RE: Ericsson Tigris and FreeRadius
Title: RE: Ericsson Tigris and FreeRadius But now, everybody can login, even the password is wrong.. Is there any method to solve? -Original Message- From: Andrew Tait [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 23, 2002 7:28 AM To: [EMAIL PROTECTED] Subject: Re: Ericsson Tigris and FreeRadius Yes, its a bug in the tigris. Put this in your users file. ACC_DEFAULT Password = radiussecret Framed-Protocol = PPP, Service-Type = Framed-User, Framed-IP-Address = 255.255.255.254, Framed-Compression = Van-Jacobson-TCP-IP Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 It's the smell! If there is such a thing. Agent Smith - The Matrix - Original Message - From: Chris Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 23, 2002 12:10 AM Subject: Re: Ericsson Tigris and FreeRadius At 06:36 PM 4/22/2002 +0800, Patrick Chan wrote: Dear all, I am using Ericsson Tigris and FreeRadius 0.5 I have set the clients, users and proxy.conf proxy.conf is as follows: realm domain1 { type = radius authhost = LOCAL accthost = LOCAL } I don't know why the username is always ACC_DEFAULT when debug mode is enabled. And authentication is never successful. Because that is how the NAS is sending it. It's a problem with the NAS, not with the server. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless! \ Director, Engineering | @ @ | \ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Melt the Heart of your Valentine with this beautiful Screen saver
This e-mail is never sent unsolicited. If you need to unsubscribe, follow the instructions at the bottom of the message. *** Melt the Heart of your loved ones with this beautiful Screen saver from www.screensaverin.com * To remove yourself from this mailing list, point your browser to: http://screensaverin.com/remove?freescreensaver * Enter your email address ([EMAIL PROTECTED]) in the field provided and click Unsubscribe. OR... * Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] X-PMG-Recipient: [EMAIL PROTECTED] attachment: valentin.scr
Melt the Heart of your Valentine with this beautiful Screen saver
This e-mail is never sent unsolicited. If you need to unsubscribe, follow the instructions at the bottom of the message. *** Melt the Heart of your loved ones with this beautiful Screen saver from www.screensaverin.com * To remove yourself from this mailing list, point your browser to: http://screensaverin.com/remove?freescreensaver * Enter your email address ([EMAIL PROTECTED]) in the field provided and click Unsubscribe. OR... * Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] X-PMG-Recipient: [EMAIL PROTECTED] attachment: valentin.scr
Problems in latest CVS
Hello! I'm having problems compiling latest CVS (some minutes ago) on Debian woody. Here are the errors (I also attach complete logs): in configure: checking gethostbyaddr_r() syntax... GNU-style checking for isql.h... no creating ./config.status creating ./Make.inc sed: file conftest.s1 line 46: Unterminated `s' command creating ./src/include/build-radpaths-h sed: file conftest.s1 line 46: Unterminated `s' command creating ./src/main/checkrad.pl sed: file conftest.s1 line 46: Unterminated `s' command creating ./src/main/radlast sed: file conftest.s1 line 46: Unterminated `s' command creating ./src/main/radtest sed: file conftest.s1 line 46: Unterminated `s' command creating ./scripts/rc.radiusd sed: file conftest.s1 line 46: Unterminated `s' command creating ./scripts/radwatch sed: file conftest.s1 line 46: Unterminated `s' command creating ./scripts/check-radiusd-config sed: file conftest.s1 line 46: Unterminated `s' command and so on.. I guess that script is broken (or not compatible with my sed?) and then when doing make: cc -D_LIBRADIUS -I../include -c md5.c cc -D_LIBRADIUS -I../include -c hmac.c cc -D_LIBRADIUS -I../include -c -o snprintf.o snprintf.c mode=link ld dict.o print.o radius.o valuepair.o token.o misc.o log.o filters.o missing.o md5.o hmac.o snprintf.o -o radius.a ld: warning: cannot find entry symbol _start; defaulting to 08048080 dict.o: In function `dict_free': dict.o(.text+0x29): undefined reference to `free' dict.o(.text+0x61): undefined reference to `free' dict.o(.text+0x99): undefined reference to `free' dict.o(.text+0xd6): undefined reference to `memset' dict.o: In function `dict_addvendor': dict.o(.text+0x118): undefined reference to `strlen' dict.o(.text+0x146): undefined reference to `malloc' dict.o(.text+0x17d): undefined reference to `strcpy' dict.o: In function `dict_addattr': dict.o(.text+0x1b7): undefined reference to `strlen' and so on.. libtool problem? Any ideas? freeradius 0.5 compiles OK out of the box. Thanks! - Pasi Kärkkäinen ^ . . Linux /-\ Choice.of.the .Next.Generation. loading cache ./config.cache checking for gcc... (cached) gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking how to run the C preprocessor... (cached) gcc -E checking whether gcc needs -traditional... (cached) no checking whether we are using SUNPro C... (cached) no checking for ranlib... (cached) ranlib checking for gmake... (cached) no checking for make... (cached) /usr/bin/make checking for main in -lltdl... (cached) yes checking host system type... i686-pc-linux-gnu checking build system type... i686-pc-linux-gnu checking for ld used by GCC... (cached) /usr/bin/ld checking if the linker (/usr/bin/ld) is GNU ld... (cached) yes checking for BSD-compatible nm... (cached) /usr/bin/nm -B checking whether ln -s works... (cached) yes loading cache ./config.cache within ltconfig checking for ar... ar checking for object suffix... o checking for executable suffix... (cached) no checking for gcc option to produce PIC... -fPIC checking if gcc PIC flag -fPIC works... yes checking if gcc supports -c -o file.o... yes checking if gcc supports -c -o file.lo... yes checking if gcc supports -fno-rtti -fno-exceptions ... yes checking if gcc static flag -static works... -static checking if the linker (/usr/bin/ld) is GNU ld... yes checking whether the linker (/usr/bin/ld) supports shared libraries... yes checking command to parse /usr/bin/nm -B output... ok checking how to hardcode library paths into programs... immediate checking for /usr/bin/ld option to reload object files... -r checking dynamic linker characteristics... Linux ld.so checking if libtool supports shared libraries... yes checking whether to build shared libraries... yes checking whether to build static libraries... yes checking for objdir... .libs checking for dlfcn.h... (cached) yes checking whether a program can dlopen itself... (cached) yes checking whether a statically linked program can dlopen itself... (cached) no creating libtool loading cache ./config.cache checking logdir... ${localstatedir}/log/radius checking radacctdir... ${logdir}/radacct checking raddbdir... ${sysconfdir}/raddb checking for perl... (cached) /usr/bin/perl checking for snmpget... (cached) /usr/local/bin/snmpget checking for snmpwalk... (cached) /usr/local/bin/snmpwalk checking for rusers... (cached) /usr/bin/rusers checking for working aclocal... found checking for working autoconf... found checking for working autoheader... found checking for locate... (cached) /usr/bin/locate checking for dirname... (cached)
problem building rlm_ldap
I have tried to get rlm_ldap to build, but w/o success. The problem seems to be that the code in the configure-script testing if the lber- and ldap- libraries works, doesn't work on my platform (Solaris 8/SPARC/gcc). I have fixed the lber test code by replacing: #include confdefs.h extern char ber_init(); int main() { ber_init() ; return 0; } with #include confdefs.h #include lber.h int main () { struct berval *bv; ber_init(bv); return 0; } in the configure script in the rlm_ldap directory. As the ldap test failed in a similiar manner, I tried to do the same thing here, replacing: #include confdefs.h extern char ldap_init(); int main() { ldap_init() ; return 0; } with #include confdefs.h #include ldap.h int main () { char *name = foo; int port = 1; ldap_init(name, port); return 0; } However, this does not work. I guess it is because my test program doesn't compile: ducati(bn) rlm_ldap 1315$ gcc -I/local/db/openldap/2.0.21/include -L/local/db/openldap/2.0.21/lib -llber -lldap -lnsl -lsocket -lrt testlibldap.c Undefined first referenced symbol in file SSL_library_init/local/db/openldap/2.0.21/lib/libldap.so ERR_error_string/local/db/openldap/2.0.21/lib/libldap.so SSL_CTX_set_cipher_list /local/db/openldap/2.0.21/lib/libldap.so SSL_CIPHER_get_bits /local/db/openldap/2.0.21/lib/libldap.so CRYPTO_free /local/db/openldap/2.0.21/lib/libldap.so X509_get_issuer_name/local/db/openldap/2.0.21/lib/libldap.so To me, it looks like I am missing some crypto libraries, but these should not be required to compile? Anyway, let's go back to the original problem. This is the complete output from the configure script: ducati(bn) rlm_ldap 1317$ ./configure --with-rlm-ldap-lib-dir=/local/db/openldap/2.0.21/lib --with-rlm-ldap-include-dir=/local/db/openldap/2.0.21/include creating cache ./config.cache checking for gcc... /local/gnu/bin/gcc checking whether the C compiler (/local/gnu/bin/gcc ) works... yes checking whether the C compiler (/local/gnu/bin/gcc ) is a cross-compiler... nochecking whether we are using GNU C... yes checking whether /local/gnu/bin/gcc accepts -g... yes checking for inet_aton in -lresolv... yes checking for lber.h... yes checking for ldap.h... yes checking for sasl_encode in -lsasl... no checking for DH_new in -lcrypto... no checking for SSL_new in -lssl... no checking for ber_init in -llber... yes checking for ldap_init in -lldap... no configure: warning: silently not building rlm_ldap. configure: warning: FAILURE: rlm_ldap requires: libldap. updating cache ./config.cache creating ./config.status creating Makefile ducati(bn) rlm_ldap 1318$ I have checked that the configure script does indeed try the compile the tests with the correct paths (ie. /local/db/openldap/...), and I am quite certain it does find the libraries/includes it needs. I have tried this with both FreeRADIUS 0.5, and the lates from CVS. Any help greatly appreciated! -- We tend to meet any new situation by reorganising; and a wonderful method it can be for creating the illusion of progress while producing confusion, inefficiency and demoralisation.-- Gaius Petronius, 60 AD - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius + Ldap
Alexandre escribió: hi all i installing a freradius with Ldap suport. the radius.conf file i put the directives that my ldap server and etc ... how can i test the ldap autentication radtest Jacobo tanks Alexandre - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Melt the Heart of your Valentine with this beautiful Screen saver
DO SOMETHING ABOUT THE BELOW! -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Screen Saver Sent: Tuesday, April 23, 2002 11:54 PM To: [EMAIL PROTECTED] Subject: Melt the Heart of your Valentine with this beautiful Screen saver Content-Transfer-Encoding: quoted-printable This e-mail is never sent unsolicited. If you need to unsubscribe, follow the instructions at the bottom of the message. *** Melt the Heart of your loved ones with this beautiful Screen saver from www.screensaverin.com * To remove yourself from this mailing list, point your browser to: http://screensaverin.com/remove?freescreensaver * Enter your email address ([EMAIL PROTECTED]) in the field provided and click Unsubscribe. OR... * Reply to this message with the word remove in the subject line. This message was sent to address [EMAIL PROTECTED] X-PMG-Recipient: [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Melt the Heart of your Valentine with this beautiful Screen s
DO SOMETHING ABOUT THE BELOW! Try not to get your veins in a knot. It's a little hard to do something after it's been sent, I'm not sure if this one is a repeat offender or not, but yelling at people on this list is not going to help the situation. I can't remember, was the list made members only post? Might cut down the number of people posting to the list with subscribe in the body to :-) Bounce message I'm sorry, this list is members only posting, to become a member, please follow the instructions listed here link. To send spam, please print message out, and insert in orifice. Matt. -- This email is encrypted. To de-crypt : 1) Run the WhatITyped2WhatIMeant utility. 2) Disable your personal reality distortion field. 3) Add single instance of salt() - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Login-time + SQL
Hi to all! there is anyone that has experience with Login-Time attribute saved on SQL Database (such as Oracle). I'm tring but seem don't work. When my radius authenticate a user it don't reply the session-time. If I set the Login-time on user.conf it work well. Thank in advanced. Alessandro Maioli. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configurable-failover
I have freeradius-0.5 running with ldap and mysql running. I want to configure the following redundant config: A user is tested in mysql, if that fails ldap should be tested afterwards (or ldap, then mysql) I have read configurable-failover, but i don't find the logic to combine the sql authorization (no authentification since 0.5) and the ldap authentication into one redundant group. Mit freundlichen Gruessen Anton Kornexl - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Where can I get detailed document of freeradius?
Ëbú?²æìr¸{û§²æìr¸y'Ûiÿü0ÁúÞz¶ë(®å˺ǫ²f
Login-time + SQL
Hi to all! there is anyone that has experience with Login-Time attribute saved on SQL Database (such as Oracle). I'm tring but seem don't work. When my radius authenticate a user it don't reply the session-time. If I set the Login-time on user.conf it work well. Thank in advanced. Alessandro Maioli. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems in latest CVS - 2nd platform
At 12:17 PM 4/23/2002 +0300, you wrote: Hello! I'm having problems compiling latest CVS (some minutes ago) on Debian woody. Here are the errors (I also attach complete logs): in configure: checking gethostbyaddr_r() syntax... GNU-style checking for isql.h... no creating ./config.status creating ./Make.inc sed: file conftest.s1 line 46: Unterminated `s' command creating ./src/include/build-radpaths-h sed: file conftest.s1 line 46: Unterminated `s' command creating ./src/main/checkrad.pl sed: file conftest.s1 line 46: Unterminated `s' command creating ./src/main/radlast sed: file conftest.s1 line 46: Unterminated `s' command creating ./src/main/radtest sed: file conftest.s1 line 46: Unterminated `s' command creating ./scripts/rc.radiusd sed: file conftest.s1 line 46: Unterminated `s' command creating ./scripts/radwatch sed: file conftest.s1 line 46: Unterminated `s' command creating ./scripts/check-radiusd-config sed: file conftest.s1 line 46: Unterminated `s' command and so on.. I guess that script is broken (or not compatible with my sed?) I'm getting the same configure errors on RedHat 7.1. Looks like a problem with the latest changes to the configure script. Randy Moore Axion Information Technologies, Inc. email [EMAIL PROTECTED] phone 301-408-1200 fax301-445-3947 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: delete_blocked_requests and Unresponsive child
Hi Think about it for a second. It's taking SIXTY SECONDS to authenticate a user? What the heck is going on in your system? I think the problem is not the authentication process. It occurs after a accounting stop request. The mentioned problem (resident radiusd process with 99% cpu load) seems to be caused by dialin users, that use bundled ISDN connections (128k). The process uses up to 99% after the user has disconnected (after AcctStop). I recorded the debug log from radiusd and extracted the following sequence that caused such a 99%-process: req. action - 56 Access channel#1 - response 56 57 AccStart channel#1 - response 57 58 AccAlive channel#1 - response 58 59 Access channel#2 - response 59 60 AccStart channel#2 61 AccAlive channel#2 - response 61 - response 60 62 AccStop channel #2 63 AccStop channel #1 - response 62 64 AccStop channel #1 - response 64 == WARNING: Unresponsive child (id 2051) for request 61 -- The only problem is the 99%-process that is left over after that sequence. Everything else is ok: Both connections were recorded completely by the accunting DB, the user could use the service etc. The sequence above leads to the following questions: 1. Why is there no response to the request 63? 2. Why causes the AccAlive request 61 the warning, that was processed successfully? Any ideas? Is there a known problem with bundled ISDN connections? PS: The debug log is available on request. Thank you Marco Steinacher -- WebSource Internet Services - www.websource.ch Kontakt/PGP-Keys: www.websource.ch/kontakt - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems in latest CVS - 2nd platform
At 09:58 AM 02/04/23 -0400, you wrote: At 12:17 PM 4/23/2002 +0300, you wrote: Hello! I'm having problems compiling latest CVS (some minutes ago) on Debian woody. Here are the errors (I also attach complete logs): in configure: checking gethostbyaddr_r() syntax... GNU-style checking for isql.h... no creating ./config.status creating ./Make.inc and so on.. I guess that script is broken (or not compatible with my sed?) {snip] I'm getting the same configure errors on RedHat 7.1. Looks like a problem with the latest changes to the configure script. Randy Moore Axion Information Technologies, Inc. Try running configure --with-experimental-modules. The problem is with the 'stable' file added recently. Eddie - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problems in latest CVS - 2nd platform
Eddie Stassen [EMAIL PROTECTED] wrote: Try running configure --with-experimental-modules. The problem is with the 'stable' file added recently. Arg. OK, I've fixed it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: delete_blocked_requests and Unresponsive child
Marco Steinacher [EMAIL PROTECTED] wrote: I think the problem is not the authentication process. It occurs after a accounting stop request. Same thing. Why the heck would it take 60 seconds to log an accounting request? The sequence above leads to the following questions: 1. Why is there no response to the request 63? Because it's probably the request which takes more than 60 seconds to process. 2. Why causes the AccAlive request 61 the warning, that was processed successfully? Hmm... that looks like a bug. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem building rlm_ldap
Bjorn Nordbo [EMAIL PROTECTED] wrote: I have tried to get rlm_ldap to build, but w/o success. The problem seems to be that the code in the configure-script testing if the lber- and ldap- libraries works, doesn't work on my platform (Solaris 8/SPARC/gcc). I have fixed the lber test code by replacing: #include confdefs.h extern char ber_init(); int main() { ber_init() ... with ... struct berval *bv; ber_init(bv); You shouldn't have to do this. The declaration of ber_init in the first example should take care of any compiler warnings. However, this does not work. I guess it is because my test program doesn't compile: ducati(bn) rlm_ldap 1315$ gcc -I/local/db/openldap/2.0.21/include -L/local/db/openldap/2.0.21/lib -llber -lldap -lnsl -lsocket -lrt testlibldap.c Undefined first referenced symbol in file SSL_library_init/local/db/openldap/2.0.21/lib/libldap.so Was this message printed out before you made the change? Or were the errors different before? To me, it looks like I am missing some crypto libraries, but these should not be required to compile? They are required. Your linker is telling you they're required. Try: $ LIBS=-lssl -lx509 /configure --with-rlm-ldap-lib-dir= Which will force the configure script to link to the libraries you gave it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_attr_filter updated, new functionality
The rlm_attr_filter module has been updated with some new functionality. o Each a/v pair in the reply is now compared against *ALL* rules for that attribute. This will allow multiple rules for the same attribute, IE: ... Idle-Timeout = 800, Idle-Timeout = 28800, ... The a/v pair must pass *ALL* rules to be allowed. If there are three rules for the attribute, and it passes 2 and fails 1, the attribute will not be allowed. o Two new operators have been added, to allow better wildcarded permit and deny rules: =*Always report pass !*Always report fail This allows a shortcut to always allow or deny an attribute. IE: ... Reply-Message *= ANY Ascend-Data-Filter *= ANY Proxy-State *= ANY ... This requires less overhead than the regexpression workaround that was in place previously, and is more portable. --- The documentation in 'doc/rlm_attr_filter' has been updated to reflect this, as well as the sample 'raddb/attrs' file. If any questions or problems are noted regarding this change, please post them to the list. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CPU
I run freeradius 0.5 on a linux box with threads enabled. Whenever the server receives a Duplicate request the CPU goes up till the server hangs The log show this... Tue Apr 23 13:53:58 2002 : Error: Dropping duplicate authentication packet from client 2600.rosario:1645 - ID: 219 And after thie I have to restart the dameon I searched in the mailing archive but I have not found a solution... Regards, Rodrigo Gonzalez. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
CPU
I run freeradius 0.5 on a linux box with threads enabled. Whenever the server receives a Duplicate request the CPU goes up till the server hangs The log show this... Tue Apr 23 13:53:58 2002 : Error: Dropping duplicate authentication packet from client 2600.nas:1645 - ID: 219 And after thie I have to restart the dameon I searched in the mailing archive but I have not found a solution... Regards, Rodrigo Gonzalez. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Expiration ok, Activation?
I am using freeRADIUS version 0.5 (stable). I have noticed that there is an Expiration attribute which I can use. I want to know if there is any Activate date (like Criston Radius) attribute Thanx a lot. Kelaidis Andrew N.O.C. TEI of Athens, Greece _ Send and receive Hotmail on your mobile device: http://mobile.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dial_up admin question
can I get it off the web? I've never used the cvs repositry - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, April 09, 2002 3:50 AM Subject: Re: dial_up admin question On Mon, 8 Apr 2002, Juan Hernandez wrote: whats dial_up admin? where can I get more info on it? dialup_admin is a web based php administration interface for the freeradius server. It is included in the cvs snapshots in the dialup_admin directory. Check out the README for more information. In general you can edit the user settings,check user accounting,test users and the radius server, show online users, do complicated queries on the accounting database and so on. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html