Authenticate using a *wrong* password

[mail.dataservicesgroupinc.com]

When they 
attempt to authenticate using a *wrong* password, I need to see a 
'Access-Reject' and in the Access-Rejected packet the proxy-state value returned 
also.
Currently when 
I send across a Authentication request with a wrong password - I am not 
seeing a reply from your radius server.
 
Does anyone 
know what I might try ?
 
Running on 
Redhat 7.2 using MySQL. Most of it works GREAT.. (Good Job Guys..)
 
Thank you all for your time.
 
John TilghmanData Services Group, Inc.4234 
Chatham Crest LaneBuford, GA 30518Phone 
678-935-7631Fax   678-935-7638http://DataServicesGroupInc.Com

How to find shared secret on the Radius and NAS?

[Penny]

I used Radious integrated with Ldap, and radiusd reports such a warning when NAS wants 
to authenticate.
WARNING: Unprintable characters in the password. ?  Double-check the shared secret on 
the server and the NAS!
I wonder why the password has become unprintable characters like this:
rlm_ldap: login attempt by "ypguo" with password "¼ïí«Í??´½ö ?>?¸²"
Did anyone encounter such a problem?
Thank you
â²Ø§~ì¹»®&Þþéì¹»®&ÞI硶Úÿ0~·ž­§bºÊ+ƒùb²ßî±êì†Ù¥

Radius Authenticaion with LDAP Problem

[Penny]

Hi,everyone:
I want to make Radius authentication with LDAP server. When I start radiusd,it 
seems ok. And I use the command : radtest ypguo password localhost 1 test123
The result is: radclient:Unknown attribute User-Password
Can you tell me what is the problem?
Thank 
~Penny
ŠËbú?²æìr¸›{û§²æìr¸›y'ž†Ûiÿü0ÁúÞz¶Šë(®åŠËºÇ«²f

Re: promiscuous authentication

[Andrew Tait]

I asked a similar question a while back

There is some basic encryption on the password (using the shared secret as a
key). However, the rest of the details (username, phone number) are all
transmitted in plaintext.

And the encryption on the password is very weak. Search for a program called
radsniff if you want to see exactly how weak.

Andrew Tait
System Administrator
Country NetLink Pty, Ltd
E-Mail: [EMAIL PROTECTED]
WWW: http://www.cnl.com.au
30 Bank St Cobram, VIC 3644, Australia
Ph: +61 (03) 58 711 000
Fax: +61 (03) 58 711 874

"It's the smell! If there is such a thing." Agent Smith - The Matrix
- Original Message -
From: "Ilguiz Latypov" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, July 16, 2002 10:34 AM
Subject: Re: promiscuous authentication


>
> I agree that promiscuous authentication is not how FreeRadius was supposed
> to work.  Sorry for not reading the documentation first.  I thought that
> communication between Radius clients and servers is secure by design.  Is
> this not always true?
>
> Ilguiz
>
> On Mon, 15 Jul 2002, Alan DeKok wrote:
>
> > > Is this a good idea to allow testing of a given user name/password
pair
> > > from anywhere in internet?
> >
> >   I would say no.  I'm not sure why it would be necessary, and it's a
> > bad idea to expose a RADIUS server to anyone's traffic.
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: promiscuous authentication

[Ilguiz Latypov]

I agree that promiscuous authentication is not how FreeRadius was supposed
to work.  Sorry for not reading the documentation first.  I thought that 
communication between Radius clients and servers is secure by design.  Is 
this not always true?

Ilguiz

On Mon, 15 Jul 2002, Alan DeKok wrote:

> > Is this a good idea to allow testing of a given user name/password pair
> > from anywhere in internet?
> 
>   I would say no.  I'm not sure why it would be necessary, and it's a
> bad idea to expose a RADIUS server to anyone's traffic.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Problem with Files module in latest snapshot?

[Deramus, Chris]

Title: Problem with Files module in latest snapshot?





I just updated with the July 15th snapshot, re-ran radiusd -X and am now getting a line that says.


/usr/local/etc/raddb/users[143]: Parse error (reply) for entry DEFAULT: No token read where we expected an attribute name

Errors reading /usr/local/etc/raddb/users
radiusd.conf[785]: files: Modules instantiation failed.


Problem with files module or am I just missing something? The users file has a line that says


DEFAULT     Auth-Type := pap


Haven't had a problem with it before, any suggestions?

Error making latest CVS

[Alexandre Strube]

Sorry, the last one I could get working was july 02. July 09 doesn't make either.

This is the output from make on july 09 snapshot

creating .libs/radiusdS.c
(cd .libs && gcc -c -fno-builtin -fno-rtti -fno-exceptions "radiusdS.c")
rm -f .libs/radiusdS.c .libs/radiusd.nm .libs/radiusd.nmS .libs/radiusd.nmT
gcc .libs/radiusdS.o -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall 
-D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -
Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes 
-Wmissing-declarations -Wnested-externs -I../include -I/usr/include/ucd-snmp -o 
.libs/radiusd radiusd.o files.o util.o acct.o nas.o log.o valuepair.o version.o 
proxy.o exec.o auth.o timestr.o conffile.o modules.o modcall.o session.o xlat.o 
threads.o smux.o radius_snmp.o client.o request_list.o -Wl,--export-dynamic  
-L/root/porao/freeradius-snapshot-20020709/src/lib -lnsl -lresolv -lpthread -
lpthread /root/porao/freeradius-snapshot-20020709/src/lib/.libs/libradius.so -lsnmp 
-lcrypt /usr/lib/libltdl.so -ldl -Wl,--rpath -Wl,/usr/local/lib
/root/porao/freeradius-snapshot-20020709/src/lib/.libs/libradius.so: undefined 
reference to `atexit'
collect2: ld returned 1 exit status
gmake[4]: *** [radiusd] Error 1
gmake[4]: Leaving directory `/root/porao/freeradius-snapshot-20020709/src/main'
gmake[3]: *** [common] Error 1
gmake[3]: Leaving directory `/root/porao/freeradius-snapshot-20020709/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/root/porao/freeradius-snapshot-20020709/src'
gmake[1]: *** [common] Error 1
gmake[1]: Leaving directory `/root/porao/freeradius-snapshot-20020709'
make: *** [all] Error 2



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Trouble with 20020715 snapshot

[Alexandre Strube]

Hello people from the list,

I always compile the snapshots with the same configure options, which are
./configure  --with-mysql-lib-dir=/usr/lib/mysql \
--with-mysql-include-dir=/usr/include/mysql \
--with-mysql-dir=/usr/bin --enable-ltdl-install=no \
--with-experimental-modules

And it was working fine. The last one I did was from July 09.
Today I was doing the same thing on a i686 redhat 6.2 system, and
the following error happened when I typed "make":

creating .libs/radiusdS.c
(cd .libs && gcc -c -fno-builtin -fno-rtti -fno-exceptions "radiusdS.c")
rm -f .libs/radiusdS.c .libs/radiusd.nm .libs/radiusd.nmS .libs/radiusd.nmT
gcc .libs/radiusdS.o -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall 
-D_GNU_SOURCE -g -Wshadow -Wpointer-arith -Wcast-qual -
Wcast-align -Wwrite-strings -Wstrict-prototypes -Wmissing-prototypes 
-Wmissing-declarations -Wnested-externs -I../include -I/usr/include/ucd-snmp -o 
.libs/radiusd radiusd.o files.o util.o acct.o nas.o log.o valuepair.o version.o 
proxy.o exec.o auth.o timestr.o conffile.o modules.o modcall.o session.o xlat.o 
threads.o smux.o radius_snmp.o client.o request_list.o -Wl,--export-dynamic  
-L/root/porao/freeradius-snapshot-20020715/src/lib -lnsl -lresolv -lpthread -
lpthread /root/porao/freeradius-snapshot-20020715/src/lib/.libs/libradius.so -lsnmp 
-lcrypt -Wl,--rpath -Wl,/usr/local/lib
modules.o: In function `module_list_free':
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:151: undefined reference 
to `lt_dlclose'
modules.o: In function `linkto_module':
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:231: undefined reference 
to `lt_dlopenext'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:233: undefined reference 
to `lt_dlerror'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:254: undefined reference 
to `lt_dlsym'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:256: undefined reference 
to `lt_dlerror'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:260: undefined reference 
to `lt_dlclose'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:269: undefined reference 
to `lt_dlclose'
modules.o: In function `setup_modules':
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:611: undefined reference 
to `lt_dlpreload_default'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:613: undefined reference 
to `lt_dlinit'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:614: undefined reference 
to `lt_dlerror'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:625: undefined reference 
to `lt_dlsetsearchpath'
/root/porao/freeradius-snapshot-20020715/src/main/modules.c:627: undefined reference 
to `lt_dlgetsearchpath'
/root/porao/freeradius-snapshot-20020715/src/lib/.libs/libradius.so: undefined 
reference to `atexit'
collect2: ld returned 1 exit status
gmake[4]: *** [radiusd] Error 1
gmake[4]: Leaving directory `/root/porao/freeradius-snapshot-20020715/src/main'
gmake[3]: *** [common] Error 1
gmake[3]: Leaving directory `/root/porao/freeradius-snapshot-20020715/src'
gmake[2]: *** [all] Error 2
gmake[2]: Leaving directory `/root/porao/freeradius-snapshot-20020715/src'
gmake[1]: *** [common] Error 1
gmake[1]: Leaving directory `/root/porao/freeradius-snapshot-20020715'
make: *** [all] Error 2


Did someting change?



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Can Radius be used to my wireless network users

[Daphne Liu]

Charlie:
   Can you tell me more about your windows VPN.
   How you have your windows setup as VPN?
   Can I have my wireless devices connect to my linux radius server using 
VPN connection?
   If I have my access point radius authentication enabled, will my 
wireless clients automatically prompt users for login name and password?
   My access point did support radius authentication, however, can't figure 
out how to make my linux server, access point and my wireless clients to 
work together.

At 01:28 PM 7/15/2002 -0700, you wrote:
>Never heard of the access point you speak of, but yes, you'll need an
>access point that supports radius authentication.  Check your product
>documentation and specifications.
>
>My Orinoco equipment sends the MAC address as the username and the
>radius shared secret as the password.  I enabled and configured radius
>authentication using the access point configuration software that came
>with my equipment.
>
>
>Charlie
>
>
>
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne Liu
>Sent: Monday, July 15, 2002 12:34 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Can Radius be used to my wireless network users
>
>
>Dear Charlie:
>I am testing a Access Point from www.senao.com, I have the radius
>server
>installed on my linux box running mandrake 8.1. My wireless devices are
>connected to the AP @192.168.2.100 ~198
>My AP is 192.168.2.100, my linux is 192.168.2.199
>Right now, I have installed a software called NTRadping, I have
>tested
>the radius server Authentication Request, it's OK and accept. (I am
>using
>user/group on radius.)
>Do I need a special feature on my access point?
>I am looking a solution to authenticate my wireless devices, any
>suggestion?
>Thanks!!
>
>Daphne
>
>At 12:27 PM 7/15/2002 -0700, you wrote:
> >I think the people of this list will need more information.
> >
> >What kind of authentication are you trying to do?  Where does radius
> >fit in your network?  What kind of hardware are you using?
> >
> >What I'm doing, is MAC authentication from an Orinoco ROR-1000 to
> >authorize the wireless card (this is seamless for the user), then
> >requiring the user bring up a VPN connection to handle encrypting the
> >data.  Windows 98/ME/2000/XP all come with a Microsoft VPN client.
> >Seems to work pretty good.
> >
> >So, I have two different radius authentications going on just so a
> >wireless user can access the network.  One interactive and one that the
>
> >user never sees.  I track it all using a web front-end I wrote to
> >manage my users.
> >
> >
> >Charlie
> >
> >
> >
> >-Original Message-
> >From: [EMAIL PROTECTED]
> >[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne
> >Liu
> >Sent: Monday, July 15, 2002 12:10 PM
> >To: [EMAIL PROTECTED]
> >Subject: Can Radius be used to my wireless network users
> >
> >
> >Hi,
> >Can anyone give me some info on how to setup this radius server for
>
> >802.11b wireless network ?
> >Do I need to run any client software on my windows machine?
> >
> >Thanks!!
> >
> >Daphne
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
> >
> >
> >-
> >List info/subscribe/unsubscribe? See
> >http://www.freeradius.org/list/users.html
>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Can Radius be used to my wireless network users

[Charles J. Boening]

Never heard of the access point you speak of, but yes, you'll need an
access point that supports radius authentication.  Check your product
documentation and specifications.

My Orinoco equipment sends the MAC address as the username and the
radius shared secret as the password.  I enabled and configured radius
authentication using the access point configuration software that came
with my equipment.


Charlie




-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne Liu
Sent: Monday, July 15, 2002 12:34 PM
To: [EMAIL PROTECTED]
Subject: RE: Can Radius be used to my wireless network users 


Dear Charlie:
   I am testing a Access Point from www.senao.com, I have the radius
server 
installed on my linux box running mandrake 8.1. My wireless devices are 
connected to the AP @192.168.2.100 ~198
My AP is 192.168.2.100, my linux is 192.168.2.199
   Right now, I have installed a software called NTRadping, I have
tested 
the radius server Authentication Request, it's OK and accept. (I am
using 
user/group on radius.)
   Do I need a special feature on my access point?
   I am looking a solution to authenticate my wireless devices, any
suggestion?
   Thanks!!

Daphne

At 12:27 PM 7/15/2002 -0700, you wrote:
>I think the people of this list will need more information.
>
>What kind of authentication are you trying to do?  Where does radius 
>fit in your network?  What kind of hardware are you using?
>
>What I'm doing, is MAC authentication from an Orinoco ROR-1000 to 
>authorize the wireless card (this is seamless for the user), then 
>requiring the user bring up a VPN connection to handle encrypting the 
>data.  Windows 98/ME/2000/XP all come with a Microsoft VPN client. 
>Seems to work pretty good.
>
>So, I have two different radius authentications going on just so a 
>wireless user can access the network.  One interactive and one that the

>user never sees.  I track it all using a web front-end I wrote to 
>manage my users.
>
>
>Charlie
>
>
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne 
>Liu
>Sent: Monday, July 15, 2002 12:10 PM
>To: [EMAIL PROTECTED]
>Subject: Can Radius be used to my wireless network users
>
>
>Hi,
>Can anyone give me some info on how to setup this radius server for

>802.11b wireless network ?
>Do I need to run any client software on my windows machine?
>
>Thanks!!
>
>Daphne
>
>
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html
>
>
>-
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: promiscuous authentication

[Alan DeKok]

Ilguiz Latypov <[EMAIL PROTECTED]> wrote:
> Is this a good idea to allow testing of a given user name/password pair
> from anywhere in internet?

  I would say no.  I'm not sure why it would be necessary, and it's a
bad idea to expose a RADIUS server to anyone's traffic.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Can Radius be used to my wireless network users

[Daphne Liu]

Dear Charlie:
   I am testing a Access Point from www.senao.com, I have the radius server 
installed on my linux box running mandrake 8.1. My wireless devices are 
connected to the AP @192.168.2.100 ~198
My AP is 192.168.2.100, my linux is 192.168.2.199
   Right now, I have installed a software called NTRadping, I have tested 
the radius server Authentication Request, it's OK and accept. (I am using 
user/group on radius.)
   Do I need a special feature on my access point?
   I am looking a solution to authenticate my wireless devices, any suggestion?
   Thanks!!

Daphne

At 12:27 PM 7/15/2002 -0700, you wrote:
>I think the people of this list will need more information.
>
>What kind of authentication are you trying to do?  Where does radius fit
>in your network?  What kind of hardware are you using?
>
>What I'm doing, is MAC authentication from an Orinoco ROR-1000 to
>authorize the wireless card (this is seamless for the user), then
>requiring the user bring up a VPN connection to handle encrypting the
>data.  Windows 98/ME/2000/XP all come with a Microsoft VPN client.
>Seems to work pretty good.
>
>So, I have two different radius authentications going on just so a
>wireless user can access the network.  One interactive and one that the
>user never sees.  I track it all using a web front-end I wrote to manage
>my users.
>
>
>Charlie
>
>
>
>-Original Message-
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne Liu
>Sent: Monday, July 15, 2002 12:10 PM
>To: [EMAIL PROTECTED]
>Subject: Can Radius be used to my wireless network users
>
>
>Hi,
>Can anyone give me some info on how to setup this radius server for
>802.11b wireless network ?
>Do I need to run any client software on my windows machine?
>
>Thanks!!
>
>Daphne
>
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: Can Radius be used to my wireless network users

[Charles J. Boening]

I think the people of this list will need more information.

What kind of authentication are you trying to do?  Where does radius fit
in your network?  What kind of hardware are you using?

What I'm doing, is MAC authentication from an Orinoco ROR-1000 to
authorize the wireless card (this is seamless for the user), then
requiring the user bring up a VPN connection to handle encrypting the
data.  Windows 98/ME/2000/XP all come with a Microsoft VPN client.
Seems to work pretty good.

So, I have two different radius authentications going on just so a
wireless user can access the network.  One interactive and one that the
user never sees.  I track it all using a web front-end I wrote to manage
my users.  


Charlie



-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Daphne Liu
Sent: Monday, July 15, 2002 12:10 PM
To: [EMAIL PROTECTED]
Subject: Can Radius be used to my wireless network users 


Hi,
   Can anyone give me some info on how to setup this radius server for
802.11b wireless network ?
   Do I need to run any client software on my windows machine?

   Thanks!!

Daphne


- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Can Radius be used to my wireless network users

[Daphne Liu]

Hi,
   Can anyone give me some info on how to setup this radius server for
802.11b wireless network ?
   Do I need to run any client software on my windows machine?

   Thanks!!

Daphne


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

promiscuous authentication

[Ilguiz Latypov]

Hello,

Is this a good idea to allow testing of a given user name/password pair
from anywhere in internet?  I modified the latest conffile.c to accept
authentication requests from anywhere by using the following directive:

  client 0.0.0.0/0 {
  secret  = XXX
  shortname   = superbt.ca
  }

As you see, the significant part of netmask is reduced to 0 leftmost bits.  
Is this a safe approach?  The patch is enclosed.

-- 
Ilguiz Latypov
computer programmer
SuperBT Canada, Inc
153 Union St. E.
Waterloo, Ontario N2J 1C4
Canada

GMT-4 day time tel.   +1 (519) 569-7818
GMT-4 night time tel. +1 (519) 569-7193

==
diff -u ../../../radiusd.orig/src/main/conffile.c ./conffile.c
--- ../../../radiusd.orig/src/main/conffile.c   Mon Jun 10 11:06:16 2002
+++ ./conffile.cTue Jul  9 19:47:58 2002
@@ -1145,15 +1145,16 @@
int i, mask_length;
 
mask_length = atoi(netmask + 1);
-   if ((mask_length <= 0) || (mask_length > 32)) {
+   if ((mask_length < 0) || (mask_length > 32)) {
radlog(L_ERR, "%s[%d]: Invalid value '%s' for IP 
network mask.",
filename, cs->item.lineno, netmask + 
1);
return -1;
}

-   c->netmask = (1 << 31);
-   for (i = 1; i < mask_length; i++) {
-   c->netmask |= (c->netmask >> 1);
+   c->netmask = 0;
+   for (i = 1; i <= mask_length; i++) {
+   c->netmask >>= 1;
+   c->netmask |= (1 << 31);
}
 
*netmask = '\0';
==



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

EAP-TLS & RLM_LDAP compile errors

[Ryan Swenson]

 Hello,

Below are errors generated on a SuSe 8.0 Linux system using a default install: 
configure, make... below are the errors.

I would like to enable only LDAP and EAP-TLS modules. I have made the necessary 
changes in a seperate attempt not shown below. However the same errors hold true. What 
are these errors? Even though I do not desire to use gssapi LDAP it seems to 
want to use -lssapi which in other attempts I have removed all -lssapi marks. Also I 
do not use but have this library. It is located in my /usr/lib, however does not seem 
to have this file the errors complain about below.


All I want is LDAP and EAP-TLS enabled, nothing else well perhaps mysql as well but 
that is it. Any ideas how to fix these and get EAP-TLS/LDAP compiled in?

Thanks,
RS 



Configure Errors:

configure: warning: `missing' script is too old or missing
configure: warning: silently not building rlm_krb5.
configure: warning: FAILURE: rlm_krb5 requires:  krb5.
configure: warning: silently not building rlm_sql_postgresql.
configure: warning: FAILURE: rlm_sql_postgresql requires:  libpq-fe.h libpq.
configure: warning: freetds headers not found.  Use --with-freetds-include-dir=.
configure: warning: sql submodule 'freetds' disabled
configure: warning: oracle headers not found.  Use --with-oracle-home-dir=.
configure: warning: sql submodule 'oracle' disabled
configure: warning: mysql headers not found.  Use --with-mysql-include-dir=.
configure: warning: sql submodule 'mysql' disabled
configure: warning: ibm db2 headers not found.  Use --with-ibmdb2-include-dir=.
configure: warning: sql submodule 'db2' disabled
configure: warning: silently not building rlm_sql_postgresql.
configure: warning: FAILURE: rlm_sql_postgresql requires:  libpq-fe.h libpq.
configure: warning: freetds headers not found.  Use --with-freetds-include-dir=.
configure: warning: sql submodule 'freetds' disabled
configure: warning: oracle headers not found.  Use --with-oracle-home-dir=.
configure: warning: sql submodule 'oracle' disabled
configure: warning: mysql headers not found.  Use --with-mysql-include-dir=.
configure: warning: sql submodule 'mysql' disabled
configure: warning: ibm db2 headers not found.  Use --with-ibmdb2-include-dir=.
configure: warning: sql submodule 'db2' disabled

Make Errors:

rlm_dbm.c: In function `sm_parse_user':
rlm_dbm.c:172: warning: assignment discards qualifiers from pointer target type
rlm_dbm.c:206: warning: passing arg 2 of `paircmp' discards qualifiers from pointer 
target type
rlm_dbm_parser.c: In function `storecontent':
rlm_dbm_parser.c:191: warning: assignment discards qualifiers from pointer target type
rlm_dbm.c: In function `sm_parse_user':
rlm_dbm.c:172: warning: assignment discards qualifiers from pointer target type
rlm_dbm.c:206: warning: passing arg 2 of `paircmp' discards qualifiers from pointer 
target type
In file included from eap.h:32,
 from rlm_eap.h:26,
 from state.c:27:
/usr/include/netinet/in.h:169: warning: `INADDR_ANY' redefined
../../include/missing.h:73: warning: this is the location of the previous definition
/usr/include/netinet/in.h:173: warning: `INADDR_NONE' redefined
../../include/missing.h:81: warning: this is the location of the previous definition
In file included from eap.h:32,
 from rlm_eap.h:26,
 from state.c:27:
/usr/include/netinet/in.h:169: warning: `INADDR_ANY' redefined
../../include/missing.h:73: warning: this is the location of the previous definition
/usr/include/netinet/in.h:173: warning: `INADDR_NONE' redefined
../../include/missing.h:81: warning: this is the location of the previous definition
grep: /usr/lib/libgssapi.la: No such file or directory
sed: can't read /usr/lib/libgssapi.la: No such file or directory
libtool: link: `/usr/lib/libgssapi.la' is not a valid libtool archive
gmake[6]: *** [rlm_ldap.la] Error 1
gmake[5]: *** [common] Error 1
gmake[4]: *** [all] Error 2
gmake[3]: *** [common] Error 1
gmake[2]: *** [all] Error 2
gmake[1]: *** [common] Error 1
make: *** [all] Error 2

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

accounting proxy question

[Kevin Bonner]

I'm trying to get freeradius 0.6 to bypass the proxy settings and handle the 
packet locally if an accounting packet comes from a certain IP.  Here's what 
I've got so far, but it still tries to proxy to the NULL realm accthost when 
I send an accounting packet.  Any help would be appreciated.

Kevin

radiusd.conf:
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = cistron
}
...
preacct {
files
suffix
preprocess
}
accounting {
radutmp
}

acct_users:
DEFAULT Client-IP-Address == "192.168.1.12", Proxy-To-Realm := "ignore"

proxy.conf:
realm ignore {
type= radius
authhost= LOCAL
accthost= LOCAL
notrealm
nostrip
}
realm NULL {
type= radius
authhost= LOCAL
accthost= 192.168.1.28:1646
secret  = simplekey
}

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[3]: Segmentation fault in rlm_passwd

[3APA3A]

Dear [EMAIL PROTECTED],


--Monday, July 15, 2002, 4:48:18 PM, you wrote to [EMAIL PROTECTED]:


mmr> Yeaaa! It works. Thanks. ÓÐÁÓÉÂÏ! ;) but I found rlm_passwd was not
mmr> compiledaftergeneralmake.   i   have   to   cd'ing   to
mmr> src/modules/rlm_passwd  and run 'make; make install' to compile and
mmr> install rlm_passwd.so. Some bugs in Makefile-s?


rlm_passwd   is  not  stable  module  (only  stable  modules  listed  in
src/modules/stable  are  compiled  and  installed  by  default).  Stable
modules should be specified in src/modules/stable before ./configure. If
you  want  to  build  some  additional modules after ./configure you can
correct MODULES variable in Make.inc to add some non-stable module.

-- 
~/ZARAZA
óÜÒ éÓÁÁË îØÀÔÏÎ ÏÔËÒÙÌ, ÞÔÏ ÑÂÌÏËÉ ÐÁÄÁÀÔ ÎÁ ÚÅÍÌÀ. (ô×ÅÎ)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re[2]: Segmentation fault in rlm_passwd

[magmike]

> --Monday, July 15, 2002, 1:19:53 PM, you wrote to [EMAIL PROTECTED]:

mmr>> m_mschap-0.6.so: undefined symbol: md4_calc

> There  was a problem with dynamic library building. This problem will be
> fixed in upcoming 0.6.1 and should be fixed in latest CVS snapshot.

mmr>> Program received signal SIGSEGV, Segmentation fault.
mmr>> [Switching to Thread 1024 (LWP 12673)]
mmr>> 0x401cb79b in passwd_authorize (instance=0x80bb5f0, request=0x80bd910)
mmr>> at rlm_passwd.c:425
mmr>> 425 for (key = request->packet->vps;

> it  looks strange (there is nothing changed since release and nothing on
> rlm_passwd.c:425  to  cause  the segfault). Try to completely remake and
> reinstall  all  modules,  may  be  you  still  having  rlm_passwd binary
> compiled from 0.6 release version, it should be recompiled.
Yeaaa! It works. Thanks. ÓÐÁÓÉÂÏ! ;)
but I found rlm_passwd was not compiled after general make.
i have to cd'ing to src/modules/rlm_passwd and run 'make; make install'
to compile and install rlm_passwd.so. Some bugs in Makefile-s?


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Segmentation fault in rlm_passwd

[3APA3A]

Dear [EMAIL PROTECTED],


--Monday, July 15, 2002, 1:19:53 PM, you wrote to [EMAIL PROTECTED]:

mmr> m_mschap-0.6.so: undefined symbol: md4_calc

There  was a problem with dynamic library building. This problem will be
fixed in upcoming 0.6.1 and should be fixed in latest CVS snapshot.

mmr> Program received signal SIGSEGV, Segmentation fault.
mmr> [Switching to Thread 1024 (LWP 12673)]
mmr> 0x401cb79b in passwd_authorize (instance=0x80bb5f0, request=0x80bd910)
mmr> at rlm_passwd.c:425
mmr> 425 for (key = request->packet->vps;

it  looks strange (there is nothing changed since release and nothing on
rlm_passwd.c:425  to  cause  the segfault). Try to completely remake and
reinstall  all  modules,  may  be  you  still  having  rlm_passwd binary
compiled from 0.6 release version, it should be recompiled.

-- 
~/ZARAZA
Äà, åìó ÷åðòîâñêè ïîâåçëî. Ýõ è ïàðøèâî á åìó ïðèøëîñü åñëè áû îí âûæèë! (Òâåí)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rlm_sql & authorisation

[Josh . Howlett]

I want to use a non-standard SQL schema with Freeradius.  I *only* want to 
authorise users (no authenication) on the basis of their realm, NOT their 
username (the schema knows nothing about users).

I am struggling to find a way to make this work.  Does anyone have any 
ideas?

thanks, josh.

Josh Howlett, Networking and Digital Communications Group,
Information Systems & Computing, University of Bristol.
email: [EMAIL PROTECTED] | phone: +44 (0)117 928 7850

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Segmentation fault in rlm_passwd

[magmike]

Hello!

Problem is Segmentation fault in rlm_passwd
I try to authorize pptp user via local simplest file /etc/raddb/userlist
with format = "*User-Name:User-Password"



= radiusd.conf fragment =

modules {
...
mschap {
authtype = MS-CHAP


use_mppe = yes
require_encryption = yes
require_strong = yes
}
passwd raddb_userlist {
  filename = /etc/raddb/userlist
  format = "*User-Name:User-Password"
  authtype = MS-CHAP
  hashsize = 100
  ignorenislike = no
  allowmultiplekeys = no
}

} # end of modules


authorize {
preprocess

suffix
files
raddb_userlist
mschap
}


= users file (is very simple for debug purposes =

DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes


with freeradius latest snapshot (Mon Jul 15 08:29:11 2002) I have
Segmentation fault.
With 0.6 release exits with  "undefined symbol: md4_calc:" (see below)

==
root@vpn:/etc/raddb# gdb radiusd
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-slackware-linux"...
(gdb) set args -XX
(gdb) run
Starting program: /usr/local/sbin/radiusd -XX
[New Thread 1024 (LWP 12673)]
Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file: /etc/raddb/clients.conf
Config:   including file: /etc/raddb/snmp.conf
Config:   including file: /etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/var"
 main: logdir = "/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir = "/var/log/radius/radacct"
 main: hostname_lookups = no
read_config_files:  reading dictionary
read_config_files:  reading clients
read_config_files:  reading realms
read_config_files:  reading naslist
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_auth = yes
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile = "/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: proxy_requests = no
 security: max_attributes = 200
 security: reject_delay = 1
 main: debug_level = 0
read_config_files:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded MS-CHAP
 mschap: ignore_password = no
 mschap: use_mppe = yes
 mschap: require_encryption = yes
 mschap: require_strong = yes
 mschap: passwd = "(null)"
 mschap: authtype = "MS-CHAP"
Module: Instantiated mschap (mschap)
Module: Loaded preprocess
 preprocess: huntgroups = "/etc/raddb/huntgroups"
 preprocess: hints = "/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/etc/raddb/users"
 files: acctusersfile = "/etc/raddb/acct_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded passwd
 passwd: filename = "/etc/raddb/userlist"
 passwd: format = "*User-Name:User-Password"
 passwd: authtype = "MS-CHAP"
 passwd: ignorenislike = no
 passwd: allowmultiplekeys = no
 passwd: hashsize = 100
rlm_passwd: nfields: 2 keyfield 0(User-Name) listable: no
Module: Instantiated passwd (raddb_userlist)
Module: Loaded detail
 detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and 1813/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 192.168.0.5:1025, id=134, length=133
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "mmike"
MS-CHAP-Challenge = 0x7983c03e2529

mysql & groups in 'users'

[ser]

Hi there..

Bug or not?:) Seted in 'users' param 'Group == "blah"' is not checks in
defined in mysql groups.. (freeradius-0.6).. (i've try to find it in
sources and got it only in rml_unix.. Is that for /etc/groups only)?

tia, ser.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html