Re: Found a bug? and have a question .

2002-03-07 Thread Randy Moore 

Hi Thomas,

I notice that you've shortened the field size for all of the attribute 
values fields to 64 or 54 characters.  Any reason not to keep them at 253?

Some attributes like X-Ascend-Data-Filter, can require a longer field.

I like the tighter requirements otherwise.

Also, while I'm thinking about it, the new freeradius_tuning_guide from 
Kostas Kalevras, suggests:
"Create an index for the radacct table to minimize the penalty of a growing 
accounting table. The index should be for the UserName attribute with 
additional 
attributes:AcctSessionId,AcctStartTime,AcctStopTime,NASIPAddres"

The distributed schema has each of these attributes as separate keys.

Should we change it to use:
KEY UserName (UserName,AcctSessionId,AcctStartTime,AcctStopTime,NASIPAddress)

or possibly:
KEY UserName (UserName),
KEY UserName2 (UserName,AcctSessionId,AcctStartTime,AcctStopTime,NASIPAddress)

I don't think I understand keys well enough to predict which would have the 
best performance, and don't have high enough load yet to properly test them 
directly.

Thanks.

At 10:38 AM 3/1/2002 +0100, you wrote:
>Since Attributes and Values not allowed to be NULL i've made the following
>mysql table structure. I've also raise the length of the
>username/attribues/value fields, because I think they was to short ;)
>
>
>#
># Table structure for table 'radacct'
>#
>
>CREATE TABLE radacct (
>   RadAcctId bigint(21) NOT NULL auto_increment,
>   AcctSessionId varchar(32) NOT NULL default '',
>   AcctUniqueId varchar(32) NOT NULL default '',
>   UserName varchar(64) NOT NULL default '',
>   Realm varchar(64) default '',
>   NASIPAddress varchar(15) NOT NULL default '',
>   NASPortId int(12) default NULL,
>   NASPortType varchar(32) default NULL,
>   AcctStartTime datetime NOT NULL default '-00-00 00:00:00',
>   AcctStopTime datetime NOT NULL default '-00-00 00:00:00',
>   AcctSessionTime int(12) default NULL,
>   AcctAuthentic varchar(32) default NULL,
>   ConnectInfo_start varchar(32) default NULL,
>   ConnectInfo_stop varchar(32) default NULL,
>   AcctInputOctets int(12) default NULL,
>   AcctOutputOctets int(12) default NULL,
>   CalledStationId varchar(10) NOT NULL default '',
>   CallingStationId varchar(10) NOT NULL default '',
>   AcctTerminateCause varchar(32) NOT NULL default '',
>   ServiceType varchar(32) default NULL,
>   FramedProtocol varchar(32) default NULL,
>   FramedIPAddress varchar(15) NOT NULL default '',
>   AcctStartDelay int(12) default NULL,
>   AcctStopDelay int(12) default NULL,
>   PRIMARY KEY  (RadAcctId),
>   KEY UserName (UserName),
>   KEY FramedIPAddress (FramedIPAddress),
>   KEY AcctSessionId (AcctSessionId),
>   KEY AcctUniqueId (AcctUniqueId),
>   KEY AcctStartTime (AcctStartTime),
>   KEY AcctStopTime (AcctStopTime),
>   KEY NASIPAddress (NASIPAddress)
>) ;
>
>#
># Table structure for table 'radcheck'
>#
>
>CREATE TABLE radcheck (
>   id int(11) unsigned NOT NULL auto_increment,
>   UserName varchar(64) NOT NULL default '',
>   Attribute varchar(32)  NOT NULL default '',
>   Value varchar(64) NOT NULL default '',
>   PRIMARY KEY  (id),
>   KEY UserName (UserName(32))
>) ;
>
>#
># Table structure for table 'radgroupcheck'
>#
>
>CREATE TABLE radgroupcheck (
>   id int(11) unsigned NOT NULL auto_increment,
>   GroupName varchar(64) NOT NULL default '',
>   Attribute varchar(32)  NOT NULL default '',
>   Value varchar(54)  NOT NULL default '',
>   PRIMARY KEY  (id),
>   KEY GroupName (GroupName(32))
>) ;
>
>#
># Table structure for table 'radgroupreply'
>#
>
>CREATE TABLE radgroupreply (
>   id int(11) unsigned NOT NULL auto_increment,
>   GroupName varchar(64) NOT NULL default '',
>   Attribute varchar(32)  NOT NULL default '',
>   Value varchar(64)  NOT NULL default '',
>   prio int unsigned NOT NULL default '0',
>   PRIMARY KEY  (id),
>   KEY GroupName (GroupName(32))
>) ;
>
>#
># Table structure for table 'radreply'
>#
>
>CREATE TABLE radreply (
>   id int(11) unsigned NOT NULL auto_increment,
>   UserName varchar(64) NOT NULL default '',
>   Attribute varchar(32) NOT NULL default '',
>   Value varchar(64) NOT NULL default '',
>   PRIMARY KEY  (id),
>   KEY UserName (UserName(32))
>) ;
>
>
>#
># Table structure for table 'usergroup'
>#
>
>CREATE TABLE usergroup (
>   id int(11) unsigned NOT NULL auto_increment,
>   UserName varchar(64) NOT NULL default '',
>   GroupName varchar(64) NOT NULL default '',
>   PRIMARY KEY  (id),
>   KEY UserName (UserName(32))
>) ;
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Randy Moore
Axion Information Technologies, Inc.

email [EMAIL PROTECTED]
phone   301-408-1200
fax301-445-3947


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Oracle module question

2002-03-07 Thread Bond Bonds 

Hi again,

Have you look at the radius.log or radwatch.log
files..? There should be an oracle error message if
the modules were loaded but unable to connect...
>From the oracle side... try doing a client trace in
the sqlnet.ora and log it... it may give you a clue
why the connection failed...

Rgds


-Original Message-
From: Peter Shin
[mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 5:12 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Oracle module question


Hi, Thanks for the reply.

The oracle module would get loaded ok if I used the
Oracle 9 library but no
connection to the oracle database would be
established. If I used the oracle
8.0.5 library, the module would not get loaded and
radiusd would terminate
immediately. 

Regards, Peter



-Original Message-
From: Bond Bonds [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 5:15 PM
To: [EMAIL PROTECTED]
Subject: RE: Oracle module question


Hi,

I'm using Oracle 8.1.7 on the same machine (Running
RedHat 7.2) as Freeradius 0.4 and it's working just
fine. You didn't say whether the oracle sql module was
successfully loadded and linked on your system? If it
doesn't, try doing `ldd lib/rlm_sql_oracle.so`. If
there's an error, you need to verify that your oracle
env is set up properly and you have `libclntsh.so.8.0`
and `libwtc8.so` installed on your oracle libdir.

The only problem I have is that the module seems
unable to connect to the oracle during startup (for
example, using an rc.radiusd-redhat file or
daemontools). But it can be done manually (for
example, typing `/bin/sh /etc/rc.d/init.d/radiusd
start`) it connects smoothly.

anybody can help me out here...?


Tx


-Original Message-
From: Peter Shin
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 10:15 AM
To: '[EMAIL PROTECTED]'
Subject: Oracle module question


Hello,

I am trying to get the rlm_sql_oracle working with
FreeRadius 0.4. So far I
can make the radiusd program running compiled with the
Oracle 9 library but
I am not getting any connection to Oracle database.
However sqlplus works.

sql_oracle.c supplied in freeradius 0.4 was written
for Oracle 9. I believe
so because the source used OCIEnvCreate() which was
introduced in Oracle 9
and it replaces OCIInitialize() and OCIEnvInit(). 

I did this modification to try with Oracle 8 but when
I compiled with the
Oracle 8 library, the radiusd program terminated
during the sql
initialisation due to that it cannot load some of
dependent libraries.

My question: is there any one who has worked on the
oracle module in
freeradius? I want to know whether the module has been
tested with which
version of Oracle.

Thanks and regards,

Peter Shin
OzEmail Internet

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free
email!
http://mail.yahoo.com/

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Oracle module question

2002-03-07 Thread Bond Bonds 

Hi again,

Have you look at the radius.log or radwatch.log
files..? There should be an oracle error message if
the modules were loaded but unable to connect...
>From the oracle side... try doing a client trace in
the sqlnet.ora and log it... it may give you a clue
why the connection failed...

Rgds


-Original Message-
From: Peter Shin
[mailto:[EMAIL PROTECTED]]
Sent: Friday, March 08, 2002 5:12 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Oracle module question


Hi, Thanks for the reply.

The oracle module would get loaded ok if I used the
Oracle 9 library but no
connection to the oracle database would be
established. If I used the oracle
8.0.5 library, the module would not get loaded and
radiusd would terminate
immediately. 

Regards, Peter



-Original Message-
From: Bond Bonds [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 5:15 PM
To: [EMAIL PROTECTED]
Subject: RE: Oracle module question


Hi,

I'm using Oracle 8.1.7 on the same machine (Running
RedHat 7.2) as Freeradius 0.4 and it's working just
fine. You didn't say whether the oracle sql module was
successfully loadded and linked on your system? If it
doesn't, try doing `ldd lib/rlm_sql_oracle.so`. If
there's an error, you need to verify that your oracle
env is set up properly and you have `libclntsh.so.8.0`
and `libwtc8.so` installed on your oracle libdir.

The only problem I have is that the module seems
unable to connect to the oracle during startup (for
example, using an rc.radiusd-redhat file or
daemontools). But it can be done manually (for
example, typing `/bin/sh /etc/rc.d/init.d/radiusd
start`) it connects smoothly.

anybody can help me out here...?


Tx


-Original Message-
From: Peter Shin
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 10:15 AM
To: '[EMAIL PROTECTED]'
Subject: Oracle module question


Hello,

I am trying to get the rlm_sql_oracle working with
FreeRadius 0.4. So far I
can make the radiusd program running compiled with the
Oracle 9 library but
I am not getting any connection to Oracle database.
However sqlplus works.

sql_oracle.c supplied in freeradius 0.4 was written
for Oracle 9. I believe
so because the source used OCIEnvCreate() which was
introduced in Oracle 9
and it replaces OCIInitialize() and OCIEnvInit(). 

I did this modification to try with Oracle 8 but when
I compiled with the
Oracle 8 library, the radiusd program terminated
during the sql
initialisation due to that it cannot load some of
dependent libraries.

My question: is there any one who has worked on the
oracle module in
freeradius? I want to know whether the module has been
tested with which
version of Oracle.

Thanks and regards,

Peter Shin
OzEmail Internet

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free
email!
http://mail.yahoo.com/

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Oracle module question

2002-03-07 Thread Peter Shin 

Hi, Thanks for the reply.

The oracle module would get loaded ok if I used the Oracle 9 library but no
connection to the oracle database would be established. If I used the oracle
8.0.5 library, the module would not get loaded and radiusd would terminate
immediately. 

Regards, Peter



-Original Message-
From: Bond Bonds [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 5:15 PM
To: [EMAIL PROTECTED]
Subject: RE: Oracle module question


Hi,

I'm using Oracle 8.1.7 on the same machine (Running
RedHat 7.2) as Freeradius 0.4 and it's working just
fine. You didn't say whether the oracle sql module was
successfully loadded and linked on your system? If it
doesn't, try doing `ldd lib/rlm_sql_oracle.so`. If
there's an error, you need to verify that your oracle
env is set up properly and you have `libclntsh.so.8.0`
and `libwtc8.so` installed on your oracle libdir.

The only problem I have is that the module seems
unable to connect to the oracle during startup (for
example, using an rc.radiusd-redhat file or
daemontools). But it can be done manually (for
example, typing `/bin/sh /etc/rc.d/init.d/radiusd
start`) it connects smoothly.

anybody can help me out here...?


Tx


-Original Message-
From: Peter Shin
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 07, 2002 10:15 AM
To: '[EMAIL PROTECTED]'
Subject: Oracle module question


Hello,

I am trying to get the rlm_sql_oracle working with
FreeRadius 0.4. So far I
can make the radiusd program running compiled with the
Oracle 9 library but
I am not getting any connection to Oracle database.
However sqlplus works.

sql_oracle.c supplied in freeradius 0.4 was written
for Oracle 9. I believe
so because the source used OCIEnvCreate() which was
introduced in Oracle 9
and it replaces OCIInitialize() and OCIEnvInit(). 

I did this modification to try with Oracle 8 but when
I compiled with the
Oracle 8 library, the radiusd program terminated
during the sql
initialisation due to that it cannot load some of
dependent libraries.

My question: is there any one who has worked on the
oracle module in
freeradius? I want to know whether the module has been
tested with which
version of Oracle.

Thanks and regards,

Peter Shin
OzEmail Internet

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html





__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Problem with accounting (postgresql)

2002-03-07 Thread Alan DeKok 

Guillermo Schimmel <[EMAIL PROTECTED]> wrote:
> I'm sorry for posting this another time, but I don't know what to do.
..
> > The only problem that we had was that yesterday, we restarted our postgres
> > server, and with no errors, our accounting died. So, we lost all the
> > records of about 8 hours. Obviously, the connection between radiusd and
> > postgres died and it never came back.

  There was a patch posted a few months ago, which did re-connects for
Postgres.  I've taken a quick look at it, and posted an updated
version at:

  http://www.striker.ottawa.on.ca/~aland/postgresql.patch

  I don't use postgres, so this patch isn't guaranteed to compile.
You may have to poke at it a bit to get it to work.  But if it does
work for you, I'll add it in to the server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Quick question

2002-03-07 Thread Alan DeKok 

Chris Parker <[EMAIL PROTECTED]> wrote:
> POD is an internet draft[1].  At the time it's finalized into a final RFC,
> it may be supported.

  I seriously doubt if it will ever turn into an RFC.  The IETF RADIUS
group has been disbanded, so there is no way for this document to
reach standards track.

>  Until then, every NAS I've used allows you to reset sessions via
> SNMP, so you may want to look at that vs. POD.

  And very few NAS boxes support the disconnect request currently, so
there isn't much point in adding it to the server.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with accounting (postgresql)

2002-03-07 Thread Guillermo Schimmel 

I'm sorry for posting this another time, but I don't know what to do.

> Hi everybody:
>
>   I work for a Telco in Argentina, we are small but growing, and
> fortunately, my boss likes open source solutions, so we have installed
> freeradius 0.4 in a production environment.
>
>   We have two HP Netserver LPr2000 (Dual PII 500, 512MB RAM) as our primary
> and secondary radius server. The freeradius gets the user accounts from two
> replicated OpenLDAP 2, and does the accounting on a PosgreSQL database.
>
>   At the moment, we have 50k accounts, and 5 NAS and its working pretty
> well. We would like to grow up to 500k accounts with the same hardware.
> (Coments?)
>
>   The only problem that we had was that yesterday, we restarted our postgres
> server, and with no errors, our accounting died. So, we lost all the
> records of about 8 hours. Obviously, the connection between radiusd and
> postgres died and it never came back.
>
>   Now, how can I avoid that? There is any way to reset the
> radiusd<->postgresql connection without restarting the whole server?
>
>   Are there radiusd developers in this list? If not, where can I go for
> help?
>
>   Besides that, the product is great. Thanks.
>
>
>
>
> Guillermo Schimmel

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Quick question

2002-03-07 Thread Chris Parker 

At 08:44 PM 3/7/2002 +, stuartc wrote:

>Hi there sorry to disturb, is there a POD (Packet of Disconnect) module
>for freeradius or cistron radius servers. Can someone advise please.

POD is an internet draft[1].  At the time it's finalized into a final RFC,
it may be supported.  Until then, every NAS I've used allows you to reset
sessions via SNMP, so you may want to look at that vs. POD.

Cisco's implementation is a bit different than the draft [2], I don't know
of any other vendors that support POD.  Cisco reuses Auth-Req packet codes,
whereas the draft specifies new packet codes.

You could very easily use 'radclient' to send the necesary attributes.  The
ones cisco uses are simply standard attributes:

User-Name
Framed-IP-Address
Session-Id
Session-Key

I don't know how other vendors approach it, but most likely they will
all be different, and it'll end up with something like the 'checksimul'
script which has to handle each nas differently.

[1]
http://www.rfc-editor.org/internet-drafts/draft-chiba-radius-dynamic-disconnect-00.txt

[2] 
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122x/122xb/122xb_2/ft_pod.htm

-Chris
--
\\\|||///  \  StarNet Inc.  \Chris Parker
\ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Accounting Realms.

2002-03-07 Thread Julio Faerman 



Hi
I want to have several realms, and different 
accting for each one , on SQL, for each forwarded connection request. 

Can this be done with Freeradius ? How 
?
 
[]~s
Juliop

Quick question

2002-03-07 Thread stuartc 



Hi there sorry to disturb, is there a POD (Packet of Disconnect) module
for freeradius or cistron radius servers. Can someone advise please.


Thanks Guys, your help is much appreciated.

Stuart





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radzap

2002-03-07 Thread Eduardo Roldan 

On Thu, 2002-03-07 at 16:01, Alan DeKok wrote:
> Eduardo Roldan <[EMAIL PROTECTED]> wrote:
> > I dowloaded the CVS snapshot freeradius-snapshot-20020307.tar.gz
> > radzap has changed from the 0.4 version, correct?
> 
>   Slightly.
> 
> > And the new version request a radius server.. I don't understand. Why an
> > app to clean the utmp request a radius server?
> 
>   It now does more than that.  Multiple databases may have utmp-style
> data.  The only way to update ALL of them is to send a packet to the
> server.

. Now I understand.

> 
> > radzap: zapping termserver 200.40.77.19, port 117440712, user
> > [EMAIL PROTECTED]
> > radzap: no response from server
> 
>   You should be able to use "server:port" to send the packet to the
> port that the server is listening on.

Ok, the sintax server:port doesn't work for me, but I use -p PORT, it's
the same.

But, something strange happens to me. Start the server with -X
parameter. OK, for me the latest 2 lines says:
Listening on IP address *, ports 1812/udp and 1813/udp.
Ready to process requests.

Ok, now zap that bad user!

radzap -r data  -p 1812 rac 117440712 [EMAIL PROTECTED]

Ooops, the log says:

rad_recv: Accounting-Request packet from host 127.0.0.1:32850, id=97,
length=127
Accounting-Request packet sent to a non-accounting port from client
localhost:32850 - ID 97 : IGNORED
--- Walking the entire request list ---
Nothing to do.  Sleeping until we see a request.

Hehe, 1812 isn't the accounting port, it's 1813. Ok , this will work
now:

[root@data sbin]# radzap -r data  -p 1813 rac 117440712
[EMAIL PROTECTED]
radzap: zapping termserver 200.40.77.19, port 117440712, user
[EMAIL PROTECTED]
radzap: no response from server

Arr!!!, now nothing new in the logs, nothing.

What happens now?

This is driving me mad.






 




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: PAM

2002-03-07 Thread Frank Cusack 

On Wed, Mar 06, 2002 at 10:06:43PM -0800, Sawagee Louis wrote:
> Hello,
> 
> Could somebody point me to a linux pam agent that will work well with redhat
> 6.0/6.2/7.1/7.2  ?
> Where can I find the install and configuration doc?



> Can that agent work with commercial Radius implementations? which ones?

All RFC 2865 and RFC 2866 compliant implementations.

/fc

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WinXP/Cisco/Freeradius - Configuring 802.1X Port-Based Authentication

2002-03-07 Thread Raghu 

Hi Hajo,

Try running radiusd from src/main and check with gdb.

A second look at the logs posted, shows a weird thing like,
 EAP packet length is 0 (EAP-Message = "\001$\000\000\004\020 )
 but there are a bunch of EAP-Messages created.
 This should never happen.

So I would like to find out the root cause of this problem.
If possible try to send all the info like logs, configurations,
OS etc


-Raghu

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: radzap

2002-03-07 Thread Alan DeKok 

Eduardo Roldan <[EMAIL PROTECTED]> wrote:
> I dowloaded the CVS snapshot freeradius-snapshot-20020307.tar.gz
> radzap has changed from the 0.4 version, correct?

  Slightly.

> And the new version request a radius server.. I don't understand. Why an
> app to clean the utmp request a radius server?

  It now does more than that.  Multiple databases may have utmp-style
data.  The only way to update ALL of them is to send a packet to the
server.

> radzap: zapping termserver 200.40.77.19, port 117440712, user
> [EMAIL PROTECTED]
> radzap: no response from server

  You should be able to use "server:port" to send the packet to the
port that the server is listening on.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

radzap

2002-03-07 Thread Eduardo Roldan 

I dowloaded the CVS snapshot freeradius-snapshot-20020307.tar.gz
radzap has changed from the 0.4 version, correct?

I never used radzap from 0.4, so, this version don't interest me.
But, the help says:

Usage: radzap termserver [port] [user]
   radzap is only an admin tool to clean the radutmp file!

And the new version request a radius server.. I don't understand. Why an
app to clean the utmp request a radius server?

Anyway, I can't zap a utmp entry with freeradius-snapshot-20020307
See:


[root@data root]# radwho -r
Login  Name  What  TTY  When  From  Location
[EMAIL PROTECTED],[EMAIL PROTECTED],PPP,S117440712,Thu
14:28,rac,
[root@data root]# radzap -r data rac S117440712 [EMAIL PROTECTED]
radzap: zapping termserver 200.40.77.19, port 117440712, user
[EMAIL PROTECTED]
radzap: no response from server

rac is my NAS, data is the radius server and where I'm logged.
My radius server is running:
Thu Mar  7 14:53:46 2002 : Info: Listening on IP address *, ports
1812/udp and 1813/udp.

Some hint?




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sig11

2002-03-07 Thread Alan DeKok 

Mike Cathey <[EMAIL PROTECTED]> wrote:
> Thanks, I appreciate the heads up.  Is it possible that my problem on 
> the solaris box was the same then?

  Yes.  I hope to have something done soon.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sig11

2002-03-07 Thread Mike Cathey 

Alan,
Thanks, I appreciate the heads up.  Is it possible that my problem on 
the solaris box was the same then?

I'll leave you alone so you can have more time to work on it then. =)

Have a great day!

Sincerely,

Mike

--

Mike Cathey - http://www.mikecathey.com/
Network Administrator
RTC Internet - http://www.catt.com/


Alan DeKok wrote:

> Mike Cathey <[EMAIL PROTECTED]> wrote:
> 
>>I had a problem on the other box (linux/dual-i686) that I installed 
>>FreeRADIUS 0.4 on yesterday.  It died with this in the log (after 
>>running for ~19 hours):
>>
> 
>   There's a race condition in the server that I'm in the process of
> fixing.  The short summary is that a request can be deleted while it's
> being processed, so the server dies.
> 
>   The fix shouldn't be too bad, it's just a matter of getting time to
> do it.
> 
>   Alan DeKok.
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 
> 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: help

2002-03-07 Thread Alan DeKok 

=?iso-8859-1?q?thouraya=20ben=20salem?= <[EMAIL PROTECTED]> wrote:
> I have a question to ask you: It has been written in
> the website of freeradius that it has  experimental
> support for EAP/TLS, can anyone explain what it is
> meant by experimental?

  'alpha'.  If it works, wonderful.  If not, then you should probably
find the bugs, and submit patches.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Computones ??

2002-03-07 Thread Alan DeKok 

"Don Click" <[EMAIL PROTECTED]> wrote:
> when I try to configure my computone to talk to the radius server, (which =
> i have running with the -x debug option on.) - I dont see ANY attempts =
> from the computone to the server for authentication.

  Have you read the FAQ, and double-checked the ports the server is
listening on, and the ports the computone is sending packets to?

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

help

2002-03-07 Thread thouraya ben salem 

Hi everybody
I have a question to ask you: It has been written in
the website of freeradius that it has  experimental
support for EAP/TLS, can anyone explain what it is
meant by experimental?
Thank you for your help


___
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Mail : http://fr.mail.yahoo.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Computones ??

2002-03-07 Thread Don Click 

Hi guys.. We are attempting to migrate from an NT based radius to freeradius.

from what I can see so far, its gone pretty good - I have the server up and running, 
with SQL support, etc.. BUT

when I try to configure my computone to talk to the radius server, (which i have 
running with the -x debug option on.) - I dont see ANY attempts from the computone to 
the server for authentication.

I added the computone to clients as well as naslist, but.. ?? Did I miss something 
somewhere? 

Please advise.



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sig11

2002-03-07 Thread Alan DeKok 

Mike Cathey <[EMAIL PROTECTED]> wrote:
> I had a problem on the other box (linux/dual-i686) that I installed 
> FreeRADIUS 0.4 on yesterday.  It died with this in the log (after 
> running for ~19 hours):

  There's a race condition in the server that I'm in the process of
fixing.  The short summary is that a request can be deleted while it's
being processed, so the server dies.

  The fix shouldn't be too bad, it's just a matter of getting time to
do it.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Sig11

2002-03-07 Thread Mike Cathey 

I had a problem on the other box (linux/dual-i686) that I installed 
FreeRADIUS 0.4 on yesterday.  It died with this in the log (after 
running for ~19 hours):

SNIP
Wed Mar  6 19:16:03 2002 : Error: CHILD: exit on signal (11)
Wed Mar  6 19:22:57 2002 : Info: Starting - reading configuration files ...
Wed Mar  6 19:22:58 2002 : Info: Listening on IP address *, ports 
1645/udp and 1646/udp.
Wed Mar  6 19:22:58 2002 : Info: Ready to process requests.
SNIP



Here is radiusd -v:

SNIP
raldiusd: FreeRADIUS Version 0.4, for host i686-pc-linux-gnu, built on 
Mar  5 2002 at 23:01:04
SNIP

and config.log is attached.

I realized that a sig11 is normally a hardware issue, but I'm inclined 
to believe that this machine is fine.  Suggestions?

Cheers,

Mike


This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

configure:573: checking for gcc
configure:686: checking whether the C compiler (gcc  ) works
configure:702: gcc -o conftestconftest.c  1>&5
configure:728: checking whether the C compiler (gcc  ) is a cross-compiler
configure:733: checking whether we are using GNU C
configure:742: gcc -E conftest.c
configure:761: checking whether gcc accepts -g
configure:793: checking how to run the C preprocessor
configure:814: gcc -E  conftest.c >/dev/null 2>conftest.out
configure:874: checking whether gcc needs -traditional
configure:920: checking whether we are using SUNPro C
configure:929: gcc -E conftest.c
configure:940: checking for ranlib
configure:973: checking for gmake
configure:1041: checking for gmake
configure:1082: checking for main in -lltdl
configure:1097: gcc -o conftest -g -O2   conftest.c -lltdl   1>&5
configure:1231: checking host system type
configure:1252: checking build system type
configure:1281: checking for ld used by GCC
configure:1343: checking if the linker (/usr/bin/ld) is GNU ld
GNU ld version 2.9.5 (with BFD 2.9.5.0.22)
configure:1359: checking for BSD-compatible nm
configure:1395: checking whether ln -s works
ltconfig:603: checking for object suffix
ltconfig:604: gcc -c -g -O2  conftest.c 1>&5
ltconfig:629: checking for executable suffix
ltconfig:630: gcc -o conftest -g -O2   conftest.c  1>&5
ltconfig:776: checking if gcc PIC flag -fPIC works
ltconfig:777: gcc -c -g -O2 -fPIC -DPIC  conftest.c 1>&5
ltconfig:829: checking if gcc supports -c -o file.o
ltconfig:830: gcc -c -g -O2 -o out/conftest2.o  conftest.c 1>&5
ltconfig:862: checking if gcc supports -c -o file.lo
ltconfig:863: gcc -c -g -O2 -c -o conftest.lo  conftest.c 1>&5
ltconfig:914: checking if gcc supports -fno-rtti -fno-exceptions
ltconfig:915: gcc -c -g -O2 -fno-rtti -fno-exceptions -c conftest.c  conftest.c 1>&5
ltconfig:958: checking if gcc static flag -static works
ltconfig:959: gcc -o conftest -g -O2   -static conftest.c  1>&5
GNU ld version 2.9.5 (with BFD 2.9.5.0.22)
ltconfig:1635: checking if global_symbol_pipe works
ltconfig:1636: gcc -c -g -O2  conftest.c 1>&5
ltconfig:1639: eval "/usr/bin/nm -B conftest.o | sed -n -e 's/^.*[  
]\([ABCDGISTW]\)[   ][  ]*\(\)\([_A-Za-z][_A-Za-z0-9]*\)$/\1 \2\3 \3/p' > 
conftest.nm"
ltconfig:1691: gcc -o conftest -g -O2 -fno-builtin -fno-rtti -fno-exceptions   
conftest.c conftstm.o 1>&5
ltconfig:2212: checking for dlopen in -ldl
ltconfig:2233: gcc -o conftest -g -O2 -fno-builtin -fno-rtti -fno-exceptions   
conftest.c -ldl   1>&5
ltconfig:2452: checking for dlfcn.h
ltconfig:2462: gcc -c -g -O2 -fno-builtin -fno-rtti -fno-exceptions  conftest.c 1>&5 
>/dev/null 2>conftest.out
ltconfig:2490: checking whether a program can dlopen itself
ltconfig:2544: gcc -o conftest -g -O2 -fno-builtin -fno-rtti -fno-exceptions  
-DHAVE_DLFCN_H  -Wl,--export-dynamic conftest.c -ldl  1>&5
ltconfig:2563: checking whether a statically linked program can dlopen itself
ltconfig:2617: gcc -o conftest -g -O2 -fno-builtin -fno-rtti -fno-exceptions  
-DHAVE_DLFCN_H  -Wl,--export-dynamic -static conftest.c -ldl  1>&5
ltconfig: failed program was:
#line 2571 "ltconfig"

#if HAVE_DLFCN_H
#include 
#endif

#include 

#ifdef RTLD_GLOBAL
# define LTDL_GLOBALRTLD_GLOBAL
#else
# ifdef DL_GLOBAL
#  define LTDL_GLOBAL   DL_GLOBAL
# else
#  define LTDL_GLOBAL   0
# endif
#endif

/* We may have to define LTDL_LAZY_OR_NOW in the command line if we
   find out it does not work in some platform. */
#ifndef LTDL_LAZY_OR_NOW
# ifdef RTLD_LAZY
#  define LTDL_LAZY_OR_NOW  RTLD_LAZY
# else
#  ifdef DL_LAZY
#   define LTDL_LAZY_OR_NOW DL_LAZY
#  else
#   ifdef RTLD_NOW
#define LTDL_LAZY_OR_NOWRTLD_NOW
#   else
#ifdef DL_NOW
# define LTDL_LAZY_OR_NOW   DL_NOW
#else
# define LTDL_LAZY_OR_NOW   0
#endif
#   endif
#  endif
# endif
#endif

fnord() { int i=42;}
main() { void *self, *ptr1, *ptr2; self=dlopen(0,LTDL_GLOBAL|LTDL_LAZY_OR_NOW);
if(self) { ptr1=dlsym(self,"fnord"); ptr2=dlsym(self,"_fnord");
if(ptr1 || ptr2) { dlclose(self); exit(0); } } exit(1); } 

configure:1604: ch

!! Problem with Mysql accounting..with LDAP authentication..

2002-03-07 Thread aw spada 

Hi,

I am able to get authentication from LDAP server but
could not get accounting records on Mysqlhere
below is the log.
-
modcall[accounting]: module "detail" returns ok
rlm_sql: Reserving sql socket id: 4
rlm_sql:  received Acct On/Off packet
radius_xlat:  'UPDATE radacct SET
AcctStopTime='2002-03-07 17:59:46',
AcctSessionTime=unix_timestamp('2002-03-07 17:59:46')
- unix_timestamp(AcctStartTime),
AcctTerminateCause='', AcctStopDelay =  WHERE
AcctSessionTime=0 AND AcctStopTime=0 AND NASIPAddress=
'10.100.10.1' AND AcctStartTime <= '2002-03-07
17:59:46''
rlm_sql: Couldn't update SQL accounting for ALIVE
packet - You have an error in your SQL syntax near
'WHERE AcctSessionTime=0 AND AcctStopTime=0 AND
NASIPAddress= '10.100.10.1' A' at line 1
rlm_sql: Released sql socket id: 4
  modcall[accounting]: module "sql" returns ok
modcall: group accounting returns ok
Sending Accounting-Response of id 3 to
10.100.10.1:2006
Finished request 4
Going to the next request
--- Walking the entire request list ---
Cleaning up request 4 ID 3 with timestamp 3c87aa92
Nothing to do.  Sleeping until we see a request.

Any suggestion ???

AS Spada

__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: "SQL" modules aren't allowed ...

2002-03-07 Thread aw spada 

I think u need to specify sql auth in radiusd.conf...

Spada

--- Michael Vasilenko <[EMAIL PROTECTED]> wrote:
> 
> Hello
> 
> On fresh CVS I 've got
> 
> rlm_sql: Driver rlm_sql_mysql loaded and linked
> rlm_sql: Attempting to connect to
> radius@localhost:/radius
> rlm_sql:  Connected new DB handle, #0
> rlm_sql:  Connected new DB handle, #1
> rlm_sql:  Connected new DB handle, #2
> rlm_sql:  Connected new DB handle, #3
> rlm_sql:  Connected new DB handle, #4
> Module: Instantiated sql (sql)
> radiusd.conf: "SQL" modules aren't allowed in
> 'authenticate' sections --
> they have no such method.
> 
> What is that means?
> 
> -- 
> Michael Vasilenko
> 
> 
> - 
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: how to do auth use callingstationid

2002-03-07 Thread ju bin 

Thank you, Kostas.

I tried it, nothing changed.

And I seek in the source code, in rlm_sql.c, function rlm_sql_authorize
if the pairs do not match, module will return
RLM_MODULE_NOTFOUND,

and in auth.c, function rad_authenticate
if (r != RLM_MODULE_NOTFOUND &&
r != RLM_MODULE_NOOP &&
r != RLM_MODULE_OK &&
r != RLM_MODULE_UPDATED) {
so, it seems as same as RLM_MODULE_OK,
(just in rlm_sql_authorize
pairmove(&request->reply->vps, &reply_tmp);
pairmove(&request->config_items, &check_tmp);
pairfree(&reply_tmp);
pairfree(&check_tmp);
was skipped)

I change the RLM_MODULE_NOTFOUND to
RLM_MODULE_INVALID in rlm_sql_authorize,
then it works:

Thu Mar  7 13:59:19 2002 : Info: rlm_sql: Pairs do not match [jb@adsl]
Thu Mar  7 13:59:19 2002 : Auth: Invalid user: [jb@adsl] (from nas
unisphere-lqf port 1359675619 cli
 #SZ_ERX1400_LQF#A51#11#227)

I am not sure is this the right way make it work.

Can anyone tell me another way it will work?


>
> In your radiusd.conf instead of
>
> authorize{
> [...]
> sql
> [...]
> }
>
> do
>
> authorize{
> [...]
> sql{
>   notfound = return
> }
> [...]
> }
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 10 7721861
> 'Go back to the shadow' Gandalf


 

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: WinXP/Cisco/Freeradius - Configuring 802.1X Port-Based Authentication

2002-03-07 Thread Hajo Kessener 

Hi Raghu,

thanks for your answer. Let gdb check the core but the results were not very
meaningful. I read about possible misconfigurations of gdb that may result
in this kind of useless output, but I mounted the whole GNU-Package from a
colleague and can't recompile it right now. Nevertheless:

 snip 
(gdb) core core
Core was generated by `./radiusd -X'.
Program terminated with signal 9, Killed.
#0  0xff0706bc in ?? ()
(gdb)
 snip 

So I ran 'radiusd -X' from gdb with the following output (sorry, hope it
isn't too much but it also includes the relevant radiusd.conf information
you asked for):

 snip 

# gdb radiusd
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
(gdb) run -X
Starting program: /usr/local/sbin/radiusd -X
[New LWP 1]
[New LWP 2]
[New LWP 3]
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /usr/local/etc/raddb/proxy.conf
Config:   including file: /usr/local/etc/raddb/clients.conf
Config:   including file: /usr/local/etc/raddb/snmp.conf
Config:   including file: /usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
read_config_files:  reading dictionary
read_config_files:  reading clients
read_config_files:  reading realms
read_config_files:  reading naslist
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 1812
 main: allow_core_dumps = no
 main: log_stripped_names = yes
 main: log_auth = yes
 main: log_auth_badpass = yes
 main: log_auth_goodpass = yes
 main: pidfile = "/usr/local/var/run/radiusd.pid"
 main: user = "root"
 main: group = "root"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 security: max_attributes = 200
 security: reject_delay = 1
 main: debug_level = 0
read_config_files:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
 unix: cache = yes
 unix: passwd = "/etc/passwd"
 unix: shadow = "/etc/shadow"
 unix: group = "/etc/group"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
HASH:  Reinitializing hash structures and lists for caching...
  HASH:  user root found in hashtable bucket 11726
  HASH:  user daemon found in hashtable bucket 11668
  ...
  HASH:  user ks found in hashtable bucket 46164
HASH:  Stored 14 entries from /etc/passwd
HASH:  Stored 17 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded eap
 eap: default_eap_type = "md5"
 eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
Module: Instantiated eap (eap)
Module: Loaded preprocess
 preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile = "/usr/local/etc/raddb/acct_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded detail
 detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
 detail: detailperm = 384
 detail: dirperm = 493
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
[New LWP 4]
rad_recv: Access-Request packet from host 130.75.xx.xx:2343, id=36,
length=63
User-Name = "ks"
NAS-IP-Address = 130.75.xx.xx
Framed-MTU = 1000
EAP-Message = "\002\001\000\007\001ks"
Message-Authenticator = 0xd61f273476c1d685ab6a352c8ef53957
modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "eap" returns updated
  modcall[authorize]: module "s

EAP-MD5/Password

2002-03-07 Thread ±è¿µ¹Î 
Title: shinbiro mail edior




Hi.
 
I use "FreeRADIUS Version 0.5, for host i686-pc-linux-gnu, built on 
Mar  7 2002 at 02:11:01"
 
I edit users file the following.
 
DEFAULT Auth-Type :=3D EAP   =
 Fall-Through =3D 1
 
Also, I edit radiusd.conf
 
    eap {   &n=
bsp;=
;   default_eap_type =3D md5
=
   timer_expire =
=3D 60
=
    md5 {=
;    }
 }
 
authorize {    preprocess=
#   counter#&=
nbsp;  attr_filter    eap    suffix   &n=
bsp;    files#   mscha=
p}
authenticate {#   pam &nb=
sp;  unix# &n=
bsp; ldap#   mschap  &n=
bsp; eap}
 
 
But I can't success the authentication.
 
After EAP-Response/MD5 ..., radiusd says
 
rlm_eap: Request found, released from the listrlm_eap: EAP_TYPE - md=
5rlm_eap: processing type md5rlm_eap_md5: No password configured fo=
r this user  modcall[authenticate]: module "eap" returns invalidmodcall: group authenticate returns invalidauth: Failed to validate t=
he user.Delaying request 1 for 1 secondsFinished request 1
I don't know how I register each user and password.
Does anyone know what I shall do to tell user's password to eap module?<=
/P>
 
Thanks.
 



  =20




=20
  
  
  =20
 
  

=20
  
  
  
  
  
  



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Simultaneous-Login??

2002-03-07 Thread Andrew Kelaidis 

The check item is the Simultaneous-Use

>From: Eduardo Roldan <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Simultaneous-Login??
>Date: 06 Mar 2002 16:01:41 -0300
>
>The file ./doc/Simultaneous-Use in the chapter 4 says:
>
>
>4. IF IT DOESN'T WORK
>
>   Note that you need to add the Simultaneous-Login parameter to the
>   check item (first line), not the reply item.
>
>
>What is "Simultaneous-Login"?, the documents refer to Simultaneous-Use
>all time. This is a error?
>
>
>
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html




_
Send and receive Hotmail on your mobile device: http://mobile.msn.com


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html