联合购买网电子E刊1
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
crypt and !md5_crypt in FreeRADIU 0.4
Yo All! I am new to FreeRadius, but I have been using Cistron and for a long time and before that Livingston Radius. One problem I have with the FreeRADIUS. I was looking in rlm_unix.c and crypt() is supported but not md5_crypt(). So I can not use it as-is on a non-PAM system. Is there a patch out there for this? Or should I create one and send it to the list? Also, does anyone have an rlm to allow authentication from a passwd/shadow pair that are NOT the system auth files? This is for a backup radius server that users are not allowed to log in to. If not then I would like to send in a patch for that too. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
NASs can switch the order of authentication: CHAP first then PAP or PAP then CHAP. Different service providers employ different philosophies...and that's where it should remain on the NAS...but freeradius supports it nonetheless. > > You have customers whose computers are configured for PAP? Amazing, all > our tech support calls are from people who don't know how to turn CHAP > off... :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Compile failing on redhat 7.2
I'm running redhat 7.2 and I am unable to compile the latest snapshots. I get this: Making all in lib... gmake[4]: Entering directory `/usr/local/src/freeradius-snapshot-20020304/src/lib' gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DND EBUG -D_LIBRADIUS -I../include -c misc.c misc.c: In function `ip_hostname': misc.c:57: warning: passing arg 7 of `gethostbyaddr_r' from incompatible pointer type misc.c:57: too few arguments to function `gethostbyaddr_r' misc.c:57: warning: assignment makes pointer from integer without a cast misc.c: In function `ip_getaddr': misc.c:90: warning: passing arg 5 of `gethostbyname_r' from incompatible pointer type misc.c:90: too few arguments to function `gethostbyname_r' misc.c:90: warning: assignment makes pointer from integer without a cast gmake[4]: *** [misc.o] Error 1 gmake[4]: Leaving directory `/usr/local/src/freeradius-snapshot-20020304/src/lib' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/usr/local/src/freeradius-snapshot-20020304/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/local/src/freeradius-snapshot-20020304/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/usr/local/src/freeradius-snapshot-20020304' make: *** [all] Error 2 I was originally using snapshot 20020223 until, when using Simultaneous-Use, radiusd crashed with: undefined symbol: rad_unlockfd. Sure enough, I went a hunting through the source for the definition of that function and sure enough, there was no such animal. There was a declaration in one of the headers and it was being called in several places, but not defined anywhere. I downloaded the latest snapshot and now I'm getting the above. Autoconf correctly sees that I have 'gethostbyaddr_r' but the header and the lib that has the versions that this snapshot uses are in lwres/netdb.h and liblwres.so/liblwres.a respectively. Is this just something redhat has doen. Do you have any suggestions on fixing it? Thanks, vec - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
On Mon, Mar 04, 2002 at 07:56:36PM -0500, Eric Dean wrote: > My experience is that the user will call up and complain about having an > email problem when in fact there is a problem with PAP. You have customers whose computers are configured for PAP? Amazing, all our tech support calls are from people who don't know how to turn CHAP off... :) Steve Langasek postmodern programmer > On Mon, 4 Mar 2002, Frank Cusack wrote: > > > Yeah, but at least the user only tries the one time. They then learn > > they need to use CHAP. The better fix is indeed to have the NAS deny > > PAP, but doing it at the RADIUS server still has some benefit. > > > > /fc > > > > On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote: > > > > > > Unfortunately, if the NAS has already negotiated PAP, it's pretty useless > > > to have the radius server not authenticate because it's already been sent. > > > > > > On Mon, 4 Mar 2002, Alan DeKok wrote: > > > > > > > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > > > > I have a wireless network. I want that my customers only authenticate > > > > > through CHAP (don't want passwords flying in the sky), so, all PAP > > > > > request will deny access. > > > > > > > > > > How can I disable PAP? or Enable CHAP ONLY > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html msg03779/pgp0.pgp Description: PGP signature
Re: Disable PAP
It's clear text between the client and the NAS and is pseudo-encrypted between the NAS and radius server (anything that can be decrypted really isn't encrypted now is it?) On Mon, 4 Mar 2002, Pat Crean wrote: > Personally, I'd rather not have all of my user's passwords stored in plain > text on my radius server, but we all have our ideas of what constitutes > 'secure'. Why not compromise and set up a vpn between your NAS and > radius server so even PAP is encrypted? > > > > On Monday 04 March 2002 19:58, you wrote: > > On Mon, 2002-03-04 at 21:56, Eric Dean wrote: > > > My experience is that the user will call up and complain about having an > > > email problem when in fact there is a problem with PAP. > > > > YES, I love customers calling me :). Now, tell me how you can do it, > > please, please, please. :) > > Really, We think that we don't want PAP authentication allowed in a > > wireless link. > > > > > On Mon, 4 Mar 2002, Frank Cusack wrote: > > > > Yeah, but at least the user only tries the one time. They then learn > > > > they need to use CHAP. The better fix is indeed to have the NAS deny > > > > PAP, but doing it at the RADIUS server still has some benefit. > > > > > > > > /fc > > > > > > > > On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote: > > > > > Unfortunately, if the NAS has already negotiated PAP, it's pretty > > > > > useless to have the radius server not authenticate because it's > > > > > already been sent. > > > > > > > > > > On Mon, 4 Mar 2002, Alan DeKok wrote: > > > > > > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > > > > > > I have a wireless network. I want that my customers only > > > > > > > authenticate through CHAP (don't want passwords flying in the > > > > > > > sky), so, all PAP request will deny access. > > > > > > > > > > > > > > How can I disable PAP? or Enable CHAP ONLY > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
Personally, I'd rather not have all of my user's passwords stored in plain text on my radius server, but we all have our ideas of what constitutes 'secure'. Why not compromise and set up a vpn between your NAS and radius server so even PAP is encrypted? On Monday 04 March 2002 19:58, you wrote: > On Mon, 2002-03-04 at 21:56, Eric Dean wrote: > > My experience is that the user will call up and complain about having an > > email problem when in fact there is a problem with PAP. > > YES, I love customers calling me :). Now, tell me how you can do it, > please, please, please. :) > Really, We think that we don't want PAP authentication allowed in a > wireless link. > > > On Mon, 4 Mar 2002, Frank Cusack wrote: > > > Yeah, but at least the user only tries the one time. They then learn > > > they need to use CHAP. The better fix is indeed to have the NAS deny > > > PAP, but doing it at the RADIUS server still has some benefit. > > > > > > /fc > > > > > > On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote: > > > > Unfortunately, if the NAS has already negotiated PAP, it's pretty > > > > useless to have the radius server not authenticate because it's > > > > already been sent. > > > > > > > > On Mon, 4 Mar 2002, Alan DeKok wrote: > > > > > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > > > > > I have a wireless network. I want that my customers only > > > > > > authenticate through CHAP (don't want passwords flying in the > > > > > > sky), so, all PAP request will deny access. > > > > > > > > > > > > How can I disable PAP? or Enable CHAP ONLY > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
On Mon, 2002-03-04 at 21:56, Eric Dean wrote: > > My experience is that the user will call up and complain about having an > email problem when in fact there is a problem with PAP. YES, I love customers calling me :). Now, tell me how you can do it, please, please, please. :) Really, We think that we don't want PAP authentication allowed in a wireless link. > > On Mon, 4 Mar 2002, Frank Cusack wrote: > > > Yeah, but at least the user only tries the one time. They then learn > > they need to use CHAP. The better fix is indeed to have the NAS deny > > PAP, but doing it at the RADIUS server still has some benefit. > > > > /fc > > > > On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote: > > > > > > Unfortunately, if the NAS has already negotiated PAP, it's pretty useless > > > to have the radius server not authenticate because it's already been sent. > > > > > > On Mon, 4 Mar 2002, Alan DeKok wrote: > > > > > > > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > > > > I have a wireless network. I want that my customers only authenticate > > > > > through CHAP (don't want passwords flying in the sky), so, all PAP > > > > > request will deny access. > > > > > > > > > > How can I disable PAP? or Enable CHAP ONLY > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius vs gnu radius
a marketing expert could not have written a better statement...I especially like the "synergy" part. > FreeRADIUS is one of the most modular and featureful RADIUS servers > available today. It has been written by a team of developers who have > more than a decade of collective experience in implementing and > deploying RADIUS software, in software engineering, and in Unix package > management. The product is the result of synergy between many of the > best-known names in free software-based RADIUS implementations, > including several developers of the Debian GNU/Linux operating system, > and is distributed under the GNU GPL (version 2). - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
My experience is that the user will call up and complain about having an email problem when in fact there is a problem with PAP. On Mon, 4 Mar 2002, Frank Cusack wrote: > Yeah, but at least the user only tries the one time. They then learn > they need to use CHAP. The better fix is indeed to have the NAS deny > PAP, but doing it at the RADIUS server still has some benefit. > > /fc > > On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote: > > > > Unfortunately, if the NAS has already negotiated PAP, it's pretty useless > > to have the radius server not authenticate because it's already been sent. > > > > On Mon, 4 Mar 2002, Alan DeKok wrote: > > > > > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > > > I have a wireless network. I want that my customers only authenticate > > > > through CHAP (don't want passwords flying in the sky), so, all PAP > > > > request will deny access. > > > > > > > > How can I disable PAP? or Enable CHAP ONLY > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Recent CERT Advisory CA-2002-06
Hello, Does anyone know if this effects the client implementations of mod_auth_radius for apache and pam_radius_auth? http://www.freeradius.org/pam_radius_auth/ http://www.freeradius.org/mod_auth_radius/ Cheers, JP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius vs gnu radius
On Mon, Mar 04, 2002 at 12:15:01PM -0800, Joseph Soma Reddy wrote: > Hello, > Can someone tell me the difference between freeradius and gnuradius? > any major differences in features or stability etc. > Are both of them developed from the same code base? FreeRADIUS is one of the most modular and featureful RADIUS servers available today. It has been written by a team of developers who have more than a decade of collective experience in implementing and deploying RADIUS software, in software engineering, and in Unix package management. The product is the result of synergy between many of the best-known names in free software-based RADIUS implementations, including several developers of the Debian GNU/Linux operating system, and is distributed under the GNU GPL (version 2). ... GNU radius? GNU has their own RADIUS server now? ... why? Does someone have an axe to grind? Steve Langasek postmodern programmer msg03773/pgp0.pgp Description: PGP signature
Re: dialup_admin
On Mon, 4 Mar 2002, Nick Davis wrote: > Gents, > I was wondering why some dialup_admin pages are written in php3 and not > php4? Is it just a time issue? Or is there some other reason? Well, actually all of the dialup_admin pages are php4. When I started writing the pages I used the php3 extension and somehow it didn't change. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius vs gnu radius
> GNU radius? GNU has their own RADIUS server now? ... why? Does > someone have an axe to grind? ftp://ftp.gnu.org/gnu/radius/ Looks like it has existed since December of 2000. - Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
Yeah, but at least the user only tries the one time. They then learn they need to use CHAP. The better fix is indeed to have the NAS deny PAP, but doing it at the RADIUS server still has some benefit. /fc On Mon, Mar 04, 2002 at 04:32:36PM -0500, Eric Dean wrote: > > Unfortunately, if the NAS has already negotiated PAP, it's pretty useless > to have the radius server not authenticate because it's already been sent. > > On Mon, 4 Mar 2002, Alan DeKok wrote: > > > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > > I have a wireless network. I want that my customers only authenticate > > > through CHAP (don't want passwords flying in the sky), so, all PAP > > > request will deny access. > > > > > > How can I disable PAP? or Enable CHAP ONLY - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multiple Proxy State Attributes
Hello, I am experiencing a problem with multiple "proxy state" attributes. When our partner network (UUNet) runs a test on our new Radius server (Linux 7.2 w/ FreeRADIUS 0.4) it returns multiple proxy state attributes in the access-accept packet. Any ideas on how to get rid of this (or in some cases these) extra attributes out? Preliminary test is passed Mail Servers derived from Attribute 242: D8.A9.C6.00/18 (Hex format)->216.169.198.0/24 (Decimal format) Running ping-radius (PAP)... Access-Request packet: code=1, identifier 1, length 162 auth: 3B 52 B5 D7 C3 DF 89 E5 03 28 70 D7 F1 8D BC 9D attr: type User-Name [1], len 23 name = "[EMAIL PROTECTED]" attr: type User-Password [2], len 18 passwd = "1/4à"J Di¹Õ>ö$£"ëB" attr: type NAS-Identifier [4], len 6 NAS ID = 153.39.242.113:0 attr: type NAS-Port [5], len 6 NAS PORT = 500 attr: type User-Service [6], len 6 data = 00 00 00 01 attr: type Proxy-State [33], len 83 Proxy signature: 00 00 00 00 00 00 00 00 saved auth: 3B 52 B5 D7 C3 DF 89 E5 03 28 70 D7 F1 8D BC 9D client: 153.39.242.113:0, server: 65.193.250.34:1645 server_pool_id: 0 nas port: 0 (md5_cached: 0, md5_valid: 1) md5: [not yet computed] need_uname: 0 Access-Accept packet: code=2, identifier 1, length 359 auth: 42 33 21 ED D7 DE 33 D4 B5 89 83 5C D8 96 1E 6E attr: type User-Service [6], len 6 service_type = 2 attr: type Framed-Protocol [7], len 6 data = 00 00 00 01 attr: type Framed-MTU [12], len 6 data = 00 00 05 DC attr: type (unknown type) [228], len 6 data = 00 00 00 01 attr: type (unknown type) [233], len 6 data = 00 00 00 01 attr: type Ascend-Assign-IP-Pool [218], len 6 data = 00 00 00 00 attr: type Ascend-Idle-Limit [244], len 6 data = 00 00 03 84 attr: type Ascend-Maximum-Time [194], len 6 data = 00 00 54 60 attr: type (unknown type) [135], len 6 data = D0 CF 21 FE attr: type (unknown type) [136], len 6 data = D0 CF 21 FD attr: type (unknown type) [137], len 6 data = 00 00 00 01 attr: type Ascend-Data-Filter [242], len 26 data = 01 01 01 00 00 00 00 00 00 00 00 00 00 00 06 01 00 00 00 00 00 00 00 00 attr: type Ascend-Data-Filter [242], len 26 data = 01 01 01 00 00 00 00 00 D8 A9 C6 00 00 18 00 00 00 00 00 00 00 00 00 00 attr: type Ascend-Data-Filter [242], len 26 data = 01 00 01 00 00 00 00 00 00 00 00 00 00 00 06 00 00 00 00 19 00 02 00 00 attr: type Ascend-Data-Filter [242], len 26 data = 01 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 attr: type Proxy-State [33], len 83 Proxy signature: 00 00 00 00 00 00 00 00 saved auth: 3B 52 B5 D7 C3 DF 89 E5 03 28 70 D7 F1 8D BC 9D client: 153.39.242.113:0, server: 65.193.250.34:1645 server_pool_id: 0 nas port: 0 (md5_cached: 1, md5_valid: 1) md5: 5E 17 2C E9 05 92 7C 0B 3C 8B 07 70 18 A7 B9 CA need_uname: 0 attr: type Proxy-State [33], len 3 data = 31 attr: type Proxy-State [33], len 83 Proxy signature: 00 00 00 00 00 00 00 00 saved auth: 3B 52 B5 D7 C3 DF 89 E5 03 28 70 D7 F1 8D BC 9D client: 153.39.242.113:0, server: 65.193.250.34:1645 server_pool_id: 0 nas port: 0 (md5_cached: 1, md5_valid: 1) md5: 5E 17 2C E9 05 92 7C 0B 3C 8B 07 70 18 A7 B9 CA need_uname: 0 Thanks, Dave - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Upgrade to v 0.4 from 0.1 problems
i copied the users file over after upgrade. checked the radiusd.conf i did notice that there is no default realm in v .04 of users file in the log file when trying to connect i get "Mon Mar 4 15:55:30 2002 : Auth: Login incorrect: [[EMAIL PROTECTED]] (from nas 192.168.97.3 port 0 cli 209.23.35.109) on my old version it was stripping the @bar.com did i miss something in my REALMS file? thanks Ryan Cayton Technical Analyst Horine and Associates, LLC. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
Unfortunately, if the NAS has already negotiated PAP, it's pretty useless to have the radius server not authenticate because it's already been sent. On Mon, 4 Mar 2002, Alan DeKok wrote: > Eduardo Roldan <[EMAIL PROTECTED]> wrote: > > I have a wireless network. I want that my customers only authenticate > > through CHAP (don't want passwords flying in the sky), so, all PAP > > request will deny access. > > > > How can I disable PAP? or Enable CHAP ONLY > > You can disable PAP by putting the following at the top of your > 'users' file: > > DEFAULT User-Password =~ ".*", Auth-Type := Reject > Reply-Message = "We don't accept PAP here" > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
Eduardo Roldan <[EMAIL PROTECTED]> wrote: > I have a wireless network. I want that my customers only authenticate > through CHAP (don't want passwords flying in the sky), so, all PAP > request will deny access. > > How can I disable PAP? or Enable CHAP ONLY You can disable PAP by putting the following at the top of your 'users' file: DEFAULT User-Password =~ ".*", Auth-Type := Reject Reply-Message = "We don't accept PAP here" Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FreeRadius for win32
___ This EMail has been scanned by Astronet/IONet VIRUS scan Server and found to be clear of all known VIRUSES in my definition files. ___ Hi there, Has anyone managed to compile FreeRadius for win32 or with cygwin ? Regards Tarquin Douglass Astronet Internet Access Office: (031) 3094760 Home: (031) 2692954 Cel: (083) 5557890 _ http://www.astronet.co.za - Original Message - From: "Alan DeKok" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 04, 2002 10:41 PM Subject: Re: freeradius vs gnu radius > Joseph Soma Reddy <[EMAIL PROTECTED]> wrote: > > Can someone tell me the difference between freeradius and gnuradius? > > any major differences in features or stability etc. > > The biggest things I've noticed are that GNU radius has a 'rewrite' > capability, and it uses SNMP directly, instead of calling checkrad. > > Other than that, FreeRADIUS has more features and functionality. > > > Are both of them developed from the same code base? > > GNU Radius is developed partly using code they took from Cistron. > FreeRADIUS is a complete rewrite from scratch, and thus is a > completely different server. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Disable PAP
Either do it on the client or on the NAS On 4 Mar 2002, Eduardo Roldan wrote: > I have a wireless network. I want that my customers only authenticate > through CHAP (don't want passwords flying in the sky), so, all PAP > request will deny access. > > How can I disable PAP? or Enable CHAP ONLY > > > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Eric Dean President, Crystal Ball Inc. W 703-322-8000 F 703-322-8010 M 703-597-6921 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius vs gnu radius
On Mon, 4 Mar 2002, Joseph Soma Reddy wrote: > Hello, > Can someone tell me the difference between freeradius and gnuradius? any major >differences in features or stability etc. > Are both of them developed from the same code base? There are probably many differences but I switched from GNUradius to freeradius to support modification of proxy replies and support of Ascend-Data-Filters - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dialup_admin
Gents, I was wondering why some dialup_admin pages are written in php3 and not php4? Is it just a time issue? Or is there some other reason? Thanks, Nick -- Nick Davis Associate Systems Administrator [EMAIL PROTECTED] Internet Exposure, Inc. http://www.iexposure.com (612)676-1946 Web Development-Web Marketing-ISP Services - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius vs gnu radius
Joseph Soma Reddy <[EMAIL PROTECTED]> wrote: > Can someone tell me the difference between freeradius and gnuradius? > any major differences in features or stability etc. The biggest things I've noticed are that GNU radius has a 'rewrite' capability, and it uses SNMP directly, instead of calling checkrad. Other than that, FreeRADIUS has more features and functionality. > Are both of them developed from the same code base? GNU Radius is developed partly using code they took from Cistron. FreeRADIUS is a complete rewrite from scratch, and thus is a completely different server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
no log with mysql
Dear Radius users,
I am having a difficult time setting up freeradius (v0.4) on a Debian
Testing system to work with SQL. Using the test program, radtest, I get
no notification whatsoever that it is making a connection to the server.
However, when I disable the SQL module and just use the 'users' file,
I get authentication messages.
I have attached a gz file of my configuration.
When configured for SQL use, here is the output of 'radiusd -X':
intrepid:~# radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: //etc/raddb/clients.conf
Config: including file: //etc/raddb/snmp.conf
Config: including file: //etc/raddb/sql.conf
main: prefix = "/"
main: localstatedir = "//var"
main: logdir = "/var/log/radiusd-freeradius"
main: libdir = "/usr/lib/freeradius"
main: radacctdir = "/var/log/radiusd-freeradius/radacct"
main: hostname_lookups = no
read_config_files: reading dictionary
read_config_files: reading clients
read_config_files: reading realms
read_config_files: reading naslist
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_auth = no
main: log_auth_badpass = no
main: log_auth_goodpass = no
main: pidfile = "//var/run/radiusd/radiusd.pid"
main: bind_address = 127.0.0.1 IP address [127.0.0.1]
main: user = "root"
main: group = "root"
main: usercollide = no
main: lower_user = "no"
main: lower_pass = "no"
main: nospace_user = "no"
main: nospace_pass = "no"
main: proxy_requests = no
main: debug_level = 0
read_config_files: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded System
unix: cache = no
unix: passwd = "/etc/passwd"
unix: shadow = "(null)"
unix: group = "/etc/group"
unix: radwtmp = "/var/log/radiusd-freeradius/radwtmp"
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded SQL
sql: driver = "rlm_sql_mysql"
sql: server = "localhost"
sql: port = ""
sql: login = "radius"
sql: password = "**"
sql: radius_db = "radius"
sql: acct_table = "radacct"
sql: acct_table2 = "radacct"
sql: authcheck_table = "radcheck"
sql: authreply_table = "radreply"
sql: groupcheck_table = "radgroupcheck"
sql: groupreply_table = "radgroupreply"
sql: usergroup_table = "usergroup"
sql: nas_table = "nas"
sql: dict_table = "dictionary"
sql: sqltrace = off
sql: sqltracefile = "/var/log/radiusd-freeradius/sqltrace.sql"
sql: deletestalesessions = yes
sql: num_sql_socks = 32
sql: sql_user_name = "%{User-Name}"
sql: authorize_check_query = "SELECT id,UserName,Attribute,Value FROM
radcheck WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_reply_query = "SELECT id,UserName,Attribute,Value FROM
radreply WHERE Username = '%{SQL-User-Name}' ORDER BY id"
sql: authorize_group_check_query = "SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value
FROM radgroupcheck,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id"
sql: authorize_group_reply_query = "SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value
FROM radgroupreply,usergroup WHERE usergroup.Username = '%{SQL-User-Name}' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id"
sql: authenticate_query = "SELECT Value,Attribute FROM radcheck WHERE
UserName = '%{User-Name}' AND ( Attribute = 'Password' OR Attribute = 'Crypt-Password'
) ORDER BY Attribute DESC"
sql: accounting_onoff_query = "UPDATE radacct SET AcctStopTime='%S',
AcctSessionTime=unix_timestamp('%S') - unix_timestamp(AcctStartTime),
AcctTerminateCause='%{Acct-Terminate-Cause}', AcctStopDelay = %{Acct-Delay-Time} WHERE
AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress= '%{NAS-IP-Address}' AND
AcctStartTime <= '%S'"
sql: accounting_update_query = "UPDATE radacct SET FramedIPAddress =
'%{Framed-IP-Address}' WHERE AcctSessionId = '%{Acct-Session-Id}' AND UserName =
'%{SQL-User-Name}' AND NASIPAddress= '%{NAS-IP-Address}'"
sql: accounting_start_query = "INSERT into radacct (RadAcctId, AcctSessionId,
AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, Ac
Disable PAP
I have a wireless network. I want that my customers only authenticate through CHAP (don't want passwords flying in the sky), so, all PAP request will deny access. How can I disable PAP? or Enable CHAP ONLY - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius vs gnu radius
Hello, Can someone tell me the difference between freeradius and gnuradius? any major differences in features or stability etc. Are both of them developed from the same code base? Thanks Joseph
Re: List of RADIUS attributes is now available
" The attribute names are sorted alphabetically, and are cross-referenced to the RFC's. It should not be possible to quickly discover what an attribute means, what it does, and where it's defined." Well, if it's not possible, why'd you bring it to our attention? :) [Yes, fully aware of the typo!] Vincent Giovannone Network Infrastructure Group Information Services Division Rush - Presbyterian St. Luke's Medical Center (312) 942-4242 "Monday" is the term used to signify the eighth day of my work week. 1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
List of RADIUS attributes is now available
I spent a bit of time writing some scripts to root through the RADIUS RFC's. The results are now on the web page, at: http://www.freeradius.org/rfc/attributes.html The attribute names are sorted alphabetically, and are cross-referenced to the RFC's. It should not be possible to quickly discover what an attribute means, what it does, and where it's defined. It may also be a good idea to include this information in the source distribution, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: what should i know about before upgrading from v 0.1 to 0.4
[EMAIL PROTECTED] wrote: > I'm wanting to upgrade to v 0.4 but not sure what i should expect. It should work? > if anyone can point out the differences that i should look out for that > would be great. 0.4 is *much* better. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
what should i know about before upgrading from v 0.1 to 0.4
I'm wanting to upgrade to v 0.4 but not sure what i should expect. we are using it to authenticate secure tunnels to our cisco router. if anyone can point out the differences that i should look out for that would be great. thanks Ryan Ryan Cayton Technical Analyst Horine and Associates, LLC. "Alan DeKok" <[EMAIL PROTECTED]> Sent by:To: [EMAIL PROTECTED] freeradius-users-admin@lists. cc: cistron.nl Subject: Re: radius error 03/04/2002 10:53 AM Please respond to freeradius-users "Peter Santiago" <[EMAIL PROTECTED]> wrote: > Mar 4 10:01:47 psinergybbs port[S100]: radius@[127.0.0.1]1813 not > responding ... > Could anyone tell me what's wrong? TIA You didn't read the message you posted to the list. You posted the message to the wrong list. Those errors were NOT from FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Guys Please can you help
Right We have a contract with a rather large company and desperately need them as they hold a monopoly on a certain market we are in... well anyway we currently have a radius which is proxying and they want me to pass certain attributes to it Below... For Access-Request attributes 1,3,4,5,6,7 For Accounting-Startattributes 1,4,5,6,7,40,41,44,45 For Accounting-Stop attributes 1,4,5,6,7,8,40,41,42,43,44,45,46,47,48,49 Is there anyway I can fudge the server to send exactly these..?? I am really don't mind sending crap as long as I send them. Now the problem is I have to abide by there rules otherwise They won't let use use there radius, which is puts the entire project in jeapody. Please help... Thanks Stuart Cheshire Hostmaster - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Use freeradius ans MySQL
Hi, Actually, i used freeradius 0.3 and files password,and it's work fine; but I try to use Freeradius 0.4 and Mysql database. First, i read the documentation on http://www.frontios.com/freeradius.html... that's seem to be easy, but when i try to use radius for the telnet access on a cisco router, the authentication failed. I started radiusd with -X option,and the log is : Tel : +33 3 88 14 81 76rad_recv: Access-Request packet from host 10.56.9.126:1645, id=46, length=77 NAS-IP-Address = 10.56.9.126 NAS-Port = 6 NAS-Port-Type = Virtual User-Name = "alexsql" Calling-Station-Id = "10.46.7.31" Password = "\360T\237>:H\351\236\321A\027v\006\234U\324"modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns okrlm_sql: Reserving sql socket id: 4radius_xlat: 'alexsql'sql_escape in: 'alexsql'sql_escape out: 'alexsql'sql_set_user: escaped user --> 'alexsql'radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'alexsql' ORDER BY id'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'alexsql' ORDER BY idradius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'alexsql' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value FROM radgroupcheck,usergroup WHERE usergroup.Username = 'alexsql' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.idradius_xlat: 'SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'alexsql' ORDER BY id'SELECT id,UserName,Attribute,Value FROM radreply WHERE Username = 'alexsql' ORDER BY idradius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'alexsql' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value FROM radgroupreply,usergroup WHERE usergroup.Username = 'alexsql' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.idrlm_sql: Released sql socket id: 4rlm_sql: Pairs do not match [alexsql] modcall[authorize]: module "sql" returns notfound modcall[authorize]: module "files" returns notfoundmodcall: group authorize returns okauth: No Auth-Type configuration for the request, rejecting the userauth: Failed to validate the user.Login incorrect: [alexsql] (from nas A3LVJ-routeur port 6 cli 10.46.7.31) WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS!Sending Access-Reject of id 46 to 10.56.9.126:1645Finished request 0 If you have some documentation on freeradius and mysql, i will be very happy to read it ! Rgds Alex
Re: radius error
"Peter Santiago" <[EMAIL PROTECTED]> wrote: > Mar 4 10:01:47 psinergybbs port[S100]: radius@[127.0.0.1]1813 not > responding ... > Could anyone tell me what's wrong? TIA You didn't read the message you posted to the list. You posted the message to the wrong list. Those errors were NOT from FreeRADIUS. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radius error
Mar 4 10:01:47 psinergybbs port[S100]: radius@[127.0.0.1]1813 not responding Mar 4 10:02:00 psinergybbs port[S100]: Hangup (SIGHUP) Mar 4 10:02:00 psinergybbs port[S100]: user vchuaseco logged out Mar 4 10:02:00 psinergybbs port[S100]: ioctl(PPPIOCSASYNCMAP): Inappropriate ioctl for device(25) Mar 4 10:02:00 psinergybbs port[S100]: tcflush failed: Input/output error Mar 4 10:02:00 psinergybbs port[S100]: Exit. Mar 4 10:02:01 psinergybbs port[S100]: portslave started on port 100 (/dev/ttyS0) Could anyone tell me what's wrong? TIA Peter - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Oracle
On Sunday, March 03, 2002 1:56 Mohammad Saad [EMAIL PROTECTED] wrote: > I have freeradius up and running from the text files and its great > there. But now I've been trying to compile it with Oracle support and I > seem to have run into a brick wall. > The module is apparently disabled, how do I go about turning it back on > so I can have oracle support compiled in? try this way: ORACLE_HOME=/home/oracle ./configure \ --with-oracle-home-dir=/home/oracle \ --with-rlm-sql_oracle-lib-dir=/home/oracle/lib \ --with-rlm-sql_oracle-include-dir=/home/oracle/rdbms/demo \ --with-gnu-ld \ --enable-ltdl-install Mitry. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
