Authenticate using a *wrong* password
When they attempt to authenticate using a *wrong* password, I need to see a 'Access-Reject' and in the Access-Rejected packet the proxy-state value returned also. Currently when I send across a Authentication request with a wrong password - I am not seeing a reply from your radius server. Does anyone know what I might try ? Running on Redhat 7.2 using MySQL. Most of it works GREAT.. (Good Job Guys..) Thank you all for your time. John TilghmanData Services Group, Inc.4234 Chatham Crest LaneBuford, GA 30518Phone 678-935-7631Fax 678-935-7638http://DataServicesGroupInc.Com
How to find shared secret on the Radius and NAS?
I used Radious integrated with Ldap, and radiusd reports such a warning when NAS wants to authenticate. WARNING: Unprintable characters in the password. ? Double-check the shared secret on the server and the NAS! I wonder why the password has become unprintable characters like this: rlm_ldap: login attempt by "ypguo" with password "¼ïí«Í??´½ö ?>?¸²" Did anyone encounter such a problem? Thank you â²Ø§~ì¹»®&Þþéì¹»®&ÞI硶Úÿ0~·§bºÊ+ùb²ßî±êìÙ¥
Radius Authenticaion with LDAP Problem
Hi,everyone: I want to make Radius authentication with LDAP server. When I start radiusd,it seems ok. And I use the command : radtest ypguo password localhost 1 test123 The result is: radclient:Unknown attribute User-Password Can you tell me what is the problem? Thank ~Penny Ëbú?²æìr¸{û§²æìr¸y'Ûiÿü0ÁúÞz¶ë(®å˺ǫ²f
Re: promiscuous authentication
I asked a similar question a while back There is some basic encryption on the password (using the shared secret as a key). However, the rest of the details (username, phone number) are all transmitted in plaintext. And the encryption on the password is very weak. Search for a program called radsniff if you want to see exactly how weak. Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 "It's the smell! If there is such a thing." Agent Smith - The Matrix - Original Message - From: "Ilguiz Latypov" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, July 16, 2002 10:34 AM Subject: Re: promiscuous authentication > > I agree that promiscuous authentication is not how FreeRadius was supposed > to work. Sorry for not reading the documentation first. I thought that > communication between Radius clients and servers is secure by design. Is > this not always true? > > Ilguiz > > On Mon, 15 Jul 2002, Alan DeKok wrote: > > > > Is this a good idea to allow testing of a given user name/password pair > > > from anywhere in internet? > > > > I would say no. I'm not sure why it would be necessary, and it's a > > bad idea to expose a RADIUS server to anyone's traffic. > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: promiscuous authentication
I agree that promiscuous authentication is not how FreeRadius was supposed to work. Sorry for not reading the documentation first. I thought that communication between Radius clients and servers is secure by design. Is this not always true? Ilguiz On Mon, 15 Jul 2002, Alan DeKok wrote: > > Is this a good idea to allow testing of a given user name/password pair > > from anywhere in internet? > > I would say no. I'm not sure why it would be necessary, and it's a > bad idea to expose a RADIUS server to anyone's traffic. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with Files module in latest snapshot?
Title: Problem with Files module in latest snapshot? I just updated with the July 15th snapshot, re-ran radiusd -X and am now getting a line that says. /usr/local/etc/raddb/users[143]: Parse error (reply) for entry DEFAULT: No token read where we expected an attribute name Errors reading /usr/local/etc/raddb/users radiusd.conf[785]: files: Modules instantiation failed. Problem with files module or am I just missing something? The users file has a line that says DEFAULT Auth-Type := pap Haven't had a problem with it before, any suggestions?
Error making latest CVS
Sorry, the last one I could get working was july 02. July 09 doesn't make either. This is the output from make on july 09 snapshot creating .libs/radiusdS.c (cd .libs && gcc -c -fno-builtin -fno-rtti -fno-exceptions "radiusdS.c") rm -f .libs/radiusdS.c .libs/radiusd.nm .libs/radiusd.nmS .libs/radiusd.nmT gcc .libs/radiusdS.o -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual - Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../include -I/usr/include/ucd-snmp -o .libs/radiusd radiusd.o files.o util.o acct.o nas.o log.o valuepair.o version.o proxy.o exec.o auth.o timestr.o conffile.o modules.o modcall.o session.o xlat.o threads.o smux.o radius_snmp.o client.o request_list.o -Wl,--export-dynamic -L/root/porao/freeradius-snapshot-20020709/src/lib -lnsl -lresolv -lpthread - lpthread /root/porao/freeradius-snapshot-20020709/src/lib/.libs/libradius.so -lsnmp -lcrypt /usr/lib/libltdl.so -ldl -Wl,--rpath -Wl,/usr/local/lib /root/porao/freeradius-snapshot-20020709/src/lib/.libs/libradius.so: undefined reference to `atexit' collect2: ld returned 1 exit status gmake[4]: *** [radiusd] Error 1 gmake[4]: Leaving directory `/root/porao/freeradius-snapshot-20020709/src/main' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/porao/freeradius-snapshot-20020709/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/root/porao/freeradius-snapshot-20020709/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/porao/freeradius-snapshot-20020709' make: *** [all] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Trouble with 20020715 snapshot
Hello people from the list, I always compile the snapshots with the same configure options, which are ./configure --with-mysql-lib-dir=/usr/lib/mysql \ --with-mysql-include-dir=/usr/include/mysql \ --with-mysql-dir=/usr/bin --enable-ltdl-install=no \ --with-experimental-modules And it was working fine. The last one I did was from July 09. Today I was doing the same thing on a i686 redhat 6.2 system, and the following error happened when I typed "make": creating .libs/radiusdS.c (cd .libs && gcc -c -fno-builtin -fno-rtti -fno-exceptions "radiusdS.c") rm -f .libs/radiusdS.c .libs/radiusd.nm .libs/radiusd.nmS .libs/radiusd.nmT gcc .libs/radiusdS.o -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual - Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes -Wmissing-declarations -Wnested-externs -I../include -I/usr/include/ucd-snmp -o .libs/radiusd radiusd.o files.o util.o acct.o nas.o log.o valuepair.o version.o proxy.o exec.o auth.o timestr.o conffile.o modules.o modcall.o session.o xlat.o threads.o smux.o radius_snmp.o client.o request_list.o -Wl,--export-dynamic -L/root/porao/freeradius-snapshot-20020715/src/lib -lnsl -lresolv -lpthread - lpthread /root/porao/freeradius-snapshot-20020715/src/lib/.libs/libradius.so -lsnmp -lcrypt -Wl,--rpath -Wl,/usr/local/lib modules.o: In function `module_list_free': /root/porao/freeradius-snapshot-20020715/src/main/modules.c:151: undefined reference to `lt_dlclose' modules.o: In function `linkto_module': /root/porao/freeradius-snapshot-20020715/src/main/modules.c:231: undefined reference to `lt_dlopenext' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:233: undefined reference to `lt_dlerror' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:254: undefined reference to `lt_dlsym' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:256: undefined reference to `lt_dlerror' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:260: undefined reference to `lt_dlclose' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:269: undefined reference to `lt_dlclose' modules.o: In function `setup_modules': /root/porao/freeradius-snapshot-20020715/src/main/modules.c:611: undefined reference to `lt_dlpreload_default' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:613: undefined reference to `lt_dlinit' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:614: undefined reference to `lt_dlerror' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:625: undefined reference to `lt_dlsetsearchpath' /root/porao/freeradius-snapshot-20020715/src/main/modules.c:627: undefined reference to `lt_dlgetsearchpath' /root/porao/freeradius-snapshot-20020715/src/lib/.libs/libradius.so: undefined reference to `atexit' collect2: ld returned 1 exit status gmake[4]: *** [radiusd] Error 1 gmake[4]: Leaving directory `/root/porao/freeradius-snapshot-20020715/src/main' gmake[3]: *** [common] Error 1 gmake[3]: Leaving directory `/root/porao/freeradius-snapshot-20020715/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/root/porao/freeradius-snapshot-20020715/src' gmake[1]: *** [common] Error 1 gmake[1]: Leaving directory `/root/porao/freeradius-snapshot-20020715' make: *** [all] Error 2 Did someting change? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can Radius be used to my wireless network users
Charlie: Can you tell me more about your windows VPN. How you have your windows setup as VPN? Can I have my wireless devices connect to my linux radius server using VPN connection? If I have my access point radius authentication enabled, will my wireless clients automatically prompt users for login name and password? My access point did support radius authentication, however, can't figure out how to make my linux server, access point and my wireless clients to work together. At 01:28 PM 7/15/2002 -0700, you wrote: >Never heard of the access point you speak of, but yes, you'll need an >access point that supports radius authentication. Check your product >documentation and specifications. > >My Orinoco equipment sends the MAC address as the username and the >radius shared secret as the password. I enabled and configured radius >authentication using the access point configuration software that came >with my equipment. > > >Charlie > > > > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne Liu >Sent: Monday, July 15, 2002 12:34 PM >To: [EMAIL PROTECTED] >Subject: RE: Can Radius be used to my wireless network users > > >Dear Charlie: >I am testing a Access Point from www.senao.com, I have the radius >server >installed on my linux box running mandrake 8.1. My wireless devices are >connected to the AP @192.168.2.100 ~198 >My AP is 192.168.2.100, my linux is 192.168.2.199 >Right now, I have installed a software called NTRadping, I have >tested >the radius server Authentication Request, it's OK and accept. (I am >using >user/group on radius.) >Do I need a special feature on my access point? >I am looking a solution to authenticate my wireless devices, any >suggestion? >Thanks!! > >Daphne > >At 12:27 PM 7/15/2002 -0700, you wrote: > >I think the people of this list will need more information. > > > >What kind of authentication are you trying to do? Where does radius > >fit in your network? What kind of hardware are you using? > > > >What I'm doing, is MAC authentication from an Orinoco ROR-1000 to > >authorize the wireless card (this is seamless for the user), then > >requiring the user bring up a VPN connection to handle encrypting the > >data. Windows 98/ME/2000/XP all come with a Microsoft VPN client. > >Seems to work pretty good. > > > >So, I have two different radius authentications going on just so a > >wireless user can access the network. One interactive and one that the > > >user never sees. I track it all using a web front-end I wrote to > >manage my users. > > > > > >Charlie > > > > > > > >-Original Message- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne > >Liu > >Sent: Monday, July 15, 2002 12:10 PM > >To: [EMAIL PROTECTED] > >Subject: Can Radius be used to my wireless network users > > > > > >Hi, > >Can anyone give me some info on how to setup this radius server for > > >802.11b wireless network ? > >Do I need to run any client software on my windows machine? > > > >Thanks!! > > > >Daphne > > > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > > > > >- > >List info/subscribe/unsubscribe? See > >http://www.freeradius.org/list/users.html > > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can Radius be used to my wireless network users
Never heard of the access point you speak of, but yes, you'll need an access point that supports radius authentication. Check your product documentation and specifications. My Orinoco equipment sends the MAC address as the username and the radius shared secret as the password. I enabled and configured radius authentication using the access point configuration software that came with my equipment. Charlie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daphne Liu Sent: Monday, July 15, 2002 12:34 PM To: [EMAIL PROTECTED] Subject: RE: Can Radius be used to my wireless network users Dear Charlie: I am testing a Access Point from www.senao.com, I have the radius server installed on my linux box running mandrake 8.1. My wireless devices are connected to the AP @192.168.2.100 ~198 My AP is 192.168.2.100, my linux is 192.168.2.199 Right now, I have installed a software called NTRadping, I have tested the radius server Authentication Request, it's OK and accept. (I am using user/group on radius.) Do I need a special feature on my access point? I am looking a solution to authenticate my wireless devices, any suggestion? Thanks!! Daphne At 12:27 PM 7/15/2002 -0700, you wrote: >I think the people of this list will need more information. > >What kind of authentication are you trying to do? Where does radius >fit in your network? What kind of hardware are you using? > >What I'm doing, is MAC authentication from an Orinoco ROR-1000 to >authorize the wireless card (this is seamless for the user), then >requiring the user bring up a VPN connection to handle encrypting the >data. Windows 98/ME/2000/XP all come with a Microsoft VPN client. >Seems to work pretty good. > >So, I have two different radius authentications going on just so a >wireless user can access the network. One interactive and one that the >user never sees. I track it all using a web front-end I wrote to >manage my users. > > >Charlie > > > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne >Liu >Sent: Monday, July 15, 2002 12:10 PM >To: [EMAIL PROTECTED] >Subject: Can Radius be used to my wireless network users > > >Hi, >Can anyone give me some info on how to setup this radius server for >802.11b wireless network ? >Do I need to run any client software on my windows machine? > >Thanks!! > >Daphne > > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: promiscuous authentication
Ilguiz Latypov <[EMAIL PROTECTED]> wrote: > Is this a good idea to allow testing of a given user name/password pair > from anywhere in internet? I would say no. I'm not sure why it would be necessary, and it's a bad idea to expose a RADIUS server to anyone's traffic. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can Radius be used to my wireless network users
Dear Charlie: I am testing a Access Point from www.senao.com, I have the radius server installed on my linux box running mandrake 8.1. My wireless devices are connected to the AP @192.168.2.100 ~198 My AP is 192.168.2.100, my linux is 192.168.2.199 Right now, I have installed a software called NTRadping, I have tested the radius server Authentication Request, it's OK and accept. (I am using user/group on radius.) Do I need a special feature on my access point? I am looking a solution to authenticate my wireless devices, any suggestion? Thanks!! Daphne At 12:27 PM 7/15/2002 -0700, you wrote: >I think the people of this list will need more information. > >What kind of authentication are you trying to do? Where does radius fit >in your network? What kind of hardware are you using? > >What I'm doing, is MAC authentication from an Orinoco ROR-1000 to >authorize the wireless card (this is seamless for the user), then >requiring the user bring up a VPN connection to handle encrypting the >data. Windows 98/ME/2000/XP all come with a Microsoft VPN client. >Seems to work pretty good. > >So, I have two different radius authentications going on just so a >wireless user can access the network. One interactive and one that the >user never sees. I track it all using a web front-end I wrote to manage >my users. > > >Charlie > > > >-Original Message- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne Liu >Sent: Monday, July 15, 2002 12:10 PM >To: [EMAIL PROTECTED] >Subject: Can Radius be used to my wireless network users > > >Hi, >Can anyone give me some info on how to setup this radius server for >802.11b wireless network ? >Do I need to run any client software on my windows machine? > >Thanks!! > >Daphne > > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Can Radius be used to my wireless network users
I think the people of this list will need more information. What kind of authentication are you trying to do? Where does radius fit in your network? What kind of hardware are you using? What I'm doing, is MAC authentication from an Orinoco ROR-1000 to authorize the wireless card (this is seamless for the user), then requiring the user bring up a VPN connection to handle encrypting the data. Windows 98/ME/2000/XP all come with a Microsoft VPN client. Seems to work pretty good. So, I have two different radius authentications going on just so a wireless user can access the network. One interactive and one that the user never sees. I track it all using a web front-end I wrote to manage my users. Charlie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Daphne Liu Sent: Monday, July 15, 2002 12:10 PM To: [EMAIL PROTECTED] Subject: Can Radius be used to my wireless network users Hi, Can anyone give me some info on how to setup this radius server for 802.11b wireless network ? Do I need to run any client software on my windows machine? Thanks!! Daphne - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Can Radius be used to my wireless network users
Hi, Can anyone give me some info on how to setup this radius server for 802.11b wireless network ? Do I need to run any client software on my windows machine? Thanks!! Daphne - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
promiscuous authentication
Hello, Is this a good idea to allow testing of a given user name/password pair from anywhere in internet? I modified the latest conffile.c to accept authentication requests from anywhere by using the following directive: client 0.0.0.0/0 { secret = XXX shortname = superbt.ca } As you see, the significant part of netmask is reduced to 0 leftmost bits. Is this a safe approach? The patch is enclosed. -- Ilguiz Latypov computer programmer SuperBT Canada, Inc 153 Union St. E. Waterloo, Ontario N2J 1C4 Canada GMT-4 day time tel. +1 (519) 569-7818 GMT-4 night time tel. +1 (519) 569-7193 == diff -u ../../../radiusd.orig/src/main/conffile.c ./conffile.c --- ../../../radiusd.orig/src/main/conffile.c Mon Jun 10 11:06:16 2002 +++ ./conffile.cTue Jul 9 19:47:58 2002 @@ -1145,15 +1145,16 @@ int i, mask_length; mask_length = atoi(netmask + 1); - if ((mask_length <= 0) || (mask_length > 32)) { + if ((mask_length < 0) || (mask_length > 32)) { radlog(L_ERR, "%s[%d]: Invalid value '%s' for IP network mask.", filename, cs->item.lineno, netmask + 1); return -1; } - c->netmask = (1 << 31); - for (i = 1; i < mask_length; i++) { - c->netmask |= (c->netmask >> 1); + c->netmask = 0; + for (i = 1; i <= mask_length; i++) { + c->netmask >>= 1; + c->netmask |= (1 << 31); } *netmask = '\0'; == - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
EAP-TLS & RLM_LDAP compile errors
Hello, Below are errors generated on a SuSe 8.0 Linux system using a default install: configure, make... below are the errors. I would like to enable only LDAP and EAP-TLS modules. I have made the necessary changes in a seperate attempt not shown below. However the same errors hold true. What are these errors? Even though I do not desire to use gssapi LDAP it seems to want to use -lssapi which in other attempts I have removed all -lssapi marks. Also I do not use but have this library. It is located in my /usr/lib, however does not seem to have this file the errors complain about below. All I want is LDAP and EAP-TLS enabled, nothing else well perhaps mysql as well but that is it. Any ideas how to fix these and get EAP-TLS/LDAP compiled in? Thanks, RS Configure Errors: configure: warning: `missing' script is too old or missing configure: warning: silently not building rlm_krb5. configure: warning: FAILURE: rlm_krb5 requires: krb5. configure: warning: silently not building rlm_sql_postgresql. configure: warning: FAILURE: rlm_sql_postgresql requires: libpq-fe.h libpq. configure: warning: freetds headers not found. Use --with-freetds-include-dir=. configure: warning: sql submodule 'freetds' disabled configure: warning: oracle headers not found. Use --with-oracle-home-dir=. configure: warning: sql submodule 'oracle' disabled configure: warning: mysql headers not found. Use --with-mysql-include-dir=. configure: warning: sql submodule 'mysql' disabled configure: warning: ibm db2 headers not found. Use --with-ibmdb2-include-dir=. configure: warning: sql submodule 'db2' disabled configure: warning: silently not building rlm_sql_postgresql. configure: warning: FAILURE: rlm_sql_postgresql requires: libpq-fe.h libpq. configure: warning: freetds headers not found. Use --with-freetds-include-dir=. configure: warning: sql submodule 'freetds' disabled configure: warning: oracle headers not found. Use --with-oracle-home-dir=. configure: warning: sql submodule 'oracle' disabled configure: warning: mysql headers not found. Use --with-mysql-include-dir=. configure: warning: sql submodule 'mysql' disabled configure: warning: ibm db2 headers not found. Use --with-ibmdb2-include-dir=. configure: warning: sql submodule 'db2' disabled Make Errors: rlm_dbm.c: In function `sm_parse_user': rlm_dbm.c:172: warning: assignment discards qualifiers from pointer target type rlm_dbm.c:206: warning: passing arg 2 of `paircmp' discards qualifiers from pointer target type rlm_dbm_parser.c: In function `storecontent': rlm_dbm_parser.c:191: warning: assignment discards qualifiers from pointer target type rlm_dbm.c: In function `sm_parse_user': rlm_dbm.c:172: warning: assignment discards qualifiers from pointer target type rlm_dbm.c:206: warning: passing arg 2 of `paircmp' discards qualifiers from pointer target type In file included from eap.h:32, from rlm_eap.h:26, from state.c:27: /usr/include/netinet/in.h:169: warning: `INADDR_ANY' redefined ../../include/missing.h:73: warning: this is the location of the previous definition /usr/include/netinet/in.h:173: warning: `INADDR_NONE' redefined ../../include/missing.h:81: warning: this is the location of the previous definition In file included from eap.h:32, from rlm_eap.h:26, from state.c:27: /usr/include/netinet/in.h:169: warning: `INADDR_ANY' redefined ../../include/missing.h:73: warning: this is the location of the previous definition /usr/include/netinet/in.h:173: warning: `INADDR_NONE' redefined ../../include/missing.h:81: warning: this is the location of the previous definition grep: /usr/lib/libgssapi.la: No such file or directory sed: can't read /usr/lib/libgssapi.la: No such file or directory libtool: link: `/usr/lib/libgssapi.la' is not a valid libtool archive gmake[6]: *** [rlm_ldap.la] Error 1 gmake[5]: *** [common] Error 1 gmake[4]: *** [all] Error 2 gmake[3]: *** [common] Error 1 gmake[2]: *** [all] Error 2 gmake[1]: *** [common] Error 1 make: *** [all] Error 2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
accounting proxy question
I'm trying to get freeradius 0.6 to bypass the proxy settings and handle the packet locally if an accounting packet comes from a certain IP. Here's what I've got so far, but it still tries to proxy to the NULL realm accthost when I send an accounting packet. Any help would be appreciated. Kevin radiusd.conf: files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = cistron } ... preacct { files suffix preprocess } accounting { radutmp } acct_users: DEFAULT Client-IP-Address == "192.168.1.12", Proxy-To-Realm := "ignore" proxy.conf: realm ignore { type= radius authhost= LOCAL accthost= LOCAL notrealm nostrip } realm NULL { type= radius authhost= LOCAL accthost= 192.168.1.28:1646 secret = simplekey } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[3]: Segmentation fault in rlm_passwd
Dear [EMAIL PROTECTED], --Monday, July 15, 2002, 4:48:18 PM, you wrote to [EMAIL PROTECTED]: mmr> Yeaaa! It works. Thanks. ÓÐÁÓÉÂÏ! ;) but I found rlm_passwd was not mmr> compiledaftergeneralmake. i have to cd'ing to mmr> src/modules/rlm_passwd and run 'make; make install' to compile and mmr> install rlm_passwd.so. Some bugs in Makefile-s? rlm_passwd is not stable module (only stable modules listed in src/modules/stable are compiled and installed by default). Stable modules should be specified in src/modules/stable before ./configure. If you want to build some additional modules after ./configure you can correct MODULES variable in Make.inc to add some non-stable module. -- ~/ZARAZA óÜÒ éÓÁÁË îØÀÔÏÎ ÏÔËÒÙÌ, ÞÔÏ ÑÂÌÏËÉ ÐÁÄÁÀÔ ÎÁ ÚÅÍÌÀ. (ô×ÅÎ) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: Segmentation fault in rlm_passwd
> --Monday, July 15, 2002, 1:19:53 PM, you wrote to [EMAIL PROTECTED]: mmr>> m_mschap-0.6.so: undefined symbol: md4_calc > There was a problem with dynamic library building. This problem will be > fixed in upcoming 0.6.1 and should be fixed in latest CVS snapshot. mmr>> Program received signal SIGSEGV, Segmentation fault. mmr>> [Switching to Thread 1024 (LWP 12673)] mmr>> 0x401cb79b in passwd_authorize (instance=0x80bb5f0, request=0x80bd910) mmr>> at rlm_passwd.c:425 mmr>> 425 for (key = request->packet->vps; > it looks strange (there is nothing changed since release and nothing on > rlm_passwd.c:425 to cause the segfault). Try to completely remake and > reinstall all modules, may be you still having rlm_passwd binary > compiled from 0.6 release version, it should be recompiled. Yeaaa! It works. Thanks. ÓÐÁÓÉÂÏ! ;) but I found rlm_passwd was not compiled after general make. i have to cd'ing to src/modules/rlm_passwd and run 'make; make install' to compile and install rlm_passwd.so. Some bugs in Makefile-s? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Segmentation fault in rlm_passwd
Dear [EMAIL PROTECTED], --Monday, July 15, 2002, 1:19:53 PM, you wrote to [EMAIL PROTECTED]: mmr> m_mschap-0.6.so: undefined symbol: md4_calc There was a problem with dynamic library building. This problem will be fixed in upcoming 0.6.1 and should be fixed in latest CVS snapshot. mmr> Program received signal SIGSEGV, Segmentation fault. mmr> [Switching to Thread 1024 (LWP 12673)] mmr> 0x401cb79b in passwd_authorize (instance=0x80bb5f0, request=0x80bd910) mmr> at rlm_passwd.c:425 mmr> 425 for (key = request->packet->vps; it looks strange (there is nothing changed since release and nothing on rlm_passwd.c:425 to cause the segfault). Try to completely remake and reinstall all modules, may be you still having rlm_passwd binary compiled from 0.6 release version, it should be recompiled. -- ~/ZARAZA Äà, åìó ÷åðòîâñêè ïîâåçëî. Ýõ è ïàðøèâî á åìó ïðèøëîñü åñëè áû îí âûæèë! (Òâåí) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_sql & authorisation
I want to use a non-standard SQL schema with Freeradius. I *only* want to authorise users (no authenication) on the basis of their realm, NOT their username (the schema knows nothing about users). I am struggling to find a way to make this work. Does anyone have any ideas? thanks, josh. Josh Howlett, Networking and Digital Communications Group, Information Systems & Computing, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Segmentation fault in rlm_passwd
Hello! Problem is Segmentation fault in rlm_passwd I try to authorize pptp user via local simplest file /etc/raddb/userlist with format = "*User-Name:User-Password" = radiusd.conf fragment = modules { ... mschap { authtype = MS-CHAP use_mppe = yes require_encryption = yes require_strong = yes } passwd raddb_userlist { filename = /etc/raddb/userlist format = "*User-Name:User-Password" authtype = MS-CHAP hashsize = 100 ignorenislike = no allowmultiplekeys = no } } # end of modules authorize { preprocess suffix files raddb_userlist mschap } = users file (is very simple for debug purposes = DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes with freeradius latest snapshot (Mon Jul 15 08:29:11 2002) I have Segmentation fault. With 0.6 release exits with "undefined symbol: md4_calc:" (see below) == root@vpn:/etc/raddb# gdb radiusd GNU gdb 5.0 Copyright 2000 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-slackware-linux"... (gdb) set args -XX (gdb) run Starting program: /usr/local/sbin/radiusd -XX [New Thread 1024 (LWP 12673)] Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf Config: including file: /etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = no read_config_files: reading dictionary read_config_files: reading clients read_config_files: reading realms read_config_files: reading naslist main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_auth = yes main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: proxy_requests = no security: max_attributes = 200 security: reject_delay = 1 main: debug_level = 0 read_config_files: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded MS-CHAP mschap: ignore_password = no mschap: use_mppe = yes mschap: require_encryption = yes mschap: require_strong = yes mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded passwd passwd: filename = "/etc/raddb/userlist" passwd: format = "*User-Name:User-Password" passwd: authtype = "MS-CHAP" passwd: ignorenislike = no passwd: allowmultiplekeys = no passwd: hashsize = 100 rlm_passwd: nfields: 2 keyfield 0(User-Name) listable: no Module: Instantiated passwd (raddb_userlist) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.0.5:1025, id=134, length=133 Service-Type = Framed-User Framed-Protocol = PPP User-Name = "mmike" MS-CHAP-Challenge = 0x7983c03e2529
mysql & groups in 'users'
Hi there.. Bug or not?:) Seted in 'users' param 'Group == "blah"' is not checks in defined in mysql groups.. (freeradius-0.6).. (i've try to find it in sources and got it only in rml_unix.. Is that for /etc/groups only)? tia, ser. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html