Re: Radius can not read shadow file, permissions changes automatically
> Hi All, > This is very frustating for us. We are running radiusd (through > radwatch) with user radius and group radius. Since radiusd must > be able to read the shadow file, we have created a new user > radius and group radius, and have manually changed the > permissions of shadow file which looks as follows: > > -rw-r-1 root radius How about adding radius to the root group: /etc/group root:x:0:radius > But what is happening, yesterday at 4:23PM, and today at 11:33AM > the permissions were snatched away, making streams of invalid > logins and beeping our beepers from a team of unhappy users. The > file permissions goes back to original state, that is: > > -rw---1 root root OK, so my first suggestion wont help in that case. My RedHat knowledge is limited, I'm a Debian man. Debian's default for /etc/shadow is -rw-r-, so my trick above would work. > We have checked everything (we think), crontab etc, but nothing > can be found. Please help us. What would modify the shadow file? Adding/deleteing users and changing passwords. I can't think of anything else. May I suggest testing these three. The seamingly randomness at these times suggests it being triggered by a user changing there password, or something similar. > We have even tried chaging permission from linuxconf (fools, but > you should have seen our frustated faces), only to get the same > result. > > We are running freeradius 0.4 (Reply-Message does not seem to > work in 0.5, but that is another issue) in RedHat 7.1. > > Thanks in advance, and please, we do not want to run radiusd as > root, that is a security issue, is not it? Of course. freeradius prior to version 4 has a remote exploit, running software as root is always a risk, connected your computer to the internet is always a risk :-) However, if you use ipchains/iptables to block incoming data on your radius ports unless the packet is from you NAS, then that will greatly improve security. How about chrooting your radius installation, and have a script copy /etc/shadow (and other needed files) to /chroot/freeradius/etc/shadow and set appropriate permissions so that radius can read the chroot'd /etc/shadow Or perhaps changing these lines in radiusd.conf passwd = /etc/passwd shadow = /etc/shadow group = /etc/group to point to copies these files, again with needed permissions. As of yet I haven't tested that, however it is on my todo list (along with 2^10 other things). > -- > The steady state of disks is full. > -- Ken Thompson > > Dr. Muhammad Masroor Ali > Associate Professor and Associate Director > Institute of Information and Communication Technology > Bangladesh University of Engineering and Technology > Dhaka-1000, Bangladesh > Phone: 880 2 966 5602 (Office), 880 2 966 5700 (Residence) > Fax: 880 2 966 5602, 880 2 861 3046, 880 2 861 3026 Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Accounting Request from ... with invalid signature!
I just installed FreeRadius 0.5.. Authentication is working find. However, I am receiving a "Error: Received Accounting-Request packet from 131.210.x.1 with invalid signature!" This is a USR Hiper ARC running 5.3.2. The secret is correct, as I can authenticate users with out any difficultly. What did I miss? Thanks, Steve. -- Steven Premeau, Network Manager [EMAIL PROTECTED] (262) 595-2005 Networking and Microcomputing Services University of Wisconsin - Parkside - "A car is more costly, complex, and dangerous than any word processor. Yet you don't find a thousand page operating manual, nor must you check with a friend to learn how to close the window ..." - Cliff Stoll in "Silicon Snake Oil" - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Radius can not read shadow file, permissions changes automatically
Hi All, This is very frustating for us. We are running radiusd (through radwatch) with user radius and group radius. Since radiusd must be able to read the shadow file, we have created a new user radius and group radius, and have manually changed the permissions of shadow file which looks as follows: -rw-r-1 root radius But what is happening, yesterday at 4:23PM, and today at 11:33AM the permissions were snatched away, making streams of invalid logins and beeping our beepers from a team of unhappy users. The file permissions goes back to original state, that is: -rw---1 root root We have checked everything (we think), crontab etc, but nothing can be found. Please help us. We have even tried chaging permission from linuxconf (fools, but you should have seen our frustated faces), only to get the same result. We are running freeradius 0.4 (Reply-Message does not seem to work in 0.5, but that is another issue) in RedHat 7.1. Thanks in advance, and please, we do not want to run radiusd as root, that is a security issue, is not it? -- The steady state of disks is full. -- Ken Thompson Dr. Muhammad Masroor Ali Associate Professor and Associate Director Institute of Information and Communication Technology Bangladesh University of Engineering and Technology Dhaka-1000, Bangladesh Phone: 880 2 966 5602 (Office), 880 2 966 5700 (Residence) Fax: 880 2 966 5602, 880 2 861 3046, 880 2 861 3026 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
log files
Hi, I have the same problem as yours, seems there are many ppl encountered the same problem, it should be written to FAQ. Any kind soul out there can help out on this? Thanks
Re: FW: EAP-MD5: EAP-TLS
Artur Hecker wrote: > > EAP-TLS has been developed by Mr. Adoba (et al.) who is currently > working for Microsoft if I'm not completely mistaken. It represents a > complete TLS exchange using EAP. EAP itself is only the negotiation > scheme and the carrier frame for the negotiated protocol. So, I guess > that the real challenge during the protocol development was the > segmentation of TLS packets which can become rather huge with all the > certificate stuff in them. EAP-TLS should be natively supported by every > WinXP box (well, I'm not sure for the "home edition"...) which is > interesting from the customer's/user's point of view. (Besides: Does > anybody know something about such support (for WiFi) in Linux? Would be > very interesting to get some links.) http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg03808.html -- (( )) | |.| HereUAre !! |_| (( Raghu )) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: EAP-MD5: Password sources
On Tue, Apr 02, 2002 at 05:53:28PM -0600, McNutt, Justin M. wrote: > The problem I have with all of this is the fact that the actual passwords can be >deduced using the "cleartext equivalent" that MS stores. This is a huge weakness in >NT/2K-based authentication that I was hoping to get around using FreeRADIUS. > The actual password cannot be deduced from the cleartext equivalent in any way other than dictionary attack / guessing (same as for unix crypt or md5). The only problem with this is that the M$ hash has no salt, so an attacker can precompile a dictionary. However, a salt is relatively useless as the md4 hash (what M$ stores) is cleartext equivalent, so an attacker does not need to deduce the actual password -- at least not for purposes of using M$ style authenticated resources. So MS-CHAP is not worse than regular CHAP (essentially EAP-MD5) in this regard. There is definitely a problem if someone has the md4's and a user re-uses their password on other systems, eg to authenticate to both unix and windows machines. You could use PAP auth or perhaps EAP-TLS. PAP auth has the disadvantage of the password going over the wire in the clear to the NAS, so you have to weigh your concerns here. I don't know of any radius servers that do EAP-TLS. (But then, I know almost nothing about EAP period.) There are better ways to do this, but there are no implementations of them. /fc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: EAP-MD5: Password sources
"McNutt, Justin M." wrote: > > Again, same idea. MS uses the repository of password-equivalent strings that are >stored in Active Directory, the NT domain, whatever to compare against the >authentication string provided in the EAP request. > > The problem I have with all of this is the fact that the actual passwords can be >deduced using the "cleartext equivalent" that MS stores. This is a huge weakness in >NT/2K-based authentication that I was hoping to get around using FreeRADIUS. > > Unfortunately the way EAP-MD5 works with FreeRADIUS is just as bad (or worse) from >the standpoint of having a file somewhere with all of my users' passwords in them in >cleartext (or a trivially-decodable) form. > > So if I want to use FreeRADIUS and EAP, EAP-TLS is the only option I have left (so >far). > I am not sure about MS but based on your observation, I think EAP-TLS is your best option. Here you are talking about 2 different aspects 1. Secure mechanism of storing Passwords locally. You got to deal this locally. Partly the same problem applies even for certificates. 2. Secure mechanism of authentication over the network. CHAP, EAP-MD5 are better but EAP-TLS is the best (IMHO). -- (( )) | |.| HereUAre !! |_| (( Raghu )) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
version upgrade from 0.4 -> 0.5, authentication problems...
version 0.4 was working fine with mysql support and dialup_admin... however after upgrading to version 0.5, everything went downhill... system accounts can't be authenticated, sql database cannot be updated by dialup_admin... Please advise... Tell me what info you still need to diagnose this problem.. I reverted back to using version 0.4, working fine again _ Peter Santiago ICQ#: 2890601 More ways to contact me: http://wwp.icq.com/2890601 See more about me: http://web.icq.com/whitepages/about_me?Uin=2890601 Linux user #252132 http://counter.li.org _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: PDC insted of Mysql
NT or Win2K?? If Win2K the option is already in built and all you will need to do is point to the Radius Server. If NT currently unsupported but may be a patch around somewhere?? Thanks Solomon -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of CGI Sent: Wednesday, April 03, 2002 11:34 AM To: [EMAIL PROTECTED] Subject: PDC insted of Mysql I instaled Mysql and Freeradius on Rh 7.2, run the test and bring the box in production. But now my manager want the authentication to be done aginst PDC domain. What should I use for authentication...mschap? Thanks in advance. Jo __ Find, Connect, Date! http://personals.yahoo.ca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PDC insted of Mysql
I instaled Mysql and Freeradius on Rh 7.2, run the test and bring the box in production. But now my manager want the authentication to be done aginst PDC domain. What should I use for authentication...mschap? Thanks in advance. Jo __ Find, Connect, Date! http://personals.yahoo.ca - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: EAP-MD5: EAP-TLS
hello :-) "McNutt, Justin M." wrote: > > Okay, so the way that Microsoft's RADIUS server gets away with this is due to the >fact that in > a Microsoft domain, user names and passwords are not stored using strong (one-way) >encryption. > You can decrypt the password file. > > So when an EAP request comes in to an MS RADIUS server, MS decrypts your password, >then > encrypts it again using EAP-MD5, which it can then check against the string that >came from the > NAS. > > Right? no idea :-) never been in touch with MS Radius and RAS and all this stuff. In any case it has to have the clear text password since it _should_ not be possible to derive the password from the authentication string (there is no proof, though :-)) EAP-TLS has been developed by Mr. Adoba (et al.) who is currently working for Microsoft if I'm not completely mistaken. It represents a complete TLS exchange using EAP. EAP itself is only the negotiation scheme and the carrier frame for the negotiated protocol. So, I guess that the real challenge during the protocol development was the segmentation of TLS packets which can become rather huge with all the certificate stuff in them. EAP-TLS should be natively supported by every WinXP box (well, I'm not sure for the "home edition"...) which is interesting from the customer's/user's point of view. (Besides: Does anybody know something about such support (for WiFi) in Linux? Would be very interesting to get some links.) Above all, EAP-TLS is an alternative because it's not at all limited to a whatever form of passwords and provides for the usage of strong encryption, in contrast to a CHAP-like MD5-protection: D-H exchanges based on different groups, TDES, client- and server certificates, etc., briefly all the stuff which is defined by TLS. Regards, artur PS great job, the support for EAP-TLS in freeradius thank you! we are trying to test it right know, i would be happy to give some feedback as soon as we have something to tell! (ah) -- hecker -at- enst.fr - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: FW: EAP-MD5: Password sources
> On Tue, Apr 02, 2002 at 04:43:43PM -0600, McNutt, Justin M. wrote: > > Okay, so the way that Microsoft's RADIUS server gets away > with this is due to the fact that in a Microsoft domain, user > names and passwords are not stored using strong (one-way) > encryption. You can decrypt the password file. > > > > No. Microsoft stores a cleartext equivalent of the password. In terms of being able to get the cleartext password itself, this is the same thing. While unix stores a one-way encrypted version of your password, Microsoft stores a hash that can be trivially defeated. > > So when an EAP request comes in to an MS RADIUS server, MS > decrypts your password, then encrypts it again using EAP-MD5, > which it can then check against the string that came from the NAS. > > No, it hashes the cleartext equivalant the same way the client does. > It then compares the two hashes. Again, same idea. MS uses the repository of password-equivalent strings that are stored in Active Directory, the NT domain, whatever to compare against the authentication string provided in the EAP request. The problem I have with all of this is the fact that the actual passwords can be deduced using the "cleartext equivalent" that MS stores. This is a huge weakness in NT/2K-based authentication that I was hoping to get around using FreeRADIUS. Unfortunately the way EAP-MD5 works with FreeRADIUS is just as bad (or worse) from the standpoint of having a file somewhere with all of my users' passwords in them in cleartext (or a trivially-decodable) form. So if I want to use FreeRADIUS and EAP, EAP-TLS is the only option I have left (so far). --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FW: EAP-MD5: Password sources
On Tue, Apr 02, 2002 at 04:43:43PM -0600, McNutt, Justin M. wrote: > Okay, so the way that Microsoft's RADIUS server gets away with this is due to the >fact that in a Microsoft domain, user names and passwords are not stored using strong >(one-way) encryption. You can decrypt the password file. > No. Microsoft stores a cleartext equivalent of the password. > So when an EAP request comes in to an MS RADIUS server, MS decrypts your password, >then encrypts it again using EAP-MD5, which it can then check against the string that >came from the NAS. > > Right? No, it hashes the cleartext equivalant the same way the client does. It then compares the two hashes. > And the "real" alternative is to use EAP-TLS, correct? dunno /fc > -Original Message- > hello > > > > I don't understand where this restriction comes from. Once the FreeRADIUS server >gets the > > password from the NAS, what prevents it from checking that password against >/etc/shadow, > > PAM, another RADIUS server, or whatever? > > in fact, it's not a restriction of freeradius. it's a necessary > restriction of the CHAP (and EAP-MD5, which is basically the same). > > the problem is that the client doesn't send a password which the server > can check against whatever in whichever way. the client sends an > authentication string (i'm not going to be very precise, it's the > principal which we are talking about) produced by the user basically out > of user's identity, the challenge sent before by the server, etc. and of > course the password itself. what's good about this authentication string > is that you can't guess whatever information has been taken to create it > by just looking at the result (it's usually a cryptographic hash built > using MD5, so a one-way function with rare collisions). the second good > thing about it: it's very improbable, that you will be successful in > producing the same result just using some crap instead of values used by > the user. > > so, the only way to verify such an authentication string on the server > side is to re-compute it the same way the client did. the only > (theoretical) way to do so is to have the same input values and to > process them in the same order and in the same concatenation through the > same algorithm (MD5). then you compare the results. if they don't match > - the user loses. if they do, the server sends the accept message. > > so, the server needs the unencrypted password. > > > hope this helps. > > artur > > > -- > Artur Hecker Groupe Accès et Mobilité > [EMAIL PROTECTED] Département Informatique et Réseaux > +33 1 45 81 7507 46, rue Barrault 75634 Paris cedex 13 > http://www.infres.enst.frENST Paris > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: PIX and Radius
The cisco documentation is very detailed on how to get this working, so that's a good start. The only part that's lacking is how to configure radius to pass the corect acl back to the PIX. For that, I use: Reply-Message = "acl=xxx" in each user's definition, where xxx represents the PIX acl that you want applied to the session. dan > I am begining with radius, I am novice in this, I have a pix Cisco 501, but > now I need to authenticate to the users, I installed radius, I read the > documentation for configure users for dialup but I not found information for > local user or using a pix. > > Somebody can help me? > > Thanks in Advanced, > > Regards, > > _ > MSN Photos es la manera más sencilla de compartir e imprimir sus fotos: > http://photos.latam.msn.com/Support/WorldWide.aspx > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: EAP-MD5: Password sources
Okay, so the way that Microsoft's RADIUS server gets away with this is due to the fact that in a Microsoft domain, user names and passwords are not stored using strong (one-way) encryption. You can decrypt the password file. So when an EAP request comes in to an MS RADIUS server, MS decrypts your password, then encrypts it again using EAP-MD5, which it can then check against the string that came from the NAS. Right? And the "real" alternative is to use EAP-TLS, correct? --J -Original Message- hello > I don't understand where this restriction comes from. Once the FreeRADIUS server >gets the > password from the NAS, what prevents it from checking that password against >/etc/shadow, > PAM, another RADIUS server, or whatever? in fact, it's not a restriction of freeradius. it's a necessary restriction of the CHAP (and EAP-MD5, which is basically the same). the problem is that the client doesn't send a password which the server can check against whatever in whichever way. the client sends an authentication string (i'm not going to be very precise, it's the principal which we are talking about) produced by the user basically out of user's identity, the challenge sent before by the server, etc. and of course the password itself. what's good about this authentication string is that you can't guess whatever information has been taken to create it by just looking at the result (it's usually a cryptographic hash built using MD5, so a one-way function with rare collisions). the second good thing about it: it's very improbable, that you will be successful in producing the same result just using some crap instead of values used by the user. so, the only way to verify such an authentication string on the server side is to re-compute it the same way the client did. the only (theoretical) way to do so is to have the same input values and to process them in the same order and in the same concatenation through the same algorithm (MD5). then you compare the results. if they don't match - the user loses. if they do, the server sends the accept message. so, the server needs the unencrypted password. hope this helps. artur -- Artur Hecker Groupe Accès et Mobilité [EMAIL PROTECTED]Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
PIX and Radius
Hi, I am begining with radius, I am novice in this, I have a pix Cisco 501, but now I need to authenticate to the users, I installed radius, I read the documentation for configure users for dialup but I not found information for local user or using a pix. Somebody can help me? Thanks in Advanced, Regards, _ MSN Photos es la manera más sencilla de compartir e imprimir sus fotos: http://photos.latam.msn.com/Support/WorldWide.aspx - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: [fradius] RPM build problem
On Tue, 2 Apr 2002, Brian Hartson wrote: > Seems that rpm does like these options > > rpm -bt freeradius-0.5.tar.gz > > -bt:unknown option rpm has depricated rpm -b series Build options for almost two years -- these options have gone away, and are not coming back. rpm is, in effect, now just a case statement handler to fire off the correct binary to handle a given function. There are too many option variants and not enough letters to cleanly maintain back compatability. (This is not stricly what is happening, but is close enough for proper analysis) see: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=42473 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=59606 where I argued the other side of this debate, and did not prevail. Please use: rpmbuild -bt freeradius-0.5.tar.gz Russ Herrold - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RPM build problem
try -tb Stu On Tue, 2 Apr 2002, Brian Hartson wrote: > > Seems that rpm does like these options > > rpm -bt freeradius-0.5.tar.gz > > -bt:unknown option > > Brian > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > -- Thanks Stuart Cheshire # Chaos reigns within Reflect, repent, and reboot Order shall return. Windows XP crashed I am the Blue Screen of Death No one hears your screams. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RPM build problem
Seems that rpm does like these options rpm -bt freeradius-0.5.tar.gz -bt:unknown option Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: RPM build problem...
Mike, Just type rpm -bt freeradius.tar.gz This should make the RPMs out of the tar, without all that work. Regards, Edgard > -Original Message- > From: Mike Cisar [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 01, 2002 4:54 PM > To: [EMAIL PROTECTED] > Subject: RPM build problem... > > > I've just downloaded the 0.5 version of FreeRadius and have tried to > build a RedHat RPM under RedHat 7.2 using the spec file > included in the > tarball. > > I've put the tarball in /usr/src/redhat/SOURCES, extracted > the specfile > and placed it in /usr/src/redhat/SPECS and then used the commandline > "rpm -bb freeradius.spec" following is the last bit of the build > output... > > -rw-r--r-- freerad/web5602 2002-03-11 10:38:15 > freeradius-0.5/todo/TODO > -rw-r--r-- freerad/web1730 1999-08-16 10:55:12 > freeradius-0.5/todo/proposed-new-users > -rw-r--r-- freerad/web3329 2002-01-18 04:39:16 > freeradius-0.5/todo/serverside-ip-pools > + STATUS=0 > + '[' 0 -ne 0 ']' > + cd freeradius-0.5 > ++ /usr/bin/id -u > + '[' 0 = 0 ']' > + /bin/chown -Rhf root . > ++ /usr/bin/id -u > + '[' 0 = 0 ']' > + /bin/chgrp -Rhf root . > + /bin/chmod -Rf a+rX,g-w,o-w . > + > : command not found483: > error: Bad exit status from /var/tmp/rpm-tmp.90483 (%prep) > > RPM build errors: > Bad exit status from /var/tmp/rpm-tmp.90483 (%prep) > > Sorry to say that my expertise with building RPMS from source > ends when > things go wrong :-) It appears that this rpm-tmp.x file > is created > on the fly somehow, but in looking at the file after the build fails, > the only command following the last chmod that appears above > is an "exit > 0" > > Can anybody point me in the right direction as to what might be going > wrong with the build? > > Thanks much! > > > Mike < > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.343 / Virus Database: 190 - Release Date: 3/22/2002 > > --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.343 / Virus Database: 190 - Release Date: 3/22/2002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: can't get detail logging to work
Heiko Blume wrote: > > hi, > > please forgive my ingorance :-) > > i installed freeradius, and it works fine (great job!), but it does not > want to write the detail files for me > Sending Access-Accept of id 80 to 127.0.0.1:3280 > Service-Type = Framed-User > Framed-Protocol = PPP > Framed-IP-Address = 255.255.255.254 > Framed-MTU = 1500 > Service-Type = Framed-User > Finished request 0 > Going to the next request > Thread 1 waiting to be assigned a request > > The directory /home/htel/radius-1/var/log/radius/radacct/DOES exist, > but no directories/files > show up there. i ran strace on it and it doesn't even seem to try to > open/stat it... > i created the directory for one of the clients manually - nothing. > > what am i missing here? Accounting packets are missing in the logs you posted. Probably that is the reason radacct directory is empty. Make sure your NAS sends accounting packets. (( )) | |.| HereUAre !! |_| (( Raghu )) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dialup-Admin
When I change the following line in accounting.php: $link = @da_sql_pconnect($config) or die... to $link = mysql_pconnect(localhost, ,) or die... I can connect to the db and the accounting page works just fine. A problem with my config file? A problem with this "@da_sql_pconnect" function? (I can't seem to find it referenced at php.net so I'm assuming it's a function somewhere in the dialup-admin stuff but I can't find it. I'm just looking for some suggestions folks. Thanks. ~ Jason - Original Message - From: "Jason M. Weber" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: April 02, 2002 9:14 AM Subject: Dialup-Admin > When Apache was initially set up during the Caldera OpenLinux installation > the default php extension was set to just "php" rather than php3. So I > renamed all of the dialup-admin files to have a php extension and I edited > them all replacing php3 with php. Everything appears to be working for the > most part; radiusd, MySQL, and Apache are all running. But when I try to use > the Dialup_Admin I ran into some problems: > > When I click on: > > Accounting: cannot connect to sql databse >Problem line appears to be "$link = @da_sql_pconnect($config) or die... >Obviously the script is unable to open a persistent connection to the > MySQL db. Any ideas? > > Edit User: Could not connect to database. > New User: Could not connect to database. > Check Server: Could not connect to database. > > I have changed the sql_username and sql_password in admin.conf. Can MySQL > usernames have an underscore in them? The MySQL user that I set up for > radius was "dialup_admin", could this be the problem? Clearly I'm missing > something big (not unusual). > > Are these problems related to my tinkering around with the file extensions? > > Thanks much. > > ~ Jason > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP POOL
Hi all, I´m testing freeradius and ldap( with radtest utility, i have not another ras server that one is running whith another radius ), and it seems to work fine. Now the problem: I had read in users file this: # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULTService-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULTService-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes and in my ldap base i have an entry: dn: uid=pepe,ou=miembros,dc=midominio.es,o=miempresa objectclass: person objectclass: radiusprofile cn: JOSE uid: pepe radiusServiceType: Framed-User radiusFramedProtocol: PPP radiusFramedIPAddress: 192.168.254.1+ radiusFramedIPNetmask: 255.255.255.255 . . . . . . . Well, wich is the limit for dinamic IP address? 192.168.254.1+ meaning that all of 192.168.254.0/255.255.255.0 is available for dynamic ip? I need delimit my pool to few ips, how can i do it? Thanks at all, and sorry for my poor english Jacobo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dialup-Admin
>When Apache was initially set up during the Caldera OpenLinux installation >the default php extension was set to just "php" rather than php3. So I >renamed all of the dialup-admin files to have a php extension and I edited >them all replacing php3 with php. Everything appears to be working for the why did you not just edit the httpd.conf file and add '.php3' after the .php include?? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
can't get detail logging to work
hi, please forgive my ingorance :-) i installed freeradius, and it works fine (great job!), but it does not want to write the detail files for me radiusd: FreeRADIUS Version 0.5, for host i686-pc-linux-gnu, built on Mar 20 2002 at 11:22:28 in radiusd.conf i have: detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail detailperm = 0600 } accounting { detail radutmp acct_unique } and when i run radiusd with -xx only and do a "radtest bla bla localhost 1 testing123" i get [BLA] Module: Loaded detail detail: detailfile = "/home/htel/radius-1/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 Module: Instantiated detail (detail) [more BLA] Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:3280, id=80, length=52 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Nothing to do. Sleeping until we see a request. Thread 1 handling request 0, (1 handled so far) User-Name = "bla" User-Password = "\270\353(\305\017\032\0002m\342\rg|*\370" NAS-IP-Address = 255.255.255.255 NAS-Port-Id = "1" modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "suffix" returns ok users: Matched DEFAULT at 233 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user Sending Access-Accept of id 80 to 127.0.0.1:3280 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-MTU = 1500 Service-Type = Framed-User Finished request 0 Going to the next request Thread 1 waiting to be assigned a request The directory /home/htel/radius-1/var/log/radius/radacct/DOES exist, but no directories/files show up there. i ran strace on it and it doesn't even seem to try to open/stat it... i created the directory for one of the clients manually - nothing. what am i missing here? TIA, hb - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-MD5: Password sources
hello > I don't understand where this restriction comes from. Once the FreeRADIUS server >gets the > password from the NAS, what prevents it from checking that password against >/etc/shadow, > PAM, another RADIUS server, or whatever? in fact, it's not a restriction of freeradius. it's a necessary restriction of the CHAP (and EAP-MD5, which is basically the same). the problem is that the client doesn't send a password which the server can check against whatever in whichever way. the client sends an authentication string (i'm not going to be very precise, it's the principal which we are talking about) produced by the user basically out of user's identity, the challenge sent before by the server, etc. and of course the password itself. what's good about this authentication string is that you can't guess whatever information has been taken to create it by just looking at the result (it's usually a cryptographic hash built using MD5, so a one-way function with rare collisions). the second good thing about it: it's very improbable, that you will be successful in producing the same result just using some crap instead of values used by the user. so, the only way to verify such an authentication string on the server side is to re-compute it the same way the client did. the only (theoretical) way to do so is to have the same input values and to process them in the same order and in the same concatenation through the same algorithm (MD5). then you compare the results. if they don't match - the user loses. if they do, the server sends the accept message. so, the server needs the unencrypted password. hope this helps. artur -- Artur Hecker Groupe Accès et Mobilité [EMAIL PROTECTED]Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dialup-Admin
When Apache was initially set up during the Caldera OpenLinux installation the default php extension was set to just "php" rather than php3. So I renamed all of the dialup-admin files to have a php extension and I edited them all replacing php3 with php. Everything appears to be working for the most part; radiusd, MySQL, and Apache are all running. But when I try to use the Dialup_Admin I ran into some problems: When I click on: Accounting: cannot connect to sql databse Problem line appears to be "$link = @da_sql_pconnect($config) or die... Obviously the script is unable to open a persistent connection to the MySQL db. Any ideas? Edit User: Could not connect to database. New User: Could not connect to database. Check Server: Could not connect to database. I have changed the sql_username and sql_password in admin.conf. Can MySQL usernames have an underscore in them? The MySQL user that I set up for radius was "dialup_admin", could this be the problem? Clearly I'm missing something big (not unusual). Are these problems related to my tinkering around with the file extensions? Thanks much. ~ Jason - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject).. compiling freeradius with mysql.... solved
Hi Thanks NN for your cooperation. I have found the problem. the env variable LD_LIBRARY_PATH was not working properly as it was not defined in proper login script. After adding the following line in .profile, everything worked fine. LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib A small mistake but big problem. Thanks again Aqeel -- Nikodim Nikodimov <[EMAIL PROTECTED]> wrote: > Well I don't know how is it with shared libraries in > Solaris...:(( > see this information in the beginning of the > rasius.conf file > > # > # libdir: Where to find the rlm_* modules. > # > # This should be automatically set at > configuration time. > # > # If the server builds and installs, but fails at > execution time > # with an 'undefined symbol' error, then you can > use the libdir > # directive to work around the problem. > # > # The cause is usually that a library has been > installed on your > # system in a place where the dynamic linker > CANNOT find it. When > # executing as root (or another user), your > personal environment MAY > # be set up to allow the dynamic linker to find > the library. When > # executing as a daemon, FreeRADIUS MAY NOT have > the same > # personalized configuration. > # > # To work around the problem, find out which > library contains that symbol, > # and add the directory containing that library to > the end of 'libdir', > # with a colon separating the directory names. NO > spaces are allowed. > # > # e.g. libdir = /usr/local/lib:/opt/package/lib > # > # If that does not work, then you can re-configure > and re-build the > # server to NOT use shared libraries, via: > # > # ./configure --disable-shared > # make > # make install > # > > NN > - Original Message - > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, April 02, 2002 2:56 PM > Subject: Re: (no subject).. compiling freeradius > with mysql. > > > > I am using freeradius on solaris 2.7. There is no > > /etc/ld.so.conf file and also there is no ldconfig > > file. I have installed gnu binutil but still these > > files are not avaiable. > > > > Thanks for your reply. > > Aqeel > > > > --- Nikodim Nikodimov <[EMAIL PROTECTED]> > wrote: > > > Do you have in /etc/ld.so.conf > > > /usr/local/lib > > > > > > this file tells where to search for shred > > > libraries...if you don't put it > > > and make ldconfig...to update ld.so.cache > > > > > > NN > > > > > > - Original Message - > > > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Tuesday, April 02, 2002 1:21 PM > > > Subject: Re: (no subject).. compiling freeradius > > > with mysql. > > > > > > > > > > I installed mysql from source and mysql.h is > there > > > in > > > > include directory . With ./configure command i > > > also > > > > provided this include directory. But still I > dont > > > know > > > > whether rlm_sql_mysql has been compiled or > not. In > > > > /usr/local/lib i have the following files > related > > > to > > > > sql. > > > > > > > > rlm_sql.a, rlm_sql.so.0.0.0, > rlm_sql_mysql.so.0 > > > > rlm_sql.la, rlm_sql_mysql.a, > > > rlm_sql_mysql.so.0.0.0 > > > > rlm_sql.so, rlm_sql_mysql.la, rlm_sql.so.0 > > > > rlm_sql_mysql.so > > > > > > > > Thanks for your reply. > > > > Aqeel > > > > --- Nikodim Nikodimov <[EMAIL PROTECTED]> > > > wrote: > > > > > This happens probably because you don't have > > > > > rlm_sql_mysql compiled. How did > > > > > you install mysql? > > > > > from source or rpm...I had the same problem, > > > because > > > > > first I had mysql from > > > > > rpm...and I didn't have mysql.h...and some > other > > > > > header files...so I > > > > > installed mysql from source...and after then > I > > > > > reinstalled freeradius and > > > > > after that I had rlm_sql_mysql. > > > > > > > > > > NN > > > > > > > > > > - Original Message - > > > > > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > Sent: Tuesday, April 02, 2002 12:24 PM > > > > > Subject: (no subject) > > > > > > > > > > > > > > > > HI all > > > > > > I am trying to run radius with mysql. when > i > > > start > > > > > > radius the following error message is > shown. > > > > > > > > > > > > Starting - reading configuration files ... > > > > > > Module: Loaded SQL > > > > > > rlm_sql: Could not link driver > rlm_sql_mysql: > > > file > > > > > not > > > > > > found > > > > > > rlm_sql: Make sure it (and all its > dependent > > > > > > libraries!) are in the search path > > > > > > of your system's ld. > > > > > > radiusd.conf[4]: sql: Module instantiation > > > failed. > > > > > > > > > > > > what should i do in this case. > > > > > > > > > > > > Thanks for your help. > > > > > > Aqeel > > > > > > > > > > > > > > > > > > > > > > > > > > > > __ > > > > > > Do You Yahoo!? > > > > > > Yahoo! Tax Center - online filing with > > > TurboTax > > > > > > http://http://taxes.y
Re: (no subject).. compiling freeradius with mysql.
Well I don't know how is it with shared libraries in Solaris...:(( see this information in the beginning of the rasius.conf file # # libdir: Where to find the rlm_* modules. # # This should be automatically set at configuration time. # # If the server builds and installs, but fails at execution time # with an 'undefined symbol' error, then you can use the libdir # directive to work around the problem. # # The cause is usually that a library has been installed on your # system in a place where the dynamic linker CANNOT find it. When # executing as root (or another user), your personal environment MAY # be set up to allow the dynamic linker to find the library. When # executing as a daemon, FreeRADIUS MAY NOT have the same # personalized configuration. # # To work around the problem, find out which library contains that symbol, # and add the directory containing that library to the end of 'libdir', # with a colon separating the directory names. NO spaces are allowed. # # e.g. libdir = /usr/local/lib:/opt/package/lib # # If that does not work, then you can re-configure and re-build the # server to NOT use shared libraries, via: # # ./configure --disable-shared # make # make install # NN - Original Message - From: "Aqeel Anwar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 02, 2002 2:56 PM Subject: Re: (no subject).. compiling freeradius with mysql. > I am using freeradius on solaris 2.7. There is no > /etc/ld.so.conf file and also there is no ldconfig > file. I have installed gnu binutil but still these > files are not avaiable. > > Thanks for your reply. > Aqeel > > --- Nikodim Nikodimov <[EMAIL PROTECTED]> wrote: > > Do you have in /etc/ld.so.conf > > /usr/local/lib > > > > this file tells where to search for shred > > libraries...if you don't put it > > and make ldconfig...to update ld.so.cache > > > > NN > > > > - Original Message - > > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, April 02, 2002 1:21 PM > > Subject: Re: (no subject).. compiling freeradius > > with mysql. > > > > > > > I installed mysql from source and mysql.h is there > > in > > > include directory . With ./configure command i > > also > > > provided this include directory. But still I dont > > know > > > whether rlm_sql_mysql has been compiled or not. In > > > /usr/local/lib i have the following files related > > to > > > sql. > > > > > > rlm_sql.a, rlm_sql.so.0.0.0, rlm_sql_mysql.so.0 > > > rlm_sql.la, rlm_sql_mysql.a, > > rlm_sql_mysql.so.0.0.0 > > > rlm_sql.so, rlm_sql_mysql.la, rlm_sql.so.0 > > > rlm_sql_mysql.so > > > > > > Thanks for your reply. > > > Aqeel > > > --- Nikodim Nikodimov <[EMAIL PROTECTED]> > > wrote: > > > > This happens probably because you don't have > > > > rlm_sql_mysql compiled. How did > > > > you install mysql? > > > > from source or rpm...I had the same problem, > > because > > > > first I had mysql from > > > > rpm...and I didn't have mysql.h...and some other > > > > header files...so I > > > > installed mysql from source...and after then I > > > > reinstalled freeradius and > > > > after that I had rlm_sql_mysql. > > > > > > > > NN > > > > > > > > - Original Message - > > > > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > > > > To: <[EMAIL PROTECTED]> > > > > Sent: Tuesday, April 02, 2002 12:24 PM > > > > Subject: (no subject) > > > > > > > > > > > > > HI all > > > > > I am trying to run radius with mysql. when i > > start > > > > > radius the following error message is shown. > > > > > > > > > > Starting - reading configuration files ... > > > > > Module: Loaded SQL > > > > > rlm_sql: Could not link driver rlm_sql_mysql: > > file > > > > not > > > > > found > > > > > rlm_sql: Make sure it (and all its dependent > > > > > libraries!) are in the search path > > > > > of your system's ld. > > > > > radiusd.conf[4]: sql: Module instantiation > > failed. > > > > > > > > > > what should i do in this case. > > > > > > > > > > Thanks for your help. > > > > > Aqeel > > > > > > > > > > > > > > > > > > > > > > __ > > > > > Do You Yahoo!? > > > > > Yahoo! Tax Center - online filing with > > TurboTax > > > > > http://http://taxes.yahoo.com/ > > > > > > > > > > - > > > > > List info/subscribe/unsubscribe? See > > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > __ > > > Do You Yahoo!? > > > Yahoo! Tax Center - online filing with TurboTax > > > http://http://taxes.yahoo.com/ > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > __ > Do You Yahoo!
Re: (no subject).. compiling freeradius with mysql.
I am using freeradius on solaris 2.7. There is no /etc/ld.so.conf file and also there is no ldconfig file. I have installed gnu binutil but still these files are not avaiable. Thanks for your reply. Aqeel --- Nikodim Nikodimov <[EMAIL PROTECTED]> wrote: > Do you have in /etc/ld.so.conf > /usr/local/lib > > this file tells where to search for shred > libraries...if you don't put it > and make ldconfig...to update ld.so.cache > > NN > > - Original Message - > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, April 02, 2002 1:21 PM > Subject: Re: (no subject).. compiling freeradius > with mysql. > > > > I installed mysql from source and mysql.h is there > in > > include directory . With ./configure command i > also > > provided this include directory. But still I dont > know > > whether rlm_sql_mysql has been compiled or not. In > > /usr/local/lib i have the following files related > to > > sql. > > > > rlm_sql.a, rlm_sql.so.0.0.0, rlm_sql_mysql.so.0 > > rlm_sql.la, rlm_sql_mysql.a, > rlm_sql_mysql.so.0.0.0 > > rlm_sql.so, rlm_sql_mysql.la, rlm_sql.so.0 > > rlm_sql_mysql.so > > > > Thanks for your reply. > > Aqeel > > --- Nikodim Nikodimov <[EMAIL PROTECTED]> > wrote: > > > This happens probably because you don't have > > > rlm_sql_mysql compiled. How did > > > you install mysql? > > > from source or rpm...I had the same problem, > because > > > first I had mysql from > > > rpm...and I didn't have mysql.h...and some other > > > header files...so I > > > installed mysql from source...and after then I > > > reinstalled freeradius and > > > after that I had rlm_sql_mysql. > > > > > > NN > > > > > > - Original Message - > > > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Tuesday, April 02, 2002 12:24 PM > > > Subject: (no subject) > > > > > > > > > > HI all > > > > I am trying to run radius with mysql. when i > start > > > > radius the following error message is shown. > > > > > > > > Starting - reading configuration files ... > > > > Module: Loaded SQL > > > > rlm_sql: Could not link driver rlm_sql_mysql: > file > > > not > > > > found > > > > rlm_sql: Make sure it (and all its dependent > > > > libraries!) are in the search path > > > > of your system's ld. > > > > radiusd.conf[4]: sql: Module instantiation > failed. > > > > > > > > what should i do in this case. > > > > > > > > Thanks for your help. > > > > Aqeel > > > > > > > > > > > > > > > > > __ > > > > Do You Yahoo!? > > > > Yahoo! Tax Center - online filing with > TurboTax > > > > http://http://taxes.yahoo.com/ > > > > > > > > - > > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > __ > > Do You Yahoo!? > > Yahoo! Tax Center - online filing with TurboTax > > http://http://taxes.yahoo.com/ > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://http://taxes.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP-MD5: Password sources
> There are 2 types of EAP authentications that are currently > supported by > Freeradius > 1. EAP-MD5 > 2. EAP-TLS > > The one which you tested is EAP-md5. It is just similar to CHAP > authentication. > It works only with PLAIN TEXT passwords. > So if you have plain text password stored in files, database or LDAP, > then it works. > > EAP-TLS is Certificate based authentication. I don't understand where this restriction comes from. Once the FreeRADIUS server gets the password from the NAS, what prevents it from checking that password against /etc/shadow, PAM, another RADIUS server, or whatever? --J - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
log files
hi having installed freeradius 0.5, i configured everything and it seems to work perfectly, except that it doesn't log anything to the radutmp, sradutmp and the unix-module radwtmp files. the correspondig modules are active, but there are no files with these names in the $LOGDIR of the installation and if i create them manually, they remain empty. at the same time, i have accounting information written into the "details" file. what's wrong and how can i make freeradius write these log files? the "radwho" output is always empty. thank you very much artur PS i'm using gnu/debian linux 2.2.19 and i compiled freeradius from the sources with no explicit ./configure options set. PPS i'm sorry, since it's the second time i ask, but i didn't get any responses. -- Artur Hecker Groupe Accès et Mobilité [EMAIL PROTECTED]Département Informatique et Réseaux +33 1 45 81 750746, rue Barrault 75634 Paris cedex 13 http://www.infres.enst.fr ENST Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject).. compiling freeradius with mysql.
Do you have in /etc/ld.so.conf /usr/local/lib this file tells where to search for shred libraries...if you don't put it and make ldconfig...to update ld.so.cache NN - Original Message - From: "Aqeel Anwar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 02, 2002 1:21 PM Subject: Re: (no subject).. compiling freeradius with mysql. > I installed mysql from source and mysql.h is there in > include directory . With ./configure command i also > provided this include directory. But still I dont know > whether rlm_sql_mysql has been compiled or not. In > /usr/local/lib i have the following files related to > sql. > > rlm_sql.a, rlm_sql.so.0.0.0, rlm_sql_mysql.so.0 > rlm_sql.la, rlm_sql_mysql.a, rlm_sql_mysql.so.0.0.0 > rlm_sql.so, rlm_sql_mysql.la, rlm_sql.so.0 > rlm_sql_mysql.so > > Thanks for your reply. > Aqeel > --- Nikodim Nikodimov <[EMAIL PROTECTED]> wrote: > > This happens probably because you don't have > > rlm_sql_mysql compiled. How did > > you install mysql? > > from source or rpm...I had the same problem, because > > first I had mysql from > > rpm...and I didn't have mysql.h...and some other > > header files...so I > > installed mysql from source...and after then I > > reinstalled freeradius and > > after that I had rlm_sql_mysql. > > > > NN > > > > - Original Message - > > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Tuesday, April 02, 2002 12:24 PM > > Subject: (no subject) > > > > > > > HI all > > > I am trying to run radius with mysql. when i start > > > radius the following error message is shown. > > > > > > Starting - reading configuration files ... > > > Module: Loaded SQL > > > rlm_sql: Could not link driver rlm_sql_mysql: file > > not > > > found > > > rlm_sql: Make sure it (and all its dependent > > > libraries!) are in the search path > > > of your system's ld. > > > radiusd.conf[4]: sql: Module instantiation failed. > > > > > > what should i do in this case. > > > > > > Thanks for your help. > > > Aqeel > > > > > > > > > > > > __ > > > Do You Yahoo!? > > > Yahoo! Tax Center - online filing with TurboTax > > > http://http://taxes.yahoo.com/ > > > > > > - > > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > > > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > __ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://http://taxes.yahoo.com/ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject).. compiling freeradius with mysql.
I installed mysql from source and mysql.h is there in include directory . With ./configure command i also provided this include directory. But still I dont know whether rlm_sql_mysql has been compiled or not. In /usr/local/lib i have the following files related to sql. rlm_sql.a, rlm_sql.so.0.0.0, rlm_sql_mysql.so.0 rlm_sql.la, rlm_sql_mysql.a, rlm_sql_mysql.so.0.0.0 rlm_sql.so, rlm_sql_mysql.la, rlm_sql.so.0 rlm_sql_mysql.so Thanks for your reply. Aqeel --- Nikodim Nikodimov <[EMAIL PROTECTED]> wrote: > This happens probably because you don't have > rlm_sql_mysql compiled. How did > you install mysql? > from source or rpm...I had the same problem, because > first I had mysql from > rpm...and I didn't have mysql.h...and some other > header files...so I > installed mysql from source...and after then I > reinstalled freeradius and > after that I had rlm_sql_mysql. > > NN > > - Original Message - > From: "Aqeel Anwar" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Tuesday, April 02, 2002 12:24 PM > Subject: (no subject) > > > > HI all > > I am trying to run radius with mysql. when i start > > radius the following error message is shown. > > > > Starting - reading configuration files ... > > Module: Loaded SQL > > rlm_sql: Could not link driver rlm_sql_mysql: file > not > > found > > rlm_sql: Make sure it (and all its dependent > > libraries!) are in the search path > > of your system's ld. > > radiusd.conf[4]: sql: Module instantiation failed. > > > > what should i do in this case. > > > > Thanks for your help. > > Aqeel > > > > > > > > __ > > Do You Yahoo!? > > Yahoo! Tax Center - online filing with TurboTax > > http://http://taxes.yahoo.com/ > > > > - > > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html __ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://http://taxes.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: (no subject)
This happens probably because you don't have rlm_sql_mysql compiled. How did you install mysql? from source or rpm...I had the same problem, because first I had mysql from rpm...and I didn't have mysql.h...and some other header files...so I installed mysql from source...and after then I reinstalled freeradius and after that I had rlm_sql_mysql. NN - Original Message - From: "Aqeel Anwar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 02, 2002 12:24 PM Subject: (no subject) > HI all > I am trying to run radius with mysql. when i start > radius the following error message is shown. > > Starting - reading configuration files ... > Module: Loaded SQL > rlm_sql: Could not link driver rlm_sql_mysql: file not > found > rlm_sql: Make sure it (and all its dependent > libraries!) are in the search path > of your system's ld. > radiusd.conf[4]: sql: Module instantiation failed. > > what should i do in this case. > > Thanks for your help. > Aqeel > > > > __ > Do You Yahoo!? > Yahoo! Tax Center - online filing with TurboTax > http://http://taxes.yahoo.com/ > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
(no subject)
HI all I am trying to run radius with mysql. when i start radius the following error message is shown. Starting - reading configuration files ... Module: Loaded SQL rlm_sql: Could not link driver rlm_sql_mysql: file not found rlm_sql: Make sure it (and all its dependent libraries!) are in the search path of your system's ld. radiusd.conf[4]: sql: Module instantiation failed. what should i do in this case. Thanks for your help. Aqeel __ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://http://taxes.yahoo.com/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html