RE: Seeking recommendations for Radius implementation
Title: Message ICRADIUS -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of CLEOPHAS TOESent: Thursday, 7 February 2002 6:24 PMTo: [EMAIL PROTECTED]Subject: Seeking recommendations for Radius implementation Hi all, Sorry, I am very new to this. I am looking to implement a FREE radius server in our production environment for about 70 users only. I have a few requirements 1- caching should be supported 2- I would like to mirror them (Actually by installing two that will sync there DB) 3- Should run on linux (Redhad 7.2) 4- Should support MySQL as DB 5- should be stable enough 6- support keystroke logging Can anyone point me to the right product? What processing power do I need? (RAM, CPU) Does the log file on radius grow very quickly?Sincerely Bona.Sincerely,Cleophas Toe===Cleophas A. Toe, CISSPSr. Information Security OfficerYodlee, Inc.Cell#: 510-858-9700
Seeking recommendations for Radius implementation
Hi all, Sorry, I am very new to this. I am looking to implement a FREE radius server in our production environment for about 70 users only. I have a few requirements 1- caching should be supported 2- I would like to mirror them (Actually by installing two that will sync there DB) 3- Should run on linux (Redhad 7.2) 4- Should support MySQL as DB 5- should be stable enough 6- support keystroke logging Can anyone point me to the right product? What processing power do I need? (RAM, CPU) Does the log file on radius grow very quickly?Sincerely Bona.Sincerely,Cleophas Toe===Cleophas A. Toe, CISSPSr. Information Security OfficerYodlee, Inc.Cell#: 510-858-9700
To logout user in accounting
I need to terminate session for user in accounting module (rlm_sql or rlm_radutmp) by different conditions. I try to send STOP packet from rlm_sql_accounting (in PW_STATUS_ALIVE section) with session_zap(). But this message("Stop packet with zero session length...") appeared. I just need to logout user but not with Session-Timeout technique. What are the ways to do this? Best regards, KSerge - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Windows XP PPPoE == DoS in disguise
We've been fighting a weird problem today - our FreeRadius would run for anywhere from two minutes to two hours, then CPU utilization would shoot to 100% and no one could log in anywhere on the network. After much fruitless fiddling with radiusd by one of the other engineers I got involved and put tcpdump on the problem. I'm always on users about picking decent passwords - you can imagine my surprise at discovering one of our windows XP customers presenting a sixty four *thousand* character password. He has an impressive typing speed, too, about 124,387 wpm to judge by the number of login requests coming through. Even more impressive, he appears to be telekinetic, since he was doing this while out of town :-) So, if you've got XP customers running the M$ PPPoE that comes with the OS, and you're having weird authentication problems, you might want to get out your favorite sniffer and start digging. -- Neal Rauhauser CCNP, CCDP phone: 402-951-6390 http://AmericanRelay.comfax : 402-951-6390 mailto:[EMAIL PROTECTED] fcc : k0bsd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: Always on "rlm_sql: Could not link driver rlm_sql_mysql" UPDATE
Maurice, It's possible that your header and lib files aren't in: /usr/local/mysql/lib /usr/local/mysql/include But are indeed in: /usr/local/mysql/lib/mysql /usr/local/mysql/include/mysql If that's the case, I would symlink directly to those dirs: ln -s /usr/local/mysql/lib/mysql /usr/lib/mysql ln -s /usr/local/mysql/include/mysql /usr/include/mysql Jeremy On Wednesday 06 February 2002 03:10 pm, you wrote: > Maurice, > > Maybe try symlinking those two dirs to commonly looked at places. Example: > > ln -s /usr/local/mysql/include /usr/include/mysql > ln -s /usr/local/mysql/lib /usr/lib/mysql > > Don't know if it will work but you can give it a shot. > > Jeremy > > On Wednesday 06 February 2002 02:14 pm, you wrote: > > Hi Alan > > > > No good luck. > > I have the same problem that was posted by Robert Abbate in 14 Nov 2001. > > Don't find mysql.h., but this library is present in > > /usr/local/mysql/include. > > If i go in dir "rlm_sql_mysql" and i launch ./configure., this is the > > result: > > > > bash-2.03# > > ./configure --disable-shared > > --with-mysql-include-dir=/usr/local/mysql/inclu de/ > > loading cache ./config.cache > > checking for gcc... (cached) gcc > > checking whether the C compiler (gcc ) works... yes > > checking whether the C compiler (gcc ) is a cross-compiler... no > > checking whether we are using GNU C... (cached) yes > > checking whether gcc accepts -g... (cached) yes > > checking how to run the C preprocessor... (cached) gcc -E > > checking for compress in -lz... (cached) yes > > checking for mysql/mysql.h... no > > configure: warning: mysql headers not found. > > Use --with-mysql-include-dir=. > > configure: warning: sql submodule 'mysql' disabled > > creating ./config.status > > creating Makefile > > > > I have no more ideas !! Help me > > > > > -Messaggio originale- > > > Da: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED]]Per conto di Alan DeKok > > > Inviato: mercoledì 6 febbraio 2002 18.23 > > > A: [EMAIL PROTECTED] > > > Oggetto: Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql" > > > > > > "Maurice Foschiatti" <[EMAIL PROTECTED]> wrote: > > > > We have tried to install FreeRadius 0.4 on ur server Sun > > > > > > (Solaris 8.0), > > > > > > > with MySQL as our RDBM (it is installed on /usr/local/mysql, > > > > > > the libraies > > > > > > > are on /usr/local/mysql/lib and /usr/local/mysql/include). It > > > > > > works on the > > > > > > > 'text version', but when we tried to work with mysql it return > > > > > > the 'usual > > > > > > > error': > > > > > > Do you have the *shared* versions of the mysql libraries installed? > > > > > > If all else fails, do: > > > > > > ./configure --disable-shared > > > > > > and you will avoid the problem. > > > > > > Alan DeKok. > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: sample ldif file
On Wed, 6 Feb 2002, Matthew Schumacher wrote: > Hello all, > > I am having trouble getting radius to work with ldap. I think I have > the config file setup corretly because I see ldap requests in the debug. > > I want to use pap and {crypt} for password encryption and accourding to > the docs that should work. But I can't seem to get it working in my > lab. Can anyone provide a sample ldif file that I could look at? > > I would prefer for radius to bind as the user to get the attributes and > authenticate. It seems that this should work if I disable the identity > option in the ldap module. > > Anyway, here are some details if they help: > > freeradius 0.4/openldap 2.0.21 > > Here is how I am starting radius: radiusd -f -X -y > Here is how I am testing radius: radtest test test localhost 10 testing123 > > Here is some debug output: > > rad_recv: Access-Request packet from host 127.0.0.1:32773, id=68, length=54 > User-Name = "test" > Password = "y\255\347#\010Q]\346\264\262W\241\377\010\266\250" > NAS-IP-Address = 255.255.255.255 > NAS-Port-Id = "10" > modcall: entering group authorize >modcall[authorize]: module "preprocess" returns ok >modcall[authorize]: module "suffix" returns ok > users: Matched DEFAULT at 144 >modcall[authorize]: module "files" returns ok > rlm_ldap: - authorize > rlm_ldap: performing user authorization for test > radius_xlat: '(uid=test)' > radius_xlat: 'dc=aptalaska,dc=net' > rlm_ldap: attempting LDAP reconnection > rlm_ldap: (re)connect to localhost:389, authentication 0 > rlm_ldap: bind as cn=Manager,dc=aptalaska,dc=net/secret > rlm_ldap: waiting for bind result ... > rlm_ldap: performing search in dc=aptalaska,dc=net, with filter (uid=test) > rlm_ldap: Added password GcuFt8zIt0v7E in check items > rlm_ldap: looking for check items in directory... > rlm_ldap: looking for reply items in directory... > rlm_ldap: user test authorized to use remote access >modcall[authorize]: module "ldap" returns ok > modcall: group authorize returns ok >rad_check_password: Found Auth-Type System > auth: type "System" > auth: Failed to validate the user. > Sending Access-Reject of id 68 to 127.0.0.1:32773 > Finished request 0 > > > Thanks, > > schu The problem is with the line 'Found Auth-Type System'. You are seting the Auth-Type somewhere to be System. The best thing to do is to remove any Auth-Type setup from your users file. The rlm_ldap will add an Auth-Type LDAP if it is not already set. So add a correspoding authtype section in your authenticate section of radiusd.conf. Something like: authenticate{ authtype LDAP { ldap } } and it should work -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: Always on "rlm_sql: Could not link driver rlm_sql_mysql"
Maurice, Maybe try symlinking those two dirs to commonly looked at places. Example: ln -s /usr/local/mysql/include /usr/include/mysql ln -s /usr/local/mysql/lib /usr/lib/mysql Don't know if it will work but you can give it a shot. Jeremy On Wednesday 06 February 2002 02:14 pm, you wrote: > Hi Alan > > No good luck. > I have the same problem that was posted by Robert Abbate in 14 Nov 2001. > Don't find mysql.h., but this library is present in > /usr/local/mysql/include. > If i go in dir "rlm_sql_mysql" and i launch ./configure., this is the > result: > > bash-2.03# > ./configure --disable-shared > --with-mysql-include-dir=/usr/local/mysql/inclu de/ > loading cache ./config.cache > checking for gcc... (cached) gcc > checking whether the C compiler (gcc ) works... yes > checking whether the C compiler (gcc ) is a cross-compiler... no > checking whether we are using GNU C... (cached) yes > checking whether gcc accepts -g... (cached) yes > checking how to run the C preprocessor... (cached) gcc -E > checking for compress in -lz... (cached) yes > checking for mysql/mysql.h... no > configure: warning: mysql headers not found. > Use --with-mysql-include-dir=. > configure: warning: sql submodule 'mysql' disabled > creating ./config.status > creating Makefile > > I have no more ideas !! Help me > > > -Messaggio originale- > > Da: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]Per conto di Alan DeKok > > Inviato: mercoledì 6 febbraio 2002 18.23 > > A: [EMAIL PROTECTED] > > Oggetto: Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql" > > > > "Maurice Foschiatti" <[EMAIL PROTECTED]> wrote: > > > We have tried to install FreeRadius 0.4 on ur server Sun > > > > (Solaris 8.0), > > > > > with MySQL as our RDBM (it is installed on /usr/local/mysql, > > > > the libraies > > > > > are on /usr/local/mysql/lib and /usr/local/mysql/include). It > > > > works on the > > > > > 'text version', but when we tried to work with mysql it return > > > > the 'usual > > > > > error': > > > > Do you have the *shared* versions of the mysql libraries installed? > > > > If all else fails, do: > > > > ./configure --disable-shared > > > > and you will avoid the problem. > > > > Alan DeKok. > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: Always on "rlm_sql: Could not link driver rlm_sql_mysql"
Hi Alan No good luck. I have the same problem that was posted by Robert Abbate in 14 Nov 2001. Don't find mysql.h., but this library is present in /usr/local/mysql/include. If i go in dir "rlm_sql_mysql" and i launch ./configure., this is the result: bash-2.03# ./configure --disable-shared --with-mysql-include-dir=/usr/local/mysql/inclu de/ loading cache ./config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking how to run the C preprocessor... (cached) gcc -E checking for compress in -lz... (cached) yes checking for mysql/mysql.h... no configure: warning: mysql headers not found. Use --with-mysql-include-dir=. configure: warning: sql submodule 'mysql' disabled creating ./config.status creating Makefile I have no more ideas !! Help me > -Messaggio originale- > Da: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]Per conto di Alan DeKok > Inviato: mercoledì 6 febbraio 2002 18.23 > A: [EMAIL PROTECTED] > Oggetto: Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql" > > > "Maurice Foschiatti" <[EMAIL PROTECTED]> wrote: > > We have tried to install FreeRadius 0.4 on ur server Sun > (Solaris 8.0), > > with MySQL as our RDBM (it is installed on /usr/local/mysql, > the libraies > > are on /usr/local/mysql/lib and /usr/local/mysql/include). It > works on the > > 'text version', but when we tried to work with mysql it return > the 'usual > > error': > > Do you have the *shared* versions of the mysql libraries installed? > > If all else fails, do: > > ./configure --disable-shared > > and you will avoid the problem. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
sample ldif file
Hello all, I am having trouble getting radius to work with ldap. I think I have the config file setup corretly because I see ldap requests in the debug. I want to use pap and {crypt} for password encryption and accourding to the docs that should work. But I can't seem to get it working in my lab. Can anyone provide a sample ldif file that I could look at? I would prefer for radius to bind as the user to get the attributes and authenticate. It seems that this should work if I disable the identity option in the ldap module. Anyway, here are some details if they help: freeradius 0.4/openldap 2.0.21 Here is how I am starting radius: radiusd -f -X -y Here is how I am testing radius: radtest test test localhost 10 testing123 Here is some debug output: rad_recv: Access-Request packet from host 127.0.0.1:32773, id=68, length=54 User-Name = "test" Password = "y\255\347#\010Q]\346\264\262W\241\377\010\266\250" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "10" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok users: Matched DEFAULT at 144 modcall[authorize]: module "files" returns ok rlm_ldap: - authorize rlm_ldap: performing user authorization for test radius_xlat: '(uid=test)' radius_xlat: 'dc=aptalaska,dc=net' rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=aptalaska,dc=net/secret rlm_ldap: waiting for bind result ... rlm_ldap: performing search in dc=aptalaska,dc=net, with filter (uid=test) rlm_ldap: Added password GcuFt8zIt0v7E in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: user test authorized to use remote access modcall[authorize]: module "ldap" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" auth: Failed to validate the user. Sending Access-Reject of id 68 to 127.0.0.1:32773 Finished request 0 Thanks, schu - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Radius Question
At 12:25 PM 2/6/2002 -0500, you wrote: >"William Kelley" <[EMAIL PROTECTED]> wrote: > > I have multiple users who are logged in who stay logged in but they = > > aren't actually connected to the NAS. It seems sometimes the radacct = > > (using mysql) never sets a stop time for users. So they stay connected = > > and when you radwho they are still listed. Any idea's? > > radzap? radzap will not work for SQL users unless they apply the patch I submitted to the development list a few days ago AND change the size of session_id in radutmp to something larger than the default. I'd appreciate others trying and commenting on my patch so that we can possibly get it included in the main code base. For details, see: http://lists.cistron.nl/archives/freeradius-devel/2002/02/frm6.html Thanks. Randy Moore Axion Information Technologies, Inc. email [EMAIL PROTECTED] phone 301-408-1200 fax301-445-3947 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Thread issue - Possible fix
"Marcelo Ferreira" <[EMAIL PROTECTED]> wrote: > I tested the 20020203 snapshot with the _r() changes. > I ran then server without the -s option (radiusd -p 1812 ) and it cored > dump: These problems are a real pain to track down. > If I run it with -s (radiusd -s -p 1812) works fine. Yeah, it's probably a thread issue. The rest of the thread-unsafe functions should be replaced with the thread-safe version, but I haven't had time to do that yet. As always, patches are welcome. > btw.. did you have (extra) time to revise the rlm_radutmp patch that I sent No, not yet. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Identical attributes on auth
"Alan DeKok" <[EMAIL PROTECTED]> wrote: > The code in src/main/valuepair.c, function paircmp() should be > changed so that IF there isn't a match, it loops back to check for > another copy of the same attribute. This will slow the server down a > little, but not significantly. > > The patch would be fairly small, too. If people think it's terribly > useful, I'll take a look at doing it in the next few days. OK, I've made the change. The CVS snapshot from tonight should have the fix. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: upgrading freeradius
"Tim Monaghan" <[EMAIL PROTECTED]> wrote: > Is there a different process for upgrading freeradius, or would you > just install over your old install, and if so would this kill your > configs like radiusd.conf, clients.conf etc. ? No, it doesn't do that. > Im currently running a version I got in mid august of 2001. > ps, how do you tell exactly what version you have? 'radiusd -h' wouldtell you that '-v' gives you the version information. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
upgrading freeradius
Is there a different process for upgrading freeradius, or would you just install over your old install, and if so would this kill your configs like radiusd.conf, clients.conf etc. ? Im currently running a version I got in mid august of 2001. ps, how do you tell exactly what version you have? Thanks Tim . - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 100% CPU utilization bug in FreeRadius 2001/03/10?
Neal Rauhauser <[EMAIL PROTECTED]> wrote: > I'm running FreeRadius code dated 2001/03/10 Don't even bother trying to figure out what's wrong with it. Upgrade to 0.4, it contains a *huge* number of bug fixes over that version, which is nearly a year old! > I've brought down the latest freeradius tar file and managed to get > it to build on my desktop FreeBSD-4.4STABLE but it won't build > properly on the production email/radius box. Why not? It *should* produce error messages which tell you what went wrong, any why. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
100% CPU utilization bug in FreeRadius 2001/03/10?
I'm running FreeRadius code dated 2001/03/10 which was built using /usr/ports/net/freeradius-devel on FreeBSD 4.4. The hardware is a pretty stout Athlon 850 box and it also hosts qmail. We have less than a hundred users total. After running for about two hours on average the CPU utilization from radiusd climbs to 96%+ and just stays there. The state in 'ps aux' is RUN and lsof doesn't show us anything out of the ordinary. I don't believe there is any outside interference involved. We have two RAS boxes that authenticate via radius, the server itself, and all other connections are expressly forbidden via ipf - I know about the remote root in this program. I reviewed the last few months of the mailing list, which I don't read unless I am troubleshooting, and I don't see anything similar to my problem. I just refreshed ports via cvsup and I see that FreeRadius hasn't been updated there since the 2001/03/10 code was committed. I've brought down the latest freeradius tar file and managed to get it to build on my desktop FreeBSD-4.4STABLE but it won't build properly on the production email/radius box. Before I go off on some big adventure trying to wedge this thing into running on FreeBSD is there anything I should know? -- Neal Rauhauser CCNP, CCDP phone: 402-951-6390 http://AmericanRelay.comfax : 402-951-6390 mailto:[EMAIL PROTECTED] fcc : k0bsd - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Identical attributes on auth
Yup - here is another one interrested - me! /Stig At 11:22 2002-02-06 -0500, you wrote: >Thomas Jalsovsky <[EMAIL PROTECTED]> wrote: >> my nas sends: >> ... >> h323-ivr-out=transactionID:13880 >> h323-ivr-out=type:test.tcl >> ... >> I want to check by the h323-ivr-out line, so I would like to make >> decision (about accept/reject) by the attribute h323-ivr-out which has >> value 'type:'. >> When I test the attribute, the first line is tested and I don't >> know how should I write a rule for this. > > Yes. The current code checks for the FIRST appearance of an >attribute, and stops if it doesn't match. > > It *could* be changed to look for any other copy of an attribute, if >the first one didn't match. That may be preferable, in fact. > > The code in src/main/valuepair.c, function paircmp() should be >changed so that IF there isn't a match, it loops back to check for >another copy of the same attribute. This will slow the server down a >little, but not significantly. > > The patch would be fairly small, too. If people think it's terribly >useful, I'll take a look at doing it in the next few days. > > Alan DeKok. > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - N Y H E T E R! - Internetaccess (Modem/ISDN64+128 via Ymex - utan abonnemangskostnad!!! ONLINE-registrering på www.ymex.se - Uppringd SMTP, slut på Telias monopol, nu kan även Ymex erbjuda! - Surf24 - en billig bredbandstjänst från Ymex för kunder i Härnösand/Älandsbro. - Get your emailed Web-forms into a database of your choice!!! Checkout DBFORM V1.0, see details at http://www.ymex.se UucpGate V1.3a - The No:1 UUCP gateway for allmost any Email server! New release! Mailcoach V2.27 - The business E-mail solution. http://www.mailcoach.com/ - Ymex AB| Alvägen 7 | 871 52 Härnösand | Sweden | http://www.ymex.se/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Win ME Authentication problem
Don't know if this well help, but, If they are getting to the NAS you could see it as (Unauthenticated). Get the phone number they are calling from. You can then search the logs for that number. Lee On Wednesday 06 February 2002 09:59 am, you wrote: > ME to connect. When they connect it -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius Question
I have multiple users who are logged in who stay logged in but they aren't actually connected to the NAS. It seems sometimes the radacct (using mysql) never sets a stop time for users. So they stay connected and when you radwho they are still listed. Any idea's?
Re: Radius Question
"William Kelley" <[EMAIL PROTECTED]> wrote: > I have multiple users who are logged in who stay logged in but they = > aren't actually connected to the NAS. It seems sometimes the radacct = > (using mysql) never sets a stop time for users. So they stay connected = > and when you radwho they are still listed. Any idea's? radzap? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Always on "rlm_sql: Could not link driver rlm_sql_mysql"
"Maurice Foschiatti" <[EMAIL PROTECTED]> wrote: > We have tried to install FreeRadius 0.4 on ur server Sun (Solaris 8.0), > with MySQL as our RDBM (it is installed on /usr/local/mysql, the libraies > are on /usr/local/mysql/lib and /usr/local/mysql/include). It works on the > 'text version', but when we tried to work with mysql it return the 'usual > error': Do you have the *shared* versions of the mysql libraries installed? If all else fails, do: ./configure --disable-shared and you will avoid the problem. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Win ME Authentication problem
"Daniel S. Houtz" <[EMAIL PROTECTED]> wrote: > I have a customer using Windows ME to connect. When they connect it > prompts them to reenter their username and password and nothing is > logged in the RADIUS log. I don't have any WinME systems to test with. > Any ideas? Well, the Windows ME system isn't sending RADIUS packets to the server, so I'd suggest looking at the logs on the NAS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Always on "rlm_sql: Could not link driver rlm_sql_mysql"
Dear all, We have tried to install FreeRadius 0.4 on ur server Sun (Solaris 8.0), with MySQL as our RDBM (it is installed on /usr/local/mysql, the libraies are on /usr/local/mysql/lib and /usr/local/mysql/include). It works on the 'text version', but when we tried to work with mysql it return the 'usual error': rlm_sql: Could not link driver rlm_sql_mysql: file not found rlm_sql: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. We have tried to compile with the flags --with-mysql-include-dir --with-mysql-lib-dir --with-mysql-dir change the libdir in radiusd.conf and it didn't work. We have created symbolic links to the mysql library from /usr/local/lib, but all this was useless. It doesn't work. Can anyone help us??? Thanks a lot, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Win ME Authentication problem
Question... I have a customer using Windows ME to connect. When they connect it prompts them to reenter their username and password and nothing is logged in the RADIUS log. I don't have any WinME systems to test with. Any ideas? Dan Houtz - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Identical attributes on auth
> > my nas sends: > > ... > > h323-ivr-out=transactionID:13880 > > h323-ivr-out=type:test.tcl > > ... > > I want to check by the h323-ivr-out line, so I would like to make > > decision (about accept/reject) by the attribute h323-ivr-out which has > > value 'type:'. > > When I test the attribute, the first line is tested and I don't > > know how should I write a rule for this. > > Yes. The current code checks for the FIRST appearance of an > attribute, and stops if it doesn't match. > > It *could* be changed to look for any other copy of an attribute, if > the first one didn't match. That may be preferable, in fact. > > The code in src/main/valuepair.c, function paircmp() should be > changed so that IF there isn't a match, it loops back to check for > another copy of the same attribute. This will slow the server down a > little, but not significantly. > > The patch would be fairly small, too. If people think it's terribly > useful, I'll take a look at doing it in the next few days. > > Alan DeKok. > Thank you for your fast response, Alan. I will be very happy if it works. Another way should be (for me) to filter out the first line (with regular expression it is very simple - ^transaction), but it should be more work than changing the mentioned code part. Thanks, Thomas - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Identical attributes on auth
Thomas Jalsovsky <[EMAIL PROTECTED]> wrote: > my nas sends: > ... > h323-ivr-out=transactionID:13880 > h323-ivr-out=type:test.tcl > ... > I want to check by the h323-ivr-out line, so I would like to make > decision (about accept/reject) by the attribute h323-ivr-out which has > value 'type:'. > When I test the attribute, the first line is tested and I don't > know how should I write a rule for this. Yes. The current code checks for the FIRST appearance of an attribute, and stops if it doesn't match. It *could* be changed to look for any other copy of an attribute, if the first one didn't match. That may be preferable, in fact. The code in src/main/valuepair.c, function paircmp() should be changed so that IF there isn't a match, it loops back to check for another copy of the same attribute. This will slow the server down a little, but not significantly. The patch would be fairly small, too. If people think it's terribly useful, I'll take a look at doing it in the next few days. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Very OT reply (was Re: Documentation for Freeradius against PIX) (Jeremy McNamara)
"Matt Twigg" <[EMAIL PROTECTED]> wrote: > But seriously, the PIX and I get along famously, but getting the > freeradius server to cooperate with any of the guidelines set forth > in the Cisco TAC docs or the included Cisco aaa examples in the FR > docs seems to be evading me... What problems are you running into? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Identical attributes on auth
Hello my nas sends: ... h323-ivr-out=transactionID:13880 h323-ivr-out=type:test.tcl ... I want to check by the h323-ivr-out line, so I would like to make decision (about accept/reject) by the attribute h323-ivr-out which has value 'type:'. When I test the attribute, the first line is tested and I don't know how should I write a rule for this. Please let me know if you have any idea, Thanks in advance, Thomas p.s.: the number after transactionID: is generated by the NAS - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Very OT reply (was Re: Documentation for Freeradius against PIX) (Jeremy McNamara)
Now I can look at pic of D.R. at work and not feel guilty about it! Funny how the same humor pervades all my mail lists, regardless of topic, FreeRadius or BMWs... But seriously, the PIX and I get along famously, but getting the freeradius server to cooperate with any of the guidelines set forth in the Cisco TAC docs or the included Cisco aaa examples in the FR docs seems to be evading me... -Matt Message: 19 Date: Tue, 05 Feb 2002 19:08:47 -0500 From: Jeremy McNamara <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Very OT reply (was Re: Documentation for Freeradius against PIX) Reply-To: [EMAIL PROTECTED] Here ya go... Denise Richards will tell you everything you need to know about the PIX firewall: http://routergod.com/deniserichards/ Ok i'm done now Jeremy Matt Twigg wrote: > Anyone know of any archives or documents out there covering using freeradius for > aaa authentication on a PIX VPN (6.1)? > I have been looking over the docs included, google searches, and cisco docs, and > I can't really get a clear answer. > > Just wondering if anyone has had success with this combo. > Right now all I am getting is invalid password/login messages when they are > apparently correct. > > -Matt > > - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multiple authentication with freeradius 0.4
At 05:47 PM 2/5/2002 -0500, you wrote: >I'm not sure, but I believe that you'll need to setup a custom group with >nonstandard failover handling. > >See 'doc/configurable_failover' > > >Randy Moore >Axion Information Technologies, Inc. That worked! Thanks for the help. Bob Quigley Youngstown State University [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The Car Kit
In article <003401c1aeef$3b0059a0$0200a8c0@acounts>, Tarquin Douglass \(Astronet Internet Access\) <[EMAIL PROTECTED]> wrote: >You admins of this list have to do something about this, as it is getting bad. One or two spams a week .. that's still less than half a percent of the spam I get in my mailbox, so it's not "bad" yet. I'm convinced closed mailinglists create more inconvenience for the users (and the admins) than the amount of spam that gets through at the moment, so right now I'm not doing anything about it. If it gets bad (multiple spams a day) then I'll see if I can hack mailman to pass posts from unsubscribed addresses through spamassassin. Mike. -- Computers are useless, they only give answers. --Pablo Picasso - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: The Car Kit
You admins of this list have to do something about this, as it is getting bad. "Monday" is the term used to signify the eighth day of my work week. Regards Tarquin DouglassAstronet Internet AccessOffice: (031) 3094760Home: (031) 2692954Cel: (083) 5557890_http://www.astronet.co.za - Original Message - From: King King Europe BV To: [EMAIL PROTECTED] Sent: Wednesday, February 06, 2002 10:15 AM Subject: The Car Kit KING KING EUROPE BV Aanbieding: Handige Pech-Onderweg-Koffer nu voor Euro 29,95 ! Door eigen import kunnen wij, exclusief voor Nederland, de bijzonder goed gevulde en gewilde pech-onderweg-koffer aanbieden. Deze speciaal voor de auto ontworpen koffer heeft o.a. de volgende inhoud: Startkabel 200Amp - Stevige Sleepkabel 2,5 ton - Veiligheidsvest - Werkhandschoenen - Zaklamp - Afbreekmes - Thermische reddingsdeken - Regen Poncho - Pleisters Schoonmaakdoekjes - Plakband - Spin - Syphon pomp Dit alles superhandig verpakt in een stevige polyester koffer. Bovendien is de pech-onderweg-koffer aan de onderzijde voorzien van klittenband strippen zodat hij ook nog eens muurvast in uw kofferbak blijft staan. Gaat u goed voorbereid de winter in ? Zeker tijdens de Hollandse winters is de pech-onderweg-koffer onontbeerlijk voor elke automobilist. En aangezien alle benodigde producten zich in deze koffer bevinden heeft u geen last meer van losse of rondslingerende spullen in uw kofferbak. En bij echte pech-onderweg: meteen alles wat u nodig heeft onder handbereik. Help uzelf (of een ander) met dit speciale aanbod De pech-onderweg-koffer heeft een geadviseerde winkel verkoopprijs van EURO 49,95. Door eigen import en directe verkoop kunnen wij hem nu aanbieden voor slechts EURO 29,95 (incl. btw , excl. verzendkosten). Deze speciale aanbieding is geldig t/m 31 januari 2002, en uitsluitend voor verzending (door PTT Post) binnen Nederland. Speciaal voor de auto ontworpen pech-onderweg-koffer NU SLECHTS EURO 29,95 (+ EURO 4,95 verzendkosten) Bestellen: U heeft bij ons 3 opties: 1. Maak het totaal bedrag inclusief verzendkosten (=EURO 34,90) over op rekeningnummer 918.81.42 van King King Europe BV te Breda onder vermelding van "JIC". Betaalt u elektronisch, vermeldt dan ook het bezorgadres, d.w.z. uw naam, straatnaam, postcode en woonplaats. Na ontvangst van uw betaling wordt de pech-onderweg-koffer binnen 7 dagen door PTT Post bij u bezorgt. 2. Stuur EURO 35,- in kontanten (alleen briefgeld) in een (aangetekende) brief aan: King King Europe BV, Marksingel 2F, 4811 NV, Breda. Vermeld duidelijk het bezorgadres. De pech-onderweg-koffer wordt binnen 7 dagen door PTT Post bij u bezorgt. 3. Betaling achteraf, hiervoor rekenen wij een extra handelings-vergoeding van EURO 2,50. Volg deze link om naar ons bestelformulier te gaan. De pech-onderweg-koffer wordt vervolgens, tezamen met de factuur (betaaltermijn 14 dagen), door PTT Post bij u bezorgt. Deze aanbieding is geldig tot en met 28 februari 2002, voor verzending binnen Nederland. Prijzen buiten Nederland op aanvraag. === DISCLAIMER Wij hebben uw E-mail adres uit openbare bestanden zonder verdere persoonlijke gegevens. Uw E-mail adres wordt door ons niet in een persoonsregistratie opgenomen of aan derden ter hand gesteld. Wilt u in de toekomst geen E-mail meer van ons ontvangen volg dan deze link Please Remove = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The Car Kit
KING KING EUROPE BV Aanbieding: Handige Pech-Onderweg-Koffer nu voor Euro 29,95 ! Door eigen import kunnen wij, exclusief voor Nederland, de bijzonder goed gevulde en gewilde pech-onderweg-koffer aanbieden. Deze speciaal voor de auto ontworpen koffer heeft o.a. de volgende inhoud: Startkabel 200Amp - Stevige Sleepkabel 2,5 ton - Veiligheidsvest - Werkhandschoenen - Zaklamp - Afbreekmes - Thermische reddingsdeken - Regen Poncho - Pleisters Schoonmaakdoekjes - Plakband - Spin - Syphon pomp Dit alles superhandig verpakt in een stevige polyester koffer. Bovendien is de pech-onderweg-koffer aan de onderzijde voorzien van klittenband strippen zodat hij ook nog eens muurvast in uw kofferbak blijft staan. Gaat u goed voorbereid de winter in ? Zeker tijdens de Hollandse winters is de pech-onderweg-koffer onontbeerlijk voor elke automobilist. En aangezien alle benodigde producten zich in deze koffer bevinden heeft u geen last meer van losse of rondslingerende spullen in uw kofferbak. En bij echte pech-onderweg: meteen alles wat u nodig heeft onder handbereik. Help uzelf (of een ander) met dit speciale aanbod De pech-onderweg-koffer heeft een geadviseerde winkel verkoopprijs van EURO 49,95. Door eigen import en directe verkoop kunnen wij hem nu aanbieden voor slechts EURO 29,95 (incl. btw , excl. verzendkosten). Deze speciale aanbieding is geldig t/m 31 januari 2002, en uitsluitend voor verzending (door PTT Post) binnen Nederland. Speciaal voor de auto ontworpen pech-onderweg-koffer NU SLECHTS EURO 29,95 (+ EURO 4,95 verzendkosten) Bestellen: U heeft bij ons 3 optie’s: 1. Maak het totaal bedrag inclusief verzendkosten (=EURO 34,90) over op rekeningnummer 918.81.42 van King King Europe BV te Breda onder vermelding van "JIC". Betaalt u elektronisch, vermeldt dan ook het bezorgadres, d.w.z. uw naam, straatnaam, postcode en woonplaats. Na ontvangst van uw betaling wordt de pech-onderweg-koffer binnen 7 dagen door PTT Post bij u bezorgt. 2. Stuur EURO 35,- in kontanten (alleen briefgeld) in een (aangetekende) brief aan: King King Europe BV, Marksingel 2F, 4811 NV, Breda. Vermeld duidelijk het bezorgadres. De pech-onderweg-koffer wordt binnen 7 dagen door PTT Post bij u bezorgt. 3. Betaling achteraf, hiervoor rekenen wij een extra handelings-vergoeding van EURO 2,50. Volg deze link om naar ons bestelformulier te gaan. De pech-onderweg-koffer wordt vervolgens, tezamen met de factuur (betaaltermijn 14 dagen), door PTT Post bij u bezorgt. Deze aanbieding is geldig tot en met 28 februari 2002, voor verzending binnen Nederland. Prijzen buiten Nederland op aanvraag. === DISCLAIMER Wij hebben uw E-mail adres uit openbare bestanden zonder verdere persoonlijke gegevens. Uw E-mail adres wordt door ons niet in een persoonsregistratie opgenomen of aan derden ter hand gesteld. Wilt u in de toekomst geen E-mail meer van ons ontvangen volg dan deze link Please Remove = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html