\377\010\266\250"
>  NAS-IP-Address = 255.255.255.255
>  NAS-Port-Id = "10"
> modcall: entering group authorize
>modcall[authorize]: module "preprocess" returns ok
>modcall[authorize]: module "suffix" returns ok
>  users: Matched DEFAULT at 144
>modcall[authorize]: module "files" returns ok
> rlm_ldap: - authorize
> rlm_ldap: performing user authorization for test
> radius_xlat:  '(uid=test)'
> radius_xlat:  'dc=aptalaska,dc=net'
> rlm_ldap: attempting LDAP reconnection
> rlm_ldap: (re)connect to localhost:389, authentication 0
> rlm_ldap: bind as cn=Manager,dc=aptalaska,dc=net/secret
> rlm_ldap: waiting for bind result ...
> rlm_ldap: performing search in dc=aptalaska,dc=net, with filter (uid=test)
> rlm_ldap: Added password GcuFt8zIt0v7E in check items
> rlm_ldap: looking for check items in directory...
> rlm_ldap: looking for reply items in directory...
> rlm_ldap: user test authorized to use remote access
>modcall[authorize]: module "ldap" returns ok
> modcall: group authorize returns ok
>rad_check_password:  Found Auth-Type System
> auth: type "System"
> auth: Failed to validate the user.
> Sending Access-Reject of id 68 to 127.0.0.1:32773
> Finished request 0
>
>
> Thanks,
>
> schu

The problem is with the line 'Found Auth-Type System'. You are seting the
Auth-Type somewhere to be System. The best thing to do is to remove any
Auth-Type setup from your users file. The rlm_ldap will add an Auth-Type LDAP if
it is not already set. So add a correspoding authtype section in your
authenticate section of radiusd.conf. Something like:

authenticate{
authtype LDAP {
ldap
}
}

and it should work

 --
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: R: Always on "rlm_sql: Could not link driver rlm_sql_mysql"

[Jeremy Brown]

Maurice,

Maybe try symlinking those two dirs to commonly looked at places.  Example:

ln -s /usr/local/mysql/include /usr/include/mysql
ln -s /usr/local/mysql/lib /usr/lib/mysql

Don't know if it will work but you can give it a shot.

Jeremy

On Wednesday 06 February 2002 02:14 pm, you wrote:
> Hi Alan
>
> No good luck.
> I have the same problem that was posted by Robert Abbate in 14 Nov 2001.
> Don't find mysql.h., but this library is present in
> /usr/local/mysql/include.
> If i go in dir "rlm_sql_mysql" and i launch ./configure., this is the
> result:
>
> bash-2.03#
> ./configure --disable-shared
> --with-mysql-include-dir=/usr/local/mysql/inclu de/
> loading cache ./config.cache
> checking for gcc... (cached) gcc
> checking whether the C compiler (gcc  ) works... yes
> checking whether the C compiler (gcc  ) is a cross-compiler... no
> checking whether we are using GNU C... (cached) yes
> checking whether gcc accepts -g... (cached) yes
> checking how to run the C preprocessor... (cached) gcc -E
> checking for compress in -lz... (cached) yes
> checking for mysql/mysql.h... no
> configure: warning: mysql headers not found.
>  Use --with-mysql-include-dir=.
> configure: warning: sql submodule 'mysql' disabled
> creating ./config.status
> creating Makefile
>
> I have no more ideas !!  Help me
>
> > -Messaggio originale-
> > Da: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]Per conto di Alan DeKok
> > Inviato: mercoledì 6 febbraio 2002 18.23
> > A: [EMAIL PROTECTED]
> > Oggetto: Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql"
> >
> > "Maurice Foschiatti" <[EMAIL PROTECTED]> wrote:
> > >   We have tried to install FreeRadius 0.4 on ur server Sun
> >
> > (Solaris 8.0),
> >
> > > with MySQL as our RDBM (it is installed on /usr/local/mysql,
> >
> > the libraies
> >
> > > are on /usr/local/mysql/lib and /usr/local/mysql/include). It
> >
> > works on the
> >
> > > 'text version', but when we tried to work with mysql it return
> >
> > the 'usual
> >
> > > error':
> >
> >   Do you have the *shared* versions of the mysql libraries installed?
> >
> >   If all else fails, do:
> >
> > ./configure --disable-shared
> >
> >   and you will avoid the problem.
> >
> >   Alan DeKok.
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

R: Always on "rlm_sql: Could not link driver rlm_sql_mysql"

[Maurice Foschiatti]

Hi Alan

No good luck.
I have the same problem that was posted by Robert Abbate in 14 Nov 2001.
Don't find mysql.h., but this library is present in
/usr/local/mysql/include.
If i go in dir "rlm_sql_mysql" and i launch ./configure., this is the
result:

bash-2.03#
./configure --disable-shared --with-mysql-include-dir=/usr/local/mysql/inclu
de/
loading cache ./config.cache
checking for gcc... (cached) gcc
checking whether the C compiler (gcc  ) works... yes
checking whether the C compiler (gcc  ) is a cross-compiler... no
checking whether we are using GNU C... (cached) yes
checking whether gcc accepts -g... (cached) yes
checking how to run the C preprocessor... (cached) gcc -E
checking for compress in -lz... (cached) yes
checking for mysql/mysql.h... no
configure: warning: mysql headers not found.
 Use --with-mysql-include-dir=.
configure: warning: sql submodule 'mysql' disabled
creating ./config.status
creating Makefile

I have no more ideas !!  Help me

> -Messaggio originale-
> Da: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Per conto di Alan DeKok
> Inviato: mercoledì 6 febbraio 2002 18.23
> A: [EMAIL PROTECTED]
> Oggetto: Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql"
>
>
> "Maurice Foschiatti" <[EMAIL PROTECTED]> wrote:
> >   We have tried to install FreeRadius 0.4 on ur server Sun
> (Solaris 8.0),
> > with MySQL as our RDBM (it is installed on /usr/local/mysql,
> the libraies
> > are on /usr/local/mysql/lib and /usr/local/mysql/include). It
> works on the
> > 'text version', but when we tried to work with mysql it return
> the 'usual
> > error':
>
>   Do you have the *shared* versions of the mysql libraries installed?
>
>   If all else fails, do:
>
> ./configure --disable-shared
>
>   and you will avoid the problem.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

sample ldif file

[Matthew Schumacher]

Hello all,

I am having trouble getting radius to work with ldap.  I think I have
the config file setup corretly because I see ldap requests in the debug.

I want to use pap and {crypt} for password encryption and accourding to 
the docs that should work.  But I can't seem to get it working in my 
lab.  Can anyone provide a sample ldif file that I could look at?

I would prefer for radius to bind as the user to get the attributes and 
authenticate.  It seems that this should work if I disable the identity 
option in the ldap module.

Anyway, here are some details if they help:

freeradius 0.4/openldap 2.0.21

Here is how I am starting radius:  radiusd -f -X -y
Here is how I am testing radius: radtest test test localhost 10 testing123

Here is some debug output:

rad_recv: Access-Request packet from host 127.0.0.1:32773, id=68, length=54
 User-Name = "test"
 Password = "y\255\347#\010Q]\346\264\262W\241\377\010\266\250"
 NAS-IP-Address = 255.255.255.255
 NAS-Port-Id = "10"
modcall: entering group authorize
   modcall[authorize]: module "preprocess" returns ok
   modcall[authorize]: module "suffix" returns ok
 users: Matched DEFAULT at 144
   modcall[authorize]: module "files" returns ok
rlm_ldap: - authorize
rlm_ldap: performing user authorization for test
radius_xlat:  '(uid=test)'
radius_xlat:  'dc=aptalaska,dc=net'
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=aptalaska,dc=net/secret
rlm_ldap: waiting for bind result ...
rlm_ldap: performing search in dc=aptalaska,dc=net, with filter (uid=test)
rlm_ldap: Added password GcuFt8zIt0v7E in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: looking for reply items in directory...
rlm_ldap: user test authorized to use remote access
   modcall[authorize]: module "ldap" returns ok
modcall: group authorize returns ok
   rad_check_password:  Found Auth-Type System
auth: type "System"
auth: Failed to validate the user.
Sending Access-Reject of id 68 to 127.0.0.1:32773
Finished request 0


Thanks,

schu


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Radius Question

[Randy Moore]

At 12:25 PM 2/6/2002 -0500, you wrote:
>"William Kelley" <[EMAIL PROTECTED]> wrote:
> > I have multiple users who are logged in who stay logged in but they =
> > aren't actually connected to the NAS. It seems sometimes the radacct =
> > (using mysql) never sets a stop time for users. So they stay connected =
> > and when you radwho they are still listed. Any idea's?
>
>   radzap?

radzap will not work for SQL users unless they apply the patch I submitted 
to the development list a few days ago AND change the size of session_id in 
radutmp to something larger than the default.

I'd appreciate others trying and commenting on my patch so that we can 
possibly get it included in the main code base.

For details, see:
http://lists.cistron.nl/archives/freeradius-devel/2002/02/frm6.html

Thanks.


Randy Moore
Axion Information Technologies, Inc.

email [EMAIL PROTECTED]
phone   301-408-1200
fax301-445-3947


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Thread issue - Possible fix

[Alan DeKok]

"Marcelo Ferreira" <[EMAIL PROTECTED]> wrote:
> I tested the 20020203 snapshot with the _r() changes.
> I ran then server without the -s option (radiusd -p 1812 ) and it cored
> dump:

These problems are a real pain to track down.

> If I run it with -s (radiusd -s -p 1812) works fine.

  Yeah, it's probably a thread issue.

  The rest of the thread-unsafe functions should be replaced with the
thread-safe version, but I haven't had time to do that yet.

  As always, patches are welcome.

> btw.. did you have (extra) time to revise the rlm_radutmp patch that I sent

  No, not yet.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Identical attributes on auth

[Alan DeKok]

"Alan DeKok" <[EMAIL PROTECTED]> wrote:
>   The code in src/main/valuepair.c, function paircmp() should be
> changed so that IF there isn't a match, it loops back to check for
> another copy of the same attribute.  This will slow the server down a
> little, but not significantly.
> 
>   The patch would be fairly small, too.  If people think it's terribly
> useful, I'll take a look at doing it in the next few days.

  OK, I've made the change.  The CVS snapshot from tonight should have
the fix.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: upgrading freeradius

[Alan DeKok]

"Tim Monaghan" <[EMAIL PROTECTED]> wrote:
> Is there a different process for upgrading freeradius, or would you
> just install over your old install, and if so would this kill your
> configs like radiusd.conf, clients.conf etc. ?
 
  No, it doesn't do that.

> Im currently running a version I got in mid august of 2001.
> ps, how do you tell exactly what version you have?

  'radiusd -h' wouldtell you that '-v' gives you the version
information.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

upgrading freeradius

[Tim Monaghan]

Is there a different process for upgrading freeradius, or would you just install over 
your old install, and if so would this kill your configs like radiusd.conf, 
clients.conf etc. ?

Im currently running a version I got in mid august of 2001.
ps, how do you tell exactly what version you have?


Thanks
Tim
.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: 100% CPU utilization bug in FreeRadius 2001/03/10?

[Alan DeKok]

Neal Rauhauser <[EMAIL PROTECTED]> wrote:
>   I'm running FreeRadius code dated 2001/03/10

  Don't even bother trying to figure out what's wrong with it.

  Upgrade to 0.4, it contains a *huge* number of bug fixes over that
version, which is nearly a year old!

> I've brought down the latest freeradius tar file and managed to get
> it to build on my desktop FreeBSD-4.4STABLE but it won't build
> properly on the production email/radius box.

  Why not?  It *should* produce error messages which tell you what
went wrong, any why.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

100% CPU utilization bug in FreeRadius 2001/03/10?

[Neal Rauhauser]

  I'm running FreeRadius code dated 2001/03/10 which was built using
/usr/ports/net/freeradius-devel on FreeBSD 4.4. The hardware is a pretty
stout Athlon 850 box and it also hosts qmail. We have less than a
hundred users total.

 After running for about two hours on average the CPU utilization from
radiusd climbs to 96%+ and just stays there. The state in 'ps aux' is
RUN and lsof doesn't show us anything out of the ordinary.

 I don't believe there is any outside interference involved. We have two
RAS boxes that authenticate via radius, the server itself, and all other
connections are expressly forbidden via ipf - I know about the remote
root in this program.

 I reviewed the last few months of the mailing list, which I don't read
unless I am troubleshooting, and I don't see anything similar to my
problem.


  I just refreshed ports via cvsup and I see that FreeRadius hasn't been
updated there since the 2001/03/10 code was committed. I've brought down
the latest freeradius tar file and managed to get it to build on my
desktop FreeBSD-4.4STABLE but it won't build properly on the production
email/radius box.



  Before I go off on some big adventure trying to wedge this thing into
running on FreeBSD is there anything I should know?



-- 
Neal Rauhauser CCNP, CCDP   phone: 402-951-6390
http://AmericanRelay.comfax  : 402-951-6390
mailto:[EMAIL PROTECTED]  fcc  : k0bsd

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Identical attributes on auth

[Stig Andersson]

Yup - here is another one interrested - me!

/Stig


At 11:22 2002-02-06 -0500, you wrote:
>Thomas Jalsovsky <[EMAIL PROTECTED]> wrote:
>>  my nas sends: 
>> ...
>> h323-ivr-out=transactionID:13880
>> h323-ivr-out=type:test.tcl
>> ...
>>  I want to check by the h323-ivr-out line, so I would like to make 
>> decision (about accept/reject) by the attribute h323-ivr-out which has 
>> value 'type:'.
>>  When I test the attribute, the first line is tested and I don't 
>> know how should I write a rule for this.
>
>  Yes.  The current code checks for the FIRST appearance of an
>attribute, and stops if it doesn't match.
>
>  It *could* be changed to look for any other copy of an attribute, if
>the first one didn't match.  That may be preferable, in fact.
>
>  The code in src/main/valuepair.c, function paircmp() should be
>changed so that IF there isn't a match, it loops back to check for
>another copy of the same attribute.  This will slow the server down a
>little, but not significantly.
>
>  The patch would be fairly small, too.  If people think it's terribly
>useful, I'll take a look at doing it in the next few days.
>
>  Alan DeKok.
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
-
N Y H E T E R! 
- Internetaccess (Modem/ISDN64+128 via Ymex - utan abonnemangskostnad!!!
  ONLINE-registrering på www.ymex.se
- Uppringd SMTP, slut på Telias monopol, nu kan även Ymex erbjuda!
- Surf24 - en billig bredbandstjänst från Ymex för kunder i Härnösand/Älandsbro.
-
Get your emailed Web-forms into a database of your choice!!!
  Checkout DBFORM V1.0, see details at http://www.ymex.se
UucpGate V1.3a - The No:1 UUCP gateway for allmost any Email server!
New release! Mailcoach V2.27 - The business E-mail solution. http://www.mailcoach.com/ 
  
-
Ymex AB| Alvägen 7 | 871 52 Härnösand | Sweden | http://www.ymex.se/

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Win ME Authentication problem

[Lee W]

Don't know if this well help, but, If they are getting to the NAS you could 
see it as (Unauthenticated). Get the phone number they are calling from. You 
can then search the logs for that number.

Lee



On Wednesday 06 February 2002 09:59 am, you wrote:
> ME to connect. When they connect it

-- 
Lee Wolf
EMR Data Services
[EMAIL PROTECTED]
623-764-0870 cell
623-581-0842 voice
623-582-9499 fax

                 EMR Internet
           A Serious Internet Experience

**  56K Dial-up   **    DSL   **  Web-hosting  **
**  Co-location   **    T1s   **     ISDN      **
**  High-Speed Fiber Backbone ** Linux powered **
**   Custom Web Design  **   Site Development  **
**  Search Engine Placement & Web Consultation **
      Visit us at http://www.emr.net!    

Ask about our reseller programs!

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Radius Question

[William Kelley]

I have multiple users who are logged in who stay 
logged in but they aren't actually connected to the NAS. It seems sometimes the 
radacct (using mysql) never sets a stop time for users. So they stay connected 
and when you radwho they are still listed. Any 
idea's?

Re: Radius Question

[Alan DeKok]

"William Kelley" <[EMAIL PROTECTED]> wrote:
> I have multiple users who are logged in who stay logged in but they =
> aren't actually connected to the NAS. It seems sometimes the radacct =
> (using mysql) never sets a stop time for users. So they stay connected =
> and when you radwho they are still listed. Any idea's?

  radzap?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql"

[Alan DeKok]

"Maurice Foschiatti" <[EMAIL PROTECTED]> wrote:
>   We have tried to install FreeRadius 0.4 on ur server Sun (Solaris 8.0),
> with MySQL as our RDBM (it is installed on /usr/local/mysql, the libraies
> are on /usr/local/mysql/lib and /usr/local/mysql/include). It works on the
> 'text version', but when we tried to work with mysql it return the 'usual
> error':

  Do you have the *shared* versions of the mysql libraries installed?

  If all else fails, do:

./configure --disable-shared

  and you will avoid the problem.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Win ME Authentication problem

[Alan DeKok]

"Daniel S. Houtz" <[EMAIL PROTECTED]> wrote:
> I have a customer using Windows ME to connect. When they connect it
> prompts them to reenter their username and password and nothing is
> logged in the RADIUS log. I don't have any WinME systems to test with.
> Any ideas? 

  Well, the Windows ME system isn't sending RADIUS packets to the
server, so I'd suggest looking at the logs on the NAS.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Always on "rlm_sql: Could not link driver rlm_sql_mysql"

[Maurice Foschiatti]

 Dear all,

  We have tried to install FreeRadius 0.4 on ur server Sun (Solaris 8.0),
with MySQL as our RDBM (it is installed on /usr/local/mysql, the libraies
are on /usr/local/mysql/lib and /usr/local/mysql/include). It works on the
'text version', but when we tried to work with mysql it return the 'usual
error':

rlm_sql: Could not link driver rlm_sql_mysql: file not found
rlm_sql: Make sure it (and all its dependent libraries!) are in the search
path of your system's ld.
radiusd.conf[4]: sql: Module instantiation failed.


 We have tried to compile with the flags

--with-mysql-include-dir
--with-mysql-lib-dir
--with-mysql-dir

change the libdir in radiusd.conf

and it didn't work.
We have created symbolic links to the mysql library from /usr/local/lib, but
all this was useless. It doesn't work.

   Can anyone help us???

Thanks a lot,





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Win ME Authentication problem

[Daniel S. Houtz]

Question...

I have a customer using Windows ME to connect. When they connect it
prompts them to reenter their username and password and nothing is
logged in the RADIUS log. I don't have any WinME systems to test with.
Any ideas? 

Dan Houtz


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Identical attributes on auth

[Thomas Jalsovsky]

> > my nas sends: 
> > ...
> > h323-ivr-out=transactionID:13880
> > h323-ivr-out=type:test.tcl
> > ...
> > I want to check by the h323-ivr-out line, so I would like to make 
> > decision (about accept/reject) by the attribute h323-ivr-out which has 
> > value 'type:'.
> > When I test the attribute, the first line is tested and I don't 
> > know how should I write a rule for this.
> 
>   Yes.  The current code checks for the FIRST appearance of an
> attribute, and stops if it doesn't match.
> 
>   It *could* be changed to look for any other copy of an attribute, if
> the first one didn't match.  That may be preferable, in fact.
> 
>   The code in src/main/valuepair.c, function paircmp() should be
> changed so that IF there isn't a match, it loops back to check for
> another copy of the same attribute.  This will slow the server down a
> little, but not significantly.
> 
>   The patch would be fairly small, too.  If people think it's terribly
> useful, I'll take a look at doing it in the next few days.
> 
>   Alan DeKok.
> 
Thank you for your fast response, Alan. I will be very happy if it works. 

Another way should be (for me) to filter out the first line (with regular 
expression it is very simple - ^transaction), but it should be more work 
than changing the mentioned code part.

Thanks,
Thomas



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Identical attributes on auth

[Alan DeKok]

Thomas Jalsovsky <[EMAIL PROTECTED]> wrote:
>   my nas sends: 
> ...
> h323-ivr-out=transactionID:13880
> h323-ivr-out=type:test.tcl
> ...
>   I want to check by the h323-ivr-out line, so I would like to make 
> decision (about accept/reject) by the attribute h323-ivr-out which has 
> value 'type:'.
>   When I test the attribute, the first line is tested and I don't 
> know how should I write a rule for this.

  Yes.  The current code checks for the FIRST appearance of an
attribute, and stops if it doesn't match.

  It *could* be changed to look for any other copy of an attribute, if
the first one didn't match.  That may be preferable, in fact.

  The code in src/main/valuepair.c, function paircmp() should be
changed so that IF there isn't a match, it loops back to check for
another copy of the same attribute.  This will slow the server down a
little, but not significantly.

  The patch would be fairly small, too.  If people think it's terribly
useful, I'll take a look at doing it in the next few days.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Very OT reply (was Re: Documentation for Freeradius against PIX) (Jeremy McNamara)

[Alan DeKok]

"Matt Twigg" <[EMAIL PROTECTED]> wrote:
> But seriously, the PIX and I get along famously, but getting the
> freeradius server to cooperate with any of the guidelines set forth
> in the Cisco TAC docs or the included Cisco aaa examples in the FR
> docs seems to be evading me...

  What problems are you running into?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Identical attributes on auth

[Thomas Jalsovsky]

Hello


my nas sends: 
...
h323-ivr-out=transactionID:13880
h323-ivr-out=type:test.tcl
...
I want to check by the h323-ivr-out line, so I would like to make 
decision (about accept/reject) by the attribute h323-ivr-out which has 
value 'type:'.
When I test the attribute, the first line is tested and I don't 
know how should I write a rule for this.

Please let me know if you have any idea,

Thanks in advance,
Thomas

p.s.:   the number after transactionID: is generated by the NAS



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Very OT reply (was Re: Documentation for Freeradius against PIX) (Jeremy McNamara)

[Matt Twigg]

Now I can look at pic of D.R. at work and not feel guilty about it!
Funny how the same humor pervades all my mail lists, regardless of topic,
FreeRadius or BMWs...

But seriously, the PIX and I get along famously, but getting the freeradius
server to cooperate with any of the guidelines set forth in the Cisco TAC docs
or the included Cisco aaa examples in the FR docs seems to be evading me...

-Matt


Message: 19
Date: Tue, 05 Feb 2002 19:08:47 -0500
From: Jeremy McNamara <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Very OT reply (was Re: Documentation for Freeradius against PIX)
Reply-To: [EMAIL PROTECTED]


Here ya go... Denise Richards will tell you everything you need to know about
the
PIX firewall:

http://routergod.com/deniserichards/

Ok i'm done now


Jeremy

Matt Twigg wrote:

> Anyone know of any archives or documents out there covering using freeradius
for
> aaa authentication on a PIX VPN (6.1)?
> I have been looking over the docs included, google searches, and cisco docs,
and
> I can't really get a clear answer.
>
> Just wondering if anyone has had success with this combo.
> Right now all I am getting is invalid password/login messages when they are
> apparently correct.
>
> -Matt
>
> -



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Multiple authentication with freeradius 0.4

[Robert J. Quigley]

At 05:47 PM 2/5/2002 -0500, you wrote:
>I'm not sure, but I believe that you'll need to setup a custom group with 
>nonstandard failover handling.
>
>See 'doc/configurable_failover'
>
>
>Randy Moore
>Axion Information Technologies, Inc.
That worked!  Thanks for the help.

Bob Quigley
Youngstown State University
[EMAIL PROTECTED]


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: The Car Kit

[Miquel van Smoorenburg]

In article <003401c1aeef$3b0059a0$0200a8c0@acounts>,
Tarquin Douglass \(Astronet Internet Access\) <[EMAIL PROTECTED]> wrote:
>You admins of this list have to do something about this, as it is getting bad.

One or two spams a week .. that's still less than half a percent of
the spam I get in my mailbox, so it's not "bad" yet.

I'm convinced closed mailinglists create more inconvenience for the
users (and the admins) than the amount of spam that gets through at
the moment, so right now I'm not doing anything about it.

If it gets bad (multiple spams a day) then I'll see if I can hack
mailman to pass posts from unsubscribed addresses through spamassassin.

Mike.
-- 
Computers are useless, they only give answers. --Pablo Picasso


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: The Car Kit

[Tarquin Douglass \(Astronet Internet Access\)]

You admins of this list have to do something about 
this, as it is getting bad.
"Monday" is the term used to signify the eighth day of my work 
week.
 
Regards
 
Tarquin DouglassAstronet Internet AccessOffice: (031) 
3094760Home: (031) 2692954Cel: (083) 
5557890_http://www.astronet.co.za

  - Original Message - 
  From: 
  King King Europe BV 
  To: [EMAIL PROTECTED] 
  
  Sent: Wednesday, February 06, 2002 10:15 
  AM
  Subject: The Car Kit
  
    
  
  KING KING EUROPE 
  BV
  
   
  Aanbieding: 
  Handige Pech-Onderweg-Koffer nu voor Euro 29,95 ! 
  Door eigen import kunnen wij, exclusief voor 
  Nederland, de bijzonder goed gevulde en gewilde pech-onderweg-koffer 
  aanbieden. Deze speciaal voor de auto ontworpen koffer heeft o.a. de volgende 
  inhoud: 
   
  Startkabel 200Amp  - Stevige 
  Sleepkabel 2,5 ton - Veiligheidsvest - Werkhandschoenen - 
  Zaklamp - Afbreekmes - Thermische reddingsdeken - Regen Poncho - Pleisters 
  
  Schoonmaakdoekjes - Plakband - Spin - Syphon pomp  
  
   
  Dit alles superhandig verpakt in een stevige 
  polyester koffer. Bovendien is de pech-onderweg-koffer aan de onderzijde 
  voorzien van klittenband strippen zodat hij ook nog eens muurvast in uw 
  kofferbak blijft staan.
   
  Gaat u goed voorbereid de winter in 
  ?
  Zeker tijdens de Hollandse winters is de 
  pech-onderweg-koffer onontbeerlijk voor elke automobilist. En aangezien 
  alle benodigde producten zich in deze koffer bevinden 
  heeft u geen last meer van losse of rondslingerende spullen in uw 
  kofferbak. En bij echte pech-onderweg: meteen alles wat u nodig heeft 
  onder handbereik.
   
  Help uzelf (of een ander) met dit 
  speciale aanbod
  De pech-onderweg-koffer heeft een geadviseerde winkel 
  verkoopprijs van EURO 49,95. Door eigen import en directe verkoop kunnen wij hem nu aanbieden voor slechts EURO 29,95 
  (incl. btw , excl. verzendkosten). Deze speciale  aanbieding is geldig t/m  31 januari 2002, en uitsluitend voor 
  verzending (door PTT Post) binnen Nederland.
   
  Speciaal voor de 
  auto ontworpen pech-onderweg-koffer 
  NU SLECHTS EURO 29,95 (+ EURO 
  4,95 verzendkosten)
   
  Bestellen:
   
  U heeft bij ons 3 optie’s:
   
  1. Maak het 
  totaal bedrag inclusief verzendkosten (=EURO 34,90) over op rekeningnummer 
  918.81.42 van King King Europe BV te Breda onder vermelding van "JIC". Betaalt 
  u elektronisch, vermeldt dan ook het bezorgadres, d.w.z. uw naam, straatnaam, 
  postcode en woonplaats. Na ontvangst van uw betaling wordt de 
  pech-onderweg-koffer binnen 7 dagen door PTT Post bij u bezorgt.
   
  2. Stuur EURO 35,- in kontanten (alleen 
  briefgeld) in een (aangetekende) brief aan: King King Europe BV, Marksingel 
  2F, 4811 NV, Breda. Vermeld duidelijk het bezorgadres. De pech-onderweg-koffer 
  wordt binnen 7 dagen door PTT Post bij u bezorgt.
   
  3. Betaling achteraf, hiervoor 
  rekenen wij een extra handelings-vergoeding van EURO 2,50. Volg deze link om 
  naar ons bestelformulier te gaan. De 
  pech-onderweg-koffer wordt vervolgens, tezamen met de factuur (betaaltermijn 
  14 dagen), door PTT Post bij u bezorgt.
   
  Deze aanbieding is geldig tot en met 28 
  februari 2002, voor verzending binnen Nederland. Prijzen buiten Nederland op 
  aanvraag.
   
  ===
  DISCLAIMER
   
  Wij hebben uw E-mail adres uit openbare bestanden zonder 
  verdere persoonlijke gegevens. Uw E-mail adres wordt door ons niet in een 
  persoonsregistratie opgenomen of aan derden ter hand gesteld. Wilt u in de 
  toekomst geen E-mail meer van ons ontvangen volg dan deze link Please 
  Remove    =
  - List info/subscribe/unsubscribe? See 
  http://www.freeradius.org/list/users.html 

The Car Kit

[King King Europe BV]

  

KING KING EUROPE 
BV

 
Aanbieding: Handige 
Pech-Onderweg-Koffer nu voor Euro 29,95 ! 
Door eigen import kunnen wij, exclusief voor Nederland, 
de bijzonder goed gevulde en gewilde pech-onderweg-koffer aanbieden. Deze 
speciaal voor de auto ontworpen koffer heeft o.a. de volgende inhoud: 

 
Startkabel 200Amp  - Stevige 
Sleepkabel 2,5 ton - Veiligheidsvest - Werkhandschoenen - 
Zaklamp - Afbreekmes - Thermische reddingsdeken - Regen Poncho - Pleisters 

Schoonmaakdoekjes - Plakband - Spin - Syphon pomp  

 
Dit alles superhandig verpakt in een stevige 
polyester koffer. Bovendien is de pech-onderweg-koffer aan de onderzijde 
voorzien van klittenband strippen zodat hij ook nog eens muurvast in uw 
kofferbak blijft staan.
 
Gaat u goed voorbereid de winter in 
?
Zeker tijdens de Hollandse winters is de 
pech-onderweg-koffer onontbeerlijk voor elke automobilist. En aangezien 
alle benodigde producten zich in deze koffer bevinden heeft 
u geen last meer van losse of rondslingerende spullen in uw kofferbak. En 
bij echte pech-onderweg: meteen alles wat u nodig heeft onder handbereik.
 
Help uzelf (of een ander) met dit 
speciale aanbod
De pech-onderweg-koffer heeft een geadviseerde winkel 
verkoopprijs van EURO 49,95. Door eigen import en directe verkoop kunnen wij hem nu aanbieden voor slechts EURO 29,95 
(incl. btw , excl. verzendkosten). Deze speciale  aanbieding is geldig t/m  31 januari 2002, en uitsluitend voor 
verzending (door PTT Post) binnen Nederland.
 
Speciaal voor de 
auto ontworpen pech-onderweg-koffer 
NU SLECHTS EURO 29,95 (+ EURO 4,95 
verzendkosten)
 
Bestellen:
 
U heeft bij ons 3 optie’s:
 
1. Maak het totaal 
bedrag inclusief verzendkosten (=EURO 34,90) over op rekeningnummer 918.81.42 
van King King Europe BV te Breda onder vermelding van "JIC". Betaalt u 
elektronisch, vermeldt dan ook het bezorgadres, d.w.z. uw naam, straatnaam, 
postcode en woonplaats. Na ontvangst van uw betaling wordt de 
pech-onderweg-koffer binnen 7 dagen door PTT Post bij u bezorgt.
 
2. Stuur EURO 35,- in kontanten (alleen 
briefgeld) in een (aangetekende) brief aan: King King Europe BV, Marksingel 2F, 
4811 NV, Breda. Vermeld duidelijk het bezorgadres. De pech-onderweg-koffer wordt 
binnen 7 dagen door PTT Post bij u bezorgt.
 
3. Betaling achteraf, hiervoor rekenen 
wij een extra handelings-vergoeding van EURO 2,50. Volg deze link om naar ons 
bestelformulier te gaan. De 
pech-onderweg-koffer wordt vervolgens, tezamen met de factuur (betaaltermijn 14 
dagen), door PTT Post bij u bezorgt.
 
Deze aanbieding is geldig tot en met 28 februari 
2002, voor verzending binnen Nederland. Prijzen buiten Nederland op 
aanvraag.
 
===
DISCLAIMER
 
Wij hebben uw E-mail adres uit openbare bestanden zonder verdere 
persoonlijke gegevens. Uw E-mail adres wordt door ons niet in een 
persoonsregistratie opgenomen of aan derden ter hand gesteld. Wilt u in de 
toekomst geen E-mail meer van ons ontvangen volg dan deze link Please 
Remove    =


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html